feat(avm): defensively assert cd hashes (#19346)

This PR moves us from `compute_calldata_hash` -> `assert_calldata_hash`
which essentially adds a degree of validation to the calldata hash in
the AVM cpp code.

### Why tho?
1. Aligns it with other "infallible" pre-requisites to proving, e.g.,
`assert_address_derivation`.
2. Somewhat minimises (although not completely) the following prover DOS
vector.
- A sequencer generates proving hints with a bad calldata hash (i.e.
`H(calldata) != calldata_hash`)
- Gives the hints to a prover agent, since there is no validation the
prover agent constructs the entire trace.
- The proof construction fails because the lookup constraining calldata
hash is invalid, all the prover work is wasted
3. It only minimises the attack vector because the prover agent still
wastes some work during re-execution, although this should be
significantly less than when it gets to tracegen.

### Sharp Edges
~In TS, cd hash validation is done at the tx validation level. I don't
think it is worthwhile to implement the cd hash validation in the TS
simulator - so instead I've implemented a validation in the TS fuzzer
entrypoint~

Author: IlyasRidhuan

barretenberg/cpp/src/barretenberg/avm_fuzzer/harness/calldata.fuzzer.cpp

@@ -19,6 +19,7 @@
 #include "barretenberg/vm2/simulation/events/event_emitter.hpp"
 #include "barretenberg/vm2/simulation/gadgets/calldata_hashing.hpp"
 #include "barretenberg/vm2/simulation/interfaces/calldata_hashing.hpp"
+#include "barretenberg/vm2/simulation/lib/contract_crypto.hpp"
 #include "barretenberg/vm2/tooling/debugger.hpp"
 #include "barretenberg/vm2/tracegen/calldata_trace.hpp"
 #include "barretenberg/vm2/tracegen/execution_trace.hpp"
@@ -363,7 +364,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
     try {
         for (size_t i = 0; i < num_events; i++) {
             auto calldata_interface = calldata_hashing_provider.make_calldata_hasher(context_id++);
-            calldata_interface->compute_calldata_hash(calldata_fields[i]);
+            FF cd_hash = compute_calldata_hash(calldata_fields[i]);
+            calldata_interface->assert_calldata_hash(cd_hash, calldata_fields[i]);
         }
     } catch (const std::exception& e) {
         // If any exception occurs, we cannot proceed further.

barretenberg/cpp/src/barretenberg/vm2/simulation/gadgets/calldata_hashing.cpp

@@ -6,21 +6,21 @@
 
 namespace bb::avm2::simulation {
 
-FF CalldataHasher::compute_calldata_hash(std::span<const FF> calldata)
+void CalldataHasher::assert_calldata_hash(const FF& cd_hash, std::span<const FF> calldata)
 {
     // todo(ilyas): this probably simulates faster at the cost of re-work in tracegen
     std::vector<FF> calldata_with_sep = { DOM_SEP__PUBLIC_CALLDATA };
     for (const auto& value : calldata) {
         // Note: Using `insert` breaks GCC.
         calldata_with_sep.push_back(value);
     }
-    FF output_hash = hasher.hash(calldata_with_sep);
+    FF computed_hash = hasher.hash(calldata_with_sep);
+    BB_ASSERT_EQ(computed_hash, cd_hash);
 
     events.emit({
         .context_id = context_id,
         .calldata = { calldata.begin(), calldata.end() },
     });
-    return output_hash;
 }
 
 } // namespace bb::avm2::simulation

barretenberg/cpp/src/barretenberg/vm2/simulation/gadgets/calldata_hashing.hpp

@@ -18,7 +18,7 @@ class CalldataHasher : public CalldataHashingInterface {
         , hasher(hasher)
     {}
 
-    FF compute_calldata_hash(std::span<const FF> calldata) override;
+    void assert_calldata_hash(const FF& cd_hash, std::span<const FF> calldata) override;
 
   private:
     uint32_t context_id;

barretenberg/cpp/src/barretenberg/vm2/simulation/gadgets/calldata_hashing.test.cpp

@@ -59,9 +59,8 @@ TEST_F(CalldataHashingTest, SimpleHash)
 
     EXPECT_CALL(poseidon2, hash(prepended_calldata_fields)).WillOnce(Return(hash));
 
-    auto output_hash = calldata_hasher.compute_calldata_hash(calldata_fields);
+    calldata_hasher.assert_calldata_hash(hash, calldata_fields);
 
-    EXPECT_EQ(output_hash, hash);
     EXPECT_THAT(
         calldata_events.dump_events(),
         AllOf(SizeIs(1),
@@ -77,7 +76,7 @@ TEST_F(CalldataHashingTest, Hash)
     auto hash = RawPoseidon2::hash(prepended_calldata_fields);
     EXPECT_CALL(poseidon2, hash(prepended_calldata_fields)).WillOnce(Return(hash));
 
-    calldata_hasher.compute_calldata_hash(calldata);
+    calldata_hasher.assert_calldata_hash(hash, calldata);
     EXPECT_THAT(
         calldata_events.dump_events(),
         AllOf(SizeIs(1),
@@ -93,7 +92,7 @@ TEST_F(CalldataHashingTest, Empty)
     auto hash = RawPoseidon2::hash(prepended_calldata_fields);
     EXPECT_CALL(poseidon2, hash(prepended_calldata_fields)).WillOnce(Return(hash));
 
-    calldata_hasher.compute_calldata_hash(calldata);
+    calldata_hasher.assert_calldata_hash(hash, calldata);
     EXPECT_THAT(
         calldata_events.dump_events(),
         AllOf(SizeIs(1),

barretenberg/cpp/src/barretenberg/vm2/simulation/gadgets/context_provider.cpp

@@ -45,6 +45,7 @@ std::unique_ptr<ContextInterface> ContextProvider::make_enqueued_context(AztecAd
                                                                          AztecAddress msg_sender,
                                                                          FF transaction_fee,
                                                                          std::span<const FF> calldata,
+                                                                         const FF& calldata_hash,
                                                                          bool is_static,
                                                                          Gas gas_limit,
                                                                          Gas gas_used,
@@ -56,7 +57,7 @@ std::unique_ptr<ContextInterface> ContextProvider::make_enqueued_context(AztecAd
     BB_ASSERT_LTE(context_id, std::numeric_limits<uint16_t>::max(), "Context ID out of bounds");
     uint16_t space_id = static_cast<uint16_t>(context_id);
 
-    cd_hash_provider.make_calldata_hasher(context_id)->compute_calldata_hash(calldata);
+    cd_hash_provider.make_calldata_hasher(context_id)->assert_calldata_hash(calldata_hash, calldata);
 
     return std::make_unique<EnqueuedCallContext>(
         context_id,

barretenberg/cpp/src/barretenberg/vm2/simulation/gadgets/context_provider.hpp

@@ -48,6 +48,7 @@ class ContextProvider : public ContextProviderInterface {
                                                             AztecAddress msg_sender,
                                                             FF transaction_fee,
                                                             std::span<const FF> calldata,
+                                                            const FF& calldata_hash,
                                                             bool is_static,
                                                             Gas gas_limit,
                                                             Gas gas_used,

barretenberg/cpp/src/barretenberg/vm2/simulation/gadgets/tx_execution.cpp

@@ -107,6 +107,7 @@ TxExecutionResult TxExecution::simulate(const Tx& tx)
                                                                   call.request.msg_sender,
                                                                   /*transaction_fee=*/FF(0),
                                                                   call.calldata,
+                                                                  call.request.calldata_hash,
                                                                   call.request.is_static_call,
                                                                   gas_limit,
                                                                   start_gas,
@@ -166,6 +167,7 @@ TxExecutionResult TxExecution::simulate(const Tx& tx)
                                                                       call.request.msg_sender,
                                                                       /*transaction_fee=*/FF(0),
                                                                       call.calldata,
+                                                                      call.request.calldata_hash,
                                                                       call.request.is_static_call,
                                                                       gas_limit,
                                                                       start_gas,
@@ -229,6 +231,7 @@ TxExecutionResult TxExecution::simulate(const Tx& tx)
                                                                   teardown_enqueued_call.request.msg_sender,
                                                                   fee,
                                                                   teardown_enqueued_call.calldata,
+                                                                  teardown_enqueued_call.request.calldata_hash,
                                                                   teardown_enqueued_call.request.is_static_call,
                                                                   teardown_gas_limit,
                                                                   start_gas,

barretenberg/cpp/src/barretenberg/vm2/simulation/interfaces/calldata_hashing.hpp

@@ -11,7 +11,7 @@ namespace bb::avm2::simulation {
 class CalldataHashingInterface {
   public:
     virtual ~CalldataHashingInterface() = default;
-    virtual FF compute_calldata_hash(std::span<const FF> calldata) = 0;
+    virtual void assert_calldata_hash(const FF& cd_hash, std::span<const FF> calldata) = 0;
 };
 
 class CalldataHashingProviderInterface {

barretenberg/cpp/src/barretenberg/vm2/simulation/interfaces/context_provider.hpp

@@ -30,6 +30,7 @@ class ContextProviderInterface {
                                                                     AztecAddress msg_sender,
                                                                     FF transaction_fee,
                                                                     std::span<const FF> calldata,
+                                                                    const FF& calldata_hash,
                                                                     bool is_static,
                                                                     Gas gas_limit,
                                                                     Gas gas_used,

barretenberg/cpp/src/barretenberg/vm2/simulation/testing/mock_cd_hasher.hpp

@@ -11,6 +11,6 @@ class MockCalldataHasher : public CalldataHashingInterface {
     MockCalldataHasher();
     ~MockCalldataHasher() override;
 
-    MOCK_METHOD(FF, compute_calldata_hash, (const std::span<const FF> calldata), (override));
+    MOCK_METHOD(void, assert_calldata_hash, (const FF& cd_hash, std::span<const FF> calldata), (override));
 };
 } // namespace bb::avm2::simulation