Secp256r1 plumbing / tests

Author: maurolacy

README.md

@@ -227,6 +227,18 @@ extern "C" {
         recovery_param: u32,
     ) -> u64;
 
+    /// Verifies message hashes against a signature with a public key, using the
+    /// secp256r1 ECDSA parametrization.
+    /// Returns 0 on verification success, 1 on verification failure, and values
+    /// greater than 1 in case of error.
+    fn secp256r1_verify(message_hash_ptr: u32, signature_ptr: u32, public_key_ptr: u32) -> u32;
+
+    fn secp256r1_recover_pubkey(
+      message_hash_ptr: u32,
+      signature_ptr: u32,
+      recovery_param: u32,
+    ) -> u64;
+
     /// Verifies a message against a signature with a public key, using the
     /// ed25519 EdDSA scheme.
     /// Returns 0 on verification success, 1 on verification failure, and values

packages/std/src/imports.rs

@@ -64,6 +64,12 @@ extern "C" {
     /// greater than 1 in case of error.
     fn secp256r1_verify(message_hash_ptr: u32, signature_ptr: u32, public_key_ptr: u32) -> u32;
 
+    fn secp256r1_recover_pubkey(
+        message_hash_ptr: u32,
+        signature_ptr: u32,
+        recovery_param: u32,
+    ) -> u64;
+
     /// Verifies a message against a signature with a public key, using the
     /// ed25519 EdDSA scheme.
     /// Returns 0 on verification success, 1 on verification failure, and values
@@ -439,6 +445,34 @@ impl Api for ExternalApi {
         }
     }
 
+    fn secp256r1_recover_pubkey(
+        &self,
+        message_hash: &[u8],
+        signature: &[u8],
+        recover_param: u8,
+    ) -> Result<Vec<u8>, RecoverPubkeyError> {
+        let hash_send = build_region(message_hash);
+        let hash_send_ptr = &*hash_send as *const Region as u32;
+        let sig_send = build_region(signature);
+        let sig_send_ptr = &*sig_send as *const Region as u32;
+
+        let result =
+            unsafe { secp256r1_recover_pubkey(hash_send_ptr, sig_send_ptr, recover_param.into()) };
+        let error_code = from_high_half(result);
+        let pubkey_ptr = from_low_half(result);
+        match error_code {
+            0 => {
+                let pubkey = unsafe { consume_region(pubkey_ptr as *mut Region) };
+                Ok(pubkey)
+            }
+            2 => panic!("MessageTooLong must not happen. This is a bug in the VM."),
+            3 => Err(RecoverPubkeyError::InvalidHashFormat),
+            4 => Err(RecoverPubkeyError::InvalidSignatureFormat),
+            6 => Err(RecoverPubkeyError::InvalidRecoveryParam),
+            error_code => Err(RecoverPubkeyError::unknown_err(error_code)),
+        }
+    }
+
     fn ed25519_verify(
         &self,
         message: &[u8],

packages/std/src/testing/mock.rs

@@ -191,6 +191,17 @@ impl Api for MockApi {
         )?)
     }
 
+    fn secp256r1_recover_pubkey(
+        &self,
+        message_hash: &[u8],
+        signature: &[u8],
+        recovery_param: u8,
+    ) -> Result<Vec<u8>, RecoverPubkeyError> {
+        let pubkey =
+            cosmwasm_crypto::secp256r1_recover_pubkey(message_hash, signature, recovery_param)?;
+        Ok(pubkey.to_vec())
+    }
+
     fn ed25519_verify(
         &self,
         message: &[u8],
@@ -1119,6 +1130,11 @@ mod tests {
     const SECP256K1_SIG_HEX: &str = "207082eb2c3dfa0b454e0906051270ba4074ac93760ba9e7110cd9471475111151eb0dbbc9920e72146fb564f99d039802bf6ef2561446eb126ef364d21ee9c4";
     const SECP256K1_PUBKEY_HEX: &str = "04051c1ee2190ecfb174bfe4f90763f2b4ff7517b70a2aec1876ebcfd644c4633fb03f3cfbd94b1f376e34592d9d41ccaf640bb751b00a1fadeb0c01157769eb73";
 
+    const SECP256R1_MSG_HASH_HEX: &str =
+        "5eb28029ebf3c7025ff2fc2f6de6f62aecf6a72139e1cba5f20d11bbef036a7f";
+    const SECP256R1_SIG_HEX: &str = "e67a9717ccf96841489d6541f4f6adb12d17b59a6bef847b6183b8fcf16a32eb9ae6ba6d637706849a6a9fc388cf0232d85c26ea0d1fe7437adb48de58364333";
+    const SECP256R1_PUBKEY_HEX: &str = "0468229b48c2fe19d3db034e4c15077eb7471a66031f28a980821873915298ba76303e8ee3742a893f78b810991da697083dd8f11128c47651c27a56740a80c24c";
+
     const ED25519_MSG_HEX: &str = "72";
     const ED25519_SIG_HEX: &str = "92a009a9f0d4cab8720e820b5f642540a2b27b5416503f8fb3762223ebdb69da085ac1e43e15996e458f3613d0f11d8c387b2eaeb4302aeeb00d291612bb0c00";
     const ED25519_PUBKEY_HEX: &str =
@@ -1352,6 +1368,113 @@ mod tests {
         }
     }
 
+    // Basic "works" test. Exhaustive tests on VM's side (packages/vm/src/imports.rs)
+    #[test]
+    fn secp256r1_verify_works() {
+        let api = MockApi::default();
+
+        let hash = hex::decode(SECP256R1_MSG_HASH_HEX).unwrap();
+        let signature = hex::decode(SECP256R1_SIG_HEX).unwrap();
+        let public_key = hex::decode(SECP256R1_PUBKEY_HEX).unwrap();
+
+        assert!(api
+            .secp256r1_verify(&hash, &signature, &public_key)
+            .unwrap());
+    }
+
+    // Basic "fails" test. Exhaustive tests on VM's side (packages/vm/src/imports.rs)
+    #[test]
+    fn secp256r1_verify_fails() {
+        let api = MockApi::default();
+
+        let mut hash = hex::decode(SECP256R1_MSG_HASH_HEX).unwrap();
+        // alter hash
+        hash[0] ^= 0x01;
+        let signature = hex::decode(SECP256R1_SIG_HEX).unwrap();
+        let public_key = hex::decode(SECP256R1_PUBKEY_HEX).unwrap();
+
+        assert!(!api
+            .secp256r1_verify(&hash, &signature, &public_key)
+            .unwrap());
+    }
+
+    // Basic "errors" test. Exhaustive tests on VM's side (packages/vm/src/imports.rs)
+    #[test]
+    fn secp256r1_verify_errs() {
+        let api = MockApi::default();
+
+        let hash = hex::decode(SECP256R1_MSG_HASH_HEX).unwrap();
+        let signature = hex::decode(SECP256R1_SIG_HEX).unwrap();
+        let public_key = vec![];
+
+        let res = api.secp256r1_verify(&hash, &signature, &public_key);
+        assert_eq!(res.unwrap_err(), VerificationError::InvalidPubkeyFormat);
+    }
+
+    #[test]
+    fn secp256r1_recover_pubkey_works() {
+        let api = MockApi::default();
+
+        let hash = hex!("17b03f9f00f6692ccdde485fc63c4530751ef35da6f71336610944b0894fcfb8");
+        let signature = hex!("9886ae46c1415c3bc959e82b760ad760aab66885a84e620aa339fdf102465c422bf3a80bc04faa35ebecc0f4864ac02d349f6f126e0f988501b8d3075409a26c");
+        let recovery_param = 0;
+        let expected = hex!("0451f99d2d52d4a6e734484a018b7ca2f895c2929b6754a3a03224d07ae61166ce4737da963c6ef7247fb88d19f9b0c667cac7fe12837fdab88c66f10d3c14cad1");
+
+        let pubkey = api
+            .secp256r1_recover_pubkey(&hash, &signature, recovery_param)
+            .unwrap();
+        assert_eq!(pubkey, expected);
+    }
+
+    #[test]
+    fn secp256r1_recover_pubkey_fails_for_wrong_recovery_param() {
+        let api = MockApi::default();
+
+        let hash = hex!("17b03f9f00f6692ccdde485fc63c4530751ef35da6f71336610944b0894fcfb8");
+        let signature = hex!("9886ae46c1415c3bc959e82b760ad760aab66885a84e620aa339fdf102465c422bf3a80bc04faa35ebecc0f4864ac02d349f6f126e0f988501b8d3075409a26c");
+        let expected = hex!("0451f99d2d52d4a6e734484a018b7ca2f895c2929b6754a3a03224d07ae61166ce4737da963c6ef7247fb88d19f9b0c667cac7fe12837fdab88c66f10d3c14cad1");
+
+        // Wrong recovery param leads to different pubkey
+        let pubkey = api.secp256r1_recover_pubkey(&hash, &signature, 1).unwrap();
+        assert_eq!(pubkey.len(), 65);
+        assert_ne!(pubkey, expected);
+
+        // Invalid recovery param leads to error
+        let result = api.secp256r1_recover_pubkey(&hash, &signature, 42);
+        match result.unwrap_err() {
+            RecoverPubkeyError::InvalidRecoveryParam => {}
+            err => panic!("Unexpected error: {err:?}"),
+        }
+    }
+
+    #[test]
+    fn secp256r1_recover_pubkey_fails_for_wrong_hash() {
+        let api = MockApi::default();
+
+        let hash = hex!("17b03f9f00f6692ccdde485fc63c4530751ef35da6f71336610944b0894fcfb8");
+        let signature = hex!("9886ae46c1415c3bc959e82b760ad760aab66885a84e620aa339fdf102465c422bf3a80bc04faa35ebecc0f4864ac02d349f6f126e0f988501b8d3075409a26c");
+        let recovery_param = 0;
+        let expected = hex!("0451f99d2d52d4a6e734484a018b7ca2f895c2929b6754a3a03224d07ae61166ce4737da963c6ef7247fb88d19f9b0c667cac7fe12837fdab88c66f10d3c14cad1");
+
+        // Wrong hash
+        let mut corrupted_hash = hash;
+        corrupted_hash[0] ^= 0x01;
+        let pubkey = api
+            .secp256r1_recover_pubkey(&corrupted_hash, &signature, recovery_param)
+            .unwrap();
+        assert_eq!(pubkey.len(), 65);
+        assert_ne!(pubkey, expected);
+
+        // Malformed hash
+        let mut malformed_hash = hash.to_vec();
+        malformed_hash.push(0x8a);
+        let result = api.secp256r1_recover_pubkey(&malformed_hash, &signature, recovery_param);
+        match result.unwrap_err() {
+            RecoverPubkeyError::InvalidHashFormat => {}
+            err => panic!("Unexpected error: {err:?}"),
+        }
+    }
+
     // Basic "works" test. Exhaustive tests on VM's side (packages/vm/src/imports.rs)
     #[test]
     fn ed25519_verify_works() {

packages/std/src/traits.rs

@@ -172,6 +172,13 @@ pub trait Api {
         public_key: &[u8],
     ) -> Result<bool, VerificationError>;
 
+    fn secp256r1_recover_pubkey(
+        &self,
+        message_hash: &[u8],
+        signature: &[u8],
+        recovery_param: u8,
+    ) -> Result<Vec<u8>, RecoverPubkeyError>;
+
     fn ed25519_verify(
         &self,
         message: &[u8],

packages/vm/src/compatibility.rs

@@ -23,6 +23,7 @@ const SUPPORTED_IMPORTS: &[&str] = &[
     "env.secp256k1_verify",
     "env.secp256k1_recover_pubkey",
     "env.secp256r1_verify",
+    "env.secp256r1_recover_pubkey",
     "env.ed25519_verify",
     "env.ed25519_batch_verify",
     "env.debug",
@@ -626,6 +627,7 @@ mod tests {
             (import "env" "secp256k1_verify" (func (param i32 i32 i32) (result i32)))
             (import "env" "secp256k1_recover_pubkey" (func (param i32 i32 i32) (result i64)))
             (import "env" "secp256r1_verify" (func (param i32 i32 i32) (result i32)))
+            (import "env" "secp256r1_recover_pubkey" (func (param i32 i32 i32) (result i64)))
             (import "env" "ed25519_verify" (func (param i32 i32 i32) (result i32)))
             (import "env" "ed25519_batch_verify" (func (param i32 i32 i32) (result i32)))
         )"#,
@@ -646,6 +648,7 @@ mod tests {
             (import "env" "secp256k1_verify" (func (param i32 i32 i32) (result i32)))
             (import "env" "secp256k1_recover_pubkey" (func (param i32 i32 i32) (result i64)))
             (import "env" "secp256r1_verify" (func (param i32 i32 i32) (result i32)))
+            (import "env" "secp256r1_recover_pubkey" (func (param i32 i32 i32) (result i64)))
             (import "env" "ed25519_verify" (func (param i32 i32 i32) (result i32)))
             (import "env" "ed25519_batch_verify" (func (param i32 i32 i32) (result i32)))
             (import "env" "spam01" (func (param i32 i32) (result i32)))
@@ -738,7 +741,6 @@ mod tests {
             (import "env" "spam88" (func (param i32 i32) (result i32)))
             (import "env" "spam89" (func (param i32 i32) (result i32)))
             (import "env" "spam90" (func (param i32 i32) (result i32)))
-            (import "env" "spam91" (func (param i32 i32) (result i32)))
         )"#,
         )
         .unwrap();

packages/vm/src/environment.rs

@@ -510,6 +510,7 @@ mod tests {
                 "secp256k1_verify" => Function::new_typed(&mut store, |_a: u32, _b: u32, _c: u32| -> u32 { 0 }),
                 "secp256k1_recover_pubkey" => Function::new_typed(&mut store, |_a: u32, _b: u32, _c: u32| -> u64 { 0 }),
                 "secp256r1_verify" => Function::new_typed(&mut store, |_a: u32, _b: u32, _c: u32| -> u32 { 0 }),
+                "secp256r1_recover_pubkey" => Function::new_typed(&mut store, |_a: u32, _b: u32, _c: u32| -> u64 { 0 }),
                 "ed25519_verify" => Function::new_typed(&mut store, |_a: u32, _b: u32, _c: u32| -> u32 { 0 }),
                 "ed25519_batch_verify" => Function::new_typed(&mut store, |_a: u32, _b: u32, _c: u32| -> u32 { 0 }),
                 "debug" => Function::new_typed(&mut store, |_a: u32| {}),

packages/vm/src/imports.rs

@@ -5,7 +5,7 @@ use std::marker::PhantomData;
 
 use cosmwasm_crypto::{
     ed25519_batch_verify, ed25519_verify, secp256k1_recover_pubkey, secp256k1_verify,
-    secp256r1_verify, CryptoError,
+    secp256r1_recover_pubkey, secp256r1_verify, CryptoError,
 };
 use cosmwasm_crypto::{
     ECDSA_PUBKEY_MAX_LEN, ECDSA_SIGNATURE_LEN, EDDSA_PUBKEY_LEN, MESSAGE_HASH_MAX_LEN,
@@ -355,6 +355,45 @@ pub fn do_secp256r1_verify<A: BackendApi + 'static, S: Storage + 'static, Q: Que
     Ok(code)
 }
 
+pub fn do_secp256r1_recover_pubkey<
+    A: BackendApi + 'static,
+    S: Storage + 'static,
+    Q: Querier + 'static,
+>(
+    mut env: FunctionEnvMut<Environment<A, S, Q>>,
+    hash_ptr: u32,
+    signature_ptr: u32,
+    recover_param: u32,
+) -> VmResult<u64> {
+    let (data, mut store) = env.data_and_store_mut();
+
+    let hash = read_region(&data.memory(&store), hash_ptr, MESSAGE_HASH_MAX_LEN)?;
+    let signature = read_region(&data.memory(&store), signature_ptr, ECDSA_SIGNATURE_LEN)?;
+    let recover_param: u8 = match recover_param.try_into() {
+        Ok(rp) => rp,
+        Err(_) => return Ok((CryptoError::invalid_recovery_param().code() as u64) << 32),
+    };
+
+    let gas_info = GasInfo::with_cost(data.gas_config.secp256r1_recover_pubkey_cost);
+    process_gas_info(data, &mut store, gas_info)?;
+    let result = secp256r1_recover_pubkey(&hash, &signature, recover_param);
+    match result {
+        Ok(pubkey) => {
+            let pubkey_ptr = write_to_contract(data, &mut store, pubkey.as_ref())?;
+            Ok(to_low_half(pubkey_ptr))
+        }
+        Err(err) => match err {
+            CryptoError::InvalidHashFormat { .. }
+            | CryptoError::InvalidSignatureFormat { .. }
+            | CryptoError::InvalidRecoveryParam { .. }
+            | CryptoError::GenericErr { .. } => Ok(to_high_half(err.code())),
+            CryptoError::BatchErr { .. } | CryptoError::InvalidPubkeyFormat { .. } => {
+                panic!("Error must not happen for this call")
+            }
+        },
+    }
+}
+
 /// Return code (error code) for a valid signature
 const ED25519_VERIFY_CODE_VALID: u32 = 0;
 
@@ -720,6 +759,7 @@ mod tests {
                 "secp256k1_verify" => Function::new_typed(&mut store, |_a: u32, _b: u32, _c: u32| -> u32 { 0 }),
                 "secp256k1_recover_pubkey" => Function::new_typed(&mut store, |_a: u32, _b: u32, _c: u32| -> u64 { 0 }),
                 "secp256r1_verify" => Function::new_typed(&mut store, |_a: u32, _b: u32, _c: u32| -> u32 { 0 }),
+                "secp256r1_recover_pubkey" => Function::new_typed(&mut store, |_a: u32, _b: u32, _c: u32| -> u64 { 0 }),
                 "ed25519_verify" => Function::new_typed(&mut store, |_a: u32, _b: u32, _c: u32| -> u32 { 0 }),
                 "ed25519_batch_verify" => Function::new_typed(&mut store, |_a: u32, _b: u32, _c: u32| -> u32 { 0 }),
                 "debug" => Function::new_typed(&mut store, |_a: u32| {}),
@@ -1972,6 +2012,28 @@ mod tests {
         )
     }
 
+    #[test]
+    fn do_secp256r1_recover_pubkey_works() {
+        let api = MockApi::default();
+        let (fe, mut store, _instance) = make_instance(api);
+        let mut fe_mut = fe.into_mut(&mut store);
+
+        let hash = hex!("12135386c09e0bf6fd5c454a95bcfe9b3edb25c71e455c73a212405694b29002");
+        let sig = hex!("b53ce4da1aa7c0dc77a1896ab716b921499aed78df725b1504aba1597ba0c64bd7c246dc7ad0e67700c373edcfdd1c0a0495fc954549ad579df6ed1438840851");
+        let recovery_param = 0;
+        let expected = hex!("040a7dbb8bf50cb605eb2268b081f26d6b08e012f952c4b70a5a1e6e7d46af98bbf26dd7d799930062480849962ccf5004edcfd307c044f4e8f667c9baa834eeae");
+
+        let hash_ptr = write_data(&mut fe_mut, &hash);
+        let sig_ptr = write_data(&mut fe_mut, &sig);
+        let result =
+            do_secp256r1_recover_pubkey(fe_mut.as_mut(), hash_ptr, sig_ptr, recovery_param)
+                .unwrap();
+        let error = result >> 32;
+        let pubkey_ptr: u32 = (result & 0xFFFFFFFF).try_into().unwrap();
+        assert_eq!(error, 0);
+        assert_eq!(force_read(&mut fe_mut, pubkey_ptr), expected);
+    }
+
     #[test]
     fn do_ed25519_verify_works() {
         let api = MockApi::default();

packages/vm/src/instance.rs

@@ -16,7 +16,8 @@ use crate::errors::{CommunicationError, VmError, VmResult};
 use crate::imports::{
     do_abort, do_addr_canonicalize, do_addr_humanize, do_addr_validate, do_db_read, do_db_remove,
     do_db_write, do_debug, do_ed25519_batch_verify, do_ed25519_verify, do_query_chain,
-    do_secp256k1_recover_pubkey, do_secp256k1_verify, do_secp256r1_verify,
+    do_secp256k1_recover_pubkey, do_secp256k1_verify, do_secp256r1_recover_pubkey,
+    do_secp256r1_verify,
 };
 #[cfg(feature = "iterator")]
 use crate::imports::{do_db_next, do_db_next_key, do_db_next_value, do_db_scan};
@@ -162,6 +163,11 @@ where
             Function::new_typed_with_env(&mut store, &fe, do_secp256r1_verify),
         );
 
+        env_imports.insert(
+            "secp256r1_recover_pubkey",
+            Function::new_typed_with_env(&mut store, &fe, do_secp256r1_recover_pubkey),
+        );
+
         // Verifies a message against a signature with a public key, using the ed25519 EdDSA scheme.
         // Returns 0 on verification success, 1 on verification failure, and values greater than 1 in case of error.
         // Ownership of input pointers is not transferred to the host.