Merge pull request #3 from joii2020/develop_1

Support SPHINCS+

Author: XuJiandong

.github/workflows/rust.yml

@@ -12,8 +12,6 @@ jobs:
     - name: Update submodules
       run: git submodule update --init
     - name: Run sphincs+ tests
-      run: ./tests/sphincsplus/run.sh
-    - name: Build contract
-      run: make all-via-docker
+      run: ./tests/sphincsplus/all_run.sh
     - name: Run sphincs+ rust tests
-      run: cd tests/sphincsplus_rust && cargo test
+      run: ./tests/sphincsplus_rust/run_rust.sh

.gitmodules

@@ -1,3 +1,6 @@
 [submodule "deps/ckb-c-stdlib"]
 	path = deps/ckb-c-stdlib
 	url = https://github.com/nervosnetwork/ckb-c-stdlib.git
+[submodule "deps/sphincsplus"]
+	path = deps/sphincsplus
+	url = https://github.com/sphincs/sphincsplus.git

Makefile

@@ -1,84 +1,84 @@
-TARGET := 
 TARGET := riscv64-unknown-linux-gnu-
 CC := $(TARGET)gcc
 LD := $(TARGET)gcc
 
+PARAMS = sphincs-shake-256f
+THASH = robust
+
 CFLAGS := -fPIC -O3 -fno-builtin-printf -fno-builtin-memcmp -nostdinc -nostartfiles -fvisibility=hidden -fdata-sections -ffunction-sections -nostdlib -Wno-nonnull-compare -DCKB_VM -DCKB_DECLARATION_ONLY
 LDFLAGS := -fdata-sections -ffunction-sections
 
-CFLAGS := $(CFLAGS) -Wall -Werror -Wno-nonnull  -Wno-unused-function
+# Using a new version of gcc will have a warning of ckb-c-stdlib
+CFLAGS := $(CFLAGS) -w
+# CFLAGS := $(CFLAGS) -Wall -Werror -Wno-nonnull  -Wno-unused-function
 LDFLAGS := $(LDFLAGS) -Wl,-static -Wl,--gc-sections
 
 CFLAGS := $(CFLAGS) -I c -I deps/ckb-c-stdlib/libc -I deps/ckb-c-stdlib -I deps/ckb-c-stdlib/molecule
-CFLAGS := $(CFLAGS) -I c/ref
+CFLAGS := $(CFLAGS) -I deps/sphincsplus/ref -DPARAMS=$(PARAMS)
 
-SOURCES_DIR = ref
+SPHINCS_PLUS_DIR = deps/sphincsplus/ref/
 
 SOURCES = \
-	c/$(SOURCES_DIR)/params.c \
-	c/$(SOURCES_DIR)/address.c \
-	c/$(SOURCES_DIR)/merkle.c \
-	c/$(SOURCES_DIR)/wots.c \
-	c/$(SOURCES_DIR)/wotsx1.c \
-	c/$(SOURCES_DIR)/utils.c \
-	c/$(SOURCES_DIR)/utilsx1.c \
-	c/$(SOURCES_DIR)/fors.c \
-	c/$(SOURCES_DIR)/sign.c \
-	c/$(SOURCES_DIR)/randombytes.c \
+	$(SPHINCS_PLUS_DIR)address.c \
+	$(SPHINCS_PLUS_DIR)merkle.c \
+	$(SPHINCS_PLUS_DIR)wots.c \
+	$(SPHINCS_PLUS_DIR)wotsx1.c \
+	$(SPHINCS_PLUS_DIR)utils.c \
+	$(SPHINCS_PLUS_DIR)utilsx1.c \
+	$(SPHINCS_PLUS_DIR)fors.c \
+	$(SPHINCS_PLUS_DIR)sign.c \
 	c/ckb-sphincsplus.c
 
 HEADERS = \
-	c/$(SOURCES_DIR)/params.h \
-	c/$(SOURCES_DIR)/address.h \
-	c/$(SOURCES_DIR)/merkle.h \
-	c/$(SOURCES_DIR)/wots.h \
-	c/$(SOURCES_DIR)/wotsx1.h \
-	c/$(SOURCES_DIR)/utils.h \
-	c/$(SOURCES_DIR)/utilsx1.h \
-	c/$(SOURCES_DIR)/fors.h \
-	c/$(SOURCES_DIR)/api.h \
-	c/$(SOURCES_DIR)/hash.h \
-	c/$(SOURCES_DIR)/thash.h \
-	c/$(SOURCES_DIR)/randombytes.h \
+	$(SPHINCS_PLUS_DIR)params.h \
+	$(SPHINCS_PLUS_DIR)address.h \
+	$(SPHINCS_PLUS_DIR)merkle.h \
+	$(SPHINCS_PLUS_DIR)wots.h \
+	$(SPHINCS_PLUS_DIR)wotsx1.h \
+	$(SPHINCS_PLUS_DIR)utils.h \
+	$(SPHINCS_PLUS_DIR)utilsx1.h \
+	$(SPHINCS_PLUS_DIR)fors.h \
+	$(SPHINCS_PLUS_DIR)api.h \
+	$(SPHINCS_PLUS_DIR)hash.h \
+	$(SPHINCS_PLUS_DIR)thash.h \
+	$(SPHINCS_PLUS_DIR)randombytes.h \
 	c/ckb-sphincsplus.h
 
-# shake
-SOURCES += \
-	c/$(SOURCES_DIR)/fips202.c \
-	c/$(SOURCES_DIR)/hash_shake.c \
-	c/$(SOURCES_DIR)/thash_shake_robust.c\
-	c/$(SOURCES_DIR)/thash_shake_simple.c
-HEADERS += \
-	c/$(SOURCES_DIR)/fips202.h
-
-# sha2
-SOURCES += \
-	c/$(SOURCES_DIR)/sha2.c \
-	c/$(SOURCES_DIR)/hash_sha2.c \
-	c/$(SOURCES_DIR)/thash_sha2_robust.c \
-	c/$(SOURCES_DIR)/thash_sha2_simple.c
-HEADERS += \
-	c/$(SOURCES_DIR)/sha2.h
+ifneq (,$(findstring shake,$(PARAMS)))
+	SOURCES += \
+		$(SPHINCS_PLUS_DIR)fips202.c \
+		$(SPHINCS_PLUS_DIR)hash_shake.c \
+		$(SPHINCS_PLUS_DIR)thash_shake_$(THASH).c
+	HEADERS += $(SPHINCS_PLUS_DIR)fips202.h
+endif
+ifneq (,$(findstring haraka,$(PARAMS)))
+	SOURCES += \
+		$(SPHINCS_PLUS_DIR)haraka.c \
+		$(SPHINCS_PLUS_DIR)hash_haraka.c \
+		$(SPHINCS_PLUS_DIR)thash_haraka_$(THASH).c
+	HEADERS += $(SPHINCS_PLUS_DIR)haraka.h
+endif
+ifneq (,$(findstring sha2,$(PARAMS)))
+	SOURCES += \
+		$(SPHINCS_PLUS_DIR)sha2.c \
+		$(SPHINCS_PLUS_DIR)hash_sha2.c \
+		$(SPHINCS_PLUS_DIR)thash_sha2_$(THASH).c
+	HEADERS += $(SPHINCS_PLUS_DIR)sha2.h
+endif
 
-# haraka
-SOURCES += \
-	c/$(SOURCES_DIR)/haraka.c \
-	c/$(SOURCES_DIR)/hash_haraka.c \
-	c/$(SOURCES_DIR)/thash_haraka_robust.c \
-	c/$(SOURCES_DIR)/thash_haraka_simple.c
-HEADERS += \
-	c/$(SOURCES_DIR)/haraka.h
+CFLAGS := $(CFLAGS) -g -DCKB_C_STDLIB_PRINTF
 
-# CFLAGS := $(CFLAGS) -g -DCKB_C_STDLIB_PRINTF
-
-# docker pull nervos/ckb-riscv-gnu-toolchain:gnu-bionic-20191012
-BUILDER_DOCKER := nervos/ckb-riscv-gnu-toolchain@sha256:aae8a3f79705f67d505d1f1d5ddc694a4fd537ed1c7e9622420a470d59ba2ec3
+# docker pull nervos/ckb-riscv-gnu-toolchain:gnu-jammy-20230214
+BUILDER_DOCKER := nervos/ckb-riscv-gnu-toolchain@sha256:7601a814be2595ad471288fefc176356b31101837a514ddb0fc93b11c1cf5135
 
 all: build/sphincsplus_lock
 
 all-via-docker:
 	docker run --rm -v `pwd`:/code ${BUILDER_DOCKER} bash -c "cd /code && make"
 
+build/convert_asm: c/ref/fips202_asm.S
+	riscv-naive-assembler -i c/ref/fips202_asm.S > c/ref/fips202_asm_bin.S
+
 build/sphincsplus_lock: c/ckb-sphincsplus-lock.c $(SOURCES) $(HEADERS)
 	mkdir -p build
 	$(CC) $(CFLAGS) -o $@ $(SOURCES) $<

c/ckb-sphincsplus-lock.c

@@ -11,7 +11,6 @@
 
 #include "api.h"
 #include "ckb-sphincsplus.h"
-#include "ckb_vm_dbg.h"
 
 #ifndef MOL2_EXIT
 #define MOL2_EXIT ckb_exit
@@ -23,8 +22,6 @@
 #define BLAKE2B_BLOCK_SIZE 32
 #define ONE_BATCH_SIZE 1024 * 64
 
-#define SPHINCSPLUS_PUBKEY_MAX_SIZE 1024
-
 #define SCRIPT_SIZE 1024 * 64  // 32k
 
 #undef ASSERT
@@ -59,9 +56,15 @@ enum SPHINCSPLUS_EXAMPLE_ERROR {
   ERROR_SPHINCSPLUS_ARGS,
   ERROR_SPHINCSPLUS_WITNESS,
   ERROR_SPHINCSPLUS_VERIFY,
-  ERROR_SPHINCSPLUS_HASH_TYPE,
 };
 
+#ifdef CKB_VM
+// randombytes in sphincs+ depends on fcntl.h and unistd.h
+void randombytes(unsigned char *x, unsigned long long xlen) {
+  ASSERT(false);
+}
+#endif  // CKB_VM
+
 static int extract_witness_lock(uint8_t *witness, uint64_t len,
                                 mol_seg_t *lock_bytes_seg) {
   if (len < 20) {
@@ -196,9 +199,6 @@ int make_witness(WitnessArgsType *witness) {
   uint64_t witness_len = 0;
   size_t source = CKB_SOURCE_GROUP_INPUT;
   err = ckb_load_witness(NULL, &witness_len, 0, 0, source);
-  // when witness is missing, empty or not accessible, make it zero length.
-  // don't fail, because owner lock without omni doesn't require witness.
-  // when it's zero length, any further actions on witness will fail.
   if (err != 0) {
     witness_len = 0;
   }
@@ -226,9 +226,9 @@ int make_witness(WitnessArgsType *witness) {
   return 0;
 }
 
-int get_sign(uint8_t *sign, crypto_context *cctx) {
+int get_sign(uint8_t *sign) {
   int err = CKB_SUCCESS;
-  size_t sign_size = sphincs_plus_get_sign_size(cctx);
+  size_t sign_size = sphincs_plus_get_sign_size();
   WitnessArgsType witness_args;
 
   uint8_t witness_data_source[MAX_WITNESS_SIZE] = {0};
@@ -247,12 +247,7 @@ int get_sign(uint8_t *sign, crypto_context *cctx) {
   return err;
 }
 
-// Args data:
-// |---------------------|--------------|
-// |  hash type 4 bytes  |  public key  |
-//
-// note: different hash types have different public key lengths
-int get_public_key(uint8_t *pub_key, crypto_context *cctx) {
+int get_public_key(uint8_t *pub_key) {
   int err = CKB_SUCCESS;
 
   uint8_t script[SCRIPT_SIZE];
@@ -265,17 +260,9 @@ int get_public_key(uint8_t *pub_key, crypto_context *cctx) {
 
   mol_seg_t args_seg = MolReader_Script_get_args(&script_seg);
   mol_seg_t args_bytes_seg = MolReader_Bytes_raw_bytes(&args_seg);
-
-  CHECK2((args_bytes_seg.size > sizeof(uint32_t)), ERROR_SPHINCSPLUS_ARGS);
-  uint32_t hash_type = 0;
-  memcpy(&hash_type, args_bytes_seg.ptr, sizeof(uint32_t));
-  CHECK2(!sphincs_plus_init_context(hash_type, cctx),
-         ERROR_SPHINCSPLUS_HASH_TYPE);
-
-  size_t pubkey_size = sphincs_plus_get_pk_size(cctx);
-  CHECK2((args_bytes_seg.size == sizeof(uint32_t)) + pubkey_size,
-         ERROR_SPHINCSPLUS_ARGS);
-  memcpy(pub_key, args_bytes_seg.ptr + sizeof(uint32_t), pubkey_size);
+  size_t pubkey_size = sphincs_plus_get_pk_size();
+  CHECK2((args_bytes_seg.size == pubkey_size), ERROR_SPHINCSPLUS_ARGS);
+  memcpy(pub_key, args_bytes_seg.ptr, pubkey_size);
 
 exit:
   return err;
@@ -285,21 +272,21 @@ int main() {
   int err = CKB_SUCCESS;
 
   // signature data size depends on args data(hash type)
-  uint8_t pubkey[SPHINCSPLUS_PUBKEY_MAX_SIZE];
-  crypto_context cctx = {0};
-  err = get_public_key(pubkey, &cctx);
+  uint8_t pubkey[sphincs_plus_get_pk_size()];
+  err = get_public_key(pubkey);
   if (err) {
     return err;
   }
 
   uint8_t message[BLAKE2B_BLOCK_SIZE];
-  uint8_t sign[sphincs_plus_get_sign_size(&cctx)];
+  uint8_t sign[sphincs_plus_get_sign_size()];
   CHECK(generate_sighash_all(message, BLAKE2B_BLOCK_SIZE));
 
-  CHECK(get_sign(sign, &cctx));
-  err = sphincs_plus_verify(&cctx, sign, sphincs_plus_get_sign_size(&cctx),
-                            message, BLAKE2B_BLOCK_SIZE, pubkey,
-                            sphincs_plus_get_pk_size(&cctx));
+  CHECK(get_sign(sign));
+
+  err = sphincs_plus_verify(sign, sphincs_plus_get_sign_size(), message,
+                            BLAKE2B_BLOCK_SIZE, pubkey,
+                            sphincs_plus_get_pk_size());
   CHECK2(err == 0, ERROR_SPHINCSPLUS_VERIFY);
 
 exit:

c/ckb-sphincsplus.c

@@ -26,67 +26,45 @@ enum SphincsPlusError {
 
 #include <stdlib.h>
 
-crypto_context *sphincs_plus_new_context(crypto_type type) {
-  crypto_context *cctx = (crypto_context *)malloc(sizeof(crypto_context));
-  int err = crypto_init_context(type, cctx);
-  ASSERT(err == 0);
-  return cctx;
-}
-
-void sphincs_plus_del_context(crypto_context *cctx) { free(cctx); }
-
 #endif  // CKB_VM
 
-int sphincs_plus_init_context(crypto_type type, crypto_context *cctx) {
-  memset(cctx, 0, sizeof(crypto_context));
-  return crypto_init_context(type, cctx);
-}
-
-uint32_t sphincs_plus_get_pk_size(crypto_context *cctx) {
-  return cctx->spx_pk_bytes;
-}
+uint32_t sphincs_plus_get_pk_size() { return SPX_PK_BYTES; }
 
-uint32_t sphincs_plus_get_sk_size(crypto_context *cctx) {
-  return cctx->spx_sk_bytes;
-}
+uint32_t sphincs_plus_get_sk_size() { return SPX_SK_BYTES; }
 
-uint32_t sphincs_plus_get_sign_size(crypto_context *cctx) {
-  return cctx->spx_bytes + SPX_MLEN;
-}
+uint32_t sphincs_plus_get_sign_size() { return SPX_BYTES + SPX_MLEN; }
 
 #ifndef CKB_VM
 
-int sphincs_plus_generate_keypair(crypto_context *cctx, uint8_t *pk,
-                                  uint8_t *sk) {
-  return crypto_sign_keypair(cctx, pk, sk);
+int sphincs_plus_generate_keypair(uint8_t *pk, uint8_t *sk) {
+  return crypto_sign_keypair(pk, sk);
 }
 
-int sphincs_plus_sign(crypto_context *cctx, uint8_t *message, uint8_t *sk,
-                      uint8_t *out_sign) {
-  unsigned long long out_sign_len = sphincs_plus_get_sign_size(cctx);
-  int ret = crypto_sign(cctx, out_sign, (unsigned long long *)&out_sign_len,
-                        message, SPX_MLEN, sk);
-  if ((uint32_t)out_sign_len != sphincs_plus_get_sign_size(cctx)) {
+int sphincs_plus_sign(uint8_t *message, uint8_t *sk, uint8_t *out_sign) {
+  unsigned long long out_sign_len = sphincs_plus_get_sign_size();
+  int ret = crypto_sign(out_sign, (unsigned long long *)&out_sign_len, message,
+                        SPX_MLEN, sk);
+  if ((uint32_t)out_sign_len != sphincs_plus_get_sign_size()) {
     return 1;
   }
   return ret;
 }
 
 #endif  // CKB_VM
 
-int sphincs_plus_verify(crypto_context *cctx, uint8_t *sign, uint32_t sign_size,
-                        uint8_t *message, uint32_t message_size,
-                        uint8_t *pubkey, uint32_t pubkey_size) {
-  size_t sign_len = sphincs_plus_get_sign_size(cctx);
+int sphincs_plus_verify(uint8_t *sign, uint32_t sign_size, uint8_t *message,
+                        uint32_t message_size, uint8_t *pubkey,
+                        uint32_t pubkey_size) {
+  size_t sign_len = sphincs_plus_get_sign_size();
 
   if (sign_size != sign_len || message_size != SPX_MLEN ||
-      pubkey_size != sphincs_plus_get_pk_size(cctx)) {
+      pubkey_size != sphincs_plus_get_pk_size()) {
     return SphincsPlusError_Params;
   }
   unsigned char mout[SPX_BYTES + SPX_MLEN];
   unsigned long long mlen = 0;
 
-  int err = crypto_sign_open(cctx, mout, &mlen, sign, sign_len, pubkey);
+  int err = crypto_sign_open(mout, &mlen, sign, sign_len, pubkey);
   if (err != 0) {
     return SphincsPlusError_Verify;
   }