Use the hash of pubkey in arg

joii2020 · joii2020 · commit a07b47279228 · 2023-03-01T16:22:25.000+08:00
diff --git a/Makefile b/Makefile
@@ -2,8 +2,8 @@ TARGET := riscv64-unknown-linux-gnu-
 CC := $(TARGET)gcc
 LD := $(TARGET)gcc
 
-PARAMS = sphincs-shake-256f
-THASH = robust
+PARAMS = sphincs-shake-128f
+THASH = simple
 
 CFLAGS := -fPIC -O3 -fno-builtin-printf -fno-builtin-memcmp -nostdinc -nostartfiles -fvisibility=hidden -fdata-sections -ffunction-sections -nostdlib -Wno-nonnull-compare -DCKB_VM -DCKB_DECLARATION_ONLY
 LDFLAGS := -fdata-sections -ffunction-sections
diff --git a/c/ckb-sphincsplus-lock.c b/c/ckb-sphincsplus-lock.c
@@ -54,15 +54,14 @@ enum SPHINCSPLUS_EXAMPLE_ERROR {
   ERROR_SPHINCSPLUS_SYSCALL,
   ERROR_SPHINCSPLUS_ENCODING,
   ERROR_SPHINCSPLUS_ARGS,
+  ERROR_SPHINCSPLUS_PUBKEY,
   ERROR_SPHINCSPLUS_WITNESS,
   ERROR_SPHINCSPLUS_VERIFY,
 };
 
 #ifdef CKB_VM
 // randombytes in sphincs+ depends on fcntl.h and unistd.h
-void randombytes(unsigned char *x, unsigned long long xlen) {
-  ASSERT(false);
-}
+void randombytes(unsigned char *x, unsigned long long xlen) { ASSERT(false); }
 #endif  // CKB_VM
 
 static int extract_witness_lock(uint8_t *witness, uint64_t len,
@@ -226,28 +225,43 @@ int make_witness(WitnessArgsType *witness) {
   return 0;
 }
 
-int get_sign(uint8_t *sign) {
+// Witness data structure
+// |-----Signature data-----|-----Public Key-----|
+int get_sign_info(uint8_t *sign, uint8_t *pubkey) {
   int err = CKB_SUCCESS;
   size_t sign_size = sphincs_plus_get_sign_size();
+  size_t pubkey_size = sphincs_plus_get_pk_size();
+
   WitnessArgsType witness_args;
 
   uint8_t witness_data_source[MAX_WITNESS_SIZE] = {0};
+  BytesOptType mol_lock;
+  mol2_cursor_t mol_lock_bytes;
+  size_t out_len;
+  uint8_t buffer[sign_size + pubkey_size];
+
   g_witness_data_source = witness_data_source;
   CHECK(make_witness(&witness_args));
 
-  BytesOptType mol_lock = witness_args.t->lock(&witness_args);
+  mol_lock = witness_args.t->lock(&witness_args);
   CHECK2(!mol_lock.t->is_none(&mol_lock), ERROR_SPHINCSPLUS_WITNESS);
 
-  mol2_cursor_t mol_lock_bytes = mol_lock.t->unwrap(&mol_lock);
-  size_t out_len = mol2_read_at(&mol_lock_bytes, sign, sign_size);
+  mol_lock_bytes = mol_lock.t->unwrap(&mol_lock);
+  CHECK2(mol_lock_bytes.size == sign_size + pubkey_size,
+         ERROR_SPHINCSPLUS_WITNESS);
+
+  out_len = mol2_read_at(&mol_lock_bytes, buffer, sign_size + pubkey_size);
+  CHECK2(out_len == sign_size + pubkey_size, ERROR_SPHINCSPLUS_WITNESS);
+
+  memcpy(sign, buffer, sign_size);
+  memcpy(pubkey, buffer + sign_size, pubkey_size);
 
-  CHECK2(out_len == sign_size, ERROR_SPHINCSPLUS_WITNESS);
 exit:
   g_witness_data_source = NULL;
   return err;
 }
 
-int get_public_key(uint8_t *pub_key) {
+int get_public_key_hash(uint8_t *pub_key) {
   int err = CKB_SUCCESS;
 
   uint8_t script[SCRIPT_SIZE];
@@ -260,30 +274,39 @@ int get_public_key(uint8_t *pub_key) {
 
   mol_seg_t args_seg = MolReader_Script_get_args(&script_seg);
   mol_seg_t args_bytes_seg = MolReader_Bytes_raw_bytes(&args_seg);
-  size_t pubkey_size = sphincs_plus_get_pk_size();
-  CHECK2((args_bytes_seg.size == pubkey_size), ERROR_SPHINCSPLUS_ARGS);
-  memcpy(pub_key, args_bytes_seg.ptr, pubkey_size);
+  CHECK2((args_bytes_seg.size == BLAKE2B_BLOCK_SIZE), ERROR_SPHINCSPLUS_ARGS);
+  memcpy(pub_key, args_bytes_seg.ptr, BLAKE2B_BLOCK_SIZE);
 
 exit:
   return err;
 }
 
-int main() {
-  int err = CKB_SUCCESS;
+int check_pubkey(uint8_t *pubkey, uint8_t *pubkey_hash) {
+  blake2b_state blake2b_ctx;
+  blake2b_init(&blake2b_ctx, BLAKE2B_BLOCK_SIZE);
+  blake2b_update(&blake2b_ctx, pubkey, sphincs_plus_get_pk_size());
+  uint8_t msg[BLAKE2B_BLOCK_SIZE];
+  blake2b_final(&blake2b_ctx, msg, sizeof(msg));
 
-  // signature data size depends on args data(hash type)
-  uint8_t pubkey[sphincs_plus_get_pk_size()];
-  err = get_public_key(pubkey);
-  if (err) {
-    return err;
+  if (memcmp(pubkey_hash, msg, BLAKE2B_BLOCK_SIZE)) {
+    return ERROR_SPHINCSPLUS_PUBKEY;
+  } else {
+    return 0;
   }
+}
 
+int main() {
+  int err = CKB_SUCCESS;
+
+  uint8_t pubkey_hash[BLAKE2B_BLOCK_SIZE];
   uint8_t message[BLAKE2B_BLOCK_SIZE];
   uint8_t sign[sphincs_plus_get_sign_size()];
-  CHECK(generate_sighash_all(message, BLAKE2B_BLOCK_SIZE));
-
-  CHECK(get_sign(sign));
+  uint8_t pubkey[sphincs_plus_get_pk_size()];
 
+  CHECK(get_public_key_hash(pubkey_hash));
+  CHECK(generate_sighash_all(message, BLAKE2B_BLOCK_SIZE));
+  CHECK(get_sign_info(sign, pubkey));
+  CHECK(check_pubkey(pubkey, pubkey_hash));
   err = sphincs_plus_verify(sign, sphincs_plus_get_sign_size(), message,
                             BLAKE2B_BLOCK_SIZE, pubkey,
                             sphincs_plus_get_pk_size());
diff --git a/tests/sphincsplus/optimization/Makefile b/tests/sphincsplus/optimization/Makefile
@@ -2,8 +2,8 @@ TARGET := riscv64-unknown-linux-gnu-
 CC := $(TARGET)gcc
 LD := $(TARGET)gcc
 
-PARAMS = sphincs-shake-256f
-THASH = robust
+PARAMS = sphincs-shake-128f
+THASH = simple
 
 CFLAGS := -fPIC -O3 -fno-builtin-printf -fno-builtin-memcmp -nostdinc -nostartfiles -fvisibility=hidden -fdata-sections -ffunction-sections -nostdlib -Wno-nonnull-compare -DCKB_VM -DCKB_DECLARATION_ONLY -g -DCKB_C_STDLIB_PRINTF
 LDFLAGS := -fdata-sections -ffunction-sections
diff --git a/tests/sphincsplus/optimization/run-all-optimization.sh b/tests/sphincsplus/optimization/run-all-optimization.sh
@@ -6,8 +6,8 @@ workdir=$(
 cd $workdir
 
 HASH_NAMES="shake sha2 haraka"
-HASH_SIZES="128 256"
-HASH_OPTIONS="s"
+HASH_SIZES="128 192 256"
+HASH_OPTIONS="s f"
 THASHS="simple robust"
 for HASH_NAME in ${HASH_NAMES[@]}; do
   for HASH_SIZE in ${HASH_SIZES[@]}; do
diff --git a/tests/sphincsplus_rust/Cargo.toml b/tests/sphincsplus_rust/Cargo.toml
@@ -6,7 +6,7 @@ version = "0.1.0"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [features]
-default = ["shake", "hash_256", "hash_options_f", "thashes_robust"]
+default = ["shake", "hash_128", "hash_options_f", "thashes_simple"]
 haraka = []
 sha2 = []
 shake = []
diff --git a/tests/sphincsplus_rust/run_example.sh b/tests/sphincsplus_rust/run_example.sh
@@ -1,8 +1,8 @@
 if [ ! -n "$1" ] ;then
   HASH_NAME="shake"
   HASH_SIZE="128"
-  THASH="robust"
-  HASH_OPTION="s"
+  THASH="simple"
+  HASH_OPTION="f"
 else
   HASH_NAME=$1
   HASH_SIZE=$2
diff --git a/tests/sphincsplus_rust/src/utils.rs b/tests/sphincsplus_rust/src/utils.rs
@@ -1,5 +1,6 @@
 use super::dummy_data_loader::DummyDataLoader;
 use super::sphincsplus::*;
+use ckb_hash::blake2b_256;
 use ckb_types::core::{
     cell::{CellMetaBuilder, ResolvedTransaction},
     TransactionView,
@@ -25,6 +26,7 @@ lazy_static! {
 pub struct TestConfig {
     key: SphincsPlus,
     pub sign_error: bool,
+    pub pubkey_hash_error: bool,
     pub pubkey_error: bool,
     pub message_error: bool,
     rng: ThreadRng,
@@ -36,6 +38,7 @@ impl TestConfig {
         Self {
             key: SphincsPlus::new(),
             sign_error: false,
+            pubkey_hash_error: false,
             pubkey_error: false,
             message_error: false,
             rng: thread_rng(),
@@ -54,10 +57,10 @@ impl TestConfig {
 }
 
 pub fn gen_tx(dummy: &mut DummyDataLoader, config: &mut TestConfig) -> TransactionView {
-    let lock_args = Bytes::from(if config.pubkey_error {
-        config.gen_rand_buf(config.key.pk.len())
+    let lock_args = Bytes::from(if config.pubkey_hash_error {
+        config.gen_rand_buf(32)
     } else {
-        config.key.pk.to_vec()
+        blake2b_256(&config.key.pk).to_vec()
     });
     gen_tx_with_grouped_args(dummy, vec![(lock_args, 1)], config)
 }
@@ -116,7 +119,7 @@ pub fn gen_tx_with_grouped_args(
                 previous_out_point.clone(),
                 (previous_output_cell.build(), Bytes::new()),
             );
-            let witness_len = config.key.get_sign_len();
+            let witness_len = config.key.get_sign_len() + config.key.get_pk_len();
             let random_extra_witness = config.gen_rand_buf(witness_len);
 
             let witness_args = WitnessArgsBuilder::default()
@@ -149,7 +152,7 @@ pub fn sign_tx_by_input_group(
     config: &mut TestConfig,
 ) -> TransactionView {
     let tx_hash = tx.hash();
-    let witness_len = config.key.get_sign_len();
+    let sign_info_len = config.key.get_sign_len() + config.key.get_pk_len();
 
     let mut signed_witnesses: Vec<packed::Bytes> = tx
         .inputs()
@@ -165,7 +168,7 @@ pub fn sign_tx_by_input_group(
 
                 let zero_lock: Bytes = {
                     let mut buf = Vec::new();
-                    buf.resize(witness_len, 0);
+                    buf.resize(sign_info_len, 0);
                     buf.into()
                 };
 
@@ -190,11 +193,25 @@ pub fn sign_tx_by_input_group(
                         config.rng.fill(&mut message);
                     }
                     let start = std::time::Instant::now();
-                    let sign = Bytes::from(if config.sign_error {
-                        config.gen_rand_buf(config.key.get_sign_len())
-                    } else {
-                        config.key.sign(&message)
-                    });
+                    let mut witness_buf = Vec::new();
+                    witness_buf.resize(sign_info_len, 0);
+
+                    witness_buf[..config.key.get_sign_len()].copy_from_slice(
+                        &if config.sign_error {
+                            config.gen_rand_buf(config.key.get_sign_len())
+                        } else {
+                            config.key.sign(&message)
+                        },
+                    );
+
+                    witness_buf[config.key.get_sign_len()..].copy_from_slice(
+                        &if config.pubkey_error {
+                            config.gen_rand_buf(config.key.get_pk_len())
+                        } else {
+                            config.key.pk.clone()
+                        },
+                    );
+
                     if config.print_time {
                         println!(
                             "sign time(native): {} us ({:.2?}s)",
@@ -203,7 +220,7 @@ pub fn sign_tx_by_input_group(
                         );
                     }
 
-                    sign
+                    Bytes::from(witness_buf)
                 };
 
                 witness
diff --git a/tests/sphincsplus_rust/tests/test_sphincsplus.rs b/tests/sphincsplus_rust/tests/test_sphincsplus.rs
@@ -46,6 +46,26 @@ fn test_err_sign() {
     }
 }
 
+#[test]
+fn test_err_pubkey_hash() {
+    let mut config = TestConfig::new();
+    config.pubkey_hash_error = true;
+
+    let mut dummy = DummyDataLoader::new();
+
+    let tx = gen_tx(&mut dummy, &mut config);
+    let tx = sign_tx(&mut dummy, tx, &mut config);
+
+    let resolved_tx = build_resolved_tx(&dummy, &tx);
+    let mut verifier = TransactionScriptsVerifier::new(&resolved_tx, &dummy);
+
+    verifier.set_debug_printer(debug_printer);
+    let verify_result = verifier.verify(MAX_CYCLES);
+    if verify_result.is_ok() {
+        panic!("pass verification");
+    }
+}
+
 #[test]
 fn test_err_pubkey() {
     let mut config = TestConfig::new();
