Add bn254 support and expose poseidon/poseidon2 host functions (#1667)

### What

* Add bn254 support (#1615, #1628)
- A new module `crypto/bn254.rs` with Bn254 point and field types, and
expose related host operations.
  - Implement `Neg` trait for `G1Affine` (#1630)
- Update bn254 typenames and add mapping (#1645), also updated bls12-381
type names for consistency
* Add raw Poseidon, Poseidon2 support in `CryptoHazmat`, gated by
"hazmat-crypto" feature


### Why

Expose new crypto functions for protocol 25

### Known limitations

Only the raw host function exposure for Poseidon/Poseidon2 has been
added in this PR. The more elaborate setup for sponge, parameters, hash
function wrappers will be done in a separate repo
[here](https://github.com/stellar/rs-soroban-poseidon)

---------

Co-authored-by: Jay Geng <jay@stellar.org>
Co-authored-by: Siddharth Suresh <siddharth@stellar.org>
Co-authored-by: Leigh <351529+leighmcculloch@users.noreply.github.com>
Co-authored-by: Matteo Lisotto <matteo.lisotto@gmail.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Nando Vieira <me@fnando.com>

Author: 8 people

Cargo.lock

@@ -30,29 +30,27 @@ soroban-token-spec = { version = "23.4.0", path = "soroban-token-spec" }
 stellar-asset-spec = { version = "23.4.0", path = "stellar-asset-spec" }
 
 [workspace.dependencies.soroban-env-common]
-version = "=23.0.1"
-#git = "https://github.com/stellar/rs-soroban-env"
-#rev = "bd0c80a1fe171e75f8d745f17975a73927d44ecd"
+version = "=25.0.0"
+# git = "https://github.com/stellar/rs-soroban-env"
+# rev = "cf58d535ab05d02802a5e804a95524650f8c62c7"
 
 [workspace.dependencies.soroban-env-guest]
-version = "=23.0.1"
-#git = "https://github.com/stellar/rs-soroban-env"
-#rev = "bd0c80a1fe171e75f8d745f17975a73927d44ecd"
+version = "=25.0.0"
+# git = "https://github.com/stellar/rs-soroban-env"
+# rev = "cf58d535ab05d02802a5e804a95524650f8c62c7"
 
 [workspace.dependencies.soroban-env-host]
-version = "=23.0.1"
-#git = "https://github.com/stellar/rs-soroban-env"
-#rev = "bd0c80a1fe171e75f8d745f17975a73927d44ecd"
+version = "=25.0.0"
+# git = "https://github.com/stellar/rs-soroban-env"
+# rev = "cf58d535ab05d02802a5e804a95524650f8c62c7"
 
 [workspace.dependencies.stellar-strkey]
 version = "=0.0.13"
 
 [workspace.dependencies.stellar-xdr]
-version = "=23.0.0"
+version = "=25.0.0"
 default-features = false
 features = ["curr"]
-#git = "https://github.com/stellar/rs-stellar-xdr"
-#rev = "67be5955a15f1d3a4df83fe86e6ae107f687141b"
 
 #[patch.crates-io]
 #soroban-env-common = { path = "../rs-soroban-env/soroban-env-common" }

Cargo.toml

@@ -240,7 +240,7 @@ impl LedgerSnapshot {
 impl Default for LedgerSnapshot {
     fn default() -> Self {
         Self {
-            protocol_version: 23,
+            protocol_version: 25,
             sequence_number: Default::default(),
             timestamp: Default::default(),
             network_id: Default::default(),

soroban-ledger-snapshot/src/lib.rs

@@ -2,7 +2,7 @@ use proc_macro2::TokenStream as TokenStream2;
 use quote::{format_ident, quote};
 use stellar_xdr::curr as stellar_xdr;
 use stellar_xdr::{
-    ScSpecEntry, ScSpecFunctionInputV0, ScSpecFunctionV0, ScSpecTypeDef, ScSymbol, StringM, VecM,
+    ScSpecEntry, ScSpecFunctionInputV0, ScSpecFunctionV0, ScSpecTypeDef, ScSymbol, StringM,
     WriteXdr, SCSYMBOL_LIMIT,
 };
 use syn::TypeReference;
@@ -153,17 +153,7 @@ pub fn derive_fn_spec(
             ));
             ScSymbol::default()
         }),
-        inputs: spec_args.try_into().unwrap_or_else(|_| {
-            const MAX: u32 = 10;
-            errors.push(Error::new(
-                inputs.iter().nth(MAX as usize).span(),
-                format!(
-                    "contract function has too many parameters, max count {} parameters",
-                    MAX,
-                ),
-            ));
-            VecM::<_, MAX>::default()
-        }),
+        inputs: spec_args.try_into().unwrap(),
         outputs: spec_result.try_into().unwrap(),
     });
     let spec_xdr = spec_entry.to_xdr(DEFAULT_XDR_RW_LIMITS).unwrap();

soroban-sdk-macros/src/derive_spec_fn.rs

@@ -16,6 +16,11 @@ pub const FP2_SERIALIZED_SIZE: u32 = FP_SERIALIZED_SIZE * 2;
 pub const G1_SERIALIZED_SIZE: u32 = FP_SERIALIZED_SIZE * 2;
 pub const G2_SERIALIZED_SIZE: u32 = FP2_SERIALIZED_SIZE * 2;
 
+// BN254 constants - values must match soroban_sdk::crypto::bn254
+pub const BN254_FP_SERIALIZED_SIZE: u32 = 32;
+pub const BN254_G1_SERIALIZED_SIZE: u32 = BN254_FP_SERIALIZED_SIZE * 2; // 64
+pub const BN254_G2_SERIALIZED_SIZE: u32 = BN254_G1_SERIALIZED_SIZE * 2; // 128
+
 #[allow(clippy::too_many_lines)]
 pub fn map_type(t: &Type, allow_ref: bool, allow_hash: bool) -> Result<ScSpecTypeDef, Error> {
     match t {
@@ -53,13 +58,13 @@ pub fn map_type(t: &Type, allow_ref: bool, allow_hash: bool) -> Result<ScSpecTyp
                     "MuxedAddress" => Ok(ScSpecTypeDef::MuxedAddress),
                     "Timepoint" => Ok(ScSpecTypeDef::Timepoint),
                     "Duration" => Ok(ScSpecTypeDef::Duration),
-                    // The BLS types defined below are represented in the contract's
+                    // The BLS and BN types defined below are represented in the contract's
                     // interface by their underlying data types, i.e.
                     // Fp/Fp2/G1Affine/G2Affine => BytesN<N>, Fr => U256. This approach
                     // simplifies integration with contract development tooling, as it
-                    // avoids introducing new spec types for these BLS constructs.
+                    // avoids introducing new spec types for these constructs.
                     //
-                    // While this is functionally sound because the BLS types are
+                    // While this is functionally sound because the types are
                     // essentially newtypes over their inner representations, it means
                     // that the specific semantic meaning of `G1Affine`, `G2Affine`, or
                     // `Fr` is not directly visible in the compiled WASM interface. For
@@ -71,6 +76,9 @@ pub fn map_type(t: &Type, allow_ref: bool, allow_hash: bool) -> Result<ScSpecTyp
                     // Idiom. For more details, see the tracking issue for supporting
                     // type aliases:
                     // https://github.com/stellar/rs-soroban-sdk/issues/1063
+
+                    // These BLS12-381 unprefixed type names
+                    // will be removed in a future release.
                     "Fp" => Ok(ScSpecTypeDef::BytesN(ScSpecTypeBytesN {
                         n: FP_SERIALIZED_SIZE,
                     })),
@@ -84,6 +92,29 @@ pub fn map_type(t: &Type, allow_ref: bool, allow_hash: bool) -> Result<ScSpecTyp
                         n: G2_SERIALIZED_SIZE,
                     })),
                     "Fr" => Ok(ScSpecTypeDef::U256),
+                    // BLS12-381 prefixed type names
+                    "Bls12381Fp" => Ok(ScSpecTypeDef::BytesN(ScSpecTypeBytesN {
+                        n: FP_SERIALIZED_SIZE,
+                    })),
+                    "Bls12381Fp2" => Ok(ScSpecTypeDef::BytesN(ScSpecTypeBytesN {
+                        n: FP2_SERIALIZED_SIZE,
+                    })),
+                    "Bls12381G1Affine" => Ok(ScSpecTypeDef::BytesN(ScSpecTypeBytesN {
+                        n: G1_SERIALIZED_SIZE,
+                    })),
+                    "Bls12381G2Affine" => Ok(ScSpecTypeDef::BytesN(ScSpecTypeBytesN {
+                        n: G2_SERIALIZED_SIZE,
+                    })),
+                    // BN254 prefixed type names
+                    "Bn254Fp" => Ok(ScSpecTypeDef::BytesN(ScSpecTypeBytesN {
+                        n: BN254_FP_SERIALIZED_SIZE,
+                    })),
+                    "Bn254G1Affine" => Ok(ScSpecTypeDef::BytesN(ScSpecTypeBytesN {
+                        n: BN254_G1_SERIALIZED_SIZE,
+                    })),
+                    "Bn254G2Affine" => Ok(ScSpecTypeDef::BytesN(ScSpecTypeBytesN {
+                        n: BN254_G2_SERIALIZED_SIZE,
+                    })),
                     s => Ok(ScSpecTypeDef::Udt(ScSpecTypeUdt {
                         name: s.try_into().map_err(|e| {
                             Error::new(

soroban-sdk-macros/src/map_type.rs

@@ -3,10 +3,14 @@
 use crate::{
     env::internal::{self, BytesObject},
     unwrap::UnwrapInfallible,
-    Bytes, BytesN, ConversionError, Env, IntoVal, TryFromVal, Val,
+    Bytes, BytesN, ConversionError, Env, IntoVal, Symbol, TryFromVal, TryIntoVal, Val, Vec, U256,
 };
 
 pub mod bls12_381;
+pub mod bn254;
+pub(crate) mod utils;
+pub use bn254::Fr as BnScalar;
+
 /// A `BytesN<N>` generated by a cryptographic hash function.
 ///
 /// The `Hash<N>` type contains a `BytesN<N>` and can only be constructed in
@@ -182,6 +186,12 @@ impl Crypto {
     pub fn bls12_381(&self) -> bls12_381::Bls12_381 {
         bls12_381::Bls12_381::new(self.env())
     }
+
+    /// Get a [Bn254][bn254::Bn254] for accessing the bn254
+    /// functions.
+    pub fn bn254(&self) -> bn254::Bn254 {
+        bn254::Bn254::new(self.env())
+    }
 }
 
 /// # ⚠️ Hazardous Materials
@@ -254,4 +264,68 @@ impl CryptoHazmat {
         )
         .unwrap_infallible();
     }
+
+    /// Performs a Poseidon permutation on the input state vector.
+    ///
+    /// WARNING: This is a low-level permutation function. Most users should use
+    /// the higher-level `poseidon_hash` function instead.
+    pub fn poseidon_permutation(
+        &self,
+        input: &Vec<U256>,
+        field: Symbol,
+        t: u32,
+        d: u32,
+        rounds_f: u32,
+        rounds_p: u32,
+        mds: &Vec<Vec<U256>>,
+        round_constants: &Vec<Vec<U256>>,
+    ) -> Vec<U256> {
+        let env = self.env();
+        let result = internal::Env::poseidon_permutation(
+            env,
+            input.to_object(),
+            field.to_symbol_val(),
+            t.into(),
+            d.into(),
+            rounds_f.into(),
+            rounds_p.into(),
+            mds.to_object(),
+            round_constants.to_object(),
+        )
+        .unwrap_infallible();
+
+        result.try_into_val(env).unwrap_infallible()
+    }
+
+    /// Performs a Poseidon2 permutation on the input state vector.
+    ///
+    /// WARNING: This is a low-level permutation function. Most users should use
+    /// the higher-level `poseidon2_hash` function instead.
+    pub fn poseidon2_permutation(
+        &self,
+        input: &Vec<U256>,
+        field: Symbol,
+        t: u32,
+        d: u32,
+        rounds_f: u32,
+        rounds_p: u32,
+        mat_internal_diag_m_1: &Vec<U256>,
+        round_constants: &Vec<Vec<U256>>,
+    ) -> Vec<U256> {
+        let env = self.env();
+        let result = internal::Env::poseidon2_permutation(
+            env,
+            input.to_object(),
+            field.to_symbol_val(),
+            t.into(),
+            d.into(),
+            rounds_f.into(),
+            rounds_p.into(),
+            mat_internal_diag_m_1.to_object(),
+            round_constants.to_object(),
+        )
+        .unwrap_infallible();
+
+        result.try_into_val(env).unwrap_infallible()
+    }
 }