Change ed19 to work with arbitrary-length messages

CHANGELOG.md

@@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 #### Breaking
 - [#780](https://github.com/FuelLabs/fuel-vm/pull/780): Added `Blob` transaction, and `BSIZ` and `BLDD` instructions. Also allows `LDC` to load blobs.
+- [#795](https://github.com/FuelLabs/fuel-vm/pull/795): Fixed `ed19` instruction to take variable length message instead of a fixed-length one. Changed the gas cost to be `DependentCost`.
 
 ## [Version 0.55.0]
 

fuel-asm/src/lib.rs

@@ -206,12 +206,12 @@ impl_instructions! {
     0x3C TR tr [contract_id_addr: RegId amount: RegId asset_id_addr: RegId]
     "Transfer coins to a variable output."
     0x3D TRO tro [contract_id_addr: RegId output_index: RegId amount: RegId asset_id_addr: RegId]
-    "The 64-byte public key (x, y) recovered from 64-byte signature on 32-byte message."
+    "The 64-byte public key (x, y) recovered from 64-byte signature on 32-byte message hash."
     0x3E ECK1 eck1 [dst_addr: RegId sig_addr: RegId msg_hash_addr: RegId]
-    "The 64-byte Secp256r1 public key (x, y) recovered from 64-byte signature on 32-byte message."
+    "The 64-byte Secp256r1 public key (x, y) recovered from 64-byte signature on 32-byte message hash."
     0x3F ECR1 ecr1 [dst_addr: RegId sig_addr: RegId msg_hash_addr: RegId]
-    "Verify ED25519 public key and signature match a 32-byte message."
-    0x40 ED19 ed19 [pub_key_addr: RegId sig_addr: RegId msg_hash_addr: RegId]
+    "Verify ED25519 public key and signature match a message."
+    0x40 ED19 ed19 [pub_key_addr: RegId sig_addr: RegId msg_addr: RegId msg_len: RegId]
     "The keccak-256 hash of a slice."
     0x41 K256 k256 [dst_addr: RegId src_addr: RegId len: RegId]
     "The SHA-2-256 hash of a slice."

fuel-crypto/src/ed25519.rs

@@ -6,23 +6,20 @@ use fuel_types::{
     Bytes64,
 };
 
-use crate::{
-    message::Message,
-    Error,
-};
+use crate::Error;
 
 /// Verify a signature against a message digest and a public key.
 pub fn verify(
     pub_key: &Bytes32,
     signature: &Bytes64,
-    message: &Message,
+    message: &[u8],
 ) -> Result<(), Error> {
     let signature = Signature::from_bytes(signature);
 
     let pub_key = ed25519_dalek::VerifyingKey::from_bytes(pub_key)
         .map_err(|_| Error::InvalidPublicKey)?;
 
-    if pub_key.verify_strict(&**message, &signature).is_ok() {
+    if pub_key.verify_strict(message, &signature).is_ok() {
         Ok(())
     } else {
         Err(Error::InvalidSignature)

fuel-tx/src/transaction/consensus_parameters/gas.rs

@@ -219,15 +219,6 @@ impl GasCostsValues {
         }
     }
 
-    pub fn ed19(&self) -> Word {
-        match self {
-            GasCostsValues::V1(v1) => v1.ed19,
-            GasCostsValues::V2(v2) => v2.ed19,
-            GasCostsValues::V3(v3) => v3.ed19,
-            GasCostsValues::V4(v4) => v4.ed19,
-        }
-    }
-
     pub fn eq_(&self) -> Word {
         match self {
             GasCostsValues::V1(v1) => v1.eq,
@@ -945,6 +936,24 @@ impl GasCostsValues {
         }
     }
 
+    pub fn ed19(&self) -> DependentCost {
+        match self {
+            GasCostsValues::V1(v1) => DependentCost::HeavyOperation {
+                base: v1.ed19,
+                gas_per_unit: 0,
+            },
+            GasCostsValues::V2(v2) => DependentCost::HeavyOperation {
+                base: v2.ed19,
+                gas_per_unit: 0,
+            },
+            GasCostsValues::V3(v3) => DependentCost::HeavyOperation {
+                base: v3.ed19,
+                gas_per_unit: 0,
+            },
+            GasCostsValues::V4(v4) => v4.ed19,
+        }
+    }
+
     pub fn k256(&self) -> DependentCost {
         match self {
             GasCostsValues::V1(v1) => v1.k256,
@@ -1513,6 +1522,7 @@ pub struct GasCostsValuesV3 {
 /// Gas costs for every op.
 /// The difference with [`GasCostsValuesV3`]:
 /// - Added `bsiz`, `bldd` instructions
+/// - Changed `ed19` to be `DependentCost`
 #[allow(missing_docs)]
 #[derive(Debug, Clone, PartialEq, Eq, Hash, serde::Serialize, serde::Deserialize)]
 #[serde(default = "GasCostsValuesV4::unit")]
@@ -1531,7 +1541,6 @@ pub struct GasCostsValuesV4 {
     pub divi: Word,
     pub eck1: Word,
     pub ecr1: Word,
-    pub ed19: Word,
     pub eq: Word,
     pub exp: Word,
     pub expi: Word,
@@ -1618,6 +1627,7 @@ pub struct GasCostsValuesV4 {
     pub ccp: DependentCost,
     pub croo: DependentCost,
     pub csiz: DependentCost,
+    pub ed19: DependentCost,
     pub k256: DependentCost,
     pub ldc: DependentCost,
     pub logd: DependentCost,
@@ -2428,7 +2438,6 @@ impl GasCostsValuesV4 {
             divi: 0,
             eck1: 0,
             ecr1: 0,
-            ed19: 0,
             eq: 0,
             exp: 0,
             expi: 0,
@@ -2509,6 +2518,7 @@ impl GasCostsValuesV4 {
             ccp: DependentCost::free(),
             croo: DependentCost::free(),
             csiz: DependentCost::free(),
+            ed19: DependentCost::free(),
             k256: DependentCost::free(),
             ldc: DependentCost::free(),
             logd: DependentCost::free(),
@@ -2549,7 +2559,6 @@ impl GasCostsValuesV4 {
             divi: 1,
             eck1: 1,
             ecr1: 1,
-            ed19: 1,
             eq: 1,
             exp: 1,
             expi: 1,
@@ -2630,6 +2639,7 @@ impl GasCostsValuesV4 {
             ccp: DependentCost::unit(),
             croo: DependentCost::unit(),
             csiz: DependentCost::unit(),
+            ed19: DependentCost::unit(),
             k256: DependentCost::unit(),
             ldc: DependentCost::unit(),
             logd: DependentCost::unit(),

fuel-tx/src/transaction/consensus_parameters/gas/default_gas_costs.rs

@@ -19,7 +19,6 @@ pub fn default_gas_costs() -> GasCostsValues {
         divi: 1,
         eck1: 951,
         ecr1: 3000,
-        ed19: 3000,
         eq: 1,
         exp: 1,
         expi: 1,
@@ -102,6 +101,10 @@ pub fn default_gas_costs() -> GasCostsValues {
             base: 2,
             units_per_gas: 214,
         },
+        ed19: DependentCost::LightOperation {
+            base: 3000,
+            units_per_gas: 214,
+        },
         k256: DependentCost::LightOperation {
             base: 11,
             units_per_gas: 214,

fuel-vm/src/interpreter/crypto.rs

@@ -62,9 +62,10 @@ where
         a: Word,
         b: Word,
         c: Word,
+        len: Word,
     ) -> SimpleResult<()> {
         let (SystemRegisters { err, pc, .. }, _) = split_registers(&mut self.registers);
-        ed25519_verify(self.memory.as_mut(), err, pc, a, b, c)
+        ed25519_verify(self.memory.as_mut(), err, pc, a, b, c, len)
     }
 
     pub(crate) fn keccak256(&mut self, a: Word, b: Word, c: Word) -> SimpleResult<()> {
@@ -155,13 +156,13 @@ pub(crate) fn ed25519_verify(
     a: Word,
     b: Word,
     c: Word,
+    len: Word,
 ) -> SimpleResult<()> {
     let pub_key = Bytes32::from(memory.read_bytes(a)?);
     let sig = Bytes64::from(memory.read_bytes(b)?);
-    let msg = Bytes32::from(memory.read_bytes(c)?);
-    let message = Message::from_bytes_ref(&msg);
+    let msg = memory.read(c, len)?;
 
-    if fuel_crypto::ed25519::verify(&pub_key, &sig, message).is_ok() {
+    if fuel_crypto::ed25519::verify(&pub_key, &sig, msg).is_ok() {
         clear_err(err);
     } else {
         set_err(err);

fuel-vm/src/interpreter/crypto/tests.rs

@@ -4,6 +4,7 @@ use alloc::vec;
 use fuel_crypto::SecretKey;
 use rand::{
     rngs::StdRng,
+    RngCore,
     SeedableRng,
 };
 
@@ -110,21 +111,22 @@ fn test_verify_ed25519() -> SimpleResult<()> {
     let mut err = 0;
     let mut pc = 4;
 
-    let sig_address = 0;
-    let msg_address = 64;
-    let pubkey_address = 64 + 32;
+    let pubkey_address = 0;
+    let sig_address = pubkey_address + 32;
+    let msg_address = sig_address + 64;
 
     let mut rng = rand::rngs::OsRng;
     let signing_key = ed25519_dalek::SigningKey::generate(&mut rng);
 
-    let message = Message::new([3u8; 100]);
-    let signature = signing_key.sign(&*message);
+    let mut message = [0u8; 100];
+    rng.fill_bytes(&mut message);
+    let signature = signing_key.sign(&message);
 
-    memory[sig_address..sig_address + Signature::LEN]
-        .copy_from_slice(&signature.to_bytes());
-    memory[msg_address..msg_address + Message::LEN].copy_from_slice(message.as_ref());
     memory[pubkey_address..pubkey_address + Bytes32::LEN]
         .copy_from_slice(signing_key.verifying_key().as_ref());
+    memory[sig_address..sig_address + Signature::LEN]
+        .copy_from_slice(&signature.to_bytes());
+    memory[msg_address..msg_address + message.len()].copy_from_slice(message.as_ref());
 
     ed25519_verify(
         &mut memory,
@@ -133,6 +135,7 @@ fn test_verify_ed25519() -> SimpleResult<()> {
         pubkey_address as Word,
         sig_address as Word,
         msg_address as Word,
+        message.len() as Word,
     )?;
     assert_eq!(pc, 8);
     assert_eq!(err, 0);

fuel-vm/src/interpreter/executors/instruction.rs

@@ -59,7 +59,7 @@ where
                 ))
             })?,
         );
-        if pc < self.registers[RegId::IS] || pc >= self.registers[RegId::SSP] {
+        if pc < self.registers[RegId::IS] || pc >= self.registers[RegId::SP] {
             return Err(InterpreterError::PanicInstruction(PanicInstruction::error(
                 PanicReason::MemoryNotExecutable,
                 instruction,
@@ -845,9 +845,16 @@ where
             }
 
             Instruction::ED19(ed19) => {
-                self.gas_charge(self.gas_costs().ed19())?;
-                let (a, b, c) = ed19.unpack();
-                self.ed25519_verify(r!(a), r!(b), r!(c))?;
+                let (a, b, c, len) = ed19.unpack();
+                let mut len = r!(len);
+
+                // Backwards compatibility with old contracts
+                if len == 0 {
+                    len = 32;
+                }
+
+                self.dependent_gas_charge(self.gas_costs().ed19(), len)?;
+                self.ed25519_verify(r!(a), r!(b), r!(c), len)?;
             }
 
             Instruction::K256(k256) => {