Add blake2_f precompile

ethcore/builtin/Cargo.toml

@@ -14,7 +14,9 @@ keccak-hash = "0.2.0"
 log = "0.4"
 num = { version = "0.1", default-features = false, features = ["bigint"] }
 parity-bytes = "0.1"
-parity-crypto = "0.4.0"
+parity-crypto = { version = "0.4.0", git = "https://github.com/paritytech/parity-common/", branch = "dp/feature/add-blake2_f-toparity-crypto"}
+byteorder = "1.3.2"
 
 [dev-dependencies]
 rustc-hex = "1.0"
+hex-literal = "0.2.1"

ethcore/builtin/src/lib.rs

@@ -18,18 +18,19 @@
 
 use std::{
 	cmp::{max, min},
-	io::{self, Read},
+	io::{self, Read, Cursor},
 };
 
 use bn;
+use byteorder::{BigEndian, LittleEndian, ReadBytesExt};
 use ethereum_types::{H256, U256};
 use ethjson;
 use ethkey::{Signature, recover as ec_recover};
 use keccak_hash::keccak;
 use log::{warn, trace};
 use num::{BigUint, Zero, One};
 use parity_bytes::BytesRef;
-use parity_crypto::digest;
+use parity_crypto::{blake2_f, digest};
 
 /// Native implementation of a built-in contract.
 trait Implementation: Send + Sync {
@@ -44,6 +45,19 @@ trait Pricer: Send + Sync {
 	fn cost(&self, input: &[u8], at: u64) -> U256;
 }
 
+/// A linear pricing model. This computes a price using a base cost and a cost per-word.
+pub type Fixed = u64;
+
+impl Pricer for Fixed {
+	fn cost(&self, input: &[u8], _at: u64) -> U256 {
+		use std::convert::TryInto;
+		let (rounds_bytes, _) = input.split_at(std::mem::size_of::<u32>());
+		// todo[dvdplm] what's the error handling strategy here? panic? return U256::MAX? Is the input len checked before this call?
+		let rounds = u32::from_be_bytes(rounds_bytes.try_into().unwrap());
+		U256::from(*self * rounds as u64)
+	}
+}
+
 /// A linear pricing model. This computes a price using a base cost and a cost per-word.
 struct Linear {
 	base: usize,
@@ -199,6 +213,9 @@ impl Builtin {
 impl From<ethjson::spec::Builtin> for Builtin {
 	fn from(b: ethjson::spec::Builtin) -> Self {
 		let pricer: Box<dyn Pricer> = match b.pricing {
+			ethjson::spec::Pricing::Fixed(fixed) => {
+				Box::new(fixed)
+			},
 			ethjson::spec::Pricing::Linear(linear) => {
 				Box::new(Linear {
 					base: linear.base,
@@ -256,6 +273,7 @@ fn ethereum_builtin(name: &str) -> Box<dyn Implementation> {
 		"alt_bn128_add" => Box::new(Bn128Add) as Box<dyn Implementation>,
 		"alt_bn128_mul" => Box::new(Bn128Mul) as Box<dyn Implementation>,
 		"alt_bn128_pairing" => Box::new(Bn128Pairing) as Box<dyn Implementation>,
+		"blake2_f" => Box::new(Blake2F) as Box<dyn Implementation>,
 		_ => panic!("invalid builtin name: {}", name),
 	}
 }
@@ -267,6 +285,10 @@ fn ethereum_builtin(name: &str) -> Box<dyn Implementation> {
 // - sha256
 // - ripemd160
 // - modexp (EIP198)
+// - alt_bn128_add
+// - alt_bn128_mul
+// - alt_bn128_pairing
+// - blake2_f (The Blake2 compression function F, EIP-152)
 
 #[derive(Debug)]
 struct Identity;
@@ -292,6 +314,9 @@ struct Bn128Mul;
 #[derive(Debug)]
 struct Bn128Pairing;
 
+#[derive(Debug)]
+struct Blake2F;
+
 impl Implementation for Identity {
 	fn execute(&self, input: &[u8], output: &mut BytesRef) -> Result<(), &'static str> {
 		output.write(0, input);
@@ -337,6 +362,52 @@ impl Implementation for Sha256 {
 	}
 }
 
+impl Implementation for Blake2F {
+	fn execute(&self, input: &[u8], output: &mut BytesRef) -> Result<(), &'static str> {
+		const BLAKE2_F_ARG_LEN: usize = 213;
+
+		if input.len() != BLAKE2_F_ARG_LEN {
+			// todo[dvdplm] what's the right 'target' here?
+			trace!(target: "evm", "input length for Blake2 F precompile should be exactly 213 bytes, was {}", input.len());
+			return Err("input length for Blake2 F precompile should be exactly 213 bytes")
+		}
+
+		let mut rdr = Cursor::new(input);
+		let rounds = rdr.read_u32::<BigEndian>().expect("todo – prove this is ok or handle");
+
+		// state vector, h
+		let mut h = [0u64; 8];
+		for i in 0..8 {
+			h[i] = rdr.read_u64::<LittleEndian>().expect("todo - prove this is ok or handle");
+		}
+
+		// message block vector, m
+		let mut m = [0u64; 16];
+		for i in 0..16 {
+			m[i] = rdr.read_u64::<LittleEndian>().expect("todo - prove this is ok or handle");
+		}
+
+		// 2w-bit offset counter, t
+		let t0 = rdr.read_u64::<LittleEndian>().expect("todo - prove this is ok or handle");
+		let t1 = rdr.read_u64::<LittleEndian>().expect("todo - prove this is ok or handle");
+
+		// final block indicator flag, "f"
+		let f = match input.last() {
+				Some(1) => true,
+				Some(0) => false,
+				_ => {
+					trace!(target: "evm", "incorrect final block indicator flag, was: {:?}", input.last());
+					return Err("incorrect final block indicator flag")
+				}
+			};
+
+		blake2_f::blake2_f(&mut h, m, [t0, t1], f, rounds as usize);
+
+		output.write(0, unsafe { std::slice::from_raw_parts(h.as_ptr() as *const u8, h.len() * std::mem::size_of::<u64>())});
+		Ok(())
+	}
+}
+
 impl Implementation for Ripemd160 {
 	fn execute(&self, input: &[u8], output: &mut BytesRef) -> Result<(), &'static str> {
 		let hash = digest::ripemd160(input);
@@ -600,8 +671,117 @@ mod tests {
 	use num::{BigUint, Zero, One};
 	use parity_bytes::BytesRef;
 	use rustc_hex::FromHex;
+	use hex_literal::hex; // todo[dvdplm] switch tests to hex_literal
 	use super::{Builtin, Linear, ethereum_builtin, Pricer, ModexpPricer, modexp as me};
 
+	#[test]
+	fn blake2f_cost() {
+		let f = Builtin {
+			pricer: Box::new(123),
+			native: ethereum_builtin("blake2_f"),
+			activate_at: 0,
+		};
+		// 5 rounds
+		let input = hex!("0000000548c9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b61626300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000001");
+		let mut output = [0u8; 64];
+		f.execute(&input[..], &mut BytesRef::Fixed(&mut output[..])).unwrap();
+
+		assert_eq!(f.cost(&input[..], 0), U256::from(123*5));
+	}
+
+	#[test]
+	fn blake2_f_is_err_on_invalid_length() {
+		let blake2 = ethereum_builtin("blake2_f");
+		// Test vector 1 and expected output from https://github.com/ethereum/EIPs/blob/master/EIPS/eip-152.md#test-vector-1
+		let input = hex!("00000c48c9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b61626300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000001");
+		let mut out = [0u8; 64];
+
+		let result = blake2.execute(&input[..], &mut BytesRef::Fixed(&mut out[..]));
+		assert!(result.is_err());
+		assert_eq!(result.unwrap_err(), "input length for Blake2 F precompile should be exactly 213 bytes");
+	}
+
+	#[test]
+	fn blake2_f_is_err_on_invalid_length_2() {
+		let blake2 = ethereum_builtin("blake2_f");
+		// Test vector 2 and expected output from https://github.com/ethereum/EIPs/blob/master/EIPS/eip-152.md#test-vector-2
+		let input = hex!("000000000c48c9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b61626300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000001");
+		let mut out = [0u8; 64];
+
+		let result = blake2.execute(&input[..], &mut BytesRef::Fixed(&mut out[..]));
+		assert!(result.is_err());
+		assert_eq!(result.unwrap_err(), "input length for Blake2 F precompile should be exactly 213 bytes");
+	}
+
+	#[test]
+	fn blake2_f_is_err_on_bad_finalization_flag() {
+		let blake2 = ethereum_builtin("blake2_f");
+		// Test vector 3 and expected output from https://github.com/ethereum/EIPs/blob/master/EIPS/eip-152.md#test-vector-3
+		let input = hex!("0000000c48c9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b61626300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000002");
+		let mut out = [0u8; 64];
+
+		let result = blake2.execute(&input[..], &mut BytesRef::Fixed(&mut out[..]));
+		assert!(result.is_err());
+		assert_eq!(result.unwrap_err(), "incorrect final block indicator flag");
+	}
+
+	#[test]
+	fn blake2_f_zero_rounds_is_ok_test_vector_4() {
+		let blake2 = ethereum_builtin("blake2_f");
+		// Test vector 4 and expected output from https://github.com/ethereum/EIPs/blob/master/EIPS/eip-152.md#test-vector-4
+		let input = hex!("0000000048c9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b61626300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000001");
+		let expected = hex!("08c9bcf367e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5d282e6ad7f520e511f6c3e2b8c68059b9442be0454267ce079217e1319cde05b");
+		let mut output = [0u8; 64];
+		blake2.execute(&input[..], &mut BytesRef::Fixed(&mut output[..])).unwrap();
+		assert_eq!(&output[..], &expected[..]);
+	}
+
+	#[test]
+	fn blake2_f_test_vector_5() {
+		let blake2 = ethereum_builtin("blake2_f");
+		// Test vector 5 and expected output from https://github.com/ethereum/EIPs/blob/master/EIPS/eip-152.md#test-vector-5
+		let input = hex!("0000000c48c9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b61626300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000001");
+		let expected = hex!("ba80a53f981c4d0d6a2797b69f12f6e94c212f14685ac4b74b12bb6fdbffa2d17d87c5392aab792dc252d5de4533cc9518d38aa8dbf1925ab92386edd4009923");
+		let mut out = [0u8; 64];
+		blake2.execute(&input[..], &mut BytesRef::Fixed(&mut out[..])).unwrap();
+		assert_eq!(&out[..], &expected[..]);
+	}
+
+	#[test]
+	fn blake2_f_test_vector_6() {
+		let blake2 = ethereum_builtin("blake2_f");
+		// Test vector 6 and expected output from https://github.com/ethereum/EIPs/blob/master/EIPS/eip-152.md#test-vector-6
+		let input = hex!("0000000c48c9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b61626300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000");
+		let expected = hex!("75ab69d3190a562c51aef8d88f1c2775876944407270c42c9844252c26d2875298743e7f6d5ea2f2d3e8d226039cd31b4e426ac4f2d3d666a610c2116fde4735");
+		let mut out = [0u8; 64];
+		blake2.execute(&input[..], &mut BytesRef::Fixed(&mut out[..])).unwrap();
+		assert_eq!(&out[..], &expected[..]);
+	}
+
+	#[test]
+	fn blake2_f_test_vector_7() {
+		let blake2 = ethereum_builtin("blake2_f");
+		// Test vector 7 and expected output from https://github.com/ethereum/EIPs/blob/master/EIPS/eip-152.md#test-vector-7
+		let input = hex!("0000000148c9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b61626300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000001");
+		let expected = hex!("b63a380cb2897d521994a85234ee2c181b5f844d2c624c002677e9703449d2fba551b3a8333bcdf5f2f7e08993d53923de3d64fcc68c034e717b9293fed7a421");
+		let mut out = [0u8; 64];
+		blake2.execute(&input[..], &mut BytesRef::Fixed(&mut out[..])).unwrap();
+		assert_eq!(&out[..], &expected[..]);
+	}
+
+	#[ignore]
+	#[test]
+	fn blake2_f_test_vector_8() {
+		let blake2 = ethereum_builtin("blake2_f");
+		// Test vector 8 and expected output from https://github.com/ethereum/EIPs/blob/master/EIPS/eip-152.md#test-vector-8
+		// Note this test is slow, 4294967295/0xffffffff rounds take a while.
+		let input = hex!("ffffffff48c9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b61626300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000001");
+		let expected = hex!("fc59093aafa9ab43daae0e914c57635c5402d8e3d2130eb9b3cc181de7f0ecf9b22bf99a7815ce16419e200e01846e6b5df8cc7703041bbceb571de6631d2615");
+		let mut out = [0u8; 64];
+		blake2.execute(&input[..], &mut BytesRef::Fixed(&mut out[..])).unwrap();
+		assert_eq!(&out[..], &expected[..]);
+	}
+
 	#[test]
 	fn modexp_func() {
 		// n^0 % m == 1

ethcore/res/ethereum/foundation.json

@@ -3958,6 +3958,15 @@
 				}
 			}
 		},
+        "0x0000000000000000000000000000000000000009": {
+          "builtin": {
+            "name": "blake2_f",
+            "activate_at": "0xffffff",
+            "pricing": {
+              "fixed": 1
+            }
+          }
+        },
 		"0x3282791d6fd713f1e94f4bfd565eaa78b3a0599d": {
 			"balance": "0x487a9a304539440000"
 		},