radixdlt · iamyulong · Nov 15, 2024 · Nov 15, 2024 · Nov 15, 2024 · dhedey
@@ -22,6 +22,28 @@ pub fn verify_and_recover_secp256k1(
     None
 }
 
+#[cfg(feature = "secp256k1_sign_and_validate")]
+pub fn verify_and_recover_secp256k1_uncompressed(
+    signed_hash: &Hash,
+    signature: &Secp256k1Signature,
+) -> Option<[u8; secp256k1::constants::UNCOMPRESSED_PUBLIC_KEY_SIZE]> {
+    let recovery_id = signature.0[0];
+    let signature_data = &signature.0[1..];
+    if let Ok(id) = ::secp256k1::ecdsa::RecoveryId::from_i32(recovery_id.into()) {
+        if let Ok(sig) = ::secp256k1::ecdsa::RecoverableSignature::from_compact(signature_data, id)
+        {
+            let msg = ::secp256k1::Message::from_digest_slice(&signed_hash.0)
+                .expect("Hash is always a valid message");
+
+            // The recover method also verifies the signature as part of the recovery process
+            if let Ok(pk) = SECP256K1_CTX.recover_ecdsa(&msg, &sig) {
+                return Some(pk.serialize_uncompressed());
+            }
+        }
+    }
+    None
+}
+
 #[cfg(feature = "secp256k1_sign_and_validate")]
 pub fn verify_secp256k1(
     signed_hash: &Hash,

@@ -41,6 +41,7 @@ paste = { workspace = true }
 hex = { workspace = true }
 trybuild = { workspace = true }
 extend = { workspace = true }
+secp256k1 = { workspace = true }
 
 [build-dependencies]
 walkdir = { workspace = true, optional = true }

@@ -68,5 +68,12 @@ mod component_module {
         ) -> Secp256k1PublicKey {
             CryptoUtils::secp256k1_ecdsa_verify_and_key_recover(&hash, &signature)
         }
+
+        pub fn secp256k1_ecdsa_verify_and_key_recover_uncompressed(
+            hash: Hash,
+            signature: Secp256k1Signature,
+        ) -> [u8; 65] {
+            CryptoUtils::secp256k1_ecdsa_verify_and_key_recover_uncompressed(&hash, &signature)
+        }
     }
 }
@@ -576,14 +576,19 @@ fn crypto_scrypto_secp256k1_ecdsa_verify_and_key_recover(
     package_address: PackageAddress,
     hash: Hash,
     signature: Secp256k1Signature,
+    compressed: bool,
 ) -> TransactionReceipt {
     runner.execute_manifest(
         ManifestBuilder::new()
             .lock_fee(runner.faucet_component(), 500u32)
             .call_function(
                 package_address,
                 "CryptoScrypto",
-                "secp256k1_ecdsa_verify_and_key_recover",
+                if compressed {
+                    "secp256k1_ecdsa_verify_and_key_recover"
+                } else {
+                    "secp256k1_ecdsa_verify_and_key_recover_uncompressed"
+                },
                 manifest_args!(hash, signature),
             )
             .build(),
@@ -688,16 +693,32 @@ fn test_crypto_scrypto_key_recover_secp256k1_ecdsa() {
     let hash1_signature = Secp256k1Signature::from_str(hash1_signature).unwrap();
 
     // Act
-    let pk_recovered: Secp256k1PublicKey =
+    let pk_recovered1: Secp256k1PublicKey =
         get_output!(crypto_scrypto_secp256k1_ecdsa_verify_and_key_recover(
             &mut ledger,
             package_address,
             hash1,
             hash1_signature,
+            true
+        ));
+    let pk_recovered2: Vec<u8> =
+        get_output!(crypto_scrypto_secp256k1_ecdsa_verify_and_key_recover(
+            &mut ledger,
+            package_address,
+            hash1,
+            hash1_signature,
+            false
         ));
 
     // Assert
-    assert_eq!(pk, pk_recovered);
+    assert_eq!(pk, pk_recovered1);
+    assert_eq!(
+        secp256k1::PublicKey::from_slice(pk.as_ref())
+            .unwrap()
+            .serialize_uncompressed()
+            .to_vec(),
+        pk_recovered2
+    );
 
     // Test for key recovery error
     let invalid_signature = "01cd8dcd5bb841430dd0a6f45565a1b8bdb4a204eb868832cd006f963a89a662813ab844a542fcdbfda4086a83fbbde516214113051b9c8e42a206c98d564d7122";
@@ -708,6 +729,7 @@ fn test_crypto_scrypto_key_recover_secp256k1_ecdsa() {
         package_address,
         hash1,
         invalid_signature,
+        true
     ));
 
     // Assert

@@ -94,6 +94,8 @@ pub const CRYPTO_UTILS_SECP256K1_ECDSA_VERIFY_FUNCTION_NAME: &str =
     "crypto_utils_secp256k1_ecdsa_verify";
 pub const CRYPTO_UTILS_SECP256K1_ECDSA_VERIFY_AND_KEY_RECOVER_FUNCTION_NAME: &str =
     "crypto_utils_secp256k1_ecdsa_verify_and_key_recover";
+pub const CRYPTO_UTILS_SECP256K1_ECDSA_VERIFY_AND_KEY_RECOVER_UNCOMPRESSED_FUNCTION_NAME: &str =
+    "crypto_utils_secp256k1_ecdsa_verify_and_key_recover_uncompressed";
 
 //=================
 // WASM Shim

@@ -965,6 +965,32 @@ impl WasmModule {
                             ));
                         }
                     }
+                    CRYPTO_UTILS_SECP256K1_ECDSA_VERIFY_AND_KEY_RECOVER_UNCOMPRESSED_FUNCTION_NAME =>
+                    {
+                        if version < ScryptoVmVersion::crypto_utils_v2() {
+                            return Err(PrepareError::InvalidImport(
+                                InvalidImport::ProtocolVersionMismatch {
+                                    name: entry.name.to_string(),
+                                    current_version: version.into(),
+                                    expected_version: ScryptoVmVersion::crypto_utils_v2().into(),
+                                },
+                            ));
+                        }
+
+                        if let TypeRef::Func(type_index) = entry.ty {
+                            if Self::function_type_matches(
+                                &self.module,
+                                type_index,
+                                vec![ValType::I32, ValType::I32, ValType::I32, ValType::I32],
+                                vec![ValType::I64],
+                            ) {
+                                continue;
+                            }
+                            return Err(PrepareError::InvalidImport(
+                                InvalidImport::InvalidFunctionType(entry.name.to_string()),
+                            ));
+                        }
+                    }
                     // Crypto Utils v2 end
                     _ => {}
                 };
@@ -1553,6 +1579,7 @@ mod tests {
                     CRYPTO_UTILS_ED25519_VERIFY_FUNCTION_NAME,
                     CRYPTO_UTILS_SECP256K1_ECDSA_VERIFY_FUNCTION_NAME,
                     CRYPTO_UTILS_SECP256K1_ECDSA_VERIFY_AND_KEY_RECOVER_FUNCTION_NAME,
+                    CRYPTO_UTILS_SECP256K1_ECDSA_VERIFY_AND_KEY_RECOVER_UNCOMPRESSED_FUNCTION_NAME,
                 ],
             ),
         ] {

@@ -255,6 +255,12 @@ pub trait WasmRuntime {
         message: Vec<u8>,
         signature: Vec<u8>,
     ) -> Result<Buffer, InvokeError<WasmRuntimeError>>;
+
+    fn crypto_utils_secp256k1_ecdsa_verify_and_key_recover_uncompressed(
+        &mut self,
+        message: Vec<u8>,
+        signature: Vec<u8>,
+    ) -> Result<Buffer, InvokeError<WasmRuntimeError>>;
 }
 
 /// Represents an instantiated, invocable Scrypto module.

@@ -910,6 +910,29 @@ fn secp256k1_ecdsa_verify_and_key_recover(
         .map(|buffer| buffer.0)
 }
 
+fn secp256k1_ecdsa_verify_and_key_recover_uncompressed(
+    mut caller: Caller<'_, HostState>,
+    message_ptr: u32,
+    message_len: u32,
+    signature_ptr: u32,
+    signature_len: u32,
+) -> Result<u64, InvokeError<WasmRuntimeError>> {
+    let runtime = grab_runtime!(caller);
+    let memory = grab_memory!(caller);
+
+    let message = read_memory(caller.as_context_mut(), memory, message_ptr, message_len)?;
+    let signature = read_memory(
+        caller.as_context_mut(),
+        memory,
+        signature_ptr,
+        signature_len,
+    )?;
+
+    runtime
+        .crypto_utils_secp256k1_ecdsa_verify_and_key_recover_uncompressed(message, signature)
+        .map(|buffer| buffer.0)
+}
+
 #[cfg(feature = "radix_engine_tests")]
 fn test_host_read_memory(
     mut caller: Caller<'_, HostState>,
@@ -1623,6 +1646,24 @@ impl WasmiModule {
                 .map_err(|e| e.into())
             },
         );
+        let host_secp2561k1_ecdsa_verify_and_key_recover_uncompressed = Func::wrap(
+            store.as_context_mut(),
+            |caller: Caller<'_, HostState>,
+             message_ptr: u32,
+             message_len: u32,
+             signature_ptr: u32,
+             signature_len: u32|
+             -> Result<u64, Trap> {
+                secp256k1_ecdsa_verify_and_key_recover_uncompressed(
+                    caller,
+                    message_ptr,
+                    message_len,
+                    signature_ptr,
+                    signature_len,
+                )
+                .map_err(|e| e.into())
+            },
+        );
 
         let mut linker = <Linker<HostState>>::new();
 
@@ -1826,6 +1867,11 @@ impl WasmiModule {
             CRYPTO_UTILS_SECP256K1_ECDSA_VERIFY_AND_KEY_RECOVER_FUNCTION_NAME,
             host_secp2561k1_ecdsa_verify_and_key_recover
         );
+        linker_define!(
+            linker,
+            CRYPTO_UTILS_SECP256K1_ECDSA_VERIFY_AND_KEY_RECOVER_UNCOMPRESSED_FUNCTION_NAME,
+            host_secp2561k1_ecdsa_verify_and_key_recover_uncompressed
+        );
 
         #[cfg(feature = "radix_engine_tests")]
         {

@@ -378,4 +378,12 @@ impl<'a> WasmRuntime for NoOpWasmRuntime<'a> {
     ) -> Result<Buffer, InvokeError<WasmRuntimeError>> {
         Err(InvokeError::SelfError(WasmRuntimeError::NotImplemented))
     }
+
+    fn crypto_utils_secp256k1_ecdsa_verify_and_key_recover_uncompressed(
+        &mut self,
+        message: Vec<u8>,
+        signature: Vec<u8>,
+    ) -> Result<Buffer, InvokeError<WasmRuntimeError>> {
+        Err(InvokeError::SelfError(WasmRuntimeError::NotImplemented))
+    }
 }
@@ -794,4 +794,25 @@ impl<'y, Y: SystemApi<RuntimeError>> WasmRuntime for ScryptoRuntime<'y, Y> {
 
         self.allocate_buffer(key.to_vec())
     }
+
+    /// This method is only available to packages uploaded after "Cuttlefish"
+    /// protocol update due to checks in [`ScryptoV1WasmValidator::validate`].
+    #[trace_resources]
+    fn crypto_utils_secp256k1_ecdsa_verify_and_key_recover_uncompressed(
+        &mut self,
+        message: Vec<u8>,
+        signature: Vec<u8>,
+    ) -> Result<Buffer, InvokeError<WasmRuntimeError>> {
+        let hash = Hash::try_from(message.as_slice()).map_err(WasmRuntimeError::InvalidHash)?;
+        let signature = Secp256k1Signature::try_from(signature.as_ref())
+            .map_err(WasmRuntimeError::InvalidSecp256k1Signature)?;
+
+        self.api
+            .consume_cost_units(ClientCostingEntry::Secp256k1EcdsaKeyRecover)?;
+
+        let key = verify_and_recover_secp256k1_uncompressed(&hash, &signature)
+            .ok_or(WasmRuntimeError::Secp256k1KeyRecoveryError)?;
+
+        self.allocate_buffer(key.to_vec())
+    }
 }
@@ -156,4 +156,19 @@ impl CryptoUtils {
         });
         Secp256k1PublicKey(key.try_into().unwrap())
     }
+
+    pub fn secp256k1_ecdsa_verify_and_key_recover_uncompressed(
+        message_hash: impl AsRef<Hash>,
+        signature: impl AsRef<Secp256k1Signature>,
+    ) -> [u8; 65] {
+        let key = copy_buffer(unsafe {
+            crypto_utils::crypto_utils_secp256k1_ecdsa_verify_and_key_recover_uncompressed(
+                message_hash.as_ref().0.as_ptr(),
+                message_hash.as_ref().0.len(),
+                signature.as_ref().0.as_ptr(),
+                signature.as_ref().0.len(),
+            )
+        });
+        key.try_into().unwrap()
+    }
 }
@@ -346,6 +346,12 @@ pub mod crypto_utils {
             message_len: usize,
             signature_ptr: *const u8,
             signature_len: usize) -> Buffer;
+
+        pub fn crypto_utils_secp256k1_ecdsa_verify_and_key_recover_uncompressed(
+            message_ptr: *const u8,
+            message_len: usize,
+            signature_ptr: *const u8,
+            signature_len: usize) -> Buffer;
     }
 }