ton/crypto/vm/Hasher.cpp

/*
  This file is part of TON Blockchain Library.

  TON Blockchain Library is free software: you can redistribute it and/or modify
  it under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation, either version 2 of the License, or
  (at your option) any later version.

  TON Blockchain Library is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with TON Blockchain Library.  If not, see <http://www.gnu.org/licenses/>.
*/
#include "vm/Hasher.h"
#include "vm/excno.hpp"
#include "vm/vm.h"
#include <iostream>
#include <openssl/evp.h>
#include "keccak/keccak.h"

namespace vm {

using td::Ref;

class HasherImplEVP : public Hasher::HasherImpl {
 public:
  explicit HasherImplEVP(EVP_MD_CTX* ctx) : ctx_(ctx) {
  }

  ~HasherImplEVP() override {
    EVP_MD_CTX_free(ctx_);
  }

  void append(const unsigned char *data, size_t size) override {
    CHECK(EVP_DigestUpdate(ctx_, data, size));
  }

  td::BufferSlice finish() override {
    td::BufferSlice hash(EVP_MD_CTX_size(ctx_));
    unsigned size;
    CHECK(EVP_DigestFinal_ex(ctx_, (unsigned char *)hash.data(), &size) || size != hash.size());
    return hash;
  }

  std::unique_ptr<HasherImpl> make_copy() const override {
    EVP_MD_CTX *new_ctx = nullptr;
    new_ctx = EVP_MD_CTX_new();
    CHECK(new_ctx != nullptr);
    CHECK(EVP_MD_CTX_copy_ex(new_ctx, ctx_));
    return std::make_unique<HasherImplEVP>(new_ctx);
  }

 private:
  EVP_MD_CTX *ctx_;
};

class HasherImplKeccak : public Hasher::HasherImpl {
 public:
  explicit HasherImplKeccak(size_t hash_size) : hash_size_(hash_size) {
    CHECK(keccak_init(&state_, hash_size * 2, 24) == 0);
    CHECK(state_ != nullptr);
  }

  ~HasherImplKeccak() override {
    CHECK(keccak_destroy(state_) == 0);
  }

  void append(const unsigned char *data, size_t size) override {
    CHECK(keccak_absorb(state_, data, size) == 0);
  }

  td::BufferSlice finish() override {
    td::BufferSlice hash(hash_size_);
    CHECK(keccak_digest(state_, (unsigned char*)hash.data(), hash_size_, 1) == 0);
    return hash;
  }

  std::unique_ptr<HasherImpl> make_copy() const override {
    auto copy = std::make_unique<HasherImplKeccak>(hash_size_);
    CHECK(keccak_copy(state_, copy->state_) == 0);
    return copy;
  }

 private:
  size_t hash_size_;
  keccak_state *state_ = nullptr;
};

Hasher::Hasher(int hash_id) : id_(hash_id) {
  if (hash_id == KECCAK256 || hash_id == KECCAK512) {
    impl_ = std::make_unique<HasherImplKeccak>(hash_id == KECCAK256 ? 32 : 64);
    return;
  }

  EVP_MD_CTX *ctx = EVP_MD_CTX_new();
  CHECK(ctx != nullptr);
  const EVP_MD *evp;
  switch (hash_id) {
    case SHA256: evp = EVP_sha256(); break;
    case SHA512: evp = EVP_sha512(); break;
    case BLAKE2B: evp = EVP_blake2b512(); break;
    default:
      throw VmError{Excno::range_chk, "invalid hash id"};
  }
  CHECK(evp != nullptr && EVP_DigestInit_ex(ctx, evp, nullptr));
  impl_ = std::make_unique<HasherImplEVP>(ctx);
}

void Hasher::append(td::ConstBitPtr data, unsigned size) {
  if (!impl_) {
    throw VmError{Excno::unknown, "can't use finished hasher"};
  }
  while (size > 0) {
    unsigned cur_size = std::min(size, BUF_SIZE * 8 - buf_ptr_);
    td::BitPtr{buf_, (int)buf_ptr_}.copy_from(data, cur_size);
    buf_ptr_ += cur_size;
    if (buf_ptr_ == BUF_SIZE * 8) {
      impl_->append(buf_, BUF_SIZE);
      buf_ptr_ = 0;
    }
    size -= cur_size;
    data += cur_size;
  }
}

td::BufferSlice Hasher::finish() {
  if (!impl_) {
    throw VmError{Excno::unknown, "can't use finished hasher"};
  }
  if (buf_ptr_ % 8 != 0) {
    throw VmError{Excno::cell_und, "data does not consist of an integer number of bytes"};
  }
  impl_->append(buf_, buf_ptr_ / 8);
  td::BufferSlice hash = impl_->finish();
  impl_ = nullptr;
  return hash;
}

static const size_t BYTES_PER_GAS_UNIT[5] = {33, 16, 19, 11, 6};

size_t Hasher::bytes_per_gas_unit() const {
  return BYTES_PER_GAS_UNIT[id_];
}

}
TVM Upgrade (#686) * New TVM instructions * Remove PREVBLOCKS * Separate target ton_crypto into TVM-related and -unrelared code * Add fine for failed "send message"; rework SENDMSG * Fix include * Fix bugs, improve action fines * Disable fines for special accounts * Handle msg_balance_remaining.grams == null in transaction.cpp * Bugfixes in SENDMSG * Fix fee calculation in SENDMSG * Fix CellStorageStat and transaction.cpp after merge * SETBOUNCEONACTIONPHASEFAIL instruction * ADDDIVMOD instructions * RUNVM, RUNVMX instructions * Changes in RUNVM * Tests for adddiv and runvm * HASHEXT instruction * Improve opcode-timing More iterations Don't measure preliminary run Remove logs and other excessive operations Add "error" to output * Increase RUNVM gas price * Optimize HASHEXT, adjust gas price * Add "bounce of action fail" flag to actions * Stack operations with unlimited arguments * Ristretto255 instructions * Adjust gas consumption * Optional fixed number of return values in RUNVM, fix exception handling * Adjust gas consumption * Simplify gas consumption logic * Support of secp256k1 and sodium libraries in builds (#11) * add support of secp256k1 library to the builds (linux, win) * add support of secp256k1 library to the builds (linux, win) * install secp256k1 via brew * install libsodium via brew; change sodium to upper case in FindSodium.cmake * install libsodium via brew; change sodium to upper case in FindSodium.cmake * simplify FindSodium.cmake * bug fixing * bug fixing * bug fixing * add macro SODIUM_STATIC * adjust build command for windows * put back original FindSodium.cmake * put back original FindSodium.cmake * fix sodium unzipped path for windows; add ninja * fix sodium unzipped path for windows; add ninja * fix sodium unzipped path for windows; add ninja * Win32 github build for secp256k1 * x64 architecture github build for secp256k1 * fix sodium linking on linux * enable docker buildx arm64 builds from forked repos * enable docker buildx arm64 builds from forked repos * enable docker buildx arm64 builds from forked repos * adjust mac builds for secp2561k and sodium * fix tonlib jni generation * minor fix * sync fixes across platforms * add libsodium build script for android and precompiled static libraries * build tonlib for android (fails) * FindSodium uppercase * remove system libsodium for android, use precompiled instead; specify SECP256K1_INCLUDE_DIR fir mac 12.6 * uppercase sodium * simplify FindSodium * fix windows build sodium path; use ninja for windows * simplify sodium 2 * adjust windows sodium paths; add paths to android jni * add ninja build windows * add ninja build windows * add ninja build windows 2 * remove win ninja * fix 1 * fix 2 * fix win 3 * fix linux compile 3 * fix jni 1 * fix jni 2 and mac * fix jni 3 * fix jni 4 * fix jni 5 * fix mac 6 * fix mac 7 and jni paths * fix jni 8 * rework sodium for android * rework sodium for android * rework sodium for android 2 * fixed sodium for android 2 * fixed sodium for android 3 * static secp256k1 for android * add precompiled arm secp256k1 * add precompiled arm secp256k1 * build native-lib with secp256k1 x86-64 (non arm) * update precompiled with NDK libsecp256k1.a * update precompiled with NDK libsecp256k1.a * update precompiled with NDK libsecp256k1.a * refactor llvm-strip location * refactor llvm-strip location * add native-lib.so for armv7a, armv8a * add native-lib.so for armv7a, armv8a * test armv7a, armv8a * armv7a - fails linking on sodium, test -> armv8a * works x86-64, armv7a - fails linking on sodium, armv8a - fails linking secp256k1 (incompatible with aarch64linux) * update libpsec256k1, sodium static libs * test x86 android native-lib * test armv7 android native-lib * test armv8 android native-lib * x86_64 and arm64 android native-lib works * x86_64 and arm64 android native-lib works * x86_64 and arm64 android native-lib works * test armv7 android native-lib * test all android native-libs * test all android native-libs * test all android native-libs * test all android native-libs - without SodiumAndroid * test all android native-libs - with FindSodiumAndroid.cmake * win, with Sodium via SODIUM_DIR * win, with Sodium via SODIUM_DIR env * win, with Sodium via SODIUM_DIR env * win, with Sodium via SODIUM_DIR env and SODIUM_USE_STATIC_LIBS * win, with Sodium via SODIUM_DIR, SODIUM_USE_STATIC_LIBS and SODIUM_INCLUDE_DIR * android, with FindSodium * android, with FindSodium with SODIUM_USE_STATIC_LIBS * remove if not apple * target_link_libraries(ton_crypto_core PUBLIC secp256k1) * android SECP256K1_INCLUDE_DIRS * android SECP256K1_INCLUDE_DIR * add libsecp256k1.a/so pre-compiled with ubuntu 22 x86-64 * add libsecp256k1.a/so pre-compiled with ubuntu 22 x86-64 * sodium dirs * sodium dirs * sodium dirs * remove NOT APPLE and SodiumAndroid * add NOT APPLE and remove SodiumAndroid * add NOT APPLE and remove SodiumAndroid * remove build scripts for 18.04, reduce CMakeLists.txt * remove build scripts for 18.04, reduce CMakeLists.txt * Fix cas consumption during library load * Fix fetch_config_params after merge * Add all ADDDIVMOD ops to Asm.fif * Save unpaid storage fee to due_payment * Add "set prev blocks info" to emulator * Adjusted builds (#13) * Update flake.nix Add libsodium * add libsecp256k1-dev and libsodium-dev into wasm build * make back emulator a shared library; put emulator to artifacts; compile wasm artifacts with sodium and secp256k1. * add secp256k1 to nix * compile emulator statically with nix * compile emulator statically with nix * compile emulator lib statically with nix * compile emulator lib statically with nix * add libemulator to artifacts * add shared libemulator library to artifacts * minor release fix * update set-output commands; add recent_changelog.md * releases fixes * releases fixes, multiline * releases fixes, multiline * releases fixes, multiline * put back multiline changelog * put back multiline changelog * ConfigParam 19 (global-id) and GLOBALID instruction * Fix gas consumption in HASHEXT * Add blst library * Add bls instructions * Allow passing long code to opcode-timing * Add bls testcase * More BLS instructions * Fix tests, add bls tests * Add more bls tests * Improve some bls operations * Adjust some BLS gas prices * Adjust BLS gas prices * Enable __BLST_PORTABLE__ flag only if PORTABLE flag is set * Add tests for BLS_PAIRING * GASCONSUMED instruction * Fix compilation against docker with blst library; (#14) * fix compilation against docker with blst library; add precompiled libblst.a to android builds * minor fix * Adjust BLKSWX gas * Fix comparison with NAN * Allow arbitrary integers for scalars in ristretto multiplication, fix test * Adjust nix builds according to PR 694 (#15) * integrate and test PR-694 * integrate and test PR-694, test 2 * Add P256_CHKSIGN (secp256r1) --------- Co-authored-by: SpyCheese <mikle98@yandex.ru> Co-authored-by: neodiX42 <namlem@gmail.com> 2023-05-24 18:14:13 +00:00			`/*`
			`This file is part of TON Blockchain Library.`

			`TON Blockchain Library is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU Lesser General Public License as published by`
			`the Free Software Foundation, either version 2 of the License, or`
			`(at your option) any later version.`

			`TON Blockchain Library is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU Lesser General Public License for more details.`

			`You should have received a copy of the GNU Lesser General Public License`
			`along with TON Blockchain Library. If not, see <http://www.gnu.org/licenses/>.`
			`*/`
			`#include "vm/Hasher.h"`
			`#include "vm/excno.hpp"`
			`#include "vm/vm.h"`
			`#include <iostream>`
			`#include <openssl/evp.h>`
			`#include "keccak/keccak.h"`

			`namespace vm {`

			`using td::Ref;`

			`class HasherImplEVP : public Hasher::HasherImpl {`
			`public:`
			`explicit HasherImplEVP(EVP_MD_CTX* ctx) : ctx_(ctx) {`
			`}`

			`~HasherImplEVP() override {`
			`EVP_MD_CTX_free(ctx_);`
			`}`

			`void append(const unsigned char *data, size_t size) override {`
			`CHECK(EVP_DigestUpdate(ctx_, data, size));`
			`}`

			`td::BufferSlice finish() override {`
			`td::BufferSlice hash(EVP_MD_CTX_size(ctx_));`
			`unsigned size;`
			`CHECK(EVP_DigestFinal_ex(ctx_, (unsigned char *)hash.data(), &size) \|\| size != hash.size());`
			`return hash;`
			`}`

			`std::unique_ptr<HasherImpl> make_copy() const override {`
			`EVP_MD_CTX *new_ctx = nullptr;`
			`new_ctx = EVP_MD_CTX_new();`
			`CHECK(new_ctx != nullptr);`
			`CHECK(EVP_MD_CTX_copy_ex(new_ctx, ctx_));`
			`return std::make_unique<HasherImplEVP>(new_ctx);`
			`}`

			`private:`
			`EVP_MD_CTX *ctx_;`
			`};`

			`class HasherImplKeccak : public Hasher::HasherImpl {`
			`public:`
			`explicit HasherImplKeccak(size_t hash_size) : hash_size_(hash_size) {`
			`CHECK(keccak_init(&state_, hash_size * 2, 24) == 0);`
			`CHECK(state_ != nullptr);`
			`}`

			`~HasherImplKeccak() override {`
			`CHECK(keccak_destroy(state_) == 0);`
			`}`

			`void append(const unsigned char *data, size_t size) override {`
			`CHECK(keccak_absorb(state_, data, size) == 0);`
			`}`

			`td::BufferSlice finish() override {`
			`td::BufferSlice hash(hash_size_);`
			`CHECK(keccak_digest(state_, (unsigned char*)hash.data(), hash_size_, 1) == 0);`
			`return hash;`
			`}`

			`std::unique_ptr<HasherImpl> make_copy() const override {`
			`auto copy = std::make_unique<HasherImplKeccak>(hash_size_);`
			`CHECK(keccak_copy(state_, copy->state_) == 0);`
			`return copy;`
			`}`

			`private:`
			`size_t hash_size_;`
			`keccak_state *state_ = nullptr;`
			`};`

			`Hasher::Hasher(int hash_id) : id_(hash_id) {`
			`if (hash_id == KECCAK256 \|\| hash_id == KECCAK512) {`
			`impl_ = std::make_unique<HasherImplKeccak>(hash_id == KECCAK256 ? 32 : 64);`
			`return;`
			`}`

			`EVP_MD_CTX *ctx = EVP_MD_CTX_new();`
			`CHECK(ctx != nullptr);`
			`const EVP_MD *evp;`
			`switch (hash_id) {`
			`case SHA256: evp = EVP_sha256(); break;`
			`case SHA512: evp = EVP_sha512(); break;`
			`case BLAKE2B: evp = EVP_blake2b512(); break;`
			`default:`
			`throw VmError{Excno::range_chk, "invalid hash id"};`
			`}`
			`CHECK(evp != nullptr && EVP_DigestInit_ex(ctx, evp, nullptr));`
			`impl_ = std::make_unique<HasherImplEVP>(ctx);`
			`}`

			`void Hasher::append(td::ConstBitPtr data, unsigned size) {`
			`if (!impl_) {`
			`throw VmError{Excno::unknown, "can't use finished hasher"};`
			`}`
			`while (size > 0) {`
			`unsigned cur_size = std::min(size, BUF_SIZE * 8 - buf_ptr_);`
			`td::BitPtr{buf_, (int)buf_ptr_}.copy_from(data, cur_size);`
			`buf_ptr_ += cur_size;`
			`if (buf_ptr_ == BUF_SIZE * 8) {`
			`impl_->append(buf_, BUF_SIZE);`
			`buf_ptr_ = 0;`
			`}`
			`size -= cur_size;`
			`data += cur_size;`
			`}`
			`}`

			`td::BufferSlice Hasher::finish() {`
			`if (!impl_) {`
			`throw VmError{Excno::unknown, "can't use finished hasher"};`
			`}`
			`if (buf_ptr_ % 8 != 0) {`
			`throw VmError{Excno::cell_und, "data does not consist of an integer number of bytes"};`
			`}`
			`impl_->append(buf_, buf_ptr_ / 8);`
			`td::BufferSlice hash = impl_->finish();`
			`impl_ = nullptr;`
			`return hash;`
			`}`

			`static const size_t BYTES_PER_GAS_UNIT[5] = {33, 16, 19, 11, 6};`

			`size_t Hasher::bytes_per_gas_unit() const {`
			`return BYTES_PER_GAS_UNIT[id_];`
			`}`

			`}`