More tests

2026-01-08 00:33:06 +00:00 · 2022-07-14 15:26:07 +02:00 · 2022-07-14 15:26:07 +02:00 · 7ee884b84d
commit 7ee884b84d
parent 33a5934255
4 changed files with 111 additions and 47 deletions
--- a/evm/src/cpu/kernel/asm/basic_macros.asm
+++ b/evm/src/cpu/kernel/asm/basic_macros.asm
@ -23,6 +23,11 @@
    %pop2
 %endmacro

+%macro pop5
+    %pop2
+    %pop3
+%endmacro
+
 // If pred is zero, yields z; otherwise, yields nz
 %macro select
    // stack: pred, nz, z
--- a/evm/src/cpu/kernel/asm/ecrecover.asm
+++ b/evm/src/cpu/kernel/asm/ecrecover.asm
@ -3,9 +3,21 @@ global ecrecover:
    // stack: hash, v, r, s, retdest
    %ecrecover_input_check
    // stack: isValid(v,r,s), hash, v, r, s, retdest
+    SWAP2
+    // stack: v, hash, isValid(v,r,s), r, s, retdest
+    DUP4
+    // stack: r, v, hash, isValid(v,r,s), r, s, retdest
+    %secp_lift_x
+    // stack: sqrtOk, x, y, hash, isValid(v,r,s), r, s, retdest
+    SWAP1
+    // stack: x, sqrtOk, y, hash, isValid(v,r,s), r, s, retdest
+    SWAP4
+    // stack: isValid(v,r,s), sqrtOk, y, hash, x, r, s, retdest
+    AND
+    // stack: isValid(v,r,s) & sqrtOk, y, hash, x, r, s, retdest
    %jumpi(ecrecover_valid_input)
-    // stack: hash, v, r, s, retdest
-    %pop4
+    // stack: y, hash, x, r, s, retdest
+    %pop5
    // stack: retdest
    %ecrecover_invalid_input

@ -17,12 +29,10 @@ global ecrecover:
 // return u1*P + u2*GENERATOR;
 ecrecover_valid_input:
    JUMPDEST
-    // stack: hash, v, r, s, retdest
+    // stack: y, hash, x, r, s, retdest
    SWAP1
-    // stack:  v, hash, r, s, retdest
-    DUP3
-    // stack:  r, v, hash, r, s, retdest
-    %secp_lift_x
+    // stack: hash, y, x, r, s, retdest
+    SWAP2
    // stack: x, y, hash, r, s, retdest
    SWAP3
    // stack: r, y, hash, x, s, retdest
--- a/evm/src/cpu/kernel/asm/secp256k1/lift_x.asm
+++ b/evm/src/cpu/kernel/asm/secp256k1/lift_x.asm
@ -8,36 +8,48 @@
    // stack: 7, x^3, x, v
    %addmodn_secp
    // stack: x^3+7, x, v
-    %sqrt_secp
-    // stack: y, x, v
    DUP1
-    // stack: y, y, x, v
-    PUSH 1
-    // stack: 1, y, y, x, v
-    AND
-    // stack: 1 & y, y, x, v
-    PUSH 27
-    // stack: 27, 1 & y, y, x, v
-    DUP5
-    // stack: v, 27, 1 & y, y, x, v
-    SUB
-    // stack: v - 27, 1 & y, y, x, v
-    EQ
-    // stack: correctParity, y, x, v
-    DUP2
-    // stack: y, correctParity, y, x, v
-    %secp_base
-    // stack: N, y, correctParity, y, x, v
-    SUB
-    // stack: N - y, correctParity, y, x, v
+    // stack: x^3+7, x^3+7, x, v
+    %sqrt_secp
+    // stack: y, x^3+7, x, v
    SWAP1
-    // stack: correctParity, N - y, y, x, v
-    %select_bool
-    // stack: goody, x, v
+    // stack: x^3+7, y, x, v
+    DUP2
+    // stack: y, x^3+7, y, x, v
+    %squaremodn_secp
+    // stack: y^2, x^3+7, y, x, v
+    EQ
+    // stack: sqrtOk, y, x, v
+    SWAP3
+    // stack: v, y, x, sqrtOk
+    DUP2
+    // stack: y, v, y, x, sqrtOk
+    PUSH 1
+    // stack: 1, y, v, y, x, sqrtOk
+    AND
+    // stack: 1 & y, v, y, x, sqrtOk
+    PUSH 27
+    // stack: 27, 1 & y, v, y, x, sqrtOk
+    SWAP1
+    // stack: 1 & y, 27, v, y, x, sqrtOk
    SWAP2
-    // stack: v, x, goody
-    POP
-    // stack: x, goody
+    // stack: v, 27, 1 & y, y, x, sqrtOk
+    SUB
+    // stack: v - 27, 1 & y, y, x, sqrtOk
+    EQ
+    // stack: correctParity, y, x, sqrtOk
+    DUP2
+    // stack: y, correctParity, y, x, sqrtOk
+    %secp_base
+    // stack: N, y, correctParity, y, x, sqrtOk
+    SUB
+    // stack: N - y, correctParity, y, x, sqrtOk
+    SWAP1
+    // stack: correctParity, N - y, y, x, sqrtOk
+    %select_bool
+    // stack: goody, x, sqrtOk
+    SWAP2
+    // stack: sqrtOk, x, goody
 %endmacro

 %macro cubemodn_secp
--- a/evm/src/cpu/kernel/tests/ecrecover.rs
+++ b/evm/src/cpu/kernel/tests/ecrecover.rs
@ -1,6 +1,5 @@
-use anyhow::{ensure, Result};
+use anyhow::Result;
 use ethereum_types::U256;
-use hex_literal::hex;
 use keccak_hash::keccak;

 use crate::cpu::kernel::aggregator::combined_kernel;
@ -28,7 +27,16 @@ fn test_valid_ecrecover(
    let initial_stack = u256ify([s, r, v, hash])?;
    let stack = run(&kernel.code, ecrecover, initial_stack);
    let got = pubkey_to_addr(stack[1], stack[0]);
-    assert_eq!(got, hex::decode(expected).unwrap());
+    assert_eq!(got, hex::decode(&expected[2..]).unwrap());
+
+    Ok(())
+}
+
+fn test_invalid_ecrecover(hash: &str, v: &str, r: &str, s: &str, kernel: &Kernel) -> Result<()> {
+    let ecrecover = kernel.global_labels["ecrecover"];
+    let initial_stack = u256ify(["0xdeadbeef", s, r, v, hash])?;
+    let stack = run(&kernel.code, ecrecover, initial_stack);
+    assert_eq!(stack, vec![U256::MAX]);

    Ok(())
 }
@ -42,7 +50,7 @@ fn test_ecrecover() -> Result<()> {
        "0x1b",
        "0xd667c5a20fa899b253924099e10ae92998626718585b8171eb98de468bbebc",
        "0x58351f48ce34bf134ee611fb5bf255a5733f0029561d345a7d46bfa344b60ac0",
-        "67f3c0Da351384838d7F7641AB0fCAcF853E1844",
+        "0x67f3c0Da351384838d7F7641AB0fCAcF853E1844",
        &kernel,
    )?;
    test_valid_ecrecover(
@ -50,17 +58,46 @@ fn test_ecrecover() -> Result<()> {
        "0x1c",
        "0xd667c5a20fa899b253924099e10ae92998626718585b8171eb98de468bbebc",
        "0x58351f48ce34bf134ee611fb5bf255a5733f0029561d345a7d46bfa344b60ac0",
-        "aA58436DeABb64982a386B2De1A8015AA28fCCc0",
+        "0xaA58436DeABb64982a386B2De1A8015AA28fCCc0",
+        &kernel,
+    )?;
+    test_valid_ecrecover(
+        "0x0",
+        "0x1c",
+        "0x1",
+        "0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140",
+        "0x3344c6f6eeCA588be132142DB0a32C71ABFAAe7B",
+        &kernel,
+    )?;
+
+    test_invalid_ecrecover(
+        "0x0",
+        "0x42", // v not in {27,28}
+        "0x1",
+        "0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140",
+        &kernel,
+    )?;
+    test_invalid_ecrecover(
+        "0x0",
+        "0x42",
+        "0xd667c5a20fa899b253924099e10ae92998626718585b8171eb98de468bbebc",
+        "0x0", // s=0
+        &kernel,
+    )?;
+    test_invalid_ecrecover(
+        "0x0",
+        "0x42",
+        "0x0", // r=0
+        "0xd667c5a20fa899b253924099e10ae92998626718585b8171eb98de468bbebc",
+        &kernel,
+    )?;
+    test_invalid_ecrecover(
+        "0x0",
+        "0x1c",
+        "0x3a18b21408d275dde53c0ea86f9c1982eca60193db0ce15008fa408d43024847", // r^3 + 7 isn't a square
+        "0x5db9745f44089305b2f2c980276e7025a594828d878e6e36dd2abd34ca6b9e3d",
        &kernel,
    )?;
-    // test_valid_ecrecover(
-    //     "0x0",
-    //     "0x1c",
-    //     "0x3a18b21408d275dde53c0ea86f9c1982eca60193db0ce15008fa408d43024847",
-    //     "0x5db9745f44089305b2f2c980276e7025a594828d878e6e36dd2abd34ca6b9e3d",
-    //     "aA58436DeABb64982a386B2De1A8015AA28fCCc0",
-    //     &kernel,
-    // )?;

    Ok(())
 }