evm: add P-384 precompile

oasisprotocol · Oct 5, 2023 · d9c78ed · d9c78ed
1 parent 7ed1190
commit d9c78ed
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 21 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -31,3 +31,7 @@ exclude = [
     "examples/runtime-sdk/minimal-runtime",
 ]
 resolver = "2"
+
+[profile.bench]
+codgen-units = 1
+lto = "thin"
diff --git a/runtime-sdk/modules/evm/src/precompile/confidential.rs b/runtime-sdk/modules/evm/src/precompile/confidential.rs
@@ -56,6 +56,10 @@ static SIGN_MESSAGE_COST: Lazy<HashMap<SignatureType, (u64, u64)>> = Lazy::new(|
         (SignatureType::Secp256k1_PrehashedKeccak256, (3_000, 0)),
         (SignatureType::Secp256k1_PrehashedSha256, (3_000, 0)),
         (SignatureType::Secp256r1_PrehashedSha256, (9_000, 0)),
+        (
+            SignatureType::Secp384r1_PrehashedSha384,
+            (9_000 * 23 / 5, 0),
+        ),
     ])
 });
 
@@ -69,6 +73,10 @@ static VERIFY_MESSAGE_COST: Lazy<HashMap<SignatureType, (u64, u64)>> = Lazy::new
         (SignatureType::Secp256k1_PrehashedKeccak256, (3_000, 0)),
         (SignatureType::Secp256k1_PrehashedSha256, (3_000, 0)),
         (SignatureType::Secp256r1_PrehashedSha256, (7_900, 0)),
+        (
+            SignatureType::Secp384r1_PrehashedSha384,
+            (7_900 * 24 / 5, 0),
+        ),
     ])
 });
 
@@ -1017,18 +1025,23 @@ mod test {
         context_long: bool,
         message_long: bool,
     ) {
-        let signer = signature::MemorySigner::new_from_seed(
-            signature_type,
-            b"01234567890123456789012345678901",
-        )
-        .unwrap();
+        let seed = b"01234567".repeat(if signature_type.is_secp384r1_variant() {
+            6
+        } else {
+            4
+        });
+        let signer = signature::MemorySigner::new_from_seed(signature_type, &seed).unwrap();
 
         let message = b"0123456789".repeat(if message_long { 200 } else { 1 });
         let (context, message) = if signature_type.is_prehashed() {
-            use sha2::digest::Digest as _;
-            let mut digest = sha2::Sha256::default();
-            <sha2::Sha256 as sha2::digest::Update>::update(&mut digest, &message);
-            (digest.finalize().to_vec(), vec![])
+            (
+                if signature_type.is_secp384r1_variant() {
+                    <sha2::Sha384 as sha2::digest::Digest>::digest(&message).to_vec()
+                } else {
+                    <sha2::Sha256 as sha2::digest::Digest>::digest(&message).to_vec()
+                },
+                vec![],
+            )
         } else {
             (
                 b"0123456789".repeat(if context_long { 200 } else { 1 }),
@@ -1096,6 +1109,11 @@ mod test {
         bench_signer(b, SignatureType::Secp256r1_PrehashedSha256, false, false);
     }
 
+    #[bench]
+    fn bench_sign_secp384r1_prehashed_sha384(b: &mut Bencher) {
+        bench_signer(b, SignatureType::Secp384r1_PrehashedSha384, false, false);
+    }
+
     #[test]
     fn test_verification_params() {
         fn push_all_and_test(
@@ -1203,18 +1221,23 @@ mod test {
         context_long: bool,
         message_long: bool,
     ) {
-        let signer = signature::MemorySigner::new_from_seed(
-            signature_type,
-            b"01234567890123456789012345678901",
-        )
-        .unwrap();
+        let seed = b"01234567".repeat(if signature_type.is_secp384r1_variant() {
+            6
+        } else {
+            4
+        });
+        let signer = signature::MemorySigner::new_from_seed(signature_type, &seed).unwrap();
 
         let message = b"0123456789".repeat(if message_long { 200 } else { 1 });
         let (context, message) = if signature_type.is_prehashed() {
-            use sha2::digest::Digest as _;
-            let mut digest = sha2::Sha256::default();
-            <sha2::Sha256 as sha2::digest::Update>::update(&mut digest, &message);
-            (digest.finalize().to_vec(), vec![])
+            (
+                if signature_type.is_secp384r1_variant() {
+                    <sha2::Sha384 as sha2::digest::Digest>::digest(&message).to_vec()
+                } else {
+                    <sha2::Sha256 as sha2::digest::Digest>::digest(&message).to_vec()
+                },
+                vec![],
+            )
         } else {
             (
                 b"0123456789".repeat(if context_long { 200 } else { 1 }),
@@ -1283,4 +1306,9 @@ mod test {
     fn bench_verify_secp256r1_prehashed_sha256(b: &mut Bencher) {
         bench_verification(b, SignatureType::Secp256r1_PrehashedSha256, false, false);
     }
+
+    #[bench]
+    fn bench_verify_secp384r1_prehashed_sha384(b: &mut Bencher) {
+        bench_verification(b, SignatureType::Secp384r1_PrehashedSha384, false, false);
+    }
 }
diff --git a/runtime-sdk/src/crypto/signature/secp384r1.rs b/runtime-sdk/src/crypto/signature/secp384r1.rs
@@ -22,9 +22,6 @@ impl PublicKey {
 
     /// Construct a public key from a slice of bytes.
     pub fn from_bytes(bytes: &[u8]) -> Result<Self, Error> {
-        if bytes.len() != 33 {
-            return Err(Error::MalformedPublicKey);
-        }
         let ep = p384::EncodedPoint::from_bytes(bytes).map_err(|_| Error::MalformedPublicKey)?;
         if !ep.is_compressed() {
             // This should never happen due to the size check above.