implement Router.sol and associated functions (#92)

* start Router contract * use calldata for function args * var name changes * start testing router contract * test with and without abi.encode * cleanup * why tf isn't tests/utils working * cleanup tests * remove unused files * wip * fix router contract and tests, add set/update public keys funcs * impl some Froms * make execute non-reentrant * cleanup * update Router to use ReentrancyGuard * update contract to use errors, use bitfield in Executed event, minor other fixes * wip * fix build issues from merge, tests ok * Router.sol cleanup * cleanup, uncomment stuff * bump ethers.rs version to latest * make contract functions take generic middleware * update build script to assert no compiler errors * hardcode pubkey parity into contract, update tests * Polish coins/ethereum in various ways --------- Co-authored-by: Luke Parker <lukeparker5132@gmail.com>
2025-12-10 13:09:24 +00:00 · 2024-03-24 09:00:54 -04:00
parent 3d855c75be
commit 63521f6a96
20 changed files with 690 additions and 348 deletions
--- a/coins/ethereum/src/crypto.rs
+++ b/coins/ethereum/src/crypto.rs
@@ -1,50 +1,54 @@
 use sha3::{Digest, Keccak256};

-use group::Group;
+use group::ff::PrimeField;
 use k256::{
  elliptic_curve::{
-    bigint::ArrayEncoding, ops::Reduce, point::DecompressPoint, sec1::ToEncodedPoint,
+    bigint::ArrayEncoding, ops::Reduce, point::AffineCoordinates, sec1::ToEncodedPoint,
  },
-  AffinePoint, ProjectivePoint, Scalar, U256,
+  ProjectivePoint, Scalar, U256,
 };

-use frost::{algorithm::Hram, curve::Secp256k1};
+use frost::{
+  algorithm::{Hram, SchnorrSignature},
+  curve::Secp256k1,
+};

-pub fn keccak256(data: &[u8]) -> [u8; 32] {
+pub(crate) fn keccak256(data: &[u8]) -> [u8; 32] {
  Keccak256::digest(data).into()
 }

-pub fn hash_to_scalar(data: &[u8]) -> Scalar {
-  Scalar::reduce(U256::from_be_slice(&keccak256(data)))
-}
-
-pub fn address(point: &ProjectivePoint) -> [u8; 20] {
+pub(crate) fn address(point: &ProjectivePoint) -> [u8; 20] {
  let encoded_point = point.to_encoded_point(false);
-  keccak256(&encoded_point.as_ref()[1 .. 65])[12 .. 32].try_into().unwrap()
+  // Last 20 bytes of the hash of the concatenated x and y coordinates
+  // We obtain the concatenated x and y coordinates via the uncompressed encoding of the point
+  keccak256(&encoded_point.as_ref()[1 .. 65])[12 ..].try_into().unwrap()
 }

-pub fn ecrecover(message: Scalar, v: u8, r: Scalar, s: Scalar) -> Option<[u8; 20]> {
-  if r.is_zero().into() || s.is_zero().into() {
-    return None;
-  }
+#[allow(non_snake_case)]
+pub struct PublicKey {
+  pub A: ProjectivePoint,
+  pub px: Scalar,
+  pub parity: u8,
+}

+impl PublicKey {
  #[allow(non_snake_case)]
-  let R = AffinePoint::decompress(&r.to_bytes(), v.into());
-  #[allow(non_snake_case)]
-  if let Some(R) = Option::<AffinePoint>::from(R) {
-    #[allow(non_snake_case)]
-    let R = ProjectivePoint::from(R);
-
-    let r = r.invert().unwrap();
-    let u1 = ProjectivePoint::GENERATOR * (-message * r);
-    let u2 = R * (s * r);
-    let key: ProjectivePoint = u1 + u2;
-    if !bool::from(key.is_identity()) {
-      return Some(address(&key));
+  pub fn new(A: ProjectivePoint) -> Option<PublicKey> {
+    let affine = A.to_affine();
+    let parity = u8::from(bool::from(affine.y_is_odd())) + 27;
+    if parity != 27 {
+      None?;
    }
-  }

-  None
+    let x_coord = affine.x();
+    let x_coord_scalar = <Scalar as Reduce<U256>>::reduce_bytes(&x_coord);
+    // Return None if a reduction would occur
+    if x_coord_scalar.to_repr() != x_coord {
+      None?;
+    }
+
+    Some(PublicKey { A, px: x_coord_scalar, parity })
+  }
 }

 #[derive(Clone, Default)]
@@ -55,53 +59,33 @@ impl Hram<Secp256k1> for EthereumHram {
    let a_encoded_point = A.to_encoded_point(true);
    let mut a_encoded = a_encoded_point.as_ref().to_owned();
    a_encoded[0] += 25; // Ethereum uses 27/28 for point parity
+    assert!((a_encoded[0] == 27) || (a_encoded[0] == 28));
    let mut data = address(R).to_vec();
    data.append(&mut a_encoded);
-    data.append(&mut m.to_vec());
+    data.extend(m);
    Scalar::reduce(U256::from_be_slice(&keccak256(&data)))
  }
 }

-pub struct ProcessedSignature {
-  pub s: Scalar,
-  pub px: Scalar,
-  pub parity: u8,
-  pub message: [u8; 32],
-  pub e: Scalar,
+pub struct Signature {
+  pub(crate) c: Scalar,
+  pub(crate) s: Scalar,
 }
-
-#[allow(non_snake_case)]
-pub fn preprocess_signature_for_ecrecover(
-  m: [u8; 32],
-  R: &ProjectivePoint,
-  s: Scalar,
-  A: &ProjectivePoint,
-  chain_id: U256,
-) -> (Scalar, Scalar) {
-  let processed_sig = process_signature_for_contract(m, R, s, A, chain_id);
-  let sr = processed_sig.s.mul(&processed_sig.px).negate();
-  let er = processed_sig.e.mul(&processed_sig.px).negate();
-  (sr, er)
-}
-
-#[allow(non_snake_case)]
-pub fn process_signature_for_contract(
-  m: [u8; 32],
-  R: &ProjectivePoint,
-  s: Scalar,
-  A: &ProjectivePoint,
-  chain_id: U256,
-) -> ProcessedSignature {
-  let encoded_pk = A.to_encoded_point(true);
-  let px = &encoded_pk.as_ref()[1 .. 33];
-  let px_scalar = Scalar::reduce(U256::from_be_slice(px));
-  let e = EthereumHram::hram(R, A, &[chain_id.to_be_byte_array().as_slice(), &m].concat());
-  ProcessedSignature {
-    s,
-    px: px_scalar,
-    parity: &encoded_pk.as_ref()[0] - 2,
-    #[allow(non_snake_case)]
-    message: m,
-    e,
+impl Signature {
+  pub fn new(
+    public_key: &PublicKey,
+    chain_id: U256,
+    m: &[u8],
+    signature: SchnorrSignature<Secp256k1>,
+  ) -> Option<Signature> {
+    let c = EthereumHram::hram(
+      &signature.R,
+      &public_key.A,
+      &[chain_id.to_be_byte_array().as_slice(), &keccak256(m)].concat(),
+    );
+    if !signature.verify(public_key.A, c) {
+      None?;
+    }
+    Some(Signature { c, s: signature.s })
  }
 }