alt_bn128 pairing (#7217)

cmoyes-jump · web-flow · commit 3d57ce3b0885 · 2025-11-13T15:29:09.000-06:00
diff --git a/src/ballet/bn254/fd_bn254.c b/src/ballet/bn254/fd_bn254.c
@@ -222,13 +222,18 @@ fd_bn254_g1_scalar_mul_syscall( uchar       out[64],
 int
 fd_bn254_pairing_is_one_syscall( uchar       out[32],
                                  uchar const in[],
-                                 ulong       in_sz ) {
+                                 ulong       in_sz,
+                                 int         check_len ) {
   /* https://github.com/anza-xyz/agave/blob/v1.18.6/sdk/program/src/alt_bn128/mod.rs#L244
-     Note: this check doesn't do anything because
-     192usize.checked_rem(192) = Some(0)
-     i.e., this is NOT checking that in_sz % 192 == 0.
-     i.e., this is NOT needed:
-     if( FD_UNLIKELY( (in_sz%192UL)!=0 ) ) return -1; */
+     Note: Solana had a bug where it checked if input.len().checked_rem(192).is_none(),
+     which only fails when dividing by zero, so the check never triggered.
+     When check_len is true, we properly validate that input size is a multiple of 192.
+     This corresponds to the fix_alt_bn128_pairing_length_check feature gate. */
+  if( check_len ) {
+    if( FD_UNLIKELY( (in_sz % 192UL) != 0 ) ) {
+      return -1; /* Invalid input length */
+    }
+  }
   ulong elements_len = in_sz / 192UL;
   fd_bn254_g1_t p[FD_BN254_PAIRING_BATCH_MAX];
   fd_bn254_g2_t q[FD_BN254_PAIRING_BATCH_MAX];
diff --git a/src/ballet/bn254/fd_bn254.h b/src/ballet/bn254/fd_bn254.h
@@ -25,7 +25,8 @@ fd_bn254_g1_scalar_mul_syscall( uchar       out[64],
 int
 fd_bn254_pairing_is_one_syscall( uchar       out[32],
                                  uchar const in[],
-                                 ulong       in_sz );
+                                 ulong       in_sz,
+                                 int         check_len );
 
 /* fd_bn254_g1_compress compresses a point in G1.
    Input in is a 64-byte big endian buffer representing the point (x, y),
diff --git a/src/ballet/bn254/test_bn254.c b/src/ballet/bn254/test_bn254.c
@@ -339,7 +339,7 @@ int main( int     argc,
         FD_LOG_HEXDUMP_WARNING(( "exp", &in[64], 128 ));
         FD_LOG_ERR(( "FAIL: test g2 %lu, %s", i, "res != exp" ));
       }
-      FD_TEST( fd_bn254_pairing_is_one_syscall( res, in, in_sz )==0 );
+      FD_TEST( fd_bn254_pairing_is_one_syscall( res, in, in_sz, 0 /* no length check */ )==0 );
 
       fd_hex_decode( exp, tests[2*i+1], 32 );
       if( !fd_memeq( res, exp, 32 ) ) {
@@ -389,7 +389,7 @@ int main( int     argc,
       ulong iter = 100UL;
       long dt = fd_log_wallclock();
       for( ulong rem=iter; rem; rem-- ) {
-        fd_bn254_pairing_is_one_syscall( res, in, in_sz );
+        fd_bn254_pairing_is_one_syscall( res, in, in_sz, 0 /* no length check */ );
       }
       dt = fd_log_wallclock() - dt;
       log_bench( "fd_bn254_pairing_is_one_syscall", iter, dt );
diff --git a/src/flamenco/features/fd_features_generated.c b/src/flamenco/features/fd_features_generated.c
@@ -1679,6 +1679,13 @@ fd_feature_id_t const ids[] = {
     .name                      = "account_data_direct_mapping",
     .cleaned_up                = {UINT_MAX, UINT_MAX, UINT_MAX} },
 
+  { .index                     = offsetof(fd_features_t, fix_alt_bn128_pairing_length_check)>>3,
+    .id                        = {"\x08\xe9\x40\xc0\xc3\x42\x8a\xf0\xbd\x9d\x09\x80\xa6\xce\x78\xcb\x1c\xc6\x57\x4e\x44\xfe\xf5\x52\xe7\x0c\x40\x70\xe9\x51\xec\x74"},
+                                 /* bnYzodLwmybj7e1HAe98yZrdJTd7we69eMMLgCXqKZm */
+    .name                      = "fix_alt_bn128_pairing_length_check",
+    .cleaned_up                = {UINT_MAX, UINT_MAX, UINT_MAX},
+    .hardcode_for_fuzzing = 1 },
+
   { .index = ULONG_MAX }
 };
 /* TODO replace this with fd_map_perfect */
@@ -1930,6 +1937,7 @@ fd_feature_id_query( ulong prefix ) {
   case 0x5c64cc1a9be3790a: return &ids[ 242 ];
   case 0x90a88c0cfe8bb1b1: return &ids[ 243 ];
   case 0xe8604b2d7d45af83: return &ids[ 244 ];
+  case 0xf08a42c3c040e908: return &ids[ 245 ];
   default: break;
   }
   return NULL;
@@ -2180,4 +2188,5 @@ FD_STATIC_ASSERT( offsetof( fd_features_t, enshrine_slashing_program
 FD_STATIC_ASSERT( offsetof( fd_features_t, raise_account_cu_limit                                  )>>3==242UL, layout );
 FD_STATIC_ASSERT( offsetof( fd_features_t, stricter_abi_and_runtime_constraints                    )>>3==243UL, layout );
 FD_STATIC_ASSERT( offsetof( fd_features_t, account_data_direct_mapping                             )>>3==244UL, layout );
+FD_STATIC_ASSERT( offsetof( fd_features_t, fix_alt_bn128_pairing_length_check                      )>>3==245UL, layout );
 FD_STATIC_ASSERT( sizeof( fd_features_t )>>3==FD_FEATURE_ID_CNT, layout );
diff --git a/src/flamenco/features/fd_features_generated.h b/src/flamenco/features/fd_features_generated.h
@@ -8,10 +8,10 @@
 #endif
 
 /* FEATURE_ID_CNT is the number of features in ids */
-#define FD_FEATURE_ID_CNT (245UL)
+#define FD_FEATURE_ID_CNT (246UL)
 
 /* Feature set ID calculated from all feature names */
-#define FD_FEATURE_SET_ID (2404396587U)
+#define FD_FEATURE_SET_ID (2363000211U)
 
 union fd_features {
   ulong f[ FD_FEATURE_ID_CNT ];
@@ -261,5 +261,6 @@ union fd_features {
     /* 0x5c64cc1a9be3790a */ ulong raise_account_cu_limit;
     /* 0x90a88c0cfe8bb1b1 */ ulong stricter_abi_and_runtime_constraints;
     /* 0xe8604b2d7d45af83 */ ulong account_data_direct_mapping;
+    /* 0xf08a42c3c040e908 */ ulong fix_alt_bn128_pairing_length_check;
   };
 };
diff --git a/src/flamenco/features/feature_map.json b/src/flamenco/features/feature_map.json
@@ -243,5 +243,6 @@
   {"name":"enshrine_slashing_program","pubkey":"sProgVaNWkYdP2eTRAy1CPrgb3b9p8yXCASrPEqo6VJ"},
   {"name":"raise_account_cu_limit","pubkey":"htsptAwi2yRoZH83SKaUXykeZGtZHgxkS2QwW1pssR8"},
   {"name":"stricter_abi_and_runtime_constraints","pubkey":"CxeBn9PVeeXbmjbNwLv6U4C6svNxnC4JX6mfkvgeMocM"},
-  {"name":"account_data_direct_mapping","pubkey":"9s3RKimHWS44rJcJ9P1rwCmn2TvMqtZQBmz815ZUUHqJ"}
+  {"name":"account_data_direct_mapping","pubkey":"9s3RKimHWS44rJcJ9P1rwCmn2TvMqtZQBmz815ZUUHqJ"},
+  {"name":"fix_alt_bn128_pairing_length_check","pubkey":"bnYzodLwmybj7e1HAe98yZrdJTd7we69eMMLgCXqKZm","hardcode_for_fuzzing":1}
 ]
diff --git a/src/flamenco/vm/syscall/fd_vm_syscall_crypto.c b/src/flamenco/vm/syscall/fd_vm_syscall_crypto.c
@@ -88,8 +88,10 @@ fd_vm_syscall_sol_alt_bn128_group_op( void *  _vm,
     break;
 
   case FD_VM_SYSCALL_SOL_ALT_BN128_PAIRING:
-    /* Compute pairing */
-    if( FD_LIKELY( fd_bn254_pairing_is_one_syscall( call_result, input, input_sz )==0 ) ) {
+    /* Compute pairing with length check based on feature gate.
+       https://github.com/anza-xyz/solana-sdk/blob/bn254%40v3.1.2/bn254/src/pairing.rs#L76-L82 */
+    if( FD_LIKELY( fd_bn254_pairing_is_one_syscall( call_result, input, input_sz,
+                                                    FD_FEATURE_ACTIVE_BANK( vm->instr_ctx->txn_ctx->bank, fix_alt_bn128_pairing_length_check ) )==0 ) ) {
       ret = 0UL; /* success */
     }
     break;

Original file line number	Diff line number	Diff line change
`@@ -243,5 +243,6 @@`
`243`	`243`	`{"name":"enshrine_slashing_program","pubkey":"sProgVaNWkYdP2eTRAy1CPrgb3b9p8yXCASrPEqo6VJ"},`
`244`	`244`	`{"name":"raise_account_cu_limit","pubkey":"htsptAwi2yRoZH83SKaUXykeZGtZHgxkS2QwW1pssR8"},`
`245`	`245`	`{"name":"stricter_abi_and_runtime_constraints","pubkey":"CxeBn9PVeeXbmjbNwLv6U4C6svNxnC4JX6mfkvgeMocM"},`
`246`		`- {"name":"account_data_direct_mapping","pubkey":"9s3RKimHWS44rJcJ9P1rwCmn2TvMqtZQBmz815ZUUHqJ"}`
	`246`	`+ {"name":"account_data_direct_mapping","pubkey":"9s3RKimHWS44rJcJ9P1rwCmn2TvMqtZQBmz815ZUUHqJ"},`
	`247`	`+ {"name":"fix_alt_bn128_pairing_length_check","pubkey":"bnYzodLwmybj7e1HAe98yZrdJTd7we69eMMLgCXqKZm","hardcode_for_fuzzing":1}`
`247`	`248`	`]`