feat: Cherry pick (0.56): HIP-632 isAuthorized system contract method implementation (#16443)

Signed-off-by: David S Bakin <[email protected]>

Author: david-bakin-sl

hedera-node/hedera-config/src/main/java/com/hedera/node/config/data/ContractsConfig.java

@@ -81,6 +81,12 @@ public record ContractsConfig(
         @ConfigProperty(value = "systemContract.accountService.isAuthorizedRawEnabled", defaultValue = "true")
                 @NetworkProperty
                 boolean systemContractAccountServiceIsAuthorizedRawEnabled,
+        @ConfigProperty(value = "systemContract.accountService.isAuthorizedEnabled", defaultValue = "true")
+                @NetworkProperty
+                boolean systemContractAccountServiceIsAuthorizedEnabled,
+        @ConfigProperty(value = "systemContract.metadataKeyAndFieldSupport.enabled", defaultValue = "false")
+                @NetworkProperty
+                boolean metadataKeyAndFieldEnabled,
         @ConfigProperty(value = "systemContract.updateCustomFees.enabled", defaultValue = "true") @NetworkProperty
                 boolean systemContractUpdateCustomFeesEnabled,
         @ConfigProperty(value = "systemContract.tokenInfo.v2.enabled", defaultValue = "false") @NetworkProperty

hedera-node/hedera-smart-contract-service-impl/src/main/java/com/hedera/node/app/service/contract/impl/exec/processors/HasTranslatorsModule.java

@@ -22,6 +22,7 @@
 import com.hedera.node.app.service.contract.impl.exec.systemcontracts.has.hbarallowance.HbarAllowanceTranslator;
 import com.hedera.node.app.service.contract.impl.exec.systemcontracts.has.hbarapprove.HbarApproveTranslator;
 import com.hedera.node.app.service.contract.impl.exec.systemcontracts.has.hederaaccountnumalias.HederaAccountNumAliasTranslator;
+import com.hedera.node.app.service.contract.impl.exec.systemcontracts.has.isauthorized.IsAuthorizedTranslator;
 import com.hedera.node.app.service.contract.impl.exec.systemcontracts.has.isauthorizedraw.IsAuthorizedRawTranslator;
 import com.hedera.node.app.service.contract.impl.exec.systemcontracts.has.isvalidalias.IsValidAliasTranslator;
 import com.hedera.node.app.service.contract.impl.exec.systemcontracts.has.setunlimitedautoassociations.SetUnlimitedAutoAssociationsTranslator;
@@ -101,6 +102,15 @@ static CallTranslator<HasCallAttempt> provideIsAuthorizedRawTranslator(
         return translator;
     }
 
+    @Provides
+    @Singleton
+    @IntoSet
+    @Named("HasTranslators")
+    static CallTranslator<HasCallAttempt> provideIsAuthorizedTranslator(
+            @NonNull final IsAuthorizedTranslator translator) {
+        return translator;
+    }
+
     @Provides
     @Singleton
     @IntoSet

hedera-node/hedera-smart-contract-service-impl/src/main/java/com/hedera/node/app/service/contract/impl/exec/systemcontracts/has/HasCallAttempt.java

@@ -32,6 +32,7 @@
 import com.hedera.node.app.service.contract.impl.exec.systemcontracts.common.CallTranslator;
 import com.hedera.node.app.service.contract.impl.exec.systemcontracts.hts.AddressIdConverter;
 import com.hedera.node.app.service.contract.impl.hevm.HederaWorldUpdater;
+import com.hedera.node.app.spi.signatures.SignatureVerifier;
 import com.swirlds.config.api.Configuration;
 import edu.umd.cs.findbugs.annotations.NonNull;
 import edu.umd.cs.findbugs.annotations.Nullable;
@@ -50,6 +51,9 @@ public class HasCallAttempt extends AbstractCallAttempt<HasCallAttempt> {
     @Nullable
     private final Account redirectAccount;
 
+    @NonNull
+    private final SignatureVerifier signatureVerifier;
+
     // too many parameters
     @SuppressWarnings("java:S107")
     public HasCallAttempt(
@@ -61,6 +65,7 @@ public HasCallAttempt(
             @NonNull final Configuration configuration,
             @NonNull final AddressIdConverter addressIdConverter,
             @NonNull final VerificationStrategies verificationStrategies,
+            @NonNull final SignatureVerifier signatureVerifier,
             @NonNull final SystemContractGasCalculator gasCalculator,
             @NonNull final List<CallTranslator<HasCallAttempt>> callTranslators,
             final boolean isStaticCall) {
@@ -82,6 +87,7 @@ public HasCallAttempt(
         } else {
             this.redirectAccount = null;
         }
+        this.signatureVerifier = requireNonNull(signatureVerifier);
     }
 
     @Override
@@ -153,4 +159,8 @@ public boolean isAccountRedirect() {
             return enhancement.nativeOperations().getAccount(addressNum);
         }
     }
+
+    public @NonNull SignatureVerifier signatureVerifier() {
+        return signatureVerifier;
+    }
 }

hedera-node/hedera-smart-contract-service-impl/src/main/java/com/hedera/node/app/service/contract/impl/exec/systemcontracts/has/HasCallFactory.java

@@ -27,6 +27,7 @@
 import com.hedera.node.app.service.contract.impl.exec.systemcontracts.common.CallTranslator;
 import com.hedera.node.app.service.contract.impl.exec.systemcontracts.hts.SyntheticIds;
 import com.hedera.node.app.service.contract.impl.exec.utils.FrameUtils;
+import com.hedera.node.app.spi.signatures.SignatureVerifier;
 import edu.umd.cs.findbugs.annotations.NonNull;
 import java.util.List;
 import javax.inject.Inject;
@@ -43,17 +44,20 @@ public class HasCallFactory implements CallFactory<HasCallAttempt> {
     private final SyntheticIds syntheticIds;
     private final CallAddressChecks addressChecks;
     private final VerificationStrategies verificationStrategies;
+    private final SignatureVerifier signatureVerifier;
     private final List<CallTranslator<HasCallAttempt>> callTranslators;
 
     @Inject
     public HasCallFactory(
             @NonNull final SyntheticIds syntheticIds,
             @NonNull final CallAddressChecks addressChecks,
             @NonNull final VerificationStrategies verificationStrategies,
+            @NonNull final SignatureVerifier signatureVerifier,
             @NonNull @Named("HasTranslators") final List<CallTranslator<HasCallAttempt>> callTranslators) {
         this.syntheticIds = requireNonNull(syntheticIds);
         this.addressChecks = requireNonNull(addressChecks);
         this.verificationStrategies = requireNonNull(verificationStrategies);
+        this.signatureVerifier = requireNonNull(signatureVerifier);
         this.callTranslators = requireNonNull(callTranslators);
     }
 
@@ -82,6 +86,7 @@ public HasCallFactory(
                 configOf(frame),
                 syntheticIds.converterFor(enhancement.nativeOperations()),
                 verificationStrategies,
+                signatureVerifier,
                 systemContractGasCalculatorOf(frame),
                 callTranslators,
                 frame.isStatic());

hedera-node/hedera-smart-contract-service-impl/src/main/java/com/hedera/node/app/service/contract/impl/exec/systemcontracts/has/isauthorized/IsAuthorizedCall.java

@@ -0,0 +1,153 @@
+/*
+ * Copyright (C) 2024 Hedera Hashgraph, LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.hedera.node.app.service.contract.impl.exec.systemcontracts.has.isauthorized;
+
+import static com.hedera.hapi.node.base.ResponseCodeEnum.INVALID_ACCOUNT_ID;
+import static com.hedera.hapi.node.base.ResponseCodeEnum.INVALID_TRANSACTION_BODY;
+import static com.hedera.hapi.node.base.ResponseCodeEnum.SUCCESS;
+import static com.hedera.node.app.service.contract.impl.exec.systemcontracts.FullResult.successResult;
+import static com.hedera.node.app.service.contract.impl.exec.systemcontracts.common.Call.PricedResult.gasOnly;
+import static com.hedera.node.app.service.contract.impl.utils.ConversionUtils.accountNumberForEvmReference;
+import static com.hedera.pbj.runtime.io.buffer.Bytes.wrap;
+import static java.util.Objects.requireNonNull;
+
+import com.esaulpaugh.headlong.abi.Address;
+import com.hedera.hapi.node.base.Key;
+import com.hedera.hapi.node.base.ResponseCodeEnum;
+import com.hedera.hapi.node.base.SignatureMap;
+import com.hedera.hapi.node.base.SignaturePair;
+import com.hedera.hapi.node.base.SignaturePair.SignatureOneOfType;
+import com.hedera.node.app.service.contract.impl.exec.gas.CustomGasCalculator;
+import com.hedera.node.app.service.contract.impl.exec.systemcontracts.common.AbstractCall;
+import com.hedera.node.app.service.contract.impl.exec.systemcontracts.has.HasCallAttempt;
+import com.hedera.node.app.spi.signatures.SignatureVerifier;
+import com.hedera.node.app.spi.signatures.SignatureVerifier.MessageType;
+import com.hedera.node.app.spi.signatures.SignatureVerifier.SimpleKeyStatus;
+import com.hedera.pbj.runtime.OneOf;
+import com.hedera.pbj.runtime.ParseException;
+import com.hedera.pbj.runtime.io.buffer.Bytes;
+import edu.umd.cs.findbugs.annotations.NonNull;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.function.Function;
+import org.hyperledger.besu.evm.frame.MessageFrame;
+
+public class IsAuthorizedCall extends AbstractCall {
+
+    private final Address address;
+    private final byte[] message;
+    private final byte[] signatureBlob;
+
+    private final CustomGasCalculator customGasCalculator;
+
+    private final SignatureVerifier signatureVerifier;
+
+    public IsAuthorizedCall(
+            @NonNull final HasCallAttempt attempt,
+            final Address address,
+            @NonNull final byte[] message,
+            @NonNull final byte[] signatureBlob,
+            @NonNull CustomGasCalculator gasCalculator) {
+        super(attempt.systemContractGasCalculator(), attempt.enhancement(), true);
+        this.address = requireNonNull(address, "address");
+        this.message = requireNonNull(message, "message");
+        this.signatureBlob = requireNonNull(signatureBlob, "signatureBlob");
+        this.customGasCalculator = requireNonNull(gasCalculator, "gasCalculator");
+        this.signatureVerifier = requireNonNull(attempt.signatureVerifier());
+    }
+
+    @Override
+    public @NonNull PricedResult execute(@NonNull final MessageFrame frame) {
+
+        final Function<ResponseCodeEnum, PricedResult> bail = rce -> encodedOutput(rce, false, frame.getRemainingGas());
+
+        final long accountNum = accountNumberForEvmReference(address, nativeOperations());
+        if (!isValidAccount(accountNum)) return bail.apply(INVALID_ACCOUNT_ID);
+        final var account = requireNonNull(enhancement.nativeOperations().getAccount(accountNum));
+
+        // Q: Do we get a key for hollow accounts and auto-created accounts?
+        final var key = account.key();
+        if (key == null) return bail.apply(INVALID_TRANSACTION_BODY);
+
+        SignatureMap sigMap;
+        try {
+            sigMap = requireNonNull(SignatureMap.PROTOBUF.parse(wrap(signatureBlob)));
+        } catch (@NonNull final ParseException | NullPointerException ex) {
+            return bail.apply(INVALID_TRANSACTION_BODY);
+        }
+        sigMap = fixEcSignaturesInMap(sigMap);
+
+        final var keyCounts = signatureVerifier.countSimpleKeys(key);
+        long gasRequirement = keyCounts.numEcdsaKeys() * customGasCalculator.getEcrecPrecompiledContractGasCost()
+                + keyCounts.numEddsaKeys() * customGasCalculator.getEdSignatureVerificationSystemContractGasCost();
+
+        final var authorized = verifyMessage(
+                key, wrap(message), MessageType.RAW, sigMap, ky -> SimpleKeyStatus.ONLY_IF_CRYPTO_SIG_VALID);
+
+        final var result = encodedOutput(SUCCESS, authorized, gasRequirement);
+        return result;
+    }
+
+    protected boolean verifyMessage(
+            @NonNull final Key key,
+            @NonNull final Bytes message,
+            @NonNull final MessageType msgType,
+            @NonNull final SignatureMap signatureMap,
+            @NonNull final Function<Key, SimpleKeyStatus> keyHandlingHook) {
+        return signatureVerifier.verifySignature(key, message, msgType, signatureMap, keyHandlingHook);
+    }
+
+    @NonNull
+    protected PricedResult encodedOutput(
+            final ResponseCodeEnum rce, final boolean authorized, final long gasRequirement) {
+        final long code = rce.protoOrdinal();
+        final var output = IsAuthorizedTranslator.IS_AUTHORIZED.getOutputs().encodeElements(code, authorized);
+        final var result = gasOnly(successResult(output, gasRequirement), SUCCESS, true);
+        return result;
+    }
+
+    /**
+     * The Ethereum world uses 65 byte EC signatures, our cryptography library uses 64 byte EC signatures.  The
+     * difference is the addition of an extra "parity" byte at the end of the 64 byte signature (used so that
+     * `ECRECOVER` can recover the public key (== Ethereum address) from the signature.
+     *
+     * This method is a shim for that mismatch. It strips the extra byte off any 65 byte EC signatures it finds.
+     *
+     * @param sigMap Signature map from user - possibly contains 65 byte EC signatures
+     * @return Signature map with only 64 byte EC signatures (and all else unchanged)
+     */
+    public @NonNull SignatureMap fixEcSignaturesInMap(@NonNull final SignatureMap sigMap) {
+        final List<SignaturePair> newPairs = new ArrayList<>();
+        for (var spair : sigMap.sigPair()) {
+            if (spair.hasEcdsaSecp256k1()) {
+                final var ecSig = requireNonNull(spair.ecdsaSecp256k1());
+                if (ecSig.length() == 65) {
+                    spair = new SignaturePair(
+                            spair.pubKeyPrefix(), new OneOf<>(SignatureOneOfType.ECDSA_SECP256K1, ecSig.slice(0, 64)));
+                }
+            }
+            newPairs.add(spair);
+        }
+        return new SignatureMap(newPairs);
+    }
+
+    boolean isValidAccount(final long accountNum) {
+        // invalid if accountNum is negative
+        if (accountNum < 0) return false;
+        return true;
+    }
+}

hedera-node/hedera-smart-contract-service-impl/src/main/java/com/hedera/node/app/service/contract/impl/exec/systemcontracts/has/isauthorized/IsAuthorizedTranslator.java

@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2024 Hedera Hashgraph, LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.hedera.node.app.service.contract.impl.exec.systemcontracts.has.isauthorized;
+
+import static java.util.Objects.requireNonNull;
+
+import com.esaulpaugh.headlong.abi.Address;
+import com.esaulpaugh.headlong.abi.Function;
+import com.hedera.node.app.service.contract.impl.annotations.ServicesV051;
+import com.hedera.node.app.service.contract.impl.exec.FeatureFlags;
+import com.hedera.node.app.service.contract.impl.exec.gas.CustomGasCalculator;
+import com.hedera.node.app.service.contract.impl.exec.systemcontracts.common.AbstractCallTranslator;
+import com.hedera.node.app.service.contract.impl.exec.systemcontracts.common.Call;
+import com.hedera.node.app.service.contract.impl.exec.systemcontracts.has.HasCallAttempt;
+import com.hedera.node.app.service.contract.impl.exec.systemcontracts.hts.ReturnTypes;
+import com.hedera.node.config.data.ContractsConfig;
+import edu.umd.cs.findbugs.annotations.NonNull;
+import javax.inject.Inject;
+import javax.inject.Singleton;
+
+@Singleton
+public class IsAuthorizedTranslator extends AbstractCallTranslator<HasCallAttempt> {
+
+    public static final Function IS_AUTHORIZED =
+            new Function("isAuthorized(address,bytes,bytes)", ReturnTypes.RESPONSE_CODE64_BOOL);
+    private static final int ADDRESS_ARG = 0;
+    private static final int MESSAGE_ARG = 1;
+    private static final int SIGNATURE_BLOB_ARG = 2;
+
+    private final CustomGasCalculator customGasCalculator;
+
+    @Inject
+    public IsAuthorizedTranslator(
+            @ServicesV051 @NonNull final FeatureFlags featureFlags,
+            @NonNull final CustomGasCalculator customGasCalculator) {
+        requireNonNull(featureFlags, "featureFlags");
+        this.customGasCalculator = requireNonNull(customGasCalculator);
+    }
+
+    @Override
+    public boolean matches(@NonNull HasCallAttempt attempt) {
+        requireNonNull(attempt, "attempt");
+
+        final boolean callEnabled = attempt.configuration()
+                .getConfigData(ContractsConfig.class)
+                .systemContractAccountServiceIsAuthorizedEnabled();
+        return callEnabled && attempt.isSelector(IS_AUTHORIZED);
+    }
+
+    @Override
+    public Call callFrom(@NonNull HasCallAttempt attempt) {
+        requireNonNull(attempt, "attempt");
+
+        if (attempt.isSelector(IS_AUTHORIZED)) {
+
+            final var call = IS_AUTHORIZED.decodeCall(attempt.inputBytes());
+            final var address = (Address) call.get(ADDRESS_ARG);
+            final var message = (byte[]) call.get(MESSAGE_ARG);
+            final var signatureBlob = (byte[]) call.get(SIGNATURE_BLOB_ARG);
+
+            return new IsAuthorizedCall(attempt, address, message, signatureBlob, customGasCalculator);
+        }
+        return null;
+    }
+}

hedera-node/hedera-smart-contract-service-impl/src/main/java/com/hedera/node/app/service/contract/impl/exec/systemcontracts/has/isauthorizedraw/IsAuthorizedRawCall.java

@@ -83,6 +83,7 @@ public IsAuthorizedRawCall(
         this.messageHash = requireNonNull(messageHash);
         this.signature = requireNonNull(signature);
         this.customGasCalculator = requireNonNull(customGasCalculator);
+        requireNonNull(attempt.signatureVerifier());
     }
 
     @NonNull

hedera-node/hedera-smart-contract-service-impl/src/main/java/com/hedera/node/app/service/contract/impl/exec/systemcontracts/hts/ReturnTypes.java

@@ -90,6 +90,7 @@ private ReturnTypes() {
     public static final String ADDRESS = "(address)";
 
     public static final String RESPONSE_CODE_BOOL = "(int32,bool)";
+    public static final String RESPONSE_CODE64_BOOL = "(int64,bool)";
     public static final String RESPONSE_CODE_INT32 = "(int32,int32)";
     public static final String RESPONSE_CODE_UINT256 = "(int64,uint256)";
     public static final String RESPONSE_CODE_INT256 = "(int64,int256)";

hedera-node/hedera-smart-contract-service-impl/src/test/java/com/hedera/node/app/service/contract/impl/test/TestHelpers.java

@@ -707,6 +707,7 @@ public class TestHelpers {
             "6080604052348015600f57600080fd5b50600061016a905077e4cbd3a7fefefefefefefefefefefefefefefefefefefefe600052366000602037600080366018016008845af43d806000803e8160008114605857816000f35b816000fdfea2646970667358221220d8378feed472ba49a0005514ef7087017f707b45fb9bf56bb81bb93ff19a238b64736f6c634300080b0033";
 
     public static byte[] messageHash = unhex("47173285a8d7341e5e972fc677286384f802f8ef42a5ec5f03bbfa254cb01fad");
+    public static byte[] message = "This is a message".getBytes();
 
     public static byte[] signature = unhex(
             "aca7da997ad177f040240cdccf6905b71ab16b74434388c3a72f34fd25d6439346b2bac274ff29b48b3ea6e2d04c1336eaceafda3c53ab483fc3ff12fac3ebf200");