Ed25519 PK validation in Move should return None instead of aborting on wrong length

aptos-move/aptos-release-builder/data/release.yaml

@@ -16,6 +16,7 @@ feature_flags:
     - resource_groups
     - multisig_accounts
     - delegation_pools
+    - ed25519_pk_validate_no_abort_on_wrong_length  
   disabled: []
 is_multi_step: true
 framework_release_at_end: true

aptos-move/aptos-release-builder/src/components/feature_flags.rs

@@ -28,6 +28,7 @@ pub enum FeatureFlag {
     ResourceGroups,
     MultisigAccounts,
     DelegationPools,
+    Ed25519PkValidateNoAbortOnWrongLength,
 }
 
 fn generate_features_blob(writer: &CodeWriter, data: &[u64]) {
@@ -128,6 +129,9 @@ impl From<FeatureFlag> for AptosFeatureFlag {
             FeatureFlag::ResourceGroups => AptosFeatureFlag::RESOURCE_GROUPS,
             FeatureFlag::MultisigAccounts => AptosFeatureFlag::MULTISIG_ACCOUNTS,
             FeatureFlag::DelegationPools => AptosFeatureFlag::DELEGATION_POOLS,
+            FeatureFlag::Ed25519PkValidateNoAbortOnWrongLength => {
+                AptosFeatureFlag::ED25519PKVALIDATENOABORTONWRONGLENGTH
+            },
         }
     }
 }

aptos-move/aptos-vm/src/move_vm_ext/vm.rs

@@ -18,7 +18,7 @@ use move_table_extension::NativeTableContext;
 use move_vm_runtime::{
     config::VMConfig, move_vm::MoveVM, native_extensions::NativeContextExtensions,
 };
-use std::ops::Deref;
+use std::{ops::Deref, sync::Arc};
 
 pub struct MoveVmExt {
     inner: MoveVM,
@@ -44,19 +44,19 @@ impl MoveVmExt {
                 5
             };
 
+        let treat_friend_as_private = features.is_enabled(FeatureFlag::TREAT_FRIEND_AS_PRIVATE);
+
         Ok(Self {
             inner: MoveVM::new_with_config(
                 aptos_natives(
                     native_gas_params,
                     abs_val_size_gas_params,
                     gas_feature_version,
                     timed_features.clone(),
+                    Arc::new(features),
                 ),
                 VMConfig {
-                    verifier: verifier_config(
-                        features.is_enabled(FeatureFlag::TREAT_FRIEND_AS_PRIVATE),
-                        &timed_features,
-                    ),
+                    verifier: verifier_config(treat_friend_as_private, &timed_features),
                     max_binary_format_version,
                     paranoid_type_checks: crate::AptosVM::get_paranoid_checks(),
                 },

aptos-move/aptos-vm/src/natives.rs

@@ -5,8 +5,12 @@
 use aptos_gas::{AbstractValueSizeGasParameters, NativeGasParameters, LATEST_GAS_FEATURE_VERSION};
 #[cfg(feature = "testing")]
 use aptos_types::chain_id::ChainId;
-use aptos_types::{account_config::CORE_CODE_ADDRESS, on_chain_config::TimedFeatures};
+use aptos_types::{
+    account_config::CORE_CODE_ADDRESS,
+    on_chain_config::{Features, TimedFeatures},
+};
 use move_vm_runtime::native_functions::NativeFunctionTable;
+use std::sync::Arc;
 #[cfg(feature = "testing")]
 use {
     aptos_framework::natives::{
@@ -27,6 +31,7 @@ pub fn aptos_natives(
     abs_val_size_gas_params: AbstractValueSizeGasParameters,
     gas_feature_version: u64,
     timed_features: TimedFeatures,
+    features: Arc<Features>,
 ) -> NativeFunctionTable {
     move_stdlib::natives::all_natives(CORE_CODE_ADDRESS, gas_params.move_stdlib)
         .into_iter()
@@ -35,6 +40,7 @@ pub fn aptos_natives(
             CORE_CODE_ADDRESS,
             gas_params.aptos_framework,
             timed_features,
+            features,
             move |val| abs_val_size_gas_params.abstract_value_size(val, gas_feature_version),
         ))
         .chain(move_table_extension::table_natives(
@@ -61,7 +67,8 @@ pub fn assert_no_test_natives(err_msg: &str) {
             NativeGasParameters::zeros(),
             AbstractValueSizeGasParameters::zeros(),
             LATEST_GAS_FEATURE_VERSION,
-            TimedFeatures::enable_all()
+            TimedFeatures::enable_all(),
+            Arc::new(Features::default())
         )
         .into_iter()
         .all(|(_, module_name, func_name, _)| {

aptos-move/framework/move-stdlib/doc/features.md

@@ -29,6 +29,8 @@ the Move stdlib, the Aptos stdlib, and the Aptos framework.
 -  [Function `multisig_accounts_enabled`](#0x1_features_multisig_accounts_enabled)
 -  [Function `get_delegation_pools_feature`](#0x1_features_get_delegation_pools_feature)
 -  [Function `delegation_pools_enabled`](#0x1_features_delegation_pools_enabled)
+-  [Function `get_pubkey_validate_aborts_wrong_length`](#0x1_features_get_pubkey_validate_aborts_wrong_length)
+-  [Function `pubkey_validate_aborts_wrong_length_enabled`](#0x1_features_pubkey_validate_aborts_wrong_length_enabled)
 -  [Function `change_feature_flags`](#0x1_features_change_feature_flags)
 -  [Function `is_enabled`](#0x1_features_is_enabled)
 -  [Function `set`](#0x1_features_set)
@@ -138,6 +140,17 @@ Lifetime: transient
 
 
 
+<a name="0x1_features_ED25519_PK_VALIDATE_NO_ABORT_ON_WRONG_LENGTH"></a>
+
+Whether native_public_key_validate aborts when a public key of the wrong length is given
+Lifetime: ephemeral
+
+
+<pre><code><b>const</b> <a href="features.md#0x1_features_ED25519_PK_VALIDATE_NO_ABORT_ON_WRONG_LENGTH">ED25519_PK_VALIDATE_NO_ABORT_ON_WRONG_LENGTH</a>: u64 = 12;
+</code></pre>
+
+
+
 <a name="0x1_features_EFRAMEWORK_SIGNER_NEEDED"></a>
 
 The provided signer has not a framework address.
@@ -676,6 +689,52 @@ Lifetime: transient
 
 
 
+</details>
+
+<a name="0x1_features_get_pubkey_validate_aborts_wrong_length"></a>
+
+## Function `get_pubkey_validate_aborts_wrong_length`
+
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_get_pubkey_validate_aborts_wrong_length">get_pubkey_validate_aborts_wrong_length</a>(): u64
+</code></pre>
+
+
+
+<details>
+<summary>Implementation</summary>
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_get_pubkey_validate_aborts_wrong_length">get_pubkey_validate_aborts_wrong_length</a>(): u64 { <a href="features.md#0x1_features_ED25519_PK_VALIDATE_NO_ABORT_ON_WRONG_LENGTH">ED25519_PK_VALIDATE_NO_ABORT_ON_WRONG_LENGTH</a> }
+</code></pre>
+
+
+
+</details>
+
+<a name="0x1_features_pubkey_validate_aborts_wrong_length_enabled"></a>
+
+## Function `pubkey_validate_aborts_wrong_length_enabled`
+
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_pubkey_validate_aborts_wrong_length_enabled">pubkey_validate_aborts_wrong_length_enabled</a>(): bool
+</code></pre>
+
+
+
+<details>
+<summary>Implementation</summary>
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_pubkey_validate_aborts_wrong_length_enabled">pubkey_validate_aborts_wrong_length_enabled</a>(): bool <b>acquires</b> <a href="features.md#0x1_features_Features">Features</a> {
+	<a href="features.md#0x1_features_is_enabled">is_enabled</a>(<a href="features.md#0x1_features_ED25519_PK_VALIDATE_NO_ABORT_ON_WRONG_LENGTH">ED25519_PK_VALIDATE_NO_ABORT_ON_WRONG_LENGTH</a>)
+}
+</code></pre>
+
+
+
 </details>
 
 <a name="0x1_features_change_feature_flags"></a>

aptos-move/framework/move-stdlib/sources/configs/features.move

@@ -140,6 +140,16 @@ module std::features {
         is_enabled(DELEGATION_POOLS)
     }
 
+    /// Whether native_public_key_validate aborts when a public key of the wrong length is given
+    /// Lifetime: ephemeral
+    const ED25519_PK_VALIDATE_NO_ABORT_ON_WRONG_LENGTH: u64 = 12;
+
+    public fun get_pubkey_validate_aborts_wrong_length(): u64 { ED25519_PK_VALIDATE_NO_ABORT_ON_WRONG_LENGTH }
+
+    public fun pubkey_validate_aborts_wrong_length_enabled(): bool acquires Features {
+	is_enabled(ED25519_PK_VALIDATE_NO_ABORT_ON_WRONG_LENGTH)
+    } 
+
     // ============================================================================================
     // Feature Flag Implementation
 

aptos-move/framework/src/natives/account.rs

@@ -9,12 +9,12 @@ use crate::{
     },
     safely_pop_arg,
 };
-use aptos_types::on_chain_config::TimedFeatures;
+use aptos_types::on_chain_config::{Features, TimedFeatures};
 use move_core_types::{account_address::AccountAddress, gas_algebra::InternalGas};
 use move_vm_runtime::native_functions::NativeFunction;
 use move_vm_types::{loaded_data::runtime_types::Type, values::Value};
 use smallvec::{smallvec, SmallVec};
-use std::collections::VecDeque;
+use std::{collections::VecDeque, sync::Arc};
 
 /***************************************************************************************************
  * native fun create_address
@@ -62,13 +62,15 @@ pub struct GasParameters {
 pub fn make_all(
     gas_params: GasParameters,
     timed_features: TimedFeatures,
+    features: Arc<Features>,
 ) -> impl Iterator<Item = (String, NativeFunction)> {
     let natives = [
         (
             "create_address",
             make_safe_native(
                 gas_params.create_address,
                 timed_features.clone(),
+                features.clone(),
                 native_create_address,
             ),
         ),
@@ -79,6 +81,7 @@ pub fn make_all(
             make_safe_native(
                 gas_params.create_signer,
                 timed_features,
+                features,
                 create_signer::native_create_signer,
             ),
         ),

aptos-move/framework/src/natives/aggregator_natives/aggregator.rs

@@ -12,15 +12,15 @@ use crate::{
     safely_pop_arg,
 };
 use aptos_aggregator::aggregator_extension::AggregatorID;
-use aptos_types::on_chain_config::TimedFeatures;
+use aptos_types::on_chain_config::{Features, TimedFeatures};
 use move_core_types::gas_algebra::InternalGas;
 use move_vm_runtime::native_functions::NativeFunction;
 use move_vm_types::{
     loaded_data::runtime_types::Type,
     values::{Struct, StructRef, Value},
 };
 use smallvec::{smallvec, SmallVec};
-use std::collections::VecDeque;
+use std::{collections::VecDeque, sync::Arc};
 
 /***************************************************************************************************
  * native fun add(aggregator: &mut Aggregator, value: u128);
@@ -177,23 +177,39 @@ pub struct GasParameters {
 pub fn make_all(
     gas_params: GasParameters,
     timed_features: TimedFeatures,
+    features: Arc<Features>,
 ) -> impl Iterator<Item = (String, NativeFunction)> {
     let natives = [
         (
             "add",
-            make_safe_native(gas_params.add, timed_features.clone(), native_add),
+            make_safe_native(
+                gas_params.add,
+                timed_features.clone(),
+                features.clone(),
+                native_add,
+            ),
         ),
         (
             "read",
-            make_safe_native(gas_params.read, timed_features.clone(), native_read),
+            make_safe_native(
+                gas_params.read,
+                timed_features.clone(),
+                features.clone(),
+                native_read,
+            ),
         ),
         (
             "sub",
-            make_safe_native(gas_params.sub, timed_features.clone(), native_sub),
+            make_safe_native(
+                gas_params.sub,
+                timed_features.clone(),
+                features.clone(),
+                native_sub,
+            ),
         ),
         (
             "destroy",
-            make_safe_native(gas_params.destroy, timed_features, native_destroy),
+            make_safe_native(gas_params.destroy, timed_features, features, native_destroy),
         ),
     ];
 

aptos-move/framework/src/natives/aggregator_natives/aggregator_factory.rs

@@ -10,15 +10,18 @@ use crate::{
 };
 use aptos_aggregator::aggregator_extension::{extension_error, AggregatorHandle, AggregatorID};
 use aptos_crypto::hash::DefaultHasher;
-use aptos_types::{account_address::AccountAddress, on_chain_config::TimedFeatures};
+use aptos_types::{
+    account_address::AccountAddress,
+    on_chain_config::{Features, TimedFeatures},
+};
 use move_core_types::gas_algebra::InternalGas;
 use move_vm_runtime::native_functions::NativeFunction;
 use move_vm_types::{
     loaded_data::runtime_types::Type,
     values::{Struct, StructRef, Value},
 };
 use smallvec::{smallvec, SmallVec};
-use std::collections::VecDeque;
+use std::{collections::VecDeque, sync::Arc};
 
 /***************************************************************************************************
  * native fun new_aggregator(aggregator_factory: &mut AggregatorFactory, limit: u128): Aggregator;
@@ -86,12 +89,14 @@ pub struct GasParameters {
 pub fn make_all(
     gas_params: GasParameters,
     timed_features: TimedFeatures,
+    features: Arc<Features>,
 ) -> impl Iterator<Item = (String, NativeFunction)> {
     let natives = [(
         "new_aggregator",
         make_safe_native(
             gas_params.new_aggregator,
             timed_features,
+            features,
             native_new_aggregator,
         ),
     )];

aptos-move/framework/src/natives/code.rs

@@ -10,7 +10,9 @@ use crate::{
 };
 use anyhow::bail;
 use aptos_types::{
-    on_chain_config::TimedFeatures, transaction::ModuleBundle, vm_status::StatusCode,
+    on_chain_config::{Features, TimedFeatures},
+    transaction::ModuleBundle,
+    vm_status::StatusCode,
 };
 use better_any::{Tid, TidAble};
 use move_binary_format::errors::{PartialVMError, PartialVMResult};
@@ -29,6 +31,7 @@ use std::{
     collections::{btree_map::Entry, BTreeMap, BTreeSet, VecDeque},
     fmt,
     str::FromStr,
+    sync::Arc,
 };
 
 /// A wrapper around the representation of a Move Option, which is a vector with 0 or 1 element.
@@ -310,13 +313,15 @@ pub struct GasParameters {
 pub fn make_all(
     gas_params: GasParameters,
     timed_features: TimedFeatures,
+    features: Arc<Features>,
 ) -> impl Iterator<Item = (String, NativeFunction)> {
     let natives = [
         (
             "request_publish",
             make_safe_native(
                 gas_params.request_publish.clone(),
                 timed_features.clone(),
+                features.clone(),
                 native_request_publish,
             ),
         ),
@@ -325,6 +330,7 @@ pub fn make_all(
             make_safe_native(
                 gas_params.request_publish,
                 timed_features,
+                features,
                 native_request_publish,
             ),
         ),