Fix existing tests so CI can resume running

Author: xxuejie

.github/workflows/rust-with-clang.yml

@@ -5,15 +5,20 @@ on: [push, pull_request]
 jobs:
   build:
 
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [ubuntu-latest, ubuntu-24.04-arm]
+
+    runs-on: ${{ matrix.os }}
 
     steps:
-    - uses: actions/checkout@v1
-    - name: Update submodules
-      run: git submodule update --init
-    - name: Run sphincs+ tests
-      run: ./tests/sphincsplus/all_run.sh
-    - name: Run sphincs+ rust tests
-      run: ./tests/sphincsplus_rust/run_rust.sh
-    - name: Run Tools tests
-      run: cd tools/ckb-sphincs-tools && cargo test 
+    - uses: actions/checkout@v4
+      with:
+        submodules: "true"
+    - name: Install llvm
+      run: sudo apt update && sudo apt install -y clang llvm clang-format lld
+    - uses: actions-rust-lang/setup-rust-toolchain@v1
+    - name: Prepare, build, test, clippy, format
+      run: make prepare build test clippy fmt
+    - name: git diff
+      run: git diff --exit-code

.github/workflows/rust.yml

@@ -1,6 +1,6 @@
 # We cannot use $(shell pwd), which will return unix path format on Windows,
 # making it hard to use.
-cur_dir = $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+cur_dir = $(dir $(abspath $(firstword $(MAKEFILE_LIST))))
 
 TOP := $(cur_dir)
 # RUSTFLAGS that are likely to be tweaked by developers. For example,
@@ -51,6 +51,9 @@ build:
 		for contract in $(wildcard contracts/*); do \
 			$(MAKE) -e -C $$contract build; \
 		done; \
+		for crate in $(wildcard tools/*); do \
+			cargo build -p $$(basename $$crate | tr '-' '_') $(MODE_ARGS) $(CARGO_ARGS); \
+		done; \
 	else \
 		$(MAKE) -e -C contracts/$(CONTRACT) build; \
 		cargo build -p $(CONTRACT)-sim; \
@@ -63,8 +66,9 @@ TASK :=
 run:
 	$(MAKE) -e -C contracts/$(CONTRACT) $(TASK)
 
-test:	
+test:
 	bash tests/sphincsplus/all_run.sh
+	bash tests/sphincsplus_rust/all_run.sh
 	# cargo test $(CARGO_ARGS)
 
 # check, clippy and fmt here are provided for completeness,

Cargo.lock

@@ -18,7 +18,7 @@ fn main() {
         .map(|line| {
             let parts: Vec<&str> = line.split(" ").collect();
             (
-                usize::from_str_radix(parts[0], 10).expect("parse number"),
+                parts[0].parse::<usize>().expect("parse number"),
                 parts[1].to_string(),
             )
         })

Makefile

@@ -88,31 +88,31 @@ fn main() {
                 writeln!(
                     &mut file,
                     "extern const uint32_t {};",
-                    offset_sname(&leaf_name, &cli.prefix)
+                    offset_sname(leaf_name, &cli.prefix)
                 )
                 .expect("write");
                 writeln!(
                     &mut file,
                     "extern const uint32_t {};",
-                    length_sname(&leaf_name, &cli.prefix)
+                    length_sname(leaf_name, &cli.prefix)
                 )
                 .expect("write");
             }
-            writeln!(&mut file, "").expect("write");
+            writeln!(&mut file).expect("write");
 
             // Build actual definitions, but under a ifdef guard
             writeln!(&mut file, "#ifdef CKB_SCRIPT_MERGE_TOOL_DEFINE_VARS").expect("write");
             for leaf_name in &leaf_names {
                 writeln!(
                     &mut file,
                     "__attribute__ ((visibility (\"default\"))) const uint32_t {} = 0xFFFFFFFF;",
-                    offset_sname(&leaf_name, &cli.prefix)
+                    offset_sname(leaf_name, &cli.prefix)
                 )
                 .expect("write");
                 writeln!(
                     &mut file,
                     "__attribute__ ((visibility (\"default\"))) const uint32_t {} = 1;",
-                    length_sname(&leaf_name, &cli.prefix)
+                    length_sname(leaf_name, &cli.prefix)
                 )
                 .expect("write");
             }
@@ -139,7 +139,7 @@ fn main() {
                     length_sname(&leaf_name, &cli.prefix)
                 )
                 .expect("write");
-                writeln!(&mut file, "").expect("write");
+                writeln!(&mut file).expect("write");
             }
         }
         Commands::Merge {

build-tools/build-params-finder/src/main.rs

@@ -1,6 +1,6 @@
 # We cannot use $(shell pwd), which will return unix path format on Windows,
 # making it hard to use.
-cur_dir = $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+cur_dir = $(dir $(abspath $(firstword $(MAKEFILE_LIST))))
 
 TOP := $(cur_dir)
 MODE := release
@@ -27,8 +27,13 @@ CLANG_FORMAT := $(subst clang,clang-format,$(CLANG))
 
 # Local build directory
 CUR_BUILD := $(cur_dir)/build
+# FIPS 205 only approves simple THASH type
+THASH = simple
+LOCK_DIR := $(cur_dir)
 SPHINCS_PLUS_DIR := $(TOP)/deps/sphincsplus/ref
 
+include $(TOP)/mk/files.mk
+
 PARAMS_DEFINITION_FILE := $(TOP)/params.txt
 ALL_PARAM_IDS := $(shell cat $(PARAMS_DEFINITION_FILE) | cut -d" " -f1)
 
@@ -50,34 +55,6 @@ CFLAGS += -I $(SPHINCS_PLUS_DIR) -I $(CUR_BUILD) -I $(cur_dir)/utils
 
 LDFLAGS := -static -Wl,--gc-sections
 
-SOURCES = \
-	$(SPHINCS_PLUS_DIR)/address.c \
-	$(SPHINCS_PLUS_DIR)/merkle.c \
-	$(SPHINCS_PLUS_DIR)/wots.c \
-	$(SPHINCS_PLUS_DIR)/wotsx1.c \
-	$(SPHINCS_PLUS_DIR)/utils.c \
-	$(SPHINCS_PLUS_DIR)/utilsx1.c \
-	$(SPHINCS_PLUS_DIR)/fors.c \
-	$(SPHINCS_PLUS_DIR)/sign.c \
-	ckb-sphincsplus.c
-
-HEADERS = \
-	$(SPHINCS_PLUS_DIR)/params.h \
-	$(SPHINCS_PLUS_DIR)/address.h \
-	$(SPHINCS_PLUS_DIR)/merkle.h \
-	$(SPHINCS_PLUS_DIR)/wots.h \
-	$(SPHINCS_PLUS_DIR)/wotsx1.h \
-	$(SPHINCS_PLUS_DIR)/utils.h \
-	$(SPHINCS_PLUS_DIR)/utilsx1.h \
-	$(SPHINCS_PLUS_DIR)/fors.h \
-	$(SPHINCS_PLUS_DIR)/api.h \
-	$(SPHINCS_PLUS_DIR)/hash.h \
-	$(SPHINCS_PLUS_DIR)/thash.h \
-	$(SPHINCS_PLUS_DIR)/randombytes.h \
-	ckb-sphincsplus.h \
-	ckb-sphincsplus-common.h \
-	$(wildcard utils/*.h)
-
 default: build
 
 build: $(CUR_BUILD)/$(BINARY)
@@ -111,25 +88,23 @@ $(CUR_BUILD)/leaf-vars.h: $(CUR_BUILD)/leaf.complete
 		--language c \
 		--output $@
 
-$(CUR_BUILD)/leaf.complete: $(SOURCES) $(HEADERS) ckb-sphincsplus-leaf-lock.c
+$(CUR_BUILD)/leaf.complete: $(DETECTING_SOURCES) $(HEADERS) ckb-sphincsplus-leaf-lock.c
 	mkdir -p $(CUR_BUILD)
 	rm -rf $(CUR_BUILD)/leaves_debug $(CUR_BUILD)/leaves_stripped
 	mkdir -p $(CUR_BUILD)/leaves_debug $(CUR_BUILD)/leaves_stripped
 	@set -eu; \
 	for param_id in $(ALL_PARAM_IDS); do \
 		param=$$(head -n $$param_id $(PARAMS_DEFINITION_FILE) | tail -1 | cut -d" " -f2); \
 		if echo "$${param}" | grep "shake" - > /dev/null; then \
-			others="$(SPHINCS_PLUS_DIR)/fips202.c $(SPHINCS_PLUS_DIR)/hash_shake.c"; \
-			others="$${others} $(SPHINCS_PLUS_DIR)/thash_shake_simple.c"; \
+			srcs="$(COMPILING_COMMON_SOURCES) $(COMPILING_SHAKE_SOURCES)"; \
 		elif echo "$${param}" | grep "sha2" - > /dev/null; then \
-			others="$(SPHINCS_PLUS_DIR)/sha2.c $(SPHINCS_PLUS_DIR)/hash_sha2.c"; \
-			others="$${others} $(SPHINCS_PLUS_DIR)/thash_sha2_simple.c"; \
+			srcs="$(COMPILING_COMMON_SOURCES) $(COMPILING_SHA2_SOURCES)"; \
 		fi; \
 		echo "Building sphincs+ lock with params id: $${param_id}, params: $${param}"; \
 		set -x; \
 		$(CLANG) $(CFLAGS) $(LDFLAGS) -DPARAMS_ID=$${param_id} -DPARAMS=$${param} \
 			-o $(CUR_BUILD)/leaves_debug/$${param} \
-			$(SOURCES) $${others} ckb-sphincsplus-leaf-lock.c; \
+			$${srcs} ckb-sphincsplus-leaf-lock.c; \
 		$(OBJCOPY) --strip-debug --strip-all \
 			$(CUR_BUILD)/leaves_debug/$${param} \
 			$(CUR_BUILD)/leaves_stripped/$${param}; \

build-tools/script-merge-tool/src/main.rs

@@ -20,15 +20,18 @@
 #endif
 
 #undef ASSERT
-// #define ASSERT(s)
-#define ASSERT(s) ckb_exit(-1)
+#define ASSERT(s)                             \
+  do {                                        \
+    if (!(s)) {                               \
+      ckb_exit(ERROR_SPHINCSPLUS_UNEXPECTED); \
+    }                                         \
+  } while (0)
 
 #undef CHECK2
 #define CHECK2(cond, code) \
   do {                     \
     if (!(cond)) {         \
       err = code;          \
-      ASSERT(0);           \
       goto exit;           \
     }                      \
   } while (0)
@@ -39,7 +42,6 @@
     int code = (_code); \
     if (code != 0) {    \
       err = code;       \
-      ASSERT(0);        \
       goto exit;        \
     }                   \
   } while (0)

contracts/c-sphincs-all-in-one-lock/Makefile

@@ -31,8 +31,7 @@
 /* We only use molecule-c2's cursor here for minimal code size. */
 #include "witness_args_lazy_utils.h"
 
-#define ITERATION_SIZE \
-  (1 + sphincs_plus_get_pk_size() + sphincs_plus_get_sign_size())
+#define ITERATION_SIZE (1 + SPHINCS_PLUS_PK_SIZE + SPHINCS_PLUS_SIGN_SIZE)
 #define MAX_BATCH_BUFFER_SIZE (256 * 1024)
 #define BATCH_COUNT (MAX_BATCH_BUFFER_SIZE / ITERATION_SIZE)
 #define BATCH_BUFFER_SIZE (ITERATION_SIZE * BATCH_COUNT)
@@ -82,25 +81,23 @@ int handle_exec(const uint8_t *command, size_t command_length) {
 
     if ((param_id & MULTISIG_SIG_MASK) != 0) {
       /* Validate a signature when we see one */
-      CHECK2(cursor.size >=
-                 sphincs_plus_get_pk_size() + sphincs_plus_get_sign_size(),
+      CHECK2(cursor.size >= SPHINCS_PLUS_PK_SIZE + SPHINCS_PLUS_SIGN_SIZE,
              ERROR_SPHINCSPLUS_WITNESS);
 
-      uint8_t pubkey[sphincs_plus_get_pk_size()];
-      uint8_t sign[sphincs_plus_get_sign_size()];
+      uint8_t pubkey[SPHINCS_PLUS_PK_SIZE];
+      uint8_t sign[SPHINCS_PLUS_SIGN_SIZE];
 
-      CHECK(mol2_read_and_advance(&cursor, pubkey, sphincs_plus_get_pk_size()));
-      CHECK(mol2_read_and_advance(&cursor, sign, sphincs_plus_get_sign_size()));
+      CHECK(mol2_read_and_advance(&cursor, pubkey, SPHINCS_PLUS_PK_SIZE));
+      CHECK(mol2_read_and_advance(&cursor, sign, SPHINCS_PLUS_SIGN_SIZE));
 
-      err = sphincs_plus_verify(sign, sphincs_plus_get_sign_size(), message,
-                                BLAKE2B_BLOCK_SIZE, pubkey,
-                                sphincs_plus_get_pk_size());
+      err =
+          sphincs_plus_verify(sign, SPHINCS_PLUS_SIGN_SIZE, message,
+                              BLAKE2B_BLOCK_SIZE, pubkey, SPHINCS_PLUS_PK_SIZE);
       CHECK2(err == 0, ERROR_SPHINCSPLUS_VERIFY);
     } else {
       /* Skip pubkey without a signature */
-      CHECK2(cursor.size >= sphincs_plus_get_pk_size(),
-             ERROR_SPHINCSPLUS_WITNESS);
-      mol2_advance(&cursor, sphincs_plus_get_pk_size());
+      CHECK2(cursor.size >= SPHINCS_PLUS_PK_SIZE, ERROR_SPHINCSPLUS_WITNESS);
+      mol2_advance(&cursor, SPHINCS_PLUS_PK_SIZE);
     }
   }
 

contracts/c-sphincs-all-in-one-lock/ckb-sphincsplus-common.h

@@ -35,30 +35,33 @@ int sphincs_plus_generate_keypair(uint8_t *pk, uint8_t *sk) {
 
 int sphincs_plus_sign(const uint8_t *message, const uint8_t *sk,
                       uint8_t *out_sign) {
-  unsigned long long out_sign_len = sphincs_plus_get_sign_size();
+  unsigned long long out_sign_len = SPHINCS_PLUS_SIGN_SIZE;
   int ret = crypto_sign(out_sign, (unsigned long long *)&out_sign_len, message,
                         SPX_MLEN, sk);
-  if ((uint32_t)out_sign_len != sphincs_plus_get_sign_size()) {
+  if ((uint32_t)out_sign_len != SPHINCS_PLUS_SIGN_SIZE) {
     return 1;
   }
   return ret;
 }
 
+/* Defined for Rust FFI usage, script code would only require the macros */
+uint32_t sphincs_plus_get_pk_size() { return SPHINCS_PLUS_PK_SIZE; }
+uint32_t sphincs_plus_get_sk_size() { return SPHINCS_PLUS_SK_SIZE; }
+uint32_t sphincs_plus_get_sign_size() { return SPHINCS_PLUS_SIGN_SIZE; }
+
 #endif  // CKB_VM
 
 int sphincs_plus_verify(const uint8_t *sign, uint32_t sign_size,
                         const uint8_t *message, uint32_t message_size,
                         const uint8_t *pubkey, uint32_t pubkey_size) {
-  size_t sign_len = sphincs_plus_get_sign_size();
-
-  if (sign_size != sign_len || message_size != SPX_MLEN ||
-      pubkey_size != sphincs_plus_get_pk_size()) {
+  if (sign_size != SPHINCS_PLUS_SIGN_SIZE || message_size != SPX_MLEN ||
+      pubkey_size != SPHINCS_PLUS_PK_SIZE) {
     return SphincsPlusError_Params;
   }
   unsigned char mout[SPX_BYTES + SPX_MLEN];
   unsigned long long mlen = 0;
 
-  int err = crypto_sign_open(mout, &mlen, sign, sign_len, pubkey);
+  int err = crypto_sign_open(mout, &mlen, sign, SPHINCS_PLUS_SIGN_SIZE, pubkey);
   if (err != 0) {
     return SphincsPlusError_Verify;
   }