1st commit: add MLDSA sig verification

test/contracts/qr_auth.aes

@@ -0,0 +1,21 @@
+// Contract using Quantum-Resistant signing (MLDSA65)
+contract QrAuth =
+  record state = { nonce : int, owner : address, owner_pub : bytes }
+
+  entrypoint init(pub : bytes) = { nonce = 1
+                                 , owner = Call.caller
+                                 , owner_pub = pub }
+
+  stateful entrypoint authorize(n : int, s : signature) : bool =
+    require(n >= state.nonce, "Nonce too low")
+    require(n =< state.nonce, "Nonce too high")
+    put(state{ nonce = n + 1 })
+    switch(Auth.tx_hash)
+      None          => abort("Not in Auth context")
+      Some(tx_hash) => Crypto.verify_sig_mldsa65(to_sign(tx_hash, n), state.owner_pub, s)
+
+  entrypoint to_sign(h : hash, n : int) =
+    Crypto.blake2b((h, n))
+
+  entrypoint weird_string() : string =
+    "\x19Weird String\x42\nMore\n"

test/contracts/qr_auth_tx.aes

@@ -0,0 +1,76 @@
+// namespace Chain =
+//   record tx = { paying_for : option(Chain.paying_for_tx)
+//               , ga_metas : list(Chain.ga_meta_tx)
+//               , actor : address
+//               , fee   : int
+//               , ttl   : int
+//               , tx    : Chain.base_tx }
+
+//   datatype ga_meta_tx = GAMetaTx(address, int)
+//   datatype paying_for_tx = PayingForTx(address, int)
+//   datatype base_tx = SpendTx(address, int, string)
+//                    | OracleRegisterTx | OracleQueryTx | OracleResponseTx | OracleExtendTx
+//                    | NamePreclaimTx | NameClaimTx(hash) | NameUpdateTx(string)
+//                    | NameRevokeTx(hash) | NameTransferTx(address, string)
+//                    | ChannelCreateTx(address) | ChannelDepositTx(address, int) | ChannelWithdrawTx(address, int) |
+//                    | ChannelForceProgressTx(address) | ChannelCloseMutualTx(address) | ChannelCloseSoloTx(address)
+//                    | ChannelSlashTx(address) | ChannelSettleTx(address) | ChannelSnapshotSoloTx(address)
+//                    | ContractCreateTx(int) | ContractCallTx(address, int)
+//                    | GAAttachTx
+
+
+// Contract implementing Quantum-resistant (MLDSA65) authentication
+contract QrAuthTx =
+  record state = { nonce : int, owner : address, owner_pub : bytes }
+  datatype foo = Bar | Baz()
+
+  entrypoint init(pub : bytes) = { nonce = 1
+                                 , owner = Call.caller
+                                 , owner_pub = pub }
+
+  stateful entrypoint authorize(n : int, s : signature) : bool =
+    require(n >= state.nonce, "Nonce too low")
+    require(n =< state.nonce, "Nonce too high")
+    put(state{ nonce = n + 1 })
+    switch(Auth.tx_hash)
+      None          => abort("Not in Auth context")
+      Some(tx_hash) =>
+        let Some(tx0) = Auth.tx
+        let x : option(Chain.paying_for_tx) = tx0.paying_for
+        let x : list(Chain.ga_meta_tx) = tx0.ga_metas
+        let x : int = tx0.fee + tx0.ttl
+        let x : address = tx0.actor
+        let x : Chain.tx = { tx = Chain.NamePreclaimTx, paying_for = None, ga_metas = [],
+                             fee = 123, ttl = 0, actor = Call.caller }
+        switch(tx0.tx)
+          Chain.SpendTx(receiver, amount, payload) => verify(tx_hash, n, s)
+          Chain.OracleRegisterTx                   => false
+          Chain.OracleQueryTx                      => false
+          Chain.OracleResponseTx                   => false
+          Chain.OracleExtendTx                     => false
+          Chain.NamePreclaimTx                     => false
+          Chain.NameClaimTx(name)                  => false
+          Chain.NameUpdateTx(name)                 => false
+          Chain.NameRevokeTx(name)                 => false
+          Chain.NameTransferTx(to, name)           => false
+          Chain.ChannelCreateTx(other_party)       => false
+          Chain.ChannelDepositTx(channel, amount)  => false
+          Chain.ChannelWithdrawTx(channel, amount) => false
+          Chain.ChannelForceProgressTx(channel)    => false
+          Chain.ChannelCloseMutualTx(channel)      => false
+          Chain.ChannelCloseSoloTx(channel)        => false
+          Chain.ChannelSlashTx(channel)            => false
+          Chain.ChannelSettleTx(channel)           => false
+          Chain.ChannelSnapshotSoloTx(channel)     => false
+          Chain.ContractCreateTx(amount)           => false
+          Chain.ContractCallTx(ct_address, amount) => false
+          Chain.GAAttachTx                         => false
+
+  function verify(tx_hash, n, s) =
+    Crypto.verify_sig_mldsa65(to_sign(tx_hash, n), state.owner_pub, s)
+
+  entrypoint to_sign(h : hash, n : int) =
+    Crypto.blake2b((h, n))
+
+  entrypoint weird_string() : string =
+    "\x19Weird String\x42\nMore\n"

test/contracts/unapplied_builtins.aes

@@ -29,6 +29,9 @@ contract UnappliedBuiltins =
   function crypto_verify_sig_secp256k1() = Crypto.verify_sig_secp256k1
   function crypto_ecverify_secp256k1()   = Crypto.ecverify_secp256k1
   function crypto_ecrecover_secp256k1()  = Crypto.ecrecover_secp256k1
+  function crypto_verify_sig_mldsa44()   = Crypto.verify_sig_mldsa44
+  function crypto_verify_sig_mldsa65()   = Crypto.verify_sig_mldsa65
+  function crypto_verify_sig_mldsa87()   = Crypto.verify_sig_mldsa87
   function crypto_sha3()                 = Crypto.sha3    : t => _
   function crypto_sha256()               = Crypto.sha256  : t => _
   function crypto_blake2b()              = Crypto.blake2b : t => _