dfinity · michael-weigelt · Jan 23, 2025 · Jan 28, 2025 · Jan 28, 2025 · Jan 28, 2025
@@ -162,7 +162,7 @@ mod tests {
     use ic_limits::SMALL_APP_SUBNET_MAX_SIZE;
     use ic_logger::replica_logger::no_op_logger;
     use ic_registry_subnet_type::SubnetType;
-    use ic_replicated_state::{Global, NumWasmPages, PageIndex, PageMap};
+    use ic_replicated_state::{Global, NetworkTopology, NumWasmPages, PageIndex, PageMap};
     use ic_system_api::{
         sandbox_safe_system_state::{CanisterStatusView, SandboxSafeSystemState},
         ApiType, ExecutionParameters, InstructionLimits,
@@ -242,6 +242,7 @@ mod tests {
             caller,
             0,
             IS_WASM64_EXECUTION,
+            NetworkTopology::default(),
         )
     }
 

@@ -4,7 +4,7 @@ mod errors;
 pub use errors::{CanisterBacktrace, CanisterOutOfCyclesError, HypervisorError, TrapCode};
 use ic_base_types::NumBytes;
 use ic_error_types::UserError;
-use ic_management_canister_types::MasterPublicKeyId;
+use ic_management_canister_types::{EcdsaCurve, MasterPublicKeyId, SchnorrAlgorithm, VetKdCurve};
 use ic_registry_provisional_whitelist::ProvisionalWhitelist;
 use ic_registry_subnet_type::SubnetType;
 use ic_sys::{PageBytes, PageIndex};
@@ -1177,6 +1177,105 @@ pub trait SystemApi {
         heap: &mut [u8],
     ) -> HypervisorResult<()>;
 
+    /// Returns the replication factor of the provided subnet.
+    ///
+    /// Traps if `src`/`size` are not a valid encoding of a principal, or if
+    /// the principal is not a subnet.
+    fn ic0_replication_factor(&self, src: usize, size: usize, heap: &[u8])
+        -> HypervisorResult<u32>;
+
+    /// This system call indicates the cycle cost of an inter-canister call,
+    /// i.e., `ic0.call_perform`.
+    ///
+    /// The cost is determined by the byte length of the method name and the
+    /// length of the encoded payload.
+    ///
+    /// The amount of cycles is represented by a 128-bit value and is copied
+    /// to the canister memory starting at the location `dst`.
+    fn ic0_cost_call(
+        &self,
+        method_name_size: u64,
+        payload_size: u64,
+        dst: usize,
+        heap: &mut [u8],
+    ) -> HypervisorResult<()>;
+
+    /// This system call indicates the cycle cost of creating a canister on
+    /// the same subnet, i.e., the management canister's `create_canister`.
+    ///
+    /// The amount of cycles is represented by a 128-bit value and is copied
+    /// to the canister memory starting at the location `dst`.
+    fn ic0_cost_create_canister(&self, dst: usize, heap: &mut [u8]) -> HypervisorResult<()>;
+
+    /// This system call indicates the cycle cost of making an http outcall,
+    /// i.e., the management canister's `http_request`.
+    ///
+    /// `request_size` is the sum of the lengths of the variable request parts, as
+    /// documented in the interface specification.
+    /// `max_res_bytes` is the maximum number of response bytes the caller wishes to
+    /// accept.
+    ///
+    /// The amount of cycles is represented by a 128-bit value and is copied
+    /// to the canister memory starting at the location `dst`.
+    fn ic0_cost_http_request(
+        &self,
+        request_size: u64,
+        max_res_bytes: u64,
+        dst: usize,
+        heap: &mut [u8],
+    ) -> HypervisorResult<()>;
+
+    /// This system call indicates the cycle cost of signing with ecdsa,
+    /// i.e., the management canister's `sign_with_ecdsa`, for the key
+    /// with name given by `src` + `size` and the provided curve.
+    ///
+    /// Traps if `src`/`size` cannot be decoded to a valid key name.
+    ///
+    /// The amount of cycles is represented by a 128-bit value and is copied
+    /// to the canister memory starting at the location `dst`.
+    fn ic0_cost_sign_with_ecdsa(
+        &self,
+        src: usize,
+        size: usize,
+        curve: EcdsaCurve,
+        dst: usize,
+        heap: &mut [u8],
+    ) -> HypervisorResult<()>;
+
+    /// This system call indicates the cycle cost of signing with schnorr,
+    /// i.e., the management canister's `sign_with_schnorr` for the key
+    /// with name given by `src` + `size` and the provided algorithm.
+    ///
+    /// Traps if `src`/`size` cannot be decoded to a valid key name.
+    ///
+    /// The amount of cycles is represented by a 128-bit value and is copied
+    /// to the canister memory starting at the location `dst`.
+    fn ic0_cost_sign_with_schnorr(
+        &self,
+        src: usize,
+        size: usize,
+        algorithm: SchnorrAlgorithm,
+        dst: usize,
+        heap: &mut [u8],
+    ) -> HypervisorResult<()>;
+
+    /// This system call indicates the cycle cost of threshold key derivation,
+    /// i.e., the management canister's `vetkd_derive_encrypted_key` for the key
+    /// with name given by `src` + `size` and the provided curve.
+    ///
+    /// Traps if `src`/`size` cannot be decoded to a valid key name.
+    ///
+    /// The amount of cycles is represented by a 128-bit value and is copied
+    /// to the canister memory starting at the location `dst`.
+    fn ic0_cost_vetkd_derive_encrypted_key(
+        &self,
+        src: usize,
+        size: usize,
+        curve: VetKdCurve,
+        dst: usize,
+        heap: &mut [u8],
+    ) -> HypervisorResult<()>;
+
     /// Used to look up the size of the subnet Id of the calling canister.
     fn ic0_subnet_self_size(&self) -> HypervisorResult<usize>;
 

diff --git a/rs/interfaces/src/execution_environment/errors.rs b/rs/interfaces/src/execution_environment/errors.rs
@@ -186,6 +186,8 @@ pub enum HypervisorError {
         bytes: NumBytes,
         limit: NumBytes,
     },
+    /// A user-specified Principal was not a valid subnet.
+    SubnetNotFound,
 }
 
 impl From<WasmInstrumentationError> for HypervisorError {
@@ -209,6 +211,9 @@ impl From<WasmEngineError> for HypervisorError {
 impl std::fmt::Display for HypervisorError {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         match self {
+            Self::SubnetNotFound => {
+                write!(f, "User-specified Principal was not a valid subnet.")
+            }
             Self::FunctionNotFound(table_idx, func_idx) => write!(
                 f,
                 "Canister requested to invoke a non-existent Wasm function {} from table {}",
@@ -401,6 +406,10 @@ impl AsErrorHelp for HypervisorError {
             Self::FunctionNotFound(_, _)
             | Self::ToolchainContractViolation { .. }
             | Self::InvalidPrincipalId(_) => ErrorHelp::ToolchainError,
+            Self::SubnetNotFound => ErrorHelp::UserError {
+                suggestion: "Check the provided principal (not a subnet).".to_string(),
+                doc_link: doc_ref(""),
+            },
             Self::MethodNotFound(_) => ErrorHelp::UserError {
                 suggestion: "Check that the method being called is exported by \
                 the target canister."
@@ -516,6 +525,7 @@ impl HypervisorError {
         };
 
         let code = match self {
+            Self::SubnetNotFound => E::SubnetNotFound,
             Self::FunctionNotFound(_, _) => E::CanisterFunctionNotFound,
             Self::MethodNotFound(_) => E::CanisterMethodNotFound,
             Self::ToolchainContractViolation { .. } => E::CanisterContractViolation,
@@ -557,6 +567,7 @@ impl HypervisorError {
     /// e.g. as a metric label.
     pub fn as_str(&self) -> &'static str {
         match self {
+            HypervisorError::SubnetNotFound => "SubnetNotFound",
             HypervisorError::FunctionNotFound(..) => "FunctionNotFound",
             HypervisorError::MethodNotFound(_) => "MethodNotFound",
             HypervisorError::ToolchainContractViolation { .. } => "ToolchainContractViolation",

@@ -11,10 +11,14 @@ use ic_interfaces::execution_environment::{
     TrapCode::{self, CyclesAmountTooBigFor64Bit},
 };
 use ic_logger::{error, ReplicaLogger};
+use ic_management_canister_types::{
+    EcdsaCurve, EcdsaKeyId, MasterPublicKeyId, SchnorrAlgorithm, SchnorrKeyId, VetKdCurve,
+    VetKdKeyId,
+};
 use ic_registry_subnet_type::SubnetType;
 use ic_replicated_state::{
-    canister_state::WASM_PAGE_SIZE_IN_BYTES, memory_required_to_push_request, Memory, NumWasmPages,
-    PageIndex,
+    canister_state::WASM_PAGE_SIZE_IN_BYTES, memory_required_to_push_request, Memory,
+    NetworkTopology, NumWasmPages, PageIndex,
 };
 use ic_sys::PageBytes;
 use ic_types::{
@@ -36,6 +40,7 @@ use std::{
     collections::BTreeMap,
     convert::{From, TryFrom},
     rc::Rc,
+    str,
 };
 
 pub mod cycles_balance_change;
@@ -3512,6 +3517,165 @@ impl SystemApi for SystemApiImpl {
         result
     }
 
+    fn ic0_replication_factor(
+        &self,
+        src: usize,
+        size: usize,
+        heap: &[u8],
+    ) -> HypervisorResult<u32> {
+        let msg_bytes = valid_subslice("ic0_replication_factor", src, size, heap)?;
+        let subnet_id = PrincipalId::try_from(msg_bytes)
+            .map_err(|e| HypervisorError::InvalidPrincipalId(PrincipalIdBlobParseError(e.0)))?;
+        let result = self
+            .sandbox_safe_system_state
+            .network_topology
+            .get_subnet_size(&subnet_id.into())
+            .map(|x| x as u32)
+            .ok_or(HypervisorError::SubnetNotFound);
+        trace_syscall!(self, ReplicationFactor, result);
+        result
+    }
+
+    fn ic0_cost_call(
+        &self,
+        method_name_size: u64,
+        payload_size: u64,
+        dst: usize,
+        heap: &mut [u8],
+    ) -> HypervisorResult<()> {
+        let subnet_size = self.sandbox_safe_system_state.subnet_size;
+        let cost = self
+            .sandbox_safe_system_state
+            .cycles_account_manager
+            .xnet_call_performed_fee(subnet_size)
+            + self
+                .sandbox_safe_system_state
+                .cycles_account_manager
+                .xnet_call_bytes_transmitted_fee(
+                    (method_name_size + payload_size).into(),
+                    subnet_size,
+                );
+        copy_cycles_to_heap(cost, dst, heap, "ic0_cost_call")?;
+        trace_syscall!(self, CostCall, cost);
+        Ok(())
+    }
+
+    fn ic0_cost_create_canister(&self, dst: usize, heap: &mut [u8]) -> HypervisorResult<()> {
+        let subnet_size = self.sandbox_safe_system_state.subnet_size;
+        let cost = self
+            .sandbox_safe_system_state
+            .cycles_account_manager
+            .canister_creation_fee(subnet_size);
+        copy_cycles_to_heap(cost, dst, heap, "ic0_cost_create_canister")?;
+        trace_syscall!(self, CostCreateCanister, cost);
+        Ok(())
+    }
+
+    fn ic0_cost_http_request(
+        &self,
+        request_size: u64,
+        max_res_bytes: u64,
+        dst: usize,
+        heap: &mut [u8],
+    ) -> HypervisorResult<()> {
+        let subnet_size = self.sandbox_safe_system_state.subnet_size;
+        let cost = self
+            .sandbox_safe_system_state
+            .cycles_account_manager
+            .http_request_fee(request_size.into(), Some(max_res_bytes.into()), subnet_size);
+        copy_cycles_to_heap(cost, dst, heap, "ic0_cost_http_request")?;
+        trace_syscall!(self, CostHttpRequest, cost);
+        Ok(())
+    }
+
+    fn ic0_cost_sign_with_ecdsa(
+        &self,
+        src: usize,
+        size: usize,
+        curve: EcdsaCurve,
+        dst: usize,
+        heap: &mut [u8],
+    ) -> HypervisorResult<()> {
+        let key_bytes = valid_subslice("ic0.cost_sign_with_ecdsa heap", src, size, heap)?;
+        let name = str::from_utf8(key_bytes)
+            .map_err(|_| HypervisorError::ToolchainContractViolation {
+                error: format!(
+                    "Failed to decode key name {}",
+                    String::from_utf8_lossy(key_bytes)
+                ),
+            })?
+            .to_string();
+        let key = MasterPublicKeyId::Ecdsa(EcdsaKeyId { curve, name });
+        let topology = &self.sandbox_safe_system_state.network_topology;
+        let subnet_size = get_key_replication_factor(topology, key)?;
+        let cost = self
+            .sandbox_safe_system_state
+            .cycles_account_manager
+            .ecdsa_signature_fee(subnet_size);
+        copy_cycles_to_heap(cost, dst, heap, "ic0_cost_sign_with_ecdsa")?;
+        trace_syscall!(self, CostSignWithEcdsa, cost);
+        Ok(())
+    }
+
+    fn ic0_cost_sign_with_schnorr(
+        &self,
+        src: usize,
+        size: usize,
+        algorithm: SchnorrAlgorithm,
+        dst: usize,
+        heap: &mut [u8],
+    ) -> HypervisorResult<()> {
+        let key_bytes = valid_subslice("ic0.cost_sign_with_schnorr heap", src, size, heap)?;
+        let name = str::from_utf8(key_bytes)
+            .map_err(|_| HypervisorError::ToolchainContractViolation {
+                error: format!(
+                    "Failed to decode key name {}",
+                    String::from_utf8_lossy(key_bytes)
+                ),
+            })?
+            .to_string();
+        let key = MasterPublicKeyId::Schnorr(SchnorrKeyId { algorithm, name });
+        let topology = &self.sandbox_safe_system_state.network_topology;
+        let subnet_size = get_key_replication_factor(topology, key)?;
+        let cost = self
+            .sandbox_safe_system_state
+            .cycles_account_manager
+            .schnorr_signature_fee(subnet_size);
+        copy_cycles_to_heap(cost, dst, heap, "ic0_cost_sign_with_schnorr")?;
+        trace_syscall!(self, CostSignWithSchnorr, cost);
+        Ok(())
+    }
+
+    fn ic0_cost_vetkd_derive_encrypted_key(
+        &self,
+        src: usize,
+        size: usize,
+        curve: VetKdCurve,
+        dst: usize,
+        heap: &mut [u8],
+    ) -> HypervisorResult<()> {
+        let key_bytes =
+            valid_subslice("ic0.cost_vetkd_derive_encrypted_key heap", src, size, heap)?;
+        let name = str::from_utf8(key_bytes)
+            .map_err(|_| HypervisorError::ToolchainContractViolation {
+                error: format!(
+                    "Failed to decode key name {}",
+                    String::from_utf8_lossy(key_bytes)
+                ),
+            })?
+            .to_string();
+        let key = MasterPublicKeyId::VetKd(VetKdKeyId { curve, name });
+        let topology = &self.sandbox_safe_system_state.network_topology;
+        let subnet_size = get_key_replication_factor(topology, key)?;
+        let cost = self
+            .sandbox_safe_system_state
+            .cycles_account_manager
+            .vetkd_fee(subnet_size);
+        copy_cycles_to_heap(cost, dst, heap, "ic0_cost_vetkd_derive_encrypted_key")?;
+        trace_syscall!(self, CostVetkdDeriveEncryptedKey, cost);
+        Ok(())
+    }
+
     fn ic0_subnet_self_size(&self) -> HypervisorResult<usize> {
         let result = match &self.api_type {
             ApiType::Start { .. } => Err(self.error_for("ic0_subnet_self_size")),
@@ -3575,6 +3739,24 @@ impl SystemApi for SystemApiImpl {
     }
 }
 
+/// Look up key in `chain_key_enabled_subnets`, then extract all subnets
+/// for that key and return the replication factor of the biggest one.
+fn get_key_replication_factor(
+    topology: &NetworkTopology,
+    key: MasterPublicKeyId,
+) -> HypervisorResult<usize> {
+    let subnets_with_key = topology.chain_key_enabled_subnets(&key);
+    subnets_with_key
+        .iter()
+        .map(|subnet_id| {
+            topology.get_subnet_size(subnet_id).unwrap() // we got the subnet_id from the same collection
+        })
+        .max()
+        .ok_or(HypervisorError::ToolchainContractViolation {
+            error: format!("Public key {:?} not known.", key),
+        })
+}
+
 /// The default implementation of the `OutOfInstructionHandler` trait.
 /// It simply returns an out-of-instructions error.
 #[derive(Default)]