EIP-7951 (RIP-7212-compatible): secp256r1 P256VERIFY precompile#1708
EIP-7951 (RIP-7212-compatible): secp256r1 P256VERIFY precompile#1708snissn wants to merge 17 commits intofilecoin-project:masterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR implements the RIP-7212 secp256r1 (P-256) signature verification precompile at address 0x0100. Note: The PR title mentions "EIP-7951" but the implementation references "RIP-7212" throughout.
Key Changes:
- Adds secp256r1 ECDSA signature verification precompile using the p256 crate
- Implements special-case handling for address 0x0100 in precompile lookup logic
- Includes comprehensive test coverage with test vectors from daimo-eth/p256-verifier
Reviewed changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| actors/evm/src/interpreter/precompiles/secp256r1.rs | Core implementation of RIP-7212 precompile with signature verification logic and extensive unit tests |
| actors/evm/src/interpreter/precompiles/mod.rs | Registers the secp256r1 precompile at address 0x0100 with special-case lookup handling |
| actors/evm/tests/rip7212_precompile.rs | Integration tests for precompile functionality including value transfer scenarios |
| actors/evm/tests/contracts/Secp256r1Precompile.sol | Solidity test contract with test cases for valid/invalid signatures and edge cases |
| actors/evm/tests/contracts/Secp256r1Precompile.hex | Compiled bytecode for the Solidity test contract |
| actors/evm/tests/basic.rs | Integration test that invokes all Solidity test functions |
| actors/evm/Cargo.toml | Adds p256 crate dependency for secp256r1 support and rstest for parameterized testing |
| Cargo.lock | Lock file updates for new dependencies (p256, rstest, and transitive dependencies) |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #1708 +/- ##
==========================================
+ Coverage 91.23% 91.24% +0.01%
==========================================
Files 151 152 +1
Lines 32006 32060 +54
==========================================
+ Hits 29200 29254 +54
Misses 2806 2806
🚀 New features to boost your workflow:
|
snissn
changed the title
snissn
changed the title
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 8 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@LesnyRumcajs : could someone from Forest take a first pass? |
LesnyRumcajs
requested review from
hanabi1224
and removed request for
LesnyRumcajs
redpanda-f
left a comment
redpanda-f
left a comment
There was a problem hiding this comment.
Thank you!
I would like to understand this better: Why are we introducing tests/contracts/*.sol and *.hex at all? I feel secp256r1.rs should be enough? Am i missing something critical?
github-project-automation
bot
moved this from 🔎 Awaiting Review
to ⌨️ In Progress
in FilOz
They're first-line integration tests. Can the evm actor even decode standard solidity that includes this new opcode and run it as expected. Being able to run it in Rust is one thing, being able to hit it from the Solidity path is another. See https://github.com/filecoin-project/builtin-actors/tree/master/actors/evm/tests/contracts for a bunch of others, and also #1720 that @ZenGround0 added today for the SectorStatus FIP as an integration test to exercise a feature that's supposed to be exposed to smart contracts. The feature might work, but does it work when you call it from a smart contract. For many of these we'll also do the same in Lotus to integration test at even higher level - it runs here in Rust, but does it run when compiled to WASM, executed in FVM and called from a message in Lotus. See here for recent EVM features that @snissn added (TSTORE and BLS precompiles): https://github.com/filecoin-project/lotus/blob/7741226198083e943a64d917e88a0a77d17aa30e/itests/fevm_test.go#L1831-L1908 -- @wjmelements this might also be interesting on your question of activation, our integration tests can be configured to tick over from one network version to another (see the top of the TSTORE test for example), so for EVM features like this we can say "feature doesn't exist and therefore reverts", then "now it works" within the space of an epoch. |
|
This has pretty good test coverage. I'd like additional testing for when there is excess or truncated calldata. |
test(evm): vendor EIP-7951 vectors for P256VERIFY
|
Addressed the remaining code changes in:
@redpanda-f on the @wjmelements I also added explicit FEVM-level truncated/excess calldata coverage in |
Summary
0x0000000000000000000000000000000000000100(0x0100), implementing EIP-7951 semantics (interface-compatible with RIP-7212).0x0100in the precompile address space and wire it into precompile dispatch.ruintto addressRUSTSEC-2025-0137.Implementation
actors/evm/src/interpreter/precompiles/mod.rsP256VERIFYimplementation:actors/evm/src/interpreter/precompiles/secp256r1.rsmsg_hash(32) || r(32) || s(32) || pubkey_x(32) || pubkey_y(32)0x01; failure => empty bytesEIP-7951 security fixes
EIP-7951 fixes two edge cases present in RIP-7212 verification specs:
R'.r' ≡ r (mod n)) to handle cases where the x-coordinate ofR'exceeds the curve ordern.This implementation relies on the
p256/ecdsaverifier for correctness, and therefore follows the ECDSA verification procedure with these fixes.Tests
cargo test -p fil_actor_evmNotes / Risk
0x...0100is now a reserved precompile address; any code that previously treated it as a “normal” EVM address will now execute the precompile instead.