From 8b8bfcfc776391358e3e498b7206761262b345b3 Mon Sep 17 00:00:00 2001 From: Kevaundray Wedderburn Date: Sat, 19 Jul 2025 20:29:50 +0100 Subject: [PATCH 1/3] use encoded_point --- crates/precompile/src/secp256r1.rs | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/crates/precompile/src/secp256r1.rs b/crates/precompile/src/secp256r1.rs index 6df5690fda..f9fb498726 100644 --- a/crates/precompile/src/secp256r1.rs +++ b/crates/precompile/src/secp256r1.rs @@ -9,7 +9,10 @@ use crate::{ u64_to_address, PrecompileError, PrecompileOutput, PrecompileResult, PrecompileWithAddress, }; -use p256::ecdsa::{signature::hazmat::PrehashVerifier, Signature, VerifyingKey}; +use p256::{ + ecdsa::{signature::hazmat::PrehashVerifier, Signature, VerifyingKey}, + EncodedPoint, +}; use primitives::{Bytes, B256}; /// Address of secp256r1 precompile. @@ -69,8 +72,10 @@ pub fn verify_impl(input: &[u8]) -> Option<()> { // Can fail only if the input is not exact length. let signature = Signature::from_slice(sig).ok()?; - // Can fail if the input is not valid, so we have to propagate the error. - let public_key = VerifyingKey::from_sec1_bytes(&uncompressed_pk).ok()?; + // Decode the uncompressed public key using EncodedPoint + let encoded_point = EncodedPoint::from_bytes(&uncompressed_pk).ok()?; + // Create VerifyingKey from the encoded point + let public_key = VerifyingKey::from_encoded_point(&encoded_point).ok()?; public_key.verify_prehash(msg, &signature).ok() } From bacdd5367b53b5e8fd482632f6abccda8fcd7097 Mon Sep 17 00:00:00 2001 From: Kevaundray Wedderburn Date: Sat, 19 Jul 2025 20:34:52 +0100 Subject: [PATCH 2/3] clippy --- crates/precompile/src/secp256r1.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/precompile/src/secp256r1.rs b/crates/precompile/src/secp256r1.rs index f9fb498726..a607cd6526 100644 --- a/crates/precompile/src/secp256r1.rs +++ b/crates/precompile/src/secp256r1.rs @@ -73,7 +73,7 @@ pub fn verify_impl(input: &[u8]) -> Option<()> { // Can fail only if the input is not exact length. let signature = Signature::from_slice(sig).ok()?; // Decode the uncompressed public key using EncodedPoint - let encoded_point = EncodedPoint::from_bytes(&uncompressed_pk).ok()?; + let encoded_point = EncodedPoint::from_bytes(uncompressed_pk).ok()?; // Create VerifyingKey from the encoded point let public_key = VerifyingKey::from_encoded_point(&encoded_point).ok()?; From a849d689385d2071bd42464e22501aae23c0fd17 Mon Sep 17 00:00:00 2001 From: Kevaundray Wedderburn Date: Sat, 19 Jul 2025 20:45:22 +0100 Subject: [PATCH 3/3] decode using untagged bytes --- crates/precompile/src/secp256r1.rs | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/crates/precompile/src/secp256r1.rs b/crates/precompile/src/secp256r1.rs index a607cd6526..d20cf89780 100644 --- a/crates/precompile/src/secp256r1.rs +++ b/crates/precompile/src/secp256r1.rs @@ -65,15 +65,10 @@ pub fn verify_impl(input: &[u8]) -> Option<()> { // x, y: public key let pk = &input[96..160]; - // Prepend 0x04 to the public key: uncompressed form - let mut uncompressed_pk = [0u8; 65]; - uncompressed_pk[0] = 0x04; - uncompressed_pk[1..].copy_from_slice(pk); - // Can fail only if the input is not exact length. let signature = Signature::from_slice(sig).ok()?; - // Decode the uncompressed public key using EncodedPoint - let encoded_point = EncodedPoint::from_bytes(uncompressed_pk).ok()?; + // Decode the public key bytes (x,y coordinates) using EncodedPoint + let encoded_point = EncodedPoint::from_untagged_bytes(pk.into()); // Create VerifyingKey from the encoded point let public_key = VerifyingKey::from_encoded_point(&encoded_point).ok()?;