Skip to content

Add explict check for points-on-curve in p256_verify bouncycastle implementation#9146

Merged
garyschulte merged 3 commits intobesu-eth:mainfrom
garyschulte:feature/clarify-p256verify-on-curve-checks
Sep 10, 2025
Merged

Add explict check for points-on-curve in p256_verify bouncycastle implementation#9146
garyschulte merged 3 commits intobesu-eth:mainfrom
garyschulte:feature/clarify-p256verify-on-curve-checks

Conversation

@garyschulte
Copy link
Copy Markdown
Contributor

@garyschulte garyschulte commented Sep 3, 2025
edited
Loading

PR description

Address case where the pure java p256Verify implementation was not explicitly checking the public-key input is on-curve prior to verifying the signature. This code path is not part of mainnet ethereum, but some specific configurations of besu on a dev net could have triggered this exception:

Invalid point coordinates
java.lang.IllegalArgumentException: Invalid point coordinates
	at org.bouncycastle.math.ec.ECCurve.validatePoint(Unknown Source)
	at org.bouncycastle.math.ec.ECCurve.decodePoint(Unknown Source)
	at org.hyperledger.besu.crypto.AbstractSECP256.verify(AbstractSECP256.java:373)
	at org.hyperledger.besu.crypto.SECP256R1.verifyMalleable(SECP256R1.java:132)
	at org.hyperledger.besu.evm.precompile.P256VerifyPrecompiledContract.computeDefault(P256VerifyPrecompiledContract.java:237)
	at org.hyperledger.besu.evm.precompile.P256VerifyPrecompiledContractTest.testInvalidCurvePointReturnsInvalid(P256VerifyPrecompiledContractTest.java:123)
	at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
	at java.base/java.lang.reflect.Method.invoke(Method.java:580)

Which would have caused these specifically configured instances of besu to refuse to import or create a block with such an invalid public key rely on exceptional logic to attribute the precompile result as invalid, rather than proactively checking the public key is valid.

Thx @0xMushow for probing about point-validity in the besu implementation of eip-7951.

Fixed Issue(s)

adds point-on-curve check in the pure java bouncy castle implementation, and adds unit tests to assert the behavior across pure java and native implementation.

Thanks for sending a pull request! Have you done the following?

  • Checked out our contribution guidelines?
  • Considered documentation and added the doc-change-required label to this PR if updates are required.
  • Considered the changelog and included an update if required.
  • For database changes (e.g. KeyValueSegmentIdentifier) considered compatibility and performed forwards and backwards compatibility tests

Locally, you can run these tests to catch failures early:

  • spotless: ./gradlew spotlessApply
  • unit tests: ./gradlew build
  • acceptance tests: ./gradlew acceptanceTest
  • integration tests: ./gradlew integrationTest
  • reference tests: ./gradlew ethereum:referenceTests:referenceTests
  • hive tests: Engine or other RPCs modified?

bshastry
bshastry reviewed Sep 3, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@bshastry bshastry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor comments

@garyschulte garyschulte force-pushed the feature/clarify-p256verify-on-curve-checks branch 2 times, most recently from 7650604 to 0062cec Compare September 5, 2025 19:02
@jflo jflo requested a review from daniellehrner September 9, 2025 20:42
@garyschulte garyschulte force-pushed the feature/clarify-p256verify-on-curve-checks branch from 8338d90 to 6d606c7 Compare September 9, 2025 23:48
daniellehrner
daniellehrner approved these changes Sep 10, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@daniellehrner daniellehrner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@garyschulte
add explict check and test coverage for points-on-curve in the bouncy…
bf1d73b 
…-castle implementation of p256Verify

Signed-off-by: garyschulte <garyschulte@gmail.com>
@garyschulte
update tests for r' exceeding N and exercising native SignatureAlgori…
d185be6 
…thm cases for public key not on curve.

Signed-off-by: garyschulte <garyschulte@gmail.com>
@garyschulte
review feedback from macfarla
c0786bf 
Signed-off-by: garyschulte <garyschulte@gmail.com>
@garyschulte garyschulte force-pushed the feature/clarify-p256verify-on-curve-checks branch from 6d606c7 to c0786bf Compare September 10, 2025 17:02
@garyschulte garyschulte enabled auto-merge (squash) September 10, 2025 17:02
@garyschulte garyschulte merged commit 38e8725 into besu-eth:main Sep 10, 2025
46 checks passed
@garyschulte garyschulte deleted the feature/clarify-p256verify-on-curve-checks branch September 10, 2025 17:24
georgereuben pushed a commit to georgereuben/besu that referenced this pull request Sep 16, 2025
@garyschulte @georgereuben
Add explict check for points-on-curve in p256_verify bouncycastle imp…
d6adab9 
…lementation (besu-eth#9146)

* add explict check and test coverage for points-on-curve in the bouncy-castle implementation of p256Verify
* update tests for r' exceeding N and exercising native SignatureAlgorithm cases for public key not on curve.

Signed-off-by: garyschulte <garyschulte@gmail.com>
Signed-off-by: georgereuben <reubengeorge101@gmail.com>
@fredrik0x fredrik0x mentioned this pull request Sep 22, 2025
Merged
jflo pushed a commit to jflo/besu that referenced this pull request Oct 13, 2025
@garyschulte @jflo
Add explict check for points-on-curve in p256_verify bouncycastle imp…
41df627 
…lementation (besu-eth#9146)

* add explict check and test coverage for points-on-curve in the bouncy-castle implementation of p256Verify
* update tests for r' exceeding N and exercising native SignatureAlgorithm cases for public key not on curve.

Signed-off-by: garyschulte <garyschulte@gmail.com>
Signed-off-by: jflo <justin+github@florentine.us>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@macfarla macfarla macfarla left review comments

@daniellehrner daniellehrner daniellehrner approved these changes

+1 more reviewer

@bshastry bshastry bshastry left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@garyschulte @bshastry @macfarla @daniellehrner