SIMD-0075: Precompile for Secp256r1

.github/workflows/client-targets.yml

@@ -34,6 +34,11 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
+      # This can be removed once cargo-ndk >= 3.5.4 is used.
+      - name: Setup environment for Android NDK
+        run: |
+          echo "RANLIB=$ANDROID_NDK_ROOT/toolchains/llvm/prebuilt/linux-x86_64/bin/llvm-ranlib" >> $GITHUB_ENV
+
       - run: cargo install [email protected]
 
       - name: Setup Rust

Cargo.toml

@@ -147,6 +147,7 @@ members = [
     "sdk/reserved-account-keys",
     "sdk/sanitize",
     "sdk/sdk-ids",
+    "sdk/secp256r1-program",
     "sdk/seed-derivable",
     "sdk/seed-phrase",
     "sdk/serde",
@@ -504,6 +505,7 @@ solana-remote-wallet = { path = "remote-wallet", version = "=2.2.0", default-fea
 solana-rent = { path = "sdk/rent", version = "=2.2.0", default-features = false }
 solana-reserved-account-keys = { path = "sdk/reserved-account-keys", version = "=2.2.0", default-features = false }
 solana-reward-info = { path = "sdk/reward-info", version = "=2.2.0" }
+solana-secp256r1-program = { path = "sdk/secp256r1-program", version = "=2.2.0", default-features = false }
 solana-sanitize = { path = "sdk/sanitize", version = "=2.2.0" }
 solana-seed-derivable = { path = "sdk/seed-derivable", version = "=2.2.0" }
 solana-seed-phrase = { path = "sdk/seed-phrase", version = "=2.2.0" }

client/Cargo.toml

@@ -27,7 +27,7 @@ solana-quic-client = { workspace = true }
 solana-rpc-client = { workspace = true, features = ["default"] }
 solana-rpc-client-api = { workspace = true }
 solana-rpc-client-nonce-utils = { workspace = true }
-solana-sdk = { workspace = true }
+solana-sdk = { workspace = true, features = ["openssl-vendored"] }
 solana-streamer = { workspace = true }
 solana-thin-client = { workspace = true }
 solana-tpu-client = { workspace = true, features = ["default"] }

docs/src/runtime/programs.md

@@ -168,6 +168,71 @@ also receive data from the transaction itself.
 Cost of the transaction will count the number of signatures to verify multiplied
 by the signature cost verify multiplier.
 
+## Secp256r1 Program
+
+The program for verifying secp256r1 signatures. It takes a secp256r1 signature,
+a public key, and a message. Up to 8 signatures can be verified. If any of the
+signatures fail to verify, an error is returned.
+
+- Program id: `Secp256r1SigVerify1111111111111111111111111`
+- Instructions: [secp256r1_instruction](https://docs.rs/solana-secp256r1)
+
+The secp256r1 program processes an instruction. The first `u8` is a count of the number of signatures to check, followed by a single byte padding. After that, the following struct is serialized, one for each signature to check:
+
+```rust
+struct Secp256r1SignatureOffsets {
+    signature_offset: u16,             // offset to compact secp256r1 signature of 64 bytes
+    signature_instruction_index: u16,  // instruction index to find signature
+    public_key_offset: u16,            // offset to compressed public key of 33 bytes
+    public_key_instruction_index: u16, // instruction index to find public key
+    message_data_offset: u16,          // offset to start of message data
+    message_data_size: u16,            // size of message data
+    message_instruction_index: u16,    // index of instruction data to get message data
+}
+
+```
+
+The pseudo code of the signature verification:
+```
+process_instruction() {
+    if data.len() < SIGNATURE_OFFSETS_START {
+        return Error
+    }
+
+    num_signatures = data[0] as usize
+    if num_signatures == 0 || num_signatures > 8 {
+        return Error
+    }
+
+    expected_data_size = num_signatures * SIGNATURE_OFFSETS_SERIALIZED_SIZE + SIGNATURE_OFFSETS_START
+    if data.len() < expected_data_size {
+        return Error
+    }
+
+    for i in 0..num_signatures {
+        offsets = parse_signature_offsets(data, i)
+
+        signature = get_data_slice(data, instruction_datas, offsets.signature_instruction_index, offsets.signature_offset, SIGNATURE_SERIALIZED_SIZE)
+
+        if s > half_curve_order {
+            return Error
+        }
+
+        pubkey = get_data_slice(data, instruction_datas, offsets.public_key_instruction_index, offsets.public_key_offset, COMPRESSED_PUBKEY_SERIALIZED_SIZE)
+
+        message = get_data_slice(data, instruction_datas, offsets.message_instruction_index, offsets.message_data_offset, offsets.message_data_size)
+
+        if !verify_signature(signature, pubkey, message) {
+            return Error
+        }
+    }
+
+    return Success
+}
+```
+Note: Low S values are enforced for all signatures to avoid accidental signature
+malleability.
+
 ### Optimization notes
 
 The operation will have to take place after (at least partial) deserialization,

ledger-tool/Cargo.toml

@@ -46,7 +46,7 @@ solana-program-runtime = { workspace = true }
 solana-rpc = { workspace = true }
 solana-runtime = { workspace = true, features = ["dev-context-only-utils"] }
 solana-runtime-transaction = { workspace = true }
-solana-sdk = { workspace = true }
+solana-sdk = { workspace = true, features = ["openssl-vendored"] }
 solana-stake-program = { workspace = true }
 solana-storage-bigtable = { workspace = true }
 solana-streamer = { workspace = true }

sdk/Cargo.toml

@@ -61,6 +61,8 @@ frozen-abi = [
     "solana-signature/frozen-abi",
     "solana-transaction-error/frozen-abi"
 ]
+# Enables the "vendored" feature of openssl inside of secp256r1-program
+openssl-vendored = ["solana-secp256r1-program/openssl-vendored"]
 
 [dependencies]
 bincode = { workspace = true }
@@ -131,6 +133,7 @@ solana-sanitize = { workspace = true }
 solana-sdk-ids = { workspace = true }
 solana-sdk-macro = { workspace = true }
 solana-secp256k1-recover = { workspace = true }
+solana-secp256r1-program = { workspace = true, default-features = false }
 solana-seed-derivable = { workspace = true, optional = true }
 solana-seed-phrase = { workspace = true, optional = true }
 solana-serde = { workspace = true }

sdk/feature-set/src/lib.rs

@@ -880,6 +880,9 @@ pub mod disable_account_loader_special_case {
     solana_pubkey::declare_id!("EQUMpNFr7Nacb1sva56xn1aLfBxppEoSBH8RRVdkcD1x");
 }
 
+pub mod enable_secp256r1_precompile {
+    solana_pubkey::declare_id!("sr11RdZWgbHTHxSroPALe6zgaT5A1K9LcE4nfsZS4gi");
+}
 pub mod accounts_lt_hash {
     solana_pubkey::declare_id!("LtHaSHHsUge7EWTPVrmpuexKz6uVHZXZL6cgJa7W7Zn");
 }
@@ -1100,6 +1103,7 @@ lazy_static! {
         (lift_cpi_caller_restriction::id(), "Lift the restriction in CPI that the caller must have the callee as an instruction account #2202"),
         (disable_account_loader_special_case::id(), "Disable account loader special case #3513"),
         (accounts_lt_hash::id(), "enables lattice-based accounts hash #3333"),
+        (enable_secp256r1_precompile::id(), "Enable secp256r1 precompile SIMD-0075"),
         /*************** ADD NEW FEATURES HERE ***************/
     ]
     .iter()

sdk/reserved-account-keys/Cargo.toml

@@ -20,6 +20,7 @@ solana-frozen-abi-macro = { workspace = true, optional = true, features = [
 ] }
 solana-pubkey = { workspace = true, default-features = false }
 solana-sdk-ids = { workspace = true }
+solana-secp256r1-program = { workspace = true }
 
 [dev-dependencies]
 solana-program = { path = "../program" }

sdk/reserved-account-keys/src/lib.rs

@@ -13,6 +13,7 @@ use {
         secp256k1_program, stake, system_program, sysvar, vote, zk_elgamal_proof_program,
         zk_token_proof_program,
     },
+    solana_secp256r1_program as secp256r1_program,
     std::collections::{HashMap, HashSet},
 };
 
@@ -151,6 +152,7 @@ lazy_static! {
         ReservedAccount::new_active(feature::id()),
         ReservedAccount::new_pending(loader_v4::id(), feature_set::add_new_reserved_account_keys::id()),
         ReservedAccount::new_pending(secp256k1_program::id(), feature_set::add_new_reserved_account_keys::id()),
+        ReservedAccount::new_pending(secp256r1_program::id(), feature_set::enable_secp256r1_precompile::id()),
         #[allow(deprecated)]
         ReservedAccount::new_active(stake::config::id()),
         ReservedAccount::new_active(stake::id()),

sdk/secp256r1-program/Cargo.toml

@@ -0,0 +1,36 @@
+[package]
+name = "solana-secp256r1-program"
+description = "Precompile implementation for the secp256r1 elliptic curve."
+documentation = "https://docs.rs/solana-secp256r1"
+version = { workspace = true }
+authors = { workspace = true }
+repository = { workspace = true }
+homepage = { workspace = true }
+license = { workspace = true }
+edition = { workspace = true }
+
+[dependencies]
+bytemuck = { workspace = true, features = ["derive"] }
+solana-feature-set = { workspace = true }
+solana-precompile-error = { workspace = true }
+solana-pubkey = { workspace = true }
+
+[target.'cfg(all(not(target_arch = "wasm32"), not(target_os = "solana")))'.dependencies]
+solana-instruction = { workspace = true, features = ["std"] }
+openssl = { workspace = true }
+
+[dev-dependencies]
+solana-logger = { workspace = true }
+solana-sdk = { path = "../" }
+
+[features]
+default = []
+openssl-vendored = ["openssl/vendored"]
+
+[package.metadata.docs.rs]
+targets = ["x86_64-unknown-linux-gnu"]
+all-features = true
+rustdoc-args = ["--cfg=docsrs"]
+
+[lints]
+workspace = true