From 5ee850e44f875eb13f22c94a4b66b09bef1ca141 Mon Sep 17 00:00:00 2001 From: qd-qd Date: Tue, 7 Nov 2023 11:44:56 +0100 Subject: [PATCH 1/2] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20upgrade=20secp256r1-ve?= =?UTF-8?q?rify=20to=20v0.5.1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/secp256r1-verify | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/secp256r1-verify b/lib/secp256r1-verify index 06d037c..6736fff 160000 --- a/lib/secp256r1-verify +++ b/lib/secp256r1-verify @@ -1 +1 @@ -Subproject commit 06d037ccbde1588f7b9a230738f209f6812fa77f +Subproject commit 6736fff592523bcd172bfeb94d938cd56fca96b4 From 2dd985bd002f3d73ab7a0e380a187eec7393bbdd Mon Sep 17 00:00:00 2001 From: qd-qd Date: Tue, 7 Nov 2023 11:49:18 +0100 Subject: [PATCH 2/2] =?UTF-8?q?=E2=9A=B0=EF=B8=8F=20remove=20code=20relate?= =?UTF-8?q?d=20to=20precomputed=20variants?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As the precompute variant is discontinued by the secp256r1-verify library, we can remove the code related to it. --- src/WebAuthn256r1.sol | 24 ------------- test/WebAuthn256r1.t.sol | 75 ---------------------------------------- 2 files changed, 99 deletions(-) diff --git a/src/WebAuthn256r1.sol b/src/WebAuthn256r1.sol index db29c94..d0f7222 100644 --- a/src/WebAuthn256r1.sol +++ b/src/WebAuthn256r1.sol @@ -2,7 +2,6 @@ pragma solidity >=0.8.19 <0.9.0; import { ECDSA256r1 } from "../lib/secp256r1-verify/src/ECDSA256r1.sol"; -import { ECDSA256r1Precompute } from "../lib/secp256r1-verify/src/ECDSA256r1Precompute.sol"; import { WebAuthnBase } from "./WebAuthnBase.sol"; /// @title WebAuthn256r1 @@ -32,27 +31,4 @@ contract WebAuthn256r1 is WebAuthnBase { return ECDSA256r1.verify(message, r, s, qx, qy); } } - - /// @notice Verify ECDSA signature though WebAuthn on the secp256r1 curve using a precomputed table - function verify( - bytes1 authenticatorDataFlagMask, - bytes calldata authenticatorData, - bytes calldata clientData, - bytes calldata clientChallenge, - uint256 clientChallengeOffset, - uint256 r, - uint256 s, - address precomputedTable - ) - external - returns (bool) - { - unchecked { - bytes32 message = generateMessage( - authenticatorDataFlagMask, authenticatorData, clientData, clientChallenge, clientChallengeOffset - ); - - return ECDSA256r1Precompute.verify(message, r, s, precomputedTable); - } - } } diff --git a/test/WebAuthn256r1.t.sol b/test/WebAuthn256r1.t.sol index 1caf78d..0ec18da 100644 --- a/test/WebAuthn256r1.t.sol +++ b/test/WebAuthn256r1.t.sol @@ -39,78 +39,3 @@ contract ContractTestVerify is Test { ); } } - -contract ContractTestVerifyPrecomputation is Test { - WebAuthn256r1 internal implem; - // the address where the the precomputed table will live - address private precomputeAddress; - - function setUp() external { - implem = new WebAuthn256r1(); - precomputeAddress = vm.addr(42); - } - - /// @notice precumpute a shamir table of 256 points for a given pubKey - /// @dev this function execute a JS package listed in the package.json file - /// @param qx the x coordinate of the public key - /// @param qy the y coordinate of the public key - /// @return precompute the precomputed table as a bytes - function _precomputeShamirTable(uint256 qx, uint256 qy) private returns (bytes memory precompute) { - // Precompute a 8 dimensional table for Shamir's trick from c0 and c1 - // and return the table as a bytes - string[] memory inputs = new string[](4); - inputs[0] = "npx"; - inputs[1] = "@0x90d2b2b7fb7599eebb6e7a32980857d8/secp256r1-computation"; - inputs[2] = vm.toString(qx); - inputs[3] = vm.toString(qy); - precompute = vm.ffi(inputs); - } - - /// @notice Modifier for generating the precomputed table and storing it in the precompiled contract - /// @dev Uses the `_precomputeShamirTable(,)` function to generate the precomputed table - modifier _preparePrecomputeTable(uint256 qx, uint256 qy) { - // generate the precomputed table - bytes memory precompute = _precomputeShamirTable(qx, qy); - - // set the precomputed points as the bytecode of the target contract - vm.etch(precomputeAddress, precompute); - - // run the test - _; - - // unset the bytecode of the target contract - vm.etch(precomputeAddress, hex"00"); - } - - function test_VerifyPrecomput() - public - _preparePrecomputeTable( - 114_874_632_398_302_156_264_159_990_279_427_641_021_947_882_640_101_801_130_664_833_947_273_521_181_002, - 32_136_952_818_958_550_240_756_825_111_900_051_564_117_520_891_182_470_183_735_244_184_006_536_587_423 - ) - { - assertTrue( - implem.verify( - // authenticatorDataFlagMask - 0x01, - // authenticatorData - hex"f8e4b678e1c62f7355266eaa4dc1148573440937063a46d848da1e25babbd20b010000004d", - // clientData - hex"7b2274797065223a22776562617574686e2e676574222c226368616c6c656e67" - hex"65223a224e546f2d3161424547526e78786a6d6b61544865687972444e583369" - hex"7a6c7169316f776d4f643955474a30222c226f726967696e223a226874747073" - hex"3a2f2f66726573682e6c65646765722e636f6d222c2263726f73734f726967696e223a66616c73657d", - // clientChallenge - hex"353a3ed5a0441919f1c639a46931de872ac3357de2ce5aa2d68c2639df54189d", - // clientChallengeOffset - 0x24, - // r - 45_847_212_378_479_006_099_766_816_358_861_726_414_873_720_355_505_495_069_909_394_794_949_093_093_607, - // s - 55_835_259_151_215_769_394_881_684_156_457_977_412_783_812_617_123_006_733_908_193_526_332_337_539_398, - // address where the precompute table lives - precomputeAddress - ) - ); - } -}