Skip to content

Commit

Permalink
N-01: add security contact
Browse files Browse the repository at this point in the history
  • Loading branch information
dcposch committed Jul 30, 2024
1 parent 8279636 commit 4075232
Show file tree
Hide file tree
Showing 5 changed files with 18 additions and 14 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,11 @@ jobs:

- run: |
forge --version
forge build --sizes
forge build --via-ir --sizes
id: build
- run: |
forge test -vv
forge test --via-ir -vv
forge coverage --ir-minimum --report lcov
git diff --exit-code
id: test
Expand Down
7 changes: 4 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ Our implementation was inspired by [Renaud Dubois/Ledger's FCL library](https://
Available on any chain. If missing, see `deploy.sh`.

Install with:

- `forge install daimo-eth/p256-verifier`
- add `p256-verifier/=lib/p256-verifier/src/` to remappings.txt

Expand All @@ -33,7 +34,7 @@ uint256 x, y; // public key
bool valid = P256.verifySignature(hash, r, s, x, y);
```

Alternately, calling `P256.verifySignatureAllowMalleability` ignores
Alternately, calling `P256.verifySignatureAllowMalleability` ignores
malleability of signatures, matching the behavior specified by the NIST standard
exactly.

Expand All @@ -51,7 +52,7 @@ Run `foundryup` to ensure you have the latest foundry. Then,
```
git clone --recurse-submodules [email protected]:daimo-eth/p256-verifier
cd p256-verifier
forge test -vv
forge test --via-ir -vv
```

This runs test input and output handling as well as all applicable Wycheproof
Expand Down Expand Up @@ -87,7 +88,7 @@ npm test
# Validate that all vectors also work with EIP-7212
# Test the fallback contract...
cd ..
forge test -vv
forge test --via-ir -vv
# In future, execution spec and clients can test against the same clean vectors
```
Expand Down
7 changes: 4 additions & 3 deletions src/P256.sol
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,10 @@
pragma solidity 0.8.21;

/**
* Helper library for external contracts to verify P256 signatures.
* Tries to use RIP-7212 precompile if available on the chain, and if not falls
* back to more expensive Solidity implementation.
* @dev Helper library to verify P256 signatures. Uses the RIP-7212 precompile
* if available. If unavailable (or if the signature is invalid), falls back to
* a more expensive Solidity implementation.
* @custom:security-contact [email protected]
**/
library P256 {
address constant PRECOMPILE = address(0x100);
Expand Down
9 changes: 5 additions & 4 deletions src/P256Verifier.sol
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,16 @@
pragma solidity 0.8.21;

/**
* This contract verifies P256 (secp256r1) signatures. It matches the exact
* @dev This contract verifies P256 (secp256r1) signatures. It matches the exact
* interface specified in the EIP-7212 precompile, allowing it to be used as a
* fallback. It's based on Ledger's optimized implementation:
* https://github.com/rdubois-crypto/FreshCryptoLib/tree/master/solidity
**/
* @custom:security-contact [email protected]
*/
contract P256Verifier {
/**
* Precompiles don't use a function signature. The first byte of callldata
* is the first byte of an input argument. In this case:
* @dev Precompiles don't use a function signature. The first byte of
* calldata is the first byte of an input argument. In this case:
*
* input[ 0: 32] = signed data hash
* input[ 32: 64] = signature r
Expand Down
5 changes: 3 additions & 2 deletions src/WebAuthn.sol
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@ import "./utils/Base64URL.sol";
import "./P256.sol";

/**
* Helper library for external contracts to verify WebAuthn signatures.
**/
* @dev Helper library for verify WebAuthn (aka passkey) signatures.
* @custom:security-contact [email protected]
*/
library WebAuthn {
/// Checks whether prefix occurs in the beginning of str.
function startsWith(
Expand Down

0 comments on commit 4075232

Please sign in to comment.