diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 534c185..13a285e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,11 +23,11 @@ jobs: - run: | forge --version - forge build --sizes + forge build --via-ir --sizes id: build - run: | - forge test -vv + forge test --via-ir -vv forge coverage --ir-minimum --report lcov git diff --exit-code id: test diff --git a/README.md b/README.md index e808fbb..01e5110 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ Our implementation was inspired by [Renaud Dubois/Ledger's FCL library](https:// Available on any chain. If missing, see `deploy.sh`. Install with: + - `forge install daimo-eth/p256-verifier` - add `p256-verifier/=lib/p256-verifier/src/` to remappings.txt @@ -33,7 +34,7 @@ uint256 x, y; // public key bool valid = P256.verifySignature(hash, r, s, x, y); ``` -Alternately, calling `P256.verifySignatureAllowMalleability` ignores +Alternately, calling `P256.verifySignatureAllowMalleability` ignores malleability of signatures, matching the behavior specified by the NIST standard exactly. @@ -51,7 +52,7 @@ Run `foundryup` to ensure you have the latest foundry. Then, ``` git clone --recurse-submodules git@github.com:daimo-eth/p256-verifier cd p256-verifier -forge test -vv +forge test --via-ir -vv ``` This runs test input and output handling as well as all applicable Wycheproof @@ -87,7 +88,7 @@ npm test # Validate that all vectors also work with EIP-7212 # Test the fallback contract... cd .. -forge test -vv +forge test --via-ir -vv # In future, execution spec and clients can test against the same clean vectors ``` diff --git a/src/P256.sol b/src/P256.sol index c7792ea..d7d1617 100644 --- a/src/P256.sol +++ b/src/P256.sol @@ -2,9 +2,10 @@ pragma solidity 0.8.21; /** - * Helper library for external contracts to verify P256 signatures. - * Tries to use RIP-7212 precompile if available on the chain, and if not falls - * back to more expensive Solidity implementation. + * @dev Helper library to verify P256 signatures. Uses the RIP-7212 precompile + * if available. If unavailable (or if the signature is invalid), falls back to + * a more expensive Solidity implementation. + * @custom:security-contact security@daimo.com **/ library P256 { address constant PRECOMPILE = address(0x100); diff --git a/src/P256Verifier.sol b/src/P256Verifier.sol index 50731d1..302851e 100644 --- a/src/P256Verifier.sol +++ b/src/P256Verifier.sol @@ -3,15 +3,16 @@ pragma solidity 0.8.21; /** - * This contract verifies P256 (secp256r1) signatures. It matches the exact + * @dev This contract verifies P256 (secp256r1) signatures. It matches the exact * interface specified in the EIP-7212 precompile, allowing it to be used as a * fallback. It's based on Ledger's optimized implementation: * https://github.com/rdubois-crypto/FreshCryptoLib/tree/master/solidity - **/ + * @custom:security-contact security@daimo.com + */ contract P256Verifier { /** - * Precompiles don't use a function signature. The first byte of callldata - * is the first byte of an input argument. In this case: + * @dev Precompiles don't use a function signature. The first byte of + * calldata is the first byte of an input argument. In this case: * * input[ 0: 32] = signed data hash * input[ 32: 64] = signature r diff --git a/src/WebAuthn.sol b/src/WebAuthn.sol index b7fefbd..42f2014 100644 --- a/src/WebAuthn.sol +++ b/src/WebAuthn.sol @@ -5,8 +5,9 @@ import "./utils/Base64URL.sol"; import "./P256.sol"; /** - * Helper library for external contracts to verify WebAuthn signatures. - **/ + * @dev Helper library for verify WebAuthn (aka passkey) signatures. + * @custom:security-contact security@daimo.com + */ library WebAuthn { /// Checks whether prefix occurs in the beginning of str. function startsWith(