Skip to content

Commit

Permalink
Add webauthn audit report, mention in readme
Browse files Browse the repository at this point in the history
  • Loading branch information
nalinbhardwaj authored and dcposch committed Nov 12, 2023
1 parent f0a9e32 commit fcaa173
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ The contract matches the proposed [EIP-7212 precompile](https://eips.ethereum.or

The secp256r1 elliptic curve, aka P256, is used by high-quality consumer enclaves including Yubikey, Apple's Secure Enclave, the Android Keystore, and WebAuthn. P256 verification is especially useful for contract wallets, enabling hardware-based signing keys and smoother UX.

This implementation was inspired by [Renaud Dubois/Ledger's implementation](https://github.com/rdubois-crypto/FreshCryptoLib) and [blst](https://github.com/supranational/blst). Veridise's audit report for this implementation is available [here](./audits/2023-10-veridise.pdf).
This implementation was inspired by [Renaud Dubois/Ledger's implementation](https://github.com/rdubois-crypto/FreshCryptoLib) and [blst](https://github.com/supranational/blst).

## Usage

Expand All @@ -34,6 +34,13 @@ Alternately, calling `P256.verifySignatureAllowMalleability` ignores
malleability of signatures, matching the behavior specified by the NIST standard
exactly.

You can also verify WebAuthn/Passkey signatures using the [`WebAuthn.sol`](./src/WebAuthn.sol) library contract.

## Audits

- [Veridise audit 2023 Oct: P256Verifier](./audits/2023-10-veridise.pdf)
- [Veridise audit 2023 Nov: WebAuthn](./audits/2023-11-veridise-webauthn.pdf)

## Development

Run `foundryup` to ensure you have the latest foundry. Then,
Expand Down
Binary file added audits/2023-11-veridise-webauthn.pdf
Binary file not shown.

0 comments on commit fcaa173

Please sign in to comment.