diff --git a/src/CertManager.sol b/src/CertManager.sol index ba51b14..63eb418 100644 --- a/src/CertManager.sol +++ b/src/CertManager.sol @@ -35,22 +35,6 @@ contract CertManager is ICertManager { bytes32 public constant BASIC_CONSTRAINTS_OID = keccak256(hex"551d13"); bytes32 public constant KEY_USAGE_OID = keccak256(hex"551d0f"); - // ECDSA384 curve parameters (NIST P-384) - bytes public constant CURVE_A = - hex"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc"; - bytes public constant CURVE_B = - hex"b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef"; - bytes public constant CURVE_GX = - hex"aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7"; - bytes public constant CURVE_GY = - hex"3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f"; - bytes public constant CURVE_P = - hex"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff"; - bytes public constant CURVE_N = - hex"ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973"; - bytes public constant CURVE_LOW_S_MAX = - hex"7fffffffffffffffffffffffffffffffffffffffffffffffe3b1a6c0fa1b96efac0d06d9245853bd76760cb5666294b9"; - // certHash -> CachedCert mapping(bytes32 => bytes) public verified; @@ -279,13 +263,12 @@ contract CertManager is ICertManager { function _verifySignature(bytes memory pubKey, bytes memory hash, bytes memory sig) internal view { ECDSA384.Parameters memory CURVE_PARAMETERS = ECDSA384.Parameters({ - a: CURVE_A, - b: CURVE_B, - gx: CURVE_GX, - gy: CURVE_GY, - p: CURVE_P, - n: CURVE_N, - lowSmax: CURVE_LOW_S_MAX + a: ECDSA384.CURVE_A, + b: ECDSA384.CURVE_B, + gx: ECDSA384.CURVE_GX, + gy: ECDSA384.CURVE_GY, + p: ECDSA384.CURVE_P, + n: ECDSA384.CURVE_N }); require(ECDSA384.verify(CURVE_PARAMETERS, hash, sig, pubKey), "invalid sig"); } diff --git a/src/ECDSA384.sol b/src/ECDSA384.sol index 25095ab..b6356f6 100644 --- a/src/ECDSA384.sol +++ b/src/ECDSA384.sol @@ -14,6 +14,20 @@ pragma solidity ^0.8.15; library ECDSA384 { using U384 for *; + // ECDSA384 curve parameters (NIST P-384) + bytes public constant CURVE_A = + hex"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc"; + bytes public constant CURVE_B = + hex"b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef"; + bytes public constant CURVE_GX = + hex"aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7"; + bytes public constant CURVE_GY = + hex"3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f"; + bytes public constant CURVE_P = + hex"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff"; + bytes public constant CURVE_N = + hex"ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973"; + /** * @notice 384-bit curve parameters. */ @@ -24,7 +38,6 @@ library ECDSA384 { bytes gy; bytes p; bytes n; - bytes lowSmax; } struct _Parameters { @@ -34,7 +47,6 @@ library ECDSA384 { uint256 gy; uint256 p; uint256 n; - uint256 lowSmax; } struct _Inputs { @@ -46,7 +58,7 @@ library ECDSA384 { /** * @notice The function to verify the ECDSA signature - * @param curveParams_ the 384-bit curve parameters. `lowSmax` is `n / 2`. + * @param curveParams_ the 384-bit curve parameters. * @param hashedMessage_ the already hashed message to be verified. * @param signature_ the ECDSA signature. Equals to `bytes(r) + bytes(s)`. * @param pubKey_ the full public key of a signer. Equals to `bytes(x) + bytes(y)`. @@ -71,15 +83,10 @@ library ECDSA384 { gx: curveParams_.gx.init(), gy: curveParams_.gy.init(), p: curveParams_.p.init(), - n: curveParams_.n.init(), - lowSmax: curveParams_.lowSmax.init() + n: curveParams_.n.init() }); - if ( - U384.eqInteger(inputs_.r, 0) || - U384.cmp(inputs_.r, params_.n) >= 0 || - U384.eqInteger(inputs_.s, 0) - ) { + if (U384.eqInteger(inputs_.r, 0) || U384.cmp(inputs_.r, params_.n) >= 0 || U384.eqInteger(inputs_.s, 0)) { return false; } diff --git a/src/NitroValidator.sol b/src/NitroValidator.sol index caefdcd..3e13ca4 100644 --- a/src/NitroValidator.sol +++ b/src/NitroValidator.sol @@ -30,22 +30,6 @@ contract NitroValidator { bytes32 public constant NONCE_KEY = keccak256(bytes("nonce")); bytes32 public constant PCRS_KEY = keccak256(bytes("pcrs")); - // ECDSA384 curve parameters (NIST P-384) - bytes public constant CURVE_A = - hex"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc"; - bytes public constant CURVE_B = - hex"b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef"; - bytes public constant CURVE_GX = - hex"aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7"; - bytes public constant CURVE_GY = - hex"3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f"; - bytes public constant CURVE_P = - hex"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff"; - bytes public constant CURVE_N = - hex"ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973"; - bytes public constant CURVE_LOW_S_MAX = - hex"7fffffffffffffffffffffffffffffffffffffffffffffffe3b1a6c0fa1b96efac0d06d9245853bd76760cb5666294b9"; - struct Ptrs { CborElement moduleID; uint64 timestamp; @@ -204,13 +188,12 @@ contract NitroValidator { function _verifySignature(bytes memory pubKey, bytes memory hash, bytes memory sig) internal view { ECDSA384.Parameters memory CURVE_PARAMETERS = ECDSA384.Parameters({ - a: CURVE_A, - b: CURVE_B, - gx: CURVE_GX, - gy: CURVE_GY, - p: CURVE_P, - n: CURVE_N, - lowSmax: CURVE_LOW_S_MAX + a: ECDSA384.CURVE_A, + b: ECDSA384.CURVE_B, + gx: ECDSA384.CURVE_GX, + gy: ECDSA384.CURVE_GY, + p: ECDSA384.CURVE_P, + n: ECDSA384.CURVE_N }); require(ECDSA384.verify(CURVE_PARAMETERS, hash, sig, pubKey), "invalid sig"); } diff --git a/test/ECDSA384.t.sol b/test/ECDSA384.t.sol index e9b3a69..0f20644 100644 --- a/test/ECDSA384.t.sol +++ b/test/ECDSA384.t.sol @@ -6,30 +6,14 @@ import {ECDSA384} from "../src/ECDSA384.sol"; import {Sha2Ext} from "../src/Sha2Ext.sol"; contract ECDSA384Test is Test { - bytes public constant CURVE_A = - hex"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc"; - bytes public constant CURVE_B = - hex"b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef"; - bytes public constant CURVE_GX = - hex"aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7"; - bytes public constant CURVE_GY = - hex"3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f"; - bytes public constant CURVE_P = - hex"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff"; - bytes public constant CURVE_N = - hex"ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973"; - bytes public constant CURVE_LOW_S_MAX = - hex"7fffffffffffffffffffffffffffffffffffffffffffffffe3b1a6c0fa1b96efac0d06d9245853bd76760cb5666294b9"; - function testEmptySig(bytes memory message) public view { ECDSA384.Parameters memory CURVE_PARAMETERS = ECDSA384.Parameters({ - a: CURVE_A, - b: CURVE_B, - gx: CURVE_GX, - gy: CURVE_GY, - p: CURVE_P, - n: CURVE_N, - lowSmax: CURVE_LOW_S_MAX + a: ECDSA384.CURVE_A, + b: ECDSA384.CURVE_B, + gx: ECDSA384.CURVE_GX, + gy: ECDSA384.CURVE_GY, + p: ECDSA384.CURVE_P, + n: ECDSA384.CURVE_N }); bytes memory pubKey = abi.encodePacked( hex"56931fd7d42942eec92298d7291371cdbac29c60230c9f635d010939ab7f8f5d977ccfe90bd7528cafa53afad6225bf61e2af4d20831aed1e6b578ccb00e1534182f6d1ee6bf524fbd62bd056d0d538c24eb7f2a436e336e139f00a072b0ba1a"