diff --git a/src/CertManager.sol b/src/CertManager.sol index 59dfd89..adb5887 100644 --- a/src/CertManager.sol +++ b/src/CertManager.sol @@ -176,7 +176,7 @@ contract CertManager { ); uint256 end = subjectPubKeyPtr.content() + subjectPubKeyPtr.length(); - subjectPubKey = certificate.slice(end - 96, end); + subjectPubKey = certificate.slice(end - 96, 96); } function _verifyValidity(bytes memory certificate, NodePtr validityPtr) internal view returns (uint256 notAfter) { diff --git a/src/LibBytes.sol b/src/LibBytes.sol index b6ed1af..dfbe288 100644 --- a/src/LibBytes.sol +++ b/src/LibBytes.sol @@ -8,19 +8,18 @@ library LibBytes { } } - function slice(bytes memory b, uint256 from, uint256 to) internal pure returns (bytes memory result) { - require(from <= to, "from greater than to"); - require(to <= b.length, "index out of bounds"); + function slice(bytes memory b, uint256 offset, uint256 length) internal pure returns (bytes memory result) { + require(offset + length <= b.length, "index out of bounds"); // Create a new bytes structure and copy contents - result = new bytes(to - from); + result = new bytes(length); uint256 dest; uint256 src; assembly { dest := add(result, 32) - src := add(b, add(32, from)) + src := add(b, add(32, offset)) } - memcpy(dest, src, result.length); + memcpy(dest, src, length); return result; } diff --git a/src/NitroValidator.sol b/src/NitroValidator.sol index 13aae50..9e67346 100644 --- a/src/NitroValidator.sol +++ b/src/NitroValidator.sol @@ -63,7 +63,7 @@ contract NitroValidator { function decodeAttestationTbs(bytes memory attestation) external - view + pure returns (bytes memory attestationTbs, bytes memory signature) { uint256 offset = 1; @@ -79,12 +79,10 @@ contract NitroValidator { uint256 rawProtectedLength = protectedPtr.content() + protectedPtr.length() - offset; uint256 rawPayloadLength = payloadPtr.content() + payloadPtr.length() - unprotectedPtr.content() - unprotectedPtr.length(); - bytes memory rawProtectedBytes = attestation.slice(offset, offset + rawProtectedLength); - bytes memory rawPayloadBytes = attestation.slice( - unprotectedPtr.content() + unprotectedPtr.length(), - unprotectedPtr.content() + unprotectedPtr.length() + rawPayloadLength - ); - signature = attestation.slice(signaturePtr.content(), signaturePtr.content() + signaturePtr.length()); + bytes memory rawProtectedBytes = attestation.slice(offset, rawProtectedLength); + bytes memory rawPayloadBytes = + attestation.slice(unprotectedPtr.content() + unprotectedPtr.length(), rawPayloadLength); + signature = attestation.slice(signaturePtr.content(), signaturePtr.length()); attestationTbs = _constructAttestationTbs(rawProtectedBytes, rawProtectedLength, rawPayloadBytes, rawPayloadLength); } @@ -141,11 +139,10 @@ contract NitroValidator { "invalid nonce" ); - bytes memory cert = attestationTbs.slice(ptrs.cert.content(), ptrs.cert.content() + ptrs.cert.length()); + bytes memory cert = attestationTbs.slice(ptrs.cert.content(), ptrs.cert.length()); bytes[] memory cabundle = new bytes[](ptrs.cabundle.length); for (uint256 i = 0; i < ptrs.cabundle.length; i++) { - cabundle[i] = - attestationTbs.slice(ptrs.cabundle[i].content(), ptrs.cabundle[i].content() + ptrs.cabundle[i].length()); + cabundle[i] = attestationTbs.slice(ptrs.cabundle[i].content(), ptrs.cabundle[i].length()); } CertManager.CachedCert memory parent = certManager.verifyCertBundle(cert, cabundle); diff --git a/src/Sha2Ext.sol b/src/Sha2Ext.sol index 9833881..3382d62 100644 --- a/src/Sha2Ext.sol +++ b/src/Sha2Ext.sol @@ -182,7 +182,7 @@ library Sha2Ext { paddingLength = 247 - mdi; } bytes memory padding = new bytes(paddingLength); - bytes memory tail = message.slice(offset + length - mdi, offset + length); + bytes memory tail = message.slice(offset + length - mdi, mdi); return abi.encodePacked(tail, bytes1(0x80), padding, bitLength); }