-
Notifications
You must be signed in to change notification settings - Fork 81
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[#312] Use immutables for storing values
- Loading branch information
Showing
4 changed files
with
119 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,40 @@ | ||
// SPDX-License-Identifier: LGPL-3.0-only | ||
pragma solidity >=0.8.0; | ||
import {SafeProxy} from "@safe-global/safe-contracts/contracts/proxies/SafeProxy.sol"; | ||
import {IP256Verifier} from "./interfaces/IP256Verifier.sol"; | ||
contract SafeWebAuthnSignerProxy { | ||
uint256 internal immutable X; | ||
uint256 internal immutable Y; | ||
IP256Verifier internal immutable VERIFIER; | ||
address internal singleton; | ||
constructor(address implementation, uint256 x, uint256 y, address verifier) { | ||
singleton = implementation; | ||
X = x; | ||
Y = y; | ||
VERIFIER = IP256Verifier(verifier); | ||
} | ||
|
||
contract SafeWebAuthnSignerProxy is SafeProxy { | ||
constructor(address implementation) SafeProxy(implementation) {} | ||
/// @dev Fallback function forwards all transactions and returns all received return data. | ||
// solhint-disable-next-line no-complex-fallback | ||
fallback() external payable { | ||
bytes memory data = abi.encodePacked(msg.data, X, Y, VERIFIER); | ||
|
||
// solhint-disable-next-line no-inline-assembly | ||
assembly { | ||
let _singleton := and(sload(0), 0xffffffffffffffffffffffffffffffffffffffff) | ||
// 0xa619486e == keccak("masterCopy()"). The value is right padded to 32-bytes with 0s | ||
if eq(calldataload(0), 0xa619486e00000000000000000000000000000000000000000000000000000000) { | ||
mstore(0, _singleton) | ||
return(0, 0x20) | ||
} | ||
let dataSize := mload(data) | ||
let dataLocation := add(data, 0x20) | ||
|
||
let success := delegatecall(gas(), _singleton, dataLocation, dataSize, 0, 0) | ||
returndatacopy(0, 0, returndatasize()) | ||
if eq(success, 0) { | ||
revert(0, returndatasize()) | ||
} | ||
return(0, returndatasize()) | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
38 changes: 12 additions & 26 deletions
38
modules/passkey/contracts/SafeWebAuthnSignerSingleton.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,41 +1,27 @@ | ||
// SPDX-License-Identifier: LGPL-3.0-only | ||
pragma solidity >=0.8.0; | ||
|
||
import {SignatureValidator} from "./base/SignatureValidator.sol"; | ||
import {SignatureValidatorProxy} from "./base/SignatureValidatorProxy.sol"; | ||
import {IP256Verifier} from "./interfaces/IP256Verifier.sol"; | ||
import {WebAuthn} from "./libraries/WebAuthn.sol"; | ||
|
||
/** | ||
* @title WebAuthn Safe Signature Validator Singleton | ||
* @dev A contract that represents a WebAuthn signer. | ||
* @custom:security-contact bounty@safe.global | ||
*/ | ||
contract SafeWebAuthnSignerSingleton is SignatureValidator { | ||
address public singleton; | ||
uint256 public x; | ||
uint256 public y; | ||
IP256Verifier public verifier; | ||
|
||
// TODO: Constructor to disable use of singleton for signature verification | ||
|
||
/** | ||
* @dev Setup function. | ||
* @param _x The X coordinate of the signer's public key. | ||
* @param _y The Y coordinate of the signer's public key. | ||
* @param _verifier The P-256 verifier to use for signature validation. It MUST implement the | ||
* same interface as the EIP-7212 precompile. | ||
*/ | ||
function setup(uint256 _x, uint256 _y, address _verifier) external { | ||
require(x == 0, "SafeWebAuthnSigner: already initialized"); | ||
x = _x; | ||
y = _y; | ||
verifier = IP256Verifier(_verifier); | ||
} | ||
contract SafeWebAuthnSignerSingleton is SignatureValidatorProxy { | ||
address internal singleton; | ||
|
||
/** | ||
* @inheritdoc SignatureValidator | ||
* @inheritdoc SignatureValidatorProxy | ||
*/ | ||
function _verifySignature(bytes32 message, bytes calldata signature) internal view virtual override returns (bool success) { | ||
success = WebAuthn.verifySignature(message, signature, WebAuthn.USER_VERIFICATION, x, y, verifier); | ||
function _verifySignature( | ||
bytes32 message, | ||
bytes calldata signature, | ||
uint256 x, | ||
uint256 y, | ||
address verifier | ||
) public view virtual override returns (bool success) { | ||
success = WebAuthn.verifySignature(message, signature, WebAuthn.USER_VERIFICATION, x, y, IP256Verifier(verifier)); | ||
} | ||
} |
66 changes: 66 additions & 0 deletions
66
modules/passkey/contracts/base/SignatureValidatorProxy.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
// SPDX-License-Identifier: LGPL-3.0-only | ||
pragma solidity >=0.8.0; | ||
|
||
import {ERC1271} from "../libraries/ERC1271.sol"; | ||
/** | ||
* @title Signature Validator Base Contract | ||
* @dev A interface for smart contract Safe owners that supports multiple ERC-1271 `isValidSignature` versions. | ||
* @custom:security-contact bounty@safe.global | ||
*/ | ||
abstract contract SignatureValidatorProxy { | ||
/** | ||
* @dev Validates the signature for the given data. | ||
* bytes data The signed data bytes. | ||
* bytes calldata signature The signature to be validated. | ||
* @return magicValue The magic value indicating the validity of the signature. | ||
*/ | ||
function isValidSignature(bytes memory data, bytes calldata signature) external view returns (bytes4 magicValue) { | ||
uint256 x; | ||
uint256 y; | ||
address verifier; | ||
// solhint-disable-next-line no-inline-assembly | ||
assembly { | ||
x := calldataload(sub(calldatasize(), 84)) | ||
y := calldataload(sub(calldatasize(), 52)) | ||
verifier := shr(96, calldataload(sub(calldatasize(), 20))) | ||
} | ||
if (_verifySignature(keccak256(data), signature, x, y, verifier)) { | ||
magicValue = ERC1271.LEGACY_MAGIC_VALUE; | ||
} | ||
} | ||
|
||
/** | ||
* @dev Validates the signature for a given data hash. | ||
* bytes32 message The signed message. | ||
* bytes calldata signature The signature to be validated. | ||
* @return magicValue The magic value indicating the validity of the signature. | ||
*/ | ||
function isValidSignature(bytes32 message, bytes calldata signature) external view returns (bytes4 magicValue) { | ||
uint256 x; | ||
uint256 y; | ||
address verifier; | ||
// solhint-disable-next-line no-inline-assembly | ||
assembly { | ||
x := calldataload(sub(calldatasize(), 84)) | ||
y := calldataload(sub(calldatasize(), 52)) | ||
verifier := shr(96, calldataload(sub(calldatasize(), 20))) | ||
} | ||
|
||
if (_verifySignature(message, signature, x, y, verifier)) { | ||
magicValue = ERC1271.MAGIC_VALUE; | ||
} | ||
} | ||
|
||
/** | ||
* @dev Verifies a signature. | ||
* @param message The signed message. | ||
* @return success Whether the signature is valid. | ||
*/ | ||
function _verifySignature( | ||
bytes32 message, | ||
bytes calldata signature, | ||
uint256 x, | ||
uint256 y, | ||
address verifier | ||
) public view virtual returns (bool success); | ||
} |