Move curve parameters into ECDSA384 lib

base-org · Dec 3, 2024 · 6e8b188 · 6e8b188
1 parent 4a50bda
commit 6e8b188
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 78 deletions.
diff --git a/src/CertManager.sol b/src/CertManager.sol
@@ -35,22 +35,6 @@ contract CertManager is ICertManager {
     bytes32 public constant BASIC_CONSTRAINTS_OID = keccak256(hex"551d13");
     bytes32 public constant KEY_USAGE_OID = keccak256(hex"551d0f");
 
-    // ECDSA384 curve parameters (NIST P-384)
-    bytes public constant CURVE_A =
-        hex"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc";
-    bytes public constant CURVE_B =
-        hex"b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef";
-    bytes public constant CURVE_GX =
-        hex"aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7";
-    bytes public constant CURVE_GY =
-        hex"3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f";
-    bytes public constant CURVE_P =
-        hex"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff";
-    bytes public constant CURVE_N =
-        hex"ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973";
-    bytes public constant CURVE_LOW_S_MAX =
-        hex"7fffffffffffffffffffffffffffffffffffffffffffffffe3b1a6c0fa1b96efac0d06d9245853bd76760cb5666294b9";
-
     // certHash -> CachedCert
     mapping(bytes32 => bytes) public verified;
 
@@ -279,13 +263,12 @@ contract CertManager is ICertManager {
 
     function _verifySignature(bytes memory pubKey, bytes memory hash, bytes memory sig) internal view {
         ECDSA384.Parameters memory CURVE_PARAMETERS = ECDSA384.Parameters({
-            a: CURVE_A,
-            b: CURVE_B,
-            gx: CURVE_GX,
-            gy: CURVE_GY,
-            p: CURVE_P,
-            n: CURVE_N,
-            lowSmax: CURVE_LOW_S_MAX
+            a: ECDSA384.CURVE_A,
+            b: ECDSA384.CURVE_B,
+            gx: ECDSA384.CURVE_GX,
+            gy: ECDSA384.CURVE_GY,
+            p: ECDSA384.CURVE_P,
+            n: ECDSA384.CURVE_N
         });
         require(ECDSA384.verify(CURVE_PARAMETERS, hash, sig, pubKey), "invalid sig");
     }

diff --git a/src/ECDSA384.sol b/src/ECDSA384.sol
@@ -14,6 +14,20 @@ pragma solidity ^0.8.15;
 library ECDSA384 {
     using U384 for *;
 
+    // ECDSA384 curve parameters (NIST P-384)
+    bytes public constant CURVE_A =
+        hex"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc";
+    bytes public constant CURVE_B =
+        hex"b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef";
+    bytes public constant CURVE_GX =
+        hex"aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7";
+    bytes public constant CURVE_GY =
+        hex"3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f";
+    bytes public constant CURVE_P =
+        hex"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff";
+    bytes public constant CURVE_N =
+        hex"ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973";
+
     /**
      * @notice 384-bit curve parameters.
      */
@@ -24,7 +38,6 @@ library ECDSA384 {
         bytes gy;
         bytes p;
         bytes n;
-        bytes lowSmax;
     }
 
     struct _Parameters {
@@ -34,7 +47,6 @@ library ECDSA384 {
         uint256 gy;
         uint256 p;
         uint256 n;
-        uint256 lowSmax;
     }
 
     struct _Inputs {
@@ -46,7 +58,7 @@ library ECDSA384 {
 
     /**
      * @notice The function to verify the ECDSA signature
-     * @param curveParams_ the 384-bit curve parameters. `lowSmax` is `n / 2`.
+     * @param curveParams_ the 384-bit curve parameters.
      * @param hashedMessage_ the already hashed message to be verified.
      * @param signature_ the ECDSA signature. Equals to `bytes(r) + bytes(s)`.
      * @param pubKey_ the full public key of a signer. Equals to `bytes(x) + bytes(y)`.
@@ -71,15 +83,10 @@ library ECDSA384 {
                 gx: curveParams_.gx.init(),
                 gy: curveParams_.gy.init(),
                 p: curveParams_.p.init(),
-                n: curveParams_.n.init(),
-                lowSmax: curveParams_.lowSmax.init()
+                n: curveParams_.n.init()
             });
 
-            if (
-                U384.eqInteger(inputs_.r, 0) ||
-                U384.cmp(inputs_.r, params_.n) >= 0 ||
-                U384.eqInteger(inputs_.s, 0)
-            ) {
+            if (U384.eqInteger(inputs_.r, 0) || U384.cmp(inputs_.r, params_.n) >= 0 || U384.eqInteger(inputs_.s, 0)) {
                 return false;
             }
 

diff --git a/src/NitroValidator.sol b/src/NitroValidator.sol
@@ -30,22 +30,6 @@ contract NitroValidator {
     bytes32 public constant NONCE_KEY = keccak256(bytes("nonce"));
     bytes32 public constant PCRS_KEY = keccak256(bytes("pcrs"));
 
-    // ECDSA384 curve parameters (NIST P-384)
-    bytes public constant CURVE_A =
-        hex"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc";
-    bytes public constant CURVE_B =
-        hex"b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef";
-    bytes public constant CURVE_GX =
-        hex"aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7";
-    bytes public constant CURVE_GY =
-        hex"3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f";
-    bytes public constant CURVE_P =
-        hex"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff";
-    bytes public constant CURVE_N =
-        hex"ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973";
-    bytes public constant CURVE_LOW_S_MAX =
-        hex"7fffffffffffffffffffffffffffffffffffffffffffffffe3b1a6c0fa1b96efac0d06d9245853bd76760cb5666294b9";
-
     struct Ptrs {
         CborElement moduleID;
         uint64 timestamp;
@@ -204,13 +188,12 @@ contract NitroValidator {
 
     function _verifySignature(bytes memory pubKey, bytes memory hash, bytes memory sig) internal view {
         ECDSA384.Parameters memory CURVE_PARAMETERS = ECDSA384.Parameters({
-            a: CURVE_A,
-            b: CURVE_B,
-            gx: CURVE_GX,
-            gy: CURVE_GY,
-            p: CURVE_P,
-            n: CURVE_N,
-            lowSmax: CURVE_LOW_S_MAX
+            a: ECDSA384.CURVE_A,
+            b: ECDSA384.CURVE_B,
+            gx: ECDSA384.CURVE_GX,
+            gy: ECDSA384.CURVE_GY,
+            p: ECDSA384.CURVE_P,
+            n: ECDSA384.CURVE_N
         });
         require(ECDSA384.verify(CURVE_PARAMETERS, hash, sig, pubKey), "invalid sig");
     }

diff --git a/test/ECDSA384.t.sol b/test/ECDSA384.t.sol
@@ -6,30 +6,14 @@ import {ECDSA384} from "../src/ECDSA384.sol";
 import {Sha2Ext} from "../src/Sha2Ext.sol";
 
 contract ECDSA384Test is Test {
-    bytes public constant CURVE_A =
-        hex"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc";
-    bytes public constant CURVE_B =
-        hex"b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef";
-    bytes public constant CURVE_GX =
-        hex"aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7";
-    bytes public constant CURVE_GY =
-        hex"3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f";
-    bytes public constant CURVE_P =
-        hex"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff";
-    bytes public constant CURVE_N =
-        hex"ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973";
-    bytes public constant CURVE_LOW_S_MAX =
-        hex"7fffffffffffffffffffffffffffffffffffffffffffffffe3b1a6c0fa1b96efac0d06d9245853bd76760cb5666294b9";
-
     function testEmptySig(bytes memory message) public view {
         ECDSA384.Parameters memory CURVE_PARAMETERS = ECDSA384.Parameters({
-            a: CURVE_A,
-            b: CURVE_B,
-            gx: CURVE_GX,
-            gy: CURVE_GY,
-            p: CURVE_P,
-            n: CURVE_N,
-            lowSmax: CURVE_LOW_S_MAX
+            a: ECDSA384.CURVE_A,
+            b: ECDSA384.CURVE_B,
+            gx: ECDSA384.CURVE_GX,
+            gy: ECDSA384.CURVE_GY,
+            p: ECDSA384.CURVE_P,
+            n: ECDSA384.CURVE_N
         });
         bytes memory pubKey = abi.encodePacked(
             hex"56931fd7d42942eec92298d7291371cdbac29c60230c9f635d010939ab7f8f5d977ccfe90bd7528cafa53afad6225bf61e2af4d20831aed1e6b578ccb00e1534182f6d1ee6bf524fbd62bd056d0d538c24eb7f2a436e336e139f00a072b0ba1a"