Merge pull request #5 from symbioticfi/fix-ed25519

Fix ed25519
symbioticfi · Nov 26, 2024 · 47e83cb · 47e83cb
2 parents 31167e4 + c7efb34
commit 47e83cb
Show file tree

Hide file tree

Showing 9 changed files with 77 additions and 1,598 deletions.
diff --git a/.gitmodules b/.gitmodules
@@ -10,3 +10,6 @@
 [submodule "lib/core"]
 	path = lib/core
 	url = https://github.com/symbioticfi/core
+[submodule "lib/crypto-lib"]
+	path = lib/crypto-lib
+	url = https://github.com/get-smooth/crypto-lib
diff --git a/lib/crypto-lib b/lib/crypto-lib
diff --git a/remappings.txt b/remappings.txt
@@ -1,4 +1,5 @@
 @openzeppelin/contracts/=lib/openzeppelin-contracts/contracts/
 @openzeppelin/contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts/
 @symbiotic/=lib/core/src/
-@symbiotic-test=lib/core/test
+@symbiotic-test=lib/core/test
+@crypto-lib/=lib/crypto-lib/src/
diff --git a/src/libraries/Ed25519.sol b/src/libraries/Ed25519.sol
diff --git a/src/middleware/extensions/operators/SelfRegisterOperators.sol b/src/middleware/extensions/operators/SelfRegisterOperators.sol
@@ -336,7 +336,7 @@ abstract contract SelfRegisterOperators is BaseMiddleware, BaseSig, EIP712Upgrad
      * @param key The public key to verify
      * @param signature The signature to verify
      */
-    function _verifyKey(address operator, bytes memory key, bytes memory signature) internal view {
+    function _verifyKey(address operator, bytes memory key, bytes memory signature) internal {
         if (key.length != 0 && !_verifyKeySignature(operator, key, signature)) {
             revert InvalidSignature();
         }

diff --git a/src/middleware/extensions/sigs/BaseSig.sol b/src/middleware/extensions/sigs/BaseSig.sol
@@ -13,5 +13,5 @@ abstract contract BaseSig {
         address operator,
         bytes memory key_,
         bytes memory signature
-    ) internal view virtual returns (bool);
+    ) internal virtual returns (bool);
 }
diff --git a/src/middleware/extensions/sigs/Ed25519Sig.sol b/src/middleware/extensions/sigs/Ed25519Sig.sol
@@ -15,37 +15,31 @@ abstract contract Ed25519Sig is BaseSig {
     /**
      * @notice Verifies that a signature was created by the owner of a key
      * @param operator The address of the operator that owns the key
-     * @param key_ The public key to verify against, encoded as bytes
-     * @param signature The Ed25519 signature to verify, containing r and s components
+     * @param key_ The public key to verify against
+     * @param signature The Ed25519 signature to verify
      * @return True if the signature was created by the key owner, false otherwise
-     * @dev The key is expected to be a bytes32 that represents an Ed25519 public key
-     *      The signature is expected to be 64 bytes containing r (32 bytes) and s (32 bytes)
+     * @dev The key must be a valid Ed25519 public key point compressed to 32 bytes
+     *      The signature must be 64 bytes containing r and s components encoded as uint256
      */
     function _verifyKeySignature(
         address operator,
         bytes memory key_,
         bytes memory signature
-    ) internal pure override returns (bool) {
+    ) internal override returns (bool) {
         bytes32 key = abi.decode(key_, (bytes32));
-        bytes32 message = keccak256(abi.encodePacked(operator, key));
-        return check(key, signature, message);
+        bytes memory message = abi.encode(keccak256(abi.encodePacked(operator, key)));
+        return verify(message, signature, key);
     }
 
     /**
-     * @notice Checks an Ed25519 signature against a message and public key
-     * @param key The Ed25519 public key
-     * @param signature The Ed25519 signature to verify
+     * @notice Verifies an Ed25519 signature against a message and public key
      * @param message The message that was signed
+     * @param signature The Ed25519 signature to verify
+     * @param key The Ed25519 public key compressed to 32 bytes
      * @return True if the signature is valid, false otherwise
-     * @dev Wrapper around Ed25519.check
+     * @dev Wrapper around Ed25519.verify which handles decompression and curve operations
      */
-    function check(bytes32 key, bytes memory signature, bytes32 message) internal pure returns (bool) {
-        bytes32 r;
-        bytes32 s;
-        assembly {
-            r := mload(add(signature, 32))
-            s := mload(add(signature, 64))
-        }
-        return Ed25519.check(key, r, s, message, bytes9(0));
+    function verify(bytes memory message, bytes memory signature, bytes32 key) internal returns (bool) {
+        return Ed25519.verify(message, signature, key);
     }
 }
diff --git a/test/helpers/ed25519TestData.json b/test/helpers/ed25519TestData.json
@@ -1,7 +1,7 @@
 {
-  "operator": "0xc2c1697Fe88772f844D1b622F4fc0E6E0b16Cb77",
-  "key": "0x121516a0d84c94a28d9f9cd2263d3fe8eceee3cef43aa043e388cce914f85205",
-  "signature": "0x5d590ecf3f7019846aba3c363ddb8f640109f9fa35a5d8ce027407e8d4507045b651075cfbecbb86ede90a4f20ac99fa969419c81ee4d7066868bfcd5e47d50d",
-  "invalidKey": "0x98c6edf296f06a1b23e56d56020c0ea8289d07a8b0a23e953b24239697cf5a96",
-  "invalidSignature": "0x8f3d84ae06d3d912328d6c5c97622d880c2de9255d50c697314fc5f61ce0d211b8603ac2c3287ed607364d8cd1e89675a1f3e0892c11ddc7116cf92221b63600"
+  "operator": "0xFFa6DD45436695c0185c9E1721638bc951b6853d",
+  "key": "0xf5240b978fc69dc2fdc62775572794e8cd0fd8ac4c0510336fb07232e8086692",
+  "signature": "0x78dd2320878fc2fb9f818d56442926eab183f7b94acfb5eaf5d7a24a018f4c200582b0b0cfc195991e1b827187abd35eb099dda6cd6f3458eb53d086db82c808",
+  "invalidKey": "0xc3e65061bd3c7857f68ab167faa3da83d964d2ec9d2447d367a7cdb4a3256d24",
+  "invalidSignature": "0x4b829ff953a071273aca67046a71a7f2c0d74ab8dcb3636cfeaf6c4a8f3c9ba5a6de5754c5189fc0e38e3df225657043fbfc0786f4b676ffab319bd92af20307"
 }
diff --git a/test/helpers/ed25519TestGenerator.js b/test/helpers/ed25519TestGenerator.js
@@ -24,12 +24,6 @@ function generateTestData(operatorAddress) {
         ])
     );
 
-    // Add 9 bytes of zeros to the message
-    message = Buffer.concat([
-        message,
-        Buffer.alloc(9)
-    ]);
-
     // Sign the message
     const signature = "0x" + bytesToHex(ed25519.sign(message, privateKey));
 
@@ -71,11 +65,6 @@ function generateInvalidTestData(operatorAddress) {
         ])
     );
 
-    message = Buffer.concat([
-        message,
-        Buffer.alloc(9)
-    ]);
-
     // Sign with privateKey2 (mismatch)
     const signature = "0x" + bytesToHex(ed25519.sign(message, privateKey2));