Closed jot2re closed 2 years ago
Hi, @jot2re , this PR is bit challenging to implement with JS it use some methods, which I dont know how to implement with JS examples:
can you help me?
Of course!
First of all I can say that things don't look super complex when it comes to TS. Basically the way you have implemented elliptic curve arithmetic is using affine coordinates... This basically means that you have implemented as anyone new would expect it to be implemented; as an x and y coordinate where the y coordinate is computed as y^2=x^3+ax+b.
This means that the x and y in a Point
object is already normalised and in the affine form. So hose can be used directly.
In relation to HMacDSAKCalculator
I cannot see where anything new is done with this? It is only used to compute a deterministic signature based on the standard of EIP 2, which is what the TS code has been doing since the beginning using some web3 libraries.
Let me try to implement a draft of validatePointToCurve
, then maybe you can adjust and fix the appropriate places to call it?
I have made a new branch off PR #248 and tried to implement what I think should happen in validatePointToCurve
.
Is this sufficient for you to continue with, or should I try to implement some other code segments as well?
Closed with the merge of PR #248
In PR #248 I have added several security enhancements to the attestation.jar. Since we are currently using Authenticator as the Heroku backend app, these should also be implemented in Authenticator.
In general this task is about getting the Authenticator code up-to-date with attestation.jar.
In particular the only classes that seems to be strictly relevant to update is
ProofOfExponent
,FullProofOfExponent
,UsageProofOfExponent
,SignaturUtility
andAttestationCrypto
.This issue also handles the problem Curve points are not validated in token-negotiator as discussed in section 2.2.2 in The NFT minting security report. See Jira issue 291