Skip to content

Commit 1d9400e

Browse files
ernestognwAmxx
andauthored
Add ERC7913 signers and utilities (#5659)
Co-authored-by: Hadrien Croubois <hadrien.croubois@gmail.com>
1 parent 8bff2a7 commit 1d9400e

File tree

17 files changed

+1374
-6
lines changed

17 files changed

+1374
-6
lines changed

.changeset/nice-rings-wish.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
'openzeppelin-solidity': minor
3+
---
4+
5+
`ERC7913P256Verifier` and `ERC7913RSAVerifier`: Ready to use ERC-7913 verifiers that implement key verification for P256 (secp256r1) and RSA keys.

.changeset/quiet-kiwis-feel.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
'openzeppelin-solidity': minor
3+
---
4+
5+
`SignerERC7913`: Abstract signer that verifies signatures using the ERC-7913 workflow.

.changeset/social-walls-obey.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
'openzeppelin-solidity': minor
3+
---
4+
5+
`MultiSignerERC7913`: Implementation of `AbstractSigner` that supports multiple ERC-7913 signers with a threshold-based signature verification system.

.changeset/sour-pens-shake.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
'openzeppelin-solidity': minor
3+
---
4+
5+
`SignatureChecker`: Add support for ERC-7913 signatures alongside existing ECDSA and ERC-1271 signature verification.

contracts/interfaces/IERC7913.sol

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
// SPDX-License-Identifier: MIT
2+
3+
pragma solidity ^0.8.0;
4+
5+
/**
6+
* @dev Signature verifier interface.
7+
*/
8+
interface IERC7913SignatureVerifier {
9+
/**
10+
* @dev Verifies `signature` as a valid signature of `hash` by `key`.
11+
*
12+
* MUST return the bytes4 magic value IERC7913SignatureVerifier.verify.selector if the signature is valid.
13+
* SHOULD return 0xffffffff or revert if the signature is not valid.
14+
* SHOULD return 0xffffffff or revert if the key is empty
15+
*/
16+
function verify(bytes calldata key, bytes32 hash, bytes calldata signature) external view returns (bytes4);
17+
}

contracts/mocks/account/AccountMock.sol

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,8 @@ import {SignerECDSA} from "../../utils/cryptography/signers/SignerECDSA.sol";
1717
import {SignerP256} from "../../utils/cryptography/signers/SignerP256.sol";
1818
import {SignerRSA} from "../../utils/cryptography/signers/SignerRSA.sol";
1919
import {SignerERC7702} from "../../utils/cryptography/signers/SignerERC7702.sol";
20+
import {SignerERC7913} from "../../utils/cryptography/signers/SignerERC7913.sol";
21+
import {MultiSignerERC7913} from "../../utils/cryptography/signers/MultiSignerERC7913.sol";
2022

2123
abstract contract AccountMock is Account, ERC7739, ERC7821, ERC721Holder, ERC1155Holder {
2224
/// Validates a user operation with a boolean signature.
@@ -136,3 +138,34 @@ abstract contract AccountERC7579HookedMock is AccountERC7579Hooked {
136138
_installModule(MODULE_TYPE_VALIDATOR, validator, initData);
137139
}
138140
}
141+
142+
abstract contract AccountMultiSignerMock is Account, MultiSignerERC7913, ERC7739, ERC7821, ERC721Holder, ERC1155Holder {
143+
constructor(bytes[] memory signers, uint64 threshold) {
144+
_addSigners(signers);
145+
_setThreshold(threshold);
146+
}
147+
148+
/// @inheritdoc ERC7821
149+
function _erc7821AuthorizedExecutor(
150+
address caller,
151+
bytes32 mode,
152+
bytes calldata executionData
153+
) internal view virtual override returns (bool) {
154+
return caller == address(entryPoint()) || super._erc7821AuthorizedExecutor(caller, mode, executionData);
155+
}
156+
}
157+
158+
abstract contract AccountERC7913Mock is Account, SignerERC7913, ERC7739, ERC7821, ERC721Holder, ERC1155Holder {
159+
constructor(bytes memory _signer) {
160+
_setSigner(_signer);
161+
}
162+
163+
/// @inheritdoc ERC7821
164+
function _erc7821AuthorizedExecutor(
165+
address caller,
166+
bytes32 mode,
167+
bytes calldata executionData
168+
) internal view virtual override returns (bool) {
169+
return caller == address(entryPoint()) || super._erc7821AuthorizedExecutor(caller, mode, executionData);
170+
}
171+
}

contracts/utils/cryptography/README.adoc

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,8 @@ A collection of contracts and libraries that implement various signature validat
1717
* {ERC7739}: An abstract contract to validate signatures following the rehashing scheme from {ERC7739Utils}.
1818
* {SignerECDSA}, {SignerP256}, {SignerRSA}: Implementations of an {AbstractSigner} with specific signature validation algorithms.
1919
* {SignerERC7702}: Implementation of {AbstractSigner} that validates signatures using the contract's own address as the signer, useful for delegated accounts following EIP-7702.
20+
* {SignerERC7913}, {MultiSignerERC7913}: Implementations of {AbstractSigner} that validate signatures based on ERC-7913. Including a simple multisignature scheme.
21+
* {ERC7913P256Verifier}, {ERC7913RSAVerifier}: Ready to use ERC-7913 signature verifiers for P256 and RSA keys.
2022

2123
== Utils
2224

@@ -51,3 +53,13 @@ A collection of contracts and libraries that implement various signature validat
5153
{{SignerRSA}}
5254

5355
{{SignerERC7702}}
56+
57+
{{SignerERC7913}}
58+
59+
{{MultiSignerERC7913}}
60+
61+
== Verifiers
62+
63+
{{ERC7913P256Verifier}}
64+
65+
{{ERC7913RSAVerifier}}

contracts/utils/cryptography/SignatureChecker.sol

Lines changed: 88 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,19 +5,29 @@ pragma solidity ^0.8.24;
55

66
import {ECDSA} from "./ECDSA.sol";
77
import {IERC1271} from "../../interfaces/IERC1271.sol";
8+
import {IERC7913SignatureVerifier} from "../../interfaces/IERC7913.sol";
9+
import {Bytes} from "../../utils/Bytes.sol";
810

911
/**
10-
* @dev Signature verification helper that can be used instead of `ECDSA.recover` to seamlessly support both ECDSA
11-
* signatures from externally owned accounts (EOAs) as well as ERC-1271 signatures from smart contract wallets like
12-
* Argent and Safe Wallet (previously Gnosis Safe).
12+
* @dev Signature verification helper that can be used instead of `ECDSA.recover` to seamlessly support:
13+
*
14+
* * ECDSA signatures from externally owned accounts (EOAs)
15+
* * ERC-1271 signatures from smart contract wallets like Argent and Safe Wallet (previously Gnosis Safe)
16+
* * ERC-7913 signatures from keys that do not have an Ethereum address of their own
17+
*
18+
* See https://eips.ethereum.org/EIPS/eip-1271[ERC-1271] and https://eips.ethereum.org/EIPS/eip-7913[ERC-7913].
1319
*/
1420
library SignatureChecker {
21+
using Bytes for bytes;
22+
1523
/**
1624
* @dev Checks if a signature is valid for a given signer and data hash. If the signer has code, the
1725
* signature is validated against it using ERC-1271, otherwise it's validated using `ECDSA.recover`.
1826
*
1927
* NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus
2028
* change through time. It could return true at block N and false at block N+1 (or the opposite).
29+
*
30+
* NOTE: For an extended version of this function that supports ERC-7913 signatures, see {isValidERC7913SignatureNow}.
2131
*/
2232
function isValidSignatureNow(address signer, bytes32 hash, bytes memory signature) internal view returns (bool) {
2333
if (signer.code.length == 0) {
@@ -47,4 +57,79 @@ library SignatureChecker {
4757
result.length >= 32 &&
4858
abi.decode(result, (bytes32)) == bytes32(IERC1271.isValidSignature.selector));
4959
}
60+
61+
/**
62+
* @dev Verifies a signature for a given ERC-7913 signer and hash.
63+
*
64+
* The signer is a `bytes` object that is the concatenation of an address and optionally a key:
65+
* `verifier || key`. A signer must be at least 20 bytes long.
66+
*
67+
* Verification is done as follows:
68+
*
69+
* * If `signer.length < 20`: verification fails
70+
* * If `signer.length == 20`: verification is done using {isValidSignatureNow}
71+
* * Otherwise: verification is done using {IERC7913SignatureVerifier}
72+
*
73+
* NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus
74+
* change through time. It could return true at block N and false at block N+1 (or the opposite).
75+
*/
76+
function isValidERC7913SignatureNow(
77+
bytes memory signer,
78+
bytes32 hash,
79+
bytes memory signature
80+
) internal view returns (bool) {
81+
if (signer.length < 20) {
82+
return false;
83+
} else if (signer.length == 20) {
84+
return isValidSignatureNow(address(bytes20(signer)), hash, signature);
85+
} else {
86+
(bool success, bytes memory result) = address(bytes20(signer)).staticcall(
87+
abi.encodeCall(IERC7913SignatureVerifier.verify, (signer.slice(20), hash, signature))
88+
);
89+
return (success &&
90+
result.length >= 32 &&
91+
abi.decode(result, (bytes32)) == bytes32(IERC7913SignatureVerifier.verify.selector));
92+
}
93+
}
94+
95+
/**
96+
* @dev Verifies multiple ERC-7913 `signatures` for a given `hash` using a set of `signers`.
97+
* Returns `false` if the number of signers and signatures is not the same.
98+
*
99+
* The signers should be ordered by their `keccak256` hash to ensure efficient duplication check. Unordered
100+
* signers are supported, but the uniqueness check will be more expensive.
101+
*
102+
* NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus
103+
* change through time. It could return true at block N and false at block N+1 (or the opposite).
104+
*/
105+
function areValidERC7913SignaturesNow(
106+
bytes32 hash,
107+
bytes[] memory signers,
108+
bytes[] memory signatures
109+
) internal view returns (bool) {
110+
if (signers.length != signatures.length) return false;
111+
112+
bytes32 lastId = bytes32(0);
113+
114+
for (uint256 i = 0; i < signers.length; ++i) {
115+
bytes memory signer = signers[i];
116+
117+
// If one of the signatures is invalid, reject the batch
118+
if (!isValidERC7913SignatureNow(signer, hash, signatures[i])) return false;
119+
120+
bytes32 id = keccak256(signer);
121+
// If the current signer ID is greater than all previous IDs, then this is a new signer.
122+
if (lastId < id) {
123+
lastId = id;
124+
} else {
125+
// If this signer id is not greater than all the previous ones, verify that it is not a duplicate of a previous one
126+
// This loop is never executed if the signers are ordered by id.
127+
for (uint256 j = 0; j < i; ++j) {
128+
if (id == keccak256(signers[j])) return false;
129+
}
130+
}
131+
}
132+
133+
return true;
134+
}
50135
}

0 commit comments

Comments
 (0)