Merge pull request #4 from automata-network/docs

Liao1 · web-flow · commit 901cf0ffaa71 · 2023-11-28T20:54:04.000+08:00
Update license and add docs
diff --git a/LICENSE b/LICENSE
diff --git a/src/AndroidSafetyNet.sol b/src/AndroidSafetyNet.sol
@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: MIT
+// SPDX-License-Identifier: GPL-3.0
 pragma solidity ^0.8.0;
 
 import "./AttestationVerificationBase.sol";
diff --git a/src/AttestationVerificationBase.sol b/src/AttestationVerificationBase.sol
@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: MIT
+// SPDX-License-Identifier: GPL-3.0
 pragma solidity ^0.8.0;
 
 import {ISigVerifyLib} from "./utils/interfaces/ISigVerifyLib.sol";
diff --git a/src/WindowsTPM.sol b/src/WindowsTPM.sol
@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: MIT
+// SPDX-License-Identifier: GPL-3.0
 pragma solidity ^0.8.0;
 
 import "./utils/SHA1.sol";
diff --git a/src/Yubikey.sol b/src/Yubikey.sol
@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: MIT
+// SPDX-License-Identifier: GPL-3.0
 pragma solidity ^0.8.0;
 
 import "./AttestationVerificationBase.sol";
diff --git a/src/utils/Asn1Decode.sol b/src/utils/Asn1Decode.sol
@@ -1,5 +1,4 @@
-// SPDX-License-Identifier: MIT
-// Original source: https://github.com/JonahGroendal/asn1-decode
+// SPDX-License-Identifier: Apache-2.0
 pragma solidity ^0.8.0;
 
 // Referenced From PufferFinance/rave - Apache-2.0 license
diff --git a/src/utils/CertInfoParser.sol b/src/utils/CertInfoParser.sol
@@ -1,8 +1,11 @@
-//SPDX-License-Identifier: MIT
+// SPDX-License-Identifier: GPL-3.0
 pragma solidity ^0.8.0;
 
 import "./BytesUtils.sol";
 
+// Library for parsing certInfo, which is a part of Windows TPM attestation
+// The spec is defined in the 10.12.8 section of the document: https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
+
 library CertInfoParser {
     struct QualifiedSigner {
         uint16 size;
@@ -16,16 +19,16 @@ library CertInfoParser {
 
     struct CertInfo {
         bytes raw;
-        bytes magic;
-        bytes2 certInfoType;
-        QualifiedSigner qualifiedSigner; // TPM2B_NAME
-        ExtraData extraData; // TPM2B_DATA
+        bytes magic; // TPM_GENERATED, the indication that this structure was created by a TPM (always TPM_GENERATED_VALUE)
+        bytes2 certInfoType; // TPMI_ST_ATTEST, type of the attestation structure
+        QualifiedSigner qualifiedSigner; // TPM2B_NAME, qualified Name of the signing key
+        ExtraData extraData; // TPM2B_DATA, external information supplied by caller
         bytes8 clock;
         bytes4 resetCount;
         bytes4 restartCount;
         bytes1 safe;
-        bytes8 firmwareVersion;
-        bytes attestedField;
+        bytes8 firmwareVersion; // TPM-vendor-specific value identifying the version number of the firmware
+        bytes attestedField; // The type-specific attestation information
     }
 
     function parseCertInfo(bytes memory input) internal pure returns (CertInfo memory certInfo) {
diff --git a/src/utils/DerParser.sol b/src/utils/DerParser.sol
@@ -1,11 +1,14 @@
-// SPDX-License-Identifier: MIT
+// SPDX-License-Identifier: GPL-3.0
 pragma solidity ^0.8.0;
 
 import "./interfaces/IDerParser.sol";
 import "./Asn1Decode.sol";
 import "./X509DateUtils.sol";
 import "./BytesUtils.sol";
 
+// Library for parsing DER-encoded X.509 certificates
+// NOTE: This library is not complete, it only supports parsing the fields we need for verifying the attestation
+
 contract DerParser is IDerParser {
     using Asn1Decode for bytes;
     using NodePtr for uint256;
diff --git a/src/utils/RsaVerify.sol b/src/utils/RsaVerify.sol
@@ -6,6 +6,7 @@ import "./SHA1.sol";
 
 // Referenced from adria0/SolRsaVerify - GPL-3.0 license
 // https://github.com/adria0/SolRsaVerify/blob/master/src/RsaVerify.sol
+// Added PKCSv1.5 SHA1 verification
 
 /*
     Copyright 2016, Adrià Massanet
diff --git a/src/utils/SigVerifyLib.sol b/src/utils/SigVerifyLib.sol
@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: MIT
+// SPDX-License-Identifier: GPL-3.0
 pragma solidity ^0.8.0;
 
 import "p256-verifier/P256.sol";
@@ -7,6 +7,12 @@ import "./interfaces/ISigVerifyLib.sol";
 import "./RsaVerify.sol";
 import "./BytesUtils.sol";
 
+// Library for verifying signatures
+// Supports verifying signatures with the following algorithms:
+// - RS256
+// - ES256
+// - RS1
+
 contract SigVerifyLib is ISigVerifyLib {
     using BytesUtils for bytes;
 
diff --git a/src/utils/X509DateUtils.sol b/src/utils/X509DateUtils.sol
@@ -1,8 +1,16 @@
-// SPDX-License-Identifier: MIT
+// SPDX-License-Identifier: GPL-3.0
 
 pragma solidity ^0.8.0;
 
+// Library for parsing the date fields in X.509 certificates
+
 library X509DateUtils {
+
+    /*
+     * @dev Convert a DER-encoded time to a unix timestamp
+     * @param x509Time The DER-encoded time
+     * @return The unix timestamp
+     */
     function toTimestamp(bytes memory x509Time) internal pure returns (uint256) {
         uint16 yrs;
         uint8 mnths;
diff --git a/src/utils/interfaces/IDerParser.sol b/src/utils/interfaces/IDerParser.sol
@@ -1,4 +1,4 @@
-//SPDX-License-Identifier: MIT
+// SPDX-License-Identifier: GPL-3.0
 pragma solidity >=0.8.0;
 
 interface IDerParser {
diff --git a/src/utils/interfaces/ISigVerifyLib.sol b/src/utils/interfaces/ISigVerifyLib.sol
@@ -1,4 +1,4 @@
-//SPDX-License-Identifier: MIT
+// SPDX-License-Identifier: GPL-3.0
 pragma solidity >=0.8.0;
 
 interface ISigVerifyLib {

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-// SPDX-License-Identifier: MIT`
	`1`	`+// SPDX-License-Identifier: GPL-3.0`
`2`	`2`	`pragma solidity ^0.8.0;`
`3`	`3`
`4`	`4`	`import "./AttestationVerificationBase.sol";`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-//SPDX-License-Identifier: MIT`
	`1`	`+// SPDX-License-Identifier: GPL-3.0`
`2`	`2`	`pragma solidity >=0.8.0;`
`3`	`3`
`4`	`4`	`interface IDerParser {`