comments and cleanup

.gas-snapshot

@@ -1,9 +1,2 @@
-WebAuthnTest:test_CB() (gas: 294338)
-WebAuthnTest:test_CBCalldataSize() (gas: 354149)
-WebAuthnTest:test_CBCalldataSize2() (gas: 370966)
-WebAuthnTest:test_Daimo() (gas: 424627)
-WebAuthnTest:test_DaimoCalldataSize() (gas: 432582)
-WebAuthnTest:test_FCL() (gas: 301259)
-WebAuthnTest:test_FCLCalldataSize() (gas: 415293)
-WebAuthnTest:test_chrome() (gas: 249746)
-WebAuthnTest:test_safari() (gas: 245050)
+WebAuthnTest:test_chrome() (gas: 252308)
+WebAuthnTest:test_safari() (gas: 247931)

.gitmodules

@@ -4,9 +4,6 @@
 [submodule "lib/FreshCryptoLib"]
 	path = lib/FreshCryptoLib
 	url = https://github.com/rdubois-crypto/FreshCryptoLib
-[submodule "lib/p256-verifier"]
-	path = lib/p256-verifier
-	url = https://github.com/daimo-eth/p256-verifier
 [submodule "lib/solady"]
 	path = lib/solady
 	url = https://github.com/vectorized/solady

README.md

@@ -47,28 +47,16 @@ uint256 x = 28573233055232466711029625910063034642429572463461595413086259353299
 uint256 y = 39367742072897599771788408398752356480431855827262528811857788332151452825281;
 WebAuthn.WebAuthnAuth memory auth = WebAuthn.WebAuthnAuth({
     authenticatorData: hex"49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d97630500000101",
-    origin: "http://localhost:3005",
-    crossOriginAndRemainder: "",
+    clientDataJSON: string.concat(
+        '{"type":"webauthn.get","challenge":"', Base64Url.encode(challenge), '","origin":"http://localhost:3005"}'
+        ),
+    challengeIndex: 23,
+    typeIndex: 1,
     r: 43684192885701841787131392247364253107519555363555461570655060745499568693242,
     s: 22655632649588629308599201066602670461698485748654492451178007896016452673579
 });
-assert(
-    WebAuthn.verify(
-        challenge, false, auth, x, y
-    )
-);
 ```
 
-### Calldata fee comparison
-A comparison with some other WebAuthn verifiers. 
-Numbers from Base mainnet as of February 26, 2024.
-
-| Library | Calldata size (bytes) | L1 fee wei | L1 fee cents |
-|--------|---------------|------------|--------------|
-| WebAuthn-sol | 576 | 212990146162662 | 63 |
-| [Daimo's WebAuthn.sol](https://github.com/daimo-eth/p256-verifier/blob/master/src/WebAuthn.sol) | 672 | 262592374578294 | 78 |
-| [FCL_WebAuthn.sol](https://github.com/rdubois-crypto/FreshCryptoLib/blob/master/solidity/src/FCL_Webauthn.sol) | 640 | 258426308149685 | 77 |
-
 ### Developing 
 After cloning the repo, run the tests using Forge, from [Foundry](https://github.com/foundry-rs/foundry?tab=readme-ov-file)
 ```bash

src/WebAuthn.sol

@@ -1,24 +1,28 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.0;
 
-import {Base64Url} from "FreshCryptoLib/utils/Base64Url.sol";
+import {Base64} from "solady/utils/Base64.sol";
 import {FCL_ecdsa} from "FreshCryptoLib/FCL_ecdsa.sol";
 import {LibString} from "solady/utils/LibString.sol";
 
 /// @title WebAuthn
 /// @notice A library for verifying WebAuthn Authentication Assertions, built off the work
-/// of Daimo. 
+/// of Daimo.
 /// @dev Attempts to use the RIP-7212 precompile for signature verification.
 /// If precompile verification fails, it falls back to FreshCryptoLib.
 /// @author Coinbase (https://github.com/base-org/webauthn-sol)
 /// @author Daimo (https://github.com/daimo-eth/p256-verifier/blob/master/src/WebAuthn.sol)
 library WebAuthn {
-  using LibString for string;
+    using LibString for string;
 
     struct WebAuthnAuth {
+        /// @dev https://www.w3.org/TR/webauthn-2/#dom-authenticatorassertionresponse-authenticatordata
         bytes authenticatorData;
+        /// @dev https://www.w3.org/TR/webauthn-2/#dom-authenticatorresponse-clientdatajson
         string clientDataJSON;
+        /// The index at which "challenge":"..." occurs in clientDataJSON
         uint256 challengeIndex;
+        /// The index at which "type":"..." occurs in clientDataJSON
         uint256 typeIndex;
         /// @dev The r value of secp256r1 signature
         uint256 r;
@@ -37,7 +41,7 @@ library WebAuthn {
 
     /**
      * @notice Verifies a Webauthn Authentication Assertion as described
-     * in https://www.w3.org/TR/webauthn-3/#sctn-verifying-assertion.
+     * in https://www.w3.org/TR/webauthn-2/#sctn-verifying-assertion.
      *
      * @dev We do not verify all the steps as described in the specification, only ones relevant
      * to our context. Please carefully read through this list before usage.
@@ -111,14 +115,16 @@ library WebAuthn {
         }
 
         // 12. Verify that the value of C.challenge equals the base64url encoding of options.challenge.
-        string memory challengeB64url = Base64Url.encode(challenge);
+        string memory challengeB64url = Base64.encode(challenge, true, true);
         // 13. Verify that the value of C.challenge equals the base64url encoding of options.challenge.
         bytes memory expectedChallenge = bytes(string.concat('"challenge":"', challengeB64url, '"'));
-        string memory actualChallenge = webAuthnAuth.clientDataJSON.slice(webAuthnAuth.challengeIndex, webAuthnAuth.challengeIndex + expectedChallenge.length);
+        string memory actualChallenge = webAuthnAuth.clientDataJSON.slice(
+            webAuthnAuth.challengeIndex, webAuthnAuth.challengeIndex + expectedChallenge.length
+        );
         if (keccak256(bytes(actualChallenge)) != keccak256(expectedChallenge)) {
             return false;
         }
-        
+
         // Skip 15., 16., and 16.
 
         // 17. Verify that the UP bit of the flags in authData is set.

test/WebAuthn.t.sol

@@ -13,7 +13,9 @@ contract WebAuthnTest is Test {
         uint256 y = 39367742072897599771788408398752356480431855827262528811857788332151452825281;
         WebAuthn.WebAuthnAuth memory auth = WebAuthn.WebAuthnAuth({
             authenticatorData: hex"49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d97630500000101",
-            clientDataJSON: string.concat('{"type":"webauthn.get","challenge":"',Base64Url.encode(challenge),'","origin":"http://localhost:3005"}'),
+            clientDataJSON: string.concat(
+                '{"type":"webauthn.get","challenge":"', Base64Url.encode(challenge), '","origin":"http://localhost:3005"}'
+                ),
             challengeIndex: 23,
             typeIndex: 1,
             r: 43684192885701841787131392247364253107519555363555461570655060745499568693242,
@@ -27,7 +29,11 @@ contract WebAuthnTest is Test {
         uint256 y = 39367742072897599771788408398752356480431855827262528811857788332151452825281;
         WebAuthn.WebAuthnAuth memory auth = WebAuthn.WebAuthnAuth({
             authenticatorData: hex"49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d9763050000010a",
-            clientDataJSON: string.concat('{"type":"webauthn.get","challenge":"',Base64Url.encode(challenge),'","origin":"http://localhost:3005","crossOrigin":false}'),
+            clientDataJSON: string.concat(
+                '{"type":"webauthn.get","challenge":"',
+                Base64Url.encode(challenge),
+                '","origin":"http://localhost:3005","crossOrigin":false}'
+                ),
             challengeIndex: 23,
             typeIndex: 1,
             r: 29739767516584490820047863506833955097567272713519339793744591468032609909569,