fix: bump 26.1.4 with normalize p256 (#1513)

joshieDo · web-flow · commit 6757a25246ae · 2025-12-19T14:05:18.000Z
* bumps to `26.1.4` ensuring that new P256/webauthn signatures are normalized: https://github.com/Vectorized/solady/blob/cbcfe0009477aa329574f17e8db0a05703bb8bdd/src/utils/WebAuthn.sol#L141-L142
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "relay"
-version = "26.1.3"
+version = "26.1.4"
 edition = "2024"
 publish = false
 license = "MIT OR Apache-2.0"
diff --git a/src/estimation/arb.rs b/src/estimation/arb.rs
@@ -94,6 +94,7 @@ mod tests {
     };
 
     #[tokio::test]
+    #[ignore]
     async fn test_arb_gas_estimate_l1() {
         let provider =
             ProviderBuilder::new().connect("https://arb1.arbitrum.io/rpc").await.unwrap().erased();
diff --git a/src/signers/dyn.rs b/src/signers/dyn.rs
@@ -2,6 +2,7 @@
 //!
 //! A signer abstracted over multiple underlying signers.
 use super::Eip712PayLoadSigner;
+use crate::types::KeyType;
 use alloy::{
     network::{FullSigner, TxSigner},
     primitives::{Address, B256, Bytes, Signature},
@@ -80,6 +81,10 @@ impl Deref for DynSigner {
 
 #[async_trait::async_trait]
 impl Eip712PayLoadSigner for DynSigner {
+    fn key_type(&self) -> KeyType {
+        KeyType::Secp256k1
+    }
+
     async fn sign_payload_hash(&self, payload_hash: B256) -> eyre::Result<Bytes> {
         Ok(self.sign_hash(&payload_hash).await?.as_bytes().into())
     }
diff --git a/src/signers/mod.rs b/src/signers/mod.rs
@@ -10,9 +10,14 @@ pub use p256::{P256Key, P256Signer};
 mod webauthn;
 pub use webauthn::WebAuthnSigner;
 
+use crate::types::KeyType;
+
 /// Trait for a [EIP-712] payload signer.
 #[async_trait::async_trait]
 pub trait Eip712PayLoadSigner: std::fmt::Debug + Send + Sync {
+    /// Returns the key type.
+    fn key_type(&self) -> KeyType;
+
     /// Signs the [EIP-712] payload hash.
     ///
     /// Returns [`Bytes`].
diff --git a/src/signers/p256.rs b/src/signers/p256.rs
@@ -1,6 +1,7 @@
 //! P256 signer type with webauthn capabilities used for gas estimation and testing.
 
 use super::Eip712PayLoadSigner;
+use crate::types::KeyType;
 use alloy::primitives::{B256, Bytes};
 use p256::ecdsa::{SigningKey, signature::hazmat::PrehashSigner};
 use std::sync::Arc;
@@ -43,6 +44,10 @@ impl P256Signer {
 
 #[async_trait::async_trait]
 impl Eip712PayLoadSigner for P256Signer {
+    fn key_type(&self) -> KeyType {
+        KeyType::P256
+    }
+
     async fn sign_payload_hash(&self, payload_hash: B256) -> eyre::Result<Bytes> {
         Ok(self.sign_prehash(payload_hash.as_slice())?.to_bytes().to_vec().into())
     }
diff --git a/src/signers/webauthn.rs b/src/signers/webauthn.rs
@@ -1,5 +1,5 @@
 use super::{Eip712PayLoadSigner, p256::P256Key};
-use crate::types::WebAuthnP256;
+use crate::types::{KeyType, WebAuthnP256};
 use alloy::{
     primitives::{B256, Bytes, U256, bytes},
     signers::k256::sha2::{Digest, Sha256},
@@ -32,6 +32,10 @@ impl P256Key for WebAuthnSigner {
 
 #[async_trait::async_trait]
 impl Eip712PayLoadSigner for WebAuthnSigner {
+    fn key_type(&self) -> KeyType {
+        KeyType::WebAuthnP256
+    }
+
     async fn sign_payload_hash(&self, payload_hash: B256) -> eyre::Result<Bytes> {
         // ID || UserPresent Flag || SignatureCounter
         let authenticator_data = bytes!(
diff --git a/src/types/intent/mod.rs b/src/types/intent/mod.rs
@@ -1,4 +1,4 @@
-use super::{Call, IDelegation::authorizeCall, Key, MerkleLeafInfo};
+use super::{Call, IDelegation::authorizeCall, Key, MerkleLeafInfo, key::normalize_p256_s};
 use crate::{
     error::{IntentError, MerkleError, RelayError},
     types::{
@@ -444,11 +444,17 @@ impl IntentKey<Key> {
     pub fn wrap_signature(&self, signature: Bytes, prehash: bool) -> Bytes {
         match self {
             IntentKey::EoaRootKey => signature,
-            IntentKey::StoredKey(key) => {
-                Signature { innerSignature: signature, keyHash: key.key_hash(), prehash }
-                    .abi_encode_packed()
-                    .into()
+            IntentKey::StoredKey(key) => Signature {
+                innerSignature: if key.keyType.is_webauthn() || key.keyType.is_p256() {
+                    normalize_p256_s(signature)
+                } else {
+                    signature
+                },
+                keyHash: key.key_hash(),
+                prehash,
             }
+            .abi_encode_packed()
+            .into(),
         }
     }
 }
@@ -493,7 +499,11 @@ impl IntentKey<CallKey> {
         match self {
             IntentKey::EoaRootKey => signature,
             IntentKey::StoredKey(key) => Signature {
-                innerSignature: signature,
+                innerSignature: if key.key_type.is_webauthn() || key.key_type.is_p256() {
+                    normalize_p256_s(signature)
+                } else {
+                    signature
+                },
                 keyHash: key.key_hash(),
                 prehash: key.prehash,
             }
diff --git a/src/types/key.rs b/src/types/key.rs
@@ -1,6 +1,6 @@
 use super::{
     super::signers::{DynSigner, Eip712PayLoadSigner, P256Key, P256Signer, WebAuthnSigner},
-    U40,
+    U40, WebAuthnP256,
     rpc::{AuthorizeKey, CallKey, Permission, RevokeKey},
 };
 use IDelegation::getKeysReturn;
@@ -364,6 +364,15 @@ impl KeyWith712Signer {
         }
     }
 
+    /// Wraps signer to produce high-S signatures for testing P256 normalization.
+    pub fn with_high_s_signature(self) -> Self {
+        Self {
+            key: self.key,
+            signer: Arc::new(HighSSignerWrapper(self.signer)),
+            permissions: self.permissions,
+        }
+    }
+
     /// Returns [`KeyWith712Signer`] with additional permissions.
     pub fn with_permissions(mut self, permissions: Vec<Permission>) -> Self {
         self.permissions = permissions;
@@ -404,6 +413,10 @@ impl KeyWith712Signer {
 
 #[async_trait::async_trait]
 impl Eip712PayLoadSigner for KeyWith712Signer {
+    fn key_type(&self) -> KeyType {
+        self.signer.key_type()
+    }
+
     async fn sign_payload_hash(&self, payload_hash: B256) -> eyre::Result<Bytes> {
         Ok(self.signer.sign_payload_hash(payload_hash).await?)
     }
@@ -426,6 +439,68 @@ pub const ITHACA_ACCOUNT_STORAGE_SLOT: u128 = 1264628507133665080054;
 /// contract.
 pub const ITHACA_KEY_STORAGE_SLOT_OFFSET: u128 = 3;
 
+const P256_N: U256 =
+    alloy::uint!(0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551_U256);
+const P256_HALF_N: U256 =
+    alloy::uint!(0x7fffffff800000007fffffffffffffffde737d56d38bcf4279dce5617e3192a8_U256);
+
+/// Wrapper that converts signatures to high-S for testing normalization.
+#[derive(Debug)]
+struct HighSSignerWrapper(Arc<dyn Eip712PayLoadSigner>);
+
+#[async_trait::async_trait]
+impl Eip712PayLoadSigner for HighSSignerWrapper {
+    fn key_type(&self) -> KeyType {
+        self.0.key_type()
+    }
+
+    async fn sign_payload_hash(&self, payload_hash: B256) -> eyre::Result<Bytes> {
+        let sig = self.0.sign_payload_hash(payload_hash).await?;
+        match self.0.key_type() {
+            KeyType::P256 => {
+                let s = U256::from_be_slice(&sig[32..]);
+                if s < P256_HALF_N {
+                    let mut out = sig[..32].to_vec();
+                    out.extend_from_slice(B256::from(P256_N - s).as_slice());
+                    return Ok(out.into());
+                }
+            }
+            KeyType::WebAuthnP256 => {
+                if let Ok(mut w) = WebAuthnP256::abi_decode(&sig) {
+                    let s: U256 = w.s.into();
+                    if s < P256_HALF_N {
+                        w.s = (P256_N - s).into();
+                        return Ok(w.abi_encode().into());
+                    }
+                }
+            }
+            _ => {}
+        }
+        Ok(sig)
+    }
+}
+
+/// Normalizes P256 signature S value to lower half of curve.
+///
+/// Handles both raw P256 (64 bytes) and ABI-encoded WebAuthnP256 formats.
+pub fn normalize_p256_s(signature: Bytes) -> Bytes {
+    if signature.len() == 64 {
+        let s = U256::from_be_slice(&signature[32..]);
+        if s > P256_HALF_N {
+            let mut out = signature[..32].to_vec();
+            out.extend_from_slice(B256::from(P256_N - s).as_slice());
+            return out.into();
+        }
+    } else if let Ok(mut w) = WebAuthnP256::abi_decode(&signature) {
+        let s: U256 = w.s.into();
+        if s > P256_HALF_N {
+            w.s = (P256_N - s).into();
+            return WebAuthnP256::abi_encode(&w).into();
+        }
+    }
+    signature
+}
+
 #[cfg(test)]
 mod tests {
     use super::{Key, KeyType};
diff --git a/tests/e2e/cases/keys.rs b/tests/e2e/cases/keys.rs
@@ -3,14 +3,14 @@ use crate::e2e::{
     cases::upgrade_account_eagerly, environment::Environment, run_e2e,
 };
 use alloy::{
-    primitives::{U64, U256},
+    primitives::{Address, B256, U64, U256},
     sol_types::SolCall,
 };
 use relay::{
     rpc::RelayApiClient,
     signers::Eip712PayLoadSigner,
     types::{
-        CallPermission,
+        Call, CallPermission,
         IthacaAccount::SpendPeriod,
         KeyType, KeyWith712Signer,
         rpc::{
@@ -434,3 +434,44 @@ async fn get_keys_multichain_three_chains_two_have_session() -> eyre::Result<()>
 
     Ok(())
 }
+
+/// Test high-S normalization for P256/WebAuthn keys (precall + normal call).
+#[tokio::test(flavor = "multi_thread")]
+async fn high_s_signature() -> eyre::Result<()> {
+    let webauthn =
+        KeyWith712Signer::random_admin(KeyType::WebAuthnP256)?.unwrap().with_high_s_signature();
+    let p256 = KeyWith712Signer::random_admin(KeyType::P256)?.unwrap().with_high_s_signature();
+
+    run_e2e(|env| {
+        vec![
+            // WebAuthn signs precall, P256 signs main tx
+            TxContext {
+                authorization_keys: vec![&webauthn],
+                expected: ExpectedOutcome::Pass,
+                pre_calls: vec![TxContext {
+                    authorization_keys: vec![&p256],
+                    key: Some(&webauthn),
+                    nonce: Some(U256::from_be_bytes(*B256::random()) << 64),
+                    ..Default::default()
+                }],
+                calls: vec![Call::transfer(env.erc20, Address::random(), U256::from(10))],
+                key: Some(&p256),
+                ..Default::default()
+            },
+            // P256 signs precall, WebAuthn signs main tx
+            TxContext {
+                expected: ExpectedOutcome::Pass,
+                pre_calls: vec![TxContext {
+                    authorization_keys: vec![&p256],
+                    key: Some(&p256),
+                    nonce: Some(U256::from_be_bytes(*B256::random()) << 64),
+                    ..Default::default()
+                }],
+                calls: vec![Call::transfer(env.erc20, Address::random(), U256::from(10))],
+                key: Some(&webauthn),
+                ..Default::default()
+            },
+        ]
+    })
+    .await
+}
