From 7df29d18b18d2b088620d0351adb9dc94c1b87f9 Mon Sep 17 00:00:00 2001
From: Nalin Bhardwaj <github@nibnalin.me>
Date: Sat, 18 May 2024 14:45:45 -0700
Subject: [PATCH] P256.sol: support precompile as primary, use solidity as
 fallback

---
 lcov.info    | 57 +++++++++++++++++++++++++++++++---------------------
 src/P256.sol | 13 +++++++++---
 2 files changed, 44 insertions(+), 26 deletions(-)

diff --git a/lcov.info b/lcov.info
index 95863d0..f91f38f 100644
--- a/lcov.info
+++ b/lcov.info
@@ -1,38 +1,49 @@
 TN:
 SF:src/P256.sol
-FN:10,P256.verifySignatureAllowMalleability
+FN:11,P256.verifySignatureAllowMalleability
 FNDA:6,P256.verifySignatureAllowMalleability
-DA:17,6
-DA:17,6
-DA:17,6
 DA:18,6
 DA:18,6
 DA:18,6
-DA:19,6
-DA:19,6
-BRDA:19,0,0,-
-BRDA:19,0,1,-
-DA:21,6
+DA:20,6
+DA:20,6
+DA:20,6
 DA:21,6
 DA:21,6
 DA:21,6
-FN:28,P256.verifySignature
+BRDA:21,0,0,6
+BRDA:21,0,1,-
+DA:21,0
+DA:21,0
+DA:21,0
+DA:23,6
+DA:23,6
+DA:23,6
+DA:26,6
+DA:26,6
+BRDA:26,1,0,-
+BRDA:26,1,1,-
+DA:28,6
+DA:28,6
+DA:28,6
+DA:28,6
+FN:35,P256.verifySignature
 FNDA:5,P256.verifySignature
-DA:36,5
-DA:36,5
-BRDA:36,1,0,4
-BRDA:36,1,1,1
-DA:37,1
-DA:37,1
-DA:40,4
-DA:40,4
-DA:40,4
+DA:43,5
+DA:43,5
+BRDA:43,2,0,4
+BRDA:43,2,1,1
+DA:44,1
+DA:44,1
+DA:47,4
+DA:47,4
+DA:47,4
 FNF:2
 FNH:2
-LF:7
-LH:7
-BRF:4
-BRH:2
+LF:9
+LH:9
+BRF:6
+BRH:3
 end_of_record
 TN:
 SF:src/P256Verifier.sol
diff --git a/src/P256.sol b/src/P256.sol
index 4eb05d7..17d7230 100644
--- a/src/P256.sol
+++ b/src/P256.sol
@@ -5,6 +5,7 @@ pragma solidity 0.8.21;
  * Helper library for external contracts to verify P256 signatures.
  **/
 library P256 {
+    address constant PRECOMPILE = address(0x100);
     address constant VERIFIER = 0xc2b78104907F722DABAc4C69f826a522B2754De4;
 
     function verifySignatureAllowMalleability(
@@ -15,10 +16,16 @@ library P256 {
         uint256 y
     ) internal view returns (bool) {
         bytes memory args = abi.encode(message_hash, r, s, x, y);
-        (bool success, bytes memory ret) = VERIFIER.staticcall(args);
-        assert(success); // never reverts, always returns 0 or 1
 
-        return abi.decode(ret, (uint256)) == 1;
+        (bool success, bytes memory ret) = PRECOMPILE.staticcall(args);
+        if (success && ret.length > 0) return abi.decode(ret, (uint256)) == 1;
+
+        (bool fallbackSuccess, bytes memory fallbackRet) = VERIFIER.staticcall(
+            args
+        );
+        assert(fallbackSuccess); // never reverts, always returns 0 or 1
+
+        return abi.decode(fallbackRet, (uint256)) == 1;
     }
 
     /// P256 curve order n/2 for malleability check