You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 25, 2024. It is now read-only.
And has a simple ABI that we can probably re-use, and should be easy to parse:
struct WebAuthnAuth {
/// @dev https://www.w3.org/TR/webauthn-2/#dom-authenticatorassertionresponse-authenticatordatabytes authenticatorData;
/// @dev https://www.w3.org/TR/webauthn-2/#dom-authenticatorresponse-clientdatajsonstring clientDataJSON;
/// The index at which "challenge":"..." occurs in clientDataJSONuint256 challengeIndex;
/// The index at which "type":"..." occurs in clientDataJSONuint256 typeIndex;
/// @dev The r value of secp256r1 signatureuint256 r;
/// @dev The s value of secp256r1 signatureuint256 s;
}
function verify(
bytesmemorychallenge,
boolrequireUserVerification,
WebAuthnAuth memorywebAuthnAuth,
uint256x,
uint256y
) internalviewreturns (bool)
The solidity library references WebAuthn level 2 docs, and the library supports level 3. The level 3 "authenticator assertion response" (authenticatorData) fields seem to be backward compatible, with the new level 3 flags bits taking up the "reserved for future use" range from level 2.
I'm not sure yet which specific methods / structs expose the verification procedure, possibly the Authenticator, but this needs to be checked against the solidity library.
The text was updated successfully, but these errors were encountered:
We should make a precompile for WebAuthn, so that passkey verification (or verification of other webauthn compatible credentials) is cheap and easy.
This library seems to be the standard for WebAuthn usage in solidity:
https://github.com/base-org/webauthn-sol
And has a simple ABI that we can probably re-use, and should be easy to parse:
This library looks promising for the implementation:
https://github.com/1Password/passkey-rs
The solidity library references WebAuthn level 2 docs, and the library supports level 3. The level 3 "authenticator assertion response" (
authenticatorData
) fields seem to be backward compatible, with the new level 3flags
bits taking up the "reserved for future use" range from level 2.authenticatorData
level 2: https://www.w3.org/TR/webauthn-2/#authenticator-dataauthenticatorData
level 3: https://www.w3.org/TR/webauthn-3/#authenticator-dataThe
clientDataJSON
field looks like it is unchanged between level 2 and level 3.The docs from the library make it slightly more clear what we would need to implement:
https://github.com/base-org/webauthn-sol/blob/619f20ab0f074fef41066ee4ab24849a913263b2/src/WebAuthn.sol#L59-L96
The level 2 verification procedure spec: https://www.w3.org/TR/webauthn-2/#sctn-verifying-assertion
The level 3 verification procedure spec: https://www.w3.org/TR/webauthn-3/#sctn-verifying-assertion
I'm not sure yet which specific methods / structs expose the verification procedure, possibly the
Authenticator
, but this needs to be checked against the solidity library.The text was updated successfully, but these errors were encountered: