search

paradigmxyz / alphanet

Reth AlphaNet is a testnet OP Stack-compatible rollup aimed at enabling experimentation of bleeding edge Ethereum Research.
Apache License 2.0
158 stars 29 forks source link

Precompile: WebAuthn verification #87

Open Rjected opened 2 months ago

Rjected commented 2 months ago

We should make a precompile for WebAuthn, so that passkey verification (or verification of other webauthn compatible credentials) is cheap and easy.

This library seems to be the standard for WebAuthn usage in solidity: https://github.com/base-org/webauthn-sol

And has a simple ABI that we can probably re-use, and should be easy to parse:

struct WebAuthnAuth {
    /// @dev https://www.w3.org/TR/webauthn-2/#dom-authenticatorassertionresponse-authenticatordata
    bytes authenticatorData;
    /// @dev https://www.w3.org/TR/webauthn-2/#dom-authenticatorresponse-clientdatajson
    string clientDataJSON;
    /// The index at which "challenge":"..." occurs in clientDataJSON
    uint256 challengeIndex;
    /// The index at which "type":"..." occurs in clientDataJSON
    uint256 typeIndex;
    /// @dev The r value of secp256r1 signature
    uint256 r;
    /// @dev The s value of secp256r1 signature
    uint256 s;
}

function verify(
    bytes memory challenge,
    bool requireUserVerification,
    WebAuthnAuth memory webAuthnAuth,
    uint256 x,
    uint256 y
) internal view returns (bool)

This library looks promising for the implementation: https://github.com/1Password/passkey-rs

The solidity library references WebAuthn level 2 docs, and the library supports level 3. The level 3 "authenticator assertion response" (authenticatorData) fields seem to be backward compatible, with the new level 3 flags bits taking up the "reserved for future use" range from level 2.

authenticatorData level 2: https://www.w3.org/TR/webauthn-2/#authenticator-data authenticatorData level 3: https://www.w3.org/TR/webauthn-3/#authenticator-data

The clientDataJSON field looks like it is unchanged between level 2 and level 3.

The docs from the library make it slightly more clear what we would need to implement: https://github.com/base-org/webauthn-sol/blob/619f20ab0f074fef41066ee4ab24849a913263b2/src/WebAuthn.sol#L59-L96

The level 2 verification procedure spec: https://www.w3.org/TR/webauthn-2/#sctn-verifying-assertion The level 3 verification procedure spec: https://www.w3.org/TR/webauthn-3/#sctn-verifying-assertion

I'm not sure yet which specific methods / structs expose the verification procedure, possibly the Authenticator, but this needs to be checked against the solidity library.