And has a simple ABI that we can probably re-use, and should be easy to parse:
struct WebAuthnAuth {
/// @dev https://www.w3.org/TR/webauthn-2/#dom-authenticatorassertionresponse-authenticatordata
bytes authenticatorData;
/// @dev https://www.w3.org/TR/webauthn-2/#dom-authenticatorresponse-clientdatajson
string clientDataJSON;
/// The index at which "challenge":"..." occurs in clientDataJSON
uint256 challengeIndex;
/// The index at which "type":"..." occurs in clientDataJSON
uint256 typeIndex;
/// @dev The r value of secp256r1 signature
uint256 r;
/// @dev The s value of secp256r1 signature
uint256 s;
}
function verify(
bytes memory challenge,
bool requireUserVerification,
WebAuthnAuth memory webAuthnAuth,
uint256 x,
uint256 y
) internal view returns (bool)
The solidity library references WebAuthn level 2 docs, and the library supports level 3. The level 3 "authenticator assertion response" (authenticatorData) fields seem to be backward compatible, with the new level 3 flags bits taking up the "reserved for future use" range from level 2.
I'm not sure yet which specific methods / structs expose the verification procedure, possibly the Authenticator, but this needs to be checked against the solidity library.
We should make a precompile for WebAuthn, so that passkey verification (or verification of other webauthn compatible credentials) is cheap and easy.
This library seems to be the standard for WebAuthn usage in solidity: https://github.com/base-org/webauthn-sol
And has a simple ABI that we can probably re-use, and should be easy to parse:
This library looks promising for the implementation: https://github.com/1Password/passkey-rs
The solidity library references WebAuthn level 2 docs, and the library supports level 3. The level 3 "authenticator assertion response" (
authenticatorData
) fields seem to be backward compatible, with the new level 3flags
bits taking up the "reserved for future use" range from level 2.authenticatorData
level 2: https://www.w3.org/TR/webauthn-2/#authenticator-dataauthenticatorData
level 3: https://www.w3.org/TR/webauthn-3/#authenticator-dataThe
clientDataJSON
field looks like it is unchanged between level 2 and level 3.The docs from the library make it slightly more clear what we would need to implement: https://github.com/base-org/webauthn-sol/blob/619f20ab0f074fef41066ee4ab24849a913263b2/src/WebAuthn.sol#L59-L96
The level 2 verification procedure spec: https://www.w3.org/TR/webauthn-2/#sctn-verifying-assertion The level 3 verification procedure spec: https://www.w3.org/TR/webauthn-3/#sctn-verifying-assertion
I'm not sure yet which specific methods / structs expose the verification procedure, possibly the
Authenticator
, but this needs to be checked against the solidity library.