Skip to content

Add WebAuthn library and SignerWebAuthn #117

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 54 commits into
base: master
Choose a base branch
from
Open

Add WebAuthn library and SignerWebAuthn #117

wants to merge 54 commits into from
+827 −0

Conversation

ernestognw
Copy link
Member

@ernestognw ernestognw commented Apr 23, 2025
edited
Loading

Implements WebAuthn authentication verification for smart contracts using P256 signatures as an alternative to traditional secp256k1 ECDSA. This library enables strong authentication through WebAuthn Level 2 standard compliance.

Includes 3 verification levels:

  • verifyMinimal: Essential cryptographic checks
  • verify: Standard verification with user presence
  • verifyStrict: Enhanced security with user verification and backup state checks

@ernestognw ernestognw marked this pull request as ready for review April 23, 2025 06:07
@ernestognw ernestognw requested a review from a team as a code owner April 23, 2025 06:07
@ernestognw ernestognw changed the title Add WebAuthn Add WebAuthn library Apr 23, 2025
@ernestognw ernestognw marked this pull request as draft May 4, 2025 19:49
@ernestognw ernestognw marked this pull request as ready for review May 7, 2025 02:38
@ernestognw ernestognw requested review from arr00 and gonzaotc May 9, 2025 06:20
@ernestognw ernestognw changed the title Add WebAuthn library Add WebAuthn library and SignerWebAuthn May 9, 2025
ernestognw and others added 22 commits June 4, 2025 13:55
@ernestognw
Treat subsequent onInstall calls as no-ops in ERC7579SignatureValidat…
eca5513 
…or (#147)
@ernestognw
Vendor dependencies in vendored branch (#149)
3aa481c
@ernestognw
Revert "Vendor dependencies in vendored branch" (#150)
e8492a4
@luiz-lvj @ernestognw
Add documentation for crosschain message passing (#138)
30f2f61 
Co-authored-by: Ernesto García <[email protected]>
@ernestognw
Move npm dependencies to git submodules (#153)
4b8b87f
@felipelincoln @arr00 @ernestognw
Add view modifier to ERC20Allowlist.allowed (#154)
e6be8f1 
Co-authored-by: Arr00 <[email protected]>
@ernestognw @gonzaotc
Add ERC7579 Executor modules (#121)
4662a31 
Co-authored-by: Gonzalo Othacehe <[email protected]>
Co-authored-by: Gonzalo Othacehe <[email protected]>
@ernestognw
Fix documentation nits and add missing Changelog entries (#155)
c878724
@ernestognw
Move Axelar audit to audits folder (#156)
8bc5b33
@ernestognw
Simplify ERC7579 Executors validation pattern (#158)
a023191
@ernestognw
Simplify ERC-7579 validator modules (#159)
9b73593
@ernestognw @arr00 @gonzaotc
Add ERC-7579 modules docs and EIP-7702 note in accounts docs (#157)
c86c9ef 
Co-authored-by: Arr00 <[email protected]>
Co-authored-by: Gonzalo Othacehe <[email protected]>
@ernestognw
Add husky to devDependencies (#160)
dc94c40
@arr00 @ernestognw
Fix bug in docs CI (#161)
680d249
@Amxx @ernestognw
Refactor of the MultiSignerERC7913 abstract signer (#163)
63b3467 
Co-authored-by: ernestognw <[email protected]>
@ernestognw
Refactor ERC7579 Multisig modules (#165)
131b611
@Amxx @ernestognw
Reorganise utils/cryptography folder (#164)
ef537ba 
Co-authored-by: ernestognw <[email protected]>
@ernestognw
Merge branch 'master' into feature/webauthn
9527637
@ernestognw
Move Signer
f7a97dd
@ernestognw
up
051ae83
@ernestognw
Reapply Aryeh's suggestion
797cf7a
@ernestognw
Fix import
0e8a700
arr00
arr00 reviewed Jun 4, 2025
View reviewed changes
@ernestognw ernestognw mentioned this pull request Jun 4, 2025
Merged
3 tasks
arr00
arr00 reviewed Jun 10, 2025
View reviewed changes
contracts/utils/cryptography/WebAuthn.sol
Comment on lines +217 to +219
function validateBackupEligibilityAndState(bytes1 flags) internal pure returns (bool) {
return (flags & AUTH_DATA_FLAGS_BE) != 0 || (flags & AUTH_DATA_FLAGS_BS) == 0;
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would prefer consistency on how we are checking the value of a bit

flags & AUTH_DATA_FLAGS_BE) != 0 or flags & AUTH_DATA_FLAGS_BE) == AUTH_DATA_FLAGS_BE

Otherwise looks good

Amxx
Amxx reviewed Jun 11, 2025
View reviewed changes
test/helpers/signers.js Outdated
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm wondering, is there a WebAuthn library/package we would be using ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, these has been around since forever: https://viem.sh/account-abstraction/accounts/webauthn/createWebAuthnCredential#createwebauthncredential

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Goes well with pimlico too:
https://docs.pimlico.io/references/permissionless/how-to/signers/passkey-server#install-the-required-packages

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Amxx Amxx Amxx left review comments

@arr00 arr00 arr00 left review comments

@gonzaotc gonzaotc Awaiting requested review from gonzaotc

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ernestognw @Amxx @arr00 @luiz-lvj @felipelincoln