From 15ecf10dd7f17c854cb9108fca47874f0fee75e0 Mon Sep 17 00:00:00 2001 From: Ash Date: Thu, 16 Nov 2023 12:01:44 -0800 Subject: [PATCH] simpler key representation --- account/src/auth.rs | 1 - account/src/auth/passkey2.rs | 80 ----------------------------------- account/src/auth/secp256r1.rs | 14 +++--- 3 files changed, 6 insertions(+), 89 deletions(-) delete mode 100644 account/src/auth/passkey2.rs diff --git a/account/src/auth.rs b/account/src/auth.rs index d5372de..1dc4139 100644 --- a/account/src/auth.rs +++ b/account/src/auth.rs @@ -7,7 +7,6 @@ use serde::{Deserialize, Serialize}; mod eth_crypto; mod jwt; pub mod passkey; -mod passkey2; mod secp256r1; mod sign_arb; pub mod util; diff --git a/account/src/auth/passkey2.rs b/account/src/auth/passkey2.rs deleted file mode 100644 index 900096f..0000000 --- a/account/src/auth/passkey2.rs +++ /dev/null @@ -1,80 +0,0 @@ -use crate::error::ContractError::InvalidToken; -use crate::error::ContractResult; -use coset::iana::Algorithm; -use cosmwasm_std::{from_binary, Addr, Binary, Deps}; -use futures::executor::block_on; -use passkey::authenticator::{Authenticator, UserValidationMethod}; -use passkey::client::Client; -use passkey::types::ctap2::Aaguid; -use passkey::types::webauthn::*; -use passkey::types::Passkey; -use url::Url; - -struct MyUserValidationMethod {} -#[async_trait::async_trait] -impl UserValidationMethod for MyUserValidationMethod { - async fn check_user_verification(&self) -> bool { - true - } - - async fn check_user_presence(&self) -> bool { - true - } - - fn is_presence_enabled(&self) -> bool { - true - } - - fn is_verification_enabled(&self) -> Option { - Some(true) - } -} - -pub fn register( - contract: &Addr, - origin: &Url, - cred: &Binary, - challenge: Vec, -) -> ContractResult { - let credential: CreatedPublicKeyCredential = from_binary(cred)?; - - Err(InvalidToken) -} - -#[cfg(test)] -mod tests { - use crate::auth::passkey::{register, verify}; - use cosmwasm_std::to_binary; - use passkey::types::webauthn::PublicKeyCredentialUserEntity; - use url::Url; - - #[test] - fn test_passkey_example() { - let challenge = "test-challenge"; - - let rp_origin = - Url::parse("https://xion-dapp-example-git-feat-faceid-burntfinance.vercel.app") - .expect("Invalid URL"); - let register_credential: PublicKeyCredentialUserEntity = serde_json::from_str(r#"{"type":"public-key","id":"6BnpSHlIXwOndHhxfPw4l3SylupnZIvTVP9Vp_aK34w","rawId":"6BnpSHlIXwOndHhxfPw4l3SylupnZIvTVP9Vp_aK34w","authenticatorAttachment":"platform","response":{"clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiZEdWemRDMWphR0ZzYkdWdVoyVSIsIm9yaWdpbiI6Imh0dHBzOi8veGlvbi1kYXBwLWV4YW1wbGUtZ2l0LWZlYXQtZmFjZWlkLWJ1cm50ZmluYW5jZS52ZXJjZWwuYXBwIiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ","attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViksGMBiDcEppiMfxQ10TPCe2-FaKrLeTkvpzxczngTMw1BAAAAAK3OAAI1vMYKZIsLJfHwVQMAIOgZ6Uh5SF8Dp3R4cXz8OJd0spbqZ2SL01T_Vaf2it-MpQECAyYgASFYINnBKEMfG6wkb9W1grSXgNAQ8lx6H7j6EcMyTSbZ91-XIlggdk2OOxV_bISxCsqFac6ZE8-gEurV4xQd7kFFYdfMqtE","transports":["internal"]},"clientExtensionResults":{}}"#).unwrap(); - - let reg_bytes = to_binary(®ister_credential).unwrap(); - let passkey = register( - rp_origin.to_string(), - ®_bytes, - challenge.as_bytes().to_vec(), - ) - .unwrap(); - let passkey_bytes = to_binary(&passkey).unwrap(); - - let authenticate_credential: PublicKeyCredential = serde_json::from_str(r#"{"type":"public-key","id":"6BnpSHlIXwOndHhxfPw4l3SylupnZIvTVP9Vp_aK34w","rawId":"6BnpSHlIXwOndHhxfPw4l3SylupnZIvTVP9Vp_aK34w","authenticatorAttachment":"platform","response":{"clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiZEdWemRDMWphR0ZzYkdWdVoyVSIsIm9yaWdpbiI6Imh0dHBzOi8veGlvbi1kYXBwLWV4YW1wbGUtZ2l0LWZlYXQtZmFjZWlkLWJ1cm50ZmluYW5jZS52ZXJjZWwuYXBwIiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ","authenticatorData":"sGMBiDcEppiMfxQ10TPCe2-FaKrLeTkvpzxczngTMw0BAAAAAA","signature":"MEQCIF1Fm_XjFV5FjBRYXNN1WcDm0V4xbPn3sQ85gC34_FGmAiBzLYGsat3HwDcn4jh50gTW4mgGcmYqkvT2g1bfdFxElA","userHandle":null},"clientExtensionResults":{}}"#).unwrap(); - let authenticate_credential_bytes = to_binary(&authenticate_credential).unwrap(); - - verify( - rp_origin.to_string(), - &passkey_bytes, - &authenticate_credential_bytes, - challenge.as_bytes().to_vec(), - ) - .unwrap(); - } -} diff --git a/account/src/auth/secp256r1.rs b/account/src/auth/secp256r1.rs index b39e50f..e463fee 100644 --- a/account/src/auth/secp256r1.rs +++ b/account/src/auth/secp256r1.rs @@ -4,11 +4,7 @@ use p256::ecdsa::{signature::Verifier, Signature, VerifyingKey}; use p256::EncodedPoint; pub fn verify(tx_hash: &[u8], sig_bytes: &[u8], pubkey_bytes: &Binary) -> ContractResult { - let encoded_point = match EncodedPoint::from_bytes(pubkey_bytes) { - Ok(point) => point, - Err(_) => return Err(RebuildingKey), - }; - let verifying_key: VerifyingKey = VerifyingKey::from_encoded_point(&encoded_point)?; + let verifying_key: VerifyingKey = VerifyingKey::from_sec1_bytes(pubkey_bytes.as_slice())?; let signature: Signature = Signature::from_bytes(sig_bytes.into())?; verifying_key.verify(tx_hash, &signature)?; @@ -19,6 +15,7 @@ pub fn verify(tx_hash: &[u8], sig_bytes: &[u8], pubkey_bytes: &Binary) -> Contra #[cfg(test)] mod tests { use crate::auth::secp256r1::verify; + use cosmwasm_std::Binary; use p256::ecdsa::{signature::Signer, Signature, SigningKey, VerifyingKey}; #[test] @@ -34,7 +31,8 @@ mod tests { println!("signature: {}", hex::encode(signature_bytes)); let verifying_key = VerifyingKey::from(&signing_key); - let verifying_key_bytes = verifying_key.to_encoded_point(true); + let verifying_key_bytes = verifying_key.to_sec1_bytes(); + let verifying_key_binary = Binary::from(verifying_key_bytes.to_vec()); println!("verifying key: {}", hex::encode(verifying_key_bytes)); assert_eq!( @@ -42,7 +40,7 @@ mod tests { verify( &test_value.to_vec(), signature_bytes.as_slice(), - &verifying_key_bytes.as_bytes().into(), + &verifying_key_binary, ) .unwrap() ); @@ -52,7 +50,7 @@ mod tests { let result = verify( &bad_value.to_vec(), signature_bytes.as_slice(), - &verifying_key_bytes.as_bytes().into(), + &verifying_key_binary, ); assert!(result.is_err()) }