feat: add passkey authenticator to sui (#18126)

## Description implementation for sui-foundation/sips#9 ## Test plan added unit tests and e2e tests. also tested with real passkey result from frontend ``` credential id (base64): 9Aj01fIn/T555beIoJ7swA87mLc= pubkey (hex): 03e61ebc6b1796021e33fd3937298f2c460e77e5bb7fbeb3c42f7e0f11f67792cb sui address: 0xb88d3e91880e6befc13881a4a7d5b4d2dfa402ae2b149cd9b36d6e084ba25925 tx bytes: AAAAALiNPpGIDmvvwTiBpKfVtNLfpAKuKxSc2bNtbghLolklAfuV/HGZhQdRfe9WXfY8A7b76qucni1/FFaa7LlYHgcGAgAAAAAAAAAgUuv6miRJNCj1OhyRzP5sZyrIU1DSRTLrXfvbmp9cuuu4jT6RiA5r78E4gaSn1bTS36QCrisUnNmzbW4IS6JZJegDAAAAAAAAgIQeAAAAAAAA tx digest (hex): 000000f1b6d366d79ae9d2d98da7909b8fa4d856f64c4b9663a1d875d7823f5e8585e4 authenticatorData (hex): 49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d97631d00000000 clientDataJSON: `{"type":"webauthn.get","challenge":"AAAA8bbTZtea6dLZjaeQm4-k2Fb2TEuWY6HYddeCP16FheQ","origin":"http://localhost:5173","crossOrigin":false}` r1 signature (hex): 02ecbbf52b29ec5d306501d00f175bd084d909a4f9a92318cf3df1fa3a86028cbe2dcc606a99f69817991bab559b744039c21b417c988056969b8fec78d17bad7c03e61ebc6b1796021e33fd3937298f2c460e77e5bb7fbeb3c42f7e0f11f67792cb encoded sui signature (base64): BiVJlg3liA6MaHQ0Fw9kdmBbj+SuuaKGMseZXPO6gx2XYx0AAAAAigF7InR5cGUiOiJ3ZWJhdXRobi5nZXQiLCJjaGFsbGVuZ2UiOiJBQUFBOGJiVFp0ZWE2ZExaamFlUW00LWsyRmIyVEV1V1k2SFlkZGVDUDE2RmhlUSIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6NTE3MyIsImNyb3NzT3JpZ2luIjpmYWxzZX1iAuy79Ssp7F0wZQHQDxdb0ITZCaT5qSMYzz3x+jqGAoy+Lcxgapn2mBeZG6tVm3RAOcIbQXyYgFaWm4/seNF7rXwD5h68axeWAh4z/Tk3KY8sRg535bt/vrPEL34PEfZ3kss= encoded webuahthn signature length: 278 signature verified: true localnet onchain verified, digest: DSt3BdgByH5WgKuysdwPMLrCtH2HZhvtzGNBJarBA7VR ``` --- ## Release notes Check each box that your changes affect. If none of the boxes relate to your changes, release notes aren't required. For each box you select, include information after the relevant heading that describes the impact of your changes that a user might notice and any actions they must take to implement updates. - [ ] Protocol: - [ ] Nodes (Validators and Full nodes): - [ ] Indexer: - [ ] JSON-RPC: - [ ] GraphQL: - [ ] CLI: - [ ] Rust SDK:
MystenLabs · Jul 10, 2024 · 9b8a5ae · 9b8a5ae
1 parent 7d55a20
commit 9b8a5ae
Show file tree

Hide file tree

Showing 21 changed files with 1,354 additions and 16 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -569,6 +569,11 @@ fastcrypto = { git = "https://github.com/MystenLabs/fastcrypto", rev = "55e7e568
 fastcrypto-tbls = { git = "https://github.com/MystenLabs/fastcrypto", rev = "55e7e568842939e01c8545a71d72e2402ad74538" }
 fastcrypto-zkp = { git = "https://github.com/MystenLabs/fastcrypto", rev = "55e7e568842939e01c8545a71d72e2402ad74538", package = "fastcrypto-zkp" }
 fastcrypto-vdf = { git = "https://github.com/MystenLabs/fastcrypto", rev = "55e7e568842939e01c8545a71d72e2402ad74538", features = ["experimental"] }
+passkey-types = { version = "0.2.0" }
+passkey-client = { version = "0.2.0" }
+passkey-authenticator = { version = "0.2.0" }
+coset = "0.3"
+p256 = { version = "0.13.2", features = ["ecdsa"] }
 
 # anemo dependencies
 anemo = { git = "https://github.com/mystenlabs/anemo.git", rev = "26d415eb9aa6a2417be3c03c57d6e93c30bd1ad7" }

diff --git a/crates/shared-crypto/src/intent.rs b/crates/shared-crypto/src/intent.rs
@@ -88,21 +88,31 @@ pub struct Intent {
     pub app_id: AppId,
 }
 
-impl FromStr for Intent {
-    type Err = eyre::Report;
-    fn from_str(s: &str) -> Result<Self, Self::Err> {
-        let s: Vec<u8> = decode_bytes_hex(s).map_err(|_| eyre!("Invalid Intent"))?;
-        if s.len() != 3 {
+impl Intent {
+    pub fn to_bytes(&self) -> [u8; INTENT_PREFIX_LENGTH] {
+        [self.scope as u8, self.version as u8, self.app_id as u8]
+    }
+
+    pub fn from_bytes(bytes: &[u8]) -> Result<Self, eyre::Report> {
+        if bytes.len() != INTENT_PREFIX_LENGTH {
             return Err(eyre!("Invalid Intent"));
         }
         Ok(Self {
-            scope: s[0].try_into()?,
-            version: s[1].try_into()?,
-            app_id: s[2].try_into()?,
+            scope: bytes[0].try_into()?,
+            version: bytes[1].try_into()?,
+            app_id: bytes[2].try_into()?,
         })
     }
 }
 
+impl FromStr for Intent {
+    type Err = eyre::Report;
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        let bytes: Vec<u8> = decode_bytes_hex(s).map_err(|_| eyre!("Invalid Intent"))?;
+        Self::from_bytes(bytes.as_slice())
+    }
+}
+
 impl Intent {
     pub fn sui_app(scope: IntentScope) -> Self {
         Self {

diff --git a/crates/sui-core/src/generate_format.rs b/crates/sui-core/src/generate_format.rs
@@ -110,6 +110,7 @@ fn get_registry() -> Result<Registry> {
     let sig2: GenericSignature = Signature::new_secure(&msg, &kp2).into();
     let sig3: GenericSignature = Signature::new_secure(&msg, &kp3).into();
     let sig4: GenericSignature = GenericSignature::from_str("BQNNMTczMTgwODkxMjU5NTI0MjE3MzYzNDIyNjM3MTc5MzI3MTk0Mzc3MTc4NDQyODI0MTAxODc5NTc5ODQ3NTE5Mzk5NDI4OTgyNTEyNTBNMTEzNzM5NjY2NDU0NjkxMjI1ODIwNzQwODIyOTU5ODUzODgyNTg4NDA2ODE2MTgyNjg1OTM5NzY2OTczMjU4OTIyODA5MTU2ODEyMDcBMQMCTDU5Mzk4NzExNDczNDg4MzQ5OTczNjE3MjAxMjIyMzg5ODAxNzcxNTIzMDMyNzQzMTEwNDcyNDk5MDU5NDIzODQ5MTU3Njg2OTA4OTVMNDUzMzU2ODI3MTEzNDc4NTI3ODczMTIzNDU3MDM2MTQ4MjY1MTk5Njc0MDc5MTg4ODI4NTg2NDk2Njg4NDAzMjcxNzA0OTgxMTcwOAJNMTA1NjQzODcyODUwNzE1NTU0Njk3NTM5OTA2NjE0MTA4NDAxMTg2MzU5MjU0NjY1OTcwMzcwMTgwNTg3NzAwNDEzNDc1MTg0NjEzNjhNMTI1OTczMjM1NDcyNzc1NzkxNDQ2OTg0OTYzNzIyNDI2MTUzNjgwODU4MDEzMTMzNDMxNTU3MzU1MTEzMzAwMDM4ODQ3Njc5NTc4NTQCATEBMANNMTU3OTE1ODk0NzI1NTY4MjYyNjMyMzE2NDQ3Mjg4NzMzMzc2MjkwMTUyNjk5ODQ2OTk0MDQwNzM2MjM2MDMzNTI1Mzc2Nzg4MTMxNzFMNDU0Nzg2NjQ5OTI0ODg4MTQ0OTY3NjE2MTE1ODAyNDc0ODA2MDQ4NTM3MzI1MDAyOTQyMzkwNDExMzAxNzQyMjUzOTAzNzE2MjUyNwExMXdpYVhOeklqb2lhSFIwY0hNNkx5OXBaQzUwZDJsMFkyZ3VkSFl2YjJGMWRHZ3lJaXcCMmV5SmhiR2NpT2lKU1V6STFOaUlzSW5SNWNDSTZJa3BYVkNJc0ltdHBaQ0k2SWpFaWZRTTIwNzk0Nzg4NTU5NjIwNjY5NTk2MjA2NDU3MDIyOTY2MTc2OTg2Njg4NzI3ODc2MTI4MjIzNjI4MTEzOTE2MzgwOTI3NTAyNzM3OTExCgAAAAAAAABhAG6Bf8BLuaIEgvF8Lx2jVoRWKKRIlaLlEJxgvqwq5nDX+rvzJxYAUFd7KeQBd9upNx+CHpmINkfgj26jcHbbqAy5xu4WMO8+cRFEpkjbBruyKE9ydM++5T/87lA8waSSAA==").unwrap();
+    let sig5: GenericSignature = GenericSignature::from_str("BiVJlg3liA6MaHQ0Fw9kdmBbj+SuuaKGMseZXPO6gx2XYx0AAAAAigF7InR5cGUiOiJ3ZWJhdXRobi5nZXQiLCJjaGFsbGVuZ2UiOiJBQUFBdF9taklCMXZiVnBZTTZXVjZZX29peDZKOGFOXzlzYjhTS0ZidWtCZmlRdyIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6NTE3MyIsImNyb3NzT3JpZ2luIjpmYWxzZX1iApjskL9Xyfopyg9Av7MSrcchSpfWqAYoJ+qfSId4gNmoQ1YNgj2alDpRIbq9kthmyGY25+k24FrW114PEoy5C+8DPRcOCTtACi3ZywtZ4UILhwV+Suh79rWtbKqDqhBQwxM=").unwrap();
 
     let multi_sig = MultiSig::combine(
         vec![sig1.clone(), sig2.clone(), sig3.clone(), sig4.clone()],
@@ -125,6 +126,7 @@ fn get_registry() -> Result<Registry> {
     tracer.trace_value(&mut samples, &sig2)?;
     tracer.trace_value(&mut samples, &sig3)?;
     tracer.trace_value(&mut samples, &sig4)?;
+    tracer.trace_value(&mut samples, &sig5)?;
     // ObjectID and SuiAddress are the same length
     let oid: ObjectID = addr.into();
     tracer.trace_value(&mut samples, &oid)?;

diff --git a/crates/sui-e2e-tests/Cargo.toml b/crates/sui-e2e-tests/Cargo.toml
@@ -61,3 +61,10 @@ sui-sdk.workspace = true
 sui-keys.workspace = true
 sui-rest-api.workspace = true
 shared-crypto.workspace = true
+
+passkey-types.workspace = true
+passkey-client.workspace = true
+passkey-authenticator.workspace = true
+coset.workspace = true
+url.workspace = true
+p256.workspace = true