feat: add cargo workpaces + add pass-webauthn

Cargo.toml

@@ -1,16 +1,39 @@
-[package]
-name = "webauthn_verifier"
-version = "0.1.0"
+[workspace.package]
+authors = ["Virto Team <[email protected]>"]
 edition = "2021"
-resolver = "2"
-
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+license = "GPL-3.0-only"
+version = "0.1.0"
+repository = "https://github.com/virto-network/webauthn"
 
-[dependencies]
+[workspace.dependencies]
+# WebAuthN Verifier
 coset = { version = "0.3.0", default-features = false }
 p256 = { version = "0.13.2", default-features = false }
-passkey = { version = "0.3.0", default-features = false }
+passkey-authenticator = { version = "0.3.0", default-features = false }
 sha2 = { version = "0.10.8", default-features = false }
-
-[dev-dependencies]
 rand = "0.8.5"
+
+# FRAME
+codec = { package = "parity-scale-codec", version = "3.6.12", default-features = false, features = [
+  "derive",
+] }
+scale-info = { version = "2.11.3", default-features = false, features = [
+  "derive",
+] }
+frame-support = { git = "https://github.com/virto-network/polkadot-sdk", branch = "release-virto-v1.13.0", default-features = false }
+frame-system = { git = "https://github.com/virto-network/polkadot-sdk", branch = "release-virto-v1.13.0", default-features = false }
+pallet-balances = { git = "https://github.com/virto-network/polkadot-sdk", branch = "release-virto-v1.13.0", default-features = false }
+sp-io = { git = "https://github.com/virto-network/polkadot-sdk", branch = "release-virto-v1.13.0", default-features = false }
+sp-runtime = { git = "https://github.com/virto-network/polkadot-sdk", branch = "release-virto-v1.13.0", default-features = false }
+
+# FRAME Contrib
+traits-authn = { git = "https://github.com/virto-network/frame-contrib", package = "fc-traits-authn", default-features = false }
+pallet-pass = { git = "https://github.com/virto-network/frame-contrib", package = "fc-pallet-pass", default-features = false }
+
+# Local Crates
+verifier = { path = "verifier", default-features = false }
+pass-webauthn = { path = "pass-webauthn", default-features = false }
+
+[workspace]
+members = ["pass-webauthn", "verifier"]
+resolver = "2"

README.md

@@ -1,2 +1,3 @@
-# webauthn_verifier
-Simple WebAuthn PoC that can be compiled to WASM
+# WebAuthn by Virto
+
+WebAuthn verifiers specifically designed for working with WASM and Substrate environments.

pass-webauthn/Cargo.toml

@@ -0,0 +1,50 @@
+[package]
+authors.workspace = true
+edition.workspace = true
+license.workspace = true
+name = "pass-webauthn"
+repository.workspace = true
+version = "0.1.0"
+
+[dependencies]
+codec.workspace = true
+frame-support.workspace = true
+frame-system.workspace = true
+scale-info.workspace = true
+traits-authn.workspace = true
+verifier.workspace = true
+
+[dev-dependencies]
+pallet-balances.workspace = true
+pallet-pass.workspace = true
+sp-io.workspace = true
+sp-runtime.workspace = true
+
+[features]
+default = ["std"]
+runtime-benchmarks = [
+  "frame-support/runtime-benchmarks",
+  "frame-system/runtime-benchmarks",
+  "pallet-balances/runtime-benchmarks",
+  "pallet-pass/runtime-benchmarks",
+  "sp-runtime/runtime-benchmarks",
+]
+std = [
+  "codec/std",
+  "frame-support/std",
+  "frame-system/std",
+  "pallet-balances/std",
+  "pallet-pass/std",
+  "scale-info/std",
+  "sp-io/std",
+  "sp-runtime/std",
+  "traits-authn/std",
+  "verifier/std",
+]
+try-runtime = [
+  "frame-support/try-runtime",
+  "frame-system/try-runtime",
+  "pallet-balances/try-runtime",
+  "pallet-pass/try-runtime",
+  "sp-runtime/try-runtime",
+]

pass-webauthn/src/lib.rs

@@ -0,0 +1 @@
+#![cfg_attr(not(feature = "std"), no_std)]

verifier/Cargo.toml

@@ -0,0 +1,20 @@
+[package]
+authors.workspace = true
+edition.workspace = true
+license.workspace = true
+name = "verifier"
+repository.workspace = true
+version = "0.1.0"
+
+[dependencies]
+coset.workspace = true
+p256.workspace = true
+passkey-authenticator.workspace = true
+sha2.workspace = true
+
+[dev-dependencies]
+rand.workspace = true
+
+[features]
+default = ["std"]
+std = ["coset/std", "p256/std", "sha2/std", "rand/std"]

src/lib.rs → verifier/src/lib.rs

@@ -1,4 +1,5 @@
-#![cfg_attr(not(test), no_std)]
+#![cfg_attr(not(any(feature = "std", test)), no_std)]
+
 //! Verifies a WebAuthn response signature.
 //!
 //! This function validates the signature of a WebAuthn authentication response by:
@@ -53,7 +54,7 @@ use p256::{
     pkcs8::DecodePublicKey,
     NistP256,
 };
-use passkey::authenticator;
+use passkey_authenticator::public_key_der_from_cose_key;
 use sha2::{Digest, Sha256};
 
 fn concatenate_data(
@@ -73,7 +74,7 @@ fn concatenate_data(
     Ok(message)
 }
 
-pub fn verify_webauthn_response(
+pub fn webauthn_verify(
     authenticator_data: &[u8],
     client_data_json: &[u8],
     signature_der: &[u8],
@@ -100,7 +101,7 @@ pub fn verify_webauthn_response(
         }
     };
 
-    let public_key_der = match authenticator::public_key_der_from_cose_key(&public_key_cose) {
+    let public_key_der = match public_key_der_from_cose_key(&public_key_cose) {
         Ok(der) => der,
         Err(_e) => {
             // eprintln!("Failed to convert COSE key to DER format: {:?}", e);
@@ -192,7 +193,7 @@ mod tests {
         let signature_der = signature.to_der();
 
         // Step 7: Verify the signature
-        let is_valid = verify_webauthn_response(
+        let is_valid = webauthn_verify(
             authenticator_data,
             client_data_json,
             signature_der.as_bytes(),
@@ -247,7 +248,7 @@ mod tests {
         tampered_signature_der[0] ^= 0xFF; // Flip some bits
 
         // Step 8: Verify the signature (should fail)
-        let is_valid = verify_webauthn_response(
+        let is_valid = webauthn_verify(
             authenticator_data,
             client_data_json,
             &tampered_signature_der,