Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
[WebAuthn] Add support for authenticators over CCID
https://bugs.webkit.org/show_bug.cgi?id=242365 rdar://82529212 Reviewed by Brent Fulgham. This patch adds support for authenticators over CCID. This allows use of credentials on smart cards. The transport used is determined by how the card responds to the "Get Data Command," which returns a uid with contactless cards. Added layout tests and tested manually with a smart card (contact and contactless), as well as a Yubikey 5c over NFC. * LayoutTests/http/wpt/webauthn/public-key-credential-create-success-ccid.https-expected.txt: Added. * LayoutTests/http/wpt/webauthn/public-key-credential-create-success-ccid.https.html: Added. * LayoutTests/http/wpt/webauthn/public-key-credential-get-success-ccid.https-expected.txt: Added. * LayoutTests/http/wpt/webauthn/public-key-credential-get-success-ccid.https.html: Added. * LayoutTests/http/wpt/webauthn/resources/util.js: * Source/WebCore/Modules/webauthn/AuthenticatorTransport.h: * Source/WebCore/Modules/webauthn/AuthenticatorTransport.idl: * Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h: * Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp: (fido::toString): * Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp: (fido::convertStringToAuthenticatorTransport): * Source/WebCore/testing/MockWebAuthenticationConfiguration.h: (WebCore::MockWebAuthenticationConfiguration::CcidConfiguration::encode const): (WebCore::MockWebAuthenticationConfiguration::CcidConfiguration::decode): (WebCore::MockWebAuthenticationConfiguration::encode const): (WebCore::MockWebAuthenticationConfiguration::decode): * Source/WebCore/testing/MockWebAuthenticationConfiguration.idl: * Source/WebKit/SourcesCocoa.txt: * Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp: (WebKit::WebCore::collectTransports): * Source/WebKit/UIProcess/WebAuthentication/AuthenticatorTransportService.cpp: (WebKit::AuthenticatorTransportService::create): (WebKit::AuthenticatorTransportService::createMock): * Source/WebKit/UIProcess/WebAuthentication/Cocoa/CcidConnection.h: Copied from Source/WebCore/Modules/webauthn/AuthenticatorTransport.h. (WebKit::CcidConnection::contactless const): * Source/WebKit/UIProcess/WebAuthentication/Cocoa/CcidConnection.mm: Added. (WebKit::fido::compareVersion): (WebKit::CcidConnection::create): (WebKit::CcidConnection::CcidConnection): (WebKit::CcidConnection::~CcidConnection): (WebKit::CcidConnection::detectContactless): (WebKit::CcidConnection::trySelectFidoApplet): (WebKit::CcidConnection::transact const): (WebKit::CcidConnection::stop const): (WebKit::CcidConnection::restartPolling): (WebKit::CcidConnection::startPolling): * Source/WebKit/UIProcess/WebAuthentication/Cocoa/CcidService.h: Copied from Source/WebCore/Modules/webauthn/AuthenticatorTransport.h. * Source/WebKit/UIProcess/WebAuthentication/Cocoa/CcidService.mm: Added. (WebKit::CcidService::CcidService): (WebKit::CcidService::~CcidService): (WebKit::CcidService::didConnectTag): (WebKit::CcidService::startDiscoveryInternal): (WebKit::CcidService::restartDiscoveryInternal): (WebKit::CcidService::platformStartDiscovery): (WebKit::CcidService::onValidCard): (WebKit::CcidService::updateSlots): (-[_WKSmartCardSlotObserver initWithService:]): (-[_WKSmartCardSlotObserver observeValueForKeyPath:ofObject:change:context:]): (-[_WKSmartCardSlotStateObserver initWithService:slot:]): (-[_WKSmartCardSlotStateObserver observeValueForKeyPath:ofObject:change:context:]): * Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::toASCDescriptor): * Source/WebKit/UIProcess/WebAuthentication/Mock/MockAuthenticatorManager.cpp: (WebKit::MockAuthenticatorManager::filterTransports const): * Source/WebKit/UIProcess/WebAuthentication/Mock/MockCcidService.h: Copied from Source/WebCore/Modules/webauthn/AuthenticatorTransport.idl. * Source/WebKit/UIProcess/WebAuthentication/Mock/MockCcidService.mm: Added. (-[_WKMockTKSmartCard initWithService:]): (-[_WKMockTKSmartCard beginSessionWithReply:]): (-[_WKMockTKSmartCard transmitRequest:reply:]): (WebKit::MockCcidService::MockCcidService): (WebKit::MockCcidService::platformStartDiscovery): (WebKit::MockCcidService::nextReply): * Source/WebKit/UIProcess/WebAuthentication/fido/CtapCcidDriver.cpp: Added. (WebKit::CtapCcidDriver::CtapCcidDriver): (WebKit::CtapCcidDriver::transact): (WebKit::CtapCcidDriver::respondAsync const): * Source/WebKit/UIProcess/WebAuthentication/fido/CtapCcidDriver.h: Copied from Source/WebCore/Modules/webauthn/AuthenticatorTransport.h. * Source/WebKit/WebKit.xcodeproj/project.pbxproj: Canonical link: https://commits.webkit.org/252425@main
- Loading branch information
Showing
27 changed files
with
931 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| CONSOLE MESSAGE: User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' or 'navigator.credentials.get' within user activated events. | ||
|
|
||
| PASS PublicKeyCredential's [[create]] with minimum options in a mock ccid authenticator. | ||
| PASS PublicKeyCredential's [[create]] with minimum options in a mock ccid authenticator with contactless. | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| <!DOCTYPE html><!-- webkit-test-runner --> | ||
| <title>Web Authentication API: PublicKeyCredential's [[create]] success cases with a mock ccid authenticator.</title> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script src="./resources/util.js"></script> | ||
| <script src="./resources/cbor.js"></script> | ||
| <script> | ||
| // Default mock configuration. Tests need to override if they need different configuration. | ||
| if (window.internals) | ||
| internals.setMockWebAuthenticationConfiguration({ ccid: { payloadBase64: [testCcidNoUidBase64, testNfcCtapVersionBase64, testGetInfoResponseApduBase64, testCreationMessageApduBase64] } }); | ||
|
|
||
| promise_test(t => { | ||
| const options = { | ||
| publicKey: { | ||
| rp: { | ||
| name: "localhost", | ||
| }, | ||
| user: { | ||
| name: "John Appleseed", | ||
| id: Base64URL.parse(testUserhandleBase64), | ||
| displayName: "Appleseed", | ||
| }, | ||
| challenge: Base64URL.parse("MTIzNDU2"), | ||
| pubKeyCredParams: [{ type: "public-key", alg: -7 }] | ||
| } | ||
| }; | ||
|
|
||
| return navigator.credentials.create(options).then(credential => { | ||
| checkCtapMakeCredentialResult(credential, true /* isNoneAttestation */, ["smart-card"]); | ||
| }); | ||
| }, "PublicKeyCredential's [[create]] with minimum options in a mock ccid authenticator."); | ||
|
|
||
| promise_test(t => { | ||
| if (window.internals) | ||
| internals.setMockWebAuthenticationConfiguration({ ccid: { payloadBase64: [testCcidValidUidBase64, testNfcCtapVersionBase64, testGetInfoResponseApduBase64, testCreationMessageApduBase64] } }); | ||
| const options = { | ||
| publicKey: { | ||
| rp: { | ||
| name: "localhost", | ||
| }, | ||
| user: { | ||
| name: "John Appleseed", | ||
| id: Base64URL.parse(testUserhandleBase64), | ||
| displayName: "Appleseed", | ||
| }, | ||
| challenge: Base64URL.parse("MTIzNDU2"), | ||
| pubKeyCredParams: [{ type: "public-key", alg: -7 }] | ||
| } | ||
| }; | ||
|
|
||
| return navigator.credentials.create(options).then(credential => { | ||
| checkCtapMakeCredentialResult(credential, true /* isNoneAttestation */, ["nfc"]); | ||
| }); | ||
| }, "PublicKeyCredential's [[create]] with minimum options in a mock ccid authenticator with contactless."); | ||
| </script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
|
|
||
| PASS PublicKeyCredential's [[get]] with minimum options in a mock ccid authenticator. | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| <!DOCTYPE html><!-- webkit-test-runner [ WebAuthenticationModernEnabled=false ] --> | ||
| <title>Web Authentication API: PublicKeyCredential's [[get]] success cases with a mock nfc authenticator.</title> | ||
| <script src="/resources/testharness.js"></script> | ||
| <script src="/resources/testharnessreport.js"></script> | ||
| <script src="./resources/util.js"></script> | ||
| <script> | ||
| // Default mock configuration. Tests need to override if they need different configuration. | ||
| if (window.internals) | ||
| internals.setMockWebAuthenticationConfiguration({ ccid: { payloadBase64: [testCcidValidUidBase64, testNfcCtapVersionBase64, testGetInfoResponseApduBase64, testAssertionMessageApduBase64] } }); | ||
|
|
||
| promise_test(t => { | ||
| const options = { | ||
| publicKey: { | ||
| challenge: Base64URL.parse("MTIzNDU2"), | ||
| timeout: 100 | ||
| } | ||
| }; | ||
|
|
||
| return navigator.credentials.get(options).then(credential => { | ||
| return checkCtapGetAssertionResult(credential); | ||
| }); | ||
| }, "PublicKeyCredential's [[get]] with minimum options in a mock ccid authenticator."); | ||
| </script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -31,5 +31,6 @@ | ||
| "ble", | ||
| "internal", | ||
| "cable", | ||
| "hybrid" | ||
| "hybrid", | ||
| "smart-card" | ||
| }; | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.