-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[WebAuthn] Support credProps extension and refactor extension handling
https://bugs.webkit.org/show_bug.cgi?id=241199 rdar://90281799 Reviewed by Brent Fulgham. This patch implements the credProps Web Authentication extension specified here: https://www.w3.org/TR/webauthn-2/#sctn-authenticator-credential-properties-extension This extension provides information about the created credential to the relying party, at this time this is only the resident key credential property. This is useful information for RPs to enable passwordless flows. The patch also refactors how we ferry extension inputs/outputs between WebKit and Authentication Services. We now passthrough inputs and outputs as a cbor serialized blob. This is well specified as described here: https://www.w3.org/TR/webauthn-2/#sctn-extensions-inputs-outputs This extension is covered by the web platform test webauthn/createcredential-resident-key.https.html. * Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.cpp: Added. (WebCore::AuthenticationExtensionsClientInputs::fromCBOR): (WebCore::AuthenticationExtensionsClientInputs::toCBOR const): * Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.h: * Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.idl: * Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.cpp: Added. (WebCore::AuthenticationExtensionsClientOutputs::fromCBOR): (WebCore::AuthenticationExtensionsClientOutputs::toCBOR const): * Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.h: (WebCore::AuthenticationExtensionsClientOutputs::encode const): (WebCore::AuthenticationExtensionsClientOutputs::decode): (WebCore::AuthenticationExtensionsClientOutputs::CredentialPropertiesOutput::encode const): (WebCore::AuthenticationExtensionsClientOutputs::CredentialPropertiesOutput::decode): * Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.idl: * Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp: (WebCore::AuthenticatorCoordinator::create const): * Source/WebCore/Modules/webauthn/AuthenticatorResponse.cpp: (WebCore::AuthenticatorResponse::tryCreate): (WebCore::AuthenticatorResponse::data const): * Source/WebCore/Modules/webauthn/AuthenticatorResponse.h: * Source/WebCore/Modules/webauthn/AuthenticatorResponseData.h: (WebCore::AuthenticatorResponseData::encode const): (WebCore::AuthenticatorResponseData::decode): * Source/WebCore/WebCore.xcodeproj/project.pbxproj: * Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h: * Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAssertionResponse.mm: (-[_WKAuthenticatorAssertionResponse initWithClientDataJSON:rawId:extensionOutputsCBOR:authenticatorData:signature:userHandle:attachment:]): * Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAssertionResponseInternal.h: * Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponse.mm: (-[_WKAuthenticatorAttestationResponse initWithClientDataJSON:rawId:extensionOutputsCBOR:attestationObject:attachment:transports:]): * Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponseInternal.h: * Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.h: * Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponse.mm: (-[_WKAuthenticatorResponse initWithClientDataJSON:rawId:extensionOutputsCBOR:attachment:]): * Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorResponseInternal.h: * Source/WebKit/UIProcess/API/Cocoa/_WKPublicKeyCredentialCreationOptions.h: * Source/WebKit/UIProcess/API/Cocoa/_WKPublicKeyCredentialCreationOptions.mm: (-[_WKPublicKeyCredentialCreationOptions dealloc]): * Source/WebKit/UIProcess/API/Cocoa/_WKPublicKeyCredentialRequestOptions.h: * Source/WebKit/UIProcess/API/Cocoa/_WKPublicKeyCredentialRequestOptions.mm: (-[_WKPublicKeyCredentialRequestOptions dealloc]): * Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (toNSData): (+[_WKWebAuthenticationPanel convertToCoreCreationOptionsWithOptions:]): (wkAuthenticatorAttestationResponse): (wkAuthenticatorAssertionResponse): (wkExtensionsClientOutputs): Deleted. * Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.h: * Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: (WebKit::LocalAuthenticator::processClientExtensions): (WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification): (WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested): (WebKit::LocalAuthenticator::continueGetAssertionAfterUserVerification): * Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: (WebKit::configureRegistrationRequestContext): (WebKit::configureAssertionOptions): (WebKit::toExtensionOutputs): (WebKit::continueAfterRequest): * Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp: (WebKit::CtapAuthenticator::continueMakeCredentialAfterResponseReceived): Canonical link: https://commits.webkit.org/251413@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@295407 268f45cc-cd09-0410-ab3c-d52691b4dbfc
- Loading branch information
Showing
29 changed files
with
380 additions
and
37 deletions.
There are no files selected for viewing
74 changes: 74 additions & 0 deletions
74
Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
/* | ||
* Copyright (C) 2022 Apple Inc. All rights reserved. | ||
* | ||
* Redistribution and use in source and binary forms, with or without | ||
* modification, are permitted provided that the following conditions | ||
* are met: | ||
* 1. Redistributions of source code must retain the above copyright | ||
* notice, this list of conditions and the following disclaimer. | ||
* 2. Redistributions in binary form must reproduce the above copyright | ||
* notice, this list of conditions and the following disclaimer in the | ||
* documentation and/or other materials provided with the distribution. | ||
* | ||
* THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' | ||
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, | ||
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS | ||
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | ||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | ||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | ||
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | ||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF | ||
* THE POSSIBILITY OF SUCH DAMAGE. | ||
*/ | ||
|
||
#include "config.h" | ||
#include "AuthenticationExtensionsClientInputs.h" | ||
|
||
#if ENABLE(WEB_AUTHN) | ||
|
||
#include "CBORReader.h" | ||
#include "CBORWriter.h" | ||
|
||
namespace WebCore { | ||
|
||
std::optional<AuthenticationExtensionsClientInputs> AuthenticationExtensionsClientInputs::fromCBOR(const Vector<uint8_t>& buffer) | ||
{ | ||
std::optional<cbor::CBORValue> decodedValue = cbor::CBORReader::read(buffer); | ||
if (!decodedValue || !decodedValue->isMap()) | ||
return std::nullopt; | ||
AuthenticationExtensionsClientInputs clientInputs; | ||
|
||
const auto& decodedMap = decodedValue->getMap(); | ||
auto it = decodedMap.find(cbor::CBORValue("appid")); | ||
if (it != decodedMap.end() && it->second.isString()) | ||
clientInputs.appid = it->second.getString(); | ||
it = decodedMap.find(cbor::CBORValue("googleLegacyAppidSupport")); | ||
if (it != decodedMap.end() && it->second.isBool()) | ||
clientInputs.googleLegacyAppidSupport = it->second.getBool(); | ||
it = decodedMap.find(cbor::CBORValue("credProps")); | ||
if (it != decodedMap.end() && it->second.isBool()) | ||
clientInputs.credProps = it->second.getBool(); | ||
return clientInputs; | ||
} | ||
|
||
Vector<uint8_t> AuthenticationExtensionsClientInputs::toCBOR() const | ||
{ | ||
cbor::CBORValue::MapValue clientInputsMap; | ||
if (!appid.isEmpty()) | ||
clientInputsMap[cbor::CBORValue("appid")] = cbor::CBORValue(appid); | ||
if (googleLegacyAppidSupport) | ||
clientInputsMap[cbor::CBORValue("googleLegacyAppidSupport")] = cbor::CBORValue(googleLegacyAppidSupport); | ||
if (credProps) | ||
clientInputsMap[cbor::CBORValue("credProps")] = cbor::CBORValue(credProps); | ||
|
||
auto clientInputs = cbor::CBORWriter::write(cbor::CBORValue(WTFMove(clientInputsMap))); | ||
ASSERT(clientInputs); | ||
|
||
return *clientInputs; | ||
} | ||
|
||
} // namespace WebCore | ||
|
||
#endif // ENABLE(WEB_AUTHN) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
78 changes: 78 additions & 0 deletions
78
Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
/* | ||
* Copyright (C) 2022 Apple Inc. All rights reserved. | ||
* | ||
* Redistribution and use in source and binary forms, with or without | ||
* modification, are permitted provided that the following conditions | ||
* are met: | ||
* 1. Redistributions of source code must retain the above copyright | ||
* notice, this list of conditions and the following disclaimer. | ||
* 2. Redistributions in binary form must reproduce the above copyright | ||
* notice, this list of conditions and the following disclaimer in the | ||
* documentation and/or other materials provided with the distribution. | ||
* | ||
* THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' | ||
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, | ||
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS | ||
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | ||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | ||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | ||
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | ||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF | ||
* THE POSSIBILITY OF SUCH DAMAGE. | ||
*/ | ||
|
||
#include "config.h" | ||
#include "AuthenticationExtensionsClientOutputs.h" | ||
|
||
#if ENABLE(WEB_AUTHN) | ||
|
||
#include "CBORReader.h" | ||
#include "CBORWriter.h" | ||
|
||
namespace WebCore { | ||
|
||
std::optional<AuthenticationExtensionsClientOutputs> AuthenticationExtensionsClientOutputs::fromCBOR(const Vector<uint8_t>& buffer) | ||
{ | ||
std::optional<cbor::CBORValue> decodedValue = cbor::CBORReader::read(buffer); | ||
if (!decodedValue || !decodedValue->isMap()) | ||
return std::nullopt; | ||
AuthenticationExtensionsClientOutputs clientOutputs; | ||
|
||
const auto& decodedMap = decodedValue->getMap(); | ||
auto it = decodedMap.find(cbor::CBORValue("appid")); | ||
if (it != decodedMap.end() && it->second.isBool()) | ||
clientOutputs.appid = it->second.getBool(); | ||
it = decodedMap.find(cbor::CBORValue("credProps")); | ||
if (it != decodedMap.end() && it->second.isMap()) { | ||
CredentialPropertiesOutput credProps; | ||
it = it->second.getMap().find(cbor::CBORValue("rk")); | ||
if (it != decodedMap.end() && it->second.isBool()) | ||
credProps.rk = it->second.getBool(); | ||
clientOutputs.credProps = credProps; | ||
} | ||
|
||
return clientOutputs; | ||
} | ||
|
||
Vector<uint8_t> AuthenticationExtensionsClientOutputs::toCBOR() const | ||
{ | ||
cbor::CBORValue::MapValue clientOutputsMap; | ||
if (appid) | ||
clientOutputsMap[cbor::CBORValue("appid")] = cbor::CBORValue(*appid); | ||
if (credProps) { | ||
cbor::CBORValue::MapValue credPropsMap; | ||
credPropsMap[cbor::CBORValue("rk")] = cbor::CBORValue(credProps->rk); | ||
clientOutputsMap[cbor::CBORValue("credProps")] = cbor::CBORValue(credPropsMap); | ||
} | ||
|
||
auto clientOutputs = cbor::CBORWriter::write(cbor::CBORValue(WTFMove(clientOutputsMap))); | ||
ASSERT(clientOutputs); | ||
|
||
return *clientOutputs; | ||
} | ||
|
||
} // namespace WebCore | ||
|
||
#endif // ENABLE(WEB_AUTHN) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.