forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ctap_get_assertion_request.h
150 lines (124 loc) · 5.62 KB
/
ctap_get_assertion_request.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef DEVICE_FIDO_CTAP_GET_ASSERTION_REQUEST_H_
#define DEVICE_FIDO_CTAP_GET_ASSERTION_REQUEST_H_
#include <stdint.h>
#include <array>
#include <string>
#include <vector>
#include "base/component_export.h"
#include "base/containers/span.h"
#include "base/macros.h"
#include "base/optional.h"
#include "crypto/sha2.h"
#include "device/fido/cable/cable_discovery_data.h"
#include "device/fido/client_data.h"
#include "device/fido/fido_constants.h"
#include "device/fido/large_blob.h"
#include "device/fido/pin.h"
#include "device/fido/public_key_credential_descriptor.h"
namespace cbor {
class Value;
}
namespace device {
// CtapGetAssertionOptions contains values that are pertinent to a
// |GetAssertionTask|, but are not specific to an individual
// authenticatorGetAssertion command, i.e. would not be directly serialised into
// the CBOR.
struct COMPONENT_EXPORT(DEVICE_FIDO) CtapGetAssertionOptions {
CtapGetAssertionOptions();
CtapGetAssertionOptions(const CtapGetAssertionOptions&);
CtapGetAssertionOptions(CtapGetAssertionOptions&&);
~CtapGetAssertionOptions();
// PRFInput contains salts for the hmac_secret extension, potentially specific
// to a given credential ID.
struct COMPONENT_EXPORT(DEVICE_FIDO) PRFInput {
PRFInput();
PRFInput(const PRFInput&);
PRFInput(PRFInput&&);
~PRFInput();
base::Optional<std::vector<uint8_t>> credential_id;
std::array<uint8_t, 32> salt1;
base::Optional<std::array<uint8_t, 32>> salt2;
};
base::Optional<pin::KeyAgreementResponse> pin_key_agreement;
// prf_inputs may contain a default PRFInput without a |credential_id|. If so,
// it will be the first element and all others will have |credential_id|s.
// Elements are sorted by |credential_id|s, where present.
std::vector<PRFInput> prf_inputs;
};
// Object that encapsulates request parameters for AuthenticatorGetAssertion as
// specified in the CTAP spec.
// https://fidoalliance.org/specs/fido-v2.0-rd-20161004/fido-client-to-authenticator-protocol-v2.0-rd-20161004.html#authenticatorgetassertion
struct COMPONENT_EXPORT(DEVICE_FIDO) CtapGetAssertionRequest {
public:
using ClientDataHash = std::array<uint8_t, kClientDataHashLength>;
// ParseOpts are optional parameters passed to Parse().
struct ParseOpts {
// reject_all_extensions makes parsing fail if any extensions are present.
bool reject_all_extensions = false;
};
// HMACSecret contains the inputs to the hmac-secret extension:
// https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#sctn-hmac-secret-extension
struct HMACSecret {
HMACSecret(base::span<const uint8_t, kP256X962Length> public_key_x962,
base::span<const uint8_t> encrypted_salts,
base::span<const uint8_t> salts_auth);
HMACSecret(const HMACSecret&);
~HMACSecret();
HMACSecret& operator=(const HMACSecret&);
std::array<uint8_t, kP256X962Length> public_key_x962;
std::vector<uint8_t> encrypted_salts;
std::vector<uint8_t> salts_auth;
};
// Decodes a CTAP2 authenticatorGetAssertion request message. The request's
// |client_data_json| will be empty and |client_data_hash| will be set.
//
// A |uv| bit of 0 is mapped to UserVerificationRequirement::kDiscouraged.
static base::Optional<CtapGetAssertionRequest> Parse(
const cbor::Value::MapValue& request_map) {
return Parse(request_map, ParseOpts());
}
static base::Optional<CtapGetAssertionRequest> Parse(
const cbor::Value::MapValue& request_map,
const ParseOpts& opts);
CtapGetAssertionRequest(std::string rp_id, std::string client_data_json);
CtapGetAssertionRequest(const CtapGetAssertionRequest& that);
CtapGetAssertionRequest(CtapGetAssertionRequest&& that);
CtapGetAssertionRequest& operator=(const CtapGetAssertionRequest& other);
CtapGetAssertionRequest& operator=(CtapGetAssertionRequest&& other);
~CtapGetAssertionRequest();
std::string rp_id;
std::string client_data_json;
std::array<uint8_t, kClientDataHashLength> client_data_hash;
UserVerificationRequirement user_verification =
UserVerificationRequirement::kDiscouraged;
bool user_presence_required = true;
std::vector<PublicKeyCredentialDescriptor> allow_list;
base::Optional<std::vector<uint8_t>> pin_auth;
base::Optional<PINUVAuthProtocol> pin_protocol;
base::Optional<std::vector<CableDiscoveryData>> cable_extension;
base::Optional<std::string> app_id;
base::Optional<std::array<uint8_t, crypto::kSHA256Length>>
alternative_application_parameter;
base::Optional<HMACSecret> hmac_secret;
bool large_blob_key = false;
bool large_blob_read = false;
base::Optional<std::vector<uint8_t>> large_blob_write;
bool is_incognito_mode = false;
bool is_u2f_only = false;
base::Optional<AndroidClientDataExtensionInput> android_client_data_ext;
};
struct CtapGetNextAssertionRequest {};
// Serializes GetAssertion request parameter into CBOR encoded map with
// integer keys and CBOR encoded values as defined by the CTAP spec.
// https://drafts.fidoalliance.org/fido-2/latest/fido-client-to-authenticator-protocol-v2.0-wd-20180305.html#authenticatorGetAssertion
COMPONENT_EXPORT(DEVICE_FIDO)
std::pair<CtapRequestCommand, base::Optional<cbor::Value>>
AsCTAPRequestValuePair(const CtapGetAssertionRequest&);
COMPONENT_EXPORT(DEVICE_FIDO)
std::pair<CtapRequestCommand, base::Optional<cbor::Value>>
AsCTAPRequestValuePair(const CtapGetNextAssertionRequest&);
} // namespace device
#endif // DEVICE_FIDO_CTAP_GET_ASSERTION_REQUEST_H_