forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Reland "webauthn: implement getPublicKey() and friends."
This reverts commit e2c1b35. https://chromium-review.googlesource.com/c/chromium/src/+/2238777 updates some Java tests with non-dummy data that should avoid causing problems. Original change's description: > Revert "webauthn: implement getPublicKey() and friends." > > This reverts commit c5d2367. > > Reason for revert: I suspect that this CL causes Fido2CredentialRequestTest failures on android-pie-x86-rel: > https://ci.chromium.org/p/chromium/builders/ci/android-pie-x86-rel > > Here is a snippet of callstack: > java.lang.AssertionError: expected:<11> but was:<0> > at org.junit.Assert.fail(Assert.java:88) > at org.junit.Assert.failNotEquals(Assert.java:834) > at org.junit.Assert.assertEquals(Assert.java:118) > at org.junit.Assert.assertEquals(Assert.java:144) > at org.chromium.chrome.browser.webauth.Fido2CredentialRequestTest.testMakeCredential_attestationIndirect(Fido2CredentialRequestTest.java:921) > > Here is sample failure: > https://00e9e64bac4dbda9c3b8a07931c85e48f4420a03929ffbcaf5-apidata.googleusercontent.com/download/storage/v1/b/chromium-result-details/o/html%2Fchrome_public_test_apk_android-pie-x86-rel_990_2020_06_09_T16_33_45-UTC?qk=AD5uMEvQvMK8K2ZyV-tHIDwdTtLEnQK-X1Mw0ohWLQeOpgogj0sVgm_7y9e5CdF-FMV6ObBmwjpVxD6Jh8_7VTv4z2FpOutuS8Gd6qQH5OxikfytS8cKFb_SRCCQXIgWq45BwD7DediOcKTF-UZea_JAoFuHO0ljO0PRqnkFYSoIHcPONuqaszXChp63b5o4VAKYsofAHDhpHru_hiAf6xUyfK91I8cr-2sdHjQU6Ks4XQIIWVnq2PSAiysd6hNeq51qWPEaX7HS8hCwWIpe55Xq9hIWLOtab3MY1WLLxM3UuWMY8IDCKfcvnrTiQMcRyeD7Iii33jHhC8-rDGttfDEl39kpFnWynDC-C0TmPFoCJVkl7mHxz0uCNlQJ3I0Rt_F2DTqA96qIKrpwEltNs96-0j1VgSOJCjU3s4od6h7juoIxpH5HThyg7G-fB1-MWzv7mQfAE5ZBilodU0CKMsFrnN_5Kf4thAbDj-RJUiUNpy0A9swLOhMLjEsfxQeDRldVvy9OVUNvcakhJziml5iA7LWoDB58E3eGTyUi-dA5aOLN3KWLR7T452j4MwnCHC5vTRNxxGxCkemgQQDkl1fHJas1u6GUcY4_ncvhIuGvLsfg8uqWpzFuau4CFamGC2USpyVpNIeNhpcf2w-lYzG1rkHjHWYgUKSvhoaItY3oeRFjnkYMgZrDsy8QmneuVVGTPd4nzoWWaCZbaG9ZaF80xRu9YhYnTUXI7GqQF1rlst09Mqu8IvDXo9dgYzodInIA6p3H7azZgnvCfzYUxL4QVrvskyjTQCITmz-o2W6CPUzBqWJhWLRTpZYcVSV7z8zjj1cFwDQPBKpJzQDRrtC1sZCM0WrmQ7oSNeU-AH3uBaNWeGBF2rkY8-9gx8dlr38DGQvXoKZVWHWi61jVnQhac27ctKBLKQ&isca=1 > > Original change's description: > > webauthn: implement getPublicKey() and friends. > > > > This change implements the getPublicKey(), getPublicKeyAlgorithm(), and > > getAuthenticatorData() functions described in the editor's draft of > > WebAuthn level two[1]. > > > > [1] https://w3c.github.io/webauthn/#sctn-public-key-easy > > > > BUG=1083301 > > > > Change-Id: I3a03279d5239a9f8df50a78f2166f30d01d38d3e > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2204087 > > Reviewed-by: Andrew Grieve <agrieve@chromium.org> > > Reviewed-by: Ken Buchanan <kenrb@chromium.org> > > Reviewed-by: Alex Russell <slightlyoff@chromium.org> > > Reviewed-by: Jared Saul <jsaul@google.com> > > Reviewed-by: Adam Langley <agl@chromium.org> > > Reviewed-by: Nina Satragno <nsatragno@chromium.org> > > Reviewed-by: Martin Kreichgauer <martinkr@google.com> > > Commit-Queue: Adam Langley <agl@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#776517} > > TBR=kenrb@chromium.org,agl@chromium.org,slightlyoff@chromium.org,nsatragno@chromium.org,agrieve@chromium.org,jsaul@google.com,martinkr@google.com > > Change-Id: I7429b5b7ecd7fa38c4e1ec2905b80a15e7c64216 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: 1083301 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2238749 > Reviewed-by: Pavel Yatsuk <pavely@chromium.org> > Commit-Queue: Pavel Yatsuk <pavely@chromium.org> > Cr-Commit-Position: refs/heads/master@{#776637} TBR=kenrb@chromium.org,agl@chromium.org,slightlyoff@chromium.org,pavely@chromium.org,nsatragno@chromium.org,agrieve@chromium.org,jsaul@google.com,martinkr@google.com # Not skipping CQ checks because original CL landed > 1 day ago. Bug: 1083301 Change-Id: I9e3c8278dde4b61b7a45b6277f48fe018b3a8188 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2241341 Reviewed-by: Adam Langley <agl@chromium.org> Commit-Queue: Adam Langley <agl@chromium.org> Cr-Commit-Position: refs/heads/master@{#777424}
- Loading branch information
Adam Langley
authored and
Commit Bot
committed
Jun 11, 2020
1 parent
5293d27
commit a09284e
Showing
20 changed files
with
333 additions
and
139 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
77 changes: 77 additions & 0 deletions
77
chrome/browser/android/webauth/fido2helper_native_android.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
// Copyright 2020 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#include <jni.h> | ||
|
||
#include "base/android/jni_array.h" | ||
#include "chrome/android/chrome_jni_headers/Fido2Helper_jni.h" | ||
#include "components/cbor/reader.h" | ||
#include "device/fido/attested_credential_data.h" | ||
#include "device/fido/public_key.h" | ||
#include "third_party/boringssl/src/include/openssl/bytestring.h" | ||
|
||
using base::android::ScopedJavaLocalRef; | ||
using base::android::ToJavaByteArray; | ||
|
||
// Parses a CTAP2 attestation[1] and extracts the | ||
// parts that the browser provides via Javascript API [2]. Called | ||
// Fido2Helper.java when constructing the makeCredential reply. | ||
// | ||
// [1] https://www.w3.org/TR/webauthn/#attestation-object | ||
// [2] https://w3c.github.io/webauthn/#sctn-public-key-easy | ||
static jboolean JNI_Fido2Helper_ParseAttestationObject( | ||
JNIEnv* env, | ||
const base::android::JavaParamRef<jbyteArray>& jattestation_object_bytes, | ||
const base::android::JavaParamRef<jobject>& out_result) { | ||
std::vector<uint8_t> attestation_object_bytes; | ||
JavaByteArrayToByteVector(env, jattestation_object_bytes, | ||
&attestation_object_bytes); | ||
|
||
base::Optional<cbor::Value> attestation_object = | ||
cbor::Reader::Read(attestation_object_bytes); | ||
if (!attestation_object || !attestation_object->is_map()) { | ||
return false; | ||
} | ||
|
||
const cbor::Value::MapValue& map = attestation_object->GetMap(); | ||
// See https://www.w3.org/TR/webauthn/#generating-an-attestation-object | ||
cbor::Value::MapValue::const_iterator it = map.find(cbor::Value("authData")); | ||
if (it == map.end() || !it->second.is_bytestring()) { | ||
return false; | ||
} | ||
const std::vector<uint8_t>& auth_data = it->second.GetBytestring(); | ||
// See https://www.w3.org/TR/webauthn/#sec-authenticator-data | ||
CBS cbs; | ||
CBS_init(&cbs, auth_data.data(), auth_data.size()); | ||
uint8_t flags; | ||
if ( // RP ID hash. | ||
!CBS_skip(&cbs, 32) || !CBS_get_u8(&cbs, &flags) || | ||
// Check AT flag is set. | ||
((flags >> 6) & 1) == 0 || | ||
// Signature counter. | ||
!CBS_skip(&cbs, 4)) { | ||
return false; | ||
} | ||
|
||
const auto result = device::AttestedCredentialData::ConsumeFromCtapResponse( | ||
base::span<const uint8_t>(CBS_data(&cbs), CBS_len(&cbs))); | ||
if (!result) { | ||
return false; | ||
} | ||
|
||
ScopedJavaLocalRef<jbyteArray> auth_data_java( | ||
ToJavaByteArray(env, auth_data)); | ||
|
||
const device::PublicKey* pub_key = result->first.public_key(); | ||
const base::Optional<std::vector<uint8_t>>& der_bytes(pub_key->der_bytes); | ||
ScopedJavaLocalRef<jbyteArray> spki_java; | ||
if (der_bytes) { | ||
spki_java.Reset(ToJavaByteArray(env, *der_bytes)); | ||
} | ||
|
||
Java_AttestationObjectParts_setAll(env, out_result, auth_data_java, spki_java, | ||
pub_key->algorithm); | ||
|
||
return true; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.