[webkit-changes] [WebKit/WebKit] a38ad3: Add support for largeBlob extension for local auth...

EWS noreply at github.com
Tue Feb 28 12:22:26 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: a38ad3411dcf6207dd198956e375a5d7302323f9
      https://github.com/WebKit/WebKit/commit/a38ad3411dcf6207dd198956e375a5d7302323f9
  Author: Garrett Davidson <garrett_davidson at apple.com>
  Date:   2023-02-28 (Tue, 28 Feb 2023)

  Changed paths:
    M LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https.html
    M Source/JavaScriptCore/runtime/ArrayBuffer.cpp
    M Source/JavaScriptCore/runtime/ArrayBuffer.h
    M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.cpp
    M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.h
    M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.idl
    M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.cpp
    M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.h
    M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.idl
    M Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.h
    M Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.cpp
    M Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp
    M Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp
    M Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h
    M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp
    M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h
    M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
    M Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h
    M Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm
    M Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.h
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm
    M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
    M Source/WebKit/UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp
    M Tools/TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp
    M Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp
    M Tools/TestWebKitAPI/Tests/WebCore/FidoTestData.h

  Log Message:
  -----------
  Add support for largeBlob extension for local authenticator
https://bugs.webkit.org/show_bug.cgi?id=252789
rdar://105237759

Reviewed by J Pascoe.

This patch adds support for the largeBlob extension to the local authenticator. This
extension allows storing an arbitrary blob of data alongside a passkey, which can be read
or written during assertions.

* Source/JavaScriptCore/runtime/ArrayBuffer.cpp:
(JSC::ArrayBuffer::create):
* Source/JavaScriptCore/runtime/ArrayBuffer.h:
Moved Vector helpers from WebAuthnUtils to be first class methods.

* Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.cpp:
(WebCore::AuthenticationExtensionsClientInputs::fromCBOR):
(WebCore::AuthenticationExtensionsClientInputs::toCBOR const):
* Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.h:
* Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.idl:
* Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.cpp:
(WebCore::AuthenticationExtensionsClientOutputs::fromCBOR):
(WebCore::AuthenticationExtensionsClientOutputs::toCBOR const):
* Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.h:
* Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.idl:
Basic IDL and encoding support.

* Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.h:
(WebCore::AuthenticatorAssertionResponse::largeBlob const):
(WebCore::AuthenticatorAssertionResponse::setLargeBlob):
Hold on to the blob when we load credentials.

* Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.cpp:
(WebCore::coseKeyForAttestationObject):
(WebCore::AuthenticatorAttestationResponse::getAuthenticatorData const):
Switch away from the old helpers.

* Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:
(WebCore::AuthenticatorCoordinator::create):
Remove an outdated comment and pass along the new extension.

* Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp:
(WebCore::convertArrayBufferToVector): Deleted.
* Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h:

* Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp:
(fido::encodeMakeCredentialRequestAsCBOR):
(fido::encodeGetAssertionRequestAsCBOR):
(fido::encodeMakeCredenitalRequestAsCBOR): Deleted.
* Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h:
Add support for serializing the extension during get and create. This also checks to make
sure that the authenticator supports the extension before attempting to serialize it.
Comes with tests!

* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
Support for serializing the new extension between the web process and the UI process. The
also requires the ability to serialize ArrayBuffer to match the IDL.

* Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:
* Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:
(toVector):
(+[_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataJSON:options:userVerificationAvailability:]):
(+[_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataJSON:options:userVerificationAvailability:authenticatorSupportedExtensions:]):
(+[_WKWebAuthenticationPanel encodeGetAssertionCommandWithClientDataJSON:options:userVerificationAvailability:]):
(+[_WKWebAuthenticationPanel encodeGetAssertionCommandWithClientDataJSON:options:userVerificationAvailability:authenticatorSupportedExtensions:]):
(+[_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataHash:options:userVerificationAvailability:]):
(+[_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataHash:options:userVerificationAvailability:authenticatorSupportedExtensions:]):
(+[_WKWebAuthenticationPanel encodeGetAssertionCommandWithClientDataHash:options:userVerificationAvailability:]):
(+[_WKWebAuthenticationPanel encodeGetAssertionCommandWithClientDataHash:options:userVerificationAvailability:authenticatorSupportedExtensions:]):
Trivial new versions of all of these methods that accept an array of extensions supported
by the authenticator.

* Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp:
(WebKit::AuthenticatorManager::respondReceived):
When the extension fails, the spec says to return a NotSupportedError, which is fatal.
Update this method to treate it as such.

* Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.h:
* Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
(alternateBlobIfNecessary):

(WebKit::LocalAuthenticatorInternal::getExistingCredentials):
When loading credentials, also fetch the new blob.

(WebKit::LocalAuthenticator::processLargeBlobExtension):
This extension is now always supported.
If we're doing a read, populate the output with the loaded blob.
If we're doing a write, fetch the existing credential data structure, create a copy with
the new blob populated, and write it back to the keychain.

(WebKit::LocalAuthenticator::processClientExtensions):
The largeBlob extension can fail, causing it to return a NotSupportedError, which is
fatal. This method now returns an exception if something went wrong when processing any
extension, or nullopt on success.

(WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification):
(WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested):
(WebKit::LocalAuthenticator::getAssertion):
(WebKit::LocalAuthenticator::continueGetAssertionAfterUserVerification):
Update these to handle exceptions during extension processing.

* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
(WebKit::CtapAuthenticator::makeCredential):
(WebKit::CtapAuthenticator::getAssertion):
* Tools/TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp:
(TestWebKitAPI::TEST):
* Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp:
(TestWebKitAPI::TEST):
* Tools/TestWebKitAPI/Tests/WebCore/FidoTestData.h:

Canonical link: https://commits.webkit.org/260958@main

More information about the webkit-changes mailing list