[webkit-changes] [WebKit/WebKit] a38ad3: Add support for largeBlob extension for local auth...
EWS
noreply at github.com
Tue Feb 28 12:22:26 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: a38ad3411dcf6207dd198956e375a5d7302323f9
https://github.com/WebKit/WebKit/commit/a38ad3411dcf6207dd198956e375a5d7302323f9
Author: Garrett Davidson <garrett_davidson at apple.com>
Date: 2023-02-28 (Tue, 28 Feb 2023)
Changed paths:
M LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https-expected.txt
M LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https.html
M Source/JavaScriptCore/runtime/ArrayBuffer.cpp
M Source/JavaScriptCore/runtime/ArrayBuffer.h
M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.cpp
M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.h
M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.idl
M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.cpp
M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.h
M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.idl
M Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.h
M Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.cpp
M Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp
M Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp
M Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h
M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp
M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h
M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
M Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h
M Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm
M Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp
M Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.h
M Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
M Source/WebKit/UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp
M Tools/TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp
M Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp
M Tools/TestWebKitAPI/Tests/WebCore/FidoTestData.h
Log Message:
-----------
Add support for largeBlob extension for local authenticator
https://bugs.webkit.org/show_bug.cgi?id=252789
rdar://105237759
Reviewed by J Pascoe.
This patch adds support for the largeBlob extension to the local authenticator. This
extension allows storing an arbitrary blob of data alongside a passkey, which can be read
or written during assertions.
* Source/JavaScriptCore/runtime/ArrayBuffer.cpp:
(JSC::ArrayBuffer::create):
* Source/JavaScriptCore/runtime/ArrayBuffer.h:
Moved Vector helpers from WebAuthnUtils to be first class methods.
* Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.cpp:
(WebCore::AuthenticationExtensionsClientInputs::fromCBOR):
(WebCore::AuthenticationExtensionsClientInputs::toCBOR const):
* Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.h:
* Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.idl:
* Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.cpp:
(WebCore::AuthenticationExtensionsClientOutputs::fromCBOR):
(WebCore::AuthenticationExtensionsClientOutputs::toCBOR const):
* Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.h:
* Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.idl:
Basic IDL and encoding support.
* Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.h:
(WebCore::AuthenticatorAssertionResponse::largeBlob const):
(WebCore::AuthenticatorAssertionResponse::setLargeBlob):
Hold on to the blob when we load credentials.
* Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.cpp:
(WebCore::coseKeyForAttestationObject):
(WebCore::AuthenticatorAttestationResponse::getAuthenticatorData const):
Switch away from the old helpers.
* Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:
(WebCore::AuthenticatorCoordinator::create):
Remove an outdated comment and pass along the new extension.
* Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp:
(WebCore::convertArrayBufferToVector): Deleted.
* Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h:
* Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp:
(fido::encodeMakeCredentialRequestAsCBOR):
(fido::encodeGetAssertionRequestAsCBOR):
(fido::encodeMakeCredenitalRequestAsCBOR): Deleted.
* Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h:
Add support for serializing the extension during get and create. This also checks to make
sure that the authenticator supports the extension before attempting to serialize it.
Comes with tests!
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
Support for serializing the new extension between the web process and the UI process. The
also requires the ability to serialize ArrayBuffer to match the IDL.
* Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:
* Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:
(toVector):
(+[_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataJSON:options:userVerificationAvailability:]):
(+[_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataJSON:options:userVerificationAvailability:authenticatorSupportedExtensions:]):
(+[_WKWebAuthenticationPanel encodeGetAssertionCommandWithClientDataJSON:options:userVerificationAvailability:]):
(+[_WKWebAuthenticationPanel encodeGetAssertionCommandWithClientDataJSON:options:userVerificationAvailability:authenticatorSupportedExtensions:]):
(+[_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataHash:options:userVerificationAvailability:]):
(+[_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataHash:options:userVerificationAvailability:authenticatorSupportedExtensions:]):
(+[_WKWebAuthenticationPanel encodeGetAssertionCommandWithClientDataHash:options:userVerificationAvailability:]):
(+[_WKWebAuthenticationPanel encodeGetAssertionCommandWithClientDataHash:options:userVerificationAvailability:authenticatorSupportedExtensions:]):
Trivial new versions of all of these methods that accept an array of extensions supported
by the authenticator.
* Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp:
(WebKit::AuthenticatorManager::respondReceived):
When the extension fails, the spec says to return a NotSupportedError, which is fatal.
Update this method to treate it as such.
* Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.h:
* Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
(alternateBlobIfNecessary):
(WebKit::LocalAuthenticatorInternal::getExistingCredentials):
When loading credentials, also fetch the new blob.
(WebKit::LocalAuthenticator::processLargeBlobExtension):
This extension is now always supported.
If we're doing a read, populate the output with the loaded blob.
If we're doing a write, fetch the existing credential data structure, create a copy with
the new blob populated, and write it back to the keychain.
(WebKit::LocalAuthenticator::processClientExtensions):
The largeBlob extension can fail, causing it to return a NotSupportedError, which is
fatal. This method now returns an exception if something went wrong when processing any
extension, or nullopt on success.
(WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification):
(WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested):
(WebKit::LocalAuthenticator::getAssertion):
(WebKit::LocalAuthenticator::continueGetAssertionAfterUserVerification):
Update these to handle exceptions during extension processing.
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
(WebKit::CtapAuthenticator::makeCredential):
(WebKit::CtapAuthenticator::getAssertion):
* Tools/TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp:
(TestWebKitAPI::TEST):
* Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp:
(TestWebKitAPI::TEST):
* Tools/TestWebKitAPI/Tests/WebCore/FidoTestData.h:
Canonical link: https://commits.webkit.org/260958@main
More information about the webkit-changes
mailing list