WebAuthenticationUtils.cpp [plain text]
#include "config.h"
#include "WebAuthenticationUtils.h"
#if ENABLE(WEB_AUTHN)
#include "CBORWriter.h"
#include "WebAuthenticationConstants.h"
#include <pal/crypto/CryptoDigest.h>
#include <wtf/text/WTFString.h>
namespace WebCore {
Vector<uint8_t> convertBytesToVector(const uint8_t byteArray[], const size_t length)
{
Vector<uint8_t> result;
result.append(byteArray, length);
return result;
}
Vector<uint8_t> produceRpIdHash(const String& rpId)
{
auto crypto = PAL::CryptoDigest::create(PAL::CryptoDigest::Algorithm::SHA_256);
auto rpIdUtf8 = rpId.utf8();
crypto->addBytes(rpIdUtf8.data(), rpIdUtf8.length());
return crypto->computeHash();
}
Vector<uint8_t> encodeES256PublicKeyAsCBOR(Vector<uint8_t>&& x, Vector<uint8_t>&& y)
{
cbor::CBORValue::MapValue publicKeyMap;
publicKeyMap[cbor::CBORValue(COSE::kty)] = cbor::CBORValue(COSE::EC2);
publicKeyMap[cbor::CBORValue(COSE::alg)] = cbor::CBORValue(COSE::ES256);
publicKeyMap[cbor::CBORValue(COSE::crv)] = cbor::CBORValue(COSE::P_256);
publicKeyMap[cbor::CBORValue(COSE::x)] = cbor::CBORValue(WTFMove(x));
publicKeyMap[cbor::CBORValue(COSE::y)] = cbor::CBORValue(WTFMove(y));
auto cosePublicKey = cbor::CBORWriter::write(cbor::CBORValue(WTFMove(publicKeyMap)));
ASSERT(cosePublicKey);
return *cosePublicKey;
}
Vector<uint8_t> buildAttestedCredentialData(const Vector<uint8_t>& aaguid, const Vector<uint8_t>& credentialId, const Vector<uint8_t>& coseKey)
{
Vector<uint8_t> attestedCredentialData;
attestedCredentialData.reserveInitialCapacity(aaguidLength + credentialIdLengthLength + credentialId.size() + coseKey.size());
ASSERT(aaguid.size() == aaguidLength);
attestedCredentialData.appendVector(aaguid);
ASSERT(credentialId.size() <= std::numeric_limits<uint16_t>::max());
attestedCredentialData.append(credentialId.size() >> 8 & 0xff);
attestedCredentialData.append(credentialId.size() & 0xff);
attestedCredentialData.appendVector(credentialId);
attestedCredentialData.appendVector(coseKey);
return attestedCredentialData;
}
Vector<uint8_t> buildAuthData(const String& rpId, const uint8_t flags, const uint32_t counter, const Vector<uint8_t>& optionalAttestedCredentialData)
{
Vector<uint8_t> authData;
authData.reserveInitialCapacity(rpIdHashLength + flagsLength + signCounterLength + optionalAttestedCredentialData.size());
authData.appendVector(produceRpIdHash(rpId));
authData.append(flags);
authData.append(counter >> 24 & 0xff);
authData.append(counter >> 16 & 0xff);
authData.append(counter >> 8 & 0xff);
authData.append(counter & 0xff);
authData.appendVector(optionalAttestedCredentialData);
return authData;
}
Vector<uint8_t> buildAttestationObject(Vector<uint8_t>&& authData, String&& format, cbor::CBORValue::MapValue&& statementMap, const AttestationConveyancePreference& attestation)
{
cbor::CBORValue::MapValue attestationObjectMap;
if (attestation == AttestationConveyancePreference::None) {
const size_t aaguidOffset = rpIdHashLength + flagsLength + signCounterLength;
if (authData.size() >= aaguidOffset + aaguidLength)
memset(authData.data() + aaguidOffset, 0, aaguidLength);
format = noneAttestationValue;
statementMap.clear();
}
attestationObjectMap[cbor::CBORValue("authData")] = cbor::CBORValue(WTFMove(authData));
attestationObjectMap[cbor::CBORValue("fmt")] = cbor::CBORValue(WTFMove(format));
attestationObjectMap[cbor::CBORValue("attStmt")] = cbor::CBORValue(WTFMove(statementMap));
auto attestationObject = cbor::CBORWriter::write(cbor::CBORValue(WTFMove(attestationObjectMap)));
ASSERT(attestationObject);
return *attestationObject;
}
}
#endif // ENABLE(WEB_AUTHN)