Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: a38ad3411dcf6207dd198956e375a5d7302323f9 https://github.com/WebKit/WebKit/commit/a38ad3411dcf6207dd198956e375a5d7302323f9 Author: Garrett Davidson <garrett_david...@apple.com> Date: 2023-02-28 (Tue, 28 Feb 2023)
Changed paths: M LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https-expected.txt M LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https.html M Source/JavaScriptCore/runtime/ArrayBuffer.cpp M Source/JavaScriptCore/runtime/ArrayBuffer.h M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.cpp M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.h M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.idl M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.cpp M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.h M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.idl M Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.h M Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.cpp M Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp M Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp M Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in M Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h M Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm M Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp M Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.h M Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp M Source/WebKit/UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp M Tools/TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp M Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp M Tools/TestWebKitAPI/Tests/WebCore/FidoTestData.h Log Message: ----------- Add support for largeBlob extension for local authenticator https://bugs.webkit.org/show_bug.cgi?id=252789 rdar://105237759 Reviewed by J Pascoe. This patch adds support for the largeBlob extension to the local authenticator. This extension allows storing an arbitrary blob of data alongside a passkey, which can be read or written during assertions. * Source/JavaScriptCore/runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::create): * Source/JavaScriptCore/runtime/ArrayBuffer.h: Moved Vector helpers from WebAuthnUtils to be first class methods. * Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.cpp: (WebCore::AuthenticationExtensionsClientInputs::fromCBOR): (WebCore::AuthenticationExtensionsClientInputs::toCBOR const): * Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.h: * Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.idl: * Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.cpp: (WebCore::AuthenticationExtensionsClientOutputs::fromCBOR): (WebCore::AuthenticationExtensionsClientOutputs::toCBOR const): * Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.h: * Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientOutputs.idl: Basic IDL and encoding support. * Source/WebCore/Modules/webauthn/AuthenticatorAssertionResponse.h: (WebCore::AuthenticatorAssertionResponse::largeBlob const): (WebCore::AuthenticatorAssertionResponse::setLargeBlob): Hold on to the blob when we load credentials. * Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.cpp: (WebCore::coseKeyForAttestationObject): (WebCore::AuthenticatorAttestationResponse::getAuthenticatorData const): Switch away from the old helpers. * Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp: (WebCore::AuthenticatorCoordinator::create): Remove an outdated comment and pass along the new extension. * Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp: (WebCore::convertArrayBufferToVector): Deleted. * Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h: * Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp: (fido::encodeMakeCredentialRequestAsCBOR): (fido::encodeGetAssertionRequestAsCBOR): (fido::encodeMakeCredenitalRequestAsCBOR): Deleted. * Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h: Add support for serializing the extension during get and create. This also checks to make sure that the authenticator supports the extension before attempting to serialize it. Comes with tests! * Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in: Support for serializing the new extension between the web process and the UI process. The also requires the ability to serialize ArrayBuffer to match the IDL. * Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: * Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm: (toVector): (+[_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataJSON:options:userVerificationAvailability:]): (+[_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataJSON:options:userVerificationAvailability:authenticatorSupportedExtensions:]): (+[_WKWebAuthenticationPanel encodeGetAssertionCommandWithClientDataJSON:options:userVerificationAvailability:]): (+[_WKWebAuthenticationPanel encodeGetAssertionCommandWithClientDataJSON:options:userVerificationAvailability:authenticatorSupportedExtensions:]): (+[_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataHash:options:userVerificationAvailability:]): (+[_WKWebAuthenticationPanel encodeMakeCredentialCommandWithClientDataHash:options:userVerificationAvailability:authenticatorSupportedExtensions:]): (+[_WKWebAuthenticationPanel encodeGetAssertionCommandWithClientDataHash:options:userVerificationAvailability:]): (+[_WKWebAuthenticationPanel encodeGetAssertionCommandWithClientDataHash:options:userVerificationAvailability:authenticatorSupportedExtensions:]): Trivial new versions of all of these methods that accept an array of extensions supported by the authenticator. * Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp: (WebKit::AuthenticatorManager::respondReceived): When the extension fails, the spec says to return a NotSupportedError, which is fatal. Update this method to treate it as such. * Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.h: * Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm: (alternateBlobIfNecessary): (WebKit::LocalAuthenticatorInternal::getExistingCredentials): When loading credentials, also fetch the new blob. (WebKit::LocalAuthenticator::processLargeBlobExtension): This extension is now always supported. If we're doing a read, populate the output with the loaded blob. If we're doing a write, fetch the existing credential data structure, create a copy with the new blob populated, and write it back to the keychain. (WebKit::LocalAuthenticator::processClientExtensions): The largeBlob extension can fail, causing it to return a NotSupportedError, which is fatal. This method now returns an exception if something went wrong when processing any extension, or nullopt on success. (WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification): (WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested): (WebKit::LocalAuthenticator::getAssertion): (WebKit::LocalAuthenticator::continueGetAssertionAfterUserVerification): Update these to handle exceptions during extension processing. * Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp: (WebKit::CtapAuthenticator::makeCredential): (WebKit::CtapAuthenticator::getAssertion): * Tools/TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp: (TestWebKitAPI::TEST): * Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp: (TestWebKitAPI::TEST): * Tools/TestWebKitAPI/Tests/WebCore/FidoTestData.h: Canonical link: https://commits.webkit.org/260958@main _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes