[WebAuthN] Use a real nonce for CTAPHID_INIT
[WebKit-https.git] / Source / WebKit / UIProcess / WebAuthentication / Mock / MockHidConnection.cpp
1 /*
2  * Copyright (C) 2018 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
14  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
15  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
17  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
18  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
19  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
21  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
22  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
23  * THE POSSIBILITY OF SUCH DAMAGE.
24  */
25
26 #include "config.h"
27 #include "MockHidConnection.h"
28
29 #if ENABLE(WEB_AUTHN) && PLATFORM(MAC)
30
31 #include <WebCore/AuthenticatorGetInfoResponse.h>
32 #include <WebCore/CBORReader.h>
33 #include <WebCore/FidoConstants.h>
34 #include <wtf/BlockPtr.h>
35 #include <wtf/CryptographicallyRandomNumber.h>
36 #include <wtf/RunLoop.h>
37 #include <wtf/text/Base64.h>
38
39 namespace WebKit {
40 using Mock = MockWebAuthenticationConfiguration::Hid;
41 using namespace WebCore;
42 using namespace cbor;
43 using namespace fido;
44
45 namespace MockHidConnectionInternal {
46 // https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-client-to-authenticator-protocol-v2.0-ps-20170927.html#mandatory-commands
47 const size_t CtapChannelIdSize = 4;
48 const uint8_t CtapKeepAliveStatusProcessing = 1;
49 // https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-client-to-authenticator-protocol-v2.0-ps-20170927.html#commands
50 const int64_t CtapMakeCredentialRequestOptionsKey = 7;
51 const int64_t CtapGetAssertionRequestOptionsKey = 5;
52 }
53
54 MockHidConnection::MockHidConnection(IOHIDDeviceRef device, const MockWebAuthenticationConfiguration& configuration)
55     : HidConnection(device)
56     , m_configuration(configuration)
57 {
58 }
59
60 void MockHidConnection::initialize()
61 {
62     m_initialized = true;
63 }
64
65 void MockHidConnection::terminate()
66 {
67     m_terminated = true;
68 }
69
70 void MockHidConnection::send(Vector<uint8_t>&& data, DataSentCallback&& callback)
71 {
72     ASSERT(m_initialized);
73     auto task = BlockPtr<void()>::fromCallable([weakThis = makeWeakPtr(*this), data = WTFMove(data), callback = WTFMove(callback)]() mutable {
74         ASSERT(!RunLoop::isMain());
75         RunLoop::main().dispatch([weakThis, data = WTFMove(data), callback = WTFMove(callback)]() mutable {
76             if (!weakThis)
77                 return;
78
79             weakThis->assembleRequest(WTFMove(data));
80
81             auto sent = DataSent::Yes;
82             if (weakThis->stagesMatch() && weakThis->m_configuration.hid->error == Mock::Error::DataNotSent)
83                 sent = DataSent::No;
84             callback(sent);
85         });
86     });
87     dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), task.get());
88 }
89
90 void MockHidConnection::registerDataReceivedCallbackInternal()
91 {
92     if (stagesMatch() && m_configuration.hid->error == Mock::Error::EmptyReport) {
93         receiveReport({ });
94         shouldContinueFeedReports();
95         return;
96     }
97     if (!m_configuration.hid->fastDataArrival)
98         feedReports();
99 }
100
101 void MockHidConnection::assembleRequest(Vector<uint8_t>&& data)
102 {
103     if (!m_requestMessage) {
104         m_requestMessage = FidoHidMessage::createFromSerializedData(data);
105         ASSERT(m_requestMessage);
106     } else {
107         auto status = m_requestMessage->addContinuationPacket(data);
108         ASSERT_UNUSED(status, status);
109     }
110
111     if (m_requestMessage->messageComplete())
112         parseRequest();
113 }
114
115 void MockHidConnection::parseRequest()
116 {
117     using namespace MockHidConnectionInternal;
118
119     ASSERT(m_requestMessage);
120     // Set stages.
121     if (m_requestMessage->cmd() == FidoHidDeviceCommand::kInit) {
122         auto previousSubStage = m_subStage;
123         m_subStage = Mock::SubStage::Init;
124         if (previousSubStage == Mock::SubStage::Msg)
125             m_stage = Mock::Stage::Request;
126     }
127     if (m_requestMessage->cmd() == FidoHidDeviceCommand::kCbor)
128         m_subStage = Mock::SubStage::Msg;
129
130     // Set options.
131     if (m_stage == Mock::Stage::Request && m_subStage == Mock::SubStage::Msg) {
132         m_requireResidentKey = false;
133         m_requireUserVerification = false;
134
135         auto payload = m_requestMessage->getMessagePayload();
136         ASSERT(payload.size());
137         auto cmd = static_cast<CtapRequestCommand>(payload[0]);
138         payload.remove(0);
139         auto requestMap = CBORReader::read(payload);
140         ASSERT(requestMap);
141
142         if (cmd == CtapRequestCommand::kAuthenticatorMakeCredential) {
143             auto it = requestMap->getMap().find(CBORValue(CtapMakeCredentialRequestOptionsKey)); // Find options.
144             if (it != requestMap->getMap().end()) {
145                 auto& optionMap = it->second.getMap();
146
147                 auto itr = optionMap.find(CBORValue(kResidentKeyMapKey));
148                 if (itr != optionMap.end())
149                     m_requireResidentKey = itr->second.getBool();
150
151                 itr = optionMap.find(CBORValue(kUserVerificationMapKey));
152                 if (itr != optionMap.end())
153                     m_requireUserVerification = itr->second.getBool();
154             }
155         }
156
157         if (cmd == CtapRequestCommand::kAuthenticatorGetAssertion) {
158             auto it = requestMap->getMap().find(CBORValue(CtapGetAssertionRequestOptionsKey)); // Find options.
159             if (it != requestMap->getMap().end()) {
160                 auto& optionMap = it->second.getMap();
161                 auto itr = optionMap.find(CBORValue(kUserVerificationMapKey));
162                 if (itr != optionMap.end())
163                     m_requireUserVerification = itr->second.getBool();
164             }
165         }
166     }
167
168     // Store nonce.
169     if (m_subStage == Mock::SubStage::Init) {
170         m_nonce = m_requestMessage->getMessagePayload();
171         ASSERT(m_nonce.size() == kHidInitNonceLength);
172     }
173
174     m_currentChannel = m_requestMessage->channelId();
175     m_requestMessage = std::nullopt;
176     if (m_configuration.hid->fastDataArrival)
177         feedReports();
178 }
179
180 void MockHidConnection::feedReports()
181 {
182     using namespace MockHidConnectionInternal;
183
184     if (m_subStage == Mock::SubStage::Init) {
185         Vector<uint8_t> payload;
186         payload.reserveInitialCapacity(kHidInitResponseSize);
187         payload.appendVector(m_nonce);
188         if (stagesMatch() && m_configuration.hid->error == Mock::Error::WrongNonce)
189             payload[0]--;
190         payload.grow(kHidInitResponseSize);
191         cryptographicallyRandomValues(payload.data() + payload.size(), CtapChannelIdSize);
192         auto channel = kHidBroadcastChannel;
193         if (stagesMatch() && m_configuration.hid->error == Mock::Error::WrongChannelId)
194             channel--;
195         FidoHidInitPacket initPacket(channel, FidoHidDeviceCommand::kInit, WTFMove(payload), payload.size());
196         receiveReport(initPacket.getSerializedData());
197         shouldContinueFeedReports();
198         return;
199     }
200
201     std::optional<FidoHidMessage> message;
202     if (m_stage == Mock::Stage::Info && m_subStage == Mock::SubStage::Msg) {
203         auto infoData = encodeAsCBOR(AuthenticatorGetInfoResponse({ ProtocolVersion::kCtap }, Vector<uint8_t>(kAaguidLength, 0u)));
204         infoData.insert(0, static_cast<uint8_t>(CtapDeviceResponseCode::kSuccess)); // Prepend status code.
205         if (stagesMatch() && m_configuration.hid->error == Mock::Error::WrongChannelId)
206             message = FidoHidMessage::create(m_currentChannel - 1, FidoHidDeviceCommand::kCbor, infoData);
207         else
208             message = FidoHidMessage::create(m_currentChannel, FidoHidDeviceCommand::kCbor, infoData);
209     }
210
211     if (m_stage == Mock::Stage::Request && m_subStage == Mock::SubStage::Msg) {
212         if (m_configuration.hid->keepAlive) {
213             m_configuration.hid->keepAlive = false;
214             FidoHidInitPacket initPacket(m_currentChannel, FidoHidDeviceCommand::kKeepAlive, { CtapKeepAliveStatusProcessing }, 1);
215             receiveReport(initPacket.getSerializedData());
216             continueFeedReports();
217             return;
218         }
219         if (stagesMatch() && m_configuration.hid->error == Mock::Error::UnsupportedOptions && (m_requireResidentKey || m_requireUserVerification))
220             message = FidoHidMessage::create(m_currentChannel, FidoHidDeviceCommand::kCbor, { static_cast<uint8_t>(CtapDeviceResponseCode::kCtap2ErrUnsupportedOption) });
221         else {
222             Vector<uint8_t> payload;
223             auto status = base64Decode(m_configuration.hid->payloadBase64, payload);
224             ASSERT_UNUSED(status, status);
225             message = FidoHidMessage::create(m_currentChannel, FidoHidDeviceCommand::kCbor, payload);
226         }
227     }
228
229     ASSERT(message);
230     bool isFirst = true;
231     while (message->numPackets()) {
232         auto report = message->popNextPacket();
233         if (!isFirst && stagesMatch() && m_configuration.hid->error == Mock::Error::WrongChannelId)
234             report = FidoHidContinuationPacket(m_currentChannel - 1, 0, { }).getSerializedData();
235         // Packets are feed asynchronously to mimic actual data transmission.
236         RunLoop::main().dispatch([report = WTFMove(report), weakThis = makeWeakPtr(*this)]() mutable {
237             if (!weakThis)
238                 return;
239             weakThis->receiveReport(WTFMove(report));
240         });
241         isFirst = false;
242     }
243 }
244
245 bool MockHidConnection::stagesMatch() const
246 {
247     return m_configuration.hid->stage == m_stage && m_configuration.hid->subStage == m_subStage;
248 }
249
250 void MockHidConnection::shouldContinueFeedReports()
251 {
252     if (!m_configuration.hid->continueAfterErrorData)
253         return;
254     m_configuration.hid->continueAfterErrorData = false;
255     m_configuration.hid->error = Mock::Error::Success;
256     continueFeedReports();
257 }
258
259 void MockHidConnection::continueFeedReports()
260 {
261     // Send actual response for the next run.
262     RunLoop::main().dispatch([weakThis = makeWeakPtr(*this)]() mutable {
263         if (!weakThis)
264             return;
265         weakThis->feedReports();
266     });
267 }
268
269 } // namespace WebKit
270
271 #endif // ENABLE(WEB_AUTHN) && PLATFORM(MAC)