[WebAuthN] Support U2F HID Authenticators on macOS
authorjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 9 Jan 2019 00:35:39 +0000 (00:35 +0000)
committerjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 9 Jan 2019 00:35:39 +0000 (00:35 +0000)
commit0919c8dd975b53b9b5793ea44357faf53c292f1f
tree554dfddf4633f4d8aea497d1fa345b4f67440c8c
parent375f51ad50b33bf17963e3b826b5e1769478f260
[WebAuthN] Support U2F HID Authenticators on macOS
https://bugs.webkit.org/show_bug.cgi?id=191535
<rdar://problem/47102027>

Reviewed by Brent Fulgham.

Source/WebCore:

This patch changes U2fCommandConstructor to produce register commands with
enforcing test of user presence. Otherwise, authenticators would silently
generate credentials. It also renames readFromU2fSignResponse to
readU2fSignResponse.

Tests: http/wpt/webauthn/public-key-credential-create-failure-u2f-silent.https.html
       http/wpt/webauthn/public-key-credential-create-failure-u2f.https.html
       http/wpt/webauthn/public-key-credential-create-success-u2f.https.html
       http/wpt/webauthn/public-key-credential-get-failure-u2f-silent.https.html
       http/wpt/webauthn/public-key-credential-get-failure-u2f.https.html
       http/wpt/webauthn/public-key-credential-get-success-u2f.https.html

* Modules/webauthn/fido/U2fCommandConstructor.cpp:
(fido::WebCore::constructU2fRegisterCommand):
* Modules/webauthn/fido/U2fResponseConverter.cpp:
(fido::readU2fSignResponse):
(fido::readFromU2fSignResponse): Deleted.
* Modules/webauthn/fido/U2fResponseConverter.h:

Source/WebKit:

This patch implements the support for U2F authenticators, and enables it for hid devices.
It follows the CTAP spec to map WebAuthN requests to U2F commands and return the responses:
https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#u2f-interoperability
Most of the parts are done before this patch, this patch focues on: 7.2.2 and 7.3.2.

Besides implementing the U2fHidAuthenticator, this patch also adds support in the mocking
environment for U2F authenticators. It is done by extending the stages in MockHidConnection
from 4 to indefinite as multi-round communications are expected to map WebAuthN requests
to U2F requests.

* Sources.txt:
* UIProcess/API/C/WKWebsiteDataStoreRef.cpp:
(WKWebsiteDataStoreSetWebAuthenticationMockConfiguration):
* UIProcess/WebAuthentication/Cocoa/HidService.mm:
(WebKit::HidService::continueAddDeviceAfterGetInfo):
* UIProcess/WebAuthentication/fido/CtapHidDriver.cpp:
(WebKit::CtapHidDriver::continueAfterChannelAllocated):
* UIProcess/WebAuthentication/fido/CtapHidDriver.h:
(WebKit::CtapHidDriver::setProtocol):
* UIProcess/WebAuthentication/fido/U2fHidAuthenticator.cpp: Added.
(WebKit::U2fHidAuthenticator::U2fHidAuthenticator):
(WebKit::U2fHidAuthenticator::makeCredential):
(WebKit::U2fHidAuthenticator::checkExcludeList):
(WebKit::U2fHidAuthenticator::issueRegisterCommand):
(WebKit::U2fHidAuthenticator::getAssertion):
(WebKit::U2fHidAuthenticator::issueSignCommand):
(WebKit::U2fHidAuthenticator::issueNewCommand):
(WebKit::U2fHidAuthenticator::issueCommand):
(WebKit::U2fHidAuthenticator::responseReceived):
(WebKit::U2fHidAuthenticator::continueRegisterCommandAfterResponseReceived):
(WebKit::U2fHidAuthenticator::continueCheckOnlyCommandAfterResponseReceived):
(WebKit::U2fHidAuthenticator::continueBogusCommandAfterResponseReceived):
(WebKit::U2fHidAuthenticator::continueSignCommandAfterResponseReceived):
* UIProcess/WebAuthentication/fido/U2fHidAuthenticator.h: Added.
* UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:
(WebKit::MockHidConnection::parseRequest):
(WebKit::MockHidConnection::feedReports):
* UIProcess/WebAuthentication/Mock/MockHidConnection.h:
* UIProcess/WebAuthentication/Mock/MockWebAuthenticationConfiguration.h:
* WebKit.xcodeproj/project.pbxproj:

Tools:

This patch:
1) adds support for U2F mocking mechanism;
2) updates tests to reflect U2fCommandConstructor changes.

* TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp:
(TestWebKitAPI::TEST):
* TestWebKitAPI/Tests/WebCore/FidoTestData.h:
* WebKitTestRunner/InjectedBundle/TestRunner.cpp:
(WTR::TestRunner::setWebAuthenticationMockConfiguration):

LayoutTests:

Besiding adding tests for U2F authenticators, it also changes payloadBase64 from
a string to a vector of strings. New tests are skipped for iOS.

* http/wpt/webauthn/ctap-hid-failure.https.html:
* http/wpt/webauthn/ctap-hid-success.https.html:
* http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https.html:
* http/wpt/webauthn/public-key-credential-create-failure-hid.https.html:
* http/wpt/webauthn/public-key-credential-create-failure-u2f-silent.https-expected.txt: Added.
* http/wpt/webauthn/public-key-credential-create-failure-u2f-silent.https.html: Added.
* http/wpt/webauthn/public-key-credential-create-failure-u2f.https-expected.txt: Added.
* http/wpt/webauthn/public-key-credential-create-failure-u2f.https.html: Added.
* http/wpt/webauthn/public-key-credential-create-success-hid.https.html:
* http/wpt/webauthn/public-key-credential-create-success-u2f.https-expected.txt: Added.
* http/wpt/webauthn/public-key-credential-create-success-u2f.https.html: Copied from LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html.
* http/wpt/webauthn/public-key-credential-get-failure-hid-silent.https.html:
* http/wpt/webauthn/public-key-credential-get-failure-hid.https.html:
* http/wpt/webauthn/public-key-credential-get-failure-u2f-silent.https-expected.txt: Added.
* http/wpt/webauthn/public-key-credential-get-failure-u2f-silent.https.html: Added.
* http/wpt/webauthn/public-key-credential-get-failure-u2f.https-expected.txt: Added.
* http/wpt/webauthn/public-key-credential-get-failure-u2f.https.html: Added.
* http/wpt/webauthn/public-key-credential-get-success-hid.https.html:
* http/wpt/webauthn/public-key-credential-get-success-u2f.https-expected.txt: Added.
* http/wpt/webauthn/public-key-credential-get-success-u2f.https.html: Added.
* http/wpt/webauthn/resources/util.js:
* platform/ios-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239752 268f45cc-cd09-0410-ab3c-d52691b4dbfc
43 files changed:
LayoutTests/ChangeLog
LayoutTests/http/wpt/webauthn/ctap-hid-failure.https.html
LayoutTests/http/wpt/webauthn/ctap-hid-success.https.html
LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https.html
LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html
LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-u2f-silent.https-expected.txt [new file with mode: 0644]
LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-u2f-silent.https.html [new file with mode: 0644]
LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-u2f.https-expected.txt [new file with mode: 0644]
LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-u2f.https.html [new file with mode: 0644]
LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html
LayoutTests/http/wpt/webauthn/public-key-credential-create-success-u2f.https-expected.txt [new file with mode: 0644]
LayoutTests/http/wpt/webauthn/public-key-credential-create-success-u2f.https.html [new file with mode: 0644]
LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid-silent.https.html
LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https.html
LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-u2f-silent.https-expected.txt [new file with mode: 0644]
LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-u2f-silent.https.html [new file with mode: 0644]
LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-u2f.https-expected.txt [new file with mode: 0644]
LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-u2f.https.html [new file with mode: 0644]
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https.html
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-u2f.https-expected.txt [new file with mode: 0644]
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-u2f.https.html [new file with mode: 0644]
LayoutTests/http/wpt/webauthn/resources/util.js
LayoutTests/platform/ios-wk2/TestExpectations
Source/WebCore/ChangeLog
Source/WebCore/Modules/webauthn/fido/U2fCommandConstructor.cpp
Source/WebCore/Modules/webauthn/fido/U2fResponseConverter.cpp
Source/WebCore/Modules/webauthn/fido/U2fResponseConverter.h
Source/WebKit/ChangeLog
Source/WebKit/Sources.txt
Source/WebKit/UIProcess/API/C/WKWebsiteDataStoreRef.cpp
Source/WebKit/UIProcess/WebAuthentication/Cocoa/HidService.mm
Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp
Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.h
Source/WebKit/UIProcess/WebAuthentication/Mock/MockWebAuthenticationConfiguration.h
Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidDriver.cpp
Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidDriver.h
Source/WebKit/UIProcess/WebAuthentication/fido/U2fHidAuthenticator.cpp [new file with mode: 0644]
Source/WebKit/UIProcess/WebAuthentication/fido/U2fHidAuthenticator.h [new file with mode: 0644]
Source/WebKit/WebKit.xcodeproj/project.pbxproj
Tools/ChangeLog
Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp
Tools/TestWebKitAPI/Tests/WebCore/FidoTestData.h
Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp