0

Move passkey related utility functions to passkey_model_utils

This CL modifies //device/fido so that it can be built on iOS. By default, it now contains the minimal subset of files required to implement passkey related authentication functions. The rest of the //device/fido target and other targets in device/fido/BUILD.gn were put within an “if (use_blink)” statement to make sure these are not visible to non blink platforms.

This was used to move the following functions from ash specific code to cross platform code in passkey_model_utils:
- MakeAuthenticatorDataForAssertion
- MakeAuthenticatorDataForCreation
- GenerateEcSignature

Bug: 330355124
Change-Id: I82c741fc8f099b92d236eeff3d1947cd349f2518
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5499475
Reviewed-by: Nina Satragno <nsatragno@chromium.org>
Commit-Queue: Alexis Hétu <sugoi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1295122}
This commit is contained in:
Alexis Hetu
2024-05-01 22:08:49 +00:00
committed by Chromium LUCI CQ
parent c11d40e872
commit 740cc1943b
5 changed files with 545 additions and 508 deletions
chrome/browser/ash/passkeys
components/webauthn/core/browser
device/fido

@ -22,75 +22,9 @@
#include "components/trusted_vault/trusted_vault_client.h"
#include "components/webauthn/core/browser/passkey_model.h"
#include "components/webauthn/core/browser/passkey_model_utils.h"
#include "crypto/ec_private_key.h"
#include "crypto/ec_signature_creator.h"
#include "crypto/sha2.h"
#include "device/fido/attested_credential_data.h"
#include "device/fido/authenticator_data.h"
#include "device/fido/fido_constants.h"
#include "device/fido/p256_public_key.h"
#include "device/fido/public_key.h"
namespace ash {
namespace {
constexpr std::array<const uint8_t, 16> kGpmAaguid{
0xea, 0x9b, 0x8d, 0x66, 0x4d, 0x01, 0x1d, 0x21,
0x3c, 0xe4, 0xb6, 0xb4, 0x8c, 0xb5, 0x75, 0xd4};
// Returns the WebAuthn authenticator data for this authenticator. See
// https://w3c.github.io/webauthn/#authenticator-data.
std::vector<uint8_t> MakeAuthenticatorDataForAssertion(std::string_view rp_id) {
using Flag = device::AuthenticatorData::Flag;
return device::AuthenticatorData(
crypto::SHA256Hash(base::as_byte_span(rp_id)),
{Flag::kTestOfUserPresence, Flag::kTestOfUserVerification,
Flag::kBackupEligible, Flag::kBackupState},
/*sign_counter=*/0u,
/*attested_credential_data=*/std::nullopt,
/*extensions=*/std::nullopt)
.SerializeToByteArray();
}
std::vector<uint8_t> MakeAuthenticatorDataForCreation(
std::string_view rp_id,
base::span<const uint8_t> credential_id,
base::span<const uint8_t> public_key_spki_der) {
using Flag = device::AuthenticatorData::Flag;
std::unique_ptr<device::PublicKey> public_key =
device::P256PublicKey::ParseSpkiDer(
base::strict_cast<int32_t>(device::CoseAlgorithmIdentifier::kEs256),
public_key_spki_der);
device::AttestedCredentialData attested_credential_data(
kGpmAaguid, credential_id, std::move(public_key));
return device::AuthenticatorData(
crypto::SHA256Hash(base::as_byte_span(rp_id)),
{Flag::kTestOfUserPresence, Flag::kTestOfUserVerification,
Flag::kBackupEligible, Flag::kBackupState, Flag::kAttestation},
/*sign_counter=*/0u, std::move(attested_credential_data),
/*extensions=*/std::nullopt)
.SerializeToByteArray();
}
std::optional<std::vector<uint8_t>> GenerateEcSignature(
base::span<const uint8_t> pkcs8_ec_private_key,
base::span<const uint8_t> signed_over_data) {
auto ec_private_key =
crypto::ECPrivateKey::CreateFromPrivateKeyInfo(pkcs8_ec_private_key);
if (!ec_private_key) {
return std::nullopt;
}
auto signer = crypto::ECSignatureCreator::Create(ec_private_key.get());
std::vector<uint8_t> signature;
if (!signer->Sign(signed_over_data, &signature)) {
return std::nullopt;
}
return signature;
}
} // namespace
PasskeyAuthenticatorServiceAsh::CreateRequestContext::CreateRequestContext() =
default;
@ -230,9 +164,10 @@ void PasskeyAuthenticatorServiceAsh::DoCreate(
/*trusted_vault_key_version=*/0, &public_key_spki_der);
auto response = crosapi::mojom::PasskeyCreationResponse::New();
response->authenticator_data = MakeAuthenticatorDataForCreation(
ctx.request->rp_id, base::as_byte_span(passkey.credential_id()),
public_key_spki_der);
response->authenticator_data =
webauthn::passkey_model_utils::MakeAuthenticatorDataForCreation(
ctx.request->rp_id, base::as_byte_span(passkey.credential_id()),
public_key_spki_der);
FinishCreate(
std::move(ctx),
@ -277,13 +212,16 @@ void PasskeyAuthenticatorServiceAsh::DoAssert(
// TODO(crbug.com/40187814): Implement user verification.
std::vector<uint8_t> authenticator_data =
MakeAuthenticatorDataForAssertion(ctx.request->rp_id);
webauthn::passkey_model_utils::MakeAuthenticatorDataForAssertion(
ctx.request->rp_id);
std::vector<uint8_t> signed_over_data(authenticator_data);
signed_over_data.insert(signed_over_data.end(),
ctx.request->client_data_hash.begin(),
ctx.request->client_data_hash.end());
std::optional<std::vector<uint8_t>> assertion_signature = GenerateEcSignature(
base::as_byte_span(credential_secrets.private_key()), signed_over_data);
std::optional<std::vector<uint8_t>> assertion_signature =
webauthn::passkey_model_utils::GenerateEcSignature(
base::as_byte_span(credential_secrets.private_key()),
signed_over_data);
if (!assertion_signature) {
FinishAssert(std::move(ctx),
crosapi::mojom::PasskeyAssertionResult::NewError(

@ -43,9 +43,11 @@ source_set("passkey_model") {
]
deps = [
"//base",
"//components/cbor",
"//components/keyed_service/core",
"//components/sync/protocol",
"//crypto",
"//device/fido",
]
frameworks = [ "Foundation.framework" ]
}

@ -20,7 +20,14 @@
#include "components/sync/protocol/webauthn_credential_specifics.pb.h"
#include "crypto/aead.h"
#include "crypto/ec_private_key.h"
#include "crypto/ec_signature_creator.h"
#include "crypto/random.h"
#include "crypto/sha2.h"
#include "device/fido/attested_credential_data.h"
#include "device/fido/authenticator_data.h"
#include "device/fido/fido_constants.h"
#include "device/fido/p256_public_key.h"
#include "device/fido/public_key.h"
namespace webauthn::passkey_model_utils {
@ -216,4 +223,56 @@ bool EncryptWebauthnCredentialSpecificsData(
return true;
}
std::vector<uint8_t> MakeAuthenticatorDataForAssertion(std::string_view rp_id) {
using Flag = device::AuthenticatorData::Flag;
return device::AuthenticatorData(
crypto::SHA256Hash(base::as_byte_span(rp_id)),
{Flag::kTestOfUserPresence, Flag::kTestOfUserVerification,
Flag::kBackupEligible, Flag::kBackupState},
/*sign_counter=*/0u,
/*attested_credential_data=*/std::nullopt,
/*extensions=*/std::nullopt)
.SerializeToByteArray();
}
std::vector<uint8_t> MakeAuthenticatorDataForCreation(
std::string_view rp_id,
base::span<const uint8_t> credential_id,
base::span<const uint8_t> public_key_spki_der) {
static constexpr std::array<const uint8_t, 16> kGpmAaguid{
0xea, 0x9b, 0x8d, 0x66, 0x4d, 0x01, 0x1d, 0x21,
0x3c, 0xe4, 0xb6, 0xb4, 0x8c, 0xb5, 0x75, 0xd4};
using Flag = device::AuthenticatorData::Flag;
std::unique_ptr<device::PublicKey> public_key =
device::P256PublicKey::ParseSpkiDer(
base::strict_cast<int32_t>(device::CoseAlgorithmIdentifier::kEs256),
public_key_spki_der);
device::AttestedCredentialData attested_credential_data(
kGpmAaguid, credential_id, std::move(public_key));
return device::AuthenticatorData(
crypto::SHA256Hash(base::as_byte_span(rp_id)),
{Flag::kTestOfUserPresence, Flag::kTestOfUserVerification,
Flag::kBackupEligible, Flag::kBackupState, Flag::kAttestation},
/*sign_counter=*/0u, std::move(attested_credential_data),
/*extensions=*/std::nullopt)
.SerializeToByteArray();
}
std::optional<std::vector<uint8_t>> GenerateEcSignature(
base::span<const uint8_t> pkcs8_ec_private_key,
base::span<const uint8_t> signed_over_data) {
auto ec_private_key =
crypto::ECPrivateKey::CreateFromPrivateKeyInfo(pkcs8_ec_private_key);
if (!ec_private_key) {
return std::nullopt;
}
auto signer = crypto::ECSignatureCreator::Create(ec_private_key.get());
std::vector<uint8_t> signature;
if (!signer->Sign(signed_over_data, &signature)) {
return std::nullopt;
}
return signature;
}
} // namespace webauthn::passkey_model_utils

@ -48,6 +48,29 @@ bool EncryptWebauthnCredentialSpecificsData(
const sync_pb::WebauthnCredentialSpecifics_Encrypted& in,
sync_pb::WebauthnCredentialSpecifics* out);
// Returns the WebAuthn authenticator data for the GPM authenticator.
// For assertion signatures, the AT flag MUST NOT be set and the
// attestedCredentialData MUST NOT be included. See
// https://w3c.github.io/webauthn/#authenticator-data.
std::vector<uint8_t> MakeAuthenticatorDataForAssertion(std::string_view rp_id);
// Returns the WebAuthn authenticator data for the GPM authenticator.
// For attestation signatures, the authenticator MUST set the AT flag and
// include the attestedCredentialData. See
// https://w3c.github.io/webauthn/#authenticator-data.
std::vector<uint8_t> MakeAuthenticatorDataForCreation(
std::string_view rp_id,
base::span<const uint8_t> credential_id,
base::span<const uint8_t> public_key_spki_der);
// Performs the signing operation over the signed over data using the private
// key. The signed over data is the concatenation to the authenticator data and
// the client data hash. See:
// https://w3c.github.io/webauthn/#fig-signature
std::optional<std::vector<uint8_t>> GenerateEcSignature(
base::span<const uint8_t> pkcs8_ec_private_key,
base::span<const uint8_t> signed_over_data);
} // namespace webauthn::passkey_model_utils
#endif // COMPONENTS_WEBAUTHN_CORE_BROWSER_PASSKEY_MODEL_UTILS_H_

@ -7,58 +7,27 @@ import("//build/config/features.gni")
import("//testing/libfuzzer/fuzzer_test.gni")
component("fido") {
# These source files represent the minimal subset of files used for passkey
# related authentication functions, with a limited amount of dependencies,
# making it possible to build these on any platform, including iOS.
sources = [
"attestation_object.cc",
"attestation_object.h",
"attestation_statement.cc",
"attestation_statement.h",
"attested_credential_data.cc",
"attested_credential_data.h",
"authenticator_data.cc",
"authenticator_data.h",
"authenticator_selection_criteria.cc",
"authenticator_selection_criteria.h",
"cable/cable_discovery_data.cc",
"cable/cable_discovery_data.h",
"cable/noise.cc",
"cable/noise.h",
"cable/v2_constants.h",
"cable/v2_handshake.cc",
"cable/v2_handshake.h",
"cable/websocket_adapter.cc",
"cable/websocket_adapter.h",
"cbor_extract.cc",
"discoverable_credential_metadata.cc",
"discoverable_credential_metadata.h",
"cbor_extract.h",
"ed25519_public_key.cc",
"ed25519_public_key.h",
"features.cc",
"features.h",
"fido_constants.cc",
"fido_constants.h",
"fido_parsing_utils.cc",
"fido_parsing_utils.h",
"fido_transport_protocol.cc",
"fido_transport_protocol.h",
"json_request.cc",
"json_request.h",
"network_context_factory.h",
"opaque_attestation_statement.cc",
"opaque_attestation_statement.h",
"fido_types.h",
"p256_public_key.cc",
"p256_public_key.h",
"prf_input.cc",
"prf_input.h",
"public_key.cc",
"public_key.h",
"public_key_credential_descriptor.cc",
"public_key_credential_descriptor.h",
"public_key_credential_params.cc",
"public_key_credential_params.h",
"public_key_credential_rp_entity.cc",
"public_key_credential_rp_entity.h",
"public_key_credential_user_entity.cc",
"public_key_credential_user_entity.h",
"rsa_public_key.cc",
"rsa_public_key.h",
]
@ -66,434 +35,480 @@ component("fido") {
defines = [ "IS_DEVICE_FIDO_IMPL" ]
deps = [
"//build:chromeos_buildflags",
"//components/apdu",
"//base",
"//components/cbor",
"//components/device_event_log",
"//components/trusted_vault",
"//crypto",
"//device/base",
"//device/fido/strings",
"//services/data_decoder/public/cpp",
"//third_party/boringssl",
"//third_party/microsoft_webauthn",
"//ui/base",
]
public_deps = [
"//base",
"//device/bluetooth",
"//device/bluetooth/public/cpp",
"//services/device/public/mojom",
]
configs += [ "//build/config/compiler:wexit_time_destructors" ]
# Android implementation of FIDO is delegated to GMSCore.
if (!is_android) {
if (use_blink) {
sources += [
"aoa/android_accessory_device.cc",
"aoa/android_accessory_device.h",
"aoa/android_accessory_discovery.cc",
"aoa/android_accessory_discovery.h",
"appid_exclude_probe_task.cc",
"appid_exclude_probe_task.h",
"attestation_statement_formats.cc",
"attestation_statement_formats.h",
"auth_token_requester.cc",
"auth_token_requester.h",
"authenticator_get_assertion_response.cc",
"authenticator_get_assertion_response.h",
"authenticator_get_info_response.cc",
"authenticator_get_info_response.h",
"authenticator_make_credential_response.cc",
"authenticator_make_credential_response.h",
"authenticator_supported_options.cc",
"authenticator_supported_options.h",
"bio/enroller.cc",
"bio/enroller.h",
"bio/enrollment.cc",
"bio/enrollment.h",
"bio/enrollment_handler.cc",
"bio/enrollment_handler.h",
"ble_adapter_manager.cc",
"ble_adapter_manager.h",
"cable/fido_ble_connection.cc",
"cable/fido_ble_connection.h",
"cable/fido_ble_frames.cc",
"cable/fido_ble_frames.h",
"cable/fido_ble_transaction.cc",
"cable/fido_ble_transaction.h",
"cable/fido_ble_uuids.cc",
"cable/fido_ble_uuids.h",
"cable/fido_cable_device.cc",
"cable/fido_cable_device.h",
"cable/fido_cable_discovery.cc",
"cable/fido_cable_discovery.h",
"cable/fido_cable_handshake_handler.cc",
"cable/fido_cable_handshake_handler.h",
"cable/fido_tunnel_device.cc",
"cable/fido_tunnel_device.h",
"cable/v2_discovery.cc",
"cable/v2_discovery.h",
"credential_management.cc",
"credential_management.h",
"credential_management_handler.cc",
"credential_management_handler.h",
"ctap2_device_operation.h",
"ctap_authenticator_selection_request.cc",
"ctap_authenticator_selection_request.h",
"ctap_get_assertion_request.cc",
"ctap_get_assertion_request.h",
"ctap_make_credential_request.cc",
"ctap_make_credential_request.h",
"device_operation.h",
"device_response_converter.cc",
"device_response_converter.h",
"enclave/constants.cc",
"enclave/constants.h",
"enclave/enclave_authenticator.cc",
"enclave/enclave_authenticator.h",
"enclave/enclave_discovery.cc",
"enclave/enclave_discovery.h",
"enclave/enclave_protocol_utils.cc",
"enclave/enclave_protocol_utils.h",
"enclave/enclave_websocket_client.cc",
"enclave/enclave_websocket_client.h",
"enclave/transact.cc",
"enclave/transact.h",
"enclave/types.cc",
"enclave/types.h",
"enclave/verify/claim.cc",
"enclave/verify/claim.h",
"enclave/verify/endorsement.cc",
"enclave/verify/endorsement.h",
"enclave/verify/hash.cc",
"enclave/verify/hash.h",
"enclave/verify/rekor.cc",
"enclave/verify/rekor.h",
"enclave/verify/utils.cc",
"enclave/verify/utils.h",
"enclave/verify/verify.h",
"fido_authenticator.cc",
"fido_authenticator.h",
"fido_device.cc",
"fido_device.h",
"fido_device_authenticator.cc",
"fido_device_authenticator.h",
"fido_device_discovery.cc",
"fido_device_discovery.h",
"fido_discovery_base.cc",
"fido_discovery_base.h",
"fido_discovery_factory.cc",
"fido_discovery_factory.h",
"fido_request_handler_base.cc",
"fido_request_handler_base.h",
"fido_task.cc",
"fido_task.h",
"fido_types.h",
"filter.cc",
"filter.h",
"get_assertion_request_handler.cc",
"get_assertion_request_handler.h",
"get_assertion_task.cc",
"get_assertion_task.h",
"hid/fido_hid_device.cc",
"hid/fido_hid_device.h",
"hid/fido_hid_discovery.cc",
"hid/fido_hid_discovery.h",
"hid/fido_hid_message.cc",
"hid/fido_hid_message.h",
"hid/fido_hid_packet.cc",
"hid/fido_hid_packet.h",
"large_blob.cc",
"large_blob.h",
"mac/icloud_keychain.h",
"mac/icloud_keychain_sys.h",
"make_credential_request_handler.cc",
"make_credential_request_handler.h",
"make_credential_task.cc",
"make_credential_task.h",
"pin.cc",
"pin.h",
"pin_internal.cc",
"pin_internal.h",
"platform_credential_store.h",
"reset_request_handler.cc",
"reset_request_handler.h",
"set_pin_request_handler.cc",
"set_pin_request_handler.h",
"u2f_command_constructor.cc",
"u2f_command_constructor.h",
"u2f_register_operation.cc",
"u2f_register_operation.h",
"u2f_sign_operation.cc",
"u2f_sign_operation.h",
"virtual_ctap2_device.cc",
"virtual_ctap2_device.h",
"virtual_fido_device.cc",
"virtual_fido_device.h",
"virtual_fido_device_authenticator.cc",
"virtual_fido_device_authenticator.h",
"virtual_u2f_device.cc",
"virtual_u2f_device.h",
"attestation_object.cc",
"attestation_object.h",
"attestation_statement.cc",
"attestation_statement.h",
"authenticator_selection_criteria.cc",
"authenticator_selection_criteria.h",
"cable/cable_discovery_data.cc",
"cable/cable_discovery_data.h",
"cable/noise.cc",
"cable/noise.h",
"cable/v2_constants.h",
"cable/v2_handshake.cc",
"cable/v2_handshake.h",
"cable/websocket_adapter.cc",
"cable/websocket_adapter.h",
"discoverable_credential_metadata.cc",
"discoverable_credential_metadata.h",
"features.cc",
"features.h",
"fido_transport_protocol.cc",
"fido_transport_protocol.h",
"json_request.cc",
"json_request.h",
"network_context_factory.h",
"opaque_attestation_statement.cc",
"opaque_attestation_statement.h",
"prf_input.cc",
"prf_input.h",
"public_key_credential_descriptor.cc",
"public_key_credential_descriptor.h",
"public_key_credential_params.cc",
"public_key_credential_params.h",
"public_key_credential_rp_entity.cc",
"public_key_credential_rp_entity.h",
"public_key_credential_user_entity.cc",
"public_key_credential_user_entity.h",
]
deps += [
"//components/sync/protocol:protocol",
"//services/device/public/cpp/hid",
"//services/device/public/cpp/usb",
"//build:chromeos_buildflags",
"//components/apdu",
"//components/trusted_vault",
"//device/base",
"//device/fido/strings",
"//services/data_decoder/public/cpp",
"//third_party/microsoft_webauthn",
"//ui/base",
]
public_deps = [
"//base",
"//device/bluetooth",
"//device/bluetooth/public/cpp",
"//services/device/public/mojom",
"//services/device/public/mojom:usb",
]
# Android implementation of FIDO is delegated to GMSCore.
if (!is_android) {
sources += [
"aoa/android_accessory_device.cc",
"aoa/android_accessory_device.h",
"aoa/android_accessory_discovery.cc",
"aoa/android_accessory_discovery.h",
"appid_exclude_probe_task.cc",
"appid_exclude_probe_task.h",
"attestation_statement_formats.cc",
"attestation_statement_formats.h",
"auth_token_requester.cc",
"auth_token_requester.h",
"authenticator_get_assertion_response.cc",
"authenticator_get_assertion_response.h",
"authenticator_get_info_response.cc",
"authenticator_get_info_response.h",
"authenticator_make_credential_response.cc",
"authenticator_make_credential_response.h",
"authenticator_supported_options.cc",
"authenticator_supported_options.h",
"bio/enroller.cc",
"bio/enroller.h",
"bio/enrollment.cc",
"bio/enrollment.h",
"bio/enrollment_handler.cc",
"bio/enrollment_handler.h",
"ble_adapter_manager.cc",
"ble_adapter_manager.h",
"cable/fido_ble_connection.cc",
"cable/fido_ble_connection.h",
"cable/fido_ble_frames.cc",
"cable/fido_ble_frames.h",
"cable/fido_ble_transaction.cc",
"cable/fido_ble_transaction.h",
"cable/fido_ble_uuids.cc",
"cable/fido_ble_uuids.h",
"cable/fido_cable_device.cc",
"cable/fido_cable_device.h",
"cable/fido_cable_discovery.cc",
"cable/fido_cable_discovery.h",
"cable/fido_cable_handshake_handler.cc",
"cable/fido_cable_handshake_handler.h",
"cable/fido_tunnel_device.cc",
"cable/fido_tunnel_device.h",
"cable/v2_discovery.cc",
"cable/v2_discovery.h",
"credential_management.cc",
"credential_management.h",
"credential_management_handler.cc",
"credential_management_handler.h",
"ctap2_device_operation.h",
"ctap_authenticator_selection_request.cc",
"ctap_authenticator_selection_request.h",
"ctap_get_assertion_request.cc",
"ctap_get_assertion_request.h",
"ctap_make_credential_request.cc",
"ctap_make_credential_request.h",
"device_operation.h",
"device_response_converter.cc",
"device_response_converter.h",
"enclave/constants.cc",
"enclave/constants.h",
"enclave/enclave_authenticator.cc",
"enclave/enclave_authenticator.h",
"enclave/enclave_discovery.cc",
"enclave/enclave_discovery.h",
"enclave/enclave_protocol_utils.cc",
"enclave/enclave_protocol_utils.h",
"enclave/enclave_websocket_client.cc",
"enclave/enclave_websocket_client.h",
"enclave/transact.cc",
"enclave/transact.h",
"enclave/types.cc",
"enclave/types.h",
"enclave/verify/claim.cc",
"enclave/verify/claim.h",
"enclave/verify/endorsement.cc",
"enclave/verify/endorsement.h",
"enclave/verify/hash.cc",
"enclave/verify/hash.h",
"enclave/verify/rekor.cc",
"enclave/verify/rekor.h",
"enclave/verify/utils.cc",
"enclave/verify/utils.h",
"enclave/verify/verify.h",
"fido_authenticator.cc",
"fido_authenticator.h",
"fido_device.cc",
"fido_device.h",
"fido_device_authenticator.cc",
"fido_device_authenticator.h",
"fido_device_discovery.cc",
"fido_device_discovery.h",
"fido_discovery_base.cc",
"fido_discovery_base.h",
"fido_discovery_factory.cc",
"fido_discovery_factory.h",
"fido_request_handler_base.cc",
"fido_request_handler_base.h",
"fido_task.cc",
"fido_task.h",
"filter.cc",
"filter.h",
"get_assertion_request_handler.cc",
"get_assertion_request_handler.h",
"get_assertion_task.cc",
"get_assertion_task.h",
"hid/fido_hid_device.cc",
"hid/fido_hid_device.h",
"hid/fido_hid_discovery.cc",
"hid/fido_hid_discovery.h",
"hid/fido_hid_message.cc",
"hid/fido_hid_message.h",
"hid/fido_hid_packet.cc",
"hid/fido_hid_packet.h",
"large_blob.cc",
"large_blob.h",
"mac/icloud_keychain.h",
"mac/icloud_keychain_sys.h",
"make_credential_request_handler.cc",
"make_credential_request_handler.h",
"make_credential_task.cc",
"make_credential_task.h",
"pin.cc",
"pin.h",
"pin_internal.cc",
"pin_internal.h",
"platform_credential_store.h",
"reset_request_handler.cc",
"reset_request_handler.h",
"set_pin_request_handler.cc",
"set_pin_request_handler.h",
"u2f_command_constructor.cc",
"u2f_command_constructor.h",
"u2f_register_operation.cc",
"u2f_register_operation.h",
"u2f_sign_operation.cc",
"u2f_sign_operation.h",
"virtual_ctap2_device.cc",
"virtual_ctap2_device.h",
"virtual_fido_device.cc",
"virtual_fido_device.h",
"virtual_fido_device_authenticator.cc",
"virtual_fido_device_authenticator.h",
"virtual_u2f_device.cc",
"virtual_u2f_device.h",
]
deps += [
"//components/sync/protocol:protocol",
"//services/device/public/cpp/hid",
"//services/device/public/cpp/usb",
"//services/device/public/mojom",
"//services/device/public/mojom:usb",
"//services/network/public/mojom",
]
}
if (is_mac) {
sources += [
"enclave/icloud_recovery_key_mac.h",
"enclave/icloud_recovery_key_mac.mm",
"mac/authenticator.h",
"mac/authenticator.mm",
"mac/authenticator_config.h",
"mac/credential_metadata.cc",
"mac/credential_metadata.h",
"mac/credential_store.h",
"mac/credential_store.mm",
"mac/discovery.cc",
"mac/discovery.h",
"mac/get_assertion_operation.h",
"mac/get_assertion_operation.mm",
"mac/icloud_keychain.mm",
"mac/icloud_keychain_sys.mm",
"mac/make_credential_operation.h",
"mac/make_credential_operation.mm",
"mac/operation.h",
"mac/touch_id_context.h",
"mac/touch_id_context.mm",
"mac/util.h",
"mac/util.mm",
]
frameworks = [
"Foundation.framework",
"LocalAuthentication.framework",
"Security.framework",
"AuthenticationServices.framework",
]
deps += [ "//build:branding_buildflags" ]
}
if (is_win) {
sources += [
"win/authenticator.cc",
"win/authenticator.h",
"win/discovery.cc",
"win/discovery.h",
"win/fake_webauthn_api.cc",
"win/fake_webauthn_api.h",
"win/logging.cc",
"win/logging.h",
"win/type_conversions.cc",
"win/type_conversions.h",
"win/webauthn_api.cc",
"win/webauthn_api.h",
]
}
if (is_chromeos) {
sources += [
"cros/authenticator.cc",
"cros/authenticator.h",
"cros/credential_store.cc",
"cros/credential_store.h",
"cros/discovery.cc",
"cros/discovery.h",
]
deps += [
"//chromeos/dbus/tpm_manager",
"//chromeos/dbus/tpm_manager:tpm_manager_proto",
"//chromeos/dbus/u2f",
"//chromeos/dbus/u2f:u2f_proto",
"//dbus",
]
}
}
}
if (use_blink) {
static_library("cablev2_registration") {
sources = [
"cable/v2_registration.cc",
"cable/v2_registration.h",
]
deps = [
":fido",
"//base",
"//components/cbor",
"//components/device_event_log",
"//components/gcm_driver",
"//components/gcm_driver/instance_id",
"//third_party/boringssl",
]
configs += [ "//build/config/compiler:wexit_time_destructors" ]
}
static_library("cablev2_authenticator") {
sources = [
"cable/v2_authenticator.cc",
"cable/v2_authenticator.h",
]
deps = [
":fido",
"//components/cbor",
"//components/device_event_log",
"//content/public/common", # for authenticator.mojom
"//services/network/public/mojom",
]
configs += [ "//build/config/compiler:wexit_time_destructors" ]
}
static_library("cablev2_test_util") {
testonly = true
sources = [
"cable/v2_test_util.cc",
"cable/v2_test_util.h",
]
deps = [
":cablev2_authenticator",
":fido",
"//components/cbor",
"//content/public/common", # for authenticator.mojom
"//crypto",
"//net/traffic_annotation:test_support",
"//services/network:test_support",
"//services/network/public/mojom",
]
}
if (is_mac) {
sources += [
"enclave/icloud_recovery_key_mac.h",
"enclave/icloud_recovery_key_mac.mm",
"mac/authenticator.h",
"mac/authenticator.mm",
"mac/authenticator_config.h",
"mac/credential_metadata.cc",
"mac/credential_metadata.h",
"mac/credential_store.h",
"mac/credential_store.mm",
"mac/discovery.cc",
"mac/discovery.h",
"mac/get_assertion_operation.h",
"mac/get_assertion_operation.mm",
"mac/icloud_keychain.mm",
"mac/icloud_keychain_sys.mm",
"mac/make_credential_operation.h",
"mac/make_credential_operation.mm",
"mac/operation.h",
"mac/touch_id_context.h",
"mac/touch_id_context.mm",
"mac/util.h",
"mac/util.mm",
source_set("mocks") {
testonly = true
sources = [
"cable/mock_fido_ble_connection.cc",
"cable/mock_fido_ble_connection.h",
"mock_fido_device.cc",
"mock_fido_device.h",
"mock_fido_discovery_observer.cc",
"mock_fido_discovery_observer.h",
]
frameworks = [
"Foundation.framework",
"LocalAuthentication.framework",
"Security.framework",
"AuthenticationServices.framework",
]
deps += [ "//build:branding_buildflags" ]
}
if (is_win) {
sources += [
"win/authenticator.cc",
"win/authenticator.h",
"win/discovery.cc",
"win/discovery.h",
"win/fake_webauthn_api.cc",
"win/fake_webauthn_api.h",
"win/logging.cc",
"win/logging.h",
"win/type_conversions.cc",
"win/type_conversions.h",
"win/webauthn_api.cc",
"win/webauthn_api.h",
deps = [
":fido",
"//base",
"//components/apdu",
"//components/cbor",
"//testing/gmock",
]
}
if (is_chromeos) {
sources += [
"cros/authenticator.cc",
"cros/authenticator.h",
"cros/credential_store.cc",
"cros/credential_store.h",
"cros/discovery.cc",
"cros/discovery.h",
fuzzer_test("fido_hid_message_fuzzer") {
sources = [ "hid/fido_hid_message_fuzzer.cc" ]
deps = [
":fido",
"//base",
]
deps += [
"//chromeos/dbus/tpm_manager",
"//chromeos/dbus/tpm_manager:tpm_manager_proto",
"//chromeos/dbus/u2f",
"//chromeos/dbus/u2f:u2f_proto",
"//dbus",
]
}
}
static_library("cablev2_registration") {
sources = [
"cable/v2_registration.cc",
"cable/v2_registration.h",
]
deps = [
":fido",
"//base",
"//components/cbor",
"//components/device_event_log",
"//components/gcm_driver",
"//components/gcm_driver/instance_id",
"//third_party/boringssl",
]
configs += [ "//build/config/compiler:wexit_time_destructors" ]
}
static_library("cablev2_authenticator") {
sources = [
"cable/v2_authenticator.cc",
"cable/v2_authenticator.h",
]
deps = [
":fido",
"//components/cbor",
"//components/device_event_log",
"//content/public/common", # for authenticator.mojom
"//services/network/public/mojom",
]
configs += [ "//build/config/compiler:wexit_time_destructors" ]
}
static_library("cablev2_test_util") {
testonly = true
sources = [
"cable/v2_test_util.cc",
"cable/v2_test_util.h",
]
deps = [
":cablev2_authenticator",
":fido",
"//components/cbor",
"//content/public/common", # for authenticator.mojom
"//crypto",
"//net/traffic_annotation:test_support",
"//services/network:test_support",
"//services/network/public/mojom",
]
}
source_set("mocks") {
testonly = true
sources = [
"cable/mock_fido_ble_connection.cc",
"cable/mock_fido_ble_connection.h",
"mock_fido_device.cc",
"mock_fido_device.h",
"mock_fido_discovery_observer.cc",
"mock_fido_discovery_observer.h",
]
deps = [
":fido",
"//base",
"//components/apdu",
"//components/cbor",
"//testing/gmock",
]
}
fuzzer_test("fido_hid_message_fuzzer") {
sources = [ "hid/fido_hid_message_fuzzer.cc" ]
deps = [
":fido",
"//base",
]
libfuzzer_options = [ "max_len=2048" ]
}
fuzzer_test("fido_ble_frames_fuzzer") {
sources = [ "cable/fido_ble_frames_fuzzer.cc" ]
deps = [ ":fido" ]
libfuzzer_options = [ "max_len=65535" ]
}
fuzzer_test("ctap_response_fuzzer") {
sources = [ "ctap_response_fuzzer.cc" ]
deps = [
":fido",
"//base",
"//base:i18n",
"//components/cbor",
"//components/device_event_log",
]
seed_corpus = "response_data_fuzzer_corpus/"
libfuzzer_options = [ "max_len=65537" ]
}
fuzzer_test("fido_cable_handshake_handler_fuzzer") {
sources = [ "cable/fido_cable_handshake_handler_fuzzer.cc" ]
deps = [
":fido",
"//base",
"//base/test:test_support",
"//device/bluetooth:mocks",
"//testing/gmock",
"//testing/gtest",
]
libfuzzer_options = [ "max_len=2048" ]
}
fuzzer_test("v2_handshake_fuzzer") {
sources = [ "cable/v2_handshake_fuzzer.cc" ]
deps = [
":fido",
"//base",
"//base/test:test_support",
"//device/bluetooth:mocks",
"//testing/gmock",
"//testing/gtest",
]
libfuzzer_options = [ "max_len=2048" ]
}
is_linux_without_udev = (is_linux || is_chromeos) && !use_udev
source_set("test_support") {
testonly = true
sources = [ "test_callback_receiver.h" ]
deps = [
"//base",
"//components/apdu",
"//device/fido",
"//mojo/public/cpp/bindings",
"//services/device/public/mojom",
"//testing/gmock",
"//testing/gtest",
]
# Android doesn't compile. Linux requires udev.
if (!is_linux_without_udev && !is_android) {
sources += [
"fake_fido_discovery.cc",
"fake_fido_discovery.h",
"hid/fake_hid_impl_for_testing.cc",
"hid/fake_hid_impl_for_testing.h",
]
deps += [ "//services/device/public/cpp/hid" ]
libfuzzer_options = [ "max_len=2048" ]
}
if (!is_android) {
sources += [
"enclave/verify/test_utils.cc",
"enclave/verify/test_utils.h",
"multiple_virtual_fido_device_factory.cc",
"multiple_virtual_fido_device_factory.h",
"virtual_fido_device_discovery.cc",
"virtual_fido_device_discovery.h",
"virtual_fido_device_factory.cc",
"virtual_fido_device_factory.h",
]
fuzzer_test("fido_ble_frames_fuzzer") {
sources = [ "cable/fido_ble_frames_fuzzer.cc" ]
deps = [ ":fido" ]
libfuzzer_options = [ "max_len=65535" ]
}
if (is_mac) {
sources += [
"mac/fake_touch_id_context.h",
"mac/fake_touch_id_context.mm",
"mac/scoped_touch_id_test_environment.h",
"mac/scoped_touch_id_test_environment.mm",
fuzzer_test("ctap_response_fuzzer") {
sources = [ "ctap_response_fuzzer.cc" ]
deps = [
":fido",
"//base",
"//base:i18n",
"//components/cbor",
"//components/device_event_log",
]
deps += [ "//crypto:test_support" ]
seed_corpus = "response_data_fuzzer_corpus/"
libfuzzer_options = [ "max_len=65537" ]
}
fuzzer_test("fido_cable_handshake_handler_fuzzer") {
sources = [ "cable/fido_cable_handshake_handler_fuzzer.cc" ]
deps = [
":fido",
"//base",
"//base/test:test_support",
"//device/bluetooth:mocks",
"//testing/gmock",
"//testing/gtest",
]
libfuzzer_options = [ "max_len=2048" ]
}
fuzzer_test("v2_handshake_fuzzer") {
sources = [ "cable/v2_handshake_fuzzer.cc" ]
deps = [
":fido",
"//base",
"//base/test:test_support",
"//device/bluetooth:mocks",
"//testing/gmock",
"//testing/gtest",
]
libfuzzer_options = [ "max_len=2048" ]
}
is_linux_without_udev = (is_linux || is_chromeos) && !use_udev
source_set("test_support") {
testonly = true
sources = [ "test_callback_receiver.h" ]
deps = [
"//base",
"//components/apdu",
"//device/fido",
"//mojo/public/cpp/bindings",
"//services/device/public/mojom",
"//testing/gmock",
"//testing/gtest",
]
# Android doesn't compile. Linux requires udev.
if (!is_linux_without_udev && !is_android) {
sources += [
"fake_fido_discovery.cc",
"fake_fido_discovery.h",
"hid/fake_hid_impl_for_testing.cc",
"hid/fake_hid_impl_for_testing.h",
]
deps += [ "//services/device/public/cpp/hid" ]
}
if (!is_android) {
sources += [
"enclave/verify/test_utils.cc",
"enclave/verify/test_utils.h",
"multiple_virtual_fido_device_factory.cc",
"multiple_virtual_fido_device_factory.h",
"virtual_fido_device_discovery.cc",
"virtual_fido_device_discovery.h",
"virtual_fido_device_factory.cc",
"virtual_fido_device_factory.h",
]
}
if (is_mac) {
sources += [
"mac/fake_touch_id_context.h",
"mac/fake_touch_id_context.mm",
"mac/scoped_touch_id_test_environment.h",
"mac/scoped_touch_id_test_environment.mm",
]
deps += [ "//crypto:test_support" ]
}
}
}