[WebAuthn] Cache key label for UV signing keys
Rename "key reference" to "key label" because 'reference' is more overloaded in code. It's convenient to have the label attached to the signing key to avoid callers having to pass it around. Bug: 40274370 Change-Id: I3a2762134b409180f7eaf2c8bb3b518494d8ef4c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5273010 Reviewed-by: Adam Langley <agl@chromium.org> Commit-Queue: Ken Buchanan <kenrb@chromium.org> Cr-Commit-Position: refs/heads/main@{#1257011}
This commit is contained in:
Ken Buchanan
committed by
Chromium LUCI CQ
Chromium LUCI CQ
parent
319df52b36
commit
e76cf49c88
@ -7,7 +7,7 @@
|
||||
|
||||
#include <memory>
|
||||
#include <optional>
|
||||
#include <string_view>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
|
||||
#include "base/containers/span.h"
|
||||
@ -21,9 +21,9 @@ namespace crypto {
|
||||
// The type of the identifiers for user-verifying keys depends on the
|
||||
// underlying platform API.
|
||||
#if BUILDFLAG(IS_WIN)
|
||||
typedef std::string_view UserVerifyingKeyReference;
|
||||
typedef std::string UserVerifyingKeyLabel;
|
||||
#else
|
||||
typedef int UserVerifyingKeyReference; // Unused.
|
||||
typedef int UserVerifyingKeyLabel; // Unused.
|
||||
#endif
|
||||
|
||||
// UserVerifyingSigningKey is a hardware-backed key that triggers a user
|
||||
@ -48,6 +48,9 @@ class CRYPTO_EXPORT UserVerifyingSigningKey {
|
||||
|
||||
// Provides the SPKI public key.
|
||||
virtual std::vector<uint8_t> GetPublicKey() const = 0;
|
||||
|
||||
// Get a reference to the label used to create or retrieve this key.
|
||||
virtual const UserVerifyingKeyLabel& GetKeyLabel() const = 0;
|
||||
};
|
||||
|
||||
// UserVerifyingKeyProvider creates |UserVerifyingSigningKey|s.
|
||||
@ -68,7 +71,7 @@ class CRYPTO_EXPORT UserVerifyingKeyProvider {
|
||||
//
|
||||
// This is currently only supported on Windows.
|
||||
virtual void GenerateUserVerifyingSigningKey(
|
||||
UserVerifyingKeyReference key_reference,
|
||||
UserVerifyingKeyLabel key_label,
|
||||
base::span<const SignatureVerifier::SignatureAlgorithm>
|
||||
acceptable_algorithms,
|
||||
base::OnceCallback<void(std::unique_ptr<UserVerifyingSigningKey>)>
|
||||
@ -81,7 +84,7 @@ class CRYPTO_EXPORT UserVerifyingKeyProvider {
|
||||
//
|
||||
// This is currently only supported on Windows.
|
||||
virtual void GetUserVerifyingSigningKey(
|
||||
UserVerifyingKeyReference key_name,
|
||||
UserVerifyingKeyLabel key_label,
|
||||
base::OnceCallback<void(std::unique_ptr<UserVerifyingSigningKey>)>
|
||||
callback) = 0;
|
||||
};
|
||||
|
||||
@ -122,8 +122,9 @@ void SignInternal(
|
||||
|
||||
class UserVerifyingSigningKeyWin : public UserVerifyingSigningKey {
|
||||
public:
|
||||
UserVerifyingSigningKeyWin(ComPtr<IKeyCredential> credential)
|
||||
: credential_(std::move(credential)) {}
|
||||
UserVerifyingSigningKeyWin(std::string key_name,
|
||||
ComPtr<IKeyCredential> credential)
|
||||
: key_name_(std::move(key_name)), credential_(std::move(credential)) {}
|
||||
~UserVerifyingSigningKeyWin() override = default;
|
||||
|
||||
void Sign(base::span<const uint8_t> data,
|
||||
@ -168,6 +169,10 @@ class UserVerifyingSigningKeyWin : public UserVerifyingSigningKey {
|
||||
return std::vector<uint8_t>(pub_key_data, pub_key_data + pub_key_length);
|
||||
}
|
||||
|
||||
const UserVerifyingKeyLabel& GetKeyLabel() const override {
|
||||
return key_name_;
|
||||
}
|
||||
|
||||
private:
|
||||
void OnSigningSuccess(ComPtr<IKeyCredentialOperationResult> sign_result) {
|
||||
// This SHOULD only be called once but conservatively we ignore additional
|
||||
@ -223,6 +228,7 @@ class UserVerifyingSigningKeyWin : public UserVerifyingSigningKey {
|
||||
std::move(signing_callback_).Run(std::nullopt);
|
||||
}
|
||||
|
||||
std::string key_name_;
|
||||
ComPtr<IKeyCredential> credential_;
|
||||
|
||||
base::OnceCallback<void(std::optional<std::vector<uint8_t>>)>
|
||||
@ -320,7 +326,7 @@ class UserVerifyingKeyProviderWin : public UserVerifyingKeyProvider {
|
||||
~UserVerifyingKeyProviderWin() override = default;
|
||||
|
||||
void GenerateUserVerifyingSigningKey(
|
||||
UserVerifyingKeyReference key_reference,
|
||||
UserVerifyingKeyLabel key_label,
|
||||
base::span<const SignatureVerifier::SignatureAlgorithm>
|
||||
acceptable_algorithms,
|
||||
base::OnceCallback<void(std::unique_ptr<UserVerifyingSigningKey>)>
|
||||
@ -335,7 +341,7 @@ class UserVerifyingKeyProviderWin : public UserVerifyingKeyProvider {
|
||||
return;
|
||||
}
|
||||
|
||||
auto key_name = base::win::ScopedHString::Create(key_reference);
|
||||
auto key_name = base::win::ScopedHString::Create(key_label);
|
||||
scoped_refptr<base::SequencedTaskRunner> task_runner =
|
||||
base::ThreadPool::CreateSequencedTaskRunner(
|
||||
{base::MayBlock(), base::TaskPriority::BEST_EFFORT});
|
||||
@ -347,7 +353,7 @@ class UserVerifyingKeyProviderWin : public UserVerifyingKeyProvider {
|
||||
caller_task_runner,
|
||||
base::BindOnce(
|
||||
&UserVerifyingKeyProviderWin::OnKeyCreationCompletionSuccess,
|
||||
weak_factory_.GetWeakPtr()));
|
||||
weak_factory_.GetWeakPtr(), std::move(key_label)));
|
||||
auto error_callback = WrapRepeatingCallbackForCallingThread<HRESULT>(
|
||||
caller_task_runner,
|
||||
base::BindRepeating(
|
||||
@ -361,11 +367,11 @@ class UserVerifyingKeyProviderWin : public UserVerifyingKeyProvider {
|
||||
}
|
||||
|
||||
void GetUserVerifyingSigningKey(
|
||||
UserVerifyingKeyReference key_reference,
|
||||
UserVerifyingKeyLabel key_label,
|
||||
base::OnceCallback<void(std::unique_ptr<UserVerifyingSigningKey>)>
|
||||
callback) override {
|
||||
CHECK(!key_creation_callback_);
|
||||
auto key_name = base::win::ScopedHString::Create(key_reference);
|
||||
auto key_name = base::win::ScopedHString::Create(key_label);
|
||||
scoped_refptr<base::SequencedTaskRunner> task_runner =
|
||||
base::ThreadPool::CreateSequencedTaskRunner(
|
||||
{base::MayBlock(), base::TaskPriority::BEST_EFFORT});
|
||||
@ -377,7 +383,7 @@ class UserVerifyingKeyProviderWin : public UserVerifyingKeyProvider {
|
||||
caller_task_runner,
|
||||
base::BindOnce(
|
||||
&UserVerifyingKeyProviderWin::OnKeyCreationCompletionSuccess,
|
||||
weak_factory_.GetWeakPtr()));
|
||||
weak_factory_.GetWeakPtr(), std::move(key_label)));
|
||||
auto error_callback = WrapRepeatingCallbackForCallingThread<HRESULT>(
|
||||
caller_task_runner,
|
||||
base::BindRepeating(
|
||||
@ -391,6 +397,7 @@ class UserVerifyingKeyProviderWin : public UserVerifyingKeyProvider {
|
||||
|
||||
private:
|
||||
void OnKeyCreationCompletionSuccess(
|
||||
std::string key_name,
|
||||
ComPtr<IKeyCredentialRetrievalResult> key_result) {
|
||||
// This SHOULD only be called once but conservatively we ignore additional
|
||||
// calls to reduce assumptions of good behaviour by the platform APIs.
|
||||
@ -422,8 +429,8 @@ class UserVerifyingKeyProviderWin : public UserVerifyingKeyProvider {
|
||||
std::move(key_creation_callback_).Run(nullptr);
|
||||
return;
|
||||
}
|
||||
auto key =
|
||||
std::make_unique<UserVerifyingSigningKeyWin>(std::move(credential));
|
||||
auto key = std::make_unique<UserVerifyingSigningKeyWin>(
|
||||
std::move(key_name), std::move(credential));
|
||||
std::move(key_creation_callback_).Run(std::move(key));
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user