Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FIDO] Support extensions #161

Merged
merged 49 commits into from
Dec 18, 2024
Merged

[FIDO] Support extensions #161

merged 49 commits into from
Dec 18, 2024

Conversation

AdamVe
Copy link
Member

@AdamVe AdamVe commented Nov 20, 2024

Adds support for defined FIDO extensions (see CTAP2.1 and Webauthn specifications). This PR also adds simple framework for adding new extensions, by extending the Extension class and implementing relevant methods.

Extension processing happens during BasicWebauthnClient.makeCredential and BasicWebauthnClient.getAssertion calls, based on the creation and request options.

Results are exposed through PublicKeyCredential.getClientExtensionResults().

The following extensions are implemented:

  • hmac-secret
  • prf
  • credProps
  • credProtect
  • credBlob
  • largeBlob
  • minPinLength

A new BasicWebauthnClient constructor takes a list of Extension objects which it will process, by default the list contains defined extensions.

There are instrumented tests for each of the extensions (note that a supporting HW is needed for running the tests).

AdamVe added 30 commits September 25, 2024 18:06
@AdamVe
wip
9901dfa
@AdamVe
poc
8524e9b
@AdamVe
credBlob
f03d145
@AdamVe
largeBlob
f626d4d
@AdamVe
handle unit tests
39eaa58
@AdamVe
update log message
4188ac7
@AdamVe
PRF extension implementation
b72f4b1
@AdamVe
credProps instrumented test
33ac890
@AdamVe
PRF instrumented tests
d64aa66
@AdamVe
LargeBlob instrumented tests
240ab63
@AdamVe
refactor instrumented tests of existing extensions
dfcceff
@AdamVe
credBlob and its instrumented test
12ea9eb
@AdamVe
use ExtensionDataProvider
37a1d53
@AdamVe
fix hmacGetSecret/hmacCreateSecret, add tests
6cfb025
@AdamVe
credential list filtering
08bcd31
@AdamVe
refactor exts permission and data provider APIs
a981b49
@AdamVe
remove dataProvider, use only b64 encoding
f56968a
@AdamVe
prf evalByCredential parameter impl
b6d1ef8
@AdamVe
simplify internal client api
90d5457
@AdamVe
move extension processing to client
cca52eb
@AdamVe
move LargeBlobs to correct package
252f62d
@AdamVe
simplify
eb86be2
@AdamVe
refactor internal processing APIs
e4a2a53
@AdamVe
unify processing result for input and output
e96f097
@AdamVe
use ServiceLoader for extensions
90656f1
@AdamVe
Merge branch 'adamve/fido_extensions_refactor' into adamve/fido_exten…
6f3787c 
…sions
@AdamVe
update arguments API
a7c9d5a
@AdamVe
fix pinuvauth for makeCred/getAssertions
0102ab2
@AdamVe
simplify public API
6275a31
@AdamVe
update extension API
e2d59cc
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 20, 2024
View reviewed changes
Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SpotBugs found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

jensutbult
jensutbult approved these changes Dec 17, 2024
View reviewed changes
Copy link

@jensutbult jensutbult left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nicely done! Clean code and good test coverage. 👍

@AdamVe AdamVe merged commit 196304e into main Dec 18, 2024
16 checks passed
@AdamVe AdamVe deleted the adamve/fido_extensions branch December 18, 2024 10:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dainnilsson dainnilsson dainnilsson approved these changes

@jensutbult jensutbult jensutbult approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AdamVe @dainnilsson @jensutbult