Changeset 291423 in webkit

Timestamp:

Mar 17, 2022 11:28:13 AM (4 months ago)

Author:

J Pascoe

Message:

[WebAuthn] Support makeCredential for virtual HID authenticators
​https://bugs.webkit.org/show_bug.cgi?id=237984
rdar://problem/90393676

Reviewed by Brent Fulgham.

Virtual authenticators for WebAuthn supports different transports: nfc,usb,internal,ble.
Currently, we support the internal transport, but the default transport used in web platform
tests is usb. This patch implements makeCredential for hid-based virtual authenticators. Virtual
credential information is stored in the VirtualCredential struct as suggested by the spec.

Source/WebCore:

• Modules/webauthn/WebAuthenticationUtils.cpp:

(WebCore::buildAttestationMap):
(WebCore::buildAttestationObject):

• Modules/webauthn/WebAuthenticationUtils.h:
• Modules/webauthn/fido/FidoConstants.h:

Source/WebKit:

Tested manually via creating virtual authenticator and performing create and via wpt tests.

• UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:

(WebKit::MockHidConnection::parseRequest):
(WebKit::MockHidConnection::feedReports):

• UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.cpp:

(WebKit::VirtualAuthenticatorManager::createAuthenticator):
(WebKit::VirtualAuthenticatorManager::addCredential):
(WebKit::VirtualAuthenticatorManager::createService const):

• UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.h:
• UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorUtils.h: Copied from Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualService.h.
• UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorUtils.mm: Added.

(WebKit::flagsForConfig):
(WebKit::createPrivateKey):
(WebKit::credentialIdAndCosePubKeyForPrivateKey):
(WebKit::base64PrivateKey):

• UIProcess/WebAuthentication/Virtual/VirtualCredential.h: Copied from Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualService.h.
• UIProcess/WebAuthentication/Virtual/VirtualHidConnection.cpp: Added.

(WebKit::VirtualHidConnection::VirtualHidConnection):
(WebKit::VirtualHidConnection::initialize):
(WebKit::VirtualHidConnection::terminate):
(WebKit::VirtualHidConnection::sendSync):
(WebKit::VirtualHidConnection::send):
(WebKit::VirtualHidConnection::assembleRequest):
(WebKit::VirtualHidConnection::receiveHidMessage):
(WebKit::VirtualHidConnection::recieveResponseCode):
(WebKit::VirtualHidConnection::parseRequest):

• UIProcess/WebAuthentication/Virtual/VirtualHidConnection.h: Copied from Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.h.
• UIProcess/WebAuthentication/Virtual/VirtualService.h:
• UIProcess/WebAuthentication/Virtual/VirtualService.mm:

(WebKit::VirtualService::VirtualService):
(WebKit::VirtualService::createVirtual):
(WebKit::authenticatorInfoForConfig):
(WebKit::VirtualService::startDiscoveryInternal):

• WebKit.xcodeproj/project.pbxproj:

Location:

trunk/Source

Files:

• WebCore/ChangeLog (modified) (1 diff)
• WebCore/Modules/webauthn/WebAuthenticationConstants.h (modified) (1 diff)
• WebCore/Modules/webauthn/WebAuthenticationUtils.cpp (modified) (2 diffs)
• WebCore/Modules/webauthn/WebAuthenticationUtils.h (modified) (1 diff)
• WebCore/Modules/webauthn/fido/FidoConstants.h (modified) (1 diff)
• WebKit/ChangeLog (modified) (1 diff)
• WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (modified) (2 diffs)
• WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp (modified) (7 diffs)
• WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.cpp (modified) (3 diffs)
• WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.h (modified) (2 diffs)
• WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorUtils.h (copied) (copied from trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualService.h) (2 diffs)
• WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorUtils.mm (added)
• WebKit/UIProcess/WebAuthentication/Virtual/VirtualCredential.h (copied) (copied from trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualService.h) (2 diffs)
• WebKit/UIProcess/WebAuthentication/Virtual/VirtualHidConnection.cpp (added)
• WebKit/UIProcess/WebAuthentication/Virtual/VirtualHidConnection.h (copied) (copied from trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualService.h) (2 diffs)
• WebKit/UIProcess/WebAuthentication/Virtual/VirtualService.h (modified) (1 diff)
• WebKit/UIProcess/WebAuthentication/Virtual/VirtualService.mm (modified) (2 diffs)
• WebKit/WebKit.xcodeproj/project.pbxproj (modified) (7 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2022-03-17  J Pascoe  <j_pascoe@apple.com>
+
+        [WebAuthn] Support makeCredential for virtual HID authenticators
+        https://bugs.webkit.org/show_bug.cgi?id=237984
+        rdar://problem/90393676
+
+        Reviewed by Brent Fulgham.
+
+        Virtual authenticators for WebAuthn supports different transports: nfc,usb,internal,ble.
+        Currently, we support the internal transport, but the default transport used in web platform
+        tests is usb. This patch implements makeCredential for hid-based virtual authenticators. Virtual
+        credential information is stored in the VirtualCredential struct as suggested by the spec.
+
+        * Modules/webauthn/WebAuthenticationUtils.cpp:
+        (WebCore::buildAttestationMap):
+        (WebCore::buildAttestationObject):
+        * Modules/webauthn/WebAuthenticationUtils.h:
+        * Modules/webauthn/fido/FidoConstants.h:
+
 2022-03-17  Youenn Fablet  <youenn@apple.com>
 

trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h

@@ -101 +101 @@
 };
 
+// https://www.w3.org/TR/webauthn-2/#authenticator-data
+constexpr uint8_t userPresenceFlag = 0b00000001;
+constexpr uint8_t userVerifiedFlag = 0b00000100;
+constexpr uint8_t attestedCredentialDataIncludedFlag = 0b01000000;
+
 } // namespace WebAuthn

trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp

@@ -111 +111 @@
 }
 
-Vector<uint8_t> buildAttestationObject(Vector<uint8_t>&& authData, String&& format, cbor::CBORValue::MapValue&& statementMap, const AttestationConveyancePreference& attestation)
+cbor::CBORValue::MapValue buildAttestationMap(Vector<uint8_t>&& authData, String&& format, cbor::CBORValue::MapValue&& statementMap, const AttestationConveyancePreference& attestation)
 {
     cbor::CBORValue::MapValue attestationObjectMap;
@@ -128 +128 @@
     attestationObjectMap[cbor::CBORValue("fmt")] = cbor::CBORValue(WTFMove(format));
     attestationObjectMap[cbor::CBORValue("attStmt")] = cbor::CBORValue(WTFMove(statementMap));
+    return attestationObjectMap;
+}
+
+Vector<uint8_t> buildAttestationObject(Vector<uint8_t>&& authData, String&& format, cbor::CBORValue::MapValue&& statementMap, const AttestationConveyancePreference& attestation)
+{
+    cbor::CBORValue::MapValue attestationObjectMap = buildAttestationMap(WTFMove(authData), WTFMove(format), WTFMove(statementMap), attestation);
 
     auto attestationObject = cbor::CBORWriter::write(cbor::CBORValue(WTFMove(attestationObjectMap)));

trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h

@@ -50 +50 @@
 WEBCORE_EXPORT Vector<uint8_t> buildAuthData(const String& rpId, const uint8_t flags, const uint32_t counter, const Vector<uint8_t>& optionalAttestedCredentialData);
 
+WEBCORE_EXPORT cbor::CBORValue::MapValue buildAttestationMap(Vector<uint8_t>&&, String&&, cbor::CBORValue::MapValue&&, const AttestationConveyancePreference&);
+
 // https://www.w3.org/TR/webauthn/#attestation-object
 WEBCORE_EXPORT Vector<uint8_t> buildAttestationObject(Vector<uint8_t>&& authData, String&& format, cbor::CBORValue::MapValue&& statementMap, const AttestationConveyancePreference&);

trunk/Source/WebCore/Modules/webauthn/fido/FidoConstants.h

@@ -256 +256 @@
 const uint8_t kCtapNfcApduIns = 0x10;
 
+// https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-client-to-authenticator-protocol-v2.0-ps-20170927.html#mandatory-commands
+const size_t kCtapChannelIdSize = 4;
+const uint8_t kCtapKeepAliveStatusProcessing = 1;
+// https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-client-to-authenticator-protocol-v2.0-ps-20170927.html#commands
+const int64_t kCtapMakeCredentialClientDataHashKey = 1;
+const int64_t kCtapMakeCredentialRpKey = 2;
+const int64_t kCtapMakeCredentialUserKey = 3;
+const int64_t kCtapMakeCredentialPubKeyCredParamsKey = 4;
+const int64_t kCtapMakeCredentialExcludeListKey = 5;
+const int64_t kCtapMakeCredentialExtensionsKey = 6;
+const int64_t kCtapMakeCredentialRequestOptionsKey = 7;
+const int64_t kCtapGetAssertionRequestOptionsKey = 5;
+
 } // namespace fido
 

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2022-03-17  J Pascoe  <j_pascoe@apple.com>
+
+        [WebAuthn] Support makeCredential for virtual HID authenticators
+        https://bugs.webkit.org/show_bug.cgi?id=237984
+        rdar://problem/90393676
+
+        Reviewed by Brent Fulgham.
+
+        Virtual authenticators for WebAuthn supports different transports: nfc,usb,internal,ble.
+        Currently, we support the internal transport, but the default transport used in web platform
+        tests is usb. This patch implements makeCredential for hid-based virtual authenticators. Virtual
+        credential information is stored in the VirtualCredential struct as suggested by the spec.
+
+        Tested manually via creating virtual authenticator and performing create and via wpt tests.
+
+        * UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:
+        (WebKit::MockHidConnection::parseRequest):
+        (WebKit::MockHidConnection::feedReports):
+        * UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.cpp:
+        (WebKit::VirtualAuthenticatorManager::createAuthenticator):
+        (WebKit::VirtualAuthenticatorManager::addCredential):
+        (WebKit::VirtualAuthenticatorManager::createService const):
+        * UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.h:
+        * UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorUtils.h: Copied from Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualService.h.
+        * UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorUtils.mm: Added.
+        (WebKit::flagsForConfig):
+        (WebKit::createPrivateKey):
+        (WebKit::credentialIdAndCosePubKeyForPrivateKey):
+        (WebKit::base64PrivateKey):
+        * UIProcess/WebAuthentication/Virtual/VirtualCredential.h: Copied from Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualService.h.
+        * UIProcess/WebAuthentication/Virtual/VirtualHidConnection.cpp: Added.
+        (WebKit::VirtualHidConnection::VirtualHidConnection):
+        (WebKit::VirtualHidConnection::initialize):
+        (WebKit::VirtualHidConnection::terminate):
+        (WebKit::VirtualHidConnection::sendSync):
+        (WebKit::VirtualHidConnection::send):
+        (WebKit::VirtualHidConnection::assembleRequest):
+        (WebKit::VirtualHidConnection::receiveHidMessage):
+        (WebKit::VirtualHidConnection::recieveResponseCode):
+        (WebKit::VirtualHidConnection::parseRequest):
+        * UIProcess/WebAuthentication/Virtual/VirtualHidConnection.h: Copied from Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.h.
+        * UIProcess/WebAuthentication/Virtual/VirtualService.h:
+        * UIProcess/WebAuthentication/Virtual/VirtualService.mm:
+        (WebKit::VirtualService::VirtualService):
+        (WebKit::VirtualService::createVirtual):
+        (WebKit::authenticatorInfoForConfig):
+        (WebKit::VirtualService::startDiscoveryInternal):
+        * WebKit.xcodeproj/project.pbxproj:
+
 2022-03-17  Youenn Fablet  <youenn@apple.com>
 

trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm

@@ -66 +66 @@
 using namespace fido;
 using namespace WebCore;
+using namespace WebAuthn;
 using CBOR = cbor::CBORValue;
 
@@ -71 +72 @@
 
 // See https://www.w3.org/TR/webauthn/#flags.
-const uint8_t makeCredentialFlags = 0b01000101; // UP, UV and AT are set.
-const uint8_t otherMakeCredentialFlags = 0b01000001; // UP and AT are set.
-const uint8_t getAssertionFlags = 0b00000101; // UP and UV are set.
-const uint8_t otherGetAssertionFlags = 0b00000001; // UP is set.
+const uint8_t makeCredentialFlags = userPresenceFlag | userVerifiedFlag | attestedCredentialDataIncludedFlag; // UP, UV and AT are set.
+const uint8_t otherMakeCredentialFlags = userPresenceFlag | attestedCredentialDataIncludedFlag; // UP and AT are set.
+const uint8_t getAssertionFlags = userPresenceFlag | userVerifiedFlag; // UP and UV are set.
+const uint8_t otherGetAssertionFlags = userPresenceFlag; // UP is set.
 // Credential ID is currently SHA-1 of the corresponding public key.
 const uint16_t credentialIdLength = 20;

trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp

@@ -45 +45 @@
 using namespace fido;
 
-namespace MockHidConnectionInternal {
-// https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-client-to-authenticator-protocol-v2.0-ps-20170927.html#mandatory-commands
-const size_t CtapChannelIdSize = 4;
-const uint8_t CtapKeepAliveStatusProcessing = 1;
-// https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-client-to-authenticator-protocol-v2.0-ps-20170927.html#commands
-const int64_t CtapMakeCredentialRequestOptionsKey = 7;
-const int64_t CtapGetAssertionRequestOptionsKey = 5;
-}
-
 MockHidConnection::MockHidConnection(IOHIDDeviceRef device, const MockWebAuthenticationConfiguration& configuration)
     : HidConnection(device)
@@ -131 +122 @@
 void MockHidConnection::parseRequest()
 {
-    using namespace MockHidConnectionInternal;
-
     ASSERT(m_requestMessage);
     // Set stages.
@@ -163 +152 @@
 
             if (cmd == CtapRequestCommand::kAuthenticatorMakeCredential) {
-                auto it = requestMap->getMap().find(CBORValue(CtapMakeCredentialRequestOptionsKey)); // Find options.
+                auto it = requestMap->getMap().find(CBORValue(kCtapMakeCredentialRequestOptionsKey)); // Find options.
                 if (it != requestMap->getMap().end()) {
                     auto& optionMap = it->second.getMap();
@@ -178 +167 @@
 
             if (cmd == CtapRequestCommand::kAuthenticatorGetAssertion) {
-                auto it = requestMap->getMap().find(CBORValue(CtapGetAssertionRequestOptionsKey)); // Find options.
+                auto it = requestMap->getMap().find(CBORValue(kCtapGetAssertionRequestOptionsKey)); // Find options.
                 if (it != requestMap->getMap().end()) {
                     auto& optionMap = it->second.getMap();
@@ -203 +192 @@
 void MockHidConnection::feedReports()
 {
-    using namespace MockHidConnectionInternal;
-
     if (m_subStage == Mock::HidSubStage::Init) {
         Vector<uint8_t> payload;
@@ -213 +200 @@
             payload[0]--;
         payload.grow(kHidInitResponseSize);
-        cryptographicallyRandomValues(payload.data() + writePosition, CtapChannelIdSize);
+        cryptographicallyRandomValues(payload.data() + writePosition, kCtapChannelIdSize);
         auto channel = kHidBroadcastChannel;
         if (stagesMatch() && m_configuration.hid->error == Mock::HidError::WrongChannelId)
@@ -257 +244 @@
         if (m_configuration.hid->keepAlive) {
             m_configuration.hid->keepAlive = false;
-            FidoHidInitPacket initPacket(m_currentChannel, FidoHidDeviceCommand::kKeepAlive, { CtapKeepAliveStatusProcessing }, 1);
+            FidoHidInitPacket initPacket(m_currentChannel, FidoHidDeviceCommand::kKeepAlive, { kCtapKeepAliveStatusProcessing }, 1);
             receiveReport(initPacket.getSerializedData());
             continueFeedReports();

trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.cpp

@@ -34 +34 @@
 namespace WebKit {
 
+struct VirtualCredential;
+
 VirtualAuthenticatorManager::VirtualAuthenticatorManager()
     : AuthenticatorManager()
@@ -41 +43 @@
 String VirtualAuthenticatorManager::createAuthenticator(const VirtualAuthenticatorConfiguration& config)
 {
-    if (config.transport != WebCore::AuthenticatorTransport::Internal)
+    if (config.transport != WebCore::AuthenticatorTransport::Internal && config.transport != WebCore::AuthenticatorTransport::Usb)
         UNIMPLEMENTED();
     auto id = createVersion4UUIDString();
     m_virtualAuthenticators.set(id, makeUniqueRef<VirtualAuthenticatorConfiguration>(config));
+    Vector<VirtualCredential> credentials;
+    m_credentialsByAuthenticator.set(id, WTFMove(credentials));
 
     return id;
@@ -54 +58 @@
 }
 
+void VirtualAuthenticatorManager::addCredential(const String& authenticatorId, const VirtualCredential& credential)
+{
+    m_credentialsByAuthenticator.get(authenticatorId).append(credential);
+}
+
 UniqueRef<AuthenticatorTransportService> VirtualAuthenticatorManager::createService(WebCore::AuthenticatorTransport transport, AuthenticatorTransportService::Observer& observer) const
 {
-    Vector<VirtualAuthenticatorConfiguration> configs;
-    for (auto& config : m_virtualAuthenticators.values()) {
-        if (config.get().transport == transport)
-            configs.append(config.get());
+    Vector<std::pair<String, VirtualAuthenticatorConfiguration>> configs;
+    for (auto& id : m_virtualAuthenticators.keys()) {
+        auto config = m_virtualAuthenticators.get(id);
+        if (config->transport == transport)
+            configs.append(std::pair { id, *config });
     }
     return VirtualService::createVirtual(transport, observer, configs);

trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorManager.h

@@ -30 +30 @@
 #include "AuthenticatorManager.h"
 #include "VirtualAuthenticatorConfiguration.h"
+#include "VirtualCredential.h"
+#include <wtf/WeakPtr.h>
 
 namespace WebKit {
+struct VirtualCredential;
 
 class VirtualAuthenticatorManager final : public AuthenticatorManager {
@@ -41 +44 @@
 
     bool isVirtual() const final { return true; }
-    void runPanel();
-    void selectAssertionResponse(Vector<Ref<WebCore::AuthenticatorAssertionResponse>>&&, WebAuthenticationSource, CompletionHandler<void(WebCore::AuthenticatorAssertionResponse*)>&&);
-    void decidePolicyForLocalAuthenticator(CompletionHandler<void(LocalAuthenticatorPolicy)>&&);
 
+    void addCredential(const String&, const VirtualCredential&);
+
+protected:
+    void decidePolicyForLocalAuthenticator(CompletionHandler<void(LocalAuthenticatorPolicy)>&&) override;
+    void selectAssertionResponse(Vector<Ref<WebCore::AuthenticatorAssertionResponse>>&&, WebAuthenticationSource, CompletionHandler<void(WebCore::AuthenticatorAssertionResponse*)>&&) override;
+    
+    
 private:
     UniqueRef<AuthenticatorTransportService> createService(WebCore::AuthenticatorTransport, AuthenticatorTransportService::Observer&) const final;
+    void runPanel() override;
 
     HashMap<String, UniqueRef<VirtualAuthenticatorConfiguration>> m_virtualAuthenticators;
+    HashMap<String, Vector<VirtualCredential>> m_credentialsByAuthenticator;
 };
 

trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualAuthenticatorUtils.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -28 +28 @@
 #if ENABLE(WEB_AUTHN)
 
-#include "AuthenticatorTransportService.h"
 #include "VirtualAuthenticatorConfiguration.h"
 
 namespace WebKit {
 
-class VirtualService : public AuthenticatorTransportService {
-public:
-    explicit VirtualService(Observer&, const Vector<VirtualAuthenticatorConfiguration>&);
-
-    static UniqueRef<AuthenticatorTransportService> createVirtual(WebCore::AuthenticatorTransport, Observer&, const Vector<VirtualAuthenticatorConfiguration>& configs);
-private:
-    void startDiscoveryInternal() final;
-
-    Vector<VirtualAuthenticatorConfiguration> m_configurations;
-};
+uint8_t flagsForConfig(const VirtualAuthenticatorConfiguration&);
+RetainPtr<SecKeyRef> createPrivateKey();
+std::pair<Vector<uint8_t>, Vector<uint8_t>> credentialIdAndCosePubKeyForPrivateKey(RetainPtr<SecKeyRef> privateKey);
+String base64PrivateKey(RetainPtr<SecKeyRef> privateKey);
 
 } // namespace WebKit

trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualCredential.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -28 +28 @@
 #if ENABLE(WEB_AUTHN)
 
-#include "AuthenticatorTransportService.h"
-#include "VirtualAuthenticatorConfiguration.h"
+#include <WebCore/AuthenticatorTransport.h>
+#include <wtf/text/WTFString.h>
 
 namespace WebKit {
 
-class VirtualService : public AuthenticatorTransportService {
-public:
-    explicit VirtualService(Observer&, const Vector<VirtualAuthenticatorConfiguration>&);
-
-    static UniqueRef<AuthenticatorTransportService> createVirtual(WebCore::AuthenticatorTransport, Observer&, const Vector<VirtualAuthenticatorConfiguration>& configs);
-private:
-    void startDiscoveryInternal() final;
-
-    Vector<VirtualAuthenticatorConfiguration> m_configurations;
+struct VirtualCredential {
+    WTF_MAKE_STRUCT_FAST_ALLOCATED;
+    Vector<uint8_t> credentialId;
+    String rpId;
+    String privateKey;
+    std::optional<Vector<uint8_t>> userHandle;
+    uint64_t signCount;
+    bool isResidentCredential;
+    bool isVerificationRequired;
 };
 

trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualHidConnection.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -28 +28 @@
 #if ENABLE(WEB_AUTHN)
 
-#include "AuthenticatorTransportService.h"
+#include "HidConnection.h"
 #include "VirtualAuthenticatorConfiguration.h"
+#include <WebCore/FidoHidMessage.h>
+#include <wtf/WeakPtr.h>
 
 namespace WebKit {
+struct VirtualAuthenticatorConfiguration;
+class VirtualAuthenticatorManager;
 
-class VirtualService : public AuthenticatorTransportService {
+class VirtualHidConnection final : public CanMakeWeakPtr<VirtualHidConnection>, public HidConnection {
 public:
-    explicit VirtualService(Observer&, const Vector<VirtualAuthenticatorConfiguration>&);
+    explicit VirtualHidConnection(const String& authenticatorId, const VirtualAuthenticatorConfiguration&, const WeakPtr<VirtualAuthenticatorManager>&);
 
-    static UniqueRef<AuthenticatorTransportService> createVirtual(WebCore::AuthenticatorTransport, Observer&, const Vector<VirtualAuthenticatorConfiguration>& configs);
 private:
-    void startDiscoveryInternal() final;
+    void initialize() final;
+    void terminate() final;
+    DataSent sendSync(const Vector<uint8_t>& data) final;
+    void send(Vector<uint8_t>&& data, DataSentCallback&&) final;
+    void assembleRequest(Vector<uint8_t>&&);
+    void parseRequest();
 
-    Vector<VirtualAuthenticatorConfiguration> m_configurations;
+    void receiveHidMessage(fido::FidoHidMessage&&);
+    void recieveResponseCode(fido::CtapDeviceResponseCode);
+
+    WeakPtr<VirtualAuthenticatorManager> m_manager;
+    VirtualAuthenticatorConfiguration m_configuration;
+    std::optional<fido::FidoHidMessage> m_requestMessage;
+    Vector<uint8_t> m_nonce;
+    uint32_t m_currentChannel { fido::kHidBroadcastChannel };
+    String m_authenticatorId;
 };
-
 } // namespace WebKit
-
-#endif // ENABLE(WEB_AUTHN)
+#endif

trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualService.h

@@ -30 +30 @@
 #include "AuthenticatorTransportService.h"
 #include "VirtualAuthenticatorConfiguration.h"
+#include "VirtualCredential.h"
+#include <wtf/WeakPtr.h>
 
 namespace WebKit {
 
+class VirtualAuthenticatorManager;
+
 class VirtualService : public AuthenticatorTransportService {
 public:
-    explicit VirtualService(Observer&, const Vector<VirtualAuthenticatorConfiguration>&);
+    explicit VirtualService(Observer&, Vector<std::pair<String, VirtualAuthenticatorConfiguration>>&);
 
-    static UniqueRef<AuthenticatorTransportService> createVirtual(WebCore::AuthenticatorTransport, Observer&, const Vector<VirtualAuthenticatorConfiguration>& configs);
+    static UniqueRef<AuthenticatorTransportService> createVirtual(WebCore::AuthenticatorTransport, Observer&, Vector<std::pair<String, VirtualAuthenticatorConfiguration>>&);
 private:
     void startDiscoveryInternal() final;
 
-    Vector<VirtualAuthenticatorConfiguration> m_configurations;
+    Vector<std::pair<String, VirtualAuthenticatorConfiguration>> m_authenticators;
 };
 

trunk/Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualService.mm

@@ -29 +29 @@
 #if ENABLE(WEB_AUTHN)
 
+#import "CtapAuthenticator.h"
+#import "CtapHidDriver.h"
 #import "LocalAuthenticator.h"
+#import "VirtualAuthenticatorManager.h"
+#import "VirtualHidConnection.h"
 #import "VirtualLocalConnection.h"
+#import <WebCore/FidoConstants.h>
+#import <WebCore/WebAuthenticationConstants.h>
+#import <wtf/UniqueRef.h>
 #import <wtf/text/WTFString.h>
 
 namespace WebKit {
+using namespace fido;
+using namespace WebCore;
 
-VirtualService::VirtualService(Observer& observer, const Vector<VirtualAuthenticatorConfiguration>& configurations)
-    : AuthenticatorTransportService(observer), m_configurations(configurations)
+VirtualService::VirtualService(Observer& observer, Vector<std::pair<String, VirtualAuthenticatorConfiguration>>& authenticators)
+    : AuthenticatorTransportService(observer), m_authenticators(authenticators)
 {
 }
 
-UniqueRef<AuthenticatorTransportService> VirtualService::createVirtual(WebCore::AuthenticatorTransport transport, Observer& observer,  const Vector<VirtualAuthenticatorConfiguration>& configs)
+UniqueRef<AuthenticatorTransportService> VirtualService::createVirtual(WebCore::AuthenticatorTransport transport, Observer& observer, Vector<std::pair<String, VirtualAuthenticatorConfiguration>>& authenticators)
 {
-    return makeUniqueRef<VirtualService>(observer, configs);
+    return makeUniqueRef<VirtualService>(observer, authenticators);
+}
+
+static AuthenticatorGetInfoResponse authenticatorInfoForConfig(const VirtualAuthenticatorConfiguration& config)
+{
+    AuthenticatorGetInfoResponse infoResponse({ ProtocolVersion::kCtap }, Vector<uint8_t>(aaguidLength, 0u));
+    AuthenticatorSupportedOptions options;
+    infoResponse.setOptions(WTFMove(options));
+    return infoResponse;
 }
 
@@ -48 +65 @@
 {
 
-    for (auto& config : m_configurations) {
+    for (auto& authenticator : m_authenticators) {
         if (!observer())
             return;
+        auto config = authenticator.second;
+        auto authenticatorId = authenticator.first;
         switch (config.transport) {
+        case WebCore::AuthenticatorTransport::Usb:
+            observer()->authenticatorAdded(CtapAuthenticator::create(WTF::makeUnique<CtapHidDriver>(makeUniqueRef<VirtualHidConnection>(authenticatorId, config, WeakPtr { static_cast<VirtualAuthenticatorManager *>(observer()) })), authenticatorInfoForConfig(config)));
+            break;
         case WebCore::AuthenticatorTransport::Internal:
             observer()->authenticatorAdded(LocalAuthenticator::create(makeUniqueRef<VirtualLocalConnection>(config)));
-                break;
+            break;
         default:
             UNIMPLEMENTED();

trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj

@@ -1082 +1082 @@
                 51FAEC3B1B0657680009C4E7 /* AuxiliaryProcessMessageReceiver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 51FAEC361B0657310009C4E7 /* AuxiliaryProcessMessageReceiver.cpp */; };
                 51FD18B61651FBAD00DBE1CE /* NetworkResourceLoader.h in Headers */ = {isa = PBXBuildFile; fileRef = 51FD18B41651FBAD00DBE1CE /* NetworkResourceLoader.h */; };
+                5252A51927E048740094BEB9 /* VirtualHidConnection.h in Headers */ = {isa = PBXBuildFile; fileRef = 5252A51727E048740094BEB9 /* VirtualHidConnection.h */; };
+                5252A51A27E048740094BEB9 /* VirtualHidConnection.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5252A51827E048740094BEB9 /* VirtualHidConnection.cpp */; };
                 52688AB427D7CE40003577A2 /* _WKResidentKeyRequirement.h in Headers */ = {isa = PBXBuildFile; fileRef = 52688AB327D7CE40003577A2 /* _WKResidentKeyRequirement.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 5272D4C91E735F0900EB4290 /* WKProtectionSpaceNS.h in Headers */ = {isa = PBXBuildFile; fileRef = 5272D4C71E735F0900EB4290 /* WKProtectionSpaceNS.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -1094 +1096 @@
                 52D5A1B01C57495A00DE34A3 /* VideoFullscreenManagerProxy.h in Headers */ = {isa = PBXBuildFile; fileRef = 52D5A1AA1C57494E00DE34A3 /* VideoFullscreenManagerProxy.h */; };
                 52F060E11654318500F3281B /* NetworkContentRuleListManagerMessageReceiver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 52F060DD1654317500F3281B /* NetworkContentRuleListManagerMessageReceiver.cpp */; };
+                52F4B46927E1197700FFD129 /* VirtualAuthenticatorUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = 52F4B46727E1197700FFD129 /* VirtualAuthenticatorUtils.h */; };
+                52F4B46A27E1197700FFD129 /* VirtualAuthenticatorUtils.mm in Sources */ = {isa = PBXBuildFile; fileRef = 52F4B46827E1197700FFD129 /* VirtualAuthenticatorUtils.mm */; };
+                52F4B46D27E125A800FFD129 /* VirtualCredential.h in Headers */ = {isa = PBXBuildFile; fileRef = 52F4B46B27E125A800FFD129 /* VirtualCredential.h */; };
                 532159551DBAE7290054AA3C /* NetworkSessionCocoa.h in Headers */ = {isa = PBXBuildFile; fileRef = 532159501DBAE6D70054AA3C /* NetworkSessionCocoa.h */; };
                 532159561DBAE72D0054AA3C /* NetworkDataTaskCocoa.h in Headers */ = {isa = PBXBuildFile; fileRef = 5321594F1DBAE6D70054AA3C /* NetworkDataTaskCocoa.h */; };
@@ -4645 +4650 @@
                 51FD18B31651FBAD00DBE1CE /* NetworkResourceLoader.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NetworkResourceLoader.cpp; sourceTree = "<group>"; };
                 51FD18B41651FBAD00DBE1CE /* NetworkResourceLoader.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NetworkResourceLoader.h; sourceTree = "<group>"; };
+                5252A51727E048740094BEB9 /* VirtualHidConnection.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = VirtualHidConnection.h; sourceTree = "<group>"; };
+                5252A51827E048740094BEB9 /* VirtualHidConnection.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = VirtualHidConnection.cpp; sourceTree = "<group>"; };
                 52688AB327D7CE40003577A2 /* _WKResidentKeyRequirement.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = _WKResidentKeyRequirement.h; path = UIProcess/API/Cocoa/_WKResidentKeyRequirement.h; sourceTree = "<group>"; };
                 5272D4C71E735F0900EB4290 /* WKProtectionSpaceNS.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = WKProtectionSpaceNS.h; path = mac/WKProtectionSpaceNS.h; sourceTree = "<group>"; };
@@ -4664 +4671 @@
                 52EB68CC279E2145005C98D9 /* ARKitSoftLink.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = ARKitSoftLink.mm; sourceTree = "<group>"; };
                 52F060DD1654317500F3281B /* NetworkContentRuleListManagerMessageReceiver.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; name = NetworkContentRuleListManagerMessageReceiver.cpp; path = DerivedSources/WebKit/NetworkContentRuleListManagerMessageReceiver.cpp; sourceTree = BUILT_PRODUCTS_DIR; };
+                52F4B46727E1197700FFD129 /* VirtualAuthenticatorUtils.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = VirtualAuthenticatorUtils.h; sourceTree = "<group>"; };
+                52F4B46827E1197700FFD129 /* VirtualAuthenticatorUtils.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = VirtualAuthenticatorUtils.mm; sourceTree = "<group>"; };
+                52F4B46B27E125A800FFD129 /* VirtualCredential.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = VirtualCredential.h; sourceTree = "<group>"; };
                 5315876B2076B713004BF9F3 /* NetworkActivityTrackerCocoa.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = NetworkActivityTrackerCocoa.mm; sourceTree = "<group>"; };
                 5321594F1DBAE6D70054AA3C /* NetworkDataTaskCocoa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NetworkDataTaskCocoa.h; sourceTree = "<group>"; };
@@ -9859 +9869 @@
                                 52CDC5BF2731DA0C00A3E3EB /* VirtualAuthenticatorManager.cpp */,
                                 52CDC5C32731DA0C00A3E3EB /* VirtualAuthenticatorManager.h */,
+                                52F4B46727E1197700FFD129 /* VirtualAuthenticatorUtils.h */,
+                                52F4B46827E1197700FFD129 /* VirtualAuthenticatorUtils.mm */,
+                                52F4B46B27E125A800FFD129 /* VirtualCredential.h */,
+                                5252A51827E048740094BEB9 /* VirtualHidConnection.cpp */,
+                                5252A51727E048740094BEB9 /* VirtualHidConnection.h */,
                                 52CDC5C02731DA0C00A3E3EB /* VirtualLocalConnection.h */,
                                 52CDC5C22731DA0C00A3E3EB /* VirtualLocalConnection.mm */,
@@ -13657 +13672 @@
                                 52CDC5C42731DA0D00A3E3EB /* VirtualAuthenticatorConfiguration.h in Headers */,
                                 52CDC5CA2731DA0D00A3E3EB /* VirtualAuthenticatorManager.h in Headers */,
+                                52F4B46927E1197700FFD129 /* VirtualAuthenticatorUtils.h in Headers */,
+                                52F4B46D27E125A800FFD129 /* VirtualCredential.h in Headers */,
+                                5252A51927E048740094BEB9 /* VirtualHidConnection.h in Headers */,
                                 52CDC5C72731DA0D00A3E3EB /* VirtualLocalConnection.h in Headers */,
                                 52CDC5C82731DA0D00A3E3EB /* VirtualService.h in Headers */,
@@ -16153 +16171 @@
                                 2684055218B86ED60022C38B /* ViewUpdateDispatcherMessageReceiver.cpp in Sources */,
                                 52CDC5C62731DA0D00A3E3EB /* VirtualAuthenticatorManager.cpp in Sources */,
+                                52F4B46A27E1197700FFD129 /* VirtualAuthenticatorUtils.mm in Sources */,
+                                5252A51A27E048740094BEB9 /* VirtualHidConnection.cpp in Sources */,
                                 52CDC5C92731DA0D00A3E3EB /* VirtualLocalConnection.mm in Sources */,
                                 52CDC5C52731DA0D00A3E3EB /* VirtualService.mm in Sources */,