Changeset 292913 in webkit

Timestamp:

Apr 15, 2022 10:38:42 AM (3 months ago)

Author:

J Pascoe

Message:

Source/WebCore:
[WebAuthn] Implement getTransports() and getAuthenticatorData() on AuthenticatorAttestationResponse
​https://bugs.webkit.org/show_bug.cgi?id=238966
rdar://problem/91449906

This change implements the getTransports() and getAuthenticatorData() functions
on AuthenticatorAttestationResponse. For security keys, the supported transports of
the key are parsed from authenticatorGetInfo. For the local authenticator, the supported
transports are specified according to which features are available. getAuthenticatorData()
is a convenience method for RPs who want to avoid parsing CBOR.

Reviewed by Brent Fulgham.

• Modules/webauthn/AuthenticatorAttestationResponse.cpp:

(WebCore::AuthenticatorAttestationResponse::create):
(WebCore::AuthenticatorAttestationResponse::AuthenticatorAttestationResponse):
(WebCore::AuthenticatorAttestationResponse::data const):
(WebCore::AuthenticatorAttestationResponse::getTransports const):
(WebCore::AuthenticatorAttestationResponse::getAuthenticatorData const):

• Modules/webauthn/AuthenticatorAttestationResponse.h:
• Modules/webauthn/AuthenticatorAttestationResponse.idl:
• Modules/webauthn/AuthenticatorResponse.cpp:

(WebCore::AuthenticatorResponse::tryCreate):

• Modules/webauthn/AuthenticatorResponse.h:
• Modules/webauthn/AuthenticatorResponseData.h:

(WebCore::AuthenticatorResponseData::encode const):
(WebCore::AuthenticatorResponseData::decode):

• Modules/webauthn/AuthenticatorTransport.h:
• Modules/webauthn/AuthenticatorTransport.idl:
• Modules/webauthn/WebAuthenticationConstants.h:
• Modules/webauthn/WebAuthenticationUtils.cpp:

(WebCore::convertArrayBufferToVector):

• Modules/webauthn/WebAuthenticationUtils.h:
• Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp:

(fido::AuthenticatorGetInfoResponse::setTransports):
(fido::toStringVector):
(fido::encodeAsCBOR):

• Modules/webauthn/fido/AuthenticatorGetInfoResponse.h:
• Modules/webauthn/fido/DeviceResponseConverter.cpp:

(fido::convertStringToAuthenticatorTransport):
(fido::readCTAPMakeCredentialResponse):
(fido::readCTAPGetInfoResponse):

• Modules/webauthn/fido/DeviceResponseConverter.h:
• Modules/webauthn/fido/U2fResponseConverter.cpp:

(fido::readU2fRegisterResponse):

• Modules/webauthn/fido/U2fResponseConverter.h:

(fido::readU2fRegisterResponse):

Source/WebKit:
[WebAuthn] Implement getTransports() and getAuthenticatorData() on AuthenticatorAttestationResponse
​https://bugs.webkit.org/show_bug.cgi?id=238966
rdar://problem/91449906

This change implements the getTransports() and getAuthenticatorData() functions
on AuthenticatorAttestationResponse. For security keys, the supported transports of
the key are parsed from authenticatorGetInfo. For the local authenticator, the supported
transports are specified according to which features are available. getAuthenticatorData()
is a convenience method for RPs who want to avoid parsing CBOR.

Reviewed by Brent Fulgham.

• Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h:
• UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponse.h:
• UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponse.mm:

(-[_WKAuthenticatorAttestationResponse initWithClientDataJSON:rawId:extensions:attestationObject:attachment:transports:]):
(-[_WKAuthenticatorAttestationResponse initWithClientDataJSON:rawId:extensions:attestationObject:attachment:]): Deleted.

• UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponseInternal.h:
• UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:

(wkExtensionsClientOutputs):
(wkAuthenticatorAttestationResponse):
(wkAuthenticatorAssertionResponse):

• UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:

(WebKit::LocalAuthenticatorInternal::transports):
(WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification):
(WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested):

• UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:

(WebKit::toASCDescriptor):
(WebKit::toAuthenticatorTransports):
(WebKit::continueAfterRequest):

• UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:

(WebKit::CtapAuthenticator::continueMakeCredentialAfterResponseReceived):
(WebKit::CtapAuthenticator::transports):

• UIProcess/WebAuthentication/fido/CtapAuthenticator.h:
• UIProcess/WebAuthentication/fido/CtapDriver.h:

(WebKit::CtapDriver::transport const):
(WebKit::CtapDriver::protocol const):
(WebKit::CtapDriver::CtapDriver):

• UIProcess/WebAuthentication/fido/CtapHidDriver.cpp:

(WebKit::CtapHidDriver::CtapHidDriver):

• UIProcess/WebAuthentication/fido/CtapNfcDriver.cpp:

(WebKit::CtapNfcDriver::CtapNfcDriver):

• UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp:

(WebKit::U2fAuthenticator::continueRegisterCommandAfterResponseReceived):

Tools:
[WebAuthn] Implement getTransports() and getAuthenticatorData() on AuthenticatorAttestationResponse
​https://bugs.webkit.org/show_bug.cgi?id=238966
rdar://problem/91449906

Reviewed by Brent Fulgham.

Add tests for parsing transports from getInfo.

• TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp:

(TestWebKitAPI::TEST):

• TestWebKitAPI/Tests/WebCore/FidoTestData.h:

LayoutTests:
[WebAuthn] Implement getTransports() and getAuthenticatorData() on AuthenticatorAttestationResponse
​https://bugs.webkit.org/show_bug.cgi?id=238966
rdar://problem/91449906

Reviewed by Brent Fulgham.

Add getTransports() to test.

• http/wpt/webauthn/public-key-credential-create-success-hid.https.html:
• http/wpt/webauthn/resources/util.js:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html (modified) (1 diff)
• LayoutTests/http/wpt/webauthn/resources/util.js (modified) (2 diffs)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.cpp (modified) (2 diffs)
• Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.h (modified) (3 diffs)
• Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.idl (modified) (1 diff)
• Source/WebCore/Modules/webauthn/AuthenticatorResponse.cpp (modified) (1 diff)
• Source/WebCore/Modules/webauthn/AuthenticatorResponse.h (modified) (1 diff)
• Source/WebCore/Modules/webauthn/AuthenticatorResponseData.h (modified) (4 diffs)
• Source/WebCore/Modules/webauthn/AuthenticatorTransport.h (modified) (2 diffs)
• Source/WebCore/Modules/webauthn/AuthenticatorTransport.idl (modified) (1 diff)
• Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h (modified) (1 diff)
• Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp (modified) (2 diffs)
• Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h (modified) (1 diff)
• Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp (modified) (3 diffs)
• Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.h (modified) (4 diffs)
• Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp (modified) (4 diffs)
• Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.h (modified) (1 diff)
• Source/WebCore/Modules/webauthn/fido/U2fResponseConverter.cpp (modified) (2 diffs)
• Source/WebCore/Modules/webauthn/fido/U2fResponseConverter.h (modified) (1 diff)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h (modified) (2 diffs)
• Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponse.h (modified) (1 diff)
• Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponse.mm (modified) (2 diffs)
• Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponseInternal.h (modified) (1 diff)
• Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm (modified) (2 diffs)
• Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (modified) (6 diffs)
• Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm (modified) (4 diffs)
• Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp (modified) (2 diffs)
• Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h (modified) (1 diff)
• Source/WebKit/UIProcess/WebAuthentication/fido/CtapDriver.h (modified) (2 diffs)
• Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidDriver.cpp (modified) (1 diff)
• Source/WebKit/UIProcess/WebAuthentication/fido/CtapNfcDriver.cpp (modified) (1 diff)
• Source/WebKit/UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp (modified) (3 diffs)
• Tools/TestWebKitAPI/Tests/WebCore/FidoTestData.h (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2022-04-15  J Pascoe  <j_pascoe@apple.com>
+
+        [WebAuthn] Implement getTransports() and getAuthenticatorData() on AuthenticatorAttestationResponse
+        https://bugs.webkit.org/show_bug.cgi?id=238966
+        rdar://problem/91449906
+
+        Reviewed by Brent Fulgham.
+
+        Add getTransports() to test.
+
+        * http/wpt/webauthn/public-key-credential-create-success-hid.https.html:
+        * http/wpt/webauthn/resources/util.js:
+
 2022-04-15  Karl Rackler  <rackler@apple.com>
 

trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html

@@ -28 +28 @@
 
         return navigator.credentials.create(options).then(credential => {
-            checkCtapMakeCredentialResult(credential);
+            checkCtapMakeCredentialResult(credential, true, ["usb"]);
         });
     }, "PublicKeyCredential's [[create]] with minimum options in a mock hid authenticator.");

trunk/LayoutTests/http/wpt/webauthn/resources/util.js

@@ -356 +356 @@
 }
 
-function checkCtapMakeCredentialResult(credential, isNoneAttestation = true)
+function checkCtapMakeCredentialResult(credential, isNoneAttestation = true, transports = null)
 {
     // Check response
@@ -389 +389 @@
         assert_equals(attestationObject.attStmt.x5c.length, 1);
     }
+    if (transports)
+        assert_array_equals(transports, credential.response.getTransports());
 }
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2022-04-15  J Pascoe  <j_pascoe@apple.com>
+
+        [WebAuthn] Implement getTransports() and getAuthenticatorData() on AuthenticatorAttestationResponse
+        https://bugs.webkit.org/show_bug.cgi?id=238966
+        rdar://problem/91449906
+
+        This change implements the getTransports() and getAuthenticatorData() functions
+        on AuthenticatorAttestationResponse. For security keys, the supported transports of
+        the key are parsed from authenticatorGetInfo. For the local authenticator, the supported
+        transports are specified according to which features are available. getAuthenticatorData()
+        is a convenience method for RPs who want to avoid parsing CBOR.
+
+        Reviewed by Brent Fulgham.
+
+        * Modules/webauthn/AuthenticatorAttestationResponse.cpp:
+        (WebCore::AuthenticatorAttestationResponse::create):
+        (WebCore::AuthenticatorAttestationResponse::AuthenticatorAttestationResponse):
+        (WebCore::AuthenticatorAttestationResponse::data const):
+        (WebCore::AuthenticatorAttestationResponse::getTransports const):
+        (WebCore::AuthenticatorAttestationResponse::getAuthenticatorData const):
+        * Modules/webauthn/AuthenticatorAttestationResponse.h:
+        * Modules/webauthn/AuthenticatorAttestationResponse.idl:
+        * Modules/webauthn/AuthenticatorResponse.cpp:
+        (WebCore::AuthenticatorResponse::tryCreate):
+        * Modules/webauthn/AuthenticatorResponse.h:
+        * Modules/webauthn/AuthenticatorResponseData.h:
+        (WebCore::AuthenticatorResponseData::encode const):
+        (WebCore::AuthenticatorResponseData::decode):
+        * Modules/webauthn/AuthenticatorTransport.h:
+        * Modules/webauthn/AuthenticatorTransport.idl:
+        * Modules/webauthn/WebAuthenticationConstants.h:
+        * Modules/webauthn/WebAuthenticationUtils.cpp:
+        (WebCore::convertArrayBufferToVector):
+        * Modules/webauthn/WebAuthenticationUtils.h:
+        * Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp:
+        (fido::AuthenticatorGetInfoResponse::setTransports):
+        (fido::toStringVector):
+        (fido::encodeAsCBOR):
+        * Modules/webauthn/fido/AuthenticatorGetInfoResponse.h:
+        * Modules/webauthn/fido/DeviceResponseConverter.cpp:
+        (fido::convertStringToAuthenticatorTransport):
+        (fido::readCTAPMakeCredentialResponse):
+        (fido::readCTAPGetInfoResponse):
+        * Modules/webauthn/fido/DeviceResponseConverter.h:
+        * Modules/webauthn/fido/U2fResponseConverter.cpp:
+        (fido::readU2fRegisterResponse):
+        * Modules/webauthn/fido/U2fResponseConverter.h:
+        (fido::readU2fRegisterResponse):
+
 2022-04-15  Brandon Stewart  <brandonstewart@apple.com>
 

trunk/Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.cpp

@@ -30 +30 @@
 
 #include "AuthenticatorResponseData.h"
+#include "CBORReader.h"
+#include "WebAuthenticationUtils.h"
 
 namespace WebCore {
 
-Ref<AuthenticatorAttestationResponse> AuthenticatorAttestationResponse::create(Ref<ArrayBuffer>&& rawId, Ref<ArrayBuffer>&& attestationObject, AuthenticatorAttachment attachment)
+Ref<AuthenticatorAttestationResponse> AuthenticatorAttestationResponse::create(Ref<ArrayBuffer>&& rawId, Ref<ArrayBuffer>&& attestationObject, AuthenticatorAttachment attachment, Vector<AuthenticatorTransport>&& transports)
 {
-    return adoptRef(*new AuthenticatorAttestationResponse(WTFMove(rawId), WTFMove(attestationObject), attachment));
+    return adoptRef(*new AuthenticatorAttestationResponse(WTFMove(rawId), WTFMove(attestationObject), attachment, WTFMove(transports)));
 }
 
-Ref<AuthenticatorAttestationResponse> AuthenticatorAttestationResponse::create(const Vector<uint8_t>& rawId, const Vector<uint8_t>& attestationObject, AuthenticatorAttachment attachment)
+Ref<AuthenticatorAttestationResponse> AuthenticatorAttestationResponse::create(const Vector<uint8_t>& rawId, const Vector<uint8_t>& attestationObject, AuthenticatorAttachment attachment, Vector<AuthenticatorTransport>&& transports)
 {
-    return create(ArrayBuffer::create(rawId.data(), rawId.size()), ArrayBuffer::create(attestationObject.data(), attestationObject.size()), attachment);
+    return create(ArrayBuffer::create(rawId.data(), rawId.size()), ArrayBuffer::create(attestationObject.data(), attestationObject.size()), attachment, WTFMove(transports));
 }
 
-AuthenticatorAttestationResponse::AuthenticatorAttestationResponse(Ref<ArrayBuffer>&& rawId, Ref<ArrayBuffer>&& attestationObject, AuthenticatorAttachment attachment)
+AuthenticatorAttestationResponse::AuthenticatorAttestationResponse(Ref<ArrayBuffer>&& rawId, Ref<ArrayBuffer>&& attestationObject, AuthenticatorAttachment attachment, Vector<AuthenticatorTransport>&& transports)
     : AuthenticatorResponse(WTFMove(rawId), attachment)
     , m_attestationObject(WTFMove(attestationObject))
+    , m_transports(WTFMove(transports))
 {
 }
@@ -54 +57 @@
     data.isAuthenticatorAttestationResponse = true;
     data.attestationObject = m_attestationObject.copyRef();
+    data.transports = m_transports;
     return data;
+}
+
+RefPtr<ArrayBuffer> AuthenticatorAttestationResponse::getAuthenticatorData() const
+{
+    auto decodedResponse = cbor::CBORReader::read(convertArrayBufferToVector(m_attestationObject.ptr()));
+    if (!decodedResponse || !decodedResponse->isMap()) {
+        ASSERT_NOT_REACHED();
+        return nullptr;
+    }
+    const auto& attObjMap = decodedResponse->getMap();
+    auto it = attObjMap.find(cbor::CBORValue("authData"));
+    if (it == attObjMap.end() || !it->second.isByteString()) {
+        ASSERT_NOT_REACHED();
+        return nullptr;
+    }
+    auto authData = it->second.getByteString();
+    return ArrayBuffer::tryCreate(authData.data(), authData.size());
 }
 

trunk/Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.h

@@ -29 +29 @@
 
 #include "AuthenticatorResponse.h"
+#include "AuthenticatorTransport.h"
 
 namespace WebCore {
@@ -34 +35 @@
 class AuthenticatorAttestationResponse : public AuthenticatorResponse {
 public:
-    static Ref<AuthenticatorAttestationResponse> create(Ref<ArrayBuffer>&& rawId, Ref<ArrayBuffer>&& attestationObject, AuthenticatorAttachment);
-    WEBCORE_EXPORT static Ref<AuthenticatorAttestationResponse> create(const Vector<uint8_t>& rawId, const Vector<uint8_t>& attestationObject, AuthenticatorAttachment);
+    static Ref<AuthenticatorAttestationResponse> create(Ref<ArrayBuffer>&& rawId, Ref<ArrayBuffer>&& attestationObject, AuthenticatorAttachment, Vector<AuthenticatorTransport>&&);
+    WEBCORE_EXPORT static Ref<AuthenticatorAttestationResponse> create(const Vector<uint8_t>& rawId, const Vector<uint8_t>& attestationObject, AuthenticatorAttachment, Vector<AuthenticatorTransport>&&);
 
     virtual ~AuthenticatorAttestationResponse() = default;
 
     ArrayBuffer* attestationObject() const { return m_attestationObject.ptr(); }
+    const Vector<AuthenticatorTransport>& getTransports() const { return m_transports; }
+    RefPtr<ArrayBuffer> getAuthenticatorData() const;
 
 private:
-    AuthenticatorAttestationResponse(Ref<ArrayBuffer>&&, Ref<ArrayBuffer>&&, AuthenticatorAttachment);
+    AuthenticatorAttestationResponse(Ref<ArrayBuffer>&&, Ref<ArrayBuffer>&&, AuthenticatorAttachment, Vector<AuthenticatorTransport>&&);
 
     Type type() const final { return Type::Attestation; }
@@ -48 +51 @@
 
     Ref<ArrayBuffer> m_attestationObject;
+    Vector<AuthenticatorTransport> m_transports;
 };
 

trunk/Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.idl

@@ -31 +31 @@
 ] interface AuthenticatorAttestationResponse : AuthenticatorResponse {
     [SameObject] readonly attribute ArrayBuffer attestationObject;
+    sequence<AuthenticatorTransport> getTransports();
+    ArrayBuffer getAuthenticatorData();
 };

trunk/Source/WebCore/Modules/webauthn/AuthenticatorResponse.cpp

@@ -44 +44 @@
             return nullptr;
 
-        return AuthenticatorAttestationResponse::create(data.rawId.releaseNonNull(), data.attestationObject.releaseNonNull(), attachment);
+        return AuthenticatorAttestationResponse::create(data.rawId.releaseNonNull(), data.attestationObject.releaseNonNull(), attachment, WTFMove(data.transports));
     }
 

trunk/Source/WebCore/Modules/webauthn/AuthenticatorResponse.h

@@ -36 +36 @@
 
 enum class AuthenticatorAttachment;
+enum class AuthenticatorTransport;
 
 struct AuthenticatorResponseData;

trunk/Source/WebCore/Modules/webauthn/AuthenticatorResponseData.h

@@ -28 +28 @@
 #if ENABLE(WEB_AUTHN)
 
+#include "AuthenticatorTransport.h"
 #include <JavaScriptCore/ArrayBuffer.h>
 #include <wtf/Forward.h>
@@ -51 +52 @@
     RefPtr<ArrayBuffer> signature;
     RefPtr<ArrayBuffer> userHandle;
+
+    Vector<WebCore::AuthenticatorTransport> transports;
 
     template<class Encoder> void encode(Encoder&) const;
@@ -95 +98 @@
     if (isAuthenticatorAttestationResponse && attestationObject) {
         encodeArrayBuffer(encoder, *attestationObject);
+        encoder << transports;
         return;
     }
@@ -140 +144 @@
         if (!result.attestationObject)
             return std::nullopt;
+
+        std::optional<Vector<AuthenticatorTransport>> transports;
+        decoder >> transports;
+        if (!transports)
+            return std::nullopt;
+        result.transports = WTFMove(*transports);
         return result;
     }

trunk/Source/WebCore/Modules/webauthn/AuthenticatorTransport.h

@@ -36 +36 @@
     Nfc,
     Ble,
-    Internal
+    Internal,
+    Cable
 };
 
@@ -49 +50 @@
         WebCore::AuthenticatorTransport::Nfc,
         WebCore::AuthenticatorTransport::Ble,
-        WebCore::AuthenticatorTransport::Internal
+        WebCore::AuthenticatorTransport::Internal,
+        WebCore::AuthenticatorTransport::Cable
     >;
 };

trunk/Source/WebCore/Modules/webauthn/AuthenticatorTransport.idl

@@ -30 +30 @@
     "nfc",
     "ble",
-    "internal"
+    "internal",
+    "cable"
 };

trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h

@@ -94 +94 @@
 constexpr const char applicationTagKey[] = "tag";
 
+constexpr auto authenticatorTransportUsb = "usb"_s;
+constexpr auto authenticatorTransportNfc = "nfc"_s;
+constexpr auto authenticatorTransportBle = "ble"_s;
+constexpr auto authenticatorTransportInternal = "internal"_s;
+constexpr auto authenticatorTransportCable = "cable"_s;
+
 } // namespace WebCore
 

trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp

@@ -29 +29 @@
 #if ENABLE(WEB_AUTHN)
 
+#include "CBORReader.h"
 #include "CBORWriter.h"
 #include "FidoConstants.h"
@@ -42 +43 @@
 {
     return { byteArray, length };
+}
+
+Vector<uint8_t> convertArrayBufferToVector(ArrayBuffer* buffer)
+{
+    return convertBytesToVector(static_cast<uint8_t*>(buffer->data()), buffer->byteLength());
 }
 

trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h

@@ -39 +39 @@
 WEBCORE_EXPORT Vector<uint8_t> convertBytesToVector(const uint8_t byteArray[], const size_t length);
 
+WEBCORE_EXPORT Vector<uint8_t> convertArrayBufferToVector(ArrayBuffer*);
+
 // Produce a SHA-256 hash of the given RP ID.
 WEBCORE_EXPORT Vector<uint8_t> produceRpIdHash(const String& rpId);

trunk/Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp

@@ -35 +35 @@
 #include "CBORValue.h"
 #include "CBORWriter.h"
+#include "WebAuthenticationConstants.h"
 
 namespace fido {
@@ -77 +78 @@
 }
 
+AuthenticatorGetInfoResponse& AuthenticatorGetInfoResponse::setTransports(Vector<WebCore::AuthenticatorTransport>&& transports)
+{
+    m_transports = WTFMove(transports);
+    return *this;
+}
+
+static String toString(WebCore::AuthenticatorTransport transport)
+{
+    switch (transport) {
+    case WebCore::AuthenticatorTransport::Usb:
+        return WebCore::authenticatorTransportUsb;
+        break;
+    case WebCore::AuthenticatorTransport::Nfc:
+        return WebCore::authenticatorTransportNfc;
+        break;
+    case WebCore::AuthenticatorTransport::Ble:
+        return WebCore::authenticatorTransportBle;
+        break;
+    case WebCore::AuthenticatorTransport::Internal:
+        return WebCore::authenticatorTransportInternal;
+        break;
+    case WebCore::AuthenticatorTransport::Cable:
+        return WebCore::authenticatorTransportCable;
+    default:
+        break;
+    }
+    ASSERT_NOT_REACHED();
+    return nullString();
+}
+
 Vector<uint8_t> encodeAsCBOR(const AuthenticatorGetInfoResponse& response)
 {
@@ -99 +130 @@
     if (response.pinProtocol())
         deviceInfoMap.emplace(CBORValue(6), toArrayValue(*response.pinProtocol()));
+    
+    if (response.transports()) {
+        auto transports = *response.transports();
+        deviceInfoMap.emplace(CBORValue(7), toArrayValue(transports.map(toString)));
+    }
 
     auto encodedBytes = CBORWriter::write(CBORValue(WTFMove(deviceInfoMap)));

trunk/Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.h

@@ -33 +33 @@
 
 #include "AuthenticatorSupportedOptions.h"
+#include "AuthenticatorTransport.h"
 #include "FidoConstants.h"
 #include <wtf/StdSet.h>
@@ -53 +54 @@
     AuthenticatorGetInfoResponse& setExtensions(Vector<String>&&);
     AuthenticatorGetInfoResponse& setOptions(AuthenticatorSupportedOptions&&);
+    AuthenticatorGetInfoResponse& setTransports(Vector<WebCore::AuthenticatorTransport>&&);
 
     const StdSet<ProtocolVersion>& versions() const { return m_versions; }
@@ -60 +62 @@
     const std::optional<Vector<String>>& extensions() const { return m_extensions; }
     const AuthenticatorSupportedOptions& options() const { return m_options; }
+    const std::optional<Vector<WebCore::AuthenticatorTransport>>& transports() const { return m_transports; }
 
 private:
@@ -68 +71 @@
     std::optional<Vector<String>> m_extensions;
     AuthenticatorSupportedOptions m_options;
+    std::optional<Vector<WebCore::AuthenticatorTransport>> m_transports;
 };
 

trunk/Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp

@@ -55 +55 @@
 }
 
+static std::optional<AuthenticatorTransport> convertStringToAuthenticatorTransport(const String& transport)
+{
+    if (transport == authenticatorTransportUsb)
+        return AuthenticatorTransport::Usb;
+    if (transport == authenticatorTransportNfc)
+        return AuthenticatorTransport::Nfc;
+    if (transport == authenticatorTransportBle)
+        return AuthenticatorTransport::Ble;
+    if (transport == authenticatorTransportInternal)
+        return AuthenticatorTransport::Internal;
+    if (transport == authenticatorTransportCable)
+        return AuthenticatorTransport::Cable;
+    return std::nullopt;
+}
+
 std::optional<cbor::CBORValue> decodeResponseMap(const Vector<uint8_t>& inBuffer)
 {
@@ -96 +111 @@
 // Decodes byte array response from authenticator to CBOR value object and
 // checks for correct encoding format.
-RefPtr<AuthenticatorAttestationResponse> readCTAPMakeCredentialResponse(const Vector<uint8_t>& inBuffer, WebCore::AuthenticatorAttachment attachment, const AttestationConveyancePreference& attestation)
+RefPtr<AuthenticatorAttestationResponse> readCTAPMakeCredentialResponse(const Vector<uint8_t>& inBuffer, WebCore::AuthenticatorAttachment attachment, Vector<AuthenticatorTransport>&& transports, const AttestationConveyancePreference& attestation)
 {
     auto decodedMap = decodeResponseMap(inBuffer);
@@ -136 +151 @@
     }
 
-    return AuthenticatorAttestationResponse::create(credentialId, *attestationObject, attachment);
+    return AuthenticatorAttestationResponse::create(credentialId, *attestationObject, attachment, WTFMove(transports));
 }
 
@@ -326 +341 @@
     }
 
+    it = responseMap.find(CBOR(9));
+    if (it != responseMap.end()) {
+        if (!it->second.isArray())
+            return std::nullopt;
+
+        Vector<AuthenticatorTransport> transports;
+        for (const auto& transportString : it->second.getArray()) {
+            if (!transportString.isString())
+                return std::nullopt;
+            auto transport = convertStringToAuthenticatorTransport(transportString.getString());
+            if (transport)
+                transports.append(*transport);
+        }
+        response.setTransports(WTFMove(transports));
+    }
+
     return WTFMove(response);
 }

trunk/Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.h

@@ -53 +53 @@
 // CBOR map keys that conform to format of attestation object defined by the
 // WebAuthN spec : https://w3c.github.io/webauthn/#fig-attStructs
-WEBCORE_EXPORT RefPtr<WebCore::AuthenticatorAttestationResponse> readCTAPMakeCredentialResponse(const Vector<uint8_t>&, WebCore::AuthenticatorAttachment, const WebCore::AttestationConveyancePreference& = WebCore::AttestationConveyancePreference::Direct);
+WEBCORE_EXPORT RefPtr<WebCore::AuthenticatorAttestationResponse> readCTAPMakeCredentialResponse(const Vector<uint8_t>&, WebCore::AuthenticatorAttachment, Vector<WebCore::AuthenticatorTransport>&&, const WebCore::AttestationConveyancePreference& = WebCore::AttestationConveyancePreference::Direct);
 
 // De-serializes CBOR encoded response to AuthenticatorGetAssertion /

trunk/Source/WebCore/Modules/webauthn/fido/U2fResponseConverter.cpp

@@ -138 +138 @@
 } // namespace
 
-RefPtr<AuthenticatorAttestationResponse> readU2fRegisterResponse(const String& rpId, const Vector<uint8_t>& u2fData, AuthenticatorAttachment attachment, const AttestationConveyancePreference& attestation)
+RefPtr<AuthenticatorAttestationResponse> readU2fRegisterResponse(const String& rpId, const Vector<uint8_t>& u2fData, AuthenticatorAttachment attachment, Vector<AuthenticatorTransport>&& transports, const AttestationConveyancePreference& attestation)
 {
     auto publicKey = extractECPublicKeyFromU2fRegistrationResponse(u2fData);
@@ -161 +161 @@
     auto attestationObject = buildAttestationObject(WTFMove(authData), "fido-u2f"_s, WTFMove(fidoAttestationStatement), attestation);
 
-    return AuthenticatorAttestationResponse::create(credentialId, attestationObject, attachment);
+    return AuthenticatorAttestationResponse::create(credentialId, attestationObject, attachment, WTFMove(transports));
 }
 

trunk/Source/WebCore/Modules/webauthn/fido/U2fResponseConverter.h

@@ -45 +45 @@
 // Converts a U2F register response to WebAuthN makeCredential response.
 // https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#u2f-authenticatorMakeCredential-interoperability
-WEBCORE_EXPORT RefPtr<WebCore::AuthenticatorAttestationResponse> readU2fRegisterResponse(const String& rpId, const Vector<uint8_t>& u2fData, WebCore::AuthenticatorAttachment, const WebCore::AttestationConveyancePreference& = WebCore::AttestationConveyancePreference::Direct);
+WEBCORE_EXPORT RefPtr<WebCore::AuthenticatorAttestationResponse> readU2fRegisterResponse(const String& rpId, const Vector<uint8_t>& u2fData, WebCore::AuthenticatorAttachment, Vector<WebCore::AuthenticatorTransport>&& transports = { }, const WebCore::AttestationConveyancePreference& = WebCore::AttestationConveyancePreference::Direct);
 
 // Converts a U2F authentication response to WebAuthN getAssertion response.

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2022-04-15  J Pascoe  <j_pascoe@apple.com>
+
+        [WebAuthn] Implement getTransports() and getAuthenticatorData() on AuthenticatorAttestationResponse
+        https://bugs.webkit.org/show_bug.cgi?id=238966
+        rdar://problem/91449906
+
+        This change implements the getTransports() and getAuthenticatorData() functions
+        on AuthenticatorAttestationResponse. For security keys, the supported transports of
+        the key are parsed from authenticatorGetInfo. For the local authenticator, the supported
+        transports are specified according to which features are available. getAuthenticatorData()
+        is a convenience method for RPs who want to avoid parsing CBOR.
+
+        Reviewed by Brent Fulgham.
+
+        * Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h:
+        * UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponse.h:
+        * UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponse.mm:
+        (-[_WKAuthenticatorAttestationResponse initWithClientDataJSON:rawId:extensions:attestationObject:attachment:transports:]):
+        (-[_WKAuthenticatorAttestationResponse initWithClientDataJSON:rawId:extensions:attestationObject:attachment:]): Deleted.
+        * UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponseInternal.h:
+        * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:
+        (wkExtensionsClientOutputs):
+        (wkAuthenticatorAttestationResponse):
+        (wkAuthenticatorAssertionResponse):
+        * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
+        (WebKit::LocalAuthenticatorInternal::transports):
+        (WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification):
+        (WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested):
+        * UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:
+        (WebKit::toASCDescriptor):
+        (WebKit::toAuthenticatorTransports):
+        (WebKit::continueAfterRequest):
+        * UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
+        (WebKit::CtapAuthenticator::continueMakeCredentialAfterResponseReceived):
+        (WebKit::CtapAuthenticator::transports):
+        * UIProcess/WebAuthentication/fido/CtapAuthenticator.h:
+        * UIProcess/WebAuthentication/fido/CtapDriver.h:
+        (WebKit::CtapDriver::transport const):
+        (WebKit::CtapDriver::protocol const):
+        (WebKit::CtapDriver::CtapDriver):
+        * UIProcess/WebAuthentication/fido/CtapHidDriver.cpp:
+        (WebKit::CtapHidDriver::CtapHidDriver):
+        * UIProcess/WebAuthentication/fido/CtapNfcDriver.cpp:
+        (WebKit::CtapNfcDriver::CtapNfcDriver):
+        * UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp:
+        (WebKit::U2fAuthenticator::continueRegisterCommandAfterResponseReceived):
+
 2022-04-14  Simon Fraser  <simon.fraser@apple.com>
 

trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h

@@ -291 +291 @@
 @property (nonatomic, copy, readonly) NSData *attestationObject;
 @property (nonatomic, copy, readonly) NSData *rawClientDataJSON;
+@property (nonatomic, copy) NSArray<NSNumber *> *transports;
 
 + (instancetype)new NS_UNAVAILABLE;
@@ -305 +306 @@
 @property (nonatomic, copy, readonly) NSString *relyingPartyIdentifier;
 @property (nonatomic, copy, readonly) NSData *attestationObject;
+@property (nonatomic, copy) NSArray<NSNumber *> *transports;
 
 @end

trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponse.h

@@ -34 +34 @@
 
 @property (nonatomic, readonly) NSData *attestationObject;
+@property (nonatomic, copy) NSArray<NSNumber *> *transports;
 
 @end

trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponse.mm

@@ -33 +33 @@
 @implementation _WKAuthenticatorAttestationResponse
 
-- (instancetype)initWithClientDataJSON:(NSData *)clientDataJSON rawId:(NSData *)rawId extensions:(RetainPtr<_WKAuthenticationExtensionsClientOutputs>&&)extensions attestationObject:(NSData *)attestationObject attachment:(_WKAuthenticatorAttachment)attachment
+- (instancetype)initWithClientDataJSON:(NSData *)clientDataJSON rawId:(NSData *)rawId extensions:(RetainPtr<_WKAuthenticationExtensionsClientOutputs>&&)extensions attestationObject:(NSData *)attestationObject attachment:(_WKAuthenticatorAttachment)attachment transports:(NSArray<NSNumber *> *)transports
 {
     if (!(self = [super initWithClientDataJSON:clientDataJSON rawId:rawId extensions:WTFMove(extensions) attachment:attachment]))
@@ -39 +39 @@
 
     _attestationObject = attestationObject;
+    _transports = transports;
     return self;
 }

trunk/Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticatorAttestationResponseInternal.h

@@ -35 +35 @@
 @interface _WKAuthenticatorAttestationResponse ()
 
-- (instancetype)initWithClientDataJSON:(NSData *)clientDataJSON rawId:(NSData *)rawId extensions:(RetainPtr<_WKAuthenticationExtensionsClientOutputs>&&)extensions attestationObject:(NSData *)attestationObject attachment:(_WKAuthenticatorAttachment)attachment;
+- (instancetype)initWithClientDataJSON:(NSData *)clientDataJSON rawId:(NSData *)rawId extensions:(RetainPtr<_WKAuthenticationExtensionsClientOutputs>&&)extensions attestationObject:(NSData *)attestationObject attachment:(_WKAuthenticatorAttachment)attachment transports:(NSArray<NSNumber *> *)transports;
 
 @end

trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm

@@ -849 +849 @@
 }
 
+static RetainPtr<_WKAuthenticationExtensionsClientOutputs> wkExtensionsClientOutputs(const WebCore::AuthenticatorResponseData& data)
+{
+    RetainPtr<_WKAuthenticationExtensionsClientOutputs> extensions;
+    if (data.appid)
+        extensions = adoptNS([[_WKAuthenticationExtensionsClientOutputs alloc] initWithAppid:data.appid.value()]);
+    return extensions;
+}
+
+static RetainPtr<NSArray<NSNumber *>> wkTransports(const Vector<WebCore::AuthenticatorTransport>& transports)
+{
+    auto wkTransports = adoptNS([NSMutableArray<NSNumber *> new]);
+    for (auto transport : transports)
+        [wkTransports addObject:[NSNumber numberWithInt:(int)transport]];
+    return wkTransports;
+}
+
+
 static RetainPtr<_WKAuthenticatorAttestationResponse> wkAuthenticatorAttestationResponse(const WebCore::AuthenticatorResponseData& data, NSData *clientDataJSON, WebCore::AuthenticatorAttachment attachment)
 {
-    return adoptNS([[_WKAuthenticatorAttestationResponse alloc] initWithClientDataJSON:clientDataJSON rawId:[NSData dataWithBytes:data.rawId->data() length:data.rawId->byteLength()] extensions:nil attestationObject:[NSData dataWithBytes:data.attestationObject->data() length:data.attestationObject->byteLength()] attachment: authenticatorAttachmentToWKAuthenticatorAttachment(attachment)]);
+    auto value = adoptNS([[_WKAuthenticatorAttestationResponse alloc] initWithClientDataJSON:clientDataJSON rawId:[NSData dataWithBytes:data.rawId->data() length:data.rawId->byteLength()] extensions:wkExtensionsClientOutputs(data) attestationObject:[NSData dataWithBytes:data.attestationObject->data() length:data.attestationObject->byteLength()] attachment: authenticatorAttachmentToWKAuthenticatorAttachment(attachment) transports:wkTransports(data.transports).autorelease()]);
+    
+    return value;
 }
 #endif
@@ -912 +931 @@
 static RetainPtr<_WKAuthenticatorAssertionResponse> wkAuthenticatorAssertionResponse(const WebCore::AuthenticatorResponseData& data, NSData *clientDataJSON, WebCore::AuthenticatorAttachment attachment)
 {
-    RetainPtr<_WKAuthenticationExtensionsClientOutputs> extensions;
-    if (data.appid)
-        extensions = adoptNS([[_WKAuthenticationExtensionsClientOutputs alloc] initWithAppid:data.appid.value()]);
-
     NSData *userHandle = nil;
     if (data.userHandle)
         userHandle = [NSData dataWithBytes:data.userHandle->data() length:data.userHandle->byteLength()];
 
-    return adoptNS([[_WKAuthenticatorAssertionResponse alloc] initWithClientDataJSON:clientDataJSON rawId:[NSData dataWithBytes:data.rawId->data() length:data.rawId->byteLength()] extensions:WTFMove(extensions) authenticatorData:[NSData dataWithBytes:data.authenticatorData->data() length:data.authenticatorData->byteLength()] signature:[NSData dataWithBytes:data.signature->data() length:data.signature->byteLength()] userHandle:userHandle attachment:authenticatorAttachmentToWKAuthenticatorAttachment(attachment)]);
+    return adoptNS([[_WKAuthenticatorAssertionResponse alloc] initWithClientDataJSON:clientDataJSON rawId:[NSData dataWithBytes:data.rawId->data() length:data.rawId->byteLength()] extensions:wkExtensionsClientOutputs(data) authenticatorData:[NSData dataWithBytes:data.authenticatorData->data() length:data.authenticatorData->byteLength()] signature:[NSData dataWithBytes:data.signature->data() length:data.signature->byteLength()] userHandle:userHandle attachment:authenticatorAttachmentToWKAuthenticatorAttachment(attachment)]);
 }
 #endif

trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm

@@ -29 +29 @@
 #if ENABLE(WEB_AUTHN)
 
+#import "AuthenticationServicesCoreSoftLink.h"
 #import <Security/SecItem.h>
 #import <WebCore/AuthenticatorAssertionResponse.h>
@@ -61 +62 @@
     return nullString();
 }
+static bool shouldUpdateQuery()
+{
+    return false;
+}
 #endif
 
@@ -180 +185 @@
     }
     return result;
+}
+
+static Vector<AuthenticatorTransport> transports()
+{
+    Vector<WebCore::AuthenticatorTransport> transports = { WebCore::AuthenticatorTransport::Internal };
+    if (shouldUpdateQuery())
+        transports.append(WebCore::AuthenticatorTransport::Cable);
+    return transports;
 }
 
@@ -427 +440 @@
         auto authData = buildAuthData(creationOptions.rp.id, flags, counter, buildAttestedCredentialData(Vector<uint8_t>(aaguidLength, 0), credentialId, cosePublicKey));
         auto attestationObject = buildAttestationObject(WTFMove(authData), String { emptyString() }, { }, AttestationConveyancePreference::None);
-        receiveRespond(AuthenticatorAttestationResponse::create(credentialId, attestationObject, AuthenticatorAttachment::Platform));
+        receiveRespond(AuthenticatorAttestationResponse::create(credentialId, attestationObject, AuthenticatorAttachment::Platform, transports()));
         return;
     }
@@ -454 +467 @@
         LOG_ERROR("Couldn't attest: %s", String(error.localizedDescription).utf8().data());
         auto attestationObject = buildAttestationObject(WTFMove(authData), String { emptyString() }, { }, AttestationConveyancePreference::None);
-        receiveRespond(AuthenticatorAttestationResponse::create(credentialId, attestationObject, AuthenticatorAttachment::Platform));
+        receiveRespond(AuthenticatorAttestationResponse::create(credentialId, attestationObject, AuthenticatorAttachment::Platform, transports()));
         return;
     }
@@ -473 +486 @@
 
     deleteDuplicateCredential();
-    receiveRespond(AuthenticatorAttestationResponse::create(credentialId, attestationObject, AuthenticatorAttachment::Platform));
+    receiveRespond(AuthenticatorAttestationResponse::create(credentialId, attestationObject, AuthenticatorAttachment::Platform, transports()));
 }
 

trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm

@@ -155 +155 @@
                 transportString = @"internal";
                 break;
+            case AuthenticatorTransport::Cable:
+                transportString = @"cable";
+                break;
             }
 
@@ -338 +341 @@
 }
 
+static Vector<WebCore::AuthenticatorTransport> toAuthenticatorTransports(NSArray<NSNumber *> *ascTransports)
+{
+    Vector<WebCore::AuthenticatorTransport> transports;
+    transports.reserveInitialCapacity(ascTransports.count);
+    for (NSNumber *ascTransport : ascTransports) {
+        if (WTF::isValidEnum<WebCore::AuthenticatorTransport>(ascTransport.intValue))
+            transports.uncheckedAppend(static_cast<WebCore::AuthenticatorTransport>(ascTransport.intValue));
+    }
+    return transports;
+}
+
 RetainPtr<ASCCredentialRequestContext> WebAuthenticatorCoordinatorProxy::contextForRequest(WebAuthenticationRequestData&& requestData)
 {
@@ -362 +376 @@
         response.rawId = toArrayBuffer(registrationCredential.credentialID);
         response.attestationObject = toArrayBuffer(registrationCredential.attestationObject);
+        if ([registrationCredential respondsToSelector:@selector(transports)])
+            response.transports = toAuthenticatorTransports(registrationCredential.transports);
     } else if ([credential isKindOfClass:getASCSecurityKeyPublicKeyCredentialRegistrationClass()]) {
         attachment = AuthenticatorAttachment::CrossPlatform;
@@ -369 +385 @@
         response.rawId = toArrayBuffer(registrationCredential.credentialID);
         response.attestationObject = toArrayBuffer(registrationCredential.attestationObject);
+        if ([registrationCredential respondsToSelector:@selector(transports)])
+            response.transports = toAuthenticatorTransports(registrationCredential.transports);
     } else if ([credential isKindOfClass:getASCPlatformPublicKeyCredentialAssertionClass()]) {
         attachment = AuthenticatorAttachment::Platform;

trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp

@@ -115 +115 @@
 void CtapAuthenticator::continueMakeCredentialAfterResponseReceived(Vector<uint8_t>&& data)
 {
-    auto response = readCTAPMakeCredentialResponse(data, AuthenticatorAttachment::CrossPlatform, std::get<PublicKeyCredentialCreationOptions>(requestData().options).attestation);
+    auto response = readCTAPMakeCredentialResponse(data, AuthenticatorAttachment::CrossPlatform, transports(), std::get<PublicKeyCredentialCreationOptions>(requestData().options).attestation);
     if (!response) {
         auto error = getResponseCode(data);
@@ -385 +385 @@
 }
 
+Vector<AuthenticatorTransport> CtapAuthenticator::transports() const
+{
+    
+    if (auto& infoTransports = m_info.transports())
+        return *infoTransports;
+    return Vector { driver().transport() };
+}
+
 } // namespace WebKit
 

trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h

@@ -71 +71 @@
     bool processGoogleLegacyAppIdSupportExtension();
 
+    Vector<WebCore::AuthenticatorTransport> transports() const;
+
     fido::AuthenticatorGetInfoResponse m_info;
     bool m_isDowngraded { false };

trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapDriver.h

@@ -28 +28 @@
 #if ENABLE(WEB_AUTHN)
 
+#include <WebCore/AuthenticatorTransport.h>
 #include <WebCore/FidoConstants.h>
 #include <wtf/Forward.h>
@@ -46 +47 @@
     void setProtocol(fido::ProtocolVersion protocol) { m_protocol = protocol; }
 
+    WebCore::AuthenticatorTransport transport() const { return m_transport; }
+    fido::ProtocolVersion protocol() const { return m_protocol; }
+
     virtual void transact(Vector<uint8_t>&& data, ResponseCallback&&) = 0;
     virtual void cancel() { };
 
 protected:
-    CtapDriver() = default;
-    fido::ProtocolVersion protocol() const { return m_protocol; }
+    CtapDriver(WebCore::AuthenticatorTransport transport)
+        : m_transport(transport) { }
 
 private:
     fido::ProtocolVersion m_protocol { fido::ProtocolVersion::kCtap };
+    WebCore::AuthenticatorTransport m_transport;
 };
 

trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidDriver.cpp

@@ -158 +158 @@
 
 CtapHidDriver::CtapHidDriver(UniqueRef<HidConnection>&& connection)
-    : m_worker(makeUniqueRef<Worker>(WTFMove(connection)))
+    : CtapDriver(WebCore::AuthenticatorTransport::Usb)
+    , m_worker(makeUniqueRef<Worker>(WTFMove(connection)))
     , m_nonce(kHidInitNonceLength)
 {

trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapNfcDriver.cpp

@@ -38 +38 @@
 
 CtapNfcDriver::CtapNfcDriver(Ref<NfcConnection>&& connection)
-    : m_connection(WTFMove(connection))
+    : CtapDriver(AuthenticatorTransport::Nfc)
+    , m_connection(WTFMove(connection))
 {
 }

trunk/Source/WebKit/UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp

@@ -158 +158 @@
         auto& options = std::get<PublicKeyCredentialCreationOptions>(requestData().options);
         auto appId = processGoogleLegacyAppIdSupportExtension(options.extensions);
-        auto response = readU2fRegisterResponse(!appId ? options.rp.id : appId, apduResponse.data(), AuthenticatorAttachment::CrossPlatform, options.attestation);
+        auto response = readU2fRegisterResponse(!appId ? options.rp.id : appId, apduResponse.data(), AuthenticatorAttachment::CrossPlatform, { driver().transport() }, options.attestation);
         if (!response) {
             receiveRespond(ExceptionData { UnknownError, "Couldn't parse the U2F register response."_s });

trunk/Tools/ChangeLog

@@ +1 @@
+2022-04-15  J Pascoe  <j_pascoe@apple.com>
+
+        [WebAuthn] Implement getTransports() and getAuthenticatorData() on AuthenticatorAttestationResponse 
+        https://bugs.webkit.org/show_bug.cgi?id=238966
+        rdar://problem/91449906
+
+        Reviewed by Brent Fulgham.
+
+        Add tests for parsing transports from getInfo.
+
+        * TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp:
+        (TestWebKitAPI::TEST):
+        * TestWebKitAPI/Tests/WebCore/FidoTestData.h:
+
 2022-04-14  Wenson Hsieh  <wenson_hsieh@apple.com>
 

trunk/Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp

@@ -35 +35 @@
 #include <JavaScriptCore/ArrayBuffer.h>
 #include <WebCore/AuthenticatorAttachment.h>
+#include <WebCore/AuthenticatorTransport.h>
 #include <WebCore/BufferSource.h>
 #include <WebCore/CBORReader.h>
@@ -354 +355 @@
 TEST(CTAPResponseTest, TestReadMakeCredentialResponse)
 {
-    auto makeCredentialResponse = readCTAPMakeCredentialResponse(convertBytesToVector(TestData::kTestMakeCredentialResponse, sizeof(TestData::kTestMakeCredentialResponse)), AuthenticatorAttachment::CrossPlatform);
+    auto makeCredentialResponse = readCTAPMakeCredentialResponse(convertBytesToVector(TestData::kTestMakeCredentialResponse, sizeof(TestData::kTestMakeCredentialResponse)), AuthenticatorAttachment::CrossPlatform, { });
     ASSERT_TRUE(makeCredentialResponse);
-    auto cborAttestationObject = cbor::CBORReader::read(convertBytesToVector(reinterpret_cast<uint8_t*>(makeCredentialResponse->attestationObject()->data()), makeCredentialResponse->attestationObject()->byteLength()));
+    auto cborAttestationObject = cbor::CBORReader::read(convertArrayBufferToVector(makeCredentialResponse->attestationObject()));
     ASSERT_TRUE(cborAttestationObject);
     ASSERT_TRUE(cborAttestationObject->isMap());
@@ -611 +612 @@
 }
 
+TEST(CTAPResponseTest, TestReadGetInfoResponseDeviceYubikey5c)
+{
+    auto getInfoResponse = readCTAPGetInfoResponse(convertBytesToVector(TestData::kTestGetInfoResponseDeviceYubikey5c, sizeof(TestData::kTestGetInfoResponseDeviceYubikey5c)));
+    ASSERT_TRUE(getInfoResponse);
+    ASSERT_TRUE(getInfoResponse->maxMsgSize());
+    EXPECT_EQ(*getInfoResponse->maxMsgSize(), 1200u);
+    EXPECT_NE(getInfoResponse->versions().find(ProtocolVersion::kCtap), getInfoResponse->versions().end());
+    EXPECT_NE(getInfoResponse->versions().find(ProtocolVersion::kU2f), getInfoResponse->versions().end());
+    EXPECT_FALSE(getInfoResponse->options().isPlatformDevice());
+    EXPECT_EQ(AuthenticatorSupportedOptions::ResidentKeyAvailability::kSupported, getInfoResponse->options().residentKeyAvailability());
+    EXPECT_TRUE(getInfoResponse->options().userPresenceRequired());
+    EXPECT_EQ(AuthenticatorSupportedOptions::UserVerificationAvailability::kNotSupported, getInfoResponse->options().userVerificationAvailability());
+    EXPECT_EQ(AuthenticatorSupportedOptions::ClientPinAvailability::kSupportedAndPinSet, getInfoResponse->options().clientPinAvailability());
+    EXPECT_TRUE(getInfoResponse->transports());
+    EXPECT_EQ(getInfoResponse->transports()->size(), 1u);
+    EXPECT_EQ(AuthenticatorTransport::Usb, getInfoResponse->transports()->first());
+}
+
 TEST(CTAPResponseTest, TestReadGetInfoResponseWithIncorrectFormat)
 {

trunk/Tools/TestWebKitAPI/Tests/WebCore/FidoTestData.h

@@ -1447 +1447 @@
 };
 
+constexpr uint8_t kTestGetInfoResponseDeviceYubikey5c[] = {
+    // Success
+    0x00,
+    0xAA, 0x01, 0x83, 0x66, 0x55, 0x32, 0x46, 0x5F, 0x56, 0x32, 0x68, 0x46,
+    0x49, 0x44, 0x4F, 0x5F, 0x32, 0x5F, 0x30, 0x6C, 0x46, 0x49, 0x44, 0x4F,
+    0x5F, 0x32, 0x5F, 0x31, 0x5F, 0x50, 0x52, 0x45, 0x02, 0x82, 0x6B, 0x63,
+    0x72, 0x65, 0x64, 0x50, 0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, 0x6B, 0x68,
+    0x6D, 0x61, 0x63, 0x2D, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x03, 0x50,
+    0xEE, 0x88, 0x28, 0x79, 0x72, 0x1C, 0x49, 0x13, 0x97, 0x75, 0x3D, 0xFC,
+    0xCE, 0x97, 0x07, 0x2A, 0x04, 0xA5, 0x62, 0x72, 0x6B, 0xF5, 0x62, 0x75,
+    0x70, 0xF5, 0x64, 0x70, 0x6C, 0x61, 0x74, 0xF4, 0x69, 0x63, 0x6C, 0x69,
+    0x65, 0x6E, 0x74, 0x50, 0x69, 0x6E, 0xF5, 0x75, 0x63, 0x72, 0x65, 0x64,
+    0x65, 0x6E, 0x74, 0x69, 0x61, 0x6C, 0x4D, 0x67, 0x6D, 0x74, 0x50, 0x72,
+    0x65, 0x76, 0x69, 0x65, 0x77, 0xF5, 0x05, 0x19, 0x04, 0xB0, 0x06, 0x81,
+    0x01,
+    // key(07) - maxCredentialCountInList
+    0x07,
+    // value - unsigned(8)
+    0x08,
+    // key(08) - maxCredentialIdLength
+    0x08,
+    // value - unsigned(128)
+    0x18, 0x80,
+    // key(09) - transports
+    0x09,
+    // array(1)
+    0x81,
+    // text(3) - "usb"
+    0x63, 0x75, 0x73, 0x62,
+    0x0A, 0x82, 0xA2, 0x63, 0x61, 0x6C, 0x67, 0x26, 0x64, 0x74, 0x79, 0x70,
+    0x65, 0x6A, 0x70, 0x75, 0x62, 0x6C, 0x69, 0x63, 0x2D, 0x6B, 0x65, 0x79,
+    0xA2, 0x63, 0x61, 0x6C, 0x67, 0x27, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6A,
+    0x70, 0x75, 0x62, 0x6C, 0x69, 0x63, 0x2D, 0x6B, 0x65, 0x79,
+};
+
 } // namespace TestData