1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef DEVICE_FIDO_CTAP_GET_ASSERTION_REQUEST_H_
6 #define DEVICE_FIDO_CTAP_GET_ASSERTION_REQUEST_H_
7 
8 #include <stdint.h>
9 
10 #include <array>
11 #include <string>
12 #include <vector>
13 
14 #include "base/component_export.h"
15 #include "base/containers/span.h"
16 #include "base/macros.h"
17 #include "base/optional.h"
18 #include "crypto/sha2.h"
19 #include "device/fido/cable/cable_discovery_data.h"
20 #include "device/fido/client_data.h"
21 #include "device/fido/fido_constants.h"
22 #include "device/fido/public_key_credential_descriptor.h"
23 
24 namespace cbor {
25 class Value;
26 }
27 
28 namespace device {
29 
30 // Object that encapsulates request parameters for AuthenticatorGetAssertion as
31 // specified in the CTAP spec.
32 // https://fidoalliance.org/specs/fido-v2.0-rd-20161004/fido-client-to-authenticator-protocol-v2.0-rd-20161004.html#authenticatorgetassertion
COMPONENT_EXPORT(DEVICE_FIDO)33 struct COMPONENT_EXPORT(DEVICE_FIDO) CtapGetAssertionRequest {
34  public:
35   using ClientDataHash = std::array<uint8_t, kClientDataHashLength>;
36 
37   // Decodes a CTAP2 authenticatorGetAssertion request message. The request's
38   // |client_data_json| will be empty and |client_data_hash| will be set.
39   //
40   // A |uv| bit of 0 is mapped to UserVerificationRequirement::kDiscouraged.
41   static base::Optional<CtapGetAssertionRequest> Parse(
42       const cbor::Value::MapValue& request_map);
43 
44   CtapGetAssertionRequest(std::string rp_id, std::string client_data_json);
45   CtapGetAssertionRequest(const CtapGetAssertionRequest& that);
46   CtapGetAssertionRequest(CtapGetAssertionRequest&& that);
47   CtapGetAssertionRequest& operator=(const CtapGetAssertionRequest& other);
48   CtapGetAssertionRequest& operator=(CtapGetAssertionRequest&& other);
49   ~CtapGetAssertionRequest();
50 
51   std::string rp_id;
52   std::string client_data_json;
53   std::array<uint8_t, kClientDataHashLength> client_data_hash;
54   UserVerificationRequirement user_verification =
55       UserVerificationRequirement::kDiscouraged;
56   bool user_presence_required = true;
57 
58   std::vector<PublicKeyCredentialDescriptor> allow_list;
59   base::Optional<std::vector<uint8_t>> pin_auth;
60   base::Optional<uint8_t> pin_protocol;
61   base::Optional<std::vector<CableDiscoveryData>> cable_extension;
62   base::Optional<std::string> app_id;
63   base::Optional<std::array<uint8_t, crypto::kSHA256Length>>
64       alternative_application_parameter;
65 
66   bool is_incognito_mode = false;
67   bool is_u2f_only = false;
68 
69   base::Optional<AndroidClientDataExtensionInput> android_client_data_ext;
70 };
71 
72 struct CtapGetNextAssertionRequest {};
73 
74 // Serializes GetAssertion request parameter into CBOR encoded map with
75 // integer keys and CBOR encoded values as defined by the CTAP spec.
76 // https://drafts.fidoalliance.org/fido-2/latest/fido-client-to-authenticator-protocol-v2.0-wd-20180305.html#authenticatorGetAssertion
77 COMPONENT_EXPORT(DEVICE_FIDO)
78 std::pair<CtapRequestCommand, base::Optional<cbor::Value>>
79 AsCTAPRequestValuePair(const CtapGetAssertionRequest&);
80 
81 COMPONENT_EXPORT(DEVICE_FIDO)
82 std::pair<CtapRequestCommand, base::Optional<cbor::Value>>
83 AsCTAPRequestValuePair(const CtapGetNextAssertionRequest&);
84 
85 }  // namespace device
86 
87 #endif  // DEVICE_FIDO_CTAP_GET_ASSERTION_REQUEST_H_
88