1 // Copyright 2017 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef DEVICE_FIDO_CTAP_MAKE_CREDENTIAL_REQUEST_H_ 6 #define DEVICE_FIDO_CTAP_MAKE_CREDENTIAL_REQUEST_H_ 7 8 #include <stdint.h> 9 10 #include <array> 11 #include <string> 12 #include <vector> 13 14 #include "base/component_export.h" 15 #include "base/containers/span.h" 16 #include "base/macros.h" 17 #include "base/optional.h" 18 #include "device/fido/client_data.h" 19 #include "device/fido/fido_constants.h" 20 #include "device/fido/public_key_credential_descriptor.h" 21 #include "device/fido/public_key_credential_params.h" 22 #include "device/fido/public_key_credential_rp_entity.h" 23 #include "device/fido/public_key_credential_user_entity.h" 24 25 namespace cbor { 26 class Value; 27 } 28 29 namespace device { 30 31 // Object containing request parameters for AuthenticatorMakeCredential command 32 // as specified in 33 // https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html COMPONENT_EXPORT(DEVICE_FIDO)34struct COMPONENT_EXPORT(DEVICE_FIDO) CtapMakeCredentialRequest { 35 public: 36 using ClientDataHash = std::array<uint8_t, kClientDataHashLength>; 37 38 // Decodes a CTAP2 authenticatorMakeCredential request message. The request's 39 // |client_data_json| will be empty and |client_data_hash| will be set. 40 static base::Optional<CtapMakeCredentialRequest> Parse( 41 const cbor::Value::MapValue& request_map); 42 43 CtapMakeCredentialRequest( 44 std::string client_data_json, 45 PublicKeyCredentialRpEntity rp, 46 PublicKeyCredentialUserEntity user, 47 PublicKeyCredentialParams public_key_credential_params); 48 CtapMakeCredentialRequest(const CtapMakeCredentialRequest& that); 49 CtapMakeCredentialRequest(CtapMakeCredentialRequest&& that); 50 CtapMakeCredentialRequest& operator=(const CtapMakeCredentialRequest& that); 51 CtapMakeCredentialRequest& operator=(CtapMakeCredentialRequest&& that); 52 ~CtapMakeCredentialRequest(); 53 54 std::string client_data_json; 55 ClientDataHash client_data_hash; 56 PublicKeyCredentialRpEntity rp; 57 PublicKeyCredentialUserEntity user; 58 PublicKeyCredentialParams public_key_credential_params; 59 UserVerificationRequirement user_verification = 60 UserVerificationRequirement::kDiscouraged; 61 AuthenticatorAttachment authenticator_attachment = 62 AuthenticatorAttachment::kAny; 63 bool resident_key_required = false; 64 // hmac_secret_ indicates whether the "hmac-secret" extension should be 65 // asserted to CTAP2 authenticators. 66 bool hmac_secret = false; 67 68 // If true, instruct the request handler only to dispatch this request via 69 // U2F. 70 bool is_u2f_only = false; 71 bool is_incognito_mode = false; 72 73 std::vector<PublicKeyCredentialDescriptor> exclude_list; 74 base::Optional<std::vector<uint8_t>> pin_auth; 75 base::Optional<uint8_t> pin_protocol; 76 AttestationConveyancePreference attestation_preference = 77 AttestationConveyancePreference::kNone; 78 // U2F AppID for excluding credentials. 79 base::Optional<std::string> app_id; 80 81 // cred_protect indicates the level of protection afforded to a credential. 82 // This depends on a CTAP2 extension that not all authenticators will support. 83 // The second element is true if the indicated protection level must be 84 // provided by the target authenticator for the MakeCredential request to be 85 // sent. 86 base::Optional<std::pair<CredProtect, bool>> cred_protect; 87 88 base::Optional<AndroidClientDataExtensionInput> android_client_data_ext; 89 }; 90 91 // Serializes MakeCredential request parameter into CBOR encoded map with 92 // integer keys and CBOR encoded values as defined by the CTAP spec. 93 // https://drafts.fidoalliance.org/fido-2/latest/fido-client-to-authenticator-protocol-v2.0-wd-20180305.html#authenticatorMakeCredential 94 COMPONENT_EXPORT(DEVICE_FIDO) 95 std::pair<CtapRequestCommand, base::Optional<cbor::Value>> 96 AsCTAPRequestValuePair(const CtapMakeCredentialRequest& request); 97 98 } // namespace device 99 100 #endif // DEVICE_FIDO_CTAP_MAKE_CREDENTIAL_REQUEST_H_ 101