[EC-598] feat: fix google issues

Google does not like self-signed packed format. I've removed the attestation statement all-together untill further notice. We're don't really have any statements so
2025-01-31 22:51:28 +01:00 · 2023-01-10 10:17:46 +01:00 · 2023-01-10 10:17:46 +01:00 · 64f60aa870
commit 64f60aa870
parent 7bd7cbfd9a
3 changed files with 46 additions and 12 deletions
--- a/apps/browser/src/browser/webauthn-utils.ts
+++ b/apps/browser/src/browser/webauthn-utils.ts
@ -6,6 +6,32 @@ import {
  CredentialRegistrationResult,
 } from "@bitwarden/common/abstractions/fido2/fido2.service.abstraction";

+class BitAuthenticatorAttestationResponse implements AuthenticatorAttestationResponse {
+  clientDataJSON: ArrayBuffer;
+  attestationObject: ArrayBuffer;
+
+  constructor(private result: CredentialRegistrationResult) {
+    this.clientDataJSON = Fido2Utils.stringToBuffer(result.clientDataJSON);
+    this.attestationObject = Fido2Utils.stringToBuffer(result.attestationObject);
+  }
+
+  getAuthenticatorData(): ArrayBuffer {
+    return Fido2Utils.stringToBuffer(this.result.authData);
+  }
+
+  getPublicKey(): ArrayBuffer {
+    return null;
+  }
+
+  getPublicKeyAlgorithm(): number {
+    return this.result.publicKeyAlgorithm;
+  }
+
+  getTransports(): string[] {
+    return this.result.transports;
+  }
+}
+
 export class WebauthnUtils {
  static mapCredentialCreationOptions(
    options: CredentialCreationOptions,
@ -57,12 +83,10 @@ export class WebauthnUtils {
      id: result.credentialId,
      rawId: Fido2Utils.stringToBuffer(result.credentialId),
      type: "public-key",
-      response: {
-        clientDataJSON: Fido2Utils.stringToBuffer(result.clientDataJSON),
-        attestationObject: Fido2Utils.stringToBuffer(result.attestationObject),
-      } as AuthenticatorAttestationResponse,
+      authenticatorAttachment: "cross-platform",
+      response: new BitAuthenticatorAttestationResponse(result),
      getClientExtensionResults: () => ({}),
-    };
+    } as any;
  }

  static mapCredentialRequestOptions(
--- a/libs/common/src/abstractions/fido2/fido2.service.abstraction.ts
+++ b/libs/common/src/abstractions/fido2/fido2.service.abstraction.ts
@ -37,6 +37,9 @@ export interface CredentialRegistrationResult {
  credentialId: string;
  clientDataJSON: string;
  attestationObject: string;
+  authData: string;
+  publicKeyAlgorithm: number;
+  transports: string[];
 }

 export interface CredentialAssertParams {
--- a/libs/common/src/services/fido2/fido2.service.ts
+++ b/libs/common/src/services/fido2/fido2.service.ts
@ -21,7 +21,9 @@ import { Fido2KeyView } from "../../models/view/fido2-key.view";
 import { CredentialId } from "./credential-id";
 import { joseToDer } from "./ecdsa-utils";

-const STANDARD_ATTESTATION_FORMAT = "packed";
+// We support self-signing, but Google won't accept it.
+// TODO: Look into supporting self-signed packed format.
+const STANDARD_ATTESTATION_FORMAT: "none" | "packed" = "none";

 interface BitCredential {
  credentialId: CredentialId;
@ -59,6 +61,7 @@ export class Fido2Service implements Fido2ServiceAbstraction {
        type: "webauthn.create",
        challenge: params.challenge,
        origin: params.origin,
+        crossOrigin: false,
      })
    );
    const keyPair = await crypto.subtle.generateKey(
@ -87,7 +90,6 @@ export class Fido2Service implements Fido2ServiceAbstraction {
      userPresence: presence,
      userVerification: true, // TODO: Change to false
      keyPair,
-      attestationFormat: STANDARD_ATTESTATION_FORMAT,
    });

    const asn1Der_signature = await generateSignature({
@ -99,10 +101,13 @@ export class Fido2Service implements Fido2ServiceAbstraction {
    const attestationObject = new Uint8Array(
      CBOR.encode({
        fmt: attestationFormat,
-        attStmt: {
-          alg: -7,
-          sig: asn1Der_signature,
-        },
+        attStmt:
+          attestationFormat === "packed"
+            ? {
+                alg: -7,
+                sig: asn1Der_signature,
+              }
+            : {},
        authData,
      })
    );
@ -111,6 +116,9 @@ export class Fido2Service implements Fido2ServiceAbstraction {
      credentialId: Fido2Utils.bufferToString(credentialId.raw),
      clientDataJSON: Fido2Utils.bufferToString(clientData),
      attestationObject: Fido2Utils.bufferToString(attestationObject),
+      authData: Fido2Utils.bufferToString(authData),
+      publicKeyAlgorithm: -7,
+      transports: ["nfc", "usb"],
    };
  }

@ -240,7 +248,6 @@ interface AuthDataParams {
  userPresence: boolean;
  userVerification: boolean;
  keyPair?: CryptoKeyPair;
-  attestationFormat?: "packed" | "fido-u2f";
 }

 async function mapCipherViewToBitCredential(cipherView: CipherView): Promise<BitCredential> {