Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2025-02-08 00:01:28 +01:00
Code Issues Projects Releases Wiki Activity

[EC-598] feat: fix google issues

Browse Source 
Google does not like self-signed packed format. I've removed the attestation statement all-together untill further notice. We're don't really have any statements so
This commit is contained in:
Andreas Coroiu 2023-01-10 10:17:46 +01:00
parent 7bd7cbfd9a
commit 64f60aa870
No known key found for this signature in database
GPG Key ID: E70B5FFC81DFEC1A
3 changed files with 46 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
apps/browser/src/browser/webauthn-utils.ts
View File

@ -6,6 +6,32 @@ import {
CredentialRegistrationResult, CredentialRegistrationResult,
} from "@bitwarden/common/abstractions/fido2/fido2.service.abstraction"; } from "@bitwarden/common/abstractions/fido2/fido2.service.abstraction";
class BitAuthenticatorAttestationResponse implements AuthenticatorAttestationResponse {
clientDataJSON: ArrayBuffer;
attestationObject: ArrayBuffer;
constructor(private result: CredentialRegistrationResult) {
this.clientDataJSON = Fido2Utils.stringToBuffer(result.clientDataJSON);
this.attestationObject = Fido2Utils.stringToBuffer(result.attestationObject);
}
getAuthenticatorData(): ArrayBuffer {
return Fido2Utils.stringToBuffer(this.result.authData);
}
getPublicKey(): ArrayBuffer {
return null;
}
getPublicKeyAlgorithm(): number {
return this.result.publicKeyAlgorithm;
}
getTransports(): string[] {
return this.result.transports;
}
}
export class WebauthnUtils { export class WebauthnUtils {
static mapCredentialCreationOptions( static mapCredentialCreationOptions(
options: CredentialCreationOptions, options: CredentialCreationOptions,
@ -57,12 +83,10 @@ export class WebauthnUtils {
id: result.credentialId, id: result.credentialId,
rawId: Fido2Utils.stringToBuffer(result.credentialId), rawId: Fido2Utils.stringToBuffer(result.credentialId),
type: "public-key", type: "public-key",
response: { authenticatorAttachment: "cross-platform",
clientDataJSON: Fido2Utils.stringToBuffer(result.clientDataJSON), response: new BitAuthenticatorAttestationResponse(result),
attestationObject: Fido2Utils.stringToBuffer(result.attestationObject),
} as AuthenticatorAttestationResponse,
getClientExtensionResults: () => ({}), getClientExtensionResults: () => ({}),
}; } as any;
} }
static mapCredentialRequestOptions( static mapCredentialRequestOptions(

3
libs/common/src/abstractions/fido2/fido2.service.abstraction.ts
View File

@ -37,6 +37,9 @@ export interface CredentialRegistrationResult {
credentialId: string; credentialId: string;
clientDataJSON: string; clientDataJSON: string;
attestationObject: string; attestationObject: string;
authData: string;
publicKeyAlgorithm: number;
transports: string[];
} }
export interface CredentialAssertParams { export interface CredentialAssertParams {

21
libs/common/src/services/fido2/fido2.service.ts
View File

@ -21,7 +21,9 @@ import { Fido2KeyView } from "../../models/view/fido2-key.view";
import { CredentialId } from "./credential-id"; import { CredentialId } from "./credential-id";
import { joseToDer } from "./ecdsa-utils"; import { joseToDer } from "./ecdsa-utils";
const STANDARD_ATTESTATION_FORMAT = "packed"; // We support self-signing, but Google won't accept it.
// TODO: Look into supporting self-signed packed format.
const STANDARD_ATTESTATION_FORMAT: "none" | "packed" = "none";
interface BitCredential { interface BitCredential {
credentialId: CredentialId; credentialId: CredentialId;
@ -59,6 +61,7 @@ export class Fido2Service implements Fido2ServiceAbstraction {
type: "webauthn.create", type: "webauthn.create",
challenge: params.challenge, challenge: params.challenge,
origin: params.origin, origin: params.origin,
crossOrigin: false,
}) })
); );
const keyPair = await crypto.subtle.generateKey( const keyPair = await crypto.subtle.generateKey(
@ -87,7 +90,6 @@ export class Fido2Service implements Fido2ServiceAbstraction {
userPresence: presence, userPresence: presence,
userVerification: true, // TODO: Change to false userVerification: true, // TODO: Change to false
keyPair, keyPair,
attestationFormat: STANDARD_ATTESTATION_FORMAT,
}); });
const asn1Der_signature = await generateSignature({ const asn1Der_signature = await generateSignature({
@ -99,10 +101,13 @@ export class Fido2Service implements Fido2ServiceAbstraction {
const attestationObject = new Uint8Array( const attestationObject = new Uint8Array(
CBOR.encode({ CBOR.encode({
fmt: attestationFormat, fmt: attestationFormat,
attStmt: { attStmt:
alg: -7, attestationFormat === "packed"
sig: asn1Der_signature, ? {
}, alg: -7,
sig: asn1Der_signature,
}
: {},
authData, authData,
}) })
); );
@ -111,6 +116,9 @@ export class Fido2Service implements Fido2ServiceAbstraction {
credentialId: Fido2Utils.bufferToString(credentialId.raw), credentialId: Fido2Utils.bufferToString(credentialId.raw),
clientDataJSON: Fido2Utils.bufferToString(clientData), clientDataJSON: Fido2Utils.bufferToString(clientData),
attestationObject: Fido2Utils.bufferToString(attestationObject), attestationObject: Fido2Utils.bufferToString(attestationObject),
authData: Fido2Utils.bufferToString(authData),
publicKeyAlgorithm: -7,
transports: ["nfc", "usb"],
}; };
} }
@ -240,7 +248,6 @@ interface AuthDataParams {
userPresence: boolean; userPresence: boolean;
userVerification: boolean; userVerification: boolean;
keyPair?: CryptoKeyPair; keyPair?: CryptoKeyPair;
attestationFormat?: "packed" | "fido-u2f";
} }
async function mapCipherViewToBitCredential(cipherView: CipherView): Promise<BitCredential> { async function mapCipherViewToBitCredential(cipherView: CipherView): Promise<BitCredential> {