chromium/device/fido/make_credential_task.cc

// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "device/fido/make_credential_task.h"

#include <utility>

#include "base/containers/contains.h"
#include "base/functional/bind.h"
#include "base/ranges/algorithm.h"
#include "device/base/features.h"
#include "device/fido/ctap2_device_operation.h"
#include "device/fido/ctap_make_credential_request.h"
#include "device/fido/pin.h"
#include "device/fido/u2f_command_constructor.h"
#include "device/fido/u2f_register_operation.h"

namespace device {

namespace {

// CTAP 2.0 specifies[1] that once a PIN has been set on an authenticator, the
// PIN is required in order to make a credential. In some cases we don't want to
// prompt for a PIN and so use U2F to make the credential instead.
//
// [1]
// https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorMakeCredential,
// step 6
bool CtapDeviceShouldUseU2fBecauseClientPinIsSet(
    const FidoDevice* device,
    const CtapMakeCredentialRequest& request) { … }

// ConvertCTAPResponse returns the AuthenticatorMakeCredentialResponse for a
// given CTAP response message in |cbor|. It wraps
// ReadCTAPMakeCredentialResponse() and in addition fills in |is_resident_key|,
// which requires looking at the request and device.
std::optional<AuthenticatorMakeCredentialResponse> ConvertCTAPResponse(
    FidoDevice* device,
    bool resident_key_required,
    const std::optional<cbor::Value>& cbor) { … }

}  // namespace

MakeCredentialTask::MakeCredentialTask(FidoDevice* device,
                                       CtapMakeCredentialRequest request,
                                       MakeCredentialOptions options,
                                       MakeCredentialTaskCallback callback)
    : … { … }

MakeCredentialTask::~MakeCredentialTask() = default;

// static
CtapMakeCredentialRequest MakeCredentialTask::GetTouchRequest(
    const FidoDevice* device) { … }

// static
bool MakeCredentialTask::WillUseCTAP2(const FidoDevice* device,
                                      const CtapMakeCredentialRequest& request,
                                      const MakeCredentialOptions& options) { … }

void MakeCredentialTask::Cancel() { … }

void MakeCredentialTask::StartTask() { … }

CtapGetAssertionRequest MakeCredentialTask::NextSilentRequest() { … }

void MakeCredentialTask::MakeCredential() { … }

void MakeCredentialTask::HandleResponseToSilentSignRequest(
    CtapDeviceResponseCode response_code,
    std::optional<AuthenticatorGetAssertionResponse> response_data) { … }

void MakeCredentialTask::HandleResponseToDummyTouch(
    CtapDeviceResponseCode response_code,
    std::optional<AuthenticatorMakeCredentialResponse> response_data) { … }

void MakeCredentialTask::U2fRegister() { … }

void MakeCredentialTask::MaybeRevertU2fFallback(
    CtapDeviceResponseCode status,
    std::optional<AuthenticatorMakeCredentialResponse> response) { … }

std::vector<std::vector<PublicKeyCredentialDescriptor>>
FilterAndBatchCredentialDescriptors(
    const std::vector<PublicKeyCredentialDescriptor>& in,
    const FidoDevice& device) { … }

}  // namespace device