// Copyright 2018 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/351564777): Remove this and convert code to safer constructs. #pragma allow_unsafe_buffers #endif #include "device/fido/virtual_fido_device.h" #include <tuple> #include <utility> #include <vector> #include "base/logging.h" #include "base/rand_util.h" #include "base/ranges/algorithm.h" #include "base/strings/string_number_conversions.h" #include "components/cbor/values.h" #include "components/cbor/writer.h" #include "crypto/ec_private_key.h" #include "crypto/ec_signature_creator.h" #include "crypto/openssl_util.h" #include "device/fido/fido_parsing_utils.h" #include "device/fido/large_blob.h" #include "device/fido/p256_public_key.h" #include "device/fido/public_key.h" #include "net/cert/x509_util.h" #include "third_party/boringssl/src/include/openssl/bn.h" #include "third_party/boringssl/src/include/openssl/bytestring.h" #include "third_party/boringssl/src/include/openssl/ec.h" #include "third_party/boringssl/src/include/openssl/ec_key.h" #include "third_party/boringssl/src/include/openssl/evp.h" #include "third_party/boringssl/src/include/openssl/mem.h" #include "third_party/boringssl/src/include/openssl/rsa.h" namespace device { namespace { // The example attestation private key from the U2F spec at // https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#registration-example // // PKCS.8 encoded without encryption. constexpr uint8_t kAttestationKey[]{ … }; // The default large-blob array. This is an empty CBOR array (0x80) followed by // LEFT(SHA-256(h'80'), 16). constexpr std::array<uint8_t, 17> kDefaultLargeBlobArray = …; // CBBFunctionToVector converts a BoringSSL function that writes to a CBB to one // that returns a std::vector. Invoke for a function, f, with: // CBBFunctionToVector<decltype(&f), f>(args, to, f); template <typename F, F function, typename... Args> std::vector<uint8_t> CBBFunctionToVector(Args&&... args) { … } // EVPBackedPrivateKey is an abstract class that implements some of the // |PrivateKey| interface using BoringSSL's EVP layer. class EVPBackedPrivateKey : public VirtualFidoDevice::PrivateKey { … }; class P256PrivateKey : public EVPBackedPrivateKey { … }; class RSAPrivateKey : public EVPBackedPrivateKey { … }; class Ed25519PrivateKey : public EVPBackedPrivateKey { … }; class InvalidForTestingPrivateKey : public VirtualFidoDevice::PrivateKey { … }; } // namespace // VirtualFidoDevice::PrivateKey ---------------------------------------------- VirtualFidoDevice::PrivateKey::~PrivateKey() = default; std::vector<uint8_t> VirtualFidoDevice::PrivateKey::GetX962PublicKey() const { … } // static std::optional<std::unique_ptr<VirtualFidoDevice::PrivateKey>> VirtualFidoDevice::PrivateKey::FromPKCS8( base::span<const uint8_t> pkcs8_private_key) { … } // static std::unique_ptr<VirtualFidoDevice::PrivateKey> VirtualFidoDevice::PrivateKey::FreshP256Key() { … } // static std::unique_ptr<VirtualFidoDevice::PrivateKey> VirtualFidoDevice::PrivateKey::FreshRSAKey() { … } // static std::unique_ptr<VirtualFidoDevice::PrivateKey> VirtualFidoDevice::PrivateKey::FreshEd25519Key() { … } // static std::unique_ptr<VirtualFidoDevice::PrivateKey> VirtualFidoDevice::PrivateKey::FreshInvalidForTestingKey() { … } // VirtualFidoDevice::RegistrationData ---------------------------------------- VirtualFidoDevice::RegistrationData::RegistrationData() = default; VirtualFidoDevice::RegistrationData::RegistrationData(const std::string& rp_id) : … { … } VirtualFidoDevice::RegistrationData::RegistrationData( std::unique_ptr<PrivateKey> private_key, base::span<const uint8_t, kRpIdHashLength> application_parameter, uint32_t counter) : … { … } VirtualFidoDevice::RegistrationData::RegistrationData(RegistrationData&& data) = default; VirtualFidoDevice::RegistrationData::~RegistrationData() = default; VirtualFidoDevice::RegistrationData& VirtualFidoDevice::RegistrationData::operator=(RegistrationData&& other) = default; // VirtualFidoDevice::State --------------------------------------------------- VirtualFidoDevice::State::State() : … { … } VirtualFidoDevice::State::~State() = default; void VirtualFidoDevice::State::AddObserver(Observer* observer) { … } void VirtualFidoDevice::State::RemoveObserver(Observer* observer) { … } void VirtualFidoDevice::State::NotifyCredentialCreated( const Credential& credential) { … } void VirtualFidoDevice::State::NotifyAssertion(const Credential& credential) { … } bool VirtualFidoDevice::State::InjectRegistration( base::span<const uint8_t> credential_id, RegistrationData registration) { … } bool VirtualFidoDevice::State::InjectRegistration( base::span<const uint8_t> credential_id, const std::string& relying_party_id) { … } bool VirtualFidoDevice::State::InjectResidentKey( base::span<const uint8_t> credential_id, device::PublicKeyCredentialRpEntity rp, device::PublicKeyCredentialUserEntity user, int32_t signature_counter, std::unique_ptr<PrivateKey> private_key) { … } bool VirtualFidoDevice::State::InjectResidentKey( base::span<const uint8_t> credential_id, device::PublicKeyCredentialRpEntity rp, device::PublicKeyCredentialUserEntity user) { … } bool VirtualFidoDevice::State::InjectResidentKey( base::span<const uint8_t> credential_id, const std::string& relying_party_id, base::span<const uint8_t> user_id, std::optional<std::string> user_name, std::optional<std::string> user_display_name) { … } std::optional<LargeBlob> VirtualFidoDevice::State::GetLargeBlob( const RegistrationData& credential) { … } void VirtualFidoDevice::State::InjectLargeBlob(RegistrationData* credential, LargeBlob blob) { … } void VirtualFidoDevice::State::InjectOpaqueLargeBlob(cbor::Value blob) { … } void VirtualFidoDevice::State::ClearLargeBlobs() { … } // VirtualFidoDevice ---------------------------------------------------------- VirtualFidoDevice::VirtualFidoDevice() = default; VirtualFidoDevice::VirtualFidoDevice(scoped_refptr<State> state) : … { … } VirtualFidoDevice::~VirtualFidoDevice() = default; std::string VirtualFidoDevice::GetId() const { … } // static std::vector<uint8_t> VirtualFidoDevice::GetAttestationKey() { … } bool VirtualFidoDevice::Sign(crypto::ECPrivateKey* private_key, base::span<const uint8_t> sign_buffer, std::vector<uint8_t>* signature) { … } std::optional<std::vector<uint8_t>> VirtualFidoDevice::GenerateAttestationCertificate( bool individual_attestation_requested, bool include_transports) const { … } void VirtualFidoDevice::StoreNewKey( base::span<const uint8_t> key_handle, VirtualFidoDevice::RegistrationData registration_data) { … } VirtualFidoDevice::RegistrationData* VirtualFidoDevice::FindRegistrationData( base::span<const uint8_t> key_handle, base::span<const uint8_t, kRpIdHashLength> application_parameter) { … } bool VirtualFidoDevice::SimulatePress() { … } void VirtualFidoDevice::TryWink(base::OnceClosure cb) { … } FidoTransportProtocol VirtualFidoDevice::DeviceTransport() const { … } // static std::string VirtualFidoDevice::MakeVirtualFidoDeviceId() { … } } // namespace device
Codebase Browser
chromium