[WIP] More progress

Author: AlfioEmanueleFresta

libwebauthn/examples/prf_test.rs

@@ -7,14 +7,13 @@ use std::time::Duration;
 use libwebauthn::transport::hid::channel::HidChannel;
 use libwebauthn::UvUpdate;
 use rand::{thread_rng, Rng};
-use serde_bytes::ByteBuf;
 use text_io::read;
 use tokio::sync::broadcast::Receiver;
 use tracing_subscriber::{self, EnvFilter};
 
 use libwebauthn::ops::webauthn::{
-    GetAssertionHmacOrPrfInput, GetAssertionRequest, GetAssertionRequestExtensions, PRFValue,
-    UserVerificationRequirement,
+    Base64UrlString, GetAssertionHmacOrPrfInput, GetAssertionRequest,
+    GetAssertionRequestExtensions, PRFValue, UserVerificationRequirement,
 };
 use libwebauthn::pin::PinRequestReason;
 use libwebauthn::proto::ctap2::{Ctap2PublicKeyCredentialDescriptor, Ctap2PublicKeyCredentialType};
@@ -115,7 +114,7 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
 
         let credential = Ctap2PublicKeyCredentialDescriptor {
             r#type: Ctap2PublicKeyCredentialType::PublicKey,
-            id: ByteBuf::from(credential_id.as_slice()),
+            id: Base64UrlString::from(credential_id.as_slice()),
             transports: None,
         };
 

libwebauthn/examples/webauthn_extensions_hid.rs

@@ -11,8 +11,7 @@ use tracing_subscriber::{self, EnvFilter};
 
 use libwebauthn::ops::webauthn::{
     CredentialProtectionExtension, CredentialProtectionPolicy, GetAssertionHmacOrPrfInput,
-    GetAssertionRequest, GetAssertionRequestExtensions, HMACGetSecretInput,
-    MakeCredentialHmacOrPrfInput, MakeCredentialLargeBlobExtension, MakeCredentialRequest,
+    GetAssertionRequest, GetAssertionRequestExtensions, HMACGetSecretInput, MakeCredentialRequest,
     MakeCredentialsRequestExtensions, ResidentKeyRequirement, UserVerificationRequirement,
 };
 use libwebauthn::pin::PinRequestReason;
@@ -88,10 +87,11 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
             policy: CredentialProtectionPolicy::UserVerificationRequired,
             enforce_policy: true,
         }),
-        cred_blob: Some(r"My own little blob".into()),
-        large_blob: MakeCredentialLargeBlobExtension::None,
+        cred_blob: Some("My own little blob".as_bytes().into()),
+        large_blob: None,
         min_pin_length: Some(true),
-        hmac_or_prf: MakeCredentialHmacOrPrfInput::HmacGetSecret,
+        hmac_create_secret: Some(true),
+        prf: None,
         cred_props: Some(true),
     };
 

libwebauthn/examples/webauthn_preflight_hid.rs

@@ -6,14 +6,13 @@ use std::time::Duration;
 use libwebauthn::transport::hid::channel::HidChannel;
 use libwebauthn::UvUpdate;
 use rand::{thread_rng, Rng};
-use serde_bytes::ByteBuf;
 use text_io::read;
 use tokio::sync::broadcast::Receiver;
 use tracing_subscriber::{self, EnvFilter};
 
 use libwebauthn::ops::webauthn::{
-    GetAssertionRequest, GetAssertionResponse, MakeCredentialRequest, ResidentKeyRequirement,
-    UserVerificationRequirement,
+    Base64UrlString, GetAssertionRequest, GetAssertionResponse, MakeCredentialRequest,
+    ResidentKeyRequirement, UserVerificationRequirement,
 };
 use libwebauthn::pin::PinRequestReason;
 use libwebauthn::proto::ctap2::{
@@ -226,7 +225,7 @@ async fn get_assertion_call(
 fn create_credential(id: &[u8]) -> Ctap2PublicKeyCredentialDescriptor {
     Ctap2PublicKeyCredentialDescriptor {
         r#type: Ctap2PublicKeyCredentialType::PublicKey,
-        id: ByteBuf::from(id),
+        id: Base64UrlString::from(id),
         transports: None,
     }
 }

libwebauthn/examples/webauthn_prf_hid.rs

@@ -13,8 +13,8 @@ use tracing_subscriber::{self, EnvFilter};
 
 use libwebauthn::ops::webauthn::{
     GetAssertionHmacOrPrfInput, GetAssertionRequest, GetAssertionRequestExtensions,
-    MakeCredentialHmacOrPrfInput, MakeCredentialRequest, MakeCredentialsRequestExtensions,
-    PRFValue, ResidentKeyRequirement, UserVerificationRequirement,
+    MakeCredentialPrfInput, MakeCredentialRequest, MakeCredentialsRequestExtensions, PRFValue,
+    ResidentKeyRequirement, UserVerificationRequirement,
 };
 use libwebauthn::pin::PinRequestReason;
 use libwebauthn::proto::ctap2::{
@@ -85,7 +85,7 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
     let challenge: [u8; 32] = thread_rng().gen();
 
     let extensions = MakeCredentialsRequestExtensions {
-        hmac_or_prf: MakeCredentialHmacOrPrfInput::Prf,
+        prf: Some(MakeCredentialPrfInput { _eval: None }),
         ..Default::default()
     };
 

libwebauthn/src/fido.rs

@@ -4,15 +4,14 @@ use serde::{
     de::{DeserializeOwned, Error as DesError, Visitor},
     Deserialize, Deserializer, Serialize,
 };
-use serde_bytes::ByteBuf;
 use std::{
     fmt,
     io::{Cursor, Read},
     marker::PhantomData,
 };
 use tracing::{error, warn};
 
-use crate::proto::ctap2::cbor;
+use crate::{ops::webauthn::idl::Base64UrlString, proto::ctap2::cbor};
 use crate::{
     proto::{
         ctap2::{Ctap2PublicKeyCredentialDescriptor, Ctap2PublicKeyCredentialType},
@@ -69,7 +68,7 @@ impl From<&AttestedCredentialData> for Ctap2PublicKeyCredentialDescriptor {
     fn from(data: &AttestedCredentialData) -> Self {
         Self {
             r#type: Ctap2PublicKeyCredentialType::PublicKey,
-            id: ByteBuf::from(data.credential_id.clone()),
+            id: Base64UrlString::from(data.credential_id.clone()),
             transports: None,
         }
     }

libwebauthn/src/ops/u2f.rs

@@ -8,6 +8,7 @@ use x509_parser::nom::AsBytes;
 
 use super::webauthn::MakeCredentialRequest;
 use crate::fido::{AttestedCredentialData, AuthenticatorData, AuthenticatorDataFlags};
+use crate::ops::webauthn::idl::Base64UrlString;
 use crate::ops::webauthn::{
     GetAssertionRequest, GetAssertionResponse, MakeCredentialResponse, UserVerificationRequirement,
 };
@@ -183,7 +184,7 @@ impl UpgradableResponse<GetAssertionResponse, SignRequest> for SignResponse {
         let response = Ctap2GetAssertionResponse {
             credential_id: Some(Ctap2PublicKeyCredentialDescriptor {
                 r#type: Ctap2PublicKeyCredentialType::PublicKey,
-                id: ByteBuf::from(request.key_handle.clone()),
+                id: Base64UrlString::from(request.key_handle.clone()),
                 transports: None,
             }),
             authenticator_data,

libwebauthn/src/ops/webauthn/create.rs

@@ -1,6 +1,8 @@
 use super::idl::Base64UrlString;
 use crate::{
-    ops::webauthn::{ResidentKeyRequirement, UserVerificationRequirement},
+    ops::webauthn::{
+        MakeCredentialsRequestExtensions, ResidentKeyRequirement, UserVerificationRequirement,
+    },
     proto::ctap2::{
         Ctap2CredentialType, Ctap2PublicKeyCredentialDescriptor, Ctap2PublicKeyCredentialRpEntity,
         Ctap2PublicKeyCredentialUserEntity,
@@ -63,5 +65,5 @@ pub struct PublicKeyCredentialCreationOptionsJSON {
     pub attestation: String,
     #[serde(rename = "attestationFormats")]
     pub attestation_formats: Vec<String>,
-    pub extensions: JsonObject,
+    pub extensions: MakeCredentialsRequestExtensions,
 }

libwebauthn/src/ops/webauthn/get_assertion.rs

@@ -1,5 +1,3 @@
-use super::idl::WebAuthnIDL;
-
 use std::{collections::HashMap, time::Duration};
 
 use serde::{Deserialize, Serialize};
@@ -8,11 +6,6 @@ use tracing::{debug, error, trace};
 
 use crate::{
     fido::AuthenticatorData,
-    ops::webauthn::{
-        create::PublicKeyCredentialCreationOptionsJSON,
-        idl::{FromInnerModel, JsonError},
-        rpid::RelyingPartyId,
-    },
     pin::PinUvAuthProtocol,
     proto::ctap2::{
         Ctap2AttestationStatement, Ctap2GetAssertionResponseExtensions,

libwebauthn/src/ops/webauthn/idl.rs

@@ -1,3 +1,5 @@
+use std::ops::Deref;
+
 use base64_url;
 use serde::{de::DeserializeOwned, Deserialize, Serialize};
 use serde_json;
@@ -33,9 +35,29 @@ where
 }
 
 // TODO(afresta): Move to ctap2 module.
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, PartialEq)]
 pub struct Base64UrlString(pub Vec<u8>);
 
+impl From<Vec<u8>> for Base64UrlString {
+    fn from(bytes: Vec<u8>) -> Self {
+        Base64UrlString(bytes)
+    }
+}
+
+impl From<&[u8]> for Base64UrlString {
+    fn from(bytes: &[u8]) -> Self {
+        Base64UrlString(bytes.to_vec())
+    }
+}
+
+impl Deref for Base64UrlString {
+    type Target = [u8];
+
+    fn deref(&self) -> &[u8] {
+        &self.0
+    }
+}
+
 impl<'de> Deserialize<'de> for Base64UrlString {
     fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
     where