Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
66 commits
Select commit Hold shift + click to select a range
f9b4e30
[PM-5731] feat: implement get assertion params object
coroiu Jan 17, 2024
32c2f2a
[PM-5731] feat: add first test
coroiu Jan 17, 2024
cc89b6a
[PM-5731] feat: add rp mismatch test
coroiu Jan 18, 2024
66a01e3
[PM-5731] feat: ask for credentials when found
coroiu Jan 19, 2024
a08466d
[PM-5731] feat: find discoverable credentials
coroiu Jan 19, 2024
dbe4110
[PM-5731] feat: add tests for successful UV requests
coroiu Jan 19, 2024
378551e
[PM-5731] feat: add user does not consent test
coroiu Jan 19, 2024
0dc281e
[PM-5731] feat: check for UV when reprompt is active
coroiu Jan 19, 2024
ad80def
[PM-5731] fix: tests a bit, needed some additional "arrange" steps
coroiu Jan 19, 2024
d0e0f0e
[PM-5731] feat: add support for counter
coroiu Jan 22, 2024
e8f6c37
[PM-5731] feat: implement assertion without signature
coroiu Jan 22, 2024
b23d58c
[PM-5732] feat: finish authenticator assertion implementation
coroiu Jan 23, 2024
f0841eb
[PM-5731] chore: minor clean up
coroiu Jan 23, 2024
ce550fe
[PM-5731] feat: scaffold make credential
coroiu Jan 23, 2024
19639b6
[PM-5731] feat: start implementing attestation
coroiu Jan 24, 2024
f0dde7e
[PM-5731] feat: implement credential exclusion
coroiu Jan 24, 2024
44b2443
[PM-5731] feat: add new credential confirmaiton
coroiu Jan 25, 2024
32c43af
[PM-5731] feat: implement credential creation
coroiu Jan 25, 2024
c90ed74
[PM-5731] feat: add user verification checks
coroiu Jan 26, 2024
8be604f
[PM-5731] feat: add unknown error handling
coroiu Jan 26, 2024
e1908d8
[PM-5731] chore: clean up unusued params
coroiu Jan 26, 2024
c877280
[PM-5731] feat: partial attestation implementation
coroiu Jan 26, 2024
da7326b
[PM-5731] feat: implement key generation
coroiu Jan 29, 2024
7ca9e61
[PM-5731] feat: return public key in DER format
coroiu Jan 29, 2024
5d5d113
[PM-5731] feat: implement signing
coroiu Jan 29, 2024
d0bb7f0
[PM-5731] feat: remove logging
coroiu Jan 30, 2024
aa71ebc
[PM-5731] chore: use primary constructor
coroiu Jan 30, 2024
f3c64a8
[PM-5731] chore: add Async to method names
coroiu Jan 30, 2024
6bb724f
[PM-5731] feat: add support for silent discoverability
coroiu Jan 30, 2024
ca250c5
[PM-5731] feat: add support for specifying user presence requirement
coroiu Jan 30, 2024
4988dbe
[PM-5731] feat: ensure unlocked vault
coroiu Jan 30, 2024
a6c4bc9
[PM-5731] chore: clean up and refactor assertion tests
coroiu Feb 1, 2024
b787a6c
[PM-5731] chore: clean up and refactor attestation tests
coroiu Feb 1, 2024
dc5e904
Merge branch 'feature/maui-migration-passkeys' into PM-5731-create-c-…
fedemkr Feb 5, 2024
00cff18
[PM-5731] chore: add user presence todo comment
coroiu Feb 6, 2024
70db27b
[PM-5731] feat: scaffold fido2 client
coroiu Feb 6, 2024
563210a
Merge branch 'PM-5731-create-c-web-authn-authenticator-to-support-mau…
fedemkr Feb 7, 2024
eae84de
Merge branch 'feature/maui-migration-passkeys' into PM-5731-create-c-…
fedemkr Feb 7, 2024
7469dad
PM-5731 Fix build updating discoverable flag
fedemkr Feb 7, 2024
3223ceb
[PM-5731] fix: failing test
coroiu Feb 7, 2024
ad8faec
[PM-5731] feat: add sameOriginWithAncestor and user id length checks
coroiu Feb 7, 2024
0f5df0f
[PM-5731] feat: add incomplete rpId verification
coroiu Feb 7, 2024
2075f81
[PM-5731] chore: document uri helpers
coroiu Feb 8, 2024
b8c5ef5
[PM-5731] feat: implement fido2 client createCredential
coroiu Feb 8, 2024
e9d1792
Merge branch 'feature/maui-migration-passkeys' into PM-5731-create-c-…
fedemkr Feb 8, 2024
3c848a3
[PM-5731] feat: implement credential assertion in client
coroiu Feb 12, 2024
62e0626
Merge branch 'feature/maui-migration-passkeys' into PM-5731-create-c-…
mpbw2 Feb 15, 2024
faee076
fix wrong signature format
coroiu Feb 16, 2024
e544e17
[PM-5731] fix: issues after cherry-pick
coroiu Feb 20, 2024
193a79b
Fix incompatible GUID conversions
coroiu Feb 19, 2024
2813460
[PM-5731] chore: remove default constructor
coroiu Feb 20, 2024
b47d182
[PM-5731] feat: refactor user interface to increase flexibility
coroiu Feb 20, 2024
637ed1e
[PM-5731] feat: implement generic assertion user interface class
coroiu Feb 20, 2024
29e37fe
[PM-5731] feat: remove ability to make user presence optional
coroiu Feb 20, 2024
b9b460c
[PM-5731] chore: remove logging comments
coroiu Feb 20, 2024
159d79f
[PM-5731] feat: add native reprompt support to the authenticator
coroiu Feb 20, 2024
09d0381
[PM-5731] feat: allow pre and post UV
coroiu Feb 20, 2024
3f08bc9
[PM-5731] chore: add `Async` to method name. Remove `I` from struct
coroiu Feb 21, 2024
1212998
[PM-5731] fix: discoverable string repr lowercase
coroiu Feb 21, 2024
47b6e86
[PM-5731] chore: don't use C# 12 features
coroiu Feb 21, 2024
ed58efc
[PM-5731] fix: replace magic strings and numbers with contants and enums
coroiu Feb 21, 2024
b713020
[PM-5731] fix: use UTC creation date
coroiu Feb 21, 2024
527aa4a
[PM-5731] fix: formatting
coroiu Feb 21, 2024
3610611
[PM-5731] chore: use properties for public fields
coroiu Feb 21, 2024
1a2faa4
[PM-5731] chore: remove TODO
coroiu Feb 21, 2024
9235643
[PM-5731] fix: IsValidRpId
coroiu Feb 21, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/Core/Abstractions/ICryptoFunctionService.cs
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
using System;
using System.Threading.Tasks;
using Bit.Core.Enums;
using Bit.Core.Models.Domain;

namespace Bit.Core.Abstractions
{
Expand Down
12 changes: 12 additions & 0 deletions src/Core/Abstractions/IFido2AuthenticatorService.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
using Bit.Core.Utilities.Fido2;

namespace Bit.Core.Abstractions
{
public interface IFido2AuthenticatorService
{
Task<Fido2AuthenticatorMakeCredentialResult> MakeCredentialAsync(Fido2AuthenticatorMakeCredentialParams makeCredentialParams, IFido2MakeCredentialUserInterface userInterface);
Task<Fido2AuthenticatorGetAssertionResult> GetAssertionAsync(Fido2AuthenticatorGetAssertionParams assertionParams, IFido2GetAssertionUserInterface userInterface);
// TODO: Should this return a List? Or maybe IEnumerable?
Task<Fido2AuthenticatorDiscoverableCredentialMetadata[]> SilentCredentialDiscoveryAsync(string rpId);
}
}
35 changes: 35 additions & 0 deletions src/Core/Abstractions/IFido2ClientService.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
using Bit.Core.Utilities.Fido2;

namespace Bit.Core.Abstractions
{
/// <summary>
/// This class represents an abstraction of the WebAuthn Client as described by W3C:
/// https://www.w3.org/TR/webauthn-3/#webauthn-client
///
/// The WebAuthn Client is an intermediary entity typically implemented in the user agent
/// (in whole, or in part). Conceptually, it underlies the Web Authentication API and embodies
/// the implementation of the Web Authentication API's operations.
///
/// It is responsible for both marshalling the inputs for the underlying authenticator operations,
/// and for returning the results of the latter operations to the Web Authentication API's callers.
/// </summary>
public interface IFido2ClientService
{
/// <summary>
/// Allows WebAuthn Relying Party scripts to request the creation of a new public key credential source.
/// For more information please see: https://www.w3.org/TR/webauthn-3/#sctn-createCredential
/// </summary>
/// <param name="createCredentialParams">The parameters for the credential creation operation</param>
/// <returns>The new credential</returns>
Task<Fido2ClientCreateCredentialResult> CreateCredentialAsync(Fido2ClientCreateCredentialParams createCredentialParams);

/// <summary>
/// Allows WebAuthn Relying Party scripts to discover and use an existing public key credential, with the user’s consent.
/// Relying Party script can optionally specify some criteria to indicate what credential sources are acceptable to it.
/// For more information please see: https://www.w3.org/TR/webauthn-3/#sctn-getAssertion
/// </summary>
/// <param name="assertCredentialParams">The parameters for the credential assertion operation</param>
/// <returns>The asserted credential</returns>
Task<Fido2ClientAssertCredentialResult> AssertCredentialAsync(Fido2ClientAssertCredentialParams assertCredentialParams);
}
}
18 changes: 18 additions & 0 deletions src/Core/Abstractions/IFido2GetAssertionUserInterface.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
namespace Bit.Core.Abstractions
{
public struct Fido2GetAssertionUserInterfaceCredential
{
public string CipherId { get; set; }
public bool RequireUserVerification { get; set; }
}

public interface IFido2GetAssertionUserInterface : IFido2UserInterface
{
/// <summary>
/// Ask the user to pick a credential from a list of existing credentials.
/// </summary>
/// <param name="credentials">The credentials that the user can pick from, and if the user must be verified before completing the operation</param>
/// <returns>The ID of the cipher that contains the credentials the user picked, and if the user was verified before completing the operation</returns>
Task<(string CipherId, bool UserVerified)> PickCredentialAsync(Fido2GetAssertionUserInterfaceCredential[] credentials);
}
}
37 changes: 37 additions & 0 deletions src/Core/Abstractions/IFido2MakeCredentialUserInterface.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
namespace Bit.Core.Abstractions
{
public struct Fido2ConfirmNewCredentialParams
{
///<summary>
/// The name of the credential.
///</summary>
public string CredentialName { get; set; }

///<summary>
/// The name of the user.
///</summary>
public string UserName { get; set; }

/// <summary>
/// Whether or not the user must be verified before completing the operation.
/// </summary>
public bool UserVerification { get; set; }
}

public interface IFido2MakeCredentialUserInterface : IFido2UserInterface
{
/// <summary>
/// Inform the user that the operation was cancelled because their vault contains excluded credentials.
/// </summary>
/// <param name="existingCipherIds">The IDs of the excluded credentials.</param>
/// <returns>When user has confirmed the message</returns>
Task InformExcludedCredentialAsync(string[] existingCipherIds);

/// <summary>
/// Ask the user to confirm the creation of a new credential.
/// </summary>
/// <param name="confirmNewCredentialParams">The parameters to use when asking the user to confirm the creation of a new credential.</param>
/// <returns>The ID of the cipher where the new credential should be saved, and if the user was verified before completing the operation</returns>
Task<(string CipherId, bool UserVerified)> ConfirmNewCredentialAsync(Fido2ConfirmNewCredentialParams confirmNewCredentialParams);
}
}
12 changes: 12 additions & 0 deletions src/Core/Abstractions/IFido2UserInterface.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
namespace Bit.Core.Abstractions
{
public interface IFido2UserInterface
{
/// <summary>
/// Make sure that the vault is unlocked.
/// This should open a window and ask the user to login or unlock the vault if necessary.
/// </summary>
/// <returns>When vault has been unlocked.</returns>
Task EnsureUnlockedVaultAsync();
}
}
1 change: 1 addition & 0 deletions src/Core/Core.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
<PackageReference Include="CsvHelper" Version="30.0.1" />
<PackageReference Include="LiteDB" Version="5.0.17" />
<PackageReference Include="PCLCrypto" Version="2.1.40-alpha" />
<PackageReference Include="System.Formats.Cbor" Version="8.0.0" />
<PackageReference Include="zxcvbn-core" Version="7.0.92" />
<PackageReference Include="MessagePack.MSBuild.Tasks" Version="2.5.124">
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
Expand Down
22 changes: 21 additions & 1 deletion src/Core/Models/View/Fido2CredentialView.cs
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
using Bit.Core.Enums;
using Bit.Core.Models.Domain;
using Bit.Core.Utilities;

namespace Bit.Core.Models.View
{
Expand Down Expand Up @@ -27,9 +28,28 @@ public Fido2CredentialView(Fido2Credential fido2Credential)
public string Counter { get; set; }
public DateTime CreationDate { get; set; }

public int CounterValue {
get => int.TryParse(Counter, out var counter) ? counter : 0;
set => Counter = value.ToString();
}

public byte[] UserHandleValue {
get => UserHandle == null ? null : CoreHelpers.Base64UrlDecode(UserHandle);
set => UserHandle = value == null ? null : CoreHelpers.Base64UrlEncode(value);
}

public byte[] KeyBytes {
get => KeyValue == null ? null : CoreHelpers.Base64UrlDecode(KeyValue);
set => KeyValue = value == null ? null : CoreHelpers.Base64UrlEncode(value);
}

public bool DiscoverableValue {
get => bool.TryParse(Discoverable, out var discoverable) && discoverable;
set => Discoverable = value.ToString().ToLower();
}

public override string SubTitle => UserName;
public override List<KeyValuePair<string, LinkedIdType>> LinkedFieldOptions => new List<KeyValuePair<string, LinkedIdType>>();
public bool IsDiscoverable => !string.IsNullOrWhiteSpace(Discoverable);
public bool CanLaunch => !string.IsNullOrEmpty(RpId);
public string LaunchUri => $"https://{RpId}";

Expand Down
Loading