device/u2f/u2f_responses.h - Issue 2655853006: Define FIDO U2f Device abstraction

Side by Side Diff: device/u2f/u2f_responses.h

Issue 2655853006: Define FIDO U2f Device abstraction (Closed)

Patch Set: Define FIDO U2f Device abstraction Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
(Empty)
	1 // Copyright 2017 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef DEVICE_U2F_U2F_RESPONSES_H_

	6 #define DEVICE_U2F_U2F_RESPONSES_H_

	7

	8 #include <vector>

	9

	10 #include "device/u2f/u2f_apdu_response.h"

	11

	12 namespace device {

	13

	14 // Parameter object defining the response to a U2fDevice::Register message. Raw

	15 // messages parameters are defined by the specification at

	16 // https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u 2f-raw-message-formats.html

	17 class U2fRegisterResponse

	18 : public base::RefCountedThreadSafe<U2fRegisterResponse> {
	Reilly Grant (use Gerrit) 2017/01/27 02:06:30 I should have mentioned this in my response (har h I should have mentioned this in my response (har har) to you earlier. These should be plain structs with public members and be passed by const& or std::unique_ptr. Reference counting is unnecessary for something that will only have one owner.
	19 public:

	20 scoped_refptr<U2fRegisterResponse> Create(

	21 U2fApduResponse::Status status,

	22 std::vector<uint8_t> user_public_key,
	juanlang (chromium.org) 2017/01/27 18:52:21 TL;DR: I think returning an opaque string of bytes TL;DR: I think returning an opaque string of bytes with the entire response body might be preferable. This an interesting design approach, one which I admit I hadn't considered. Does the webauthn API return each individual element from the response separately? If it returns an opaque string of bytes like the U2F API does, it would be better to just return the data as a string of bytes, since it avoids having to parse the response only in order to convert back to raw bytes. Even if returns each item individually, I wonder whether it might be better to return U2F responses as opaque strings of bytes from the "bottom half" all the same. That'll allow you to avoid having to repackage the bytes yourself if you wire up a plain-old U2F top half to this bottom half. I think doing so will be a useful vehicle for testing your bottom half, e.g. if you wire up the CryptoToken extension to this bottom half.
	23 std::vector<uint8_t> key_handle,

	24 std::vector<uint8_t> attestation_cert,

	25 std::vector<uint8_t> signature);

	26

	27 U2fApduResponse::Status status() const { return status_; };

	28 const std::vector<uint8_t> user_public_key() const {

	29 return user_public_key_;

	30 };

	31 const std::vector<uint8_t> key_handle() const { return key_handle_; };

	32 const std::vector<uint8_t> attestation_cert() const {

	33 return attestation_cert_;

	34 };

	35 const std::vector<uint8_t> signature() const { return signature_; };

	36

	37 private:

	38 friend class base::RefCountedThreadSafe<U2fRegisterResponse>;

	39

	40 U2fRegisterResponse(U2fApduResponse::Status status,

	41 std::vector<uint8_t> user_public_key,

	42 std::vector<uint8_t> key_handle,

	43 std::vector<uint8_t> attestation_cert,

	44 std::vector<uint8_t> signature);

	45 ~U2fRegisterResponse();

	46

	47 U2fApduResponse::Status status_;

	48 std::vector<uint8_t> user_public_key_;

	49 std::vector<uint8_t> key_handle_;

	50 std::vector<uint8_t> attestation_cert_;

	51 std::vector<uint8_t> signature_;

	52 };

	53

	54 // Parameter object defining the response to a U2fDevice::Sign message. Raw

	55 // messages parameters are defined by the specification at

	56 // https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u 2f-raw-message-formats.html

	57 class U2fSignResponse : public base::RefCountedThreadSafe<U2fSignResponse> {

	58 public:

	59 scoped_refptr<U2fSignResponse> Create(U2fApduResponse::Status status,

	60 uint8_t presence,
	juanlang (chromium.org) 2017/01/27 18:52:21 Same as above. If you accept my suggestion, you c Same as above. If you accept my suggestion, you could use the same response class for all APDU methods.
	61 uint32_t counter,

	62 std::vector<uint8_t> signature);

	63

	64 U2fApduResponse::Status status() const { return status_; };

	65 uint8_t presence() { return presence_; }

	66 uint32_t counter() { return counter_; }

	67 const std::vector<uint8_t> signature() const { return signature_; };

	68

	69 private:

	70 friend class base::RefCountedThreadSafe<U2fSignResponse>;

	71

	72 U2fSignResponse(U2fApduResponse::Status status,

	73 uint8_t presence,

	74 uint32_t counter,

	75 std::vector<uint8_t> signature);

	76 ~U2fSignResponse();

	77

	78 U2fApduResponse::Status status_;

	79 uint8_t presence_;

	80 uint32_t counter_;

	81 std::vector<uint8_t> signature_;

	82 };

	83

	84 } // namespace device

	85

	86 #endif // DEVICE_U2F_U2F_RESPONSES_H_

OLD	NEW

« device/u2f/u2f_device.cc ('K') | « device/u2f/u2f_device_unittest.cc ('k') | device/u2f/u2f_responses.cc » ('j') | no next file with comments »