Chromium Code Reviews Chromium Code Reviews
Issue 2702653002:
Patch #1 of multiple. Add webauth .mojom and initial usage of makeCredential. (Closed)
| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 [JavaPackage="org.chromium.webauth.mojom"] | |
| 6 module webauth.mojom; | |
| 7 | |
| 8 // This file describes the communication between the WebAuthentication renderer | |
| 9 // implementation and browser-side implementations to create scoped credentials | |
| 10 // and use already-created credentials to get assertions. | |
| 11 // See https://w3c.github.io/webauthn/. | |
| 12 | |
| 13 // The public key and attestation that is returned by an authenticator's | |
| 14 // call to makeCredential. | |
| 15 struct ScopedCredentialInfo { | |
| 16 // A blob of data containing the JSON serialization of client data passed | |
| 17 // to the authenticator. | |
| 18 array<uint8> client_data; | |
| 19 // A blob of data returned from the authenticator. | |
| 20 array<uint8> attestation; | |
| 21 }; | |
| 22 | |
| 23 // Information about the relying party and the user account held by that | |
| 24 // relying party. This information is used by the authenticator to create | |
| 25 // or retrieve an appropriate scoped credential for this account. | |
| 26 // These fields take arbitrary input. | |
| 27 struct RelyingPartyAccount { | |
| 28 string relying_party_display_name; | |
| 29 string display_name; | |
| 30 string id; | |
| 31 string name; | |
| 32 string image_url; | |
| 33 }; | |
| 34 | |
| 35 // Parameters that are used to generate an appropriate scoped credential. | |
| 36 struct ScopedCredentialParameters { | |
| 37 ScopedCredentialType type; | |
| 38 // TODO(kpaulhamus): add AlgorithmIdentifier algorithm; | |
| 39 }; | |
| 40 | |
| 41 // Optional parameters that are used during makeCredential. | |
| 42 struct ScopedCredentialOptions { | |
| 43 int32 timeout_seconds; | |
| 44 string relying_party_id; | |
| 45 array<ScopedCredentialDescriptor> exclude_list; | |
| 46 // TODO(kpaulhamus): add Extensions | |
| 47 }; | |
| 48 | |
| 49 enum ScopedCredentialType { | |
| 50 SCOPEDCRED, | |
| 51 }; | |
| 52 | |
| 53 // Describes the credentials that the relying party already knows about for | |
| 54 // the given account. If any of these are known to the authenticator, | |
| 55 // it should not create a new credential. | |
| 56 struct ScopedCredentialDescriptor { | |
| 57 ScopedCredentialType type; | |
| 58 // A 255-byte blob representing a credential key handle | |
|
dcheng
2017/05/04 07:22:35
Is it always exactly 255 byte, or up to?
kpaulhamus
2017/05/05 01:32:36
Good catch, it's up to.
| |
| 59 array<uint8> id; | |
| 60 array<Transport> transports; | |
| 61 }; | |
| 62 | |
| 63 enum Transport { | |
| 64 USB, | |
| 65 NFC, | |
| 66 BLE, | |
| 67 }; | |
| 68 | |
| 69 // Interface to direct authenticators to create or use a scoped credential. | |
| 70 interface Authenticator { | |
| 71 // Gets the credential info for a new credential created by an authenticator | |
| 72 // for the given relying party and account. | |
| 73 // |attestation_challenge| is a blob passed from the relying party server. | |
| 74 MakeCredential(RelyingPartyAccount account_information, | |
| 75 array<ScopedCredentialParameters> crypto_parameters, | |
| 76 array<uint8> attestation_challenge, | |
| 77 ScopedCredentialOptions? options) | |
| 78 => (array<ScopedCredentialInfo> scoped_credentials); | |
| 79 }; | |
| OLD | NEW |
