Blink-layer update to match WebAuthN spec

third_party/WebKit/public/platform/modules/webauth/authenticator.mojom

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 [JavaPackage="org.chromium.webauth.mojom"]
 module webauth.mojom;
 
+import "mojo/common/time.mojom";
+import "url/mojo/url.mojom";
+
 // This file describes the communication between the WebAuthentication renderer
-// implementation and browser-side implementations to create scoped credentials
-// and use already-created credentials to get assertions.
+// implementation and browser-side implementations to create public key
+// credentials and use already-created credentials to get assertions.
 // See https://w3c.github.io/webauthn/.
 
 enum AuthenticatorStatus {
   SUCCESS,
   CANCELLED,
   UNKNOWN_ERROR,
   NOT_ALLOWED_ERROR,
   NOT_SUPPORTED_ERROR,
   SECURITY_ERROR,
   NOT_IMPLEMENTED,
 };
 
 // The public key and attestation that is returned by an authenticator's 
 // call to makeCredential.
-struct ScopedCredentialInfo {
+struct PublicKeyCredentialInfo {
+  // The base64url encoding of rawId.

[engedy, 2017/07/05 18:51:09]

nit: ... of |raw_id|.

[kpaulhamus, 2017/07/12 21:21:49]

Done.

+  string id;
+  // An identifier for the credential.
+  array<uint8> rawId;

[dcheng1, 2017/06/30 16:23:55]

Nit: raw_id

[kpaulhamus, 2017/07/12 21:21:49]

Done.

+
   // A blob of data containing the JSON serialization of client data passed
   // to the authenticator.
-  array<uint8> client_data;
-  // A blob of data returned from the authenticator.
-  array<uint8> attestation;
+  array<uint8> client_data_json;
+
+  // The response data from the authenticator.
+  AuthenticatorResponse response;
+
+  // TODO(kpaulhamus): add AuthenticatorSelectionCriteria

[engedy, 2017/07/05 18:51:09]

nit: I think this goes to MakeCredentialOptions?

[kpaulhamus, 2017/07/12 21:21:49]

Done.

 };
 
-// Information about the relying party and the user account held by that 
-// relying party. This information is used by the authenticator to create 
-// or retrieve an appropriate scoped credential for this account.
-// These fields take arbitrary input.
-struct RelyingPartyAccount {
-  // Friendly name of the Relying Party, e.g. "Acme Corporation"
-  string relying_party_display_name;
-  // Friendly name associated with the user account, e.g. "John P. Smith"
-  string display_name;
-  // Identifier for the account, corresponding to no more than one credential 
-  // per authenticator and Relying Party.
-  string id;
-  // Detailed name for the account, e.g. john.p.smith@example.com
-  string? name;
-  // User image, if any.
-  // TODO(kpaulhamus): make this url.mojom.Url in a followup CL
-  string? image_url;
+// Contains the authenticator's response to the request to either
+// create a public key credential, or generate an authentication assertion.
+struct AuthenticatorResponse {

[engedy, 2017/07/05 18:51:09]

If I understand correctly, this needs to be polymorphic as per the WebAuthN
spec. How is the receiver end going to decide on the subtype here?

[kpaulhamus, 2017/07/12 21:21:49]

The call being made (create/get, or as-currently makeCredential/getAssertion)
informs the return type. i.e. makeCredential always wants an "Attestation"
response, and would just need to verify that there is an attestation_object
returned in this AuthenticatorResponse. I  mashed them together for convenience
in the mojo, since mojo technically doesn't have to match the formal spec.

[engedy, 2017/07/13 11:33:54]

Got it.

+  // A blob of data returned by the authenticator after creating a credential.
+  array<uint8> attestation_object;
+  // A blob of data returned by the authenticator after generating an assertion.
+  array<uint8> authenticator_data;
+  // Cryptographic signature proving possession of the credential private key.
+  array<uint8> signature;
 };
 
-// Parameters that are used to generate an appropriate scoped credential.
-struct ScopedCredentialParameters {
-  ScopedCredentialType type;
+// Information about the relying party and the user account held by that

[engedy, 2017/07/05 18:51:09]

nit: Not sure about the semantics, but how about "the account held by the user
at that relying party"?

[kpaulhamus, 2017/07/12 21:21:49]

Sure

+// relying party. This information is used by the authenticator to create
+// or retrieve an appropriate public key credential for this account.
+// These fields take arbitrary input.
+struct PublicKeyCredentialEntity {
+  // A unique identifier for the entity. An ASCII serialization of an origin
+  // for a relying party, and an arbitrary string specified by the relying party
+  // for user accounts.
+  string id;
+
+  // Friendly name associated with the entity intended for display.
+  // e.g. "Acme Corporation" for a relying party and "john.p.smith@example.com"
+  // or "+14255551234" for a user.
+  string name;
+
+  // Image associated with the entity.
+  // For example, this could be a user’s avatar or a relying party's logo.
+  url.mojom.Url? icon;
+
+  // Contains a friendly name for the user account (e.g., "John P. Smith").
+  string? display_name;
+};
+
+// Parameters that are used to generate an appropriate public key credential.
+struct PublicKeyCredentialParameters {
+  PublicKeyCredentialType type;
   // TODO(kpaulhamus): add AlgorithmIdentifier algorithm;
 };
 
-// Optional parameters that are used during makeCredential. 
-struct ScopedCredentialOptions {
-  //TODO(kpaulhamus): Make this mojo.common.mojom.TimeDelta in followup CL
-  double adjusted_timeout;
-  string? relying_party_id;
-  array<ScopedCredentialDescriptor> exclude_list;
-  // TODO(kpaulhamus): add Extensions
+// Optional parameters that are used during makeCredential.

[engedy, 2017/07/05 18:51:09]

comment nit: These do not seem to be optional anymore. How about:

// Parameters passed into calls to MakeCredential.

[kpaulhamus, 2017/07/12 21:21:49]

Done.

+struct MakeCredentialOptions {
+  PublicKeyCredentialEntity relying_party; // Relying party information.

[engedy, 2017/07/05 18:51:09]

nit: Mention this corresponds to |rp| in the IDL.

[engedy, 2017/07/05 18:51:09]

style nit: Could you please move the comments above the members, and leave one
blank line in-between members throughout this file?

[kpaulhamus, 2017/07/12 21:21:49]

Done.

[kpaulhamus, 2017/07/12 21:21:49]

Done.

+  PublicKeyCredentialEntity user;  // Information about the user.
+  array<uint8> challenge;  // A blob passed from the the relying party server.
+  array<PublicKeyCredentialParameters> crypto_parameters;
+  mojo.common.mojom.TimeDelta adjusted_timeout;
+  array<PublicKeyCredentialDescriptor> exclude_list;

[engedy, 2017/07/05 18:51:09]

optional nit: s/exlude_list/excludeCredentials/, for consistency with IDL.

[kpaulhamus, 2017/07/12 21:21:49]

Done.

 };
 
-enum ScopedCredentialType {
-  SCOPEDCRED,
+enum PublicKeyCredentialType {
+  PUBLICKEY,

[engedy, 2017/07/05 18:51:10]

nit: I'm never sure about converting dashes to ALL_CAPS, but would PUBLIC_KEY
look better?

[kpaulhamus, 2017/07/12 21:21:50]

Done.

 };
 
 // Describes the credentials that the relying party already knows about for
-// the given account. If any of these are known to the authenticator, 
+// the given account. If any of these are known to the authenticator,
 // it should not create a new credential.
-struct ScopedCredentialDescriptor {
-  ScopedCredentialType type;
-  // Blob representing a credential key handle. Up to 255 bytes for 
+struct PublicKeyCredentialDescriptor {
+  PublicKeyCredentialType type;
+  // Blob representing a credential key handle. Up to 255 bytes for
   // U2F authenticators.
   array<uint8> id;
   array<Transport> transports;
 };
 
 enum Transport {

[engedy, 2017/07/05 18:51:09]

nit: AuthenticatorTransport

[kpaulhamus, 2017/07/12 21:21:49]

Done.

   USB,
   NFC,
   BLE,
 };
 
-// Interface to direct authenticators to create or use a scoped credential.
+// Interface to direct authenticators to create or use a public key credential.
 interface Authenticator {
-  // Gets the credential info for a new credential created by an authenticator
-  // for the given relying party and account. 
-  // |attestation_challenge| is a blob passed from the relying party server.
-  // [ScopedCredentialInfo] will only be set if status == SUCCESS. 

[dcheng1, 2017/06/30 16:23:55]

Nit: this comment got lost in the updates.

[kpaulhamus, 2017/07/12 21:21:49]

Thx

-  MakeCredential(RelyingPartyAccount account_information,
-                 array<ScopedCredentialParameters> crypto_parameters,
-                 array<uint8> attestation_challenge,
-                 ScopedCredentialOptions options)
-      => (AuthenticatorStatus status, 
-          ScopedCredentialInfo? scoped_credential);
+  // Gets the credential info for a new public key credential created by an
+  // authenticator for the given |MakeCredentialOptions|
+  MakeCredential(MakeCredentialOptions options)
+      => (AuthenticatorStatus status, PublicKeyCredentialInfo? credential);
 };