third_party/blink/public/mojom/webauthn/authenticator.mojom

// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

module blink.mojom;

import "mojo/public/mojom/base/time.mojom";
import "url/mojom/url.mojom";

// This file describes the communication between the WebAuthentication renderer
// implementation and browser-side implementations to create public key
// credentials and use already-created credentials to get assertions.
// See https://w3c.github.io/webauthn/.

enum AuthenticatorStatus {
  SUCCESS,
  PENDING_REQUEST,
  NOT_ALLOWED_ERROR,
  INVALID_DOMAIN,
  CREDENTIAL_EXCLUDED,
  CREDENTIAL_NOT_RECOGNIZED,
  NOT_IMPLEMENTED,
  NOT_FOCUSED,
  RESIDENT_CREDENTIALS_UNSUPPORTED,
  USER_VERIFICATION_UNSUPPORTED,
  ALGORITHM_UNSUPPORTED,
  EMPTY_ALLOW_CREDENTIALS,
  ANDROID_NOT_SUPPORTED_ERROR,
  PROTECTION_POLICY_INCONSISTENT,
  ABORT_ERROR,
  UNKNOWN_ERROR,
};

// See https://www.w3.org/TR/webauthn/#transport
enum AuthenticatorTransport {
  USB,
  NFC,
  BLE,
  CABLE,
  INTERNAL,
};

// Credential information returned by both Authenticator::MakeCredential
// and Authenticator::GetAssertion.
struct CommonCredentialInfo {
  // The base64url encoding of |raw_id|.
  string id;

  // An identifier for the credential.
  array<uint8> raw_id;

  // A blob of data containing the JSON serialization of client data passed
  // to the authenticator.
  array<uint8> client_data_json;
};

// Content of user verification method extension returned by both
// Authenticator::MakeCredential and Authenticator::GetAssertion.
// See https://w3c.github.io/webauthn/#sctn-uvm-extension
// Registry of the available values, see
// https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-registry-v2.0-id-20180227.html#user-verification-methods
[EnableIf=is_android]
struct UvmEntry {
  uint32 user_verification_method;
  uint16 key_protection_type;
  uint16 matcher_protection_type;
};

// The public key and attestation returned by Authenticator::MakeCredential.
struct MakeCredentialAuthenticatorResponse {
  CommonCredentialInfo info;

  // A blob of data returned by the authenticator after creating a credential.
  array<uint8> attestation_object;

  // A list of transports that the authenticator supports, with the transport
  // used for the registration as the first element.
  array<AuthenticatorTransport> transports;

  // True if getClientExtensionResults() called on the returned
  // PublicKeyCredential instance should contain an `hmacCreateSecret`
  // extension output. If so, |hmac_create_secret| contains the actual value.
  bool echo_hmac_create_secret;
  bool hmac_create_secret;

  // Only supported by fido2 devices on android, will eventually supported by
  // other platform.
  // True if getClientExtensionResults() called on the returned
  // PublicKeyCredential instance should contain an 'uvm' extension output.
  // If so, |user_verification_methods| contains the actual value.
  [EnableIf=is_android]
  bool echo_user_verification_methods;
  [EnableIf=is_android]
  array<UvmEntry>? user_verification_methods;
};

struct GetAssertionAuthenticatorResponse {
  CommonCredentialInfo info;

  // A blob of data returned by the authenticator after generating an assertion.
  array<uint8> authenticator_data;

  // Cryptographic signature proving possession of the credential private key.
  array<uint8> signature;

  // Only supported by CTAP devices, not by U2F devices.
  // Equivalent of the `user.id` passed into create().
  // Maximum 64 bytes.
  array<uint8>? user_handle;

  // True if getClientExtensionResults() called on the returned
  // PublicKeyCredential instance should contain an `appid` extension output.
  // If so, |appid_extension| contains the actual value.
  bool echo_appid_extension;
  bool appid_extension;

  // Only supported by fido2 devices on android, will eventually supported by
  // other platform.
  // True if getClientExtensionResults() called on the returned
  // PublicKeyCredential instance should contain an 'uvm' extension output.
  // If so, |user_verification_methods| contains the actual value.
  [EnableIf=is_android]
  bool echo_user_verification_methods;
  [EnableIf=is_android]
  array<UvmEntry>? user_verification_methods;
};

// Information about the relying party. These fields take arbitrary input.
struct PublicKeyCredentialRpEntity {
  // An ASCII serialization of an origin.
  string id;

  // Friendly name associated with the relying party intended for display.
  // e.g. "Acme Corporation".
  string name;

  // Image associated with the entity. e.g. a relying party's logo.
  url.mojom.Url? icon;
};

// Informatiom about the account held by the user. These fields take
// arbitrary input.
struct PublicKeyCredentialUserEntity {
  // Unique identifier for a user account An opaque byte sequence with a
  // maximum size of 64 bytes.
  array<uint8> id;

  // Friendly name associated with the entity intended for display.
  // e.g."john.p.smith@example.com" or "+14255551234" for a user.
  string name;

  // Image associated with the entity. For example, a user’s avatar.
  url.mojom.Url? icon;

  // Contains a friendly name for the user account (e.g., "John P. Smith").
  string display_name;
};

// Parameters that are used to generate an appropriate public key credential.
struct PublicKeyCredentialParameters {
  PublicKeyCredentialType type;
  int32 algorithm_identifier;
};

// See https://w3c.github.io/webauthn/#enumdef-userverificationrequirement.
enum UserVerificationRequirement {
  PREFERRED,
  REQUIRED,
  DISCOURAGED,
};

// Cloud-assisted BLE extension data for getAssertion.
struct CableAuthentication {
  // The caBLE version requested.
  uint8 version;

  // A 16-byte ephemeral identifier that the browser will advertise.
  array<uint8, 16> client_eid;

  // A 16-byte ephemeral identifier that the browser expects to receive from a
  // responding authenticator.
  array<uint8, 16> authenticator_eid;

  // A 32-byte pre-key used to compute a session key to encrypt messages between
  // a paired client and authenticator following a successful discovery.
  array<uint8, 32> session_pre_key;
};

// Cloud-assisted BLE extension data for makeCredential.
struct CableRegistration {
  // The caBLE versions supported by the relying party.
  array<uint8> versions;

  // The 65-byte ECDSA ephemeral public key belonging to the relying party
  // for use in establishing an encrypted caBLE channel with an authenticator.
  array<uint8, 65> relying_party_public_key;
};

// Parameters passed into calls to GetAssertion.
struct PublicKeyCredentialRequestOptions {
  // An indefinite-length blob passed from the the relying party server,
  // to be sent to an authenticator for signing.
  array<uint8> challenge;

  // Time to wait for an authenticator to complete an operation.
  // Adjusted to fall within a client-defined range.
  mojo_base.mojom.TimeDelta adjusted_timeout;

  // An ASCII serialization of the origin claimed by the relying party.
  string relying_party_id;

  // A list of credentials the relying party knows about and would
  // accept as the signing credential.
  array<PublicKeyCredentialDescriptor> allow_credentials;

  // Indicates the relying party's need for a user-verifying authenticator.
  UserVerificationRequirement user_verification;

  // The contents of the appid extension, if any. See
  // https://w3c.github.io/webauthn/#sctn-appid-extension
  string? appid;

  // The contents of the cloud assisted BLE extension for getAssertion
  // requests, if any. This extension permits browsers and authenticator
  // devices to establish a pairingless BLE connection.
  // TODO(crbug.com/842371): Add link to spec when available.
  // There may be multiple sets if multiple caBLE credentials have been
  // registered with the relying party.
  array<CableAuthentication> cable_authentication_data;

  // Only supported by fido2 devices on android, will eventually supported by
  // other platform.
  // Whether the user verification method extension is requested by
  // the RP. See https://w3c.github.io/webauthn/#sctn-uvm-extension
  [EnableIf=is_android]
  bool user_verification_methods;
};

// See https://w3c.github.io/webauthn/#enumdef-attestationconveyancepreference
enum AttestationConveyancePreference {
  NONE,
  INDIRECT,
  DIRECT,
  // A non-standard addition that we hope will become standard. This indicates
  // that the RP desires individual attestaion from the device.
  ENTERPRISE,
};

// https://w3c.github.io/webauthn/#enumdef-authenticatorattachment.
enum AuthenticatorAttachment {
    NO_PREFERENCE,
    PLATFORM,
    CROSS_PLATFORM,
};

enum ProtectionPolicy {
    // UNSPECIFIED means that no value was given at the Javascript level.
    UNSPECIFIED,
    NONE,
    UV_OR_CRED_ID_REQUIRED,
    UV_REQUIRED,
};

// See https://w3c.github.io/webauthn/#dictdef-authenticatorselectioncriteria.
struct AuthenticatorSelectionCriteria {
  // Filter authenticators by attachment type.
  AuthenticatorAttachment authenticator_attachment;

  // Whether the authenticator should store the created key so that the key
  // can later be selected given only an RP ID (e.g. when |allow_credentials|
  // is empty).
  bool require_resident_key;

  // Indicates the relying party's need for a user-verifying authenticator.
  UserVerificationRequirement user_verification;
};

// Parameters passed into calls to MakeCredential.
struct PublicKeyCredentialCreationOptions {
  // Information about the relying party and user entities, respectively.
  // Used by the authenticator to create or retrieve an appropriate public key
  // credential for the requested account.
  PublicKeyCredentialRpEntity relying_party;
  PublicKeyCredentialUserEntity user;

  // An indefinite-length blob passed from the the relying party server,
  // to be sent to an authenticator to make a credential.
  array<uint8> challenge;

  // Parameters defining the type of created credential that the relying
  // party would accept.
  array<PublicKeyCredentialParameters> public_key_parameters;

  // Time to wait for an authenticator to complete an operation.
  // Adjusted to fall within a client-defined range.
  mojo_base.mojom.TimeDelta adjusted_timeout;

  // A list of credentials the relying party knows about. If an
  // authenticator has one of these credentials, it should not
  // create a new one.
  array<PublicKeyCredentialDescriptor> exclude_credentials;

  // Specify the relying party's authenticator attribute requirements.
  AuthenticatorSelectionCriteria? authenticator_selection;

  // Specifies whether the RP wants attestation information for the created
  // credential.
  AttestationConveyancePreference attestation;

  // The contents of the cloud assisted BLE extension for makeCredential
  // requests, if any. This extension permits browsers and authenticator
  // devices to establish a pairingless BLE connection.
  // TODO(crbug.com/842371): Add link to spec when available.
  CableRegistration? cable_registration_data;

  // The contents of the hmacCreateSecret extension, if any. See
  // https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-client-to-authenticator-protocol-v2.0-rd-20180702.html#sctn-hmac-secret-extension
  bool hmac_create_secret;

  // Only supported by fido2 devices on android, will eventually supported by
  // other platform.
  // Whether the user verification method extension is requested by
  // the RP. See https://w3c.github.io/webauthn/#sctn-uvm-extension
  [EnableIf=is_android]
  bool user_verification_methods;

  // The value of the `credentialProtectionPolicy` extension, or UNSPECIFIED if
  // none was provided.
  ProtectionPolicy protection_policy;
  // The value of the `enforceCredentialProtectionPolicy`, or false if none was
  // provided.
  bool enforce_protection_policy;
};

enum PublicKeyCredentialType {
  PUBLIC_KEY,
};

// Describes the credentials that the relying party already knows about for
// the given account. If any of these are known to the authenticator,
// it should not create a new credential.
struct PublicKeyCredentialDescriptor {
  PublicKeyCredentialType type;

  // Blob representing a credential key handle. Up to 255 bytes for
  // U2F authenticators.
  array<uint8> id;

  array<AuthenticatorTransport> transports;
};

// Interface to direct authenticators to create or use a public key credential.
interface Authenticator {
  // Gets the credential info for a new public key credential created by an
  // authenticator for the given |PublicKeyCredentialCreationOptions|
  // [MakeCredentialAuthenticatorResponse] will be set if and only if status == SUCCESS.
  MakeCredential(PublicKeyCredentialCreationOptions options)
      => (AuthenticatorStatus status, MakeCredentialAuthenticatorResponse? credential);

  // Uses an existing credential to produce an assertion for the given
  // |PublicKeyCredentialRequestOptions|.
  // |GetAssertionResponse| will be set if and only if status == SUCCESS.
  GetAssertion(PublicKeyCredentialRequestOptions options)
      => (AuthenticatorStatus status, GetAssertionAuthenticatorResponse? credential);

  // Returns true if the user platform provides an authenticator. Relying
  // Parties use this method to determine whether they can create a new
  // credential using a user-verifying platform authenticator.
  IsUserVerifyingPlatformAuthenticatorAvailable() => (bool available);

  // Cancel an ongoing MakeCredential or GetAssertion request
  // Only one MakeCredential or GetAssertion call at a time is allowed,
  // any future calls are cancelled
  Cancel();
};