blob: 2eba61f5fce2f9fb5800e8e18dead1c1f2e6bc01 [file] [log] [blame]
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <stdint.h>
#include <array>
#include <memory>
#include <vector>
#include "base/component_export.h"
#include "base/macros.h"
#include "device/fido/authenticator_data.h"
#include "device/fido/fido_constants.h"
namespace device {
class AttestationStatement;
// Object containing the authenticator-provided attestation every time
// a credential is created, per
class COMPONENT_EXPORT(DEVICE_FIDO) AttestationObject {
AttestationObject(AuthenticatorData data,
std::unique_ptr<AttestationStatement> statement);
// Moveable.
AttestationObject(AttestationObject&& other);
AttestationObject& operator=(AttestationObject&& other);
std::vector<uint8_t> GetCredentialId() const;
enum class AAGUID {
// Replaces the attestation statement with a “none” attestation, and replaces
// device AAGUID with zero bytes (unless |erase_aaguid| is kInclude) as
// specified for step 20.3 in
void EraseAttestationStatement(AAGUID erase_aaguid);
// Returns true if the attestation is a "self" attestation, i.e. is just the
// private key signing itself to show that it is fresh. See
// Note that self-
// attestation also requires at the AAGUID in the authenticator data be all
// zeros.
bool IsSelfAttestation();
// Returns true if the attestation certificate is known to be inappropriately
// identifying. Some tokens return unique attestation certificates even when
// the bit to request that is not set. (Normal attestation certificates are
// not indended to be trackable.)
bool IsAttestationCertificateInappropriatelyIdentifying();
// Produces a WebAuthN style CBOR-encoded byte-array in the following format:
// {"authData": authenticator data bytes,
// "fmt": attestation format name,
// "attStmt": attestation statement bytes }
std::vector<uint8_t> SerializeToCBOREncodedBytes() const;
const std::array<uint8_t, kRpIdHashLength>& rp_id_hash() const {
return authenticator_data_.application_parameter();
const AuthenticatorData& authenticator_data() const {
return authenticator_data_;
const AttestationStatement& attestation_statement() const {
return *attestation_statement_.get();
AuthenticatorData authenticator_data_;
std::unique_ptr<AttestationStatement> attestation_statement_;
// Produces a CTAP style CBOR-encoded byte array that that conforms to the
// format CTAP2 devices sends to the client as a response. More specifically:
// {01: attestation format name,
// 02: authenticator data bytes,
// 03: attestation statement bytes }
std::vector<uint8_t> SerializeToCtapStyleCborEncodedBytes(
const AttestationObject& object);
} // namespace device