Bug 1698617 [wpt PR 28086] - webauthn: support credBlob extension., a=testonly
authorAdam Langley <agl@chromium.org>
Fri, 23 Apr 2021 10:22:02 +0000
changeset 577288 1e96a200fefccfa5df7c04f74268b09438c01408
parent 577287 224a521bdf6dd33260c8e2eacafa8d6c75ad63a8
child 577289 254c17f364f5d75c8bdfdbcde1b36cb1c1a747b6
push id141827
push userwptsync@mozilla.com
push dateSat, 24 Apr 2021 02:11:12 +0000
treeherderautoland@3a7d9d49c316 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1698617, 28086, 20201208, 2761524, 873333
milestone90.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1698617 [wpt PR 28086] - webauthn: support credBlob extension., a=testonly Automatic update from web-platform-tests webauthn: support credBlob extension. This change enables the credBlob extension except on Windows where plumbing into the Windows API will take a little more work. https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html#sctn-credBlob-extension WebDriver spec change in https://github.com/w3c/webauthn/pull/1586 blink-dev thread: https://groups.google.com/a/chromium.org/g/blink-dev/c/Vfg2o0peyYg/m/KCLBo9yHAQAJ Change-Id: I0a23da1a67b2af1276a392020fdc165c22df31be Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2761524 Reviewed-by: Andrey Kosyakov <caseq@chromium.org> Reviewed-by: Ken Buchanan <kenrb@chromium.org> Reviewed-by: Shengfa Lin <shengfa@google.com> Reviewed-by: Martin Kreichgauer <martinkr@google.com> Reviewed-by: Nina Satragno <nsatragno@chromium.org> Commit-Queue: Adam Langley <agl@chromium.org> Cr-Commit-Position: refs/heads/master@{#873333} -- wpt-commits: f6ff6a641d8d62bffec89eac1d9b36d5d527165a wpt-pr: 28086
testing/web-platform/tests/webauthn/credblob-not-supported.https.html
testing/web-platform/tests/webauthn/credblob-supported.https.html
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/webauthn/credblob-not-supported.https.html
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>credBlob extension tests</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src=helpers.js></script>
+<body></body>
+<script>
+"use strict";
+
+const blobu8 = new Uint8Array(16);
+window.crypto.getRandomValues(blobu8);
+const blob = blobu8.buffer;
+
+virtualAuthenticatorPromiseTest(async t => {
+  const cred = await createCredential({
+    options: {
+      publicKey: {
+        extensions: {
+          credBlob: blob,
+        },
+      },
+    },
+  });
+
+  const createExtensions = cred.getClientExtensionResults();
+  assert_own_property(createExtensions, "credBlob");
+  assert_equals(createExtensions.credBlob, false, "extension supported at create time");
+}, {
+  protocol: "ctap2_1",
+  extensions: [],
+}, "creation requesting credBlob without authenticator support");
+</script>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/webauthn/credblob-supported.https.html
@@ -0,0 +1,93 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>credBlob extension tests</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src=helpers.js></script>
+<body></body>
+<script>
+"use strict";
+
+const blobu8 = new Uint8Array(16);
+window.crypto.getRandomValues(blobu8);
+const blob = blobu8.buffer;
+const authenticatorOptions = {
+  protocol: "ctap2_1",
+  extensions: ["credBlob"],
+};
+
+function compareBuffers(a, b) {
+  if (a.byteLength != b.byteLength) {
+    return false;
+  }
+  const a8 = new Uint8Array(a);
+  const b8 = new Uint8Array(b);
+  for (let i = 0; i < a8.length; i++) {
+    if (a8[i] != b8[i]) {
+      return false;
+    }
+  }
+  return true;
+}
+
+virtualAuthenticatorPromiseTest(async t => {
+  const cred = await createCredential({
+    options: {
+      publicKey: {},
+    },
+  });
+
+  const createExtensions = cred.getClientExtensionResults();
+  assert_not_own_property(createExtensions, "credBlob");
+
+  const assertion = await navigator.credentials.get({publicKey: {
+    challenge: new Uint8Array(),
+    allowCredentials: [{
+      id: cred.rawId,
+      type: "public-key",
+    }],
+    extensions: {
+      getCredBlob: true,
+    },
+  }});
+
+  const getExtensions = assertion.getClientExtensionResults();
+  assert_own_property(getExtensions, "getCredBlob");
+  const emptyBuffer = new Uint8Array();
+  assert_true(compareBuffers(getExtensions.getCredBlob, emptyBuffer));
+}, authenticatorOptions, "assertion without credBlob");
+
+virtualAuthenticatorPromiseTest(async t => {
+  const cred = await createCredential({
+    options: {
+      publicKey: {
+        extensions: {
+          credBlob: blob,
+        },
+      },
+    },
+  });
+
+  const createExtensions = cred.getClientExtensionResults();
+  assert_own_property(createExtensions, "credBlob");
+  assert_equals(createExtensions.credBlob, true, "extension supported at create time");
+
+  const assertion = await navigator.credentials.get({publicKey: {
+    challenge: new Uint8Array(),
+    allowCredentials: [{
+      id: cred.rawId,
+      type: "public-key",
+    }],
+    extensions: {
+      getCredBlob: true,
+    },
+  }});
+
+  const getExtensions = assertion.getClientExtensionResults();
+  assert_own_property(getExtensions, "getCredBlob");
+  assert_true(compareBuffers(getExtensions.getCredBlob, blob));
+}, authenticatorOptions, "assertion with credBlob");
+</script>