Implement HMAC-Secret extension

build.gradle

@@ -27,5 +27,5 @@ allprojects {
 
 ext {
     compileSdkVersion = 29
-    hwSdkVersionName = '4.4.0'
+    hwSdkVersionName = '4.5.0'
 }

hwsecurity/fido2/src/main/java/de/cotech/hw/fido2/domain/BooleanExtensionParameterValue.java

@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2018-2021 Confidential Technologies GmbH
+ *
+ * You can purchase a commercial license at https://hwsecurity.dev.
+ * Buying such a license is mandatory as soon as you develop commercial
+ * activities involving this program without disclosing the source code
+ * of your own applications.
+ *
+ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package de.cotech.hw.fido2.domain;
+
+import com.google.auto.value.AutoValue;
+
+@AutoValue
+public abstract class BooleanExtensionParameterValue implements ExtensionParameter.ExtensionParameterValue {
+    public abstract boolean value();
+
+    public static BooleanExtensionParameterValue create(boolean value) {
+        return new AutoValue_BooleanExtensionParameterValue(value);
+    }
+}

hwsecurity/fido2/src/main/java/de/cotech/hw/fido2/domain/ByteArrayExtensionParameterValue.java

@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2018-2021 Confidential Technologies GmbH
+ *
+ * You can purchase a commercial license at https://hwsecurity.dev.
+ * Buying such a license is mandatory as soon as you develop commercial
+ * activities involving this program without disclosing the source code
+ * of your own applications.
+ *
+ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package de.cotech.hw.fido2.domain;
+
+import com.google.auto.value.AutoValue;
+
+@AutoValue
+public abstract class ByteArrayExtensionParameterValue implements ExtensionParameter.ExtensionParameterValue {
+    @SuppressWarnings("mutable")
+    public abstract byte[] value();
+
+    public static ByteArrayExtensionParameterValue create(byte[] value) {
+        return new AutoValue_ByteArrayExtensionParameterValue(value);
+    }
+}

hwsecurity/fido2/src/main/java/de/cotech/hw/fido2/domain/ExtensionParameter.java

@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2018-2021 Confidential Technologies GmbH
+ *
+ * You can purchase a commercial license at https://hwsecurity.dev.
+ * Buying such a license is mandatory as soon as you develop commercial
+ * activities involving this program without disclosing the source code
+ * of your own applications.
+ *
+ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package de.cotech.hw.fido2.domain;
+import android.os.Parcelable;
+import com.google.auto.value.AutoValue;
+
+@AutoValue
+public abstract class ExtensionParameter implements Parcelable {
+
+    public interface ExtensionParameterValue extends Parcelable {
+    }
+
+    public abstract String key();
+    @SuppressWarnings("mutable")
+    public abstract ExtensionParameterValue value();
+
+    public static ExtensionParameter create(String key, ExtensionParameterValue value) {
+        return new AutoValue_ExtensionParameter(key, value);
+    }
+}

hwsecurity/fido2/src/main/java/de/cotech/hw/fido2/domain/HmacSecretExtensionParameterValue.java

@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2018-2021 Confidential Technologies GmbH
+ *
+ * You can purchase a commercial license at https://hwsecurity.dev.
+ * Buying such a license is mandatory as soon as you develop commercial
+ * activities involving this program without disclosing the source code
+ * of your own applications.
+ *
+ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package de.cotech.hw.fido2.domain;
+
+import androidx.annotation.Nullable;
+
+import com.google.auto.value.AutoValue;
+
+@AutoValue
+public abstract class HmacSecretExtensionParameterValue implements ExtensionParameter.ExtensionParameterValue {
+    @SuppressWarnings("mutable")
+    public abstract byte[] salt1();
+
+    @Nullable
+    @SuppressWarnings("mutable")
+    public abstract byte[] salt2();
+
+    public static HmacSecretExtensionParameterValue create(byte[] salt1, @Nullable byte[] salt2) {
+        if (salt1.length != 32) {
+            throw new IllegalArgumentException("HMAC salt1 must be 32 bytes in length exactly");
+        }
+        if (salt2 != null && salt2.length != 32) {
+            throw new IllegalArgumentException("HMAC salt2 must be 32 bytes in length exactly");
+        }
+        return new AutoValue_HmacSecretExtensionParameterValue(salt1, salt2);
+    }
+}

hwsecurity/fido2/src/main/java/de/cotech/hw/fido2/domain/create/AuthenticatorData.java

@@ -27,6 +27,7 @@
 
 import androidx.annotation.Nullable;
 import com.google.auto.value.AutoValue;
+import de.cotech.hw.fido2.internal.cbor_java.model.Map;
 
 
 @AutoValue
@@ -69,7 +70,7 @@ public abstract class AuthenticatorData {
     // extensions 	variable (if present) 	Extension-defined authenticator data. This is a CBOR [RFC7049] map with extension identifiers as keys, and authenticator extension outputs as values. See §9 WebAuthn Extensions for details.
     @Nullable
     @SuppressWarnings("mutable")
-    public abstract byte[] extensions();
+    public abstract Map extensions();
 
     public boolean hasAttestedCredentialData() {
         return (flags() & FLAG_ATTESTED_CREDENTIAL_DATA) != 0;
@@ -80,7 +81,7 @@ public boolean hasExtensionData() {
     }
 
     public static AuthenticatorData create(byte[] rpIdHash, byte flags, int sigCounter,
-            AttestedCredentialData credentialData, byte[] extensions) {
+                                           AttestedCredentialData credentialData, Map extensions) {
         return new AutoValue_AuthenticatorData(rpIdHash, flags, sigCounter, credentialData, extensions);
     }
 

hwsecurity/fido2/src/main/java/de/cotech/hw/fido2/domain/create/PublicKeyCredentialCreationOptions.java

@@ -31,6 +31,8 @@
 
 import androidx.annotation.Nullable;
 import com.google.auto.value.AutoValue;
+
+import de.cotech.hw.fido2.domain.ExtensionParameter;
 import de.cotech.hw.fido2.domain.PublicKeyCredentialDescriptor;
 import de.cotech.hw.fido2.domain.PublicKeyCredentialParameters;
 import de.cotech.hw.fido2.domain.PublicKeyCredentialRpEntity;
@@ -50,6 +52,8 @@ public abstract class PublicKeyCredentialCreationOptions implements Parcelable {
     @Nullable
     public abstract List<PublicKeyCredentialDescriptor> excludeCredentials();
     public abstract AttestationConveyancePreference attestation();
+    @Nullable
+    public abstract List<ExtensionParameter> extensionParameters();
 
     public static PublicKeyCredentialCreationOptions create(
             PublicKeyCredentialRpEntity rp,
@@ -60,9 +64,23 @@ public static PublicKeyCredentialCreationOptions create(
             AuthenticatorSelectionCriteria authenticatorSelection,
             @Nullable List<PublicKeyCredentialDescriptor> excludeCredentials,
             AttestationConveyancePreference attestation
+    ) {
+        return create(rp, user, challenge, pubKeyCredParams, timeout, authenticatorSelection, excludeCredentials, attestation);
+    }
+
+    public static PublicKeyCredentialCreationOptions create(
+            PublicKeyCredentialRpEntity rp,
+            PublicKeyCredentialUserEntity user,
+            byte[] challenge,
+            List<PublicKeyCredentialParameters> pubKeyCredParams,
+            @Nullable Long timeout,
+            AuthenticatorSelectionCriteria authenticatorSelection,
+            @Nullable List<PublicKeyCredentialDescriptor> excludeCredentials,
+            AttestationConveyancePreference attestation,
+            @Nullable List<ExtensionParameter> extensionParameters
     ) {
         return new AutoValue_PublicKeyCredentialCreationOptions(
                 rp, user, challenge, pubKeyCredParams, timeout,
-                authenticatorSelection, excludeCredentials, attestation);
+                authenticatorSelection, excludeCredentials, attestation, extensionParameters);
     }
 }

hwsecurity/fido2/src/main/java/de/cotech/hw/fido2/domain/get/AuthenticatorAssertionResponse.java

@@ -39,8 +39,11 @@ public abstract class AuthenticatorAssertionResponse extends AuthenticatorRespon
     @Nullable
     @SuppressWarnings("mutable")
     public abstract byte[] userHandle();
+    @Nullable
+    @SuppressWarnings("mutable")
+    public abstract byte[] hmacSecretData();
 
-    public static AuthenticatorAssertionResponse create(byte[] clientDataJson, byte[] authenticatorData, byte[] signature, @Nullable byte[] userHandle) {
-        return new AutoValue_AuthenticatorAssertionResponse(clientDataJson, authenticatorData, signature, userHandle);
+    public static AuthenticatorAssertionResponse create(byte[] clientDataJson, byte[] authenticatorData, byte[] signature, @Nullable byte[] userHandle, @Nullable byte[] hmacSecretData) {
+        return new AutoValue_AuthenticatorAssertionResponse(clientDataJson, authenticatorData, signature, userHandle, hmacSecretData);
     }
 }

hwsecurity/fido2/src/main/java/de/cotech/hw/fido2/domain/get/PublicKeyCredentialRequestOptions.java

@@ -31,6 +31,8 @@
 
 import androidx.annotation.Nullable;
 import com.google.auto.value.AutoValue;
+
+import de.cotech.hw.fido2.domain.ExtensionParameter;
 import de.cotech.hw.fido2.domain.PublicKeyCredentialDescriptor;
 import de.cotech.hw.fido2.domain.UserVerificationRequirement;
 
@@ -47,15 +49,30 @@ public abstract class PublicKeyCredentialRequestOptions implements Parcelable {
     public abstract List<PublicKeyCredentialDescriptor> allowCredentials();
     @Nullable
     public abstract UserVerificationRequirement userVerification();
+    @Nullable
+    public abstract List<ExtensionParameter> extensionParameters();
 
     public static PublicKeyCredentialRequestOptions create(
             byte[] challenge,
             Long timeout,
             String rpId,
             List<PublicKeyCredentialDescriptor> allowCredentials,
             UserVerificationRequirement userVerification
+    ) {
+        return create(challenge, timeout, rpId, allowCredentials, userVerification, null);
+    }
+
+    public static PublicKeyCredentialRequestOptions create(
+            byte[] challenge,
+            Long timeout,
+            String rpId,
+            List<PublicKeyCredentialDescriptor> allowCredentials,
+            UserVerificationRequirement userVerification,
+            @Nullable
+            List<ExtensionParameter> extensionParameters
     ) {
         return new AutoValue_PublicKeyCredentialRequestOptions(
-                challenge, timeout, rpId, allowCredentials, userVerification);
+                challenge, timeout, rpId, allowCredentials, userVerification,
+                extensionParameters);
     }
 }