Separate signed/unsigned extensions for GetAssertion

msirringhaus · msirringhaus · commit b4616abd70ca · 2025-05-08T14:35:44.000+02:00
diff --git a/libwebauthn/examples/prf_test.rs b/libwebauthn/examples/prf_test.rs
@@ -13,8 +13,8 @@ use tokio::sync::mpsc::Receiver;
 use tracing_subscriber::{self, EnvFilter};
 
 use libwebauthn::ops::webauthn::{
-    GetAssertionHmacOrPrfInput, GetAssertionHmacOrPrfOutput, GetAssertionRequest,
-    GetAssertionRequestExtensions, PRFValue, UserVerificationRequirement,
+    GetAssertionHmacOrPrfInput, GetAssertionRequest, GetAssertionRequestExtensions, PRFValue,
+    UserVerificationRequirement,
 };
 use libwebauthn::pin::PinRequestReason;
 use libwebauthn::proto::ctap2::{Ctap2PublicKeyCredentialDescriptor, Ctap2PublicKeyCredentialType};
@@ -178,15 +178,15 @@ async fn run_success_test(
         println!(
             "{num}. result of {printoutput}: {:?}",
             assertion
-                .authenticator_data
-                .extensions
+                .unsigned_extensions_output
                 .as_ref()
-                .map(|e| match &e.hmac_or_prf {
-                    GetAssertionHmacOrPrfOutput::None => String::from("ERROR: No PRF output"),
-                    GetAssertionHmacOrPrfOutput::HmacGetSecret(..) =>
-                        String::from("ERROR: Got HMAC instead of PRF output"),
-                    GetAssertionHmacOrPrfOutput::Prf { enabled: _, result } =>
-                        hex::encode(result.first),
+                .map(|e| if let Some(prf) = &e.prf {
+                    let results = prf.results.as_ref().map(|r| hex::encode(r.first)).unwrap();
+                    format!("Found PRF results: {}", results)
+                } else if e.hmac_get_secret.is_some() {
+                    String::from("ERROR: Got HMAC instead of PRF output")
+                } else {
+                    String::from("ERROR: No PRF output")
                 })
                 .unwrap_or(String::from("ERROR: No extensions returned"))
         );
diff --git a/libwebauthn/src/ops/u2f.rs b/libwebauthn/src/ops/u2f.rs
@@ -194,7 +194,6 @@ impl UpgradableResponse<GetAssertionResponse, SignRequest> for SignResponse {
             credentials_count: None,
             user_selected: None,
             large_blob_key: None,
-            unsigned_extension_outputs: None,
             enterprise_attestation: None,
             attestation_statement: None,
         };
diff --git a/libwebauthn/src/ops/webauthn.rs b/libwebauthn/src/ops/webauthn.rs
@@ -1,11 +1,7 @@
-use std::{
-    collections::{BTreeMap, HashMap},
-    time::Duration,
-};
+use std::{collections::HashMap, time::Duration};
 
 use ctap_types::ctap2::credential_management::CredentialProtectionPolicy as Ctap2CredentialProtectionPolicy;
 use serde::{Deserialize, Serialize};
-use serde_cbor::Value;
 use sha2::{Digest, Sha256};
 use tracing::{debug, error, instrument, trace};
 
@@ -16,8 +12,9 @@ use crate::{
         ctap1::{Ctap1RegisteredKey, Ctap1Version},
         ctap2::{
             Ctap2AttestationStatement, Ctap2COSEAlgorithmIdentifier, Ctap2CredentialType,
-            Ctap2MakeCredentialsResponseExtensions, Ctap2PublicKeyCredentialDescriptor,
-            Ctap2PublicKeyCredentialRpEntity, Ctap2PublicKeyCredentialUserEntity,
+            Ctap2GetAssertionResponseExtensions, Ctap2MakeCredentialsResponseExtensions,
+            Ctap2PublicKeyCredentialDescriptor, Ctap2PublicKeyCredentialRpEntity,
+            Ctap2PublicKeyCredentialUserEntity,
         },
     },
     webauthn::CtapError,
@@ -97,7 +94,9 @@ pub struct MakeCredentialRequest {
 
 #[derive(Debug, Default, Clone, Serialize)]
 pub struct PRFValue {
+    #[serde(with = "serde_bytes")]
     pub first: [u8; 32],
+    #[serde(skip_serializing_if = "Option::is_none", with = "serde_bytes")]
     pub second: Option<[u8; 32]>,
 }
 
@@ -243,17 +242,10 @@ pub enum GetAssertionHmacOrPrfInput {
     },
 }
 
-#[derive(Debug, Default, Clone)]
-pub enum GetAssertionHmacOrPrfOutput {
-    #[default]
-    None,
-    HmacGetSecret(HMACGetSecretOutput),
-    Prf {
-        enabled: bool,
-        // The spec tells us this should be a Vec<PRFValue>, but doesn't
-        // explain how it could hold more than 1 value
-        result: PRFValue,
-    },
+#[derive(Debug, Default, Clone, Serialize)]
+pub struct GetAssertionPrfOutput {
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub results: Option<PRFValue>,
 }
 
 #[derive(Clone, Debug, Default, Eq, PartialEq)]
@@ -271,6 +263,15 @@ pub enum GetAssertionLargeBlobExtension {
     // Write(Vec<u8>),
 }
 
+#[derive(Debug, Default, Clone, PartialEq, Eq, Serialize)]
+pub struct GetAssertionLargeBlobExtensionOutput {
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub blob: Option<Vec<u8>>,
+    // Not yet supported
+    // #[serde(skip_serializing_if = "Option::is_none")]
+    // pub written: Option<bool>,
+}
+
 #[derive(Debug, Default, Clone)]
 pub struct GetAssertionRequestExtensions {
     pub cred_blob: Option<bool>,
@@ -286,7 +287,7 @@ pub struct HMACGetSecretOutput {
     pub output2: Option<[u8; 32]>,
 }
 
-#[derive(Clone, Debug, Default, Deserialize)]
+#[derive(Clone, Debug, Default, Serialize, Deserialize)]
 #[serde(transparent)]
 pub struct Ctap2HMACGetSecretOutput {
     // We get this from the device, but have to decrypt it, and
@@ -297,7 +298,7 @@ pub struct Ctap2HMACGetSecretOutput {
 
 impl Ctap2HMACGetSecretOutput {
     pub(crate) fn decrypt_output(
-        self,
+        &self,
         shared_secret: &[u8],
         uv_proto: &Box<dyn PinUvAuthProtocol>,
     ) -> Option<HMACGetSecretOutput> {
@@ -313,7 +314,7 @@ impl Ctap2HMACGetSecretOutput {
             res.output1.copy_from_slice(&output);
         } else if output.len() == 64 {
             let (o1, o2) = output.split_at(32);
-            res.output1.copy_from_slice(&o1);
+            res.output1.copy_from_slice(o1);
             res.output2 = Some(o2.try_into().unwrap());
         } else {
             error!("Failed to split HMAC Secret outputs. Unexpected output length: {}. Skipping HMAC extension", output.len());
@@ -324,11 +325,17 @@ impl Ctap2HMACGetSecretOutput {
     }
 }
 
-#[derive(Debug, Default, Clone)]
-pub struct GetAssertionResponseExtensions {
-    // Stored credBlob
-    pub cred_blob: Option<Vec<u8>>,
-    pub hmac_or_prf: GetAssertionHmacOrPrfOutput,
+pub type GetAssertionResponseExtensions = Ctap2GetAssertionResponseExtensions;
+
+#[derive(Debug, Default, Clone, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct GetAssertionResponseUnsignedExtensions {
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub hmac_get_secret: Option<HMACGetSecretOutput>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub large_blob: Option<GetAssertionLargeBlobExtensionOutput>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub prf: Option<GetAssertionPrfOutput>,
 }
 
 #[derive(Debug, Clone)]
@@ -345,7 +352,7 @@ pub struct Assertion {
     pub credentials_count: Option<u32>,
     pub user_selected: Option<bool>,
     pub large_blob_key: Option<Vec<u8>>,
-    pub unsigned_extension_outputs: Option<BTreeMap<Value, Value>>,
+    pub unsigned_extensions_output: Option<GetAssertionResponseUnsignedExtensions>,
     pub enterprise_attestation: Option<bool>,
     pub attestation_statement: Option<Ctap2AttestationStatement>,
 }
diff --git a/libwebauthn/src/proto/ctap2/mod.rs b/libwebauthn/src/proto/ctap2/mod.rs
@@ -25,7 +25,9 @@ pub use model::{
     Ctap2CredentialData, Ctap2CredentialManagementMetadata, Ctap2CredentialManagementRequest,
     Ctap2CredentialManagementResponse, Ctap2RPData,
 };
-pub use model::{Ctap2GetAssertionRequest, Ctap2GetAssertionResponse};
+pub use model::{
+    Ctap2GetAssertionRequest, Ctap2GetAssertionResponse, Ctap2GetAssertionResponseExtensions,
+};
 pub use model::{
     Ctap2MakeCredentialRequest, Ctap2MakeCredentialResponse, Ctap2MakeCredentialsResponseExtensions,
 };
diff --git a/libwebauthn/src/proto/ctap2/model.rs b/libwebauthn/src/proto/ctap2/model.rs
@@ -30,7 +30,7 @@ pub use make_credential::{
 mod get_assertion;
 pub use get_assertion::{
     Ctap2AttestationStatement, Ctap2GetAssertionOptions, Ctap2GetAssertionRequest,
-    Ctap2GetAssertionResponse, FidoU2fAttestationStmt,
+    Ctap2GetAssertionResponse, Ctap2GetAssertionResponseExtensions, FidoU2fAttestationStmt,
 };
 mod credential_management;
 pub use credential_management::{
diff --git a/libwebauthn/src/proto/ctap2/model/get_assertion.rs b/libwebauthn/src/proto/ctap2/model/get_assertion.rs
@@ -2,9 +2,9 @@ use crate::{
     fido::AuthenticatorData,
     ops::webauthn::{
         Assertion, Ctap2HMACGetSecretOutput, GetAssertionHmacOrPrfInput,
-        GetAssertionHmacOrPrfOutput, GetAssertionLargeBlobExtension, GetAssertionRequest,
-        GetAssertionRequestExtensions, GetAssertionResponseExtensions, HMACGetSecretInput,
-        PRFValue,
+        GetAssertionLargeBlobExtension, GetAssertionLargeBlobExtensionOutput,
+        GetAssertionPrfOutput, GetAssertionRequest, GetAssertionRequestExtensions,
+        GetAssertionResponseUnsignedExtensions, HMACGetSecretInput, PRFValue,
     },
     pin::PinUvAuthProtocol,
     transport::AuthTokenData,
@@ -383,9 +383,6 @@ pub struct Ctap2GetAssertionResponse {
     #[serde(skip_serializing_if = "Option::is_none")]
     pub large_blob_key: Option<ByteBuf>,
 
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub unsigned_extension_outputs: Option<BTreeMap<Value, Value>>,
-
     #[serde(skip_serializing_if = "Option::is_none")]
     pub enterprise_attestation: Option<bool>,
 
@@ -438,32 +435,27 @@ impl Ctap2GetAssertionResponse {
         request: &GetAssertionRequest,
         auth_data: Option<&AuthTokenData>,
     ) -> Assertion {
-        let authenticator_data = AuthenticatorData::<GetAssertionResponseExtensions> {
-            rp_id_hash: self.authenticator_data.rp_id_hash,
-            flags: self.authenticator_data.flags,
-            signature_count: self.authenticator_data.signature_count,
-            attested_credential: self.authenticator_data.attested_credential,
-            extensions: self
-                .authenticator_data
-                .extensions
-                .map(|x| x.into_output(request, auth_data)),
-        };
+        let unsigned_extensions_output = self
+            .authenticator_data
+            .extensions
+            .as_ref()
+            .map(|x| x.to_unsigned_extensions(request, &self, auth_data));
         Assertion {
             credential_id: self.credential_id,
-            authenticator_data,
+            authenticator_data: self.authenticator_data,
             signature: self.signature.into_vec(),
             user: self.user,
             credentials_count: self.credentials_count,
             user_selected: self.user_selected,
             large_blob_key: self.large_blob_key.map(ByteBuf::into_vec),
-            unsigned_extension_outputs: self.unsigned_extension_outputs,
+            unsigned_extensions_output,
             enterprise_attestation: self.enterprise_attestation,
             attestation_statement: self.attestation_statement,
         }
     }
 }
 
-#[derive(Debug, Default, Clone, Deserialize)]
+#[derive(Debug, Default, Clone, Serialize, Deserialize)]
 #[serde(rename_all = "camelCase")]
 pub struct Ctap2GetAssertionResponseExtensions {
     // Stored credBlob
@@ -480,14 +472,15 @@ pub struct Ctap2GetAssertionResponseExtensions {
 }
 
 impl Ctap2GetAssertionResponseExtensions {
-    pub(crate) fn into_output(
-        self,
+    pub(crate) fn to_unsigned_extensions(
+        &self,
         request: &GetAssertionRequest,
+        response: &Ctap2GetAssertionResponse,
         auth_data: Option<&AuthTokenData>,
-    ) -> GetAssertionResponseExtensions {
-        let hmac_or_prf = if let Some(orig_ext) = &request.extensions {
+    ) -> GetAssertionResponseUnsignedExtensions {
+        let (hmac_get_secret, prf) = if let Some(orig_ext) = &request.extensions {
             // Decrypt the raw HMAC extension
-            let decrypted_hmac = self.hmac_secret.and_then(|x| {
+            let decrypted_hmac = self.hmac_secret.as_ref().and_then(|x| {
                 if let Some(auth_data) = auth_data {
                     let uv_proto = auth_data.protocol_version.create_protocol_object();
                     x.decrypt_output(&auth_data.shared_secret, &uv_proto)
@@ -498,28 +491,46 @@ impl Ctap2GetAssertionResponseExtensions {
             if let Some(decrypted) = decrypted_hmac {
                 // Repackaging it into output
                 match &orig_ext.hmac_or_prf {
-                    GetAssertionHmacOrPrfInput::None => GetAssertionHmacOrPrfOutput::None,
-                    GetAssertionHmacOrPrfInput::HmacGetSecret(..) => {
-                        GetAssertionHmacOrPrfOutput::HmacGetSecret(decrypted)
-                    }
-                    GetAssertionHmacOrPrfInput::Prf { .. } => GetAssertionHmacOrPrfOutput::Prf {
-                        enabled: true,
-                        result: PRFValue {
-                            first: decrypted.output1,
-                            second: decrypted.output2,
-                        },
-                    },
+                    GetAssertionHmacOrPrfInput::None => (None, None),
+                    GetAssertionHmacOrPrfInput::HmacGetSecret(..) => (Some(decrypted), None),
+                    GetAssertionHmacOrPrfInput::Prf { .. } => (
+                        None,
+                        Some(GetAssertionPrfOutput {
+                            results: Some(PRFValue {
+                                first: decrypted.output1,
+                                second: decrypted.output2,
+                            }),
+                        }),
+                    ),
                 }
             } else {
-                GetAssertionHmacOrPrfOutput::None
+                (None, None)
             }
         } else {
-            GetAssertionHmacOrPrfOutput::None
+            (None, None)
         };
 
-        GetAssertionResponseExtensions {
-            cred_blob: self.cred_blob,
-            hmac_or_prf,
+        // LargeBlobs was requested
+        let large_blob = request
+            .extensions
+            .as_ref()
+            .filter(|x| x.large_blob != GetAssertionLargeBlobExtension::None)
+            .map(|_| {
+                Some(GetAssertionLargeBlobExtensionOutput {
+                    blob: response
+                        .large_blob_key
+                        .as_ref()
+                        .map(|x| x.clone().into_vec()),
+                    // Not yet supported
+                    // written: None,
+                })
+            })
+            .unwrap_or_default();
+
+        GetAssertionResponseUnsignedExtensions {
+            hmac_get_secret,
+            large_blob,
+            prf,
         }
     }
 }
