Added basic key management and signing procedures

Author: dimitribouniol

Sources/WebAuthn/Authenticators/KeyPairAuthenticator.swift

@@ -13,7 +13,7 @@
 //===----------------------------------------------------------------------===//
 
 import Foundation
-import Crypto
+@preconcurrency import Crypto
 
 public struct KeyPairAuthenticator: AuthenticatorProtocol, Sendable {
     public let attestationGloballyUniqueID: AAGUID
@@ -25,8 +25,21 @@ public struct KeyPairAuthenticator: AuthenticatorProtocol, Sendable {
     /// The specific subset the client fully supports, in case more are added over time.
     static let implementedPublicKeyCredentialParameterSubset: Set<PublicKeyCredentialParameters> = [
         PublicKeyCredentialParameters(alg: .algES256),
+        PublicKeyCredentialParameters(alg: .algES384),
+        PublicKeyCredentialParameters(alg: .algES512),
     ]
 
+    /// Generate credentials for the full subset the implementation supports.
+    ///
+    /// This list must match those supported in ``KeyPairAuthenticator/implementedPublicKeyCredentialParameterSubset``.
+    static func generateCredentialSourceKey(for chosenCredentialParameters: PublicKeyCredentialParameters) -> CredentialSource.Key {
+        switch chosenCredentialParameters.alg {
+        case .algES256: .es256(P256.Signing.PrivateKey(compactRepresentable: false))
+        case .algES384: .es384(P384.Signing.PrivateKey(compactRepresentable: false))
+        case .algES512: .es521(P521.Signing.PrivateKey(compactRepresentable: false))
+        }
+    }
+    
     /// Initialize a key-pair based authenticator with a globally unique ID representing your application.
     /// - Note: To generate an AAGUID, run `% uuidgen` in your terminal. This value should generally not change across installations or versions of your app, and should be the same for every user.
     /// - Parameter attestationGloballyUniqueID: The AAGUID associated with the authenticator.
@@ -48,7 +61,13 @@ public struct KeyPairAuthenticator: AuthenticatorProtocol, Sendable {
         relyingPartyID: PublicKeyCredentialRelyingPartyEntity.ID,
         userHandle: PublicKeyCredentialUserEntity.ID
     ) async throws -> CredentialSource {
-        throw WebAuthnError.unsupported
+        CredentialSource(
+            id: UUID(),
+            key: Self.generateCredentialSourceKey(for: credentialParameters),
+            relyingPartyID: relyingPartyID,
+            userHandle: userHandle, 
+            counter: 0
+        )
     }
 
     public func filteredCredentialDescriptors(
@@ -72,17 +91,46 @@ public struct KeyPairAuthenticator: AuthenticatorProtocol, Sendable {
 
 extension KeyPairAuthenticator {
     public struct CredentialSource: AuthenticatorCredentialSourceProtocol, Sendable {
+        public enum Key: Sendable {
+            case es256(P256.Signing.PrivateKey)
+            case es384(P384.Signing.PrivateKey)
+            case es521(P521.Signing.PrivateKey)
+        }
+        
         public var id: UUID
+        public var key: Key
         public var relyingPartyID: PublicKeyCredentialRelyingPartyEntity.ID
         public var userHandle: PublicKeyCredentialUserEntity.ID
         public var counter: UInt32
 
         public var credentialParameters: PublicKeyCredentialParameters {
-            PublicKeyCredentialParameters(alg: .algES256)
+            switch key {
+            case .es256: PublicKeyCredentialParameters(alg: .algES256)
+            case .es384: PublicKeyCredentialParameters(alg: .algES384)
+            case .es521: PublicKeyCredentialParameters(alg: .algES512)
+            }
         }
 
         public var rawKeyData: Data {
-            Data()
+            switch key {
+            case .es256(let privateKey): privateKey.rawRepresentation
+            case .es384(let privateKey): privateKey.rawRepresentation
+            case .es521(let privateKey): privateKey.rawRepresentation
+            }
+        }
+        
+        public init(
+            id: ID,
+            key: Key,
+            relyingPartyID: PublicKeyCredentialRelyingPartyEntity.ID,
+            userHandle: PublicKeyCredentialUserEntity.ID,
+            counter: UInt32
+        ) {
+            self.id = id
+            self.key = key
+            self.relyingPartyID = relyingPartyID
+            self.userHandle = userHandle
+            self.counter = 0
         }
 
         public init(
@@ -97,6 +145,11 @@ extension KeyPairAuthenticator {
             else { throw WebAuthnError.unsupportedCredentialPublicKeyType }
 
             self.id = id
+            switch credentialParameters.alg {
+            case .algES256: key = .es256(try P256.Signing.PrivateKey(rawRepresentation: rawKeyData))
+            case .algES384: key = .es384(try P384.Signing.PrivateKey(rawRepresentation: rawKeyData))
+            case .algES512: key = .es521(try P521.Signing.PrivateKey(rawRepresentation: rawKeyData))
+            }
             self.relyingPartyID = relyingPartyID
             self.userHandle = userHandle
             self.counter = counter
@@ -106,7 +159,12 @@ extension KeyPairAuthenticator {
             authenticatorData: [UInt8],
             clientDataHash: SHA256Digest
         ) throws -> [UInt8] {
-            throw WebAuthnError.unsupported
+            let digest = authenticatorData + clientDataHash
+            return switch key {
+            case .es256(let privateKey): Array(try privateKey.signature(for: digest).derRepresentation)
+            case .es384(let privateKey): Array(try privateKey.signature(for: digest).derRepresentation)
+            case .es521(let privateKey): Array(try privateKey.signature(for: digest).derRepresentation)
+            }
         }
     }
 }

Sources/WebAuthn/Authenticators/Protocol/AuthenticatorProtocol.swift

@@ -61,6 +61,8 @@ public protocol AuthenticatorProtocol<CredentialSource> {
     /// Make credentials for the specified registration request, returning the credential source that the caller should store for subsequent authentication.
     ///
     /// - Important: Depending on the authenticator being used, the credential source may contain private keys, and must be stored sequirely, such as in the user's Keychain, or in a Hardware Security Module appropriate with the level of security you wish to secure your user's account with.
+    /// - SeeAlso: [WebAuthn Level 3 Editor's Draft §5.1.3. Create a New Credential - PublicKeyCredential’s Create(origin, options, sameOriginWithAncestors) Method, Step 25.]( https://w3c.github.io/webauthn/#CreateCred-async-loop)
+    /// - SeeAlso: [WebAuthn Level 3 Editor's Draft §6.3.2. The authenticatorMakeCredential Operation](https://w3c.github.io/webauthn/#sctn-op-make-cred)
     func makeCredentials(with registration: AttestationRegistrationRequest) async throws -> CredentialSource
 
     /// Filter the provided credential descriptors to determine which, if any, should be handled by this authenticator.
@@ -124,9 +126,136 @@ extension AuthenticatorProtocol {
     public func makeCredentials(
         with registration: AttestationRegistrationRequest
     ) async throws -> CredentialSource {
+        /// See [WebAuthn Level 3 Editor's Draft §5.1.3. Create a New Credential - PublicKeyCredential’s Create(origin, options, sameOriginWithAncestors) Method, Step 25.]( https://w3c.github.io/webauthn/#CreateCred-async-loop)
+        /// Step 1. This authenticator is now the candidate authenticator.
+        /// Step 2. If pkOptions.authenticatorSelection is present:
+        ///     1. If pkOptions.authenticatorSelection.authenticatorAttachment is present and its value is not equal to authenticator’s authenticator attachment modality, continue.
+        ///     2. If pkOptions.authenticatorSelection.residentKey
+        ///         → is present and set to required
+        ///             If the authenticator is not capable of storing a client-side discoverable public key credential source, continue.
+        ///         → is present and set to preferred or discouraged
+        ///             No effect.
+        ///         → is not present
+        ///             if pkOptions.authenticatorSelection.requireResidentKey is set to true and the authenticator is not capable of storing a client-side discoverable public key credential source, continue.
+        ///     6. If pkOptions.authenticatorSelection.userVerification is set to required and the authenticator is not capable of performing user verification, continue.
+        // Skip.
+        
+        /// Step 3. Let requireResidentKey be the effective resident key requirement for credential creation, a Boolean value, as follows:
+        ///     If pkOptions.authenticatorSelection.residentKey
+        ///         → is present and set to required
+        ///             Let requireResidentKey be true.
+        ///         → is present and set to preferred
+        ///             If the authenticator
+        ///                 → is capable of client-side credential storage modality
+        ///                     Let requireResidentKey be true.
+        ///                 → is not capable of client-side credential storage modality, or if the client cannot determine authenticator capability,
+        ///                     Let requireResidentKey be false.
+        ///         → is present and set to discouraged
+        ///             Let requireResidentKey be false.
+        ///         → is not present
+        ///             Let requireResidentKey be the value of pkOptions.authenticatorSelection.requireResidentKey.
+        let requiresClientSideKeyStorage = false
+        
+        /// Step 10. Let userVerification be the effective user verification requirement for credential creation, a Boolean value, as follows. If pkOptions.authenticatorSelection.userVerification
+        ///     → is set to required
+        ///         Let userVerification be true.
+        ///     → is set to preferred
+        ///         If the authenticator
+        ///             → is capable of user verification
+        ///                 Let userVerification be true.
+        ///             → is not capable of user verification
+        ///                 Let userVerification be false.
+        ///     → is set to discouraged
+        ///         Let userVerification be false.
+        let shouldPerformUserVerification = false
+        
+        /// Step 16. Let enterpriseAttestationPossible be a Boolean value, as follows. If pkOptions.attestation
+        ///     → is set to enterprise
+        ///         Let enterpriseAttestationPossible be true if the user agent wishes to support enterprise attestation for pkOptions.rp.id (see Step 8, above). Otherwise false.
+        ///     → otherwise
+        ///         Let enterpriseAttestationPossible be false.
+        let isEnterpriseAttestationPossible = false
+        
+        /// Step 19. Let attestationFormats be a list of strings, initialized to the value of pkOptions.attestationFormats.
+        /// Step 20. If pkOptions.attestation
+        ///     → is set to none
+        ///         Set attestationFormats be the single-element list containing the string “none”
+        guard case .none = registration.options.attestation else { throw WebAuthnError.attestationFormatNotSupported }
+        
+        /// Step 22. Let excludeCredentialDescriptorList be a new list.
+        /// Step 23. For each credential descriptor C in pkOptions.excludeCredentials:
+        ///     1. If C.transports is not empty, and authenticator is connected over a transport not mentioned in C.transports, the client MAY continue.
+        ///     2. Otherwise, Append C to excludeCredentialDescriptorList.
+        ///     3. Invoke the authenticatorMakeCredential operation on authenticator with clientDataHash, pkOptions.rp, pkOptions.user, requireResidentKey, userVerification, credTypesAndPubKeyAlgs, excludeCredentialDescriptorList, enterpriseAttestationPossible, attestationFormats, and authenticatorExtensions as parameters.
+        /// Step 24. Append authenticator to issuedRequests.
+        
+        /// See [WebAuthn Level 3 Editor's Draft §6.3.2. The authenticatorMakeCredential Operation](https://w3c.github.io/webauthn/#sctn-op-make-cred)
+        /// Step 1. Check if all the supplied parameters are syntactically well-formed and of the correct length. If not, return an error code equivalent to "UnknownError" and terminate the operation.
+        /// Step 2. Check if at least one of the specified combinations of PublicKeyCredentialType and cryptographic parameters in credTypesAndPubKeyAlgs is supported. If not, return an error code equivalent to "NotSupportedError" and terminate the operation.
         guard let chosenCredentialParameters = registration.publicKeyCredentialParameters.first(where: supportedPublicKeyCredentialParameters.contains(_:))
         else { throw WebAuthnError.noSupportedCredentialParameters }
 
-        throw WebAuthnError.unsupported
+        /// Step 3. For each descriptor of excludeCredentialDescriptorList:
+        ///     1. If looking up descriptor.id in this authenticator returns non-null, and the returned item's RP ID and type match rpEntity.id and excludeCredentialDescriptorList.type respectively, then collect an authorization gesture confirming user consent for creating a new credential. The authorization gesture MUST include a test of user presence. If the user
+        ///         → confirms consent to create a new credential
+        ///             return an error code equivalent to "InvalidStateError" and terminate the operation.
+        ///         → does not consent to create a new credential
+        ///             return an error code equivalent to "NotAllowedError" and terminate the operation.
+        ///         NOTE: The purpose of this authorization gesture is not to proceed with creating a credential, but for privacy reasons to authorize disclosure of the fact that descriptor.id is bound to this authenticator. If the user consents, the client and Relying Party can detect this and guide the user to use a different authenticator. If the user does not consent, the authenticator does not reveal that descriptor.id is bound to it, and responds as if the user simply declined consent to create a credential.
+        /// Step 4. If requireResidentKey is true and the authenticator cannot store a client-side discoverable public key credential source, return an error code equivalent to "ConstraintError" and terminate the operation.
+        /// Step 5. If requireUserVerification is true and the authenticator cannot perform user verification, return an error code equivalent to "ConstraintError" and terminate the operation.
+        /// Step 6. Collect an authorization gesture confirming user consent for creating a new credential. The prompt for the authorization gesture is shown by the authenticator if it has its own output capability, or by the user agent otherwise. The prompt SHOULD display rpEntity.id, rpEntity.name, userEntity.name and userEntity.displayName, if possible.
+        ///     → If requireUserVerification is true, the authorization gesture MUST include user verification.
+        ///     → If requireUserPresence is true, the authorization gesture MUST include a test of user presence.
+        ///     → If the user does not consent or if user verification fails, return an error code equivalent to "NotAllowedError" and terminate the operation.
+        /// Step 7. Once the authorization gesture has been completed and user consent has been obtained, generate a new credential object:
+        ///     1. Let (publicKey, privateKey) be a new pair of cryptographic keys using the combination of PublicKeyCredentialType and cryptographic parameters represented by the first item in credTypesAndPubKeyAlgs that is supported by this authenticator.
+        ///     2. Let userHandle be userEntity.id.
+        ///     3. Let credentialSource be a new public key credential source with the fields:
+        ///         type
+        ///             public-key.
+        ///         privateKey
+        ///             privateKey
+        ///         rpId
+        ///             rpEntity.id
+        ///         userHandle
+        ///             userHandle
+        ///         otherUI
+        ///             Any other information the authenticator chooses to include.
+        ///     4. If requireResidentKey is true or the authenticator chooses to create a client-side discoverable public key credential source:
+        ///         1. Let credentialId be a new credential id.
+        ///         2. Set credentialSource.id to credentialId.
+        ///         3. Let credentials be this authenticator’s credentials map.
+        ///         4. Set credentials[(rpEntity.id, userHandle)] to credentialSource.
+        ///     5. Otherwise:
+        ///         Let credentialId be the result of serializing and encrypting credentialSource so that only this authenticator can decrypt it.
+        let credentialSource = try await generateCredentialSource(
+            requiresClientSideKeyStorage: requiresClientSideKeyStorage, credentialParameters: chosenCredentialParameters,
+            relyingPartyID: registration.options.relyingParty.id, userHandle: registration.options.user.id
+        )
+        
+        /// Step 8. If any error occurred while creating the new credential object, return an error code equivalent to "UnknownError" and terminate the operation.
+        /// Step 9. Let processedExtensions be the result of authenticator extension processing for each supported extension identifier → authenticator extension input in extensions.
+        /// Step 10. If the authenticator:
+        ///     → is a U2F device
+        ///         let the signature counter value for the new credential be zero. (U2F devices may support signature counters but do not return a counter when making a credential. See [FIDO-U2F-Message-Formats].)
+        ///     → supports a global signature counter
+        ///         Use the global signature counter's actual value when generating authenticator data.
+        ///     → supports a per credential signature counter
+        ///         allocate the counter, associate it with the new credential, and initialize the counter value as zero.
+        ///     → does not support a signature counter
+        ///         let the signature counter value for the new credential be constant at zero.
+        /// Step 15. Let attestedCredentialData be the attested credential data byte array including the credentialId and publicKey.
+        /// Step 16. Let attestationFormat be the first supported attestation statement format identifier from attestationFormats, taking into account enterpriseAttestationPossible. If attestationFormats contains no supported value, then let attestationFormat be the attestation statement format identifier most preferred by this authenticator.
+        /// Step 17. Let authenticatorData be the byte array specified in § 6.1 Authenticator Data, including attestedCredentialData as the attestedCredentialData and processedExtensions, if any, as the extensions.
+        /// Step 18. Create an attestation object for the new credential using the procedure specified in § 6.5.4 Generating an Attestation Object, the attestation statement format attestationFormat, and the values authenticatorData and hash, as well as taking into account the value of enterpriseAttestationPossible. For more details on attestation, see § 6.5 Attestation.
+        /// On successful completion of this operation, the authenticator returns the attestation object to the client.
+//        try await registration.attemptRegistration.submitAttestationObject(
+//            attestationFormat: <#T##AttestationFormat#>,
+//            authenticatorData: <#T##AuthenticatorData#>,
+//            attestationStatement: <#T##CBOR#>
+//        )
+        
+        return credentialSource
     }
 }