Do not require clientExtensions in clientDataJSON

It is not included in the output from Firefox 92.1.1 on Android. It *is*
included when using the same key on Firefox 78.14.0esr on Linux.
This commit is contained in:
Reynir Björnsson 2021-10-06 17:13:41 +02:00
parent 78be1d42df
commit defc231491
2 changed files with 20 additions and 6 deletions

View file

@ -297,7 +297,7 @@ type registration = {
sign_count : Int32.t ; sign_count : Int32.t ;
attested_credential_data : credential_data ; attested_credential_data : credential_data ;
authenticator_extensions : (string * CBOR.Simple.t) list option ; authenticator_extensions : (string * CBOR.Simple.t) list option ;
client_extensions : (string * Yojson.Safe.t) list ; client_extensions : (string * Yojson.Safe.t) list option ;
certificate : X509.Certificate.t option ; certificate : X509.Certificate.t option ;
} }
@ -326,7 +326,14 @@ let register t response =
json_get "origin" client_data >>= json_string "origin" >>= fun origin -> json_get "origin" client_data >>= json_string "origin" >>= fun origin ->
guard (String.equal t.origin origin) guard (String.equal t.origin origin)
(`Origin_mismatch (t.origin, origin)) >>= fun () -> (`Origin_mismatch (t.origin, origin)) >>= fun () ->
json_get "clientExtensions" client_data >>= json_assoc "clientExtensions" >>= fun client_extensions -> let client_extensions = Result.to_option (json_get "clientExtensions" client_data) in
begin match client_extensions with
| Some client_extensions ->
json_assoc "clientExtensions" client_extensions >>= fun client_extensions ->
Ok (Some client_extensions)
| None ->
Ok None
end >>= fun client_extensions ->
parse_attestation_object response.attestation_object >>= fun (auth_data, attestation_statement) -> parse_attestation_object response.attestation_object >>= fun (auth_data, attestation_statement) ->
let rpid_hash = Mirage_crypto.Hash.SHA256.digest (Cstruct.of_string (rpid t)) in let rpid_hash = Mirage_crypto.Hash.SHA256.digest (Cstruct.of_string (rpid t)) in
guard (Cstruct.equal auth_data.rpid_hash rpid_hash) guard (Cstruct.equal auth_data.rpid_hash rpid_hash)
@ -373,7 +380,7 @@ type authentication = {
user_verified : bool ; user_verified : bool ;
sign_count : Int32.t ; sign_count : Int32.t ;
authenticator_extensions : (string * CBOR.Simple.t) list option ; authenticator_extensions : (string * CBOR.Simple.t) list option ;
client_extensions : (string * Yojson.Safe.t) list ; client_extensions : (string * Yojson.Safe.t) list option ;
} }
type authenticate_response = { type authenticate_response = {
@ -402,7 +409,14 @@ let authenticate t public_key response =
json_get "origin" client_data >>= json_string "origin" >>= fun origin -> json_get "origin" client_data >>= json_string "origin" >>= fun origin ->
guard (String.equal t.origin origin) guard (String.equal t.origin origin)
(`Origin_mismatch (t.origin, origin)) >>= fun () -> (`Origin_mismatch (t.origin, origin)) >>= fun () ->
json_get "clientExtensions" client_data >>= json_assoc "clientExtensions" >>= fun client_extensions -> let client_extensions = Result.to_option (json_get "clientExtensions" client_data) in
begin match client_extensions with
| Some client_extensions ->
json_assoc "clientExtensions" client_extensions >>= fun client_extensions ->
Ok (Some client_extensions)
| None ->
Ok None
end >>= fun client_extensions ->
parse_auth_data response.authenticator_data >>= fun auth_data -> parse_auth_data response.authenticator_data >>= fun auth_data ->
let rpid_hash = Mirage_crypto.Hash.SHA256.digest (Cstruct.of_string (rpid t)) in let rpid_hash = Mirage_crypto.Hash.SHA256.digest (Cstruct.of_string (rpid t)) in
guard (Cstruct.equal auth_data.rpid_hash rpid_hash) guard (Cstruct.equal auth_data.rpid_hash rpid_hash)

View file

@ -105,7 +105,7 @@ type registration = {
sign_count : Int32.t ; sign_count : Int32.t ;
attested_credential_data : credential_data ; attested_credential_data : credential_data ;
authenticator_extensions : (string * CBOR.Simple.t) list option ; authenticator_extensions : (string * CBOR.Simple.t) list option ;
client_extensions : (string * Yojson.Safe.t) list ; client_extensions : (string * Yojson.Safe.t) list option ;
certificate : X509.Certificate.t option ; certificate : X509.Certificate.t option ;
} }
@ -134,7 +134,7 @@ type authentication = {
user_verified : bool ; user_verified : bool ;
sign_count : Int32.t ; sign_count : Int32.t ;
authenticator_extensions : (string * CBOR.Simple.t) list option ; authenticator_extensions : (string * CBOR.Simple.t) list option ;
client_extensions : (string * Yojson.Safe.t) list ; client_extensions : (string * Yojson.Safe.t) list option ;
} }
(** The type for an authentication response. *) (** The type for an authentication response. *)