Fido: Add support for proper attestation (304c3522) · Commits · e / os / GmsCore

play-services-fido-core/build.gradle

+2 −0

Original line number	Diff line number	Diff line
		@@ -13,6 +13,8 @@ dependencies {
		api project(':play-services-fido-api')

		implementation project(':play-services-base-core')
		implementation project(':play-services-safetynet')
		implementation project(':play-services-tasks-ktx')

		implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlinVersion"
		implementation "org.jetbrains.kotlinx:kotlinx-coroutines-core:$coroutineVersion"

+3 −0

Original line number	Diff line number	Diff line
		@@ -64,6 +64,9 @@ val RequestOptions.rpId: String
		SIGN -> signOptions.rpId
		}

		val PublicKeyCredentialCreationOptions.skipAttestation: Boolean
		get() = attestationConveyancePreference in setOf(AttestationConveyancePreference.NONE, null)

		fun RequestOptions.checkIsValid(context: Context) {
		if (type == REGISTER) {
		if (registerOptions.authenticatorSelection.requireResidentKey == true) {

+9 −2

Original line number	Diff line number	Diff line
		@@ -17,8 +17,10 @@ import android.os.Parcel
		import androidx.lifecycle.Lifecycle
		import androidx.lifecycle.LifecycleOwner
		import androidx.lifecycle.lifecycleScope
		import com.google.android.gms.common.Feature
		import com.google.android.gms.common.api.CommonStatusCodes
		import com.google.android.gms.common.api.Status
		import com.google.android.gms.common.internal.ConnectionInfo
		import com.google.android.gms.common.internal.GetServiceRequest
		import com.google.android.gms.common.internal.IGmsCallbacks
		import com.google.android.gms.fido.fido2.api.IBooleanCallback
		@@ -43,10 +45,15 @@ const val TAG = "Fido2Privileged"

		class Fido2PrivilegedService : BaseService(TAG, FIDO2_PRIVILEGED) {
		override fun handleServiceRequest(callback: IGmsCallbacks, request: GetServiceRequest, service: GmsService) {
		callback.onPostInitComplete(
		callback.onPostInitCompleteWithConnectionInfo(
		CommonStatusCodes.SUCCESS,
		Fido2PrivilegedServiceImpl(this, lifecycle).asBinder(),
		null
		ConnectionInfo().apply {
		features = arrayOf(
		Feature("is_user_verifying_platform_authenticator_available", 1),
		Feature("is_user_verifying_platform_authenticator_available_for_credential", 1)
		)
		}
		);
		}
		}

0 → 100644

+30 −0

Original line number	Diff line number	Diff line
		/*
		* SPDX-FileCopyrightText: 2022 microG Project Team
		* SPDX-License-Identifier: Apache-2.0
		*/

		package org.microg.gms.fido.core.protocol

		import com.google.android.gms.fido.fido2.api.common.Algorithm
		import com.upokecenter.cbor.CBORObject

		class AndroidKeyAttestationObject(
		authData: AuthenticatorData,
		val alg: Algorithm,
		val sig: ByteArray,
		val x5c: List<ByteArray>
		) :
		AttestationObject(authData.encode()) {
		override val fmt: String
		get() = "android-key"
		override val attStmt: CBORObject
		get() = CBORObject.NewMap().apply {
		set("alg", alg.algoValue.encodeAsCbor())
		set("sig", sig.encodeAsCbor())
		set("x5c", CBORObject.NewArray().apply {
		for (certificate in x5c) {
		Add(certificate.encodeAsCbor())
		}
		})
		}
		}

+0 −3

Original line number	Diff line number	Diff line
		@@ -5,10 +5,7 @@

		package org.microg.gms.fido.core.protocol

		import android.util.Base64
		import android.util.Log
		import com.upokecenter.cbor.CBORObject
		import org.microg.gms.utils.toBase64
		import java.io.ByteArrayInputStream
		import java.nio.ByteBuffer
		import java.nio.ByteOrder