dom/webauthn/nsIWebAuthnController.idl


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205

/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsISupports.idl"
#include "nsIU2FTokenManager.idl"

typedef long COSEAlgorithmIdentifier;

// The nsICtapRegisterArgs interface encapsulates the arguments to the CTAP
// authenticatorMakeCredential command as defined in
//   https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorMakeCredential
// It is essentially a shim that allows data to be copied from an IPDL-defined
// WebAuthnMakeCredentialInfo C++ struct to an authenticator-rs defined
// RegisterArgsCtap2 Rust struct.
//
[uuid(2fc8febe-a277-11ed-bda2-8f6495a5e75c)]
interface nsICtapRegisterArgs : nsISupports {
    // TODO(Bug 1820035) The origin is only used for prompt callbacks. Refactor and remove.
    readonly attribute AString origin;

    readonly attribute Array<octet> clientDataHash;

    // A PublicKeyCredentialRpEntity
    readonly attribute AString rpId;
    [must_use] readonly attribute AString rpName;

    // A PublicKeyCredentialUserEntity
    [must_use] readonly attribute Array<octet> userId;
    [must_use] readonly attribute AString userName;
    [must_use] readonly attribute AString userDisplayName;

    // The spec defines this as a sequence<PublicKeyCredentialParameters>.
    // We require type = "public-key" and only serialize the alg fields.
    [must_use] readonly attribute Array<COSEAlgorithmIdentifier> coseAlgs;

    // The spec defines this as a sequence<PublicKeyCredentialDescriptor>.
    // We only include the ID field, as the transport field is optional and we
    // can assume that the type is "public-key".
    readonly attribute Array<Array<octet> > excludeList;

    // CTAP2 passes extensions in a CBOR map of extension identifier ->
    // WebAuthn AuthenticationExtensionsClientInputs. That's not feasible here.
    // So we define a getter for each supported extension input and use the
    // return code to signal presence.
    [must_use] readonly attribute bool hmacCreateSecret;

    // Options.
    [must_use] readonly attribute AString residentKey;
    [must_use] readonly attribute AString userVerification;
    [must_use] readonly attribute AString authenticatorAttachment;

    // This is the WebAuthn PublicKeyCredentialCreationOptions timeout.
    // Arguably we don't need to pass it through since WebAuthnController can
    // cancel transactions.
    readonly attribute uint32_t timeoutMS;

    // This is the WebAuthn PublicKeyCredentialCreationOptions attestation.
    // We might overwrite the provided value with "none" if the user declines the
    // consent popup.
    [must_use] readonly attribute AString attestationConveyancePreference;
};

// The nsICtapSignArgs interface encapsulates the arguments to the CTAP
// authenticatorGetAssertion command as defined in
//   https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorGetAssertion
// It is essentially a shim that allows data to be copied from an IPDL-defined
// WebAuthnGetAssertionInfo C++ struct to an authenticator-rs defined
// SignArgsCtap2 Rust struct.
//
[uuid(2e621cf4-a277-11ed-ae00-bf41a54ef553)]
interface nsICtapSignArgs : nsISupports {
    // TODO(Bug 1820035) The origin is only used for prompt callbacks. Refactor and remove.
    readonly attribute AString origin;

    // The spec only asks for the ID field of a PublicKeyCredentialRpEntity here
    readonly attribute AString rpId;

    readonly attribute Array<octet> clientDataHash;

    // The spec defines this as a sequence<PublicKeyCredentialDescriptor>.
    // We only include the ID field, as the transport field is optional and we
    // can assume that the type is "public-key".
    readonly attribute Array<Array<octet> > allowList;

    // CTAP2 passes extensions in a CBOR map of extension identifier ->
    // WebAuthn AuthenticationExtensionsClientInputs. That's not feasible here.
    // So we define a getter for each supported extension input and use the
    // return code to signal presence.
    [must_use] readonly attribute bool hmacCreateSecret;
    [must_use] readonly attribute AString appId;
    [must_use] readonly attribute Array<octet> appIdHash;

    // Options
    [must_use] readonly attribute AString userVerification;

    // This is the WebAuthn PublicKeyCredentialCreationOptions timeout.
    // Arguably we don't need to pass it through since WebAuthnController can
    // cancel transactions.
    readonly attribute unsigned long timeoutMS;
};

// The nsICtapRegisterResult interface is used to construct IPDL-defined
// WebAuthnMakeCredentialResult from either Rust or C++.
//
[uuid(0567c384-a728-11ed-85f7-030324a370f0)]
interface nsICtapRegisterResult : nsISupports {
    readonly attribute nsresult status;

    // The serialied attestation object as defined in
    // https://www.w3.org/TR/webauthn-2/#sctn-attestation
    // Includes the format, the attestation statement, and
    // the authenticator data.
    readonly attribute Array<octet> attestationObject;

    // The Credential ID field of the Attestation Object's Attested
    // Credential Data. This is used to construct the rawID field of a
    // WebAuthn PublicKeyCredential without having to parse the
    // attestationObject.
    readonly attribute Array<octet> credentialId;

    // Bug 1536155
    // readonly attribute Array<AString> transports;

    // Bug 1816519
    // readonly attribute Array<octet> authenticatorData;

    // Bug 1816520
    // readonly attribute Array<octet> publicKey
    // readonly attribute COSEAlgorithmIdentifier publicKeyAlgorithm;

    // bug 1593571
    // readonly attribute bool hmacCreateSecret;
};


// The nsICtapSignResult interface is used to construct IPDL-defined
// WebAuthnGetAssertionResult from either Rust or C++.
//
[uuid(05fff816-a728-11ed-b9ac-ff38cc2c8c28)]
interface nsICtapSignResult : nsISupports {
    readonly attribute nsresult status;

    // The ID field of the PublicKeyCredentialDescriptor returned
    // from authenticatorGetAssertion.
    readonly attribute Array<octet> credentialId;

    // The authData field of the authenticatorGetAssertion response
    readonly attribute Array<octet> authenticatorData;

    // The signature field of the authenticatorGetAssertion response
    readonly attribute Array<octet> signature;

    // The ID field of the PublicKeyCredentialUserEntity returned from
    // authenticatorGetAssertion. (Optional)
    [must_use] readonly attribute Array<octet> userHandle;

    // The displayName field of the PublicKeyCredentialUserEntity
    // returned from authenticatorGetAssertion. (Optional)
    [must_use] readonly attribute ACString userName;

    // The SHA-256 hash of the RP ID of the requester. Used to
    // implement the FIDO AppID extension.
    readonly attribute Array<octet> rpIdHash;

    // bug 1593571
    // readonly attribute bool hmacCreateSecret;
};

// The nsIWebAuthnController interface coordinates interactions between the user
// and the authenticator to drive a WebAuthn transaction forward.
// It allows an nsIWebAuthnTransport to
//      1) prompt the user for input,
//      2) receive a callback from a prompt, and
//      3) return results to the content process.
//
[scriptable, uuid(c0744f48-ad64-11ed-b515-cf5149f4d6a6)]
interface nsIWebAuthnController : nsIU2FTokenManager
{
    // Prompt callbacks
    void pinCallback(in uint64_t aTransactionId, in ACString aPin);
    void signatureSelectionCallback(in uint64_t aTransactionId, in uint64_t aIndex);

    // Authenticator callbacks
    [noscript] void sendPromptNotificationPreformatted(in uint64_t aTransactionId, in ACString aJSON);
    [noscript] void finishRegister(in uint64_t aTransactionId, in nsICtapRegisterResult aResult);
    [noscript] void finishSign(in uint64_t aTransactionId, in Array<nsICtapSignResult> aResult);
};

// The nsIWebAuthnTransport interface allows a C++ implemented nsIWebAuthnController to interact
// with authenticators written in both Rust and C++
[uuid(e236a9b4-a26f-11ed-b6cc-07a9834e19b1)]
interface nsIWebAuthnTransport : nsISupports
{
    attribute nsIWebAuthnController controller;

    void makeCredential(in uint64_t aTransactionId, in uint64_t browsingContextId, in nsICtapRegisterArgs args);
    void getAssertion(in uint64_t aTransactionId, in uint64_t browsingContextId, in nsICtapSignArgs args);

    // These are prompt callbacks but they're not intended to be called directly from
    // JavaScript---they are proxied through the nsIWebAuthnController first.
    [noscript] void pinCallback(in uint64_t aTransactionId, in ACString aPin);
    [noscript] void cancel();
};