feat: add support for the U2F Web API (#30438)

* feat: add support for the U2F Web API * chore: fix lint * chore: fix tests * build: disable src caching * Revert "build: disable src caching" This reverts commit c4c8a60fc435a10788475ec171399a55ac2dd674. * chore: update per feedback * chore: consistent code removal
2021-08-30 11:22:46 -07:00 · 2021-08-30 11:22:46 -07:00 · 8007d01874
commit 8007d01874
parent c2da4ec2bc
17 changed files with 579 additions and 3 deletions
--- a/shell/common/extensions/api/BUILD.gn
+++ b/shell/common/extensions/api/BUILD.gn
@ -36,6 +36,7 @@ group("extensions_features") {

 generated_json_strings("generated_api_json_strings") {
  sources = [
+    "cryptotoken_private.idl",
    "extension.json",
    "i18n.json",
    "resources_private.idl",
@ -54,6 +55,7 @@ generated_json_strings("generated_api_json_strings") {

 generated_types("generated_api_types") {
  sources = [
+    "cryptotoken_private.idl",
    "i18n.json",
    "resources_private.idl",
    "tabs.json",
--- a/shell/common/extensions/api/_api_features.json
+++ b/shell/common/extensions/api/_api_features.json
@ -37,5 +37,9 @@
    "matches": [
      "chrome://print/*"
    ]
-  }]
+  }],
+  "cryptotokenPrivate": {
+    "dependencies": ["permission:cryptotokenPrivate"],
+    "contexts": ["blessed_extension"]
+  }
 }
--- a/shell/common/extensions/api/_permission_features.json
+++ b/shell/common/extensions/api/_permission_features.json
@ -11,5 +11,13 @@
    "extension_types": [
      "extension"
    ]
+  },
+  "cryptotokenPrivate": {
+    "channel": "stable",
+    "extension_types": ["extension"],
+    "location": "component",
+    "allowlist": [
+      "E24F1786D842E91E74C27929B0B3715A4689A473"  // Cryptotoken
+    ]
  }
 }
--- a/shell/common/extensions/api/cryptotoken_private.idl
+++ b/shell/common/extensions/api/cryptotoken_private.idl
@ -0,0 +1,63 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// <code>chrome.cryptotokenPrivate</code> API that provides hooks to Chrome to
+// be used by cryptotoken component extension.
+// <p>In the context of this API, an AppId is roughly an origin and is formally
+// defined in
+// <a href="https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-appid-and-facets-v1.2-ps-20170411.html">
+// the FIDO spec</a></p>
+namespace cryptotokenPrivate {
+
+  callback BooleanCallback = void(boolean result);
+  callback VoidCallback = void();
+
+  dictionary CanAppIdGetAttestationOptions {
+    // The AppId (see definition, above) that was used in the registration
+    // request and which has been authenticated by |canOriginAssertAppId|.
+    DOMString appId;
+    // The origin of the caller.
+    DOMString origin;
+    // Identifies the tab in which the registration is occuring so that any
+    // permissions prompt is correctly located.
+    long tabId;
+  };
+
+  interface Functions {
+    // Checks whether the origin is allowed to assert the appId, according to
+    // the same origin policy defined at
+    // http://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/
+    //     fido-appid-and-facets-ps-20141009.html
+    // |securityOrigin| is the origin as seen by the extension, and |appIdUrl|
+    // is the appId being asserted by the origin.
+    static void canOriginAssertAppId(DOMString securityOrigin,
+                                     DOMString appIdUrl,
+                                     BooleanCallback callback);
+
+    // Checks whether the given appId is specified in the
+    // SecurityKeyPermitAttestation policy. This causes a signal to be sent to
+    // the token that informs it that an individually-identifying attestation
+    // certificate may be used. Without that signal, the token is required to
+    // use its batch attestation certificate.
+    static void isAppIdHashInEnterpriseContext(ArrayBuffer appIdHash,
+                                               BooleanCallback callback);
+
+    // Checks whether the given appId may receive attestation data that
+    // identifies the token. If not, the attestation from the token must be
+    // substituted with a randomly generated certificate since webauthn and U2F
+    // require that some attestation be provided.
+    static void canAppIdGetAttestation(CanAppIdGetAttestationOptions options,
+                                       BooleanCallback callback);
+
+    // Increments the WebFeature::kU2FCryptotokenRegister UseCounter for the
+    // main frame associated with |tabId|.
+    static void recordRegisterRequest(long tabId, long frameId,
+                                      optional VoidCallback callback);
+
+    // Increments the WebFeature::kU2FCryptotokenSign UseCounter for the
+    // main frame associated with |tabId|.
+    static void recordSignRequest(long tabId, long frameId,
+                                  optional VoidCallback callback);
+  };
+};