hwsecurity icon indicating copy to clipboard operation
hwsecurity copied to clipboard

Published 20 hours ago verified publisher icon hwsecurity-sdk

Implement HMAC-Secret extension

Open BryanJacobs opened this issue 3 years ago • 0 comments
trafficstars

This adds the ability for Android apps (not web pages) to use the hwsecurity library to:

  • register credentials with the FIDO2 hmac-secret extension enabled
  • pass salts in to authenticators with getAssertion calls
  • retrieve decrypted results back from the authenticator

It also lays the basic groundwork for supporting PIN Protocol 2, defined as a mandatory part of FIDO2 CTAP2.1.

Example usage for create:

        val extensionParams = listOf(
            ExtensionParameter.create(
                Common.HMAC_SECRET_EXTENSION,
                BooleanExtensionParameterValue.create(true)
            )
        )

        val registerRequest = PublicKeyCredentialCreationOptions.create(
            [...],
            extensionParams
        )

Example usage for getAssertion:

private fun showAuthenticateDialog(hmacSalt1: ByteArray, hmacSalt2: ByteArray?) {
        val extensionParams = if (hmacSalts == null) null else listOf(
            ExtensionParameter.create(
                Common.HMAC_SECRET_EXTENSION,
                HmacSecretExtensionParameterValue.create(
                    hmacSalt1,
                    hmacSalt2
                )
            )
        )

        val authenticateRequest = PublicKeyCredentialRequestOptions.create(
           [...],
            extensionParams
        )

[...]

    override fun onGetAssertionResponse(publicKeyCredential: PublicKeyCredential) {
        val res = publicKeyCredential.response() as AuthenticatorAssertionResponse
        
        val hmacSecretReply: ByteArray = res.hmacSecretData()
    }

BryanJacobs avatar Sep 03 '22 15:09 BryanJacobs