MySQL 8.4.2
Source Code Documentation
webauthn_assertion Class Reference

Class to initiate authentication(aka assertion in FIDO terminology) on client side by generating a signature by FIDO device which needs to be sent to server to be verified using public key stored in auth_string. More...

#include <webauthn_assertion.h>

Inheritance diagram for webauthn_assertion:
[legend]

Public Member Functions

 webauthn_assertion (bool preserve_privacy)
 
bool get_signed_challenge (unsigned char **challenge_res, size_t &challenge_res_len) override
 This method will construct challenge response which is passed to server. More...
 
void set_client_data (const unsigned char *, const char *) override
 Helper method to set client data context. More...
 
bool sign_challenge () override
 Method to obtains an assertion from a FIDO device. More...
 
bool parse_challenge (const unsigned char *challenge) override
 Helper method to parse the challenge received from server during authentication process. More...
 
bool check_fido2_device (bool &is_fido2)
 This method is called by webauthn_authentication_client plugin to check if the token device present on current host does support resident keys(aka discoverable credentials or credential management) or not. More...
 
size_t get_client_data_json_len ()
 
std::string get_client_data_json ()
 
bool select_credential_id ()
 Select credential ID from a list of resident keys and set it for assertion. More...
 
- Public Member Functions inherited from client_authentication::assertion
 assertion ()
 Construcutor to allocate memory for performing assertion (authentication) More...
 
virtual ~assertion ()
 Standard destructor. More...
 
void set_cred_id (const unsigned char *cred, size_t len)
 Set method to set credential ID. More...
 
void set_rp_id (const char *rp_id)
 Method to set the relying party name or id. More...
 
const char * get_rp_id ()
 Method to get rp id. More...
 
const unsigned char * get_authdata_ptr (size_t index=0)
 Method to get authenticator data. More...
 
size_t get_authdata_len (size_t index=0)
 Method to get length of authenticator data. More...
 
const unsigned char * get_signature_ptr (size_t index=0)
 Method to get signature. More...
 
size_t get_signature_len (size_t index=0)
 Method to get length of signature. More...
 
size_t get_num_assertions ()
 Method to get number of assertions. More...
 

Private Member Functions

size_t calculate_client_response_length ()
 This method will calculate length of the buffer required for challenge response. More...
 

Private Attributes

std::string m_client_data_json
 
bool m_preserve_privacy
 

Additional Inherited Members

- Protected Member Functions inherited from client_authentication::assertion
fido_dev_info_t * discover_fido2_devices (size_t num_devices)
 Discover available devices. More...
 
- Protected Attributes inherited from client_authentication::assertion
fido_assert_t * m_assert
 

Detailed Description

Class to initiate authentication(aka assertion in FIDO terminology) on client side by generating a signature by FIDO device which needs to be sent to server to be verified using public key stored in auth_string.

Constructor & Destructor Documentation

◆ webauthn_assertion()

webauthn_assertion::webauthn_assertion ( bool  preserve_privacy)
inline

Member Function Documentation

◆ calculate_client_response_length()

size_t webauthn_assertion::calculate_client_response_length ( )
private

This method will calculate length of the buffer required for challenge response.

Returns
length of the buffer required

◆ check_fido2_device()

bool webauthn_assertion::check_fido2_device ( bool &  is_fido2)

This method is called by webauthn_authentication_client plugin to check if the token device present on current host does support resident keys(aka discoverable credentials or credential management) or not.

Parameters
[out]is_fido2set to true if device supports resident keys
Returns
Status of check
Return values
falseSuccess
trueFailure

◆ get_client_data_json()

std::string webauthn_assertion::get_client_data_json ( )

◆ get_client_data_json_len()

size_t webauthn_assertion::get_client_data_json_len ( )

◆ get_signed_challenge()

bool webauthn_assertion::get_signed_challenge ( unsigned char **  challenge_res,
size_t &  challenge_res_len 
)
overridevirtual

This method will construct challenge response which is passed to server.

Challenge response format is: [packet identifier 0x02] [length encoded authenticator data] [length encoded signature] [length encoded client data JSON]

Parameters
[out]challenge_resbuffer to challenge response
[out]challenge_res_lenlength of challenge response
Return values
falsesuccessful.
truefailed.

Implements client_authentication::assertion.

◆ parse_challenge()

bool webauthn_assertion::parse_challenge ( const unsigned char *  challenge)
overridevirtual

Helper method to parse the challenge received from server during authentication process.

This method extracts salt, relying party name and credential ID.

Parameters
[in]challengebuffer holding the server challenge
Return values
falsereceived challenge was valid
truereceived challenge was corrupt

Implements client_authentication::assertion.

◆ select_credential_id()

bool webauthn_assertion::select_credential_id ( )

Select credential ID from a list of resident keys and set it for assertion.

Returns
status of operation
Return values
falseSuccess
trueError

◆ set_client_data()

void webauthn_assertion::set_client_data ( const unsigned char *  salt,
const char *  rp 
)
overridevirtual

Helper method to set client data context.

Client data format is: SHA256({ "type": "webauthn.get", "challenge": url_safe_base64("32 byte random"), "origin": authentication_webauthn_rp_id, "crossOrigin": false })

Parameters
[in]saltbuffer holding 32 byte random
[in]rprelying party name aka origin

Implements client_authentication::assertion.

◆ sign_challenge()

bool webauthn_assertion::sign_challenge ( )
overridevirtual

Method to obtains an assertion from a FIDO device.

Return values
falseassertion successful.
trueassertion failed.

Implements client_authentication::assertion.

Member Data Documentation

◆ m_client_data_json

std::string webauthn_assertion::m_client_data_json
private

◆ m_preserve_privacy

bool webauthn_assertion::m_preserve_privacy
private

The documentation for this class was generated from the following files: