Class to initiate authentication(aka assertion in FIDO terminology) on client side by generating a signature by FIDO device which needs to be sent to server to be verified using public key stored in auth_string.
More...
#include <webauthn_assertion.h>
Class to initiate authentication(aka assertion in FIDO terminology) on client side by generating a signature by FIDO device which needs to be sent to server to be verified using public key stored in auth_string.
◆ webauthn_assertion()
webauthn_assertion::webauthn_assertion |
( |
bool |
preserve_privacy | ) |
|
|
inline |
◆ calculate_client_response_length()
size_t webauthn_assertion::calculate_client_response_length |
( |
| ) |
|
|
private |
This method will calculate length of the buffer required for challenge response.
- Returns
- length of the buffer required
◆ check_fido2_device()
bool webauthn_assertion::check_fido2_device |
( |
bool & |
is_fido2 | ) |
|
This method is called by webauthn_authentication_client plugin to check if the token device present on current host does support resident keys(aka discoverable credentials or credential management) or not.
- Parameters
-
[out] | is_fido2 | set to true if device supports resident keys |
- Returns
- Status of check
- Return values
-
◆ get_client_data_json()
std::string webauthn_assertion::get_client_data_json |
( |
| ) |
|
◆ get_client_data_json_len()
size_t webauthn_assertion::get_client_data_json_len |
( |
| ) |
|
◆ get_signed_challenge()
bool webauthn_assertion::get_signed_challenge |
( |
unsigned char ** |
challenge_res, |
|
|
size_t & |
challenge_res_len |
|
) |
| |
|
overridevirtual |
This method will construct challenge response which is passed to server.
Challenge response format is: [packet identifier 0x02] [length encoded authenticator data] [length encoded signature] [length encoded client data JSON]
- Parameters
-
[out] | challenge_res | buffer to challenge response |
[out] | challenge_res_len | length of challenge response |
- Return values
-
false | successful. |
true | failed. |
Implements client_authentication::assertion.
◆ parse_challenge()
bool webauthn_assertion::parse_challenge |
( |
const unsigned char * |
challenge | ) |
|
|
overridevirtual |
Helper method to parse the challenge received from server during authentication process.
This method extracts salt, relying party name and credential ID.
- Parameters
-
[in] | challenge | buffer holding the server challenge |
- Return values
-
false | received challenge was valid |
true | received challenge was corrupt |
Implements client_authentication::assertion.
◆ select_credential_id()
bool webauthn_assertion::select_credential_id |
( |
| ) |
|
Select credential ID from a list of resident keys and set it for assertion.
- Returns
- status of operation
- Return values
-
◆ set_client_data()
void webauthn_assertion::set_client_data |
( |
const unsigned char * |
salt, |
|
|
const char * |
rp |
|
) |
| |
|
overridevirtual |
Helper method to set client data context.
Client data format is: SHA256({ "type": "webauthn.get", "challenge": url_safe_base64("32 byte random"), "origin": authentication_webauthn_rp_id, "crossOrigin": false })
- Parameters
-
[in] | salt | buffer holding 32 byte random |
[in] | rp | relying party name aka origin |
Implements client_authentication::assertion.
◆ sign_challenge()
bool webauthn_assertion::sign_challenge |
( |
| ) |
|
|
overridevirtual |
◆ m_client_data_json
std::string webauthn_assertion::m_client_data_json |
|
private |
◆ m_preserve_privacy
bool webauthn_assertion::m_preserve_privacy |
|
private |
The documentation for this class was generated from the following files: