fc::crypto::webauthn::public_key Class Reference

#include <elliptic_webauthn.hpp>

Public Types
enum class	user_presence_t : uint8_t { USER_PRESENCE_NONE , USER_PRESENCE_PRESENT , USER_PRESENCE_VERIFIED }
using	public_key_data_type = fc::array<char, 33>
using	data_type = public_key

Public Member Functions
public_key	serialize () const
bool	valid () const
	public_key ()
	public_key (const public_key_data_type &p, const user_presence_t &t, const std::string &s)
	public_key (const signature &c, const fc::sha256 &digest, bool check_canonical=true)
bool	operator== (const public_key &o) const
bool	operator< (const public_key &o) const

Friends
template<typename Stream >
Stream &	operator<< (Stream &ds, const public_key &k)
template<typename Stream >
Stream &	operator>> (Stream &ds, public_key &k)

Detailed Description

Definition at line 15 of file elliptic_webauthn.hpp.

Member Typedef Documentation

data_type

using fc::crypto::webauthn::public_key::data_type = public_key

Definition at line 20 of file elliptic_webauthn.hpp.

public_key_data_type

using fc::crypto::webauthn::public_key::public_key_data_type = fc::array<char, 33>

Definition at line 17 of file elliptic_webauthn.hpp.

Member Enumeration Documentation

user_presence_t

enum class fc::crypto::webauthn::public_key::user_presence_t : uint8_t

strong

Enumerator
USER_PRESENCE_NONE
USER_PRESENCE_PRESENT
USER_PRESENCE_VERIFIED

Definition at line 23 of file elliptic_webauthn.hpp.

                                 : uint8_t {
         USER_PRESENCE_NONE,
         USER_PRESENCE_PRESENT,
         USER_PRESENCE_VERIFIED
      };

Constructor & Destructor Documentation

public_key() [1/3]

fc::crypto::webauthn::public_key::public_key ( )

inline

Definition at line 31 of file elliptic_webauthn.hpp.

{}

public_key() [2/3]

fc::crypto::webauthn::public_key::public_key ( const public_key_data_type & p, const user_presence_t & t, const std::string & s )

inline

Definition at line 32 of file elliptic_webauthn.hpp.

                                                                                              : 
         public_key_data(p), user_verification_type(t), rpid(s) {
            post_init();
         }

public_key() [3/3]

fc::crypto::webauthn::public_key::public_key	(	const signature &	c,
		const fc::sha256 &	digest,
		bool	check_canonical = true )

Definition at line 189 of file elliptic_webauthn.cpp.

                                                                       {
   detail::webauthn_json_handler handler;
   detail::rapidjson::Reader reader;
   detail::rapidjson::StringStream ss(c.client_json.c_str());
   FC_ASSERT(reader.Parse<detail::rapidjson::kParseIterativeFlag>(ss, handler), "Failed to parse client data JSON");
 
   FC_ASSERT(handler.found_type == "webauthn.get", "webauthn signature type not an assertion");
 
   std::string challenge_bytes = fc::base64url_decode(handler.found_challenge);
   FC_ASSERT(fc::sha256(challenge_bytes.data(), challenge_bytes.size()) == digest, "Wrong webauthn challenge");
 
   char required_origin_scheme[] = "https://";
   size_t https_len = strlen(required_origin_scheme);
   FC_ASSERT(handler.found_origin.compare(0, https_len, required_origin_scheme) == 0, "webauthn origin must begin with https://");
   rpid = handler.found_origin.substr(https_len, handler.found_origin.rfind(':')-https_len);
 
   constexpr static size_t min_auth_data_size = 37;
   FC_ASSERT(c.auth_data.size() >= min_auth_data_size, "auth_data not as large as required");
   if(c.auth_data[32] & 0x01)
      user_verification_type = user_presence_t::USER_PRESENCE_PRESENT;
   if(c.auth_data[32] & 0x04)
      user_verification_type = user_presence_t::USER_PRESENCE_VERIFIED;
 
   static_assert(min_auth_data_size >= sizeof(fc::sha256), "auth_data min size not enough to store a sha256");
   FC_ASSERT(memcmp(c.auth_data.data(), fc::sha256::hash(rpid).data(), sizeof(fc::sha256)) == 0, "webauthn rpid hash doesn't match origin");
 
   //the signature (and thus public key we need to return) will be over
   // sha256(auth_data || client_data_hash)
   fc::sha256 client_data_hash = fc::sha256::hash(c.client_json);
   fc::sha256::encoder e;
   e.write((char*)c.auth_data.data(), c.auth_data.size());
   e.write(client_data_hash.data(), client_data_hash.data_size());
   fc::sha256 signed_digest = e.result();
 
   //quite a bit of this copied from elliptic_r1, can probably commonize
   int nV = c.compact_signature.data[0];
   if (nV<31 || nV>=35)
      FC_THROW_EXCEPTION( exception, "unable to reconstruct public key from signature" );
   ecdsa_sig sig = ECDSA_SIG_new();
   BIGNUM *r = BN_new(), *s = BN_new();
   BN_bin2bn(&c.compact_signature.data[1],32,r);
   BN_bin2bn(&c.compact_signature.data[33],32,s);
   ECDSA_SIG_set0(sig, r, s);
 
   fc::ec_key key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
   nV -= 4;
 
   if (r1::ECDSA_SIG_recover_key_GFp(key, sig, (uint8_t*)signed_digest.data(), signed_digest.data_size(), nV - 27, 0) == 1) {
      const EC_POINT* point = EC_KEY_get0_public_key(key);
      const EC_GROUP* group = EC_KEY_get0_group(key);
      size_t sz = EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, (uint8_t*)public_key_data.data, public_key_data.size(), NULL);
      if(sz == public_key_data.size())
         return;
   }
   FC_THROW_EXCEPTION( exception, "unable to reconstruct public key from signature" );
}

Here is the call graph for this function:

Member Function Documentation

operator<()

bool fc::crypto::webauthn::public_key::operator< ( const public_key & o ) const

inline

Definition at line 43 of file elliptic_webauthn.hpp.

                                                {
         return std::tie(public_key_data, user_verification_type, rpid) < std::tie(o.public_key_data, o.user_verification_type, o.rpid);
      }

operator==()

bool fc::crypto::webauthn::public_key::operator== ( const public_key & o ) const

inline

Definition at line 38 of file elliptic_webauthn.hpp.

                                                 {
         return        public_key_data == o.public_key_data        &&
                user_verification_type == o.user_verification_type &&
                                  rpid == o.rpid;
      }

serialize()

public_key fc::crypto::webauthn::public_key::serialize ( ) const

inline

Definition at line 21 of file elliptic_webauthn.hpp.

{ return *this; }

valid()

bool fc::crypto::webauthn::public_key::valid ( ) const

inline

Definition at line 29 of file elliptic_webauthn.hpp.

{ return rpid.size(); }

Friends And Related Symbol Documentation

operator<<

template<typename Stream >

Stream & operator<< ( Stream & ds, const public_key & k )

friend

Definition at line 48 of file elliptic_webauthn.hpp.

                                                                 {
         fc::raw::pack(ds, k.public_key_data);
         fc::raw::pack(ds, static_cast<uint8_t>(k.user_verification_type));
         fc::raw::pack(ds, k.rpid);
         return ds;
      }

operator>>

template<typename Stream >

Stream & operator>> ( Stream & ds, public_key & k )

friend

Definition at line 56 of file elliptic_webauthn.hpp.

                                                           {
         fc::raw::unpack(ds, k.public_key_data);
         uint8_t t;
         fc::raw::unpack(ds, t);
         k.user_verification_type = static_cast<user_presence_t>(t);
         fc::raw::unpack(ds, k.rpid);
         k.post_init();
         return ds;
      }

---

The documentation for this class was generated from the following files:

• libraries/fc/include/fc/crypto/elliptic_webauthn.hpp
• libraries/fc/src/crypto/elliptic_webauthn.cpp