third_party/WebKit/public/platform/modules/webauth/authenticator.mojom - chromium/src - Git at Google

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 module webauth.mojom;

 import "mojo/common/time.mojom";
 import "url/mojom/url.mojom";

 // This file describes the communication between the WebAuthentication renderer
 // implementation and browser-side implementations to create public key
 // credentials and use already-created credentials to get assertions.
 // See https://w3c.github.io/webauthn/.

 enum AuthenticatorStatus {
   SUCCESS,
   PENDING_REQUEST,
   NOT_ALLOWED_ERROR,
   NOT_SUPPORTED_ERROR,
   INVALID_DOMAIN,
   TIMED_OUT,
   NOT_IMPLEMENTED,
   UNKNOWN_ERROR,
 };

 // Credential information returned by both Authenticator::MakeCredential
 // and Authenticator::GetAssertion.
 struct CommonCredentialInfo {
   // The base64url encoding of |raw_id|.
   string id;

   // An identifier for the credential.
   array<uint8> raw_id;

   // A blob of data containing the JSON serialization of client data passed
   // to the authenticator.
   array<uint8> client_data_json;
 };

 // The public key and attestation returned by Authenticator::MakeCredential.
 struct MakeCredentialAuthenticatorResponse {
   CommonCredentialInfo info;

   // A blob of data returned by the authenticator after creating a credential.
   array<uint8> attestation_object;
 };

 struct GetAssertionAuthenticatorResponse {
   CommonCredentialInfo info;

   // A blob of data returned by the authenticator after generating an assertion.
   array<uint8> authenticator_data;

   // Cryptographic signature proving possession of the credential private key.
   array<uint8> signature;

    // Only supported by CTAP devices, not by U2F devices.
    // Equivalent of the `user.id` passed into create().
    // Maximum 64 bytes.
    array<uint8>? user_handle;
 };

 // Information about the relying party. These fields take arbitrary input.
 struct PublicKeyCredentialRpEntity {
   // An ASCII serialization of an origin.
   string id;

   // Friendly name associated with the relying party intended for display.
   // e.g. "Acme Corporation".
   string name;

   // Image associated with the entity. e.g. a relying party's logo.
   url.mojom.Url? icon;
 };

 // Informatiom about the account held by the user. These fields take
 // arbitrary input.
 struct PublicKeyCredentialUserEntity {
   // Unique identifier for a user account An opaque byte sequence with a
   // maximum size of 64 bytes.
   array<uint8> id;

   // Friendly name associated with the entity intended for display.
   // e.g."john.p.smith@example.com" or "+14255551234" for a user.
   string name;

   // Image associated with the entity. For example, a user’s avatar.
   url.mojom.Url? icon;

   // Contains a friendly name for the user account (e.g., "John P. Smith").
   string display_name;
 };

 // Parameters that are used to generate an appropriate public key credential.
 struct PublicKeyCredentialParameters {
   PublicKeyCredentialType type;
   int32 algorithm_identifier;
 };

 // Parameters passed into calls to GetAssertion.
 struct PublicKeyCredentialRequestOptions {
   // An indefinite-length blob passed from the the relying party server,
   // to be sent to an authenticator for signing.
   array<uint8> challenge;

   // Time to wait for an authenticator to complete an operation.
   // Adjusted to fall within a client-defined range.
   mojo.common.mojom.TimeDelta adjusted_timeout;

   // An ASCII serialization of the origin claimed by the relying party.
   string relying_party_id;

   // A list of credentials the relying party knows about and would
   // accept as the signing credential.
   array<PublicKeyCredentialDescriptor> allow_credentials;
 };

 // See https://w3c.github.io/webauthn/#enumdef-attestationconveyancepreference
 enum AttestationConveyancePreference {
   NONE,
   INDIRECT,
   DIRECT,
 };

 // Parameters passed into calls to MakeCredential.
 struct PublicKeyCredentialCreationOptions {
   // Information about the relying party and user entities, respectively.
   // Used by the authenticator to create or retrieve an appropriate public key
   // credential for the requested account.
   PublicKeyCredentialRpEntity relying_party;
   PublicKeyCredentialUserEntity user;

   // An indefinite-length blob passed from the the relying party server,
   // to be sent to an authenticator to make a credential.
   array<uint8> challenge;

   // Parameters defining the type of created credential that the relying
   // party would accept.
   array<PublicKeyCredentialParameters> public_key_parameters;

   // Time to wait for an authenticator to complete an operation.
   // Adjusted to fall within a client-defined range.
   mojo.common.mojom.TimeDelta adjusted_timeout;

   // A list of credentials the relying party knows about. If an
   // authenticator has one of these credentials, it should not
   // create a new one.
   array<PublicKeyCredentialDescriptor> exclude_credentials;

   // Specifies whether the RP wants attestation information for the created
   // credential.
   AttestationConveyancePreference attestation;

   // TODO(kpaulhamus): add AuthenticatorSelectionCriteria
 };

 enum PublicKeyCredentialType {
   PUBLIC_KEY,
 };

 // Describes the credentials that the relying party already knows about for
 // the given account. If any of these are known to the authenticator,
 // it should not create a new credential.
 struct PublicKeyCredentialDescriptor {
   PublicKeyCredentialType type;

   // Blob representing a credential key handle. Up to 255 bytes for
   // U2F authenticators.
   array<uint8> id;

   array<AuthenticatorTransport> transports;
 };

 enum AuthenticatorTransport {
   USB,
   NFC,
   BLE,
 };

 // Interface to direct authenticators to create or use a public key credential.
 interface Authenticator {
   // Gets the credential info for a new public key credential created by an
   // authenticator for the given |PublicKeyCredentialCreationOptions|
   // [MakeCredentialAuthenticatorResponse] will be set if and only if status == SUCCESS.
   MakeCredential(PublicKeyCredentialCreationOptions options)
       => (AuthenticatorStatus status, MakeCredentialAuthenticatorResponse? credential);

   // Uses an existing credential to produce an assertion for the given
   // |PublicKeyCredentialRequestOptions|.
   // |GetAssertionResponse| will be set if and only if status == SUCCESS.
   GetAssertion(PublicKeyCredentialRequestOptions options)
       => (AuthenticatorStatus status, GetAssertionAuthenticatorResponse? credential);
 };
	// Copyright 2017 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	module webauth.mojom;

	import "mojo/common/time.mojom";
	import "url/mojom/url.mojom";

	// This file describes the communication between the WebAuthentication renderer
	// implementation and browser-side implementations to create public key
	// credentials and use already-created credentials to get assertions.
	// See https://w3c.github.io/webauthn/.

	enum AuthenticatorStatus {
	SUCCESS,
	PENDING_REQUEST,
	NOT_ALLOWED_ERROR,
	NOT_SUPPORTED_ERROR,
	INVALID_DOMAIN,
	TIMED_OUT,
	NOT_IMPLEMENTED,
	UNKNOWN_ERROR,
	};

	// Credential information returned by both Authenticator::MakeCredential
	// and Authenticator::GetAssertion.
	struct CommonCredentialInfo {
	// The base64url encoding of \|raw_id\|.
	string id;

	// An identifier for the credential.
	array<uint8> raw_id;

	// A blob of data containing the JSON serialization of client data passed
	// to the authenticator.
	array<uint8> client_data_json;
	};

	// The public key and attestation returned by Authenticator::MakeCredential.
	struct MakeCredentialAuthenticatorResponse {
	CommonCredentialInfo info;

	// A blob of data returned by the authenticator after creating a credential.
	array<uint8> attestation_object;
	};

	struct GetAssertionAuthenticatorResponse {
	CommonCredentialInfo info;

	// A blob of data returned by the authenticator after generating an assertion.
	array<uint8> authenticator_data;

	// Cryptographic signature proving possession of the credential private key.
	array<uint8> signature;

	// Only supported by CTAP devices, not by U2F devices.
	// Equivalent of the `user.id` passed into create().
	// Maximum 64 bytes.
	array<uint8>? user_handle;
	};

	// Information about the relying party. These fields take arbitrary input.
	struct PublicKeyCredentialRpEntity {
	// An ASCII serialization of an origin.
	string id;

	// Friendly name associated with the relying party intended for display.
	// e.g. "Acme Corporation".
	string name;

	// Image associated with the entity. e.g. a relying party's logo.
	url.mojom.Url? icon;
	};

	// Informatiom about the account held by the user. These fields take
	// arbitrary input.
	struct PublicKeyCredentialUserEntity {
	// Unique identifier for a user account An opaque byte sequence with a
	// maximum size of 64 bytes.
	array<uint8> id;

	// Friendly name associated with the entity intended for display.
	// e.g."john.p.smith@example.com" or "+14255551234" for a user.
	string name;

	// Image associated with the entity. For example, a user’s avatar.
	url.mojom.Url? icon;

	// Contains a friendly name for the user account (e.g., "John P. Smith").
	string display_name;
	};

	// Parameters that are used to generate an appropriate public key credential.
	struct PublicKeyCredentialParameters {
	PublicKeyCredentialType type;
	int32 algorithm_identifier;
	};

	// Parameters passed into calls to GetAssertion.
	struct PublicKeyCredentialRequestOptions {
	// An indefinite-length blob passed from the the relying party server,
	// to be sent to an authenticator for signing.
	array<uint8> challenge;

	// Time to wait for an authenticator to complete an operation.
	// Adjusted to fall within a client-defined range.
	mojo.common.mojom.TimeDelta adjusted_timeout;

	// An ASCII serialization of the origin claimed by the relying party.
	string relying_party_id;

	// A list of credentials the relying party knows about and would
	// accept as the signing credential.
	array<PublicKeyCredentialDescriptor> allow_credentials;
	};

	// See https://w3c.github.io/webauthn/#enumdef-attestationconveyancepreference
	enum AttestationConveyancePreference {
	NONE,
	INDIRECT,
	DIRECT,
	};

	// Parameters passed into calls to MakeCredential.
	struct PublicKeyCredentialCreationOptions {
	// Information about the relying party and user entities, respectively.
	// Used by the authenticator to create or retrieve an appropriate public key
	// credential for the requested account.
	PublicKeyCredentialRpEntity relying_party;
	PublicKeyCredentialUserEntity user;

	// An indefinite-length blob passed from the the relying party server,
	// to be sent to an authenticator to make a credential.
	array<uint8> challenge;

	// Parameters defining the type of created credential that the relying
	// party would accept.
	array<PublicKeyCredentialParameters> public_key_parameters;

	// Time to wait for an authenticator to complete an operation.
	// Adjusted to fall within a client-defined range.
	mojo.common.mojom.TimeDelta adjusted_timeout;

	// A list of credentials the relying party knows about. If an
	// authenticator has one of these credentials, it should not
	// create a new one.
	array<PublicKeyCredentialDescriptor> exclude_credentials;

	// Specifies whether the RP wants attestation information for the created
	// credential.
	AttestationConveyancePreference attestation;

	// TODO(kpaulhamus): add AuthenticatorSelectionCriteria
	};

	enum PublicKeyCredentialType {
	PUBLIC_KEY,
	};

	// Describes the credentials that the relying party already knows about for
	// the given account. If any of these are known to the authenticator,
	// it should not create a new credential.
	struct PublicKeyCredentialDescriptor {
	PublicKeyCredentialType type;

	// Blob representing a credential key handle. Up to 255 bytes for
	// U2F authenticators.
	array<uint8> id;

	array<AuthenticatorTransport> transports;
	};

	enum AuthenticatorTransport {
	USB,
	NFC,
	BLE,
	};

	// Interface to direct authenticators to create or use a public key credential.
	interface Authenticator {
	// Gets the credential info for a new public key credential created by an
	// authenticator for the given \|PublicKeyCredentialCreationOptions\|
	// [MakeCredentialAuthenticatorResponse] will be set if and only if status == SUCCESS.
	MakeCredential(PublicKeyCredentialCreationOptions options)
	=> (AuthenticatorStatus status, MakeCredentialAuthenticatorResponse? credential);

	// Uses an existing credential to produce an assertion for the given
	// \|PublicKeyCredentialRequestOptions\|.
	// \|GetAssertionResponse\| will be set if and only if status == SUCCESS.
	GetAssertion(PublicKeyCredentialRequestOptions options)
	=> (AuthenticatorStatus status, GetAssertionAuthenticatorResponse? credential);
	};