tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

webauthn-testdriver-basic.https.html (4460B)

      1 <!DOCTYPE html>
      2 <title>Successful WebAuthn tests</title>
      3 <script src="/resources/testharness.js"></script>
      4 <script src="/resources/testharnessreport.js"></script>
      5 <script src="/resources/testdriver.js"></script>
      6 <script src="/resources/testdriver-vendor.js"></script>
      7 <script src="resources/common-inputs.js"></script>
      8 <script src="resources/utils.js"></script>
      9 
     10 <script>
     11 "use strict";
     12 
     13 let authenticator;
     14 
     15 promise_test(async t => {
     16  authenticator = await window.test_driver.add_virtual_authenticator({
     17    protocol: "ctap1/u2f",
     18    transport: "usb",
     19  });
     20 }, "Set up the test environment");
     21 
     22 let credential;
     23 let publicKey;
     24 
     25 promise_test(async t => {
     26  credential = await navigator.credentials.create({
     27    publicKey: MAKE_CREDENTIAL_OPTIONS,
     28  });
     29 
     30  // Perform the validations the Relying Party should do against the credential.
     31  // https://w3c.github.io/webauthn/#sctn-registering-a-new-credential
     32  let jsonText =
     33    new TextDecoder("utf-8").decode(credential.response.clientDataJSON);
     34  let clientData = JSON.parse(jsonText);
     35  assert_equals(clientData.type, "webauthn.create");
     36  assert_equals(clientData.challenge, base64urlEncode(CHALLENGE));
     37  assert_equals(clientData.origin, window.location.origin);
     38 
     39  let attestationObject =
     40    new Cbor(credential.response.attestationObject).getCBOR();
     41 
     42  let rpIdHash = new Uint8Array(await crypto.subtle.digest(
     43    { name: "SHA-256" }, new TextEncoder().encode(PUBLIC_KEY_RP.id)));
     44 
     45  let authenticatorData = parseAuthenticatorData(attestationObject.authData);
     46 
     47  assert_array_equals(authenticatorData.rpIdHash, rpIdHash)
     48  assert_true(authenticatorData.flags.up);
     49  assert_false(authenticatorData.flags.uv);
     50 
     51  publicKey = authenticatorData.attestedCredentialData.credentialPublicKey;
     52  assert_equals(publicKey.alg, PUBLIC_KEY_PARAMETERS[0].alg);
     53  assert_equals(publicKey.type, 2 /* EC2 */);
     54 
     55  assert_equals(authenticatorData.extensions, null);
     56  assert_object_equals(credential.getClientExtensionResults(), {});
     57 }, "Create a credential");
     58 
     59 promise_test(async t => {
     60  let assertion = await navigator.credentials.get({
     61    publicKey: {
     62      challenge: new TextEncoder().encode(CHALLENGE),
     63      rpId: PUBLIC_KEY_RP.id,
     64      allowCredentials: [{
     65        type: "public-key",
     66        id: credential.rawId,
     67        transports: ["usb"],
     68      }],
     69      userVerification: "discouraged",
     70    },
     71  });
     72 
     73  // Perform the validations the Relying Party should do against the assertion.
     74  // https://w3c.github.io/webauthn/#sctn-verifying-assertion
     75  assert_object_equals(credential.rawId, assertion.rawId);
     76  let jsonText =
     77    new TextDecoder("utf-8").decode(assertion.response.clientDataJSON);
     78  let clientData = JSON.parse(jsonText);
     79  assert_equals(clientData.type, "webauthn.get");
     80  assert_equals(clientData.challenge, base64urlEncode(CHALLENGE));
     81  assert_equals(clientData.type, "webauthn.get");
     82  assert_equals(clientData.origin, window.location.origin);
     83 
     84  let binaryAuthenticatorData =
     85    new Uint8Array(assertion.response.authenticatorData);
     86 
     87  let authenticatorData = parseAuthenticatorData(binaryAuthenticatorData);
     88 
     89  let rpIdHash = new Uint8Array(await crypto.subtle.digest(
     90    { name: "SHA-256" }, new TextEncoder().encode(PUBLIC_KEY_RP.id)));
     91 
     92  assert_array_equals(authenticatorData.rpIdHash, rpIdHash)
     93  assert_true(authenticatorData.flags.up);
     94  assert_false(authenticatorData.flags.uv);
     95 
     96  assert_equals(authenticatorData.extensions, null);
     97  assert_object_equals(credential.getClientExtensionResults(), {});
     98  assert_equals(authenticatorData.attestedCredentialData, null);
     99 
    100  let jwkPublicKey = coseObjectToJWK(publicKey);
    101  let key = await crypto.subtle.importKey(
    102    "jwk", jwkPublicKey, {name: "ECDSA", namedCurve: "P-256"},
    103    /*extractable=*/false, ["verify"]);
    104 
    105  let signature =
    106    convertDERSignatureToSubtle(new Uint8Array(assertion.response.signature));
    107 
    108  let clientDataJsonHash = new Uint8Array(await crypto.subtle.digest(
    109    "SHA-256", assertion.response.clientDataJSON));
    110  let signedData =
    111    new Uint8Array(binaryAuthenticatorData.length + clientDataJsonHash.length);
    112  signedData.set(binaryAuthenticatorData);
    113  signedData.set(clientDataJsonHash, binaryAuthenticatorData.length);
    114 
    115  assert_true(await crypto.subtle.verify(
    116    { name: "ECDSA", hash: "SHA-256" }, key, signature, signedData));
    117 }, "Get an assertion");
    118 
    119 promise_test(async t => {
    120  await window.test_driver.remove_virtual_authenticator(authenticator);
    121 }, "Clean up the test environment");
    122 
    123 </script>