Merge pull request cedarcode#378 from cedarcode/add_support_for_crede…

…ntial_backup_flags

Add support for credential backup flags

lib/webauthn/authenticator_data.rb

@@ -19,9 +19,9 @@ class AuthenticatorData < BinData::Record
  struct :flags do
  bit1 :extension_data_included
  bit1 :attested_credential_data_included
- bit1 :reserved_for_future_use_4
- bit1 :reserved_for_future_use_3
  bit1 :reserved_for_future_use_2
+ bit1 :backup_state
+ bit1 :backup_eligibility
  bit1 :user_verified
  bit1 :reserved_for_future_use_1
  bit1 :user_present
@@ -58,6 +58,14 @@ def user_verified?
  flags.user_verified == 1
  end
 
+ def credential_backup_eligible?
+ flags.backup_eligibility == 1
+ end
+
+ def credential_backed_up?
+ flags.backup_state == 1
+ end
+
  def attested_credential_data_included?
  flags.attested_credential_data_included == 1
  end

lib/webauthn/fake_authenticator/authenticator_data.rb

@@ -20,6 +20,8 @@ def initialize(
  sign_count: 0,
  user_present: true,
  user_verified: !user_present,
+ backup_eligibility: false,
+ backup_state: false,
  aaguid: AAGUID,
  extensions: { "fakeExtension" => "fakeExtensionValue" }
  )
@@ -28,6 +30,8 @@ def initialize(
  @sign_count = sign_count
  @user_present = user_present
  @user_verified = user_verified
+ @backup_eligibility = backup_eligibility
+ @backup_state = backup_state
  @aaguid = aaguid
  @extensions = extensions
  end
@@ -38,16 +42,22 @@ def serialize
 
  private
 
- attr_reader :rp_id_hash, :credential, :user_present, :user_verified, :extensions
+ attr_reader :rp_id_hash,
+ :credential,
+ :user_present,
+ :user_verified,
+ :extensions,
+ :backup_eligibility,
+ :backup_state
 
  def flags
  [
  [
  bit(:user_present),
  reserved_for_future_use_bit,
  bit(:user_verified),
- reserved_for_future_use_bit,
- reserved_for_future_use_bit,
+ bit(:backup_eligibility),
+ bit(:backup_state),
  reserved_for_future_use_bit,
  attested_credential_data_included_bit,
  extension_data_included_bit
@@ -108,7 +118,12 @@ def reserved_for_future_use_bit
  end
 
  def context
- { user_present: user_present, user_verified: user_verified }
+ {
+ user_present: user_present,
+ user_verified: user_verified,
+ backup_eligibility: backup_eligibility,
+ backup_state: backup_state
+ }
  end
 
  def cose_credential_public_key

lib/webauthn/public_key_credential.rb

@@ -48,6 +48,14 @@ def authenticator_extension_outputs
  authenticator_data.extension_data if authenticator_data&.extension_data_included?
  end
 
+ def backup_eligible?
+ authenticator_data&.credential_backup_eligible?
+ end
+
+ def backed_up?
+ authenticator_data&.credential_backed_up?
+ end
+
  private
 
  attr_reader :relying_party

spec/webauthn/authenticator_data_spec.rb

@@ -8,14 +8,18 @@
  rp_id_hash: rp_id_hash,
  sign_count: sign_count,
  user_present: user_present,
- user_verified: user_verified
+ user_verified: user_verified,
+ backup_eligibility: backup_eligibility,
+ backup_state: backup_state,
  ).serialize
  end
 
  let(:rp_id_hash) { OpenSSL::Digest.digest("SHA256", "localhost") }
  let(:sign_count) { 42 }
  let(:user_present) { true }
  let(:user_verified) { false }
+ let(:backup_eligibility) { false }
+ let(:backup_state) { false }
 
  let(:authenticator_data) { described_class.deserialize(serialized_authenticator_data) }
 
@@ -114,4 +118,36 @@
  it { is_expected.to be_falsy }
  end