Fido2: Support for user handles

play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/RequestHandling.kt

@@ -31,6 +31,7 @@ class WrongPinException(message: String? = null): Exception(message)
 
 enum class RequestOptionsType { REGISTER, SIGN }
 class UserInfo(
+    val handle: ByteArray? = null,
     val name: String,
     val displayName: String? = null,
     val icon: String? = null

play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/transport/TransportHandler.kt

@@ -528,21 +528,22 @@ abstract class TransportHandler(val transport: Transport, val callback: Transpor
         val assertionResponses = ArrayList<Pair<UserInfo?, suspend () -> AuthenticatorAssertionResponse>>()
 
         for ((response, credentialId) in responses) {
+            val handle = response.user?.id
             var name = response.user?.name
             var displayName = response.user?.displayName
             var icon = response.user?.icon
 
             var userInfo: UserInfo? = null
             if (name != null) {
-                userInfo = UserInfo(name, displayName, icon)
+                userInfo = UserInfo(handle, name, displayName, icon)
             }
 
             val assertionResponse = AuthenticatorAssertionResponse(
                 credentialId ?: ByteArray(0).also { Log.w(TAG, "keyHandle was null for key with display name $displayName") },
                 clientData,
                 response.authData,
                 response.signature,
-                null
+                handle
             )
             assertionResponses.add(userInfo to suspend { assertionResponse })
         }

play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/transport/screenlock/ScreenLockCredentialStore.kt

@@ -164,10 +164,11 @@ class ScreenLockCredentialStore(val context: Context) : SQLiteOpenHelper(context
     companion object {
         const val TAG = "FidoLockStore"
 
-        const val DATABASE_VERSION = 1
+        const val DATABASE_VERSION = 2
 
         const val TABLE_DISPLAY_NAMES = "DISPLAY_NAMES_TABLE"
         const val COLUMN_KEY_ALIAS = "KEY_ALIAS_COLUMN"
+        const val COLUMN_HANDLE = "HANDLE_COLUMN"
         const val COLUMN_NAME = "NAME_COLUMN"
         const val COLUMN_DISPLAY_NAME = "DISPLAY_NAME_COLUMN"
         const val COLUMN_ICON = "ICON_COLUMN"
@@ -184,24 +185,28 @@ class ScreenLockCredentialStore(val context: Context) : SQLiteOpenHelper(context
         if (oldVersion < 1) {
             db.execSQL("CREATE TABLE $TABLE_DISPLAY_NAMES($COLUMN_KEY_ALIAS TEXT NOT NULL, $COLUMN_NAME TEXT NOT NULL, $COLUMN_DISPLAY_NAME TEXT, $COLUMN_ICON TEXT, UNIQUE($COLUMN_KEY_ALIAS) ON CONFLICT REPLACE)")
         }
+        if (oldVersion < 2) {
+            db.execSQL("ALTER TABLE $TABLE_DISPLAY_NAMES ADD COLUMN $COLUMN_HANDLE TEXT")
+        }
     }
 
     fun addUserInfo(rpId: String, keyId: ByteArray, userInfo: UserInfo) {
-        addUserInfo(rpId, keyId, userInfo.name, userInfo.displayName, userInfo.icon)
+        addUserInfo(rpId, keyId, userInfo.handle, userInfo.name, userInfo.displayName, userInfo.icon)
     }
 
-    fun addUserInfo(rpId: String, keyId: ByteArray, name: String, displayName: String? = null, icon: String? = null) = writableDatabase.use {
+    fun addUserInfo(rpId: String, keyId: ByteArray, userHandle: ByteArray?, name: String, displayName: String? = null, icon: String? = null) = writableDatabase.use {
         // Since this function is not called very often, calling cleanDatabase here will probably not
         // slow things down by much, and it will avoid the database growing larger than necessary
         cleanDatabase(it)
 
         // The key alias and display names are both coming from outside sources. Don't trust them
         val keyAlias = getAlias(rpId, keyId)
-        val insertStatement = it.compileStatement("INSERT INTO $TABLE_DISPLAY_NAMES($COLUMN_KEY_ALIAS, $COLUMN_NAME, $COLUMN_DISPLAY_NAME, $COLUMN_ICON) VALUES(?, ?, ?, ?)")
+        val insertStatement = it.compileStatement("INSERT INTO $TABLE_DISPLAY_NAMES($COLUMN_KEY_ALIAS, $COLUMN_NAME, $COLUMN_DISPLAY_NAME, $COLUMN_ICON, $COLUMN_HANDLE) VALUES(?, ?, ?, ?, ?)")
         insertStatement.bindString(1, keyAlias)
         insertStatement.bindString(2, name)
         if (displayName != null) insertStatement.bindString(3, displayName)
         if (icon != null) insertStatement.bindString(4, icon)
+        userHandle?.toBase64()?.let { insertStatement.bindString(5, it) }
         insertStatement.executeInsert()
     }
 
@@ -211,21 +216,23 @@ class ScreenLockCredentialStore(val context: Context) : SQLiteOpenHelper(context
         cleanDatabase(it)
 
         val keyAlias = getAlias(rpId, keyId)
-        val userInfoQuery = it.query(TABLE_DISPLAY_NAMES, arrayOf(COLUMN_NAME, COLUMN_DISPLAY_NAME, COLUMN_ICON), "$COLUMN_KEY_ALIAS = ?", arrayOf(keyAlias), null, null, null, null)
+        val userInfoQuery = it.query(TABLE_DISPLAY_NAMES, arrayOf(COLUMN_NAME, COLUMN_DISPLAY_NAME, COLUMN_ICON, COLUMN_HANDLE), "$COLUMN_KEY_ALIAS = ?", arrayOf(keyAlias), null, null, null, null)
 
         var name: String? = null
         var displayName: String? = null
         var icon: String? = null
+        var handle: ByteArray? = null
         userInfoQuery.use { cursor ->
             if (cursor.moveToNext()) {
                 name = cursor.getString(0)
                 displayName = cursor.getString(1)
                 icon = cursor.getString(2)
+                handle = Base64.decode(cursor.getString(3), Base64.DEFAULT)
             }
         }
 
         if (name != null) {
-            return UserInfo(name!!, displayName, icon)
+            return UserInfo(handle, name!!, displayName, icon)
         } else {
             return null
         }

play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/transport/screenlock/ScreenLockTransportHandler.kt

@@ -144,11 +144,12 @@ class ScreenLockTransportHandler(private val activity: FragmentActivity, callbac
             store.getPublicKey(options.rpId, keyId)
                 ?: throw RequestHandlingException(ErrorCode.INVALID_STATE_ERR)
 
+        val handle = options.registerOptions.user.id
         val name = options.registerOptions.user.name
         val displayName = options.registerOptions.user.displayName
         val icon = options.registerOptions.user.icon
 
-        store.addUserInfo(options.rpId, keyId, name, displayName, icon)
+        store.addUserInfo(options.rpId, keyId, handle, name, displayName, icon)
 
         // We're ignoring the signature object as we don't need it for registration
         val signature = getActiveSignature(options, callerPackage, keyId)
@@ -283,7 +284,7 @@ class ScreenLockTransportHandler(private val activity: FragmentActivity, callbac
                     clientData,
                     authenticatorData.encode(),
                     sig,
-                    null
+                    userInfo?.handle
                 )
             }