fido: Bump to latest version of passkey-rs

iinuwa · iinuwa · commit b72e2715b6ab · 2025-12-10T13:22:11.000-06:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/bitwarden-fido/Cargo.toml b/crates/bitwarden-fido/Cargo.toml
@@ -27,8 +27,8 @@ chrono = { workspace = true }
 coset = ">=0.3.7, <0.4"
 itertools = ">=0.13.0, <0.15"
 p256 = ">=0.13.2, <0.14"
-passkey = { git = "https://github.com/bitwarden/passkey-rs", rev = "3b764633ebc6576c07bdd12ee14d8e5c87b494ed" }
-passkey-client = { git = "https://github.com/bitwarden/passkey-rs", rev = "3b764633ebc6576c07bdd12ee14d8e5c87b494ed", features = [
+passkey = { git = "https://github.com/bitwarden/passkey-rs", rev = "2e5c0ba1fb60a3a6dec9c7dba175d3e07dc89862" }
+passkey-client = { git = "https://github.com/bitwarden/passkey-rs", rev = "2e5c0ba1fb60a3a6dec9c7dba175d3e07dc89862", features = [
     "android-asset-validation",
 ] }
 reqwest = { workspace = true }
diff --git a/crates/bitwarden-fido/src/authenticator.rs b/crates/bitwarden-fido/src/authenticator.rs
@@ -5,7 +5,7 @@ use bitwarden_crypto::CryptoError;
 use bitwarden_vault::{CipherError, CipherView, EncryptionContext};
 use itertools::Itertools;
 use passkey::{
-    authenticator::{Authenticator, DiscoverabilitySupport, StoreInfo, UIHint, UserCheck},
+    authenticator::{Authenticator, DiscoverabilitySupport, StoreInfo, UiHint, UserCheck},
     types::{
         Passkey,
         ctap2::{self, Ctap2Error, StatusCode, VendorError},
@@ -175,7 +175,7 @@ impl<'a> Fido2Authenticator<'a> {
             Err(e) => return Err(MakeCredentialError::Other(format!("{e:?}"))),
         };
 
-        let attestation_object = response.as_bytes().to_vec();
+        let attestation_object = response.as_webauthn_bytes().to_vec();
         let authenticator_data = response.auth_data.to_vec();
         let attested_credential_data = response
             .auth_data
@@ -353,6 +353,7 @@ impl passkey::authenticator::CredentialStore for CredentialStoreImpl<'_> {
         &self,
         ids: Option<&[passkey::types::webauthn::PublicKeyCredentialDescriptor]>,
         rp_id: &str,
+        _user_handle: Option<&[u8]>,
     ) -> Result<Vec<Self::PasskeyItem>, StatusCode> {
         #[derive(Debug, Error)]
         enum InnerError {
@@ -600,7 +601,7 @@ impl passkey::authenticator::UserValidationMethod for UserValidationMethodImpl<'
 
     async fn check_user<'a>(
         &self,
-        hint: UIHint<'a, Self::PasskeyItem>,
+        hint: UiHint<'a, Self::PasskeyItem>,
         presence: bool,
         _verification: bool,
     ) -> Result<UserCheck, Ctap2Error> {
@@ -617,7 +618,7 @@ impl passkey::authenticator::UserValidationMethod for UserValidationMethodImpl<'
         };
 
         let result = match hint {
-            UIHint::RequestNewCredential(user, rp) => {
+            UiHint::RequestNewCredential(user, rp) => {
                 let new_credential = try_from_credential_new_view(user, rp)
                     .map_err(|_| Ctap2Error::InvalidCredential)?;
 
@@ -669,8 +670,8 @@ impl passkey::authenticator::UserValidationMethod for UserValidationMethodImpl<'
     }
 }
 
-fn map_ui_hint(hint: UIHint<'_, CipherViewContainer>) -> UIHint<'_, CipherView> {
-    use UIHint::*;
+fn map_ui_hint(hint: UiHint<'_, CipherViewContainer>) -> UiHint<'_, CipherView> {
+    use UiHint::*;
     match hint {
         InformExcludedCredentialFound(c) => InformExcludedCredentialFound(&c.cipher),
         InformNoCredentialsFound => InformNoCredentialsFound,
diff --git a/crates/bitwarden-fido/src/client.rs b/crates/bitwarden-fido/src/client.rs
@@ -130,10 +130,7 @@ impl Fido2Client<'_> {
                 cred_props: result
                     .client_extension_results
                     .cred_props
-                    .map(|c| CredPropsResult {
-                        rk: c.discoverable,
-                        authenticator_display_name: c.authenticator_display_name,
-                    }),
+                    .map(|c| CredPropsResult { rk: c.discoverable }),
             },
             response: AuthenticatorAssertionResponse {
                 client_data_json: result.response.client_data_json.into(),
diff --git a/crates/bitwarden-fido/src/lib.rs b/crates/bitwarden-fido/src/lib.rs
@@ -7,7 +7,7 @@ use bitwarden_vault::{
     CipherError, CipherView, Fido2CredentialFullView, Fido2CredentialNewView, Fido2CredentialView,
 };
 use crypto::{CoseKeyToPkcs8Error, PrivateKeyFromSecretKeyError};
-use passkey::types::{Passkey, ctap2::Aaguid};
+use passkey::types::{CredentialExtensions, Passkey, ctap2::Aaguid};
 
 #[cfg(feature = "uniffi")]
 uniffi::setup_scaffolding!();
@@ -26,7 +26,7 @@ pub use authenticator::{
 };
 pub use client::{Fido2Client, Fido2ClientError};
 pub use client_fido::{ClientFido2, ClientFido2Ext, DecryptFido2AutofillCredentialsError};
-pub use passkey::authenticator::UIHint;
+pub use passkey::authenticator::UiHint;
 use thiserror::Error;
 pub use traits::{
     CheckUserOptions, CheckUserResult, Fido2CallbackError, Fido2CredentialStore,
@@ -126,6 +126,7 @@ fn try_from_credential_full_view(value: Fido2CredentialFullView) -> Result<Passk
         rp_id: value.rp_id.clone(),
         user_handle: user_handle.map(|u| u.into_bytes().into()),
         counter,
+        extensions: CredentialExtensions { hmac_secret: None },
     })
 }
 
diff --git a/crates/bitwarden-fido/src/traits.rs b/crates/bitwarden-fido/src/traits.rs
@@ -1,5 +1,5 @@
 use bitwarden_vault::{CipherListView, CipherView, EncryptionContext, Fido2CredentialNewView};
-use passkey::authenticator::UIHint;
+use passkey::authenticator::UiHint;
 use thiserror::Error;
 
 #[allow(missing_docs)]
@@ -21,7 +21,7 @@ pub trait Fido2UserInterface: Send + Sync {
     async fn check_user<'a>(
         &self,
         options: CheckUserOptions,
-        hint: UIHint<'a, CipherView>,
+        hint: UiHint<'a, CipherView>,
     ) -> Result<CheckUserResult, Fido2CallbackError>;
     async fn pick_credential_for_authentication(
         &self,
@@ -42,6 +42,7 @@ pub trait Fido2CredentialStore: Send + Sync {
         &self,
         ids: Option<Vec<Vec<u8>>>,
         rip_id: String,
+        // TODO: Add user_handle
     ) -> Result<Vec<CipherView>, Fido2CallbackError>;
 
     async fn all_credentials(&self) -> Result<Vec<CipherListView>, Fido2CallbackError>;
diff --git a/crates/bitwarden-fido/src/types.rs b/crates/bitwarden-fido/src/types.rs
@@ -370,14 +370,12 @@ pub struct ClientExtensionResults {
 #[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
 pub struct CredPropsResult {
     pub rk: Option<bool>,
-    pub authenticator_display_name: Option<String>,
 }
 
 impl From<passkey::types::webauthn::CredentialPropertiesOutput> for CredPropsResult {
     fn from(value: passkey::types::webauthn::CredentialPropertiesOutput) -> Self {
         Self {
             rk: value.discoverable,
-            authenticator_display_name: value.authenticator_display_name,
         }
     }
 }
@@ -472,9 +470,11 @@ impl TryFrom<UnverifiedAssetLink> for passkey::client::UnverifiedAssetLink<'_> {
     type Error = InvalidOriginError;
 
     fn try_from(value: UnverifiedAssetLink) -> Result<Self, Self::Error> {
-        let asset_link_url = match value.asset_link_url {
-            Some(url) => Some(Url::parse(&url).map_err(|e| InvalidOriginError(format!("{e}")))?),
-            None => None,
+        let asset_link_url = {
+            let url = value
+                .asset_link_url
+                .unwrap_or_else(|| format!("https://{}/.well-known/assetlinks.json", value.host));
+            Url::parse(&url).map_err(|e| InvalidOriginError(e.to_string()))?
         };
 
         passkey::client::UnverifiedAssetLink::new(
diff --git a/crates/bitwarden-uniffi/src/platform/fido2.rs b/crates/bitwarden-uniffi/src/platform/fido2.rs
@@ -293,9 +293,9 @@ pub enum UIHint {
     RequestExistingCredential(CipherView),
 }
 
-impl From<bitwarden_fido::UIHint<'_, CipherView>> for UIHint {
-    fn from(hint: bitwarden_fido::UIHint<'_, CipherView>) -> Self {
-        use bitwarden_fido::UIHint as BWUIHint;
+impl From<bitwarden_fido::UiHint<'_, CipherView>> for UIHint {
+    fn from(hint: bitwarden_fido::UiHint<'_, CipherView>) -> Self {
+        use bitwarden_fido::UiHint as BWUIHint;
         match hint {
             BWUIHint::InformExcludedCredentialFound(cipher) => {
                 UIHint::InformExcludedCredentialFound(cipher.clone())
@@ -324,7 +324,7 @@ impl bitwarden_fido::Fido2UserInterface for UniffiTraitBridge<&dyn Fido2UserInte
     async fn check_user<'a>(
         &self,
         options: CheckUserOptions,
-        hint: bitwarden_fido::UIHint<'a, CipherView>,
+        hint: bitwarden_fido::UiHint<'a, CipherView>,
     ) -> Result<bitwarden_fido::CheckUserResult, BitFido2CallbackError> {
         self.0
             .check_user(options.clone(), hint.into())
