swift-server · dscreve · Jan 28, 2025 · Jan 29, 2025
diff --git a/Sources/WebAuthn/Helpers/ChallengeGenerator.swift b/Sources/WebAuthn/Helpers/ChallengeGenerator.swift
@@ -11,10 +11,18 @@
 //
 //===----------------------------------------------------------------------===//
 
+import Foundation
+
 package struct ChallengeGenerator: Sendable {
-    var generate: @Sendable () -> [UInt8]
+    static let challengeSize: Int = 32
+
+    var generate: @Sendable (_ : [UInt8]) -> [UInt8]
 
     package static var live: Self {
-        .init(generate: { [UInt8].random(count: 32) })
+        .init(generate: { challengeData in
+            var randomData = [UInt8].random(count: challengeSize)
+            randomData.append(contentsOf: challengeData)
+            return randomData
+        })
     }
 }
diff --git a/Sources/WebAuthn/WebAuthnManager.swift b/Sources/WebAuthn/WebAuthnManager.swift
@@ -43,6 +43,22 @@ public struct WebAuthnManager: Sendable {
         self.configuration = configuration
         self.challengeGenerator = challengeGenerator
     }
+
+    /// Extract challenge custom data from challenge
+    ///
+    /// - Parameters:
+    ///   - challenge: The challenge to extract data from
+    ///
+    /// - Returns: The custom data part of the challenge
+    public func extractChallengeData(challenge : [UInt8]) -> [UInt8] {
+        if challenge.count <= ChallengeGenerator.challengeSize {
+            return []
+        }
+
+        let arrayslice = challenge.suffix(from: ChallengeGenerator.challengeSize)
+        return Array(arrayslice)
+    }
+
 
     /// Generate a new set of registration data to be sent to the client.
     ///
@@ -59,9 +75,10 @@ public struct WebAuthnManager: Sendable {
         user: PublicKeyCredentialUserEntity,
         timeout: Duration? = .seconds(5*60),
         attestation: AttestationConveyancePreference = .none,
-        publicKeyCredentialParameters: [PublicKeyCredentialParameters] = .supported
+        publicKeyCredentialParameters: [PublicKeyCredentialParameters] = .supported,
+        challengeData : [UInt8] = []
     ) -> PublicKeyCredentialCreationOptions {
-        let challenge = challengeGenerator.generate()
+        let challenge =  challengeGenerator.generate(challengeData)
 
         return PublicKeyCredentialCreationOptions(
             challenge: challenge,
@@ -138,9 +155,10 @@ public struct WebAuthnManager: Sendable {
     public func beginAuthentication(
         timeout: Duration? = .seconds(60),
         allowCredentials: [PublicKeyCredentialDescriptor]? = nil,
-        userVerification: UserVerificationRequirement = .preferred
+        userVerification: UserVerificationRequirement = .preferred,
+        challengeData : [UInt8] = []
     ) throws -> PublicKeyCredentialRequestOptions {
-        let challenge = challengeGenerator.generate()
+        let challenge =  challengeGenerator.generate(challengeData)
 
         return PublicKeyCredentialRequestOptions(
             challenge: challenge,

diff --git a/Tests/WebAuthnTests/Mocks/MockChallengeGenerator.swift b/Tests/WebAuthnTests/Mocks/MockChallengeGenerator.swift
@@ -15,6 +15,6 @@
 
 extension ChallengeGenerator {
     static func mock(generate: [UInt8]) -> Self {
-        ChallengeGenerator(generate: { generate })
+        ChallengeGenerator(generate: { _ in generate })
     }
 }
diff --git a/Tests/WebAuthnTests/WebAuthnManagerAuthenticationTests.swift b/Tests/WebAuthnTests/WebAuthnManagerAuthenticationTests.swift
@@ -191,4 +191,5 @@ final class WebAuthnManagerAuthenticationTests: XCTestCase {
             requireUserVerification: requireUserVerification
         )
     }
+
 }
diff --git a/Tests/WebAuthnTests/WebAuthnManagerChallengeTests.swift b/Tests/WebAuthnTests/WebAuthnManagerChallengeTests.swift
@@ -0,0 +1,43 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the Swift WebAuthn open source project
+//
+// Copyright (c) 2022 the Swift WebAuthn project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+@testable import WebAuthn
+import XCTest
+import Crypto
+
+final class WebAuthnManagerChallengeTests: XCTestCase {
+    var webAuthnManager: WebAuthnManager!
+
+    let relyingPartyID = "example.com"
+    let relyingPartyName = "Testy test"
+    let relyingPartyOrigin = "https://example.com"
+
+    override func setUp() {
+        let configuration = WebAuthnManager.Configuration(
+            relyingPartyID: relyingPartyID,
+            relyingPartyName: relyingPartyName,
+            relyingPartyOrigin: relyingPartyOrigin
+        )
+        webAuthnManager = .init(configuration: configuration)
+    }
+
+    func testChallengeData() async throws {
+        let challengeGenerator = ChallengeGenerator.live
+        let challengeData : [UInt8] = [12,15,48,64]
+
+        let challenge =  challengeGenerator.generate(challengeData)
+        let extractedData =  webAuthnManager.extractChallengeData(challenge: challenge)
+
+        XCTAssertEqual(challengeData, extractedData)
+    }
+}
diff --git a/Tests/WebAuthnTests/WebAuthnManagerIntegrationTests.swift b/Tests/WebAuthnTests/WebAuthnManagerIntegrationTests.swift
@@ -25,7 +25,7 @@ final class WebAuthnManagerIntegrationTests: XCTestCase {
         )
 
         let mockChallenge = [UInt8](repeating: 0, count: 5)
-        let challengeGenerator = ChallengeGenerator(generate: { mockChallenge })
+        let challengeGenerator = ChallengeGenerator.mock(generate: mockChallenge )
         let webAuthnManager = WebAuthnManager(configuration: configuration, challengeGenerator: challengeGenerator)
 
         // Step 1.: Begin Registration
@@ -83,12 +83,12 @@ final class WebAuthnManagerIntegrationTests: XCTestCase {
         )
 
         XCTAssertEqual(credential.id, mockCredentialID.base64EncodedString().asString())
-        XCTAssertEqual(credential.attestationClientDataJSON.type, .create)
+        XCTAssertEqual(credential.attestationClientDataJSON.type, CollectedClientData.CeremonyType.create)
         XCTAssertEqual(credential.attestationClientDataJSON.origin, mockClientDataJSON.origin)
         XCTAssertEqual(credential.attestationClientDataJSON.challenge, mockChallenge.base64URLEncodedString())
         XCTAssertEqual(credential.isBackedUp, false)
         XCTAssertEqual(credential.signCount, 0)
-        XCTAssertEqual(credential.type, .publicKey)
+        XCTAssertEqual(credential.type, CredentialType.publicKey)
         XCTAssertEqual(credential.publicKey, mockCredentialPublicKey)
 
         // Step 3.: Begin Authentication
@@ -158,7 +158,7 @@ final class WebAuthnManagerIntegrationTests: XCTestCase {
 
         XCTAssertEqual(successfullAuthentication.newSignCount, 1)
         XCTAssertEqual(successfullAuthentication.credentialBackedUp, false)
-        XCTAssertEqual(successfullAuthentication.credentialDeviceType, .singleDevice)
+        XCTAssertEqual(successfullAuthentication.credentialDeviceType, VerifiedAuthentication.CredentialDeviceType.singleDevice)
         XCTAssertEqual(successfullAuthentication.credentialID, mockCredentialID.base64URLEncodedString())
 
         // We did it!
-Original file line number
+Diff line change
@@ Expand Up @@
                 requireUserVerification: requireUserVerification
             )
         }
     }