问题描述
我前一段时间已经启动了一个Fido2/WebAuthn项目,并试图启动microsoft webauthn实施。为此,在该项目中存在一个 webauthn.h文件的翻译 (今天,我只在Mozilla和Chromium浏览器代码中找到了对该文件的引用...。)
现在...我只是试图通过发出命令以创建凭据的按钮来创建表单,但是 此调用因访问冲突@ $ 0000EA60而失败,失败了,我不知道可能会导致什么。我可能做错了什么?
这里是按钮onClick处理程序的代码。
uses Webauthn;
// just a test JSON object that I obtained from a browser request
const cclientData : UTF8String = '{' +
'"hashAlgorithm": "SHA-256",' +
'"challenge": "fzjg31IEKi6ZxKqsQ9S_XHG9WvdmcXPah5EXd11p1bU",' +
'"origin": "https:\/\/fidotest.com",' +
'"clientExtensions": {},' +
'"type": "webauthn.create"' +
'}';
procedure TfrmWebAuthnTest.btnCredentialClick(Sender: TObject);
var Rp@R_981_4045@ion : TWebAuthnRPEntity@R_981_4045@ion; // _In_
User@R_981_4045@ion : TWebAuthUserEntity@R_981_4045@ion; // _In_
PubKeyCredParams : TWebauthnCoseCredentialParameters; // _In_
WebAuthNClientData : TWebAuthnClientData; // _In_
WebAuthNMakeCredentialOptions : TWebAuthnAuthenticatorMakeCredentialOptions; // _In_opt_
pWebAuthNCredentialAttestation : PWEBAUTHN_CREDENTIAL_ATTESTATION; // _Outptr_result_maybenull_
hr : HRESULT;
coseParams : Array[0..1] of WEBAUTHN_COSE_CREDENTIAL_ParaMETER;
i : integer;
challenge : Array[0..31] of byte;
cancellationID : TGuid;
bufClientData : UTF8String;
begin
// ################################################
// #### relying party
FillChar(Rp@R_981_4045@ion,sizeof(Rp@R_981_4045@ion),0);
Rp@R_981_404[email protected] := WEBAUTHN_RP_ENTITY_@R_981_4045@ION_CURRENT_VERSION;
Rp@R_981_404[email protected] := 'fidotest.com';
Rp@R_981_404[email protected] := 'Sweet home localhost';
Rp@R_981_404[email protected] := nil;
// ################################################
// #### user @R_981_4045@ion
FillChar(User@R_981_4045@ion,sizeof(User@R_981_4045@ion),0);
User@R_981_404[email protected] := WEBAUTHN_USER_ENTITY_@R_981_4045@ION_CURRENT_VERSION;
User@R_981_404[email protected] := sizeof( challenge );
Randomize;
// create credentials
for i := 0 to Length(challenge) - 1 do
begin
challenge[i] := Byte( Random(High(byte) + 1) );
end;
User@R_981_404[email protected] := @challenge[0];
User@R_981_404[email protected] := 'Mike';
User@R_981_404[email protected] := niL;
User@R_981_404[email protected]displayName := 'Mike Rabat';
// ################################################
// #### Client data
bufClientData := copy( cclientData,1,Length(cclientData));
FillChar(WebAuthNClientData,sizeof(WebAuthNClientData),0);
WebAuthNClientData.dwVersion := WEBAUTHN_CLIENT_DATA_CURRENT_VERSION;
WebAuthNClientData.cbClientDataJSON := Length(cclientData);
WebAuthNClientData.pbClientDataJSON := PAnsiChar(bufClientData);
WebAuthNClientData.pwszHashAlgid := WEBAUTHN_HASH_ALGORITHM_SHA_256;
// ################################################
// #### pub ked credential params
PubKeyCredParams.cCredentialParameters := sizeof(coseParams);
PubKeyCredParams.pCredentialParameters := @coseParams[0];
coseParams[0].dwVersion := WEBAUTHN_COSE_CREDENTIAL_ParaMETER_CURRENT_VERSION;
coseParams[0].pwszCredentialType := WEBAUTHN_CREDENTIAL_TYPE_PUBLIC_KEY;
coseParams[0].lAlg := WEBAUTHN_COSE_ALGORITHM_ECDSA_P256_WITH_SHA256;
coseParams[1].dwVersion := WEBAUTHN_COSE_CREDENTIAL_ParaMETER_CURRENT_VERSION;
coseParams[1].pwszCredentialType := WEBAUTHN_CREDENTIAL_TYPE_PUBLIC_KEY;
coseParams[1].lAlg := WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA256;
// ###########################################
// #### Fill in params
FillChar(WebAuthNMakeCredentialOptions,sizeof(WebAuthNMakeCredentialOptions),0);
WebAuthNMakeCredentialOptions.dwVersion := WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_CURRENT_VERSION;
WebAuthNMakeCredentialOptions.dwTimeoutMilliseconds := 60000;
WebAuthNMakeCredentialOptions.bRequireResidentKey := False;
WebAuthNMakeCredentialOptions.dwAuthenticatorAttachment := WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM;
WebAuthNMakeCredentialOptions.dwUserVerificationRequirement := WEBAUTHN_USER_VERIFICATION_REQUIREMENT_required;
WebAuthNMakeCredentialOptions.dwAttestationConveyancePreference := WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT;
// ###########################################
// #### Cancellation
assert( WebAuthNGetCancellationId(cancellationID) = S_OK,'Cancellation ID Failed');
WebAuthNMakeCredentialOptions.pCancellationId := @cancellationID;
// ###########################################
// #### do the magic
pWebAuthNCredentialAttestation := nil;
hr := WebAuthNAuthenticatorMakeCredential( Handle,@Rp@R_981_4045@ion,@User@R_981_4045@ion,@PubKeyCredParams,@WebAuthNClientData,@WebAuthNMakeCredentialOptions,pWebAuthNCredentialAttestation );
if hr = S_OK then
begin
// WriteCredAttest( pWebAuthNCredentialAttestation );
WebAuthNFreeCredentialAttestation( pWebAuthNCredentialAttestation );
memLog.Lines.Add('Finished');
end
else
begin
memLog.Lines.Add('Make Cred Failed with: ' + WebAuthNGetErrorName( hr ));
end;
end;
我正在使用Delphi2010,因此除JSON客户端数据字符串外,所有字符串均应为unicode。
解决方法
在长时间研究Mozilla浏览器的C ++代码之后,我认为我发现了问题。 在COSE_PARAMS结构的size字段中。
// #### pub ked credential params
PubKeyCredParams.cCredentialParameters := Length(coseParams);// sizeof(coseParams);
PubKeyCredParams.pCredentialParameters := @coseParams[0];
他们似乎期望字节数组的长度而不是字节大小 附加的coseParams。这种误解导致了AV。