feat(webauthn): perform largeBlob.read via authenticatorLargeBlobs

AlfioEmanueleFresta · AlfioEmanueleFresta · commit 1129c2d65e86 · 2026-05-10T21:12:21.000+01:00
When the WebAuthn `largeBlob: { read: true }` extension is requested and
the authenticator returns a per-credential `largeBlobKey`, libwebauthn
now runs `authenticatorLargeBlobs(get)` to fetch the on-device serialized
array, decrypts the matching entry, and exposes the plaintext via the
WebAuthn response's `unsigned_extensions_output.large_blob.blob` field.

The read flow uses a per-assertion `AuthenticatorLargeBlobStorage` handle
(introduced in the previous commit), so each credential is read against
its own `largeBlobKey`. Failures are non-fatal: per WebAuthn L3 §10.5 the
`blob` output is optional on success.

Combined with the earlier fix that removed the key-disclosure bug, this
completes the read half of the WebAuthn `largeBlob` extension.

Refs: WebAuthn L3 §10.5, CTAP 2.2 §6.10.
diff --git a/libwebauthn/src/webauthn.rs b/libwebauthn/src/webauthn.rs
@@ -6,7 +6,11 @@ use tracing::{debug, error, info, instrument, trace, warn};
 
 use crate::fido::FidoProtocol;
 use crate::ops::u2f::{RegisterRequest, SignRequest, UpgradableResponse};
-use crate::ops::webauthn::{DowngradableRequest, GetAssertionRequest, GetAssertionResponse};
+use crate::ops::webauthn::{
+    AuthenticatorLargeBlobStorage, DowngradableRequest, GetAssertionLargeBlobExtension,
+    GetAssertionLargeBlobExtensionOutput, GetAssertionRequest, GetAssertionResponse,
+    GetAssertionResponseUnsignedExtensions, LargeBlobStorage,
+};
 use crate::ops::webauthn::{MakeCredentialRequest, MakeCredentialResponse};
 use crate::proto::ctap1::Ctap1;
 use crate::proto::ctap2::preflight::ctap2_preflight;
@@ -235,6 +239,68 @@ where
             let response = self.ctap2_get_next_assertion(op.timeout).await?;
             assertions.push(response.into_assertion_output(op, self.get_auth_data()));
         }
+
+        // WebAuthn L3 §10.5 largeBlob.read: when the RP requested
+        // `largeBlob: { read: true }` and the authenticator returned a
+        // per-credential `largeBlobKey`, fetch the on-device serialized
+        // largeBlobArray via `authenticatorLargeBlobs(get)`, locate this
+        // credential's entry by GCM-tag verification, decrypt, decompress,
+        // and surface the plaintext as the WebAuthn `large_blob.blob` value.
+        //
+        // Failures here are non-fatal: per spec the `blob` field is optional
+        // on success and absent if the read could not be completed.
+        let large_blob_read_requested = op.extensions.as_ref().and_then(|e| e.large_blob.as_ref())
+            == Some(&GetAssertionLargeBlobExtension::Read);
+        if large_blob_read_requested {
+            for assertion in assertions.iter_mut() {
+                let Some(key_vec) = assertion.large_blob_key.as_ref() else {
+                    continue;
+                };
+                let Ok(key) = <[u8; 32]>::try_from(key_vec.as_slice()) else {
+                    warn!(
+                        "Device returned largeBlobKey of unexpected length {} (expected 32). Skipping largeBlob fetch.",
+                        key_vec.len()
+                    );
+                    continue;
+                };
+                let credential_id = assertion
+                    .credential_id
+                    .as_ref()
+                    .map(|c| c.id.to_vec())
+                    .unwrap_or_default();
+                let storage = AuthenticatorLargeBlobStorage::new(
+                    self,
+                    credential_id.clone(),
+                    key,
+                    op.timeout,
+                );
+                let blob = match storage.read(&credential_id).await {
+                    Ok(b) => b,
+                    Err(e) => {
+                        warn!(
+                            ?e,
+                            "authenticatorLargeBlobs(get) failed; returning no blob to RP"
+                        );
+                        None
+                    }
+                };
+                let entry = GetAssertionLargeBlobExtensionOutput { blob };
+                match assertion.unsigned_extensions_output.as_mut() {
+                    Some(unsigned) => {
+                        unsigned.large_blob = Some(entry);
+                    }
+                    None => {
+                        assertion.unsigned_extensions_output =
+                            Some(GetAssertionResponseUnsignedExtensions {
+                                hmac_get_secret: None,
+                                large_blob: Some(entry),
+                                prf: None,
+                            });
+                    }
+                }
+            }
+        }
+
         Ok(assertions.as_slice().into())
     }
 
