Skip to content

Commit f37fb47

Browse files
AlfioEmanueleFrestaAlfioEmanueleFresta
committed
feat(webauthn): perform largeBlob.read via authenticatorLargeBlobs
Adds the read-path helper for the WebAuthn L3 largeBlob extension. After get_assertion returns a largeBlobKey, the platform paginates authenticatorLargeBlobs(get), AES-256-GCM-authenticates each entry under the per-credential key, and RFC 1951 raw-deflate decompresses the plaintext into unsigned_extensions_output.large_blob.blob. Read failures surface as blob absent, per WebAuthn L3 sec 10.1.5. The chunk size honours maxFragmentLength = maxMsgSize - 64 from GetInfo. origSize is capped at 1 MiB to bound platform allocation. Per-entry structural problems are skipped, not propagated, since the on-device array is shared across credentials.
1 parent c6110f5 commit f37fb47

5 files changed

Lines changed: 822 additions & 4 deletions

File tree

Cargo.lock

Lines changed: 49 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

libwebauthn/Cargo.toml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,8 @@ p256 = { version = "0.13.2", features = ["ecdh", "arithmetic", "serde"] }
7070
heapless = "0.7"
7171
cosey = "0.3.2"
7272
aes = "0.8.2"
73+
aes-gcm = "0.10"
74+
flate2 = "1.0"
7375
hmac = "0.12.1"
7476
cbc = { version = "0.1", features = ["alloc"] }
7577
hkdf = "0.12"

0 commit comments

Comments
 (0)