Include resident key option in MakeCredential

Currently resident key option in CTAP MakeCredential request parameter
is set to false regardless of what the relying party sets in
AuthenticatorSelectionCriteria. Add resident key option to CTAP
MakeCredential request accordingly.

Bug: 870153
Change-Id: I3c964c0e036008f3d38d60a5ab3c6610eb80085b
Reviewed-on: https://chromium-review.googlesource.com/1159825
Commit-Queue: Jun Choi <hongjunchoi@chromium.org>
Reviewed-by: Kim Paulhamus <kpaulhamus@chromium.org>
Cr-Commit-Position: refs/heads/master@{#580308}

device/fido/make_credential_handler_unittest.cc

@@ -20,6 +20,7 @@
 #include "device/fido/make_credential_request_handler.h"
 #include "device/fido/mock_fido_device.h"
 #include "device/fido/test_callback_receiver.h"
+#include "device/fido/virtual_ctap2_device.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -297,4 +298,48 @@ TEST_F(FidoMakeCredentialHandlerTest, IncorrectRpIdHash) {
   EXPECT_FALSE(callback().was_called());
 }
 
+// Tests that only authenticators with resident key support will successfully
+// process MakeCredential request when the relying party requires using resident
+// keys in AuthenicatorSelectionCriteria.
+TEST_F(FidoMakeCredentialHandlerTest,
+       SuccessfulMakeCredentialWithResidentKeyOption) {
+  auto device = std::make_unique<VirtualCtap2Device>();
+  AuthenticatorSupportedOptions option;
+  option.SetSupportsResidentKey(true);
+  device->SetAuthenticatorSupportedOptions(std::move(option));
+
+  auto request_handler =
+      CreateMakeCredentialHandlerWithAuthenticatorSelectionCriteria(
+          AuthenticatorSelectionCriteria(
+              AuthenticatorSelectionCriteria::AuthenticatorAttachment::kAny,
+              true /* require_resident_key */,
+              UserVerificationRequirement::kPreferred));
+
+  discovery()->WaitForCallToStartAndSimulateSuccess();
+  discovery()->AddDevice(std::move(device));
+
+  scoped_task_environment_.FastForwardUntilNoTasksRemain();
+  callback().WaitForCallback();
+  EXPECT_EQ(FidoReturnCode::kSuccess, callback().status());
+}
+
+// Tests that MakeCredential request fails when asking to use resident keys with
+// authenticators that do not support resident key.
+TEST_F(FidoMakeCredentialHandlerTest,
+       MakeCredentialFailsForIncompatibleResidentKeyOption) {
+  auto device = std::make_unique<VirtualCtap2Device>();
+  auto request_handler =
+      CreateMakeCredentialHandlerWithAuthenticatorSelectionCriteria(
+          AuthenticatorSelectionCriteria(
+              AuthenticatorSelectionCriteria::AuthenticatorAttachment::kAny,
+              true /* require_resident_key */,
+              UserVerificationRequirement::kPreferred));
+
+  discovery()->WaitForCallToStartAndSimulateSuccess();
+  discovery()->AddDevice(std::move(device));
+
+  scoped_task_environment_.FastForwardUntilNoTasksRemain();
+  EXPECT_FALSE(callback().was_called());
+}
+
 }  // namespace device

device/fido/make_credential_request_handler.cc

@@ -73,6 +73,8 @@ bool CheckIfAuthenticatorSelectionCriteriaAreSatisfied(
       !options.supports_resident_key()) {
     return false;
   }
+  request->SetResidentKeySupported(
+      authenticator_selection_criteria.require_resident_key());
 
   const auto& user_verification_requirement =
       authenticator_selection_criteria.user_verification_requirement();