fido/win: build Windows WebAuthn API integration unconditionally

This makes fido/win include webauthn.h from
//third_party/microsoft_webauthn and drops the USE_WIN_WEBAUTHN_API
build flag we previously added due to the missing header file.

The implementation remains behind a default-off feature flag.

Bug: 898718
Change-Id: I45e100f8b10cc32ea7e32d2842a63c950b5965bb
Reviewed-on: https://chromium-review.googlesource.com/c/1325074
Commit-Queue: Martin Kreichgauer <martinkr@chromium.org>
Reviewed-by: Adam Langley <agl@chromium.org>
Cr-Commit-Position: refs/heads/master@{#606686}

device/fido/BUILD.gn

@@ -4,15 +4,6 @@
 
 import("//build/config/features.gni")
 import("//testing/libfuzzer/fuzzer_test.gni")
-import("//build/buildflag_header.gni")
-
-import("buildflags.gni")
-
-# Generate a buildflag header for compile-time checking of Windows WebAuthn API integration.
-buildflag_header("buildflags") {
-  header = "buildflags.h"
-  flags = [ "USE_WIN_WEBAUTHN_API=$use_win_webauthn_api" ]
-}
 
 component("fido") {
   sources = [
@@ -151,11 +142,11 @@ component("fido") {
     "//services/service_manager/public/cpp",
     "//services/service_manager/public/mojom",
     "//third_party/boringssl",
+    "//third_party/microsoft_webauthn",
     "//ui/base",
   ]
 
   public_deps = [
-    ":buildflags",
     "//base",
     "//device/bluetooth",
     "//services/device/public/mojom",
@@ -208,7 +199,7 @@ component("fido") {
     ]
   }
 
-  if (is_win && use_win_webauthn_api) {
+  if (is_win) {
     sources += [
       "win/authenticator.cc",
       "win/authenticator.h",
@@ -332,7 +323,7 @@ source_set("test_support") {
     ]
   }
 
-  if (is_win && use_win_webauthn_api) {
+  if (is_win) {
     sources += [
       "win/fake_webauthn_api.cc",
       "win/fake_webauthn_api.h",

device/fido/DEPS

@@ -6,4 +6,5 @@ include_rules = [
   "+net/cert",
   "+ui/base/l10n",
   "+third_party/boringssl/src/include",
+  "+third_party/microsoft_webauthn",
 ]

device/fido/buildflags.gni

-# Integration with the Windows WebAuthn API requires an unreleased header
-# file.
-declare_args() {
-  use_win_webauthn_api = false
-}

device/fido/features.cc

@@ -6,11 +6,10 @@
 
 #include "base/feature_list.h"
 #include "build/build_config.h"
-#include "device/fido/buildflags.h"
 
 namespace device {
 
-#if defined(OS_WIN) && BUILDFLAG(USE_WIN_WEBAUTHN_API)
+#if defined(OS_WIN)
 // Controls whether on Windows, U2F/CTAP2 requests are forwarded to the
 // native WebAuthentication API, where available.
 const base::Feature kWebAuthUseNativeWinApi{"WebAuthenticationUseNativeWinApi",

device/fido/features.h

@@ -8,11 +8,10 @@
 #include "base/component_export.h"
 #include "base/feature_list.h"
 #include "build/build_config.h"
-#include "device/fido/buildflags.h"
 
 namespace device {
 
-#if defined(OS_WIN) && BUILDFLAG(USE_WIN_WEBAUTHN_API)
+#if defined(OS_WIN)
 COMPONENT_EXPORT(DEVICE_FIDO)
 extern const base::Feature kWebAuthUseNativeWinApi;
 #endif  // defined(OS_WIN)

device/fido/fido_discovery_factory.cc

@@ -7,7 +7,6 @@
 #include "base/logging.h"
 #include "build/build_config.h"
 #include "device/fido/ble/fido_ble_discovery.h"
-#include "device/fido/buildflags.h"
 #include "device/fido/cable/fido_cable_discovery.h"
 #include "device/fido/features.h"
 #include "device/fido/fido_discovery_base.h"
@@ -17,11 +16,11 @@
 #include "device/fido/hid/fido_hid_discovery.h"
 #endif  // !defined(OS_ANDROID)
 
-#if defined(OS_WIN) && BUILDFLAG(USE_WIN_WEBAUTHN_API)
+#if defined(OS_WIN)
 #include <Winuser.h>
 #include "device/fido/win/discovery.h"
 #include "device/fido/win/webauthn_api.h"
-#endif
+#endif  // defined(OS_WIN)
 
 namespace device {
 
@@ -34,7 +33,7 @@ std::unique_ptr<FidoDiscoveryBase> CreateUsbFidoDiscovery(
   return nullptr;
 #else
 
-#if defined(OS_WIN) && BUILDFLAG(USE_WIN_WEBAUTHN_API)
+#if defined(OS_WIN)
   // On platforms where the Windows webauthn.dll is present, access to USB
   // devices is blocked and we use a special authenticator that forwards
   // requests to the Windows WebAuthn API instead.
@@ -45,7 +44,7 @@ std::unique_ptr<FidoDiscoveryBase> CreateUsbFidoDiscovery(
         // TODO(martinkr): Inject the window from which the request originated.
         GetForegroundWindow());
   }
-#endif  // defined(OS_WIN) && BUILDFLAG(USE_WIN_WEBAUTHN_API)
+#endif  // defined(OS_WIN)
 
   DCHECK(connector);
   return std::make_unique<FidoHidDiscovery>(connector);

device/fido/get_assertion_handler_unittest.cc

@@ -15,7 +15,6 @@
 #include "device/bluetooth/bluetooth_adapter_factory.h"
 #include "device/bluetooth/test/mock_bluetooth_adapter.h"
 #include "device/fido/authenticator_get_assertion_response.h"
-#include "device/fido/buildflags.h"
 #include "device/fido/ctap_get_assertion_request.h"
 #include "device/fido/device_response_converter.h"
 #include "device/fido/fake_fido_discovery.h"
@@ -31,9 +30,9 @@
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-#if defined(OS_WIN) && BUILDFLAG(USE_WIN_WEBAUTHN_API)
+#if defined(OS_WIN)
 #include "device/fido/win/fake_webauthn_api.h"
-#endif
+#endif  // defined(OS_WIN)
 
 namespace device {
 
@@ -720,7 +719,7 @@ TEST_F(FidoGetAssertionHandlerTest,
             get_assertion_callback().status());
 }
 
-#if defined(OS_WIN) && BUILDFLAG(USE_WIN_WEBAUTHN_API)
+#if defined(OS_WIN)
 class GetAssertionRequestHandlerWinTest : public ::testing::Test {
  protected:
   base::test::ScopedTaskEnvironment scoped_task_environment_;
@@ -777,6 +776,6 @@ TEST_F(GetAssertionRequestHandlerWinTest, TestWinUsbDiscovery) {
               handler->AuthenticatorsForTesting().begin()->second->GetId());
   }
 }
-#endif  // defined(OS_WIN) && BUILDFLAG(USE_WIN_WEBAUTHN_API)
+#endif  // defined(OS_WIN)
 
 }  // namespace device

device/fido/win/authenticator.cc

@@ -5,6 +5,7 @@
 #include "device/fido/win/authenticator.h"
 
 #include <Combaseapi.h>
+#include <windows.h>
 
 #include "base/bind.h"
 #include "base/containers/flat_map.h"
@@ -20,7 +21,7 @@
 #include "device/fido/fido_constants.h"
 #include "device/fido/fido_transport_protocol.h"
 #include "device/fido/win/type_conversions.h"
-#include "device/fido/win/webauthn.h"
+#include "third_party/microsoft_webauthn/webauthn.h"
 
 namespace device {
 
@@ -182,7 +183,7 @@ void WinNativeCrossPlatformAuthenticator::MakeCredentialBlocking(
       WEBAUTHN_CLIENT_DATA_CURRENT_VERSION, request.client_data_json().size(),
       const_cast<unsigned char*>(reinterpret_cast<const unsigned char*>(
           request.client_data_json().data())),
-      WEBAUTHN_HASH_ALGORITHM_SHA256};
+      WEBAUTHN_HASH_ALGORITHM_SHA_256};
 
   std::vector<WEBAUTHN_CREDENTIAL> exclude_list;
   if (request.exclude_list()) {
@@ -314,7 +315,7 @@ void WinNativeCrossPlatformAuthenticator::GetAssertionBlocking(
       WEBAUTHN_CLIENT_DATA_CURRENT_VERSION, request.client_data_json().size(),
       const_cast<unsigned char*>(reinterpret_cast<const unsigned char*>(
           request.client_data_json().data())),
-      WEBAUTHN_HASH_ALGORITHM_SHA256};
+      WEBAUTHN_HASH_ALGORITHM_SHA_256};
 
   static BOOL kUseAppIdTrue = TRUE;
   WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS get_assertion_options{

device/fido/win/type_conversions.cc

@@ -4,7 +4,6 @@
 
 #include "device/fido/win/type_conversions.h"
 
-#include <webauthn.h>
 #include <vector>
 
 #include "base/containers/span.h"

device/fido/win/type_conversions.h

@@ -5,7 +5,7 @@
 #ifndef DEVICE_FIDO_WIN_TYPE_CONVERSIONS_H_
 #define DEVICE_FIDO_WIN_TYPE_CONVERSIONS_H_
 
-#include <webauthn.h>
+#include <windows.h>
 
 #include "base/component_export.h"
 #include "base/optional.h"
@@ -13,6 +13,7 @@
 #include "device/fido/authenticator_get_assertion_response.h"
 #include "device/fido/authenticator_make_credential_response.h"
 #include "device/fido/fido_constants.h"
+#include "third_party/microsoft_webauthn/webauthn.h"
 
 namespace device {
 

device/fido/win/webauthn_api.h

@@ -5,13 +5,13 @@
 #ifndef DEVICE_FIDO_WIN_WEBAUTHN_API_H_
 #define DEVICE_FIDO_WIN_WEBAUTHN_API_H_
 
-#include <webauthn.h>
 #include <windows.h>
 #include <functional>
 #include <memory>
 
 #include "base/component_export.h"
 #include "base/macros.h"
+#include "third_party/microsoft_webauthn/webauthn.h"
 
 namespace device {
 

third_party/microsoft_webauthn/BUILD.gn

+# Copyright 2018 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+source_set("microsoft_webauthn") {
+  sources = [
+    "webauthn.h",
+  ]
+}

third_party/microsoft_webauthn/README.chromium

@@ -15,4 +15,6 @@ not yet been released into a Windows SDK that Chromium can depend on. We
 therefore include the header via this open source repository for the time
 being.
 
-Local Modifications: none
+Local Modifications:
+- added BUILD.gn and README.chromium
+- added an ifndef header include guard to webauthn.h

third_party/microsoft_webauthn/webauthn.h

 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+#ifndef THIRD_PARTY_MICROSOFT_WEBAUTHN_WEBAUTHN_H_
+#define THIRD_PARTY_MICROSOFT_WEBAUTHN_WEBAUTHN_H_
+
 #pragma once
 
 #include <winapifamily.h>
@@ -551,3 +554,5 @@ WebAuthNGetW3CExceptionDOMError(
 
 #endif // WINAPI_FAMILY_PARTITION
 #pragma endregion
+
+#endif  // THIRD_PARTY_MICROSOFT_WEBAUTHN_WEBAUTHN_H_