Passkeys improvements

share/translations/keepassxc_en.ts

@@ -8419,10 +8419,6 @@ Kernel: %3 %4</source>
         <source>Invalid URL provided</source>
         <translation type="unfinished"></translation>
     </message>
-    <message>
-        <source>Resident Keys are not supported</source>
-        <translation type="unfinished"></translation>
-    </message>
     <message>
         <source>Passkeys</source>
         <translation type="unfinished"></translation>
@@ -8483,6 +8479,38 @@ Kernel: %3 %4</source>
         <source>Failed to decrypt key data.</source>
         <translation type="unfinished"></translation>
     </message>
+    <message>
+        <source>Origin is empty or not allowed</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Effective domain is not a valid domain</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Origin and RP ID do not match</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>No supported algorithms were provided</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Wait for timer to expire</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Unknown Passkeys error</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Challenge is shorter than required minimum length</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>user.id does not match the required length</source>
+        <translation type="unfinished"></translation>
+    </message>
 </context>
 <context>
     <name>QtIOCompressor</name>

src/browser/BrowserAction.cpp

@@ -1,5 +1,5 @@
 /*
- *  Copyright (C) 2023 KeePassXC Team <[email protected]>
+ *  Copyright (C) 2024 KeePassXC Team <[email protected]>
  *
  *  This program is free software: you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by

src/browser/BrowserAction.h

@@ -44,6 +44,11 @@ struct BrowserRequest
         return decrypted.value(param).toArray();
     }
 
+    inline bool getBool(const QString& param) const
+    {
+        return decrypted.value(param).toBool();
+    }
+
     inline QJsonObject getObject(const QString& param) const
     {
         return decrypted.value(param).toObject();

src/browser/BrowserCbor.cpp

@@ -96,8 +96,15 @@ QByteArray BrowserCbor::cborEncodePublicKey(int alg, const QByteArray& first, co
 
         writer.endMap();
     } else if (alg == WebAuthnAlgorithms::EDDSA) {
-        // https://www.rfc-editor.org/rfc/rfc8152#section-13.2
-        writer.startMap(3);
+        writer.startMap(4);
+
+        // Key type
+        writer.append(1);
+        writer.append(getCoseKeyType(alg));
+
+        // Algorithm
+        writer.append(3);
+        writer.append(alg);
 
         // Curve parameter
         writer.append(-1);
@@ -107,10 +114,6 @@ QByteArray BrowserCbor::cborEncodePublicKey(int alg, const QByteArray& first, co
         writer.append(-2);
         writer.append(first);
 
-        // Private key
-        writer.append(-4);
-        writer.append(second);
-
         writer.endMap();
     }
 

src/browser/BrowserMessageBuilder.cpp

@@ -140,8 +140,22 @@ QString BrowserMessageBuilder::getErrorMessage(const int errorCode) const
         return QObject::tr("Empty public key");
     case ERROR_PASSKEYS_INVALID_URL_PROVIDED:
         return QObject::tr("Invalid URL provided");
-    case ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED:
-        return QObject::tr("Resident Keys are not supported");
+    case ERROR_PASSKEYS_ORIGIN_NOT_ALLOWED:
+        return QObject::tr("Origin is empty or not allowed");
+    case ERROR_PASSKEYS_DOMAIN_IS_NOT_VALID:
+        return QObject::tr("Effective domain is not a valid domain");
+    case ERROR_PASSKEYS_DOMAIN_RPID_MISMATCH:
+        return QObject::tr("Origin and RP ID do not match");
+    case ERROR_PASSKEYS_NO_SUPPORTED_ALGORITHMS:
+        return QObject::tr("No supported algorithms were provided");
+    case ERROR_PASSKEYS_WAIT_FOR_LIFETIMER:
+        return QObject::tr("Wait for timer to expire");
+    case ERROR_PASSKEYS_UNKNOWN_ERROR:
+        return QObject::tr("Unknown Passkeys error");
+    case ERROR_PASSKEYS_INVALID_CHALLENGE:
+        return QObject::tr("Challenge is shorter than required minimum length");
+    case ERROR_PASSKEYS_INVALID_USER_ID:
+        return QObject::tr("user.id does not match the required length");
     default:
         return QObject::tr("Unknown error");
     }

src/browser/BrowserMessageBuilder.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright (C) 2023 KeePassXC Team <[email protected]>
+ *  Copyright (C) 2024 KeePassXC Team <[email protected]>
  *
  *  This program is free software: you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -55,7 +55,14 @@ namespace
         ERROR_PASSKEYS_INVALID_USER_VERIFICATION = 23,
         ERROR_PASSKEYS_EMPTY_PUBLIC_KEY = 24,
         ERROR_PASSKEYS_INVALID_URL_PROVIDED = 25,
-        ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED = 26,
+        ERROR_PASSKEYS_ORIGIN_NOT_ALLOWED = 26,
+        ERROR_PASSKEYS_DOMAIN_IS_NOT_VALID = 27,
+        ERROR_PASSKEYS_DOMAIN_RPID_MISMATCH = 28,
+        ERROR_PASSKEYS_NO_SUPPORTED_ALGORITHMS = 29,
+        ERROR_PASSKEYS_WAIT_FOR_LIFETIMER = 30,
+        ERROR_PASSKEYS_UNKNOWN_ERROR = 31,
+        ERROR_PASSKEYS_INVALID_CHALLENGE = 32,
+        ERROR_PASSKEYS_INVALID_USER_ID = 33,
     };
 }