WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
183533
[WebAuthn] Formalize the Keychain schema
https://bugs.webkit.org/show_bug.cgi?id=183533
Summary
[WebAuthn] Formalize the Keychain schema
Jiewen Tan
Reported
2018-03-09 15:50:57 PST
Figure out a way to store all credential meta data: PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity, and Counter.
Attachments
Patch
(135.65 KB, patch)
2020-03-09 02:03 PDT
,
Jiewen Tan
no flags
Details
Formatted Diff
Diff
Patch
(137.77 KB, patch)
2020-03-09 16:25 PDT
,
Jiewen Tan
no flags
Details
Formatted Diff
Diff
Patch
(139.51 KB, patch)
2020-03-10 14:27 PDT
,
Jiewen Tan
bfulgham
: review+
Details
Formatted Diff
Diff
Patch for landing
(139.27 KB, patch)
2020-03-11 14:52 PDT
,
Jiewen Tan
no flags
Details
Formatted Diff
Diff
Show Obsolete
(2)
View All
Add attachment
proposed patch, testcase, etc.
Jiewen Tan
Comment 1
2018-03-09 15:53:06 PST
We might also want to update certificates related to the credential as well.
Radar WebKit Bug Importer
Comment 2
2018-08-15 13:41:28 PDT
<
rdar://problem/43347926
>
Jiewen Tan
Comment 3
2020-03-09 02:03:11 PDT
Created
attachment 393016
[details]
Patch
Jiewen Tan
Comment 4
2020-03-09 16:25:43 PDT
Created
attachment 393090
[details]
Patch
Brent Fulgham
Comment 5
2020-03-10 10:47:46 PDT
Comment on
attachment 393090
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=393090&action=review
> Source/WebKit/ChangeLog:9 > + This patch formalizes the schema for the Keychain as follow:
... as follows:
> Source/WebKit/ChangeLog:35 > + the trustworthy information that the UserAgent produce. Others can be potentially used by
Also, this is the only trustworthy information that the UserAgent produces. Others could potentially be used by malicious websites ...
> Source/WebKit/ChangeLog:51 > + within the SEP. So this field is absolutely useless.
What is the purpose of this paragraph? Are you saying that we don't implement the signature counter? If we do implement it (or perhaps just provide a constant value) I don't think we need to have this paragraph.
> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:335 > + OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)credentialIdQuery, nullptr);
Where is the result of this Copy going? That needs to be refcounted.
Jiewen Tan
Comment 6
2020-03-10 14:26:06 PDT
Comment on
attachment 393090
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=393090&action=review
Thanks Brent for the review.
>> Source/WebKit/ChangeLog:9 >> + This patch formalizes the schema for the Keychain as follow: > > ... as follows:
Fixed.
>> Source/WebKit/ChangeLog:35 >> + the trustworthy information that the UserAgent produce. Others can be potentially used by > > Also, this is the only trustworthy information that the UserAgent produces. Others could potentially be used by malicious websites ...
Fixed.
>> Source/WebKit/ChangeLog:51 >> + within the SEP. So this field is absolutely useless. > > What is the purpose of this paragraph? Are you saying that we don't implement the signature counter? If we do implement it (or perhaps just provide a constant value) I don't think we need to have this paragraph.
It explains why it is constantly zero in the implementation.
>> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:335 >> + OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)credentialIdQuery, nullptr); > > Where is the result of this Copy going? That needs to be refcounted.
This is a query to confirm the SecItem presents, and therefore it doesn't ask the Keychain to return anything. Otherwise, returned values will be returned via the nullptr's parameter. We use the status to confirm the existence.
Jiewen Tan
Comment 7
2020-03-10 14:27:38 PDT
Created
attachment 393180
[details]
Patch
Brent Fulgham
Comment 8
2020-03-11 11:00:04 PDT
Comment on
attachment 393180
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=393180&action=review
> Source/WebKit/ChangeLog:51 > + within the SEP. So this field is absolutely useless.
I suggest: We hard code a zero value for 'signature counter'. While this is a theoretically interesting technique for a RP to detect private key cloning, it is unlikely to be useful in practice. We store the private keys in our SEP. This counter would only be a meaningful protection if adversaries were able to extract private key data from the SEP without Apple noticing, but were not able to manipulate this counter to fool the RP.
> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:338 > + ASSERT(!status);
Should this be a RELEASE_ASSERT?
Jiewen Tan
Comment 9
2020-03-11 14:50:32 PDT
Comment on
attachment 393180
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=393180&action=review
Thanks Brent for the r+.
>> Source/WebKit/ChangeLog:51 >> + within the SEP. So this field is absolutely useless. > > I suggest: > > We hard code a zero value for 'signature counter'. While this is a theoretically interesting technique for a RP to detect private key cloning, it is unlikely to be useful in practice. We store the private keys in our SEP. This counter would only be a meaningful protection if adversaries were able to extract private key data from the SEP without Apple noticing, but were not able to manipulate this counter to fool the RP.
Fixed.
>> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:338 >> + ASSERT(!status); > > Should this be a RELEASE_ASSERT?
This code is only executed in debug build. So, I think ASSERT is enough.
Jiewen Tan
Comment 10
2020-03-11 14:52:36 PDT
Created
attachment 393289
[details]
Patch for landing
WebKit Commit Bot
Comment 11
2020-03-11 15:42:15 PDT
Comment on
attachment 393289
[details]
Patch for landing Clearing flags on attachment: 393289 Committed
r258293
: <
https://trac.webkit.org/changeset/258293
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug