RESOLVED FIXED Bug 191535
[WebAuthN] Support U2F HID Authenticators on macOS 
https://bugs.webkit.org/show_bug.cgi?id=191535
Summary [WebAuthN] Support U2F HID Authenticators on macOS
Jiewen Tan
Reported 2018-11-11 18:35:29 PST
Support U2F HID Authenticators on macOS.
Attachments
Patch (142.89 KB, patch)
2019-01-07 17:55 PST, Jiewen Tan 		no flags
DetailsFormatted DiffDiff
Patch (142.89 KB, patch)
2019-01-07 18:02 PST, Jiewen Tan 		no flags
DetailsFormatted DiffDiff
Patch (144.31 KB, patch)
2019-01-07 22:56 PST, Jiewen Tan 		no flags
DetailsFormatted DiffDiff
Patch (104.21 KB, patch)
2019-01-08 13:44 PST, Jiewen Tan 		bfulgham: review+
DetailsFormatted DiffDiff
Patch for landing (103.31 KB, patch)
2019-01-08 15:56 PST, Jiewen Tan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2019-01-07 17:18:26 PST
<rdar://problem/47102027>
Jiewen Tan
Comment 2 2019-01-07 17:55:44 PST
Created attachment 358560 [details] Patch
Jiewen Tan
Comment 3 2019-01-07 17:58:17 PST
Comment on attachment 358560 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=358560&action=review > Source/WebKit/UIProcess/WebAuthentication/Fido/CtapHidAuthenticator.cpp:1 > +/* No changes to the file. Just renaming. > Source/WebKit/UIProcess/WebAuthentication/Fido/CtapHidAuthenticator.h:1 > +/* No changes to the file. Just renaming. > Source/WebKit/UIProcess/WebAuthentication/Fido/CtapHidDriver.cpp:1 > +/* No changes to the file. Just renaming. > Source/WebKit/UIProcess/WebAuthentication/Fido/CtapHidDriver.h:1 > +/* No changes to the file. Just renaming.
Jiewen Tan
Comment 4 2019-01-07 18:02:14 PST
Created attachment 358561 [details] Patch
Jiewen Tan
Comment 5 2019-01-07 22:56:45 PST
Created attachment 358578 [details] Patch
Jiewen Tan
Comment 6 2019-01-08 11:35:00 PST
It looks like that our svn system doesn't like case sensitive renaming for folders, i.e. fido => Fido. I will revert the renaming change then.
Jiewen Tan
Comment 7 2019-01-08 13:44:16 PST
Created attachment 358633 [details] Patch
Brent Fulgham
Comment 8 2019-01-08 14:33:51 PST
Comment on attachment 358633 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=358633&action=review Looks good, but you may need to land it manually (iOS project file seems unhappy). > Source/WebKit/UIProcess/WebAuthentication/Cocoa/HidService.mm:120 > // FIXME(191535): Support U2F authenticators. Do you still need this comment? If you do, I don't think the Bugzilla # is right! :-) > Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:138 > + if (m_requestMessage->cmd() == FidoHidDeviceCommand::kCbor) { Are there other request messages we are supporting (besides kCbor)? If not, consider early return here. > Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:219 > + message = FidoHidMessage::create(m_currentChannel, FidoHidDeviceCommand::kError, { static_cast<uint8_t>(CtapDeviceResponseCode::kCtap1ErrInvalidCommand) }); Does this cause a console message a developer can see? We might need good logging here to explain that we don't support older device protocols. > Source/WebKit/UIProcess/WebAuthentication/fido/U2fHidAuthenticator.cpp:52 > + // FIXME(191520): We need a way to convert std::unique_ptr to UniqueRef. You should talk to David Kilzer about that one...
Jiewen Tan
Comment 9 2019-01-08 15:23:38 PST
Comment on attachment 358633 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=358633&action=review Thanks Brent for r+ this patch. I will figure out what's going on with iOS bots before landing this patch. >> Source/WebKit/UIProcess/WebAuthentication/Cocoa/HidService.mm:120 >> // FIXME(191535): Support U2F authenticators. > > Do you still need this comment? If you do, I don't think the Bugzilla # is right! :-) Yup, we don't need that anymore. >> Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:138 >> + if (m_requestMessage->cmd() == FidoHidDeviceCommand::kCbor) { > > Are there other request messages we are supporting (besides kCbor)? If not, consider early return here. We anticipate other request messages as well. kMsg for U2F, and kCbor for CTAP. Therefore, we can't add early return. >> Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:219 >> + message = FidoHidMessage::create(m_currentChannel, FidoHidDeviceCommand::kError, { static_cast<uint8_t>(CtapDeviceResponseCode::kCtap1ErrInvalidCommand) }); > > Does this cause a console message a developer can see? We might need good logging here to explain that we don't support older device protocols. Oh no, this is mocking a U2F authenticator's response to a kCbor(CTAP) msg command. After this patch, we will support both U2F and CTAP authenticators, and therefore we don't need to tell developers we don't support old protocols anymore. :) >> Source/WebKit/UIProcess/WebAuthentication/fido/U2fHidAuthenticator.cpp:52 >> + // FIXME(191520): We need a way to convert std::unique_ptr to UniqueRef. > > You should talk to David Kilzer about that one... Will be glad to.
Jiewen Tan
Comment 10 2019-01-08 15:56:26 PST
Created attachment 358644 [details] Patch for landing
WebKit Commit Bot
Comment 11 2019-01-08 16:35:48 PST
Comment on attachment 358644 [details] Patch for landing Clearing flags on attachment: 358644 Committed r239752: <https://trac.webkit.org/changeset/239752>
Truitt Savell
Comment 12 2019-01-09 13:20:33 PST
The new test added in https://trac.webkit.org/changeset/239752/webkit http/wpt/webauthn/public-key-credential-get-success-u2f.https.html is a flakey timeout and failure. History: https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=http%2Fwpt%2Fwebauthn%2Fpublic-key-credential-get-success-u2f.https.html Diff: --- /Volumes/Data/slave/highsierra-debug-tests-wk2/build/layout-test-results/http/wpt/webauthn/public-key-credential-get-success-u2f.https-expected.txt +++ /Volumes/Data/slave/highsierra-debug-tests-wk2/build/layout-test-results/http/wpt/webauthn/public-key-credential-get-success-u2f.https-actual.txt @@ -1,5 +1,5 @@ PASS PublicKeyCredential's [[get]] with minimum options in a mock hid authenticator. -PASS PublicKeyCredential's [[get]] with more allow credentials in a mock hid authenticator. +FAIL PublicKeyCredential's [[get]] with more allow credentials in a mock hid authenticator. promise_test: Unhandled rejection with value: object "NotAllowedError: Operation timed out." PASS PublicKeyCredential's [[get]] with test of user presence in a mock hid authenticator.
Truitt Savell
Comment 13 2019-01-09 14:36:56 PST
Additionally: http/wpt/webauthn/public-key-credential-get-failure-u2f-silent.https.html Is a flaky timeout: https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=http%2Fwpt%2Fwebauthn%2Fpublic-key-credential-get-failure-u2f-silent.https.html http/wpt/webauthn/public-key-credential-create-success-u2f.https.html is a flaky failure: https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=http%2Fwpt%2Fwebauthn%2Fpublic-key-credential-create-success-u2f.https.html
Jiewen Tan
Comment 14 2019-01-09 14:52:47 PST
(In reply to Truitt Savell from comment #13) > Additionally: > > http/wpt/webauthn/public-key-credential-get-failure-u2f-silent.https.html Is > a flaky timeout: > https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard. > html#showAllRuns=true&tests=http%2Fwpt%2Fwebauthn%2Fpublic-key-credential- > get-failure-u2f-silent.https.html > > > > http/wpt/webauthn/public-key-credential-create-success-u2f.https.html is a > flaky failure: > https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard. > html#showAllRuns=true&tests=http%2Fwpt%2Fwebauthn%2Fpublic-key-credential- > create-success-u2f.https.html Don't worry. They will be covered by Bug 192061.
Note You need to log in before you can comment on or make changes to this bug.