WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
197974
[WebAuthN] Allow authenticators that support both CTAP and U2F to try U2F if CTAP fails in authenticatorGetAssertion
https://bugs.webkit.org/show_bug.cgi?id=197974
Summary
[WebAuthN] Allow authenticators that support both CTAP and U2F to try U2F if ...
Jiewen Tan
Reported
2019-05-16 20:21:05 PDT
Allow authenticators that support both CTAP and U2F to try U2F if CTAP fails in authenticatorGetAssertion.
Attachments
Patch
(28.44 KB, patch)
2019-05-16 20:43 PDT
,
Jiewen Tan
no flags
Details
Formatted Diff
Diff
Patch
(28.20 KB, patch)
2019-05-17 15:36 PDT
,
Jiewen Tan
no flags
Details
Formatted Diff
Diff
Patch
(27.48 KB, patch)
2019-05-17 15:45 PDT
,
Jiewen Tan
no flags
Details
Formatted Diff
Diff
Show Obsolete
(2)
View All
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2019-05-16 20:24:06 PDT
<
rdar://problem/50879746
>
Radar WebKit Bug Importer
Comment 2
2019-05-16 20:24:07 PDT
Comment hidden (obsolete)
<
rdar://problem/50879747
>
Jiewen Tan
Comment 3
2019-05-16 20:43:07 PDT
Created
attachment 370100
[details]
Patch
Jiewen Tan
Comment 4
2019-05-16 22:34:09 PDT
Comment on
attachment 370100
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=370100&action=review
> Source/WebKit/ChangeLog:16 > + to ask a potential U2F credential once a kCtap2ErrInvalidCredential error is returned regarding to the first CTAP request,
I should probably relax all conditions to always downgrade to U2F whenever there is no responses to the first CTAP request.
Jiewen Tan
Comment 5
2019-05-17 00:57:20 PDT
Comment on
attachment 370100
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=370100&action=review
> Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp:93 > + auto error = getResponseCode(data);
I should probably relax all conditions to always downgrade to U2F whenever there is no responses to the first CTAP request.
Jiewen Tan
Comment 6
2019-05-17 15:24:47 PDT
Comment on
attachment 370100
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=370100&action=review
>> Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp:93 >> + auto error = getResponseCode(data); > > I should probably relax all conditions to always downgrade to U2F whenever there is no responses to the first CTAP request.
The reason behinds this decision is that CTAP2_ERR_NO_CREDENTIALS is recommended in the spec:
https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorGetAssertion
. On contrary, I get CTAP2_ERR_INVALID_CREDENTIAL from some keys. Therefore, we should probably not check any error. Also, bad user agents might somehow prefer U2F over CTAP, and therefore relaying parties might not be aware of it and supply an appid to indicate a U2F credential should be used instead. Therefore, we should omit that check as well.
Jiewen Tan
Comment 7
2019-05-17 15:36:25 PDT
Created
attachment 370163
[details]
Patch
Brent Fulgham
Comment 8
2019-05-17 15:42:25 PDT
Comment on
attachment 370163
[details]
Patch Looks good. r=me
Jiewen Tan
Comment 9
2019-05-17 15:45:42 PDT
Created
attachment 370165
[details]
Patch
Jiewen Tan
Comment 10
2019-05-17 15:47:15 PDT
(In reply to Brent Fulgham from
comment #8
)
> Comment on
attachment 370163
[details]
> Patch > > Looks good. r=me
Sorry, Brent. I modified a test and uploaded a new patch which obsolete your r+ flag. Could you r+ it again?
Brent Fulgham
Comment 11
2019-05-17 17:13:18 PDT
Comment on
attachment 370165
[details]
Patch R=me
Jiewen Tan
Comment 12
2019-05-18 17:15:35 PDT
(In reply to Brent Fulgham from
comment #11
)
> Comment on
attachment 370165
[details]
> Patch > > R=me
Thanks Brent for r+ this patch.
WebKit Commit Bot
Comment 13
2019-05-18 17:42:22 PDT
Comment on
attachment 370165
[details]
Patch Clearing flags on attachment: 370165 Committed
r245500
: <
https://trac.webkit.org/changeset/245500
>
WebKit Commit Bot
Comment 14
2019-05-18 17:42:24 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug