Changeset 290539 in webkit


Ignore:
Timestamp:
Feb 25, 2022 5:47:04 PM (5 months ago)
Author:
J Pascoe
Message:

[WebAuthn] Fallback to attestation=none whenever attestation fails
https://bugs.webkit.org/show_bug.cgi?id=237223
rdar://88767812

Reviewed by Brent Fulgham.

Source/WebKit:

Whenever attestation is requested by a RP and it fails to complete,
we previously errored out of the registration. The more correct platform
behavior in this case is to provide attestation=none.

Created API test for this behavior.

  • UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:

(WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested):

Tools:

Add test for local authenticator attestation fallback behavior.

  • TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:

(TestWebKitAPI::TEST):

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r290535 r290539  
     12022-02-25  J Pascoe  <j_pascoe@apple.com>
     2
     3        [WebAuthn] Fallback to attestation=none whenever attestation fails
     4        https://bugs.webkit.org/show_bug.cgi?id=237223
     5        rdar://88767812
     6
     7        Reviewed by Brent Fulgham.
     8
     9        Whenever attestation is requested by a RP and it fails to complete,
     10        we previously errored out of the registration. The more correct platform
     11        behavior in this case is to provide attestation=none.
     12
     13        Created API test for this behavior.
     14
     15        * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
     16        (WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested):
     17
    1182022-02-25  Per Arne Vollan  <pvollan@apple.com>
    219

  • trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm

    r290381 r290539  
    466466
    467467    if (error) {
    468         receiveException({ UnknownError, makeString("Couldn't attest: ", String(error.localizedDescription)) });
     468        LOG_ERROR("Couldn't attest: %s", String(error.localizedDescription).utf8().data());
     469        auto attestationObject = buildAttestationObject(WTFMove(authData), "", { }, AttestationConveyancePreference::None);
     470        receiveRespond(AuthenticatorAttestationResponse::create(credentialId, attestationObject, AuthenticatorAttachment::Platform));
    469471        return;
    470472    }

  • trunk/Tools/ChangeLog

    r290534 r290539  
     12022-02-25  J Pascoe  <j_pascoe@apple.com>
     2
     3        [WebAuthn] Fallback to attestation=none whenever attestation fails
     4        https://bugs.webkit.org/show_bug.cgi?id=237223
     5        rdar://88767812
     6
     7        Reviewed by Brent Fulgham.
     8
     9        Add test for local authenticator attestation fallback behavior.
     10
     11        * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:
     12        (TestWebKitAPI::TEST):
     13
    1142022-02-25  Brent Fulgham  <bfulgham@apple.com>
    215

  • trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm

    r290381 r290539  
    19291929    Util::run(&webAuthenticationPanelRan);
    19301930}
     1931
     1932TEST(WebAuthenticationPanel, MakeCredentialLAAttestationFalback)
     1933{
     1934    reset();
     1935
     1936    uint8_t identifier[] = { 0x01, 0x02, 0x03, 0x04 };
     1937    uint8_t hash[] = { 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04 };
     1938    NSData *nsIdentifier = [NSData dataWithBytes:identifier length:sizeof(identifier)];
     1939    auto nsHash = adoptNS([[NSData alloc] initWithBytes:hash length:sizeof(hash)]);
     1940    auto parameters = adoptNS([[_WKPublicKeyCredentialParameters alloc] initWithAlgorithm:@-7]);
     1941
     1942    auto rp = adoptNS([[_WKPublicKeyCredentialRelyingPartyEntity alloc] initWithName:@"example.com"]);
     1943    [rp setIdentifier:@"example.com"];
     1944    auto user = adoptNS([[_WKPublicKeyCredentialUserEntity alloc] initWithName:@"jappleseed@example.com" identifier:nsIdentifier displayName:@"J Appleseed"]);
     1945    NSArray<_WKPublicKeyCredentialParameters *> *publicKeyCredentialParamaters = @[ parameters.get() ];
     1946    auto options = adoptNS([[_WKPublicKeyCredentialCreationOptions alloc] initWithRelyingParty:rp.get() user:user.get() publicKeyCredentialParamaters:publicKeyCredentialParamaters]);
     1947    options.get().attestation = _WKAttestationConveyancePreferenceDirect;
     1948
     1949    auto panel = adoptNS([[_WKWebAuthenticationPanel alloc] init]);
     1950    [panel setMockConfiguration:@{ @"privateKeyBase64": testES256PrivateKeyBase64 }];
     1951    auto delegate = adoptNS([[TestWebAuthenticationPanelDelegate alloc] init]);
     1952    [panel setDelegate:delegate.get()];
     1953
     1954    [panel makeCredentialWithClientDataHash:nsHash.get() options:options.get() completionHandler:^(_WKAuthenticatorAttestationResponse *response, NSError *error) {
     1955        webAuthenticationPanelRan = true;
     1956        cleanUpKeychain("example.com");
     1957
     1958        EXPECT_NOT_NULL(response);
     1959        // {"fmt": "none", "attStmt": {}, "authData": ...}
     1960        EXPECT_WK_STREQ([response.attestationObject base64EncodedStringWithOptions:0], "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViYo3mm9u6vuaVeN4wRgDTidR5oL6ufLTCrE9ISVYbOGUdFAAAAAAAAAAAAAAAAAAAAAAAAAAAAFEjElx54Be4RDrBJQO9wt0WPvG0epQECAyYgASFYIDj/zxSkzKgaBuS3cdWDF558of8AaIpgFpsjF/Qm1749IlggVBJPgqUIwfhWHJ91nb7UPH76c0+WFOzZKslPyyFse4g=");
     1961    }];
     1962    Util::run(&webAuthenticationPanelRan);
     1963}
    19311964#endif
    19321965
Note: See TracChangeset for help on using the changeset viewer.