Changeset 239852 in webkit

Timestamp:

Jan 10, 2019 5:42:34 PM (5 years ago)

Author:

jiewen_tan@apple.com

Message:

[WebAuthN] Change the nonce in the CTAP kInit command to weak random values
​https://bugs.webkit.org/show_bug.cgi?id=192061
<rdar://problem/46471091>

Reviewed by Chris Dumez.

Change the nonce in the CTAP kInit command to weak random values as the nonce is mainly
for being a probabilistically unique global identifier for hand shakes, instead of
preventing replay attacks. Otherwise, it might exhaust system entropy unnecessarily.

The patch also removes all logging when debugging the test case flakiness.

• UIProcess/WebAuthentication/AuthenticatorManager.cpp:

(WebKit::AuthenticatorManager::respondReceived):
(WebKit::AuthenticatorManager::initTimeOutTimer):
(WebKit::AuthenticatorManager::timeOutTimerFired):

• UIProcess/WebAuthentication/Cocoa/HidService.mm:

(WebKit::HidService::deviceAdded):

• UIProcess/WebAuthentication/Mock/MockAuthenticatorManager.cpp:

(WebKit::MockAuthenticatorManager::respondReceivedInternal):

• UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:

(WebKit::MockHidConnection::send):

• UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp:

(WebKit::CtapHidAuthenticator::makeCredential):
(WebKit::CtapHidAuthenticator::getAssertion):

• UIProcess/WebAuthentication/fido/CtapHidDriver.cpp:

(WebKit::CtapHidDriver::Worker::write):
(WebKit::CtapHidDriver::Worker::read):
(WebKit::CtapHidDriver::Worker::returnMessage):
(WebKit::CtapHidDriver::transact):
(WebKit::CtapHidDriver::continueAfterChannelAllocated):
(WebKit::CtapHidDriver::continueAfterResponseReceived):

Location:

trunk/Source/WebKit

Files:

• ChangeLog (modified) (1 diff)
• UIProcess/WebAuthentication/AuthenticatorManager.cpp (modified) (3 diffs)
• UIProcess/WebAuthentication/Cocoa/HidService.mm (modified) (1 diff)
• UIProcess/WebAuthentication/Mock/MockAuthenticatorManager.cpp (modified) (1 diff)
• UIProcess/WebAuthentication/Mock/MockHidConnection.cpp (modified) (2 diffs)
• UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp (modified) (2 diffs)
• UIProcess/WebAuthentication/fido/CtapHidDriver.cpp (modified) (7 diffs)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2019-01-10  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthN] Change the nonce in the CTAP kInit command to weak random values
+        https://bugs.webkit.org/show_bug.cgi?id=192061
+        <rdar://problem/46471091>
+
+        Reviewed by Chris Dumez.
+
+        Change the nonce in the CTAP kInit command to weak random values as the nonce is mainly
+        for being a probabilistically unique global identifier for hand shakes, instead of
+        preventing replay attacks. Otherwise, it might exhaust system entropy unnecessarily.
+
+        The patch also removes all logging when debugging the test case flakiness.
+
+        * UIProcess/WebAuthentication/AuthenticatorManager.cpp:
+        (WebKit::AuthenticatorManager::respondReceived):
+        (WebKit::AuthenticatorManager::initTimeOutTimer):
+        (WebKit::AuthenticatorManager::timeOutTimerFired):
+        * UIProcess/WebAuthentication/Cocoa/HidService.mm:
+        (WebKit::HidService::deviceAdded):
+        * UIProcess/WebAuthentication/Mock/MockAuthenticatorManager.cpp:
+        (WebKit::MockAuthenticatorManager::respondReceivedInternal):
+        * UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:
+        (WebKit::MockHidConnection::send):
+        * UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp:
+        (WebKit::CtapHidAuthenticator::makeCredential):
+        (WebKit::CtapHidAuthenticator::getAssertion):
+        * UIProcess/WebAuthentication/fido/CtapHidDriver.cpp:
+        (WebKit::CtapHidDriver::Worker::write):
+        (WebKit::CtapHidDriver::Worker::read):
+        (WebKit::CtapHidDriver::Worker::returnMessage):
+        (WebKit::CtapHidDriver::transact):
+        (WebKit::CtapHidDriver::continueAfterChannelAllocated):
+        (WebKit::CtapHidDriver::continueAfterResponseReceived):
+
 2019-01-10  Timothy Hatcher  <timothy@apple.com>
 

trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp

@@ -193 +193 @@
         m_pendingCompletionHandler(WTFMove(respond));
         clearStateAsync();
-        // FIXME(192061)
-        LOG_ERROR("Stop timer.");
         m_requestTimeOutTimer.stop();
         return;
@@ -227 +225 @@
 
     unsigned timeOutInMsValue = std::min(maxTimeOutValue, timeOutInMs.valueOr(maxTimeOutValue));
-    // FIXME(192061)
-    LOG_ERROR("Start timer: %d. Current time: %f.", timeOutInMsValue, MonotonicTime::now().secondsSinceEpoch().value());
     m_requestTimeOutTimer.startOneShot(Seconds::fromMilliseconds(timeOutInMsValue));
-    LOG_ERROR("Seconds until fire: %f", m_requestTimeOutTimer.secondsUntilFire().value());
 }
 
@@ -236 +231 @@
 {
     ASSERT(m_requestTimeOutTimer.isActive());
-    // FIXME(192061)
-    LOG_ERROR("Timer fired: %f, Current time: %f", m_requestTimeOutTimer.secondsUntilFire().value(), MonotonicTime::now().secondsSinceEpoch().value());
     m_pendingCompletionHandler((ExceptionData { NotAllowedError, "Operation timed out."_s }));
     clearStateAsync();

trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/HidService.mm

@@ -95 +95 @@
     auto driver = std::make_unique<CtapHidDriver>(createHidConnection(device));
     // Get authenticator info from the device.
-    // FIXME(192061)
-    LOG_ERROR("Start asking device info.");
     driver->transact(encodeEmptyAuthenticatorRequest(CtapRequestCommand::kAuthenticatorGetInfo), [weakThis = makeWeakPtr(*this), ptr = driver.get()](Vector<uint8_t>&& response) {
         ASSERT(RunLoop::isMain());

trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockAuthenticatorManager.cpp

@@ -48 +48 @@
     pendingCompletionHandler()(WTFMove(respond));
     clearStateAsync();
-    // FIXME(192061)
-    LOG_ERROR("Stop timer.");
     requestTimeOutTimer().stop();
 }

trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp

@@ -71 +71 @@
 void MockHidConnection::send(Vector<uint8_t>&& data, DataSentCallback&& callback)
 {
-    // FIXME(192061): Remove all LOG_ERRORs.
-    LOG_ERROR("Sending data: Phase 1. Current time: %f.", MonotonicTime::now().secondsSinceEpoch().value());
     ASSERT(m_initialized);
     auto task = makeBlockPtr([weakThis = makeWeakPtr(*this), data = WTFMove(data), callback = WTFMove(callback)]() mutable {
         ASSERT(!RunLoop::isMain());
-        LOG_ERROR("Sending data: Phase 2. Current time: %f.", MonotonicTime::now().secondsSinceEpoch().value());
         RunLoop::main().dispatch([weakThis, data = WTFMove(data), callback = WTFMove(callback)]() mutable {
-            LOG_ERROR("Sending data: Phase 3. Current time: %f.", MonotonicTime::now().secondsSinceEpoch().value());
             if (!weakThis) {
                 callback(DataSent::No);
@@ -84 +80 @@
             }
 
-            LOG_ERROR("Sending data: Phase 4. Current time: %f.", MonotonicTime::now().secondsSinceEpoch().value());
             weakThis->assembleRequest(WTFMove(data));
 
-            LOG_ERROR("Sending data: Phase 5. Current time: %f.", MonotonicTime::now().secondsSinceEpoch().value());
             auto sent = DataSent::Yes;
             if (weakThis->stagesMatch() && weakThis->m_configuration.hid->error == Mock::Error::DataNotSent)

trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp

@@ -50 +50 @@
 void CtapHidAuthenticator::makeCredential()
 {
-    // FIXME(192061)
-    LOG_ERROR("Start making credentials.");
     auto cborCmd = encodeMakeCredenitalRequestAsCBOR(requestData().hash, requestData().creationOptions, m_info.options().userVerificationAvailability());
     m_driver->transact(WTFMove(cborCmd), [weakThis = makeWeakPtr(*this)](Vector<uint8_t>&& data) {
@@ -73 +71 @@
 void CtapHidAuthenticator::getAssertion()
 {
-    // FIXME(192061)
-    LOG_ERROR("Start getting assertions.");
     auto cborCmd = encodeGetAssertionRequestAsCBOR(requestData().hash, requestData().requestOptions, m_info.options().userVerificationAvailability());
     m_driver->transact(WTFMove(cborCmd), [weakThis = makeWeakPtr(*this)](Vector<uint8_t>&& data) {

trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidDriver.cpp

@@ -30 +30 @@
 
 #include <WebCore/FidoConstants.h>
-#include <wtf/CryptographicallyRandomNumber.h>
+#include <wtf/RandomNumber.h>
 #include <wtf/RunLoop.h>
 #include <wtf/Vector.h>
@@ -70 +70 @@
 {
     ASSERT(m_state == State::Write);
-    // FIXME(192061)
-    LOG_ERROR("Start writing data.");
     if (sent != HidConnection::DataSent::Yes) {
         returnMessage(WTF::nullopt);
@@ -99 +97 @@
 {
     ASSERT(m_state == State::Read);
-    // FIXME(192061)
-    LOG_ERROR("Start reading data.");
     if (!m_responseMessage) {
         m_responseMessage = FidoHidMessage::createFromSerializedData(data);
@@ -131 +127 @@
 void CtapHidDriver::Worker::returnMessage(Optional<fido::FidoHidMessage>&& message)
 {
-    // FIXME(192061)
-    LOG_ERROR("Start returning data.");
     m_state = State::Idle;
     m_connection->unregisterDataReceivedCallback();
@@ -153 +147 @@
 
     // Allocate a channel.
-    // FIXME(192061)
-    LOG_ERROR("Start allocating a channel.");
-    ASSERT(m_nonce.size() == kHidInitNonceLength);
-    cryptographicallyRandomValues(m_nonce.data(), m_nonce.size());
+    // Use a pseudo random nonce instead of a cryptographically strong one as the nonce
+    // is mainly for identifications.
+    size_t steps = kHidInitNonceLength / sizeof(uint32_t);
+    ASSERT(!(kHidInitNonceLength % sizeof(uint32_t)) && steps >= 1);
+    for (size_t i = 0; i < steps; ++i) {
+        uint32_t weakRandom = weakRandomUint32();
+        memcpy(m_nonce.data() + i * sizeof(uint32_t), &weakRandom, sizeof(uint32_t));
+    }
+
     auto initCommand = FidoHidMessage::create(m_channelId, FidoHidDeviceCommand::kInit, m_nonce);
     ASSERT(initCommand);
@@ -196 +195 @@
     m_channelId |= static_cast<uint32_t>(payload[index]);
     // FIXME(191534): Check the reset of the payload.
-    // FIXME(192061)
-    LOG_ERROR("Start sending the request.");
     auto cmd = FidoHidMessage::create(m_channelId, m_protocol == ProtocolVersion::kCtap ? FidoHidDeviceCommand::kCbor : FidoHidDeviceCommand::kMsg, m_requestData);
     ASSERT(cmd);
@@ -212 +209 @@
     ASSERT(m_state == State::Ready);
     ASSERT(!message || message->channelId() == m_channelId);
-    // FIXME(192061)
-    LOG_ERROR("Start returning the response.");
     returnResponse(message ? message->getMessagePayload() : Vector<uint8_t>());
 }