Changeset 252297 in webkit
- Timestamp:
- Nov 8, 2019 5:09:19 PM (4 years ago)
- Location:
- trunk/Source
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r252276 r252297 1 2019-11-08 Jiewen Tan <jiewen_tan@apple.com> 2 3 [WebAuthn] Add quirk needed to support legacy Google NFC Titan security keys 4 https://bugs.webkit.org/show_bug.cgi?id=204024 5 <rdar://problem/56962320> 6 7 Reviewed by Brent Fulgham. 8 9 Covered by manual tests. 10 11 * Modules/webauthn/fido/FidoConstants.h: 12 1 13 2019-11-08 Peng Liu <peng.liu6@apple.com> 2 14 -
trunk/Source/WebCore/Modules/webauthn/fido/FidoConstants.h
r249059 r252297 224 224 const uint32_t kCtapHidUsage = 0x01; 225 225 226 // U2F_VERSION command 227 // https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#getversion-request-and-response---u2f_version 228 const uint8_t kCtapNfcU2fVersionCommand[] = { 229 0x00, 0x03, 0x00, 0x00, // CLA, INS, P1, P2 230 0x00, // L 231 }; 232 226 233 // CTAPNFC Applet selection command and responses 227 234 // https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#nfc-applet-selection -
trunk/Source/WebKit/ChangeLog
r252274 r252297 1 2019-11-08 Jiewen Tan <jiewen_tan@apple.com> 2 3 [WebAuthn] Add quirk needed to support legacy Google NFC Titan security keys 4 https://bugs.webkit.org/show_bug.cgi?id=204024 5 <rdar://problem/56962320> 6 7 Reviewed by Brent Fulgham. 8 9 Some legacy U2F keys such as Google T1 Titan don't understand the FIDO applet command. Instead, 10 they are configured to only have the FIDO applet. Therefore, when the above command fails, we 11 use U2F_VERSION command to double check if the connected tag can actually speak U2F, indicating 12 we are interacting with one of these legacy keys. 13 14 * UIProcess/WebAuthentication/Cocoa/NfcConnection.mm: 15 (WebKit::fido::compareVersion): 16 (WebKit::fido::trySelectFidoApplet): 17 (WebKit::NfcConnection::transact const): 18 (WebKit::NfcConnection::didDetectTags): 19 1 20 2019-11-08 Jonathan Bedard <jbedard@apple.com> 2 21 -
trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/NfcConnection.mm
r251645 r252297 40 40 inline bool compareVersion(NSData *data, const uint8_t version[], size_t versionSize) 41 41 { 42 if (!data) 43 return false; 42 44 if (data.length != versionSize) 43 45 return false; 44 46 return !memcmp(data.bytes, version, versionSize); 45 47 } 48 49 // Confirm the FIDO applet is avaliable. 50 // https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#nfc-applet-selection 51 static bool trySelectFidoApplet(NFReaderSession *session) 52 { 53 auto *versionData = [session transceive:adoptNS([[NSData alloc] initWithBytes:kCtapNfcAppletSelectionCommand length:sizeof(kCtapNfcAppletSelectionCommand)]).get()]; 54 if (compareVersion(versionData, kCtapNfcAppletSelectionU2f, sizeof(kCtapNfcAppletSelectionU2f)) 55 || compareVersion(versionData, kCtapNfcAppletSelectionCtap, sizeof(kCtapNfcAppletSelectionCtap))) 56 return true; 57 58 // Some legacy U2F keys such as Google T1 Titan don't understand the FIDO applet command. Instead, 59 // they are configured to only have the FIDO applet. Therefore, when the above command fails, we 60 // use U2F_VERSION command to double check if the connected tag can actually speak U2F, indicating 61 // we are interacting with one of these legacy keys. 62 versionData = [session transceive:adoptNS([[NSData alloc] initWithBytes:kCtapNfcU2fVersionCommand length:sizeof(kCtapNfcU2fVersionCommand)]).get()]; 63 if (compareVersion(versionData, kCtapNfcAppletSelectionU2f, sizeof(kCtapNfcAppletSelectionU2f))) 64 return true; 65 66 return false; 67 } 68 46 69 } // namespace 47 70 … … 69 92 { 70 93 Vector<uint8_t> response; 71 @autoreleasepool { 72 auto responseData = [m_session transceive:[NSData dataWithBytes:data.data() length:data.size()]]; 73 response.append(reinterpret_cast<const uint8_t*>(responseData.bytes), responseData.length); 74 } 94 auto *responseData = [m_session transceive:adoptNS([[NSData alloc] initWithBytes:data.data() length:data.size()]).get()]; 95 response.append(reinterpret_cast<const uint8_t*>(responseData.bytes), responseData.length); 75 96 return response; 76 97 } … … 105 126 continue; 106 127 107 // Confirm the FIDO applet is avaliable before return. 108 // https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#nfc-applet-selection 109 @autoreleasepool { 110 auto versionData = [m_session transceive:[NSData dataWithBytes:kCtapNfcAppletSelectionCommand length:sizeof(kCtapNfcAppletSelectionCommand)]]; 111 if (!versionData || (!compareVersion(versionData, kCtapNfcAppletSelectionU2f, sizeof(kCtapNfcAppletSelectionU2f)) && !compareVersion(versionData, kCtapNfcAppletSelectionCtap, sizeof(kCtapNfcAppletSelectionCtap)))) { 112 [m_session disconnectTag]; 113 continue; 114 } 128 if (!trySelectFidoApplet(m_session.get())) { 129 [m_session disconnectTag]; 130 continue; 115 131 } 116 132
Note: See TracChangeset
for help on using the changeset viewer.