Changeset 254710 in webkit
- Timestamp:
- Jan 16, 2020 2:54:02 PM (4 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r254704 r254710 1 2020-01-16 Jiewen Tan <jiewen_tan@apple.com> 2 3 [WebAuthn] User Verification (UV) option present on a CTAP2 authenticatorMakeCredential while the authenticator has not advertised support for it 4 https://bugs.webkit.org/show_bug.cgi?id=204111 5 <rdar://problem/57019604> 6 7 Reviewed by Brent Fulgham. 8 9 Covered by API tests. 10 11 * Modules/webauthn/fido/DeviceRequestConverter.cpp: 12 (fido::encodeMakeCredenitalRequestAsCBOR): 13 (fido::encodeGetAssertionRequestAsCBOR): 14 Only set UV if RP requires it. 15 1 16 2020-01-16 Brady Eidson <beidson@apple.com> 2 17 -
trunk/Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp
r254439 r254710 120 120 requireUserVerification = false; 121 121 } 122 optionMap[CBORValue(kUserVerificationMapKey)] = CBORValue(requireUserVerification); 122 if (requireUserVerification) 123 optionMap[CBORValue(kUserVerificationMapKey)] = CBORValue(requireUserVerification); 123 124 } 124 125 if (!optionMap.empty()) … … 165 166 requireUserVerification = false; 166 167 } 167 optionMap[CBORValue(kUserVerificationMapKey)] = CBORValue(requireUserVerification); 168 if (requireUserVerification) 169 optionMap[CBORValue(kUserVerificationMapKey)] = CBORValue(requireUserVerification); 168 170 optionMap[CBORValue(kUserPresenceMapKey)] = CBORValue(true); 169 171 -
trunk/Tools/ChangeLog
r254708 r254710 1 2020-01-16 Jiewen Tan <jiewen_tan@apple.com> 2 3 [WebAuthn] User Verification (UV) option present on a CTAP2 authenticatorMakeCredential while the authenticator has not advertised support for it 4 https://bugs.webkit.org/show_bug.cgi?id=204111 5 <rdar://problem/57019604> 6 7 Reviewed by Brent Fulgham. 8 9 * TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp: 10 (TestWebKitAPI::TEST): 11 * TestWebKitAPI/Tests/WebCore/FidoTestData.h: 12 1 13 2020-01-16 Yusuke Suzuki <ysuzuki@apple.com> 2 14 -
trunk/Tools/TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp
r253811 r254710 70 70 } 71 71 72 TEST(CTAPRequestTest, TestConstructMakeCredentialRequestParamNoUVNoRK) 73 { 74 PublicKeyCredentialCreationOptions::RpEntity rp; 75 rp.name = "Acme"; 76 rp.id = "acme.com"; 77 78 PublicKeyCredentialCreationOptions::UserEntity user; 79 user.name = "johnpsmith@example.com"; 80 user.icon = "https://pics.acme.com/00/p/aBjjjpqPb.png"; 81 user.idVector.append(TestData::kUserId, sizeof(TestData::kUserId)); 82 user.displayName = "John P. Smith"; 83 84 Vector<PublicKeyCredentialCreationOptions::Parameters> params { { PublicKeyCredentialType::PublicKey, 7 }, { PublicKeyCredentialType::PublicKey, 257 } }; 85 PublicKeyCredentialCreationOptions::AuthenticatorSelectionCriteria selection { PublicKeyCredentialCreationOptions::AuthenticatorAttachment::Platform, false, UserVerificationRequirement::Discouraged }; 86 87 PublicKeyCredentialCreationOptions options { rp, user, { }, params, WTF::nullopt, { }, selection, AttestationConveyancePreference::None, WTF::nullopt }; 88 Vector<uint8_t> hash; 89 hash.append(TestData::kClientDataHash, sizeof(TestData::kClientDataHash)); 90 auto serializedData = encodeMakeCredenitalRequestAsCBOR(hash, options, AuthenticatorSupportedOptions::UserVerificationAvailability::kSupportedButNotConfigured); 91 EXPECT_EQ(serializedData.size(), sizeof(TestData::kCtapMakeCredentialRequestShort)); 92 EXPECT_EQ(memcmp(serializedData.data(), TestData::kCtapMakeCredentialRequestShort, serializedData.size()), 0); 93 } 94 72 95 TEST(CTAPRequestTest, TestConstructMakeCredentialRequestParamWithPin) 73 96 { … … 134 157 } 135 158 136 TEST(CTAPRequestTest, TestConstructGetAssertionRequest WithPin)159 TEST(CTAPRequestTest, TestConstructGetAssertionRequestNoUV) 137 160 { 138 161 PublicKeyCredentialRequestOptions options; … … 162 185 options.allowCredentials.append(descriptor2); 163 186 187 options.userVerification = UserVerificationRequirement::Discouraged; 188 189 Vector<uint8_t> hash; 190 hash.append(TestData::kClientDataHash, sizeof(TestData::kClientDataHash)); 191 auto serializedData = encodeGetAssertionRequestAsCBOR(hash, options, AuthenticatorSupportedOptions::UserVerificationAvailability::kSupportedButNotConfigured); 192 EXPECT_EQ(serializedData.size(), sizeof(TestData::kTestComplexCtapGetAssertionRequestShort)); 193 EXPECT_EQ(memcmp(serializedData.data(), TestData::kTestComplexCtapGetAssertionRequestShort, serializedData.size()), 0); 194 } 195 196 TEST(CTAPRequestTest, TestConstructGetAssertionRequestWithPin) 197 { 198 PublicKeyCredentialRequestOptions options; 199 options.rpId = "acme.com"; 200 201 PublicKeyCredentialDescriptor descriptor1; 202 descriptor1.type = PublicKeyCredentialType::PublicKey; 203 const uint8_t id1[] = { 204 0xf2, 0x20, 0x06, 0xde, 0x4f, 0x90, 0x5a, 0xf6, 0x8a, 0x43, 0x94, 205 0x2f, 0x02, 0x4f, 0x2a, 0x5e, 0xce, 0x60, 0x3d, 0x9c, 0x6d, 0x4b, 206 0x3d, 0xf8, 0xbe, 0x08, 0xed, 0x01, 0xfc, 0x44, 0x26, 0x46, 0xd0, 207 0x34, 0x85, 0x8a, 0xc7, 0x5b, 0xed, 0x3f, 0xd5, 0x80, 0xbf, 0x98, 208 0x08, 0xd9, 0x4f, 0xcb, 0xee, 0x82, 0xb9, 0xb2, 0xef, 0x66, 0x77, 209 0xaf, 0x0a, 0xdc, 0xc3, 0x58, 0x52, 0xea, 0x6b, 0x9e }; 210 descriptor1.idVector.append(id1, sizeof(id1)); 211 options.allowCredentials.append(descriptor1); 212 213 PublicKeyCredentialDescriptor descriptor2; 214 descriptor2.type = PublicKeyCredentialType::PublicKey; 215 const uint8_t id2[] = { 216 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 217 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 218 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 219 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 220 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03 }; 221 descriptor2.idVector.append(id2, sizeof(id2)); 222 options.allowCredentials.append(descriptor2); 223 164 224 options.userVerification = UserVerificationRequirement::Required; 165 225 -
trunk/Tools/TestWebKitAPI/Tests/WebCore/FidoTestData.h
r254439 r254710 529 529 }; 530 530 531 constexpr uint8_t kCtapMakeCredentialRequest WithPin[] = {531 constexpr uint8_t kCtapMakeCredentialRequestShort[] = { 532 532 // authenticatorMakeCredential command 533 533 0x01, 534 // map( 7)535 0xa 7,534 // map(4) 535 0xa4, 536 536 // key(1) - clientDataHash 537 537 0x01, … … 601 601 // value - "public-key" 602 602 0x6a, 0x70, 0x75, 0x62, 0x6C, 0x69, 0x63, 0x2D, 0x6B, 0x65, 0x79, 603 }; 604 605 606 constexpr uint8_t kCtapMakeCredentialRequestWithPin[] = { 607 // authenticatorMakeCredential command 608 0x01, 609 // map(7) 610 0xa7, 611 // key(1) - clientDataHash 612 0x01, 613 // bytes(32) 614 0x58, 0x20, 0x68, 0x71, 0x34, 0x96, 0x82, 0x22, 0xec, 0x17, 0x20, 0x2e, 615 0x42, 0x50, 0x5f, 0x8e, 0xd2, 0xb1, 0x6a, 0xe2, 0x2f, 0x16, 0xbb, 0x05, 616 0xb8, 0x8c, 0x25, 0xdb, 0x9e, 0x60, 0x26, 0x45, 0xf1, 0x41, 617 // key(2) - rp 618 0x02, 619 // map(2) 620 0xa2, 621 // key - "id" 622 0x62, 0x69, 0x64, 623 // value - "acme.com" 624 0x68, 0x61, 0x63, 0x6d, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 625 // key - "name" 626 0x64, 0x6e, 0x61, 0x6d, 0x65, 627 // value - "Acme" 628 0x64, 0x41, 0x63, 0x6d, 0x65, 629 // key(3) - user 630 0x03, 631 // map(4) 632 0xa4, 633 // key - "id" 634 0x62, 0x69, 0x64, 635 // value - user id 636 0x48, 0x10, 0x98, 0x23, 0x72, 0x35, 0x40, 0x98, 0x72, 637 // key - "icon" 638 0x64, 0x69, 0x63, 0x6f, 0x6e, 639 // value - "https://pics.acme.com/00/p/aBjjjpqPb.png" 640 0x78, 0x28, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x70, 0x69, 641 0x63, 0x73, 0x2e, 0x61, 0x63, 0x6d, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 642 0x30, 0x30, 0x2f, 0x70, 0x2f, 0x61, 0x42, 0x6a, 0x6a, 0x6a, 0x70, 0x71, 643 0x50, 0x62, 0x2e, 0x70, 0x6e, 0x67, 644 // key - "name" 645 0x64, 0x6e, 0x61, 0x6d, 0x65, 646 // value - "johnpsmith@example.com" 647 0x76, 0x6a, 0x6f, 0x68, 0x6e, 0x70, 0x73, 0x6d, 0x69, 0x74, 0x68, 0x40, 648 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 649 // key - "displayName" 650 0x6b, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, 0x65, 651 // value - "John P. Smith" 652 0x6d, 0x4a, 0x6f, 0x68, 0x6e, 0x20, 0x50, 0x2e, 0x20, 0x53, 0x6d, 0x69, 653 0x74, 0x68, 654 // key(4) - pubKeyCredParams 655 0x04, 656 // array(2) 657 0x82, 658 // map(2) 659 0xa2, 660 // key - "alg" 661 0x63, 0x61, 0x6c, 0x67, 662 // value - 7 663 0x07, 664 // key - "type" 665 0x64, 0x74, 0x79, 0x70, 0x65, 666 // value - "public-key" 667 0x6a, 0x70, 0x75, 0x62, 0x6C, 0x69, 0x63, 0x2D, 0x6B, 0x65, 0x79, 668 // map(2) 669 0xa2, 670 // key - "alg" 671 0x63, 0x61, 0x6c, 0x67, 672 // value - 257 673 0x19, 0x01, 0x01, 674 // key - "type" 675 0x64, 0x74, 0x79, 0x70, 0x65, // "type" 676 // value - "public-key" 677 0x6a, 0x70, 0x75, 0x62, 0x6C, 0x69, 0x63, 0x2D, 0x6B, 0x65, 0x79, 603 678 // key(7) - options 604 679 0x07, … … 682 757 // key - "uv" 683 758 0x62, 0x75, 0x76, 759 // value - True(21) 760 0xf5, 761 }; 762 763 constexpr uint8_t kTestComplexCtapGetAssertionRequestShort[] = { 764 // authenticatorGetAssertion command 765 0x02, 766 // map(4) 767 0xa4, 768 // key(01) -rpId 769 0x01, 770 // value - "acme.com" 771 0x68, 0x61, 0x63, 0x6d, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 772 // key(02) - client data hash 773 0x02, 774 // value - bytes(32) 775 0x58, 0x20, 0x68, 0x71, 0x34, 0x96, 0x82, 0x22, 0xec, 0x17, 0x20, 0x2e, 776 0x42, 0x50, 0x5f, 0x8e, 0xd2, 0xb1, 0x6a, 0xe2, 0x2f, 0x16, 0xbb, 0x05, 777 0xb8, 0x8c, 0x25, 0xdb, 0x9e, 0x60, 0x26, 0x45, 0xf1, 0x41, 778 // key(03) - allow list 779 0x03, 780 // value - array(2) 781 0x82, 782 // map(2) 783 0xa2, 784 // key - "id" 785 0x62, 0x69, 0x64, 786 // value - credential ID 787 0x58, 0x40, 0xf2, 0x20, 0x06, 0xde, 0x4f, 0x90, 0x5a, 0xf6, 0x8a, 0x43, 788 0x94, 0x2f, 0x02, 0x4f, 0x2a, 0x5e, 0xce, 0x60, 0x3d, 0x9c, 0x6d, 0x4b, 789 0x3d, 0xf8, 0xbe, 0x08, 0xed, 0x01, 0xfc, 0x44, 0x26, 0x46, 0xd0, 0x34, 790 0x85, 0x8a, 0xc7, 0x5b, 0xed, 0x3f, 0xd5, 0x80, 0xbf, 0x98, 0x08, 0xd9, 791 0x4f, 0xcb, 0xee, 0x82, 0xb9, 0xb2, 0xef, 0x66, 0x77, 0xaf, 0x0a, 0xdc, 792 0xc3, 0x58, 0x52, 0xea, 0x6b, 0x9e, 793 // key - "type" 794 0x64, 0x74, 0x79, 0x70, 0x65, 795 // value - "public-key" 796 0x6a, 0x70, 0x75, 0x62, 0x6C, 0x69, 0x63, 0x2D, 0x6B, 0x65, 0x79, 797 // map(2) 798 0xa2, 799 // key - "id" 800 0x62, 0x69, 0x64, 801 // value - credential ID 802 0x58, 0x32, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 803 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 804 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 805 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 806 0x03, 0x03, 0x03, 0x03, 807 // key - "type" 808 0x64, 0x74, 0x79, 0x70, 0x65, 809 // value - "public-key" 810 0x6a, 0x70, 0x75, 0x62, 0x6C, 0x69, 0x63, 0x2D, 0x6B, 0x65, 0x79, 811 // unsigned(5) - options 812 0x05, 813 // map(1) 814 0xa1, 815 // key -"up" 816 0x62, 0x75, 0x70, 684 817 // value - True(21) 685 818 0xf5,
Note: See TracChangeset
for help on using the changeset viewer.