Changeset 261723 in webkit
- Timestamp:
- May 14, 2020 4:49:04 PM (4 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r261718 r261723 1 2020-05-14 Jiewen Tan <jiewen_tan@apple.com> 2 3 [WebAuthn] Relaxing signature length requirements for U2fRegister 4 https://bugs.webkit.org/show_bug.cgi?id=209645 5 <rdar://problem/63204591> 6 7 Reviewed by Brent Fulgham. 8 9 It turns out the length range specified from the spec, i.e., [71, 73] is wrong. 10 https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#registration-response-message-success 11 12 It should actually be [70, 72]. However, as a middleware to relay the messages, user agents 13 are not necessary to check the length. Therefore, the check is relaxed to make the code more robust. 14 15 Covered by existing tests. 16 17 * Modules/webauthn/fido/U2fResponseConverter.cpp: 18 (fido::WebCore::createFidoAttestationStatementFromU2fRegisterResponse): 19 1 20 2020-05-14 Timothy Hatcher <timothy@apple.com> 2 21 -
trunk/Source/WebCore/Modules/webauthn/fido/U2fResponseConverter.cpp
r253398 r261723 50 50 // https://www.w3.org/TR/webauthn/#flags 51 51 const uint8_t makeCredentialFlags = 0b01000001; // UP and AT are set. 52 // https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#registration-response-message-success53 const uint8_t minSignatureLength = 71;54 const uint8_t maxSignatureLength = 73;55 52 // https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#authentication-response-message-success 56 53 const size_t flagIndex = 0; … … 134 131 Vector<uint8_t> signature; 135 132 signature.append(u2fData.data() + offset, u2fData.size() - offset); 136 if (signature. size() < minSignatureLength || signature.size() > maxSignatureLength)133 if (signature.isEmpty()) 137 134 return { }; 138 135 -
trunk/Tools/ChangeLog
r261722 r261723 1 2020-05-14 Jiewen Tan <jiewen_tan@apple.com> 2 3 [WebAuthn] Relaxing signature length requirements for U2fRegister 4 https://bugs.webkit.org/show_bug.cgi?id=209645 5 <rdar://problem/63204591> 6 7 Reviewed by Brent Fulgham. 8 9 * TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp: 10 (TestWebKitAPI::TEST): 11 1 12 2020-05-14 Jonathan Bedard <jbedard@apple.com> 2 13 -
trunk/Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp
r254356 r261723 513 513 auto response = readU2fRegisterResponse(TestData::kRelyingPartyId, getTestU2fRegisterResponse(prefix - 71, nullptr, 0)); 514 514 EXPECT_FALSE(response); 515 516 const uint8_t testData[] = { 0x40, 0x40, 0x40 };517 response = readU2fRegisterResponse(TestData::kRelyingPartyId, getTestU2fRegisterResponse(prefix, testData, sizeof(testData)));518 EXPECT_FALSE(response);519 515 } 520 516
Note: See TracChangeset
for help on using the changeset viewer.