Changeset 267369 in webkit
- Timestamp:
- Sep 21, 2020 2:32:21 PM (4 years ago)
- Location:
- trunk
- Files:
-
- 13 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r267367 r267369 1 2020-09-21 Jiewen Tan <jiewen_tan@apple.com> 2 3 [WebAuthn] Don't set the UV option if the authenticator doesn't support it 4 https://bugs.webkit.org/show_bug.cgi?id=215836 5 <rdar://problem/67817359> 6 7 Reviewed by Darin Adler. 8 9 * http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https.html: 10 * http/wpt/webauthn/public-key-credential-create-failure-hid.https.html: 11 * http/wpt/webauthn/public-key-credential-get-failure-hid-silent.https.html: 12 * http/wpt/webauthn/public-key-credential-get-failure-hid.https.html: 13 1 14 2020-09-21 Chris Dumez <cdumez@apple.com> 2 15 -
trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https-expected.txt
r264490 r267369 1 CONSOLE MESSAGE: User gesture is not detected. To use the platform authenticator, call 'navigator.credentials.create' within user activated events.2 1 CONSOLE MESSAGE: User gesture is not detected. To use the platform authenticator, call 'navigator.credentials.create' within user activated events. 3 2 CONSOLE MESSAGE: User gesture is not detected. To use the platform authenticator, call 'navigator.credentials.create' within user activated events. … … 7 6 PASS PublicKeyCredential's [[create]] with malicious payload in a mock hid authenticator. 8 7 PASS PublicKeyCredential's [[create]] with unsupported options in a mock hid authenticator. 9 PASS PublicKeyCredential's [[create]] with unsupported options in a mock hid authenticator. 210 8 PASS PublicKeyCredential's [[create]] with mixed options in a mock hid authenticator. 11 9 PASS PublicKeyCredential's [[create]] with InvalidStateError in a mock hid authenticator. -
trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https.html
r250940 r267369 63 63 challenge: asciiToUint8Array("123456"), 64 64 pubKeyCredParams: [{ type: "public-key", alg: -7 }], 65 authenticatorSelection: { userVerification: "required" },66 timeout: 1067 }68 };69 70 if (window.internals)71 internals.setMockWebAuthenticationConfiguration({ silentFailure: true, hid: { stage: "request", subStage: "msg", error: "unsupported-options" } });72 return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out.");73 }, "PublicKeyCredential's [[create]] with unsupported options in a mock hid authenticator. 2");74 75 promise_test(function(t) {76 const options = {77 publicKey: {78 rp: {79 name: "example.com"80 },81 user: {82 name: "John Appleseed",83 id: asciiToUint8Array("123456"),84 displayName: "John",85 },86 challenge: asciiToUint8Array("123456"),87 pubKeyCredParams: [{ type: "public-key", alg: -7 }],88 65 authenticatorSelection: { authenticatorAttachment: "cross-platform", requireResidentKey: true, userVerification: "required" }, 89 66 timeout: 10 -
trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt
r264490 r267369 1 CONSOLE MESSAGE: User gesture is not detected. To use the platform authenticator, call 'navigator.credentials.create' within user activated events.2 1 CONSOLE MESSAGE: User gesture is not detected. To use the platform authenticator, call 'navigator.credentials.create' within user activated events. 3 2 CONSOLE MESSAGE: User gesture is not detected. To use the platform authenticator, call 'navigator.credentials.create' within user activated events. … … 10 9 PASS PublicKeyCredential's [[create]] with malicious payload in a mock hid authenticator. 11 10 PASS PublicKeyCredential's [[create]] with unsupported options in a mock hid authenticator. 12 PASS PublicKeyCredential's [[create]] with unsupported options in a mock hid authenticator. 213 11 PASS PublicKeyCredential's [[create]] with mixed options in a mock hid authenticator. 14 12 PASS PublicKeyCredential's [[create]] with mixed options in a mock hid authenticator. 2 -
trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html
r250940 r267369 86 86 challenge: asciiToUint8Array("123456"), 87 87 pubKeyCredParams: [{ type: "public-key", alg: -7 }], 88 authenticatorSelection: { userVerification: "required" }89 }90 };91 92 if (window.internals)93 internals.setMockWebAuthenticationConfiguration({ hid: { stage: "request", subStage: "msg", error: "unsupported-options" } });94 return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error. Error code: 43");95 }, "PublicKeyCredential's [[create]] with unsupported options in a mock hid authenticator. 2");96 97 promise_test(function(t) {98 const options = {99 publicKey: {100 rp: {101 name: "example.com"102 },103 user: {104 name: "John Appleseed",105 id: asciiToUint8Array("123456"),106 displayName: "John",107 },108 challenge: asciiToUint8Array("123456"),109 pubKeyCredParams: [{ type: "public-key", alg: -7 }],110 88 timeout: 10, 111 89 authenticatorSelection: { authenticatorAttachment: "platform", requireResidentKey: true, userVerification: "required" } -
trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid-silent.https-expected.txt
r264490 r267369 1 CONSOLE MESSAGE: User gesture is not detected. To use the platform authenticator, call 'navigator.credentials.get' within user activated events.2 1 CONSOLE MESSAGE: User gesture is not detected. To use the platform authenticator, call 'navigator.credentials.get' within user activated events. 3 2 CONSOLE MESSAGE: User gesture is not detected. To use the platform authenticator, call 'navigator.credentials.get' within user activated events. … … 6 5 7 6 PASS PublicKeyCredential's [[get]] with malicious payload in a mock hid authenticator. 8 PASS PublicKeyCredential's [[get]] with unsupported options in a mock hid authenticator.9 7 PASS PublicKeyCredential's [[get]] with invalid credential in a mock hid authenticator. 10 8 PASS PublicKeyCredential's [[get]] with authenticator downgrade in a mock hid authenticator. -
trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid-silent.https.html
r250940 r267369 17 17 return promiseRejects(t, "NotAllowedError", navigator.credentials.get(options), "Operation timed out."); 18 18 }, "PublicKeyCredential's [[get]] with malicious payload in a mock hid authenticator."); 19 20 promise_test(function(t) {21 const options = {22 publicKey: {23 challenge: asciiToUint8Array("123456"),24 userVerification: "required",25 timeout: 1026 }27 };28 29 if (window.internals)30 internals.setMockWebAuthenticationConfiguration({ silentFailure: true, hid: { stage: "request", subStage: "msg", error: "unsupported-options" } });31 return promiseRejects(t, "NotAllowedError", navigator.credentials.get(options), "Operation timed out.");32 }, "PublicKeyCredential's [[get]] with unsupported options in a mock hid authenticator.");33 19 34 20 promise_test(function(t) { -
trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https-expected.txt
r264490 r267369 1 CONSOLE MESSAGE: User gesture is not detected. To use the platform authenticator, call 'navigator.credentials.get' within user activated events.2 1 CONSOLE MESSAGE: User gesture is not detected. To use the platform authenticator, call 'navigator.credentials.get' within user activated events. 3 2 CONSOLE MESSAGE: User gesture is not detected. To use the platform authenticator, call 'navigator.credentials.get' within user activated events. … … 9 8 PASS PublicKeyCredential's [[get]] with timeout in a mock hid authenticator. 10 9 PASS PublicKeyCredential's [[get]] with malicious payload in a mock hid authenticator. 11 PASS PublicKeyCredential's [[get]] with unsupported options in a mock hid authenticator.12 10 PASS PublicKeyCredential's [[get]] with authenticator downgrade failed in a mock hid authenticator. 13 11 PASS PublicKeyCredential's [[get]] with authenticator downgrade failed in a mock hid authenticator. 2 -
trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https.html
r254356 r267369 36 36 return promiseRejects(t, "UnknownError", navigator.credentials.get(options), "Unknown internal error. Error code: 255"); 37 37 }, "PublicKeyCredential's [[get]] with malicious payload in a mock hid authenticator."); 38 39 promise_test(function(t) {40 const options = {41 publicKey: {42 challenge: asciiToUint8Array("123456"),43 userVerification: "required"44 }45 };46 47 if (window.internals)48 internals.setMockWebAuthenticationConfiguration({ hid: { stage: "request", subStage: "msg", error: "unsupported-options" } });49 return promiseRejects(t, "UnknownError", navigator.credentials.get(options), "Unknown internal error. Error code: 43");50 }, "PublicKeyCredential's [[get]] with unsupported options in a mock hid authenticator.");51 38 52 39 promise_test(function(t) { -
trunk/Source/WebCore/ChangeLog
r267367 r267369 1 2020-09-21 Jiewen Tan <jiewen_tan@apple.com> 2 3 [WebAuthn] Don't set the UV option if the authenticator doesn't support it 4 https://bugs.webkit.org/show_bug.cgi?id=215836 5 <rdar://problem/67817359> 6 7 Reviewed by Darin Adler. 8 9 Covered by new API tests. 10 11 UV in the the CTAP 2.0 spec only means internal UV: 12 https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorGetInfo 13 14 If an authenticator supports ClientPin, it can set the uv bit in the responses to true but it 15 will not advertise itself supporting internal UV, which is the uv in the options. 16 https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorMakeCredential 17 18 Hence, setting it to true could result in error if the authenticator doesn't support internal UV even if it supports ClientPin. 19 It's not a way to ask the authenticator to set the uv bit in the response. 20 21 * Modules/webauthn/fido/DeviceRequestConverter.cpp: 22 (fido::encodeMakeCredenitalRequestAsCBOR): 23 (fido::encodeGetAssertionRequestAsCBOR): 24 1 25 2020-09-21 Chris Dumez <cdumez@apple.com> 2 26 -
trunk/Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp
r254710 r267369 112 112 switch (options.authenticatorSelection->userVerification) { 113 113 case UserVerificationRequirement::Required: 114 requireUserVerification = true;115 break;116 114 case UserVerificationRequirement::Preferred: 117 requireUserVerification = uvCapability == UVAvailability::k NotSupported ? false : true;115 requireUserVerification = uvCapability == UVAvailability::kSupportedAndConfigured; 118 116 break; 119 117 case UserVerificationRequirement::Discouraged: … … 158 156 switch (options.userVerification) { 159 157 case UserVerificationRequirement::Required: 160 requireUserVerification = true;161 break;162 158 case UserVerificationRequirement::Preferred: 163 requireUserVerification = uvCapability == UVAvailability::k NotSupported ? false : true;159 requireUserVerification = uvCapability == UVAvailability::kSupportedAndConfigured; 164 160 break; 165 161 case UserVerificationRequirement::Discouraged: -
trunk/Tools/ChangeLog
r267368 r267369 1 2020-09-21 Jiewen Tan <jiewen_tan@apple.com> 2 3 [WebAuthn] Don't set the UV option if the authenticator doesn't support it 4 https://bugs.webkit.org/show_bug.cgi?id=215836 5 <rdar://problem/67817359> 6 7 Reviewed by Darin Adler. 8 9 * TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp: 10 (TestWebKitAPI::TEST): 11 1 12 2020-09-21 Jonathan Bedard <jbedard@apple.com> 2 13 -
trunk/Tools/TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp
r254710 r267369 65 65 Vector<uint8_t> hash; 66 66 hash.append(TestData::kClientDataHash, sizeof(TestData::kClientDataHash)); 67 auto serializedData = encodeMakeCredenitalRequestAsCBOR(hash, options, AuthenticatorSupportedOptions::UserVerificationAvailability::kSupported ButNotConfigured);67 auto serializedData = encodeMakeCredenitalRequestAsCBOR(hash, options, AuthenticatorSupportedOptions::UserVerificationAvailability::kSupportedAndConfigured); 68 68 EXPECT_EQ(serializedData.size(), sizeof(TestData::kCtapMakeCredentialRequest)); 69 69 EXPECT_EQ(memcmp(serializedData.data(), TestData::kCtapMakeCredentialRequest, serializedData.size()), 0); … … 88 88 Vector<uint8_t> hash; 89 89 hash.append(TestData::kClientDataHash, sizeof(TestData::kClientDataHash)); 90 auto serializedData = encodeMakeCredenitalRequestAsCBOR(hash, options, AuthenticatorSupportedOptions::UserVerificationAvailability::kSupported ButNotConfigured);90 auto serializedData = encodeMakeCredenitalRequestAsCBOR(hash, options, AuthenticatorSupportedOptions::UserVerificationAvailability::kSupportedAndConfigured); 91 91 EXPECT_EQ(serializedData.size(), sizeof(TestData::kCtapMakeCredentialRequestShort)); 92 92 EXPECT_EQ(memcmp(serializedData.data(), TestData::kCtapMakeCredentialRequestShort, serializedData.size()), 0); 93 93 } 94 94 95 TEST(CTAPRequestTest, TestConstructMakeCredentialRequestParam WithPin)95 TEST(CTAPRequestTest, TestConstructMakeCredentialRequestParamUVRequiredButNotSupported) 96 96 { 97 97 PublicKeyCredentialCreationOptions::RpEntity rp; … … 106 106 107 107 Vector<PublicKeyCredentialCreationOptions::Parameters> params { { PublicKeyCredentialType::PublicKey, 7 }, { PublicKeyCredentialType::PublicKey, 257 } }; 108 PublicKeyCredentialCreationOptions::AuthenticatorSelectionCriteria selection { PublicKeyCredentialCreationOptions::AuthenticatorAttachment::Platform, false, UserVerificationRequirement::Required }; 109 110 PublicKeyCredentialCreationOptions options { rp, user, { }, params, WTF::nullopt, { }, selection, AttestationConveyancePreference::None, WTF::nullopt }; 111 Vector<uint8_t> hash; 112 hash.append(TestData::kClientDataHash, sizeof(TestData::kClientDataHash)); 113 auto serializedData = encodeMakeCredenitalRequestAsCBOR(hash, options, AuthenticatorSupportedOptions::UserVerificationAvailability::kNotSupported); 114 EXPECT_EQ(serializedData.size(), sizeof(TestData::kCtapMakeCredentialRequestShort)); 115 EXPECT_EQ(memcmp(serializedData.data(), TestData::kCtapMakeCredentialRequestShort, serializedData.size()), 0); 116 } 117 118 TEST(CTAPRequestTest, TestConstructMakeCredentialRequestParamWithPin) 119 { 120 PublicKeyCredentialCreationOptions::RpEntity rp; 121 rp.name = "Acme"; 122 rp.id = "acme.com"; 123 124 PublicKeyCredentialCreationOptions::UserEntity user; 125 user.name = "johnpsmith@example.com"; 126 user.icon = "https://pics.acme.com/00/p/aBjjjpqPb.png"; 127 user.idVector.append(TestData::kUserId, sizeof(TestData::kUserId)); 128 user.displayName = "John P. Smith"; 129 130 Vector<PublicKeyCredentialCreationOptions::Parameters> params { { PublicKeyCredentialType::PublicKey, 7 }, { PublicKeyCredentialType::PublicKey, 257 } }; 108 131 PublicKeyCredentialCreationOptions::AuthenticatorSelectionCriteria selection { PublicKeyCredentialCreationOptions::AuthenticatorAttachment::Platform, true, UserVerificationRequirement::Preferred }; 109 132 … … 115 138 Vector<uint8_t> hash; 116 139 hash.append(TestData::kClientDataHash, sizeof(TestData::kClientDataHash)); 117 auto serializedData = encodeMakeCredenitalRequestAsCBOR(hash, options, AuthenticatorSupportedOptions::UserVerificationAvailability::kSupported ButNotConfigured, pin);140 auto serializedData = encodeMakeCredenitalRequestAsCBOR(hash, options, AuthenticatorSupportedOptions::UserVerificationAvailability::kSupportedAndConfigured, pin); 118 141 EXPECT_EQ(serializedData.size(), sizeof(TestData::kCtapMakeCredentialRequestWithPin)); 119 142 EXPECT_EQ(memcmp(serializedData.data(), TestData::kCtapMakeCredentialRequestWithPin, serializedData.size()), 0); … … 152 175 Vector<uint8_t> hash; 153 176 hash.append(TestData::kClientDataHash, sizeof(TestData::kClientDataHash)); 154 auto serializedData = encodeGetAssertionRequestAsCBOR(hash, options, AuthenticatorSupportedOptions::UserVerificationAvailability::kSupported ButNotConfigured);177 auto serializedData = encodeGetAssertionRequestAsCBOR(hash, options, AuthenticatorSupportedOptions::UserVerificationAvailability::kSupportedAndConfigured); 155 178 EXPECT_EQ(serializedData.size(), sizeof(TestData::kTestComplexCtapGetAssertionRequest)); 156 179 EXPECT_EQ(memcmp(serializedData.data(), TestData::kTestComplexCtapGetAssertionRequest, serializedData.size()), 0); … … 189 212 Vector<uint8_t> hash; 190 213 hash.append(TestData::kClientDataHash, sizeof(TestData::kClientDataHash)); 191 auto serializedData = encodeGetAssertionRequestAsCBOR(hash, options, AuthenticatorSupportedOptions::UserVerificationAvailability::kSupported ButNotConfigured);214 auto serializedData = encodeGetAssertionRequestAsCBOR(hash, options, AuthenticatorSupportedOptions::UserVerificationAvailability::kSupportedAndConfigured); 192 215 EXPECT_EQ(serializedData.size(), sizeof(TestData::kTestComplexCtapGetAssertionRequestShort)); 193 216 EXPECT_EQ(memcmp(serializedData.data(), TestData::kTestComplexCtapGetAssertionRequestShort, serializedData.size()), 0); 194 217 } 195 218 196 TEST(CTAPRequestTest, TestConstructGetAssertionRequest WithPin)219 TEST(CTAPRequestTest, TestConstructGetAssertionRequestUVRequiredButNotSupported) 197 220 { 198 221 PublicKeyCredentialRequestOptions options; … … 224 247 options.userVerification = UserVerificationRequirement::Required; 225 248 249 Vector<uint8_t> hash; 250 hash.append(TestData::kClientDataHash, sizeof(TestData::kClientDataHash)); 251 auto serializedData = encodeGetAssertionRequestAsCBOR(hash, options, AuthenticatorSupportedOptions::UserVerificationAvailability::kNotSupported); 252 EXPECT_EQ(serializedData.size(), sizeof(TestData::kTestComplexCtapGetAssertionRequestShort)); 253 EXPECT_EQ(memcmp(serializedData.data(), TestData::kTestComplexCtapGetAssertionRequestShort, serializedData.size()), 0); 254 } 255 256 TEST(CTAPRequestTest, TestConstructGetAssertionRequestWithPin) 257 { 258 PublicKeyCredentialRequestOptions options; 259 options.rpId = "acme.com"; 260 261 PublicKeyCredentialDescriptor descriptor1; 262 descriptor1.type = PublicKeyCredentialType::PublicKey; 263 const uint8_t id1[] = { 264 0xf2, 0x20, 0x06, 0xde, 0x4f, 0x90, 0x5a, 0xf6, 0x8a, 0x43, 0x94, 265 0x2f, 0x02, 0x4f, 0x2a, 0x5e, 0xce, 0x60, 0x3d, 0x9c, 0x6d, 0x4b, 266 0x3d, 0xf8, 0xbe, 0x08, 0xed, 0x01, 0xfc, 0x44, 0x26, 0x46, 0xd0, 267 0x34, 0x85, 0x8a, 0xc7, 0x5b, 0xed, 0x3f, 0xd5, 0x80, 0xbf, 0x98, 268 0x08, 0xd9, 0x4f, 0xcb, 0xee, 0x82, 0xb9, 0xb2, 0xef, 0x66, 0x77, 269 0xaf, 0x0a, 0xdc, 0xc3, 0x58, 0x52, 0xea, 0x6b, 0x9e }; 270 descriptor1.idVector.append(id1, sizeof(id1)); 271 options.allowCredentials.append(descriptor1); 272 273 PublicKeyCredentialDescriptor descriptor2; 274 descriptor2.type = PublicKeyCredentialType::PublicKey; 275 const uint8_t id2[] = { 276 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 277 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 278 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 279 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 280 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03 }; 281 descriptor2.idVector.append(id2, sizeof(id2)); 282 options.allowCredentials.append(descriptor2); 283 284 options.userVerification = UserVerificationRequirement::Required; 285 226 286 PinParameters pin; 227 287 pin.protocol = pin::kProtocolVersion; … … 230 290 Vector<uint8_t> hash; 231 291 hash.append(TestData::kClientDataHash, sizeof(TestData::kClientDataHash)); 232 auto serializedData = encodeGetAssertionRequestAsCBOR(hash, options, AuthenticatorSupportedOptions::UserVerificationAvailability::kSupported ButNotConfigured, pin);292 auto serializedData = encodeGetAssertionRequestAsCBOR(hash, options, AuthenticatorSupportedOptions::UserVerificationAvailability::kSupportedAndConfigured, pin); 233 293 EXPECT_EQ(serializedData.size(), sizeof(TestData::kTestComplexCtapGetAssertionRequestWithPin)); 234 294 EXPECT_EQ(memcmp(serializedData.data(), TestData::kTestComplexCtapGetAssertionRequestWithPin, serializedData.size()), 0);
Note: See TracChangeset
for help on using the changeset viewer.