[webkit-changes] [240103] branches/safari-607-branch/Source/WebKit/UIProcess/ WebAuthentication/fido/CtapHidDriver.cpp

[kocsen_chung]

Title: [240103] branches/safari-607-branch/Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidDriver.cpp

Revision

240103

Author

kocsen_ch...@apple.com

Date

2019-01-16 19:19:54 -0800 (Wed, 16 Jan 2019)

Log Message

[WebAuthN] Change the nonce in the CTAP kInit command to weak random values
https://bugs.webkit.org/show_bug.cgi?id=192061
<rdar://problem/46471091>

Reviewed by Chris Dumez.

Change the nonce in the CTAP kInit command to weak random values as the nonce is mainly
for being a probabilistically unique global identifier for hand shakes, instead of
preventing replay attacks. Otherwise, it might exhaust system entropy unnecessarily.

The patch also removes all logging when debugging the test case flakiness.

* UIProcess/WebAuthentication/AuthenticatorManager.cpp:
(WebKit::AuthenticatorManager::respondReceived):
(WebKit::AuthenticatorManager::initTimeOutTimer):
(WebKit::AuthenticatorManager::timeOutTimerFired):
* UIProcess/WebAuthentication/Cocoa/HidService.mm:
(WebKit::HidService::deviceAdded):
* UIProcess/WebAuthentication/Mock/MockAuthenticatorManager.cpp:
(WebKit::MockAuthenticatorManager::respondReceivedInternal):
* UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:
(WebKit::MockHidConnection::send):
* UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp:
(WebKit::CtapHidAuthenticator::makeCredential):
(WebKit::CtapHidAuthenticator::getAssertion):
* UIProcess/WebAuthentication/fido/CtapHidDriver.cpp:
(WebKit::CtapHidDriver::Worker::write):
(WebKit::CtapHidDriver::Worker::read):
(WebKit::CtapHidDriver::Worker::returnMessage):
(WebKit::CtapHidDriver::transact):
(WebKit::CtapHidDriver::continueAfterChannelAllocated):
(WebKit::CtapHidDriver::continueAfterResponseReceived):

Modified Paths

• branches/safari-607-branch/Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidDriver.cpp

Diff

Modified: branches/safari-607-branch/Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidDriver.cpp (240102 => 240103)

--- branches/safari-607-branch/Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidDriver.cpp	2019-01-17 01:37:38 UTC (rev 240102)
+++ branches/safari-607-branch/Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidDriver.cpp	2019-01-17 03:19:54 UTC (rev 240103)
@@ -194,7 +194,7 @@
     m_channelId |= static_cast<uint32_t>(payload[index++]) << 8;
     m_channelId |= static_cast<uint32_t>(payload[index]);
     // FIXME(191534): Check the reset of the payload.
-    auto cmd = FidoHidMessage::create(m_channelId, m_protocol == ProtocolVersion::kCtap ? FidoHidDeviceCommand::kCbor : FidoHidDeviceCommand::kMsg, m_requestData);
+    auto cmd = FidoHidMessage::create(m_channelId, FidoHidDeviceCommand::kCbor, m_requestData);
     ASSERT(cmd);
     m_worker->transact(WTFMove(*cmd), [weakThis = makeWeakPtr(*this)](Optional<FidoHidMessage>&& response) mutable {
         ASSERT(RunLoop::isMain());

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes