Title: [240103] branches/safari-607-branch/Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidDriver.cpp
- Revision
- 240103
- Author
- kocsen_ch...@apple.com
- Date
- 2019-01-16 19:19:54 -0800 (Wed, 16 Jan 2019)
Log Message
[WebAuthN] Change the nonce in the CTAP kInit command to weak random values
https://bugs.webkit.org/show_bug.cgi?id=192061
<rdar://problem/46471091>
Reviewed by Chris Dumez.
Change the nonce in the CTAP kInit command to weak random values as the nonce is mainly
for being a probabilistically unique global identifier for hand shakes, instead of
preventing replay attacks. Otherwise, it might exhaust system entropy unnecessarily.
The patch also removes all logging when debugging the test case flakiness.
* UIProcess/WebAuthentication/AuthenticatorManager.cpp:
(WebKit::AuthenticatorManager::respondReceived):
(WebKit::AuthenticatorManager::initTimeOutTimer):
(WebKit::AuthenticatorManager::timeOutTimerFired):
* UIProcess/WebAuthentication/Cocoa/HidService.mm:
(WebKit::HidService::deviceAdded):
* UIProcess/WebAuthentication/Mock/MockAuthenticatorManager.cpp:
(WebKit::MockAuthenticatorManager::respondReceivedInternal):
* UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:
(WebKit::MockHidConnection::send):
* UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp:
(WebKit::CtapHidAuthenticator::makeCredential):
(WebKit::CtapHidAuthenticator::getAssertion):
* UIProcess/WebAuthentication/fido/CtapHidDriver.cpp:
(WebKit::CtapHidDriver::Worker::write):
(WebKit::CtapHidDriver::Worker::read):
(WebKit::CtapHidDriver::Worker::returnMessage):
(WebKit::CtapHidDriver::transact):
(WebKit::CtapHidDriver::continueAfterChannelAllocated):
(WebKit::CtapHidDriver::continueAfterResponseReceived):
Modified Paths
Diff
Modified: branches/safari-607-branch/Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidDriver.cpp (240102 => 240103)
--- branches/safari-607-branch/Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidDriver.cpp 2019-01-17 01:37:38 UTC (rev 240102)
+++ branches/safari-607-branch/Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidDriver.cpp 2019-01-17 03:19:54 UTC (rev 240103)
@@ -194,7 +194,7 @@
m_channelId |= static_cast<uint32_t>(payload[index++]) << 8;
m_channelId |= static_cast<uint32_t>(payload[index]);
// FIXME(191534): Check the reset of the payload.
- auto cmd = FidoHidMessage::create(m_channelId, m_protocol == ProtocolVersion::kCtap ? FidoHidDeviceCommand::kCbor : FidoHidDeviceCommand::kMsg, m_requestData);
+ auto cmd = FidoHidMessage::create(m_channelId, FidoHidDeviceCommand::kCbor, m_requestData);
ASSERT(cmd);
m_worker->transact(WTFMove(*cmd), [weakThis = makeWeakPtr(*this)](Optional<FidoHidMessage>&& response) mutable {
ASSERT(RunLoop::isMain());
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes