[webkit-changes] [239471] trunk

Thu, 20 Dec 2018 15:56:06 -0800

Title: [239471] trunk
Revision
239471
Author
[email protected]
Date
2018-12-20 15:55:48 -0800 (Thu, 20 Dec 2018)

Log Message

[WebAuthN] Remove hash from Client Data
https://bugs.webkit.org/show_bug.cgi?id=192727
<rdar://problem/46746673>

Reviewed by Brent Fulgham.

Source/WebCore:

The hash algorithm for hashing the client data is enforced to SHA_256 in the latest spec:
https://www.w3.org/TR/webauthn/#sec-client-data. Therefore, we should remove it.

Covered by existing tests.

* Modules/webauthn/AuthenticatorCoordinator.cpp:
(WebCore::AuthenticatorCoordinatorInternal::produceClientDataJson):

LayoutTests:

* http/wpt/webauthn/public-key-credential-create-success-hid.https.html:
* http/wpt/webauthn/public-key-credential-create-success-local.https.html:
* http/wpt/webauthn/public-key-credential-get-success-hid.https.html:
* http/wpt/webauthn/public-key-credential-get-success-local.https.html:

Modified Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (239470 => 239471)


--- trunk/LayoutTests/ChangeLog	2018-12-20 23:54:48 UTC (rev 239470)
+++ trunk/LayoutTests/ChangeLog	2018-12-20 23:55:48 UTC (rev 239471)
@@ -1,5 +1,18 @@
 2018-12-20  Jiewen Tan  <[email protected]>
 
+        [WebAuthN] Remove hash from Client Data
+        https://bugs.webkit.org/show_bug.cgi?id=192727
+        <rdar://problem/46746673>
+
+        Reviewed by Brent Fulgham.
+
+        * http/wpt/webauthn/public-key-credential-create-success-hid.https.html:
+        * http/wpt/webauthn/public-key-credential-create-success-local.https.html:
+        * http/wpt/webauthn/public-key-credential-get-success-hid.https.html:
+        * http/wpt/webauthn/public-key-credential-get-success-local.https.html:
+
+2018-12-20  Jiewen Tan  <[email protected]>
+
         [WebAuthN] Add a runtime flag for local authenticator
         https://bugs.webkit.org/show_bug.cgi?id=192792
         <rdar://problem/46798738>

Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html (239470 => 239471)


--- trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html	2018-12-20 23:54:48 UTC (rev 239470)
+++ trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html	2018-12-20 23:55:48 UTC (rev 239471)
@@ -15,7 +15,7 @@
         assert_array_equals(Base64URL.parse(credential.id), Base64URL.parse(testHidCredentialIdBase64));
         assert_equals(credential.type, 'public-key');
         assert_array_equals(new Uint8Array(credential.rawId), Base64URL.parse(testHidCredentialIdBase64));
-        assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.create","challenge":"MTIzNDU2","origin":"https://localhost:9443","hashAlgorithm":"SHA-256"}');
+        assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.create","challenge":"MTIzNDU2","origin":"https://localhost:9443"}');
         assert_throws("NotSupportedError", () => { credential.getClientExtensionResults() });
 
         // Check attestation

Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-local.https.html (239470 => 239471)


--- trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-local.https.html	2018-12-20 23:54:48 UTC (rev 239470)
+++ trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-local.https.html	2018-12-20 23:55:48 UTC (rev 239471)
@@ -29,7 +29,7 @@
         assert_array_equals(Base64URL.parse(credential.id), Base64URL.parse(testCredentialIdBase64));
         assert_equals(credential.type, 'public-key');
         assert_array_equals(new Uint8Array(credential.rawId), Base64URL.parse(testCredentialIdBase64));
-        assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.create","challenge":"MTIzNDU2","origin":"https://localhost:9443","hashAlgorithm":"SHA-256"}');
+        assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.create","challenge":"MTIzNDU2","origin":"https://localhost:9443"}');
         assert_throws("NotSupportedError", () => { credential.getClientExtensionResults() });
 
         // Check attestation

Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https.html (239470 => 239471)


--- trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https.html	2018-12-20 23:54:48 UTC (rev 239470)
+++ trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https.html	2018-12-20 23:55:48 UTC (rev 239471)
@@ -14,7 +14,7 @@
         assert_array_equals(Base64URL.parse(credential.id), Base64URL.parse(testHidCredentialIdBase64));
         assert_equals(credential.type, 'public-key');
         assert_array_equals(new Uint8Array(credential.rawId), Base64URL.parse(testHidCredentialIdBase64));
-        assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.get","challenge":"MTIzNDU2","origin":"https://localhost:9443","hashAlgorithm":"SHA-256"}');
+        assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.get","challenge":"MTIzNDU2","origin":"https://localhost:9443"}');
         assert_equals(credential.response.userHandle, null);
 
         // Check authData

Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https.html (239470 => 239471)


--- trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https.html	2018-12-20 23:54:48 UTC (rev 239470)
+++ trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https.html	2018-12-20 23:55:48 UTC (rev 239471)
@@ -17,7 +17,7 @@
         assert_array_equals(Base64URL.parse(credential.id), Base64URL.parse(testCredentialIdBase64));
         assert_equals(credential.type, 'public-key');
         assert_array_equals(new Uint8Array(credential.rawId), Base64URL.parse(testCredentialIdBase64));
-        assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.get","challenge":"MTIzNDU2","origin":"https://localhost:9443","hashAlgorithm":"SHA-256"}');
+        assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.get","challenge":"MTIzNDU2","origin":"https://localhost:9443"}');
         assert_equals(bytesToHexString(credential.response.userHandle), "00010203040506070809");
 
         // Check authData

Modified: trunk/Source/WebCore/ChangeLog (239470 => 239471)


--- trunk/Source/WebCore/ChangeLog	2018-12-20 23:54:48 UTC (rev 239470)
+++ trunk/Source/WebCore/ChangeLog	2018-12-20 23:55:48 UTC (rev 239471)
@@ -1,5 +1,21 @@
 2018-12-20  Jiewen Tan  <[email protected]>
 
+        [WebAuthN] Remove hash from Client Data
+        https://bugs.webkit.org/show_bug.cgi?id=192727
+        <rdar://problem/46746673>
+
+        Reviewed by Brent Fulgham.
+
+        The hash algorithm for hashing the client data is enforced to SHA_256 in the latest spec:
+        https://www.w3.org/TR/webauthn/#sec-client-data. Therefore, we should remove it.
+
+        Covered by existing tests.
+
+        * Modules/webauthn/AuthenticatorCoordinator.cpp:
+        (WebCore::AuthenticatorCoordinatorInternal::produceClientDataJson):
+
+2018-12-20  Jiewen Tan  <[email protected]>
+
         [WebAuthN] Add a runtime flag for local authenticator
         https://bugs.webkit.org/show_bug.cgi?id=192792
         <rdar://problem/46798738>

Modified: trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp (239470 => 239471)


--- trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp	2018-12-20 23:54:48 UTC (rev 239470)
+++ trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp	2018-12-20 23:55:48 UTC (rev 239471)
@@ -66,8 +66,6 @@
     }
     object->setString("challenge"_s, WTF::base64URLEncode(challenge.data(), challenge.length()));
     object->setString("origin"_s, origin.toRawString());
-    // FIXME: This might be platform dependent.
-    object->setString("hashAlgorithm"_s, "SHA-256"_s);
 
     auto utf8JSONString = object->toJSONString().utf8();
     return ArrayBuffer::create(utf8JSONString.data(), utf8JSONString.length());

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to