Title: [240083] branches/safari-607-branch/Source/WebKit
- Revision
- 240083
- Author
- [email protected]
- Date
- 2019-01-16 15:28:39 -0800 (Wed, 16 Jan 2019)
Log Message
Cherry-pick r239852. rdar://problem/47260195
[WebAuthN] Change the nonce in the CTAP kInit command to weak random values
https://bugs.webkit.org/show_bug.cgi?id=192061
<rdar://problem/46471091>
Reviewed by Chris Dumez.
Change the nonce in the CTAP kInit command to weak random values as the nonce is mainly
for being a probabilistically unique global identifier for hand shakes, instead of
preventing replay attacks. Otherwise, it might exhaust system entropy unnecessarily.
The patch also removes all logging when debugging the test case flakiness.
* UIProcess/WebAuthentication/AuthenticatorManager.cpp:
(WebKit::AuthenticatorManager::respondReceived):
(WebKit::AuthenticatorManager::initTimeOutTimer):
(WebKit::AuthenticatorManager::timeOutTimerFired):
* UIProcess/WebAuthentication/Cocoa/HidService.mm:
(WebKit::HidService::deviceAdded):
* UIProcess/WebAuthentication/Mock/MockAuthenticatorManager.cpp:
(WebKit::MockAuthenticatorManager::respondReceivedInternal):
* UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:
(WebKit::MockHidConnection::send):
* UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp:
(WebKit::CtapHidAuthenticator::makeCredential):
(WebKit::CtapHidAuthenticator::getAssertion):
* UIProcess/WebAuthentication/fido/CtapHidDriver.cpp:
(WebKit::CtapHidDriver::Worker::write):
(WebKit::CtapHidDriver::Worker::read):
(WebKit::CtapHidDriver::Worker::returnMessage):
(WebKit::CtapHidDriver::transact):
(WebKit::CtapHidDriver::continueAfterChannelAllocated):
(WebKit::CtapHidDriver::continueAfterResponseReceived):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239852 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-607-branch/Source/WebKit/ChangeLog (240082 => 240083)
--- branches/safari-607-branch/Source/WebKit/ChangeLog 2019-01-16 23:28:37 UTC (rev 240082)
+++ branches/safari-607-branch/Source/WebKit/ChangeLog 2019-01-16 23:28:39 UTC (rev 240083)
@@ -1,5 +1,80 @@
2019-01-16 Alan Coon <[email protected]>
+ Cherry-pick r239852. rdar://problem/47260195
+
+ [WebAuthN] Change the nonce in the CTAP kInit command to weak random values
+ https://bugs.webkit.org/show_bug.cgi?id=192061
+ <rdar://problem/46471091>
+
+ Reviewed by Chris Dumez.
+
+ Change the nonce in the CTAP kInit command to weak random values as the nonce is mainly
+ for being a probabilistically unique global identifier for hand shakes, instead of
+ preventing replay attacks. Otherwise, it might exhaust system entropy unnecessarily.
+
+ The patch also removes all logging when debugging the test case flakiness.
+
+ * UIProcess/WebAuthentication/AuthenticatorManager.cpp:
+ (WebKit::AuthenticatorManager::respondReceived):
+ (WebKit::AuthenticatorManager::initTimeOutTimer):
+ (WebKit::AuthenticatorManager::timeOutTimerFired):
+ * UIProcess/WebAuthentication/Cocoa/HidService.mm:
+ (WebKit::HidService::deviceAdded):
+ * UIProcess/WebAuthentication/Mock/MockAuthenticatorManager.cpp:
+ (WebKit::MockAuthenticatorManager::respondReceivedInternal):
+ * UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:
+ (WebKit::MockHidConnection::send):
+ * UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp:
+ (WebKit::CtapHidAuthenticator::makeCredential):
+ (WebKit::CtapHidAuthenticator::getAssertion):
+ * UIProcess/WebAuthentication/fido/CtapHidDriver.cpp:
+ (WebKit::CtapHidDriver::Worker::write):
+ (WebKit::CtapHidDriver::Worker::read):
+ (WebKit::CtapHidDriver::Worker::returnMessage):
+ (WebKit::CtapHidDriver::transact):
+ (WebKit::CtapHidDriver::continueAfterChannelAllocated):
+ (WebKit::CtapHidDriver::continueAfterResponseReceived):
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239852 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-01-10 Jiewen Tan <[email protected]>
+
+ [WebAuthN] Change the nonce in the CTAP kInit command to weak random values
+ https://bugs.webkit.org/show_bug.cgi?id=192061
+ <rdar://problem/46471091>
+
+ Reviewed by Chris Dumez.
+
+ Change the nonce in the CTAP kInit command to weak random values as the nonce is mainly
+ for being a probabilistically unique global identifier for hand shakes, instead of
+ preventing replay attacks. Otherwise, it might exhaust system entropy unnecessarily.
+
+ The patch also removes all logging when debugging the test case flakiness.
+
+ * UIProcess/WebAuthentication/AuthenticatorManager.cpp:
+ (WebKit::AuthenticatorManager::respondReceived):
+ (WebKit::AuthenticatorManager::initTimeOutTimer):
+ (WebKit::AuthenticatorManager::timeOutTimerFired):
+ * UIProcess/WebAuthentication/Cocoa/HidService.mm:
+ (WebKit::HidService::deviceAdded):
+ * UIProcess/WebAuthentication/Mock/MockAuthenticatorManager.cpp:
+ (WebKit::MockAuthenticatorManager::respondReceivedInternal):
+ * UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:
+ (WebKit::MockHidConnection::send):
+ * UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp:
+ (WebKit::CtapHidAuthenticator::makeCredential):
+ (WebKit::CtapHidAuthenticator::getAssertion):
+ * UIProcess/WebAuthentication/fido/CtapHidDriver.cpp:
+ (WebKit::CtapHidDriver::Worker::write):
+ (WebKit::CtapHidDriver::Worker::read):
+ (WebKit::CtapHidDriver::Worker::returnMessage):
+ (WebKit::CtapHidDriver::transact):
+ (WebKit::CtapHidDriver::continueAfterChannelAllocated):
+ (WebKit::CtapHidDriver::continueAfterResponseReceived):
+
+2019-01-16 Alan Coon <[email protected]>
+
Cherry-pick r239757. rdar://problem/47260195
[Mac] Layout Test http/wpt/webauthn/public-key-credential-create-success-hid.https.html and http/wpt/webauthn/public-key-credential-get-success-hid.https.html are flaky
Modified: branches/safari-607-branch/Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp (240082 => 240083)
--- branches/safari-607-branch/Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp 2019-01-16 23:28:37 UTC (rev 240082)
+++ branches/safari-607-branch/Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp 2019-01-16 23:28:39 UTC (rev 240083)
@@ -70,23 +70,17 @@
void MockHidConnection::send(Vector<uint8_t>&& data, DataSentCallback&& callback)
{
- // FIXME(192061): Remove all LOG_ERRORs.
- LOG_ERROR("Sending data: Phase 1. Current time: %f.", MonotonicTime::now().secondsSinceEpoch().value());
ASSERT(m_initialized);
auto task = makeBlockPtr([weakThis = makeWeakPtr(*this), data = "" callback = WTFMove(callback)]() mutable {
ASSERT(!RunLoop::isMain());
- LOG_ERROR("Sending data: Phase 2. Current time: %f.", MonotonicTime::now().secondsSinceEpoch().value());
RunLoop::main().dispatch([weakThis, data = "" callback = WTFMove(callback)]() mutable {
- LOG_ERROR("Sending data: Phase 3. Current time: %f.", MonotonicTime::now().secondsSinceEpoch().value());
if (!weakThis) {
callback(DataSent::No);
return;
}
- LOG_ERROR("Sending data: Phase 4. Current time: %f.", MonotonicTime::now().secondsSinceEpoch().value());
weakThis->assembleRequest(WTFMove(data));
- LOG_ERROR("Sending data: Phase 5. Current time: %f.", MonotonicTime::now().secondsSinceEpoch().value());
auto sent = DataSent::Yes;
if (weakThis->stagesMatch() && weakThis->m_configuration.hid->error == Mock::Error::DataNotSent)
sent = DataSent::No;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
