Skip to site navigation (Press enter)

[webkit-changes] [261723] trunk

jiewen_tan Thu, 14 May 2020 16:50:25 -0700

Title: [261723] trunk

Revision: 261723
Author: [email protected]
Date: 2020-05-14 16:49:04 -0700 (Thu, 14 May 2020)

Log Message

[WebAuthn] Relaxing signature length requirements for U2fRegister
https://bugs.webkit.org/show_bug.cgi?id=209645
<rdar://problem/63204591>


Reviewed by Brent Fulgham.

Source/WebCore:

It turns out the length range specified from the spec, i.e., [71, 73] is wrong.
https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#registration-response-message-success

It should actually be [70, 72]. However, as a middleware to relay the messages, user agents
are not necessary to check the length. Therefore, the check is relaxed to make the code more robust.

Covered by existing tests.

* Modules/webauthn/fido/U2fResponseConverter.cpp:
(fido::WebCore::createFidoAttestationStatementFromU2fRegisterResponse):

Tools:

* TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp:
(TestWebKitAPI::TEST):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/Modules/webauthn/fido/U2fResponseConverter.cpp
trunk/Tools/ChangeLog
trunk/Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (261722 => 261723)


--- trunk/Source/WebCore/ChangeLog	2020-05-14 23:38:22 UTC (rev 261722)
+++ trunk/Source/WebCore/ChangeLog	2020-05-14 23:49:04 UTC (rev 261723)
@@ -1,3 +1,22 @@
+2020-05-14  Jiewen Tan  <[email protected]>
+
+        [WebAuthn] Relaxing signature length requirements for U2fRegister
+        https://bugs.webkit.org/show_bug.cgi?id=209645
+        <rdar://problem/63204591>
+
+        Reviewed by Brent Fulgham.
+
+        It turns out the length range specified from the spec, i.e., [71, 73] is wrong.
+        https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#registration-response-message-success
+
+        It should actually be [70, 72]. However, as a middleware to relay the messages, user agents
+        are not necessary to check the length. Therefore, the check is relaxed to make the code more robust.
+
+        Covered by existing tests.
+
+        * Modules/webauthn/fido/U2fResponseConverter.cpp:
+        (fido::WebCore::createFidoAttestationStatementFromU2fRegisterResponse):
+
 2020-05-14  Timothy Hatcher  <[email protected]>
 
         Add sourceURL to _evaluateJavaScript: so the scripts appear in Web Inspector.

Modified: trunk/Source/WebCore/Modules/webauthn/fido/U2fResponseConverter.cpp (261722 => 261723)


--- trunk/Source/WebCore/Modules/webauthn/fido/U2fResponseConverter.cpp	2020-05-14 23:38:22 UTC (rev 261722)
+++ trunk/Source/WebCore/Modules/webauthn/fido/U2fResponseConverter.cpp	2020-05-14 23:49:04 UTC (rev 261723)
@@ -49,9 +49,6 @@
 const uint8_t uncompressedKey = 0x04;
 // https://www.w3.org/TR/webauthn/#flags
 const uint8_t makeCredentialFlags = 0b01000001; // UP and AT are set.
-// https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#registration-response-message-success
-const uint8_t minSignatureLength = 71;
-const uint8_t maxSignatureLength = 73;
 // https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#authentication-response-message-success
 const size_t flagIndex = 0;
 const size_t counterIndex = 1;
@@ -133,7 +130,7 @@
 
     Vector<uint8_t> signature;
     signature.append(u2fData.data() + offset, u2fData.size() - offset);
-    if (signature.size() < minSignatureLength || signature.size() > maxSignatureLength)
+    if (signature.isEmpty())
         return { };
 
     cbor::CBORValue::MapValue attestationStatementMap;

Modified: trunk/Tools/ChangeLog (261722 => 261723)


--- trunk/Tools/ChangeLog	2020-05-14 23:38:22 UTC (rev 261722)
+++ trunk/Tools/ChangeLog	2020-05-14 23:49:04 UTC (rev 261723)
@@ -1,3 +1,14 @@
+2020-05-14  Jiewen Tan  <[email protected]>
+
+        [WebAuthn] Relaxing signature length requirements for U2fRegister
+        https://bugs.webkit.org/show_bug.cgi?id=209645
+        <rdar://problem/63204591>
+
+        Reviewed by Brent Fulgham.
+
+        * TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp:
+        (TestWebKitAPI::TEST):
+
 2020-05-14  Jonathan Bedard  <[email protected]>
 
         run-webkit-tests shouldn't need Xcode to run Mac tests

Modified: trunk/Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp (261722 => 261723)


--- trunk/Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp	2020-05-14 23:38:22 UTC (rev 261722)
+++ trunk/Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp	2020-05-14 23:49:04 UTC (rev 261723)
@@ -512,10 +512,6 @@
     const auto prefix = sizeof(TestData::kTestU2fRegisterResponse);
     auto response = readU2fRegisterResponse(TestData::kRelyingPartyId, getTestU2fRegisterResponse(prefix - 71, nullptr, 0));
     EXPECT_FALSE(response);
-
-    const uint8_t testData[] = { 0x40, 0x40, 0x40 };
-    response = readU2fRegisterResponse(TestData::kRelyingPartyId, getTestU2fRegisterResponse(prefix, testData, sizeof(testData)));
-    EXPECT_FALSE(response);
 }
 
 // Test malformed X.509 but pass.

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes