Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-local.https.html (269419 => 269420)
--- trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-local.https.html 2020-11-05 08:45:46 UTC (rev 269419)
+++ trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-local.https.html 2020-11-05 08:46:57 UTC (rev 269420)
@@ -31,7 +31,10 @@
assert_equals(bytesToHexString(authData.rpIdHash), "49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d9763");
assert_equals(authData.flags, 69);
assert_equals(authData.counter, 0);
- assert_equals(bytesToHexString(authData.aaguid), "00000000000000000000000000000000");
+ if (isNoneAttestation)
+ assert_equals(bytesToHexString(authData.aaguid), "00000000000000000000000000000000");
+ else
+ assert_equals(bytesToHexString(authData.aaguid), "f24a8e70d0d3f82c293732523cc4de5a");
assert_array_equals(authData.credentialID, credentialID);
// Check self attestation
assert_true(checkPublicKey(authData.publicKey));
Modified: trunk/Source/WebKit/ChangeLog (269419 => 269420)
--- trunk/Source/WebKit/ChangeLog 2020-11-05 08:45:46 UTC (rev 269419)
+++ trunk/Source/WebKit/ChangeLog 2020-11-05 08:46:57 UTC (rev 269420)
@@ -1,3 +1,20 @@
+2020-11-05 Jiewen Tan <[email protected]>
+
+ [WebAuthn] Determine an AAGUID for the platform authenticators
+ https://bugs.webkit.org/show_bug.cgi?id=217945
+ <rdar://problem/70811618>
+
+ Reviewed by Brent Fulgham.
+
+ Relying parties use the AAGUID to recognize supported authenticators. Using a NULL AAGUID blocks them from recognizing Apple products as valid WebAuthentication targets.
+ We need to assign ourselves a GUID representing Apple authenticators, then publish with our attestation certificate and with the FIDO Alliance.
+
+ Covered by existing tests.
+
+ * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
+ (WebKit::LocalAuthenticatorInternal::aaguidVector):
+ (WebKit::LocalAuthenticator::continueMakeCredentialAfterUserVerification):
+
2020-11-05 Carlos Garcia Campos <[email protected]>
WebDriver: session can have more than one active input source of the same type
Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (269419 => 269420)
--- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2020-11-05 08:45:46 UTC (rev 269419)
+++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2020-11-05 08:46:57 UTC (rev 269420)
@@ -59,6 +59,7 @@
// Credential ID is currently SHA-1 of the corresponding public key.
const uint16_t credentialIdLength = 20;
const uint64_t counter = 0;
+const uint8_t aaguid[] = { 0xF2, 0x4A, 0x8E, 0x70, 0xD0, 0xD3, 0xF8, 0x2C, 0x29, 0x37, 0x32, 0x52, 0x3C, 0xC4, 0xDE, 0x5A }; // Randomly generated.
static inline bool emptyTransportsOrContain(const Vector<AuthenticatorTransport>& transports, AuthenticatorTransport target)
{
@@ -85,6 +86,13 @@
return result;
}
+static inline Vector<uint8_t> aaguidVector()
+{
+ Vector<uint8_t> result;
+ result.append(aaguid, aaguidLength);
+ return result;
+}
+
static inline RetainPtr<NSData> toNSData(const Vector<uint8_t>& data)
{
return adoptNS([[NSData alloc] initWithBytes:data.data() length:data.size()]);
@@ -356,16 +364,13 @@
[nsPublicKeyData getBytes: y.data() range:NSMakeRange(1 + ES256FieldElementLength, ES256FieldElementLength)];
cosePublicKey = encodeES256PublicKeyAsCBOR(WTFMove(x), WTFMove(y));
}
- // FIXME(rdar://problem/38320512): Define Apple AAGUID.
- auto attestedCredentialData = buildAttestedCredentialData(Vector<uint8_t>(aaguidLength, 0), credentialId, cosePublicKey);
// Step 12.
- auto authData = buildAuthData(creationOptions.rp.id, makeCredentialFlags, counter, attestedCredentialData);
-
// Skip Apple Attestation for none attestation.
if (creationOptions.attestation == AttestationConveyancePreference::None) {
deleteDuplicateCredential();
+ auto authData = buildAuthData(creationOptions.rp.id, makeCredentialFlags, counter, buildAttestedCredentialData(Vector<uint8_t>(aaguidLength, 0), credentialId, cosePublicKey));
auto attestationObject = buildAttestationObject(WTFMove(authData), "", { }, AttestationConveyancePreference::None);
receiveRespond(AuthenticatorAttestationResponse::create(credentialId, attestationObject));
return;
@@ -372,6 +377,7 @@
}
// Step 13. Apple Attestation
+ auto authData = buildAuthData(creationOptions.rp.id, makeCredentialFlags, counter, buildAttestedCredentialData(aaguidVector(), credentialId, cosePublicKey));
auto nsAuthData = toNSData(authData);
auto callback = [credentialId = WTFMove(credentialId), authData = WTFMove(authData), weakThis = makeWeakPtr(*this)] (NSArray * _Nullable certificates, NSError * _Nullable error) mutable {
ASSERT(RunLoop::isMain());
