I’m working on adding support to WebKit for FIDO U2F (JS API: 
https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-javascript-api-v1.1-id-20160915.html
 Architecture overview: 
https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-overview-v1.1-id-20160915.html
 ). The FIDO U2F specification allows a secure second factor to be used during 
authentication flow, with bidirectional verification (token verifies server, 
server verifies token and token’s knowledge of a specific private key). There 
are current implementations in Chrome, Opera, and Blink (Firefox). I’m 
primarily interested in bringing support to Safari, so that is the focus what I 
am currently working on.

The (USB) protocol itself works by sending USB HID reports (packets) to the key 
and getting USB HID reports back. There is a reference implementation by one of 
the members of the specification group - libu2f-host (by Yubico); however, it 
is licensed under GPL and LGPLv2.1. It also depends on two more libraries, 
hidapi and libusb. Figuring that adding all of these dependencies to Safari 
might be undesirable, I wrote a clean-room implementation outside of WebKit 
that uses IOKit directly to access the device (conveniently, IOKit exposes nice 
HID stuff). I’m now at the stage of adding this to WebKit.

Before I move forward, there are a couple of things that would be great to get 
some input on:

- What to do about other platforms - no implementation, use libu2f-host for 
them, or use libu2f-host everywhere
- UI for key access permission - malicious sites could (eventually) lock up a 
key, as well as possibly identifying a user; the specification suggests 
displaying an info bar for user to allow access - but, I’m not familiar with 
the process of designing/adding browser chromes
- What process should communicate with the token - the protocol is robust and 
designed for many simultaneous accesses and appropriate isolation of them, so 
this can (should?) be per-page; IOKit needs a CFRunLoop to schedule the report 
receive callback on: should this be on the main runloop or on another thread 
just for U2F?
- Presumably, this should be gated behind a macro; does a suitable one exist, 
or add a new one?

Thank you!

- Jacob Greenfield
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

Reply via email to