WebKit Bugzilla
Attachment 357359 Details for
Bug 192727
: [WebAuthN] Remove hash from Client Data
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-192727-20181214170746.patch (text/plain), 7.47 KB, created by
Jiewen Tan
on 2018-12-14 17:07:47 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Jiewen Tan
Created:
2018-12-14 17:07:47 PST
Size:
7.47 KB
patch
obsolete
>Subversion Revision: 239232 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 2ec8741f5c7f638a91c877d25770acd7ccc8d4d9..971574b879fa6ce192164b3b9a407eda15c5cdf7 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,19 @@ >+2018-12-14 Jiewen Tan <jiewen_tan@apple.com> >+ >+ [WebAuthN] Remove hash from Client Data >+ https://bugs.webkit.org/show_bug.cgi?id=192727 >+ <rdar://problem/46746673> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ The hash algorithm for hashing the client data is enforced to SHA_256 in the latest spec: >+ https://www.w3.org/TR/webauthn/#sec-client-data. Therefore, we should remove it. >+ >+ Covered by existing tests. >+ >+ * Modules/webauthn/AuthenticatorCoordinator.cpp: >+ (WebCore::AuthenticatorCoordinatorInternal::produceClientDataJson): >+ > 2018-12-14 David Kilzer <ddkilzer@apple.com> > > clang-tidy: Fix unnecessary object copies in WebCore/platform/graphics/avfoundation/objc/ >diff --git a/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp b/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp >index a0554b734a51d3fcf637722cd21cdc8d838e9308..43f16b01c87db3458a28e3c4768be4dfcd3907c4 100644 >--- a/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp >+++ b/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp >@@ -66,8 +66,6 @@ static Ref<ArrayBuffer> produceClientDataJson(ClientDataType type, const BufferS > } > object->setString("challenge"_s, WTF::base64URLEncode(challenge.data(), challenge.length())); > object->setString("origin"_s, origin.toRawString()); >- // FIXME: This might be platform dependent. >- object->setString("hashAlgorithm"_s, "SHA-256"_s); > > auto utf8JSONString = object->toJSONString().utf8(); > return ArrayBuffer::create(utf8JSONString.data(), utf8JSONString.length()); >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 8642cbfca317aa207b825ec1f75912645f8559a6..43eb0be85d2dd9dfee927b3142c6d1236a531fac 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,16 @@ >+2018-12-14 Jiewen Tan <jiewen_tan@apple.com> >+ >+ [WebAuthN] Remove hash from Client Data >+ https://bugs.webkit.org/show_bug.cgi?id=192727 >+ <rdar://problem/46746673> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * http/wpt/webauthn/public-key-credential-create-success-hid.https.html: >+ * http/wpt/webauthn/public-key-credential-create-success-local.https.html: >+ * http/wpt/webauthn/public-key-credential-get-success-hid.https.html: >+ * http/wpt/webauthn/public-key-credential-get-success-local.https.html: >+ > 2018-12-14 Matt Baker <mattbaker@apple.com> > > Web Inspector: Cookies view should use model objects instead of raw payload data >diff --git a/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html b/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html >index cc6cd16f56f66308c19a2b1807ee947f661cc648..65485aec814eea92eca15140eacb73a19fb5b2e1 100644 >--- a/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html >+++ b/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html >@@ -15,7 +15,7 @@ > assert_array_equals(Base64URL.parse(credential.id), Base64URL.parse(testHidCredentialIdBase64)); > assert_equals(credential.type, 'public-key'); > assert_array_equals(new Uint8Array(credential.rawId), Base64URL.parse(testHidCredentialIdBase64)); >- assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.create","challenge":"MTIzNDU2","origin":"https://localhost:9443","hashAlgorithm":"SHA-256"}'); >+ assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.create","challenge":"MTIzNDU2","origin":"https://localhost:9443"}'); > assert_throws("NotSupportedError", () => { credential.getClientExtensionResults() }); > > // Check attestation >diff --git a/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-local.https.html b/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-local.https.html >index 9c2d116d843c9d6af6f540089b8c47d939af2bda..6f877c44f6ec368fc2def6013ad5fdcac14047a3 100644 >--- a/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-local.https.html >+++ b/LayoutTests/http/wpt/webauthn/public-key-credential-create-success-local.https.html >@@ -29,7 +29,7 @@ > assert_array_equals(Base64URL.parse(credential.id), Base64URL.parse(testCredentialIdBase64)); > assert_equals(credential.type, 'public-key'); > assert_array_equals(new Uint8Array(credential.rawId), Base64URL.parse(testCredentialIdBase64)); >- assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.create","challenge":"MTIzNDU2","origin":"https://localhost:9443","hashAlgorithm":"SHA-256"}'); >+ assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.create","challenge":"MTIzNDU2","origin":"https://localhost:9443"}'); > assert_throws("NotSupportedError", () => { credential.getClientExtensionResults() }); > > // Check attestation >diff --git a/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https.html b/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https.html >index a783830e3f058306a1582ebe82e3e091b12d8bc6..1f13ded838489bacf08a773476284e64fcf24011 100644 >--- a/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https.html >+++ b/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https.html >@@ -14,7 +14,7 @@ > assert_array_equals(Base64URL.parse(credential.id), Base64URL.parse(testHidCredentialIdBase64)); > assert_equals(credential.type, 'public-key'); > assert_array_equals(new Uint8Array(credential.rawId), Base64URL.parse(testHidCredentialIdBase64)); >- assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.get","challenge":"MTIzNDU2","origin":"https://localhost:9443","hashAlgorithm":"SHA-256"}'); >+ assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.get","challenge":"MTIzNDU2","origin":"https://localhost:9443"}'); > assert_equals(credential.response.userHandle, null); > > // Check authData >diff --git a/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https.html b/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https.html >index c617e7538c7db14f87a232add09c60e5b0d43763..7f2daaf553b164eb0ba02df4649a34ff2912f681 100644 >--- a/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https.html >+++ b/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https.html >@@ -17,7 +17,7 @@ > assert_array_equals(Base64URL.parse(credential.id), Base64URL.parse(testCredentialIdBase64)); > assert_equals(credential.type, 'public-key'); > assert_array_equals(new Uint8Array(credential.rawId), Base64URL.parse(testCredentialIdBase64)); >- assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.get","challenge":"MTIzNDU2","origin":"https://localhost:9443","hashAlgorithm":"SHA-256"}'); >+ assert_equals(bytesToASCIIString(credential.response.clientDataJSON), '{"type":"webauthn.get","challenge":"MTIzNDU2","origin":"https://localhost:9443"}'); > assert_equals(bytesToHexString(credential.response.userHandle), "00010203040506070809"); > > // Check authData
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=357359">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 192727
: 357359