Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 2968de52d0664b1fd91876cf47cd91a02faa6fb5
https://github.com/WebKit/WebKit/commit/2968de52d0664b1fd91876cf47cd91a02faa6fb5
Author: Pascoe <[email protected]>
Date: 2024-12-23 (Mon, 23 Dec 2024)
Changed paths:
M
LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https.html
M
LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html
M Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp
M Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.h
M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp
M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h
M Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp
M Source/WebCore/Modules/webauthn/fido/FidoConstants.cpp
M Source/WebCore/Modules/webauthn/fido/FidoConstants.h
M Source/WebCore/Modules/webauthn/fido/Pin.cpp
M Source/WebCore/Modules/webauthn/fido/Pin.h
M Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h
M Source/WebKit/UIProcess/API/APIWebAuthenticationPanelClient.h
M Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h
M Source/WebKit/UIProcess/WebAuthentication/Authenticator.h
M Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp
M Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.h
M
Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.h
M
Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.mm
M
Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.h
M
Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm
M Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp
M Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualService.mm
M Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationFlags.h
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapCcidDriver.cpp
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapDriver.h
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidDriver.cpp
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapNfcDriver.cpp
M Source/WebKit/UIProcess/WebAuthentication/fido/FidoService.cpp
M Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp
Log Message:
-----------
[WebAuthn] Implement Set Pin for security keys
https://bugs.webkit.org/show_bug.cgi?id=269083
rdar://122660610
Reviewed by Brent Fulgham.
This change implements setting a pin for security keys. This is accomplished by
asking the user
for a new pin whenever presented with an operation that requires a security key
to have user
verification setup, but it does not.
The minimum pin length is fetched from the authenticator, or a default of 4
defined in the
CTAP spec. The maximum length is defined by the spec to be 63. We bubble up
errors to show
in the prompt whenever an entered PIN did not meet requirements.
The way setting a pin works is as follows: Whenever an operation requires UV,
but it is not setup,
first authenticator selection is performed to confirm a authenticator is
desired for the operation.
For CTAP2.1 keys, the authenticatorSelection command is used, on older FIDO2.0
authenticators, a non-rk
makeCredential with zero length pinAuth is used instead. Then, whenever an
authenticator without uv is
chosen, a new pin is collected from the user and setup on the security key,
which is then able to perform
the operation requiring uv.
The SetPin code is covered by unit tests. I have manually tested setting up a
PIN on both CTAP2.1 and CTAP2.0
security keys.
* Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp:
(fido::AuthenticatorGetInfoResponse::setMinPINLength):
(fido::encodeAsCBOR):
* Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.h:
* Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp:
(fido::encodeBogusRequestForAuthenticatorSelection):
* Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h:
* Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp:
(fido::convertStringToProtocolVersion):
(fido::readCTAPGetInfoResponse):
* Source/WebCore/Modules/webauthn/fido/FidoConstants.cpp:
(fido::isCtap2Protocol):
(fido::toString):
* Source/WebCore/Modules/webauthn/fido/FidoConstants.h:
* Source/WebCore/Modules/webauthn/fido/Pin.cpp:
(fido::pin::SetPinRequest::pinAuth const):
(fido::pin::encodeAsCBOR):
* Source/WebCore/Modules/webauthn/fido/Pin.h:
* Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h:
* Source/WebKit/UIProcess/API/APIWebAuthenticationPanelClient.h:
(API::WebAuthenticationPanelClient::requestNewPin const):
* Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:
* Source/WebKit/UIProcess/WebAuthentication/Authenticator.h:
* Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp:
(WebKit::AuthenticatorManager::requestNewPin):
* Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.h:
*
Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.h:
*
Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.mm:
(WebKit::AuthenticatorPresenterCoordinator::updatePresenter):
(WebKit::AuthenticatorPresenterCoordinator::requestNewPin):
* Source/WebKit/UIProcess/WebAuthentication/Cocoa/HidConnection.mm:
* Source/WebKit/UIProcess/WebAuthentication/Cocoa/HidService.mm:
*
Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.h:
*
Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm:
(WebKit::WebAuthenticationPanelClient::WebAuthenticationPanelClient):
(WebKit::wkWebAuthenticationPanelUpdate):
(WebKit::WebAuthenticationPanelClient::requestNewPin const):
* Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:
(WebKit::MockHidConnection::feedReports):
* Source/WebKit/UIProcess/WebAuthentication/Virtual/VirtualService.mm:
(WebKit::authenticatorInfoForConfig):
* Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationFlags.h:
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
(WebKit::CtapAuthenticator::makeCredential):
(WebKit::CtapAuthenticator::isUVSetup const):
(WebKit::CtapAuthenticator::continueSetupPinAfterCommand):
(WebKit::CtapAuthenticator::continueSetupPinAfterGetKeyAgreement):
(WebKit::CtapAuthenticator::setupPin):
(WebKit::CtapAuthenticator::performAuthenticatorSelectionForSetupPin):
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h:
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapCcidDriver.cpp:
(WebKit::CtapCcidDriver::transact):
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapDriver.h:
(WebKit::CtapDriver::isCtap2Protocol const):
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidDriver.cpp:
(WebKit::CtapHidDriver::continueAfterChannelAllocated):
(WebKit::CtapHidDriver::cancel):
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapNfcDriver.cpp:
(WebKit::CtapNfcDriver::transact):
* Source/WebKit/UIProcess/WebAuthentication/fido/FidoService.cpp:
(WebKit::FidoService::continueAfterGetInfo):
* Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp:
(TestWebKitAPI::TEST(CTAPResponseTest, TestReadGetInfoResponse)):
(TestWebKitAPI::TEST(CTAPResponseTest, TestReadGetInfoResponse2)):
(TestWebKitAPI::TEST(CTAPResponseTest, TestReadGetInfoResponseDeviceYubikey5c)):
(TestWebKitAPI::TEST(CTAPResponseTest, TestSerializeGetInfoResponse)):
Canonical link: https://commits.webkit.org/288259@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
