The WebAuthN API currently can talk to U2F security keys. It should additionally be able to talk to CTAP security keys. The CTAP protocol is defined here: https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5c942e8e049e9524d200411064e14fd25294efd1 commit 5c942e8e049e9524d200411064e14fd25294efd1 Author: Balazs Engedy <engedy@chromium.org> Date: Thu Mar 22 15:48:18 2018 Add u2f_parsing_utils::Extract[Suffix][Span]. Bug: 780078 Change-Id: I8f538a29306f1f94a2b5b5c307d743d485f33336 Reviewed-on: https://chromium-review.googlesource.com/975542 Commit-Queue: Balazs Engedy <engedy@chromium.org> Reviewed-by: Jan Wilken Dörrie <jdoerrie@chromium.org> Cr-Commit-Position: refs/heads/master@{#545090} [modify] https://crrev.com/5c942e8e049e9524d200411064e14fd25294efd1/device/BUILD.gn [modify] https://crrev.com/5c942e8e049e9524d200411064e14fd25294efd1/device/fido/u2f_parsing_utils.cc [modify] https://crrev.com/5c942e8e049e9524d200411064e14fd25294efd1/device/fido/u2f_parsing_utils.h [add] https://crrev.com/5c942e8e049e9524d200411064e14fd25294efd1/device/fido/u2f_parsing_utils_unittest.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84 commit c3c049270b3679aaeb61b7d6431f9ab5dd20ef84 Author: Jun Choi <hongjunchoi@chromium.org> Date: Thu Mar 22 23:32:47 2018 Consolidate {Register, Sign}Response data {Register, Sign}Response data is are strict subset of the range of authenticator response represented by Authenticator{MakeCredential, GetAssertion}Response objects. RegisterResponseData object represents MakeCredentialResponse with "fido-u2f" as attestation format and SignResponseData represents GetAssertionResponse with empty user handle. This CL consolidates {Register, Sign}ResponseData with Authenticator{MakeCredential, GetAssertion}Response, respectively. More specifically, 1) Move U2F parsing logic in {Register, Sign}ResponseData to Authenticator{MakeCredential, GetAssertion}Response and delete {Register, Sign}ResponseData. 2) Combine fuzzer tests to ctap_response_fuzzer.cc file. 3) Complete handling of "none" attestation object by replacing AAGUID section of authenticator data with zeros. Bug: 780078 Change-Id: I19d12b6806a01bf7af08687c3b6e4e98f62bd34d Reviewed-on: https://chromium-review.googlesource.com/934851 Commit-Queue: Jun Choi <hongjunchoi@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Reviewed-by: Jan Wilken Dörrie <jdoerrie@chromium.org> Cr-Commit-Position: refs/heads/master@{#545289} [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/content/browser/webauth/authenticator_impl.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/content/browser/webauth/authenticator_impl.h [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/BUILD.gn [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/attestation_object.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/attestation_object.h [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/attestation_statement.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/attestation_statement.h [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/attested_credential_data.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/attested_credential_data.h [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/authenticator_data.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/authenticator_data.h [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/authenticator_get_assertion_response.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/authenticator_get_assertion_response.h [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/authenticator_get_info_response.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/authenticator_get_info_response.h [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/authenticator_make_credential_response.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/authenticator_make_credential_response.h [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/ctap_response_fuzzer.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/ctap_response_unittest.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/device_response_converter.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/device_response_converter.h [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/fido_attestation_statement.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/fido_attestation_statement.h [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/fido_constants.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/fido_constants.h [add] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/opaque_attestation_statement.cc [add] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/opaque_attestation_statement.h [add] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/opaque_public_key.cc [add] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/opaque_public_key.h [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/public_key.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/public_key.h [delete] https://crrev.com/29e26f84ee58dade74a9da8cbfcd38b13433a2a0/device/fido/register_response_data.cc [delete] https://crrev.com/29e26f84ee58dade74a9da8cbfcd38b13433a2a0/device/fido/register_response_data.h [delete] https://crrev.com/29e26f84ee58dade74a9da8cbfcd38b13433a2a0/device/fido/register_response_data_fuzzer.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/response_data.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/response_data.h [rename] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/response_data_fuzzer_corpus/get_assertion_response_corpus [rename] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/response_data_fuzzer_corpus/make_credential_response_corpus [delete] https://crrev.com/29e26f84ee58dade74a9da8cbfcd38b13433a2a0/device/fido/sign_response_data.cc [delete] https://crrev.com/29e26f84ee58dade74a9da8cbfcd38b13433a2a0/device/fido/sign_response_data.h [delete] https://crrev.com/29e26f84ee58dade74a9da8cbfcd38b13433a2a0/device/fido/sign_response_data_fuzzer.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/u2f_register.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/u2f_register.h [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/u2f_register_unittest.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/u2f_sign.cc [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/u2f_sign.h [modify] https://crrev.com/c3c049270b3679aaeb61b7d6431f9ab5dd20ef84/device/fido/u2f_sign_unittest.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/177d2ac6a0a71935b98d56dd08d9af3f356fcc4a commit 177d2ac6a0a71935b98d56dd08d9af3f356fcc4a Author: Jun Choi <hongjunchoi@chromium.org> Date: Wed Mar 28 08:32:16 2018 Reland: Implement GetAssertionTask Implement per-device request logic for AuthenticatorGetAssertion request. GetAssertionTask should asynchronously start a request and decode device response. This is a reland of https://crrev.com/c/941977, which was reverted due to merge conflict with https://crrev.com/c/969799. All contents remain the same, except that fix for merge error in GetAssertionTask::CheckRequirementOnReturnedCredentialId() is added. Bug: 780078 Change-Id: I35a619ff63a680cfd8996c65a488245e6ed9a330 Reviewed-on: https://chromium-review.googlesource.com/983007 Commit-Queue: Balazs Engedy <engedy@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Cr-Commit-Position: refs/heads/master@{#546436} [modify] https://crrev.com/177d2ac6a0a71935b98d56dd08d9af3f356fcc4a/device/BUILD.gn [modify] https://crrev.com/177d2ac6a0a71935b98d56dd08d9af3f356fcc4a/device/fido/BUILD.gn [modify] https://crrev.com/177d2ac6a0a71935b98d56dd08d9af3f356fcc4a/device/fido/authenticator_data.h [modify] https://crrev.com/177d2ac6a0a71935b98d56dd08d9af3f356fcc4a/device/fido/ctap_get_assertion_request.h [modify] https://crrev.com/177d2ac6a0a71935b98d56dd08d9af3f356fcc4a/device/fido/ctap_make_credential_request.h [modify] https://crrev.com/177d2ac6a0a71935b98d56dd08d9af3f356fcc4a/device/fido/fido_response_test_data.h [add] https://crrev.com/177d2ac6a0a71935b98d56dd08d9af3f356fcc4a/device/fido/get_assertion_task.cc [add] https://crrev.com/177d2ac6a0a71935b98d56dd08d9af3f356fcc4a/device/fido/get_assertion_task.h [add] https://crrev.com/177d2ac6a0a71935b98d56dd08d9af3f356fcc4a/device/fido/get_assertion_task_unittest.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/65582739111dff1666dd898bcd8e122841be7edd commit 65582739111dff1666dd898bcd8e122841be7edd Author: Jun Choi <hongjunchoi@chromium.org> Date: Fri Mar 30 23:43:48 2018 Change AAGUID of AttestedCredentialData to array Since AAGUID always has fixed size(16), change |aaguid_| of AttestedCredentialData from std::vector<uint8_t> to std::array<uint8_t, 16>. Bug: 780078 Change-Id: If30dd55b6e88e38f2a6ab53365a6724cf29892a5 Reviewed-on: https://chromium-review.googlesource.com/981682 Commit-Queue: Jun Choi <hongjunchoi@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Cr-Commit-Position: refs/heads/master@{#547321} [modify] https://crrev.com/65582739111dff1666dd898bcd8e122841be7edd/device/fido/attested_credential_data.cc [modify] https://crrev.com/65582739111dff1666dd898bcd8e122841be7edd/device/fido/attested_credential_data.h [modify] https://crrev.com/65582739111dff1666dd898bcd8e122841be7edd/device/fido/authenticator_make_credential_response.cc [modify] https://crrev.com/65582739111dff1666dd898bcd8e122841be7edd/device/fido/u2f_parsing_utils.h [modify] https://crrev.com/65582739111dff1666dd898bcd8e122841be7edd/device/fido/u2f_parsing_utils_unittest.cc [modify] https://crrev.com/65582739111dff1666dd898bcd8e122841be7edd/device/fido/u2f_register_unittest.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5f2c7e840e13d5e8d301582d4a923561dcd237a0 commit 5f2c7e840e13d5e8d301582d4a923561dcd237a0 Author: Thomas Anderson <thomasanderson@chromium.org> Date: Sat Mar 31 00:10:18 2018 Revert "Change AAGUID of AttestedCredentialData to array" This reverts commit 65582739111dff1666dd898bcd8e122841be7edd. Reason for revert: Causes failure on Win x64 Builder: https://ci.chromium.org/buildbot/chromium.win/Win%20x64%20Builder%20(dbg)/64392 Original change's description: > Change AAGUID of AttestedCredentialData to array > > Since AAGUID always has fixed size(16), change |aaguid_| of > AttestedCredentialData from std::vector<uint8_t> to std::array<uint8_t, > 16>. > > Bug: 780078 > Change-Id: If30dd55b6e88e38f2a6ab53365a6724cf29892a5 > Reviewed-on: https://chromium-review.googlesource.com/981682 > Commit-Queue: Jun Choi <hongjunchoi@chromium.org> > Reviewed-by: Balazs Engedy <engedy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#547321} TBR=engedy@chromium.org,hongjunchoi@chromium.org Change-Id: Iab663a0617a364cb11c10beb1759f1543fb485fb No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 780078 Reviewed-on: https://chromium-review.googlesource.com/989152 Reviewed-by: Thomas Anderson <thomasanderson@chromium.org> Commit-Queue: Thomas Anderson <thomasanderson@chromium.org> Cr-Commit-Position: refs/heads/master@{#547328} [modify] https://crrev.com/5f2c7e840e13d5e8d301582d4a923561dcd237a0/device/fido/attested_credential_data.cc [modify] https://crrev.com/5f2c7e840e13d5e8d301582d4a923561dcd237a0/device/fido/attested_credential_data.h [modify] https://crrev.com/5f2c7e840e13d5e8d301582d4a923561dcd237a0/device/fido/authenticator_make_credential_response.cc [modify] https://crrev.com/5f2c7e840e13d5e8d301582d4a923561dcd237a0/device/fido/u2f_parsing_utils.h [modify] https://crrev.com/5f2c7e840e13d5e8d301582d4a923561dcd237a0/device/fido/u2f_parsing_utils_unittest.cc [modify] https://crrev.com/5f2c7e840e13d5e8d301582d4a923561dcd237a0/device/fido/u2f_register_unittest.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4fc8b7812fee283eed09034ee68dea8cbf39e586 commit 4fc8b7812fee283eed09034ee68dea8cbf39e586 Author: Jun Choi <hongjunchoi@chromium.org> Date: Thu Apr 05 07:39:07 2018 Implement GetAssertionRequestHandler GetAssertionRequestHandler guarantees at most one successful response to be sent to the relying party. Bug: 780078 Change-Id: Ibe8cb2374713f25fbabc73d23615349edb8589fb Reviewed-on: https://chromium-review.googlesource.com/942368 Commit-Queue: Jun Choi <hongjunchoi@chromium.org> Reviewed-by: Jan Wilken Dörrie <jdoerrie@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Cr-Commit-Position: refs/heads/master@{#548362} [modify] https://crrev.com/4fc8b7812fee283eed09034ee68dea8cbf39e586/device/BUILD.gn [modify] https://crrev.com/4fc8b7812fee283eed09034ee68dea8cbf39e586/device/fido/BUILD.gn [modify] https://crrev.com/4fc8b7812fee283eed09034ee68dea8cbf39e586/device/fido/ctap_get_assertion_request.cc [modify] https://crrev.com/4fc8b7812fee283eed09034ee68dea8cbf39e586/device/fido/ctap_get_assertion_request.h [modify] https://crrev.com/4fc8b7812fee283eed09034ee68dea8cbf39e586/device/fido/fido_request_handler.h [rename] https://crrev.com/4fc8b7812fee283eed09034ee68dea8cbf39e586/device/fido/fido_request_handler_base.cc [add] https://crrev.com/4fc8b7812fee283eed09034ee68dea8cbf39e586/device/fido/fido_request_handler_base.h [modify] https://crrev.com/4fc8b7812fee283eed09034ee68dea8cbf39e586/device/fido/fido_request_handler_unittest.cc [add] https://crrev.com/4fc8b7812fee283eed09034ee68dea8cbf39e586/device/fido/get_assertion_handler_unittest.cc [add] https://crrev.com/4fc8b7812fee283eed09034ee68dea8cbf39e586/device/fido/get_assertion_request_handler.cc [add] https://crrev.com/4fc8b7812fee283eed09034ee68dea8cbf39e586/device/fido/get_assertion_request_handler.h [modify] https://crrev.com/4fc8b7812fee283eed09034ee68dea8cbf39e586/device/fido/make_credential_request_handler.cc [modify] https://crrev.com/4fc8b7812fee283eed09034ee68dea8cbf39e586/device/fido/make_credential_request_handler.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/af833079f30700ae3d36301638bd399ff9f9004f commit af833079f30700ae3d36301638bd399ff9f9004f Author: Jun Choi <hongjunchoi@chromium.org> Date: Thu Apr 05 16:16:39 2018 Reland : Change AAGUID of AttestedCredentialData to array Since AAGUID always has fixed size(16), change |aaguid_| of AttestedCredentialData from std::vector<uint8_t> to std::array<uint8_t, 16>. This is a reland of https://crrev.com/c/981682, which was reverted due to combining use of templates with COMPONENTS_EXPORT and failed compilation in win_msvc_dbg. Bug: 780078 Change-Id: Iaa97895cabaa4685ca5909df8c3544a6e84ecf78 Reviewed-on: https://chromium-review.googlesource.com/996963 Reviewed-by: Balazs Engedy <engedy@chromium.org> Commit-Queue: Jun Choi <hongjunchoi@chromium.org> Cr-Commit-Position: refs/heads/master@{#548443} [modify] https://crrev.com/af833079f30700ae3d36301638bd399ff9f9004f/device/fido/attested_credential_data.cc [modify] https://crrev.com/af833079f30700ae3d36301638bd399ff9f9004f/device/fido/attested_credential_data.h [modify] https://crrev.com/af833079f30700ae3d36301638bd399ff9f9004f/device/fido/authenticator_make_credential_response.cc [modify] https://crrev.com/af833079f30700ae3d36301638bd399ff9f9004f/device/fido/u2f_parsing_utils.h [modify] https://crrev.com/af833079f30700ae3d36301638bd399ff9f9004f/device/fido/u2f_parsing_utils_unittest.cc [modify] https://crrev.com/af833079f30700ae3d36301638bd399ff9f9004f/device/fido/u2f_register_unittest.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/957a42204788e0f9f168fb675d9849989e6b6a1f commit 957a42204788e0f9f168fb675d9849989e6b6a1f Author: jdoerrie <jdoerrie@chromium.org> Date: Fri Apr 06 12:15:11 2018 [fido] CHECK that Append ranges don't overlap This change introduces a CHECK that the ranges passed to u2f_parsing_utils::Append do not overlap. Calling it with overlapping ranges results in undefined behavior if a reallocation is necessary during the Append operation. Bug: 780078 Change-Id: Ibc83c054bdf8dee81f293c54f980c6735fcc358a Reviewed-on: https://chromium-review.googlesource.com/999481 Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Cr-Commit-Position: refs/heads/master@{#548743} [modify] https://crrev.com/957a42204788e0f9f168fb675d9849989e6b6a1f/device/fido/u2f_parsing_utils.cc [modify] https://crrev.com/957a42204788e0f9f168fb675d9849989e6b6a1f/device/fido/u2f_parsing_utils_unittest.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/53ee2d1574139227110c2726517ebf1d9da95b14 commit 53ee2d1574139227110c2726517ebf1d9da95b14 Author: Jun Choi <hongjunchoi@chromium.org> Date: Tue Apr 10 00:22:01 2018 Implement transport layer cancel logic With newly changed CTAP spec[1], AuthenticatorCancel command no longer exists. Thus, all cancel commands must be invoked using transport layer CTAPHID_CANCEL (0x3F) command for HID and CANCEL (0xBE) command for BLE. Implement transport layer cancel command and replace all current uses of AuthenticatorCancel request. [1]: https://drafts.fidoalliance.org/fido-2/latest/fido-client-to-authenticator-protocol-v2.0-wd-20180305.html#authenticator-api Bug: 780078 Change-Id: I81ffff9faf93776e2855bda3c4bd661583290925 Reviewed-on: https://chromium-review.googlesource.com/987110 Commit-Queue: Jun Choi <hongjunchoi@chromium.org> Reviewed-by: Jan Wilken Dörrie <jdoerrie@chromium.org> Cr-Commit-Position: refs/heads/master@{#549342} [modify] https://crrev.com/53ee2d1574139227110c2726517ebf1d9da95b14/device/fido/ctap_empty_authenticator_request.h [modify] https://crrev.com/53ee2d1574139227110c2726517ebf1d9da95b14/device/fido/ctap_request_unittest.cc [modify] https://crrev.com/53ee2d1574139227110c2726517ebf1d9da95b14/device/fido/fido_ble_device.cc [modify] https://crrev.com/53ee2d1574139227110c2726517ebf1d9da95b14/device/fido/fido_ble_device.h [modify] https://crrev.com/53ee2d1574139227110c2726517ebf1d9da95b14/device/fido/fido_ble_device_unittest.cc [modify] https://crrev.com/53ee2d1574139227110c2726517ebf1d9da95b14/device/fido/fido_constants.h [modify] https://crrev.com/53ee2d1574139227110c2726517ebf1d9da95b14/device/fido/fido_device.h [modify] https://crrev.com/53ee2d1574139227110c2726517ebf1d9da95b14/device/fido/fido_hid_device.cc [modify] https://crrev.com/53ee2d1574139227110c2726517ebf1d9da95b14/device/fido/fido_hid_device.h [modify] https://crrev.com/53ee2d1574139227110c2726517ebf1d9da95b14/device/fido/fido_hid_device_unittest.cc [modify] https://crrev.com/53ee2d1574139227110c2726517ebf1d9da95b14/device/fido/fido_request_handler_unittest.cc [modify] https://crrev.com/53ee2d1574139227110c2726517ebf1d9da95b14/device/fido/fido_task.cc [modify] https://crrev.com/53ee2d1574139227110c2726517ebf1d9da95b14/device/fido/mock_fido_device.h [modify] https://crrev.com/53ee2d1574139227110c2726517ebf1d9da95b14/device/fido/virtual_fido_device.cc [modify] https://crrev.com/53ee2d1574139227110c2726517ebf1d9da95b14/device/fido/virtual_fido_device.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/07bcfde439f1eb6ea855d65c93c4255aafec82c3 commit 07bcfde439f1eb6ea855d65c93c4255aafec82c3 Author: Jun Choi <hongjunchoi@chromium.org> Date: Tue Apr 10 17:15:17 2018 Change return code dispatched from CTAP devices Currently FidoRequestHandler returns kConditionNotSatisfied for tokens that returns with UP-verified error and drops requests for tokens that responses with success return code with malformed data. However, in mojom::authenticator, NOTREACHED() check will fail for kConditionsNotSatisfied and kFailure handles the case of malformed response. Change return code handling in FidoRequestHandler accordingly. Bug: 780078 Change-Id: Ia8ae3ff3c8a2d805a9e7310e7a590493a1769cc5 Reviewed-on: https://chromium-review.googlesource.com/999127 Reviewed-by: Balazs Engedy <engedy@chromium.org> Reviewed-by: Kim Paulhamus <kpaulhamus@chromium.org> Commit-Queue: Jun Choi <hongjunchoi@chromium.org> Cr-Commit-Position: refs/heads/master@{#549569} [modify] https://crrev.com/07bcfde439f1eb6ea855d65c93c4255aafec82c3/device/fido/fido_request_handler.h [modify] https://crrev.com/07bcfde439f1eb6ea855d65c93c4255aafec82c3/device/fido/fido_request_handler_unittest.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1dcc8b7ad9ece30f955fb299a798c1889da76a6c commit 1dcc8b7ad9ece30f955fb299a798c1889da76a6c Author: Jun Choi <hongjunchoi@chromium.org> Date: Tue Apr 10 21:18:13 2018 Fix GetAssertion error handling Currently GetAssertionTask will return an error if sign in response received after user verification includes an user entity object. This is not entirely correct. CTAP spec[1] specifies that "user identifiable information" must not be present. This includes user image url, user display name, and user name. User key handle, however, is not part of user identifiable information. Thus user entity with only user key handle should be allowed. [1]: https://drafts.fidoalliance.org/fido-2/latest/fido-client-to-authenticator-protocol-v2.0-wd-20180305.html#authenticatorGetAssertion Bug: 780078 Change-Id: I9320646346a92838ade1dd41419808c89ed9f76d Reviewed-on: https://chromium-review.googlesource.com/1003389 Commit-Queue: Jun Choi <hongjunchoi@chromium.org> Reviewed-by: Jan Wilken Dörrie <jdoerrie@chromium.org> Cr-Commit-Position: refs/heads/master@{#549646} [modify] https://crrev.com/1dcc8b7ad9ece30f955fb299a798c1889da76a6c/device/fido/get_assertion_task.cc [modify] https://crrev.com/1dcc8b7ad9ece30f955fb299a798c1889da76a6c/device/fido/get_assertion_task.h [modify] https://crrev.com/1dcc8b7ad9ece30f955fb299a798c1889da76a6c/device/fido/get_assertion_task_unittest.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/17bbafc4690a78688dfffb2f96ea72a3d0dbf741 commit 17bbafc4690a78688dfffb2f96ea72a3d0dbf741 Author: Jun Choi <hongjunchoi@chromium.org> Date: Wed Apr 11 08:37:20 2018 Implement flag enabled CTAP authentication Add support for register/sign with CTAP2.0 tokens behind a feature flag. Bug: 780078 Change-Id: I3b0fe7ce2eaf48304300e4fed5d722cd5f87c6da Reviewed-on: https://chromium-review.googlesource.com/974796 Commit-Queue: Jun Choi <hongjunchoi@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Jan Wilken Dörrie <jdoerrie@chromium.org> Reviewed-by: Antoine Labour <piman@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Cr-Commit-Position: refs/heads/master@{#549827} [modify] https://crrev.com/17bbafc4690a78688dfffb2f96ea72a3d0dbf741/content/browser/webauth/authenticator_impl.cc [modify] https://crrev.com/17bbafc4690a78688dfffb2f96ea72a3d0dbf741/content/browser/webauth/authenticator_impl.h [modify] https://crrev.com/17bbafc4690a78688dfffb2f96ea72a3d0dbf741/content/browser/webauth/authenticator_impl_unittest.cc [modify] https://crrev.com/17bbafc4690a78688dfffb2f96ea72a3d0dbf741/content/browser/webauth/authenticator_type_converters.cc [modify] https://crrev.com/17bbafc4690a78688dfffb2f96ea72a3d0dbf741/content/browser/webauth/authenticator_type_converters.h [modify] https://crrev.com/17bbafc4690a78688dfffb2f96ea72a3d0dbf741/content/browser/webauth/webauth_browsertest.cc [modify] https://crrev.com/17bbafc4690a78688dfffb2f96ea72a3d0dbf741/content/public/common/content_features.cc [modify] https://crrev.com/17bbafc4690a78688dfffb2f96ea72a3d0dbf741/content/public/common/content_features.h [modify] https://crrev.com/17bbafc4690a78688dfffb2f96ea72a3d0dbf741/content/test/BUILD.gn [modify] https://crrev.com/17bbafc4690a78688dfffb2f96ea72a3d0dbf741/device/fido/virtual_fido_device.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d832cbe63492de0e33b4665e3f4fdaf3b994dd0e commit d832cbe63492de0e33b4665e3f4fdaf3b994dd0e Author: Jun Choi <hongjunchoi@chromium.org> Date: Thu Apr 12 10:56:55 2018 Remove DCHECK on device removal DCHECK on FidoRequestHandlerBase::OnDeviceRemoved will always fail if user removes a device that has already been removed due to processing error. Bug: 780078 Change-Id: Ica0ee018645936706f1691378e9c7f0ad3fd0ca4 Reviewed-on: https://chromium-review.googlesource.com/1006492 Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org> Reviewed-by: Jan Wilken Dörrie <jdoerrie@chromium.org> Cr-Commit-Position: refs/heads/master@{#550139} [modify] https://crrev.com/d832cbe63492de0e33b4665e3f4fdaf3b994dd0e/device/fido/fido_request_handler_base.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4d48c66bb5279083d64a80d8c18d583d32cdf153 commit 4d48c66bb5279083d64a80d8c18d583d32cdf153 Author: Jun Choi <hongjunchoi@chromium.org> Date: Thu Apr 12 15:59:52 2018 Implement UserVerificationRequirement logic User verification requirement is an optional paramter for MakeCredential and GetAssertion requests. However, while CTAP spec defines the parameter as a boolean, the WebAuthN spec defines the paramter as a enum with 3 values : Required, Preferred, and Discouraged. Implement logic to convert WebAuthN style user verification requirement parameter to CTAP style parameter. Bug: 780078 Change-Id: If7ebe92a2d5fa4d623348ee52bbd6958c30e1a9e Reviewed-on: https://chromium-review.googlesource.com/1002532 Commit-Queue: Jun Choi <hongjunchoi@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Cr-Commit-Position: refs/heads/master@{#550220} [modify] https://crrev.com/4d48c66bb5279083d64a80d8c18d583d32cdf153/content/browser/webauth/authenticator_impl.cc [modify] https://crrev.com/4d48c66bb5279083d64a80d8c18d583d32cdf153/content/browser/webauth/authenticator_type_converters.cc [modify] https://crrev.com/4d48c66bb5279083d64a80d8c18d583d32cdf153/content/browser/webauth/authenticator_type_converters.h [modify] https://crrev.com/4d48c66bb5279083d64a80d8c18d583d32cdf153/device/fido/authenticator_selection_criteria.h [modify] https://crrev.com/4d48c66bb5279083d64a80d8c18d583d32cdf153/device/fido/ctap_get_assertion_request.cc [modify] https://crrev.com/4d48c66bb5279083d64a80d8c18d583d32cdf153/device/fido/ctap_get_assertion_request.h [modify] https://crrev.com/4d48c66bb5279083d64a80d8c18d583d32cdf153/device/fido/ctap_make_credential_request.cc [modify] https://crrev.com/4d48c66bb5279083d64a80d8c18d583d32cdf153/device/fido/ctap_request_unittest.cc [modify] https://crrev.com/4d48c66bb5279083d64a80d8c18d583d32cdf153/device/fido/fido_constants.h [modify] https://crrev.com/4d48c66bb5279083d64a80d8c18d583d32cdf153/device/fido/fido_task.cc [modify] https://crrev.com/4d48c66bb5279083d64a80d8c18d583d32cdf153/device/fido/get_assertion_task.cc [modify] https://crrev.com/4d48c66bb5279083d64a80d8c18d583d32cdf153/device/fido/get_assertion_task.h [modify] https://crrev.com/4d48c66bb5279083d64a80d8c18d583d32cdf153/device/fido/get_assertion_task_unittest.cc [modify] https://crrev.com/4d48c66bb5279083d64a80d8c18d583d32cdf153/device/fido/make_credential_task.cc [modify] https://crrev.com/4d48c66bb5279083d64a80d8c18d583d32cdf153/device/fido/make_credential_task_unittest.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/726e197e6a37fd3e097f844f3f6c5e9646d6bb00 commit 726e197e6a37fd3e097f844f3f6c5e9646d6bb00 Author: Jan Wilken Doerrie <jdoerrie@chromium.org> Date: Mon May 14 12:53:25 2018 [fido] Make PublicKeyCredentialDescriptor::credential_type() type-safe This change makes PublicKeyCredentialDescriptor credential_type to be of enum type CredentialType instead of std::string, increasing type-safety. Bug: 780078 Change-Id: I570e698ecb9b13d7cc988eb52293a65f466c8115 Reviewed-on: https://chromium-review.googlesource.com/1041951 Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#558274} [modify] https://crrev.com/726e197e6a37fd3e097f844f3f6c5e9646d6bb00/content/browser/webauth/authenticator_type_converters.cc [modify] https://crrev.com/726e197e6a37fd3e097f844f3f6c5e9646d6bb00/device/fido/authenticator_get_assertion_response.cc [modify] https://crrev.com/726e197e6a37fd3e097f844f3f6c5e9646d6bb00/device/fido/ctap_request_unittest.cc [modify] https://crrev.com/726e197e6a37fd3e097f844f3f6c5e9646d6bb00/device/fido/get_assertion_handler_unittest.cc [modify] https://crrev.com/726e197e6a37fd3e097f844f3f6c5e9646d6bb00/device/fido/get_assertion_task_unittest.cc [modify] https://crrev.com/726e197e6a37fd3e097f844f3f6c5e9646d6bb00/device/fido/mac/get_assertion_operation.mm [modify] https://crrev.com/726e197e6a37fd3e097f844f3f6c5e9646d6bb00/device/fido/public_key_credential_descriptor.cc [modify] https://crrev.com/726e197e6a37fd3e097f844f3f6c5e9646d6bb00/device/fido/public_key_credential_descriptor.h [modify] https://crrev.com/726e197e6a37fd3e097f844f3f6c5e9646d6bb00/device/fido/u2f_command_constructor.cc [modify] https://crrev.com/726e197e6a37fd3e097f844f3f6c5e9646d6bb00/device/fido/u2f_command_constructor_unittest.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7ed70812bdcb8ed23f423e3616398ae27d1897d1 commit 7ed70812bdcb8ed23f423e3616398ae27d1897d1 Author: Jun Choi <hongjunchoi@chromium.org> Date: Fri Jun 15 21:13:54 2018 Add chrome://enable-web-authentication-ctap2-support This patch addes UI flag that enables by default support of CTAP2 security keys. Bug: 780078 Change-Id: Ib182644ddf98ebc80e7ffe9fb4bc66c76c44a98b Reviewed-on: https://chromium-review.googlesource.com/1101900 Commit-Queue: Jun Choi <hongjunchoi@chromium.org> Reviewed-by: Kim Paulhamus <kpaulhamus@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Cr-Commit-Position: refs/heads/master@{#567792} [modify] https://crrev.com/7ed70812bdcb8ed23f423e3616398ae27d1897d1/chrome/browser/about_flags.cc [modify] https://crrev.com/7ed70812bdcb8ed23f423e3616398ae27d1897d1/chrome/browser/flag_descriptions.cc [modify] https://crrev.com/7ed70812bdcb8ed23f423e3616398ae27d1897d1/chrome/browser/flag_descriptions.h [modify] https://crrev.com/7ed70812bdcb8ed23f423e3616398ae27d1897d1/tools/metrics/histograms/enums.xml
Gang, I assume that you want external web developers to know about this. If you want them to know about it while it's behind a flag, please create a Chrome Status entry. Joe
Done: https://www.chromestatus.com/feature/6288375388569600
Comment 1 by kpaulhamus@chromium.org
, Nov 1 2017