This bug exists to track the merge of the following change to M66:

    cryptotoken: fix certificate replacement for U2F_V1.
    
    U2F_V1 is an old (deprecated?) version of U2F where (from reading the
    code) the server-provided challenge is passed directly as the challenge
    hash to the token. (In constrast, U2F_V2 incorporates the
    server-provided challenge into a JSON structure with other values and
    uses the hash of that structure as the challenge hash for the token.)
    
    Google Accounts currently provides both a U2F_V1 and U2F_V2
    registerRequest when a user adds a security key. Only the request that
    corresponds to the version of the token is actually used and, hopefully,
    nobody is registering U2F_V1 tokens any longer.
    
    However, when certificate replacement was added to the extension, it
    broke U2F_V1 because the clientData is missing. This change makes
    certificate replacement (which is enabled by default in Chrome) function
    with U2F_V1 by signing over the server-provided challenge directly.
    
    Bug: 793985
    Cq-Include-Trybots: master.tryserver.chromium.linux:closure_compilation
    Change-Id: Id347067a88e7370a1fa42a160e8f4607dd069092
    Reviewed-on: https://chromium-review.googlesource.com/951859
    Commit-Queue: Adam Langley <agl@chromium.org>
    Reviewed-by: Kim Paulhamus <kpaulhamus@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#541310}

This has been on master for four days now without issue.

Risks: this is a code change to U2F (i.e. gNubby) enrollment. The bug only affects users who are attempting to use v1 Security Keys, which was a very early protocol revision that was never standardised. However, internal metrics suggest that some of these tokens are still in use. We may be deprecating them soon, but we didn't intend to break them in M66.

Benefits: modest; these tokens can only be used on google.com and only a handful exist.