New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 860062 link

Starred by 1 user
Status: Fixed
Owner:
hongjunchoi@chromium.org
Last visit > 30 days ago
Closed: Jul 16
Cc:
kenrb@chromium.org
martinkr@google.com
engedy@chromium.org
ssoneff@google.com
kpaulhamus@chromium.org
jdoerrie@chromium.org
mknowles@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

Make U2F device blink for request with empty key handles

Project Member Reported by hongjunchoi@chromium.org, Jul 3 
Currently Crypto-token extension handles sign-in request with an empty key handle list with fake-registration. In user's perspective, this results in device blinking and immediate failure response after user presence check. 

Make current FidoRequestHandler have similar behavior.
Project Member

Comment 1 by bugdroid1@chromium.org, Jul 16 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/45c3d39ccee7ddf571a8c541cdc4eb598bb8fe2e

commit 45c3d39ccee7ddf571a8c541cdc4eb598bb8fe2e
Author: Jun Choi <hongjunchoi@chromium.org>
Date: Mon Jul 16 18:42:41 2018

Make U2F devices blink on empty allow list

Currently when empty allow list is passed on as a parameter to
GetAssertion request, all requests to U2F devices are dropped. This is
in accordance with current version of the CTAP spec, as empty allow list
implies resident key credentials and U2F devices do not support resident
keys.

However, this behavior causes requests to U2F devices to be dropped
without U2F devices blinking, which causes user confusion. In order to
minimize user confusion, sent fake registration call to U2F devices for
GetAssertion request with empty allow list.

Bug:  860062 
Change-Id: I8e62d01e46cd90f393035149254286b58a932e78
Reviewed-on: https://chromium-review.googlesource.com/1132456
Commit-Queue: Jun Choi <hongjunchoi@chromium.org>
Reviewed-by: Kim Paulhamus <kpaulhamus@chromium.org>
Cr-Commit-Position: refs/heads/master@{#575363}
[modify] https://crrev.com/45c3d39ccee7ddf571a8c541cdc4eb598bb8fe2e/content/browser/webauth/authenticator_impl_unittest.cc
[modify] https://crrev.com/45c3d39ccee7ddf571a8c541cdc4eb598bb8fe2e/content/browser/webauth/webauth_browsertest.cc
[modify] https://crrev.com/45c3d39ccee7ddf571a8c541cdc4eb598bb8fe2e/device/fido/get_assertion_task.cc
[modify] https://crrev.com/45c3d39ccee7ddf571a8c541cdc4eb598bb8fe2e/device/fido/get_assertion_task_unittest.cc
[modify] https://crrev.com/45c3d39ccee7ddf571a8c541cdc4eb598bb8fe2e/device/fido/u2f_sign_operation.cc
[modify] https://crrev.com/45c3d39ccee7ddf571a8c541cdc4eb598bb8fe2e/device/fido/u2f_sign_operation.h
[modify] https://crrev.com/45c3d39ccee7ddf571a8c541cdc4eb598bb8fe2e/third_party/WebKit/LayoutTests/TestExpectations
[modify] https://crrev.com/45c3d39ccee7ddf571a8c541cdc4eb598bb8fe2e/third_party/WebKit/LayoutTests/http/tests/credentialmanager/credentialscontainer-get-from-nested-frame.html
[modify] https://crrev.com/45c3d39ccee7ddf571a8c541cdc4eb598bb8fe2e/third_party/WebKit/LayoutTests/http/tests/credentialmanager/credentialscontainer-get-with-virtual-authenticator.html

Comment 2 by hongjunchoi@chromium.org, Jul 16

Status: Fixed (was: Started)

Sign in to add a comment