[webkit-changes] [WebKit/WebKit] cef8b0: [WebAuthn] Create new session for each CCID messag...
J Pascoe
noreply at github.com
Thu Jan 26 08:46:06 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: cef8b0cbe1016c382a7c1e2aa52f5d2c2b1d4aa8
https://github.com/WebKit/WebKit/commit/cef8b0cbe1016c382a7c1e2aa52f5d2c2b1d4aa8
Author: J Pascoe <j_pascoe at apple.com>
Date: 2023-01-26 (Thu, 26 Jan 2023)
Changed paths:
M Source/WebCore/PAL/pal/spi/ios/IOKitSPIIOS.h
M Source/WebKit/UIProcess/WebAuthentication/Cocoa/CcidConnection.mm
M Source/WebKit/UIProcess/WebAuthentication/Cocoa/HidConnection.mm
M Source/WebKit/UIProcess/WebAuthentication/Mock/MockCcidService.mm
Log Message:
-----------
[WebAuthn] Create new session for each CCID message and seize FIDO hid devices during authentication session
https://bugs.webkit.org/show_bug.cgi?id=251155
rdar://104386820
Reviewed by Brent Fulgham.
* Source/WebCore/PAL/pal/spi/ios/IOKitSPIIOS.h:
* Source/WebKit/UIProcess/WebAuthentication/Cocoa/CcidConnection.mm:
(WebKit::CcidConnection::detectContactless):
(WebKit::CcidConnection::trySelectFidoApplet):
(WebKit::CcidConnection::transact const):
(WebKit::CcidConnection::startPolling):
* Source/WebKit/UIProcess/WebAuthentication/Cocoa/HidConnection.mm:
(WebKit::HidConnection::initialize):
It's not required nor recommended to keep a smart card session open over the entirity of the
CCIDConnection, so instead we create one for each message. This prevents issues when presenting
a contactless key, taking it away when you enter a pin, and then presenting it again.
This change also prevents the smart card library from seizing a device that can also be used over
the FIDO hid driver, in other words, a security key that exposes FIDO+CCID. This allows the HID
connection to be able to seize the device for FIDO HID communication in the event both are presented.
Canonical link: https://commits.webkit.org/259426@main
More information about the webkit-changes
mailing list