[webkit-changes] [WebKit/WebKit] f56198: [WebAuthn] Implement batching for checking exclude...

Commit Queue noreply at github.com
Thu Aug 8 17:10:19 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: f56198757e4b0e8dbde874090cf8e4050019494f
      https://github.com/WebKit/WebKit/commit/f56198757e4b0e8dbde874090cf8e4050019494f
  Author: Pascoe <pascoe at apple.com>
  Date:   2024-08-08 (Thu, 08 Aug 2024)

  Changed paths:
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html
    M LayoutTests/http/wpt/webauthn/resources/util.js
    M Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp
    M Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.h
    M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp
    M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h
    M Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp
    M Source/WebCore/Modules/webauthn/fido/FidoConstants.h
    M Source/WebCore/testing/MockWebAuthenticationConfiguration.h
    M Source/WebCore/testing/MockWebAuthenticationConfiguration.idl
    M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
    M Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp
    M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
    M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h

  Log Message:
  -----------
  [WebAuthn] Implement batching for checking excludeCredentials
rdar://133307666
https://bugs.webkit.org/show_bug.cgi?id=277695

Reviewed by Charlie Wolfe.

This change starts to implement checking the excludeCredential list in batches as
supported by the authenticator during a makeCredential. This is accomplished by using
smaller, up=0, get requests to detect if a credential is present on the authenticator.

Then if a credential is detected, only that credential may be included with the actual
makeCredential request to get the proper error code back from the authenticator. If none
matched, we don't need to include a excludeCredentials list to the authenticator since
we already know those credentials aren't present.

This patch only implements this logic for makeCredential, getAssertion will be done in
another patch.

Added layout tests to test matching exclude list with batching, non-matching exclude list with
batching, and a security key that supports batches greater than 1.

* LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt:
* LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html:
* LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt:
* LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html:
* LayoutTests/http/wpt/webauthn/resources/util.js:
* Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp:
(fido::AuthenticatorGetInfoResponse::setMaxCredentialCountInList):
(fido::AuthenticatorGetInfoResponse::setMaxCredentialIDLength):
(fido::encodeAsCBOR):
* Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.h:
* Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp:
(fido::encodeSilentGetAssertion):
* Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h:
* Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp:
(fido::readCTAPGetInfoResponse):
* Source/WebCore/Modules/webauthn/fido/FidoConstants.h:
* Source/WebCore/testing/MockWebAuthenticationConfiguration.h:
* Source/WebCore/testing/MockWebAuthenticationConfiguration.idl:
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
* Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:
(WebKit::MockHidConnection::feedReports):
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
(WebKit::CtapAuthenticator::makeCredential):
(WebKit::CtapAuthenticator::continueCheckExcludedCredentialsAfterResponseRecieved):
(WebKit::CtapAuthenticator::continueMakeCredentialAfterCheckExcludedCredentials):
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h:

Canonical link: https://commits.webkit.org/282019@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list