[webkit-changes] [WebKit/WebKit] 7db187: [WebAuthn] Add logging for authenticators

Commit Queue noreply at github.com
Mon Mar 4 15:12:00 PST 2024


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 7db187aff8f92fa64a130fecf7d69471eb95aa1e
      https://github.com/WebKit/WebKit/commit/7db187aff8f92fa64a130fecf7d69471eb95aa1e
  Author: Pascoe <pascoe at apple.com>
  Date:   2024-03-04 (Mon, 04 Mar 2024)

  Changed paths:
    M Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp
    M Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h
    M Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp
    M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
    M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h
    M Source/WebKit/UIProcess/WebAuthentication/fido/FidoAuthenticator.cpp
    M Source/WebKit/UIProcess/WebAuthentication/fido/FidoAuthenticator.h
    M Source/WebKit/UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp

  Log Message:
  -----------
  [WebAuthn] Add logging for authenticators
https://bugs.webkit.org/show_bug.cgi?id=270463
rdar://123704181

Reviewed by Charlie Wolfe.

This patch adds detailed logging to understand the flows through the CTAP
and U2F authenticator code. Sometimes we hit flaky or hard to reproduce
error conditions with security keys. This change will aid in debugging
these cases.

Although challenges are short-lived. We don't log the responses of successful
makeCredential and getAssertion calls containing signatures, instead logging only
if there was an issue with the response.

* Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp:
(WebCore::toString):
* Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h:
* Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp:
(fido::encodeAsCBOR):
(fido::toString): Deleted.
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
(WebKit::CtapAuthenticator::makeCredential):
(WebKit::CtapAuthenticator::continueMakeCredentialAfterResponseReceived):
(WebKit::CtapAuthenticator::getAssertion):
(WebKit::CtapAuthenticator::continueGetAssertionAfterResponseReceived):
(WebKit::CtapAuthenticator::continueGetNextAssertionAfterResponseReceived):
(WebKit::CtapAuthenticator::getRetries):
(WebKit::CtapAuthenticator::continueGetKeyAgreementAfterGetRetries):
(WebKit::CtapAuthenticator::continueRequestPinAfterGetKeyAgreement):
(WebKit::CtapAuthenticator::continueGetPinTokenAfterRequestPin):
(WebKit::CtapAuthenticator::continueRequestAfterGetPinToken):
(WebKit::CtapAuthenticator::tryRestartPin):
(WebKit::CtapAuthenticator::tryDowngrade):
(WebKit::CtapAuthenticator::aaguidForDebugging const):
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h:
* Source/WebKit/UIProcess/WebAuthentication/fido/FidoAuthenticator.cpp:
(WebKit::FidoAuthenticator::transportForDebugging const):
* Source/WebKit/UIProcess/WebAuthentication/fido/FidoAuthenticator.h:
* Source/WebKit/UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp:
(WebKit::U2fAuthenticator::makeCredential):
(WebKit::U2fAuthenticator::checkExcludeList):
(WebKit::U2fAuthenticator::issueRegisterCommand):
(WebKit::U2fAuthenticator::getAssertion):
(WebKit::U2fAuthenticator::issueSignCommand):
(WebKit::U2fAuthenticator::issueNewCommand):
(WebKit::U2fAuthenticator::issueCommand):
(WebKit::U2fAuthenticator::continueRegisterCommandAfterResponseReceived):
(WebKit::U2fAuthenticator::continueCheckOnlyCommandAfterResponseReceived):
(WebKit::U2fAuthenticator::continueBogusCommandExcludeCredentialsMatchAfterResponseReceived):
(WebKit::U2fAuthenticator::continueBogusCommandNoCredentialsAfterResponseReceived):
(WebKit::U2fAuthenticator::continueSignCommandAfterResponseReceived):

Canonical link: https://commits.webkit.org/275657@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications


More information about the webkit-changes mailing list