[Webkit-unassigned] [Bug 275357] Incorrect serialization of WebAuthn CollectedClientData
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jun 18 23:15:44 PDT 2024
https://bugs.webkit.org/show_bug.cgi?id=275357
Karl Dubost <karlcow at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |karlcow at apple.com
--- Comment #2 from Karl Dubost <karlcow at apple.com> ---
After this sentence in https://www.w3.org/TR/webauthn/#clientdatajson-serialization
> The serialization algorithm works by appending successive byte strings to an, initially empty, partial result until the complete result is obtained.
It follows a sequence of things that should be appended.
1. {"type":
2. ,"challenge":
3. ,"origin":
4. ,"crossOrigin":
5. }
And in https://www.w3.org/TR/webauthn/#clientdatajson-development
5.8.1.3. Future development
> They also must not change the serialization algorithm to change the order in which those fields are serialized.
This is probably handled by https://searchfox.org/wubkat/rev/15ad704057e0d342d10b792f6108eaeed7accbd7/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp#160-182
@garciacampos.sergio
You mentioned that:
> the value returned by safari where you can see the ordering of the elements is not correct:
with the example being:
1. type
2. challenge
3. origin
The order seems to be the same. Or did you mean there is a missing "crossOrigin"?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240619/e877a87a/attachment.htm>
More information about the webkit-unassigned
mailing list