[WebAuthN] Allow authenticators that support both CTAP and U2F to try U2F if CTAP...
authorjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 19 May 2019 00:42:16 +0000 (00:42 +0000)
committerjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 19 May 2019 00:42:16 +0000 (00:42 +0000)
commit641a0c61d72012ee82b48d3c8770d1a0d70365db
tree9a9de785737034815b52db6a0920cf07adddf53c
parente925ef5981429681407e6653ecfa02cd6c2e042c
[WebAuthN] Allow authenticators that support both CTAP and U2F to try U2F if CTAP fails in authenticatorGetAssertion
https://bugs.webkit.org/show_bug.cgi?id=197974
<rdar://problem/50879746>

Reviewed by Brent Fulgham.

Source/WebKit:

Authenticators that support both CTAP and U2F protocols can be used in a U2F enabled browser to create a credential in
U2F format. When such authenticator is used to login in WebKit, it will be treated as a CTAP authenticator. Since the
previous credential is in U2F format, the authenticator will not consider that as a valid credential when CTAP requests
come along for that U2F credential. Therefore the previous created U2F credential will not be asked at all, and users
will not be able to login. This situation is not well documented in the CTAP/WebAuthN spec yet.

To workaround the above issue, an authenticator that supports both protocols will be downgraded to a U2F authenticator
to ask a potential U2F credential once a valid error is returned regarding to the first CTAP request.

* UIProcess/API/C/WKWebsiteDataStoreRef.cpp:
(WKWebsiteDataStoreSetWebAuthenticationMockConfiguration):
* UIProcess/WebAuthentication/Authenticator.h:
* UIProcess/WebAuthentication/AuthenticatorManager.cpp:
(WebKit::AuthenticatorManager::downgrade):
* UIProcess/WebAuthentication/AuthenticatorManager.h:
* UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:
(WebKit::MockHidConnection::parseRequest):
(WebKit::MockHidConnection::feedReports):
* UIProcess/WebAuthentication/Mock/MockWebAuthenticationConfiguration.h:
* UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp:
(WebKit::CtapHidAuthenticator::makeCredential):
(WebKit::CtapHidAuthenticator::getAssertion):
(WebKit::CtapHidAuthenticator::continueGetAssertionAfterResponseReceived):
(WebKit::CtapHidAuthenticator::tryDowngrade):
(WebKit::CtapHidAuthenticator::continueGetAssertionAfterResponseReceived const): Deleted.
* UIProcess/WebAuthentication/fido/CtapHidAuthenticator.h:

Tools:

Add a canDowngrade option for mock hid devices to simulate the situation.

* WebKitTestRunner/InjectedBundle/TestRunner.cpp:
(WTR::TestRunner::setWebAuthenticationMockConfiguration):

LayoutTests:

* http/wpt/webauthn/public-key-credential-get-failure-hid-silent.https-expected.txt:
* http/wpt/webauthn/public-key-credential-get-failure-hid-silent.https.html:
* http/wpt/webauthn/public-key-credential-get-failure-hid.https-expected.txt:
* http/wpt/webauthn/public-key-credential-get-failure-hid.https.html:
* http/wpt/webauthn/public-key-credential-get-success-u2f.https-expected.txt:
* http/wpt/webauthn/public-key-credential-get-success-u2f.https.html:
* http/wpt/webauthn/resources/util.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@245500 268f45cc-cd09-0410-ab3c-d52691b4dbfc
19 files changed:
LayoutTests/ChangeLog
LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid-silent.https-expected.txt
LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid-silent.https.html
LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https-expected.txt
LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https.html
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-u2f.https-expected.txt
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-u2f.https.html
LayoutTests/http/wpt/webauthn/resources/util.js
Source/WebKit/ChangeLog
Source/WebKit/UIProcess/API/C/WKWebsiteDataStoreRef.cpp
Source/WebKit/UIProcess/WebAuthentication/Authenticator.h
Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp
Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.h
Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp
Source/WebKit/UIProcess/WebAuthentication/Mock/MockWebAuthenticationConfiguration.h
Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp
Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidAuthenticator.h
Tools/ChangeLog
Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp