commit | 9be10b62d2a0a79de46380164f4acdf135389376 | [log] [tgz] |
---|---|---|
author | Martin Kreichgauer <martinkr@google.com> | Mon Jul 16 19:40:34 2018 |
committer | Commit Bot <commit-bot@chromium.org> | Mon Jul 16 19:40:34 2018 |
tree | 307dd09a75ba176d8bbb0dc4fd6c0549aa0456fd | |
parent | 22c1a0ffad44a60ab1ca4f18c1d414b311dc08aa [diff] |
device/fido/mac: set the User Present (UP) bit in authenticator data See https://www.w3.org/TR/webauthn/#sec-authenticator-data. AFAIU, the spec is not exactly clear whether or not to set this bit from a user verifying authenticator. It says that the bit should be set if the user is "present", which is defined as having successfully completed a "user presence test". User presence test is defined separately from user verification test (which is what Touch ID does). Logically, a user verification test always includes a user presence test, but the spec doesn't say so explicitly. Regardless of what the spec says, setting both bits seems less likely to confuse server implementations IMO. A naive server e.g. might *just* check for the UP bit, and if it is not set reject the response, even though the UV bit is set. Hence, we should probably set both. Bug: 678128 Change-Id: I02be366dba324e4f9b83ba0d354a674242fc72dc Reviewed-on: https://chromium-review.googlesource.com/1137216 Commit-Queue: Martin Kreichgauer <martinkr@google.com> Reviewed-by: Kim Paulhamus <kpaulhamus@chromium.org> Cr-Commit-Position: refs/heads/master@{#575386}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .