commit | aa06bffab97b8f709cb617aef6e26ce90d097f13 | [log] [tgz] |
---|---|---|
author | Martin Kreichgauer <martinkr@google.com> | Fri Jun 29 07:54:10 2018 |
committer | Commit Bot <commit-bot@chromium.org> | Fri Jun 29 07:54:10 2018 |
tree | efc5eea39a1bbc4ea3035c8c53906a9135940503 | |
parent | f417339214f2f9fcb26191adf0ca95ad8cd0e7e7 [diff] |
device/fido/mac: make encoding of the RP ID for metadata storage reversible This changes the CredentialMetadata::EncodeRpId method to allow an RP ID to be recovered from the encoding, given the secret key; and it adds a CredentialMetadata::DecodeRpId method to do so. This is necessary because we need an effective way to test whether a given credential in the macOS keychain "belongs" to a given profile (i.e. was the metadata sealed/encoded under that profile's secret key), when performing browsing data deletion for that profile. This was previously impossible: Unsealing the credential ID requires the correct RP ID, with which the credential id ciphertext is authenticated. The other two fields (RP ID + user handle, and RP ID) are encoded with HMAC-SHA-256, so they are not reversible without the RP ID either. This CL changes the kSecAttrLabel field, which previously stored HMAC-SHA-256(rp_id), to store a deterministic encryption of rp_id instead. The cipher is AES-GCM-SIV with a fixed nonce. This makes the encoding reversible (because you can retrieve the RP ID by decrypting), while maintaining easy lookup of all credentials for a given RP (because the encoding is deterministic) and confidentiality (because you need the key to decrypt). Bug: 678128 Change-Id: I2e34ca5c7f28a2bd14a953539de6e0ac90568bec Reviewed-on: https://chromium-review.googlesource.com/1117609 Commit-Queue: Adam Langley <agl@chromium.org> Reviewed-by: Adam Langley <agl@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Cr-Commit-Position: refs/heads/master@{#571422}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .