-
Jun Choi authored
CTAP HID transport protocol uses 4 byte channel ID to check that the message sent by the authenticator is only received and processed by the correct client process. On the other hand, CTAP BLE transport protocol defines no such mechanism to differentiate incoming BLE fragments. This, under some circumstances, enables relying parties to receive response from authenticators that was intended for different site. In order to prevent malicious RP from receiving authenticator response intended for different site, check relying party ID hash returned from the authenticator in response to MakeCredential and GetAssertion response. Bug: 828507 Change-Id: I3b743fc9b9f79284ab4b979d17c75ccc9e5a889c Reviewed-on: https://chromium-review.googlesource.com/1004118 Commit-Queue: Jun Choi <hongjunchoi@chromium.org> Reviewed-by:
Balazs Engedy <engedy@chromium.org> Cr-Commit-Position: refs/heads/master@{#551789}
23bef1af
