-
Martin Kreichgauer authored
The credential IDs of the Touch ID authenticator are basically an AEAD of the associated PublicKeyCredentialUserEntity (= (id, name, display name), with the RP ID as the AD. While the user ID is bounded to 64 bytes, the user name and display name are not. Instead, CTAP authenticators are supposed to truncate them at any length larger than 64 bytes as they see fit. The spec doesn't define an upper limit for credential IDs, but I suspect some RPs will limit what they accept based on what they observe in security keys from large manufacturers. Also storing potentially unbounded IDs in attribute fields of the macOS keychain items might not be the best idea. Hence, let's impose some (arbitrary) limit. Bug: 1631393 Change-Id: I43cbbf3daa6e926baba7007ff99223b5666773e5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1631655 Commit-Queue: Martin Kreichgauer <martinkr@google.com> Reviewed-by:
Adam Langley <agl@chromium.org> Cr-Commit-Position: refs/heads/master@{#665653}
33562edc
