-
Martin Kreichgauer authored
This adds an |is_u2f_only_| field to CtapMakeCredentialRequest to make authenticators aware whether the current request originates from the cryptotoken (U2F) extensions. If it does, request handling changes as follows: - For Windows API requests, U2F-only mode is enabled. - FidoDeviceAuthenticators will only communicate via U2F, not CTAP. This is done to force the authenticator return a U2F-format attestation statement, rather than one in an (incompatible) CTAP2 format such as "packed". GetAssertionTask already implements a U2F fallback for all requests with an App ID extension (and CTAP need not be strictly avoided as is the case with MakeCredential); thus no separate boolean field is required for CtapGetAssertionRequest. Bug: 898718 Change-Id: I8f17655d8df530546b62e2237c73aaa997483060 Reviewed-on: https://chromium-review.googlesource.com/c/1338952 Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org> Reviewed-by:
Adam Langley <agl@chromium.org> Reviewed-by:
Kim Paulhamus <kpaulhamus@chromium.org> Cr-Commit-Position: refs/heads/master@{#609618}
57d5d1dc
