-
Martin Kreichgauer authored
WebAuthn GetAssertion requests originating from the cryptotoken extension, which implements Chrome's U2F API, currently may result in a CTAP2 request if the selected authenticator supports CTAP2. This hasn't really caused issues in the past: Lenient authenticators accept an appId as the makeCredential request's rp_id parameter and let us challenge the U2F credential that way. Or if the authenticator indicates over CTAP2 that the credential doesn't exist, GetAssertionTask would then automatically retry over the U2F interface based on the presence of the appId extension. Responses for both cases are equivalent. But sending CTAP2 GetAssertion requests in order to respond to a request to the U2F API is unexpected and inefficient. It may also cause issues with future authenticators that decide to treat user verification as non-optional for all requests arriving on the CTAP2 interface. Instead, change GetAssertionTask to never try its CTAP2 path for these requests. Bug: 1099782 Change-Id: Ice54122bf3b9f63814d594074a39b9b46279ded4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2298541 Commit-Queue: Martin Kreichgauer <martinkr@google.com> Reviewed-by:
Adam Langley <agl@chromium.org> Cr-Commit-Position: refs/heads/master@{#788798}
8f84d7a8
