-
Martin Kreichgauer authored
The Windows WebAuthNGetAssertion API call allows setting the allow list parameter via two separate fields/types: `WEBAUTHN_CREDENTIALS CredentialList` and `PWEBAUTHN_CREDENTIAL_LIST pAllowCredentialList`. The latter is newer and allows setting transport restrictions on each credential descriptor. However, using it appears to prevent GetAssertion from falling back to the CTAP1 device protocol in cases where (a) the authenticator does not speak CTAP2, or (b) it speaks CTAP1 and CTAP2 but the credential was created via CTAP1. This change works around the issue by using the older field instead. WebAuthNMakeCredential does not seem to suffer from the same issue and reliably sticks to U2F if the authenticator is CTAP1-only or dwAuthenticatorAttachment is WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM_U2F_V2. Hence, nothing changes for it. Bug: 898718 Change-Id: I5e06cd48a3dd424b4763753d8e4d41d8c6680c68 Reviewed-on: https://chromium-review.googlesource.com/c/1357621 Commit-Queue: Martin Kreichgauer <martinkr@chromium.org> Reviewed-by:
Adam Langley <agl@chromium.org> Cr-Commit-Position: refs/heads/master@{#613248}
f1b46d7a
