webauth: Do not ignore u2fhid on ChromeOS

Since u2f credentials are not handled properly on ChromeOS, we decided to disable platform authenticator when U2F is enabled. This is done by making ChromeOS Authenticator return IsUvpaa=false when U2F is enabled. Thus ChromeOS platform authenticator and u2fhid are mutually exclusive for WebAuthn. Bug: 1155335, b/174709984 TEST=Enable U2F and enable ChromeOS WebAuthn feature flag, register PIN, ==> PublicKeyCredential .isUserVerifyingPlatformAuthenticatorAvailable() .then(console.log) returns false even if PIN is available. ==> When attachment=undefined or cross-platform, can use u2fhid to do WebAuthn MakeCredential and GetAssertion. ==> When attachment=platform, "Your device doesn't support the type of security key requested by this site". TEST=Disable U2F and enable ChromeOS WebAuthn feature flag, register PIN, => PublicKeyCredential .isUserVerifyingPlatformAuthenticatorAvailable() .then(console.log) returns true. => When attachment=undefined or cross-platform, u2fhid doesn't show up. => When attachment=platform, can use ChromeOS PIN to do MakeCredential and GetAssertion. Change-Id: I4ce5c9de4aecaa5c1569101065a1278576c9d0cc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2572130 Commit-Queue: Yicheng Li <yichengli@chromium.org> Reviewed-by: Martin Kreichgauer <martinkr@google.com> Cr-Commit-Position: refs/heads/master@{#833570}

webauth: Do not ignore u2fhid on ChromeOS
Since u2f credentials are not handled properly on ChromeOS, we decided to disable platform authenticator when U2F is enabled. This is done by making ChromeOS Authenticator return IsUvpaa=false when U2F is enabled. Thus ChromeOS platform authenticator and u2fhid are mutually exclusive for WebAuthn. Bug: 1155335, b/174709984 TEST=Enable U2F and enable ChromeOS WebAuthn feature flag, register PIN, ==> PublicKeyCredential .isUserVerifyingPlatformAuthenticatorAvailable() .then(console.log) returns false even if PIN is available. ==> When attachment=undefined or cross-platform, can use u2fhid to do WebAuthn MakeCredential and GetAssertion. ==> When attachment=platform, "Your device doesn't support the type of security key requested by this site". TEST=Disable U2F and enable ChromeOS WebAuthn feature flag, register PIN, => PublicKeyCredential .isUserVerifyingPlatformAuthenticatorAvailable() .then(console.log) returns true. => When attachment=undefined or cross-platform, u2fhid doesn't show up. => When attachment=platform, can use ChromeOS PIN to do MakeCredential and GetAssertion. Change-Id: I4ce5c9de4aecaa5c1569101065a1278576c9d0cc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2572130 Commit-Queue: Yicheng Li <yichengli@chromium.org> Reviewed-by: Martin Kreichgauer <martinkr@google.com> Cr-Commit-Position: refs/heads/master@{#833570}
554f453a · Yicheng Li · Chromium LUCI CQ · ff65e810 · 554f453a
Commit 554f453a authored Dec 04, 2020 by Yicheng Li Committed by Chromium LUCI CQ Dec 04, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 7 deletions

content/browser/webauth/authenticator_common.cc content/browser/webauth/authenticator_common.cc +1 -7

No files found.
--- a/content/browser/webauth/authenticator_common.cc
+++ b/content/browser/webauth/authenticator_common.cc
@@ -641,13 +641,7 @@ std::unique_ptr<device::FidoDiscoveryFactory> MakeDiscoveryFactory(
 #endif  // defined(OS_WIN)

 #if BUILDFLAG(IS_CHROMEOS_ASH)
-  // Ignore the ChromeOS u2fd virtual U2F HID device for WebAuthn requests so
-  // that it doesn't collide with the ChromeOS platform authenticator, also
-  // implemented in u2fd.
-  if (base::FeatureList::IsEnabled(device::kWebAuthCrosPlatformAuthenticator) &&
-      !is_u2f_api_request) {
-    constexpr device::VidPid kChromeOsU2fdVidPid{0x18d1, 0x502c};
-    discovery_factory->set_hid_ignore_list({kChromeOsU2fdVidPid});
+  if (base::FeatureList::IsEnabled(device::kWebAuthCrosPlatformAuthenticator)) {
    discovery_factory->set_generate_request_id_callback(
        request_delegate->GetGenerateRequestIdCallback(render_frame_host));
  }