Skip to content

GitLab

T
tangled
Commit 80b1a4bb authored by Yicheng Li's avatar Yicheng Li Committed by Commit Bot
Browse files
Options

fido: Enable ChromeOSAuthenticator to do user-presence requests 

If a MakeCredential or GetAssertion request has set user verification
requirement to "discouraged", then send the request as presence-only.
ChromeOSAuthenticator will then do presence-only authentication for
this request.

Change-Id: I40f382368e8399c328e830984e433fd56f7cd6fc
Bug: b:144861739
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2124935Reviewed-by: default avatarMartin Kreichgauer <martinkr@google.com>
Commit-Queue: Martin Kreichgauer <martinkr@google.com>
Cr-Commit-Position: refs/heads/master@{#755236}
parent 7f6c7602
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 4 deletions
device/fido/cros/authenticator.cc
View file @ 80b1a4bb
...@@ -84,8 +84,12 @@ void ChromeOSAuthenticator::MakeCredential(CtapMakeCredentialRequest request, ...@@ -84,8 +84,12 @@ void ChromeOSAuthenticator::MakeCredential(CtapMakeCredentialRequest request,
} }
u2f::MakeCredentialRequest req; u2f::MakeCredentialRequest req;
// Requests with UserPresence get upgraded to UserVerification. // Requests with UserPresence get upgraded to UserVerification unless
req.set_verification_type(u2f::VERIFICATION_USER_VERIFICATION); // verification is explicitly discouraged.
req.set_verification_type(
(request.user_verification == UserVerificationRequirement::kDiscouraged)
? u2f::VERIFICATION_USER_PRESENCE
: u2f::VERIFICATION_USER_VERIFICATION);
req.set_rp_id(request.rp.id); req.set_rp_id(request.rp.id);
req.set_user_entity( req.set_user_entity(
std::string(request.user.id.begin(), request.user.id.end())); std::string(request.user.id.begin(), request.user.id.end()));
...@@ -177,8 +181,12 @@ void ChromeOSAuthenticator::GetAssertion(CtapGetAssertionRequest request, ...@@ -177,8 +181,12 @@ void ChromeOSAuthenticator::GetAssertion(CtapGetAssertionRequest request,
} }
u2f::GetAssertionRequest req; u2f::GetAssertionRequest req;
// Requests with UserPresence get upgraded to UserVerification. // Requests with UserPresence get upgraded to UserVerification unless
req.set_verification_type(u2f::VERIFICATION_USER_VERIFICATION); // verification is explicitly discouraged.
req.set_verification_type(
(request.user_verification == UserVerificationRequirement::kDiscouraged)
? u2f::VERIFICATION_USER_PRESENCE
: u2f::VERIFICATION_USER_VERIFICATION);
req.set_rp_id(request.rp_id); req.set_rp_id(request.rp_id);
req.set_client_data_hash(std::string(request.client_data_hash.begin(), req.set_client_data_hash(std::string(request.client_data_hash.begin(),
request.client_data_hash.end())); request.client_data_hash.end()));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment