device/fido/mac: set the User Present (UP) bit in authenticator data

See https://www.w3.org/TR/webauthn/#sec-authenticator-data. AFAIU, the spec is not exactly clear whether or not to set this bit from a user verifying authenticator. It says that the bit should be set if the user is "present", which is defined as having successfully completed a "user presence test". User presence test is defined separately from user verification test (which is what Touch ID does). Logically, a user verification test always includes a user presence test, but the spec doesn't say so explicitly. Regardless of what the spec says, setting both bits seems less likely to confuse server implementations IMO. A naive server e.g. might *just* check for the UP bit, and if it is not set reject the response, even though the UV bit is set. Hence, we should probably set both. Bug: 678128 Change-Id: I02be366dba324e4f9b83ba0d354a674242fc72dc Reviewed-on: https://chromium-review.googlesource.com/1137216 Commit-Queue: Martin Kreichgauer <martinkr@google.com> Reviewed-by: Kim Paulhamus <kpaulhamus@chromium.org> Cr-Commit-Position: refs/heads/master@{#575386}

device/fido/mac: set the User Present (UP) bit in authenticator data
See https://www.w3.org/TR/webauthn/#sec-authenticator-data. AFAIU, the spec is not exactly clear whether or not to set this bit from a user verifying authenticator. It says that the bit should be set if the user is "present", which is defined as having successfully completed a "user presence test". User presence test is defined separately from user verification test (which is what Touch ID does). Logically, a user verification test always includes a user presence test, but the spec doesn't say so explicitly. Regardless of what the spec says, setting both bits seems less likely to confuse server implementations IMO. A naive server e.g. might *just* check for the UP bit, and if it is not set reject the response, even though the UV bit is set. Hence, we should probably set both. Bug: 678128 Change-Id: I02be366dba324e4f9b83ba0d354a674242fc72dc Reviewed-on: https://chromium-review.googlesource.com/1137216 Commit-Queue: Martin Kreichgauer <martinkr@google.com> Reviewed-by: Kim Paulhamus <kpaulhamus@chromium.org> Cr-Commit-Position: refs/heads/master@{#575386}
9be10b62 · Martin Kreichgauer · Commit Bot · 22c1a0ff · 9be10b62
Commit 9be10b62 authored Jul 16, 2018 by Martin Kreichgauer Committed by Commit Bot Jul 16, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

device/fido/mac/util.mm device/fido/mac/util.mm +1 -0

No files found.
--- a/device/fido/mac/util.mm
+++ b/device/fido/mac/util.mm
@@ -103,6 +103,7 @@ base::Optional<AuthenticatorData> MakeAuthenticatorData(
  std::array<uint8_t, 2> encoded_credential_id_length = {
      0, static_cast<uint8_t>(credential_id.size())};
  constexpr uint8_t flags =
+      static_cast<uint8_t>(AuthenticatorData::Flag::kTestOfUserPresence) |
      static_cast<uint8_t>(AuthenticatorData::Flag::kTestOfUserVerification) |
      static_cast<uint8_t>(AuthenticatorData::Flag::kAttestation);
  return AuthenticatorData(