cryptotoken: check base64url decoding failures when proxying to WebAuthn

Cryptotoken used to tolerate challenges and key handles encoded in either regular base64 or base64url, despite the spec only allowing base64url. With the WebAuthenticationProxyCryptotoken feature enabled, this is no longer the case: WebAuthn takes challenges and key handles as raw byte inputs, and re-encodes them to base64url prior to signing. Until now, if cryptotoken failed to base64url-decode a challenge for keyHandle before sending it to WebAuthn, it would send an empty byte sequence instead. Hence, if a non-compliant passed a challenge encoded in regular base64, it would subsequently receive a response, but the challenge field in the response would be empty and signature would be over the empty challenge. This change makes the failure to decode more explicit. If a challenge (or keyHandle) fails to decode, cryptotoken will not forward the request. Rather it will return a BAD_REQUEST error with a descriptive error message. Bug: 925738 Change-Id: I7e1d0bfca55765ccdfaf7b9762c8b79352fb2856 Reviewed-on: https://chromium-review.googlesource.com/c/1450400 Commit-Queue: Martin Kreichgauer <martinkr@google.com> Reviewed-by: Adam Langley <agl@chromium.org> Cr-Commit-Position: refs/heads/master@{#628508}

cryptotoken: check base64url decoding failures when proxying to WebAuthn
Cryptotoken used to tolerate challenges and key handles encoded in either regular base64 or base64url, despite the spec only allowing base64url. With the WebAuthenticationProxyCryptotoken feature enabled, this is no longer the case: WebAuthn takes challenges and key handles as raw byte inputs, and re-encodes them to base64url prior to signing. Until now, if cryptotoken failed to base64url-decode a challenge for keyHandle before sending it to WebAuthn, it would send an empty byte sequence instead. Hence, if a non-compliant passed a challenge encoded in regular base64, it would subsequently receive a response, but the challenge field in the response would be empty and signature would be over the empty challenge. This change makes the failure to decode more explicit. If a challenge (or keyHandle) fails to decode, cryptotoken will not forward the request. Rather it will return a BAD_REQUEST error with a descriptive error message. Bug: 925738 Change-Id: I7e1d0bfca55765ccdfaf7b9762c8b79352fb2856 Reviewed-on: https://chromium-review.googlesource.com/c/1450400 Commit-Queue: Martin Kreichgauer <martinkr@google.com> Reviewed-by: Adam Langley <agl@chromium.org> Cr-Commit-Position: refs/heads/master@{#628508}
ceb92979 · Martin Kreichgauer · Commit Bot · 82ef234c · ceb92979 · ceb92979
Commit ceb92979 authored Feb 01, 2019 by Martin Kreichgauer Committed by Commit Bot Feb 01, 2019
Showing with 38 additions and 4 deletions

chrome/browser/resources/cryptotoken/enroller.js chrome/browser/resources/cryptotoken/enroller.js +19 -2

chrome/browser/resources/cryptotoken/signer.js chrome/browser/resources/cryptotoken/signer.js +19 -2

No files found.
--- a/chrome/browser/resources/cryptotoken/enroller.js
+++ b/chrome/browser/resources/cryptotoken/enroller.js
@@ -888,12 +888,29 @@ Enroller.prototype.doRegisterWebAuthnContinue_ = function(
  const randomId = new Uint8Array(new ArrayBuffer(16));
  crypto.getRandomValues(randomId);
+  const decodedChallenge = B64_decode(challenge);
+  if (decodedChallenge.length == 0) {
+    this.notifyError_({
+      errorCode: ErrorCodes.BAD_REQUEST,
+      errorMessage: 'challenge must be base64url encoded',
+    });
+    return;
+  }
  const excludeList = [];
  for (let index = 0; index < request['signData'].length; index++) {
    const element = request['signData'][index];
+    const decodedKeyHandle = B64_decode(element['keyHandle']);
+    if (decodedKeyHandle.length == 0) {
+      this.notifyError_({
+        errorCode: ErrorCodes.BAD_REQUEST,
+        errorMessage: 'keyHandle must be base64url encoded',
+      });
+      return;
+    }
    excludeList.push({
      type: 'public-key',
-      id: new Uint8Array(B64_decode(element['keyHandle'])).buffer,
+      id: new Uint8Array(decodedKeyHandle).buffer,
      transports: ['usb'],
    });
  }
@@ -913,7 +930,7 @@ Enroller.prototype.doRegisterWebAuthnContinue_ = function(
        displayName: this.sender_.origin,
        name: this.sender_.origin,
      },
-      challenge: new Uint8Array(B64_decode(challenge)).buffer,
+      challenge: new Uint8Array(decodedChallenge).buffer,
      pubKeyCredParams: [{
        type: 'public-key',
        alg: -7,  // ES-256

--- a/chrome/browser/resources/cryptotoken/signer.js
+++ b/chrome/browser/resources/cryptotoken/signer.js
@@ -495,11 +495,28 @@ Signer.prototype.doSignWebAuthn_ = function(encodedChallenges, challengeVal) {
    return false;
  }
+  const decodedChallenge = B64_decode(challengeVal);
+  if (decodedChallenge.length == 0) {
+    this.notifyError_({
+      errorCode: ErrorCodes.BAD_REQUEST,
+      errorMessage: 'challenge must be base64url encoded',
+    });
+    return false;
+  }
  const credentialList = [];
  for (let i = 0; i < encodedChallenges.length; i++) {
+    const decodedKeyHandle = B64_decode(encodedChallenges[i]['keyHandle']);
+    if (decodedKeyHandle.length == 0) {
+      this.notifyError_({
+        errorCode: ErrorCodes.BAD_REQUEST,
+        errorMessage: 'keyHandle must be base64url encoded',
+      });
+      return false;
+    }
    credentialList.push({
      type: 'public-key',
-      id: new Uint8Array(B64_decode(encodedChallenges[i].keyHandle)).buffer,
+      id: new Uint8Array(decodedKeyHandle).buffer,
    });
  }
  // App ID could be defined for each challenge or globally.
@@ -509,7 +526,7 @@ Signer.prototype.doSignWebAuthn_ = function(encodedChallenges, challengeVal) {
  const request = {
    publicKey: {
-      challenge: new Uint8Array(B64_decode(challengeVal)).buffer,
+      challenge: new Uint8Array(decodedChallenge).buffer,
      timeout: this.timer_.millisecondsUntilExpired(),
      rpId: this.sender_.origin,
      allowCredentials: credentialList,