[Secure Payment Confirmation] Random user identifier.

Before this patch, creating two payment credentials in Touch ID with identical instrument display name and relying party would erase the first credential, so it could no longer be exercised. This patch uses a random 32 byte array instead of instrument display name as the user identifier. After this patch, a relying party can create a large number of payment credentials with identical instrument display name, so all of them can still be exercised. Bug: 1139040 Change-Id: I68895c4b7d6bb64afa1f44e2b30a613ab6293023 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2487220Reviewed-by: Ken Buchanan <kenrb@chromium.org> Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org> Cr-Commit-Position: refs/heads/master@{#819053}

[Secure Payment Confirmation] Random user identifier.
Before this patch, creating two payment credentials in Touch ID with identical instrument display name and relying party would erase the first credential, so it could no longer be exercised. This patch uses a random 32 byte array instead of instrument display name as the user identifier. After this patch, a relying party can create a large number of payment credentials with identical instrument display name, so all of them can still be exercised. Bug: 1139040 Change-Id: I68895c4b7d6bb64afa1f44e2b30a613ab6293023 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2487220Reviewed-by: Ken Buchanan <kenrb@chromium.org> Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org> Cr-Commit-Position: refs/heads/master@{#819053}
e9768e39 · Rouslan Solomakhin · Commit Bot · e41f613a · e9768e39
Commit e9768e39 authored Oct 20, 2020 by Rouslan Solomakhin Committed by Commit Bot Oct 20, 2020
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 9 deletions

third_party/blink/renderer/modules/credentialmanager/credentials_container.cc ...nderer/modules/credentialmanager/credentials_container.cc +6 -9

No files found.
--- a/third_party/blink/renderer/modules/credentialmanager/credentials_container.cc
+++ b/third_party/blink/renderer/modules/credentialmanager/credentials_container.cc
@@ -8,6 +8,7 @@
 #include <utility>
 #include "base/metrics/histogram_macros.h"
+#include "base/rand_util.h"
 #include "build/build_config.h"
 #include "third_party/blink/public/common/sms/webotp_service_outcome.h"
 #include "third_party/blink/public/mojom/credentialmanager/credential_manager.mojom-blink.h"
@@ -61,6 +62,7 @@
 #include "third_party/blink/renderer/platform/weborigin/origin_access_entry.h"
 #include "third_party/blink/renderer/platform/weborigin/security_origin.h"
 #include "third_party/blink/renderer/platform/wtf/functional.h"
+#include "third_party/blink/renderer/platform/wtf/wtf_size_t.h"
 #if defined(OS_ANDROID)
 #include "third_party/blink/renderer/bindings/modules/v8/v8_public_key_credential_rp_entity.h"
@@ -750,15 +752,10 @@ void CreatePublicKeyCredentialForPaymentCredential(
  mojo_options->user = mojom::blink::PublicKeyCredentialUserEntity::New();
  mojo_options->user->name = options->instrument()->displayName();
-  // There isn't explicity a WebAuthn 'user ID', so just convert the
+  static constexpr wtf_size_t kRandomUserIdSize = 32;
-  // instrument display name into a byte array and use that.
+  mojo_options->user->id = Vector<uint8_t>(kRandomUserIdSize);
-  const uint8_t* display_name_bytes =
+  base::RandBytes(mojo_options->user->id.data(), kRandomUserIdSize);
-      static_cast<const uint8_t*>(options->instrument()->displayName().Bytes());
-  mojo_options->user->id = Vector<uint8_t>();
-  mojo_options->user->id.AppendRange(
-      display_name_bytes,
-      display_name_bytes +
-          options->instrument()->displayName().CharactersSizeInBytes());
  mojo_options->user->display_name = options->instrument()->displayName();
  mojo_options->user->icon = KURL(options->instrument()->icon());