webauthn: caBLEv2 registrations don't convey attestation.

BUG=1002262 Change-Id: Ief209ab2904ade456afa3dcdfd11d001aeb8330e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2538158 Commit-Queue: Adam Langley <agl@chromium.org> Reviewed-by: Martin Kreichgauer <martinkr@google.com> Cr-Commit-Position: refs/heads/master@{#828371}

webauthn: caBLEv2 registrations don't convey attestation.
BUG=1002262 Change-Id: Ief209ab2904ade456afa3dcdfd11d001aeb8330e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2538158 Commit-Queue: Adam Langley <agl@chromium.org> Reviewed-by: Martin Kreichgauer <martinkr@google.com> Cr-Commit-Position: refs/heads/master@{#828371}
f8a52df9 · Adam Langley · Commit Bot · cfd4edea · f8a52df9
Commit f8a52df9 authored Nov 17, 2020 by Adam Langley Committed by Commit Bot Nov 17, 2020
Show whitespace changes
Inline Side-by-side

Showing with 14 additions and 4 deletions

content/browser/webauth/authenticator_common.cc content/browser/webauth/authenticator_common.cc +14 -4

No files found.
--- a/content/browser/webauth/authenticator_common.cc
+++ b/content/browser/webauth/authenticator_common.cc
@@ -1386,13 +1386,18 @@ void AuthenticatorCommon::OnRegisterResponse(
      DCHECK(response_data.has_value());
      DCHECK(authenticator);
-      auto transport_used = authenticator->AuthenticatorTransport();
+      const base::Optional<device::FidoTransportProtocol> transport_used =
+          authenticator->AuthenticatorTransport();
+      bool is_transport_used_internal = false;
+      bool is_transport_used_cable = false;
      if (transport_used) {
        request_delegate_->UpdateLastTransportUsed(*transport_used);
+        is_transport_used_internal =
+            (*transport_used == device::FidoTransportProtocol::kInternal);
+        is_transport_used_cable =
+            (*transport_used ==
+             device::FidoTransportProtocol::kCloudAssistedBluetoothLowEnergy);
      }
-      bool is_transport_used_internal =
-          transport_used &&
-          *transport_used == device::FidoTransportProtocol::kInternal;
      const auto attestation =
          ctap_make_credential_request_->attestation_preference;
@@ -1432,6 +1437,11 @@ void AuthenticatorCommon::OnRegisterResponse(
        // not approved by the authenticator, then any attestation is stripped.
        attestation_erasure =
            AttestationErasureOption::kEraseAttestationAndAaguid;
+      } else if (is_transport_used_cable) {
+        // Attestation is not returned when caBLEv2 is used, but the AAGUID is
+        // maintained.
+        attestation_erasure =
+            AttestationErasureOption::kEraseAttestationButIncludeAaguid;
      } else if (attestation !=
                 device::AttestationConveyancePreference::kNone) {
        UMA_HISTOGRAM_ENUMERATION("WebAuthentication.AttestationPromptResult",