зеркало из https://github.com/mozilla/gecko-dev.git
95d83ac876
The WebAuthn WD-05 specification's Get Assertion method defines the returned AuthenticatorAssertionResponse as providing ClientData, AuthenticatorData, and the Signature from the Authenticator. Our implementation is incorrectly setting AuthenticatorData and Signature: AuthenticatorData as a structure is intended to mirror the structure from the AuthenticatorData [1] section of the Attestation CBOR Object [2] in the MakeCredential method, which we weren't doing _at all_. This is clarified in the editor's draft of the specification, soon to be WD-06. Signature for U2F Authenticators is defined as the "attestation signature", [3] which is under-specified and we assumed would be the raw output from the U2F Authenticator [4]. This should instead be the raw ANSI X9.62 signature with no additional bytes. [5] [1] https://www.w3.org/TR/2017/WD-webauthn-20170505/#sec-authenticator-data [2] https://www.w3.org/TR/2017/WD-webauthn-20170505/#sec-attestation-data [3] https://www.w3.org/TR/2017/WD-webauthn-20170505/#fido-u2f-attestation [4] https://lists.w3.org/Archives/Public/public-webauthn/2017Aug/0078.html [5] https://bugzilla.mozilla.org/show_bug.cgi?id=1387820#c4 MozReview-Commit-ID: DTIOILfS4pK --HG-- extra : rebase_source : 996c10b2f0359b34f45cf370bb8483c2dc9d3b6e |
||
|---|---|---|
| .. | ||
| browser | ||
| cbor | ||
| pkijs | ||
| mochitest.ini | ||
| test_webauthn_get_assertion.html | ||
| test_webauthn_loopback.html | ||
| test_webauthn_make_credential.html | ||
| test_webauthn_no_token.html | ||
| test_webauthn_sameorigin.html | ||
| u2futil.js | ||