Closed
Bug 1820037
Opened 2 years ago
Closed 2 years ago
Avoid passing (unhashed) ClientDataJSON as a CTAP argument
Categories
(Core :: DOM: Web Authentication, enhancement, P3)
Core
DOM: Web Authentication
Tracking
()
RESOLVED
FIXED
114 Branch
Tracking | Status | |
---|---|---|
firefox114 | --- | fixed |
People
(Reporter: jschanck, Assigned: jschanck)
References
Details
Attachments
(1 file)
CTAP transports only act on the hash of ClientDataJSON, not the full JSON blob. We should prepare the JSON-compatible serialization of client data in WebAuthnController and pass only the hash in nsICtapRegisterArgs
and nsICtapSignArgs
. This will require a few small changes to authenticator-rs.
Assignee | ||
Comment 1•2 years ago
|
||
Depends on D175809
Pushed by jschanck@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9f84161b1d92
replace client data JSON by its hash in nsIWebAuthnTransport. r=keeler
Comment 3•2 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox114:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 114 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•