1886577 - FIDO2 Discoverable Credential always created on security keys

Status: VERIFIED FIXED

(Core :: DOM: Web Authentication, defect, P3)

Description

[will.smart]

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

Steps to reproduce:

Firefox 123.0.1 on MacOS 14.4 seems to generate a discoverable credential on security keys even when the RP requests residentKeyRequired=false or residentKey=discouraged. This is observed when a PIN is already set on the security key.

Steps to reproduce:

1. Ensure that a PIN is set on the security key
2. Navigate to any website that uses WebAuthn, like webauthn.io.
3. Insert a security key.
   a. Set discoverable credential=discouraged in the advanced settings
4. Using a tool like Yubico Authenticator, or Chrome's security key management tools that will display the discoverable credentials that have been saved to a device, list the passkeys that are on security key.

Yubico Authenticator shows that a passkey/discoverable credential was created on the YubiKey, even though it was not requested.

Actual results:

A discoverable credential is made, which may have privacy implications for the security key user, and will exhaust some of the limited discoverable credential storage on the security key.

Expected results:

A non-discoverable credential should have been created, as requested by the web site.

Comment 1

[will.smart]

As with the other FIDO2 related issues in 122+, it seems they can be worked-around if the security.webauthn.enable_macos_passkeys preference is set to false.

Comment 2

[BugBot [:suhaib / :marco/ :calixte]]

The severity field is not set for this bug.
:jschanck, could you have a look please?

For more information, please visit BugBot documentation.

Comment 3

[John Schanck [:jschanck]]

Attachment: Bug 1886577 - set resident key preference when using macOS security key interface. r=dveditz

Comment 4

[Pulsebot]

Pushed by jschanck@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a3f0d7e2d176
set resident key preference when using macOS security key interface. r=dveditz

Comment 5

[Iulian Moraru]

Backed out for causing android build bustages on WebAuthnService.cpp.

• Push with failures

• Failure log

• Backout link

[task 2024-04-10T05:17:37.439Z] 05:17:37     INFO -  gmake[4]: Entering directory '/builds/worker/workspace/obj-build/dom/webauthn'
[task 2024-04-10T05:17:37.442Z] 05:17:37     INFO -  /builds/worker/fetches/sccache/sccache /builds/worker/fetches/clang/bin/clang++ --target=aarch64-linux-android21 -o Unified_cpp_dom_webauthn0.o -c  -I/builds/worker/workspace/obj-build/dist/stl_wrappers -I/builds/worker/workspace/obj-build/dist/system_wrappers -include /builds/worker/checkouts/gecko/config/gcc_hidden.h -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -ftrivial-auto-var-init=pattern -DDEBUG=1 -DMOZ_HAS_MOZGLUE -DMOZILLA_INTERNAL_API -DIMPL_LIBXUL -DSTATIC_EXPORTABLE_JS_API -I/builds/worker/checkouts/gecko/dom/webauthn -I/builds/worker/workspace/obj-build/dom/webauthn -I/builds/worker/workspace/obj-build/ipc/ipdl/_ipdlheaders -I/builds/worker/checkouts/gecko/ipc/chromium/src -I/builds/worker/checkouts/gecko/dom/base -I/builds/worker/checkouts/gecko/dom/crypto -I/builds/worker/checkouts/gecko/security/manager/ssl -I/builds/worker/checkouts/gecko/third_party/rust -I/builds/worker/workspace/obj-build/dist/include -I/builds/worker/workspace/obj-build/dist/include/nspr -I/builds/worker/workspace/obj-build/dist/include/nss -DMOZILLA_CLIENT -include /builds/worker/workspace/obj-build/mozilla-config.h --sysroot=/builds/worker/fetches/android-ndk/toolchains/llvm/prebuilt/linux-x86_64/sysroot --gcc-toolchain=/builds/worker/fetches/android-ndk/toolchains/llvm/prebuilt/linux-x86_64 -fno-sized-deallocation -fno-aligned-new -fno-short-enums -fcrash-diagnostics-dir=/builds/worker/artifacts -fno-exceptions -fPIC -fno-rtti -ffunction-sections -fdata-sections -fno-exceptions -fno-math-errno -gdwarf-4 -Xclang -load -Xclang /builds/worker/workspace/obj-build/build/clang-plugin/libclang-plugin.so -Xclang -add-plugin -Xclang moz-check -Oz -mno-outline -fno-omit-frame-pointer -funwind-tables -Werror -Wall -Wbitfield-enum-conversion -Wempty-body -Wformat-type-confusion -Wignored-qualifiers -Wpointer-arith -Wshadow-field-in-constructor-modified -Wsign-compare -Wtautological-constant-in-range-compare -Wtype-limits -Wno-error=tautological-type-limit-compare -Wunreachable-code -Wunreachable-code-return -Wunused-but-set-parameter -Wno-invalid-offsetof -Wclass-varargs -Wempty-init-stmt -Wfloat-overflow-conversion -Wfloat-zero-conversion -Wloop-analysis -Wno-range-loop-analysis -Wenum-compare-conditional -Wenum-float-conversion -Wno-deprecated-anon-enum-enum-conversion -Wno-deprecated-enum-enum-conversion -Wno-deprecated-this-capture -Wcomma -Wimplicit-fallthrough -Wstring-conversion -Wno-inline-new-delete -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=free-nonheap-object -Wno-error=atomic-alignment -Wno-error=deprecated-builtins -Wformat -Wformat-security -Wno-psabi -Wthread-safety -Wno-error=builtin-macro-redefined -Wno-unknown-warning-option -fno-strict-aliasing -ffp-contract=off  -MD -MP -MF .deps/Unified_cpp_dom_webauthn0.o.pp   Unified_cpp_dom_webauthn0.cpp
[task 2024-04-10T05:17:37.442Z] 05:17:37     INFO -  In file included from Unified_cpp_dom_webauthn0.cpp:101:
[task 2024-04-10T05:17:37.443Z] 05:17:37    ERROR -  /builds/worker/checkouts/gecko/dom/webauthn/WebAuthnService.cpp:31:49: error: lambda capture 'aBrowsingContextId' is not used [-Werror,-Wunused-lambda-capture]
[task 2024-04-10T05:17:37.443Z] 05:17:37     INFO -     31 |       __func__, [self, aOrigin, aTransactionId, aBrowsingContextId]() {
[task 2024-04-10T05:17:37.443Z] 05:17:37     INFO -        |                                               ~~^~~~~~~~~~~~~~~~~~
[task 2024-04-10T05:17:37.443Z] 05:17:37     INFO -  1 error generated.
[task 2024-04-10T05:17:37.444Z] 05:17:37    ERROR -  gmake[4]: *** [/builds/worker/checkouts/gecko/config/rules.mk:688: Unified_cpp_dom_webauthn0.o] Error 1
[task 2024-04-10T05:17:37.444Z] 05:17:37     INFO -  gmake[4]: Leaving directory '/builds/worker/workspace/obj-build/dom/webauthn'
[task 2024-04-10T05:17:37.444Z] 05:17:37     INFO -  gmake[4]: Target 'target-objects' not remade because of errors.
[task 2024-04-10T05:17:37.446Z] 05:17:37    ERROR -  gmake[3]: *** [/builds/worker/checkouts/gecko/config/recurse.mk:72: dom/webauthn/target-objects] Error 2
[task 2024-04-10T05:17:37.453Z] 05:17:37     INFO -  gmake[4]: Entering directory '/builds/worker/workspace/obj-build/js/xpconnect/tests/components/native'
[task 2024-04-10T05:17:37.453Z] 05:17:37     INFO -  mkdir -p '.deps/'
[task 2024-04-10T05:17:37.453Z] 05:17:37     INFO -  gmake[4]: Leaving directory '/builds/worker/workspace/obj-build/js/xpconnect/tests/components/native'

Comment 6

[Pulsebot]

Pushed by jschanck@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3dfe54991445
set resident key preference when using macOS security key interface. r=dveditz

Comment 7

[Sandor Molnar[:smolnar]]

https://hg.mozilla.org/mozilla-central/rev/3dfe54991445

Comment 9

[Ina Popescu, Desktop QA]

Unfortunately, I lack the necessary security key to verify this issue. will.smart, could you please check if the issue persists in Firefox 126.0 version?

Comment 10

[will.smart]

(In reply to Ina Popescu, Desktop QA from comment #9)

Unfortunately, I lack the necessary security key to verify this issue. will.smart, could you please check if the issue persists in Firefox 126.0 version?

Confirmed Fixed on 126.0 on MacOS 13.6.6.

Comment 11

[Ina Popescu, Desktop QA]

Thank you for confirming.
Verified as fixed based on Comment 10.