Tuesday, December 31, 2019

Chromium U2F auth vs libfido2

Hello and Happy New Year!

I'm fixing a Chromium bug [1] in OpenBSD port and am trying to use
libfido2. Unfortunately there's an abstraction mismatch between what
Chromium expects and libfido2 provides.

Chromium needs (and libfido2 approximations):
1) discover a device (fido_dev_info_manifest, fido_dev_open)
2) poll device (???)
3) read from device fd (hid_read?)
4) write to device fd (hid_write?)

Chromium "knows" a lot internally about USB and can work on top of raw
HID device. In fact it _requires_ direct access to the device fd to
pass it to libevent to poll. This seems to be in conflict with
libfido2 abstractions.

Should I bother shoehorning Chromium into libfido2? I have a patch [2]
which mostly works by using the discovery functions of libfido2 for #1
and then uses the discovered device path to do #2,#3,#4. This almost
works, except I have to copy and massage terrible_ping_kludge. Is
this the best I can do for the moment?

I noticed reyk@ reimplemented the kludge for Firefox, but I could
attribute that to a language mismatch and didn't want to jump to
conclusions.

[1] https://bugs.chromium.org/p/chromium/issues/detail?id=451248
[2]
https://github.com/blackgnezdo/ports/blob/browsers-fido/www/chromium/files/hid_service_fido.cc

Thanks
Greg
--
nest.cx is Gmail hosted, use PGP:
https://pgp.key-server.io/0x0B1542BD8DF5A1B0
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0

No comments:

Post a Comment