mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
gecko-dev/dom/u2f/U2F.cpp

769 строки
22 KiB
C++
Исходник Обычный вид История

Bug 1412125, part 2 - Fix dom/ mode lines. r=qdot This was automatically generated by the script modeline.py. MozReview-Commit-ID: BgulzkGteAL --HG-- extra : rebase_source : a4b9d16a4c06c4e85d7d85f485221b1e4ebdfede
2017-10-27 01:08:41 +03:00
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
/* This Source Code Form is subject to the terms of the Mozilla Public
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
#include "mozilla/dom/U2F.h"
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
#include "mozilla/dom/Event.h"
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
#include "mozilla/dom/WebCryptoCommon.h"
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
#include "mozilla/ipc/PBackgroundChild.h"
#include "mozilla/ipc/BackgroundChild.h"
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
#include "nsContentUtils.h"
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
#include "nsICryptoHash.h"
Bug 1244959 - Use IsRegistrableDomainSuffixOfOrEqualTo for U2F Facets r=ttaubert In Comment 8 of Bug 1244959 [1], Brad Hill argues that instead of leaving our U2F Facet support completely half-way, that we could use the Public Suffix logic introduced into HTML for W3C Web Authentication (the method named IsRegistrableDomainSuffixOfOrEqualTo) to scope the FIDO AppID to an eTLD+1 hierarchy. This is a deviation from the FIDO specification, but doesn't break anything that currently works with our U2F implementation, and theoretically enables sites that otherwise need an external FacetID fetch which we aren't implementing. The downside to this is that it's then Firefox-specific behavior. But since this isn't a shipped feature, we have more room to experiment. As an additional bonus, it encourages U2F sites to use the upcoming Web Authentication security model, which will help them prepare to adopt the newer standard. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1244959#c8 MozReview-Commit-ID: DzNVhHT9qRL --HG-- extra : rebase_source : 262e2ddbec325e0391d346473f27ae2738490da1
2017-09-29 02:45:28 +03:00
#include "nsIEffectiveTLDService.h"
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
#include "nsNetCID.h"
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
#include "nsNetUtil.h"
Bug 1244960 - Complete FIDO u2f NSSToken (Part 1). r=keeler, r=baku - Merge in test changes from Bug 1255784. - Remove the unnecessary mutex - Stop doing direct memory work in NSS Token - Clean up direct memory work in ContentParent - In order to store persistent crypto parameters, the NSSToken had to move onto the main thread and be interfaced with via IDL/IPDL. - Support Register/Sign via NSS using a long-lived secret key - Rename the softtoken/usbtoken "enable" prefs, because of hierarchy issues with the WebIDL Pref shadowing. - Also orders the includes on nsNSSModule.cpp - Attestation Certificates are in Part 2. Updates per keeler review comments: - Use //-style comments everywhere - Refactor the PrivateKeyFromKeyHandle method - Rename the logging and fix extraneous NS_WARN_IF/logging combinations - Other updates from review April 11-12: - Correct usage of the "usageCount" flag for PK11_UnwrapPrivKey - Rebase up to latest April 15: - Rebase to latest MozReview-Commit-ID: 6T8jNmwFvHJ --HG-- extra : transplant_source : w%26%CES%2Cu%04%3EAl%04%2Cb%E2v%C9%08%3A%CC%F4
2016-04-15 19:29:12 +03:00
#include "nsURLParsers.h"
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
#include "U2FTransactionChild.h"
#include "U2FUtil.h"
#include "hasht.h"
using namespace mozilla::ipc;
Bug 1244960 - Complete FIDO u2f NSSToken (Part 1). r=keeler, r=baku - Merge in test changes from Bug 1255784. - Remove the unnecessary mutex - Stop doing direct memory work in NSS Token - Clean up direct memory work in ContentParent - In order to store persistent crypto parameters, the NSSToken had to move onto the main thread and be interfaced with via IDL/IPDL. - Support Register/Sign via NSS using a long-lived secret key - Rename the softtoken/usbtoken "enable" prefs, because of hierarchy issues with the WebIDL Pref shadowing. - Also orders the includes on nsNSSModule.cpp - Attestation Certificates are in Part 2. Updates per keeler review comments: - Use //-style comments everywhere - Refactor the PrivateKeyFromKeyHandle method - Rename the logging and fix extraneous NS_WARN_IF/logging combinations - Other updates from review April 11-12: - Correct usage of the "usageCount" flag for PK11_UnwrapPrivKey - Rebase up to latest April 15: - Rebase to latest MozReview-Commit-ID: 6T8jNmwFvHJ --HG-- extra : transplant_source : w%26%CES%2Cu%04%3EAl%04%2Cb%E2v%C9%08%3A%CC%F4
2016-04-15 19:29:12 +03:00
Bug 1244959 - Use IsRegistrableDomainSuffixOfOrEqualTo for U2F Facets r=ttaubert In Comment 8 of Bug 1244959 [1], Brad Hill argues that instead of leaving our U2F Facet support completely half-way, that we could use the Public Suffix logic introduced into HTML for W3C Web Authentication (the method named IsRegistrableDomainSuffixOfOrEqualTo) to scope the FIDO AppID to an eTLD+1 hierarchy. This is a deviation from the FIDO specification, but doesn't break anything that currently works with our U2F implementation, and theoretically enables sites that otherwise need an external FacetID fetch which we aren't implementing. The downside to this is that it's then Firefox-specific behavior. But since this isn't a shipped feature, we have more room to experiment. As an additional bonus, it encourages U2F sites to use the upcoming Web Authentication security model, which will help them prepare to adopt the newer standard. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1244959#c8 MozReview-Commit-ID: DzNVhHT9qRL --HG-- extra : rebase_source : 262e2ddbec325e0391d346473f27ae2738490da1
2017-09-29 02:45:28 +03:00
// Forward decl because of nsHTMLDocument.h's complex dependency on /layout/style
class nsHTMLDocument {
public:
bool IsRegistrableDomainSuffixOfOrEqualTo(const nsAString& aHostSuffixString,
const nsACString& aOrigHost);
};
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
namespace mozilla {
namespace dom {
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
static mozilla::LazyLogModule gU2FLog("u2fmanager");
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
NS_NAMED_LITERAL_STRING(kVisibilityChange, "visibilitychange");
Bug 1264472 - Use nsRunnables in FIDO U2F. r=keeler - Move the AppID/FacetID algorithm into its own (potentially reentrant) method to facilitate Bug 1244959 - Change the Register and Sign operations to be Runnables so that in the future they can be executed after (future) remote fetches - Clean up error handling - Remove unnecessary remote-load Facet test files; we'll re-add some form of them when the remote load algorithm is completed MozReview-Commit-ID: 4K1q6ovzhgf --HG-- extra : transplant_source : /%7F/%96o1%3E%5E%17%20%A2%D0%AA%10%21%88%19%D9%B3%C9 extra : histedit_source : 4d3c61294951920a22e1f1eb7846a2a03f7cd2f0
2016-04-19 00:49:07 +03:00
NS_NAMED_LITERAL_STRING(kFinishEnrollment, "navigator.id.finishEnrollment");
NS_NAMED_LITERAL_STRING(kGetAssertion, "navigator.id.getAssertion");
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(U2F)
NS_WRAPPERCACHE_INTERFACE_MAP_ENTRY
NS_INTERFACE_MAP_ENTRY(nsISupports)
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
NS_INTERFACE_MAP_ENTRY(nsIDOMEventListener)
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
NS_INTERFACE_MAP_END
NS_IMPL_CYCLE_COLLECTING_ADDREF(U2F)
NS_IMPL_CYCLE_COLLECTING_RELEASE(U2F)
NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(U2F, mParent)
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
/***********************************************************************
* Utility Functions
**********************************************************************/
static ErrorCode
ConvertNSResultToErrorCode(const nsresult& aError)
{
if (aError == NS_ERROR_DOM_TIMEOUT_ERR) {
return ErrorCode::TIMEOUT;
}
/* Emitted by U2F{Soft,HID}TokenManager when we really mean ineligible */
if (aError == NS_ERROR_DOM_NOT_ALLOWED_ERR) {
return ErrorCode::DEVICE_INELIGIBLE;
}
return ErrorCode::OTHER_ERROR;
}
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
static uint32_t
AdjustedTimeoutMillis(const Optional<Nullable<int32_t>>& opt_aSeconds)
{
uint32_t adjustedTimeoutMillis = 30000u;
if (opt_aSeconds.WasPassed() && !opt_aSeconds.Value().IsNull()) {
adjustedTimeoutMillis = opt_aSeconds.Value().Value() * 1000u;
adjustedTimeoutMillis = std::max(15000u, adjustedTimeoutMillis);
adjustedTimeoutMillis = std::min(120000u, adjustedTimeoutMillis);
}
return adjustedTimeoutMillis;
}
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
Bug 1264472 - Use nsRunnables in FIDO U2F. r=keeler - Move the AppID/FacetID algorithm into its own (potentially reentrant) method to facilitate Bug 1244959 - Change the Register and Sign operations to be Runnables so that in the future they can be executed after (future) remote fetches - Clean up error handling - Remove unnecessary remote-load Facet test files; we'll re-add some form of them when the remote load algorithm is completed MozReview-Commit-ID: 4K1q6ovzhgf --HG-- extra : transplant_source : /%7F/%96o1%3E%5E%17%20%A2%D0%AA%10%21%88%19%D9%B3%C9 extra : histedit_source : 4d3c61294951920a22e1f1eb7846a2a03f7cd2f0
2016-04-19 00:49:07 +03:00
static nsresult
AssembleClientData(const nsAString& aOrigin, const nsAString& aTyp,
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
const nsAString& aChallenge,
/* out */ nsString& aClientData)
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
{
Bug 1297552 - Use MozPromise to run U2F operations in parallel. r=keeler This patch sets up the U2F system to support multiple nsIU2FToken "authenticators" simultaneously, such as having both a USB and a Bluetooth Smart implementation enabled at the same time. It also paves the way to support timeout interruptions (for Bug 1301793). - Executes operations across a list of authenticators. - Uses runnables, via MozPromise and SharedThreadPool. - Remove nsNSSShutDownPreventionLock from U2F*Task and move to U2F*Runnable - Review updates - Some of the review updates from earlier changeset are ... painful to merge back before this one, so I'm just tacking them on here. It's still missing some things, though: - It's not actually executing the operations in parallel yet, as invoking methods on NSSU2FTokenRemote from a worker thread throws exceptions while obtaining ContentChild::GetSingleton(). MozReview-Commit-ID: EUdZQesASo2 *** Bug 1297552 - Updates per review r?keeler MozReview-Commit-ID: EHIWM74tfYG --HG-- extra : transplant_source : %F9%9E%9E%5B7%19R0%7D%C1%B1%FB%BD%97%26%B2%A3%9CTg
2016-10-13 06:56:56 +03:00
MOZ_ASSERT(NS_IsMainThread());
Bug 1309284 - Implement W3C Web Authentication JS API [part 1] r=keeler,qdot This patch implements the W3C Web Authentication API from https://www.w3.org/TR/webauthn/, currently the 28 September 2016 working draft. It utilizes a tentative binding of the U2F NSS Soft Token to provide authentication services while waiting on Bug 1245527 to support USB HID-based U2F tokens. This binding is not in the specification yet, so it should be considered an experiment to help the specification move fowrard. There are also a handful of deviations from the specification's WebIDL, which are annotated with comments in WebAuthentication.webidl. There are no tests in this commit; they are in Part 4 of this commit series. There is a small script online at https://webauthn.bin.coffee/ to exercise this code, but it doesn't do any automated checks. There are also a handful of TODOS: 1) The algorithm to relax the same-origin restriction is in Part 3. 2) The use of AlgorithmIdentifier and having a way to coerce an object to a string is still missing. 3) Timeouts and deadlines aren't there, and are pending reworking how the nsIU2FToken interface works. UPDATED: - Address qdot, keeler review comments (thanks!) - Address more qdot, keeler review comments (thanks!) MozReview-Commit-ID: JITapI38iOh --HG-- extra : rebase_source : 9a09e852dd0c8dc47f42dabbcf8b845a6828b225
2017-01-09 23:22:49 +03:00
U2FClientData clientDataObject;
Bug 1264472 - Use nsRunnables in FIDO U2F. r=keeler - Move the AppID/FacetID algorithm into its own (potentially reentrant) method to facilitate Bug 1244959 - Change the Register and Sign operations to be Runnables so that in the future they can be executed after (future) remote fetches - Clean up error handling - Remove unnecessary remote-load Facet test files; we'll re-add some form of them when the remote load algorithm is completed MozReview-Commit-ID: 4K1q6ovzhgf --HG-- extra : transplant_source : /%7F/%96o1%3E%5E%17%20%A2%D0%AA%10%21%88%19%D9%B3%C9 extra : histedit_source : 4d3c61294951920a22e1f1eb7846a2a03f7cd2f0
2016-04-19 00:49:07 +03:00
clientDataObject.mTyp.Construct(aTyp); // "Typ" from the U2F specification
clientDataObject.mChallenge.Construct(aChallenge);
clientDataObject.mOrigin.Construct(aOrigin);
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
if (NS_WARN_IF(!clientDataObject.ToJSON(aClientData))) {
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
return NS_ERROR_FAILURE;
}
return NS_OK;
}
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
static void
RegisteredKeysToScopedCredentialList(const nsAString& aAppId,
const nsTArray<RegisteredKey>& aKeys,
nsTArray<WebAuthnScopedCredentialDescriptor>& aList)
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
{
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
for (const RegisteredKey& key : aKeys) {
// Check for required attributes
if (!key.mVersion.WasPassed() || !key.mKeyHandle.WasPassed() ||
key.mVersion.Value() != kRequiredU2FVersion) {
continue;
}
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
// If this key's mAppId doesn't match the invocation, we can't handle it.
if (key.mAppId.WasPassed() && !key.mAppId.Value().Equals(aAppId)) {
continue;
}
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
CryptoBuffer keyHandle;
nsresult rv = keyHandle.FromJwkBase64(key.mKeyHandle.Value());
if (NS_WARN_IF(NS_FAILED(rv))) {
continue;
}
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
WebAuthnScopedCredentialDescriptor c;
c.id() = keyHandle;
aList.AppendElement(c);
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
}
}
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
static ErrorCode
Bug 1244959 - Use IsRegistrableDomainSuffixOfOrEqualTo for U2F Facets r=ttaubert In Comment 8 of Bug 1244959 [1], Brad Hill argues that instead of leaving our U2F Facet support completely half-way, that we could use the Public Suffix logic introduced into HTML for W3C Web Authentication (the method named IsRegistrableDomainSuffixOfOrEqualTo) to scope the FIDO AppID to an eTLD+1 hierarchy. This is a deviation from the FIDO specification, but doesn't break anything that currently works with our U2F implementation, and theoretically enables sites that otherwise need an external FacetID fetch which we aren't implementing. The downside to this is that it's then Firefox-specific behavior. But since this isn't a shipped feature, we have more room to experiment. As an additional bonus, it encourages U2F sites to use the upcoming Web Authentication security model, which will help them prepare to adopt the newer standard. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1244959#c8 MozReview-Commit-ID: DzNVhHT9qRL --HG-- extra : rebase_source : 262e2ddbec325e0391d346473f27ae2738490da1
2017-09-29 02:45:28 +03:00
EvaluateAppID(nsPIDOMWindowInner* aParent, const nsString& aOrigin,
/* in/out */ nsString& aAppId)
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
{
// Facet is the specification's way of referring to the web origin.
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
nsAutoCString facetString = NS_ConvertUTF16toUTF8(aOrigin);
nsCOMPtr<nsIURI> facetUri;
if (NS_FAILED(NS_NewURI(getter_AddRefs(facetUri), facetString))) {
Bug 1297552 - Reorder parts of U2F.cpp r=keeler MozReview-Commit-ID: L1juEjU6AMJ --HG-- extra : transplant_source : %7FpE%29%9C%A2%B5%40%8716%16%1C%B7%B56%F5%19VJ
2016-10-07 00:35:57 +03:00
return ErrorCode::BAD_REQUEST;
}
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
// If the facetId (origin) is not HTTPS, reject
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
bool facetIsHttps = false;
if (NS_FAILED(facetUri->SchemeIs("https", &facetIsHttps)) || !facetIsHttps) {
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for prefs and scheme, and generally made these cleaner. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : transplant_source : %EA%98%D2%87C%FD%CC%A5%3D%B5%9B%1C%DA%A5J%CD%05%94%13%0D
2017-09-05 22:32:42 +03:00
return ErrorCode::BAD_REQUEST;
}
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
// If the appId is empty or null, overwrite it with the facetId and accept
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
if (aAppId.IsEmpty() || aAppId.EqualsLiteral("null")) {
aAppId.Assign(aOrigin);
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
return ErrorCode::OK;
}
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
// AppID is user-supplied. It's quite possible for this parse to fail.
nsAutoCString appIdString = NS_ConvertUTF16toUTF8(aAppId);
nsCOMPtr<nsIURI> appIdUri;
if (NS_FAILED(NS_NewURI(getter_AddRefs(appIdUri), appIdString))) {
return ErrorCode::BAD_REQUEST;
}
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
// if the appId URL is not HTTPS, reject.
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
bool appIdIsHttps = false;
if (NS_FAILED(appIdUri->SchemeIs("https", &appIdIsHttps)) || !appIdIsHttps) {
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for prefs and scheme, and generally made these cleaner. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : transplant_source : %EA%98%D2%87C%FD%CC%A5%3D%B5%9B%1C%DA%A5J%CD%05%94%13%0D
2017-09-05 22:32:42 +03:00
return ErrorCode::BAD_REQUEST;
}
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
Bug 1244959 - Use IsRegistrableDomainSuffixOfOrEqualTo for U2F Facets r=ttaubert In Comment 8 of Bug 1244959 [1], Brad Hill argues that instead of leaving our U2F Facet support completely half-way, that we could use the Public Suffix logic introduced into HTML for W3C Web Authentication (the method named IsRegistrableDomainSuffixOfOrEqualTo) to scope the FIDO AppID to an eTLD+1 hierarchy. This is a deviation from the FIDO specification, but doesn't break anything that currently works with our U2F implementation, and theoretically enables sites that otherwise need an external FacetID fetch which we aren't implementing. The downside to this is that it's then Firefox-specific behavior. But since this isn't a shipped feature, we have more room to experiment. As an additional bonus, it encourages U2F sites to use the upcoming Web Authentication security model, which will help them prepare to adopt the newer standard. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1244959#c8 MozReview-Commit-ID: DzNVhHT9qRL --HG-- extra : rebase_source : 262e2ddbec325e0391d346473f27ae2738490da1
2017-09-29 02:45:28 +03:00
// Run the HTML5 algorithm to relax the same-origin policy, copied from W3C
// Web Authentication. See Bug 1244959 comment #8 for context on why we are
// doing this instead of implementing the external-fetch FacetID logic.
nsCOMPtr<nsIDocument> document = aParent->GetDoc();
if (!document || !document->IsHTMLDocument()) {
return ErrorCode::BAD_REQUEST;
}
nsHTMLDocument* html = document->AsHTMLDocument();
if (NS_WARN_IF(!html)) {
return ErrorCode::BAD_REQUEST;
}
// Use the base domain as the facet for evaluation. This lets this algorithm
// relax the whole eTLD+1.
nsCOMPtr<nsIEffectiveTLDService> tldService =
do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
if (!tldService) {
return ErrorCode::BAD_REQUEST;
}
nsAutoCString lowestFacetHost;
if (NS_FAILED(tldService->GetBaseDomain(facetUri, 0, lowestFacetHost))) {
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
return ErrorCode::BAD_REQUEST;
}
nsAutoCString appIdHost;
Bug 1244959 - Use IsRegistrableDomainSuffixOfOrEqualTo for U2F Facets r=ttaubert In Comment 8 of Bug 1244959 [1], Brad Hill argues that instead of leaving our U2F Facet support completely half-way, that we could use the Public Suffix logic introduced into HTML for W3C Web Authentication (the method named IsRegistrableDomainSuffixOfOrEqualTo) to scope the FIDO AppID to an eTLD+1 hierarchy. This is a deviation from the FIDO specification, but doesn't break anything that currently works with our U2F implementation, and theoretically enables sites that otherwise need an external FacetID fetch which we aren't implementing. The downside to this is that it's then Firefox-specific behavior. But since this isn't a shipped feature, we have more room to experiment. As an additional bonus, it encourages U2F sites to use the upcoming Web Authentication security model, which will help them prepare to adopt the newer standard. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1244959#c8 MozReview-Commit-ID: DzNVhHT9qRL --HG-- extra : rebase_source : 262e2ddbec325e0391d346473f27ae2738490da1
2017-09-29 02:45:28 +03:00
if (NS_FAILED(appIdUri->GetAsciiHost(appIdHost))) {
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
return ErrorCode::BAD_REQUEST;
}
Bug 1244959 - Use IsRegistrableDomainSuffixOfOrEqualTo for U2F Facets r=ttaubert In Comment 8 of Bug 1244959 [1], Brad Hill argues that instead of leaving our U2F Facet support completely half-way, that we could use the Public Suffix logic introduced into HTML for W3C Web Authentication (the method named IsRegistrableDomainSuffixOfOrEqualTo) to scope the FIDO AppID to an eTLD+1 hierarchy. This is a deviation from the FIDO specification, but doesn't break anything that currently works with our U2F implementation, and theoretically enables sites that otherwise need an external FacetID fetch which we aren't implementing. The downside to this is that it's then Firefox-specific behavior. But since this isn't a shipped feature, we have more room to experiment. As an additional bonus, it encourages U2F sites to use the upcoming Web Authentication security model, which will help them prepare to adopt the newer standard. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1244959#c8 MozReview-Commit-ID: DzNVhHT9qRL --HG-- extra : rebase_source : 262e2ddbec325e0391d346473f27ae2738490da1
2017-09-29 02:45:28 +03:00
MOZ_LOG(gU2FLog, LogLevel::Debug,
("AppId %s Facet %s", appIdHost.get(), lowestFacetHost.get()));
if (html->IsRegistrableDomainSuffixOfOrEqualTo(NS_ConvertUTF8toUTF16(lowestFacetHost),
appIdHost)) {
Bug 1297552 - Reorder parts of U2F.cpp r=keeler MozReview-Commit-ID: L1juEjU6AMJ --HG-- extra : transplant_source : %7FpE%29%9C%A2%B5%40%8716%16%1C%B7%B56%F5%19VJ
2016-10-07 00:35:57 +03:00
return ErrorCode::OK;
}
return ErrorCode::BAD_REQUEST;
}
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
static nsresult
BuildTransactionHashes(const nsCString& aRpId,
const nsCString& aClientDataJSON,
/* out */ CryptoBuffer& aRpIdHash,
/* out */ CryptoBuffer& aClientDataHash)
{
nsresult srv;
nsCOMPtr<nsICryptoHash> hashService =
do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID, &srv);
if (NS_FAILED(srv)) {
return srv;
}
if (!aRpIdHash.SetLength(SHA256_LENGTH, fallible)) {
return NS_ERROR_OUT_OF_MEMORY;
}
srv = HashCString(hashService, aRpId, aRpIdHash);
if (NS_WARN_IF(NS_FAILED(srv))) {
return NS_ERROR_FAILURE;
}
if (!aClientDataHash.SetLength(SHA256_LENGTH, fallible)) {
return NS_ERROR_OUT_OF_MEMORY;
}
srv = HashCString(hashService, aClientDataJSON, aClientDataHash);
if (NS_WARN_IF(NS_FAILED(srv))) {
return NS_ERROR_FAILURE;
}
if (MOZ_LOG_TEST(gU2FLog, LogLevel::Debug)) {
nsString base64;
Unused << NS_WARN_IF(NS_FAILED(aRpIdHash.ToJwkBase64(base64)));
MOZ_LOG(gU2FLog, LogLevel::Debug,
("dom::U2FManager::RpID: %s", aRpId.get()));
MOZ_LOG(gU2FLog, LogLevel::Debug,
("dom::U2FManager::Rp ID Hash (base64): %s",
NS_ConvertUTF16toUTF8(base64).get()));
Unused << NS_WARN_IF(NS_FAILED(aClientDataHash.ToJwkBase64(base64)));
MOZ_LOG(gU2FLog, LogLevel::Debug,
("dom::U2FManager::Client Data JSON: %s", aClientDataJSON.get()));
MOZ_LOG(gU2FLog, LogLevel::Debug,
("dom::U2FManager::Client Data Hash (base64): %s",
NS_ConvertUTF16toUTF8(base64).get()));
}
return NS_OK;
}
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
template<typename T, typename C>
static void
ExecuteCallback(T& aResp, Maybe<nsMainThreadPtrHandle<C>>& aCb)
Bug 1297552 - Use MozPromise to run U2F operations in parallel. r=keeler This patch sets up the U2F system to support multiple nsIU2FToken "authenticators" simultaneously, such as having both a USB and a Bluetooth Smart implementation enabled at the same time. It also paves the way to support timeout interruptions (for Bug 1301793). - Executes operations across a list of authenticators. - Uses runnables, via MozPromise and SharedThreadPool. - Remove nsNSSShutDownPreventionLock from U2F*Task and move to U2F*Runnable - Review updates - Some of the review updates from earlier changeset are ... painful to merge back before this one, so I'm just tacking them on here. It's still missing some things, though: - It's not actually executing the operations in parallel yet, as invoking methods on NSSU2FTokenRemote from a worker thread throws exceptions while obtaining ContentChild::GetSingleton(). MozReview-Commit-ID: EUdZQesASo2 *** Bug 1297552 - Updates per review r?keeler MozReview-Commit-ID: EHIWM74tfYG --HG-- extra : transplant_source : %F9%9E%9E%5B7%19R0%7D%C1%B1%FB%BD%97%26%B2%A3%9CTg
2016-10-13 06:56:56 +03:00
{
MOZ_ASSERT(NS_IsMainThread());
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
if (aCb.isNothing()) {
return;
Bug 1297552 - Use MozPromise to run U2F operations in parallel. r=keeler This patch sets up the U2F system to support multiple nsIU2FToken "authenticators" simultaneously, such as having both a USB and a Bluetooth Smart implementation enabled at the same time. It also paves the way to support timeout interruptions (for Bug 1301793). - Executes operations across a list of authenticators. - Uses runnables, via MozPromise and SharedThreadPool. - Remove nsNSSShutDownPreventionLock from U2F*Task and move to U2F*Runnable - Review updates - Some of the review updates from earlier changeset are ... painful to merge back before this one, so I'm just tacking them on here. It's still missing some things, though: - It's not actually executing the operations in parallel yet, as invoking methods on NSSU2FTokenRemote from a worker thread throws exceptions while obtaining ContentChild::GetSingleton(). MozReview-Commit-ID: EUdZQesASo2 *** Bug 1297552 - Updates per review r?keeler MozReview-Commit-ID: EHIWM74tfYG --HG-- extra : transplant_source : %F9%9E%9E%5B7%19R0%7D%C1%B1%FB%BD%97%26%B2%A3%9CTg
2016-10-13 06:56:56 +03:00
}
Bug 1413125 - Support reentry synchronously from U2F callbacks. r=jcj Call MozPromiseRequestHolder::Complete() and reset callbacks eariler to support reentry of U2F::Register()/Sign() from calling ExecuteCallback().
2017-10-31 13:22:00 +03:00
// reset callback earlier to allow reentry from callback.
nsMainThreadPtrHandle<C> callback(aCb.ref());
aCb.reset();
MOZ_ASSERT(aCb.isNothing());
MOZ_ASSERT(!!callback);
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
ErrorResult error;
Bug 1413125 - Support reentry synchronously from U2F callbacks. r=jcj Call MozPromiseRequestHolder::Complete() and reset callbacks eariler to support reentry of U2F::Register()/Sign() from calling ExecuteCallback().
2017-10-31 13:22:00 +03:00
callback->Call(aResp, error);
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
NS_WARNING_ASSERTION(!error.Failed(), "dom::U2F::Promise callback failed");
error.SuppressException(); // Useful exceptions already emitted
Bug 1297552 - Use MozPromise to run U2F operations in parallel. r=keeler This patch sets up the U2F system to support multiple nsIU2FToken "authenticators" simultaneously, such as having both a USB and a Bluetooth Smart implementation enabled at the same time. It also paves the way to support timeout interruptions (for Bug 1301793). - Executes operations across a list of authenticators. - Uses runnables, via MozPromise and SharedThreadPool. - Remove nsNSSShutDownPreventionLock from U2F*Task and move to U2F*Runnable - Review updates - Some of the review updates from earlier changeset are ... painful to merge back before this one, so I'm just tacking them on here. It's still missing some things, though: - It's not actually executing the operations in parallel yet, as invoking methods on NSSU2FTokenRemote from a worker thread throws exceptions while obtaining ContentChild::GetSingleton(). MozReview-Commit-ID: EUdZQesASo2 *** Bug 1297552 - Updates per review r?keeler MozReview-Commit-ID: EHIWM74tfYG --HG-- extra : transplant_source : %F9%9E%9E%5B7%19R0%7D%C1%B1%FB%BD%97%26%B2%A3%9CTg
2016-10-13 06:56:56 +03:00
}
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
/***********************************************************************
* U2F JavaScript API Implementation
**********************************************************************/
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
U2F::U2F(nsPIDOMWindowInner* aParent)
: mParent(aParent)
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
{
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
MOZ_ASSERT(NS_IsMainThread());
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
}
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
U2F::~U2F()
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
{
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
MOZ_ASSERT(NS_IsMainThread());
if (mTransaction.isSome()) {
RejectTransaction(NS_ERROR_ABORT);
}
if (mChild) {
RefPtr<U2FTransactionChild> c;
mChild.swap(c);
c->Send__delete__(c);
}
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
mRegisterCallback.reset();
mSignCallback.reset();
Bug 1297552 - Use MozPromise to run U2F operations in parallel. r=keeler This patch sets up the U2F system to support multiple nsIU2FToken "authenticators" simultaneously, such as having both a USB and a Bluetooth Smart implementation enabled at the same time. It also paves the way to support timeout interruptions (for Bug 1301793). - Executes operations across a list of authenticators. - Uses runnables, via MozPromise and SharedThreadPool. - Remove nsNSSShutDownPreventionLock from U2F*Task and move to U2F*Runnable - Review updates - Some of the review updates from earlier changeset are ... painful to merge back before this one, so I'm just tacking them on here. It's still missing some things, though: - It's not actually executing the operations in parallel yet, as invoking methods on NSSU2FTokenRemote from a worker thread throws exceptions while obtaining ContentChild::GetSingleton(). MozReview-Commit-ID: EUdZQesASo2 *** Bug 1297552 - Updates per review r?keeler MozReview-Commit-ID: EHIWM74tfYG --HG-- extra : transplant_source : %F9%9E%9E%5B7%19R0%7D%C1%B1%FB%BD%97%26%B2%A3%9CTg
2016-10-13 06:56:56 +03:00
}
void
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
U2F::Init(ErrorResult& aRv)
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
{
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
MOZ_ASSERT(mParent);
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
nsCOMPtr<nsIDocument> doc = mParent->GetDoc();
MOZ_ASSERT(doc);
if (!doc) {
aRv.Throw(NS_ERROR_FAILURE);
return;
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
}
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
nsIPrincipal* principal = doc->NodePrincipal();
aRv = nsContentUtils::GetUTFOrigin(principal, mOrigin);
if (NS_WARN_IF(aRv.Failed())) {
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
return;
}
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for prefs and scheme, and generally made these cleaner. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : transplant_source : %EA%98%D2%87C%FD%CC%A5%3D%B5%9B%1C%DA%A5J%CD%05%94%13%0D
2017-09-05 22:32:42 +03:00
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
if (NS_WARN_IF(mOrigin.IsEmpty())) {
aRv.Throw(NS_ERROR_FAILURE);
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
return;
}
Bug 1264472 - Use nsRunnables in FIDO U2F. r=keeler - Move the AppID/FacetID algorithm into its own (potentially reentrant) method to facilitate Bug 1244959 - Change the Register and Sign operations to be Runnables so that in the future they can be executed after (future) remote fetches - Clean up error handling - Remove unnecessary remote-load Facet test files; we'll re-add some form of them when the remote load algorithm is completed MozReview-Commit-ID: 4K1q6ovzhgf --HG-- extra : transplant_source : /%7F/%96o1%3E%5E%17%20%A2%D0%AA%10%21%88%19%D9%B3%C9 extra : histedit_source : 4d3c61294951920a22e1f1eb7846a2a03f7cd2f0
2016-04-19 00:49:07 +03:00
}
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
/* virtual */ JSObject*
U2F::WrapObject(JSContext* aCx, JS::Handle<JSObject*> aGivenProto)
Bug 1264472 - Use nsRunnables in FIDO U2F. r=keeler - Move the AppID/FacetID algorithm into its own (potentially reentrant) method to facilitate Bug 1244959 - Change the Register and Sign operations to be Runnables so that in the future they can be executed after (future) remote fetches - Clean up error handling - Remove unnecessary remote-load Facet test files; we'll re-add some form of them when the remote load algorithm is completed MozReview-Commit-ID: 4K1q6ovzhgf --HG-- extra : transplant_source : /%7F/%96o1%3E%5E%17%20%A2%D0%AA%10%21%88%19%D9%B3%C9 extra : histedit_source : 4d3c61294951920a22e1f1eb7846a2a03f7cd2f0
2016-04-19 00:49:07 +03:00
{
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
return U2FBinding::Wrap(aCx, this, aGivenProto);
Bug 1297552 - Use MozPromise to run U2F operations in parallel. r=keeler This patch sets up the U2F system to support multiple nsIU2FToken "authenticators" simultaneously, such as having both a USB and a Bluetooth Smart implementation enabled at the same time. It also paves the way to support timeout interruptions (for Bug 1301793). - Executes operations across a list of authenticators. - Uses runnables, via MozPromise and SharedThreadPool. - Remove nsNSSShutDownPreventionLock from U2F*Task and move to U2F*Runnable - Review updates - Some of the review updates from earlier changeset are ... painful to merge back before this one, so I'm just tacking them on here. It's still missing some things, though: - It's not actually executing the operations in parallel yet, as invoking methods on NSSU2FTokenRemote from a worker thread throws exceptions while obtaining ContentChild::GetSingleton(). MozReview-Commit-ID: EUdZQesASo2 *** Bug 1297552 - Updates per review r?keeler MozReview-Commit-ID: EHIWM74tfYG --HG-- extra : transplant_source : %F9%9E%9E%5B7%19R0%7D%C1%B1%FB%BD%97%26%B2%A3%9CTg
2016-10-13 06:56:56 +03:00
}
void
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
U2F::Register(const nsAString& aAppId,
const Sequence<RegisterRequest>& aRegisterRequests,
const Sequence<RegisteredKey>& aRegisteredKeys,
U2FRegisterCallback& aCallback,
const Optional<Nullable<int32_t>>& opt_aTimeoutSeconds,
ErrorResult& aRv)
Bug 1297552 - Use MozPromise to run U2F operations in parallel. r=keeler This patch sets up the U2F system to support multiple nsIU2FToken "authenticators" simultaneously, such as having both a USB and a Bluetooth Smart implementation enabled at the same time. It also paves the way to support timeout interruptions (for Bug 1301793). - Executes operations across a list of authenticators. - Uses runnables, via MozPromise and SharedThreadPool. - Remove nsNSSShutDownPreventionLock from U2F*Task and move to U2F*Runnable - Review updates - Some of the review updates from earlier changeset are ... painful to merge back before this one, so I'm just tacking them on here. It's still missing some things, though: - It's not actually executing the operations in parallel yet, as invoking methods on NSSU2FTokenRemote from a worker thread throws exceptions while obtaining ContentChild::GetSingleton(). MozReview-Commit-ID: EUdZQesASo2 *** Bug 1297552 - Updates per review r?keeler MozReview-Commit-ID: EHIWM74tfYG --HG-- extra : transplant_source : %F9%9E%9E%5B7%19R0%7D%C1%B1%FB%BD%97%26%B2%A3%9CTg
2016-10-13 06:56:56 +03:00
{
MOZ_ASSERT(NS_IsMainThread());
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
if (mTransaction.isSome()) {
CancelTransaction(NS_ERROR_ABORT);
}
Bug 1402156 - Cancel any pending requests when u2f.{register,sign} is called r=jcj Bug #: 1402156 Differential Revision: https://phabricator.services.mozilla.com/D101
2017-10-06 15:45:27 +03:00
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
MOZ_ASSERT(mRegisterCallback.isNothing());
mRegisterCallback = Some(nsMainThreadPtrHandle<U2FRegisterCallback>(
new nsMainThreadPtrHolder<U2FRegisterCallback>(
"U2F::Register::callback", &aCallback)));
uint32_t adjustedTimeoutMillis = AdjustedTimeoutMillis(opt_aTimeoutSeconds);
Bug 1297552 - Use MozPromise to run U2F operations in parallel. r=keeler This patch sets up the U2F system to support multiple nsIU2FToken "authenticators" simultaneously, such as having both a USB and a Bluetooth Smart implementation enabled at the same time. It also paves the way to support timeout interruptions (for Bug 1301793). - Executes operations across a list of authenticators. - Uses runnables, via MozPromise and SharedThreadPool. - Remove nsNSSShutDownPreventionLock from U2F*Task and move to U2F*Runnable - Review updates - Some of the review updates from earlier changeset are ... painful to merge back before this one, so I'm just tacking them on here. It's still missing some things, though: - It's not actually executing the operations in parallel yet, as invoking methods on NSSU2FTokenRemote from a worker thread throws exceptions while obtaining ContentChild::GetSingleton(). MozReview-Commit-ID: EUdZQesASo2 *** Bug 1297552 - Updates per review r?keeler MozReview-Commit-ID: EHIWM74tfYG --HG-- extra : transplant_source : %F9%9E%9E%5B7%19R0%7D%C1%B1%FB%BD%97%26%B2%A3%9CTg
2016-10-13 06:56:56 +03:00
// Evaluate the AppID
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
nsString adjustedAppId;
adjustedAppId.Assign(aAppId);
Bug 1244959 - Use IsRegistrableDomainSuffixOfOrEqualTo for U2F Facets r=ttaubert In Comment 8 of Bug 1244959 [1], Brad Hill argues that instead of leaving our U2F Facet support completely half-way, that we could use the Public Suffix logic introduced into HTML for W3C Web Authentication (the method named IsRegistrableDomainSuffixOfOrEqualTo) to scope the FIDO AppID to an eTLD+1 hierarchy. This is a deviation from the FIDO specification, but doesn't break anything that currently works with our U2F implementation, and theoretically enables sites that otherwise need an external FacetID fetch which we aren't implementing. The downside to this is that it's then Firefox-specific behavior. But since this isn't a shipped feature, we have more room to experiment. As an additional bonus, it encourages U2F sites to use the upcoming Web Authentication security model, which will help them prepare to adopt the newer standard. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1244959#c8 MozReview-Commit-ID: DzNVhHT9qRL --HG-- extra : rebase_source : 262e2ddbec325e0391d346473f27ae2738490da1
2017-09-29 02:45:28 +03:00
ErrorCode appIdResult = EvaluateAppID(mParent, mOrigin, adjustedAppId);
Bug 1297552 - Use MozPromise to run U2F operations in parallel. r=keeler This patch sets up the U2F system to support multiple nsIU2FToken "authenticators" simultaneously, such as having both a USB and a Bluetooth Smart implementation enabled at the same time. It also paves the way to support timeout interruptions (for Bug 1301793). - Executes operations across a list of authenticators. - Uses runnables, via MozPromise and SharedThreadPool. - Remove nsNSSShutDownPreventionLock from U2F*Task and move to U2F*Runnable - Review updates - Some of the review updates from earlier changeset are ... painful to merge back before this one, so I'm just tacking them on here. It's still missing some things, though: - It's not actually executing the operations in parallel yet, as invoking methods on NSSU2FTokenRemote from a worker thread throws exceptions while obtaining ContentChild::GetSingleton(). MozReview-Commit-ID: EUdZQesASo2 *** Bug 1297552 - Updates per review r?keeler MozReview-Commit-ID: EHIWM74tfYG --HG-- extra : transplant_source : %F9%9E%9E%5B7%19R0%7D%C1%B1%FB%BD%97%26%B2%A3%9CTg
2016-10-13 06:56:56 +03:00
if (appIdResult != ErrorCode::OK) {
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
RegisterResponse response;
response.mErrorCode.Construct(static_cast<uint32_t>(appIdResult));
ExecuteCallback(response, mRegisterCallback);
return;
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
}
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
// Produce the AppParam from the current AppID
nsCString cAppId = NS_ConvertUTF16toUTF8(adjustedAppId);
Bug 1297552 - Perform U2F hash operations more efficiently r=keeler Moves hash calculations to happen only once per JS-invoked Register/Sign operation. MozReview-Commit-ID: FuA95qCl1rG --HG-- extra : transplant_source : %81%A48%8D%FF%82%89M%A7%C4%11%07%B6%94M%C2U%1FY%E8
2016-10-06 23:07:17 +03:00
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
nsAutoString clientDataJSON;
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
// Pick the first valid RegisterRequest; we can only work with one.
for (const RegisterRequest& req : aRegisterRequests) {
if (!req.mChallenge.WasPassed() || !req.mVersion.WasPassed() ||
req.mVersion.Value() != kRequiredU2FVersion) {
Bug 1264472 - Use nsRunnables in FIDO U2F. r=keeler - Move the AppID/FacetID algorithm into its own (potentially reentrant) method to facilitate Bug 1244959 - Change the Register and Sign operations to be Runnables so that in the future they can be executed after (future) remote fetches - Clean up error handling - Remove unnecessary remote-load Facet test files; we'll re-add some form of them when the remote load algorithm is completed MozReview-Commit-ID: 4K1q6ovzhgf --HG-- extra : transplant_source : /%7F/%96o1%3E%5E%17%20%A2%D0%AA%10%21%88%19%D9%B3%C9 extra : histedit_source : 4d3c61294951920a22e1f1eb7846a2a03f7cd2f0
2016-04-19 00:49:07 +03:00
continue;
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
}
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
nsresult rv = AssembleClientData(mOrigin, kFinishEnrollment,
req.mChallenge.Value(), clientDataJSON);
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
if (NS_WARN_IF(NS_FAILED(rv))) {
Bug 1297552 - Use MozPromise to run U2F operations in parallel. r=keeler This patch sets up the U2F system to support multiple nsIU2FToken "authenticators" simultaneously, such as having both a USB and a Bluetooth Smart implementation enabled at the same time. It also paves the way to support timeout interruptions (for Bug 1301793). - Executes operations across a list of authenticators. - Uses runnables, via MozPromise and SharedThreadPool. - Remove nsNSSShutDownPreventionLock from U2F*Task and move to U2F*Runnable - Review updates - Some of the review updates from earlier changeset are ... painful to merge back before this one, so I'm just tacking them on here. It's still missing some things, though: - It's not actually executing the operations in parallel yet, as invoking methods on NSSU2FTokenRemote from a worker thread throws exceptions while obtaining ContentChild::GetSingleton(). MozReview-Commit-ID: EUdZQesASo2 *** Bug 1297552 - Updates per review r?keeler MozReview-Commit-ID: EHIWM74tfYG --HG-- extra : transplant_source : %F9%9E%9E%5B7%19R0%7D%C1%B1%FB%BD%97%26%B2%A3%9CTg
2016-10-13 06:56:56 +03:00
continue;
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
}
Bug 1297552 - Use MozPromise to run U2F operations in parallel. r=keeler This patch sets up the U2F system to support multiple nsIU2FToken "authenticators" simultaneously, such as having both a USB and a Bluetooth Smart implementation enabled at the same time. It also paves the way to support timeout interruptions (for Bug 1301793). - Executes operations across a list of authenticators. - Uses runnables, via MozPromise and SharedThreadPool. - Remove nsNSSShutDownPreventionLock from U2F*Task and move to U2F*Runnable - Review updates - Some of the review updates from earlier changeset are ... painful to merge back before this one, so I'm just tacking them on here. It's still missing some things, though: - It's not actually executing the operations in parallel yet, as invoking methods on NSSU2FTokenRemote from a worker thread throws exceptions while obtaining ContentChild::GetSingleton(). MozReview-Commit-ID: EUdZQesASo2 *** Bug 1297552 - Updates per review r?keeler MozReview-Commit-ID: EHIWM74tfYG --HG-- extra : transplant_source : %F9%9E%9E%5B7%19R0%7D%C1%B1%FB%BD%97%26%B2%A3%9CTg
2016-10-13 06:56:56 +03:00
}
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
// Did we not get a valid RegisterRequest? Abort.
if (clientDataJSON.IsEmpty()) {
RegisterResponse response;
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::BAD_REQUEST));
ExecuteCallback(response, mRegisterCallback);
Bug 1264472 - Use nsRunnables in FIDO U2F. r=keeler - Move the AppID/FacetID algorithm into its own (potentially reentrant) method to facilitate Bug 1244959 - Change the Register and Sign operations to be Runnables so that in the future they can be executed after (future) remote fetches - Clean up error handling - Remove unnecessary remote-load Facet test files; we'll re-add some form of them when the remote load algorithm is completed MozReview-Commit-ID: 4K1q6ovzhgf --HG-- extra : transplant_source : /%7F/%96o1%3E%5E%17%20%A2%D0%AA%10%21%88%19%D9%B3%C9 extra : histedit_source : 4d3c61294951920a22e1f1eb7846a2a03f7cd2f0
2016-04-19 00:49:07 +03:00
return;
}
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
// Build the exclusion list, if any
nsTArray<WebAuthnScopedCredentialDescriptor> excludeList;
RegisteredKeysToScopedCredentialList(adjustedAppId, aRegisteredKeys,
excludeList);
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
auto clientData = NS_ConvertUTF16toUTF8(clientDataJSON);
CryptoBuffer rpIdHash, clientDataHash;
if (NS_FAILED(BuildTransactionHashes(cAppId, clientData,
rpIdHash, clientDataHash))) {
RegisterResponse response;
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::OTHER_ERROR));
ExecuteCallback(response, mRegisterCallback);
return;
}
if (!MaybeCreateBackgroundActor()) {
RegisterResponse response;
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::OTHER_ERROR));
ExecuteCallback(response, mRegisterCallback);
return;
}
ListenForVisibilityEvents();
// Always blank for U2F
nsTArray<WebAuthnExtension> extensions;
WebAuthnTransactionInfo info(rpIdHash,
clientDataHash,
adjustedTimeoutMillis,
excludeList,
extensions);
MOZ_ASSERT(mTransaction.isNothing());
mTransaction = Some(U2FTransaction(clientData));
mChild->SendRequestRegister(mTransaction.ref().mId, info);
}
void
U2F::FinishRegister(const uint64_t& aTransactionId,
nsTArray<uint8_t>& aRegBuffer)
{
MOZ_ASSERT(NS_IsMainThread());
// Check for a valid transaction.
if (mTransaction.isNothing() || mTransaction.ref().mId != aTransactionId) {
return;
}
CryptoBuffer clientDataBuf;
if (NS_WARN_IF(!clientDataBuf.Assign(mTransaction.ref().mClientData))) {
RejectTransaction(NS_ERROR_ABORT);
return;
}
CryptoBuffer regBuf;
if (NS_WARN_IF(!regBuf.Assign(aRegBuffer))) {
RejectTransaction(NS_ERROR_ABORT);
return;
}
nsString clientDataBase64;
nsString registrationDataBase64;
nsresult rvClientData = clientDataBuf.ToJwkBase64(clientDataBase64);
nsresult rvRegistrationData = regBuf.ToJwkBase64(registrationDataBase64);
if (NS_WARN_IF(NS_FAILED(rvClientData)) ||
NS_WARN_IF(NS_FAILED(rvRegistrationData))) {
RejectTransaction(NS_ERROR_ABORT);
return;
}
// Assemble a response object to return
RegisterResponse response;
response.mVersion.Construct(kRequiredU2FVersion);
response.mClientData.Construct(clientDataBase64);
response.mRegistrationData.Construct(registrationDataBase64);
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::OK));
ExecuteCallback(response, mRegisterCallback);
ClearTransaction();
Bug 1264472 - Use nsRunnables in FIDO U2F. r=keeler - Move the AppID/FacetID algorithm into its own (potentially reentrant) method to facilitate Bug 1244959 - Change the Register and Sign operations to be Runnables so that in the future they can be executed after (future) remote fetches - Clean up error handling - Remove unnecessary remote-load Facet test files; we'll re-add some form of them when the remote load algorithm is completed MozReview-Commit-ID: 4K1q6ovzhgf --HG-- extra : transplant_source : /%7F/%96o1%3E%5E%17%20%A2%D0%AA%10%21%88%19%D9%B3%C9 extra : histedit_source : 4d3c61294951920a22e1f1eb7846a2a03f7cd2f0
2016-04-19 00:49:07 +03:00
}
void
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
U2F::Sign(const nsAString& aAppId,
const nsAString& aChallenge,
const Sequence<RegisteredKey>& aRegisteredKeys,
U2FSignCallback& aCallback,
const Optional<Nullable<int32_t>>& opt_aTimeoutSeconds,
ErrorResult& aRv)
Bug 1264472 - Use nsRunnables in FIDO U2F. r=keeler - Move the AppID/FacetID algorithm into its own (potentially reentrant) method to facilitate Bug 1244959 - Change the Register and Sign operations to be Runnables so that in the future they can be executed after (future) remote fetches - Clean up error handling - Remove unnecessary remote-load Facet test files; we'll re-add some form of them when the remote load algorithm is completed MozReview-Commit-ID: 4K1q6ovzhgf --HG-- extra : transplant_source : /%7F/%96o1%3E%5E%17%20%A2%D0%AA%10%21%88%19%D9%B3%C9 extra : histedit_source : 4d3c61294951920a22e1f1eb7846a2a03f7cd2f0
2016-04-19 00:49:07 +03:00
{
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
MOZ_ASSERT(NS_IsMainThread());
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
if (mTransaction.isSome()) {
CancelTransaction(NS_ERROR_ABORT);
}
Bug 1402156 - Cancel any pending requests when u2f.{register,sign} is called r=jcj Bug #: 1402156 Differential Revision: https://phabricator.services.mozilla.com/D101
2017-10-06 15:45:27 +03:00
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
MOZ_ASSERT(mSignCallback.isNothing());
mSignCallback = Some(nsMainThreadPtrHandle<U2FSignCallback>(
new nsMainThreadPtrHolder<U2FSignCallback>(
"U2F::Sign::callback", &aCallback)));
Bug 1297552 - Only permit U2F operations in e10s mode r=keeler - Breaks compatibility with non-e10s windows, as the underlying USB implementation from Bug 1298838 won't support non-e10s either. - Now that U2F doesn't support non-e10s, disable tests if we're not in e10s mode. MozReview-Commit-ID: 5F2323xtXEC --HG-- extra : transplant_source : v%1Fl%C0%2AJ%26k4%89/%95v%89%12%87%94Y%3Cs
2016-10-08 03:28:52 +03:00
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
uint32_t adjustedTimeoutMillis = AdjustedTimeoutMillis(opt_aTimeoutSeconds);
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
// Evaluate the AppID
nsString adjustedAppId;
adjustedAppId.Assign(aAppId);
Bug 1244959 - Use IsRegistrableDomainSuffixOfOrEqualTo for U2F Facets r=ttaubert In Comment 8 of Bug 1244959 [1], Brad Hill argues that instead of leaving our U2F Facet support completely half-way, that we could use the Public Suffix logic introduced into HTML for W3C Web Authentication (the method named IsRegistrableDomainSuffixOfOrEqualTo) to scope the FIDO AppID to an eTLD+1 hierarchy. This is a deviation from the FIDO specification, but doesn't break anything that currently works with our U2F implementation, and theoretically enables sites that otherwise need an external FacetID fetch which we aren't implementing. The downside to this is that it's then Firefox-specific behavior. But since this isn't a shipped feature, we have more room to experiment. As an additional bonus, it encourages U2F sites to use the upcoming Web Authentication security model, which will help them prepare to adopt the newer standard. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1244959#c8 MozReview-Commit-ID: DzNVhHT9qRL --HG-- extra : rebase_source : 262e2ddbec325e0391d346473f27ae2738490da1
2017-09-29 02:45:28 +03:00
ErrorCode appIdResult = EvaluateAppID(mParent, mOrigin, adjustedAppId);
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
if (appIdResult != ErrorCode::OK) {
SignResponse response;
response.mErrorCode.Construct(static_cast<uint32_t>(appIdResult));
ExecuteCallback(response, mSignCallback);
Bug 1297552 - Only permit U2F operations in e10s mode r=keeler - Breaks compatibility with non-e10s windows, as the underlying USB implementation from Bug 1298838 won't support non-e10s either. - Now that U2F doesn't support non-e10s, disable tests if we're not in e10s mode. MozReview-Commit-ID: 5F2323xtXEC --HG-- extra : transplant_source : v%1Fl%C0%2AJ%26k4%89/%95v%89%12%87%94Y%3Cs
2016-10-08 03:28:52 +03:00
return;
}
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
// Produce the AppParam from the current AppID
nsCString cAppId = NS_ConvertUTF16toUTF8(adjustedAppId);
Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage Backed out changeset 8ee1f7aebd62 (bug 1245527) Backed out changeset e6a5de8d1246 (bug 1245527) Backed out changeset be63e73426b4 (bug 1245527) MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 10:09:21 +03:00
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
nsAutoString clientDataJSON;
nsresult rv = AssembleClientData(mOrigin, kGetAssertion, aChallenge,
clientDataJSON);
if (NS_WARN_IF(NS_FAILED(rv))) {
SignResponse response;
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::BAD_REQUEST));
ExecuteCallback(response, mSignCallback);
Bug 1297552 - Only permit U2F operations in e10s mode r=keeler - Breaks compatibility with non-e10s windows, as the underlying USB implementation from Bug 1298838 won't support non-e10s either. - Now that U2F doesn't support non-e10s, disable tests if we're not in e10s mode. MozReview-Commit-ID: 5F2323xtXEC --HG-- extra : transplant_source : v%1Fl%C0%2AJ%26k4%89/%95v%89%12%87%94Y%3Cs
2016-10-08 03:28:52 +03:00
return;
}
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm --HG-- extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
// Build the key list, if any
nsTArray<WebAuthnScopedCredentialDescriptor> permittedList;
RegisteredKeysToScopedCredentialList(adjustedAppId, aRegisteredKeys,
permittedList);
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
auto clientData = NS_ConvertUTF16toUTF8(clientDataJSON);
CryptoBuffer rpIdHash, clientDataHash;
if (NS_FAILED(BuildTransactionHashes(cAppId, clientData,
rpIdHash, clientDataHash))) {
SignResponse response;
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::OTHER_ERROR));
ExecuteCallback(response, mSignCallback);
return;
}
if (!MaybeCreateBackgroundActor()) {
SignResponse response;
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::OTHER_ERROR));
ExecuteCallback(response, mSignCallback);
return;
}
ListenForVisibilityEvents();
// Always blank for U2F
nsTArray<WebAuthnExtension> extensions;
WebAuthnTransactionInfo info(rpIdHash,
clientDataHash,
adjustedTimeoutMillis,
permittedList,
extensions);
MOZ_ASSERT(mTransaction.isNothing());
mTransaction = Some(U2FTransaction(clientData));
mChild->SendRequestSign(mTransaction.ref().mId, info);
}
void
U2F::FinishSign(const uint64_t& aTransactionId,
nsTArray<uint8_t>& aCredentialId,
nsTArray<uint8_t>& aSigBuffer)
{
MOZ_ASSERT(NS_IsMainThread());
// Check for a valid transaction.
if (mTransaction.isNothing() || mTransaction.ref().mId != aTransactionId) {
return;
}
CryptoBuffer clientDataBuf;
if (NS_WARN_IF(!clientDataBuf.Assign(mTransaction.ref().mClientData))) {
RejectTransaction(NS_ERROR_ABORT);
return;
}
CryptoBuffer credBuf;
if (NS_WARN_IF(!credBuf.Assign(aCredentialId))) {
RejectTransaction(NS_ERROR_ABORT);
return;
}
CryptoBuffer sigBuf;
if (NS_WARN_IF(!sigBuf.Assign(aSigBuffer))) {
RejectTransaction(NS_ERROR_ABORT);
return;
}
// Assemble a response object to return
nsString clientDataBase64;
nsString signatureDataBase64;
nsString keyHandleBase64;
nsresult rvClientData = clientDataBuf.ToJwkBase64(clientDataBase64);
nsresult rvSignatureData = sigBuf.ToJwkBase64(signatureDataBase64);
nsresult rvKeyHandle = credBuf.ToJwkBase64(keyHandleBase64);
if (NS_WARN_IF(NS_FAILED(rvClientData)) ||
NS_WARN_IF(NS_FAILED(rvSignatureData) ||
NS_WARN_IF(NS_FAILED(rvKeyHandle)))) {
RejectTransaction(NS_ERROR_ABORT);
return;
}
SignResponse response;
response.mKeyHandle.Construct(keyHandleBase64);
response.mClientData.Construct(clientDataBase64);
response.mSignatureData.Construct(signatureDataBase64);
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::OK));
ExecuteCallback(response, mSignCallback);
ClearTransaction();
}
void
U2F::ClearTransaction()
{
if (!NS_WARN_IF(mTransaction.isNothing())) {
StopListeningForVisibilityEvents();
}
mTransaction.reset();
Bug 1264472 - Use nsRunnables in FIDO U2F. r=keeler - Move the AppID/FacetID algorithm into its own (potentially reentrant) method to facilitate Bug 1244959 - Change the Register and Sign operations to be Runnables so that in the future they can be executed after (future) remote fetches - Clean up error handling - Remove unnecessary remote-load Facet test files; we'll re-add some form of them when the remote load algorithm is completed MozReview-Commit-ID: 4K1q6ovzhgf --HG-- extra : transplant_source : /%7F/%96o1%3E%5E%17%20%A2%D0%AA%10%21%88%19%D9%B3%C9 extra : histedit_source : 4d3c61294951920a22e1f1eb7846a2a03f7cd2f0
2016-04-19 00:49:07 +03:00
}
Bug 1401019 - Cancel the current U2F API request before starting a new one r=jcj I wasn't sure what the right behavior for the U2F API is when `.sign()` or `.register()` is called but there's an ongoing request that wasn't fulfilled yet. I think it makes sense to deny the request (as we currently do) when a request of the same type is currently active. When however sign() -> register() or vice-versa is called then we should cancel the previous request and start the new one. From what I understand from reading the spec we definitely should call the callback before starting the new request. Bug #: 1401019 Differential Revision: https://phabricator.services.mozilla.com/D70
2017-09-19 17:55:38 +03:00
void
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
U2F::RejectTransaction(const nsresult& aError)
{
if (!NS_WARN_IF(mTransaction.isNothing())) {
ErrorCode code = ConvertNSResultToErrorCode(aError);
if (mRegisterCallback.isSome()) {
RegisterResponse response;
response.mErrorCode.Construct(static_cast<uint32_t>(code));
ExecuteCallback(response, mRegisterCallback);
}
if (mSignCallback.isSome()) {
SignResponse response;
response.mErrorCode.Construct(static_cast<uint32_t>(code));
ExecuteCallback(response, mSignCallback);
}
}
ClearTransaction();
}
void
U2F::CancelTransaction(const nsresult& aError)
{
if (!NS_WARN_IF(!mChild || mTransaction.isNothing())) {
mChild->SendRequestCancel(mTransaction.ref().mId);
}
RejectTransaction(aError);
}
void
U2F::RequestAborted(const uint64_t& aTransactionId, const nsresult& aError)
Bug 1401019 - Cancel the current U2F API request before starting a new one r=jcj I wasn't sure what the right behavior for the U2F API is when `.sign()` or `.register()` is called but there's an ongoing request that wasn't fulfilled yet. I think it makes sense to deny the request (as we currently do) when a request of the same type is currently active. When however sign() -> register() or vice-versa is called then we should cancel the previous request and start the new one. From what I understand from reading the spec we definitely should call the callback before starting the new request. Bug #: 1401019 Differential Revision: https://phabricator.services.mozilla.com/D70
2017-09-19 17:55:38 +03:00
{
MOZ_ASSERT(NS_IsMainThread());
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
if (mTransaction.isSome() && mTransaction.ref().mId == aTransactionId) {
RejectTransaction(aError);
}
}
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288 --HG-- extra : amend_source : 5d078e8d9dc1bd6da11f2d84e349b6d77638ed6b
2017-11-28 12:21:07 +03:00
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
/***********************************************************************
* Event Handling
**********************************************************************/
void
U2F::ListenForVisibilityEvents()
{
nsCOMPtr<nsIDocument> doc = mParent->GetExtantDoc();
if (NS_WARN_IF(!doc)) {
return;
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288 --HG-- extra : amend_source : 5d078e8d9dc1bd6da11f2d84e349b6d77638ed6b
2017-11-28 12:21:07 +03:00
}
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
nsresult rv = doc->AddSystemEventListener(kVisibilityChange, this,
/* use capture */ true,
/* wants untrusted */ false);
Unused << NS_WARN_IF(NS_FAILED(rv));
}
void
U2F::StopListeningForVisibilityEvents()
{
nsCOMPtr<nsIDocument> doc = mParent->GetExtantDoc();
if (NS_WARN_IF(!doc)) {
return;
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288 --HG-- extra : amend_source : 5d078e8d9dc1bd6da11f2d84e349b6d77638ed6b
2017-11-28 12:21:07 +03:00
}
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
nsresult rv = doc->RemoveSystemEventListener(kVisibilityChange, this,
/* use capture */ true);
Unused << NS_WARN_IF(NS_FAILED(rv));
}
NS_IMETHODIMP
U2F::HandleEvent(nsIDOMEvent* aEvent)
{
MOZ_ASSERT(NS_IsMainThread());
MOZ_ASSERT(aEvent);
nsAutoString type;
aEvent->GetType(type);
if (!type.Equals(kVisibilityChange)) {
return NS_ERROR_FAILURE;
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288 --HG-- extra : amend_source : 5d078e8d9dc1bd6da11f2d84e349b6d77638ed6b
2017-11-28 12:21:07 +03:00
}
Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj Reviewers: jcj Reviewed By: jcj Bug #: 1410346 Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 12:21:07 +03:00
nsCOMPtr<nsIDocument> doc =
do_QueryInterface(aEvent->InternalDOMEvent()->GetTarget());
if (NS_WARN_IF(!doc)) {
return NS_ERROR_FAILURE;
}
if (doc->Hidden()) {
MOZ_LOG(gU2FLog, LogLevel::Debug,
("Visibility change: U2F window is hidden, cancelling job."));
CancelTransaction(NS_ERROR_ABORT);
}
return NS_OK;
}
/***********************************************************************
* IPC Protocol Implementation
**********************************************************************/
bool
U2F::MaybeCreateBackgroundActor()
{
MOZ_ASSERT(NS_IsMainThread());
if (mChild) {
return true;
}
PBackgroundChild* actorChild = BackgroundChild::GetOrCreateForCurrentThread();
if (NS_WARN_IF(!actorChild)) {
return false;
}
RefPtr<U2FTransactionChild> mgr(new U2FTransactionChild(this));
PWebAuthnTransactionChild* constructedMgr =
actorChild->SendPWebAuthnTransactionConstructor(mgr);
if (NS_WARN_IF(!constructedMgr)) {
return false;
}
MOZ_ASSERT(constructedMgr == mgr);
mChild = mgr.forget();
return true;
}
void
U2F::ActorDestroyed()
{
MOZ_ASSERT(NS_IsMainThread());
mChild = nullptr;
Bug 1401019 - Cancel the current U2F API request before starting a new one r=jcj I wasn't sure what the right behavior for the U2F API is when `.sign()` or `.register()` is called but there's an ongoing request that wasn't fulfilled yet. I think it makes sense to deny the request (as we currently do) when a request of the same type is currently active. When however sign() -> register() or vice-versa is called then we should cancel the previous request and start the new one. From what I understand from reading the spec we definitely should call the callback before starting the new request. Bug #: 1401019 Differential Revision: https://phabricator.services.mozilla.com/D70
2017-09-19 17:55:38 +03:00
}
Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler
2016-02-09 18:43:00 +03:00
} // namespace dom
} // namespace mozilla