2017-10-27 01:08:41 +03:00
|
|
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
|
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
2016-02-09 18:43:00 +03:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
|
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2016-02-09 18:43:00 +03:00
|
|
|
|
|
|
|
|
#include "mozilla/dom/U2F.h"
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
#include "mozilla/dom/WebCryptoCommon.h"
|
2017-11-28 12:21:07 +03:00
|
|
|
#include "mozilla/ipc/PBackgroundChild.h"
|
|
|
|
|
#include "mozilla/ipc/BackgroundChild.h"
|
2017-12-05 21:05:06 +03:00
|
|
|
#include "mozilla/dom/WebAuthnTransactionChild.h"
|
2018-02-22 12:53:49 +03:00
|
|
|
#include "mozilla/dom/WebAuthnUtil.h"
|
2016-02-09 18:43:00 +03:00
|
|
|
#include "nsContentUtils.h"
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
#include "nsNetUtil.h"
|
2016-04-15 19:29:12 +03:00
|
|
|
#include "nsURLParsers.h"
|
2017-11-28 12:21:07 +03:00
|
|
|
|
2019-03-07 01:59:29 +03:00
|
|
|
#ifdef OS_WIN
|
|
|
|
|
# include "WinWebAuthnManager.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
using namespace mozilla::ipc;
|
2016-04-15 19:29:12 +03:00
|
|
|
|
2020-09-09 01:52:34 +03:00
|
|
|
class JSJitInfo;
|
|
|
|
|
|
2017-09-29 02:45:28 +03:00
|
|
|
// Forward decl because of nsHTMLDocument.h's complex dependency on
|
|
|
|
|
// /layout/style
|
|
|
|
|
class nsHTMLDocument {
|
|
|
|
|
public:
|
|
|
|
|
bool IsRegistrableDomainSuffixOfOrEqualTo(const nsAString& aHostSuffixString,
|
|
|
|
|
const nsACString& aOrigHost);
|
|
|
|
|
};
|
|
|
|
|
|
2016-02-09 18:43:00 +03:00
|
|
|
namespace mozilla {
|
|
|
|
|
namespace dom {
|
|
|
|
|
|
2020-07-01 11:42:31 +03:00
|
|
|
constexpr auto kFinishEnrollment = u"navigator.id.finishEnrollment"_ns;
|
|
|
|
|
constexpr auto kGetAssertion = u"navigator.id.getAssertion"_ns;
|
2016-02-09 18:43:00 +03:00
|
|
|
|
2018-02-07 02:59:00 +03:00
|
|
|
// Bug #1436078 - Permit Google Accounts. Remove in Bug #1436085 in Jan 2023.
|
2020-07-01 11:42:31 +03:00
|
|
|
constexpr auto kGoogleAccountsAppId1 =
|
|
|
|
|
u"https://www.gstatic.com/securitykey/origins.json"_ns;
|
|
|
|
|
constexpr auto kGoogleAccountsAppId2 =
|
|
|
|
|
u"https://www.gstatic.com/securitykey/a/google.com/origins.json"_ns;
|
2018-02-07 02:59:00 +03:00
|
|
|
|
2016-02-09 18:43:00 +03:00
|
|
|
NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(U2F)
|
|
|
|
|
NS_WRAPPERCACHE_INTERFACE_MAP_ENTRY
|
2019-01-19 02:21:46 +03:00
|
|
|
NS_INTERFACE_MAP_END_INHERITING(WebAuthnManagerBase)
|
2016-02-09 18:43:00 +03:00
|
|
|
|
2019-01-19 02:21:46 +03:00
|
|
|
NS_IMPL_ADDREF_INHERITED(U2F, WebAuthnManagerBase)
|
|
|
|
|
NS_IMPL_RELEASE_INHERITED(U2F, WebAuthnManagerBase)
|
2016-02-09 18:43:00 +03:00
|
|
|
|
2019-04-02 02:13:26 +03:00
|
|
|
NS_IMPL_CYCLE_COLLECTION_CLASS(U2F)
|
|
|
|
|
NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN_INHERITED(U2F, WebAuthnManagerBase)
|
|
|
|
|
NS_IMPL_CYCLE_COLLECTION_UNLINK(mTransaction)
|
|
|
|
|
NS_IMPL_CYCLE_COLLECTION_UNLINK_PRESERVED_WRAPPER
|
2019-04-02 20:56:47 +03:00
|
|
|
tmp->mTransaction.reset();
|
2019-04-02 02:13:26 +03:00
|
|
|
NS_IMPL_CYCLE_COLLECTION_UNLINK_END
|
|
|
|
|
NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INHERITED(U2F, WebAuthnManagerBase)
|
|
|
|
|
NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mTransaction)
|
|
|
|
|
NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
|
|
|
|
|
NS_IMPL_CYCLE_COLLECTION_TRACE_WRAPPERCACHE(U2F)
|
2016-02-09 18:43:00 +03:00
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
/***********************************************************************
|
|
|
|
|
* Utility Functions
|
|
|
|
|
**********************************************************************/
|
|
|
|
|
|
|
|
|
|
static ErrorCode ConvertNSResultToErrorCode(const nsresult& aError) {
|
|
|
|
|
if (aError == NS_ERROR_DOM_TIMEOUT_ERR) {
|
|
|
|
|
return ErrorCode::TIMEOUT;
|
|
|
|
|
}
|
|
|
|
|
/* Emitted by U2F{Soft,HID}TokenManager when we really mean ineligible */
|
Bug 1460767 - Return device ineligible when appropriate for U2F r=ttaubert
Summary:
FIDO U2F's specification says that when the wrong security key responds to a
signature, or when an already-registered key exists, that the UA should return
error code 4, DEVICE_INELIGIBLE. We used to do that, but adjusted some things
for WebAuthn and now we don't. This changes the soft token to return that at
the appropriate times, and updates the expectations of U2F.cpp that it should
use InvalidStateError as the signal to reutrn DEVICE_INELIGIBLE.
Also, note that WebAuthn's specification says that if any authenticator returns
"InvalidStateError" that it should be propagated, as it indicates that the
authenticator obtained user consent and failed to complete its job [1].
This change to the Soft Token affects the WebAuthn tests, but in a good way.
Reading the WebAuthn spec, we should not be returning NotAllowedError when there
is consent from the user via the token (which the softtoken always deliveres).
As such, this adjusts the affected WebAuthn tests, and adds a couple useful
checks to test_webauthn_get_assertion.html for future purposes.
[1] https://w3c.github.io/webauthn/#createCredential section 5.1.3 "Create a new
credential", Step 20, Note 2: "If any authenticator returns an error status
equivalent to "InvalidStateError"..."
Test Plan: https://treeherder.mozilla.org/#/jobs?repo=try&revision=f2fc930f7fc8eea69b1ebc96748fe95e150a92a4
Reviewers: ttaubert
Bug #: 1460767
Differential Revision: https://phabricator.services.mozilla.com/D1269
--HG--
extra : transplant_source : M%5B%93%81%29%7E%B2%E8%24%05%A6%96%8BUN%C9%FB%3E%B3h
2018-05-11 02:36:18 +03:00
|
|
|
if (aError == NS_ERROR_DOM_INVALID_STATE_ERR) {
|
2017-11-28 12:21:07 +03:00
|
|
|
return ErrorCode::DEVICE_INELIGIBLE;
|
|
|
|
|
}
|
|
|
|
|
return ErrorCode::OTHER_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
static uint32_t AdjustedTimeoutMillis(
|
|
|
|
|
const Optional<Nullable<int32_t>>& opt_aSeconds) {
|
|
|
|
|
uint32_t adjustedTimeoutMillis = 30000u;
|
|
|
|
|
if (opt_aSeconds.WasPassed() && !opt_aSeconds.Value().IsNull()) {
|
|
|
|
|
adjustedTimeoutMillis = opt_aSeconds.Value().Value() * 1000u;
|
|
|
|
|
adjustedTimeoutMillis = std::max(15000u, adjustedTimeoutMillis);
|
|
|
|
|
adjustedTimeoutMillis = std::min(120000u, adjustedTimeoutMillis);
|
|
|
|
|
}
|
|
|
|
|
return adjustedTimeoutMillis;
|
|
|
|
|
}
|
2016-02-09 18:43:00 +03:00
|
|
|
|
2016-04-19 00:49:07 +03:00
|
|
|
static nsresult AssembleClientData(const nsAString& aOrigin,
|
|
|
|
|
const nsAString& aTyp,
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
const nsAString& aChallenge,
|
|
|
|
|
/* out */ nsString& aClientData) {
|
2016-10-13 06:56:56 +03:00
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
2017-01-09 23:22:49 +03:00
|
|
|
U2FClientData clientDataObject;
|
2016-04-19 00:49:07 +03:00
|
|
|
clientDataObject.mTyp.Construct(aTyp); // "Typ" from the U2F specification
|
|
|
|
|
clientDataObject.mChallenge.Construct(aChallenge);
|
|
|
|
|
clientDataObject.mOrigin.Construct(aOrigin);
|
2016-02-09 18:43:00 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
if (NS_WARN_IF(!clientDataObject.ToJSON(aClientData))) {
|
2017-09-09 10:09:21 +03:00
|
|
|
return NS_ERROR_FAILURE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NS_OK;
|
|
|
|
|
}
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
static void RegisteredKeysToScopedCredentialList(
|
|
|
|
|
const nsAString& aAppId, const nsTArray<RegisteredKey>& aKeys,
|
2018-01-09 09:27:35 +03:00
|
|
|
nsTArray<WebAuthnScopedCredential>& aList) {
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
for (const RegisteredKey& key : aKeys) {
|
|
|
|
|
// Check for required attributes
|
|
|
|
|
if (!key.mVersion.WasPassed() || !key.mKeyHandle.WasPassed() ||
|
|
|
|
|
key.mVersion.Value() != kRequiredU2FVersion) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2017-09-09 10:09:21 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
// If this key's mAppId doesn't match the invocation, we can't handle it.
|
|
|
|
|
if (key.mAppId.WasPassed() && !key.mAppId.Value().Equals(aAppId)) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2017-09-09 10:09:21 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
CryptoBuffer keyHandle;
|
|
|
|
|
nsresult rv = keyHandle.FromJwkBase64(key.mKeyHandle.Value());
|
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2017-09-09 10:09:21 +03:00
|
|
|
|
2018-01-09 09:27:35 +03:00
|
|
|
WebAuthnScopedCredential c;
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
c.id() = keyHandle;
|
|
|
|
|
aList.AppendElement(c);
|
2017-09-09 10:09:21 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
/***********************************************************************
|
|
|
|
|
* U2F JavaScript API Implementation
|
|
|
|
|
**********************************************************************/
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
U2F::~U2F() {
|
2017-11-28 12:21:07 +03:00
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
|
|
|
|
|
|
if (mTransaction.isSome()) {
|
2019-04-12 21:18:57 +03:00
|
|
|
ClearTransaction();
|
2017-11-28 12:21:07 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (mChild) {
|
2017-12-05 21:05:06 +03:00
|
|
|
RefPtr<WebAuthnTransactionChild> c;
|
2017-11-28 12:21:07 +03:00
|
|
|
mChild.swap(c);
|
2017-12-05 21:05:06 +03:00
|
|
|
c->Disconnect();
|
2017-11-28 12:21:07 +03:00
|
|
|
}
|
2016-10-13 06:56:56 +03:00
|
|
|
}
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
void U2F::Init(ErrorResult& aRv) {
|
|
|
|
|
MOZ_ASSERT(mParent);
|
2017-09-09 10:09:21 +03:00
|
|
|
|
2019-01-02 16:05:23 +03:00
|
|
|
nsCOMPtr<Document> doc = mParent->GetDoc();
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
MOZ_ASSERT(doc);
|
|
|
|
|
if (!doc) {
|
|
|
|
|
aRv.Throw(NS_ERROR_FAILURE);
|
|
|
|
|
return;
|
2017-09-09 10:09:21 +03:00
|
|
|
}
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
nsIPrincipal* principal = doc->NodePrincipal();
|
|
|
|
|
aRv = nsContentUtils::GetUTFOrigin(principal, mOrigin);
|
|
|
|
|
if (NS_WARN_IF(aRv.Failed())) {
|
2016-02-09 18:43:00 +03:00
|
|
|
return;
|
|
|
|
|
}
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for prefs and scheme,
and generally made these cleaner.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : transplant_source : %EA%98%D2%87C%FD%CC%A5%3D%B5%9B%1C%DA%A5J%CD%05%94%13%0D
2017-09-05 22:32:42 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
if (NS_WARN_IF(mOrigin.IsEmpty())) {
|
|
|
|
|
aRv.Throw(NS_ERROR_FAILURE);
|
2017-09-09 10:09:21 +03:00
|
|
|
return;
|
|
|
|
|
}
|
2016-04-19 00:49:07 +03:00
|
|
|
}
|
2016-02-09 18:43:00 +03:00
|
|
|
|
2019-02-26 01:05:29 +03:00
|
|
|
/* virtual */
|
|
|
|
|
JSObject* U2F::WrapObject(JSContext* aCx, JS::Handle<JSObject*> aGivenProto) {
|
2018-06-26 00:20:54 +03:00
|
|
|
return U2F_Binding::Wrap(aCx, this, aGivenProto);
|
2016-10-13 06:56:56 +03:00
|
|
|
}
|
|
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
template <typename T, typename C>
|
|
|
|
|
void U2F::ExecuteCallback(T& aResp, nsMainThreadPtrHandle<C>& aCb) {
|
|
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
|
MOZ_ASSERT(aCb);
|
|
|
|
|
|
|
|
|
|
ErrorResult error;
|
2020-03-06 12:57:45 +03:00
|
|
|
RefPtr<C> temp = aCb.get(); // Make sure it stays alive
|
|
|
|
|
temp->Call(aResp, error);
|
2017-12-08 18:55:52 +03:00
|
|
|
NS_WARNING_ASSERTION(!error.Failed(), "dom::U2F::Promise callback failed");
|
|
|
|
|
error.SuppressException(); // Useful exceptions already emitted
|
|
|
|
|
}
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
void U2F::Register(const nsAString& aAppId,
|
|
|
|
|
const Sequence<RegisterRequest>& aRegisterRequests,
|
|
|
|
|
const Sequence<RegisteredKey>& aRegisteredKeys,
|
|
|
|
|
U2FRegisterCallback& aCallback,
|
|
|
|
|
const Optional<Nullable<int32_t>>& opt_aTimeoutSeconds,
|
|
|
|
|
ErrorResult& aRv) {
|
2016-10-13 06:56:56 +03:00
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
nsMainThreadPtrHandle<U2FRegisterCallback> callback(
|
|
|
|
|
new nsMainThreadPtrHolder<U2FRegisterCallback>("U2F::Register::callback",
|
|
|
|
|
&aCallback));
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
// Ensure we have a callback.
|
|
|
|
|
if (NS_WARN_IF(!callback)) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
2016-10-13 06:56:56 +03:00
|
|
|
|
2019-03-29 20:59:08 +03:00
|
|
|
if (mTransaction.isSome()) {
|
|
|
|
|
// If there hasn't been a visibility change during the current
|
|
|
|
|
// transaction, then let's let that one complete rather than
|
|
|
|
|
// cancelling it on a subsequent call.
|
|
|
|
|
if (!mTransaction.ref().mVisibilityChanged) {
|
|
|
|
|
RegisterResponse response;
|
|
|
|
|
response.mErrorCode.Construct(
|
|
|
|
|
static_cast<uint32_t>(ErrorCode::OTHER_ERROR));
|
|
|
|
|
ExecuteCallback(response, callback);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Otherwise, the user may well have clicked away, so let's
|
|
|
|
|
// abort the old transaction and take over control from here.
|
|
|
|
|
CancelTransaction(NS_ERROR_ABORT);
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-13 06:56:56 +03:00
|
|
|
// Evaluate the AppID
|
2018-02-22 12:53:49 +03:00
|
|
|
nsString adjustedAppId(aAppId);
|
2019-03-29 20:16:13 +03:00
|
|
|
if (!EvaluateAppID(mParent, mOrigin, adjustedAppId)) {
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
RegisterResponse response;
|
2018-02-22 12:53:49 +03:00
|
|
|
response.mErrorCode.Construct(
|
|
|
|
|
static_cast<uint32_t>(ErrorCode::BAD_REQUEST));
|
2017-12-08 18:55:52 +03:00
|
|
|
ExecuteCallback(response, callback);
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
return;
|
2017-09-09 10:09:21 +03:00
|
|
|
}
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
nsAutoString clientDataJSON;
|
2016-02-09 18:43:00 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
// Pick the first valid RegisterRequest; we can only work with one.
|
2018-05-30 17:06:09 +03:00
|
|
|
CryptoBuffer challenge;
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
for (const RegisterRequest& req : aRegisterRequests) {
|
|
|
|
|
if (!req.mChallenge.WasPassed() || !req.mVersion.WasPassed() ||
|
|
|
|
|
req.mVersion.Value() != kRequiredU2FVersion) {
|
2016-04-19 00:49:07 +03:00
|
|
|
continue;
|
2016-02-09 18:43:00 +03:00
|
|
|
}
|
2018-05-30 17:06:09 +03:00
|
|
|
if (!challenge.Assign(NS_ConvertUTF16toUTF8(req.mChallenge.Value()))) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2016-02-09 18:43:00 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
nsresult rv = AssembleClientData(mOrigin, kFinishEnrollment,
|
|
|
|
|
req.mChallenge.Value(), clientDataJSON);
|
2016-02-09 18:43:00 +03:00
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
2016-10-13 06:56:56 +03:00
|
|
|
continue;
|
2016-02-09 18:43:00 +03:00
|
|
|
}
|
2016-10-13 06:56:56 +03:00
|
|
|
}
|
2016-02-09 18:43:00 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
// Did we not get a valid RegisterRequest? Abort.
|
|
|
|
|
if (clientDataJSON.IsEmpty()) {
|
|
|
|
|
RegisterResponse response;
|
|
|
|
|
response.mErrorCode.Construct(
|
|
|
|
|
static_cast<uint32_t>(ErrorCode::BAD_REQUEST));
|
2017-12-08 18:55:52 +03:00
|
|
|
ExecuteCallback(response, callback);
|
2016-04-19 00:49:07 +03:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
// Build the exclusion list, if any
|
2018-01-09 09:27:35 +03:00
|
|
|
nsTArray<WebAuthnScopedCredential> excludeList;
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
RegisteredKeysToScopedCredentialList(adjustedAppId, aRegisteredKeys,
|
|
|
|
|
excludeList);
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
if (!MaybeCreateBackgroundActor()) {
|
|
|
|
|
RegisterResponse response;
|
|
|
|
|
response.mErrorCode.Construct(
|
|
|
|
|
static_cast<uint32_t>(ErrorCode::OTHER_ERROR));
|
2017-12-08 18:55:52 +03:00
|
|
|
ExecuteCallback(response, callback);
|
2017-11-28 12:21:07 +03:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-07 01:59:29 +03:00
|
|
|
#ifdef OS_WIN
|
|
|
|
|
if (!WinWebAuthnManager::AreWebAuthNApisAvailable()) {
|
|
|
|
|
ListenForVisibilityEvents();
|
|
|
|
|
}
|
|
|
|
|
#else
|
2017-11-28 12:21:07 +03:00
|
|
|
ListenForVisibilityEvents();
|
2019-03-07 01:59:29 +03:00
|
|
|
#endif
|
2017-11-28 12:21:07 +03:00
|
|
|
|
2018-05-30 17:06:09 +03:00
|
|
|
NS_ConvertUTF16toUTF8 clientData(clientDataJSON);
|
2017-12-08 18:55:52 +03:00
|
|
|
uint32_t adjustedTimeoutMillis = AdjustedTimeoutMillis(opt_aTimeoutSeconds);
|
|
|
|
|
|
2020-04-25 01:57:33 +03:00
|
|
|
BrowsingContext* context = mParent->GetBrowsingContext();
|
|
|
|
|
if (!context) {
|
|
|
|
|
RegisterResponse response;
|
|
|
|
|
response.mErrorCode.Construct(
|
|
|
|
|
static_cast<uint32_t>(ErrorCode::OTHER_ERROR));
|
|
|
|
|
ExecuteCallback(response, callback);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-11 20:47:14 +03:00
|
|
|
WebAuthnMakeCredentialInfo info(mOrigin, adjustedAppId, challenge, clientData,
|
2017-11-29 15:58:33 +03:00
|
|
|
adjustedTimeoutMillis, excludeList,
|
2020-04-25 01:57:33 +03:00
|
|
|
Nothing(), /* no extra info for U2F */
|
|
|
|
|
context->Id());
|
2017-11-28 12:21:07 +03:00
|
|
|
|
|
|
|
|
MOZ_ASSERT(mTransaction.isNothing());
|
2018-06-01 18:59:07 +03:00
|
|
|
mTransaction = Some(U2FTransaction(AsVariant(callback)));
|
2017-11-28 12:21:07 +03:00
|
|
|
mChild->SendRequestRegister(mTransaction.ref().mId, info);
|
|
|
|
|
}
|
|
|
|
|
|
Bug 1551282 and bug 1553436. Allow pages to override window.u2f but not the "sign" and "register" properties on the U2F object. r=jcj,smaug
There are two related problems this patch is trying to address. The first, and
simpler, one is bug 1553436: there are websites that use existing variables and
functions named "u2f" and adding a non-replaceable readonly property with that
name on Window breaks them. The fix for this is straightforward: mark the
property [Replaceable].
The second problem, covered by bug 1551282, involves sites that use the Google
U2F polyfill. The relevant parts of that polyfill look like this:
'use strict';
var u2f = u2f || {};
u2f.register = some_function_that_only_works_right_in_Chrome;
u2f.sign = some_function_that_only_works_right_in_Chrome;
The failure mode for that code before this fix is that the assignment to "u2f"
throws because it's a readonly property and we're in strict mode, so any code
the page concatenates in the same file after the polyfill does not get run.
That's what bug 1551282 is about. The [Replaceable] annotation fixes that
issue, because now the polyfill gets the value of window.u2f and then redefines
the property (via the [Replaceable] setter) to be a value property with that
value. So far, so good.
But then we need to prevent the sets of u2f.register
and u2f.sign from taking effect, because if they are allowed to happen, the
actual sign/register functionality on the page will not work in Firefox. We
can't just make the properties readonly, because then the sets will throw due
to being in strict mode, and we still have bug 1551282. The proposed fix is to
make these accessor properties with a no-op setter, which is exactly what
[LenientSetter] gives us.
The rest of the patch is just setting up infrastructure for generating the
normal bits we would generate if "sign" and "register" were methods and using
that to create the JSFunctions at the point when the getter is called. The
JSFunctions then get cached on the u2f instance object.
Differential Revision: https://phabricator.services.mozilla.com/D32357
--HG--
extra : moz-landing-system : lando
2019-05-24 23:40:59 +03:00
|
|
|
using binding_detail::GenericMethod;
|
|
|
|
|
using binding_detail::NormalThisPolicy;
|
|
|
|
|
using binding_detail::ThrowExceptions;
|
|
|
|
|
|
|
|
|
|
// register_impl_methodinfo is generated by bindings.
|
|
|
|
|
namespace U2F_Binding {
|
|
|
|
|
extern const JSJitInfo register_impl_methodinfo;
|
|
|
|
|
} // namespace U2F_Binding
|
|
|
|
|
|
|
|
|
|
// We have 4 non-optional args.
|
|
|
|
|
static const JSFunctionSpec register_spec = JS_FNSPEC(
|
|
|
|
|
"register", (GenericMethod<NormalThisPolicy, ThrowExceptions>),
|
|
|
|
|
&U2F_Binding::register_impl_methodinfo, 4, JSPROP_ENUMERATE, nullptr);
|
|
|
|
|
|
|
|
|
|
void U2F::GetRegister(JSContext* aCx,
|
|
|
|
|
JS::MutableHandle<JSObject*> aRegisterFunc,
|
|
|
|
|
ErrorResult& aRv) {
|
2019-05-27 16:26:04 +03:00
|
|
|
JSFunction* fun = JS::NewFunctionFromSpec(aCx, ®ister_spec);
|
Bug 1551282 and bug 1553436. Allow pages to override window.u2f but not the "sign" and "register" properties on the U2F object. r=jcj,smaug
There are two related problems this patch is trying to address. The first, and
simpler, one is bug 1553436: there are websites that use existing variables and
functions named "u2f" and adding a non-replaceable readonly property with that
name on Window breaks them. The fix for this is straightforward: mark the
property [Replaceable].
The second problem, covered by bug 1551282, involves sites that use the Google
U2F polyfill. The relevant parts of that polyfill look like this:
'use strict';
var u2f = u2f || {};
u2f.register = some_function_that_only_works_right_in_Chrome;
u2f.sign = some_function_that_only_works_right_in_Chrome;
The failure mode for that code before this fix is that the assignment to "u2f"
throws because it's a readonly property and we're in strict mode, so any code
the page concatenates in the same file after the polyfill does not get run.
That's what bug 1551282 is about. The [Replaceable] annotation fixes that
issue, because now the polyfill gets the value of window.u2f and then redefines
the property (via the [Replaceable] setter) to be a value property with that
value. So far, so good.
But then we need to prevent the sets of u2f.register
and u2f.sign from taking effect, because if they are allowed to happen, the
actual sign/register functionality on the page will not work in Firefox. We
can't just make the properties readonly, because then the sets will throw due
to being in strict mode, and we still have bug 1551282. The proposed fix is to
make these accessor properties with a no-op setter, which is exactly what
[LenientSetter] gives us.
The rest of the patch is just setting up infrastructure for generating the
normal bits we would generate if "sign" and "register" were methods and using
that to create the JSFunctions at the point when the getter is called. The
JSFunctions then get cached on the u2f instance object.
Differential Revision: https://phabricator.services.mozilla.com/D32357
--HG--
extra : moz-landing-system : lando
2019-05-24 23:40:59 +03:00
|
|
|
if (!fun) {
|
|
|
|
|
aRv.NoteJSContextException(aCx);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
aRegisterFunc.set(JS_GetFunctionObject(fun));
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-05 21:05:06 +03:00
|
|
|
void U2F::FinishMakeCredential(const uint64_t& aTransactionId,
|
2018-02-12 23:08:54 +03:00
|
|
|
const WebAuthnMakeCredentialResult& aResult) {
|
2017-11-28 12:21:07 +03:00
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
|
|
|
|
|
|
// Check for a valid transaction.
|
|
|
|
|
if (mTransaction.isNothing() || mTransaction.ref().mId != aTransactionId) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
if (NS_WARN_IF(!mTransaction.ref().HasRegisterCallback())) {
|
|
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-30 17:06:09 +03:00
|
|
|
// A CTAP2 response.
|
|
|
|
|
if (aResult.RegistrationData().Length() == 0) {
|
|
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
CryptoBuffer clientDataBuf;
|
2018-05-30 17:06:09 +03:00
|
|
|
if (NS_WARN_IF(!clientDataBuf.Assign(aResult.ClientDataJSON()))) {
|
2017-11-28 12:21:07 +03:00
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
CryptoBuffer regBuf;
|
2018-05-30 17:06:09 +03:00
|
|
|
if (NS_WARN_IF(!regBuf.Assign(aResult.RegistrationData()))) {
|
2017-11-28 12:21:07 +03:00
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
nsString clientDataBase64;
|
|
|
|
|
nsString registrationDataBase64;
|
|
|
|
|
nsresult rvClientData = clientDataBuf.ToJwkBase64(clientDataBase64);
|
|
|
|
|
nsresult rvRegistrationData = regBuf.ToJwkBase64(registrationDataBase64);
|
|
|
|
|
|
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rvClientData)) ||
|
|
|
|
|
NS_WARN_IF(NS_FAILED(rvRegistrationData))) {
|
|
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Assemble a response object to return
|
|
|
|
|
RegisterResponse response;
|
|
|
|
|
response.mVersion.Construct(kRequiredU2FVersion);
|
|
|
|
|
response.mClientData.Construct(clientDataBase64);
|
|
|
|
|
response.mRegistrationData.Construct(registrationDataBase64);
|
|
|
|
|
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::OK));
|
|
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
// Keep the callback pointer alive.
|
|
|
|
|
nsMainThreadPtrHandle<U2FRegisterCallback> callback(
|
|
|
|
|
mTransaction.ref().GetRegisterCallback());
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
ClearTransaction();
|
2017-12-08 18:55:52 +03:00
|
|
|
ExecuteCallback(response, callback);
|
2016-04-19 00:49:07 +03:00
|
|
|
}
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
void U2F::Sign(const nsAString& aAppId, const nsAString& aChallenge,
|
|
|
|
|
const Sequence<RegisteredKey>& aRegisteredKeys,
|
|
|
|
|
U2FSignCallback& aCallback,
|
|
|
|
|
const Optional<Nullable<int32_t>>& opt_aTimeoutSeconds,
|
|
|
|
|
ErrorResult& aRv) {
|
|
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
2017-09-09 10:09:21 +03:00
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
nsMainThreadPtrHandle<U2FSignCallback> callback(
|
|
|
|
|
new nsMainThreadPtrHolder<U2FSignCallback>("U2F::Sign::callback",
|
|
|
|
|
&aCallback));
|
2016-10-08 03:28:52 +03:00
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
// Ensure we have a callback.
|
|
|
|
|
if (NS_WARN_IF(!callback)) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
2017-09-09 10:09:21 +03:00
|
|
|
|
2019-03-29 20:59:08 +03:00
|
|
|
if (mTransaction.isSome()) {
|
|
|
|
|
// If there hasn't been a visibility change during the current
|
|
|
|
|
// transaction, then let's let that one complete rather than
|
|
|
|
|
// cancelling it on a subsequent call.
|
|
|
|
|
if (!mTransaction.ref().mVisibilityChanged) {
|
|
|
|
|
SignResponse response;
|
|
|
|
|
response.mErrorCode.Construct(
|
|
|
|
|
static_cast<uint32_t>(ErrorCode::OTHER_ERROR));
|
|
|
|
|
ExecuteCallback(response, callback);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Otherwise, the user may well have clicked away, so let's
|
|
|
|
|
// abort the old transaction and take over control from here.
|
|
|
|
|
CancelTransaction(NS_ERROR_ABORT);
|
|
|
|
|
}
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
// Evaluate the AppID
|
2018-02-22 12:53:49 +03:00
|
|
|
nsString adjustedAppId(aAppId);
|
2019-03-29 20:16:13 +03:00
|
|
|
if (!EvaluateAppID(mParent, mOrigin, adjustedAppId)) {
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
SignResponse response;
|
2018-02-22 12:53:49 +03:00
|
|
|
response.mErrorCode.Construct(
|
|
|
|
|
static_cast<uint32_t>(ErrorCode::BAD_REQUEST));
|
2017-12-08 18:55:52 +03:00
|
|
|
ExecuteCallback(response, callback);
|
2016-10-08 03:28:52 +03:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
// Produce the AppParam from the current AppID
|
|
|
|
|
nsCString cAppId = NS_ConvertUTF16toUTF8(adjustedAppId);
|
2017-09-09 10:09:21 +03:00
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
nsAutoString clientDataJSON;
|
|
|
|
|
nsresult rv =
|
|
|
|
|
AssembleClientData(mOrigin, kGetAssertion, aChallenge, clientDataJSON);
|
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
|
SignResponse response;
|
|
|
|
|
response.mErrorCode.Construct(
|
|
|
|
|
static_cast<uint32_t>(ErrorCode::BAD_REQUEST));
|
2017-12-08 18:55:52 +03:00
|
|
|
ExecuteCallback(response, callback);
|
2016-10-08 03:28:52 +03:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-30 17:06:09 +03:00
|
|
|
CryptoBuffer challenge;
|
|
|
|
|
if (!challenge.Assign(NS_ConvertUTF16toUTF8(aChallenge))) {
|
2017-11-28 12:21:07 +03:00
|
|
|
SignResponse response;
|
|
|
|
|
response.mErrorCode.Construct(
|
|
|
|
|
static_cast<uint32_t>(ErrorCode::OTHER_ERROR));
|
2017-12-08 18:55:52 +03:00
|
|
|
ExecuteCallback(response, callback);
|
2017-11-28 12:21:07 +03:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-30 17:06:09 +03:00
|
|
|
// Build the key list, if any
|
|
|
|
|
nsTArray<WebAuthnScopedCredential> permittedList;
|
|
|
|
|
RegisteredKeysToScopedCredentialList(adjustedAppId, aRegisteredKeys,
|
|
|
|
|
permittedList);
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
if (!MaybeCreateBackgroundActor()) {
|
|
|
|
|
SignResponse response;
|
|
|
|
|
response.mErrorCode.Construct(
|
|
|
|
|
static_cast<uint32_t>(ErrorCode::OTHER_ERROR));
|
2017-12-08 18:55:52 +03:00
|
|
|
ExecuteCallback(response, callback);
|
2017-11-28 12:21:07 +03:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-07 01:59:29 +03:00
|
|
|
#ifdef OS_WIN
|
|
|
|
|
if (!WinWebAuthnManager::AreWebAuthNApisAvailable()) {
|
|
|
|
|
ListenForVisibilityEvents();
|
|
|
|
|
}
|
|
|
|
|
#else
|
2017-11-28 12:21:07 +03:00
|
|
|
ListenForVisibilityEvents();
|
2019-03-07 01:59:29 +03:00
|
|
|
#endif
|
2017-11-28 12:21:07 +03:00
|
|
|
|
|
|
|
|
// Always blank for U2F
|
|
|
|
|
nsTArray<WebAuthnExtension> extensions;
|
|
|
|
|
|
2018-05-30 17:06:09 +03:00
|
|
|
NS_ConvertUTF16toUTF8 clientData(clientDataJSON);
|
2017-12-08 18:55:52 +03:00
|
|
|
uint32_t adjustedTimeoutMillis = AdjustedTimeoutMillis(opt_aTimeoutSeconds);
|
|
|
|
|
|
2020-04-25 01:57:33 +03:00
|
|
|
BrowsingContext* context = mParent->GetBrowsingContext();
|
|
|
|
|
if (!context) {
|
|
|
|
|
SignResponse response;
|
|
|
|
|
response.mErrorCode.Construct(
|
|
|
|
|
static_cast<uint32_t>(ErrorCode::OTHER_ERROR));
|
|
|
|
|
ExecuteCallback(response, callback);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-11 20:47:14 +03:00
|
|
|
WebAuthnGetAssertionInfo info(mOrigin, adjustedAppId, challenge, clientData,
|
2017-11-29 15:58:33 +03:00
|
|
|
adjustedTimeoutMillis, permittedList,
|
2020-04-25 01:57:33 +03:00
|
|
|
Nothing(), /* no extra info for U2F */
|
|
|
|
|
context->Id());
|
2017-11-28 12:21:07 +03:00
|
|
|
|
|
|
|
|
MOZ_ASSERT(mTransaction.isNothing());
|
2018-06-01 18:59:07 +03:00
|
|
|
mTransaction = Some(U2FTransaction(AsVariant(callback)));
|
2017-11-28 12:21:07 +03:00
|
|
|
mChild->SendRequestSign(mTransaction.ref().mId, info);
|
|
|
|
|
}
|
|
|
|
|
|
Bug 1551282 and bug 1553436. Allow pages to override window.u2f but not the "sign" and "register" properties on the U2F object. r=jcj,smaug
There are two related problems this patch is trying to address. The first, and
simpler, one is bug 1553436: there are websites that use existing variables and
functions named "u2f" and adding a non-replaceable readonly property with that
name on Window breaks them. The fix for this is straightforward: mark the
property [Replaceable].
The second problem, covered by bug 1551282, involves sites that use the Google
U2F polyfill. The relevant parts of that polyfill look like this:
'use strict';
var u2f = u2f || {};
u2f.register = some_function_that_only_works_right_in_Chrome;
u2f.sign = some_function_that_only_works_right_in_Chrome;
The failure mode for that code before this fix is that the assignment to "u2f"
throws because it's a readonly property and we're in strict mode, so any code
the page concatenates in the same file after the polyfill does not get run.
That's what bug 1551282 is about. The [Replaceable] annotation fixes that
issue, because now the polyfill gets the value of window.u2f and then redefines
the property (via the [Replaceable] setter) to be a value property with that
value. So far, so good.
But then we need to prevent the sets of u2f.register
and u2f.sign from taking effect, because if they are allowed to happen, the
actual sign/register functionality on the page will not work in Firefox. We
can't just make the properties readonly, because then the sets will throw due
to being in strict mode, and we still have bug 1551282. The proposed fix is to
make these accessor properties with a no-op setter, which is exactly what
[LenientSetter] gives us.
The rest of the patch is just setting up infrastructure for generating the
normal bits we would generate if "sign" and "register" were methods and using
that to create the JSFunctions at the point when the getter is called. The
JSFunctions then get cached on the u2f instance object.
Differential Revision: https://phabricator.services.mozilla.com/D32357
--HG--
extra : moz-landing-system : lando
2019-05-24 23:40:59 +03:00
|
|
|
// sign_impl_methodinfo is generated by bindings.
|
|
|
|
|
namespace U2F_Binding {
|
|
|
|
|
extern const JSJitInfo sign_impl_methodinfo;
|
|
|
|
|
} // namespace U2F_Binding
|
|
|
|
|
|
|
|
|
|
// We have 4 non-optional args.
|
|
|
|
|
static const JSFunctionSpec sign_spec =
|
|
|
|
|
JS_FNSPEC("sign", (GenericMethod<NormalThisPolicy, ThrowExceptions>),
|
|
|
|
|
&U2F_Binding::sign_impl_methodinfo, 4, JSPROP_ENUMERATE, nullptr);
|
|
|
|
|
|
|
|
|
|
void U2F::GetSign(JSContext* aCx, JS::MutableHandle<JSObject*> aSignFunc,
|
|
|
|
|
ErrorResult& aRv) {
|
2019-05-27 16:26:04 +03:00
|
|
|
JSFunction* fun = JS::NewFunctionFromSpec(aCx, &sign_spec);
|
Bug 1551282 and bug 1553436. Allow pages to override window.u2f but not the "sign" and "register" properties on the U2F object. r=jcj,smaug
There are two related problems this patch is trying to address. The first, and
simpler, one is bug 1553436: there are websites that use existing variables and
functions named "u2f" and adding a non-replaceable readonly property with that
name on Window breaks them. The fix for this is straightforward: mark the
property [Replaceable].
The second problem, covered by bug 1551282, involves sites that use the Google
U2F polyfill. The relevant parts of that polyfill look like this:
'use strict';
var u2f = u2f || {};
u2f.register = some_function_that_only_works_right_in_Chrome;
u2f.sign = some_function_that_only_works_right_in_Chrome;
The failure mode for that code before this fix is that the assignment to "u2f"
throws because it's a readonly property and we're in strict mode, so any code
the page concatenates in the same file after the polyfill does not get run.
That's what bug 1551282 is about. The [Replaceable] annotation fixes that
issue, because now the polyfill gets the value of window.u2f and then redefines
the property (via the [Replaceable] setter) to be a value property with that
value. So far, so good.
But then we need to prevent the sets of u2f.register
and u2f.sign from taking effect, because if they are allowed to happen, the
actual sign/register functionality on the page will not work in Firefox. We
can't just make the properties readonly, because then the sets will throw due
to being in strict mode, and we still have bug 1551282. The proposed fix is to
make these accessor properties with a no-op setter, which is exactly what
[LenientSetter] gives us.
The rest of the patch is just setting up infrastructure for generating the
normal bits we would generate if "sign" and "register" were methods and using
that to create the JSFunctions at the point when the getter is called. The
JSFunctions then get cached on the u2f instance object.
Differential Revision: https://phabricator.services.mozilla.com/D32357
--HG--
extra : moz-landing-system : lando
2019-05-24 23:40:59 +03:00
|
|
|
if (!fun) {
|
|
|
|
|
aRv.NoteJSContextException(aCx);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
aSignFunc.set(JS_GetFunctionObject(fun));
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-05 21:05:06 +03:00
|
|
|
void U2F::FinishGetAssertion(const uint64_t& aTransactionId,
|
2018-02-12 23:08:54 +03:00
|
|
|
const WebAuthnGetAssertionResult& aResult) {
|
2017-11-28 12:21:07 +03:00
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
|
|
|
|
|
|
// Check for a valid transaction.
|
|
|
|
|
if (mTransaction.isNothing() || mTransaction.ref().mId != aTransactionId) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
if (NS_WARN_IF(!mTransaction.ref().HasSignCallback())) {
|
|
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-30 17:06:09 +03:00
|
|
|
// A CTAP2 response.
|
|
|
|
|
if (aResult.SignatureData().Length() == 0) {
|
|
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
CryptoBuffer clientDataBuf;
|
2018-05-30 17:06:09 +03:00
|
|
|
if (NS_WARN_IF(!clientDataBuf.Assign(aResult.ClientDataJSON()))) {
|
2017-11-28 12:21:07 +03:00
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
CryptoBuffer credBuf;
|
2018-05-30 17:06:09 +03:00
|
|
|
if (NS_WARN_IF(!credBuf.Assign(aResult.KeyHandle()))) {
|
2017-11-28 12:21:07 +03:00
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
CryptoBuffer sigBuf;
|
2018-05-30 17:06:09 +03:00
|
|
|
if (NS_WARN_IF(!sigBuf.Assign(aResult.SignatureData()))) {
|
2017-11-28 12:21:07 +03:00
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Assemble a response object to return
|
|
|
|
|
nsString clientDataBase64;
|
|
|
|
|
nsString signatureDataBase64;
|
|
|
|
|
nsString keyHandleBase64;
|
|
|
|
|
nsresult rvClientData = clientDataBuf.ToJwkBase64(clientDataBase64);
|
|
|
|
|
nsresult rvSignatureData = sigBuf.ToJwkBase64(signatureDataBase64);
|
|
|
|
|
nsresult rvKeyHandle = credBuf.ToJwkBase64(keyHandleBase64);
|
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rvClientData)) ||
|
|
|
|
|
NS_WARN_IF(NS_FAILED(rvSignatureData) ||
|
|
|
|
|
NS_WARN_IF(NS_FAILED(rvKeyHandle)))) {
|
|
|
|
|
RejectTransaction(NS_ERROR_ABORT);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SignResponse response;
|
|
|
|
|
response.mKeyHandle.Construct(keyHandleBase64);
|
|
|
|
|
response.mClientData.Construct(clientDataBase64);
|
|
|
|
|
response.mSignatureData.Construct(signatureDataBase64);
|
|
|
|
|
response.mErrorCode.Construct(static_cast<uint32_t>(ErrorCode::OK));
|
|
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
// Keep the callback pointer alive.
|
|
|
|
|
nsMainThreadPtrHandle<U2FSignCallback> callback(
|
|
|
|
|
mTransaction.ref().GetSignCallback());
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
ClearTransaction();
|
2017-12-08 18:55:52 +03:00
|
|
|
ExecuteCallback(response, callback);
|
2017-11-28 12:21:07 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void U2F::ClearTransaction() {
|
2019-04-02 02:13:26 +03:00
|
|
|
if (!mTransaction.isNothing()) {
|
2017-11-28 12:21:07 +03:00
|
|
|
StopListeningForVisibilityEvents();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
mTransaction.reset();
|
2016-04-19 00:49:07 +03:00
|
|
|
}
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
void U2F::RejectTransaction(const nsresult& aError) {
|
2017-12-08 18:55:52 +03:00
|
|
|
if (NS_WARN_IF(mTransaction.isNothing())) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
2017-11-28 12:21:07 +03:00
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
StopListeningForVisibilityEvents();
|
2017-11-28 12:21:07 +03:00
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
// Clear out mTransaction before calling ExecuteCallback() below to allow
|
|
|
|
|
// reentrancy from microtask checkpoints.
|
2018-05-30 22:15:35 +03:00
|
|
|
Maybe<U2FTransaction> maybeTransaction(std::move(mTransaction));
|
2017-12-08 18:55:52 +03:00
|
|
|
MOZ_ASSERT(mTransaction.isNothing() && maybeTransaction.isSome());
|
|
|
|
|
|
|
|
|
|
U2FTransaction& transaction = maybeTransaction.ref();
|
|
|
|
|
ErrorCode code = ConvertNSResultToErrorCode(aError);
|
|
|
|
|
|
|
|
|
|
if (transaction.HasRegisterCallback()) {
|
|
|
|
|
RegisterResponse response;
|
|
|
|
|
response.mErrorCode.Construct(static_cast<uint32_t>(code));
|
2019-03-21 14:48:33 +03:00
|
|
|
// MOZ_KnownLive because "transaction" lives on the stack.
|
|
|
|
|
ExecuteCallback(response, MOZ_KnownLive(transaction.GetRegisterCallback()));
|
2017-11-28 12:21:07 +03:00
|
|
|
}
|
|
|
|
|
|
2017-12-08 18:55:52 +03:00
|
|
|
if (transaction.HasSignCallback()) {
|
|
|
|
|
SignResponse response;
|
|
|
|
|
response.mErrorCode.Construct(static_cast<uint32_t>(code));
|
2019-03-21 14:48:33 +03:00
|
|
|
// MOZ_KnownLive because "transaction" lives on the stack.
|
|
|
|
|
ExecuteCallback(response, MOZ_KnownLive(transaction.GetSignCallback()));
|
2017-12-08 18:55:52 +03:00
|
|
|
}
|
2017-11-28 12:21:07 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void U2F::CancelTransaction(const nsresult& aError) {
|
|
|
|
|
if (!NS_WARN_IF(!mChild || mTransaction.isNothing())) {
|
|
|
|
|
mChild->SendRequestCancel(mTransaction.ref().mId);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
RejectTransaction(aError);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void U2F::RequestAborted(const uint64_t& aTransactionId,
|
|
|
|
|
const nsresult& aError) {
|
2017-09-19 17:55:38 +03:00
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
|
|
2017-11-28 12:21:07 +03:00
|
|
|
if (mTransaction.isSome() && mTransaction.ref().mId == aTransactionId) {
|
|
|
|
|
RejectTransaction(aError);
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-11-28 12:21:07 +03:00
|
|
|
|
2019-03-29 20:59:08 +03:00
|
|
|
void U2F::HandleVisibilityChange() {
|
|
|
|
|
if (mTransaction.isSome()) {
|
|
|
|
|
mTransaction.ref().mVisibilityChanged = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-09 18:43:00 +03:00
|
|
|
} // namespace dom
|
|
|
|
|
} // namespace mozilla
|
