зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1244960 - FIDO u2f NSSToken (Part 3): Review updates. r=keeler
MozReview-Commit-ID: FkPHy9GGarU --HG-- extra : transplant_source : %8Dd0%BA%FD%E93%8E%A7%C5%01Cn%02%0F%0C%3E%5D%9C%96
This commit is contained in:
J.C. Jones
Родитель
3b81894a7e
Коммит
358a9ece05
|
|
@ -192,16 +192,20 @@ CryptoBuffer::ToUint8Array(JSContext* aCx) const
|
||||||
}
|
}
|
||||||
|
|
||||||
bool
|
bool
|
||||||
CryptoBuffer::ToNewUnsignedBuffer(uint8_t** buf, uint32_t* bufLen) const
|
CryptoBuffer::ToNewUnsignedBuffer(uint8_t** aBuf, uint32_t* aBufLen) const
|
||||||
{
|
{
|
||||||
uint8_t* tmp = reinterpret_cast<uint8_t*>(moz_xmalloc(Length()));
|
MOZ_ASSERT(aBuf);
|
||||||
if (!tmp) {
|
MOZ_ASSERT(aBufLen);
|
||||||
|
|
||||||
|
uint32_t dataLen = Length();
|
||||||
|
uint8_t* tmp = reinterpret_cast<uint8_t*>(moz_xmalloc(dataLen));
|
||||||
|
if (NS_WARN_IF(!tmp)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(tmp, Elements(), Length());
|
memcpy(tmp, Elements(), dataLen);
|
||||||
*buf = tmp;
|
*aBuf = tmp;
|
||||||
*bufLen = Length();
|
*aBufLen = dataLen;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -47,7 +47,7 @@ public:
|
||||||
nsresult ToJwkBase64(nsString& aBase64);
|
nsresult ToJwkBase64(nsString& aBase64);
|
||||||
bool ToSECItem(PLArenaPool* aArena, SECItem* aItem) const;
|
bool ToSECItem(PLArenaPool* aArena, SECItem* aItem) const;
|
||||||
JSObject* ToUint8Array(JSContext* aCx) const;
|
JSObject* ToUint8Array(JSContext* aCx) const;
|
||||||
bool ToNewUnsignedBuffer(uint8_t** buf, uint32_t* bufLen) const;
|
bool ToNewUnsignedBuffer(uint8_t** aBuf, uint32_t* aBufLen) const;
|
||||||
|
|
||||||
bool GetBigIntValue(unsigned long& aRetVal);
|
bool GetBigIntValue(unsigned long& aRetVal);
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -4248,76 +4248,86 @@ ContentParent::RecvSetURITitle(const URIParams& uri,
|
||||||
}
|
}
|
||||||
|
|
||||||
bool
|
bool
|
||||||
ContentParent::RecvNSSU2FTokenIsCompatibleVersion(const nsString& version,
|
ContentParent::RecvNSSU2FTokenIsCompatibleVersion(const nsString& aVersion,
|
||||||
bool* isCompatible)
|
bool* aIsCompatible)
|
||||||
{
|
{
|
||||||
|
MOZ_ASSERT(aIsCompatible);
|
||||||
|
|
||||||
nsCOMPtr<nsINSSU2FToken> nssToken(do_GetService(NS_NSSU2FTOKEN_CONTRACTID));
|
nsCOMPtr<nsINSSU2FToken> nssToken(do_GetService(NS_NSSU2FTOKEN_CONTRACTID));
|
||||||
if (NS_WARN_IF(!nssToken)) {
|
if (NS_WARN_IF(!nssToken)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
nsresult rv = nssToken->IsCompatibleVersion(version, isCompatible);
|
nsresult rv = nssToken->IsCompatibleVersion(aVersion, aIsCompatible);
|
||||||
return NS_SUCCEEDED(rv);
|
return NS_SUCCEEDED(rv);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool
|
bool
|
||||||
ContentParent::RecvNSSU2FTokenIsRegistered(nsTArray<uint8_t>&& keyHandle,
|
ContentParent::RecvNSSU2FTokenIsRegistered(nsTArray<uint8_t>&& aKeyHandle,
|
||||||
bool* isValidKeyHandle)
|
bool* aIsValidKeyHandle)
|
||||||
{
|
{
|
||||||
|
MOZ_ASSERT(aIsValidKeyHandle);
|
||||||
|
|
||||||
nsCOMPtr<nsINSSU2FToken> nssToken(do_GetService(NS_NSSU2FTOKEN_CONTRACTID));
|
nsCOMPtr<nsINSSU2FToken> nssToken(do_GetService(NS_NSSU2FTOKEN_CONTRACTID));
|
||||||
if (NS_WARN_IF(!nssToken)) {
|
if (NS_WARN_IF(!nssToken)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
nsresult rv = nssToken->IsRegistered(keyHandle.Elements(), keyHandle.Length(),
|
nsresult rv = nssToken->IsRegistered(aKeyHandle.Elements(), aKeyHandle.Length(),
|
||||||
isValidKeyHandle);
|
aIsValidKeyHandle);
|
||||||
return NS_SUCCEEDED(rv);
|
return NS_SUCCEEDED(rv);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool
|
bool
|
||||||
ContentParent::RecvNSSU2FTokenRegister(nsTArray<uint8_t>&& application,
|
ContentParent::RecvNSSU2FTokenRegister(nsTArray<uint8_t>&& aApplication,
|
||||||
nsTArray<uint8_t>&& challenge,
|
nsTArray<uint8_t>&& aChallenge,
|
||||||
nsTArray<uint8_t>* registration)
|
nsTArray<uint8_t>* aRegistration)
|
||||||
{
|
{
|
||||||
|
MOZ_ASSERT(aRegistration);
|
||||||
|
|
||||||
nsCOMPtr<nsINSSU2FToken> nssToken(do_GetService(NS_NSSU2FTOKEN_CONTRACTID));
|
nsCOMPtr<nsINSSU2FToken> nssToken(do_GetService(NS_NSSU2FTOKEN_CONTRACTID));
|
||||||
if (NS_WARN_IF(!nssToken)) {
|
if (NS_WARN_IF(!nssToken)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
uint8_t* buffer;
|
uint8_t* buffer;
|
||||||
uint32_t bufferlen;
|
uint32_t bufferlen;
|
||||||
nsresult rv = nssToken->Register(application.Elements(), application.Length(),
|
nsresult rv = nssToken->Register(aApplication.Elements(), aApplication.Length(),
|
||||||
challenge.Elements(), challenge.Length(),
|
aChallenge.Elements(), aChallenge.Length(),
|
||||||
&buffer, &bufferlen);
|
&buffer, &bufferlen);
|
||||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
registration->ReplaceElementsAt(0, registration->Length(), buffer, bufferlen);
|
MOZ_ASSERT(buffer);
|
||||||
|
aRegistration->ReplaceElementsAt(0, aRegistration->Length(), buffer, bufferlen);
|
||||||
free(buffer);
|
free(buffer);
|
||||||
return NS_SUCCEEDED(rv);
|
return NS_SUCCEEDED(rv);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool
|
bool
|
||||||
ContentParent::RecvNSSU2FTokenSign(nsTArray<uint8_t>&& application,
|
ContentParent::RecvNSSU2FTokenSign(nsTArray<uint8_t>&& aApplication,
|
||||||
nsTArray<uint8_t>&& challenge,
|
nsTArray<uint8_t>&& aChallenge,
|
||||||
nsTArray<uint8_t>&& keyHandle,
|
nsTArray<uint8_t>&& aKeyHandle,
|
||||||
nsTArray<uint8_t>* signature)
|
nsTArray<uint8_t>* aSignature)
|
||||||
{
|
{
|
||||||
|
MOZ_ASSERT(aSignature);
|
||||||
|
|
||||||
nsCOMPtr<nsINSSU2FToken> nssToken(do_GetService(NS_NSSU2FTOKEN_CONTRACTID));
|
nsCOMPtr<nsINSSU2FToken> nssToken(do_GetService(NS_NSSU2FTOKEN_CONTRACTID));
|
||||||
if (NS_WARN_IF(!nssToken)) {
|
if (NS_WARN_IF(!nssToken)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
uint8_t* buffer;
|
uint8_t* buffer;
|
||||||
uint32_t bufferlen;
|
uint32_t bufferlen;
|
||||||
nsresult rv = nssToken->Sign(application.Elements(), application.Length(),
|
nsresult rv = nssToken->Sign(aApplication.Elements(), aApplication.Length(),
|
||||||
challenge.Elements(), challenge.Length(),
|
aChallenge.Elements(), aChallenge.Length(),
|
||||||
keyHandle.Elements(), keyHandle.Length(),
|
aKeyHandle.Elements(), aKeyHandle.Length(),
|
||||||
&buffer, &bufferlen);
|
&buffer, &bufferlen);
|
||||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
signature->ReplaceElementsAt(0, signature->Length(), buffer, bufferlen);
|
MOZ_ASSERT(buffer);
|
||||||
|
aSignature->ReplaceElementsAt(0, aSignature->Length(), buffer, bufferlen);
|
||||||
free(buffer);
|
free(buffer);
|
||||||
return NS_SUCCEEDED(rv);
|
return NS_SUCCEEDED(rv);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -749,20 +749,20 @@ private:
|
||||||
virtual bool
|
virtual bool
|
||||||
DeallocPCrashReporterParent(PCrashReporterParent* crashreporter) override;
|
DeallocPCrashReporterParent(PCrashReporterParent* crashreporter) override;
|
||||||
|
|
||||||
virtual bool RecvNSSU2FTokenIsCompatibleVersion(const nsString& version,
|
virtual bool RecvNSSU2FTokenIsCompatibleVersion(const nsString& aVersion,
|
||||||
bool* isCompatible) override;
|
bool* aIsCompatible) override;
|
||||||
|
|
||||||
virtual bool RecvNSSU2FTokenIsRegistered(nsTArray<uint8_t>&& keyHandle,
|
virtual bool RecvNSSU2FTokenIsRegistered(nsTArray<uint8_t>&& aKeyHandle,
|
||||||
bool* isValidKeyHandle) override;
|
bool* aIsValidKeyHandle) override;
|
||||||
|
|
||||||
virtual bool RecvNSSU2FTokenRegister(nsTArray<uint8_t>&& application,
|
virtual bool RecvNSSU2FTokenRegister(nsTArray<uint8_t>&& aApplication,
|
||||||
nsTArray<uint8_t>&& challenge,
|
nsTArray<uint8_t>&& aChallenge,
|
||||||
nsTArray<uint8_t>* registration) override;
|
nsTArray<uint8_t>* aRegistration) override;
|
||||||
|
|
||||||
virtual bool RecvNSSU2FTokenSign(nsTArray<uint8_t>&& application,
|
virtual bool RecvNSSU2FTokenSign(nsTArray<uint8_t>&& aApplication,
|
||||||
nsTArray<uint8_t>&& challenge,
|
nsTArray<uint8_t>&& aChallenge,
|
||||||
nsTArray<uint8_t>&& keyHandle,
|
nsTArray<uint8_t>&& aKeyHandle,
|
||||||
nsTArray<uint8_t>* signature) override;
|
nsTArray<uint8_t>* aSignature) override;
|
||||||
|
|
||||||
virtual bool RecvIsSecureURI(const uint32_t& aType, const URIParams& aURI,
|
virtual bool RecvIsSecureURI(const uint32_t& aType, const URIParams& aURI,
|
||||||
const uint32_t& aFlags, bool* aIsSecureURI) override;
|
const uint32_t& aFlags, bool* aIsSecureURI) override;
|
||||||
|
|
|
||||||
|
|
@ -96,12 +96,14 @@ U2F::Init(nsPIDOMWindowInner* aParent, ErrorResult& aRv)
|
||||||
|
|
||||||
if (!EnsureNSSInitializedChromeOrContent()) {
|
if (!EnsureNSSInitializedChromeOrContent()) {
|
||||||
MOZ_LOG(gU2FLog, LogLevel::Debug, ("Failed to get NSS context for U2F"));
|
MOZ_LOG(gU2FLog, LogLevel::Debug, ("Failed to get NSS context for U2F"));
|
||||||
|
aRv.Throw(NS_ERROR_FAILURE);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (XRE_IsParentProcess()) {
|
if (XRE_IsParentProcess()) {
|
||||||
mNSSToken = do_GetService(NS_NSSU2FTOKEN_CONTRACTID);
|
mNSSToken = do_GetService(NS_NSSU2FTOKEN_CONTRACTID);
|
||||||
if (NS_WARN_IF(!mNSSToken)) {
|
if (NS_WARN_IF(!mNSSToken)) {
|
||||||
|
aRv.Throw(NS_ERROR_FAILURE);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -113,55 +115,60 @@ U2F::Init(nsPIDOMWindowInner* aParent, ErrorResult& aRv)
|
||||||
}
|
}
|
||||||
|
|
||||||
nsresult
|
nsresult
|
||||||
U2F::NSSTokenIsCompatible(const nsString& versionString, bool* isCompatible)
|
U2F::NSSTokenIsCompatible(const nsString& aVersionString, bool* aIsCompatible)
|
||||||
{
|
{
|
||||||
|
MOZ_ASSERT(aIsCompatible);
|
||||||
|
|
||||||
if (XRE_IsParentProcess()) {
|
if (XRE_IsParentProcess()) {
|
||||||
MOZ_ASSERT(mNSSToken);
|
MOZ_ASSERT(mNSSToken);
|
||||||
return mNSSToken->IsCompatibleVersion(versionString, isCompatible);
|
return mNSSToken->IsCompatibleVersion(aVersionString, aIsCompatible);
|
||||||
}
|
}
|
||||||
|
|
||||||
ContentChild* cc = ContentChild::GetSingleton();
|
ContentChild* cc = ContentChild::GetSingleton();
|
||||||
MOZ_ASSERT(cc);
|
MOZ_ASSERT(cc);
|
||||||
if (!cc->SendNSSU2FTokenIsCompatibleVersion(versionString, isCompatible)) {
|
if (!cc->SendNSSU2FTokenIsCompatibleVersion(aVersionString, aIsCompatible)) {
|
||||||
return NS_ERROR_FAILURE;
|
return NS_ERROR_FAILURE;
|
||||||
}
|
}
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
nsresult
|
nsresult
|
||||||
U2F::NSSTokenIsRegistered(CryptoBuffer& keyHandle, bool* isRegistered)
|
U2F::NSSTokenIsRegistered(CryptoBuffer& aKeyHandle, bool* aIsRegistered)
|
||||||
{
|
{
|
||||||
|
MOZ_ASSERT(aIsRegistered);
|
||||||
|
|
||||||
if (XRE_IsParentProcess()) {
|
if (XRE_IsParentProcess()) {
|
||||||
MOZ_ASSERT(mNSSToken);
|
MOZ_ASSERT(mNSSToken);
|
||||||
return mNSSToken->IsRegistered(keyHandle.Elements(), keyHandle.Length(),
|
return mNSSToken->IsRegistered(aKeyHandle.Elements(), aKeyHandle.Length(),
|
||||||
isRegistered);
|
aIsRegistered);
|
||||||
}
|
}
|
||||||
|
|
||||||
ContentChild* cc = ContentChild::GetSingleton();
|
ContentChild* cc = ContentChild::GetSingleton();
|
||||||
MOZ_ASSERT(cc);
|
MOZ_ASSERT(cc);
|
||||||
if (!cc->SendNSSU2FTokenIsRegistered(keyHandle, isRegistered)) {
|
if (!cc->SendNSSU2FTokenIsRegistered(aKeyHandle, aIsRegistered)) {
|
||||||
return NS_ERROR_FAILURE;
|
return NS_ERROR_FAILURE;
|
||||||
}
|
}
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
nsresult
|
nsresult
|
||||||
U2F::NSSTokenRegister(CryptoBuffer& application, CryptoBuffer& challenge,
|
U2F::NSSTokenRegister(CryptoBuffer& aApplication, CryptoBuffer& aChallenge,
|
||||||
CryptoBuffer& registrationData)
|
CryptoBuffer& aRegistrationData)
|
||||||
{
|
{
|
||||||
if (XRE_IsParentProcess()) {
|
if (XRE_IsParentProcess()) {
|
||||||
MOZ_ASSERT(mNSSToken);
|
MOZ_ASSERT(mNSSToken);
|
||||||
uint8_t* buffer;
|
uint8_t* buffer;
|
||||||
uint32_t bufferlen;
|
uint32_t bufferlen;
|
||||||
nsresult rv;
|
nsresult rv;
|
||||||
rv = mNSSToken->Register(application.Elements(), application.Length(),
|
rv = mNSSToken->Register(aApplication.Elements(), aApplication.Length(),
|
||||||
challenge.Elements(), challenge.Length(),
|
aChallenge.Elements(), aChallenge.Length(),
|
||||||
&buffer, &bufferlen);
|
&buffer, &bufferlen);
|
||||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
|
|
||||||
registrationData.Assign(buffer, bufferlen);
|
MOZ_ASSERT(buffer);
|
||||||
|
aRegistrationData.Assign(buffer, bufferlen);
|
||||||
free(buffer);
|
free(buffer);
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
@ -169,32 +176,33 @@ U2F::NSSTokenRegister(CryptoBuffer& application, CryptoBuffer& challenge,
|
||||||
nsTArray<uint8_t> registrationBuffer;
|
nsTArray<uint8_t> registrationBuffer;
|
||||||
ContentChild* cc = ContentChild::GetSingleton();
|
ContentChild* cc = ContentChild::GetSingleton();
|
||||||
MOZ_ASSERT(cc);
|
MOZ_ASSERT(cc);
|
||||||
if (!cc->SendNSSU2FTokenRegister(application, challenge,
|
if (!cc->SendNSSU2FTokenRegister(aApplication, aChallenge,
|
||||||
®istrationBuffer)) {
|
®istrationBuffer)) {
|
||||||
return NS_ERROR_FAILURE;
|
return NS_ERROR_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
registrationData.Assign(registrationBuffer);
|
aRegistrationData.Assign(registrationBuffer);
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
nsresult
|
nsresult
|
||||||
U2F::NSSTokenSign(CryptoBuffer& keyHandle, CryptoBuffer& application,
|
U2F::NSSTokenSign(CryptoBuffer& aKeyHandle, CryptoBuffer& aApplication,
|
||||||
CryptoBuffer& challenge, CryptoBuffer& signatureData)
|
CryptoBuffer& aChallenge, CryptoBuffer& aSignatureData)
|
||||||
{
|
{
|
||||||
if (XRE_IsParentProcess()) {
|
if (XRE_IsParentProcess()) {
|
||||||
MOZ_ASSERT(mNSSToken);
|
MOZ_ASSERT(mNSSToken);
|
||||||
uint8_t* buffer;
|
uint8_t* buffer;
|
||||||
uint32_t bufferlen;
|
uint32_t bufferlen;
|
||||||
nsresult rv = mNSSToken->Sign(application.Elements(), application.Length(),
|
nsresult rv = mNSSToken->Sign(aApplication.Elements(), aApplication.Length(),
|
||||||
challenge.Elements(), challenge.Length(),
|
aChallenge.Elements(), aChallenge.Length(),
|
||||||
keyHandle.Elements(), keyHandle.Length(),
|
aKeyHandle.Elements(), aKeyHandle.Length(),
|
||||||
&buffer, &bufferlen);
|
&buffer, &bufferlen);
|
||||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
|
|
||||||
signatureData.Assign(buffer, bufferlen);
|
MOZ_ASSERT(buffer);
|
||||||
|
aSignatureData.Assign(buffer, bufferlen);
|
||||||
free(buffer);
|
free(buffer);
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
@ -202,12 +210,12 @@ U2F::NSSTokenSign(CryptoBuffer& keyHandle, CryptoBuffer& application,
|
||||||
nsTArray<uint8_t> signatureBuffer;
|
nsTArray<uint8_t> signatureBuffer;
|
||||||
ContentChild* cc = ContentChild::GetSingleton();
|
ContentChild* cc = ContentChild::GetSingleton();
|
||||||
MOZ_ASSERT(cc);
|
MOZ_ASSERT(cc);
|
||||||
if (!cc->SendNSSU2FTokenSign(application, challenge, keyHandle,
|
if (!cc->SendNSSU2FTokenSign(aApplication, aChallenge, aKeyHandle,
|
||||||
&signatureBuffer)) {
|
&signatureBuffer)) {
|
||||||
return NS_ERROR_FAILURE;
|
return NS_ERROR_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
signatureData.Assign(signatureBuffer);
|
aSignatureData.Assign(signatureBuffer);
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -420,7 +428,7 @@ U2F::Register(const nsAString& aAppId,
|
||||||
|
|
||||||
if (isCompatible && isRegistered) {
|
if (isCompatible && isRegistered) {
|
||||||
SendError<U2FRegisterCallback, RegisterResponse>(aCallback,
|
SendError<U2FRegisterCallback, RegisterResponse>(aCallback,
|
||||||
ErrorCode::DEVICE_INELIGIBLE);
|
ErrorCode::DEVICE_INELIGIBLE);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче