зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1380529 - Only permit "ES256" as pubkey type for WebAuthn (3/3) r=ttaubert
Web Authentication uses JWK algorithm names (ES256) instead of WebCrypto names (such as P-256). There are other JWK algorithm names, but our current U2F-backed implementation only can support ES256 anyway, as that's all that FIDO U2F devices understand. This patch limits us to the name ES256 for the "alg" parameter. MozReview-Commit-ID: 3V5DMzVzPad --HG-- extra : rebase_source : 4fcf797ca0edc49f143333cc24aa51071cf719f5
This commit is contained in:
Родитель
3987ef311b
Коммит
7a3ee03404
|
@ -62,7 +62,10 @@ GetAlgorithmName(const OOS& aAlgorithm,
|
|||
// TODO: Coerce to string and extract name. See WebCryptoTask.cpp
|
||||
}
|
||||
|
||||
if (!NormalizeToken(aName, aName)) {
|
||||
// Only ES256 is currently supported
|
||||
if (NORMALIZED_EQUALS(aName, JWK_ALG_ECDSA_P_256)) {
|
||||
aName.AssignLiteral(JWK_ALG_ECDSA_P_256);
|
||||
} else {
|
||||
return NS_ERROR_DOM_SYNTAX_ERR;
|
||||
}
|
||||
|
||||
|
@ -401,7 +404,7 @@ WebAuthnManager::MakeCredential(nsPIDOMWindowInner* aParent,
|
|||
if (normalizedParams[a].mType == PublicKeyCredentialType::Public_key &&
|
||||
normalizedParams[a].mAlgorithm.IsString() &&
|
||||
normalizedParams[a].mAlgorithm.GetAsString().EqualsLiteral(
|
||||
WEBCRYPTO_NAMED_CURVE_P256)) {
|
||||
JWK_ALG_ECDSA_P_256)) {
|
||||
isValidCombination = true;
|
||||
break;
|
||||
}
|
||||
|
|
|
@ -108,7 +108,7 @@ function() {
|
|||
function testMakeCredential() {
|
||||
let rp = {id: document.domain, name: "none", icon: "none"};
|
||||
let user = {id: "none", name: "none", icon: "none", displayName: "none"};
|
||||
let param = {type: "public-key", algorithm: "P-256"};
|
||||
let param = {type: "public-key", algorithm: "ES256"};
|
||||
let makeCredentialOptions = {
|
||||
rp: rp,
|
||||
user: user,
|
||||
|
@ -127,7 +127,7 @@ function() {
|
|||
function testMakeDuplicate(aCredInfo) {
|
||||
let rp = {id: document.domain, name: "none", icon: "none"};
|
||||
let user = {id: "none", name: "none", icon: "none", displayName: "none"};
|
||||
let param = {type: "public-key", algorithm: "P-256"};
|
||||
let param = {type: "public-key", algorithm: "ES256"};
|
||||
let makeCredentialOptions = {
|
||||
rp: rp,
|
||||
user: user,
|
||||
|
|
|
@ -62,7 +62,7 @@
|
|||
|
||||
let rp = {id: document.domain, name: "none", icon: "none"};
|
||||
let user = {id: "none", name: "none", icon: "none", displayName: "none"};
|
||||
let param = {type: "public-key", algorithm: "p-256"};
|
||||
let param = {type: "public-key", algorithm: "es256"};
|
||||
let unsupportedParam = {type: "public-key", algorithm: "3DES"};
|
||||
let badParam = {type: "SimplePassword", algorithm: "MaxLength=2"};
|
||||
|
||||
|
|
|
@ -45,7 +45,7 @@ function() {
|
|||
function testMakeCredential() {
|
||||
let rp = {id: document.domain, name: "none", icon: "none"};
|
||||
let user = {id: "none", name: "none", icon: "none", displayName: "none"};
|
||||
let param = {type: "public-key", algorithm: "p-256"};
|
||||
let param = {type: "public-key", algorithm: "es256"};
|
||||
let makeCredentialOptions = {
|
||||
rp: rp, user: user, challenge: credentialChallenge, parameters: [param]
|
||||
};
|
||||
|
|
|
@ -61,7 +61,7 @@
|
|||
window.crypto.getRandomValues(chall);
|
||||
|
||||
let user = {id: "none", name: "none", icon: "none", displayName: "none"};
|
||||
let param = {type: "public-key", algorithm: "p-256"};
|
||||
let param = {type: "public-key", algorithm: "Es256"};
|
||||
|
||||
var testFuncs = [
|
||||
function() {
|
||||
|
|
Загрузка…
Ссылка в новой задаче