Bug 1380529 - Only permit "ES256" as pubkey type for WebAuthn (3/3) r=ttaubert

Web Authentication uses JWK algorithm names (ES256) instead of WebCrypto names
(such as P-256). There are other JWK algorithm names, but our current U2F-backed
implementation only can support ES256 anyway, as that's all that FIDO U2F
devices understand. This patch limits us to the name ES256 for the "alg"
parameter.

MozReview-Commit-ID: 3V5DMzVzPad

--HG--
extra : rebase_source : 4fcf797ca0edc49f143333cc24aa51071cf719f5

dom/webauthn/WebAuthnManager.cpp

@@ -62,7 +62,10 @@ GetAlgorithmName(const OOS& aAlgorithm,
     // TODO: Coerce to string and extract name. See WebCryptoTask.cpp
   }
 
-  if (!NormalizeToken(aName, aName)) {
+  // Only ES256 is currently supported
+  if (NORMALIZED_EQUALS(aName, JWK_ALG_ECDSA_P_256)) {
+    aName.AssignLiteral(JWK_ALG_ECDSA_P_256);
+  } else {
     return NS_ERROR_DOM_SYNTAX_ERR;
   }
 
@@ -401,7 +404,7 @@ WebAuthnManager::MakeCredential(nsPIDOMWindowInner* aParent,
     if (normalizedParams[a].mType == PublicKeyCredentialType::Public_key &&
         normalizedParams[a].mAlgorithm.IsString() &&
         normalizedParams[a].mAlgorithm.GetAsString().EqualsLiteral(
-          WEBCRYPTO_NAMED_CURVE_P256)) {
+          JWK_ALG_ECDSA_P_256)) {
       isValidCombination = true;
       break;
     }

dom/webauthn/tests/test_webauthn_loopback.html

@@ -108,7 +108,7 @@ function() {
   function testMakeCredential() {
     let rp = {id: document.domain, name: "none", icon: "none"};
     let user = {id: "none", name: "none", icon: "none", displayName: "none"};
-    let param = {type: "public-key", algorithm: "P-256"};
+    let param = {type: "public-key", algorithm: "ES256"};
     let makeCredentialOptions = {
       rp: rp,
       user: user,
@@ -127,7 +127,7 @@ function() {
   function testMakeDuplicate(aCredInfo) {
     let rp = {id: document.domain, name: "none", icon: "none"};
     let user = {id: "none", name: "none", icon: "none", displayName: "none"};
-    let param = {type: "public-key", algorithm: "P-256"};
+    let param = {type: "public-key", algorithm: "ES256"};
     let makeCredentialOptions = {
       rp: rp,
       user: user,

dom/webauthn/tests/test_webauthn_make_credential.html

@@ -62,7 +62,7 @@
 
       let rp = {id: document.domain, name: "none", icon: "none"};
       let user = {id: "none", name: "none", icon: "none", displayName: "none"};
-      let param = {type: "public-key", algorithm: "p-256"};
+      let param = {type: "public-key", algorithm: "es256"};
       let unsupportedParam = {type: "public-key", algorithm: "3DES"};
       let badParam = {type: "SimplePassword", algorithm: "MaxLength=2"};
 

dom/webauthn/tests/test_webauthn_no_token.html

@@ -45,7 +45,7 @@ function() {
   function testMakeCredential() {
     let rp = {id: document.domain, name: "none", icon: "none"};
     let user = {id: "none", name: "none", icon: "none", displayName: "none"};
-    let param = {type: "public-key", algorithm: "p-256"};
+    let param = {type: "public-key", algorithm: "es256"};
     let makeCredentialOptions = {
       rp: rp, user: user, challenge: credentialChallenge, parameters: [param]
     };

dom/webauthn/tests/test_webauthn_sameorigin.html

@@ -61,7 +61,7 @@
       window.crypto.getRandomValues(chall);
 
       let user = {id: "none", name: "none", icon: "none", displayName: "none"};
-      let param = {type: "public-key", algorithm: "p-256"};
+      let param = {type: "public-key", algorithm: "Es256"};
 
       var testFuncs = [
         function() {