Граф коммитов

25 Коммитов

Автор SHA1 Сообщение Дата
J.C. Jones a51561a1c4 Bug 1260318 - Scope U2F Soft Tokens to a single AppID r=qdot,rbarnes
This change includes the FIDO "App ID" as part of the function used to generate
the wrapping key used in the NSS-based U2F soft token, cryptographically binding
the "Key Handle" to the site that Key Handle is intended for.

This is a breaking change with existing registered U2F keys, but since our soft
token is hidden behind a pref, it does not attempt to be backward-compatible.

- Updated for rbarnes' and qdot's reviews comments. Thanks!
- Made more strict in size restrictions, and added a version field
  to help us be this strict.
- Bugfix for an early unprotected buffer use (Thanks again rbarnes!)
- Fix a sneaky memory leak re: CryptoBuffer.ToSECItem

MozReview-Commit-ID: Jf6gNPauT4Y

--HG--
extra : rebase_source : 4ff5898e93e4a0a75576e5e54035a1cb6dd952d7
2017-02-01 15:21:04 -07:00
Iris Hsiao 940ee4003b Backed out changeset 713c0a78c2c1 (bug 1260318) for leak issue 2017-03-08 14:01:56 +08:00
J.C. Jones 8effd5c124 Bug 1260318 - Scope U2F Soft Tokens to a single AppID r=qdot,rbarnes
This change includes the FIDO "App ID" as part of the function used to generate
the wrapping key used in the NSS-based U2F soft token, cryptographically binding
the "Key Handle" to the site that Key Handle is intended for.

This is a breaking change with existing registered U2F keys, but since our soft
token is hidden behind a pref, it does not attempt to be backward-compatible.

- Updated for rbarnes' and qdot's reviews comments. Thanks!
- Made more strict in size restrictions, and added a version field
  to help us be this strict.
- Bugfix for an early unprotected buffer use (Thanks again rbarnes!)

MozReview-Commit-ID: Jf6gNPauT4Y

--HG--
extra : rebase_source : 52d10287d10698292e1480e04f580f6f8b4847cb
2017-02-01 15:21:04 -07:00
Daniel Holbert 417e3ff20b Bug 1344830: Convert to range-based 'for' loops in U2F.cpp. r=jcj
MozReview-Commit-ID: 2PRQw4Pxquq

--HG--
extra : rebase_source : 72818e2d14a90caea154f50a8ecd44ad25e2df93
2017-03-06 11:16:54 -08:00
Daniel Holbert 17a88fd2c2 Bug 1344816: Remove unused 'this' variable lambda-captures from U2F.cpp. r=jcj
MozReview-Commit-ID: 8GL2Mb7n3GU

--HG--
extra : rebase_source : 2ceb937215f8fe713eec989ce8d093a075cb3414
2017-03-06 11:05:46 -08:00
Tom Tromey 5f8f360823 Bug 1060419 - make log_print use Printf.h, r=froydnj
MozReview-Commit-ID: BIZ1GQEZ1vs

--HG--
extra : rebase_source : 2f1f0aa12493c44f352d9a7e8683e7bb72d2d75b
2016-12-15 20:16:31 -07:00
J.C. Jones 4fc5b851c3 Bug 1335899 - Tolerate token failures in U2F.cpp r=keeler
If there's a second token (say, USB anyone?) that fails early, U2F.cpp's
U2FStatus object should not be told to "stop" unless it's actually done.

So basically, in the promise failures for U2F::Sign and U2F::Register, don't
call Stop - let the stop come implicitly when no tokens respond correctly.

This changes U2FStatus to be used the same way WebAuthn does its WebAuthnRequest
object, for the same purpose.

- Review updates from Keeler; thanks!


MozReview-Commit-ID: HaTKopFakDB

--HG--
extra : rebase_source : f55918f76117abb0f120b21a742c3705c2640225
2017-02-01 15:00:34 -07:00
J.C. Jones ff0d7b7db5 Bug 1333592 - Fix a regression with U2F sign() called with multiple keys r=keeler
Add a test that U2F supports signing with multiple keys.

Reorder the WaitGroupDone calls to ensure they always fire, even if there
are multiple actions in flight.

Also, change the status lanbda captures to capture by reference, and disable
the copy constructor that would let the by-value work. Interestingly, the
compiler is choosing by-reference by default -- at least logs show that the
behavior is correct without this change, but still - this is the right thing to
do.

Updated: Fix the unit tests and write a README that explains why they have to
         use an iframe, while WebAuthn tests do not.

MozReview-Commit-ID: AqSyxU5N4yu

--HG--
extra : rebase_source : b8f18973891ba63ac364203dece65a0689f46ee5
2017-01-26 15:18:50 -07:00
Bevis Tseng 07d4b0dc79 Bug 1314833 - Part 4: Factor out AbstractThread::MainThread() used in U2F. r=billm
MozReview-Commit-ID: 7TcbTE9wab0

--HG--
extra : rebase_source : b2c090e6e154d170f185d0f59ecfb456c074d94c
2016-11-22 14:19:06 +08:00
Kyle Machulis 14bcecc66f Bug 1330138 - Divide U2F and WebAuthn into separate directories; r=jcj
MozReview-Commit-ID: FCCSL6XWhTf


--HG--
rename : dom/u2f/NSSU2FTokenRemote.cpp => dom/webauthn/NSSU2FTokenRemote.cpp
rename : dom/u2f/NSSU2FTokenRemote.h => dom/webauthn/NSSU2FTokenRemote.h
rename : dom/u2f/ScopedCredential.cpp => dom/webauthn/ScopedCredential.cpp
rename : dom/u2f/ScopedCredential.h => dom/webauthn/ScopedCredential.h
rename : dom/u2f/ScopedCredentialInfo.cpp => dom/webauthn/ScopedCredentialInfo.cpp
rename : dom/u2f/ScopedCredentialInfo.h => dom/webauthn/ScopedCredentialInfo.h
rename : dom/u2f/WebAuthnAssertion.cpp => dom/webauthn/WebAuthnAssertion.cpp
rename : dom/u2f/WebAuthnAssertion.h => dom/webauthn/WebAuthnAssertion.h
rename : dom/u2f/WebAuthnAttestation.cpp => dom/webauthn/WebAuthnAttestation.cpp
rename : dom/u2f/WebAuthnAttestation.h => dom/webauthn/WebAuthnAttestation.h
rename : dom/u2f/tests/test_webauthn_get_assertion.html => dom/webauthn/tests/test_webauthn_get_assertion.html
rename : dom/u2f/tests/test_webauthn_loopback.html => dom/webauthn/tests/test_webauthn_loopback.html
rename : dom/u2f/tests/test_webauthn_make_credential.html => dom/webauthn/tests/test_webauthn_make_credential.html
rename : dom/u2f/tests/test_webauthn_no_token.html => dom/webauthn/tests/test_webauthn_no_token.html
rename : dom/u2f/tests/test_webauthn_sameorigin.html => dom/webauthn/tests/test_webauthn_sameorigin.html
2017-01-19 14:18:32 -08:00
J.C. Jones e6dd50ba10 Bug 1309284 - Implement W3C Web Authentication JS API [part 1] r=keeler,qdot
This patch implements the W3C Web Authentication API from
https://www.w3.org/TR/webauthn/, currently the 28 September 2016
working draft.

It utilizes a tentative binding of the U2F NSS Soft Token to provide
authentication services while waiting on Bug 1245527 to support USB HID-based
U2F tokens. This binding is not in the specification yet, so it should be
considered an experiment to help the specification move fowrard.

There are also a handful of deviations from the specification's WebIDL, which
are annotated with comments in WebAuthentication.webidl.

There are no tests in this commit; they are in Part 4 of this commit series.
There is a small script online at https://webauthn.bin.coffee/ to exercise this
code, but it doesn't do any automated checks.

There are also a handful of TODOS:
1) The algorithm to relax the same-origin restriction is in Part 3.
2) The use of AlgorithmIdentifier and having a way to coerce an object to a
   string is still missing.
3) Timeouts and deadlines aren't there, and are pending reworking how
   the nsIU2FToken interface works.

UPDATED:
- Address qdot, keeler review comments (thanks!)
- Address more qdot, keeler review comments (thanks!)

MozReview-Commit-ID: JITapI38iOh

--HG--
extra : rebase_source : 9a09e852dd0c8dc47f42dabbcf8b845a6828b225
2017-01-09 13:22:49 -07:00
J.C. Jones 0f6b60fc2f Bug 1297552 - Reorder parts of U2F.cpp r=keeler
MozReview-Commit-ID: L1juEjU6AMJ

--HG--
extra : transplant_source : %7FpE%29%9C%A2%B5%40%8716%16%1C%B7%B56%F5%19VJ
2016-10-06 14:35:57 -07:00
J.C. Jones 4b548ed05e Bug 1297552 - Use MozPromise to run U2F operations in parallel. r=keeler
This patch sets up the U2F system to support multiple nsIU2FToken
"authenticators" simultaneously, such as having both a USB and a Bluetooth Smart
implementation enabled at the same time. It also paves the way to support
timeout interruptions (for Bug 1301793).

- Executes operations across a list of authenticators.
- Uses runnables, via MozPromise and SharedThreadPool.
- Remove nsNSSShutDownPreventionLock from U2F*Task and move to U2F*Runnable
- Review updates
- Some of the review updates from earlier changeset are ... painful to merge
  back before this one, so I'm just tacking them on here.

It's still missing some things, though:
- It's not actually executing the operations in parallel yet, as invoking
  methods on NSSU2FTokenRemote from a worker thread throws exceptions while
  obtaining ContentChild::GetSingleton().

MozReview-Commit-ID: EUdZQesASo2
***
Bug 1297552 - Updates per review r?keeler


MozReview-Commit-ID: EHIWM74tfYG

--HG--
extra : transplant_source : %F9%9E%9E%5B7%19R0%7D%C1%B1%FB%BD%97%26%B2%A3%9CTg
2016-10-12 20:56:56 -07:00
J.C. Jones 4f92cc6d96 Bug 1297552 - Only permit U2F operations in e10s mode r=keeler
- Breaks compatibility with non-e10s windows, as the underlying USB
  implementation from Bug 1298838 won't support non-e10s either.
- Now that U2F doesn't support non-e10s, disable tests if we're not in
  e10s mode.

MozReview-Commit-ID: 5F2323xtXEC

--HG--
extra : transplant_source : v%1Fl%C0%2AJ%26k4%89/%95v%89%12%87%94Y%3Cs
2016-10-07 17:28:52 -07:00
J.C. Jones ec6a7a9491 Bug 1297552 - Perform U2F hash operations more efficiently r=keeler
Moves hash calculations to happen only once per JS-invoked Register/Sign
operation.

MozReview-Commit-ID: FuA95qCl1rG

--HG--
extra : transplant_source : %81%A48%8D%FF%82%89M%A7%C4%11%07%B6%94M%C2U%1FY%E8
2016-10-06 13:07:17 -07:00
J.C. Jones 91e424db5d Bug 1306142 - Unchecked return code in U2F. r=keeler
The U2F.cpp code fails to test all returns from CryptoBuffer.Assign(),
leading (when OOM) to potentially empty registration keys (during Register),
or empty attestations (during Sign).

This is a protocol violation, and forced testing at Dropbox,
u2fdemo.appspot.com, and u2f.bin.coffee show that those Relying Parties'
implementations properly error out if the registration or attestation is empty,
as would happen in this instance.

As this is only on an OOM condition, it's not really feasible to add an
automated test.

Also catches one other Assign() that isn't properly returning
"NS_ERROR_OUT_OF_MEMORY".
2016-10-07 16:48:55 -07:00
Nicholas Nethercote 34dcc7b852 Bug 1299384 - Use MOZ_MUST_USE with NS_warn_if_impl(). r=erahm.
This change avoids lots of false positives for Coverity's CHECKED_RETURN
warning, caused by NS_WARN_IF's current use in both statement-style and
expression-style.

In the case where the code within the NS_WARN_IF has side-effects, I made the
following change.

> NS_WARN_IF(NS_FAILED(FunctionWithSideEffects()));
> -->
> Unused << NS_WARN_IF(NS_FAILED(FunctionWithSideEffects()));

In the case where the code within the NS_WARN_IF lacks side-effects, I made the
following change.

> NS_WARN_IF(!condWithoutSideEffects);
> -->
> NS_WARNING_ASSERTION(condWithoutSideEffects, "msg");

This has two improvements.
- The condition is not evaluated in non-debug builds.
- The sense of the condition is inverted to the familiar "this condition should
  be true" sense used in assertions.

A common variation on the side-effect-free case is the following.

> nsresult rv = Fn();
> NS_WARN_IF_(NS_FAILED(rv));
> -->
> DebugOnly<nsresult rv> = Fn();
> NS_WARNING_ASSERTION(NS_SUCCEEDED(rv), "Fn failed");

--HG--
extra : rebase_source : 58788245021096efa8372a9dc1d597a611d45611
2016-09-02 17:12:24 +10:00
Cykesiopka a16f7b0f6a Bug 1296316 - Convert nsNSSShutDownObject::CalledFromType to an enum class. r=mgoodwin
enum classes are in general safer than plain enums, and as such should be
preferred.

MozReview-Commit-ID: 1FK89SNhdk4

--HG--
extra : rebase_source : 764c4855026c02d8c9e33ca33637fec54ea5ca31
2016-08-20 23:00:19 +08:00
J.C. Jones 8524776280 Bug 1275479 - Create nsIU2FToken base interface (Part 2). r=keeler
Create a base "nsIU2FToken" interface that all tokens must implement. This
patch does not change U2F.cpp from initializing tokens monolithically, but
if/when future tokens are added, the implementer may want to do that.

MozReview-Commit-ID: GQuu6NolF4D

--HG--
extra : transplant_source : %3Fi%8E%C4n%BF%C1%DB%DB%03HjG%B5%9Ct%9EMWH
2016-05-27 13:44:20 -07:00
J.C. Jones a253e31ba2 Bug 1275479 - Refactor U2F Token Interface (Part 1). r=keeler
Rework U2F.cpp to use a collection of nsINSSU2FToken for U2F/WebAuth operations.

MozReview-Commit-ID: 9qwllawzOWh

--HG--
extra : transplant_source : %E1%7B%15%AEp%8C%1A%3C%E5%9F%13%D1%B3%1D%BB%C2%88%07%0AX
2016-05-31 20:51:24 -07:00
J.C. Jones f55c5966d7 Bug 1264472 - Use nsRunnables in FIDO U2F. r=keeler
- Move the AppID/FacetID algorithm into its own (potentially reentrant) method
  to facilitate Bug 1244959
- Change the Register and Sign operations to be Runnables so that in the future
  they can be executed after (future) remote fetches
- Clean up error handling
- Remove unnecessary remote-load Facet test files; we'll re-add some form of
  them when the remote load algorithm is completed

MozReview-Commit-ID: 4K1q6ovzhgf

--HG--
extra : transplant_source : /%7F/%96o1%3E%5E%17%20%A2%D0%AA%10%21%88%19%D9%B3%C9
extra : histedit_source : 4d3c61294951920a22e1f1eb7846a2a03f7cd2f0
2016-04-18 14:49:07 -07:00
J.C. Jones 9c17f635f9 Bug 1244960 - FIDO u2f NSSToken (Part 4): Correct FacetID base algorithm. r=keeler
Work on the FacetID/AppID algorithm showed this patch had incorrect usage of
the eTLD+1 checking, so this patch removes those checks until the more
sophisticated algorithm lands in Bug 1244959.

MozReview-Commit-ID: 2k6N5AU0J68

--HG--
extra : transplant_source : %B7n%17%00%DF%AB%F4OG%7E%D1%F0p%B1%AC%9Bq%C9%2B%D0
2016-04-13 10:32:25 -07:00
J.C. Jones 358a9ece05 Bug 1244960 - FIDO u2f NSSToken (Part 3): Review updates. r=keeler
MozReview-Commit-ID: FkPHy9GGarU

--HG--
extra : transplant_source : %8Dd0%BA%FD%E93%8E%A7%C5%01Cn%02%0F%0C%3E%5D%9C%96
2016-04-13 10:20:37 -07:00
J.C. Jones 63f7ce5155 Bug 1244960 - Complete FIDO u2f NSSToken (Part 1). r=keeler, r=baku
- Merge in test changes from Bug 1255784.
- Remove the unnecessary mutex
- Stop doing direct memory work in NSS Token
- Clean up direct memory work in ContentParent
- In order to store persistent crypto parameters, the NSSToken had to move
  onto the main thread and be interfaced with via IDL/IPDL.
- Support Register/Sign via NSS using a long-lived secret key
- Rename the softtoken/usbtoken "enable" prefs, because of hierarchy issues
  with the WebIDL Pref shadowing.
- Also orders the includes on nsNSSModule.cpp
- Attestation Certificates are in Part 2.

Updates per keeler review comments:

- Use //-style comments everywhere
- Refactor the PrivateKeyFromKeyHandle method
- Rename the logging and fix extraneous NS_WARN_IF/logging combinations
- Other updates from review

April 11-12:

- Correct usage of the "usageCount" flag for PK11_UnwrapPrivKey
- Rebase up to latest

April 15:
- Rebase to latest

MozReview-Commit-ID: 6T8jNmwFvHJ

--HG--
extra : transplant_source : w%26%CES%2Cu%04%3EAl%04%2Cb%E2v%C9%08%3A%CC%F4
2016-04-15 09:29:12 -07:00
J.C. Jones 70bc936cba Bug 1231681 - "Implement window.u2f interface". r=baku, r=dkeeler 2016-02-09 16:43:00 +01:00