Summary:
We currently call ChildActor.send__delete() when clearing an active transaction
and thereby destroy the child actor. If that happens, e.g. due to a tab switch,
while a message is in the IPC buffer waiting to be delivered, we crash.
This patch creates the child actor lazily as before, but keeps it around until
the WebAuthnManager goes away, which will be at process shutdown.
Each transaction now has a unique id, that the parent process will include in
any of the ConfirmRegister, ConfirmSign, or Abort messages. That way we can
easily ignore stale messages that were in the buffer while we started a new
transaction or cancelled the current one.
Reviewers: jcj
Reviewed By: jcj
Bug #: 1403818
Differential Revision: https://phabricator.services.mozilla.com/D149
Summary:
With both managers storing transaction infos in `Maybe<Info> mTransaction` now,
it occurred to me that we can't actually assert that
`mTransaction.isSome() == true` when we receive a message.
At least with the U2F API the request could be cancelled (and mTransaction
cleared) while there's a pending completion message. For WebAuthn it probably
doesn't hurt to handle this properly either.
(As a bonus, I snuck in the removal of an unused enum.)
Reviewers: jcj
Reviewed By: jcj
Bug #: 1410428
Differential Revision: https://phabricator.services.mozilla.com/D145
Summary:
This patch aims to clean up the U2FManager's state machine, especially to make
cancellation of transactions clearer. To fix bug 1403818, we'll have to later
introduce a unique id that is forwarded to the U2FTokenManager.
There are multiple stages of cancellation/cleanup after a transaction was
started. All of the places where we previously called Cancel() or
MaybeClearTransaction() are listed below:
[stage 1] ClearTransaction
This is the most basic stage, we only clean up what information we have about
the current transaction. This means that the request was completed successfully.
It is used at the end of FinishRegister() and FinishSign().
[stage 2] RejectTransaction
The second stage will reject the transaction promise we returned to the caller.
Then it will call ClearTransaction, i.e. stage 1. It is used when one of the
two Finish*() functions aborts before completion, or when the parent process
sends a RequestAborted message.
[stage 2b] MaybeRejectTransaction
This is the same as stage 2, but will only run if there's an active transaction.
It is used by ~U2FManager() to reject and clean up when we the manager goes
away.
[stage 3] CancelTransaction
The third stage sends a "Cancel" message to the parent process before rejecting
the transaction promise (stage 2) and cleaning up (stage 1). It's used by
HandleEvent(), i.e. the document becomes inactive.
[stage 3b] MaybeCancelTransaction
This is the same as stage 3, but will only run if there's an active transaction.
It is used at the top of Register() and Sign() so that any active transaction
is cancelled before we handle a new request. It's also used by U2F::Cancel()
as long as bug 1410346 isn't fixed.
Reviewers: jcj
Reviewed By: jcj
Bug #: 1410345
Differential Revision: https://phabricator.services.mozilla.com/D144
Summary:
We can simplify and reduce the {WebAuthn,U2F}Manager code by removing these
methods and sending messages directly from closures.
Reviewers: jcj
Reviewed By: jcj
Bug #: 1409357
Differential Revision: https://phabricator.services.mozilla.com/D131
Summary:
Both files declare a few methods as public that we can make private. Let's
seize the chance to rearrange declarations such that they reflect the message
model better.
Reviewers: jcj
Reviewed By: jcj
Bug #: 1409135
Differential Revision: https://phabricator.services.mozilla.com/D128
--HG--
extra : amend_source : 8f7a9d92ec81253847c44d92c71ea00cc8753bd1
Summary:
We currently allow sending a "Cancel" message from the child to abort a running
transaction, e.g. when the user switches away from the currently active tab.
We have a message with the same name "Cancel" sent by the parent when the
transaction is aborted due to failure somewhere in the token manager.
This patch renames abort messages from the parent to "Abort" to clarify the
purpose of the message.
Reviewers: jcj
Reviewed By: jcj
Bug #: 1409116
Differential Revision: https://phabricator.services.mozilla.com/D127
--HG--
extra : amend_source : ee6767965ad928033eb23b258aacf54bbaf57d2d
Summary: It seems like a good idea to call AssertIsOnBackgroundThread() in the WebAuthnTransactionParent and U2FTransactionParent methods. They should never be called on any other thread. (Other BPImpls are doing the same.)
Reviewers: jcj
Reviewed By: jcj
Bug #: 1407179
Differential Revision: https://phabricator.services.mozilla.com/D105
In Comment 8 of Bug 1244959 [1], Brad Hill argues that instead of leaving our
U2F Facet support completely half-way, that we could use the Public Suffix logic
introduced into HTML for W3C Web Authentication (the method named
IsRegistrableDomainSuffixOfOrEqualTo) to scope the FIDO AppID to an eTLD+1
hierarchy. This is a deviation from the FIDO specification, but doesn't break
anything that currently works with our U2F implementation, and theoretically
enables sites that otherwise need an external FacetID fetch which we aren't
implementing.
The downside to this is that it's then Firefox-specific behavior. But since this
isn't a shipped feature, we have more room to experiment. As an additional
bonus, it encourages U2F sites to use the upcoming Web Authentication security
model, which will help them prepare to adopt the newer standard.
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1244959#c8
MozReview-Commit-ID: DzNVhHT9qRL
--HG--
extra : rebase_source : 262e2ddbec325e0391d346473f27ae2738490da1
There's an intermittent on the call attestationCert.verify() to test the self-
signed cert from our not-shipped software U2F implementation. Collection of the
intermittents shows these certs are fine, and should verify correctly, but they
don't. The bug must be in pki.js, which is out-of-scope as we only use it for
mochitests.
This patch removes the offending call to xxxx.verify(), because it doesn't
really matter whether the self-signed-cert looks OK to pki.js; we just need
the public key from inside it to proceed with the rest of the tests.
As an example of a so-called "invalid" self-signed cert that failed, we have:
https://treeherder.mozilla.org/logviewer.html#?repo=mozilla-central&job_id=134282931&lineNumber=2673
-----BEGIN CERTIFICATE-----
MIIBMTCB2aADAgECAgUA55x6LTAKBggqhkjOPQQDAjAhMR8wHQYDVQQDExZGaXJl
Zm94IFUyRiBTb2Z0IFRva2VuMB4XDTE3MDkzMDE5MjIzMloXDTE3MTAwMjE5MjIz
MlowITEfMB0GA1UEAxMWRmlyZWZveCBVMkYgU29mdCBUb2tlbjBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABIWu4L8ky7s8I7qVv+JwMRHpippH4b6h7rN0jlKpFbHK
hnEwaCPLrTx04Eh9xT4GK9JWuuP759hnAxsWD5wk0H0wCgYIKoZIzj0EAwIDRwAw
RAIgRIeRcn6LkwU8VOmX+mdQ3jUQrUOp5f2xH/qBECGi5EcCIADBjsm/EDKkAwLZ
pGdX7+N+kgf9No4uuLV4dsNVJ1pa
-----END CERTIFICATE-----
There's nothing wrong with this cert, actually. Checking it with OpenSSL shows
all OK:
openssl verify -purpose any -CAfile /tmp/cert2.pem /tmp/cert2.pem
/tmp/cert2.pem: OK
So this intermittent is a bug outside of our U2F and U2F test soft token code.
MozReview-Commit-ID: K142toVWtcv
--HG--
extra : rebase_source : 3c31a407e27cd5c6e7a1a4f1287f17f56f80daaa
There's an intermittent that is showing up now that test_register_sign.html
checks state.attestationCert.verify(); to ensure hte SoftToken's certificate
is valid. This patch prints the offending certificate when it's encountered,
to help diagnose the root cause.
MozReview-Commit-ID: 4QSobq9fBGK
I wasn't sure what the right behavior for the U2F API is when `.sign()`
or `.register()` is called but there's an ongoing request that wasn't fulfilled
yet.
I think it makes sense to deny the request (as we currently do) when a request
of the same type is currently active. When however sign() -> register() or
vice-versa is called then we should cancel the previous request and start
the new one. From what I understand from reading the spec we definitely should
call the callback before starting the new request.
Bug #: 1401019
Differential Revision: https://phabricator.services.mozilla.com/D70
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for prefs and scheme,
and generally made these cleaner.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : transplant_source : %EA%98%D2%87C%FD%CC%A5%3D%B5%9B%1C%DA%A5J%CD%05%94%13%0D
We have a minimum requirement of VS 2015 for Windows builds, which supports
the z length modifier for format specifiers. So we don't need SizePrintfMacros.h
any more, and can just use %zu and friends directly everywhere.
MozReview-Commit-ID: 6s78RvPFMzv
--HG--
extra : rebase_source : 009ea39eb4dac1c927aa03e4f97d8ab673de8a0e
This change disables the test dom/u2f/tests/test_multiple_keys.html, as it
is being prompted by some mis-use of the IPC system. All IPC for this component,
U2F, is being reworked currently in Bug 1323339, so fixing this really falls to
that bug. Bug 1347374 is filed to re-enable this test after the IPC rework.
MozReview-Commit-ID: BQCk7Muz53c
This is a cheezy fix to u2f/tests/frame_multiple_keys.html to try and fix
the ongoing intermittents. It's cheesy because it changes this from a
HTTPS-scheme test to HTTP, which is kind of a negative change, and shouldn't
do anything to help. It does, however, make this test look identical to the
other u2f tests which _don't_ have this intermittent issue. If this commit
fixes the problem then I'll know more about this strange failure case.
MozReview-Commit-ID: JXXFshJ6AGq
--HG--
extra : rebase_source : 83b09430d36904bba49037060f615f1b7a2d9078
This change includes the FIDO "App ID" as part of the function used to generate
the wrapping key used in the NSS-based U2F soft token, cryptographically binding
the "Key Handle" to the site that Key Handle is intended for.
This is a breaking change with existing registered U2F keys, but since our soft
token is hidden behind a pref, it does not attempt to be backward-compatible.
- Updated for rbarnes' and qdot's reviews comments. Thanks!
- Made more strict in size restrictions, and added a version field
to help us be this strict.
- Bugfix for an early unprotected buffer use (Thanks again rbarnes!)
- Fix a sneaky memory leak re: CryptoBuffer.ToSECItem
MozReview-Commit-ID: Jf6gNPauT4Y
--HG--
extra : rebase_source : 4ff5898e93e4a0a75576e5e54035a1cb6dd952d7
This change includes the FIDO "App ID" as part of the function used to generate
the wrapping key used in the NSS-based U2F soft token, cryptographically binding
the "Key Handle" to the site that Key Handle is intended for.
This is a breaking change with existing registered U2F keys, but since our soft
token is hidden behind a pref, it does not attempt to be backward-compatible.
- Updated for rbarnes' and qdot's reviews comments. Thanks!
- Made more strict in size restrictions, and added a version field
to help us be this strict.
- Bugfix for an early unprotected buffer use (Thanks again rbarnes!)
MozReview-Commit-ID: Jf6gNPauT4Y
--HG--
extra : rebase_source : 52d10287d10698292e1480e04f580f6f8b4847cb
If there's a second token (say, USB anyone?) that fails early, U2F.cpp's
U2FStatus object should not be told to "stop" unless it's actually done.
So basically, in the promise failures for U2F::Sign and U2F::Register, don't
call Stop - let the stop come implicitly when no tokens respond correctly.
This changes U2FStatus to be used the same way WebAuthn does its WebAuthnRequest
object, for the same purpose.
- Review updates from Keeler; thanks!
MozReview-Commit-ID: HaTKopFakDB
--HG--
extra : rebase_source : f55918f76117abb0f120b21a742c3705c2640225
Add a test that U2F supports signing with multiple keys.
Reorder the WaitGroupDone calls to ensure they always fire, even if there
are multiple actions in flight.
Also, change the status lanbda captures to capture by reference, and disable
the copy constructor that would let the by-value work. Interestingly, the
compiler is choosing by-reference by default -- at least logs show that the
behavior is correct without this change, but still - this is the right thing to
do.
Updated: Fix the unit tests and write a README that explains why they have to
use an iframe, while WebAuthn tests do not.
MozReview-Commit-ID: AqSyxU5N4yu
--HG--
extra : rebase_source : b8f18973891ba63ac364203dece65a0689f46ee5
This uses the new mochitest "scheme" option from Bug 1286312. This cannot land
until after Bug 1286312 does.
For now, you can test locally by adding
--setpref dom.securecontext.whitelist=mochi.test
to your command line, such as:
~/hg/mozilla-central/mach mochitest \
--setpref dom.securecontext.whitelist=mochi.test ./dom/u2f/tests/
Updated:
Review fixes (thanks keeler!)
MozReview-Commit-ID: 7jTxF3Mrtcg
--HG--
extra : rebase_source : 72c24bdc028e440705598c694f3c4119d5304d83
The WebAuthn specification calls for running the HTML5.1 algorithm that
occurs when you modify document.domain from JS, and use that algorithm's
output for the "Relying Party ID" through the rest of the WebAuthn algorithm.
This code paves the way for that to be added in Bug 1329764, once the spec
issues upstream are resolved.
MozReview-Commit-ID: DNNcr3Gh1Be
--HG--
extra : rebase_source : f9e956fcb7c4b1418bbab5d45dec684c0c20b00b
Add more debugging information to signing operations for the NSS Soft Token.
Bugfixes in WebAuthentication.cpp:
- Calculate ArrayBuffer/View before using.
- Fix an instance where we should return NotSupportedError.
- Fix several instances where we should return Out Of Memory.
- Fix a MozPromise assertion that occurs in GetAssertion if you coerce an early
return.
- Mark all constructors explicit.
MozReview-Commit-ID: DQWHqZIlau9
--HG--
extra : rebase_source : f0f2bdde650e61c90b9b47c20c2427f1340f2d97
This patch implements the W3C Web Authentication API from
https://www.w3.org/TR/webauthn/, currently the 28 September 2016
working draft.
It utilizes a tentative binding of the U2F NSS Soft Token to provide
authentication services while waiting on Bug 1245527 to support USB HID-based
U2F tokens. This binding is not in the specification yet, so it should be
considered an experiment to help the specification move fowrard.
There are also a handful of deviations from the specification's WebIDL, which
are annotated with comments in WebAuthentication.webidl.
There are no tests in this commit; they are in Part 4 of this commit series.
There is a small script online at https://webauthn.bin.coffee/ to exercise this
code, but it doesn't do any automated checks.
There are also a handful of TODOS:
1) The algorithm to relax the same-origin restriction is in Part 3.
2) The use of AlgorithmIdentifier and having a way to coerce an object to a
string is still missing.
3) Timeouts and deadlines aren't there, and are pending reworking how
the nsIU2FToken interface works.
UPDATED:
- Address qdot, keeler review comments (thanks!)
- Address more qdot, keeler review comments (thanks!)
MozReview-Commit-ID: JITapI38iOh
--HG--
extra : rebase_source : 9a09e852dd0c8dc47f42dabbcf8b845a6828b225
This patch sets up the U2F system to support multiple nsIU2FToken
"authenticators" simultaneously, such as having both a USB and a Bluetooth Smart
implementation enabled at the same time. It also paves the way to support
timeout interruptions (for Bug 1301793).
- Executes operations across a list of authenticators.
- Uses runnables, via MozPromise and SharedThreadPool.
- Remove nsNSSShutDownPreventionLock from U2F*Task and move to U2F*Runnable
- Review updates
- Some of the review updates from earlier changeset are ... painful to merge
back before this one, so I'm just tacking them on here.
It's still missing some things, though:
- It's not actually executing the operations in parallel yet, as invoking
methods on NSSU2FTokenRemote from a worker thread throws exceptions while
obtaining ContentChild::GetSingleton().
MozReview-Commit-ID: EUdZQesASo2
***
Bug 1297552 - Updates per review r?keeler
MozReview-Commit-ID: EHIWM74tfYG
--HG--
extra : transplant_source : %F9%9E%9E%5B7%19R0%7D%C1%B1%FB%BD%97%26%B2%A3%9CTg
- Breaks compatibility with non-e10s windows, as the underlying USB
implementation from Bug 1298838 won't support non-e10s either.
- Now that U2F doesn't support non-e10s, disable tests if we're not in
e10s mode.
MozReview-Commit-ID: 5F2323xtXEC
--HG--
extra : transplant_source : v%1Fl%C0%2AJ%26k4%89/%95v%89%12%87%94Y%3Cs
Moves hash calculations to happen only once per JS-invoked Register/Sign
operation.
MozReview-Commit-ID: FuA95qCl1rG
--HG--
extra : transplant_source : %81%A48%8D%FF%82%89M%A7%C4%11%07%B6%94M%C2U%1FY%E8
The U2F.cpp code fails to test all returns from CryptoBuffer.Assign(),
leading (when OOM) to potentially empty registration keys (during Register),
or empty attestations (during Sign).
This is a protocol violation, and forced testing at Dropbox,
u2fdemo.appspot.com, and u2f.bin.coffee show that those Relying Parties'
implementations properly error out if the registration or attestation is empty,
as would happen in this instance.
As this is only on an OOM condition, it's not really feasible to add an
automated test.
Also catches one other Assign() that isn't properly returning
"NS_ERROR_OUT_OF_MEMORY".
This is reworking the U2F tests to do two things:
1) Don't run all the tests in one big frame; that makes it hard to tell
what test is actually dying in Treeherder.
2) Fix the obvious possible test races with the async functions which could be
causing the intermittent
- Review updates per keeler
- Change inappropriate uses of 'var' to 'let' in u2futil.js (kudos, keeler)
- Rework frame_no_token.html to follow the same pattern as the others
- Catch unexpected messages on the u2f testing harness
- Update 2: Go back to a pre-set number of expected async tests.
MozReview-Commit-ID: 6uLt5O1lUa3
--HG--
rename : dom/u2f/tests/test_frame_appid_facet.html => dom/u2f/tests/frame_appid_facet.html
rename : dom/u2f/tests/test_frame_appid_facet_insecure.html => dom/u2f/tests/frame_appid_facet_insecure.html
rename : dom/u2f/tests/test_frame_appid_facet_subdomain.html => dom/u2f/tests/frame_appid_facet_subdomain.html
rename : dom/u2f/tests/test_frame_register.html => dom/u2f/tests/frame_register.html
rename : dom/u2f/tests/test_frame_register_sign.html => dom/u2f/tests/frame_register_sign.html
extra : rebase_source : 1255bd8ba17a141c3c8205a277c06c483540de90
This change avoids lots of false positives for Coverity's CHECKED_RETURN
warning, caused by NS_WARN_IF's current use in both statement-style and
expression-style.
In the case where the code within the NS_WARN_IF has side-effects, I made the
following change.
> NS_WARN_IF(NS_FAILED(FunctionWithSideEffects()));
> -->
> Unused << NS_WARN_IF(NS_FAILED(FunctionWithSideEffects()));
In the case where the code within the NS_WARN_IF lacks side-effects, I made the
following change.
> NS_WARN_IF(!condWithoutSideEffects);
> -->
> NS_WARNING_ASSERTION(condWithoutSideEffects, "msg");
This has two improvements.
- The condition is not evaluated in non-debug builds.
- The sense of the condition is inverted to the familiar "this condition should
be true" sense used in assertions.
A common variation on the side-effect-free case is the following.
> nsresult rv = Fn();
> NS_WARN_IF_(NS_FAILED(rv));
> -->
> DebugOnly<nsresult rv> = Fn();
> NS_WARNING_ASSERTION(NS_SUCCEEDED(rv), "Fn failed");
--HG--
extra : rebase_source : 58788245021096efa8372a9dc1d597a611d45611
enum classes are in general safer than plain enums, and as such should be
preferred.
MozReview-Commit-ID: 1FK89SNhdk4
--HG--
extra : rebase_source : 764c4855026c02d8c9e33ca33637fec54ea5ca31
This removes the unnecessary setting of c-basic-offset from all
python-mode files.
This was automatically generated using
perl -pi -e 's/; *c-basic-offset: *[0-9]+//'
... on the affected files.
The bulk of these files are moz.build files but there a few others as
well.
MozReview-Commit-ID: 2pPf3DEiZqx
--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
Create a base "nsIU2FToken" interface that all tokens must implement. This
patch does not change U2F.cpp from initializing tokens monolithically, but
if/when future tokens are added, the implementer may want to do that.
MozReview-Commit-ID: GQuu6NolF4D
--HG--
extra : transplant_source : %3Fi%8E%C4n%BF%C1%DB%DB%03HjG%B5%9Ct%9EMWH
Rework U2F.cpp to use a collection of nsINSSU2FToken for U2F/WebAuth operations.
MozReview-Commit-ID: 9qwllawzOWh
--HG--
extra : transplant_source : %E1%7B%15%AEp%8C%1A%3C%E5%9F%13%D1%B3%1D%BB%C2%88%07%0AX
- The u2futil.js script's verifySignature method was causing an intermittent
in test_frame_register_sign.html due to incomplete ASN.1 decoding. Since
we're calready pulling in an ASN.1 parsing library, this changes that code to
do a complete parse and santizize, which should cover all cases.
MozReview-Commit-ID: 9kDWT2KUFdq
--HG--
extra : transplant_source : %A9CD%CD%E7E%11s%0A%82ls%5B%7B%80jQ%FC%FE%0B
- Move the AppID/FacetID algorithm into its own (potentially reentrant) method
to facilitate Bug 1244959
- Change the Register and Sign operations to be Runnables so that in the future
they can be executed after (future) remote fetches
- Clean up error handling
- Remove unnecessary remote-load Facet test files; we'll re-add some form of
them when the remote load algorithm is completed
MozReview-Commit-ID: 4K1q6ovzhgf
--HG--
extra : transplant_source : /%7F/%96o1%3E%5E%17%20%A2%D0%AA%10%21%88%19%D9%B3%C9
extra : histedit_source : 4d3c61294951920a22e1f1eb7846a2a03f7cd2f0
Work on the FacetID/AppID algorithm showed this patch had incorrect usage of
the eTLD+1 checking, so this patch removes those checks until the more
sophisticated algorithm lands in Bug 1244959.
MozReview-Commit-ID: 2k6N5AU0J68
--HG--
extra : transplant_source : %B7n%17%00%DF%AB%F4OG%7E%D1%F0p%B1%AC%9Bq%C9%2B%D0
- Add an ephemeral self-signed Attestation Cert to NSSToken
- A new one is generated at each call to Register; this is allowed by the
protocol, and avoids fingerprinting if the NSSToken is in use.
- This now passes at https://u2fdemo.appspot.com/
MozReview-Commit-ID: Aq61MuX9oSD
--HG--
extra : transplant_source : %C1%00n6%22%01%E7q%B4/%D8-%C5W%D4%E6%86%14%25%C2
- Merge in test changes from Bug 1255784.
- Remove the unnecessary mutex
- Stop doing direct memory work in NSS Token
- Clean up direct memory work in ContentParent
- In order to store persistent crypto parameters, the NSSToken had to move
onto the main thread and be interfaced with via IDL/IPDL.
- Support Register/Sign via NSS using a long-lived secret key
- Rename the softtoken/usbtoken "enable" prefs, because of hierarchy issues
with the WebIDL Pref shadowing.
- Also orders the includes on nsNSSModule.cpp
- Attestation Certificates are in Part 2.
Updates per keeler review comments:
- Use //-style comments everywhere
- Refactor the PrivateKeyFromKeyHandle method
- Rename the logging and fix extraneous NS_WARN_IF/logging combinations
- Other updates from review
April 11-12:
- Correct usage of the "usageCount" flag for PK11_UnwrapPrivKey
- Rebase up to latest
April 15:
- Rebase to latest
MozReview-Commit-ID: 6T8jNmwFvHJ
--HG--
extra : transplant_source : w%26%CES%2Cu%04%3EAl%04%2Cb%E2v%C9%08%3A%CC%F4
Tim Taubert
Andrea Marchesini
J.C. Jones
Phil Ringnalda
Kartikaya Gupta
Bill McCloskey
Carsten "Tomcat" Book
Bevis Tseng
Iris Hsiao
Daniel Holbert
Tom Tromey
Joel Maher
Sebastian Hengst
Kyle Machulis
Florian Quèze
Andi-Bogdan Postelnicu
Nicholas Nethercote
Cykesiopka
Kyle Huey
J.C. Jones