Граф коммитов

103 Коммитов

Автор SHA1 Сообщение Дата
Tooru Fujisawa ebe7394edf Bug 1259822 - Show property key in the error message when target object value is null or undefined. r=jorendorff 2018-08-24 13:22:13 +09:00
Jeff Gilbert 5b753da289 Bug 1470325 - s/FooBinding/Foo_Binding/g - r=qdot
MozReview-Commit-ID: JtTcLL5OPF0
2018-06-26 17:05:01 -07:00
Miko Mynttinen 4c85ef17cc Bug 1465060 - Part 1: Fix warnings for std::move() use r=froydnj
MozReview-Commit-ID: HpdFXqQdIOO

--HG--
extra : rebase_source : 1e7eea4f2d4ec16ec0c559a8afb26976ddbf4d07
2018-06-01 17:59:07 +02:00
arthur.iakab 7e765f798b Backed out 2 changesets (bug 1465060) for build bustages on security/sandbox/linux/reporter/SandboxReporter.cpp
Backed out changeset 7c8905b6b226 (bug 1465060)
Backed out changeset 10446073eca8 (bug 1465060)
2018-06-03 19:25:41 +03:00
Miko Mynttinen 8d9dc85cd4 Bug 1465060 - Part 1: Fix warnings for std::move() use r=froydnj
MozReview-Commit-ID: HpdFXqQdIOO

--HG--
extra : rebase_source : 619d0e0ff63a2453c80f0c4d9beb906d43fa9b01
2018-06-01 17:59:07 +02:00
Emilio Cobos Álvarez fffb25b74f Bug 1465585: Switch from mozilla::Move to std::move. r=froydnj
This was done automatically replacing:

  s/mozilla::Move/std::move/
  s/ Move(/ std::move(/
  s/(Move(/(std::move(/

Removing the 'using mozilla::Move;' lines.

And then with a few manual fixups, see the bug for the split series..

MozReview-Commit-ID: Jxze3adipUh
2018-06-01 10:45:27 +02:00
Tim Taubert 2a252e45a4 Bug 1464015 - Web Authentication - Rework IPC layer for future Android/Windows support r=jcj
Reviewers: jcj

Reviewed By: jcj

Subscribers: mgoodwin

Bug #: 1464015

Differential Revision: https://phabricator.services.mozilla.com/D1378
2018-05-30 16:06:09 +02:00
J.C. Jones b1cbda2eea Bug 1460767 - Return device ineligible when appropriate for U2F r=ttaubert
Summary:
FIDO U2F's specification says that when the wrong security key responds to a
signature, or when an already-registered key exists, that the UA should return
error code 4, DEVICE_INELIGIBLE. We used to do that, but adjusted some things
for WebAuthn and now we don't. This changes the soft token to return that at
the appropriate times, and updates the expectations of U2F.cpp that it should
use InvalidStateError as the signal to reutrn DEVICE_INELIGIBLE.

Also, note that WebAuthn's specification says that if any authenticator returns
"InvalidStateError" that it should be propagated, as it indicates that the
authenticator obtained user consent and failed to complete its job [1].

This change to the Soft Token affects the WebAuthn tests, but in a good way.
Reading the WebAuthn spec, we should not be returning NotAllowedError when there
is consent from the user via the token (which the softtoken always deliveres).

As such, this adjusts the affected WebAuthn tests, and adds a couple useful
checks to test_webauthn_get_assertion.html for future purposes.

[1] https://w3c.github.io/webauthn/#createCredential section 5.1.3 "Create a new
    credential", Step 20, Note 2: "If any authenticator returns an error status
    equivalent to "InvalidStateError"..."

Test Plan: https://treeherder.mozilla.org/#/jobs?repo=try&revision=f2fc930f7fc8eea69b1ebc96748fe95e150a92a4

Reviewers: ttaubert

Bug #: 1460767

Differential Revision: https://phabricator.services.mozilla.com/D1269

--HG--
extra : transplant_source : M%5B%93%81%29%7E%B2%E8%24%05%A6%96%8BUN%C9%FB%3E%B3h
2018-05-10 16:36:18 -07:00
Kris Maglione 219ed0cc06 Bug 1454813: Part 2b - Rename SpawnTask.js to AddTask.js. r=florian
The old name no longer makes sense, since it no longer exports an spawn_task
symbol, and add_task is what we really care about.

MozReview-Commit-ID: IE7B8Czv8DH

--HG--
rename : testing/mochitest/tests/SimpleTest/SpawnTask.js => testing/mochitest/tests/SimpleTest/AddTask.js
extra : rebase_source : 03bca5aa69a7625a49b4455a6c96ce4c59de3a5a
2018-04-18 11:43:45 -07:00
Tooru Fujisawa 1adba8c1fc Bug 1442465 - Part 4.2: Stop unnecessarily awaiting on BrowserTestUtils.removeTab (simple part). r=dao 2018-03-19 11:16:45 +09:00
Tim Taubert 6ded2cf370 Bug 1430150 - Implement WebAuthentication permission prompts r=jcj,johannh
Reviewers: jcj, johannh

Reviewed By: jcj, johannh

Bug #: 1430150

Differential Revision: https://phabricator.services.mozilla.com/D638

--HG--
rename : dom/webauthn/tests/cbor/cbor.js => dom/webauthn/tests/cbor.js
extra : amend_source : f137c2aebea5797cd07d4500cb71c2b9be4e4844
2018-03-11 18:47:14 +01:00
Tim Taubert 0af61da4ec Bug 1406471 - Web Authentication - Implement FIDO AppID Extension r=jcj,smaug
Reviewers: jcj, smaug

Reviewed By: jcj

Bug #: 1406471

Differential Revision: https://phabricator.services.mozilla.com/D595
2018-02-22 10:53:49 +01:00
Tim Taubert 0f8c5589b8 Bug 1437616 - Fix Windows bustage on a CLOSED TREE r=me 2018-02-12 21:46:11 +01:00
Tim Taubert bc18da5fe7 Bug 1437616 - Use proper WebAuthn result types defined in the .pidl r=jcj
Reviewers: jcj

Reviewed By: jcj

Bug #: 1437616

Differential Revision: https://phabricator.services.mozilla.com/D582
2018-02-12 21:08:54 +01:00
J.C. Jones baed063f21 Bug 1436078 - Hard-code U2F permissions for Google Accounts r=ttaubert
This patch support already-enrolled U2F devices at Google Accounts by adding a
hard-coded "OK" into the U2F EvaluateAppID method, per the intent-to-ship [1].

This adds no tests, as this is not testable in our infrastructure. It will
require cooporation with Google Accounts to validate.

[1] https://groups.google.com/d/msg/mozilla.dev.platform/Uiu3fwnA2xw/201ynAiPAQAJ

MozReview-Commit-ID: 1YLd5sfeTKv

--HG--
extra : rebase_source : 96bfb92819be2c6e549dae0a5df0525587f894b8
2018-02-06 16:59:00 -07:00
Dorel Luca efcf9560cb Backed out changeset 89ac5a28c228 (bug 1436078) for build bustage on multiple platforms on a CLOSED TREE
--HG--
extra : amend_source : 7ee1cef1a20118db34783bae4631e79191439a44
2018-02-07 17:42:52 +02:00
J.C. Jones a0b8058fdf Bug 1436078 - Hard-code U2F permissions for Google Accounts r=ttaubert
This patch support already-enrolled U2F devices at Google Accounts by adding a
hard-coded "OK" into the U2F EvaluateAppID method, per the intent-to-ship [1].

This adds no tests, as this is not testable in our infrastructure. It will
require cooporation with Google Accounts to validate.

[1] https://groups.google.com/d/msg/mozilla.dev.platform/Uiu3fwnA2xw/201ynAiPAQAJ

MozReview-Commit-ID: 1YLd5sfeTKv

--HG--
extra : rebase_source : bfdb407cec61c4f4e5efaf85d1590fe287aaea4c
2018-02-06 16:59:00 -07:00
Tim Taubert c3180f09e1 Bug 1406467 - Web Authentication - WD-07 Updates to Make Assertion r=jcj,smaug
Summary:
Add support for PublicKeyCredentialRequestOptions.userVerification. For now
this basically means that we'll abort the operation with NotAllowed, as we
don't support user verification yet.

Pass PublicKeyCredentialDescriptor.transports through to the token manager
implementations. The softoken will ignore those and pretend to support all
transports defined by the spec. The USB HID token will check for the "usb"
transport and either ignore credentials accordingly, or abort the operation.

Note: The `UserVerificationRequirement` in WebIDL is defined at https://w3c.github.io/webauthn/#assertion-options

Reviewers: jcj, smaug

Reviewed By: jcj, smaug

Bug #: 1406467

Differential Revision: https://phabricator.services.mozilla.com/D338

--HG--
extra : amend_source : 314cadb3bc40bbbee2a414bc5f13caed55f9d720
2018-01-09 07:27:35 +01:00
J.C. Jones dccb7bcf7c Bug 1247124 - Limit FIDO U2F to Secure Contexts r=ttaubert,smaug
Use the [SecureContext] webidl notation to hide the powerful "window.u2f"
feature and its interface when not loaded in a secure context.

MozReview-Commit-ID: 7en8b5ieI85
2017-12-13 17:02:38 -06:00
Tim Taubert 975f015349 Bug 1422661 - Fix U2F test failures in new microtask scheduling r=jcj
Summary:
Ensure that transactions are cleared before U2FCallbacks are called, to allow
reentrancy from microtask checkpoints.

Move the two possible callbacks into U2FTransaction so we have nicer invariants
and know that there's a callback as long as we have a transaction.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1422661

Differential Revision: https://phabricator.services.mozilla.com/D329

--HG--
extra : amend_source : 7097f38199a5bc4a215377e4f1a64079cf6d6a24
2017-12-08 16:55:52 +01:00
Tim Taubert b5c19b9f90 Bug 1396907 - Abstract a BaseAuthManager for dom/u2f and dom/webauthn r=jcj
Summary: We can probably abstract more stuff in the future, but this seems like a good start.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1396907

Differential Revision: https://phabricator.services.mozilla.com/D323
2017-12-06 18:41:58 +01:00
Tim Taubert 91a23b2116 Bug 1421723 - Allow localhost as appId for U2F r=jcj
Reviewers: jcj

Reviewed By: jcj

Bug #: 1421723

Differential Revision: https://phabricator.services.mozilla.com/D321
2017-12-06 16:28:20 +01:00
Tim Taubert a3256fcae8 Bug 1421616 - Have one WebAuthnManager instance per CredentialsContainer r=jcj
Summary:
We currently have a single WebAuthnManager instance per process that's shared
between all CredentialContainers. That way the nsPIDOMWindowInner parent has
to be tracked by the transaction, as multiple containers could kick off
requests simultaneously.

This patch lets us we have one WebAuthnManager instance per each
CredentialsContainer and thus each nsPIDOMWindowInner. This matches the current
U2F implementation where there is one instance per parent window too.

This somewhat simplifies the communication diagram (at least in my head), as
each U2F/WebAuthnManager instance also has their own TransactionChild/Parent
pair for IPC protocol communication. The manager and child/parent pair are
destroyed when the window is.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1421616

Differential Revision: https://phabricator.services.mozilla.com/D305
2017-12-05 19:05:06 +01:00
Tim Taubert 587ed9ddc7 Backed out changeset bb739695f566 (bug 1421616) 2017-12-05 19:24:22 +01:00
Tim Taubert a0935f0ff1 Bug 1421616 - Have one WebAuthnManager instance per CredentialsContainer r=jcj
Summary:
We currently have a single WebAuthnManager instance per process that's shared
between all CredentialContainers. That way the nsPIDOMWindowInner parent has
to be tracked by the transaction, as multiple containers could kick off
requests simultaneously.

This patch lets us we have one WebAuthnManager instance per each
CredentialsContainer and thus each nsPIDOMWindowInner. This matches the current
U2F implementation where there is one instance per parent window too.

This somewhat simplifies the communication diagram (at least in my head), as
each U2F/WebAuthnManager instance also has their own TransactionChild/Parent
pair for IPC protocol communication. The manager and child/parent pair are
destroyed when the window is.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1421616

Differential Revision: https://phabricator.services.mozilla.com/D305
2017-12-05 19:05:06 +01:00
Tim Taubert c5eda6e272 Bug 1406462 - Web Authentication - Add support for authenticator selection criteria and attachment types r=jcj,smaug
Reviewers: jcj, smaug

Reviewed By: jcj, smaug

Bug #: 1406462

Differential Revision: https://phabricator.services.mozilla.com/D278
2017-11-29 13:58:33 +01:00
Tim Taubert ded0cee6bf Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj
Reviewers: jcj

Reviewed By: jcj

Bug #: 1410346

Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 10:21:07 +01:00
Tim Taubert de00fd9f1f Backed out changeset 0750af27bcee (bug 1410346) 2017-11-28 10:37:45 +01:00
Tim Taubert 1712f2c336 Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj
Reviewers: jcj

Reviewed By: jcj

Bug #: 1410346

Differential Revision: https://phabricator.services.mozilla.com/D288

--HG--
extra : amend_source : 5d078e8d9dc1bd6da11f2d84e349b6d77638ed6b
2017-11-28 10:21:07 +01:00
Tim Taubert 38fb49445f Bug 1420906 - Add override/cancellation/tab switch tests for U2F API r=jcj
Reviewers: jcj

Reviewed By: jcj

Bug #: 1420906

Differential Revision: https://phabricator.services.mozilla.com/D290
2017-11-28 10:08:49 +01:00
Tim Taubert 1d2e8ed150 Bug 1412408 - Fix content process leak of U2FTransactionChild instances r=jcj
Summary:
This patch fixes the reported leak of U2FTransactionChild instances in the
content process by introducing a WebAuthnTransactionChildBase class that both
WebAuthnTransactionChild and U2FTransactionChild inherit from.

This base class is responsible for proper refcounting. In
BackgroundChildImpl::DeallocPWebAuthnTransactionChild() we currently always
cast to WebAuthnTransactionChild, that will work only for the WebAuthn API. We
can now cast to WebAuthnTransactionChildBase to make this work for U2F as well.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1412408

Differential Revision: https://phabricator.services.mozilla.com/D179
2017-11-02 12:18:19 +01:00
Bevis Tseng b7bcbf0162 Bug 1413125 - Support reentry synchronously from U2F callbacks. r=jcj
Call MozPromiseRequestHolder::Complete() and reset callbacks eariler to
support reentry of U2F::Register()/Sign() from calling ExecuteCallback().
2017-10-31 18:22:00 +08:00
Andrew McCreight 298aa82710 Bug 1412125, part 2 - Fix dom/ mode lines. r=qdot
This was automatically generated by the script modeline.py.

MozReview-Commit-ID: BgulzkGteAL

--HG--
extra : rebase_source : a4b9d16a4c06c4e85d7d85f485221b1e4ebdfede
2017-10-26 15:08:41 -07:00
Tim Taubert c29f1dbeb7 Bug 1403818 - Fix WebAuthn IPC crashes by keeping the child actor alive until process shutdown r=jcj
Summary:
We currently call ChildActor.send__delete() when clearing an active transaction
and thereby destroy the child actor. If that happens, e.g. due to a tab switch,
while a message is in the IPC buffer waiting to be delivered, we crash.

This patch creates the child actor lazily as before, but keeps it around until
the WebAuthnManager goes away, which will be at process shutdown.

Each transaction now has a unique id, that the parent process will include in
any of the ConfirmRegister, ConfirmSign, or Abort messages. That way we can
easily ignore stale messages that were in the buffer while we started a new
transaction or cancelled the current one.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1403818

Differential Revision: https://phabricator.services.mozilla.com/D149
2017-10-25 15:59:53 +02:00
Andrea Marchesini cd379739f9 Bug 1411257 - No MOZ_CRASH if BackgroundChild::GetOrCreateForCurrentThread() fails - part 5 - U2F manager, r=asuth 2017-10-25 08:45:53 +02:00
Andrea Marchesini c9b008f29e Bug 1408333 Get rid of nsIIPCBackgroundChildCreateCallback - part 8 - U2F, r=asuth 2017-10-24 12:02:40 +02:00
Tim Taubert ce066246b7 Bug 1410428 - Handle stales messages in {WebAuthn,U2F}Manager r=jcj
Summary:
With both managers storing transaction infos in `Maybe<Info> mTransaction` now,
it occurred to me that we can't actually assert that
`mTransaction.isSome() == true` when we receive a message.

At least with the U2F API the request could be cancelled (and mTransaction
cleared) while there's a pending completion message. For WebAuthn it probably
doesn't hurt to handle this properly either.

(As a bonus, I snuck in the removal of an unused enum.)

Reviewers: jcj

Reviewed By: jcj

Bug #: 1410428

Differential Revision: https://phabricator.services.mozilla.com/D145
2017-10-21 11:34:44 +02:00
Tim Taubert 9ac166b3da Bug 1410345 - Rework U2FManager state machine r=jcj
Summary:
This patch aims to clean up the U2FManager's state machine, especially to make
cancellation of transactions clearer. To fix bug 1403818, we'll have to later
introduce a unique id that is forwarded to the U2FTokenManager.

There are multiple stages of cancellation/cleanup after a transaction was
started. All of the places where we previously called Cancel() or
MaybeClearTransaction() are listed below:

[stage 1] ClearTransaction

This is the most basic stage, we only clean up what information we have about
the current transaction. This means that the request was completed successfully.
It is used at the end of FinishRegister() and FinishSign().

[stage 2] RejectTransaction

The second stage will reject the transaction promise we returned to the caller.
Then it will call ClearTransaction, i.e. stage 1. It is used when one of the
two Finish*() functions aborts before completion, or when the parent process
sends a RequestAborted message.

[stage 2b] MaybeRejectTransaction

This is the same as stage 2, but will only run if there's an active transaction.
It is used by ~U2FManager() to reject and clean up when we the manager goes
away.

[stage 3] CancelTransaction

The third stage sends a "Cancel" message to the parent process before rejecting
the transaction promise (stage 2) and cleaning up (stage 1). It's used by
HandleEvent(), i.e. the document becomes inactive.

[stage 3b] MaybeCancelTransaction

This is the same as stage 3, but will only run if there's an active transaction.
It is used at the top of Register() and Sign() so that any active transaction
is cancelled before we handle a new request. It's also used by U2F::Cancel()
as long as bug 1410346 isn't fixed.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1410345

Differential Revision: https://phabricator.services.mozilla.com/D144
2017-10-21 11:34:38 +02:00
Tim Taubert 23f8be23e6 Bug 1409357 - Remove {WebAuthn,U2F}Manager::Start{Register,Sign,Cancel} methods r=jcj
Summary:
We can simplify and reduce the {WebAuthn,U2F}Manager code by removing these
methods and sending messages directly from closures.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1409357

Differential Revision: https://phabricator.services.mozilla.com/D131
2017-10-17 17:11:12 +02:00
Tim Taubert 382ba57162 Bug 1409135 - Cleanup and rearrange {WebAuthn,U2F}Manager.h r=jcj
Summary:
Both files declare a few methods as public that we can make private. Let's
seize the chance to rearrange declarations such that they reflect the message
model better.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1409135

Differential Revision: https://phabricator.services.mozilla.com/D128

--HG--
extra : amend_source : 8f7a9d92ec81253847c44d92c71ea00cc8753bd1
2017-10-17 11:31:30 +02:00
Tim Taubert f7e1c16e21 Bug 1409116 - Rename {WebAuthn,U2F}TransactionParent::Cancel message to Abort r=jcj
Summary:
We currently allow sending a "Cancel" message from the child to abort a running
transaction, e.g. when the user switches away from the currently active tab.

We have a message with the same name "Cancel" sent by the parent when the
transaction is aborted due to failure somewhere in the token manager.

This patch renames abort messages from the parent to "Abort" to clarify the
purpose of the message.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1409116

Differential Revision: https://phabricator.services.mozilla.com/D127

--HG--
extra : amend_source : ee6767965ad928033eb23b258aacf54bbaf57d2d
2017-10-17 11:30:55 +02:00
Tim Taubert 3e13f9c368 Bug 1407179 - Use AssertIsOnBackgroundThread() in U2F and WebAuthn BackgroundParentImpls r=jcj
Summary: It seems like a good idea to call AssertIsOnBackgroundThread() in the WebAuthnTransactionParent and U2FTransactionParent methods. They should never be called on any other thread. (Other BPImpls are doing the same.)

Reviewers: jcj

Reviewed By: jcj

Bug #: 1407179

Differential Revision: https://phabricator.services.mozilla.com/D105
2017-10-10 18:31:30 +02:00
Tim Taubert cb4f5e98e1 Bug 1402156 - Cancel any pending requests when u2f.{register,sign} is called r=jcj
Bug #: 1402156

Differential Revision: https://phabricator.services.mozilla.com/D101
2017-10-06 14:45:27 +02:00
J.C. Jones 9fc9b8dcb4 Bug 1244959 - Use IsRegistrableDomainSuffixOfOrEqualTo for U2F Facets r=ttaubert
In Comment 8 of Bug 1244959 [1], Brad Hill argues that instead of leaving our
U2F Facet support completely half-way, that we could use the Public Suffix logic
introduced into HTML for W3C Web Authentication (the method named
IsRegistrableDomainSuffixOfOrEqualTo) to scope the FIDO AppID to an eTLD+1
hierarchy. This is a deviation from the FIDO specification, but doesn't break
anything that currently works with our U2F implementation, and theoretically
enables sites that otherwise need an external FacetID fetch which we aren't
implementing.

The downside to this is that it's then Firefox-specific behavior. But since this
isn't a shipped feature, we have more room to experiment. As an additional
bonus, it encourages U2F sites to use the upcoming Web Authentication security
model, which will help them prepare to adopt the newer standard.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1244959#c8

MozReview-Commit-ID: DzNVhHT9qRL

--HG--
extra : rebase_source : 262e2ddbec325e0391d346473f27ae2738490da1
2017-09-28 16:45:28 -07:00
J.C. Jones 4cf1111f75 Bug 1399334 - Workaround buggy pki.js cert verifier implementation r=keeler
There's an intermittent on the call attestationCert.verify() to test the self-
signed cert from our not-shipped software U2F implementation. Collection of the
intermittents shows these certs are fine, and should verify correctly, but they
don't. The bug must be in pki.js, which is out-of-scope as we only use it for
mochitests.

This patch removes the offending call to xxxx.verify(), because it doesn't
really matter whether the self-signed-cert looks OK to pki.js; we just need
the public key from inside it to proceed with the rest of the tests.

As an example of a so-called "invalid" self-signed cert that failed, we have:

https://treeherder.mozilla.org/logviewer.html#?repo=mozilla-central&job_id=134282931&lineNumber=2673

-----BEGIN CERTIFICATE-----
MIIBMTCB2aADAgECAgUA55x6LTAKBggqhkjOPQQDAjAhMR8wHQYDVQQDExZGaXJl
Zm94IFUyRiBTb2Z0IFRva2VuMB4XDTE3MDkzMDE5MjIzMloXDTE3MTAwMjE5MjIz
MlowITEfMB0GA1UEAxMWRmlyZWZveCBVMkYgU29mdCBUb2tlbjBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABIWu4L8ky7s8I7qVv+JwMRHpippH4b6h7rN0jlKpFbHK
hnEwaCPLrTx04Eh9xT4GK9JWuuP759hnAxsWD5wk0H0wCgYIKoZIzj0EAwIDRwAw
RAIgRIeRcn6LkwU8VOmX+mdQ3jUQrUOp5f2xH/qBECGi5EcCIADBjsm/EDKkAwLZ
pGdX7+N+kgf9No4uuLV4dsNVJ1pa
-----END CERTIFICATE-----

There's nothing wrong with this cert, actually. Checking it with OpenSSL shows
all OK:

openssl verify -purpose any -CAfile /tmp/cert2.pem /tmp/cert2.pem
/tmp/cert2.pem: OK

So this intermittent is a bug outside of our U2F and U2F test soft token code.

MozReview-Commit-ID: K142toVWtcv

--HG--
extra : rebase_source : 3c31a407e27cd5c6e7a1a4f1287f17f56f80daaa
2017-10-02 11:06:31 -07:00
J.C. Jones a11562f2ea Bug 1403279 - Set U2F version field on RegisterResponse r=keeler
The U2F specification defines the RegisterResponse.Version field as being set to
"U2F_V2" [1] on successful registrations, which we appear to have overlooked.

This sets the field and adds a few checks to the register test.


[1] https://www.fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-javascript-api-v1.1-id-20160915.html#idl-def-RegisterResponse

MozReview-Commit-ID: 9YqhM0x9itd

--HG--
extra : rebase_source : 35cab0dffa5db70476461699a6b4706f910b208a
2017-09-28 16:04:10 -07:00
J.C. Jones 6293af8a7a Bug 1399334 - Add more debugging to see why certificates aren't valid. r=ttaubert
There's an intermittent that is showing up now that test_register_sign.html
checks state.attestationCert.verify(); to ensure hte SoftToken's certificate
is valid. This patch prints the offending certificate when it's encountered,
to help diagnose the root cause.

MozReview-Commit-ID: 4QSobq9fBGK
2017-09-18 21:43:40 -07:00
Tim Taubert 14bd1247ca Bug 1401019 - Cancel the current U2F API request before starting a new one r=jcj
I wasn't sure what the right behavior for the U2F API is when `.sign()`
or `.register()` is called but there's an ongoing request that wasn't fulfilled
yet.

I think it makes sense to deny the request (as we currently do) when a request
of the same type is currently active. When however sign() -> register() or
vice-versa is called then we should cancel the previous request and start
the new one. From what I understand from reading the spec we definitely should
call the callback before starting the new request.

Bug #: 1401019

Differential Revision: https://phabricator.services.mozilla.com/D70
2017-09-19 16:55:38 +02:00
J.C. Jones 2afc1ad18b Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
  which in turn handles constructing and managing the U2FTokenManager
  via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
  WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
  - Used async tasks, used the manifest parameters for scheme, and generally
    made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
  yet, causing breakage on Android. Rework the tests to go back to the old way
  of using iframes to test U2F.


NOTE TO REVIEWERS:
 Since this is huge, I recommend the following:

 keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
          of the U2F logic is still in U2F.cpp like before, but there's been
          some reworking of how it is called.

 ttaubert - please review U2FManager, the Transaction classes, build changes,
            and the changes to nsGlobalWindow. All of these should be very
            similar to the WebAuthn code it's patterned off.


MozReview-Commit-ID: C1ZN2ch66Rm

--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 12:56:59 -07:00
Phil Ringnalda 2dba33e427 Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage
Backed out changeset 8ee1f7aebd62 (bug 1245527)
Backed out changeset e6a5de8d1246 (bug 1245527)
Backed out changeset be63e73426b4 (bug 1245527)

MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 00:09:21 -07:00