Граф коммитов

55 Коммитов

Автор SHA1 Сообщение Дата
J.C. Jones 95d83ac876 Bug 1387820 - WebAuthn WD-05 Get Assertion Data Fix r=keeler
The WebAuthn WD-05 specification's Get Assertion method defines the returned
AuthenticatorAssertionResponse as providing ClientData, AuthenticatorData, and
the Signature from the Authenticator. Our implementation is incorrectly setting
AuthenticatorData and Signature:

AuthenticatorData as a structure is intended to mirror the structure from
the AuthenticatorData [1] section of the Attestation CBOR Object [2] in the
MakeCredential method, which we weren't doing _at all_. This is clarified in
the editor's draft of the specification, soon to be WD-06.

Signature for U2F Authenticators is defined as the "attestation signature", [3]
which is under-specified and we assumed would be the raw output from the U2F
Authenticator [4]. This should instead be the raw ANSI X9.62 signature with no
additional bytes. [5]

[1] https://www.w3.org/TR/2017/WD-webauthn-20170505/#sec-authenticator-data
[2] https://www.w3.org/TR/2017/WD-webauthn-20170505/#sec-attestation-data
[3] https://www.w3.org/TR/2017/WD-webauthn-20170505/#fido-u2f-attestation
[4] https://lists.w3.org/Archives/Public/public-webauthn/2017Aug/0078.html
[5] https://bugzilla.mozilla.org/show_bug.cgi?id=1387820#c4

MozReview-Commit-ID: DTIOILfS4pK

--HG--
extra : rebase_source : 996c10b2f0359b34f45cf370bb8483c2dc9d3b6e
2017-08-09 20:05:23 -07:00
Wes Kocher cff9e9b197 Merge m-c to autoland, a=merge
MozReview-Commit-ID: 2YvHbITn9w3
2017-08-10 18:25:34 -07:00
Tim Taubert 72cca79ea8 Bug 1388853 - Fix timeouts in WebAuthnManager::MakeCredential() r=jcj 2017-08-09 21:26:49 +02:00
J.C. Jones b491193ac3 Bug 1383799 - Cancel WebAuthn operations on tab-switch r=ttaubert
WebAuthn operations that are in-flight with authenticators must be cancelled
when switching tabs.

There's an Issue [1] opened with the WebAuthn spec for this already, but the
language is _not_ in spec. Still, it's necessary for security, spec or not.

This also matches how Chromium handles U2F operations during a tab switch.

[1] https://github.com/w3c/webauthn/issues/316

MozReview-Commit-ID: 6Qh9oC4pqys

--HG--
extra : rebase_source : ad1665b8140f74b1291f17994285e6146c4ec468
2017-08-04 12:34:18 -07:00
J.C. Jones 28cc1969ee Bug 1265472 - Add Telemetry to Web Authentication r=francois,keeler datareview=francois
This patch intends to obtain a 1) rough sense of the percentage of telemetry
population using Web Authentication over time, and 2) whether or not the
Authentication request was successful or errored out as a scalar. It also tracks
3) how long it takes for requests to complete as a histogram.

It counts Register (enrollment) and Sign (login) separately as we would
anticipate there being far, far more Sign uses than Register.

MozReview-Commit-ID: 8DFyKAG8XJw

--HG--
extra : rebase_source : 0c168b32b995ffffda804538d2b92009d4dc38c5
2017-08-09 12:22:48 -07:00
Tim Taubert 9dfa878543 Bug 1385313 - Use MozPromiseRequestHolders in U2FTokenManager r=jcj 2017-07-28 17:11:03 +02:00
Tim Taubert 0aee684c17 Bug 1385274 - Don't try to resolve WebAuthnManager::mPBackgroundCreationPromise twice r=jcj 2017-07-28 15:53:42 +02:00
J.C. Jones b24d631e4c Bug 1385008: WebAuthn CollectedClientData.Origin must be RP ID r=keeler
The WebAuthn WD-05 version of the specification defines the Origin field [1]
of the CollectedClientData as being set to the RP ID [2][3].

Note there is some ambiguity in the specification, as [1] says
CollectedClientData.Origin is the document's origin, while the
algorithms [2] and [3] set it to RP ID.

I'm going to stick with the algorithm's definition for this patch; it's
simple to revert when we move to WD-06 (Bug 1384776).

[1] https://www.w3.org/TR/webauthn/#dom-collectedclientdata-origin
[2] https://www.w3.org/TR/webauthn/#createCredential
[3] https://www.w3.org/TR/webauthn/#getAssertion

MozReview-Commit-ID: LW918sIg5wH

--HG--
extra : rebase_source : 799f5fa8878614c45d0def07d01d6c1c0c6e9824
2017-07-27 10:27:53 -07:00
Carsten "Tomcat" Book cad2e55095 Backed out changeset 674770e65a4f (bug 1265472) for memory leaks in browser_webauthn_telemetry.js 2017-07-26 07:56:38 +02:00
J.C. Jones 1b29ab6da2 Bug 1265472 - Add Telemetry to Web Authentication r=francois,keeler datareview=francois
This patch intends to obtain a 1) rough sense of the percentage of telemetry
population using Web Authentication over time, and 2) whether or not the
Authentication request was successful or errored out as a scalar. It also tracks
3) how long it takes for requests to complete as a histogram.

It counts Register (enrollment) and Sign (login) separately as we would
anticipate there being far, far more Sign uses than Register.

MozReview-Commit-ID: 8DFyKAG8XJw

--HG--
extra : rebase_source : c93eeac7a978a1d1c4b08ff1e18e2548b1045ced
2017-07-21 15:23:09 -07:00
J.C. Jones 860e263cc7 Bug 1384307 - Set WebAuthn PublicKeyCredential's "id" and "type" fields r=keeler
The Web Authentication PublicKeyCredential object has two fields currently
unpopulated which, to be spec-compliant, must be set. These fields duplicate
available data.

  [PublicKeyCredential.id] must be set to the base64url encoding with omitted
  padding of whatever data is in "rawId".

  [PublicKeyCredential.type] must be the literal "public-key".

MozReview-Commit-ID: L6wPYpZdD8A

--HG--
extra : rebase_source : 3ca83598b70f99f4d60f303d113e875046268669
2017-07-25 15:03:59 -07:00
J.C. Jones 7a3ee03404 Bug 1380529 - Only permit "ES256" as pubkey type for WebAuthn (3/3) r=ttaubert
Web Authentication uses JWK algorithm names (ES256) instead of WebCrypto names
(such as P-256). There are other JWK algorithm names, but our current U2F-backed
implementation only can support ES256 anyway, as that's all that FIDO U2F
devices understand. This patch limits us to the name ES256 for the "alg"
parameter.

MozReview-Commit-ID: 3V5DMzVzPad

--HG--
extra : rebase_source : 4fcf797ca0edc49f143333cc24aa51071cf719f5
2017-07-14 09:57:52 -07:00
J.C. Jones 3987ef311b Bug 1380529 - Use CBOR for the Create Credential WebAuthn call (2/3) r=ttaubert
The WebAuthn Create Credential method should encode its results using CBOR;
this patch changes to that format.

The CBOR formats for the U2F data are specified in [1][2]

The attestation data format is in [3]

The high-level layout is in [4]

[1] https://w3c.github.io/webauthn/#generating-an-attestation-object
[2] https://w3c.github.io/webauthn/#fido-u2f-attestation
[3] https://w3c.github.io/webauthn/#sec-attestation-data
[4] https://w3c.github.io/webauthn/#sctn-attestation

MozReview-Commit-ID: BYoFCJSxlLt

--HG--
extra : rebase_source : 190cb5f128659c7a947645abbc172c8aa39e4d40
2017-07-13 18:12:50 -07:00
J.C. Jones 91d5522630 Bug 1380529 - Add a CBOR library for WebAuthn (1/3) r=ttaubert
Web Authentication's WD-05 specification moves to using (CBOR) Concise Binary
Object Representation to transmit the binary data... most of it. This lands a
subset of the Apache 2-licensed "CBOR C++" serialization library [1] into
webauthn's path.

It does not add any code to use this library; see patch 2/3.

[1] https://github.com/naphaso/cbor-cpp/

MozReview-Commit-ID: Ktj9TgdqElk

--HG--
extra : rebase_source : e36c956ef62be3ea1a3b6cbc8e3d6df2626c15b1
2017-07-13 18:12:57 -07:00
Wes Kocher ee45f814bb Merge m-c to autoland, a=merge
MozReview-Commit-ID: GOb2bgdUd36
2017-07-14 17:27:36 -07:00
Tim Taubert 4d50b6bd73 Bug 1380954 - Forward WebAuthnTransactionInfo::TimeoutMS() to U2F*TokenManagers r=jcj
The U2FSoftTokenManager is a synchronous implementation and thus didn't need a
timeout so far. We need it for the U2FHIDTokenManager though to let user
interaction timeout properly.

Thus, add a timeout argument to the methods required by the U2FTokenTransport
interface and forward that to the token manager implementations.
2017-07-14 19:27:53 +02:00
J.C. Jones de0d023921 Bug 1380421 - Update test to handle origin RP IDs, too (2/2) r=keeler
This adjusts tests to also check origin-based RP IDs, for interop
purposes. When we officially move up to WD-06, we'll want to remove these.


MozReview-Commit-ID: FJRg7vxZIcN

--HG--
extra : rebase_source : 6b89ef1ec5f8f6312bc00740b171540dd2a111cf
2017-07-14 13:49:45 -07:00
J.C. Jones b7eeb68241 Bug 1380421 - Handle URIs for RP IDs (1/2) r=keeler
A recent fixup commit [1] changed "RP ID" fields in WebAuthn to be domain
strings rather than origins, which matches the current editor's draft of
Web Authentication. Unfortunately, this is contrary to the interop WD-05,
which requires they be origins.

We should be tolerant of origins for now, and in the follow-on Bug 1381126
we'll remove this tolerance once we get past initial WD-05 interop.

[1] https://hg.mozilla.org/mozilla-central/rev/e173fd86d931

MozReview-Commit-ID: Cz2KaHvOIHz

--HG--
extra : rebase_source : eafac0cbab324c566a7ae64004f85258ca3ba805
2017-07-14 13:44:00 -07:00
Tim Taubert aac46d1b3e Bug 1379580 - U2FTokenTransport promises should resolve to U2F data buffers r=qDot 2017-07-11 11:09:08 +02:00
J.C. Jones 8440e22c50 Bug 1329764 - Call IsRegistrableDomainSuffixOfOrEqualTo for WebAuthn r=keeler
nsHTMLDocument included IsRegistrableDomainSuffixOfOrEqualTo() to facilitate
some use cases in Web Authentication, and this patch adds support to our
implementation. The general idea is to permit relaxing some of the same-origin
policy for single-sign-on type approaches, while restricting other uses. [1]

[1] https://w3c.github.io/webauthn/#rp-id

MozReview-Commit-ID: BP74OYvcwBJ

--HG--
extra : rebase_source : 94b62f9063de129dc30c4457578b50088a3c92e0
2017-07-07 13:32:31 -07:00
J.C. Jones ce493e08c1 Bug 1329764 - WebAuthn's RP IDs must be domain strings r=keeler
The spec for WebAuthn defines "RP ID" as a "valid domain string" [1], whereas we
were using an origin string (with the scheme and whatnot). This patch corrects
the default rpId strings (when not overriden) to be domain strings.

[1] https://w3c.github.io/webauthn/#rp-id

MozReview-Commit-ID: 2p1cEQDa2FV

--HG--
extra : rebase_source : 8be13b8e88abb409e15c1bf9142f18d786699504
2017-07-07 13:30:57 -07:00
Tim Taubert daf6324bec Bug 1378762 - Remove 'aSignature' argument from U2FTokenTransport::Register() r=qDot,jcj 2017-07-06 14:44:56 +02:00
Tim Taubert c3833cf06b Bug 1375847 - Add skeleton U2FHIDTokenManager r=qDot
This patch adds a skeleton U2FHIDTokenManager that returns
NS_ERROR_NOT_IMPLEMENTED for ::Register() and ::Sign().

This will help test calling into the Rust library and make it easier to
implement the full USB HID transport.
2017-06-23 15:48:50 +02:00
Tim Taubert fa3483fd1d Bug 1375828 - U2FTokenTransport::Register() and ::Sign() should return promises r=qDot 2017-06-23 12:36:32 +02:00
Bill McCloskey f115503a0b Bug 1372405 - Provide names for all runnables in the tree (r=froydnj)
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-26 14:19:58 -07:00
Tim Taubert 907f818103 Bug 1375744 - Add U2FTokenTransport::Cancel() to abort requests on HW devices r=qDot
This patch adds a Cancel() method to the U2FTokenTransport interface so that
we can forward request cancellations to the actual token manager implementation.
The current softtoken doesn't need that as it processes API calls synchronously,
USB HID tokens however need a cancellation mechanism.

The SendRequestCancel() call has been removed from WebAuthnManager::Cancel() as
we're currently only calling this method either when the chrome process
cancels the request (and then we don't need to send it back again) or the
content process fails to process the data after a request was fulfilled and
thus there's nothing to cancel. We will touch this again later when the UI
cancels requests on tab switch and similar user actions.
2017-06-23 21:04:38 +02:00
Tim Taubert 237ab99f6b Bug 1375512 - Don't require a U2F*TokenManager to expose IsRegistered() r=qDot 2017-06-23 04:50:31 +02:00
Tim Taubert d22430064c Bug 1375450 - Remove unused U2FTokenManager::PrefPromise r=qDot 2017-06-23 04:49:44 +02:00
Carsten "Tomcat" Book 8a1350b5a6 Backed out changeset 4f6302a98ae4 (bug 1372405)
--HG--
extra : rebase_source : 41632f3158e88e692809731394a683d065a73dfb
2017-06-21 13:59:26 +02:00
Bill McCloskey 6b3e84ed5f Bug 1372405 - Provide names for all runnables in the tree (r=froydnj)
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-20 21:44:11 -07:00
Carsten "Tomcat" Book ea1b86680c Backed out changeset 9846de3bd954 (bug 1372405)
--HG--
extra : rebase_source : 5d4a48e8ec394c329994689d938d2a6e9b2752b0
2017-06-20 08:27:02 +02:00
Bill McCloskey 4592152411 Bug 1372405 - Provide names for all runnables in the tree (r=froydnj)
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-19 22:25:47 -07:00
Bill McCloskey 0767e31489 Bug 1372736 - Avoid using AbstractThread for non-media MozPromises (r=bkelly)
MozReview-Commit-ID: BBi0pK4DXxf
2017-06-15 20:16:25 -07:00
Bill McCloskey c85ab6308c Bug 1366072 - Change promises to take nsISerialEventTarget instead of AbstractThread (r=jwwang)
MozReview-Commit-ID: 4azUhSB6whu
2017-06-13 14:51:01 -07:00
David Keeler 838ea1425f bug 1332681 - part 4/4 - convert authentication.getAssertion to credentials.get r=jcj,qdot
MozReview-Commit-ID: 13EqlQVQApx

--HG--
extra : rebase_source : 5790d61619e4d4a0d4039b9379bcf06169bd762f
2017-05-23 14:55:10 -07:00
David Keeler abac00aea3 bug 1332681 - part 3/4 - convert authentication.makeCredential to credentials.create r=jcj,qdot
MozReview-Commit-ID: 1xfsQqGCEcl

--HG--
rename : dom/webauthn/WebAuthentication.cpp => dom/credentialmanagement/CredentialsContainer.cpp
rename : dom/webauthn/WebAuthentication.h => dom/credentialmanagement/CredentialsContainer.h
extra : rebase_source : d92546a7f6a3780c6ec8790dfabb23a9ea29efbe
2017-05-22 17:09:49 -07:00
David Keeler 0ecb59e4a9 bug 1332681 - part 2/4 - authentication.getAssertion: return a PublicKeyCredential instead of a WebAuthnAssertion r=jcj,qdot
MozReview-Commit-ID: 72p9lvhQISe

--HG--
rename : dom/webauthn/WebAuthnAssertion.cpp => dom/webauthn/AuthenticatorAssertionResponse.cpp
rename : dom/webauthn/WebAuthnAssertion.h => dom/webauthn/AuthenticatorAssertionResponse.h
extra : rebase_source : f5e77b0a71556764b58ba7822a5716bee5c47d99
2017-05-22 13:03:58 -07:00
David Keeler 07f967118b bug 1332681 - part 1/4 - authentication.makeCredential: return a PublicKeyCredential instead of a ScopedCredentialInfo r=jcj,qdot
(This is part of updating WebAuthn to Working Draft 5.)

MozReview-Commit-ID: 7o5yvtijo1P

--HG--
rename : dom/webauthn/WebAuthnAttestation.cpp => dom/webauthn/AuthenticatorResponse.cpp
rename : dom/webauthn/WebAuthnAttestation.h => dom/webauthn/AuthenticatorResponse.h
rename : dom/webauthn/ScopedCredentialInfo.cpp => dom/webauthn/PublicKeyCredential.cpp
rename : dom/webauthn/ScopedCredentialInfo.h => dom/webauthn/PublicKeyCredential.h
extra : rebase_source : 89633847ed85c75f1f277d040f6a6c86b73687a3
2017-05-16 17:07:01 -07:00
Axel Nennker 9738486c01 Bug 1364991 - Make U2FTokenManager use const where possible r=qdot
The U2F Soft Token, due to its usage of NSS, has to have const values be
marked non-const - but no such limitation should exist for other implementations
of U2F, so this patch moves the const_cast-ing from the U2FTokenManager-level
down to the U2FSoftTokenManager, where it is actually necessary.

Credit to Axel Nennker for this patch.

MozReview-Commit-ID: Kw6zfTDI3GL

--HG--
extra : rebase_source : 90e31e2da9e021043509653a476ddaae03078e55
2017-05-22 16:40:29 -07:00
Kyle Machulis a3738835c9 Bug 1323339 - Modify WebAuthn mochitests to work with IPC API; r=jcj r=baku
Change tests to run serially with async API, since order is no longer
enforced by the IPC protocol being synchronous.

MozReview-Commit-ID: 9BtnsVhDvPS
2017-05-09 13:21:24 -07:00
Kyle Machulis 00a81563a5 Bug 1323339 - Add U2FSoftToken Manager; r=baku r=jcj
Takes functionality from NSSU2FToken/NSSU2FTokenRemote classes, and
moves it into a U2FSoftToken class. Leaves
NSSU2FToken/NSSU2FTokenRemote classes intact so as not to break U2F
API code (to be ported to async IPC in bug 1354330).

MozReview-Commit-ID: El2MCcYUrtE
2017-05-09 13:21:23 -07:00
Kyle Machulis 4f61492d32 Bug 1323339 - Add U2FTokenManager class and support IPC Parent classes; r=jcj r=baku
Takes functionality that was in the WebAuthentication class that now
needs to be handled by the parent process, and moves it to the
U2FTokenManager singleton class. U2FTokenManager is created on the
PBackground thread during the first WebAuthn transaction, and manages
hardware access and transaction management for the lifetime of the
browser session. Patch also adds parent classes for WebAuthn IPC
protocol.

MozReview-Commit-ID: EnhgUTPdlMZ
2017-05-09 13:21:23 -07:00
Kyle Machulis e0c24a5abd Bug 1323339 - Add WebAuthnManager and support IPC Child classes; r=jcj r=baku
Takes functionality once in the WebAuthentication DOM class that needs
to be handled by the content process, and moves it to a
singleton (per-content-process) manager class. This allows the
WebAuthn API to centralize management of transactions and IPC
channels. Patch also creates the child (content-process) classes for
WebAuthn IPC channels.

MozReview-Commit-ID: 6ju2LK8lvNR
2017-05-09 13:21:23 -07:00
Kyle Machulis b0260e8176 Bug 1323339 - Turn WebAuthenication into a simple DOM class that passes to WebAuthnManager; r=jcj r=baku
Before the patch set for bug 1323339, WebAuthentication was managing
almost all content-side functionality for the WebAuthn API. This
would've made it difficult to support IPC, transaction interruption,
etc... This patch strips most of the functionality out of
WebAuthentication. The functionality will be moved to the
WebAuthnManager class in the next patch, for sake of review coherence.

MozReview-Commit-ID: 9Uup8NhLVBj
2017-05-09 13:21:23 -07:00
Kyle Machulis 8ad053f05d Bug 1323339 - Cleanup of WebAuthn DOM classes; r=jcj r=baku
Changes WebAuthn DOM classes to take nsPIDOMInnerWindow* as parent
pointer, instead of WebAuthentication* pointer.

MozReview-Commit-ID: aK3k9Cc7hv
2017-05-09 13:21:23 -07:00
Kyle Machulis 2945d52cd5 Bug 1323339 - IPDL for WebAuthn Protocol and PBackground additions; r=jcj r=baku
MozReview-Commit-ID: 3WzTVZEdjia
2017-05-09 13:21:23 -07:00
J.C. Jones a51561a1c4 Bug 1260318 - Scope U2F Soft Tokens to a single AppID r=qdot,rbarnes
This change includes the FIDO "App ID" as part of the function used to generate
the wrapping key used in the NSS-based U2F soft token, cryptographically binding
the "Key Handle" to the site that Key Handle is intended for.

This is a breaking change with existing registered U2F keys, but since our soft
token is hidden behind a pref, it does not attempt to be backward-compatible.

- Updated for rbarnes' and qdot's reviews comments. Thanks!
- Made more strict in size restrictions, and added a version field
  to help us be this strict.
- Bugfix for an early unprotected buffer use (Thanks again rbarnes!)
- Fix a sneaky memory leak re: CryptoBuffer.ToSECItem

MozReview-Commit-ID: Jf6gNPauT4Y

--HG--
extra : rebase_source : 4ff5898e93e4a0a75576e5e54035a1cb6dd952d7
2017-02-01 15:21:04 -07:00
Iris Hsiao 940ee4003b Backed out changeset 713c0a78c2c1 (bug 1260318) for leak issue 2017-03-08 14:01:56 +08:00
J.C. Jones 8effd5c124 Bug 1260318 - Scope U2F Soft Tokens to a single AppID r=qdot,rbarnes
This change includes the FIDO "App ID" as part of the function used to generate
the wrapping key used in the NSS-based U2F soft token, cryptographically binding
the "Key Handle" to the site that Key Handle is intended for.

This is a breaking change with existing registered U2F keys, but since our soft
token is hidden behind a pref, it does not attempt to be backward-compatible.

- Updated for rbarnes' and qdot's reviews comments. Thanks!
- Made more strict in size restrictions, and added a version field
  to help us be this strict.
- Bugfix for an early unprotected buffer use (Thanks again rbarnes!)

MozReview-Commit-ID: Jf6gNPauT4Y

--HG--
extra : rebase_source : 52d10287d10698292e1480e04f580f6f8b4847cb
2017-02-01 15:21:04 -07:00
Joel Maher c203f27827 Bug 1335099 - add BUG_COMPONENT to many dom/* subdir files. r=overholt
MozReview-Commit-ID: CyIIs98hnUI
2017-02-06 09:45:55 -05:00