mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
gecko-dev/dom/webauthn
История
J.C. Jones 95d83ac876 Bug 1387820 - WebAuthn WD-05 Get Assertion Data Fix r=keeler 
The WebAuthn WD-05 specification's Get Assertion method defines the returned
AuthenticatorAssertionResponse as providing ClientData, AuthenticatorData, and
the Signature from the Authenticator. Our implementation is incorrectly setting
AuthenticatorData and Signature:

AuthenticatorData as a structure is intended to mirror the structure from
the AuthenticatorData [1] section of the Attestation CBOR Object [2] in the
MakeCredential method, which we weren't doing _at all_. This is clarified in
the editor's draft of the specification, soon to be WD-06.

Signature for U2F Authenticators is defined as the "attestation signature", [3]
which is under-specified and we assumed would be the raw output from the U2F
Authenticator [4]. This should instead be the raw ANSI X9.62 signature with no
additional bytes. [5]

[1] https://www.w3.org/TR/2017/WD-webauthn-20170505/#sec-authenticator-data
[2] https://www.w3.org/TR/2017/WD-webauthn-20170505/#sec-attestation-data
[3] https://www.w3.org/TR/2017/WD-webauthn-20170505/#fido-u2f-attestation
[4] https://lists.w3.org/Archives/Public/public-webauthn/2017Aug/0078.html
[5] https://bugzilla.mozilla.org/show_bug.cgi?id=1387820#c4

MozReview-Commit-ID: DTIOILfS4pK

--HG--
extra : rebase_source : 996c10b2f0359b34f45cf370bb8483c2dc9d3b6e
 		2017-08-09 20:05:23 -07:00
..
cbor-cpp Bug 1380529 - Add a CBOR library for WebAuthn (1/3) r=ttaubert 2017-07-13 18:12:57 -07:00
tests Bug 1387820 - WebAuthn WD-05 Get Assertion Data Fix r=keeler 2017-08-09 20:05:23 -07:00
AuthenticatorAssertionResponse.cpp bug 1332681 - part 2/4 - authentication.getAssertion: return a PublicKeyCredential instead of a WebAuthnAssertion r=jcj,qdot 2017-05-22 13:03:58 -07:00
AuthenticatorAssertionResponse.h bug 1332681 - part 2/4 - authentication.getAssertion: return a PublicKeyCredential instead of a WebAuthnAssertion r=jcj,qdot 2017-05-22 13:03:58 -07:00
AuthenticatorAttestationResponse.cpp bug 1332681 - part 1/4 - authentication.makeCredential: return a PublicKeyCredential instead of a ScopedCredentialInfo r=jcj,qdot 2017-05-16 17:07:01 -07:00
AuthenticatorAttestationResponse.h bug 1332681 - part 1/4 - authentication.makeCredential: return a PublicKeyCredential instead of a ScopedCredentialInfo r=jcj,qdot 2017-05-16 17:07:01 -07:00
AuthenticatorResponse.cpp bug 1332681 - part 1/4 - authentication.makeCredential: return a PublicKeyCredential instead of a ScopedCredentialInfo r=jcj,qdot 2017-05-16 17:07:01 -07:00
AuthenticatorResponse.h bug 1332681 - part 1/4 - authentication.makeCredential: return a PublicKeyCredential instead of a ScopedCredentialInfo r=jcj,qdot 2017-05-16 17:07:01 -07:00
NSSU2FTokenRemote.cpp Bug 1260318 - Scope U2F Soft Tokens to a single AppID r=qdot,rbarnes 2017-02-01 15:21:04 -07:00
NSSU2FTokenRemote.h
PWebAuthnTransaction.ipdl Bug 1378762 - Remove 'aSignature' argument from U2FTokenTransport::Register() r=qDot,jcj 2017-07-06 14:44:56 +02:00
PublicKeyCredential.cpp bug 1332681 - part 1/4 - authentication.makeCredential: return a PublicKeyCredential instead of a ScopedCredentialInfo r=jcj,qdot 2017-05-16 17:07:01 -07:00
PublicKeyCredential.h bug 1332681 - part 1/4 - authentication.makeCredential: return a PublicKeyCredential instead of a ScopedCredentialInfo r=jcj,qdot 2017-05-16 17:07:01 -07:00
U2FHIDTokenManager.cpp Bug 1380954 - Forward WebAuthnTransactionInfo::TimeoutMS() to U2F*TokenManagers r=jcj 2017-07-14 19:27:53 +02:00
U2FHIDTokenManager.h Bug 1380954 - Forward WebAuthnTransactionInfo::TimeoutMS() to U2F*TokenManagers r=jcj 2017-07-14 19:27:53 +02:00
U2FSoftTokenManager.cpp Bug 1380954 - Forward WebAuthnTransactionInfo::TimeoutMS() to U2F*TokenManagers r=jcj 2017-07-14 19:27:53 +02:00
U2FSoftTokenManager.h Bug 1380954 - Forward WebAuthnTransactionInfo::TimeoutMS() to U2F*TokenManagers r=jcj 2017-07-14 19:27:53 +02:00
U2FTokenManager.cpp Bug 1265472 - Add Telemetry to Web Authentication r=francois,keeler datareview=francois 2017-08-09 12:22:48 -07:00
U2FTokenManager.h Bug 1385313 - Use MozPromiseRequestHolders in U2FTokenManager r=jcj 2017-07-28 17:11:03 +02:00
U2FTokenTransport.h Bug 1380954 - Forward WebAuthnTransactionInfo::TimeoutMS() to U2F*TokenManagers r=jcj 2017-07-14 19:27:53 +02:00
WebAuthnCBORUtil.cpp Bug 1380529 - Use CBOR for the Create Credential WebAuthn call (2/3) r=ttaubert 2017-07-13 18:12:50 -07:00
WebAuthnCBORUtil.h Bug 1380529 - Use CBOR for the Create Credential WebAuthn call (2/3) r=ttaubert 2017-07-13 18:12:50 -07:00
WebAuthnManager.cpp Bug 1387820 - WebAuthn WD-05 Get Assertion Data Fix r=keeler 2017-08-09 20:05:23 -07:00
WebAuthnManager.h Bug 1383799 - Cancel WebAuthn operations on tab-switch r=ttaubert 2017-08-04 12:34:18 -07:00
WebAuthnRequest.h
WebAuthnTransactionChild.cpp Bug 1378762 - Remove 'aSignature' argument from U2FTokenTransport::Register() r=qDot,jcj 2017-07-06 14:44:56 +02:00
WebAuthnTransactionChild.h Bug 1378762 - Remove 'aSignature' argument from U2FTokenTransport::Register() r=qDot,jcj 2017-07-06 14:44:56 +02:00
WebAuthnTransactionParent.cpp Bug 1375744 - Add U2FTokenTransport::Cancel() to abort requests on HW devices r=qDot 2017-06-23 21:04:38 +02:00
WebAuthnTransactionParent.h Bug 1323339 - Add U2FTokenManager class and support IPC Parent classes; r=jcj r=baku 2017-05-09 13:21:23 -07:00
WebAuthnUtil.cpp Bug 1387820 - WebAuthn WD-05 Get Assertion Data Fix r=keeler 2017-08-09 20:05:23 -07:00
WebAuthnUtil.h Bug 1387820 - WebAuthn WD-05 Get Assertion Data Fix r=keeler 2017-08-09 20:05:23 -07:00
moz.build Bug 1265472 - Add Telemetry to Web Authentication r=francois,keeler datareview=francois 2017-08-09 12:22:48 -07:00