gecko-dev/services/fxaccounts/Credentials.jsm

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 * You can obtain one at http://mozilla.org/MPL/2.0/. */

/**
 * This module implements client-side key stretching for use in Firefox
 * Accounts account creation and login.
 *
 * See https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol
 */

"use strict";

var EXPORTED_SYMBOLS = ["Credentials"];

const { Log } = ChromeUtils.import("resource://gre/modules/Log.jsm");
const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
const { CryptoUtils } = ChromeUtils.import(
  "resource://services-crypto/utils.js"
);
const { CommonUtils } = ChromeUtils.import(
  "resource://services-common/utils.js"
);

const PROTOCOL_VERSION = "identity.mozilla.com/picl/v1/";
const PBKDF2_ROUNDS = 1000;
const STRETCHED_PW_LENGTH_BYTES = 32;
const HKDF_SALT = CommonUtils.hexToBytes("00");
const HKDF_LENGTH = 32;

// loglevel preference should be one of: "FATAL", "ERROR", "WARN", "INFO",
// "CONFIG", "DEBUG", "TRACE" or "ALL". We will be logging error messages by
// default.
const PREF_LOG_LEVEL = "identity.fxaccounts.loglevel";
try {
  this.LOG_LEVEL =
    Services.prefs.getPrefType(PREF_LOG_LEVEL) ==
      Ci.nsIPrefBranch.PREF_STRING &&
    Services.prefs.getCharPref(PREF_LOG_LEVEL);
} catch (e) {
  this.LOG_LEVEL = Log.Level.Error;
}

var log = Log.repository.getLogger("Identity.FxAccounts");
log.level = LOG_LEVEL;
log.addAppender(new Log.ConsoleAppender(new Log.BasicFormatter()));

var Credentials = Object.freeze({
  /**
   * Make constants accessible to tests
   */
  constants: {
    PROTOCOL_VERSION,
    PBKDF2_ROUNDS,
    STRETCHED_PW_LENGTH_BYTES,
    HKDF_SALT,
    HKDF_LENGTH,
  },

  /**
   * KW function from https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol
   *
   * keyWord derivation for use as a salt.
   *
   *
   *   @param {String} context  String for use in generating salt
   *
   *   @return {bitArray} the salt
   *
   * Note that PROTOCOL_VERSION does not refer in any way to the version of the
   * Firefox Accounts API.
   */
  keyWord(context) {
    return CommonUtils.stringToBytes(PROTOCOL_VERSION + context);
  },

  /**
   * KWE function from https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol
   *
   * keyWord extended with a name and an email.
   *
   *   @param {String} name The name of the salt
   *   @param {String} email The email of the user.
   *
   *   @return {bitArray} the salt combination with the namespace
   *
   * Note that PROTOCOL_VERSION does not refer in any way to the version of the
   * Firefox Accounts API.
   */
  keyWordExtended(name, email) {
    return CommonUtils.stringToBytes(PROTOCOL_VERSION + name + ":" + email);
  },

  setup(emailInput, passwordInput, options = {}) {
    return new Promise(resolve => {
      log.debug("setup credentials for " + emailInput);

      let hkdfSalt = options.hkdfSalt || HKDF_SALT;
      let hkdfLength = options.hkdfLength || HKDF_LENGTH;
      let stretchedPWLength =
        options.stretchedPassLength || STRETCHED_PW_LENGTH_BYTES;
      let pbkdf2Rounds = options.pbkdf2Rounds || PBKDF2_ROUNDS;

      let result = {};

      let password = CommonUtils.encodeUTF8(passwordInput);
      let salt = this.keyWordExtended("quickStretch", emailInput);

      let runnable = async () => {
        let start = Date.now();
        let quickStretchedPW = await CryptoUtils.pbkdf2Generate(
          password,
          salt,
          pbkdf2Rounds,
          stretchedPWLength
        );

        result.quickStretchedPW = quickStretchedPW;

        result.authPW = await CryptoUtils.hkdfLegacy(
          quickStretchedPW,
          hkdfSalt,
          this.keyWord("authPW"),
          hkdfLength
        );

        result.unwrapBKey = await CryptoUtils.hkdfLegacy(
          quickStretchedPW,
          hkdfSalt,
          this.keyWord("unwrapBkey"),
          hkdfLength
        );

        log.debug("Credentials set up after " + (Date.now() - start) + " ms");
        resolve(result);
      };

      Services.tm.dispatchToMainThread(runnable);
      log.debug("Dispatched thread for credentials setup crypto work");
    });
  },
});
Bug 943521 - Use onepw prototcol in fxa client. r=ckarlof 2014-02-05 06:14:30 +00:00			`/* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this file,`
			`* You can obtain one at http://mozilla.org/MPL/2.0/. */`

			`/**`
			`* This module implements client-side key stretching for use in Firefox`
			`* Accounts account creation and login.`
			`*`
			`* See https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol`
			`*/`

			`"use strict";`

Bug 1440284 - change this.EXPORTED_SYMBOLS back to var EXPORTED_SYMBOLS in JS modules, r=mccr8. 2018-02-23 19:50:01 +00:00			`var EXPORTED_SYMBOLS = ["Credentials"];`
Bug 943521 - Use onepw prototcol in fxa client. r=ckarlof 2014-02-05 06:14:30 +00:00
Bug 1514594: Part 3 - Change ChromeUtils.import API. * Bug 1514594: Part 3a - Change ChromeUtils.import to return an exports object; not pollute global. r=mccr8 This changes the behavior of ChromeUtils.import() to return an exports object, rather than a module global, in all cases except when `null` is passed as a second argument, and changes the default behavior not to pollute the global scope with the module's exports. Thus, the following code written for the old model: ChromeUtils.import("resource://gre/modules/Services.jsm"); is approximately the same as the following, in the new model: var {Services} = ChromeUtils.import("resource://gre/modules/Services.jsm"); Since the two behaviors are mutually incompatible, this patch will land with a scripted rewrite to update all existing callers to use the new model rather than the old. * Bug 1514594: Part 3b - Mass rewrite all JS code to use the new ChromeUtils.import API. rs=Gijs This was done using the followng script: https://bitbucket.org/kmaglione/m-c-rewrites/src/tip/processors/cu-import-exports.jsm * Bug 1514594: Part 3c - Update ESLint plugin for ChromeUtils.import API changes. r=Standard8 Differential Revision: https://phabricator.services.mozilla.com/D16747 * Bug 1514594: Part 3d - Remove/fix hundreds of duplicate imports from sync tests. r=Gijs Differential Revision: https://phabricator.services.mozilla.com/D16748 * Bug 1514594: Part 3e - Remove no-op ChromeUtils.import() calls. r=Gijs Differential Revision: https://phabricator.services.mozilla.com/D16749 * Bug 1514594: Part 3f.1 - Cleanup various test corner cases after mass rewrite. r=Gijs *** Bug 1514594: Part 3f.2 - Cleanup various non-test corner cases after mass rewrite. r=Gijs Differential Revision: https://phabricator.services.mozilla.com/D16750 --HG-- extra : rebase_source : 359574ee3064c90f33bf36c2ebe3159a24cc8895 extra : histedit_source : b93c8f42808b1599f9122d7842d2c0b3e656a594%2C64a3a4e3359dc889e2ab2b49461bab9e27fc10a7 2019-01-17 18:18:31 +00:00			`const { Log } = ChromeUtils.import("resource://gre/modules/Log.jsm");`
			`const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");`
			`const { CryptoUtils } = ChromeUtils.import(`
			`"resource://services-crypto/utils.js"`
			`);`
			`const { CommonUtils } = ChromeUtils.import(`
			`"resource://services-common/utils.js"`
			`);`
Bug 943521 - Use onepw prototcol in fxa client. r=ckarlof 2014-02-05 06:14:30 +00:00
			`const PROTOCOL_VERSION = "identity.mozilla.com/picl/v1/";`
			`const PBKDF2_ROUNDS = 1000;`
			`const STRETCHED_PW_LENGTH_BYTES = 32;`
			`const HKDF_SALT = CommonUtils.hexToBytes("00");`
			`const HKDF_LENGTH = 32;`

			`// loglevel preference should be one of: "FATAL", "ERROR", "WARN", "INFO",`
			`// "CONFIG", "DEBUG", "TRACE" or "ALL". We will be logging error messages by`
			`// default.`
			`const PREF_LOG_LEVEL = "identity.fxaccounts.loglevel";`
			`try {`
			`this.LOG_LEVEL =`
			`Services.prefs.getPrefType(PREF_LOG_LEVEL) ==`
			`Ci.nsIPrefBranch.PREF_STRING &&`
			`Services.prefs.getCharPref(PREF_LOG_LEVEL);`
			`} catch (e) {`
			`this.LOG_LEVEL = Log.Level.Error;`
			`}`

Bug 1202902 - Mass replace toplevel 'let' with 'var' in preparation for global lexical scope. (rs=jorendorff) 2015-09-15 18:19:45 +00:00			`var log = Log.repository.getLogger("Identity.FxAccounts");`
Bug 943521 - Use onepw prototcol in fxa client. r=ckarlof 2014-02-05 06:14:30 +00:00			`log.level = LOG_LEVEL;`
			`log.addAppender(new Log.ConsoleAppender(new Log.BasicFormatter()));`

Bug 1440284 - change this.EXPORTED_SYMBOLS back to var EXPORTED_SYMBOLS in JS modules, r=mccr8. 2018-02-23 19:50:01 +00:00			`var Credentials = Object.freeze({`
Bug 943521 - Use onepw prototcol in fxa client. r=ckarlof 2014-02-05 06:14:30 +00:00			`/**`
			`* Make constants accessible to tests`
			`*/`
			`constants: {`
Bug 1330014 - Add .eslintrc.js file to /services and run eslint --fix to automatically fix most of the errors. --fix brings the error count down from 4083 to 321 errors. r=markh,standard8 MozReview-Commit-ID: EjyAssqiQk8 --HG-- extra : rebase_source : cbfc8d4474b6c3d46eb21374e33fd3341403444f 2017-01-10 17:09:02 +00:00			`PROTOCOL_VERSION,`
			`PBKDF2_ROUNDS,`
			`STRETCHED_PW_LENGTH_BYTES,`
			`HKDF_SALT,`
			`HKDF_LENGTH,`
Bug 943521 - Use onepw prototcol in fxa client. r=ckarlof 2014-02-05 06:14:30 +00:00			`},`

			`/**`
			`* KW function from https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol`
			`*`
			`* keyWord derivation for use as a salt.`
			`*`
			`*`
			`* @param {String} context String for use in generating salt`
			`*`
			`* @return {bitArray} the salt`
			`*`
			`* Note that PROTOCOL_VERSION does not refer in any way to the version of the`
			`* Firefox Accounts API.`
			`*/`
Bug 1330014 - Add .eslintrc.js file to /services and run eslint --fix to automatically fix most of the errors. --fix brings the error count down from 4083 to 321 errors. r=markh,standard8 MozReview-Commit-ID: EjyAssqiQk8 --HG-- extra : rebase_source : cbfc8d4474b6c3d46eb21374e33fd3341403444f 2017-01-10 17:09:02 +00:00			`keyWord(context) {`
Bug 943521 - Use onepw prototcol in fxa client. r=ckarlof 2014-02-05 06:14:30 +00:00			`return CommonUtils.stringToBytes(PROTOCOL_VERSION + context);`
			`},`

			`/**`
			`* KWE function from https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol`
			`*`
			`* keyWord extended with a name and an email.`
			`*`
			`* @param {String} name The name of the salt`
			`* @param {String} email The email of the user.`
			`*`
			`* @return {bitArray} the salt combination with the namespace`
			`*`
			`* Note that PROTOCOL_VERSION does not refer in any way to the version of the`
			`* Firefox Accounts API.`
			`*/`
Bug 1330014 - Add .eslintrc.js file to /services and run eslint --fix to automatically fix most of the errors. --fix brings the error count down from 4083 to 321 errors. r=markh,standard8 MozReview-Commit-ID: EjyAssqiQk8 --HG-- extra : rebase_source : cbfc8d4474b6c3d46eb21374e33fd3341403444f 2017-01-10 17:09:02 +00:00			`keyWordExtended(name, email) {`
Bug 1331661 - Enable the 'quotes' rule for eslint and fix most of the errors with --fix. r=Gijs MozReview-Commit-ID: 6tv0Z06CO4a --HG-- extra : rebase_source : 014c0b04d8538dc5f15bc6dd4ed6bd220c55c5d4 2017-01-17 15:48:17 +00:00			`return CommonUtils.stringToBytes(PROTOCOL_VERSION + name + ":" + email);`
Bug 943521 - Use onepw prototcol in fxa client. r=ckarlof 2014-02-05 06:14:30 +00:00			`},`

Bug 1330014 - Add .eslintrc.js file to /services and run eslint --fix to automatically fix most of the errors. --fix brings the error count down from 4083 to 321 errors. r=markh,standard8 MozReview-Commit-ID: EjyAssqiQk8 --HG-- extra : rebase_source : cbfc8d4474b6c3d46eb21374e33fd3341403444f 2017-01-10 17:09:02 +00:00			`setup(emailInput, passwordInput, options = {}) {`
Bug 1361572 - Remove Task.jsm/Promise.jsm from services/. r=kitcambridge MozReview-Commit-ID: BBIkpIkWIYc --HG-- extra : rebase_source : a0f10b07bad20789e2d1c2c2bca133b32bf671aa 2017-05-02 23:29:33 +00:00			`return new Promise(resolve => {`
			`log.debug("setup credentials for " + emailInput);`
Bug 943521 - Use onepw prototcol in fxa client. r=ckarlof 2014-02-05 06:14:30 +00:00
Bug 1361572 - Remove Task.jsm/Promise.jsm from services/. r=kitcambridge MozReview-Commit-ID: BBIkpIkWIYc --HG-- extra : rebase_source : a0f10b07bad20789e2d1c2c2bca133b32bf671aa 2017-05-02 23:29:33 +00:00			`let hkdfSalt = options.hkdfSalt \|\| HKDF_SALT;`
			`let hkdfLength = options.hkdfLength \|\| HKDF_LENGTH;`
			`let stretchedPWLength =`
			`options.stretchedPassLength \|\| STRETCHED_PW_LENGTH_BYTES;`
			`let pbkdf2Rounds = options.pbkdf2Rounds \|\| PBKDF2_ROUNDS;`
Bug 943521 - Use onepw prototcol in fxa client. r=ckarlof 2014-02-05 06:14:30 +00:00
Bug 1361572 - Remove Task.jsm/Promise.jsm from services/. r=kitcambridge MozReview-Commit-ID: BBIkpIkWIYc --HG-- extra : rebase_source : a0f10b07bad20789e2d1c2c2bca133b32bf671aa 2017-05-02 23:29:33 +00:00			`let result = {};`
Bug 943521 - Use onepw prototcol in fxa client. r=ckarlof 2014-02-05 06:14:30 +00:00
Bug 1361572 - Remove Task.jsm/Promise.jsm from services/. r=kitcambridge MozReview-Commit-ID: BBIkpIkWIYc --HG-- extra : rebase_source : a0f10b07bad20789e2d1c2c2bca133b32bf671aa 2017-05-02 23:29:33 +00:00			`let password = CommonUtils.encodeUTF8(passwordInput);`
			`let salt = this.keyWordExtended("quickStretch", emailInput);`
Bug 943521 - Use onepw prototcol in fxa client. r=ckarlof 2014-02-05 06:14:30 +00:00
Bug 1518300 - Refactor CryptoUtils and add JWK/JWE methods to jwcrypto. r=rfkelly,tjr Differential Revision: https://phabricator.services.mozilla.com/D15868 --HG-- extra : moz-landing-system : lando 2019-01-18 20:58:42 +00:00			`let runnable = async () => {`
Bug 1361572 - Remove Task.jsm/Promise.jsm from services/. r=kitcambridge MozReview-Commit-ID: BBIkpIkWIYc --HG-- extra : rebase_source : a0f10b07bad20789e2d1c2c2bca133b32bf671aa 2017-05-02 23:29:33 +00:00			`let start = Date.now();`
Bug 1518300 - Refactor CryptoUtils and add JWK/JWE methods to jwcrypto. r=rfkelly,tjr Differential Revision: https://phabricator.services.mozilla.com/D15868 --HG-- extra : moz-landing-system : lando 2019-01-18 20:58:42 +00:00			`let quickStretchedPW = await CryptoUtils.pbkdf2Generate(`
			`password,`
			`salt,`
			`pbkdf2Rounds,`
			`stretchedPWLength`
			`);`
Bug 943521 - Use onepw prototcol in fxa client. r=ckarlof 2014-02-05 06:14:30 +00:00
Bug 1361572 - Remove Task.jsm/Promise.jsm from services/. r=kitcambridge MozReview-Commit-ID: BBIkpIkWIYc --HG-- extra : rebase_source : a0f10b07bad20789e2d1c2c2bca133b32bf671aa 2017-05-02 23:29:33 +00:00			`result.quickStretchedPW = quickStretchedPW;`
Bug 943521 - Use onepw prototcol in fxa client. r=ckarlof 2014-02-05 06:14:30 +00:00
Bug 1518300 - Refactor CryptoUtils and add JWK/JWE methods to jwcrypto. r=rfkelly,tjr Differential Revision: https://phabricator.services.mozilla.com/D15868 --HG-- extra : moz-landing-system : lando 2019-01-18 20:58:42 +00:00			`result.authPW = await CryptoUtils.hkdfLegacy(`
			`quickStretchedPW,`
			`hkdfSalt,`
			`this.keyWord("authPW"),`
			`hkdfLength`
			`);`
Bug 943521 - Use onepw prototcol in fxa client. r=ckarlof 2014-02-05 06:14:30 +00:00
Bug 1518300 - Refactor CryptoUtils and add JWK/JWE methods to jwcrypto. r=rfkelly,tjr Differential Revision: https://phabricator.services.mozilla.com/D15868 --HG-- extra : moz-landing-system : lando 2019-01-18 20:58:42 +00:00			`result.unwrapBKey = await CryptoUtils.hkdfLegacy(`
			`quickStretchedPW,`
			`hkdfSalt,`
			`this.keyWord("unwrapBkey"),`
			`hkdfLength`
			`);`
Bug 943521 - Use onepw prototcol in fxa client. r=ckarlof 2014-02-05 06:14:30 +00:00
Bug 1361572 - Remove Task.jsm/Promise.jsm from services/. r=kitcambridge MozReview-Commit-ID: BBIkpIkWIYc --HG-- extra : rebase_source : a0f10b07bad20789e2d1c2c2bca133b32bf671aa 2017-05-02 23:29:33 +00:00			`log.debug("Credentials set up after " + (Date.now() - start) + " ms");`
			`resolve(result);`
Bug 1408777 - Automatically fix instances of missing semicolons in the tree. r=Standard8 MozReview-Commit-ID: Jm8BRgt6mIv 2017-10-15 18:50:30 +00:00			`};`
Bug 943521 - Use onepw prototcol in fxa client. r=ckarlof 2014-02-05 06:14:30 +00:00
Bug 1361572 - Remove Task.jsm/Promise.jsm from services/. r=kitcambridge MozReview-Commit-ID: BBIkpIkWIYc --HG-- extra : rebase_source : a0f10b07bad20789e2d1c2c2bca133b32bf671aa 2017-05-02 23:29:33 +00:00			`Services.tm.dispatchToMainThread(runnable);`
			`log.debug("Dispatched thread for credentials setup crypto work");`
			`});`
Bug 1486739 - Add missing dangling commas in browser/, services/, taskcluster/ and toolkit/. r=mossop Automatic changes by ESLint, except for manual corrections for .xml files. Differential Revision: https://phabricator.services.mozilla.com/D4439 --HG-- extra : moz-landing-system : lando 2018-08-31 05:59:17 +00:00			`},`
Bug 943521 - Use onepw prototcol in fxa client. r=ckarlof 2014-02-05 06:14:30 +00:00			`});`