mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-24 13:21:05 +00:00
Bug 1804624 - upgrade to authenticator 0.4.0-alpha.4. r=dveditz,supply-chain-reviewers
Version 0.4.0-alpha.4 fixes an issue where CTAP2 commands would fail if a token did not have a PIN set. See https://github.com/mozilla/authenticator-rs/pull/208 Differential Revision: https://phabricator.services.mozilla.com/D164255
This commit is contained in:
parent
4ec6b65323
commit
cc445a9697
4
Cargo.lock
generated
4
Cargo.lock
generated
@ -378,9 +378,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "authenticator"
|
||||
version = "0.4.0-alpha.3"
|
||||
version = "0.4.0-alpha.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "671c5d49eab8c93b8aea310cef8a7fd0846eb9417e3c31e4f4d6ec7012aae842"
|
||||
checksum = "0e6049d26a8bcbee28599bc43e2369fa228dc5d63a0c5ad7739887d330c1228b"
|
||||
dependencies = [
|
||||
"base64",
|
||||
"bitflags",
|
||||
|
@ -99,7 +99,7 @@ notes = "I maintain this crate and have reviewed every line."
|
||||
[[audits.authenticator]]
|
||||
who = "John M. Schanck <jschanck@mozilla.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.4.0-alpha.3"
|
||||
version = "0.4.0-alpha.4"
|
||||
notes = "Maintained by the CryptoEng team at Mozilla."
|
||||
|
||||
[[audits.autocfg]]
|
||||
|
File diff suppressed because one or more lines are too long
2
third_party/rust/authenticator/Cargo.lock
generated
vendored
2
third_party/rust/authenticator/Cargo.lock
generated
vendored
@ -39,7 +39,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "authenticator"
|
||||
version = "0.4.0-alpha.3"
|
||||
version = "0.4.0-alpha.4"
|
||||
dependencies = [
|
||||
"assert_matches",
|
||||
"base64",
|
||||
|
2
third_party/rust/authenticator/Cargo.toml
vendored
2
third_party/rust/authenticator/Cargo.toml
vendored
@ -12,7 +12,7 @@
|
||||
[package]
|
||||
edition = "2018"
|
||||
name = "authenticator"
|
||||
version = "0.4.0-alpha.3"
|
||||
version = "0.4.0-alpha.4"
|
||||
authors = [
|
||||
"J.C. Jones <jc@mozilla.com>",
|
||||
"Tim Taubert <ttaubert@mozilla.com>",
|
||||
|
@ -745,6 +745,7 @@ pub enum PinError {
|
||||
InvalidPin(Option<u8>),
|
||||
PinAuthBlocked,
|
||||
PinBlocked,
|
||||
PinNotSet,
|
||||
Backend(BackendError),
|
||||
}
|
||||
|
||||
@ -770,6 +771,7 @@ impl fmt::Display for PinError {
|
||||
f,
|
||||
"PinError: No retries left. Pin blocked. Device needs reset."
|
||||
),
|
||||
PinError::PinNotSet => write!(f, "PinError: Pin needed but not set on device."),
|
||||
PinError::Backend(ref e) => write!(f, "PinError: Crypto backend error: {:?}", e),
|
||||
}
|
||||
}
|
||||
|
@ -103,13 +103,14 @@ pub(crate) trait PinAuthCommand {
|
||||
}
|
||||
|
||||
let client_data_hash = self.client_data_hash();
|
||||
let pin_auth = match calculate_pin_auth(dev, &client_data_hash, &self.pin()) {
|
||||
Ok(pin_auth) => pin_auth,
|
||||
Err(e) => {
|
||||
return Err(repackage_pin_errors(dev, e));
|
||||
}
|
||||
};
|
||||
self.set_pin_auth(pin_auth, Some(1)); // TODO(MS): Currently, we only support version 1
|
||||
let (pin_auth, pin_auth_protocol) =
|
||||
match calculate_pin_auth(dev, &client_data_hash, &self.pin()) {
|
||||
Ok((pin_auth, pin_auth_protocol)) => (pin_auth, pin_auth_protocol),
|
||||
Err(e) => {
|
||||
return Err(repackage_pin_errors(dev, e));
|
||||
}
|
||||
};
|
||||
self.set_pin_auth(pin_auth, pin_auth_protocol);
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
@ -146,7 +147,12 @@ pub(crate) fn repackage_pin_errors<D: FidoDevice>(
|
||||
))) => {
|
||||
return AuthenticatorError::PinError(PinError::PinRequired);
|
||||
}
|
||||
// TODO(MS): Add "PinNotSet"
|
||||
AuthenticatorError::HIDError(HIDError::Command(CommandError::StatusCode(
|
||||
StatusCode::PinNotSet,
|
||||
_,
|
||||
))) => {
|
||||
return AuthenticatorError::PinError(PinError::PinNotSet);
|
||||
}
|
||||
// TODO(MS): Add "PinPolicyViolated"
|
||||
err => {
|
||||
return err;
|
||||
@ -427,7 +433,7 @@ pub(crate) fn calculate_pin_auth<Dev>(
|
||||
dev: &mut Dev,
|
||||
client_data_hash: &ClientDataHash,
|
||||
pin: &Option<Pin>,
|
||||
) -> Result<Option<PinAuth>, AuthenticatorError>
|
||||
) -> Result<(Option<PinAuth>, Option<u64>), AuthenticatorError>
|
||||
where
|
||||
Dev: FidoDevice,
|
||||
{
|
||||
@ -448,13 +454,16 @@ where
|
||||
let pin_command = GetPinToken::new(&info, &shared_secret, &pin)?;
|
||||
let pin_token = dev.send_cbor(&pin_command)?;
|
||||
|
||||
Some(
|
||||
pin_token
|
||||
.auth(client_data_hash.as_ref())
|
||||
.map_err(CommandError::Crypto)?,
|
||||
(
|
||||
Some(
|
||||
pin_token
|
||||
.auth(client_data_hash.as_ref())
|
||||
.map_err(CommandError::Crypto)?,
|
||||
),
|
||||
Some(1), // Currently only pin_auth_protocol 1 supported
|
||||
)
|
||||
} else {
|
||||
None
|
||||
(None, None)
|
||||
};
|
||||
|
||||
Ok(pin_auth)
|
||||
|
@ -39,7 +39,7 @@ tokio-reactor = { version = "=0.1.3", optional = true }
|
||||
# audioipc2-client and audioipc2-server.
|
||||
tokio-threadpool = { version = "=0.1.17", optional = true }
|
||||
encoding_glue = { path = "../../../../intl/encoding_glue" }
|
||||
authenticator = { version = "0.4.0-alpha.3", features = ["gecko"] }
|
||||
authenticator = { version = "0.4.0-alpha.4", features = ["gecko"] }
|
||||
gkrust_utils = { path = "../../../../xpcom/rust/gkrust_utils" }
|
||||
gecko_logger = { path = "../../../../xpcom/rust/gecko_logger" }
|
||||
rsdparsa_capi = { path = "../../../../dom/media/webrtc/sdp/rsdparsa_capi" }
|
||||
|
Loading…
Reference in New Issue
Block a user