The NS_LITERAL_STRING macro creates a temporary nsLiteralString to encapsulate the char16_t string literal and its length, but AssignLiteral() can determine the char16_t string literal's length at compile-time without nsLiteralString.
MozReview-Commit-ID: 6vgQiU8zN3o
--HG--
extra : rebase_source : 1b536b92ef43f610db057ace6f108620e8d8b4d5
extra : source : 336e21386d5eeb16f1c9893c29377f23b67cc4b0
This should be an easy solution. We can't stop the sign() or register()
runloop from calling the callback, so we need the callback to simply return
early when the U2FHIDTokenManager shuts down.
Bug #: 1400940
Differential Revision: https://phabricator.services.mozilla.com/D67
The runloop seems like a good candidate for moving into its own crate.
I wasn't sure whether we want it under the Mozilla org on GitHub, so I pushed
it to ttaubert/rust-runloop for a start. Moving the repository to mozilla/*
is easy, and we'd just need to bump the crate version with the updated
repository, if you think we should.
Bug #: 1400559
Differential Revision: https://phabricator.services.mozilla.com/D62
--HG--
rename : dom/webauthn/u2f-hid-rs/src/runloop.rs => third_party/rust/runloop/src/lib.rs
One cannot use #[cfg(target_os)] checks in build.rs.
Build scripts can be used to generate code so the target
is set to the host platform when they are compiled.
Having this setting exported an unconditional link
depencency whenever the host was macOS, which broke
cross-compiling, in particular for fennec builds
targetting Android.
Instead, declare the IOKit dependency on the `extern`
block which imports the symbol inside macOS-specific
code. That way final link still works, but the extra
dependency is only enabled when appropriate for the
final target, like the other platform-dependent code.
Summary: We're currently using the thread_rng to derive a cmd byte for the U2F protocol fuzzers. That of course should rather be derived deterministically from the input handed to the fuzzing target.
Bug #: 1400513
Differential Revision: https://phabricator.services.mozilla.com/D61
The algorithm names provided to the WebAuthn methods have to either be a
string, or (potentially) a WebCrypto object. Right now we only work with
strings, but there's no good reason to assert that, we can just let the
action fail.
This patch removes the assert to help out the fuzzing team.
MozReview-Commit-ID: 9dc8m0a2gZK
--HG--
extra : rebase_source : 649a7f4928679405fe445ac533eee2cfccaedd25
FreeBSD isn't currently support for FIDO U2F support, similar to Android, so
this patch [1] from Jan Beich <jbeich@FreeBSD.org> treats Android and FreeBSD
the same. With luck, someone will add in the platform support for both, soon!
[1] https://github.com/jcjones/u2f-hid-rs/pull/44
MozReview-Commit-ID: DU7Rco2NLb3
--HG--
rename : dom/webauthn/u2f-hid-rs/src/android/mod.rs => dom/webauthn/u2f-hid-rs/src/stub/mod.rs
Now that there are actual hardware devices, this test can't be run: it
depended on there being a deliberately-erroring implementation of WebAuthn
which would instantly reject promises. Fortunately, this test was really more
a test that telemetry scalars work properly than really the functionality
of WebAuthn.
Sadly, I don't see any way to re-enable this test without adding a new test-
only pref to the tree, which doesn't seem worth it for the telemetry.
So this patch removes the offending test completely which was backed out in
https://hg.mozilla.org/integration/mozilla-inbound/rev/c115eec567a6 .
MozReview-Commit-ID: LiLuQHbPU1z
The nsIU2FToken and its implementors are no longer needed; the soft token was
re-implemented into dom/webauthn/U2FSoftTokenManager.cpp during the WebAuthn
implementation. When the dom/u2f/ code changed to the implementation from
WebAuthn, the old synchronous version became dead code.
This patch removes the dead code.
MozReview-Commit-ID: 2yDD0tccgZr
--HG--
extra : rebase_source : 0f14d8de8f62599a41c13aa4d8fc9cdbc1fd79c7
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
This is a change to permit interacting with the U2FTokenManager from
the dom/U2F context in addition to the dom/WebAuthn one.
MozReview-Commit-ID: BvP5BY2wVYi
--HG--
extra : rebase_source : 0ca9cb1e72cb688b901484ec6bf2602d15131478
In Bug 1380421 we reverted some behavior that required Web Authentication's
RP ID to be domain string to permit it to be an origin, too, for interop
testing. That is no longer needed, so this patch resumes enforcement that
RP ID be a domain string.
It also adds a needed test that the RP ID hash is calculated correctly.
MozReview-Commit-ID: 8dDjzo5kQKP
--HG--
extra : rebase_source : 65cd7b9f3a6ecfc58805daf102f33966c9b19b98
Replace it with NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION, because it
has been the same for a while.
MozReview-Commit-ID: 5agRGFyUry1
--HG--
extra : rebase_source : 5388c56b2f6905c6ef969150f0c5b77bf247624d
WD-05 changed the "hashAlg" parameter of the CollectedClientData definition
from using an internally-defined "S256" string to identify the sha256 digest
to the definition in WebCrypto [1]. This only appears once, hard-coded in
WebAuthn (since U2F only supports SHA-256), so we need to change that one
instance.
[1] https://www.w3.org/TR/WebCryptoAPI/#sha-registration
MozReview-Commit-ID: 8de2CIGBBGA
--HG--
extra : rebase_source : e54c0d1f3f9551be48c3a72444edf62c45c647c4
WebAuthn operations that are in-flight with authenticators must be cancelled
when switching tabs.
There's an Issue [1] opened with the WebAuthn spec for this already, but the
language is _not_ in spec. Still, it's necessary for security, spec or not.
This also matches how Chromium handles U2F operations during a tab switch.
[1] https://github.com/w3c/webauthn/issues/316
MozReview-Commit-ID: 6Qh9oC4pqys
--HG--
extra : rebase_source : ad1665b8140f74b1291f17994285e6146c4ec468
This patch intends to obtain a 1) rough sense of the percentage of telemetry
population using Web Authentication over time, and 2) whether or not the
Authentication request was successful or errored out as a scalar. It also tracks
3) how long it takes for requests to complete as a histogram.
It counts Register (enrollment) and Sign (login) separately as we would
anticipate there being far, far more Sign uses than Register.
MozReview-Commit-ID: 8DFyKAG8XJw
--HG--
extra : rebase_source : 0c168b32b995ffffda804538d2b92009d4dc38c5
The WebAuthn WD-05 version of the specification defines the Origin field [1]
of the CollectedClientData as being set to the RP ID [2][3].
Note there is some ambiguity in the specification, as [1] says
CollectedClientData.Origin is the document's origin, while the
algorithms [2] and [3] set it to RP ID.
I'm going to stick with the algorithm's definition for this patch; it's
simple to revert when we move to WD-06 (Bug 1384776).
[1] https://www.w3.org/TR/webauthn/#dom-collectedclientdata-origin
[2] https://www.w3.org/TR/webauthn/#createCredential
[3] https://www.w3.org/TR/webauthn/#getAssertion
MozReview-Commit-ID: LW918sIg5wH
--HG--
extra : rebase_source : 799f5fa8878614c45d0def07d01d6c1c0c6e9824
This patch intends to obtain a 1) rough sense of the percentage of telemetry
population using Web Authentication over time, and 2) whether or not the
Authentication request was successful or errored out as a scalar. It also tracks
3) how long it takes for requests to complete as a histogram.
It counts Register (enrollment) and Sign (login) separately as we would
anticipate there being far, far more Sign uses than Register.
MozReview-Commit-ID: 8DFyKAG8XJw
--HG--
extra : rebase_source : c93eeac7a978a1d1c4b08ff1e18e2548b1045ced
The Web Authentication PublicKeyCredential object has two fields currently
unpopulated which, to be spec-compliant, must be set. These fields duplicate
available data.
[PublicKeyCredential.id] must be set to the base64url encoding with omitted
padding of whatever data is in "rawId".
[PublicKeyCredential.type] must be the literal "public-key".
MozReview-Commit-ID: L6wPYpZdD8A
--HG--
extra : rebase_source : 3ca83598b70f99f4d60f303d113e875046268669
Web Authentication uses JWK algorithm names (ES256) instead of WebCrypto names
(such as P-256). There are other JWK algorithm names, but our current U2F-backed
implementation only can support ES256 anyway, as that's all that FIDO U2F
devices understand. This patch limits us to the name ES256 for the "alg"
parameter.
MozReview-Commit-ID: 3V5DMzVzPad
--HG--
extra : rebase_source : 4fcf797ca0edc49f143333cc24aa51071cf719f5
Web Authentication's WD-05 specification moves to using (CBOR) Concise Binary
Object Representation to transmit the binary data... most of it. This lands a
subset of the Apache 2-licensed "CBOR C++" serialization library [1] into
webauthn's path.
It does not add any code to use this library; see patch 2/3.
[1] https://github.com/naphaso/cbor-cpp/
MozReview-Commit-ID: Ktj9TgdqElk
--HG--
extra : rebase_source : e36c956ef62be3ea1a3b6cbc8e3d6df2626c15b1
The U2FSoftTokenManager is a synchronous implementation and thus didn't need a
timeout so far. We need it for the U2FHIDTokenManager though to let user
interaction timeout properly.
Thus, add a timeout argument to the methods required by the U2FTokenTransport
interface and forward that to the token manager implementations.
This adjusts tests to also check origin-based RP IDs, for interop
purposes. When we officially move up to WD-06, we'll want to remove these.
MozReview-Commit-ID: FJRg7vxZIcN
--HG--
extra : rebase_source : 6b89ef1ec5f8f6312bc00740b171540dd2a111cf
A recent fixup commit [1] changed "RP ID" fields in WebAuthn to be domain
strings rather than origins, which matches the current editor's draft of
Web Authentication. Unfortunately, this is contrary to the interop WD-05,
which requires they be origins.
We should be tolerant of origins for now, and in the follow-on Bug 1381126
we'll remove this tolerance once we get past initial WD-05 interop.
[1] https://hg.mozilla.org/mozilla-central/rev/e173fd86d931
MozReview-Commit-ID: Cz2KaHvOIHz
--HG--
extra : rebase_source : eafac0cbab324c566a7ae64004f85258ca3ba805
nsHTMLDocument included IsRegistrableDomainSuffixOfOrEqualTo() to facilitate
some use cases in Web Authentication, and this patch adds support to our
implementation. The general idea is to permit relaxing some of the same-origin
policy for single-sign-on type approaches, while restricting other uses. [1]
[1] https://w3c.github.io/webauthn/#rp-id
MozReview-Commit-ID: BP74OYvcwBJ
--HG--
extra : rebase_source : 94b62f9063de129dc30c4457578b50088a3c92e0
The spec for WebAuthn defines "RP ID" as a "valid domain string" [1], whereas we
were using an origin string (with the scheme and whatnot). This patch corrects
the default rpId strings (when not overriden) to be domain strings.
[1] https://w3c.github.io/webauthn/#rp-id
MozReview-Commit-ID: 2p1cEQDa2FV
--HG--
extra : rebase_source : 8be13b8e88abb409e15c1bf9142f18d786699504
This patch adds a skeleton U2FHIDTokenManager that returns
NS_ERROR_NOT_IMPLEMENTED for ::Register() and ::Sign().
This will help test calling into the Rust library and make it easier to
implement the full USB HID transport.
This patch adds a Cancel() method to the U2FTokenTransport interface so that
we can forward request cancellations to the actual token manager implementation.
The current softtoken doesn't need that as it processes API calls synchronously,
USB HID tokens however need a cancellation mechanism.
The SendRequestCancel() call has been removed from WebAuthnManager::Cancel() as
we're currently only calling this method either when the chrome process
cancels the request (and then we don't need to send it back again) or the
content process fails to process the data after a request was fulfilled and
thus there's nothing to cancel. We will touch this again later when the UI
cancels requests on tab switch and similar user actions.