Commit Graph

86 Commits

Author SHA1 Message Date
Tim Taubert
c3180f09e1 Bug 1406467 - Web Authentication - WD-07 Updates to Make Assertion r=jcj,smaug
Summary:
Add support for PublicKeyCredentialRequestOptions.userVerification. For now
this basically means that we'll abort the operation with NotAllowed, as we
don't support user verification yet.

Pass PublicKeyCredentialDescriptor.transports through to the token manager
implementations. The softoken will ignore those and pretend to support all
transports defined by the spec. The USB HID token will check for the "usb"
transport and either ignore credentials accordingly, or abort the operation.

Note: The `UserVerificationRequirement` in WebIDL is defined at https://w3c.github.io/webauthn/#assertion-options

Reviewers: jcj, smaug

Reviewed By: jcj, smaug

Bug #: 1406467

Differential Revision: https://phabricator.services.mozilla.com/D338

--HG--
extra : amend_source : 314cadb3bc40bbbee2a414bc5f13caed55f9d720
2018-01-09 07:27:35 +01:00
J.C. Jones
dccb7bcf7c Bug 1247124 - Limit FIDO U2F to Secure Contexts r=ttaubert,smaug
Use the [SecureContext] webidl notation to hide the powerful "window.u2f"
feature and its interface when not loaded in a secure context.

MozReview-Commit-ID: 7en8b5ieI85
2017-12-13 17:02:38 -06:00
Tim Taubert
975f015349 Bug 1422661 - Fix U2F test failures in new microtask scheduling r=jcj
Summary:
Ensure that transactions are cleared before U2FCallbacks are called, to allow
reentrancy from microtask checkpoints.

Move the two possible callbacks into U2FTransaction so we have nicer invariants
and know that there's a callback as long as we have a transaction.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1422661

Differential Revision: https://phabricator.services.mozilla.com/D329

--HG--
extra : amend_source : 7097f38199a5bc4a215377e4f1a64079cf6d6a24
2017-12-08 16:55:52 +01:00
Tim Taubert
b5c19b9f90 Bug 1396907 - Abstract a BaseAuthManager for dom/u2f and dom/webauthn r=jcj
Summary: We can probably abstract more stuff in the future, but this seems like a good start.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1396907

Differential Revision: https://phabricator.services.mozilla.com/D323
2017-12-06 18:41:58 +01:00
Tim Taubert
91a23b2116 Bug 1421723 - Allow localhost as appId for U2F r=jcj
Reviewers: jcj

Reviewed By: jcj

Bug #: 1421723

Differential Revision: https://phabricator.services.mozilla.com/D321
2017-12-06 16:28:20 +01:00
Tim Taubert
a3256fcae8 Bug 1421616 - Have one WebAuthnManager instance per CredentialsContainer r=jcj
Summary:
We currently have a single WebAuthnManager instance per process that's shared
between all CredentialContainers. That way the nsPIDOMWindowInner parent has
to be tracked by the transaction, as multiple containers could kick off
requests simultaneously.

This patch lets us we have one WebAuthnManager instance per each
CredentialsContainer and thus each nsPIDOMWindowInner. This matches the current
U2F implementation where there is one instance per parent window too.

This somewhat simplifies the communication diagram (at least in my head), as
each U2F/WebAuthnManager instance also has their own TransactionChild/Parent
pair for IPC protocol communication. The manager and child/parent pair are
destroyed when the window is.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1421616

Differential Revision: https://phabricator.services.mozilla.com/D305
2017-12-05 19:05:06 +01:00
Tim Taubert
587ed9ddc7 Backed out changeset bb739695f566 (bug 1421616) 2017-12-05 19:24:22 +01:00
Tim Taubert
a0935f0ff1 Bug 1421616 - Have one WebAuthnManager instance per CredentialsContainer r=jcj
Summary:
We currently have a single WebAuthnManager instance per process that's shared
between all CredentialContainers. That way the nsPIDOMWindowInner parent has
to be tracked by the transaction, as multiple containers could kick off
requests simultaneously.

This patch lets us we have one WebAuthnManager instance per each
CredentialsContainer and thus each nsPIDOMWindowInner. This matches the current
U2F implementation where there is one instance per parent window too.

This somewhat simplifies the communication diagram (at least in my head), as
each U2F/WebAuthnManager instance also has their own TransactionChild/Parent
pair for IPC protocol communication. The manager and child/parent pair are
destroyed when the window is.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1421616

Differential Revision: https://phabricator.services.mozilla.com/D305
2017-12-05 19:05:06 +01:00
Tim Taubert
c5eda6e272 Bug 1406462 - Web Authentication - Add support for authenticator selection criteria and attachment types r=jcj,smaug
Reviewers: jcj, smaug

Reviewed By: jcj, smaug

Bug #: 1406462

Differential Revision: https://phabricator.services.mozilla.com/D278
2017-11-29 13:58:33 +01:00
Tim Taubert
ded0cee6bf Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj
Reviewers: jcj

Reviewed By: jcj

Bug #: 1410346

Differential Revision: https://phabricator.services.mozilla.com/D288
2017-11-28 10:21:07 +01:00
Tim Taubert
de00fd9f1f Backed out changeset 0750af27bcee (bug 1410346) 2017-11-28 10:37:45 +01:00
Tim Taubert
1712f2c336 Bug 1410346 - Merge U2F.cpp and U2FManager.cpp r=jcj
Reviewers: jcj

Reviewed By: jcj

Bug #: 1410346

Differential Revision: https://phabricator.services.mozilla.com/D288

--HG--
extra : amend_source : 5d078e8d9dc1bd6da11f2d84e349b6d77638ed6b
2017-11-28 10:21:07 +01:00
Tim Taubert
38fb49445f Bug 1420906 - Add override/cancellation/tab switch tests for U2F API r=jcj
Reviewers: jcj

Reviewed By: jcj

Bug #: 1420906

Differential Revision: https://phabricator.services.mozilla.com/D290
2017-11-28 10:08:49 +01:00
Tim Taubert
1d2e8ed150 Bug 1412408 - Fix content process leak of U2FTransactionChild instances r=jcj
Summary:
This patch fixes the reported leak of U2FTransactionChild instances in the
content process by introducing a WebAuthnTransactionChildBase class that both
WebAuthnTransactionChild and U2FTransactionChild inherit from.

This base class is responsible for proper refcounting. In
BackgroundChildImpl::DeallocPWebAuthnTransactionChild() we currently always
cast to WebAuthnTransactionChild, that will work only for the WebAuthn API. We
can now cast to WebAuthnTransactionChildBase to make this work for U2F as well.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1412408

Differential Revision: https://phabricator.services.mozilla.com/D179
2017-11-02 12:18:19 +01:00
Bevis Tseng
b7bcbf0162 Bug 1413125 - Support reentry synchronously from U2F callbacks. r=jcj
Call MozPromiseRequestHolder::Complete() and reset callbacks eariler to
support reentry of U2F::Register()/Sign() from calling ExecuteCallback().
2017-10-31 18:22:00 +08:00
Andrew McCreight
298aa82710 Bug 1412125, part 2 - Fix dom/ mode lines. r=qdot
This was automatically generated by the script modeline.py.

MozReview-Commit-ID: BgulzkGteAL

--HG--
extra : rebase_source : a4b9d16a4c06c4e85d7d85f485221b1e4ebdfede
2017-10-26 15:08:41 -07:00
Tim Taubert
c29f1dbeb7 Bug 1403818 - Fix WebAuthn IPC crashes by keeping the child actor alive until process shutdown r=jcj
Summary:
We currently call ChildActor.send__delete() when clearing an active transaction
and thereby destroy the child actor. If that happens, e.g. due to a tab switch,
while a message is in the IPC buffer waiting to be delivered, we crash.

This patch creates the child actor lazily as before, but keeps it around until
the WebAuthnManager goes away, which will be at process shutdown.

Each transaction now has a unique id, that the parent process will include in
any of the ConfirmRegister, ConfirmSign, or Abort messages. That way we can
easily ignore stale messages that were in the buffer while we started a new
transaction or cancelled the current one.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1403818

Differential Revision: https://phabricator.services.mozilla.com/D149
2017-10-25 15:59:53 +02:00
Andrea Marchesini
cd379739f9 Bug 1411257 - No MOZ_CRASH if BackgroundChild::GetOrCreateForCurrentThread() fails - part 5 - U2F manager, r=asuth 2017-10-25 08:45:53 +02:00
Andrea Marchesini
c9b008f29e Bug 1408333 Get rid of nsIIPCBackgroundChildCreateCallback - part 8 - U2F, r=asuth 2017-10-24 12:02:40 +02:00
Tim Taubert
ce066246b7 Bug 1410428 - Handle stales messages in {WebAuthn,U2F}Manager r=jcj
Summary:
With both managers storing transaction infos in `Maybe<Info> mTransaction` now,
it occurred to me that we can't actually assert that
`mTransaction.isSome() == true` when we receive a message.

At least with the U2F API the request could be cancelled (and mTransaction
cleared) while there's a pending completion message. For WebAuthn it probably
doesn't hurt to handle this properly either.

(As a bonus, I snuck in the removal of an unused enum.)

Reviewers: jcj

Reviewed By: jcj

Bug #: 1410428

Differential Revision: https://phabricator.services.mozilla.com/D145
2017-10-21 11:34:44 +02:00
Tim Taubert
9ac166b3da Bug 1410345 - Rework U2FManager state machine r=jcj
Summary:
This patch aims to clean up the U2FManager's state machine, especially to make
cancellation of transactions clearer. To fix bug 1403818, we'll have to later
introduce a unique id that is forwarded to the U2FTokenManager.

There are multiple stages of cancellation/cleanup after a transaction was
started. All of the places where we previously called Cancel() or
MaybeClearTransaction() are listed below:

[stage 1] ClearTransaction

This is the most basic stage, we only clean up what information we have about
the current transaction. This means that the request was completed successfully.
It is used at the end of FinishRegister() and FinishSign().

[stage 2] RejectTransaction

The second stage will reject the transaction promise we returned to the caller.
Then it will call ClearTransaction, i.e. stage 1. It is used when one of the
two Finish*() functions aborts before completion, or when the parent process
sends a RequestAborted message.

[stage 2b] MaybeRejectTransaction

This is the same as stage 2, but will only run if there's an active transaction.
It is used by ~U2FManager() to reject and clean up when we the manager goes
away.

[stage 3] CancelTransaction

The third stage sends a "Cancel" message to the parent process before rejecting
the transaction promise (stage 2) and cleaning up (stage 1). It's used by
HandleEvent(), i.e. the document becomes inactive.

[stage 3b] MaybeCancelTransaction

This is the same as stage 3, but will only run if there's an active transaction.
It is used at the top of Register() and Sign() so that any active transaction
is cancelled before we handle a new request. It's also used by U2F::Cancel()
as long as bug 1410346 isn't fixed.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1410345

Differential Revision: https://phabricator.services.mozilla.com/D144
2017-10-21 11:34:38 +02:00
Tim Taubert
23f8be23e6 Bug 1409357 - Remove {WebAuthn,U2F}Manager::Start{Register,Sign,Cancel} methods r=jcj
Summary:
We can simplify and reduce the {WebAuthn,U2F}Manager code by removing these
methods and sending messages directly from closures.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1409357

Differential Revision: https://phabricator.services.mozilla.com/D131
2017-10-17 17:11:12 +02:00
Tim Taubert
382ba57162 Bug 1409135 - Cleanup and rearrange {WebAuthn,U2F}Manager.h r=jcj
Summary:
Both files declare a few methods as public that we can make private. Let's
seize the chance to rearrange declarations such that they reflect the message
model better.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1409135

Differential Revision: https://phabricator.services.mozilla.com/D128

--HG--
extra : amend_source : 8f7a9d92ec81253847c44d92c71ea00cc8753bd1
2017-10-17 11:31:30 +02:00
Tim Taubert
f7e1c16e21 Bug 1409116 - Rename {WebAuthn,U2F}TransactionParent::Cancel message to Abort r=jcj
Summary:
We currently allow sending a "Cancel" message from the child to abort a running
transaction, e.g. when the user switches away from the currently active tab.

We have a message with the same name "Cancel" sent by the parent when the
transaction is aborted due to failure somewhere in the token manager.

This patch renames abort messages from the parent to "Abort" to clarify the
purpose of the message.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1409116

Differential Revision: https://phabricator.services.mozilla.com/D127

--HG--
extra : amend_source : ee6767965ad928033eb23b258aacf54bbaf57d2d
2017-10-17 11:30:55 +02:00
Tim Taubert
3e13f9c368 Bug 1407179 - Use AssertIsOnBackgroundThread() in U2F and WebAuthn BackgroundParentImpls r=jcj
Summary: It seems like a good idea to call AssertIsOnBackgroundThread() in the WebAuthnTransactionParent and U2FTransactionParent methods. They should never be called on any other thread. (Other BPImpls are doing the same.)

Reviewers: jcj

Reviewed By: jcj

Bug #: 1407179

Differential Revision: https://phabricator.services.mozilla.com/D105
2017-10-10 18:31:30 +02:00
Tim Taubert
cb4f5e98e1 Bug 1402156 - Cancel any pending requests when u2f.{register,sign} is called r=jcj
Bug #: 1402156

Differential Revision: https://phabricator.services.mozilla.com/D101
2017-10-06 14:45:27 +02:00
J.C. Jones
9fc9b8dcb4 Bug 1244959 - Use IsRegistrableDomainSuffixOfOrEqualTo for U2F Facets r=ttaubert
In Comment 8 of Bug 1244959 [1], Brad Hill argues that instead of leaving our
U2F Facet support completely half-way, that we could use the Public Suffix logic
introduced into HTML for W3C Web Authentication (the method named
IsRegistrableDomainSuffixOfOrEqualTo) to scope the FIDO AppID to an eTLD+1
hierarchy. This is a deviation from the FIDO specification, but doesn't break
anything that currently works with our U2F implementation, and theoretically
enables sites that otherwise need an external FacetID fetch which we aren't
implementing.

The downside to this is that it's then Firefox-specific behavior. But since this
isn't a shipped feature, we have more room to experiment. As an additional
bonus, it encourages U2F sites to use the upcoming Web Authentication security
model, which will help them prepare to adopt the newer standard.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1244959#c8

MozReview-Commit-ID: DzNVhHT9qRL

--HG--
extra : rebase_source : 262e2ddbec325e0391d346473f27ae2738490da1
2017-09-28 16:45:28 -07:00
J.C. Jones
4cf1111f75 Bug 1399334 - Workaround buggy pki.js cert verifier implementation r=keeler
There's an intermittent on the call attestationCert.verify() to test the self-
signed cert from our not-shipped software U2F implementation. Collection of the
intermittents shows these certs are fine, and should verify correctly, but they
don't. The bug must be in pki.js, which is out-of-scope as we only use it for
mochitests.

This patch removes the offending call to xxxx.verify(), because it doesn't
really matter whether the self-signed-cert looks OK to pki.js; we just need
the public key from inside it to proceed with the rest of the tests.

As an example of a so-called "invalid" self-signed cert that failed, we have:

https://treeherder.mozilla.org/logviewer.html#?repo=mozilla-central&job_id=134282931&lineNumber=2673

-----BEGIN CERTIFICATE-----
MIIBMTCB2aADAgECAgUA55x6LTAKBggqhkjOPQQDAjAhMR8wHQYDVQQDExZGaXJl
Zm94IFUyRiBTb2Z0IFRva2VuMB4XDTE3MDkzMDE5MjIzMloXDTE3MTAwMjE5MjIz
MlowITEfMB0GA1UEAxMWRmlyZWZveCBVMkYgU29mdCBUb2tlbjBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABIWu4L8ky7s8I7qVv+JwMRHpippH4b6h7rN0jlKpFbHK
hnEwaCPLrTx04Eh9xT4GK9JWuuP759hnAxsWD5wk0H0wCgYIKoZIzj0EAwIDRwAw
RAIgRIeRcn6LkwU8VOmX+mdQ3jUQrUOp5f2xH/qBECGi5EcCIADBjsm/EDKkAwLZ
pGdX7+N+kgf9No4uuLV4dsNVJ1pa
-----END CERTIFICATE-----

There's nothing wrong with this cert, actually. Checking it with OpenSSL shows
all OK:

openssl verify -purpose any -CAfile /tmp/cert2.pem /tmp/cert2.pem
/tmp/cert2.pem: OK

So this intermittent is a bug outside of our U2F and U2F test soft token code.

MozReview-Commit-ID: K142toVWtcv

--HG--
extra : rebase_source : 3c31a407e27cd5c6e7a1a4f1287f17f56f80daaa
2017-10-02 11:06:31 -07:00
J.C. Jones
a11562f2ea Bug 1403279 - Set U2F version field on RegisterResponse r=keeler
The U2F specification defines the RegisterResponse.Version field as being set to
"U2F_V2" [1] on successful registrations, which we appear to have overlooked.

This sets the field and adds a few checks to the register test.


[1] https://www.fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-javascript-api-v1.1-id-20160915.html#idl-def-RegisterResponse

MozReview-Commit-ID: 9YqhM0x9itd

--HG--
extra : rebase_source : 35cab0dffa5db70476461699a6b4706f910b208a
2017-09-28 16:04:10 -07:00
J.C. Jones
6293af8a7a Bug 1399334 - Add more debugging to see why certificates aren't valid. r=ttaubert
There's an intermittent that is showing up now that test_register_sign.html
checks state.attestationCert.verify(); to ensure hte SoftToken's certificate
is valid. This patch prints the offending certificate when it's encountered,
to help diagnose the root cause.

MozReview-Commit-ID: 4QSobq9fBGK
2017-09-18 21:43:40 -07:00
Tim Taubert
14bd1247ca Bug 1401019 - Cancel the current U2F API request before starting a new one r=jcj
I wasn't sure what the right behavior for the U2F API is when `.sign()`
or `.register()` is called but there's an ongoing request that wasn't fulfilled
yet.

I think it makes sense to deny the request (as we currently do) when a request
of the same type is currently active. When however sign() -> register() or
vice-versa is called then we should cancel the previous request and start
the new one. From what I understand from reading the spec we definitely should
call the callback before starting the new request.

Bug #: 1401019

Differential Revision: https://phabricator.services.mozilla.com/D70
2017-09-19 16:55:38 +02:00
J.C. Jones
2afc1ad18b Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
  which in turn handles constructing and managing the U2FTokenManager
  via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
  WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
  - Used async tasks, used the manifest parameters for scheme, and generally
    made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
  yet, causing breakage on Android. Rework the tests to go back to the old way
  of using iframes to test U2F.


NOTE TO REVIEWERS:
 Since this is huge, I recommend the following:

 keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
          of the U2F logic is still in U2F.cpp like before, but there's been
          some reworking of how it is called.

 ttaubert - please review U2FManager, the Transaction classes, build changes,
            and the changes to nsGlobalWindow. All of these should be very
            similar to the WebAuthn code it's patterned off.


MozReview-Commit-ID: C1ZN2ch66Rm

--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 12:56:59 -07:00
Phil Ringnalda
2dba33e427 Backed out 3 changesets (bug 1245527) for ASan browser-chrome leaks and Android mochitest bustage
Backed out changeset 8ee1f7aebd62 (bug 1245527)
Backed out changeset e6a5de8d1246 (bug 1245527)
Backed out changeset be63e73426b4 (bug 1245527)

MozReview-Commit-ID: AU22LgPh9iB
2017-09-09 00:09:21 -07:00
J.C. Jones
50501cbead Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
  which in turn handles constructing and managing the U2FTokenManager
  via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
  WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
  - Used async tasks, used the manifest parameters for prefs and scheme,
    and generally made these cleaner.

NOTE TO REVIEWERS:
 Since this is huge, I recommend the following:

 keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
          of the U2F logic is still in U2F.cpp like before, but there's been
          some reworking of how it is called.

 ttaubert - please review U2FManager, the Transaction classes, build changes,
            and the changes to nsGlobalWindow. All of these should be very
            similar to the WebAuthn code it's patterned off.


MozReview-Commit-ID: C1ZN2ch66Rm

--HG--
extra : transplant_source : %EA%98%D2%87C%FD%CC%A5%3D%B5%9B%1C%DA%A5J%CD%05%94%13%0D
2017-09-05 12:32:42 -07:00
Kartikaya Gupta
ba4b3b9101 Bug 1384233 - Remove SizePrintfMacros.h. r=froydnj
We have a minimum requirement of VS 2015 for Windows builds, which supports
the z length modifier for format specifiers. So we don't need SizePrintfMacros.h
any more, and can just use %zu and friends directly everywhere.

MozReview-Commit-ID: 6s78RvPFMzv

--HG--
extra : rebase_source : 009ea39eb4dac1c927aa03e4f97d8ab673de8a0e
2017-07-26 16:03:57 -04:00
Bill McCloskey
f115503a0b Bug 1372405 - Provide names for all runnables in the tree (r=froydnj)
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-26 14:19:58 -07:00
Carsten "Tomcat" Book
8a1350b5a6 Backed out changeset 4f6302a98ae4 (bug 1372405)
--HG--
extra : rebase_source : 41632f3158e88e692809731394a683d065a73dfb
2017-06-21 13:59:26 +02:00
Bill McCloskey
6b3e84ed5f Bug 1372405 - Provide names for all runnables in the tree (r=froydnj)
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-20 21:44:11 -07:00
Carsten "Tomcat" Book
ea1b86680c Backed out changeset 9846de3bd954 (bug 1372405)
--HG--
extra : rebase_source : 5d4a48e8ec394c329994689d938d2a6e9b2752b0
2017-06-20 08:27:02 +02:00
Bill McCloskey
4592152411 Bug 1372405 - Provide names for all runnables in the tree (r=froydnj)
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-19 22:25:47 -07:00
Bevis Tseng
d1637b9c5a Bug 1372453 - Part 2: Name the caller of ProxyReleaseEvent. r=billm
MozReview-Commit-ID: LYhSWnZkq0i
2017-06-14 09:27:17 +08:00
Bill McCloskey
0767e31489 Bug 1372736 - Avoid using AbstractThread for non-media MozPromises (r=bkelly)
MozReview-Commit-ID: BBi0pK4DXxf
2017-06-15 20:16:25 -07:00
Bill McCloskey
c85ab6308c Bug 1366072 - Change promises to take nsISerialEventTarget instead of AbstractThread (r=jwwang)
MozReview-Commit-ID: 4azUhSB6whu
2017-06-13 14:51:01 -07:00
J.C. Jones
2c4669cdf7 Bug 1334388 - Disable intermittent dom/u2f/tests/test_multiple_keys.html. r=keeler
This change disables the test dom/u2f/tests/test_multiple_keys.html, as it
is being prompted by some mis-use of the IPC system. All IPC for this component,
U2F, is being reworked currently in Bug 1323339, so fixing this really falls to
that bug. Bug 1347374 is filed to re-enable this test after the IPC rework.

MozReview-Commit-ID: BQCk7Muz53c
2017-03-14 18:41:51 -07:00
J.C. Jones
487c9854bd Bug 1334388 - Rework u2f/test/test_multiple_keys to fix intermittent r=keeler
This is a cheezy fix to u2f/tests/frame_multiple_keys.html to try and fix
the ongoing intermittents. It's cheesy because it changes this from a
HTTPS-scheme test to HTTP, which is kind of a negative change, and shouldn't
do anything to help. It does, however, make this test look identical to the
other u2f tests which _don't_ have this intermittent issue. If this commit
fixes the problem then I'll know more about this strange failure case.

MozReview-Commit-ID: JXXFshJ6AGq

--HG--
extra : rebase_source : 83b09430d36904bba49037060f615f1b7a2d9078
2017-03-13 10:00:59 -07:00
J.C. Jones
a51561a1c4 Bug 1260318 - Scope U2F Soft Tokens to a single AppID r=qdot,rbarnes
This change includes the FIDO "App ID" as part of the function used to generate
the wrapping key used in the NSS-based U2F soft token, cryptographically binding
the "Key Handle" to the site that Key Handle is intended for.

This is a breaking change with existing registered U2F keys, but since our soft
token is hidden behind a pref, it does not attempt to be backward-compatible.

- Updated for rbarnes' and qdot's reviews comments. Thanks!
- Made more strict in size restrictions, and added a version field
  to help us be this strict.
- Bugfix for an early unprotected buffer use (Thanks again rbarnes!)
- Fix a sneaky memory leak re: CryptoBuffer.ToSECItem

MozReview-Commit-ID: Jf6gNPauT4Y

--HG--
extra : rebase_source : 4ff5898e93e4a0a75576e5e54035a1cb6dd952d7
2017-02-01 15:21:04 -07:00
Iris Hsiao
940ee4003b Backed out changeset 713c0a78c2c1 (bug 1260318) for leak issue 2017-03-08 14:01:56 +08:00
J.C. Jones
8effd5c124 Bug 1260318 - Scope U2F Soft Tokens to a single AppID r=qdot,rbarnes
This change includes the FIDO "App ID" as part of the function used to generate
the wrapping key used in the NSS-based U2F soft token, cryptographically binding
the "Key Handle" to the site that Key Handle is intended for.

This is a breaking change with existing registered U2F keys, but since our soft
token is hidden behind a pref, it does not attempt to be backward-compatible.

- Updated for rbarnes' and qdot's reviews comments. Thanks!
- Made more strict in size restrictions, and added a version field
  to help us be this strict.
- Bugfix for an early unprotected buffer use (Thanks again rbarnes!)

MozReview-Commit-ID: Jf6gNPauT4Y

--HG--
extra : rebase_source : 52d10287d10698292e1480e04f580f6f8b4847cb
2017-02-01 15:21:04 -07:00
Daniel Holbert
417e3ff20b Bug 1344830: Convert to range-based 'for' loops in U2F.cpp. r=jcj
MozReview-Commit-ID: 2PRQw4Pxquq

--HG--
extra : rebase_source : 72818e2d14a90caea154f50a8ecd44ad25e2df93
2017-03-06 11:16:54 -08:00
Daniel Holbert
17a88fd2c2 Bug 1344816: Remove unused 'this' variable lambda-captures from U2F.cpp. r=jcj
MozReview-Commit-ID: 8GL2Mb7n3GU

--HG--
extra : rebase_source : 2ceb937215f8fe713eec989ce8d093a075cb3414
2017-03-06 11:05:46 -08:00