mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-27 20:25:44 +00:00
e6dd50ba10
This patch implements the W3C Web Authentication API from https://www.w3.org/TR/webauthn/, currently the 28 September 2016 working draft. It utilizes a tentative binding of the U2F NSS Soft Token to provide authentication services while waiting on Bug 1245527 to support USB HID-based U2F tokens. This binding is not in the specification yet, so it should be considered an experiment to help the specification move fowrard. There are also a handful of deviations from the specification's WebIDL, which are annotated with comments in WebAuthentication.webidl. There are no tests in this commit; they are in Part 4 of this commit series. There is a small script online at https://webauthn.bin.coffee/ to exercise this code, but it doesn't do any automated checks. There are also a handful of TODOS: 1) The algorithm to relax the same-origin restriction is in Part 3. 2) The use of AlgorithmIdentifier and having a way to coerce an object to a string is still missing. 3) Timeouts and deadlines aren't there, and are pending reworking how the nsIU2FToken interface works. UPDATED: - Address qdot, keeler review comments (thanks!) - Address more qdot, keeler review comments (thanks!) MozReview-Commit-ID: JITapI38iOh --HG-- extra : rebase_source : 9a09e852dd0c8dc47f42dabbcf8b845a6828b225
97 lines
2.8 KiB
Plaintext
97 lines
2.8 KiB
Plaintext
/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*
|
|
* The origin of this IDL file is a combination of the FIDO U2F Raw Message Formats:
|
|
* https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-raw-message-formats.html
|
|
* and the U2F JavaScript API v1.1, not yet published. While v1.1 is not published,
|
|
* v1.0, is located here:
|
|
* https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-javascript-api.html
|
|
*/
|
|
|
|
[NoInterfaceObject]
|
|
interface GlobalU2F {
|
|
[Throws, Pref="security.webauth.u2f"]
|
|
readonly attribute U2F u2f;
|
|
};
|
|
|
|
typedef unsigned short ErrorCode;
|
|
typedef sequence<Transport> Transports;
|
|
|
|
enum Transport {
|
|
"bt",
|
|
"ble",
|
|
"nfc",
|
|
"usb"
|
|
};
|
|
|
|
dictionary U2FClientData {
|
|
DOMString typ; // Spelling is from the specification
|
|
DOMString challenge;
|
|
DOMString origin;
|
|
// cid_pubkey for Token Binding is not implemented
|
|
};
|
|
|
|
dictionary RegisterRequest {
|
|
DOMString version;
|
|
DOMString challenge;
|
|
};
|
|
|
|
dictionary RegisterResponse {
|
|
DOMString version;
|
|
DOMString registrationData;
|
|
DOMString clientData;
|
|
|
|
// From Error
|
|
ErrorCode? errorCode;
|
|
DOMString? errorMessage;
|
|
};
|
|
|
|
dictionary RegisteredKey {
|
|
DOMString version;
|
|
DOMString keyHandle;
|
|
Transports? transports;
|
|
DOMString? appId;
|
|
};
|
|
|
|
dictionary SignResponse {
|
|
DOMString keyHandle;
|
|
DOMString signatureData;
|
|
DOMString clientData;
|
|
|
|
// From Error
|
|
ErrorCode? errorCode;
|
|
DOMString? errorMessage;
|
|
};
|
|
|
|
callback U2FRegisterCallback = void(RegisterResponse response);
|
|
callback U2FSignCallback = void(SignResponse response);
|
|
|
|
[Pref="security.webauth.u2f"]
|
|
interface U2F {
|
|
// These enumerations are defined in the FIDO U2F Javascript API under the
|
|
// interface "ErrorCode" as constant integers, and also in the U2F.cpp file.
|
|
// Any changes to these must occur in both locations.
|
|
const unsigned short OK = 0;
|
|
const unsigned short OTHER_ERROR = 1;
|
|
const unsigned short BAD_REQUEST = 2;
|
|
const unsigned short CONFIGURATION_UNSUPPORTED = 3;
|
|
const unsigned short DEVICE_INELIGIBLE = 4;
|
|
const unsigned short TIMEOUT = 5;
|
|
|
|
[Throws]
|
|
void register (DOMString appId,
|
|
sequence<RegisterRequest> registerRequests,
|
|
sequence<RegisteredKey> registeredKeys,
|
|
U2FRegisterCallback callback,
|
|
optional long? opt_timeoutSeconds);
|
|
|
|
[Throws]
|
|
void sign (DOMString appId,
|
|
DOMString challenge,
|
|
sequence<RegisteredKey> registeredKeys,
|
|
U2FSignCallback callback,
|
|
optional long? opt_timeoutSeconds);
|
|
};
|