mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-22 17:55:50 +00:00
1746417e71
Per the thread "Intent-to-Ship: Backward-Compatibility FIDO U2F support for Google Accounts" on dev-platform [0], this bug is to: 1. Enable the security.webauth.u2f by default, to ride the trains 2. Remove the aOp == U2FOperation::Sign check from EvaluateAppID in WebAuthnUtil.cpp, permitting the Google override to work for Register as well as Sign. This would enable Firefox users to use FIDO U2F API on most all sites, subject to the algorithm limitations discussed in the section "Thorny issues in enabling our FIDO U2F API implementation" of that post. [0] https://groups.google.com/d/msg/mozilla.dev.platform/q5cj38hGTEA/lC834665BQAJ Differential Revision: https://phabricator.services.mozilla.com/D25241 --HG-- extra : moz-landing-system : lando
91 lines
3.6 KiB
C++
91 lines
3.6 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef mozilla_dom_WebAuthnUtil_h
|
|
#define mozilla_dom_WebAuthnUtil_h
|
|
|
|
/*
|
|
* Utility functions used by both WebAuthnManager and U2FTokenManager.
|
|
*/
|
|
|
|
#include "mozilla/dom/CryptoBuffer.h"
|
|
#include "mozilla/dom/WebAuthenticationBinding.h"
|
|
|
|
namespace mozilla {
|
|
namespace dom {
|
|
|
|
enum class U2FOperation { Register, Sign };
|
|
|
|
bool EvaluateAppID(nsPIDOMWindowInner* aParent, const nsString& aOrigin,
|
|
/* in/out */ nsString& aAppId);
|
|
|
|
nsresult AssembleAuthenticatorData(const CryptoBuffer& rpIdHashBuf,
|
|
const uint8_t flags,
|
|
const CryptoBuffer& counterBuf,
|
|
const CryptoBuffer& attestationDataBuf,
|
|
/* out */ CryptoBuffer& authDataBuf);
|
|
|
|
nsresult AssembleAttestationObject(const CryptoBuffer& aRpIdHash,
|
|
const CryptoBuffer& aPubKeyBuf,
|
|
const CryptoBuffer& aKeyHandleBuf,
|
|
const CryptoBuffer& aAttestationCertBuf,
|
|
const CryptoBuffer& aSignatureBuf,
|
|
bool aForceNoneAttestation,
|
|
/* out */ CryptoBuffer& aAttestationObjBuf);
|
|
|
|
nsresult U2FDecomposeSignResponse(const CryptoBuffer& aResponse,
|
|
/* out */ uint8_t& aFlags,
|
|
/* out */ CryptoBuffer& aCounterBuf,
|
|
/* out */ CryptoBuffer& aSignatureBuf);
|
|
|
|
nsresult U2FDecomposeRegistrationResponse(
|
|
const CryptoBuffer& aResponse,
|
|
/* out */ CryptoBuffer& aPubKeyBuf,
|
|
/* out */ CryptoBuffer& aKeyHandleBuf,
|
|
/* out */ CryptoBuffer& aAttestationCertBuf,
|
|
/* out */ CryptoBuffer& aSignatureBuf);
|
|
|
|
nsresult U2FDecomposeECKey(const CryptoBuffer& aPubKeyBuf,
|
|
/* out */ CryptoBuffer& aXcoord,
|
|
/* out */ CryptoBuffer& aYcoord);
|
|
|
|
nsresult HashCString(const nsACString& aIn, /* out */ CryptoBuffer& aOut);
|
|
|
|
nsresult BuildTransactionHashes(const nsCString& aRpId,
|
|
const nsCString& aClientDataJSON,
|
|
/* out */ CryptoBuffer& aRpIdHash,
|
|
/* out */ CryptoBuffer& aClientDataHash);
|
|
|
|
} // namespace dom
|
|
} // namespace mozilla
|
|
|
|
namespace IPC {
|
|
|
|
template <>
|
|
struct ParamTraits<mozilla::dom::AuthenticatorAttachment>
|
|
: public ContiguousEnumSerializer<
|
|
mozilla::dom::AuthenticatorAttachment,
|
|
mozilla::dom::AuthenticatorAttachment::Platform,
|
|
mozilla::dom::AuthenticatorAttachment::EndGuard_> {};
|
|
|
|
template <>
|
|
struct ParamTraits<mozilla::dom::UserVerificationRequirement>
|
|
: public ContiguousEnumSerializer<
|
|
mozilla::dom::UserVerificationRequirement,
|
|
mozilla::dom::UserVerificationRequirement::Required,
|
|
mozilla::dom::UserVerificationRequirement::EndGuard_> {};
|
|
|
|
template <>
|
|
struct ParamTraits<mozilla::dom::AttestationConveyancePreference>
|
|
: public ContiguousEnumSerializer<
|
|
mozilla::dom::AttestationConveyancePreference,
|
|
mozilla::dom::AttestationConveyancePreference::None,
|
|
mozilla::dom::AttestationConveyancePreference::EndGuard_> {};
|
|
|
|
} // namespace IPC
|
|
|
|
#endif // mozilla_dom_WebAuthnUtil_h
|