author J.C. Jones <jjones@mozilla.com>
Wed, 09 Aug 2017 20:05:23 -0700
changeset 374432 d95683eef9ba92f79901d099631fcd2b733d4c15
parent 369795 4a7dd87506167cf613c905f0249cceb70c7a6b7c
child 375594 2619edc827ada43379ff483c26271284cfdd199a
permissions -rw-r--r--
Bug 1387820 - WebAuthn WD-05 Get Assertion Data Fix r=keeler The WebAuthn WD-05 specification's Get Assertion method defines the returned AuthenticatorAssertionResponse as providing ClientData, AuthenticatorData, and the Signature from the Authenticator. Our implementation is incorrectly setting AuthenticatorData and Signature: AuthenticatorData as a structure is intended to mirror the structure from the AuthenticatorData [1] section of the Attestation CBOR Object [2] in the MakeCredential method, which we weren't doing _at all_. This is clarified in the editor's draft of the specification, soon to be WD-06. Signature for U2F Authenticators is defined as the "attestation signature", [3] which is under-specified and we assumed would be the raw output from the U2F Authenticator [4]. This should instead be the raw ANSI X9.62 signature with no additional bytes. [5] [1] https://www.w3.org/TR/2017/WD-webauthn-20170505/#sec-authenticator-data [2] https://www.w3.org/TR/2017/WD-webauthn-20170505/#sec-attestation-data [3] https://www.w3.org/TR/2017/WD-webauthn-20170505/#fido-u2f-attestation [4] https://lists.w3.org/Archives/Public/public-webauthn/2017Aug/0078.html [5] https://bugzilla.mozilla.org/show_bug.cgi?id=1387820#c4 MozReview-Commit-ID: DTIOILfS4pK

# .hgignore - List of filenames hg should ignore

# Filenames that should be ignored wherever they appear

# Vim swap files.

# Emacs directory variable files.

# User files that may appear at the root

# Empty marker file that's generated when we check out NSS

# Build directories

# gecko.log is generated by various test harnesses

# Build directories for js shell

# SpiderMonkey configury
# SpiderMonkey test result logs
# SpiderMonkey clone of the webassembly spec repository

# Java HTML5 parser classes

# SVN directories

# Ignore the files and directory that Eclipse IDE creates

# Ignore the files and directory that JetBrains IDEs create.
# Android Monitor in Android Studio creates a captures/ directory.

# Gradle cache.

# Local Gradle configuration properties.

# Python stuff installed at build time.

# Git repositories

# Ignore chrome.manifest files from the devtools loader

# Ignore node_modules directories in devtools

# git checkout of libstagefright

# Tag files generated by GNU Global

# Git clone directory for updating web-platform-tests

# Third party metadata for web-platform-tests

# Android Gradle artifacts.

# XCode project cruft

# Ignore mozharness execution files

# Ignore tox generated dir

# Ignore ESLint node_modules

# Ignore talos virtualenv and tp5n files.
# The tp5n set is supposed to be decompressed at
# testing/talos/talos/tests/tp5n in order to run tests like tps
# locally. Similarly, running talos requires a Python package virtual
# environment. Both the virtual environment and tp5n files end up littering
# the status command, so we ignore them.

# Ignore files created when running a reftest.

# tup database

# Ignore Visual Studio Code workspace files.


# Ignore Infer output