searching for reviewer(ttaubert)
3c95faed62ee89a0597ef181f8df9f9b50e98b3f: Bug 1463170 - Set AuthenticatorAssertionResponse.userHandle to null r=ttaubert r=smaug
J.C. Jones <jjones@mozilla.com> - Mon, 21 May 2018 09:04:50 -0700 - rev 419680
Push
103579 by jjones@mozilla.com at Thu, 24 May 2018 14:04:45 +0000
Bug 1463170 - Set AuthenticatorAssertionResponse.userHandle to null r=ttaubert r=smaug
Summary:
The WebAuthn spec says to set `AuthenticatorAssertionResponse.userHandle` to
null when the authenticator returns no user handle (e.g., when allowList is set),
but we return an empty ArrayBuffer. This is because of the defaults in
AuthenticatorAssertionResponse.h, as the field is itself unset.
We missed this change to the spec that happened in December [2], so this also
has a corresponding WebIDL update. I don't see any other instances of WebIDL
differences.
[1] https://w3c.github.io/webauthn/#ref-for-dom-authenticatorassertionresponse-userhandle%E2%91%A0
[2] https://github.com/w3c/webauthn/commit/3b2a1d141cbd8f2954f073a6b6598d954398a986
Test Plan: https://treeherder.mozilla.org/#/jobs?repo=try&revision=59a2ab255ef14e935c1aa9f457276f8e61e5d779
Reviewers: smaug, ttaubert
Bug #: 1463170
Differential Revision:
https://phabricator.services.mozilla.com/D1337
5166f4f5af706b3c37982ac1e94498d979b8198d: Bug 1460767 - Return device ineligible when appropriate for U2F r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 10 May 2018 16:36:18 -0700 - rev 418129
Push
103233 by jjones@mozilla.com at Mon, 14 May 2018 15:00:52 +0000
Bug 1460767 - Return device ineligible when appropriate for U2F r=ttaubert
Summary:
FIDO U2F's specification says that when the wrong security key responds to a
signature, or when an already-registered key exists, that the UA should return
error code 4, DEVICE_INELIGIBLE. We used to do that, but adjusted some things
for WebAuthn and now we don't. This changes the soft token to return that at
the appropriate times, and updates the expectations of U2F.cpp that it should
use InvalidStateError as the signal to reutrn DEVICE_INELIGIBLE.
Also, note that WebAuthn's specification says that if any authenticator returns
"InvalidStateError" that it should be propagated, as it indicates that the
authenticator obtained user consent and failed to complete its job [1].
This change to the Soft Token affects the WebAuthn tests, but in a good way.
Reading the WebAuthn spec, we should not be returning NotAllowedError when there
is consent from the user via the token (which the softtoken always deliveres).
As such, this adjusts the affected WebAuthn tests, and adds a couple useful
checks to test_webauthn_get_assertion.html for future purposes.
[1] https://w3c.github.io/webauthn/#createCredential section 5.1.3 "Create a new
credential", Step 20, Note 2: "If any authenticator returns an error status
equivalent to "InvalidStateError"..."
Test Plan: https://treeherder.mozilla.org/#/jobs?repo=try&revision=f2fc930f7fc8eea69b1ebc96748fe95e150a92a4
Reviewers: ttaubert
Bug #: 1460767
Differential Revision:
https://phabricator.services.mozilla.com/D1269
141a3103a248206af8178cdac0e5c90cb4f7efec: Bug 1443248 - Update u2fhid to core-foundation-sys 0.5. r=ttaubert
Matt Brubeck <mbrubeck@mozilla.com> - Mon, 05 Mar 2018 11:13:13 -0800 - rev 406855
Push
100529 by btara@mozilla.com at Wed, 07 Mar 2018 10:07:10 +0000
Bug 1443248 - Update u2fhid to core-foundation-sys 0.5. r=ttaubert
MozReview-Commit-ID: 4xTSQpvHHAV
62646c1718b29026bb0fc8dddc2bcbe894a025f7: Bug 1436078 - Hard-code U2F permissions for Google Accounts r=ttaubert
J.C. Jones <jjones@mozilla.com> - Tue, 06 Feb 2018 16:59:00 -0700 - rev 402870
Push
99674 by shindli@mozilla.com at Thu, 08 Feb 2018 10:14:33 +0000
Bug 1436078 - Hard-code U2F permissions for Google Accounts r=ttaubert
This patch support already-enrolled U2F devices at Google Accounts by adding a
hard-coded "OK" into the U2F EvaluateAppID method, per the intent-to-ship [1].
This adds no tests, as this is not testable in our infrastructure. It will
require cooporation with Google Accounts to validate.
[1] https://groups.google.com/d/msg/mozilla.dev.platform/Uiu3fwnA2xw/201ynAiPAQAJ
MozReview-Commit-ID: 1YLd5sfeTKv
89ac5a28c228649e436cd8dbcec0d395c231e4e1: Bug 1436078 - Hard-code U2F permissions for Google Accounts r=ttaubert
J.C. Jones <jjones@mozilla.com> - Tue, 06 Feb 2018 16:59:00 -0700 - rev 402806
Push
99659 by aciure@mozilla.com at Wed, 07 Feb 2018 22:33:57 +0000
Bug 1436078 - Hard-code U2F permissions for Google Accounts r=ttaubert
This patch support already-enrolled U2F devices at Google Accounts by adding a
hard-coded "OK" into the U2F EvaluateAppID method, per the intent-to-ship [1].
This adds no tests, as this is not testable in our infrastructure. It will
require cooporation with Google Accounts to validate.
[1] https://groups.google.com/d/msg/mozilla.dev.platform/Uiu3fwnA2xw/201ynAiPAQAJ
MozReview-Commit-ID: 1YLd5sfeTKv
e21956fd51a330cad2301e49bb458e2ca94c5368: bug 1421084 - part 4/4 - remove nsNSSShutDown.h and (hopefully) all references to it r=mt,ttaubert
David Keeler <dkeeler@mozilla.com> - Wed, 24 Jan 2018 14:44:01 -0800 - rev 402144
Push
99498 by rgurzau@mozilla.com at Thu, 01 Feb 2018 21:59:17 +0000
bug 1421084 - part 4/4 - remove nsNSSShutDown.h and (hopefully) all references to it r=mt,ttaubert
MozReview-Commit-ID: 2mhvHsC5Nil
0d42218045d9de6b746b09669dedb0e30e8005c3: bug 1421084 - part 3/4 - remove nsNSSShutDownObject::shutdown and virtualDestroyNSSReference r=mt,ttaubert
David Keeler <dkeeler@mozilla.com> - Wed, 24 Jan 2018 14:29:08 -0800 - rev 402143
Push
99498 by rgurzau@mozilla.com at Thu, 01 Feb 2018 21:59:17 +0000
bug 1421084 - part 3/4 - remove nsNSSShutDownObject::shutdown and virtualDestroyNSSReference r=mt,ttaubert
MozReview-Commit-ID: ErL7ZjAGVVC
ecb9941ee0344bd6952724e371589c3d0834e30d: bug 1421084 - part 2/4 - remove nsNSSShutDownObject::isAlreadyShutDown() r=mt,ttaubert
David Keeler <dkeeler@mozilla.com> - Tue, 23 Jan 2018 12:22:56 -0800 - rev 402142
Push
99498 by rgurzau@mozilla.com at Thu, 01 Feb 2018 21:59:17 +0000
bug 1421084 - part 2/4 - remove nsNSSShutDownObject::isAlreadyShutDown() r=mt,ttaubert
MozReview-Commit-ID: DlS16pHE0Ik
b2b6ca8d0f70173d7b18bca53fa4e7a57dba9a14: bug 1421084 - part 1/4 - remove now-unnecessary nsNSSShutDownPreventionLock r=mt,ttaubert
David Keeler <dkeeler@mozilla.com> - Tue, 23 Jan 2018 10:37:47 -0800 - rev 402141
Push
99498 by rgurzau@mozilla.com at Thu, 01 Feb 2018 21:59:17 +0000
bug 1421084 - part 1/4 - remove now-unnecessary nsNSSShutDownPreventionLock r=mt,ttaubert
As of
bug 1417680, the NSS shutdown tracking infrastructure is unnecessary (and
does nothing anyway). This series of changesets removes the remaining pieces in
a way that is hopefully easy to confirm is correct.
MozReview-Commit-ID: 8Y5wpsyNlGc
c2e41df3f41f38fe9a38282610f7c1daf519f87c: Bug 1428916 - WebAuthn: Draft Attestation Preference r=smaug,ttaubert
J.C. Jones <jjones@mozilla.com> - Tue, 23 Jan 2018 12:21:15 -0700 - rev 400562
Push
99180 by archaeopteryx@coole-files.de at Wed, 24 Jan 2018 12:24:59 +0000
Bug 1428916 - WebAuthn: Draft Attestation Preference r=smaug,ttaubert
The WebAuthn spec lets RPs ask to specifically get direct attestation certificates
during credential creation using the "Attestation Conveyance Preference" [1].
This change adds that field into the WebIDL and ignores it for now. This is
pre-work to Bug #1430150 which will make this useful (which in turn requires
Bug #1416056's support for anonymizing those attestation certificates).
[1] https://www.w3.org/TR/webauthn/#attestation-convey
MozReview-Commit-ID: 763vaAMv48z
d67a47719c805b8db375d6708f08a7b0f8335976: Bug 1407789 - Prohibit cross-site iframes for Credential Management r=baku,keeler,ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 12 Oct 2017 18:18:39 -0700 - rev 398330
Push
98725 by ebalazs@mozilla.com at Tue, 09 Jan 2018 10:16:39 +0000
Bug 1407789 - Prohibit cross-site iframes for Credential Management r=baku,keeler,ttaubert
Credential Management defines a parameter `sameOriginWithAncestors` which is
set true if the responsible document is not either in a top-level browsing
context, or is in a nested context whose heirarchy is all loaded from the
same origin as the top-level context [1][2]. The individual credential types
of CredMan can use this flag to make decisions on whether to error or not.
Our Credential Management implementation right now is a shim to Web
Authentication, which says that if `sameOriginWithAncestors` is false, return
`"NotAllowedError"`.
This ensures that
https://webauthn.bin.coffee/iframe.html
works, but the cross-origin
https://u2f.bin.coffee/iframe-webauthn.html
does not.
[1] https://w3c.github.io/webappsec-credential-management/#algorithm-request
[2] https://w3c.github.io/webappsec-credential-management/#algorithm-create
[3] https://w3c.github.io/webauthn/#createCredential
[4] https://w3c.github.io/webauthn/#getAssertion
MozReview-Commit-ID: KIyakgl0kGv
4c3feee4dfd2d0efac06bf03c872cffd6f89ddc9: Bug 1247124 - Limit FIDO U2F to Secure Contexts r=ttaubert,smaug
J.C. Jones <jjones@mozilla.com> - Wed, 13 Dec 2017 17:02:38 -0600 - rev 396469
Push
98316 by ttaubert@mozilla.com at Fri, 15 Dec 2017 15:53:12 +0000
Bug 1247124 - Limit FIDO U2F to Secure Contexts r=ttaubert,smaug
Use the [SecureContext] webidl notation to hide the powerful "window.u2f"
feature and its interface when not loaded in a secure context.
MozReview-Commit-ID: 7en8b5ieI85
3c57b31afc7f822e20ad29f8bdc2de72d9d9112b: Bug 1423236 - Rerun mach vendor rust. r=ttaubert
Kartikaya Gupta <kgupta@mozilla.com> - Wed, 06 Dec 2017 15:43:11 -0500 - rev 395576
Push
98151 by cbrindusan@mozilla.com at Fri, 08 Dec 2017 10:13:49 +0000
Bug 1423236 - Rerun mach vendor rust. r=ttaubert
This contains the generated changes from running `mach vendor rust` on the
previous commit, and eliminates the redundant copy of libudev-sys we have
sitting in third_party/rust/
MozReview-Commit-ID: IXTI14beFMi
82c4bf2512de78ee9e536571524f12c2bbbc11d5: Bug 1423236 - Use patch instead of replace to eliminate redundant vendored copy of libudev-sys. r=ttaubert
Kartikaya Gupta <kgupta@mozilla.com> - Wed, 06 Dec 2017 15:42:25 -0500 - rev 395575
Push
98151 by cbrindusan@mozilla.com at Fri, 08 Dec 2017 10:13:49 +0000
Bug 1423236 - Use patch instead of replace to eliminate redundant vendored copy of libudev-sys. r=ttaubert
MozReview-Commit-ID: 529N231rvgY
45e4387bc585d3187d5fd945c2115e75195b0bfa: Bug 1420060 - FIPS can no longer be toggled in Firefox with the builtin NSS, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Fri, 24 Nov 2017 09:01:49 +0100 - rev 393562
Push
97674 by franziskuskiefer@gmail.com at Fri, 24 Nov 2017 11:22:17 +0000
Bug 1420060 - FIPS can no longer be toggled in Firefox with the builtin NSS, r=ttaubert
MozReview-Commit-ID: 5lgEBiFozSG
Differential Revision:
https://phabricator.services.mozilla.com/D282
1114ed8bfacdd43d55da3af0bf1f2b6668bf8894: Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert
Gabriele Svelto <gsvelto@mozilla.com> - Tue, 10 Oct 2017 15:25:39 +0200 - rev 393414
Push
97659 by gsvelto@mozilla.com at Thu, 23 Nov 2017 21:46:45 +0000
Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert
MozReview-Commit-ID: CfPBvffjEhq
cfcbb8333389ccf2ff91176f1aecf50199be018b: Bug 1403840 - add cose rust lib with a test, r=keeler,ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 22 Nov 2017 16:37:15 +0100 - rev 393265
Push
97626 by franziskuskiefer@gmail.com at Thu, 23 Nov 2017 06:37:51 +0000
Bug 1403840 - add cose rust lib with a test, r=keeler,ttaubert
Summary:
This adds the COSE rust library from https://github.com/franziskuskiefer/cose-rust with its C API from https://github.com/franziskuskiefer/cose-c-api to gecko with a basic test.
The COSE library will be used for verifying add-on signatures in future.
Reviewers: keeler, ttaubert
Reviewed By: keeler
Bug #: 1403840
Differential Revision:
https://phabricator.services.mozilla.com/D232
e1964f4389cd6897dafe96be88074b909f555b60: Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert
Gabriele Svelto <gsvelto@mozilla.com> - Tue, 10 Oct 2017 15:25:39 +0200 - rev 393169
Push
97608 by gsvelto@mozilla.com at Wed, 22 Nov 2017 21:15:43 +0000
Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert
MozReview-Commit-ID: CfPBvffjEhq
ec39af7d2914d83bdb491d0f1536fe710eb9cc72: Bug 1418752 - Firefox instahang on start after landing patch from bug #1392841. r=ttaubert
Michal Novotny <michal.novotny@gmail.com> - Wed, 22 Nov 2017 12:46:08 -0500 - rev 393145
Push
97597 by ryanvm@gmail.com at Wed, 22 Nov 2017 17:49:00 +0000
Bug 1418752 - Firefox instahang on start after landing patch from bug #1392841. r=ttaubert
EnsureNSSInitializedChromeOrContent() sends sync event to main thread from non-main thread even if it's already initialized. This can make fix at https://searchfox.org/mozilla-central/rev/919dce54f43356c22d6ff6b81c07ef412b1bf933/netwerk/protocol/http/nsHttpHandler.cpp#2105 inefficient and can lead to a deadlock.
40444386933a58ff76502f11863784a87ea0996a: Bug 1401594 - land NSS NSS_3_34_BETA5 UPGRADE_NSS_RELEASE, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Thu, 09 Nov 2017 15:17:40 +0100 - rev 390955
Push
97147 by franziskuskiefer@gmail.com at Thu, 09 Nov 2017 14:30:26 +0000
Bug 1401594 - land NSS NSS_3_34_BETA5 UPGRADE_NSS_RELEASE, r=ttaubert
MozReview-Commit-ID: HdFnjDGJDcJ
af86f905265d01c9b908f3095a985dbf220f00e6: Bug 1415795 - revert name change of NSS API, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Thu, 09 Nov 2017 13:02:07 +0100 - rev 390954
Push
97147 by franziskuskiefer@gmail.com at Thu, 09 Nov 2017 14:30:26 +0000
Bug 1415795 - revert name change of NSS API, r=ttaubert
MozReview-Commit-ID: Jj72zkfaRh
98b1272e170c8b84fba7d39eaf1c909a4e5f2e34: Bug 1409259 - Add browser console test for the distrust console message r=keeler,ttaubert
J.C. Jones <jjones@mozilla.com> - Wed, 01 Nov 2017 20:59:33 -0700 - rev 390095
Push
96988 by archaeopteryx@coole-files.de at Sat, 04 Nov 2017 10:03:29 +0000
Bug 1409259 - Add browser console test for the distrust console message r=keeler,ttaubert
There are xpcshell tests to verify that the appropriate distrust flag is set
upon reaching an affected end entity certificate; this test checks that the
distrust flag prints a warning to console.
MozReview-Commit-ID: OMG246WOOT
595e27212723846a3f0763d20e2919e96f257e3f: Bug 1409259 - Add a console warning for soon-to-be-distrusted roots r=keeler,ttaubert
J.C. Jones <jjones@mozilla.com> - Wed, 18 Oct 2017 22:29:42 -0700 - rev 390093
Push
96988 by archaeopteryx@coole-files.de at Sat, 04 Nov 2017 10:03:29 +0000
Bug 1409259 - Add a console warning for soon-to-be-distrusted roots r=keeler,ttaubert
This patch adds a new diagnostic status flag to nsIWebProgressListener,
STATE_CERT_DISTRUST_IMMINENT, which indicates that the certificate chain is
going to change validity due to an upcoming distrust event. The first of
these events is this bug, affecting various roots from Symantec.
The STATE_CERT_DISTRUST_IMMINENT flag is set by nsNSSCallbacks and passed,
via nsSecureBrowserUIImpl, to browser.js where it is used to alert the console.
Adding this sort of diagnostic printing to be accessible to browser.js is a
long-desired goal, as future functionality can start doing more decision-making
there. We may, for example, also want to degrade the lock icon, which will be
straightforward with this flag.
This commit does not implement the IsCertificateDistrustImminent method. That is
follow-on work.
MozReview-Commit-ID: 75IOdc24XIV
35f1751b91a9fff2c6f4649ce90aec5d1eb72976: Bug 1381190 - Change to COSE Algorithm identifiers for WebAuthn r=qdot,ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 12 Oct 2017 15:21:06 -0700 - rev 386811
Push
96311 by archaeopteryx@coole-files.de at Wed, 18 Oct 2017 09:52:02 +0000
Bug 1381190 - Change to COSE Algorithm identifiers for WebAuthn r=qdot,ttaubert
The WD-06 (and later) WebAuthn specs choose to move to integer algorithm
identifiers for the signatures [1], with a handful of algorithms identified [2].
U2F devices only support ES256 (e.g., COSE ID "-7"), so that's all that is
implemented here.
Note that the spec also now requires that we accept empty lists of parameters,
and in that case, the RP says they aren't picky, so this changes what happens
when the parameter list is empty (but still aborts when the list is non-empty
but doesn't have anything we can use) [3].
There's a follow-on to move parameter-validation logic into the U2FTokenManager
in
Bug 1409220.
[1] https://w3c.github.io/webauthn/#dictdef-publickeycredentialparameters
[2] https://w3c.github.io/webauthn/#alg-identifier
[3] https://w3c.github.io/webauthn/#createCredential bullet #12
MozReview-Commit-ID: KgL7mQ9u1uq
c09ea1671fc337f30941d52e64588f76af7096ef: Bug 1381190 - Remove WebAuthnRequest dead code r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 12 Oct 2017 15:17:51 -0700 - rev 386810
Push
96311 by archaeopteryx@coole-files.de at Wed, 18 Oct 2017 09:52:02 +0000
Bug 1381190 - Remove WebAuthnRequest dead code r=ttaubert
The WebAuthnRequest.h file is no longer used, and it appears we forgot to
clean it up.
MozReview-Commit-ID: 8Cgh40YxGiY
d8c1c8894971b78c12f6ea4f6ce7d99fa200b227: Bug 1402267 - Add a scalar telemetry probe that tracks SessionFile worker restarts. data-r=liuche, r=chutten,liuche,ttaubert
Mike de Boer <mdeboer@mozilla.com> - Tue, 17 Oct 2017 12:04:37 +0200 - rev 386753
Push
96301 by archaeopteryx@coole-files.de at Tue, 17 Oct 2017 22:06:44 +0000
Bug 1402267 - Add a scalar telemetry probe that tracks SessionFile worker restarts. data-r=liuche, r=chutten,liuche,ttaubert
MozReview-Commit-ID: F3kCfz18kcQ
57bb241801c030d000b46e87028965791922b8f3: Bug 1402267 - Restart the SessionWorker each time there are failures reported as much as defined in the 'browser.sessionstore.max_write_failures' pref. r=ttaubert
Mike de Boer <mdeboer@mozilla.com> - Tue, 17 Oct 2017 11:59:33 +0200 - rev 386752
Push
96301 by archaeopteryx@coole-files.de at Tue, 17 Oct 2017 22:06:44 +0000
Bug 1402267 - Restart the SessionWorker each time there are failures reported as much as defined in the 'browser.sessionstore.max_write_failures' pref. r=ttaubert
MozReview-Commit-ID: 91vOcbmhFmj
8ebe3f571ab8e076da793b0003de8db5da6ecc08: Bug 1407829 - WebAuthn: Implement CredMan's Store method r=qdot,ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 12 Oct 2017 17:02:22 -0700 - rev 386568
Push
96257 by archaeopteryx@coole-files.de at Tue, 17 Oct 2017 09:49:16 +0000
Bug 1407829 - WebAuthn: Implement CredMan's Store method r=qdot,ttaubert
Credential Management defines a Store operation [1], which needs to be
implemented for WebAuthn's spec compliance. It only returns a NotSupportedError
for WebAuthn [2], so it's pretty simple.
[1] https://w3c.github.io/webappsec-credential-management/#dom-credentialscontainer-store
[2] https://w3c.github.io/webauthn/#storeCredential
MozReview-Commit-ID: KDEB8r5feQt
12c5e82b0240f8f0c7909b690ab99b94bd1022ad: Bug 1406456 - WebAuthn WebIDL Updates for WD-07 (part 3) r=qdot,ttaubert
J.C. Jones <jjones@mozilla.com> - Mon, 09 Oct 2017 16:48:01 -0700 - rev 385758
Push
96097 by archaeopteryx@coole-files.de at Thu, 12 Oct 2017 10:04:11 +0000
Bug 1406456 - WebAuthn WebIDL Updates for WD-07 (part 3) r=qdot,ttaubert
Reorder WebAuthentication.webidl to match the ordering of the IDL index in
the Web Authentication spec. No normative changes.
MozReview-Commit-ID: 7qPE60Qh7Ly
dd5ff0119c3f20f9b887c23774890e64d15a7f28: Bug 1406456 - WebAuthn WebIDL Updates for WD-07 (part 2) r=qdot,ttaubert
J.C. Jones <jjones@mozilla.com> - Mon, 09 Oct 2017 16:28:13 -0700 - rev 385757
Push
96097 by archaeopteryx@coole-files.de at Thu, 12 Oct 2017 10:04:11 +0000
Bug 1406456 - WebAuthn WebIDL Updates for WD-07 (part 2) r=qdot,ttaubert
This covers these renames:
* In CollectedClientData, hashAlg => hashAlgorithm
* In CollectedClientData, tokenBinding => tokenBindingId
* In MakePublicKeyCredentialOptions, parameters => pubKeyCredParams
* In MakePublicKeyCredentialOptions, excludeList => excludeCredentials
* In PublicKeyCredentialRequestOptions, allowList => allowCredentials
* Transport (WebAuthnTransport in Gecko) => AuthenticatorTransport
MozReview-Commit-ID: 3FdRnkosy83
bd51b47ccb9bf699fb28c4cab6d3ff0b6461d5df: Bug 1406469 - Handle the WebAuthn "User Verified" flag r=ttaubert
J.C. Jones <jjones@mozilla.com> - Mon, 09 Oct 2017 18:10:31 -0700 - rev 385740
Push
96097 by archaeopteryx@coole-files.de at Thu, 12 Oct 2017 10:04:11 +0000
Bug 1406469 - Handle the WebAuthn "User Verified" flag r=ttaubert
WebAuthn has added a flag UV to indicate the user was biometrically verified. We
have to make sure not to set that flag for U2F. Turns out we already do that,
but let's add the constant and such.
Ref: https://w3c.github.io/webauthn/#authenticator-data
MozReview-Commit-ID: 6Qtjdkverls
f2d25c30aaed300ba8513f64cab28ebe2b60ab34: Bug 1244959 - Use IsRegistrableDomainSuffixOfOrEqualTo for U2F Facets r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 28 Sep 2017 16:45:28 -0700 - rev 384520
Push
95801 by kwierso@gmail.com at Wed, 04 Oct 2017 23:45:57 +0000
Bug 1244959 - Use IsRegistrableDomainSuffixOfOrEqualTo for U2F Facets r=ttaubert
In Comment 8 of
Bug 1244959 [1], Brad Hill argues that instead of leaving our
U2F Facet support completely half-way, that we could use the Public Suffix logic
introduced into HTML for W3C Web Authentication (the method named
IsRegistrableDomainSuffixOfOrEqualTo) to scope the FIDO AppID to an eTLD+1
hierarchy. This is a deviation from the FIDO specification, but doesn't break
anything that currently works with our U2F implementation, and theoretically
enables sites that otherwise need an external FacetID fetch which we aren't
implementing.
The downside to this is that it's then Firefox-specific behavior. But since this
isn't a shipped feature, we have more room to experiment. As an additional
bonus, it encourages U2F sites to use the upcoming Web Authentication security
model, which will help them prepare to adopt the newer standard.
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1244959#c8
MozReview-Commit-ID: DzNVhHT9qRL
0902f7275334aeb271d494b6aac1ee2730add627: Bug 1399334 - Add more debugging to see why certificates aren't valid. r=ttaubert
J.C. Jones <jjones@mozilla.com> - Mon, 18 Sep 2017 21:43:40 -0700 - rev 381673
Push
95185 by ryanvm@gmail.com at Tue, 19 Sep 2017 18:14:20 +0000
Bug 1399334 - Add more debugging to see why certificates aren't valid. r=ttaubert
There's an intermittent that is showing up now that test_register_sign.html
checks state.attestationCert.verify(); to ensure hte SoftToken's certificate
is valid. This patch prints the offending certificate when it's encountered,
to help diagnose the root cause.
MozReview-Commit-ID: 4QSobq9fBGK
07b93c7fec6c83f53a3bdce9becbb13f0fc397e5: Bug 1400066 - Gracefully handle unsupported platforms for U2F HID support r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 14 Sep 2017 18:11:47 -0700 - rev 381030
Push
95037 by ttaubert@mozilla.com at Fri, 15 Sep 2017 08:35:33 +0000
Bug 1400066 - Gracefully handle unsupported platforms for U2F HID support r=ttaubert
FreeBSD isn't currently support for FIDO U2F support, similar to Android, so
this patch [1] from Jan Beich <jbeich@FreeBSD.org> treats Android and FreeBSD
the same. With luck, someone will add in the platform support for both, soon!
[1] https://github.com/jcjones/u2f-hid-rs/pull/44
MozReview-Commit-ID: DU7Rco2NLb3
0aed7d43efe295f6086cb3d1cb96326da5c2ebac: Bug 1400080 - Remove impossible telemetry test from WebAuthn r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 14 Sep 2017 19:17:52 -0700 - rev 381029
Push
95037 by ttaubert@mozilla.com at Fri, 15 Sep 2017 08:35:33 +0000
Bug 1400080 - Remove impossible telemetry test from WebAuthn r=ttaubert
Now that there are actual hardware devices, this test can't be run: it
depended on there being a deliberately-erroring implementation of WebAuthn
which would instantly reject promises. Fortunately, this test was really more
a test that telemetry scalars work properly than really the functionality
of WebAuthn.
Sadly, I don't see any way to re-enable this test without adding a new test-
only pref to the tree, which doesn't seem worth it for the telemetry.
So this patch removes the offending test completely which was backed out in
https://hg.mozilla.org/integration/mozilla-inbound/rev/c115eec567a6 .
MozReview-Commit-ID: LiLuQHbPU1z
fd7e4852bd06df199e89663b6d4e7ca5c3f2e0ea: Bug 1245527 - Remove NSS U2F SoftToken. r=ttaubert, r=jed
J.C. Jones <jjones@mozilla.com> - Tue, 05 Sep 2017 12:32:42 -0700 - rev 380297
Push
94876 by ryanvm@gmail.com at Tue, 12 Sep 2017 14:57:26 +0000
Bug 1245527 - Remove NSS U2F SoftToken. r=ttaubert, r=jed
The nsIU2FToken and its implementors are no longer needed; the soft token was
re-implemented into dom/webauthn/U2FSoftTokenManager.cpp during the WebAuthn
implementation. When the dom/u2f/ code changed to the implementation from
WebAuthn, the old synchronous version became dead code.
This patch removes the dead code.
MozReview-Commit-ID: 2yDD0tccgZr
dd315914f198f74605f6f3bb5311a12e66a1787f: Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
J.C. Jones <jjones@mozilla.com> - Mon, 11 Sep 2017 12:56:59 -0700 - rev 380296
Push
94876 by ryanvm@gmail.com at Tue, 12 Sep 2017 14:57:26 +0000
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from
Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
8ee1f7aebd6266c897a642dd9aafd8ba682f420c: Bug 1245527 - Remove NSS U2F SoftToken. r=ttaubert, r=jed
J.C. Jones <jjones@mozilla.com> - Tue, 05 Sep 2017 12:32:42 -0700 - rev 379831
Push
94752 by ryanvm@gmail.com at Sat, 09 Sep 2017 02:23:42 +0000
Bug 1245527 - Remove NSS U2F SoftToken. r=ttaubert, r=jed
The nsIU2FToken and its implementors are no longer needed; the soft token was
re-implemented into dom/webauthn/U2FSoftTokenManager.cpp during the WebAuthn
implementation. When the dom/u2f/ code changed to the implementation from
WebAuthn, the old synchronous version became dead code.
This patch removes the dead code.
MozReview-Commit-ID: 2yDD0tccgZr
e6a5de8d12467ae51e70ebd445900c2032e673e6: Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
J.C. Jones <jjones@mozilla.com> - Tue, 05 Sep 2017 12:32:42 -0700 - rev 379830
Push
94752 by ryanvm@gmail.com at Sat, 09 Sep 2017 02:23:42 +0000
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for prefs and scheme,
and generally made these cleaner.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
f7a53ff2f8cb312eb6a65b127207e04d2bd1c79c: Bug 1383799 - Cancel WebAuthn operations on tab-switch r=ttaubert
J.C. Jones <jjones@mozilla.com> - Fri, 04 Aug 2017 12:34:18 -0700 - rev 374172
Push
93658 by kwierso@gmail.com at Fri, 11 Aug 2017 20:26:02 +0000
Bug 1383799 - Cancel WebAuthn operations on tab-switch r=ttaubert
WebAuthn operations that are in-flight with authenticators must be cancelled
when switching tabs.
There's an Issue [1] opened with the WebAuthn spec for this already, but the
language is _not_ in spec. Still, it's necessary for security, spec or not.
This also matches how Chromium handles U2F operations during a tab switch.
[1] https://github.com/w3c/webauthn/issues/316
MozReview-Commit-ID: 6Qh9oC4pqys
58b579b4ef4e1fb938297bc43a7fc7e4b2168a4a: Bug 1373672 - Part 3: Expose childOffset from nsIDocShell to use in nsSessionStoreUtils, r=ttaubert, r=smaug
Michael Layzell <michael@thelayzells.com> - Wed, 02 Aug 2017 19:08:19 +0200 - rev 372297
Push
93286 by ttaubert@mozilla.com at Wed, 02 Aug 2017 17:09:38 +0000
Bug 1373672 - Part 3: Expose childOffset from nsIDocShell to use in nsSessionStoreUtils, r=ttaubert, r=smaug
The reasoning behind this is that with this change, removing a non-dynamic
docshell from the document dynamically shouldn't affect the indexes which we use
for both recording and restoring data in child docshells.
MozReview-Commit-ID: JIK8GBSWDEF
* * *
fixup
From c2cb8e33211348c36b1ce18bb62e6465fa46d3ae Mon Sep 17 00:00:00 2001
36bb09c4b28edaefacb7199cd1d73e010753ecb9: Bug 1373672 - Part 3: Expose childOffset from nsIDocShell to use in nsSessionStoreUtils, r=ttaubert, r=smaug
Michael Layzell <michael@thelayzells.com> - Tue, 01 Aug 2017 11:22:53 +0200 - rev 372180
Push
93229 by ttaubert@mozilla.com at Tue, 01 Aug 2017 09:51:08 +0000
Bug 1373672 - Part 3: Expose childOffset from nsIDocShell to use in nsSessionStoreUtils, r=ttaubert, r=smaug
The reasoning behind this is that with this change, removing a non-dynamic
docshell from the document dynamically shouldn't affect the indexes which we use
for both recording and restoring data in child docshells.
MozReview-Commit-ID: JIK8GBSWDEF
1f66a39c19f1e8889c7fb802001b4838436f85dd: Bug 1380529 - Only permit "ES256" as pubkey type for WebAuthn (3/3) r=ttaubert
J.C. Jones <jjones@mozilla.com> - Fri, 14 Jul 2017 09:57:52 -0700 - rev 370300
Push
92840 by archaeopteryx@coole-files.de at Sat, 22 Jul 2017 10:44:25 +0000
Bug 1380529 - Only permit "ES256" as pubkey type for WebAuthn (3/3) r=ttaubert
Web Authentication uses JWK algorithm names (ES256) instead of WebCrypto names
(such as P-256). There are other JWK algorithm names, but our current U2F-backed
implementation only can support ES256 anyway, as that's all that FIDO U2F
devices understand. This patch limits us to the name ES256 for the "alg"
parameter.
MozReview-Commit-ID: 3V5DMzVzPad
070367125549ebd34250ffc4078784890ebea619: Bug 1380529 - Use CBOR for the Create Credential WebAuthn call (2/3) r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 13 Jul 2017 18:12:50 -0700 - rev 370299
Push
92840 by archaeopteryx@coole-files.de at Sat, 22 Jul 2017 10:44:25 +0000
Bug 1380529 - Use CBOR for the Create Credential WebAuthn call (2/3) r=ttaubert
The WebAuthn Create Credential method should encode its results using CBOR;
this patch changes to that format.
The CBOR formats for the U2F data are specified in [1][2]
The attestation data format is in [3]
The high-level layout is in [4]
[1] https://w3c.github.io/webauthn/#generating-an-attestation-object
[2] https://w3c.github.io/webauthn/#fido-u2f-attestation
[3] https://w3c.github.io/webauthn/#sec-attestation-data
[4] https://w3c.github.io/webauthn/#sctn-attestation
MozReview-Commit-ID: BYoFCJSxlLt
45b4405c24ca291e24053c708c4620a9bda73438: Bug 1380529 - Add a CBOR library for WebAuthn (1/3) r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 13 Jul 2017 18:12:57 -0700 - rev 370298
Push
92840 by archaeopteryx@coole-files.de at Sat, 22 Jul 2017 10:44:25 +0000
Bug 1380529 - Add a CBOR library for WebAuthn (1/3) r=ttaubert
Web Authentication's WD-05 specification moves to using (CBOR) Concise Binary
Object Representation to transmit the binary data... most of it. This lands a
subset of the Apache 2-licensed "CBOR C++" serialization library [1] into
webauthn's path.
It does not add any code to use this library; see patch 2/3.
[1] https://github.com/naphaso/cbor-cpp/
MozReview-Commit-ID: Ktj9TgdqElk
0bb5555fa0272b604f6048f7385aa26e76655615: bug 1375709 - avoid deadlock when shutting down NSS r=Cykesiopka,ttaubert
David Keeler <dkeeler@mozilla.com> - Mon, 10 Jul 2017 16:25:51 -0700 - rev 369041
Push
92597 by archaeopteryx@coole-files.de at Sat, 15 Jul 2017 14:37:16 +0000
bug 1375709 - avoid deadlock when shutting down NSS r=Cykesiopka,ttaubert
The deadlock fix attempted in
bug 1273475 was incomplete. This should prevent
the issue by preventing nsNSSShutDownPreventionLocks from attempting to
increment the NSS activity state count when shutdown is in progress (this is
acceptible because when code that creates any nsNSSShutDownPreventionLocks then
checks isAlreadyShutDown(), it will return true because sInShutdown is true,
thus preventing that code from unsafely using NSS resources and functions).
MozReview-Commit-ID: 4o5DGbU2TCq
9d6095db50904cafcd4756903e181ba376d923dc: bug 1344478 - isAlreadyShutDown should return true for nsNSSShutDownObjects created after NSS shut down r=Cykesiopka,ttaubert
David Keeler <dkeeler@mozilla.com> - Mon, 13 Mar 2017 15:26:40 -0700 - rev 348823
Push
88334 by cbook@mozilla.com at Wed, 22 Mar 2017 15:13:25 +0000
bug 1344478 - isAlreadyShutDown should return true for nsNSSShutDownObjects created after NSS shut down r=Cykesiopka,ttaubert
MozReview-Commit-ID: 5bUTLz6mGKC
In general, it is possible to create a new nsNSSShutDownObject after
nsNSSShutDownList::shutdown() had been called. Before this patch, at that point,
isAlreadyShutDown() would incorrectly return false, which could lead to code
calling NSS functions, which would probably lead to a crash (because NSS could
be uninitialized at that point). This change merges
nsNSSShutDownList::shutdown() with evaporateAllNSSResources() into
evaporateAllNSSResourcesAndShutDown() for simplicity and makes it so
isAlreadyShutDown() returns true if called after that point.
3dc5c1d379299b189ca4b218ce93b0d9f3766d46: Bug 1344595 - Protect against nsIPrincipal.origin throwing for about:blank iframes; r=ttaubert
Ehsan Akhgari <ehsan@mozilla.com> - Sat, 04 Mar 2017 18:31:11 -0500 - rev 346062
Push
87720 by eakhgari@mozilla.com at Mon, 06 Mar 2017 14:43:30 +0000
Bug 1344595 - Protect against nsIPrincipal.origin throwing for about:blank iframes; r=ttaubert
5f97ca8be2b43d3d26ed055e8d3cad877b20b546: Bug 1329238 - Make public CryptoKey.h methods return UniqueX NSS types instead of raw pointers. r=ttaubert
Cykesiopka <cykesiopka.bmo@gmail.com> - Wed, 25 Jan 2017 00:27:39 +0800 - rev 331694
Push
86338 by kwierso@gmail.com at Mon, 30 Jan 2017 23:54:15 +0000
Bug 1329238 - Make public CryptoKey.h methods return UniqueX NSS types instead of raw pointers. r=ttaubert
The std::unique_ptr based UniqueX types provide better safety over managing raw
pointers.
MozReview-Commit-ID: EwwOfs6RHqy
1d58dd2e8476114149fd398568e38befbb7c1fd0: Bug 1325104 - Stop using Scoped.h NSS types in CryptoKey.(cpp|h). r=ttaubert
Cykesiopka <cykesiopka.bmo@gmail.com> - Mon, 02 Jan 2017 14:02:50 +0800 - rev 327795
Push
85281 by cbook@mozilla.com at Tue, 03 Jan 2017 11:43:47 +0000
Bug 1325104 - Stop using Scoped.h NSS types in CryptoKey.(cpp|h). r=ttaubert
Scoped.h is deprecated.
MozReview-Commit-ID: HVfrjM2haQf