Bug 1552339 - On Android, direct attestations are anonymized r=keeler
authorJ.C. Jones <jjones@mozilla.com>
Tue, 21 May 2019 21:44:05 +0000
changeset 474974 1765feffe210b2348826f3e333eade8ce923dd6c
parent 474973 6d0bd1cdd4beabe88d1040e537b129ce364ffeee
child 474975 a234872a4356abb2002ce4d4a04467a983d3dc8e
push id36052
push userbtara@mozilla.com
push dateThu, 23 May 2019 04:37:46 +0000
treeherdermozilla-central@d12917561f27 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1552339
milestone69.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1552339 - On Android, direct attestations are anonymized r=keeler Differential Revision: https://phabricator.services.mozilla.com/D32057
dom/webauthn/tests/test_webauthn_attestation_conveyance.html
dom/webauthn/tests/u2futil.js
--- a/dom/webauthn/tests/test_webauthn_attestation_conveyance.html
+++ b/dom/webauthn/tests/test_webauthn_attestation_conveyance.html
@@ -18,30 +18,30 @@
   <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1416056">Mozilla Bug 1416056</a>
 
   <script class="testbody" type="text/javascript">
     "use strict";
 
     function getAttestationCertFromAttestationBuffer(aAttestationBuffer) {
       return webAuthnDecodeCBORAttestation(aAttestationBuffer)
       .then((aAttestationObj) => {
-        is("fido-u2f", aAttestationObj.fmt, "Is a FIDO U2F Attestation");
+        is(aAttestationObj.fmt, "fido-u2f", "Is a FIDO U2F Attestation");
         let attestationCertDER = aAttestationObj.attStmt.x5c[0];
         let certDERBuffer = attestationCertDER.slice(0, attestationCertDER.byteLength).buffer;
         let certAsn1 = org.pkijs.fromBER(certDERBuffer);
         return new org.pkijs.simpl.CERT({ schema: certAsn1.result });
       });
     }
 
     function verifyAnonymizedCertificate(aResult) {
       return webAuthnDecodeCBORAttestation(aResult.response.attestationObject)
       .then(({fmt, attStmt}) => {
-        is("none", fmt, "Is a None Attestation");
-        is("object", typeof(attStmt), "attStmt is a map");
-        is(0, Object.keys(attStmt).length, "attStmt is empty");
+        is(fmt, "none", "Is a None Attestation");
+        is(typeof(attStmt), "object", "attStmt is a map");
+        is(Object.keys(attStmt).length, 0, "attStmt is empty");
       });
     }
 
     function verifyDirectCertificate(aResult) {
       return getAttestationCertFromAttestationBuffer(aResult.response.attestationObject)
       .then((attestationCert) => {
         let subject = attestationCert.subject.types_and_values[0].value.value_block.value;
         is(subject, "Firefox U2F Soft Token", "Subject name matches the direct Soft Token")
@@ -95,17 +95,24 @@
 
       // Request indirect attestation, which is the same as none.
       await requestMakeCredential("indirect")
         .then(verifyAnonymizedCertificate)
         .catch(arrivingHereIsBad);
 
       // Request direct attestation, which will prompt for user intervention.
       await requestMakeCredential("direct")
-        .then(verifyDirectCertificate)
+        .then((x) => {
+          if (AppConstants.platform === "android") {
+            // If this is Android, the result will be anonymized (Bug 1551229)
+            return verifyAnonymizedCertificate(x);
+          } else {
+            return verifyDirectCertificate(x);
+          }
+        })
         .catch(arrivingHereIsBad);
     });
 
     // Test failure cases for make credential.
     add_task(async () => {
       // Request a platform authenticator.
       await requestMakeCredential("unknown")
         .then(arrivingHereIsBad)
--- a/dom/webauthn/tests/u2futil.js
+++ b/dom/webauthn/tests/u2futil.js
@@ -12,16 +12,18 @@ const cose_kty_ec2 = 2;
 const cose_alg = 3;
 const cose_alg_ECDSA_w_SHA256 = -7;
 const cose_alg_ECDSA_w_SHA512 = -36;
 const cose_crv = -1;
 const cose_crv_P256 = 1;
 const cose_crv_x = -2;
 const cose_crv_y = -3;
 
+var {AppConstants} = SpecialPowers.Cu.import("resource://gre/modules/AppConstants.jsm", {});
+
 function handleEventMessage(event) {
   if ("test" in event.data) {
     let summary = event.data.test + ": " + event.data.msg;
     log(event.data.status + ": " + summary);
     ok(event.data.status, summary);
   } else if ("done" in event.data) {
     SimpleTest.finish();
   } else {