Bug 1406469 - Handle the WebAuthn "User Verified" flag r=ttaubert
authorJ.C. Jones <jjones@mozilla.com>
Mon, 09 Oct 2017 18:10:31 -0700
changeset 679121 bd51b47ccb9bf699fb28c4cab6d3ff0b6461d5df
parent 679120 007500fffc0353b32efd1fd6cad8e21333d0923a
child 679122 7290aaeb80740ceced351d10507b3bfdf0807aea
push id84141
push userbmo:schien@mozilla.com
push dateThu, 12 Oct 2017 11:13:04 +0000
reviewersttaubert
bugs1406469
milestone58.0a1
Bug 1406469 - Handle the WebAuthn "User Verified" flag r=ttaubert WebAuthn has added a flag UV to indicate the user was biometrically verified. We have to make sure not to set that flag for U2F. Turns out we already do that, but let's add the constant and such. Ref: https://w3c.github.io/webauthn/#authenticator-data MozReview-Commit-ID: 6Qtjdkverls
dom/webauthn/WebAuthnManager.cpp
dom/webauthn/tests/test_webauthn_loopback.html
dom/webauthn/tests/u2futil.js
--- a/dom/webauthn/WebAuthnManager.cpp
+++ b/dom/webauthn/WebAuthnManager.cpp
@@ -27,16 +27,18 @@ namespace mozilla {
 namespace dom {
 
 /***********************************************************************
  * Protocol Constants
  **********************************************************************/
 
 const uint8_t FLAG_TUP = 0x01; // Test of User Presence required
 const uint8_t FLAG_AT = 0x40; // Authenticator Data is provided
+const uint8_t FLAG_UV = 0x04; // User was Verified (biometrics, etc.); this
+                              // flag is not possible with U2F devices
 
 /***********************************************************************
  * Statics
  **********************************************************************/
 
 namespace {
 StaticRefPtr<WebAuthnManager> gWebAuthnManager;
 static mozilla::LazyLogModule gWebAuthnManagerLog("webauthnmanager");
--- a/dom/webauthn/tests/test_webauthn_loopback.html
+++ b/dom/webauthn/tests/test_webauthn_loopback.html
@@ -76,17 +76,17 @@ function() {
 
         is(calcHashStr, providedHashStr,
            "Calculated RP ID hash must match what the browser derived.");
         return Promise.resolve(aAttestationObj);
       });
     })
     .then(function(aAttestationObj) {
       ok(aAttestationObj.authDataObj.flags == (flag_TUP | flag_AT),
-         "User presence and Attestation Object must both be set");
+         "User presence and Attestation Object must be the only flags set");
 
       aCredInfo.clientDataObj = clientData;
       aCredInfo.publicKeyHandle = aAttestationObj.authDataObj.publicKeyHandle;
       aCredInfo.attestationObject = aAttestationObj.authDataObj.attestationAuthData;
       return aCredInfo;
     });
   }
 
--- a/dom/webauthn/tests/u2futil.js
+++ b/dom/webauthn/tests/u2futil.js
@@ -1,13 +1,14 @@
 // Used by local_addTest() / local_completeTest()
 var _countCompletions = 0;
 var _expectedCompletions = 0;
 
 const flag_TUP = 0x01;
+const flag_UV = 0x04;
 const flag_AT = 0x40;
 
 function handleEventMessage(event) {
   if ("test" in event.data) {
     let summary = event.data.test + ": " + event.data.msg;
     log(event.data.status + ": " + summary);
     ok(event.data.status, summary);
   } else if ("done" in event.data) {