dom/webauthn/U2FHIDTokenManager.cpp
author David Major <dmajor@mozilla.com>
Wed, 20 Dec 2017 09:07:46 -0500
changeset 448763 e9cfe039a796e2963a6d3e7d2a161b02cdbadcac
parent 445998 735e651fcd65f88f4ee61369768550e2bf8fe33a
child 450104 7b0bbd94352de559b0656c2b19e482c679ea34b8
permissions -rw-r--r--
Bug 1425906: Rename LINK to LINKER throughout the build system. r=glandium Windows linkers give special meaning to getenv("LINK"), which makes `export LINK=...` in mozconfigs do unexpected things.

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 * You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "mozilla/dom/U2FHIDTokenManager.h"
#include "mozilla/StaticMutex.h"

namespace mozilla {
namespace dom {

static StaticMutex gInstanceMutex;
static U2FHIDTokenManager* gInstance;
static nsIThread* gPBackgroundThread;

static void
u2f_register_callback(uint64_t aTransactionId, rust_u2f_result* aResult)
{
  StaticMutexAutoLock lock(gInstanceMutex);
  if (!gInstance || NS_WARN_IF(!gPBackgroundThread)) {
    return;
  }

  UniquePtr<U2FResult> rv = MakeUnique<U2FResult>(aTransactionId, aResult);
  nsCOMPtr<nsIRunnable> r(NewNonOwningRunnableMethod<UniquePtr<U2FResult>&&>(
      "U2FHIDTokenManager::HandleRegisterResult", gInstance,
      &U2FHIDTokenManager::HandleRegisterResult, Move(rv)));

  MOZ_ALWAYS_SUCCEEDS(gPBackgroundThread->Dispatch(r.forget(),
                                                   NS_DISPATCH_NORMAL));
}

static void
u2f_sign_callback(uint64_t aTransactionId, rust_u2f_result* aResult)
{
  StaticMutexAutoLock lock(gInstanceMutex);
  if (!gInstance || NS_WARN_IF(!gPBackgroundThread)) {
    return;
  }

  UniquePtr<U2FResult> rv = MakeUnique<U2FResult>(aTransactionId, aResult);
  nsCOMPtr<nsIRunnable> r(NewNonOwningRunnableMethod<UniquePtr<U2FResult>&&>(
      "U2FHIDTokenManager::HandleSignResult", gInstance,
      &U2FHIDTokenManager::HandleSignResult, Move(rv)));

  MOZ_ALWAYS_SUCCEEDS(gPBackgroundThread->Dispatch(r.forget(),
                                                   NS_DISPATCH_NORMAL));
}

U2FHIDTokenManager::U2FHIDTokenManager() : mTransactionId(0)
{
  StaticMutexAutoLock lock(gInstanceMutex);
  MOZ_ASSERT(XRE_IsParentProcess());
  MOZ_ASSERT(!NS_IsMainThread());
  MOZ_ASSERT(!gInstance);

  mU2FManager = rust_u2f_mgr_new();
  gPBackgroundThread = NS_GetCurrentThread();
  MOZ_ASSERT(gPBackgroundThread, "This should never be null!");
  gInstance = this;
}

U2FHIDTokenManager::~U2FHIDTokenManager()
{
  {
    StaticMutexAutoLock lock(gInstanceMutex);
    MOZ_ASSERT(NS_GetCurrentThread() == gPBackgroundThread);

    mRegisterPromise.RejectIfExists(NS_ERROR_DOM_UNKNOWN_ERR, __func__);
    mSignPromise.RejectIfExists(NS_ERROR_DOM_UNKNOWN_ERR, __func__);

    gInstance = nullptr;
  }

  // Release gInstanceMutex before we call U2FManager::drop(). It will wait
  // for the work queue thread to join, and that requires the
  // u2f_{register,sign}_callback to lock and return.
  rust_u2f_mgr_free(mU2FManager);
  mU2FManager = nullptr;
}

// A U2F Register operation causes a new key pair to be generated by the token.
// The token then returns the public key of the key pair, and a handle to the
// private key, which is a fancy way of saying "key wrapped private key", as
// well as the generated attestation certificate and a signature using that
// certificate's private key.
//
// The KeyHandleFromPrivateKey and PrivateKeyFromKeyHandle methods perform
// the actual key wrap/unwrap operations.
//
// The format of the return registration data is as follows:
//
// Bytes  Value
// 1      0x05
// 65     public key
// 1      key handle length
// *      key handle
// ASN.1  attestation certificate
// *      attestation signature
//
RefPtr<U2FRegisterPromise>
U2FHIDTokenManager::Register(const nsTArray<WebAuthnScopedCredentialDescriptor>& aDescriptors,
                             const WebAuthnAuthenticatorSelection &aAuthenticatorSelection,
                             const nsTArray<uint8_t>& aApplication,
                             const nsTArray<uint8_t>& aChallenge,
                             uint32_t aTimeoutMS)
{
  MOZ_ASSERT(NS_GetCurrentThread() == gPBackgroundThread);

  uint64_t registerFlags = 0;

  // Set flags for credential creation.
  if (aAuthenticatorSelection.requireResidentKey()) {
    registerFlags |= U2F_FLAG_REQUIRE_RESIDENT_KEY;
  }
  if (aAuthenticatorSelection.requireUserVerification()) {
    registerFlags |= U2F_FLAG_REQUIRE_USER_VERIFICATION;
  }
  if (aAuthenticatorSelection.requirePlatformAttachment()) {
    registerFlags |= U2F_FLAG_REQUIRE_PLATFORM_ATTACHMENT;
  }

  ClearPromises();
  mTransactionId = rust_u2f_mgr_register(mU2FManager,
                                         registerFlags,
                                         (uint64_t)aTimeoutMS,
                                         u2f_register_callback,
                                         aChallenge.Elements(),
                                         aChallenge.Length(),
                                         aApplication.Elements(),
                                         aApplication.Length(),
                                         U2FKeyHandles(aDescriptors).Get());

  if (mTransactionId == 0) {
    return U2FRegisterPromise::CreateAndReject(NS_ERROR_DOM_UNKNOWN_ERR, __func__);
  }

  return mRegisterPromise.Ensure(__func__);
}

// A U2F Sign operation creates a signature over the "param" arguments (plus
// some other stuff) using the private key indicated in the key handle argument.
//
// The format of the signed data is as follows:
//
//  32    Application parameter
//  1     User presence (0x01)
//  4     Counter
//  32    Challenge parameter
//
// The format of the signature data is as follows:
//
//  1     User presence
//  4     Counter
//  *     Signature
//
RefPtr<U2FSignPromise>
U2FHIDTokenManager::Sign(const nsTArray<WebAuthnScopedCredentialDescriptor>& aDescriptors,
                         const nsTArray<uint8_t>& aApplication,
                         const nsTArray<uint8_t>& aChallenge,
                         uint32_t aTimeoutMS)
{
  MOZ_ASSERT(NS_GetCurrentThread() == gPBackgroundThread);

  ClearPromises();
  mTransactionId = rust_u2f_mgr_sign(mU2FManager,
                                     (uint64_t)aTimeoutMS,
                                     u2f_sign_callback,
                                     aChallenge.Elements(),
                                     aChallenge.Length(),
                                     aApplication.Elements(),
                                     aApplication.Length(),
                                     U2FKeyHandles(aDescriptors).Get());
  if (mTransactionId == 0) {
    return U2FSignPromise::CreateAndReject(NS_ERROR_DOM_UNKNOWN_ERR, __func__);
  }

  return mSignPromise.Ensure(__func__);
}

void
U2FHIDTokenManager::Cancel()
{
  MOZ_ASSERT(NS_GetCurrentThread() == gPBackgroundThread);

  ClearPromises();
  mTransactionId = rust_u2f_mgr_cancel(mU2FManager);
}

void
U2FHIDTokenManager::HandleRegisterResult(UniquePtr<U2FResult>&& aResult)
{
  MOZ_ASSERT(NS_GetCurrentThread() == gPBackgroundThread);

  if (aResult->GetTransactionId() != mTransactionId) {
    return;
  }

  MOZ_ASSERT(!mRegisterPromise.IsEmpty());

  nsTArray<uint8_t> registration;
  if (!aResult->CopyRegistration(registration)) {
    mRegisterPromise.Reject(NS_ERROR_DOM_UNKNOWN_ERR, __func__);
    return;
  }

  U2FRegisterResult result(Move(registration));
  mRegisterPromise.Resolve(Move(result), __func__);
}

void
U2FHIDTokenManager::HandleSignResult(UniquePtr<U2FResult>&& aResult)
{
  MOZ_ASSERT(NS_GetCurrentThread() == gPBackgroundThread);

  if (aResult->GetTransactionId() != mTransactionId) {
    return;
  }

  MOZ_ASSERT(!mSignPromise.IsEmpty());

  nsTArray<uint8_t> keyHandle;
  if (!aResult->CopyKeyHandle(keyHandle)) {
    mSignPromise.Reject(NS_ERROR_DOM_UNKNOWN_ERR, __func__);
    return;
  }

  nsTArray<uint8_t> signature;
  if (!aResult->CopySignature(signature)) {
    mSignPromise.Reject(NS_ERROR_DOM_UNKNOWN_ERR, __func__);
    return;
  }

  U2FSignResult result(Move(keyHandle), Move(signature));
  mSignPromise.Resolve(Move(result), __func__);
}

}
}