searching for reviewer(ttaubert)
3c95faed62ee: Bug 1463170 - Set AuthenticatorAssertionResponse.userHandle to null r=ttaubert r=smaug
J.C. Jones <jjones@mozilla.com> - Mon, 21 May 2018 09:04:50 -0700 - rev 473945
Push 9374 by jlund@mozilla.com at 2018-06-18 21:43 +0000
Bug 1463170 - Set AuthenticatorAssertionResponse.userHandle to null r=ttaubert r=smaug Summary: The WebAuthn spec says to set `AuthenticatorAssertionResponse.userHandle` to null when the authenticator returns no user handle (e.g., when allowList is set), but we return an empty ArrayBuffer. This is because of the defaults in AuthenticatorAssertionResponse.h, as the field is itself unset. We missed this change to the spec that happened in December [2], so this also has a corresponding WebIDL update. I don't see any other instances of WebIDL differences. [1] https://w3c.github.io/webauthn/#ref-for-dom-authenticatorassertionresponse-userhandle%E2%91%A0 [2] https://github.com/w3c/webauthn/commit/3b2a1d141cbd8f2954f073a6b6598d954398a986 Test Plan: https://treeherder.mozilla.org/#/jobs?repo=try&revision=59a2ab255ef14e935c1aa9f457276f8e61e5d779 Reviewers: smaug, ttaubert Bug #: 1463170 Differential Revision: https://phabricator.services.mozilla.com/D1337
5166f4f5af70: Bug 1460767 - Return device ineligible when appropriate for U2F r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 10 May 2018 16:36:18 -0700 - rev 472402
Push 9374 by jlund@mozilla.com at 2018-06-18 21:43 +0000
Bug 1460767 - Return device ineligible when appropriate for U2F r=ttaubert Summary: FIDO U2F's specification says that when the wrong security key responds to a signature, or when an already-registered key exists, that the UA should return error code 4, DEVICE_INELIGIBLE. We used to do that, but adjusted some things for WebAuthn and now we don't. This changes the soft token to return that at the appropriate times, and updates the expectations of U2F.cpp that it should use InvalidStateError as the signal to reutrn DEVICE_INELIGIBLE. Also, note that WebAuthn's specification says that if any authenticator returns "InvalidStateError" that it should be propagated, as it indicates that the authenticator obtained user consent and failed to complete its job [1]. This change to the Soft Token affects the WebAuthn tests, but in a good way. Reading the WebAuthn spec, we should not be returning NotAllowedError when there is consent from the user via the token (which the softtoken always deliveres). As such, this adjusts the affected WebAuthn tests, and adds a couple useful checks to test_webauthn_get_assertion.html for future purposes. [1] https://w3c.github.io/webauthn/#createCredential section 5.1.3 "Create a new credential", Step 20, Note 2: "If any authenticator returns an error status equivalent to "InvalidStateError"..." Test Plan: https://treeherder.mozilla.org/#/jobs?repo=try&revision=f2fc930f7fc8eea69b1ebc96748fe95e150a92a4 Reviewers: ttaubert Bug #: 1460767 Differential Revision: https://phabricator.services.mozilla.com/D1269
36c03b72db50: Bug 1463170 - Set AuthenticatorAssertionResponse.userHandle to null. r=ttaubert, r=smaug, a=RyanVM
J.C. Jones <jjones@mozilla.com> - Mon, 21 May 2018 09:04:50 -0700 - rev 470964
Push 9279 by ryanvm@gmail.com at 2018-05-29 22:02 +0000
Bug 1463170 - Set AuthenticatorAssertionResponse.userHandle to null. r=ttaubert, r=smaug, a=RyanVM Summary: The WebAuthn spec says to set `AuthenticatorAssertionResponse.userHandle` to null when the authenticator returns no user handle (e.g., when allowList is set), but we return an empty ArrayBuffer. This is because of the defaults in AuthenticatorAssertionResponse.h, as the field is itself unset. We missed this change to the spec that happened in December [2], so this also has a corresponding WebIDL update. I don't see any other instances of WebIDL differences. [1] https://w3c.github.io/webauthn/#ref-for-dom-authenticatorassertionresponse-userhandle%E2%91%A0 [2] https://github.com/w3c/webauthn/commit/3b2a1d141cbd8f2954f073a6b6598d954398a986 Test Plan: https://treeherder.mozilla.org/#/jobs?repo=try&revision=59a2ab255ef14e935c1aa9f457276f8e61e5d779 Reviewers: smaug, ttaubert Bug #: 1463170 Differential Revision: https://phabricator.services.mozilla.com/D1337
594d4ff3b55b: Bug 1460767 - Return device ineligible when appropriate for U2F. r=ttaubert, a=RyanVM
J.C. Jones <jjones@mozilla.com> - Thu, 10 May 2018 16:36:18 -0700 - rev 470809
Push 9232 by ryanvm@gmail.com at 2018-05-17 00:06 +0000
Bug 1460767 - Return device ineligible when appropriate for U2F. r=ttaubert, a=RyanVM Summary: FIDO U2F's specification says that when the wrong security key responds to a signature, or when an already-registered key exists, that the UA should return error code 4, DEVICE_INELIGIBLE. We used to do that, but adjusted some things for WebAuthn and now we don't. This changes the soft token to return that at the appropriate times, and updates the expectations of U2F.cpp that it should use InvalidStateError as the signal to reutrn DEVICE_INELIGIBLE. Also, note that WebAuthn's specification says that if any authenticator returns "InvalidStateError" that it should be propagated, as it indicates that the authenticator obtained user consent and failed to complete its job [1]. This change to the Soft Token affects the WebAuthn tests, but in a good way. Reading the WebAuthn spec, we should not be returning NotAllowedError when there is consent from the user via the token (which the softtoken always deliveres). As such, this adjusts the affected WebAuthn tests, and adds a couple useful checks to test_webauthn_get_assertion.html for future purposes. [1] https://w3c.github.io/webauthn/#createCredential section 5.1.3 "Create a new credential", Step 20, Note 2: "If any authenticator returns an error status equivalent to "InvalidStateError"..." Test Plan: https://treeherder.mozilla.org/#/jobs?repo=try&revision=f2fc930f7fc8eea69b1ebc96748fe95e150a92a4 Reviewers: ttaubert Bug #: 1460767 Differential Revision: https://phabricator.services.mozilla.com/D1269
141a3103a248: Bug 1443248 - Update u2fhid to core-foundation-sys 0.5. r=ttaubert
Matt Brubeck <mbrubeck@mozilla.com> - Mon, 05 Mar 2018 11:13:13 -0800 - rev 459321
Push 8820 by archaeopteryx@coole-files.de at 2018-03-07 14:27 +0000
Bug 1443248 - Update u2fhid to core-foundation-sys 0.5. r=ttaubert MozReview-Commit-ID: 4xTSQpvHHAV
62646c1718b2: Bug 1436078 - Hard-code U2F permissions for Google Accounts r=ttaubert
J.C. Jones <jjones@mozilla.com> - Tue, 06 Feb 2018 16:59:00 -0700 - rev 455269
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1436078 - Hard-code U2F permissions for Google Accounts r=ttaubert This patch support already-enrolled U2F devices at Google Accounts by adding a hard-coded "OK" into the U2F EvaluateAppID method, per the intent-to-ship [1]. This adds no tests, as this is not testable in our infrastructure. It will require cooporation with Google Accounts to validate. [1] https://groups.google.com/d/msg/mozilla.dev.platform/Uiu3fwnA2xw/201ynAiPAQAJ MozReview-Commit-ID: 1YLd5sfeTKv
89ac5a28c228: Bug 1436078 - Hard-code U2F permissions for Google Accounts r=ttaubert
J.C. Jones <jjones@mozilla.com> - Tue, 06 Feb 2018 16:59:00 -0700 - rev 455223
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1436078 - Hard-code U2F permissions for Google Accounts r=ttaubert This patch support already-enrolled U2F devices at Google Accounts by adding a hard-coded "OK" into the U2F EvaluateAppID method, per the intent-to-ship [1]. This adds no tests, as this is not testable in our infrastructure. It will require cooporation with Google Accounts to validate. [1] https://groups.google.com/d/msg/mozilla.dev.platform/Uiu3fwnA2xw/201ynAiPAQAJ MozReview-Commit-ID: 1YLd5sfeTKv
e21956fd51a3: bug 1421084 - part 4/4 - remove nsNSSShutDown.h and (hopefully) all references to it r=mt,ttaubert
David Keeler <dkeeler@mozilla.com> - Wed, 24 Jan 2018 14:44:01 -0800 - rev 454587
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
bug 1421084 - part 4/4 - remove nsNSSShutDown.h and (hopefully) all references to it r=mt,ttaubert MozReview-Commit-ID: 2mhvHsC5Nil
0d42218045d9: bug 1421084 - part 3/4 - remove nsNSSShutDownObject::shutdown and virtualDestroyNSSReference r=mt,ttaubert
David Keeler <dkeeler@mozilla.com> - Wed, 24 Jan 2018 14:29:08 -0800 - rev 454586
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
bug 1421084 - part 3/4 - remove nsNSSShutDownObject::shutdown and virtualDestroyNSSReference r=mt,ttaubert MozReview-Commit-ID: ErL7ZjAGVVC
ecb9941ee034: bug 1421084 - part 2/4 - remove nsNSSShutDownObject::isAlreadyShutDown() r=mt,ttaubert
David Keeler <dkeeler@mozilla.com> - Tue, 23 Jan 2018 12:22:56 -0800 - rev 454585
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
bug 1421084 - part 2/4 - remove nsNSSShutDownObject::isAlreadyShutDown() r=mt,ttaubert MozReview-Commit-ID: DlS16pHE0Ik
b2b6ca8d0f70: bug 1421084 - part 1/4 - remove now-unnecessary nsNSSShutDownPreventionLock r=mt,ttaubert
David Keeler <dkeeler@mozilla.com> - Tue, 23 Jan 2018 10:37:47 -0800 - rev 454584
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
bug 1421084 - part 1/4 - remove now-unnecessary nsNSSShutDownPreventionLock r=mt,ttaubert As of bug 1417680, the NSS shutdown tracking infrastructure is unnecessary (and does nothing anyway). This series of changesets removes the remaining pieces in a way that is hopefully easy to confirm is correct. MozReview-Commit-ID: 8Y5wpsyNlGc
c2e41df3f41f: Bug 1428916 - WebAuthn: Draft Attestation Preference r=smaug,ttaubert
J.C. Jones <jjones@mozilla.com> - Tue, 23 Jan 2018 12:21:15 -0700 - rev 452949
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1428916 - WebAuthn: Draft Attestation Preference r=smaug,ttaubert The WebAuthn spec lets RPs ask to specifically get direct attestation certificates during credential creation using the "Attestation Conveyance Preference" [1]. This change adds that field into the WebIDL and ignores it for now. This is pre-work to Bug #1430150 which will make this useful (which in turn requires Bug #1416056's support for anonymizing those attestation certificates). [1] https://www.w3.org/TR/webauthn/#attestation-convey MozReview-Commit-ID: 763vaAMv48z
d67a47719c80: Bug 1407789 - Prohibit cross-site iframes for Credential Management r=baku,keeler,ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 12 Oct 2017 18:18:39 -0700 - rev 450048
Push 8527 by Callek@gmail.com at 2018-01-11 21:05 +0000
Bug 1407789 - Prohibit cross-site iframes for Credential Management r=baku,keeler,ttaubert Credential Management defines a parameter `sameOriginWithAncestors` which is set true if the responsible document is not either in a top-level browsing context, or is in a nested context whose heirarchy is all loaded from the same origin as the top-level context [1][2]. The individual credential types of CredMan can use this flag to make decisions on whether to error or not. Our Credential Management implementation right now is a shim to Web Authentication, which says that if `sameOriginWithAncestors` is false, return `"NotAllowedError"`. This ensures that https://webauthn.bin.coffee/iframe.html works, but the cross-origin https://u2f.bin.coffee/iframe-webauthn.html does not. [1] https://w3c.github.io/webappsec-credential-management/#algorithm-request [2] https://w3c.github.io/webappsec-credential-management/#algorithm-create [3] https://w3c.github.io/webauthn/#createCredential [4] https://w3c.github.io/webauthn/#getAssertion MozReview-Commit-ID: KIyakgl0kGv
4c3feee4dfd2: Bug 1247124 - Limit FIDO U2F to Secure Contexts r=ttaubert,smaug
J.C. Jones <jjones@mozilla.com> - Wed, 13 Dec 2017 17:02:38 -0600 - rev 448287
Push 8527 by Callek@gmail.com at 2018-01-11 21:05 +0000
Bug 1247124 - Limit FIDO U2F to Secure Contexts r=ttaubert,smaug Use the [SecureContext] webidl notation to hide the powerful "window.u2f" feature and its interface when not loaded in a secure context. MozReview-Commit-ID: 7en8b5ieI85
3c57b31afc7f: Bug 1423236 - Rerun mach vendor rust. r=ttaubert
Kartikaya Gupta <kgupta@mozilla.com> - Wed, 06 Dec 2017 15:43:11 -0500 - rev 447278
Push 8527 by Callek@gmail.com at 2018-01-11 21:05 +0000
Bug 1423236 - Rerun mach vendor rust. r=ttaubert This contains the generated changes from running `mach vendor rust` on the previous commit, and eliminates the redundant copy of libudev-sys we have sitting in third_party/rust/ MozReview-Commit-ID: IXTI14beFMi
82c4bf2512de: Bug 1423236 - Use patch instead of replace to eliminate redundant vendored copy of libudev-sys. r=ttaubert
Kartikaya Gupta <kgupta@mozilla.com> - Wed, 06 Dec 2017 15:42:25 -0500 - rev 447277
Push 8527 by Callek@gmail.com at 2018-01-11 21:05 +0000
Bug 1423236 - Use patch instead of replace to eliminate redundant vendored copy of libudev-sys. r=ttaubert MozReview-Commit-ID: 529N231rvgY
45e4387bc585: Bug 1420060 - FIPS can no longer be toggled in Firefox with the builtin NSS, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Fri, 24 Nov 2017 09:01:49 +0100 - rev 445356
Push 8527 by Callek@gmail.com at 2018-01-11 21:05 +0000
Bug 1420060 - FIPS can no longer be toggled in Firefox with the builtin NSS, r=ttaubert MozReview-Commit-ID: 5lgEBiFozSG Differential Revision: https://phabricator.services.mozilla.com/D282
1114ed8bfacd: Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert
Gabriele Svelto <gsvelto@mozilla.com> - Tue, 10 Oct 2017 15:25:39 +0200 - rev 445289
Push 8527 by Callek@gmail.com at 2018-01-11 21:05 +0000
Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert MozReview-Commit-ID: CfPBvffjEhq
cfcbb8333389: Bug 1403840 - add cose rust lib with a test, r=keeler,ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 22 Nov 2017 16:37:15 +0100 - rev 445070
Push 8527 by Callek@gmail.com at 2018-01-11 21:05 +0000
Bug 1403840 - add cose rust lib with a test, r=keeler,ttaubert Summary: This adds the COSE rust library from https://github.com/franziskuskiefer/cose-rust with its C API from https://github.com/franziskuskiefer/cose-c-api to gecko with a basic test. The COSE library will be used for verifying add-on signatures in future. Reviewers: keeler, ttaubert Reviewed By: keeler Bug #: 1403840 Differential Revision: https://phabricator.services.mozilla.com/D232
e1964f4389cd: Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert
Gabriele Svelto <gsvelto@mozilla.com> - Tue, 10 Oct 2017 15:25:39 +0200 - rev 445026
Push 8527 by Callek@gmail.com at 2018-01-11 21:05 +0000
Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert MozReview-Commit-ID: CfPBvffjEhq
ec39af7d2914: Bug 1418752 - Firefox instahang on start after landing patch from bug #1392841. r=ttaubert
Michal Novotny <michal.novotny@gmail.com> - Wed, 22 Nov 2017 12:46:08 -0500 - rev 444951
Push 8527 by Callek@gmail.com at 2018-01-11 21:05 +0000
Bug 1418752 - Firefox instahang on start after landing patch from bug #1392841. r=ttaubert EnsureNSSInitializedChromeOrContent() sends sync event to main thread from non-main thread even if it's already initialized. This can make fix at https://searchfox.org/mozilla-central/rev/919dce54f43356c22d6ff6b81c07ef412b1bf933/netwerk/protocol/http/nsHttpHandler.cpp#2105 inefficient and can lead to a deadlock.
40444386933a: Bug 1401594 - land NSS NSS_3_34_BETA5 UPGRADE_NSS_RELEASE, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Thu, 09 Nov 2017 15:17:40 +0100 - rev 441798
Push 8134 by ryanvm@gmail.com at 2017-11-10 21:18 +0000
Bug 1401594 - land NSS NSS_3_34_BETA5 UPGRADE_NSS_RELEASE, r=ttaubert MozReview-Commit-ID: HdFnjDGJDcJ
af86f905265d: Bug 1415795 - revert name change of NSS API, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Thu, 09 Nov 2017 13:02:07 +0100 - rev 441797
Push 8134 by ryanvm@gmail.com at 2017-11-10 21:18 +0000
Bug 1415795 - revert name change of NSS API, r=ttaubert MozReview-Commit-ID: Jj72zkfaRh
98b1272e170c: Bug 1409259 - Add browser console test for the distrust console message r=keeler,ttaubert
J.C. Jones <jjones@mozilla.com> - Wed, 01 Nov 2017 20:59:33 -0700 - rev 440847
Push 8120 by ryanvm@gmail.com at 2017-11-04 17:45 +0000
Bug 1409259 - Add browser console test for the distrust console message r=keeler,ttaubert There are xpcshell tests to verify that the appropriate distrust flag is set upon reaching an affected end entity certificate; this test checks that the distrust flag prints a warning to console. MozReview-Commit-ID: OMG246WOOT
595e27212723: Bug 1409259 - Add a console warning for soon-to-be-distrusted roots r=keeler,ttaubert
J.C. Jones <jjones@mozilla.com> - Wed, 18 Oct 2017 22:29:42 -0700 - rev 440845
Push 8120 by ryanvm@gmail.com at 2017-11-04 17:45 +0000
Bug 1409259 - Add a console warning for soon-to-be-distrusted roots r=keeler,ttaubert This patch adds a new diagnostic status flag to nsIWebProgressListener, STATE_CERT_DISTRUST_IMMINENT, which indicates that the certificate chain is going to change validity due to an upcoming distrust event. The first of these events is this bug, affecting various roots from Symantec. The STATE_CERT_DISTRUST_IMMINENT flag is set by nsNSSCallbacks and passed, via nsSecureBrowserUIImpl, to browser.js where it is used to alert the console. Adding this sort of diagnostic printing to be accessible to browser.js is a long-desired goal, as future functionality can start doing more decision-making there. We may, for example, also want to degrade the lock icon, which will be straightforward with this flag. This commit does not implement the IsCertificateDistrustImminent method. That is follow-on work. MozReview-Commit-ID: 75IOdc24XIV
35f1751b91a9: Bug 1381190 - Change to COSE Algorithm identifiers for WebAuthn r=qdot,ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 12 Oct 2017 15:21:06 -0700 - rev 437494
Push 8114 by jlorenzo@mozilla.com at 2017-11-02 16:33 +0000
Bug 1381190 - Change to COSE Algorithm identifiers for WebAuthn r=qdot,ttaubert The WD-06 (and later) WebAuthn specs choose to move to integer algorithm identifiers for the signatures [1], with a handful of algorithms identified [2]. U2F devices only support ES256 (e.g., COSE ID "-7"), so that's all that is implemented here. Note that the spec also now requires that we accept empty lists of parameters, and in that case, the RP says they aren't picky, so this changes what happens when the parameter list is empty (but still aborts when the list is non-empty but doesn't have anything we can use) [3]. There's a follow-on to move parameter-validation logic into the U2FTokenManager in Bug 1409220. [1] https://w3c.github.io/webauthn/#dictdef-publickeycredentialparameters [2] https://w3c.github.io/webauthn/#alg-identifier [3] https://w3c.github.io/webauthn/#createCredential bullet #12 MozReview-Commit-ID: KgL7mQ9u1uq
c09ea1671fc3: Bug 1381190 - Remove WebAuthnRequest dead code r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 12 Oct 2017 15:17:51 -0700 - rev 437493
Push 8114 by jlorenzo@mozilla.com at 2017-11-02 16:33 +0000
Bug 1381190 - Remove WebAuthnRequest dead code r=ttaubert The WebAuthnRequest.h file is no longer used, and it appears we forgot to clean it up. MozReview-Commit-ID: 8Cgh40YxGiY
d8c1c8894971: Bug 1402267 - Add a scalar telemetry probe that tracks SessionFile worker restarts. data-r=liuche, r=chutten,liuche,ttaubert
Mike de Boer <mdeboer@mozilla.com> - Tue, 17 Oct 2017 12:04:37 +0200 - rev 437384
Push 8114 by jlorenzo@mozilla.com at 2017-11-02 16:33 +0000
Bug 1402267 - Add a scalar telemetry probe that tracks SessionFile worker restarts. data-r=liuche, r=chutten,liuche,ttaubert MozReview-Commit-ID: F3kCfz18kcQ
57bb241801c0: Bug 1402267 - Restart the SessionWorker each time there are failures reported as much as defined in the 'browser.sessionstore.max_write_failures' pref. r=ttaubert
Mike de Boer <mdeboer@mozilla.com> - Tue, 17 Oct 2017 11:59:33 +0200 - rev 437383
Push 8114 by jlorenzo@mozilla.com at 2017-11-02 16:33 +0000
Bug 1402267 - Restart the SessionWorker each time there are failures reported as much as defined in the 'browser.sessionstore.max_write_failures' pref. r=ttaubert MozReview-Commit-ID: 91vOcbmhFmj
8ebe3f571ab8: Bug 1407829 - WebAuthn: Implement CredMan's Store method r=qdot,ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 12 Oct 2017 17:02:22 -0700 - rev 437240
Push 8114 by jlorenzo@mozilla.com at 2017-11-02 16:33 +0000
Bug 1407829 - WebAuthn: Implement CredMan's Store method r=qdot,ttaubert Credential Management defines a Store operation [1], which needs to be implemented for WebAuthn's spec compliance. It only returns a NotSupportedError for WebAuthn [2], so it's pretty simple. [1] https://w3c.github.io/webappsec-credential-management/#dom-credentialscontainer-store [2] https://w3c.github.io/webauthn/#storeCredential MozReview-Commit-ID: KDEB8r5feQt
12c5e82b0240: Bug 1406456 - WebAuthn WebIDL Updates for WD-07 (part 3) r=qdot,ttaubert
J.C. Jones <jjones@mozilla.com> - Mon, 09 Oct 2017 16:48:01 -0700 - rev 436466
Push 8114 by jlorenzo@mozilla.com at 2017-11-02 16:33 +0000
Bug 1406456 - WebAuthn WebIDL Updates for WD-07 (part 3) r=qdot,ttaubert Reorder WebAuthentication.webidl to match the ordering of the IDL index in the Web Authentication spec. No normative changes. MozReview-Commit-ID: 7qPE60Qh7Ly
dd5ff0119c3f: Bug 1406456 - WebAuthn WebIDL Updates for WD-07 (part 2) r=qdot,ttaubert
J.C. Jones <jjones@mozilla.com> - Mon, 09 Oct 2017 16:28:13 -0700 - rev 436465
Push 8114 by jlorenzo@mozilla.com at 2017-11-02 16:33 +0000
Bug 1406456 - WebAuthn WebIDL Updates for WD-07 (part 2) r=qdot,ttaubert This covers these renames: * In CollectedClientData, hashAlg => hashAlgorithm * In CollectedClientData, tokenBinding => tokenBindingId * In MakePublicKeyCredentialOptions, parameters => pubKeyCredParams * In MakePublicKeyCredentialOptions, excludeList => excludeCredentials * In PublicKeyCredentialRequestOptions, allowList => allowCredentials * Transport (WebAuthnTransport in Gecko) => AuthenticatorTransport MozReview-Commit-ID: 3FdRnkosy83
bd51b47ccb9b: Bug 1406469 - Handle the WebAuthn "User Verified" flag r=ttaubert
J.C. Jones <jjones@mozilla.com> - Mon, 09 Oct 2017 18:10:31 -0700 - rev 436448
Push 8114 by jlorenzo@mozilla.com at 2017-11-02 16:33 +0000
Bug 1406469 - Handle the WebAuthn "User Verified" flag r=ttaubert WebAuthn has added a flag UV to indicate the user was biometrically verified. We have to make sure not to set that flag for U2F. Turns out we already do that, but let's add the constant and such. Ref: https://w3c.github.io/webauthn/#authenticator-data MozReview-Commit-ID: 6Qtjdkverls
f2d25c30aaed: Bug 1244959 - Use IsRegistrableDomainSuffixOfOrEqualTo for U2F Facets r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 28 Sep 2017 16:45:28 -0700 - rev 435213
Push 8114 by jlorenzo@mozilla.com at 2017-11-02 16:33 +0000
Bug 1244959 - Use IsRegistrableDomainSuffixOfOrEqualTo for U2F Facets r=ttaubert In Comment 8 of Bug 1244959 [1], Brad Hill argues that instead of leaving our U2F Facet support completely half-way, that we could use the Public Suffix logic introduced into HTML for W3C Web Authentication (the method named IsRegistrableDomainSuffixOfOrEqualTo) to scope the FIDO AppID to an eTLD+1 hierarchy. This is a deviation from the FIDO specification, but doesn't break anything that currently works with our U2F implementation, and theoretically enables sites that otherwise need an external FacetID fetch which we aren't implementing. The downside to this is that it's then Firefox-specific behavior. But since this isn't a shipped feature, we have more room to experiment. As an additional bonus, it encourages U2F sites to use the upcoming Web Authentication security model, which will help them prepare to adopt the newer standard. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1244959#c8 MozReview-Commit-ID: DzNVhHT9qRL
0902f7275334: Bug 1399334 - Add more debugging to see why certificates aren't valid. r=ttaubert
J.C. Jones <jjones@mozilla.com> - Mon, 18 Sep 2017 21:43:40 -0700 - rev 431238
Push 7781 by ryanvm@gmail.com at 2017-09-20 00:42 +0000
Bug 1399334 - Add more debugging to see why certificates aren't valid. r=ttaubert There's an intermittent that is showing up now that test_register_sign.html checks state.attestationCert.verify(); to ensure hte SoftToken's certificate is valid. This patch prints the offending certificate when it's encountered, to help diagnose the root cause. MozReview-Commit-ID: 4QSobq9fBGK
07b93c7fec6c: Bug 1400066 - Gracefully handle unsupported platforms for U2F HID support r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 14 Sep 2017 18:11:47 -0700 - rev 430626
Push 7768 by ryanvm@gmail.com at 2017-09-16 16:13 +0000
Bug 1400066 - Gracefully handle unsupported platforms for U2F HID support r=ttaubert FreeBSD isn't currently support for FIDO U2F support, similar to Android, so this patch [1] from Jan Beich <jbeich@FreeBSD.org> treats Android and FreeBSD the same. With luck, someone will add in the platform support for both, soon! [1] https://github.com/jcjones/u2f-hid-rs/pull/44 MozReview-Commit-ID: DU7Rco2NLb3
0aed7d43efe2: Bug 1400080 - Remove impossible telemetry test from WebAuthn r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 14 Sep 2017 19:17:52 -0700 - rev 430625
Push 7768 by ryanvm@gmail.com at 2017-09-16 16:13 +0000
Bug 1400080 - Remove impossible telemetry test from WebAuthn r=ttaubert Now that there are actual hardware devices, this test can't be run: it depended on there being a deliberately-erroring implementation of WebAuthn which would instantly reject promises. Fortunately, this test was really more a test that telemetry scalars work properly than really the functionality of WebAuthn. Sadly, I don't see any way to re-enable this test without adding a new test- only pref to the tree, which doesn't seem worth it for the telemetry. So this patch removes the offending test completely which was backed out in https://hg.mozilla.org/integration/mozilla-inbound/rev/c115eec567a6 . MozReview-Commit-ID: LiLuQHbPU1z
fd7e4852bd06: Bug 1245527 - Remove NSS U2F SoftToken. r=ttaubert, r=jed
J.C. Jones <jjones@mozilla.com> - Tue, 05 Sep 2017 12:32:42 -0700 - rev 429803
Push 7761 by jlund@mozilla.com at 2017-09-15 00:19 +0000
Bug 1245527 - Remove NSS U2F SoftToken. r=ttaubert, r=jed The nsIU2FToken and its implementors are no longer needed; the soft token was re-implemented into dom/webauthn/U2FSoftTokenManager.cpp during the WebAuthn implementation. When the dom/u2f/ code changed to the implementation from WebAuthn, the old synchronous version became dead code. This patch removes the dead code. MozReview-Commit-ID: 2yDD0tccgZr
dd315914f198: Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
J.C. Jones <jjones@mozilla.com> - Mon, 11 Sep 2017 12:56:59 -0700 - rev 429802
Push 7761 by jlund@mozilla.com at 2017-09-15 00:19 +0000
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm
8ee1f7aebd62: Bug 1245527 - Remove NSS U2F SoftToken. r=ttaubert, r=jed
J.C. Jones <jjones@mozilla.com> - Tue, 05 Sep 2017 12:32:42 -0700 - rev 429377
Push 7761 by jlund@mozilla.com at 2017-09-15 00:19 +0000
Bug 1245527 - Remove NSS U2F SoftToken. r=ttaubert, r=jed The nsIU2FToken and its implementors are no longer needed; the soft token was re-implemented into dom/webauthn/U2FSoftTokenManager.cpp during the WebAuthn implementation. When the dom/u2f/ code changed to the implementation from WebAuthn, the old synchronous version became dead code. This patch removes the dead code. MozReview-Commit-ID: 2yDD0tccgZr
e6a5de8d1246: Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
J.C. Jones <jjones@mozilla.com> - Tue, 05 Sep 2017 12:32:42 -0700 - rev 429376
Push 7761 by jlund@mozilla.com at 2017-09-15 00:19 +0000
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for prefs and scheme, and generally made these cleaner. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm
f7a53ff2f8cb: Bug 1383799 - Cancel WebAuthn operations on tab-switch r=ttaubert
J.C. Jones <jjones@mozilla.com> - Fri, 04 Aug 2017 12:34:18 -0700 - rev 423506
Push 7761 by jlund@mozilla.com at 2017-09-15 00:19 +0000
Bug 1383799 - Cancel WebAuthn operations on tab-switch r=ttaubert WebAuthn operations that are in-flight with authenticators must be cancelled when switching tabs. There's an Issue [1] opened with the WebAuthn spec for this already, but the language is _not_ in spec. Still, it's necessary for security, spec or not. This also matches how Chromium handles U2F operations during a tab switch. [1] https://github.com/w3c/webauthn/issues/316 MozReview-Commit-ID: 6Qh9oC4pqys
58b579b4ef4e: Bug 1373672 - Part 3: Expose childOffset from nsIDocShell to use in nsSessionStoreUtils, r=ttaubert, r=smaug
Michael Layzell <michael@thelayzells.com> - Wed, 02 Aug 2017 19:08:19 +0200 - rev 421935
Push 7761 by jlund@mozilla.com at 2017-09-15 00:19 +0000
Bug 1373672 - Part 3: Expose childOffset from nsIDocShell to use in nsSessionStoreUtils, r=ttaubert, r=smaug The reasoning behind this is that with this change, removing a non-dynamic docshell from the document dynamically shouldn't affect the indexes which we use for both recording and restoring data in child docshells. MozReview-Commit-ID: JIK8GBSWDEF * * * fixup From c2cb8e33211348c36b1ce18bb62e6465fa46d3ae Mon Sep 17 00:00:00 2001
36bb09c4b28e: Bug 1373672 - Part 3: Expose childOffset from nsIDocShell to use in nsSessionStoreUtils, r=ttaubert, r=smaug
Michael Layzell <michael@thelayzells.com> - Tue, 01 Aug 2017 11:22:53 +0200 - rev 420910
Push 7566 by mtabara@mozilla.com at 2017-08-02 08:25 +0000
Bug 1373672 - Part 3: Expose childOffset from nsIDocShell to use in nsSessionStoreUtils, r=ttaubert, r=smaug The reasoning behind this is that with this change, removing a non-dynamic docshell from the document dynamically shouldn't affect the indexes which we use for both recording and restoring data in child docshells. MozReview-Commit-ID: JIK8GBSWDEF
1f66a39c19f1: Bug 1380529 - Only permit "ES256" as pubkey type for WebAuthn (3/3) r=ttaubert
J.C. Jones <jjones@mozilla.com> - Fri, 14 Jul 2017 09:57:52 -0700 - rev 418942
Push 7566 by mtabara@mozilla.com at 2017-08-02 08:25 +0000
Bug 1380529 - Only permit "ES256" as pubkey type for WebAuthn (3/3) r=ttaubert Web Authentication uses JWK algorithm names (ES256) instead of WebCrypto names (such as P-256). There are other JWK algorithm names, but our current U2F-backed implementation only can support ES256 anyway, as that's all that FIDO U2F devices understand. This patch limits us to the name ES256 for the "alg" parameter. MozReview-Commit-ID: 3V5DMzVzPad
070367125549: Bug 1380529 - Use CBOR for the Create Credential WebAuthn call (2/3) r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 13 Jul 2017 18:12:50 -0700 - rev 418941
Push 7566 by mtabara@mozilla.com at 2017-08-02 08:25 +0000
Bug 1380529 - Use CBOR for the Create Credential WebAuthn call (2/3) r=ttaubert The WebAuthn Create Credential method should encode its results using CBOR; this patch changes to that format. The CBOR formats for the U2F data are specified in [1][2] The attestation data format is in [3] The high-level layout is in [4] [1] https://w3c.github.io/webauthn/#generating-an-attestation-object [2] https://w3c.github.io/webauthn/#fido-u2f-attestation [3] https://w3c.github.io/webauthn/#sec-attestation-data [4] https://w3c.github.io/webauthn/#sctn-attestation MozReview-Commit-ID: BYoFCJSxlLt
45b4405c24ca: Bug 1380529 - Add a CBOR library for WebAuthn (1/3) r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 13 Jul 2017 18:12:57 -0700 - rev 418940
Push 7566 by mtabara@mozilla.com at 2017-08-02 08:25 +0000
Bug 1380529 - Add a CBOR library for WebAuthn (1/3) r=ttaubert Web Authentication's WD-05 specification moves to using (CBOR) Concise Binary Object Representation to transmit the binary data... most of it. This lands a subset of the Apache 2-licensed "CBOR C++" serialization library [1] into webauthn's path. It does not add any code to use this library; see patch 2/3. [1] https://github.com/naphaso/cbor-cpp/ MozReview-Commit-ID: Ktj9TgdqElk
0bb5555fa027: bug 1375709 - avoid deadlock when shutting down NSS r=Cykesiopka,ttaubert
David Keeler <dkeeler@mozilla.com> - Mon, 10 Jul 2017 16:25:51 -0700 - rev 417724
Push 7566 by mtabara@mozilla.com at 2017-08-02 08:25 +0000
bug 1375709 - avoid deadlock when shutting down NSS r=Cykesiopka,ttaubert The deadlock fix attempted in bug 1273475 was incomplete. This should prevent the issue by preventing nsNSSShutDownPreventionLocks from attempting to increment the NSS activity state count when shutdown is in progress (this is acceptible because when code that creates any nsNSSShutDownPreventionLocks then checks isAlreadyShutDown(), it will return true because sInShutdown is true, thus preventing that code from unsafely using NSS resources and functions). MozReview-Commit-ID: 4o5DGbU2TCq
9d6095db5090: bug 1344478 - isAlreadyShutDown should return true for nsNSSShutDownObjects created after NSS shut down r=Cykesiopka,ttaubert
David Keeler <dkeeler@mozilla.com> - Mon, 13 Mar 2017 15:26:40 -0700 - rev 396842
Push 7391 by mtabara@mozilla.com at 2017-06-12 13:08 +0000
bug 1344478 - isAlreadyShutDown should return true for nsNSSShutDownObjects created after NSS shut down r=Cykesiopka,ttaubert MozReview-Commit-ID: 5bUTLz6mGKC In general, it is possible to create a new nsNSSShutDownObject after nsNSSShutDownList::shutdown() had been called. Before this patch, at that point, isAlreadyShutDown() would incorrectly return false, which could lead to code calling NSS functions, which would probably lead to a crash (because NSS could be uninitialized at that point). This change merges nsNSSShutDownList::shutdown() with evaporateAllNSSResources() into evaporateAllNSSResourcesAndShutDown() for simplicity and makes it so isAlreadyShutDown() returns true if called after that point.
3dc5c1d37929: Bug 1344595 - Protect against nsIPrincipal.origin throwing for about:blank iframes; r=ttaubert
Ehsan Akhgari <ehsan@mozilla.com> - Sat, 04 Mar 2017 18:31:11 -0500 - rev 394317
Push 7391 by mtabara@mozilla.com at 2017-06-12 13:08 +0000
Bug 1344595 - Protect against nsIPrincipal.origin throwing for about:blank iframes; r=ttaubert