Bug 1528097 : Fix FIDO U2F support on Windows 10 19H1/20H1 Insider builds r=keeler,jcj
authorAkshay Kumar <akshay.sonu@gmail.com>
Mon, 04 Mar 2019 20:07:24 +0000
changeset 520148 ce7738b3a35df45b1984a8fccec773cc3a429325
parent 520147 b9acd5279c31d159c9d0dcf1a0e038cb324593b6
child 520149 8cbf86043273811dd463d6707945ca3346ade726
push id10862
push userffxbld-merge
push dateMon, 11 Mar 2019 13:01:11 +0000
treeherdermozilla-beta@a2e7f5c935da [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler, jcj
bugs1528097
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1528097 : Fix FIDO U2F support on Windows 10 19H1/20H1 Insider builds r=keeler,jcj U2F support, behind the `security.webauth.u2f` pref and exposed by `dom/u2f/U2F.cpp`, was broken when using Windows Hello, as the correct options for compatibility weren't set. This patch sets up Windows Hello to handle U2F-protocol backward compatibility properly. Differential Revision: https://phabricator.services.mozilla.com/D21844
dom/webauthn/WinWebAuthnManager.cpp
--- a/dom/webauthn/WinWebAuthnManager.cpp
+++ b/dom/webauthn/WinWebAuthnManager.cpp
@@ -471,16 +471,22 @@ void WinWebAuthnManager::Sign(PWebAuthnT
   MOZ_LOG(gWinWebAuthnManagerLog, LogLevel::Debug, ("WinWebAuthNSign"));
 
   ClearTransaction();
   mTransactionParent = aTransactionParent;
 
   // User Verification Requirement
   DWORD winUserVerificationReq = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_ANY;
 
+  // RPID
+  PCWSTR rpID = nullptr;
+
+  // Attachment
+  DWORD winAttachment = WEBAUTHN_AUTHENTICATOR_ATTACHMENT_ANY;
+
   // AppId
   BOOL bU2fAppIdUsed = FALSE;
   BOOL* pbU2fAppIdUsed = nullptr;
   PCWSTR winAppIdentifier = nullptr;
 
   // Client Data
   WEBAUTHN_CLIENT_DATA WebAuthNClientData = {
       WEBAUTHN_CLIENT_DATA_CURRENT_VERSION, aInfo.ClientDataJSON().Length(),
@@ -494,16 +500,19 @@ void WinWebAuthnManager::Sign(PWebAuthnT
       if (ext.type() == WebAuthnExtension::TWebAuthnExtensionAppId) {
         winAppIdentifier =
             ext.get_WebAuthnExtensionAppId().appIdentifier().get();
         pbU2fAppIdUsed = &bU2fAppIdUsed;
         break;
       }
     }
 
+    // RPID
+    rpID = aInfo.RpId().get();
+
     // User Verification Requirement
     UserVerificationRequirement userVerificationReq =
         static_cast<UserVerificationRequirement>(
             extra.userVerificationRequirement());
 
     switch (userVerificationReq) {
       case UserVerificationRequirement::Required:
         winUserVerificationReq =
@@ -516,16 +525,22 @@ void WinWebAuthnManager::Sign(PWebAuthnT
       case UserVerificationRequirement::Discouraged:
         winUserVerificationReq =
             WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED;
         break;
       default:
         winUserVerificationReq = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_ANY;
         break;
     }
+  } else {
+    rpID = aInfo.Origin().get();
+    winAppIdentifier = aInfo.RpId().get();
+    pbU2fAppIdUsed = &bU2fAppIdUsed;
+    winAttachment = WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM_U2F_V2;
+    winUserVerificationReq = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED;
   }
 
   // allow Credentials
   nsTArray<WEBAUTHN_CREDENTIAL_EX> allowCredentials;
   WEBAUTHN_CREDENTIAL_EX* pAllowCredentials = nullptr;
   nsTArray<WEBAUTHN_CREDENTIAL_EX*> allowCredentialsPtrs;
   WEBAUTHN_CREDENTIAL_LIST allowCredentialList = {0};
   WEBAUTHN_CREDENTIAL_LIST* pAllowCredentialList = nullptr;
@@ -585,17 +600,17 @@ void WinWebAuthnManager::Sign(PWebAuthnT
 
   PWEBAUTHN_ASSERTION pWebAuthNAssertion = nullptr;
 
   // Bug 1518876: Get Window Handle from Content process for Windows WebAuthN
   // APIs
   HWND hWnd = GetForegroundWindow();
 
   HRESULT hr =
-      gWinWebauthnGetAssertion(hWnd, aInfo.RpId().get(), &WebAuthNClientData,
+      gWinWebauthnGetAssertion(hWnd, rpID, &WebAuthNClientData,
                                &WebAuthNAssertionOptions, &pWebAuthNAssertion);
 
   mCancellationIds.erase(aTransactionId);
 
   if (hr == S_OK) {
     nsTArray<uint8_t> signature;
     if (aInfo.Extra().type() ==
         WebAuthnMaybeGetAssertionExtraInfo::TWebAuthnGetAssertionExtraInfo) {