dom/u2f/tests/frame_multiple_keys.html
author ffxbld <ffxbld@mozilla.com>
Mon, 10 Aug 2020 10:14:10 +0000
changeset 605814 7bf8ce68eb7981796d4e06fc6c75b3c9ffd5c2a1
parent 432277 dd315914f198f74605f6f3bb5311a12e66a1787f
permissions -rw-r--r--
No Bug, mozilla-release repo-update remote-settings - a=repo-update r=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D86531

<!DOCTYPE html>
<meta charset=utf-8>
<head>
  <script type="text/javascript" src="frame_utils.js"></script>
  <script type="text/javascript" src="u2futil.js"></script>
</head>
<body>
<p>Test for multiple simultaneous key</p>
<script class="testbody" type="text/javascript">
"use strict";

function keyHandleFromRegResponse(aRegResponse) {
  // Parse the response data from the U2F token
  let registrationData = base64ToBytesUrlSafe(aRegResponse.registrationData);
  local_is(registrationData[0], 0x05, "Reserved byte is correct")

  let keyHandleLength = registrationData[66];
  let keyHandleBytes = registrationData.slice(67, 67 + keyHandleLength);

  return {
    version: "U2F_V2",
    keyHandle: bytesToBase64UrlSafe(keyHandleBytes),
  };
}

let challenge = new Uint8Array(16);
window.crypto.getRandomValues(challenge);

let regRequest = {
  version: "U2F_V2",
  challenge: bytesToBase64UrlSafe(challenge),
};

let testState = {
  key1: null,
  key2: null,
}

// Just a key that came from a random profile; syntactically valid but not
// unwrappable.
let invalidKey = {
  "version": "U2F_V2",
  "keyHandle": "rQdreHgHrmKfsnGPAElEP9yfTx6eq2eU3_Y8n0RRsGKML0DY2d1_a8_-sOtxDr3"
};

async function doTests() {
  // Ensure the SpecialPowers push worked properly
  local_isnot(window.u2f, undefined, "U2F API endpoint must exist");

  // Get two valid keys and present them
  await promiseU2FRegister(window.location.origin, [regRequest], [], function(aRegResponse) {
    testState.key1 = keyHandleFromRegResponse(aRegResponse);
  });

  // Get the second key...
  // It's OK to repeat the regRequest; not material for this test
  await promiseU2FRegister(window.location.origin, [regRequest], [], function(aRegResponse) {
    testState.key2 = keyHandleFromRegResponse(aRegResponse);
  });

  await promiseU2FRegister(window.location.origin, [regRequest],
                           [invalidKey], function(aRegResponse) {
    // The invalid key shouldn't match anything, so we should register OK here, too
    local_is(aRegResponse.errorCode, 0, "The register should have gone through with the invalid key");
  });


  await promiseU2FRegister(window.location.origin, [regRequest],
                           [invalidKey, testState.key1], function(aRegResponse) {
    // Expect a failure response since key1 is already registered
    local_is(aRegResponse.errorCode, 4, "The register should have skipped since there was a valid key");
  });

  await promiseU2FSign(window.location.origin, bytesToBase64UrlSafe(challenge),
                  [testState.key1], function(aSignResponse) {
    local_is(aSignResponse.errorCode, 0, "The signing did not error with one key");
    local_isnot(aSignResponse.clientData, undefined, "The signing provided clientData with one key");
  });

  // It's OK to sign with either one
  await promiseU2FSign(window.location.origin, bytesToBase64UrlSafe(challenge),
                  [testState.key1, testState.key2], function(aSignResponse) {
    local_is(aSignResponse.errorCode, 0, "The signing did not error with two keys");
    local_isnot(aSignResponse.clientData, undefined, "The signing provided clientData with two keys");
  });

  await promiseU2FSign(window.location.origin, bytesToBase64UrlSafe(challenge),
                    [invalidKey, testState.key2], function(aSignResponse) {
    local_is(aSignResponse.errorCode, 0, "The signing did not error when given an invalid key");
    local_isnot(aSignResponse.clientData, undefined, "The signing provided clientData even when given an invalid key");
  });

  await promiseU2FSign(window.location.origin, bytesToBase64UrlSafe(challenge),
                    [testState.key2, invalidKey], function(aSignResponse) {
    local_is(aSignResponse.errorCode, 0, "The signing did not error when given an invalid key");
    local_isnot(aSignResponse.clientData, undefined, "The signing provided clientData even when given an invalid key");
  });

  await promiseU2FSign(window.location.origin, bytesToBase64UrlSafe(challenge),
                    [invalidKey], function(aSignResponse) {
    local_is(aSignResponse.errorCode, 4, "The signing couldn't complete with this invalid key");
    local_is(aSignResponse.clientData, undefined, "The signing shouldn't provide clientData when there's no valid key");
  });

  local_finished();
};

doTests();
</script>
</body>
</html>