searching for reviewer(ttaubert)
3c95faed62ee89a0597ef181f8df9f9b50e98b3f: Bug 1463170 - Set AuthenticatorAssertionResponse.userHandle to null r=ttaubert r=smaug
J.C. Jones <jjones@mozilla.com> - Mon, 21 May 2018 09:04:50 -0700 - rev 476451
Push 1757 by ffxbld-merge at Fri, 24 Aug 2018 17:02:43 +0000
Bug 1463170 - Set AuthenticatorAssertionResponse.userHandle to null r=ttaubert r=smaug Summary: The WebAuthn spec says to set `AuthenticatorAssertionResponse.userHandle` to null when the authenticator returns no user handle (e.g., when allowList is set), but we return an empty ArrayBuffer. This is because of the defaults in AuthenticatorAssertionResponse.h, as the field is itself unset. We missed this change to the spec that happened in December [2], so this also has a corresponding WebIDL update. I don't see any other instances of WebIDL differences. [1] https://w3c.github.io/webauthn/#ref-for-dom-authenticatorassertionresponse-userhandle%E2%91%A0 [2] https://github.com/w3c/webauthn/commit/3b2a1d141cbd8f2954f073a6b6598d954398a986 Test Plan: https://treeherder.mozilla.org/#/jobs?repo=try&revision=59a2ab255ef14e935c1aa9f457276f8e61e5d779 Reviewers: smaug, ttaubert Bug #: 1463170 Differential Revision: https://phabricator.services.mozilla.com/D1337
5166f4f5af706b3c37982ac1e94498d979b8198d: Bug 1460767 - Return device ineligible when appropriate for U2F r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 10 May 2018 16:36:18 -0700 - rev 474908
Push 1757 by ffxbld-merge at Fri, 24 Aug 2018 17:02:43 +0000
Bug 1460767 - Return device ineligible when appropriate for U2F r=ttaubert Summary: FIDO U2F's specification says that when the wrong security key responds to a signature, or when an already-registered key exists, that the UA should return error code 4, DEVICE_INELIGIBLE. We used to do that, but adjusted some things for WebAuthn and now we don't. This changes the soft token to return that at the appropriate times, and updates the expectations of U2F.cpp that it should use InvalidStateError as the signal to reutrn DEVICE_INELIGIBLE. Also, note that WebAuthn's specification says that if any authenticator returns "InvalidStateError" that it should be propagated, as it indicates that the authenticator obtained user consent and failed to complete its job [1]. This change to the Soft Token affects the WebAuthn tests, but in a good way. Reading the WebAuthn spec, we should not be returning NotAllowedError when there is consent from the user via the token (which the softtoken always deliveres). As such, this adjusts the affected WebAuthn tests, and adds a couple useful checks to test_webauthn_get_assertion.html for future purposes. [1] https://w3c.github.io/webauthn/#createCredential section 5.1.3 "Create a new credential", Step 20, Note 2: "If any authenticator returns an error status equivalent to "InvalidStateError"..." Test Plan: https://treeherder.mozilla.org/#/jobs?repo=try&revision=f2fc930f7fc8eea69b1ebc96748fe95e150a92a4 Reviewers: ttaubert Bug #: 1460767 Differential Revision: https://phabricator.services.mozilla.com/D1269
36c03b72db500ae707a6876cc34c811a639d1ad7: Bug 1463170 - Set AuthenticatorAssertionResponse.userHandle to null. r=ttaubert, r=smaug, a=RyanVM
J.C. Jones <jjones@mozilla.com> - Mon, 21 May 2018 09:04:50 -0700 - rev 473496
Push 1728 by jlund@mozilla.com at Mon, 18 Jun 2018 21:12:27 +0000
Bug 1463170 - Set AuthenticatorAssertionResponse.userHandle to null. r=ttaubert, r=smaug, a=RyanVM Summary: The WebAuthn spec says to set `AuthenticatorAssertionResponse.userHandle` to null when the authenticator returns no user handle (e.g., when allowList is set), but we return an empty ArrayBuffer. This is because of the defaults in AuthenticatorAssertionResponse.h, as the field is itself unset. We missed this change to the spec that happened in December [2], so this also has a corresponding WebIDL update. I don't see any other instances of WebIDL differences. [1] https://w3c.github.io/webauthn/#ref-for-dom-authenticatorassertionresponse-userhandle%E2%91%A0 [2] https://github.com/w3c/webauthn/commit/3b2a1d141cbd8f2954f073a6b6598d954398a986 Test Plan: https://treeherder.mozilla.org/#/jobs?repo=try&revision=59a2ab255ef14e935c1aa9f457276f8e61e5d779 Reviewers: smaug, ttaubert Bug #: 1463170 Differential Revision: https://phabricator.services.mozilla.com/D1337
594d4ff3b55bca69fedc366b0573bf17e204f118: Bug 1460767 - Return device ineligible when appropriate for U2F. r=ttaubert, a=RyanVM
J.C. Jones <jjones@mozilla.com> - Thu, 10 May 2018 16:36:18 -0700 - rev 473341
Push 1728 by jlund@mozilla.com at Mon, 18 Jun 2018 21:12:27 +0000
Bug 1460767 - Return device ineligible when appropriate for U2F. r=ttaubert, a=RyanVM Summary: FIDO U2F's specification says that when the wrong security key responds to a signature, or when an already-registered key exists, that the UA should return error code 4, DEVICE_INELIGIBLE. We used to do that, but adjusted some things for WebAuthn and now we don't. This changes the soft token to return that at the appropriate times, and updates the expectations of U2F.cpp that it should use InvalidStateError as the signal to reutrn DEVICE_INELIGIBLE. Also, note that WebAuthn's specification says that if any authenticator returns "InvalidStateError" that it should be propagated, as it indicates that the authenticator obtained user consent and failed to complete its job [1]. This change to the Soft Token affects the WebAuthn tests, but in a good way. Reading the WebAuthn spec, we should not be returning NotAllowedError when there is consent from the user via the token (which the softtoken always deliveres). As such, this adjusts the affected WebAuthn tests, and adds a couple useful checks to test_webauthn_get_assertion.html for future purposes. [1] https://w3c.github.io/webauthn/#createCredential section 5.1.3 "Create a new credential", Step 20, Note 2: "If any authenticator returns an error status equivalent to "InvalidStateError"..." Test Plan: https://treeherder.mozilla.org/#/jobs?repo=try&revision=f2fc930f7fc8eea69b1ebc96748fe95e150a92a4 Reviewers: ttaubert Bug #: 1460767 Differential Revision: https://phabricator.services.mozilla.com/D1269
141a3103a248206af8178cdac0e5c90cb4f7efec: Bug 1443248 - Update u2fhid to core-foundation-sys 0.5. r=ttaubert
Matt Brubeck <mbrubeck@mozilla.com> - Mon, 05 Mar 2018 11:13:13 -0800 - rev 461824
Push 1683 by sfraser@mozilla.com at Thu, 26 Apr 2018 16:43:40 +0000
Bug 1443248 - Update u2fhid to core-foundation-sys 0.5. r=ttaubert MozReview-Commit-ID: 4xTSQpvHHAV
62646c1718b29026bb0fc8dddc2bcbe894a025f7: Bug 1436078 - Hard-code U2F permissions for Google Accounts r=ttaubert
J.C. Jones <jjones@mozilla.com> - Tue, 06 Feb 2018 16:59:00 -0700 - rev 457803
Push 1683 by sfraser@mozilla.com at Thu, 26 Apr 2018 16:43:40 +0000
Bug 1436078 - Hard-code U2F permissions for Google Accounts r=ttaubert This patch support already-enrolled U2F devices at Google Accounts by adding a hard-coded "OK" into the U2F EvaluateAppID method, per the intent-to-ship [1]. This adds no tests, as this is not testable in our infrastructure. It will require cooporation with Google Accounts to validate. [1] https://groups.google.com/d/msg/mozilla.dev.platform/Uiu3fwnA2xw/201ynAiPAQAJ MozReview-Commit-ID: 1YLd5sfeTKv
89ac5a28c228649e436cd8dbcec0d395c231e4e1: Bug 1436078 - Hard-code U2F permissions for Google Accounts r=ttaubert
J.C. Jones <jjones@mozilla.com> - Tue, 06 Feb 2018 16:59:00 -0700 - rev 457757
Push 1683 by sfraser@mozilla.com at Thu, 26 Apr 2018 16:43:40 +0000
Bug 1436078 - Hard-code U2F permissions for Google Accounts r=ttaubert This patch support already-enrolled U2F devices at Google Accounts by adding a hard-coded "OK" into the U2F EvaluateAppID method, per the intent-to-ship [1]. This adds no tests, as this is not testable in our infrastructure. It will require cooporation with Google Accounts to validate. [1] https://groups.google.com/d/msg/mozilla.dev.platform/Uiu3fwnA2xw/201ynAiPAQAJ MozReview-Commit-ID: 1YLd5sfeTKv
e21956fd51a330cad2301e49bb458e2ca94c5368: bug 1421084 - part 4/4 - remove nsNSSShutDown.h and (hopefully) all references to it r=mt,ttaubert
David Keeler <dkeeler@mozilla.com> - Wed, 24 Jan 2018 14:44:01 -0800 - rev 457121
Push 1683 by sfraser@mozilla.com at Thu, 26 Apr 2018 16:43:40 +0000
bug 1421084 - part 4/4 - remove nsNSSShutDown.h and (hopefully) all references to it r=mt,ttaubert MozReview-Commit-ID: 2mhvHsC5Nil
0d42218045d9de6b746b09669dedb0e30e8005c3: bug 1421084 - part 3/4 - remove nsNSSShutDownObject::shutdown and virtualDestroyNSSReference r=mt,ttaubert
David Keeler <dkeeler@mozilla.com> - Wed, 24 Jan 2018 14:29:08 -0800 - rev 457120
Push 1683 by sfraser@mozilla.com at Thu, 26 Apr 2018 16:43:40 +0000
bug 1421084 - part 3/4 - remove nsNSSShutDownObject::shutdown and virtualDestroyNSSReference r=mt,ttaubert MozReview-Commit-ID: ErL7ZjAGVVC
ecb9941ee0344bd6952724e371589c3d0834e30d: bug 1421084 - part 2/4 - remove nsNSSShutDownObject::isAlreadyShutDown() r=mt,ttaubert
David Keeler <dkeeler@mozilla.com> - Tue, 23 Jan 2018 12:22:56 -0800 - rev 457119
Push 1683 by sfraser@mozilla.com at Thu, 26 Apr 2018 16:43:40 +0000
bug 1421084 - part 2/4 - remove nsNSSShutDownObject::isAlreadyShutDown() r=mt,ttaubert MozReview-Commit-ID: DlS16pHE0Ik
b2b6ca8d0f70173d7b18bca53fa4e7a57dba9a14: bug 1421084 - part 1/4 - remove now-unnecessary nsNSSShutDownPreventionLock r=mt,ttaubert
David Keeler <dkeeler@mozilla.com> - Tue, 23 Jan 2018 10:37:47 -0800 - rev 457118
Push 1683 by sfraser@mozilla.com at Thu, 26 Apr 2018 16:43:40 +0000
bug 1421084 - part 1/4 - remove now-unnecessary nsNSSShutDownPreventionLock r=mt,ttaubert As of bug 1417680, the NSS shutdown tracking infrastructure is unnecessary (and does nothing anyway). This series of changesets removes the remaining pieces in a way that is hopefully easy to confirm is correct. MozReview-Commit-ID: 8Y5wpsyNlGc
c2e41df3f41f38fe9a38282610f7c1daf519f87c: Bug 1428916 - WebAuthn: Draft Attestation Preference r=smaug,ttaubert
J.C. Jones <jjones@mozilla.com> - Tue, 23 Jan 2018 12:21:15 -0700 - rev 455483
Push 1683 by sfraser@mozilla.com at Thu, 26 Apr 2018 16:43:40 +0000
Bug 1428916 - WebAuthn: Draft Attestation Preference r=smaug,ttaubert The WebAuthn spec lets RPs ask to specifically get direct attestation certificates during credential creation using the "Attestation Conveyance Preference" [1]. This change adds that field into the WebIDL and ignores it for now. This is pre-work to Bug #1430150 which will make this useful (which in turn requires Bug #1416056's support for anonymizing those attestation certificates). [1] https://www.w3.org/TR/webauthn/#attestation-convey MozReview-Commit-ID: 763vaAMv48z
d67a47719c805b8db375d6708f08a7b0f8335976: Bug 1407789 - Prohibit cross-site iframes for Credential Management r=baku,keeler,ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 12 Oct 2017 18:18:39 -0700 - rev 452565
Push 1648 by mtabara@mozilla.com at Thu, 01 Mar 2018 12:45:47 +0000
Bug 1407789 - Prohibit cross-site iframes for Credential Management r=baku,keeler,ttaubert Credential Management defines a parameter `sameOriginWithAncestors` which is set true if the responsible document is not either in a top-level browsing context, or is in a nested context whose heirarchy is all loaded from the same origin as the top-level context [1][2]. The individual credential types of CredMan can use this flag to make decisions on whether to error or not. Our Credential Management implementation right now is a shim to Web Authentication, which says that if `sameOriginWithAncestors` is false, return `"NotAllowedError"`. This ensures that https://webauthn.bin.coffee/iframe.html works, but the cross-origin https://u2f.bin.coffee/iframe-webauthn.html does not. [1] https://w3c.github.io/webappsec-credential-management/#algorithm-request [2] https://w3c.github.io/webappsec-credential-management/#algorithm-create [3] https://w3c.github.io/webauthn/#createCredential [4] https://w3c.github.io/webauthn/#getAssertion MozReview-Commit-ID: KIyakgl0kGv
4c3feee4dfd2d0efac06bf03c872cffd6f89ddc9: Bug 1247124 - Limit FIDO U2F to Secure Contexts r=ttaubert,smaug
J.C. Jones <jjones@mozilla.com> - Wed, 13 Dec 2017 17:02:38 -0600 - rev 450804
Push 1648 by mtabara@mozilla.com at Thu, 01 Mar 2018 12:45:47 +0000
Bug 1247124 - Limit FIDO U2F to Secure Contexts r=ttaubert,smaug Use the [SecureContext] webidl notation to hide the powerful "window.u2f" feature and its interface when not loaded in a secure context. MozReview-Commit-ID: 7en8b5ieI85
3c57b31afc7f822e20ad29f8bdc2de72d9d9112b: Bug 1423236 - Rerun mach vendor rust. r=ttaubert
Kartikaya Gupta <kgupta@mozilla.com> - Wed, 06 Dec 2017 15:43:11 -0500 - rev 449795
Push 1648 by mtabara@mozilla.com at Thu, 01 Mar 2018 12:45:47 +0000
Bug 1423236 - Rerun mach vendor rust. r=ttaubert This contains the generated changes from running `mach vendor rust` on the previous commit, and eliminates the redundant copy of libudev-sys we have sitting in third_party/rust/ MozReview-Commit-ID: IXTI14beFMi
82c4bf2512de78ee9e536571524f12c2bbbc11d5: Bug 1423236 - Use patch instead of replace to eliminate redundant vendored copy of libudev-sys. r=ttaubert
Kartikaya Gupta <kgupta@mozilla.com> - Wed, 06 Dec 2017 15:42:25 -0500 - rev 449794
Push 1648 by mtabara@mozilla.com at Thu, 01 Mar 2018 12:45:47 +0000
Bug 1423236 - Use patch instead of replace to eliminate redundant vendored copy of libudev-sys. r=ttaubert MozReview-Commit-ID: 529N231rvgY
45e4387bc585d3187d5fd945c2115e75195b0bfa: Bug 1420060 - FIPS can no longer be toggled in Firefox with the builtin NSS, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Fri, 24 Nov 2017 09:01:49 +0100 - rev 447873
Push 1648 by mtabara@mozilla.com at Thu, 01 Mar 2018 12:45:47 +0000
Bug 1420060 - FIPS can no longer be toggled in Firefox with the builtin NSS, r=ttaubert MozReview-Commit-ID: 5lgEBiFozSG Differential Revision: https://phabricator.services.mozilla.com/D282
1114ed8bfacdd43d55da3af0bf1f2b6668bf8894: Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert
Gabriele Svelto <gsvelto@mozilla.com> - Tue, 10 Oct 2017 15:25:39 +0200 - rev 447806
Push 1648 by mtabara@mozilla.com at Thu, 01 Mar 2018 12:45:47 +0000
Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert MozReview-Commit-ID: CfPBvffjEhq
cfcbb8333389ccf2ff91176f1aecf50199be018b: Bug 1403840 - add cose rust lib with a test, r=keeler,ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 22 Nov 2017 16:37:15 +0100 - rev 447587
Push 1648 by mtabara@mozilla.com at Thu, 01 Mar 2018 12:45:47 +0000
Bug 1403840 - add cose rust lib with a test, r=keeler,ttaubert Summary: This adds the COSE rust library from https://github.com/franziskuskiefer/cose-rust with its C API from https://github.com/franziskuskiefer/cose-c-api to gecko with a basic test. The COSE library will be used for verifying add-on signatures in future. Reviewers: keeler, ttaubert Reviewed By: keeler Bug #: 1403840 Differential Revision: https://phabricator.services.mozilla.com/D232
e1964f4389cd6897dafe96be88074b909f555b60: Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert
Gabriele Svelto <gsvelto@mozilla.com> - Tue, 10 Oct 2017 15:25:39 +0200 - rev 447543
Push 1648 by mtabara@mozilla.com at Thu, 01 Mar 2018 12:45:47 +0000
Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert MozReview-Commit-ID: CfPBvffjEhq
ec39af7d2914d83bdb491d0f1536fe710eb9cc72: Bug 1418752 - Firefox instahang on start after landing patch from bug #1392841. r=ttaubert
Michal Novotny <michal.novotny@gmail.com> - Wed, 22 Nov 2017 12:46:08 -0500 - rev 447468
Push 1648 by mtabara@mozilla.com at Thu, 01 Mar 2018 12:45:47 +0000
Bug 1418752 - Firefox instahang on start after landing patch from bug #1392841. r=ttaubert EnsureNSSInitializedChromeOrContent() sends sync event to main thread from non-main thread even if it's already initialized. This can make fix at https://searchfox.org/mozilla-central/rev/919dce54f43356c22d6ff6b81c07ef412b1bf933/netwerk/protocol/http/nsHttpHandler.cpp#2105 inefficient and can lead to a deadlock.
40444386933a58ff76502f11863784a87ea0996a: Bug 1401594 - land NSS NSS_3_34_BETA5 UPGRADE_NSS_RELEASE, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Thu, 09 Nov 2017 15:17:40 +0100 - rev 444253
Push 1618 by Callek@gmail.com at Thu, 11 Jan 2018 17:45:48 +0000
Bug 1401594 - land NSS NSS_3_34_BETA5 UPGRADE_NSS_RELEASE, r=ttaubert MozReview-Commit-ID: HdFnjDGJDcJ
af86f905265d01c9b908f3095a985dbf220f00e6: Bug 1415795 - revert name change of NSS API, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Thu, 09 Nov 2017 13:02:07 +0100 - rev 444252
Push 1618 by Callek@gmail.com at Thu, 11 Jan 2018 17:45:48 +0000
Bug 1415795 - revert name change of NSS API, r=ttaubert MozReview-Commit-ID: Jj72zkfaRh
98b1272e170c8b84fba7d39eaf1c909a4e5f2e34: Bug 1409259 - Add browser console test for the distrust console message r=keeler,ttaubert
J.C. Jones <jjones@mozilla.com> - Wed, 01 Nov 2017 20:59:33 -0700 - rev 443325
Push 1618 by Callek@gmail.com at Thu, 11 Jan 2018 17:45:48 +0000
Bug 1409259 - Add browser console test for the distrust console message r=keeler,ttaubert There are xpcshell tests to verify that the appropriate distrust flag is set upon reaching an affected end entity certificate; this test checks that the distrust flag prints a warning to console. MozReview-Commit-ID: OMG246WOOT
595e27212723846a3f0763d20e2919e96f257e3f: Bug 1409259 - Add a console warning for soon-to-be-distrusted roots r=keeler,ttaubert
J.C. Jones <jjones@mozilla.com> - Wed, 18 Oct 2017 22:29:42 -0700 - rev 443323
Push 1618 by Callek@gmail.com at Thu, 11 Jan 2018 17:45:48 +0000
Bug 1409259 - Add a console warning for soon-to-be-distrusted roots r=keeler,ttaubert This patch adds a new diagnostic status flag to nsIWebProgressListener, STATE_CERT_DISTRUST_IMMINENT, which indicates that the certificate chain is going to change validity due to an upcoming distrust event. The first of these events is this bug, affecting various roots from Symantec. The STATE_CERT_DISTRUST_IMMINENT flag is set by nsNSSCallbacks and passed, via nsSecureBrowserUIImpl, to browser.js where it is used to alert the console. Adding this sort of diagnostic printing to be accessible to browser.js is a long-desired goal, as future functionality can start doing more decision-making there. We may, for example, also want to degrade the lock icon, which will be straightforward with this flag. This commit does not implement the IsCertificateDistrustImminent method. That is follow-on work. MozReview-Commit-ID: 75IOdc24XIV
35f1751b91a9fff2c6f4649ce90aec5d1eb72976: Bug 1381190 - Change to COSE Algorithm identifiers for WebAuthn r=qdot,ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 12 Oct 2017 15:21:06 -0700 - rev 439987
Push 1618 by Callek@gmail.com at Thu, 11 Jan 2018 17:45:48 +0000
Bug 1381190 - Change to COSE Algorithm identifiers for WebAuthn r=qdot,ttaubert The WD-06 (and later) WebAuthn specs choose to move to integer algorithm identifiers for the signatures [1], with a handful of algorithms identified [2]. U2F devices only support ES256 (e.g., COSE ID "-7"), so that's all that is implemented here. Note that the spec also now requires that we accept empty lists of parameters, and in that case, the RP says they aren't picky, so this changes what happens when the parameter list is empty (but still aborts when the list is non-empty but doesn't have anything we can use) [3]. There's a follow-on to move parameter-validation logic into the U2FTokenManager in Bug 1409220. [1] https://w3c.github.io/webauthn/#dictdef-publickeycredentialparameters [2] https://w3c.github.io/webauthn/#alg-identifier [3] https://w3c.github.io/webauthn/#createCredential bullet #12 MozReview-Commit-ID: KgL7mQ9u1uq
c09ea1671fc337f30941d52e64588f76af7096ef: Bug 1381190 - Remove WebAuthnRequest dead code r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 12 Oct 2017 15:17:51 -0700 - rev 439986
Push 1618 by Callek@gmail.com at Thu, 11 Jan 2018 17:45:48 +0000
Bug 1381190 - Remove WebAuthnRequest dead code r=ttaubert The WebAuthnRequest.h file is no longer used, and it appears we forgot to clean it up. MozReview-Commit-ID: 8Cgh40YxGiY
d8c1c8894971b78c12f6ea4f6ce7d99fa200b227: Bug 1402267 - Add a scalar telemetry probe that tracks SessionFile worker restarts. data-r=liuche, r=chutten,liuche,ttaubert
Mike de Boer <mdeboer@mozilla.com> - Tue, 17 Oct 2017 12:04:37 +0200 - rev 439877
Push 1618 by Callek@gmail.com at Thu, 11 Jan 2018 17:45:48 +0000
Bug 1402267 - Add a scalar telemetry probe that tracks SessionFile worker restarts. data-r=liuche, r=chutten,liuche,ttaubert MozReview-Commit-ID: F3kCfz18kcQ
57bb241801c030d000b46e87028965791922b8f3: Bug 1402267 - Restart the SessionWorker each time there are failures reported as much as defined in the 'browser.sessionstore.max_write_failures' pref. r=ttaubert
Mike de Boer <mdeboer@mozilla.com> - Tue, 17 Oct 2017 11:59:33 +0200 - rev 439876
Push 1618 by Callek@gmail.com at Thu, 11 Jan 2018 17:45:48 +0000
Bug 1402267 - Restart the SessionWorker each time there are failures reported as much as defined in the 'browser.sessionstore.max_write_failures' pref. r=ttaubert MozReview-Commit-ID: 91vOcbmhFmj
8ebe3f571ab8e076da793b0003de8db5da6ecc08: Bug 1407829 - WebAuthn: Implement CredMan's Store method r=qdot,ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 12 Oct 2017 17:02:22 -0700 - rev 439733
Push 1618 by Callek@gmail.com at Thu, 11 Jan 2018 17:45:48 +0000
Bug 1407829 - WebAuthn: Implement CredMan's Store method r=qdot,ttaubert Credential Management defines a Store operation [1], which needs to be implemented for WebAuthn's spec compliance. It only returns a NotSupportedError for WebAuthn [2], so it's pretty simple. [1] https://w3c.github.io/webappsec-credential-management/#dom-credentialscontainer-store [2] https://w3c.github.io/webauthn/#storeCredential MozReview-Commit-ID: KDEB8r5feQt
12c5e82b0240f8f0c7909b690ab99b94bd1022ad: Bug 1406456 - WebAuthn WebIDL Updates for WD-07 (part 3) r=qdot,ttaubert
J.C. Jones <jjones@mozilla.com> - Mon, 09 Oct 2017 16:48:01 -0700 - rev 438959
Push 1618 by Callek@gmail.com at Thu, 11 Jan 2018 17:45:48 +0000
Bug 1406456 - WebAuthn WebIDL Updates for WD-07 (part 3) r=qdot,ttaubert Reorder WebAuthentication.webidl to match the ordering of the IDL index in the Web Authentication spec. No normative changes. MozReview-Commit-ID: 7qPE60Qh7Ly
dd5ff0119c3f20f9b887c23774890e64d15a7f28: Bug 1406456 - WebAuthn WebIDL Updates for WD-07 (part 2) r=qdot,ttaubert
J.C. Jones <jjones@mozilla.com> - Mon, 09 Oct 2017 16:28:13 -0700 - rev 438958
Push 1618 by Callek@gmail.com at Thu, 11 Jan 2018 17:45:48 +0000
Bug 1406456 - WebAuthn WebIDL Updates for WD-07 (part 2) r=qdot,ttaubert This covers these renames: * In CollectedClientData, hashAlg => hashAlgorithm * In CollectedClientData, tokenBinding => tokenBindingId * In MakePublicKeyCredentialOptions, parameters => pubKeyCredParams * In MakePublicKeyCredentialOptions, excludeList => excludeCredentials * In PublicKeyCredentialRequestOptions, allowList => allowCredentials * Transport (WebAuthnTransport in Gecko) => AuthenticatorTransport MozReview-Commit-ID: 3FdRnkosy83
bd51b47ccb9bf699fb28c4cab6d3ff0b6461d5df: Bug 1406469 - Handle the WebAuthn "User Verified" flag r=ttaubert
J.C. Jones <jjones@mozilla.com> - Mon, 09 Oct 2017 18:10:31 -0700 - rev 438941
Push 1618 by Callek@gmail.com at Thu, 11 Jan 2018 17:45:48 +0000
Bug 1406469 - Handle the WebAuthn "User Verified" flag r=ttaubert WebAuthn has added a flag UV to indicate the user was biometrically verified. We have to make sure not to set that flag for U2F. Turns out we already do that, but let's add the constant and such. Ref: https://w3c.github.io/webauthn/#authenticator-data MozReview-Commit-ID: 6Qtjdkverls
f2d25c30aaed300ba8513f64cab28ebe2b60ab34: Bug 1244959 - Use IsRegistrableDomainSuffixOfOrEqualTo for U2F Facets r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 28 Sep 2017 16:45:28 -0700 - rev 437706
Push 1618 by Callek@gmail.com at Thu, 11 Jan 2018 17:45:48 +0000
Bug 1244959 - Use IsRegistrableDomainSuffixOfOrEqualTo for U2F Facets r=ttaubert In Comment 8 of Bug 1244959 [1], Brad Hill argues that instead of leaving our U2F Facet support completely half-way, that we could use the Public Suffix logic introduced into HTML for W3C Web Authentication (the method named IsRegistrableDomainSuffixOfOrEqualTo) to scope the FIDO AppID to an eTLD+1 hierarchy. This is a deviation from the FIDO specification, but doesn't break anything that currently works with our U2F implementation, and theoretically enables sites that otherwise need an external FacetID fetch which we aren't implementing. The downside to this is that it's then Firefox-specific behavior. But since this isn't a shipped feature, we have more room to experiment. As an additional bonus, it encourages U2F sites to use the upcoming Web Authentication security model, which will help them prepare to adopt the newer standard. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1244959#c8 MozReview-Commit-ID: DzNVhHT9qRL
0902f7275334aeb271d494b6aac1ee2730add627: Bug 1399334 - Add more debugging to see why certificates aren't valid. r=ttaubert
J.C. Jones <jjones@mozilla.com> - Mon, 18 Sep 2017 21:43:40 -0700 - rev 433678
Push 1567 by jlorenzo@mozilla.com at Thu, 02 Nov 2017 12:36:05 +0000
Bug 1399334 - Add more debugging to see why certificates aren't valid. r=ttaubert There's an intermittent that is showing up now that test_register_sign.html checks state.attestationCert.verify(); to ensure hte SoftToken's certificate is valid. This patch prints the offending certificate when it's encountered, to help diagnose the root cause. MozReview-Commit-ID: 4QSobq9fBGK
07b93c7fec6c83f53a3bdce9becbb13f0fc397e5: Bug 1400066 - Gracefully handle unsupported platforms for U2F HID support r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 14 Sep 2017 18:11:47 -0700 - rev 433094
Push 1567 by jlorenzo@mozilla.com at Thu, 02 Nov 2017 12:36:05 +0000
Bug 1400066 - Gracefully handle unsupported platforms for U2F HID support r=ttaubert FreeBSD isn't currently support for FIDO U2F support, similar to Android, so this patch [1] from Jan Beich <jbeich@FreeBSD.org> treats Android and FreeBSD the same. With luck, someone will add in the platform support for both, soon! [1] https://github.com/jcjones/u2f-hid-rs/pull/44 MozReview-Commit-ID: DU7Rco2NLb3
0aed7d43efe295f6086cb3d1cb96326da5c2ebac: Bug 1400080 - Remove impossible telemetry test from WebAuthn r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 14 Sep 2017 19:17:52 -0700 - rev 433093
Push 1567 by jlorenzo@mozilla.com at Thu, 02 Nov 2017 12:36:05 +0000
Bug 1400080 - Remove impossible telemetry test from WebAuthn r=ttaubert Now that there are actual hardware devices, this test can't be run: it depended on there being a deliberately-erroring implementation of WebAuthn which would instantly reject promises. Fortunately, this test was really more a test that telemetry scalars work properly than really the functionality of WebAuthn. Sadly, I don't see any way to re-enable this test without adding a new test- only pref to the tree, which doesn't seem worth it for the telemetry. So this patch removes the offending test completely which was backed out in https://hg.mozilla.org/integration/mozilla-inbound/rev/c115eec567a6 . MozReview-Commit-ID: LiLuQHbPU1z
fd7e4852bd06df199e89663b6d4e7ca5c3f2e0ea: Bug 1245527 - Remove NSS U2F SoftToken. r=ttaubert, r=jed
J.C. Jones <jjones@mozilla.com> - Tue, 05 Sep 2017 12:32:42 -0700 - rev 432278
Push 1567 by jlorenzo@mozilla.com at Thu, 02 Nov 2017 12:36:05 +0000
Bug 1245527 - Remove NSS U2F SoftToken. r=ttaubert, r=jed The nsIU2FToken and its implementors are no longer needed; the soft token was re-implemented into dom/webauthn/U2FSoftTokenManager.cpp during the WebAuthn implementation. When the dom/u2f/ code changed to the implementation from WebAuthn, the old synchronous version became dead code. This patch removes the dead code. MozReview-Commit-ID: 2yDD0tccgZr
dd315914f198f74605f6f3bb5311a12e66a1787f: Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
J.C. Jones <jjones@mozilla.com> - Mon, 11 Sep 2017 12:56:59 -0700 - rev 432277
Push 1567 by jlorenzo@mozilla.com at Thu, 02 Nov 2017 12:36:05 +0000
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for scheme, and generally made these cleaner. - The mochitest "pref =" functionality from Bug 1328830 doesn't support Android yet, causing breakage on Android. Rework the tests to go back to the old way of using iframes to test U2F. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm
8ee1f7aebd6266c897a642dd9aafd8ba682f420c: Bug 1245527 - Remove NSS U2F SoftToken. r=ttaubert, r=jed
J.C. Jones <jjones@mozilla.com> - Tue, 05 Sep 2017 12:32:42 -0700 - rev 431852
Push 1567 by jlorenzo@mozilla.com at Thu, 02 Nov 2017 12:36:05 +0000
Bug 1245527 - Remove NSS U2F SoftToken. r=ttaubert, r=jed The nsIU2FToken and its implementors are no longer needed; the soft token was re-implemented into dom/webauthn/U2FSoftTokenManager.cpp during the WebAuthn implementation. When the dom/u2f/ code changed to the implementation from WebAuthn, the old synchronous version became dead code. This patch removes the dead code. MozReview-Commit-ID: 2yDD0tccgZr
e6a5de8d12467ae51e70ebd445900c2032e673e6: Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
J.C. Jones <jjones@mozilla.com> - Tue, 05 Sep 2017 12:32:42 -0700 - rev 431851
Push 1567 by jlorenzo@mozilla.com at Thu, 02 Nov 2017 12:36:05 +0000
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert - This patch reworks the U2F module to asynchronously call U2FManager, which in turn handles constructing and managing the U2FTokenManager via IPC. - Add U2FTransaction{Parent,Child} implementations to mirror similar ones for WebAuthn - Rewrite all tests to compensate for U2F executing asynchronously now. - Used async tasks, used the manifest parameters for prefs and scheme, and generally made these cleaner. NOTE TO REVIEWERS: Since this is huge, I recommend the following: keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most of the U2F logic is still in U2F.cpp like before, but there's been some reworking of how it is called. ttaubert - please review U2FManager, the Transaction classes, build changes, and the changes to nsGlobalWindow. All of these should be very similar to the WebAuthn code it's patterned off. MozReview-Commit-ID: C1ZN2ch66Rm
f7a53ff2f8cb312eb6a65b127207e04d2bd1c79c: Bug 1383799 - Cancel WebAuthn operations on tab-switch r=ttaubert
J.C. Jones <jjones@mozilla.com> - Fri, 04 Aug 2017 12:34:18 -0700 - rev 425981
Push 1567 by jlorenzo@mozilla.com at Thu, 02 Nov 2017 12:36:05 +0000
Bug 1383799 - Cancel WebAuthn operations on tab-switch r=ttaubert WebAuthn operations that are in-flight with authenticators must be cancelled when switching tabs. There's an Issue [1] opened with the WebAuthn spec for this already, but the language is _not_ in spec. Still, it's necessary for security, spec or not. This also matches how Chromium handles U2F operations during a tab switch. [1] https://github.com/w3c/webauthn/issues/316 MozReview-Commit-ID: 6Qh9oC4pqys
58b579b4ef4e1fb938297bc43a7fc7e4b2168a4a: Bug 1373672 - Part 3: Expose childOffset from nsIDocShell to use in nsSessionStoreUtils, r=ttaubert, r=smaug
Michael Layzell <michael@thelayzells.com> - Wed, 02 Aug 2017 19:08:19 +0200 - rev 424410
Push 1567 by jlorenzo@mozilla.com at Thu, 02 Nov 2017 12:36:05 +0000
Bug 1373672 - Part 3: Expose childOffset from nsIDocShell to use in nsSessionStoreUtils, r=ttaubert, r=smaug The reasoning behind this is that with this change, removing a non-dynamic docshell from the document dynamically shouldn't affect the indexes which we use for both recording and restoring data in child docshells. MozReview-Commit-ID: JIK8GBSWDEF * * * fixup From c2cb8e33211348c36b1ce18bb62e6465fa46d3ae Mon Sep 17 00:00:00 2001
36bb09c4b28edaefacb7199cd1d73e010753ecb9: Bug 1373672 - Part 3: Expose childOffset from nsIDocShell to use in nsSessionStoreUtils, r=ttaubert, r=smaug
Michael Layzell <michael@thelayzells.com> - Tue, 01 Aug 2017 11:22:53 +0200 - rev 423312
Push 1517 by jlorenzo@mozilla.com at Thu, 14 Sep 2017 16:50:54 +0000
Bug 1373672 - Part 3: Expose childOffset from nsIDocShell to use in nsSessionStoreUtils, r=ttaubert, r=smaug The reasoning behind this is that with this change, removing a non-dynamic docshell from the document dynamically shouldn't affect the indexes which we use for both recording and restoring data in child docshells. MozReview-Commit-ID: JIK8GBSWDEF
1f66a39c19f1e8889c7fb802001b4838436f85dd: Bug 1380529 - Only permit "ES256" as pubkey type for WebAuthn (3/3) r=ttaubert
J.C. Jones <jjones@mozilla.com> - Fri, 14 Jul 2017 09:57:52 -0700 - rev 421344
Push 1517 by jlorenzo@mozilla.com at Thu, 14 Sep 2017 16:50:54 +0000
Bug 1380529 - Only permit "ES256" as pubkey type for WebAuthn (3/3) r=ttaubert Web Authentication uses JWK algorithm names (ES256) instead of WebCrypto names (such as P-256). There are other JWK algorithm names, but our current U2F-backed implementation only can support ES256 anyway, as that's all that FIDO U2F devices understand. This patch limits us to the name ES256 for the "alg" parameter. MozReview-Commit-ID: 3V5DMzVzPad
070367125549ebd34250ffc4078784890ebea619: Bug 1380529 - Use CBOR for the Create Credential WebAuthn call (2/3) r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 13 Jul 2017 18:12:50 -0700 - rev 421343
Push 1517 by jlorenzo@mozilla.com at Thu, 14 Sep 2017 16:50:54 +0000
Bug 1380529 - Use CBOR for the Create Credential WebAuthn call (2/3) r=ttaubert The WebAuthn Create Credential method should encode its results using CBOR; this patch changes to that format. The CBOR formats for the U2F data are specified in [1][2] The attestation data format is in [3] The high-level layout is in [4] [1] https://w3c.github.io/webauthn/#generating-an-attestation-object [2] https://w3c.github.io/webauthn/#fido-u2f-attestation [3] https://w3c.github.io/webauthn/#sec-attestation-data [4] https://w3c.github.io/webauthn/#sctn-attestation MozReview-Commit-ID: BYoFCJSxlLt
45b4405c24ca291e24053c708c4620a9bda73438: Bug 1380529 - Add a CBOR library for WebAuthn (1/3) r=ttaubert
J.C. Jones <jjones@mozilla.com> - Thu, 13 Jul 2017 18:12:57 -0700 - rev 421342
Push 1517 by jlorenzo@mozilla.com at Thu, 14 Sep 2017 16:50:54 +0000
Bug 1380529 - Add a CBOR library for WebAuthn (1/3) r=ttaubert Web Authentication's WD-05 specification moves to using (CBOR) Concise Binary Object Representation to transmit the binary data... most of it. This lands a subset of the Apache 2-licensed "CBOR C++" serialization library [1] into webauthn's path. It does not add any code to use this library; see patch 2/3. [1] https://github.com/naphaso/cbor-cpp/ MozReview-Commit-ID: Ktj9TgdqElk
0bb5555fa0272b604f6048f7385aa26e76655615: bug 1375709 - avoid deadlock when shutting down NSS r=Cykesiopka,ttaubert
David Keeler <dkeeler@mozilla.com> - Mon, 10 Jul 2017 16:25:51 -0700 - rev 420126
Push 1517 by jlorenzo@mozilla.com at Thu, 14 Sep 2017 16:50:54 +0000
bug 1375709 - avoid deadlock when shutting down NSS r=Cykesiopka,ttaubert The deadlock fix attempted in bug 1273475 was incomplete. This should prevent the issue by preventing nsNSSShutDownPreventionLocks from attempting to increment the NSS activity state count when shutdown is in progress (this is acceptible because when code that creates any nsNSSShutDownPreventionLocks then checks isAlreadyShutDown(), it will return true because sInShutdown is true, thus preventing that code from unsafely using NSS resources and functions). MozReview-Commit-ID: 4o5DGbU2TCq
9d6095db50904cafcd4756903e181ba376d923dc: bug 1344478 - isAlreadyShutDown should return true for nsNSSShutDownObjects created after NSS shut down r=Cykesiopka,ttaubert
David Keeler <dkeeler@mozilla.com> - Mon, 13 Mar 2017 15:26:40 -0700 - rev 399200
Push 1490 by mtabara@mozilla.com at Mon, 31 Jul 2017 14:08:16 +0000
bug 1344478 - isAlreadyShutDown should return true for nsNSSShutDownObjects created after NSS shut down r=Cykesiopka,ttaubert MozReview-Commit-ID: 5bUTLz6mGKC In general, it is possible to create a new nsNSSShutDownObject after nsNSSShutDownList::shutdown() had been called. Before this patch, at that point, isAlreadyShutDown() would incorrectly return false, which could lead to code calling NSS functions, which would probably lead to a crash (because NSS could be uninitialized at that point). This change merges nsNSSShutDownList::shutdown() with evaporateAllNSSResources() into evaporateAllNSSResourcesAndShutDown() for simplicity and makes it so isAlreadyShutDown() returns true if called after that point.
3dc5c1d379299b189ca4b218ce93b0d9f3766d46: Bug 1344595 - Protect against nsIPrincipal.origin throwing for about:blank iframes; r=ttaubert
Ehsan Akhgari <ehsan@mozilla.com> - Sat, 04 Mar 2017 18:31:11 -0500 - rev 396675
Push 1490 by mtabara@mozilla.com at Mon, 31 Jul 2017 14:08:16 +0000
Bug 1344595 - Protect against nsIPrincipal.origin throwing for about:blank iframes; r=ttaubert