diff --git a/.clang-format-ignore b/.clang-format-ignore index 4097de03209db..68b577a0bf1b2 100644 --- a/.clang-format-ignore +++ b/.clang-format-ignore @@ -91,7 +91,6 @@ dom/media/webspeech/recognition/energy_endpointer.cc dom/media/webspeech/recognition/energy_endpointer.h dom/media/webspeech/recognition/energy_endpointer_params.cc dom/media/webspeech/recognition/energy_endpointer_params.h -dom/webauthn/cbor-cpp/.* dom/webauthn/winwebauthn/webauthn.h editor/libeditor/tests/browserscope/lib/richtext/.* editor/libeditor/tests/browserscope/lib/richtext2/.* diff --git a/.prettierignore b/.prettierignore index 54d0d1fb3f185..53f4d71f8140b 100644 --- a/.prettierignore +++ b/.prettierignore @@ -1299,8 +1299,6 @@ dom/tests/mochitest/ajax/ dom/tests/mochitest/dom-level1-core/ dom/tests/mochitest/dom-level2-core/ dom/tests/mochitest/dom-level2-html/ -dom/u2f/tests/pkijs/ -dom/webauthn/cbor-cpp/ dom/webauthn/tests/pkijs/ dom/webgpu/tests/cts/checkout/ editor/libeditor/tests/browserscope/lib/richtext/ diff --git a/dom/webauthn/AuthenticatorAttestationResponse.cpp b/dom/webauthn/AuthenticatorAttestationResponse.cpp index f2398df4cbdd5..4b7e5ed0a3925 100644 --- a/dom/webauthn/AuthenticatorAttestationResponse.cpp +++ b/dom/webauthn/AuthenticatorAttestationResponse.cpp @@ -4,6 +4,7 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +#include "AuthrsBridge_ffi.h" #include "mozilla/dom/WebAuthenticationBinding.h" #include "mozilla/dom/AuthenticatorAttestationResponse.h" @@ -53,7 +54,8 @@ JSObject* AuthenticatorAttestationResponse::WrapObject( void AuthenticatorAttestationResponse::GetAttestationObject( JSContext* aCx, JS::MutableHandle aValue, ErrorResult& aRv) { if (!mAttestationObjectCachedObj) { - mAttestationObjectCachedObj = mAttestationObject.ToArrayBuffer(aCx); + mAttestationObjectCachedObj = ArrayBuffer::Create( + aCx, mAttestationObject.Length(), mAttestationObject.Elements()); if (!mAttestationObjectCachedObj) { aRv.NoteJSContextException(aCx); return; @@ -63,11 +65,41 @@ void AuthenticatorAttestationResponse::GetAttestationObject( } nsresult AuthenticatorAttestationResponse::SetAttestationObject( - CryptoBuffer& aBuffer) { - if (NS_WARN_IF(!mAttestationObject.Assign(aBuffer))) { + const nsTArray& aBuffer) { + if (!mAttestationObject.Assign(aBuffer, mozilla::fallible)) { return NS_ERROR_OUT_OF_MEMORY; } + return NS_OK; } +void AuthenticatorAttestationResponse::GetAuthenticatorData( + JSContext* aCx, JS::MutableHandle aValue, ErrorResult& aRv) { + if (!mAttestationObjectParsed) { + nsresult rv = authrs_webauthn_att_obj_constructor( + mAttestationObject, /* anonymize */ false, + getter_AddRefs(mAttestationObjectParsed)); + if (NS_FAILED(rv)) { + aRv.Throw(rv); + return; + } + } + + nsTArray authenticatorData; + nsresult rv = + mAttestationObjectParsed->GetAuthenticatorData(authenticatorData); + if (NS_FAILED(rv)) { + aRv.Throw(rv); + return; + } + + JS::Heap buffer(ArrayBuffer::Create( + aCx, authenticatorData.Length(), authenticatorData.Elements())); + if (!buffer) { + aRv.NoteJSContextException(aCx); + return; + } + aValue.set(buffer); +} + } // namespace mozilla::dom diff --git a/dom/webauthn/AuthenticatorAttestationResponse.h b/dom/webauthn/AuthenticatorAttestationResponse.h index 1e46ab76ddeec..d8ef203e7d6e5 100644 --- a/dom/webauthn/AuthenticatorAttestationResponse.h +++ b/dom/webauthn/AuthenticatorAttestationResponse.h @@ -11,8 +11,8 @@ #include "mozilla/Attributes.h" #include "mozilla/dom/AuthenticatorResponse.h" #include "mozilla/dom/BindingDeclarations.h" -#include "mozilla/dom/CryptoBuffer.h" #include "nsCycleCollectionParticipant.h" +#include "nsIWebAuthnController.h" #include "nsWrapperCache.h" namespace mozilla::dom { @@ -35,10 +35,14 @@ class AuthenticatorAttestationResponse final : public AuthenticatorResponse { void GetAttestationObject(JSContext* aCx, JS::MutableHandle aValue, ErrorResult& aRv); - nsresult SetAttestationObject(CryptoBuffer& aBuffer); + nsresult SetAttestationObject(const nsTArray& aBuffer); + + void GetAuthenticatorData(JSContext* aCx, JS::MutableHandle aValue, + ErrorResult& aRv); private: - CryptoBuffer mAttestationObject; + nsTArray mAttestationObject; + nsCOMPtr mAttestationObjectParsed; JS::Heap mAttestationObjectCachedObj; }; diff --git a/dom/webauthn/AuthrsBridge_ffi.h b/dom/webauthn/AuthrsBridge_ffi.h new file mode 100644 index 0000000000000..90fea7a066a77 --- /dev/null +++ b/dom/webauthn/AuthrsBridge_ffi.h @@ -0,0 +1,25 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_dom_AuthrsBridge_ffi_h +#define mozilla_dom_AuthrsBridge_ffi_h + +// TODO(Bug 1850592): Autogenerate this with cbindgen. + +#include "nsTArray.h" + +class nsIWebAuthnAttObj; +class nsIWebAuthnTransport; + +extern "C" { + +nsresult authrs_transport_constructor(nsIWebAuthnTransport** result); + +nsresult authrs_webauthn_att_obj_constructor( + const nsTArray& attestation, bool anonymize, + nsIWebAuthnAttObj** result); + +} // extern "C" + +#endif // mozilla_dom_AuthrsBridge_ffi_h diff --git a/dom/webauthn/AuthrsTransport.cpp b/dom/webauthn/AuthrsTransport.cpp index 699cd600eb964..5c2c38371b74d 100644 --- a/dom/webauthn/AuthrsTransport.cpp +++ b/dom/webauthn/AuthrsTransport.cpp @@ -3,18 +3,10 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "AuthrsTransport.h" +#include "AuthrsBridge_ffi.h" #include "nsIWebAuthnController.h" #include "nsCOMPtr.h" -namespace { -extern "C" { - -// Implemented in Rust -nsresult authrs_transport_constructor(nsIWebAuthnTransport** result); - -} // extern "C" -} // namespace - namespace mozilla::dom { already_AddRefed NewAuthrsTransport() { diff --git a/dom/webauthn/WebAuthnCBORUtil.cpp b/dom/webauthn/WebAuthnCBORUtil.cpp deleted file mode 100644 index 1dcd750a6e4f6..0000000000000 --- a/dom/webauthn/WebAuthnCBORUtil.cpp +++ /dev/null @@ -1,45 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=8 sts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#include "cbor-cpp/src/cbor.h" -#include "mozilla/dom/WebAuthnCBORUtil.h" -#include "mozilla/dom/WebAuthnUtil.h" - -namespace mozilla::dom { - -nsresult CBOREncodeNoneAttestationObj(const CryptoBuffer& aAuthDataBuf, - /* out */ CryptoBuffer& aAttestationObj) { - /* - Attestation Object, encoded in CBOR (description is CDDL) - - $$attStmtType //= ( - fmt: "none", - attStmt: emptyMap - ) - - emptyMap = {} - */ - cbor::output_dynamic cborAttOut; - cbor::encoder encoder(cborAttOut); - encoder.write_map(3); - { - encoder.write_string("fmt"); - encoder.write_string("none"); - - encoder.write_string("attStmt"); - encoder.write_map(0); - - encoder.write_string("authData"); - encoder.write_bytes(aAuthDataBuf.Elements(), aAuthDataBuf.Length()); - } - - if (!aAttestationObj.Assign(cborAttOut.data(), cborAttOut.size())) { - return NS_ERROR_OUT_OF_MEMORY; - } - return NS_OK; -} - -} // namespace mozilla::dom diff --git a/dom/webauthn/WebAuthnCBORUtil.h b/dom/webauthn/WebAuthnCBORUtil.h deleted file mode 100644 index 4ff61c33428c3..0000000000000 --- a/dom/webauthn/WebAuthnCBORUtil.h +++ /dev/null @@ -1,22 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=8 sts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef mozilla_dom_WebAuthnCBORUtil_h -#define mozilla_dom_WebAuthnCBORUtil_h - -/* - * Serialize and deserialize CBOR data formats for WebAuthn - */ - -#include "mozilla/dom/CryptoBuffer.h" - -namespace mozilla::dom { - -nsresult CBOREncodeNoneAttestationObj(const CryptoBuffer& aAuthDataBuf, - /* out */ CryptoBuffer& aAttestationObj); - -} // namespace mozilla::dom -#endif // mozilla_dom_WebAuthnCBORUtil_h diff --git a/dom/webauthn/WebAuthnUtil.cpp b/dom/webauthn/WebAuthnUtil.cpp index 59e94cd217d0f..b6218601a3f2e 100644 --- a/dom/webauthn/WebAuthnUtil.cpp +++ b/dom/webauthn/WebAuthnUtil.cpp @@ -5,7 +5,6 @@ * You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "mozilla/dom/WebAuthnUtil.h" -#include "mozilla/dom/WebAuthnCBORUtil.h" #include "nsComponentManagerUtils.h" #include "nsICryptoHash.h" #include "nsIEffectiveTLDService.h" @@ -108,29 +107,6 @@ bool EvaluateAppID(nsPIDOMWindowInner* aParent, const nsString& aOrigin, return false; } -nsresult ReadToCryptoBuffer(pkix::Reader& aSrc, /* out */ CryptoBuffer& aDest, - uint32_t aLen) { - if (aSrc.EnsureLength(aLen) != pkix::Success) { - return NS_ERROR_DOM_UNKNOWN_ERR; - } - - if (!aDest.SetCapacity(aLen, mozilla::fallible)) { - return NS_ERROR_OUT_OF_MEMORY; - } - - for (uint32_t offset = 0; offset < aLen; ++offset) { - uint8_t b; - if (aSrc.Read(b) != pkix::Success) { - return NS_ERROR_DOM_UNKNOWN_ERR; - } - if (!aDest.AppendElement(b, mozilla::fallible)) { - return NS_ERROR_OUT_OF_MEMORY; - } - } - - return NS_OK; -} - static nsresult HashCString(nsICryptoHash* aHashService, const nsACString& aIn, /* out */ CryptoBuffer& aOut) { MOZ_ASSERT(aHashService); diff --git a/dom/webauthn/WinWebAuthnManager.cpp b/dom/webauthn/WinWebAuthnManager.cpp index aa330212bfe41..5874e1e0eb8d9 100644 --- a/dom/webauthn/WinWebAuthnManager.cpp +++ b/dom/webauthn/WinWebAuthnManager.cpp @@ -6,14 +6,15 @@ #include "mozilla/Assertions.h" #include "mozilla/dom/PWebAuthnTransactionParent.h" -#include "mozilla/dom/WebAuthnCBORUtil.h" #include "mozilla/MozPromise.h" #include "mozilla/ipc/BackgroundParent.h" #include "mozilla/ClearOnShutdown.h" #include "mozilla/dom/CryptoBuffer.h" #include "mozilla/Unused.h" +#include "nsIWebAuthnController.h" #include "nsTextFormatter.h" #include "nsWindowsHelpers.h" +#include "AuthrsBridge_ffi.h" #include "WebAuthnEnumStrings.h" #include "WebAuthnTransportIdentifiers.h" #include "winwebauthn/webauthn.h" @@ -426,21 +427,30 @@ void WinWebAuthnManager::Register( pWebAuthNCredentialAttestation->cbAuthenticatorData); nsTArray attObject; + attObject.AppendElements( + pWebAuthNCredentialAttestation->pbAttestationObject, + pWebAuthNCredentialAttestation->cbAttestationObject); + if (winAttestation == WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_NONE) { - // Zero AAGuid - const uint8_t zeroGuid[16] = {0}; - authenticatorData.ReplaceElementsAt(32 + 1 + 4 /*AAGuid offset*/, 16, - zeroGuid, 16); - - CryptoBuffer authData; - authData.Assign(authenticatorData); - CryptoBuffer noneAttObj; - CBOREncodeNoneAttestationObj(authData, noneAttObj); - attObject.AppendElements(noneAttObj); - } else { - attObject.AppendElements( - pWebAuthNCredentialAttestation->pbAttestationObject, - pWebAuthNCredentialAttestation->cbAttestationObject); + // The anonymize flag in the nsIWebAuthnAttObj constructor causes the + // attestation statement to be removed during deserialization. It also + // causes the AAGUID to be zeroed out. If we can't deserialize the + // existing attestation, then we can't ensure that it is anonymized, so we + // act as though the user denied consent and we return NotAllowed. + nsCOMPtr anonymizedAttObj; + nsresult rv = authrs_webauthn_att_obj_constructor( + attObject, + /* anonymize */ true, getter_AddRefs(anonymizedAttObj)); + if (NS_FAILED(rv)) { + MaybeAbortRegister(aTransactionId, NS_ERROR_DOM_NOT_ALLOWED_ERR); + return; + } + attObject.Clear(); + rv = anonymizedAttObj->GetAttestationObject(attObject); + if (NS_FAILED(rv)) { + MaybeAbortRegister(aTransactionId, NS_ERROR_DOM_NOT_ALLOWED_ERR); + return; + } } nsTArray extensions; diff --git a/dom/webauthn/authrs_bridge/src/lib.rs b/dom/webauthn/authrs_bridge/src/lib.rs index f1e13e87b5edc..62dfd6c41bb6f 100644 --- a/dom/webauthn/authrs_bridge/src/lib.rs +++ b/dom/webauthn/authrs_bridge/src/lib.rs @@ -10,6 +10,7 @@ extern crate xpcom; use authenticator::{ authenticatorservice::{RegisterArgs, SignArgs}, + ctap2::attestation::AttestationObject, ctap2::commands::get_info::AuthenticatorVersion, ctap2::server::{ PublicKeyCredentialDescriptor, PublicKeyCredentialParameters, RelyingParty, @@ -35,7 +36,7 @@ use std::sync::{Arc, Mutex}; use thin_vec::ThinVec; use xpcom::interfaces::{ nsICredentialParameters, nsICtapRegisterArgs, nsICtapRegisterResult, nsICtapSignArgs, - nsICtapSignResult, nsIWebAuthnController, nsIWebAuthnTransport, + nsICtapSignResult, nsIWebAuthnAttObj, nsIWebAuthnController, nsIWebAuthnTransport, }; use xpcom::{xpcom_method, RefPtr}; @@ -95,13 +96,9 @@ impl CtapRegisterResult { xpcom_method!(get_attestation_object => GetAttestationObject() -> ThinVec); fn get_attestation_object(&self) -> Result, nsresult> { let mut out = ThinVec::new(); - if let Ok(make_cred_res) = &self.result { - if let Ok(encoded_att_obj) = serde_cbor::to_vec(&make_cred_res.att_obj) { - out.extend_from_slice(&encoded_att_obj); - return Ok(out); - } - } - Err(NS_ERROR_FAILURE) + let make_cred_res = self.result.as_ref().or(Err(NS_ERROR_FAILURE))?; + serde_cbor::to_writer(&mut out, &make_cred_res.att_obj).or(Err(NS_ERROR_FAILURE))?; + Ok(out) } xpcom_method!(get_credential_id => GetCredentialId() -> ThinVec); @@ -109,7 +106,7 @@ impl CtapRegisterResult { let mut out = ThinVec::new(); if let Ok(make_cred_res) = &self.result { if let Some(credential_data) = &make_cred_res.att_obj.auth_data.credential_data { - out.extend(credential_data.credential_id.clone()); + out.extend_from_slice(&credential_data.credential_id); return Ok(out); } } @@ -125,6 +122,26 @@ impl CtapRegisterResult { } } +#[xpcom(implement(nsIWebAuthnAttObj), atomic)] +pub struct WebAuthnAttObj { + att_obj: AttestationObject, +} + +impl WebAuthnAttObj { + xpcom_method!(get_attestation_object => GetAttestationObject() -> ThinVec); + fn get_attestation_object(&self) -> Result, nsresult> { + let mut out = ThinVec::new(); + serde_cbor::to_writer(&mut out, &self.att_obj).or(Err(NS_ERROR_FAILURE))?; + Ok(out) + } + + xpcom_method!(get_authenticator_data => GetAuthenticatorData() -> ThinVec); + fn get_authenticator_data(&self) -> Result, nsresult> { + // TODO(https://github.com/mozilla/authenticator-rs/issues/302) use to_writer + Ok(self.att_obj.auth_data.to_vec().into()) + } +} + #[xpcom(implement(nsICtapSignResult), atomic)] pub struct CtapSignResult { result: Result, @@ -155,16 +172,10 @@ impl CtapSignResult { xpcom_method!(get_authenticator_data => GetAuthenticatorData() -> ThinVec); fn get_authenticator_data(&self) -> Result, nsresult> { - let mut out = ThinVec::new(); - if let Ok(assertion) = &self.result { - let data = match serde_cbor::value::to_value(&assertion.auth_data) { - Ok(serde_cbor::value::Value::Bytes(data)) => data, - _ => return Err(NS_ERROR_FAILURE), - }; - out.extend_from_slice(&data); - return Ok(out); - } - Err(NS_ERROR_FAILURE) + self.result + .as_ref() + .map(|assertion| assertion.auth_data.to_vec().into()) + .or(Err(NS_ERROR_FAILURE)) } xpcom_method!(get_user_handle => GetUserHandle() -> ThinVec); @@ -196,7 +207,7 @@ impl CtapSignResult { // assertion.auth_data.rp_id_hash let mut out = ThinVec::new(); if let Ok(assertion) = &self.result { - out.extend(assertion.auth_data.rp_id_hash.0.clone()); + out.extend_from_slice(&assertion.auth_data.rp_id_hash.0); return Ok(out); } Err(NS_ERROR_FAILURE) @@ -916,3 +927,31 @@ pub extern "C" fn authrs_transport_constructor( } NS_OK } + +#[no_mangle] +pub extern "C" fn authrs_webauthn_att_obj_constructor( + att_obj_bytes: &ThinVec, + anonymize: bool, + result: *mut *const nsIWebAuthnAttObj, +) -> nsresult { + if result.is_null() { + return NS_ERROR_NULL_POINTER; + } + + let mut att_obj: AttestationObject = match serde_cbor::from_slice(att_obj_bytes) { + Ok(att_obj) => att_obj, + Err(_) => return NS_ERROR_INVALID_ARG, + }; + + if anonymize { + att_obj.anonymize(); + } + + let wrapper = WebAuthnAttObj::allocate(InitWebAuthnAttObj { att_obj }); + + unsafe { + RefPtr::new(wrapper.coerce::()).forget(&mut *result); + } + + NS_OK +} diff --git a/dom/webauthn/authrs_bridge/src/test_token.rs b/dom/webauthn/authrs_bridge/src/test_token.rs index db42eed49e8d2..130414c6e93ed 100644 --- a/dom/webauthn/authrs_bridge/src/test_token.rs +++ b/dom/webauthn/authrs_bridge/src/test_token.rs @@ -80,10 +80,7 @@ impl TestTokenCredential { ..Default::default() }); - let mut data = match serde_cbor::value::to_value(&auth_data) { - Ok(serde_cbor::value::Value::Bytes(data)) => data, - _ => return Err(HIDError::DeviceError), - }; + let mut data = auth_data.to_vec(); data.extend_from_slice(client_data_hash.as_ref()); let signature = ecdsa_p256_sha256_sign_raw(&self.privkey, &data).or(Err(HIDError::DeviceError))?; @@ -536,10 +533,7 @@ impl VirtualFidoDevice for TestToken { extensions: Extension::default(), }; - let mut data = match serde_cbor::value::to_value(&auth_data) { - Ok(serde_cbor::value::Value::Bytes(data)) => data, - _ => return Err(HIDError::DeviceError), - }; + let mut data = auth_data.to_vec(); data.extend_from_slice(req.client_data_hash.as_ref()); let sig = ecdsa_p256_sha256_sign_raw(&private, &data).or(Err(HIDError::DeviceError))?; diff --git a/dom/webauthn/cbor-cpp/README.md b/dom/webauthn/cbor-cpp/README.md deleted file mode 100644 index 015cad3325868..0000000000000 --- a/dom/webauthn/cbor-cpp/README.md +++ /dev/null @@ -1,35 +0,0 @@ -cbor-cpp -======== - -[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/naphaso/cbor-cpp?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) - -CBOR C++ serialization library - -Just a simple SAX-like Concise Binary Object Representation (CBOR). - -[http://tools.ietf.org/html/rfc7049](http://tools.ietf.org/html/rfc7049) - -#### Examples - -```C++ - cbor::output_dynamic output; - - { //encoding - cbor::encoder encoder(output); - encoder.write_array(5); - { - encoder.write_int(123); - encoder.write_string("bar"); - encoder.write_int(321); - encoder.write_int(321); - encoder.write_string("foo"); - } - } - - { // decoding - cbor::input input(output.data(), output.size()); - cbor::listener_debug listener; - cbor::decoder decoder(input, listener); - decoder.run(); - } -``` diff --git a/dom/webauthn/cbor-cpp/src/LICENSE b/dom/webauthn/cbor-cpp/src/LICENSE deleted file mode 100644 index 261eeb9e9f8b2..0000000000000 --- a/dom/webauthn/cbor-cpp/src/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/dom/webauthn/cbor-cpp/src/README-MOZILLA b/dom/webauthn/cbor-cpp/src/README-MOZILLA deleted file mode 100644 index 7552af4db9930..0000000000000 --- a/dom/webauthn/cbor-cpp/src/README-MOZILLA +++ /dev/null @@ -1,5 +0,0 @@ -This library [1] has been stripped down to only the CBOR encoding parts, as there are outstanding issues [2] -related to memory safety for the decoder. - -[1] https://github.com/naphaso/cbor-cpp/ -[2] https://github.com/naphaso/cbor-cpp/issues/8 diff --git a/dom/webauthn/cbor-cpp/src/cbor.h b/dom/webauthn/cbor-cpp/src/cbor.h deleted file mode 100644 index d0725d166d0b8..0000000000000 --- a/dom/webauthn/cbor-cpp/src/cbor.h +++ /dev/null @@ -1,23 +0,0 @@ -/* - Copyright 2014-2015 Stanislav Ovsyannikov - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -#ifndef CBOR_CPP_CBOR_H -#define CBOR_CPP_CBOR_H - -#include "encoder.h" -#include "output_dynamic.h" - -#endif //CBOR_CPP_CBOR_H diff --git a/dom/webauthn/cbor-cpp/src/encoder.cpp b/dom/webauthn/cbor-cpp/src/encoder.cpp deleted file mode 100644 index d88c3f4fa2f16..0000000000000 --- a/dom/webauthn/cbor-cpp/src/encoder.cpp +++ /dev/null @@ -1,154 +0,0 @@ -/* - Copyright 2014-2015 Stanislav Ovsyannikov - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -#include "encoder.h" - -using namespace cbor; - - -encoder::encoder(output &out) { - _out = &out; -} - -encoder::~encoder() { - -} - -void encoder::write_type_value(int major_type, unsigned int value) { - major_type <<= 5; - if(value < 24) { - _out->put_byte((unsigned char) (major_type | value)); - } else if(value < 256) { - _out->put_byte((unsigned char) (major_type | 24)); - _out->put_byte((unsigned char) value); - } else if(value < 65536) { - _out->put_byte((unsigned char) (major_type | 25)); - _out->put_byte((unsigned char) (value >> 8)); - _out->put_byte((unsigned char) value); - } else { - _out->put_byte((unsigned char) (major_type | 26)); - _out->put_byte((unsigned char) (value >> 24)); - _out->put_byte((unsigned char) (value >> 16)); - _out->put_byte((unsigned char) (value >> 8)); - _out->put_byte((unsigned char) value); - } -} - -void encoder::write_type_value(int major_type, unsigned long long value) { - major_type <<= 5; - if(value < 24ULL) { - _out->put_byte((unsigned char) (major_type | value)); - } else if(value < 256ULL) { - _out->put_byte((unsigned char) (major_type | 24)); - _out->put_byte((unsigned char) value); - } else if(value < 65536ULL) { - _out->put_byte((unsigned char) (major_type | 25)); - _out->put_byte((unsigned char) (value >> 8)); - _out->put_byte((unsigned char) value); - } else if(value < 4294967296ULL) { - _out->put_byte((unsigned char) (major_type | 26)); - _out->put_byte((unsigned char) (value >> 24)); - _out->put_byte((unsigned char) (value >> 16)); - _out->put_byte((unsigned char) (value >> 8)); - _out->put_byte((unsigned char) value); - } else { - _out->put_byte((unsigned char) (major_type | 27)); - _out->put_byte((unsigned char) (value >> 56)); - _out->put_byte((unsigned char) (value >> 48)); - _out->put_byte((unsigned char) (value >> 40)); - _out->put_byte((unsigned char) (value >> 32)); - _out->put_byte((unsigned char) (value >> 24)); - _out->put_byte((unsigned char) (value >> 16)); - _out->put_byte((unsigned char) (value >> 8)); - _out->put_byte((unsigned char) value); - } -} - -void encoder::write_int(unsigned int value) { - write_type_value(0, value); -} - -void encoder::write_int(unsigned long long value) { - write_type_value(0, value); -} - -void encoder::write_int(long long value) { - if(value < 0) { - write_type_value(1, (unsigned long long) -(value+1)); - } else { - write_type_value(0, (unsigned long long) value); - } -} - -void encoder::write_int(int value) { - if(value < 0) { - write_type_value(1, (unsigned int) -(value+1)); - } else { - write_type_value(0, (unsigned int) value); - } -} - -void encoder::write_bytes(const unsigned char *data, unsigned int size) { - write_type_value(2, size); - _out->put_bytes(data, size); -} - -void encoder::write_raw(const unsigned char *data, unsigned int size) { - _out->put_bytes(data, size); -} - -void encoder::write_string(const char *data, unsigned int size) { - write_type_value(3, size); - _out->put_bytes((const unsigned char *) data, size); -} - -void encoder::write_string(const std::string str) { - write_type_value(3, (unsigned int) str.size()); - _out->put_bytes((const unsigned char *) str.c_str(), (int) str.size()); -} - - -void encoder::write_array(int size) { - write_type_value(4, (unsigned int) size); -} - -void encoder::write_map(int size) { - write_type_value(5, (unsigned int) size); -} - -void encoder::write_tag(const unsigned int tag) { - write_type_value(6, tag); -} - -void encoder::write_special(int special) { - write_type_value(7, (unsigned int) special); -} - -void encoder::write_bool(bool value) { - if (value == true) { - _out->put_byte((unsigned char) 0xf5); - } else { - _out->put_byte((unsigned char) 0xf4); - } -} - -void encoder::write_null() { - _out->put_byte((unsigned char) 0xf6); -} - -void encoder::write_undefined() { - _out->put_byte((unsigned char) 0xf7); -} diff --git a/dom/webauthn/cbor-cpp/src/encoder.h b/dom/webauthn/cbor-cpp/src/encoder.h deleted file mode 100644 index 4f7038e3f2e1c..0000000000000 --- a/dom/webauthn/cbor-cpp/src/encoder.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - Copyright 2014-2015 Stanislav Ovsyannikov - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - - -#ifndef __CborEncoder_H_ -#define __CborEncoder_H_ - -#include "output.h" -#include - -namespace cbor { - class encoder { - private: - output *_out; - public: - explicit encoder(output &out); - - ~encoder(); - - void write_bool(bool value); - - void write_int(int value); - - void write_int(long long value); - - void write_int(unsigned int value); - - void write_int(unsigned long long value); - - void write_bytes(const unsigned char *data, unsigned int size); - - void write_raw(const unsigned char *data, unsigned int size); - - void write_string(const char *data, unsigned int size); - - void write_string(const std::string str); - - void write_array(int size); - - void write_map(int size); - - void write_tag(const unsigned int tag); - - void write_special(int special); - - void write_null(); - - void write_undefined(); - - private: - void write_type_value(int major_type, unsigned int value); - - void write_type_value(int major_type, unsigned long long value); - }; -} - -#endif //__CborEncoder_H_ diff --git a/dom/webauthn/cbor-cpp/src/output.h b/dom/webauthn/cbor-cpp/src/output.h deleted file mode 100644 index 0901d956eb2ca..0000000000000 --- a/dom/webauthn/cbor-cpp/src/output.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - Copyright 2014-2015 Stanislav Ovsyannikov - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - - -#ifndef __CborOutput_H_ -#define __CborOutput_H_ - -namespace cbor { - class output { - public: - virtual unsigned char *data() = 0; - - virtual unsigned int size() = 0; - - virtual void put_byte(unsigned char value) = 0; - - virtual void put_bytes(const unsigned char *data, int size) = 0; - }; -} - -#endif //__CborOutput_H_ diff --git a/dom/webauthn/cbor-cpp/src/output_dynamic.cpp b/dom/webauthn/cbor-cpp/src/output_dynamic.cpp deleted file mode 100644 index a9cf468112606..0000000000000 --- a/dom/webauthn/cbor-cpp/src/output_dynamic.cpp +++ /dev/null @@ -1,69 +0,0 @@ -/* - Copyright 2014-2015 Stanislav Ovsyannikov - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -#include "output_dynamic.h" - -#include -#include - -using namespace cbor; - - -void output_dynamic::init(unsigned int initalCapacity) { - this->_capacity = initalCapacity; - this->_buffer = new unsigned char[initalCapacity]; - this->_offset = 0; -} - -output_dynamic::output_dynamic() { - init(256); -} - -output_dynamic::output_dynamic(unsigned int inital_capacity) { - init(inital_capacity); -} - -output_dynamic::~output_dynamic() { - delete _buffer; -} - -unsigned char *output_dynamic::data() { - return _buffer; -} - -unsigned int output_dynamic::size() { - return _offset; -} - -void output_dynamic::put_byte(unsigned char value) { - if(_offset < _capacity) { - _buffer[_offset++] = value; - } else { - _capacity *= 2; - _buffer = (unsigned char *) realloc(_buffer, _capacity); - _buffer[_offset++] = value; - } -} - -void output_dynamic::put_bytes(const unsigned char *data, int size) { - while(_offset + size > _capacity) { - _capacity *= 2; - _buffer = (unsigned char *) realloc(_buffer, _capacity); - } - - memcpy(_buffer + _offset, data, size); - _offset += size; -} diff --git a/dom/webauthn/cbor-cpp/src/output_dynamic.h b/dom/webauthn/cbor-cpp/src/output_dynamic.h deleted file mode 100644 index d6c7e460ce5c9..0000000000000 --- a/dom/webauthn/cbor-cpp/src/output_dynamic.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - Copyright 2014-2015 Stanislav Ovsyannikov - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -#ifndef __CborDynamicOutput_H_ -#define __CborDynamicOutput_H_ - - -#include "output.h" - -namespace cbor { - class output_dynamic : public output { - private: - unsigned char *_buffer; - unsigned int _capacity; - unsigned int _offset; - public: - output_dynamic(); - - explicit output_dynamic(unsigned int inital_capacity); - - ~output_dynamic(); - - virtual unsigned char *data(); - - virtual unsigned int size(); - - virtual void put_byte(unsigned char value); - - virtual void put_bytes(const unsigned char *data, int size); - - private: - void init(unsigned int initalCapacity); - }; -} - - - -#endif //__CborDynamicOutput_H_ diff --git a/dom/webauthn/moz.build b/dom/webauthn/moz.build index f3cf2cd4b2a17..b3639491269e4 100644 --- a/dom/webauthn/moz.build +++ b/dom/webauthn/moz.build @@ -24,7 +24,6 @@ EXPORTS.mozilla.dom += [ "PublicKeyCredential.h", "U2FTokenManager.h", "U2FTokenTransport.h", - "WebAuthnCBORUtil.h", "WebAuthnController.h", "WebAuthnManager.h", "WebAuthnManagerBase.h", @@ -39,12 +38,9 @@ UNIFIED_SOURCES += [ "AuthenticatorAttestationResponse.cpp", "AuthenticatorResponse.cpp", "AuthrsTransport.cpp", - "cbor-cpp/src/encoder.cpp", - "cbor-cpp/src/output_dynamic.cpp", "CtapArgs.cpp", "PublicKeyCredential.cpp", "U2FTokenManager.cpp", - "WebAuthnCBORUtil.cpp", "WebAuthnController.cpp", "WebAuthnManager.cpp", "WebAuthnManagerBase.cpp", diff --git a/dom/webauthn/nsIWebAuthnController.idl b/dom/webauthn/nsIWebAuthnController.idl index f71f57f6b3eca..497c8f5fcc77c 100644 --- a/dom/webauthn/nsIWebAuthnController.idl +++ b/dom/webauthn/nsIWebAuthnController.idl @@ -123,9 +123,6 @@ interface nsICtapRegisterResult : nsISupports { // Bug 1536155 // readonly attribute Array transports; - // Bug 1816519 - // readonly attribute Array authenticatorData; - // Bug 1816520 // readonly attribute Array publicKey // readonly attribute COSEAlgorithmIdentifier publicKeyAlgorithm; @@ -134,6 +131,18 @@ interface nsICtapRegisterResult : nsISupports { // readonly attribute bool hmacCreateSecret; }; +[uuid(91e41be0-ed73-4a10-b55e-3312319bfddf)] +interface nsIWebAuthnAttObj : nsISupports { + // The serialied attestation object as defined in + // https://www.w3.org/TR/webauthn-2/#sctn-attestation + readonly attribute Array attestationObject; + + readonly attribute Array authenticatorData; + + // Bug 1816520 + // readonly attribute Array publicKey + // readonly attribute COSEAlgorithmIdentifier publicKeyAlgorithm; +}; // The nsICtapSignResult interface is used to construct IPDL-defined // WebAuthnGetAssertionResult from either Rust or C++. diff --git a/dom/webidl/WebAuthentication.webidl b/dom/webidl/WebAuthentication.webidl index 9dbad85b649fb..c829ea2962554 100644 --- a/dom/webidl/WebAuthentication.webidl +++ b/dom/webidl/WebAuthentication.webidl @@ -34,6 +34,7 @@ interface AuthenticatorResponse { Exposed=Window] interface AuthenticatorAttestationResponse : AuthenticatorResponse { [SameObject, Throws] readonly attribute ArrayBuffer attestationObject; + [Throws] ArrayBuffer getAuthenticatorData(); }; [SecureContext, Pref="security.webauth.webauthn", diff --git a/tools/rewriting/ThirdPartyPaths.txt b/tools/rewriting/ThirdPartyPaths.txt index 5ca21b3b5de9c..2cdbb977ae7a1 100644 --- a/tools/rewriting/ThirdPartyPaths.txt +++ b/tools/rewriting/ThirdPartyPaths.txt @@ -53,7 +53,6 @@ dom/tests/mochitest/dom-level1-core/ dom/tests/mochitest/dom-level2-core/ dom/tests/mochitest/dom-level2-html/ dom/u2f/tests/pkijs/ -dom/webauthn/cbor-cpp/ dom/webauthn/tests/pkijs/ dom/webgpu/tests/cts/checkout/ editor/libeditor/tests/browserscope/lib/richtext/