Summary:
This only adds the new WebIDL types but doesn't do any plumbing yet.
Bug 1406471 seems to be better suited for that.
Reviewers: jcj
Reviewed By: jcj
Bug #: 1406458
Differential Revision: https://phabricator.services.mozilla.com/D555
The Web Authentication CollectedClientData is missing the type field, which
is just a simple string. (The editor's draft also removes hashAlgorithm, but
let's not get ahead of ourselves...)
Add in that simple string. This was found at interop testing.
MozReview-Commit-ID: DlawLyHTYhB
The WebAuthn spec lets RPs ask to specifically get direct attestation certificates
during credential creation using the "Attestation Conveyance Preference" [1].
This change adds that field into the WebIDL and ignores it for now. This is
pre-work to Bug #1430150 which will make this useful (which in turn requires
Bug #1416056's support for anonymizing those attestation certificates).
[1] https://www.w3.org/TR/webauthn/#attestation-convey
MozReview-Commit-ID: 763vaAMv48z
Summary:
Add support for PublicKeyCredentialRequestOptions.userVerification. For now
this basically means that we'll abort the operation with NotAllowed, as we
don't support user verification yet.
Pass PublicKeyCredentialDescriptor.transports through to the token manager
implementations. The softoken will ignore those and pretend to support all
transports defined by the spec. The USB HID token will check for the "usb"
transport and either ignore credentials accordingly, or abort the operation.
Note: The `UserVerificationRequirement` in WebIDL is defined at https://w3c.github.io/webauthn/#assertion-options
Reviewers: jcj, smaug
Reviewed By: jcj, smaug
Bug #: 1406467
Differential Revision: https://phabricator.services.mozilla.com/D338
Summary:
We currently implement no platform authenticators, so this would always
resolve to false. For those cases, the spec recommends a resolve timeout
on the order of 10 minutes to avoid fingerprinting.
A simple solution is thus to never resolve the promise, otherwise we'd
have to track every single call to this method along with a promise
and timer to resolve it after exactly X minutes.
A Relying Party has to deal with a non-response in a timely fashion, so
we can keep this as-is (and not resolve) even when we support platform
authenticators but they're not available, or a user rejects a website's
request to use them.
Reviewers: jcj, smaug
Reviewed By: jcj, smaug
Bug #: 1406468
Differential Revision: https://phabricator.services.mozilla.com/D217
The WD-06 (and later) WebAuthn specs choose to move to integer algorithm
identifiers for the signatures [1], with a handful of algorithms identified [2].
U2F devices only support ES256 (e.g., COSE ID "-7"), so that's all that is
implemented here.
Note that the spec also now requires that we accept empty lists of parameters,
and in that case, the RP says they aren't picky, so this changes what happens
when the parameter list is empty (but still aborts when the list is non-empty
but doesn't have anything we can use) [3].
There's a follow-on to move parameter-validation logic into the U2FTokenManager
in Bug 1409220.
[1] https://w3c.github.io/webauthn/#dictdef-publickeycredentialparameters
[2] https://w3c.github.io/webauthn/#alg-identifier
[3] https://w3c.github.io/webauthn/#createCredential bullet #12
MozReview-Commit-ID: KgL7mQ9u1uq
Reorder WebAuthentication.webidl to match the ordering of the IDL index in
the Web Authentication spec. No normative changes.
MozReview-Commit-ID: 7qPE60Qh7Ly
This covers these renames:
* In CollectedClientData, hashAlg => hashAlgorithm
* In CollectedClientData, tokenBinding => tokenBindingId
* In MakePublicKeyCredentialOptions, parameters => pubKeyCredParams
* In MakePublicKeyCredentialOptions, excludeList => excludeCredentials
* In PublicKeyCredentialRequestOptions, allowList => allowCredentials
* Transport (WebAuthnTransport in Gecko) => AuthenticatorTransport
MozReview-Commit-ID: 3FdRnkosy83
This covers these renames:
* In PublicKeyCredentialParameters, algorithm => alg
* MakeCredentialOptions => MakePublicKeyCredentialOptions
* PublicKeyCredentialEntity => PublicKeyCredentialRpEntity
* Attachment => AuthenticatorAttachment
It sets a default excludeList and allowList for the make / get options.
It adds the method isPlatformAuthenticatorAvailable which is incomplete and
not callable, to be completed in Bug 1406468.
Adds type PublicKeyCredentialRpEntity.
Adds "userId" to AuthenticatorAssertionResponse.
Adds "id" as a buffer source to PublicKeyCredentialUserEntity and as a
DOMString to PublicKeyCredentialRpEntity, refactoring out the "id" field
from the parent PublicKeyCredentialEntity.
It also adds a simple enforcement per spec 4.4.3 "User Account Parameters for
Credential Generation" that the new user ID buffer, if set, be no more than
64 bytes long. I mostly added it here so I could adjust the tests all at once
in this commit.
MozReview-Commit-ID: IHUdGVoWocq
Most of the WebIDL objects for the current editor's draft of Web Authentication
are annotated as [SameObject], which won't affect interop based on WD-05 [1].
We should go ahead and annotate ours that way.
[1] https://w3c.github.io/webauthn/#idl-index
MozReview-Commit-ID: 2T2YR3g66nC
Should have happened in Bug 1309284 but was missed since test_interfaces'
scheme wasn't https.
Update: Disable all WebAuthn webidl interfaces.
MozReview-Commit-ID: CSeGLoIGKvf
This patch implements the W3C Web Authentication API from
https://www.w3.org/TR/webauthn/, currently the 28 September 2016
working draft.
It utilizes a tentative binding of the U2F NSS Soft Token to provide
authentication services while waiting on Bug 1245527 to support USB HID-based
U2F tokens. This binding is not in the specification yet, so it should be
considered an experiment to help the specification move fowrard.
There are also a handful of deviations from the specification's WebIDL, which
are annotated with comments in WebAuthentication.webidl.
There are no tests in this commit; they are in Part 4 of this commit series.
There is a small script online at https://webauthn.bin.coffee/ to exercise this
code, but it doesn't do any automated checks.
There are also a handful of TODOS:
1) The algorithm to relax the same-origin restriction is in Part 3.
2) The use of AlgorithmIdentifier and having a way to coerce an object to a
string is still missing.
3) Timeouts and deadlines aren't there, and are pending reworking how
the nsIU2FToken interface works.
UPDATED:
- Address qdot, keeler review comments (thanks!)
- Address more qdot, keeler review comments (thanks!)
MozReview-Commit-ID: JITapI38iOh
