diff --git a/.clang-format-ignore b/.clang-format-ignore index 68b577a0bf1b..4097de03209d 100644 --- a/.clang-format-ignore +++ b/.clang-format-ignore @@ -91,6 +91,7 @@ dom/media/webspeech/recognition/energy_endpointer.cc dom/media/webspeech/recognition/energy_endpointer.h dom/media/webspeech/recognition/energy_endpointer_params.cc dom/media/webspeech/recognition/energy_endpointer_params.h +dom/webauthn/cbor-cpp/.* dom/webauthn/winwebauthn/webauthn.h editor/libeditor/tests/browserscope/lib/richtext/.* editor/libeditor/tests/browserscope/lib/richtext2/.* diff --git a/.prettierignore b/.prettierignore index 53f4d71f8140..54d0d1fb3f18 100644 --- a/.prettierignore +++ b/.prettierignore @@ -1299,6 +1299,8 @@ dom/tests/mochitest/ajax/ dom/tests/mochitest/dom-level1-core/ dom/tests/mochitest/dom-level2-core/ dom/tests/mochitest/dom-level2-html/ +dom/u2f/tests/pkijs/ +dom/webauthn/cbor-cpp/ dom/webauthn/tests/pkijs/ dom/webgpu/tests/cts/checkout/ editor/libeditor/tests/browserscope/lib/richtext/ diff --git a/dom/webauthn/AuthenticatorAttestationResponse.cpp b/dom/webauthn/AuthenticatorAttestationResponse.cpp index a98944442235..f2398df4cbdd 100644 --- a/dom/webauthn/AuthenticatorAttestationResponse.cpp +++ b/dom/webauthn/AuthenticatorAttestationResponse.cpp @@ -4,7 +4,6 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#include "AuthrsBridge_ffi.h" #include "mozilla/dom/WebAuthenticationBinding.h" #include "mozilla/dom/AuthenticatorAttestationResponse.h" @@ -54,8 +53,7 @@ JSObject* AuthenticatorAttestationResponse::WrapObject( void AuthenticatorAttestationResponse::GetAttestationObject( JSContext* aCx, JS::MutableHandle aValue, ErrorResult& aRv) { if (!mAttestationObjectCachedObj) { - mAttestationObjectCachedObj = ArrayBuffer::Create( - aCx, mAttestationObject.Length(), mAttestationObject.Elements()); + mAttestationObjectCachedObj = mAttestationObject.ToArrayBuffer(aCx); if (!mAttestationObjectCachedObj) { aRv.NoteJSContextException(aCx); return; @@ -65,88 +63,11 @@ void AuthenticatorAttestationResponse::GetAttestationObject( } nsresult AuthenticatorAttestationResponse::SetAttestationObject( - const nsTArray& aBuffer) { - if (!mAttestationObject.Assign(aBuffer, mozilla::fallible)) { + CryptoBuffer& aBuffer) { + if (NS_WARN_IF(!mAttestationObject.Assign(aBuffer))) { return NS_ERROR_OUT_OF_MEMORY; } - return NS_OK; } -void AuthenticatorAttestationResponse::GetAuthenticatorData( - JSContext* aCx, JS::MutableHandle aValue, ErrorResult& aRv) { - if (!mAttestationObjectParsed) { - nsresult rv = authrs_webauthn_att_obj_constructor( - mAttestationObject, /* anonymize */ false, - getter_AddRefs(mAttestationObjectParsed)); - if (NS_FAILED(rv)) { - aRv.Throw(rv); - return; - } - } - - nsTArray authenticatorData; - nsresult rv = - mAttestationObjectParsed->GetAuthenticatorData(authenticatorData); - if (NS_FAILED(rv)) { - aRv.Throw(rv); - return; - } - - JS::Heap buffer(ArrayBuffer::Create( - aCx, authenticatorData.Length(), authenticatorData.Elements())); - if (!buffer) { - aRv.NoteJSContextException(aCx); - return; - } - aValue.set(buffer); -} - -void AuthenticatorAttestationResponse::GetPublicKey( - JSContext* aCx, JS::MutableHandle aValue, ErrorResult& aRv) { - if (!mAttestationObjectParsed) { - nsresult rv = authrs_webauthn_att_obj_constructor( - mAttestationObject, false, getter_AddRefs(mAttestationObjectParsed)); - if (NS_FAILED(rv)) { - aRv.Throw(rv); - return; - } - } - - nsTArray publicKey; - nsresult rv = mAttestationObjectParsed->GetPublicKey(publicKey); - if (NS_FAILED(rv)) { - if (rv == NS_ERROR_NOT_AVAILABLE) { - aValue.set(nullptr); - } else { - aRv.Throw(NS_ERROR_OUT_OF_MEMORY); - } - return; - } - - JS::Heap buffer( - ArrayBuffer::Create(aCx, publicKey.Length(), publicKey.Elements())); - if (!buffer) { - aRv.NoteJSContextException(aCx); - return; - } - aValue.set(buffer); -} - -COSEAlgorithmIdentifier AuthenticatorAttestationResponse::GetPublicKeyAlgorithm( - ErrorResult& aRv) { - if (!mAttestationObjectParsed) { - nsresult rv = authrs_webauthn_att_obj_constructor( - mAttestationObject, false, getter_AddRefs(mAttestationObjectParsed)); - if (NS_FAILED(rv)) { - aRv.Throw(rv); - return 0; - } - } - - COSEAlgorithmIdentifier alg; - mAttestationObjectParsed->GetPublicKeyAlgorithm(&alg); - return alg; -} - } // namespace mozilla::dom diff --git a/dom/webauthn/AuthenticatorAttestationResponse.h b/dom/webauthn/AuthenticatorAttestationResponse.h index f29764abdd6a..1e46ab76ddee 100644 --- a/dom/webauthn/AuthenticatorAttestationResponse.h +++ b/dom/webauthn/AuthenticatorAttestationResponse.h @@ -11,8 +11,8 @@ #include "mozilla/Attributes.h" #include "mozilla/dom/AuthenticatorResponse.h" #include "mozilla/dom/BindingDeclarations.h" +#include "mozilla/dom/CryptoBuffer.h" #include "nsCycleCollectionParticipant.h" -#include "nsIWebAuthnController.h" #include "nsWrapperCache.h" namespace mozilla::dom { @@ -35,19 +35,10 @@ class AuthenticatorAttestationResponse final : public AuthenticatorResponse { void GetAttestationObject(JSContext* aCx, JS::MutableHandle aValue, ErrorResult& aRv); - nsresult SetAttestationObject(const nsTArray& aBuffer); - - void GetAuthenticatorData(JSContext* aCx, JS::MutableHandle aValue, - ErrorResult& aRv); - - void GetPublicKey(JSContext* aCx, JS::MutableHandle aValue, - ErrorResult& aRv); - - COSEAlgorithmIdentifier GetPublicKeyAlgorithm(ErrorResult& aRv); + nsresult SetAttestationObject(CryptoBuffer& aBuffer); private: - nsTArray mAttestationObject; - nsCOMPtr mAttestationObjectParsed; + CryptoBuffer mAttestationObject; JS::Heap mAttestationObjectCachedObj; }; diff --git a/dom/webauthn/AuthrsBridge_ffi.h b/dom/webauthn/AuthrsBridge_ffi.h deleted file mode 100644 index 3220cedefbcd..000000000000 --- a/dom/webauthn/AuthrsBridge_ffi.h +++ /dev/null @@ -1,23 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef mozilla_dom_AuthrsBridge_ffi_h -#define mozilla_dom_AuthrsBridge_ffi_h - -// TODO(Bug 1850592): Autogenerate this with cbindgen. - -class nsIWebAuthnAttObj; -class nsIWebAuthnTransport; - -extern "C" { - -nsresult authrs_transport_constructor(nsIWebAuthnTransport** result); - -nsresult authrs_webauthn_att_obj_constructor( - const nsTArray& attestation, bool anonymize, - nsIWebAuthnAttObj** result); - -} // extern "C" - -#endif // mozilla_dom_AuthrsBridge_ffi_h diff --git a/dom/webauthn/AuthrsTransport.cpp b/dom/webauthn/AuthrsTransport.cpp index 5c2c38371b74..699cd600eb96 100644 --- a/dom/webauthn/AuthrsTransport.cpp +++ b/dom/webauthn/AuthrsTransport.cpp @@ -3,10 +3,18 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "AuthrsTransport.h" -#include "AuthrsBridge_ffi.h" #include "nsIWebAuthnController.h" #include "nsCOMPtr.h" +namespace { +extern "C" { + +// Implemented in Rust +nsresult authrs_transport_constructor(nsIWebAuthnTransport** result); + +} // extern "C" +} // namespace + namespace mozilla::dom { already_AddRefed NewAuthrsTransport() { diff --git a/dom/webauthn/WebAuthnCBORUtil.cpp b/dom/webauthn/WebAuthnCBORUtil.cpp new file mode 100644 index 000000000000..1dcd750a6e4f --- /dev/null +++ b/dom/webauthn/WebAuthnCBORUtil.cpp @@ -0,0 +1,45 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "cbor-cpp/src/cbor.h" +#include "mozilla/dom/WebAuthnCBORUtil.h" +#include "mozilla/dom/WebAuthnUtil.h" + +namespace mozilla::dom { + +nsresult CBOREncodeNoneAttestationObj(const CryptoBuffer& aAuthDataBuf, + /* out */ CryptoBuffer& aAttestationObj) { + /* + Attestation Object, encoded in CBOR (description is CDDL) + + $$attStmtType //= ( + fmt: "none", + attStmt: emptyMap + ) + + emptyMap = {} + */ + cbor::output_dynamic cborAttOut; + cbor::encoder encoder(cborAttOut); + encoder.write_map(3); + { + encoder.write_string("fmt"); + encoder.write_string("none"); + + encoder.write_string("attStmt"); + encoder.write_map(0); + + encoder.write_string("authData"); + encoder.write_bytes(aAuthDataBuf.Elements(), aAuthDataBuf.Length()); + } + + if (!aAttestationObj.Assign(cborAttOut.data(), cborAttOut.size())) { + return NS_ERROR_OUT_OF_MEMORY; + } + return NS_OK; +} + +} // namespace mozilla::dom diff --git a/dom/webauthn/WebAuthnCBORUtil.h b/dom/webauthn/WebAuthnCBORUtil.h new file mode 100644 index 000000000000..4ff61c33428c --- /dev/null +++ b/dom/webauthn/WebAuthnCBORUtil.h @@ -0,0 +1,22 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_dom_WebAuthnCBORUtil_h +#define mozilla_dom_WebAuthnCBORUtil_h + +/* + * Serialize and deserialize CBOR data formats for WebAuthn + */ + +#include "mozilla/dom/CryptoBuffer.h" + +namespace mozilla::dom { + +nsresult CBOREncodeNoneAttestationObj(const CryptoBuffer& aAuthDataBuf, + /* out */ CryptoBuffer& aAttestationObj); + +} // namespace mozilla::dom +#endif // mozilla_dom_WebAuthnCBORUtil_h diff --git a/dom/webauthn/WebAuthnUtil.cpp b/dom/webauthn/WebAuthnUtil.cpp index b6218601a3f2..59e94cd217d0 100644 --- a/dom/webauthn/WebAuthnUtil.cpp +++ b/dom/webauthn/WebAuthnUtil.cpp @@ -5,6 +5,7 @@ * You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "mozilla/dom/WebAuthnUtil.h" +#include "mozilla/dom/WebAuthnCBORUtil.h" #include "nsComponentManagerUtils.h" #include "nsICryptoHash.h" #include "nsIEffectiveTLDService.h" @@ -107,6 +108,29 @@ bool EvaluateAppID(nsPIDOMWindowInner* aParent, const nsString& aOrigin, return false; } +nsresult ReadToCryptoBuffer(pkix::Reader& aSrc, /* out */ CryptoBuffer& aDest, + uint32_t aLen) { + if (aSrc.EnsureLength(aLen) != pkix::Success) { + return NS_ERROR_DOM_UNKNOWN_ERR; + } + + if (!aDest.SetCapacity(aLen, mozilla::fallible)) { + return NS_ERROR_OUT_OF_MEMORY; + } + + for (uint32_t offset = 0; offset < aLen; ++offset) { + uint8_t b; + if (aSrc.Read(b) != pkix::Success) { + return NS_ERROR_DOM_UNKNOWN_ERR; + } + if (!aDest.AppendElement(b, mozilla::fallible)) { + return NS_ERROR_OUT_OF_MEMORY; + } + } + + return NS_OK; +} + static nsresult HashCString(nsICryptoHash* aHashService, const nsACString& aIn, /* out */ CryptoBuffer& aOut) { MOZ_ASSERT(aHashService); diff --git a/dom/webauthn/WinWebAuthnManager.cpp b/dom/webauthn/WinWebAuthnManager.cpp index 02d69fd1138b..aa330212bfe4 100644 --- a/dom/webauthn/WinWebAuthnManager.cpp +++ b/dom/webauthn/WinWebAuthnManager.cpp @@ -6,6 +6,7 @@ #include "mozilla/Assertions.h" #include "mozilla/dom/PWebAuthnTransactionParent.h" +#include "mozilla/dom/WebAuthnCBORUtil.h" #include "mozilla/MozPromise.h" #include "mozilla/ipc/BackgroundParent.h" #include "mozilla/ClearOnShutdown.h" @@ -13,7 +14,6 @@ #include "mozilla/Unused.h" #include "nsTextFormatter.h" #include "nsWindowsHelpers.h" -#include "AuthrsBridge_ffi.h" #include "WebAuthnEnumStrings.h" #include "WebAuthnTransportIdentifiers.h" #include "winwebauthn/webauthn.h" @@ -426,30 +426,21 @@ void WinWebAuthnManager::Register( pWebAuthNCredentialAttestation->cbAuthenticatorData); nsTArray attObject; - attObject.AppendElements( - pWebAuthNCredentialAttestation->pbAttestationObject, - pWebAuthNCredentialAttestation->cbAttestationObject); - if (winAttestation == WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_NONE) { - // The anonymize flag in the nsIWebAuthnAttObj constructor causes the - // attestation statement to be removed during deserialization. It also - // causes the AAGUID to be zeroed out. If we can't deserialize the - // existing attestation, then we can't ensure that it is anonymized, so we - // act as though the user denied consent and we return NotAllowed. - nsCOMPtr anonymizedAttObj; - nsresult rv = authrs_webauthn_att_obj_constructor( - attObject, - /* anonymize */ true, getter_AddRefs(anonymizedAttObj)); - if (NS_FAILED(rv)) { - MaybeAbortRegister(aTransactionId, NS_ERROR_DOM_NOT_ALLOWED_ERR); - return; - } - attObject.Clear(); - rv = anonymizedAttObj->GetAttestationObject(attObject); - if (NS_FAILED(rv)) { - MaybeAbortRegister(aTransactionId, NS_ERROR_DOM_NOT_ALLOWED_ERR); - return; - } + // Zero AAGuid + const uint8_t zeroGuid[16] = {0}; + authenticatorData.ReplaceElementsAt(32 + 1 + 4 /*AAGuid offset*/, 16, + zeroGuid, 16); + + CryptoBuffer authData; + authData.Assign(authenticatorData); + CryptoBuffer noneAttObj; + CBOREncodeNoneAttestationObj(authData, noneAttObj); + attObject.AppendElements(noneAttObj); + } else { + attObject.AppendElements( + pWebAuthNCredentialAttestation->pbAttestationObject, + pWebAuthNCredentialAttestation->cbAttestationObject); } nsTArray extensions; diff --git a/dom/webauthn/authrs_bridge/src/lib.rs b/dom/webauthn/authrs_bridge/src/lib.rs index 1821e4cb5c20..f1e13e87b5ed 100644 --- a/dom/webauthn/authrs_bridge/src/lib.rs +++ b/dom/webauthn/authrs_bridge/src/lib.rs @@ -10,8 +10,6 @@ extern crate xpcom; use authenticator::{ authenticatorservice::{RegisterArgs, SignArgs}, - crypto::COSEKeyType, - ctap2::attestation::AttestationObject, ctap2::commands::get_info::AuthenticatorVersion, ctap2::server::{ PublicKeyCredentialDescriptor, PublicKeyCredentialParameters, RelyingParty, @@ -37,7 +35,7 @@ use std::sync::{Arc, Mutex}; use thin_vec::ThinVec; use xpcom::interfaces::{ nsICredentialParameters, nsICtapRegisterArgs, nsICtapRegisterResult, nsICtapSignArgs, - nsICtapSignResult, nsIWebAuthnAttObj, nsIWebAuthnController, nsIWebAuthnTransport, + nsICtapSignResult, nsIWebAuthnController, nsIWebAuthnTransport, }; use xpcom::{xpcom_method, RefPtr}; @@ -97,9 +95,13 @@ impl CtapRegisterResult { xpcom_method!(get_attestation_object => GetAttestationObject() -> ThinVec); fn get_attestation_object(&self) -> Result, nsresult> { let mut out = ThinVec::new(); - let make_cred_res = self.result.as_ref().or(Err(NS_ERROR_FAILURE))?; - serde_cbor::to_writer(&mut out, &make_cred_res.att_obj).or(Err(NS_ERROR_FAILURE))?; - Ok(out) + if let Ok(make_cred_res) = &self.result { + if let Ok(encoded_att_obj) = serde_cbor::to_vec(&make_cred_res.att_obj) { + out.extend_from_slice(&encoded_att_obj); + return Ok(out); + } + } + Err(NS_ERROR_FAILURE) } xpcom_method!(get_credential_id => GetCredentialId() -> ThinVec); @@ -107,7 +109,7 @@ impl CtapRegisterResult { let mut out = ThinVec::new(); if let Ok(make_cred_res) = &self.result { if let Some(credential_data) = &make_cred_res.att_obj.auth_data.credential_data { - out.extend_from_slice(&credential_data.credential_id); + out.extend(credential_data.credential_id.clone()); return Ok(out); } } @@ -123,48 +125,6 @@ impl CtapRegisterResult { } } -#[xpcom(implement(nsIWebAuthnAttObj), atomic)] -pub struct WebAuthnAttObj { - att_obj: AttestationObject, -} - -impl WebAuthnAttObj { - xpcom_method!(get_attestation_object => GetAttestationObject() -> ThinVec); - fn get_attestation_object(&self) -> Result, nsresult> { - let mut out = ThinVec::new(); - serde_cbor::to_writer(&mut out, &self.att_obj).or(Err(NS_ERROR_FAILURE))?; - Ok(out) - } - - xpcom_method!(get_authenticator_data => GetAuthenticatorData() -> ThinVec); - fn get_authenticator_data(&self) -> Result, nsresult> { - // TODO(https://github.com/mozilla/authenticator-rs/issues/302) use to_writer - Ok(self.att_obj.auth_data.to_vec().into()) - } - - xpcom_method!(get_public_key => GetPublicKey() -> ThinVec); - fn get_public_key(&self) -> Result, nsresult> { - let Some(credential_data) = &self.att_obj.auth_data.credential_data else { - return Err(NS_ERROR_FAILURE); - }; - // We only support encoding (some) EC2 keys in DER SPKI format. - let COSEKeyType::EC2(ref key) = credential_data.credential_public_key.key else { - return Err(NS_ERROR_NOT_AVAILABLE); - }; - Ok(key.der_spki().or(Err(NS_ERROR_NOT_AVAILABLE))?.into()) - } - - xpcom_method!(get_public_key_algorithm => GetPublicKeyAlgorithm() -> i32); - fn get_public_key_algorithm(&self) -> Result { - if let Some(credential_data) = &self.att_obj.auth_data.credential_data { - // safe to cast to i32 by inspection of defined values - Ok(credential_data.credential_public_key.alg as i32) - } else { - Err(NS_ERROR_FAILURE) - } - } -} - #[xpcom(implement(nsICtapSignResult), atomic)] pub struct CtapSignResult { result: Result, @@ -195,10 +155,16 @@ impl CtapSignResult { xpcom_method!(get_authenticator_data => GetAuthenticatorData() -> ThinVec); fn get_authenticator_data(&self) -> Result, nsresult> { - self.result - .as_ref() - .map(|assertion| assertion.auth_data.to_vec().into()) - .or(Err(NS_ERROR_FAILURE)) + let mut out = ThinVec::new(); + if let Ok(assertion) = &self.result { + let data = match serde_cbor::value::to_value(&assertion.auth_data) { + Ok(serde_cbor::value::Value::Bytes(data)) => data, + _ => return Err(NS_ERROR_FAILURE), + }; + out.extend_from_slice(&data); + return Ok(out); + } + Err(NS_ERROR_FAILURE) } xpcom_method!(get_user_handle => GetUserHandle() -> ThinVec); @@ -230,7 +196,7 @@ impl CtapSignResult { // assertion.auth_data.rp_id_hash let mut out = ThinVec::new(); if let Ok(assertion) = &self.result { - out.extend_from_slice(&assertion.auth_data.rp_id_hash.0); + out.extend(assertion.auth_data.rp_id_hash.0.clone()); return Ok(out); } Err(NS_ERROR_FAILURE) @@ -950,31 +916,3 @@ pub extern "C" fn authrs_transport_constructor( } NS_OK } - -#[no_mangle] -pub extern "C" fn authrs_webauthn_att_obj_constructor( - att_obj_bytes: &ThinVec, - anonymize: bool, - result: *mut *const nsIWebAuthnAttObj, -) -> nsresult { - if result.is_null() { - return NS_ERROR_NULL_POINTER; - } - - let mut att_obj: AttestationObject = match serde_cbor::from_slice(att_obj_bytes) { - Ok(att_obj) => att_obj, - Err(_) => return NS_ERROR_INVALID_ARG, - }; - - if anonymize { - att_obj.anonymize(); - } - - let wrapper = WebAuthnAttObj::allocate(InitWebAuthnAttObj { att_obj }); - - unsafe { - RefPtr::new(wrapper.coerce::()).forget(&mut *result); - } - - NS_OK -} diff --git a/dom/webauthn/authrs_bridge/src/test_token.rs b/dom/webauthn/authrs_bridge/src/test_token.rs index 130414c6e93e..db42eed49e8d 100644 --- a/dom/webauthn/authrs_bridge/src/test_token.rs +++ b/dom/webauthn/authrs_bridge/src/test_token.rs @@ -80,7 +80,10 @@ impl TestTokenCredential { ..Default::default() }); - let mut data = auth_data.to_vec(); + let mut data = match serde_cbor::value::to_value(&auth_data) { + Ok(serde_cbor::value::Value::Bytes(data)) => data, + _ => return Err(HIDError::DeviceError), + }; data.extend_from_slice(client_data_hash.as_ref()); let signature = ecdsa_p256_sha256_sign_raw(&self.privkey, &data).or(Err(HIDError::DeviceError))?; @@ -533,7 +536,10 @@ impl VirtualFidoDevice for TestToken { extensions: Extension::default(), }; - let mut data = auth_data.to_vec(); + let mut data = match serde_cbor::value::to_value(&auth_data) { + Ok(serde_cbor::value::Value::Bytes(data)) => data, + _ => return Err(HIDError::DeviceError), + }; data.extend_from_slice(req.client_data_hash.as_ref()); let sig = ecdsa_p256_sha256_sign_raw(&private, &data).or(Err(HIDError::DeviceError))?; diff --git a/dom/webauthn/cbor-cpp/README.md b/dom/webauthn/cbor-cpp/README.md new file mode 100644 index 000000000000..015cad332586 --- /dev/null +++ b/dom/webauthn/cbor-cpp/README.md @@ -0,0 +1,35 @@ +cbor-cpp +======== + +[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/naphaso/cbor-cpp?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) + +CBOR C++ serialization library + +Just a simple SAX-like Concise Binary Object Representation (CBOR). + +[http://tools.ietf.org/html/rfc7049](http://tools.ietf.org/html/rfc7049) + +#### Examples + +```C++ + cbor::output_dynamic output; + + { //encoding + cbor::encoder encoder(output); + encoder.write_array(5); + { + encoder.write_int(123); + encoder.write_string("bar"); + encoder.write_int(321); + encoder.write_int(321); + encoder.write_string("foo"); + } + } + + { // decoding + cbor::input input(output.data(), output.size()); + cbor::listener_debug listener; + cbor::decoder decoder(input, listener); + decoder.run(); + } +``` diff --git a/dom/webauthn/cbor-cpp/src/LICENSE b/dom/webauthn/cbor-cpp/src/LICENSE new file mode 100644 index 000000000000..261eeb9e9f8b --- /dev/null +++ b/dom/webauthn/cbor-cpp/src/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/dom/webauthn/cbor-cpp/src/README-MOZILLA b/dom/webauthn/cbor-cpp/src/README-MOZILLA new file mode 100644 index 000000000000..7552af4db993 --- /dev/null +++ b/dom/webauthn/cbor-cpp/src/README-MOZILLA @@ -0,0 +1,5 @@ +This library [1] has been stripped down to only the CBOR encoding parts, as there are outstanding issues [2] +related to memory safety for the decoder. + +[1] https://github.com/naphaso/cbor-cpp/ +[2] https://github.com/naphaso/cbor-cpp/issues/8 diff --git a/dom/webauthn/cbor-cpp/src/cbor.h b/dom/webauthn/cbor-cpp/src/cbor.h new file mode 100644 index 000000000000..d0725d166d0b --- /dev/null +++ b/dom/webauthn/cbor-cpp/src/cbor.h @@ -0,0 +1,23 @@ +/* + Copyright 2014-2015 Stanislav Ovsyannikov + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +#ifndef CBOR_CPP_CBOR_H +#define CBOR_CPP_CBOR_H + +#include "encoder.h" +#include "output_dynamic.h" + +#endif //CBOR_CPP_CBOR_H diff --git a/dom/webauthn/cbor-cpp/src/encoder.cpp b/dom/webauthn/cbor-cpp/src/encoder.cpp new file mode 100644 index 000000000000..d88c3f4fa2f1 --- /dev/null +++ b/dom/webauthn/cbor-cpp/src/encoder.cpp @@ -0,0 +1,154 @@ +/* + Copyright 2014-2015 Stanislav Ovsyannikov + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +#include "encoder.h" + +using namespace cbor; + + +encoder::encoder(output &out) { + _out = &out; +} + +encoder::~encoder() { + +} + +void encoder::write_type_value(int major_type, unsigned int value) { + major_type <<= 5; + if(value < 24) { + _out->put_byte((unsigned char) (major_type | value)); + } else if(value < 256) { + _out->put_byte((unsigned char) (major_type | 24)); + _out->put_byte((unsigned char) value); + } else if(value < 65536) { + _out->put_byte((unsigned char) (major_type | 25)); + _out->put_byte((unsigned char) (value >> 8)); + _out->put_byte((unsigned char) value); + } else { + _out->put_byte((unsigned char) (major_type | 26)); + _out->put_byte((unsigned char) (value >> 24)); + _out->put_byte((unsigned char) (value >> 16)); + _out->put_byte((unsigned char) (value >> 8)); + _out->put_byte((unsigned char) value); + } +} + +void encoder::write_type_value(int major_type, unsigned long long value) { + major_type <<= 5; + if(value < 24ULL) { + _out->put_byte((unsigned char) (major_type | value)); + } else if(value < 256ULL) { + _out->put_byte((unsigned char) (major_type | 24)); + _out->put_byte((unsigned char) value); + } else if(value < 65536ULL) { + _out->put_byte((unsigned char) (major_type | 25)); + _out->put_byte((unsigned char) (value >> 8)); + _out->put_byte((unsigned char) value); + } else if(value < 4294967296ULL) { + _out->put_byte((unsigned char) (major_type | 26)); + _out->put_byte((unsigned char) (value >> 24)); + _out->put_byte((unsigned char) (value >> 16)); + _out->put_byte((unsigned char) (value >> 8)); + _out->put_byte((unsigned char) value); + } else { + _out->put_byte((unsigned char) (major_type | 27)); + _out->put_byte((unsigned char) (value >> 56)); + _out->put_byte((unsigned char) (value >> 48)); + _out->put_byte((unsigned char) (value >> 40)); + _out->put_byte((unsigned char) (value >> 32)); + _out->put_byte((unsigned char) (value >> 24)); + _out->put_byte((unsigned char) (value >> 16)); + _out->put_byte((unsigned char) (value >> 8)); + _out->put_byte((unsigned char) value); + } +} + +void encoder::write_int(unsigned int value) { + write_type_value(0, value); +} + +void encoder::write_int(unsigned long long value) { + write_type_value(0, value); +} + +void encoder::write_int(long long value) { + if(value < 0) { + write_type_value(1, (unsigned long long) -(value+1)); + } else { + write_type_value(0, (unsigned long long) value); + } +} + +void encoder::write_int(int value) { + if(value < 0) { + write_type_value(1, (unsigned int) -(value+1)); + } else { + write_type_value(0, (unsigned int) value); + } +} + +void encoder::write_bytes(const unsigned char *data, unsigned int size) { + write_type_value(2, size); + _out->put_bytes(data, size); +} + +void encoder::write_raw(const unsigned char *data, unsigned int size) { + _out->put_bytes(data, size); +} + +void encoder::write_string(const char *data, unsigned int size) { + write_type_value(3, size); + _out->put_bytes((const unsigned char *) data, size); +} + +void encoder::write_string(const std::string str) { + write_type_value(3, (unsigned int) str.size()); + _out->put_bytes((const unsigned char *) str.c_str(), (int) str.size()); +} + + +void encoder::write_array(int size) { + write_type_value(4, (unsigned int) size); +} + +void encoder::write_map(int size) { + write_type_value(5, (unsigned int) size); +} + +void encoder::write_tag(const unsigned int tag) { + write_type_value(6, tag); +} + +void encoder::write_special(int special) { + write_type_value(7, (unsigned int) special); +} + +void encoder::write_bool(bool value) { + if (value == true) { + _out->put_byte((unsigned char) 0xf5); + } else { + _out->put_byte((unsigned char) 0xf4); + } +} + +void encoder::write_null() { + _out->put_byte((unsigned char) 0xf6); +} + +void encoder::write_undefined() { + _out->put_byte((unsigned char) 0xf7); +} diff --git a/dom/webauthn/cbor-cpp/src/encoder.h b/dom/webauthn/cbor-cpp/src/encoder.h new file mode 100644 index 000000000000..4f7038e3f2e1 --- /dev/null +++ b/dom/webauthn/cbor-cpp/src/encoder.h @@ -0,0 +1,70 @@ +/* + Copyright 2014-2015 Stanislav Ovsyannikov + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + +#ifndef __CborEncoder_H_ +#define __CborEncoder_H_ + +#include "output.h" +#include + +namespace cbor { + class encoder { + private: + output *_out; + public: + explicit encoder(output &out); + + ~encoder(); + + void write_bool(bool value); + + void write_int(int value); + + void write_int(long long value); + + void write_int(unsigned int value); + + void write_int(unsigned long long value); + + void write_bytes(const unsigned char *data, unsigned int size); + + void write_raw(const unsigned char *data, unsigned int size); + + void write_string(const char *data, unsigned int size); + + void write_string(const std::string str); + + void write_array(int size); + + void write_map(int size); + + void write_tag(const unsigned int tag); + + void write_special(int special); + + void write_null(); + + void write_undefined(); + + private: + void write_type_value(int major_type, unsigned int value); + + void write_type_value(int major_type, unsigned long long value); + }; +} + +#endif //__CborEncoder_H_ diff --git a/dom/webauthn/cbor-cpp/src/output.h b/dom/webauthn/cbor-cpp/src/output.h new file mode 100644 index 000000000000..0901d956eb2c --- /dev/null +++ b/dom/webauthn/cbor-cpp/src/output.h @@ -0,0 +1,34 @@ +/* + Copyright 2014-2015 Stanislav Ovsyannikov + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + +#ifndef __CborOutput_H_ +#define __CborOutput_H_ + +namespace cbor { + class output { + public: + virtual unsigned char *data() = 0; + + virtual unsigned int size() = 0; + + virtual void put_byte(unsigned char value) = 0; + + virtual void put_bytes(const unsigned char *data, int size) = 0; + }; +} + +#endif //__CborOutput_H_ diff --git a/dom/webauthn/cbor-cpp/src/output_dynamic.cpp b/dom/webauthn/cbor-cpp/src/output_dynamic.cpp new file mode 100644 index 000000000000..a9cf46811260 --- /dev/null +++ b/dom/webauthn/cbor-cpp/src/output_dynamic.cpp @@ -0,0 +1,69 @@ +/* + Copyright 2014-2015 Stanislav Ovsyannikov + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +#include "output_dynamic.h" + +#include +#include + +using namespace cbor; + + +void output_dynamic::init(unsigned int initalCapacity) { + this->_capacity = initalCapacity; + this->_buffer = new unsigned char[initalCapacity]; + this->_offset = 0; +} + +output_dynamic::output_dynamic() { + init(256); +} + +output_dynamic::output_dynamic(unsigned int inital_capacity) { + init(inital_capacity); +} + +output_dynamic::~output_dynamic() { + delete _buffer; +} + +unsigned char *output_dynamic::data() { + return _buffer; +} + +unsigned int output_dynamic::size() { + return _offset; +} + +void output_dynamic::put_byte(unsigned char value) { + if(_offset < _capacity) { + _buffer[_offset++] = value; + } else { + _capacity *= 2; + _buffer = (unsigned char *) realloc(_buffer, _capacity); + _buffer[_offset++] = value; + } +} + +void output_dynamic::put_bytes(const unsigned char *data, int size) { + while(_offset + size > _capacity) { + _capacity *= 2; + _buffer = (unsigned char *) realloc(_buffer, _capacity); + } + + memcpy(_buffer + _offset, data, size); + _offset += size; +} diff --git a/dom/webauthn/cbor-cpp/src/output_dynamic.h b/dom/webauthn/cbor-cpp/src/output_dynamic.h new file mode 100644 index 000000000000..d6c7e460ce5c --- /dev/null +++ b/dom/webauthn/cbor-cpp/src/output_dynamic.h @@ -0,0 +1,51 @@ +/* + Copyright 2014-2015 Stanislav Ovsyannikov + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +#ifndef __CborDynamicOutput_H_ +#define __CborDynamicOutput_H_ + + +#include "output.h" + +namespace cbor { + class output_dynamic : public output { + private: + unsigned char *_buffer; + unsigned int _capacity; + unsigned int _offset; + public: + output_dynamic(); + + explicit output_dynamic(unsigned int inital_capacity); + + ~output_dynamic(); + + virtual unsigned char *data(); + + virtual unsigned int size(); + + virtual void put_byte(unsigned char value); + + virtual void put_bytes(const unsigned char *data, int size); + + private: + void init(unsigned int initalCapacity); + }; +} + + + +#endif //__CborDynamicOutput_H_ diff --git a/dom/webauthn/moz.build b/dom/webauthn/moz.build index b3639491269e..f3cf2cd4b2a1 100644 --- a/dom/webauthn/moz.build +++ b/dom/webauthn/moz.build @@ -24,6 +24,7 @@ EXPORTS.mozilla.dom += [ "PublicKeyCredential.h", "U2FTokenManager.h", "U2FTokenTransport.h", + "WebAuthnCBORUtil.h", "WebAuthnController.h", "WebAuthnManager.h", "WebAuthnManagerBase.h", @@ -38,9 +39,12 @@ UNIFIED_SOURCES += [ "AuthenticatorAttestationResponse.cpp", "AuthenticatorResponse.cpp", "AuthrsTransport.cpp", + "cbor-cpp/src/encoder.cpp", + "cbor-cpp/src/output_dynamic.cpp", "CtapArgs.cpp", "PublicKeyCredential.cpp", "U2FTokenManager.cpp", + "WebAuthnCBORUtil.cpp", "WebAuthnController.cpp", "WebAuthnManager.cpp", "WebAuthnManagerBase.cpp", diff --git a/dom/webauthn/nsIWebAuthnController.idl b/dom/webauthn/nsIWebAuthnController.idl index a1351dc7bc13..f71f57f6b3ec 100644 --- a/dom/webauthn/nsIWebAuthnController.idl +++ b/dom/webauthn/nsIWebAuthnController.idl @@ -123,6 +123,9 @@ interface nsICtapRegisterResult : nsISupports { // Bug 1536155 // readonly attribute Array transports; + // Bug 1816519 + // readonly attribute Array authenticatorData; + // Bug 1816520 // readonly attribute Array publicKey // readonly attribute COSEAlgorithmIdentifier publicKeyAlgorithm; @@ -131,18 +134,6 @@ interface nsICtapRegisterResult : nsISupports { // readonly attribute bool hmacCreateSecret; }; -[uuid(91e41be0-ed73-4a10-b55e-3312319bfddf)] -interface nsIWebAuthnAttObj : nsISupports { - // The serialied attestation object as defined in - // https://www.w3.org/TR/webauthn-2/#sctn-attestation - readonly attribute Array attestationObject; - - readonly attribute Array authenticatorData; - - readonly attribute Array publicKey; - - readonly attribute COSEAlgorithmIdentifier publicKeyAlgorithm; -}; // The nsICtapSignResult interface is used to construct IPDL-defined // WebAuthnGetAssertionResult from either Rust or C++. diff --git a/dom/webidl/WebAuthentication.webidl b/dom/webidl/WebAuthentication.webidl index d2ed99d3f39f..9dbad85b649f 100644 --- a/dom/webidl/WebAuthentication.webidl +++ b/dom/webidl/WebAuthentication.webidl @@ -34,9 +34,6 @@ interface AuthenticatorResponse { Exposed=Window] interface AuthenticatorAttestationResponse : AuthenticatorResponse { [SameObject, Throws] readonly attribute ArrayBuffer attestationObject; - [Throws] ArrayBuffer getAuthenticatorData(); - [Throws] ArrayBuffer? getPublicKey(); - [Throws] COSEAlgorithmIdentifier getPublicKeyAlgorithm(); }; [SecureContext, Pref="security.webauth.webauthn", diff --git a/testing/web-platform/meta/webauthn/createcredential-getpublickey.https.html.ini b/testing/web-platform/meta/webauthn/createcredential-getpublickey.https.html.ini new file mode 100644 index 000000000000..5b48634d2f45 --- /dev/null +++ b/testing/web-platform/meta/webauthn/createcredential-getpublickey.https.html.ini @@ -0,0 +1,3 @@ +[createcredential-getpublickey.https.html] + [WebAuthn getPublicKey] + expected: FAIL diff --git a/tools/rewriting/ThirdPartyPaths.txt b/tools/rewriting/ThirdPartyPaths.txt index 2cdbb977ae7a..5ca21b3b5de9 100644 --- a/tools/rewriting/ThirdPartyPaths.txt +++ b/tools/rewriting/ThirdPartyPaths.txt @@ -53,6 +53,7 @@ dom/tests/mochitest/dom-level1-core/ dom/tests/mochitest/dom-level2-core/ dom/tests/mochitest/dom-level2-html/ dom/u2f/tests/pkijs/ +dom/webauthn/cbor-cpp/ dom/webauthn/tests/pkijs/ dom/webgpu/tests/cts/checkout/ editor/libeditor/tests/browserscope/lib/richtext/