Bug 1275479 - Create nsIU2FToken base interface (Part 2) r=keeler
Create a base "nsIU2FToken" interface that all tokens must implement. This
patch does not change U2F.cpp from initializing tokens monolithically, but
if/when future tokens are added, the implementer may want to do that.
MozReview-Commit-ID: GQuu6NolF4D
--- a/dom/u2f/NSSU2FTokenRemote.cpp
+++ b/dom/u2f/NSSU2FTokenRemote.cpp
@@ -5,33 +5,27 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "mozilla/dom/ContentChild.h"
#include "NSSU2FTokenRemote.h"
using mozilla::dom::ContentChild;
-NS_IMPL_ISUPPORTS(NSSU2FTokenRemote, nsINSSU2FToken)
+NS_IMPL_ISUPPORTS(NSSU2FTokenRemote, nsIU2FToken)
static mozilla::LazyLogModule gWebauthLog("webauth_u2f");
NSSU2FTokenRemote::NSSU2FTokenRemote()
{}
NSSU2FTokenRemote::~NSSU2FTokenRemote()
{}
NS_IMETHODIMP
-NSSU2FTokenRemote::Init()
-{
- return NS_OK;
-}
-
-NS_IMETHODIMP
NSSU2FTokenRemote::IsCompatibleVersion(const nsAString& aVersionString,
bool* aIsCompatible)
{
NS_ENSURE_ARG_POINTER(aIsCompatible);
ContentChild* cc = ContentChild::GetSingleton();
MOZ_ASSERT(cc);
if (!cc->SendNSSU2FTokenIsCompatibleVersion(
--- a/dom/u2f/NSSU2FTokenRemote.h
+++ b/dom/u2f/NSSU2FTokenRemote.h
@@ -2,23 +2,23 @@
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef NSSU2FTokenRemote_h
#define NSSU2FTokenRemote_h
-#include "nsINSSU2FToken.h"
+#include "nsIU2FToken.h"
-class NSSU2FTokenRemote : public nsINSSU2FToken
+class NSSU2FTokenRemote : public nsIU2FToken
{
public:
NS_DECL_ISUPPORTS
- NS_DECL_NSINSSU2FTOKEN
+ NS_DECL_NSIU2FTOKEN
NSSU2FTokenRemote();
private:
virtual ~NSSU2FTokenRemote();
};
#endif // NSSU2FTokenRemote_h
--- a/dom/u2f/U2F.cpp
+++ b/dom/u2f/U2F.cpp
@@ -7,16 +7,17 @@
#include "hasht.h"
#include "mozilla/dom/ContentChild.h"
#include "mozilla/dom/CryptoBuffer.h"
#include "mozilla/dom/NSSU2FTokenRemote.h"
#include "mozilla/dom/U2F.h"
#include "mozilla/dom/U2FBinding.h"
#include "mozilla/Preferences.h"
#include "nsContentUtils.h"
+#include "nsINSSU2FToken.h"
#include "nsNetCID.h"
#include "nsNSSComponent.h"
#include "nsURLParsers.h"
#include "pk11pub.h"
using mozilla::dom::ContentChild;
namespace mozilla {
@@ -585,16 +586,19 @@ U2F::Init(nsPIDOMWindowInner* aParent, E
}
if (!EnsureNSSInitializedChromeOrContent()) {
MOZ_LOG(gWebauthLog, LogLevel::Debug, ("Failed to get NSS context for U2F"));
aRv.Throw(NS_ERROR_FAILURE);
return;
}
+ // Monolithically insert compatible nsIU2FToken objects into mAuthenticators.
+ // In future functionality expansions, this is where we could add a dynamic
+ // add/remove interface.
if (Preferences::GetBool(PREF_U2F_SOFTTOKEN_ENABLED)) {
if (!XRE_IsParentProcess()) {
MOZ_LOG(gWebauthLog, LogLevel::Debug,
("Is e10s Process, getting remote U2F soft token"));
if (!mAuthenticators.AppendElement(new NSSU2FTokenRemote(),
mozilla::fallible)) {
aRv.Throw(NS_ERROR_OUT_OF_MEMORY);
--- a/dom/u2f/U2F.h
+++ b/dom/u2f/U2F.h
@@ -8,17 +8,17 @@
#define mozilla_dom_U2F_h
#include "js/TypeDecls.h"
#include "mozilla/Attributes.h"
#include "mozilla/dom/BindingDeclarations.h"
#include "mozilla/dom/Nullable.h"
#include "mozilla/ErrorResult.h"
#include "nsCycleCollectionParticipant.h"
-#include "nsINSSU2FToken.h"
+#include "nsIU2FToken.h"
#include "nsNSSShutDown.h"
#include "nsPIDOMWindow.h"
#include "nsWrapperCache.h"
#include "USBToken.h"
namespace mozilla {
namespace dom {
@@ -35,17 +35,17 @@ enum class ErrorCode {
OK = 0,
OTHER_ERROR = 1,
BAD_REQUEST = 2,
CONFIGURATION_UNSUPPORTED = 3,
DEVICE_INELIGIBLE = 4,
TIMEOUT = 5
};
-typedef nsCOMPtr<nsINSSU2FToken> Authenticator;
+typedef nsCOMPtr<nsIU2FToken> Authenticator;
class U2FTask : public Runnable
{
public:
U2FTask(const nsAString& aOrigin,
const nsAString& aAppId);
nsString mOrigin;
--- a/security/manager/ssl/moz.build
+++ b/security/manager/ssl/moz.build
@@ -33,16 +33,17 @@ XPIDL_SOURCES += [
'nsIPKCS11Slot.idl',
'nsIProtectedAuthThread.idl',
'nsISecurityUITelemetry.idl',
'nsISiteSecurityService.idl',
'nsISSLStatus.idl',
'nsISSLStatusProvider.idl',
'nsITokenDialogs.idl',
'nsITokenPasswordDialogs.idl',
+ 'nsIU2FToken.idl',
'nsIUserCertPicker.idl',
'nsIWeakCryptoOverride.idl',
'nsIX509Cert.idl',
'nsIX509CertDB.idl',
'nsIX509CertList.idl',
'nsIX509CertValidity.idl',
]
--- a/security/manager/ssl/nsINSSU2FToken.idl
+++ b/security/manager/ssl/nsINSSU2FToken.idl
@@ -1,75 +1,21 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-#include "nsISupports.idl"
+#include "nsIU2FToken.idl"
-interface nsIArray;
/**
* Interface used to interact with the NSS-backed software U2F Token
*/
[scriptable, uuid(d9104a00-140b-4f86-a4b0-4998878ef4e6 )]
-interface nsINSSU2FToken : nsISupports {
+interface nsINSSU2FToken : nsIU2FToken {
/**
* Initializes the token and constructs and persists keys, if needed. Asserts
* that it is only called by the main thread.
*/
void init();
-
- /**
- * Is this token compatible with the provided version?
- *
- * @param version The offered version to test
- * @return True if the offered version is compatible
- */
- void isCompatibleVersion(in AString version, [retval] out boolean result);
-
- /**
- * Return whether the provided KeyHandle belongs to this Token
- *
- * @param keyHandle Key Handle to evaluate.
- * @return True if the Key Handle is ours.
- */
- void isRegistered([array, size_is(keyHandleLen)] in octet keyHandle,
- in uint32_t keyHandleLen,
- [retval] out boolean result);
-
- /**
- * Generates a public/private keypair for the provided application
- * and challenge, returning the pubkey, challenge response, and
- * key handle in the registration data.
- *
- * @param application The FIDO Application data to associate with the key.
- * @param challenge The Challenge to satisfy in the response.
- * @param registration An array containing the pubkey, challenge response,
- * and key handle.
- */
- void register([array, size_is(applicationLen)] in octet application,
- in uint32_t applicationLen,
- [array, size_is(challengeLen)] in octet challenge,
- in uint32_t challengeLen,
- [array, size_is(registrationLen)] out octet registration,
- out uint32_t registrationLen);
-
- /**
- * Creates a signature over the "param" arguments using the private key
- * provided in the key handle argument.
- *
- * @param application The FIDO Application data to associate with the key.
- * @param challenge The Challenge to satisfy in the response.
- * @param keyHandle The Key Handle opaque object to use.
- * @param signature The resulting signature.
- */
- void sign([array, size_is(applicationLen)] in octet application,
- in uint32_t applicationLen,
- [array, size_is(challengeLen)] in octet challenge,
- in uint32_t challengeLen,
- [array, size_is(keyHandleLen)] in octet keyHandle,
- in uint32_t keyHandleLen,
- [array, size_is(signatureLen)] out octet signature,
- out uint32_t signatureLen);
};
%{C++
#define NS_NSSU2FTOKEN_CONTRACTID "@mozilla.org/dom/u2f/nss-u2f-token;1"
%}
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/nsIU2FToken.idl
@@ -0,0 +1,66 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIArray;
+
+/**
+ * Interface used to interact with U2F Token devices
+ */
+[scriptable, uuid(5778242f-1f42-47a2-b514-fa1adde2d904)]
+interface nsIU2FToken : nsISupports {
+ /**
+ * Is this token compatible with the provided version?
+ *
+ * @param version The offered version to test
+ * @return True if the offered version is compatible
+ */
+ void isCompatibleVersion(in AString version, [retval] out boolean result);
+
+ /**
+ * Return whether the provided KeyHandle belongs to this Token
+ *
+ * @param keyHandle Key Handle to evaluate.
+ * @return True if the Key Handle is ours.
+ */
+ void isRegistered([array, size_is(keyHandleLen)] in octet keyHandle,
+ in uint32_t keyHandleLen,
+ [retval] out boolean result);
+
+ /**
+ * Generates a public/private keypair for the provided application
+ * and challenge, returning the pubkey, challenge response, and
+ * key handle in the registration data.
+ *
+ * @param application The FIDO Application data to associate with the key.
+ * @param challenge The Challenge to satisfy in the response.
+ * @param registration An array containing the pubkey, challenge response,
+ * and key handle.
+ */
+ void register([array, size_is(applicationLen)] in octet application,
+ in uint32_t applicationLen,
+ [array, size_is(challengeLen)] in octet challenge,
+ in uint32_t challengeLen,
+ [array, size_is(registrationLen)] out octet registration,
+ out uint32_t registrationLen);
+
+ /**
+ * Creates a signature over the "param" arguments using the private key
+ * provided in the key handle argument.
+ *
+ * @param application The FIDO Application data to associate with the key.
+ * @param challenge The Challenge to satisfy in the response.
+ * @param keyHandle The Key Handle opaque object to use.
+ * @param signature The resulting signature.
+ */
+ void sign([array, size_is(applicationLen)] in octet application,
+ in uint32_t applicationLen,
+ [array, size_is(challengeLen)] in octet challenge,
+ in uint32_t challengeLen,
+ [array, size_is(keyHandleLen)] in octet keyHandle,
+ in uint32_t keyHandleLen,
+ [array, size_is(signatureLen)] out octet signature,
+ out uint32_t signatureLen);
+};
--- a/security/manager/ssl/nsNSSU2FToken.cpp
+++ b/security/manager/ssl/nsNSSU2FToken.cpp
@@ -12,17 +12,17 @@
#include "pk11pub.h"
#include "prerror.h"
#include "secerr.h"
#include "WebCryptoCommon.h"
using namespace mozilla;
using mozilla::dom::CreateECParamsForCurve;
-NS_IMPL_ISUPPORTS(nsNSSU2FToken, nsINSSU2FToken)
+NS_IMPL_ISUPPORTS(nsNSSU2FToken, nsIU2FToken, nsINSSU2FToken)
// Not named "security.webauth.u2f_softtoken_counter" because setting that
// name causes the window.u2f object to disappear until preferences get
// reloaded, as its' pref is a substring!
#define PREF_U2F_NSSTOKEN_COUNTER "security.webauth.softtoken_counter"
const nsCString nsNSSU2FToken::mSecretNickname =
NS_LITERAL_CSTRING("U2F_NSSTOKEN");
--- a/security/manager/ssl/nsNSSU2FToken.h
+++ b/security/manager/ssl/nsNSSU2FToken.h
@@ -15,16 +15,17 @@
#define NS_NSSU2FTOKEN_CID \
{0x79f95a6c, 0xd0f7, 0x4d7d, {0xae, 0xaa, 0xcd, 0x0a, 0x04, 0xb6, 0x50, 0x89}}
class nsNSSU2FToken : public nsINSSU2FToken,
public nsNSSShutDownObject
{
public:
NS_DECL_ISUPPORTS
+ NS_DECL_NSIU2FTOKEN
NS_DECL_NSINSSU2FTOKEN
nsNSSU2FToken();
// For nsNSSShutDownObject
virtual void virtualDestroyNSSReference() override;
void destructorSafeDestroyNSSReference();