Bug 1323339 - Add WebAuthnManager and support IPC Child classes; r=jcj r=baku

Takes functionality once in the WebAuthentication DOM class that needs
to be handled by the content process, and moves it to a
singleton (per-content-process) manager class. This allows the
WebAuthn API to centralize management of transactions and IPC
channels. Patch also creates the child (content-process) classes for
WebAuthn IPC channels.

MozReview-Commit-ID: 6ju2LK8lvNR

Author: qdot

dom/webauthn/WebAuthnManager.cpp

@@ -0,0 +1,127 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_dom_WebAuthnManager_h
+#define mozilla_dom_WebAuthnManager_h
+
+#include "nsIIPCBackgroundChildCreateCallback.h"
+#include "mozilla/MozPromise.h"
+#include "mozilla/dom/PWebAuthnTransaction.h"
+
+/*
+ * Content process manager for the WebAuthn protocol. Created on calls to the
+ * WebAuthentication DOM object, this manager handles establishing IPC channels
+ * for WebAuthn transactions, as well as keeping track of JS Promise objects
+ * representing transactions in flight.
+ *
+ * The WebAuthn spec (https://www.w3.org/TR/webauthn/) allows for two different
+ * types of transactions: registration and signing. When either of these is
+ * requested via the DOM API, the following steps are executed in the
+ * WebAuthnManager:
+ *
+ * - Validation of the request. Return a failed promise to js if request does
+ *   not have correct parameters.
+ *
+ * - If request is valid, open a new IPC channel for running the transaction. If
+ *   another transaction is already running in this content process, cancel it.
+ *   Return a pending promise to js.
+ *
+ * - Send transaction information to parent process (by running the Start*
+ *   functions of WebAuthnManager). Assuming another transaction is currently in
+ *   flight in another content process, parent will handle canceling it.
+ *
+ * - On return of successful transaction information from parent process, turn
+ *   information into DOM object format required by spec, and resolve promise
+ *   (by running the Finish* functions of WebAuthnManager). On cancellation
+ *   request from parent, reject promise with corresponding error code. Either
+ *   outcome will also close the IPC channel.
+ *
+ */
+
+namespace mozilla {
+namespace dom {
+
+struct Account;
+class ArrayBufferViewOrArrayBuffer;
+struct AssertionOptions;
+class OwningArrayBufferViewOrArrayBuffer;
+struct ScopedCredentialOptions;
+struct ScopedCredentialParameters;
+class Promise;
+class WebAuthnTransactionChild;
+class WebAuthnTransactionInfo;
+
+class WebAuthnManager final : public nsIIPCBackgroundChildCreateCallback
+{
+public:
+  NS_DECL_ISUPPORTS
+  static WebAuthnManager* GetOrCreate();
+  static WebAuthnManager* Get();
+
+  void
+  FinishMakeCredential(nsTArray<uint8_t>& aRegBuffer,
+                       nsTArray<uint8_t>& aSigBuffer);
+
+  void
+  FinishGetAssertion(nsTArray<uint8_t>& aCredentialId,
+                     nsTArray<uint8_t>& aSigBuffer);
+
+  void
+  Cancel(const nsresult& aError);
+
+  already_AddRefed<Promise>
+  MakeCredential(nsPIDOMWindowInner* aParent, JSContext* aCx,
+                 const Account& aAccountInformation,
+                 const Sequence<ScopedCredentialParameters>& aCryptoParameters,
+                 const ArrayBufferViewOrArrayBuffer& aAttestationChallenge,
+                 const ScopedCredentialOptions& aOptions);
+
+  already_AddRefed<Promise>
+  GetAssertion(nsPIDOMWindowInner* aParent,
+               const ArrayBufferViewOrArrayBuffer& aAssertionChallenge,
+               const AssertionOptions& aOptions);
+
+  void StartRegister();
+  void StartSign();
+
+  // nsIIPCbackgroundChildCreateCallback methods
+  void ActorCreated(PBackgroundChild* aActor) override;
+  void ActorFailed() override;
+  void ActorDestroyed();
+private:
+  WebAuthnManager();
+  virtual ~WebAuthnManager();
+
+  void MaybeClearTransaction();
+
+  already_AddRefed<MozPromise<nsresult, nsresult, false>>
+  GetOrCreateBackgroundActor();
+
+  // JS Promise representing transaction status.
+  RefPtr<Promise> mTransactionPromise;
+
+  // IPC Channel for the current transaction.
+  RefPtr<WebAuthnTransactionChild> mChild;
+
+  // Parent of the context we're currently running the transaction in.
+  nsCOMPtr<nsPIDOMWindowInner> mCurrentParent;
+
+  // Client data, stored on successful transaction creation, so that it can be
+  // used to assemble reply objects.
+  Maybe<nsCString> mClientData;
+
+  // Holds the parameters of the current transaction, as we need them both
+  // before the transaction request is sent, and on successful return.
+  Maybe<WebAuthnTransactionInfo> mInfo;
+
+  // Promise for dealing with PBackground Actor creation.
+  MozPromiseHolder<MozPromise<nsresult, nsresult, false>> mPBackgroundCreationPromise;
+};
+
+} // namespace dom
+} // namespace mozilla
+
+#endif // mozilla_dom_WebAuthnManager_h

dom/webauthn/WebAuthnManager.h

@@ -0,0 +1,61 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/dom/WebAuthnTransactionChild.h"
+#include "mozilla/dom/WebAuthnManager.h"
+
+namespace mozilla {
+namespace dom {
+
+WebAuthnTransactionChild::WebAuthnTransactionChild()
+{
+  // Retain a reference so the task object isn't deleted without IPDL's
+  // knowledge. The reference will be released by
+  // mozilla::ipc::BackgroundChildImpl::DeallocPWebAuthnTransactionChild.
+  NS_ADDREF_THIS();
+}
+
+mozilla::ipc::IPCResult
+WebAuthnTransactionChild::RecvConfirmRegister(nsTArray<uint8_t>&& aRegBuffer,
+                                              nsTArray<uint8_t>&& aSigBuffer)
+{
+  RefPtr<WebAuthnManager> mgr = WebAuthnManager::Get();
+  MOZ_ASSERT(mgr);
+  mgr->FinishMakeCredential(aRegBuffer, aSigBuffer);
+  return IPC_OK();
+}
+
+mozilla::ipc::IPCResult
+WebAuthnTransactionChild::RecvConfirmSign(nsTArray<uint8_t>&& aCredentialId,
+                                          nsTArray<uint8_t>&& aBuffer)
+{
+  RefPtr<WebAuthnManager> mgr = WebAuthnManager::Get();
+  MOZ_ASSERT(mgr);
+  mgr->FinishGetAssertion(aCredentialId, aBuffer);
+  return IPC_OK();
+}
+
+mozilla::ipc::IPCResult
+WebAuthnTransactionChild::RecvCancel(const nsresult& aError)
+{
+  RefPtr<WebAuthnManager> mgr = WebAuthnManager::Get();
+  MOZ_ASSERT(mgr);
+  mgr->Cancel(aError);
+  return IPC_OK();
+}
+
+void
+WebAuthnTransactionChild::ActorDestroy(ActorDestroyReason why)
+{
+  RefPtr<WebAuthnManager> mgr = WebAuthnManager::Get();
+  // This could happen after the WebAuthnManager has been shut down.
+  if (mgr) {
+    mgr->ActorDestroyed();
+  }
+}
+
+}
+}

dom/webauthn/WebAuthnTransactionChild.cpp

@@ -0,0 +1,40 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_dom_WebAuthnTransactionChild_h
+#define mozilla_dom_WebAuthnTransactionChild_h
+
+#include "mozilla/dom/PWebAuthnTransactionChild.h"
+
+/*
+ * Child process IPC implementation for WebAuthn API. Receives results of
+ * WebAuthn transactions from the parent process, and sends them to the
+ * WebAuthnManager either cancel the transaction, or be formatted and relayed to
+ * content.
+ */
+
+namespace mozilla {
+namespace dom {
+
+class WebAuthnTransactionChild final : public PWebAuthnTransactionChild
+{
+public:
+  NS_INLINE_DECL_REFCOUNTING(WebAuthnTransactionChild);
+  WebAuthnTransactionChild();
+  mozilla::ipc::IPCResult RecvConfirmRegister(nsTArray<uint8_t>&& aRegBuffer,
+                                              nsTArray<uint8_t>&& aSigBuffer) override;
+  mozilla::ipc::IPCResult RecvConfirmSign(nsTArray<uint8_t>&& aCredentialId,
+                                          nsTArray<uint8_t>&& aBuffer) override;
+  mozilla::ipc::IPCResult RecvCancel(const nsresult& aError) override;
+  void ActorDestroy(ActorDestroyReason why) override;
+private:
+  ~WebAuthnTransactionChild() = default;
+};
+
+}
+}
+
+#endif //mozilla_dom_WebAuthnTransactionChild_h

dom/webauthn/WebAuthnTransactionChild.h

@@ -0,0 +1,131 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/dom/WebAuthnUtil.h"
+#include "pkixutil.h"
+
+namespace mozilla {
+namespace dom {
+
+nsresult
+ReadToCryptoBuffer(pkix::Reader& aSrc, /* out */ CryptoBuffer& aDest,
+                   uint32_t aLen)
+{
+  if (aSrc.EnsureLength(aLen) != pkix::Success) {
+    return NS_ERROR_DOM_UNKNOWN_ERR;
+  }
+
+  aDest.ClearAndRetainStorage();
+
+  for (uint32_t offset = 0; offset < aLen; ++offset) {
+    uint8_t b;
+    if (aSrc.Read(b) != pkix::Success) {
+      return NS_ERROR_DOM_UNKNOWN_ERR;
+    }
+    if (!aDest.AppendElement(b, mozilla::fallible)) {
+      return NS_ERROR_OUT_OF_MEMORY;
+    }
+  }
+
+  return NS_OK;
+}
+
+nsresult
+U2FAssembleAuthenticatorData(/* out */ CryptoBuffer& aAuthenticatorData,
+                             const CryptoBuffer& aRpIdHash,
+                             const CryptoBuffer& aSignatureData)
+{
+  // The AuthenticatorData for U2F devices is the concatenation of the
+  // RP ID with the output of the U2F Sign operation.
+  if (aRpIdHash.Length() != 32) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  if (!aAuthenticatorData.AppendElements(aRpIdHash, mozilla::fallible)) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  if (!aAuthenticatorData.AppendElements(aSignatureData, mozilla::fallible)) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  return NS_OK;
+}
+
+nsresult
+U2FDecomposeRegistrationResponse(const CryptoBuffer& aResponse,
+                                 /* out */ CryptoBuffer& aPubKeyBuf,
+                                 /* out */ CryptoBuffer& aKeyHandleBuf,
+                                 /* out */ CryptoBuffer& aAttestationCertBuf,
+                                 /* out */ CryptoBuffer& aSignatureBuf)
+{
+  // U2F v1.1 Format via
+  // http://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-raw-message-formats-v1.1-id-20160915.html
+  //
+  // Bytes  Value
+  // 1      0x05
+  // 65     public key
+  // 1      key handle length
+  // *      key handle
+  // ASN.1  attestation certificate
+  // *      attestation signature
+
+  pkix::Input u2fResponse;
+  u2fResponse.Init(aResponse.Elements(), aResponse.Length());
+
+  pkix::Reader input(u2fResponse);
+
+  uint8_t b;
+  if (input.Read(b) != pkix::Success) {
+    return NS_ERROR_DOM_UNKNOWN_ERR;
+  }
+  if (b != 0x05) {
+    return NS_ERROR_DOM_UNKNOWN_ERR;
+  }
+
+  nsresult rv = ReadToCryptoBuffer(input, aPubKeyBuf, 65);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  uint8_t handleLen;
+  if (input.Read(handleLen) != pkix::Success) {
+    return NS_ERROR_DOM_UNKNOWN_ERR;
+  }
+
+  rv = ReadToCryptoBuffer(input, aKeyHandleBuf, handleLen);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // We have to parse the ASN.1 SEQUENCE on the outside to determine the cert's
+  // length.
+  pkix::Input cert;
+  if (pkix::der::ExpectTagAndGetValue(input, pkix::der::SEQUENCE, cert)
+      != pkix::Success) {
+    return NS_ERROR_DOM_UNKNOWN_ERR;
+  }
+
+  pkix::Reader certInput(cert);
+  rv = ReadToCryptoBuffer(certInput, aAttestationCertBuf, cert.GetLength());
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // The remainder of u2fResponse is the signature
+  pkix::Input u2fSig;
+  input.SkipToEnd(u2fSig);
+  pkix::Reader sigInput(u2fSig);
+  rv = ReadToCryptoBuffer(sigInput, aSignatureBuf, u2fSig.GetLength());
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+}
+}