cryptotoken: incorporate attestation-certificate scrubbing option.

This allows the Relying Party to request that a token's attestation certificate be replaced with a randomly-generated certificate. The default behavior is unchanged. BUG=780299 Cq-Include-Trybots: master.tryserver.chromium.linux:closure_compilation Change-Id: I98d6a94399ac1896b6893c8c080f874d66b818b3 Reviewed-on: https://chromium-review.googlesource.com/804978Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Reviewed-by: Adam Langley <agl@chromium.org> Commit-Queue: Matt Braithwaite <mab@google.com> Cr-Commit-Position: refs/heads/master@{#521934}

cryptotoken: incorporate attestation-certificate scrubbing option.
This allows the Relying Party to request that a token's attestation certificate be replaced with a randomly-generated certificate. The default behavior is unchanged. BUG=780299 Cq-Include-Trybots: master.tryserver.chromium.linux:closure_compilation Change-Id: I98d6a94399ac1896b6893c8c080f874d66b818b3 Reviewed-on: https://chromium-review.googlesource.com/804978Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Reviewed-by: Adam Langley <agl@chromium.org> Commit-Queue: Matt Braithwaite <mab@google.com> Cr-Commit-Position: refs/heads/master@{#521934}
8b88cf61 · Matthew Braithwaite · Commit Bot · bbe89b73 · 8b88cf61 · 8b88cf61
Commit 8b88cf61 authored Dec 06, 2017 by Matthew Braithwaite Committed by Commit Bot Dec 06, 2017
11 changed files
--- a/chrome/browser/resources/component_extension_resources.grd
+++ b/chrome/browser/resources/component_extension_resources.grd
@@ -155,6 +155,7 @@
      <include name="IDR_CRYPTOTOKEN_GNUBBYFACTORY_JS" file="cryptotoken/gnubbyfactory.js" type="BINDATA" />
      <include name="IDR_CRYPTOTOKEN_USBGNUBBYFACTORY_JS" file="cryptotoken/usbgnubbyfactory.js" type="BINDATA" />
      <include name="IDR_CRYPTOTOKEN_DEVICESTATUSCODES_JS" file="cryptotoken/devicestatuscodes.js" type="BINDATA" />
+      <include name="IDR_CRYPTOTOKEN_ASN1_JS" file="cryptotoken/asn1.js" type="BINDATA" />
      <include name="IDR_CRYPTOTOKEN_ENROLLER_JS" file="cryptotoken/enroller.js" type="BINDATA" />
      <include name="IDR_CRYPTOTOKEN_USBENROLLHANDLER_JS" file="cryptotoken/usbenrollhandler.js" type="BINDATA" />
      <include name="IDR_CRYPTOTOKEN_REQUESTQUEUE_JS" file="cryptotoken/requestqueue.js" type="BINDATA" />

--- a/chrome/browser/resources/cryptotoken/.eslintrc.js
+++ b/chrome/browser/resources/cryptotoken/.eslintrc.js
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// This makes "async function" not an error.
+module.exports = {
+  parserOptions: {ecmaVersion: 2017},
+};
--- a/chrome/browser/resources/cryptotoken/asn1.js
+++ b/chrome/browser/resources/cryptotoken/asn1.js
--- a/chrome/browser/resources/cryptotoken/enroller.js
+++ b/chrome/browser/resources/cryptotoken/enroller.js
--- a/chrome/browser/resources/cryptotoken/gnubbies.js
+++ b/chrome/browser/resources/cryptotoken/gnubbies.js
@@ -237,7 +237,7 @@ Gnubbies.INACTIVITY_TIMEOUT_MARGIN_MILLIS = 30000;
 Gnubbies.SYS_TIMER_ = new WindowTimer();

 /**
- * @param {number|undefined} opt_timeoutMillis Timeout in milliseconds
+ * @param {number=} opt_timeoutMillis Timeout in milliseconds
 */
 Gnubbies.prototype.resetInactivityTimer = function(opt_timeoutMillis) {
  var millis = opt_timeoutMillis ?

--- a/chrome/browser/resources/cryptotoken/hidgnubbydevice.js
+++ b/chrome/browser/resources/cryptotoken/hidgnubbydevice.js
@@ -399,7 +399,7 @@ HidGnubbyDevice.prototype.writePump_ = function() {
  var frame = this.txqueue[0];

  var self = this;
-  function transferComplete() {
+  var transferComplete = function() {
    if (chrome.runtime.lastError) {
      console.log(UTIL_fmt('send got lastError:'));
      console.log(UTIL_fmt(chrome.runtime.lastError.message));
@@ -414,7 +414,7 @@ HidGnubbyDevice.prototype.writePump_ = function() {
        self.writePump_();
      }, 0);
    }
-  }
+  };

  var u8 = new Uint8Array(frame);


--- a/chrome/browser/resources/cryptotoken/manifest.json
+++ b/chrome/browser/resources/cryptotoken/manifest.json
@@ -48,6 +48,7 @@
      "factoryregistry.js",
      "closeable.js",
      "requesthelper.js",
+	  "asn1.js",
      "enroller.js",
      "requestqueue.js",
      "signer.js",

--- a/chrome/browser/resources/cryptotoken/sha256.js
+++ b/chrome/browser/resources/cryptotoken/sha256.js
@@ -55,9 +55,9 @@ SHA256.prototype._compress = function(buf) {
  var W = this._W;
  var k = this._k;

-  function _rotr(w, r) {
+  var _rotr = function(w, r) {
    return ((w << (32 - r)) | (w >>> r));
-  }
+  };

  // get 16 big endian words
  for (var i = 0; i < 64; i += 4) {
@@ -147,7 +147,7 @@ SHA256.prototype.updateRange = function(bytes, start, end) {
 * Optionally update the hash with additional arguments, and return the
 * resulting hash value.
 * @param {...*} var_args Data buffers to hash
- * @return {Array<number>} the SHA256 hash value.
+ * @return {!Array<number>} the SHA256 hash value.
 */
 SHA256.prototype.digest = function(var_args) {
  for (var i = 0; i < arguments.length; ++i)

--- a/chrome/browser/resources/cryptotoken/signer.js
+++ b/chrome/browser/resources/cryptotoken/signer.js
@@ -324,7 +324,7 @@ function Signer(timer, sender, errorCb, successCb, opt_logMsgUrl) {
  /** @private {boolean} */
  this.allowHttp_ =
      this.sender_.origin ? this.sender_.origin.indexOf('http://') == 0 : false;
-  /** @private {Closeable} */
+  /** @private {RequestHandler} */
  this.handler_ = null;
 }

@@ -542,10 +542,9 @@ Signer.prototype.helperComplete_ = function(helperReply, opt_source) {
        'helper reported ' + reply.code.toString(16) + ', returning ' +
        reportedError.errorCode));
    // Log non-expected reply codes if we have an url to send them
-    if (reportedError.errorCode == ErrorCodes.OTHER_ERROR) {
-      var logMsg = 'log=u2fsign&rc=' + reply.code.toString(16);
-      if (this.logMsgUrl_)
-        logMessage(logMsg, this.logMsgUrl_);
+    if ((reportedError.errorCode == ErrorCodes.OTHER_ERROR) &&
+        this.logMsgUrl_) {
+      logMessage('log=u2fsign&rc=' + reply.code.toString(16), this.logMsgUrl_);
    }
    this.notifyError_(reportedError);
  } else {

--- a/chrome/browser/resources/cryptotoken/usbgnubbydevice.js
+++ b/chrome/browser/resources/cryptotoken/usbgnubbydevice.js
@@ -276,7 +276,7 @@ UsbGnubbyDevice.prototype.writeOneRequest_ = function() {
  var frame = this.txqueue[0];

  var self = this;
-  function OutTransferComplete(x) {
+  var OutTransferComplete = function(x) {
    self.outTransferPending = false;

    if (!self.readyToUse_())
@@ -294,7 +294,7 @@ UsbGnubbyDevice.prototype.writeOneRequest_ = function() {
    window.setTimeout(function() {
      self.readOneReply_();
    }, 0);
-  }
+  };

  var u8 = new Uint8Array(frame);


--- a/chrome/browser/resources/cryptotoken/webrequest.js
+++ b/chrome/browser/resources/cryptotoken/webrequest.js
@@ -243,7 +243,7 @@ function sendResponseOnce(sentResponse, closeable, response, sendResponse) {

 /**
 * @param {!string} string Input string
- * @return {Array<number>} SHA256 hash value of string.
+ * @return {!Array<number>} SHA256 hash value of string.
 */
 function sha256HashOfString(string) {
  var s = new SHA256();