Adding upstream version 110.0.1.upstream/110.0.1upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 111 insertions, 0 deletions

diff --git a/dom/u2f/tests/frame_multiple_keys.html b/dom/u2f/tests/frame_multiple_keys.html
new file mode 100644
index 0000000000..d9e9705496
--- /dev/null
+++ b/dom/u2f/tests/frame_multiple_keys.html
@@ -0,0 +1,111 @@
+<!DOCTYPE html>
+<meta charset=utf-8>
+<head>
+  <script type="text/javascript" src="frame_utils.js"></script>
+  <script type="text/javascript" src="u2futil.js"></script>
+</head>
+<body>
+<p>Test for multiple simultaneous key</p>
+<script class="testbody" type="text/javascript">
+"use strict";
+
+function keyHandleFromRegResponse(aRegResponse) {
+  // Parse the response data from the U2F token
+  let registrationData = base64ToBytesUrlSafe(aRegResponse.registrationData);
+  local_is(registrationData[0], 0x05, "Reserved byte is correct")
+
+  let keyHandleLength = registrationData[66];
+  let keyHandleBytes = registrationData.slice(67, 67 + keyHandleLength);
+
+  return {
+    version: "U2F_V2",
+    keyHandle: bytesToBase64UrlSafe(keyHandleBytes),
+  };
+}
+
+let challenge = new Uint8Array(16);
+window.crypto.getRandomValues(challenge);
+
+let regRequest = {
+  version: "U2F_V2",
+  challenge: bytesToBase64UrlSafe(challenge),
+};
+
+let testState = {
+  key1: null,
+  key2: null,
+}
+
+// Just a key that came from a random profile; syntactically valid but not
+// unwrappable.
+let invalidKey = {
+  "version": "U2F_V2",
+  "keyHandle": "rQdreHgHrmKfsnGPAElEP9yfTx6eq2eU3_Y8n0RRsGKML0DY2d1_a8_-sOtxDr3"
+};
+
+async function doTests() {
+  // Ensure the SpecialPowers push worked properly
+  local_isnot(window.u2f, undefined, "U2F API endpoint must exist");
+
+  // Get two valid keys and present them
+  await promiseU2FRegister(window.location.origin, [regRequest], [], function(aRegResponse) {
+    testState.key1 = keyHandleFromRegResponse(aRegResponse);
+  });
+
+  // Get the second key...
+  // It's OK to repeat the regRequest; not material for this test
+  await promiseU2FRegister(window.location.origin, [regRequest], [], function(aRegResponse) {
+    testState.key2 = keyHandleFromRegResponse(aRegResponse);
+  });
+
+  await promiseU2FRegister(window.location.origin, [regRequest],
+                           [invalidKey], function(aRegResponse) {
+    // The invalid key shouldn't match anything, so we should register OK here, too
+    local_is(aRegResponse.errorCode, 0, "The register should have gone through with the invalid key");
+  });
+
+
+  await promiseU2FRegister(window.location.origin, [regRequest],
+                           [invalidKey, testState.key1], function(aRegResponse) {
+    // Expect a failure response since key1 is already registered
+    local_is(aRegResponse.errorCode, 4, "The register should have skipped since there was a valid key");
+  });
+
+  await promiseU2FSign(window.location.origin, bytesToBase64UrlSafe(challenge),
+                  [testState.key1], function(aSignResponse) {
+    local_is(aSignResponse.errorCode, 0, "The signing did not error with one key");
+    local_isnot(aSignResponse.clientData, undefined, "The signing provided clientData with one key");
+  });
+
+  // It's OK to sign with either one
+  await promiseU2FSign(window.location.origin, bytesToBase64UrlSafe(challenge),
+                  [testState.key1, testState.key2], function(aSignResponse) {
+    local_is(aSignResponse.errorCode, 0, "The signing did not error with two keys");
+    local_isnot(aSignResponse.clientData, undefined, "The signing provided clientData with two keys");
+  });
+
+  await promiseU2FSign(window.location.origin, bytesToBase64UrlSafe(challenge),
+                    [invalidKey, testState.key2], function(aSignResponse) {
+    local_is(aSignResponse.errorCode, 0, "The signing did not error when given an invalid key");
+    local_isnot(aSignResponse.clientData, undefined, "The signing provided clientData even when given an invalid key");
+  });
+
+  await promiseU2FSign(window.location.origin, bytesToBase64UrlSafe(challenge),
+                    [testState.key2, invalidKey], function(aSignResponse) {
+    local_is(aSignResponse.errorCode, 0, "The signing did not error when given an invalid key");
+    local_isnot(aSignResponse.clientData, undefined, "The signing provided clientData even when given an invalid key");
+  });
+
+  await promiseU2FSign(window.location.origin, bytesToBase64UrlSafe(challenge),
+                    [invalidKey], function(aSignResponse) {
+    local_is(aSignResponse.errorCode, 4, "The signing couldn't complete with this invalid key");
+    local_is(aSignResponse.clientData, undefined, "The signing shouldn't provide clientData when there's no valid key");
+  });
+
+  local_finished();
+};
+
+doTests();
+</script>
+</body>
+</html>