Closed
Bug 1225968
Opened 9 years ago
Closed 9 years ago
Push message encryption change
Categories
(Core :: DOM: Push Subscriptions, defect)
Core
DOM: Push Subscriptions
Tracking
()
RESOLVED
FIXED
mozilla45
People
(Reporter: mt, Assigned: mt)
References
(Blocks 1 open bug)
Details
Attachments
(4 files)
Unfortunately, the final details are not settled, but here is the WIP: https://github.com/webpush-wg/webpush-encryption/pull/4 This is the head of a wide tree of changes. Once we sort out where the secret is mixed in, we can finalize this.
Assignee | ||
Comment 1•9 years ago
|
||
Bug 1225968 - Add authentication secret to push API, r?kcambridge
Assignee | ||
Comment 2•9 years ago
|
||
Comment on attachment 8689248 [details] MozReview Request: Bug 1225968 - Add authentication secret to push API, r=kitcambridge,smaug This isn't a review request yet, because I haven't added any actual tests. I need to do some crypto work first. That and the fact that I haven't sorted out the spec issues yet.
Attachment #8689248 -
Flags: feedback?(kcambridge)
Assignee | ||
Comment 3•9 years ago
|
||
Comment on attachment 8689248 [details] MozReview Request: Bug 1225968 - Add authentication secret to push API, r=kitcambridge,smaug Review request updated; see interdiff: https://reviewboard.mozilla.org/r/25583/diff/1-2/
Attachment #8689248 -
Flags: feedback?(kcambridge) → review?(kcambridge)
Assignee | ||
Comment 4•9 years ago
|
||
Bug 1225968 - Refactor data delivery tests to support addition of new tests, r?kcambridge
Attachment #8690272 -
Flags: review?(kcambridge)
Assignee | ||
Comment 5•9 years ago
|
||
Bug 1225968 - Refactoring to move some of the push crypto logic, r?kcambridge
Attachment #8690273 -
Flags: review?(kcambridge)
Assignee | ||
Comment 6•9 years ago
|
||
Bug 1225968 - Adding more messages to the push message tests, r?kcambridge
Attachment #8690274 -
Flags: review?(kcambridge)
Assignee | ||
Comment 7•9 years ago
|
||
Latest proposal is here: https://github.com/w3c/push-api/issues/174 https://github.com/webpush-wg/webpush-encryption/pull/4 https://github.com/martinthomson/http-encryption/pull/5 All of which need to be considered together. I'm looking to merge all of those shortly.
Assignee | ||
Comment 8•9 years ago
|
||
This is rare enough that I have to highlight it: ALL GREEN: https://treeherder.mozilla.org/#/jobs?repo=try&revision=a7658864fda1
Updated•9 years ago
|
status-firefox44:
--- → affected
Comment 9•9 years ago
|
||
Comment on attachment 8690272 [details] MozReview Request: Bug 1225968 - Refactor data delivery tests to support addition of new tests, r=kitcambridge https://reviewboard.mozilla.org/r/25821/#review24117 Looks good, thanks for doing this! ::: dom/push/test/xpcshell/test_notification_data.js:178 (Diff revision 1) > + dump("push-ack\n"); Leftover debugging?
Attachment #8690272 -
Flags: review?(kcambridge) → review+
Comment 10•9 years ago
|
||
Comment on attachment 8690273 [details] MozReview Request: Bug 1225968 - Refactoring to move some of the push crypto logic, r=kitcambridge https://reviewboard.mozilla.org/r/25823/#review24119
Attachment #8690273 -
Flags: review?(kcambridge) → review+
Comment 11•9 years ago
|
||
Comment on attachment 8690274 [details] MozReview Request: Bug 1225968 - Adding more messages to the push message tests, r=kitcambridge https://reviewboard.mozilla.org/r/25825/#review24125
Attachment #8690274 -
Flags: review?(kcambridge) → review+
Updated•9 years ago
|
Attachment #8689248 -
Flags: review?(kcambridge) → review+
Comment 12•9 years ago
|
||
Comment on attachment 8689248 [details] MozReview Request: Bug 1225968 - Add authentication secret to push API, r=kitcambridge,smaug https://reviewboard.mozilla.org/r/25583/#review23521 This looks good to me; just noted a few nits and questions. ::: dom/push/PushCrypto.jsm:17 (Diff revision 2) > -var NONCE_INFO = new TextEncoder('utf-8').encode('Content-Encoding: nonce'); > +var ENCRYPT_INFO = UTF8.encode('Content-Encoding: aesgcm128'); Just to make sure I understand... If we have a secret, the context for encryption and HKDF will be `'Content-Encoding: aesgcm128\0P-256\0{length(recipientKey)}{recipientKey}{length(senderKey)}{senderKey}`. Otherwise, it's just `Content-Encoding: aesgcm128`, as before. Is that right? ::: dom/push/PushCrypto.jsm:223 (Diff revision 2) > + this._encodeLength(receiverKey), receiverKey, You mention this is the "encoded public key of the recipient" in the spec, but it looks like this is the Base64-decoded buffer. Does "encoded" mean something different in that context? ::: dom/push/PushManager.cpp:198 (Diff revision 2) > + authSecret.SetLength(sekrit.Length()); I think you can merge these two calls into `authSecret.InsertElementsAt(0, sekrit.Data(), sekrit.Length())`. ::: dom/push/PushManager.cpp:322 (Diff revision 2) > + const ArrayBuffer& sekrit = aAuthSecret.Value(); :-) ::: dom/push/PushManager.cpp:637 (Diff revision 2) > + return OnPushEndpoint(aStatus, EmptyString(), 0, nullptr, 0, nullptr); Looks like we ignore the return value. Could you make this `Unused << NS_WARN_IF(NS_FAILED(...))`, please? ::: dom/push/PushService.jsm:791 (Diff revision 2) > + if (!record.authenticationSecret) { I think we'll want to call `updateRecordAndNotifyApp` for this case, too.
Assignee | ||
Comment 13•9 years ago
|
||
https://reviewboard.mozilla.org/r/25583/#review23521 > Just to make sure I understand... > > If we have a secret, the context for encryption and HKDF will be `'Content-Encoding: aesgcm128\0P-256\0{length(recipientKey)}{recipientKey}{length(senderKey)}{senderKey}`. > > Otherwise, it's just `Content-Encoding: aesgcm128`, as before. Is that right? Yes, I have added a comment to the key derivation function to explain that. It's pretty detailed. > You mention this is the "encoded public key of the recipient" in the spec, but it looks like this is the Base64-decoded buffer. Does "encoded" mean something different in that context? Oh, I hope that it isn't base64 encoded. It's the raw byte encoded form. I should patch the spec there to make it clear.
Assignee | ||
Comment 14•9 years ago
|
||
Comment on attachment 8689248 [details] MozReview Request: Bug 1225968 - Add authentication secret to push API, r=kitcambridge,smaug Review request updated; see interdiff: https://reviewboard.mozilla.org/r/25583/diff/2-3/
Attachment #8689248 -
Attachment description: MozReview Request: Bug 1225968 - Add authentication secret to push API, r?kcambridge → MozReview Request: Bug 1225968 - Add authentication secret to push API, r=kitcambridge
Assignee | ||
Comment 15•9 years ago
|
||
Comment on attachment 8690272 [details] MozReview Request: Bug 1225968 - Refactor data delivery tests to support addition of new tests, r=kitcambridge Review request updated; see interdiff: https://reviewboard.mozilla.org/r/25821/diff/1-2/
Attachment #8690272 -
Attachment description: MozReview Request: Bug 1225968 - Refactor data delivery tests to support addition of new tests, r?kcambridge → MozReview Request: Bug 1225968 - Refactor data delivery tests to support addition of new tests, r=kitcambridge
Assignee | ||
Comment 16•9 years ago
|
||
Comment on attachment 8690273 [details] MozReview Request: Bug 1225968 - Refactoring to move some of the push crypto logic, r=kitcambridge Review request updated; see interdiff: https://reviewboard.mozilla.org/r/25823/diff/1-2/
Attachment #8690273 -
Attachment description: MozReview Request: Bug 1225968 - Refactoring to move some of the push crypto logic, r?kcambridge → MozReview Request: Bug 1225968 - Refactoring to move some of the push crypto logic, r=kitcambridge
Assignee | ||
Updated•9 years ago
|
Attachment #8690274 -
Attachment description: MozReview Request: Bug 1225968 - Adding more messages to the push message tests, r?kcambridge → MozReview Request: Bug 1225968 - Adding more messages to the push message tests, r=kitcambridge
Assignee | ||
Comment 17•9 years ago
|
||
Comment on attachment 8690274 [details] MozReview Request: Bug 1225968 - Adding more messages to the push message tests, r=kitcambridge Review request updated; see interdiff: https://reviewboard.mozilla.org/r/25825/diff/1-2/
Assignee | ||
Updated•9 years ago
|
Attachment #8689248 -
Attachment description: MozReview Request: Bug 1225968 - Add authentication secret to push API, r=kitcambridge → MozReview Request: Bug 1225968 - Add authentication secret to push API, r=kitcambridge?smaug
Attachment #8689248 -
Flags: review?(bugs)
Assignee | ||
Comment 18•9 years ago
|
||
Comment on attachment 8689248 [details] MozReview Request: Bug 1225968 - Add authentication secret to push API, r=kitcambridge,smaug Review request updated; see interdiff: https://reviewboard.mozilla.org/r/25583/diff/3-4/
Assignee | ||
Comment 19•9 years ago
|
||
Smaug, the webidl changes are pretty minimal. The spec has a PR that describes the changes here: https://github.com/w3c/push-api/pull/174 (I'm confirming that the changes it depends on are OK before proceeding.)
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → martin.thomson
Comment 20•9 years ago
|
||
Comment on attachment 8689248 [details] MozReview Request: Bug 1225968 - Add authentication secret to push API, r=kitcambridge,smaug https://reviewboard.mozilla.org/r/25583/#review24557 ::: dom/webidl/PushSubscription.webidl:19 (Diff revision 3) > - ChromeConstructor(DOMString pushEndpoint, DOMString scope, ArrayBuffer? key)] > + ChromeConstructor(DOMString pushEndpoint, DOMString scope, Just wondering if we'll want to use some dictionary as the only constructor param, and not adding more and more parameters. up to you (and definitely no need to add the dictionary in this bug)
Attachment #8689248 -
Flags: review?(bugs) → review+
Assignee | ||
Comment 21•9 years ago
|
||
Yeah, a dictionary is probably a good idea. It's right at the threshold now.
Assignee | ||
Comment 22•9 years ago
|
||
Comment on attachment 8689248 [details] MozReview Request: Bug 1225968 - Add authentication secret to push API, r=kitcambridge,smaug Review request updated; see interdiff: https://reviewboard.mozilla.org/r/25583/diff/3-4/
Attachment #8689248 -
Attachment description: MozReview Request: Bug 1225968 - Add authentication secret to push API, r=kitcambridge?smaug → MozReview Request: Bug 1225968 - Add authentication secret to push API, r=kitcambridge,smaug
Assignee | ||
Comment 23•9 years ago
|
||
Comment on attachment 8690272 [details] MozReview Request: Bug 1225968 - Refactor data delivery tests to support addition of new tests, r=kitcambridge Review request updated; see interdiff: https://reviewboard.mozilla.org/r/25821/diff/2-3/
Assignee | ||
Comment 24•9 years ago
|
||
Comment on attachment 8690273 [details] MozReview Request: Bug 1225968 - Refactoring to move some of the push crypto logic, r=kitcambridge Review request updated; see interdiff: https://reviewboard.mozilla.org/r/25823/diff/2-3/
Assignee | ||
Comment 25•9 years ago
|
||
Comment on attachment 8690274 [details] MozReview Request: Bug 1225968 - Adding more messages to the push message tests, r=kitcambridge Review request updated; see interdiff: https://reviewboard.mozilla.org/r/25825/diff/2-3/
Assignee | ||
Comment 26•9 years ago
|
||
Comment on attachment 8689248 [details] MozReview Request: Bug 1225968 - Add authentication secret to push API, r=kitcambridge,smaug Review request updated; see interdiff: https://reviewboard.mozilla.org/r/25583/diff/4-5/
Assignee | ||
Comment 27•9 years ago
|
||
Comment on attachment 8690272 [details] MozReview Request: Bug 1225968 - Refactor data delivery tests to support addition of new tests, r=kitcambridge Review request updated; see interdiff: https://reviewboard.mozilla.org/r/25821/diff/3-4/
Assignee | ||
Comment 28•9 years ago
|
||
Comment on attachment 8690273 [details] MozReview Request: Bug 1225968 - Refactoring to move some of the push crypto logic, r=kitcambridge Review request updated; see interdiff: https://reviewboard.mozilla.org/r/25823/diff/3-4/
Assignee | ||
Comment 29•9 years ago
|
||
Comment on attachment 8690274 [details] MozReview Request: Bug 1225968 - Adding more messages to the push message tests, r=kitcambridge Review request updated; see interdiff: https://reviewboard.mozilla.org/r/25825/diff/3-4/
Comment 31•9 years ago
|
||
this causes during checkin: remote: *************************** ERROR *************************** remote: Push rejected because the following IDL interfaces were remote: modified without changing the UUID: remote: - nsIPushEndpointCallback in changeset 900b71dcd7f6 remote: remote: To update the UUID for all of the above interfaces and their remote: descendants, run: remote: ./mach update-uuids nsIPushEndpointCallback can you take a look, thanks!
Flags: needinfo?(martin.thomson)
Assignee | ||
Comment 32•9 years ago
|
||
It would be really nice if there were some way to catch that before this point. Sorry about not catching it myself. Since I'm there I'll check this in myself :)
Flags: needinfo?(martin.thomson)
Keywords: checkin-needed
Comment 33•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/99dd62654b77 https://hg.mozilla.org/integration/mozilla-inbound/rev/065e03c7e416 https://hg.mozilla.org/integration/mozilla-inbound/rev/9d619f945154 https://hg.mozilla.org/integration/mozilla-inbound/rev/c456aa0d72e4
Comment 34•9 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/99dd62654b77 https://hg.mozilla.org/mozilla-central/rev/065e03c7e416 https://hg.mozilla.org/mozilla-central/rev/9d619f945154 https://hg.mozilla.org/mozilla-central/rev/c456aa0d72e4
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox45:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
You need to log in
before you can comment on or make changes to this bug.
Description
•