Closed Bug 1227429 Opened 7 years ago Closed 7 years ago

Request kB generation if needed

Categories

(Firefox OS Graveyard :: Sync, defect)

Product:
Firefox OS Graveyard
Component:
Sync
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: mbdejong, Unassigned)

References

Details

The SyncManager should tell the Sync app if it needs to generate keys, and if so, upload kA, kB to the onepw server afterwards.
In bug 1227084 I'm drafting the code to check if `generateKeys` is set in the IAC request options [1], and if so, return an IAC response [2] that looks like this:

{
  id: ...,
  error: ...,
  response: {
    kA: 'Base64String',
    kB: 'Base64String'
  }
}

So when an FxA account exists, but no kA, kB is available for it, the SyncManager should ask the Sync app to generate them in the first request. To do this:

* leave out `kB` in the request options
* add a `generateKeys: true` option
* get IACResponse.response.kA and IACResponse.response.kB and upload them to the onepw server


Do you think this could work?

[1] https://github.com/michielbdejong/gaia/blob/8abbe61b283ec584022d09eb4fd97a9b6644baba/apps/sync/js/bootstrap.js#L57-L58

[2] https://github.com/michielbdejong/gaia/blob/8abbe61b283ec584022d09eb4fd97a9b6644baba/apps/sync/js/bootstrap.js#L120
Flags: needinfo?(ferjmoreno)
Blocks: fxos-sync
Depends on: 1227084
Replied through IRC:

18:08:55]  <~ferjm>	I believe kA and kB are already generated by the onepw server, so we don't need to generate and upload them again
[18:09:29]  <~ferjm>	in fact, there's no way to do that https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md
[18:09:47]  <@michielbdejong>	ah :)
[18:10:05]  <@michielbdejong>	It's weird though that they are generated server-side, right?
[18:10:58]  <@michielbdejong>	Although I guess the unwrapped kB only exists in memory for a short time, so it's probably pretty safe
[18:11:22]  <~ferjm>	you did the crypto part, but IIRC there were two set of keys: kA/kB which are stored in FxA server, and the sync crypto keys, which are stored in the sync server (crypto/keys) encrypted with kB
[18:11:44]  <@michielbdejong>	yes
[18:11:48]  <~ferjm>	IIUC what we need to generate here are the sync crypto keys only
[18:11:57]  <~ferjm>	use kB to encrypt them
[18:12:06]  <~ferjm>	and upload them to crypto/keys
[18:12:06]  <@michielbdejong>	ok, so that simplifies things. Then we don't need to change the IAC call.
[18:12:28]  <~ferjm>	no, I think all can happen inside the Sync app :)
Flags: needinfo?(ferjmoreno)
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.