Closed Bug 1227429 Opened 8 years ago Closed 8 years ago

Request kB generation if needed


(Firefox OS Graveyard :: Sync, defect)

Gonk (Firefox OS)
Not set


(Not tracked)



(Reporter: mbdejong, Unassigned)



The SyncManager should tell the Sync app if it needs to generate keys, and if so, upload kA, kB to the onepw server afterwards.
In bug 1227084 I'm drafting the code to check if `generateKeys` is set in the IAC request options [1], and if so, return an IAC response [2] that looks like this:

  id: ...,
  error: ...,
  response: {
    kA: 'Base64String',
    kB: 'Base64String'

So when an FxA account exists, but no kA, kB is available for it, the SyncManager should ask the Sync app to generate them in the first request. To do this:

* leave out `kB` in the request options
* add a `generateKeys: true` option
* get IACResponse.response.kA and IACResponse.response.kB and upload them to the onepw server

Do you think this could work?


Flags: needinfo?(ferjmoreno)
Blocks: fxos-sync
Depends on: 1227084
Replied through IRC:

18:08:55]  <~ferjm>	I believe kA and kB are already generated by the onepw server, so we don't need to generate and upload them again
[18:09:29]  <~ferjm>	in fact, there's no way to do that
[18:09:47]  <@michielbdejong>	ah :)
[18:10:05]  <@michielbdejong>	It's weird though that they are generated server-side, right?
[18:10:58]  <@michielbdejong>	Although I guess the unwrapped kB only exists in memory for a short time, so it's probably pretty safe
[18:11:22]  <~ferjm>	you did the crypto part, but IIRC there were two set of keys: kA/kB which are stored in FxA server, and the sync crypto keys, which are stored in the sync server (crypto/keys) encrypted with kB
[18:11:44]  <@michielbdejong>	yes
[18:11:48]  <~ferjm>	IIUC what we need to generate here are the sync crypto keys only
[18:11:57]  <~ferjm>	use kB to encrypt them
[18:12:06]  <~ferjm>	and upload them to crypto/keys
[18:12:06]  <@michielbdejong>	ok, so that simplifies things. Then we don't need to change the IAC call.
[18:12:28]  <~ferjm>	no, I think all can happen inside the Sync app :)
Flags: needinfo?(ferjmoreno)
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.