Closed Bug 1426304 Opened 6 years ago Closed 6 years ago

[meta] Stop clients from storing kB directly; instead have them store a minimal set of derived values

Categories

(Firefox :: Sync, enhancement, P3)

Product:
Firefox
Component:
Sync
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: rfkelly, Unassigned)

References

Details

(Keywords: meta) 

With lockbox and notes coming up as new consumers of FxA's key-management services, it's no longer appropriate for the browser to be storing the raw `kA` and `kB` values on disk.

There's no guarantee that the security model of sync matches that of other consumers of FxA key material.  For example, Lockbox would like to use its FxA scoped key as a kind of "master password" to encrypt data locally, and having Sync store the top-level secret key kB in the same profile directory would defeat the whole point of that scheme.

Related mailing-list discussion here:  https://groups.google.com/a/mozilla.com/d/msg/fxa-staff/29A7-OFg_fk/1MY11AWWBAAJ

Concretely, we need to identify all the place where clients currently store the raw value of `kA` and/or `kB`, and update them to instead store the minimal set of derived key material necessary to function correctly.  This is a metabug for tracking that work across clients.

For sync, clients will need to store the following derived keys:

* 64 bytes for the sync key bundle [1]:

  kSync = HKDF(kB, undefined, "identity.mozilla.com/picl/v1/oldsync", 64)

* 16 bytes for the tokenserver's X-Client-State header [2]:

  kXCS = SHA256(kB)[:16]

* Optionally, 64 bytes for the webext chrome.storage.sync master key [3]:

  kExtSync = HKDF(kB, undefined, "identity.mozilla.com/picl/v1/chrome.storage.sync", 64)

I can't find any other places in the Firefox codebase that currently use kB, but please comment below if I've missed any.


[1] https://dxr.mozilla.org/mozilla-central/source/services/sync/modules/browserid_identity.js#137
[2] https://dxr.mozilla.org/mozilla-central/source/services/sync/modules/browserid_identity.js#415
[3] https://dxr.mozilla.org/mozilla-central/source/toolkit/components/extensions/ExtensionStorageSync.jsm#279
Depends on: 1426305
Depends on: 1426306
Depends on: 1426307
Component: Server: Firefox Accounts → Firefox Sync: Cross-client
Keywords: meta
OS: Unspecified → All
Hardware: Unspecified → All
Summary: [meta] stop clients from storing kB directly; instead have them store a minimal set of derived keys → [meta] Stop clients from storing kB directly; instead have them store a minimal set of derived values
Priority: -- → P3
Well this bug tree was resolved surprisingly quickly, thanks all!
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Component: Firefox Sync: Cross-client → Sync
Product: Cloud Services → Firefox
You need to log in before you can comment on or make changes to this bug.