Closed Bug 1900892 Opened 21 days ago Closed 5 days ago

Build out archive encryption mechanism for single-file backup archives

Categories

(Firefox :: Profile Backup, task, P3)

Product:
Firefox
Component:
Profile Backup
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
129 Branch
Tracking Flags:
Tracking Status
firefox129 --- fixed

People

(Reporter: mconley, Assigned: mconley)

References

(Blocks 1 open bug)

Details

(Whiteboard: [fidefe-device-migration])

Attachments

(3 files)

Bug 1900892 - Part 1: Factor out computeBackupKeys to ArchiveUtils. r?djackson!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1900892 - Part 2: Define a ArchiveJSONBlock schema for the JSON block in a backup archive. r?#backup-reviewers!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1900892 - Part 3: Add ArchiveEncryptor and ArchiveDecryptor. r?djackson!
48 bytes, text/x-phabricator-request
Details | Review

This covers adding the mechanism for encrypting backup archives, but does not yet add the hooks that perform the encryption of backups. This will instead come in a follow-up bug.

Assignee: nobody → mconley

Factoring this out, as computing these keys is something that we need to do both
when generating the ArchiveEncryptionState, as well as when performing a
decryption.

This also renames "authKey" and "encKey" in ArchiveEncryptionState to use
"backupAuthKey" and "backupEncKey", as these are more in-line with what the
encryption design document uses (and because there are "authKeys" and "encKeys"
that will be used by the encryption mechanism that are distinct from the
backupAuthKey and backupEncKey).

Since the ArchiveJSONBlock uses a $ref to reference the metadata in the
BackupManifest schema, we have to change the JSON validation mechanism
we're using to one that supports $ref's.

These classes allow us to encrypt and decrypt chunks of a backup archive
if encryption is enabled.

Attachment #9405981 - Attachment description: Bug 1900892 - Define a ArchiveJSONBlock schema for the JSON block in a backup archive. r?#backup-reviewers! → Bug 1900892 - Part 2: Define a ArchiveJSONBlock schema for the JSON block in a backup archive. r?#backup-reviewers!
Attachment #9405982 - Attachment description: Bug 1900892 - Add ArchiveEncryptor and ArchiveDecryptor. r?djackson! → Bug 1900892 - Part 3: Add ArchiveEncryptor and ArchiveDecryptor. r?djackson!
Blocks: 1901132
Pushed by mconley@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e043ded7c3f4
Part 1: Factor out computeBackupKeys to ArchiveUtils. r=djackson,backup-reviewers,kpatenio
https://hg.mozilla.org/integration/autoland/rev/a9b3bd5abdd2
Part 2: Define a ArchiveJSONBlock schema for the JSON block in a backup archive. r=backup-reviewers,fchasen
https://hg.mozilla.org/integration/autoland/rev/3639c8341f69
Part 3: Add ArchiveEncryptor and ArchiveDecryptor. r=djackson,backup-reviewers,kpatenio

https://hg.mozilla.org/mozilla-central/rev/e043ded7c3f4
https://hg.mozilla.org/mozilla-central/rev/a9b3bd5abdd2
https://hg.mozilla.org/mozilla-central/rev/3639c8341f69

Status: NEW → RESOLVED
Closed: 5 days ago
status-firefox129: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 129 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: