Closed Bug 981827 Opened 6 years ago Closed 5 years ago

Make Android and Desktop FxAccounts client use same key parameters

Categories

(Firefox for Android :: Android Sync, defect, P1)

All
Android
defect

Tracking

()

RESOLVED FIXED
Firefox 31
Tracking Status
firefox29 --- fixed
firefox30 --- fixed
firefox31 --- fixed
fennec 29+ ---

People

(Reporter: nalexander, Assigned: nalexander)

References

Details

(Whiteboard: [qa+])

Attachments

(2 files)

At the moment, Android uses 1024-bit RSA keys (the RS128 JWT algorithm):

http://mxr.mozilla.org/mozilla-central/source/mobile/android/base/fxa/sync/FxAccountSyncAdapter.java#481

Desktop uses 1024-bit DSA keys (the DS128/DS160 JWT algorithm):

http://mxr.mozilla.org/mozilla-central/source/services/fxaccounts/FxAccounts.jsm#162

Note that RS128 fails on (some?) Android 2.2 devices (Bug 975625) so we should move Android to using DS160 ASAP.

I'll try to do some preliminary signature timings to understand what, if any, perf impact this change has.
Duplicate of this bug: 981737
Attached file github PR
This is working well for me locally.  I'll push a try build so that we can tests on a 2.2 device.
Attachment #8393251 - Flags: review?(rnewman)
edwong: this ticket tracks one way we might address Bug 975625, the issue tracking Android Sync generating bad signatures on (some?) 2.2 devices.

Could you kindly do the following on the 2.2 device you were seeing failures on:

1) Install a recent 31 Nightly on the device.
2) Configure an FxAccount.
3) Verify (via logs) that the device is still failing, with "invalid-signature" error messages from the token server.

4) Install the try build 31 Nightly from [1] (on top of the 31 Nightly from step 1). This should use the same FxAccount you created above.
5) Verify (via logs and a smoketest) that the device is no longer failing.

You should see a log message saying "Migrating V1 persisted State to V2...", if you are capturing the very first sync after upgrade.  Otherwise, you should just see success.

[1] https://ftp-ssl.mozilla.org/pub/mozilla.org/firefox/try-builds/nalexander@mozilla.com-2ab8f6889d48/try-android-armv6/fennec-31.0a1.en-US.android-arm-armv6.apk

If your device is 2.2 but not armv6, then try

https://ftp-ssl.mozilla.org/pub/mozilla.org/firefox/try-builds/nalexander@mozilla.com-2ab8f6889d48/try-android/fennec-31.0a1.en-US.android-arm.apk
Flags: needinfo?(edwong)
edwong: further, could you smoke test the non-armv6 try build on a recent device, to make sure we haven't regressed the other 98% of our users running modern Android devices:

https://ftp-ssl.mozilla.org/pub/mozilla.org/firefox/try-builds/nalexander@mozilla.com-2ab8f6889d48/try-android/fennec-31.0a1.en-US.android-arm.apk

I have tested this on a Samsung Transformer Prime, and on a Samsung Galaxy S4.
Comment on attachment 8393251 [details] [review]
github PR

Looks good, but correct the bug number!
Attachment #8393251 - Flags: review?(rnewman) → review+
I'm swamped, load balancing to Karl
Flags: needinfo?(edwong) → needinfo?(kthiessen)
tracking-fennec: --- → 29+
Depends on: 988437
AaronMT: do you have a 2.2 device?  Can you add this ticket (specifically, the steps in https://bugzilla.mozilla.org/show_bug.cgi?id=981827#c4) to your list of things to test?  If not, can you set flags and route appropriately?  Thanks!
Flags: needinfo?(aaron.train)
Keywords: qawanted
Whiteboard: [qa+]
(In reply to Nick Alexander :nalexander from comment #4)

HTC Legend (hardly such) (ARMv6, Android 2.2)

> 1) Install a recent 31 Nightly on the device.

Nightly (03/26)

> 2) Configure an FxAccount.
> 3) Verify (via logs) that the device is still failing, with
> "invalid-signature" error messages from the token server.

Confirmed.

> You should see a log message saying "Migrating V1 persisted State to V2...",
> if you are capturing the very first sync after upgrade.  Otherwise, you
> should just see success.


Confirmed: 
* I/FxAccounts( 1065): fennec :: StateFactory :: Migrating V1 persisted State to V2; stateLabel: Cohabiting

.... and there we have it, Sync working on this 2.2 device now
Flags: needinfo?(kthiessen)
Flags: needinfo?(aaron.train)
Keywords: qawanted
After a bit of user error in fiddling about this morning, I can belatedly confirm that this works for me on the Samsung Galaxy running Android 2.2 that Edwin lent me for the purpose.
QA to the rescue!  Thanks, AaronMT; thanks, kthiessen.
Attached patch 0baee5959b90Splinter Review
[Approval Request Comment]
Bug caused by (feature/regressing bug #): initial FxA landing.

User impact if declined: FxAccounts + Sync will not work on Android 2.2 devices.  (Bug 975625).

Testing completed (on m-c, etc.): just landed on m-c.  We'll want to bake there for a few days before uplifting to Aurora and Beta.  Try builds have been QA tested on a range of devices.

Risk to taking this patch (and alternatives if risky): this is the punchline to Bug 988437 (discussed also in Bug 993673).  The patch does carry some risk, but it's not adding much more than we've already landed by uplifting Bug 988437 all the way to Beta.  And any risk here should be discovered on Nightly quickly.

String or IDL/UUID changes made by this patch: none.
Attachment #8404346 - Flags: approval-mozilla-beta?
Attachment #8404346 - Flags: approval-mozilla-aurora?
This will have to land in beta 8 (gtb: next Monday)  maximum.
https://hg.mozilla.org/mozilla-central/rev/0baee5959b90
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 31
Component: Android Sync → Sync
Product: Android Background Services → Firefox
Comment on attachment 8404346 [details] [diff] [review]
0baee5959b90

Approving now. Sunday aurora will have this patch and beta8 next Tuesday.
Attachment #8404346 - Flags: approval-mozilla-beta?
Attachment #8404346 - Flags: approval-mozilla-beta+
Attachment #8404346 - Flags: approval-mozilla-aurora?
Attachment #8404346 - Flags: approval-mozilla-aurora+
Could someone try this out on Fx29b8 with the candidate builds that will be available tonight/tomorrow?
Component: Sync → Android Sync
Product: Firefox → Android Background Services
Product: Android Background Services → Firefox for Android
You need to log in before you can comment on or make changes to this bug.