Bug 1368568 - Remove legacy SyncKeyBundle. r=eoger
authorRob Cutmore <robcutmore@gmail.com>
Sat, 22 Jul 2017 08:07:48 -0400
changeset 422003 2af86a1d1f7a540d8bfab23544373adbc86d9cde
parent 422002 508e4725fa734d2e00dc702571369ba33214cd20
child 422004 8b75dcf74517e96f8a2779fe1510c88934749415
push id1517
push userjlorenzo@mozilla.com
push dateThu, 14 Sep 2017 16:50:54 +0000
treeherdermozilla-release@3b41fd564418 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerseoger
bugs1368568
milestone56.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1368568 - Remove legacy SyncKeyBundle. r=eoger MozReview-Commit-ID: JYiTeQnduto
services/sync/modules/keys.js
services/sync/tests/unit/head_errorhandler_common.js
services/sync/tests/unit/test_keys.js
services/sync/tests/unit/test_service_detect_upgrade.js
--- a/services/sync/modules/keys.js
+++ b/services/sync/modules/keys.js
@@ -1,17 +1,16 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 "use strict";
 
 this.EXPORTED_SYMBOLS = [
   "BulkKeyBundle",
-  "SyncKeyBundle"
 ];
 
 var {classes: Cc, interfaces: Ci, utils: Cu, results: Cr} = Components;
 
 Cu.import("resource://services-sync/constants.js");
 Cu.import("resource://gre/modules/Log.jsm");
 Cu.import("resource://services-sync/main.js");
 Cu.import("resource://services-sync/util.js");
@@ -162,54 +161,8 @@ BulkKeyBundle.prototype = {
       throw new Error("BulkKeyBundle.keyPairB64 value must be an array of 2 " +
                       "keys.");
     }
 
     this.encryptionKey  = Utils.safeAtoB(value[0]);
     this.hmacKey        = Utils.safeAtoB(value[1]);
   },
 };
-
-/**
- * Represents a key pair derived from a Sync Key via HKDF.
- *
- * Instances of this type should be considered immutable. You create an
- * instance by specifying the username and 26 character "friendly" Base32
- * encoded Sync Key. The Sync Key is derived at instance creation time.
- *
- * If the username or Sync Key is invalid, an Error will be thrown.
- */
-this.SyncKeyBundle = function SyncKeyBundle(username, syncKey) {
-  let log = Log.repository.getLogger("Sync.SyncKeyBundle");
-  log.info("SyncKeyBundle being created.");
-  KeyBundle.call(this);
-
-  this.generateFromKey(username, syncKey);
-}
-SyncKeyBundle.prototype = {
-  __proto__: KeyBundle.prototype,
-
-  /*
-   * If we've got a string, hash it into keys and store them.
-   */
-  generateFromKey: function generateFromKey(username, syncKey) {
-    if (!username || (typeof username != "string")) {
-      throw new Error("Sync Key cannot be generated from non-string username.");
-    }
-
-    if (!syncKey || (typeof syncKey != "string")) {
-      throw new Error("Sync Key cannot be generated from non-string key.");
-    }
-
-    if (!Utils.isPassphrase(syncKey)) {
-      throw new Error("Provided key is not a passphrase, cannot derive Sync " +
-                      "Key Bundle.");
-    }
-
-    // Expand the base32 Sync Key to an AES 256 and 256 bit HMAC key.
-    let prk = Utils.decodeKeyBase32(syncKey);
-    let info = HMAC_INPUT + username;
-    let okm = Utils.hkdfExpand(prk, info, 32 * 2);
-    this.encryptionKey = okm.slice(0, 32);
-    this.hmacKey = okm.slice(32, 64);
-  },
-};
-
--- a/services/sync/tests/unit/head_errorhandler_common.js
+++ b/services/sync/tests/unit/head_errorhandler_common.js
@@ -92,17 +92,18 @@ const EHTestsCommon = {
 
     return CatapultEngine;
   }()),
 
 
   generateCredentialsChangedFailure() {
     // Make sync fail due to changed credentials. We simply re-encrypt
     // the keys with a different Sync Key, without changing the local one.
-    let newSyncKeyBundle = new SyncKeyBundle("johndoe", "23456234562345623456234562");
+    let newSyncKeyBundle = new BulkKeyBundle("crypto");
+    newSyncKeyBundle.generateRandom();
     let keys = Service.collectionKeys.asWBO();
     keys.encrypt(newSyncKeyBundle);
     return keys.upload(Service.resource(Service.cryptoKeysURL));
   },
 
   async setUp(server) {
     await configureIdentity({ username: "johndoe" }, server);
     return EHTestsCommon.generateAndUploadKeys()
--- a/services/sync/tests/unit/test_keys.js
+++ b/services/sync/tests/unit/test_keys.js
@@ -112,64 +112,16 @@ add_test(function test_repeated_hmac() {
   let k = Utils.makeHMACKey("foo");
   let one = sha256HMAC(Utils.decodeKeyBase32(testKey), k);
   let two = sha256HMAC(Utils.decodeKeyBase32(testKey), k);
   do_check_eq(one, two);
 
   run_next_test();
 });
 
-add_test(function test_sync_key_bundle_derivation() {
-  _("Ensure derivation from known values works.");
-
-  // The known values in this test were originally verified against Firefox
-  // Home.
-  let bundle = new SyncKeyBundle("st3fan", "q7ynpwq7vsc9m34hankbyi3s3i");
-
-  // These should be compared to the results from Home, as they once were.
-  let e = "14b8c09fa84e92729ee695160af6e0385f8f6215a25d14906e1747bdaa2de426";
-  let h = "370e3566245d79fe602a3adb5137e42439cd2a571235197e0469d7d541b07875";
-
-  let realE = Utils.bytesAsHex(bundle.encryptionKey);
-  let realH = Utils.bytesAsHex(bundle.hmacKey);
-
-  _("Real E: " + realE);
-  _("Real H: " + realH);
-  do_check_eq(realH, h);
-  do_check_eq(realE, e);
-
-  run_next_test();
-});
-
-add_test(function test_keymanager() {
-  let testKey = "ababcdefabcdefabcdefabcdef";
-  let username = "john@example.com";
-
-  // Decode the key here to mirror what generateEntry will do,
-  // but pass it encoded into the KeyBundle call below.
-
-  let sha256inputE = "" + HMAC_INPUT + username + "\x01";
-  let key = Utils.makeHMACKey(Utils.decodeKeyBase32(testKey));
-  let encryptKey = sha256HMAC(sha256inputE, key);
-
-  let sha256inputH = encryptKey + HMAC_INPUT + username + "\x02";
-  let hmacKey = sha256HMAC(sha256inputH, key);
-
-  // Encryption key is stored in base64 for WeaveCrypto convenience.
-  do_check_eq(encryptKey, new SyncKeyBundle(username, testKey).encryptionKey);
-  do_check_eq(hmacKey, new SyncKeyBundle(username, testKey).hmacKey);
-
-  // Test with the same KeyBundle for both.
-  let obj = new SyncKeyBundle(username, testKey);
-  do_check_eq(hmacKey, obj.hmacKey);
-  do_check_eq(encryptKey, obj.encryptionKey);
-
-  run_next_test();
-});
-
 add_task(async function test_ensureLoggedIn() {
   let log = Log.repository.getLogger("Test");
   Log.repository.rootLogger.addAppender(new Log.DumpAppender());
 
   let identityConfig = makeIdentityConfig();
   let browseridManager = new BrowserIDManager();
   configureFxAccountIdentity(browseridManager, identityConfig);
   await browseridManager.ensureLoggedIn();
--- a/services/sync/tests/unit/test_service_detect_upgrade.js
+++ b/services/sync/tests/unit/test_service_detect_upgrade.js
@@ -215,17 +215,18 @@ add_task(async function v5_upgrade() {
     let m = new WBORecord("meta", "global");
     m.payload = {"syncID": "foooooooooooooooooooooooooo",
                  "storageVersion": STORAGE_VERSION + 1};
     await m.upload(Service.resource(Service.metaURL));
 
     _("New meta/global: " + JSON.stringify(meta_global));
 
     // Fill the keys with bad data.
-    let badKeys = new SyncKeyBundle("foobar", "aaaaaaaaaaaaaaaaaaaaaaaaaa");
+    let badKeys = new BulkKeyBundle("crypto");
+    badKeys.generateRandom();
     await update_server_keys(badKeys, "keys", "crypto/keys");  // v4
     await update_server_keys(badKeys, "bulk", "crypto/bulk");  // v5
 
     _("Generating new keys.");
     generateNewKeys(Service.collectionKeys);
 
     // Now sync and see what happens. It should be a version fail, not a crypto
     // fail.