Encrypt SQLite databases from mozStorageService#173
Encrypt SQLite databases from mozStorageService#173Not-Nik wants to merge 2 commits intoenterprise-mainfrom
Conversation
security/keystore/KeyStorage.cpp
Outdated
| } | ||
|
|
||
| nsresult GetKeyForFile(nsIFile* aFile, nsCString& keyString) { | ||
| nsAutoCString telemetryFilename; |
|
I think this wants tests as well. For Foxfooding we can deal with some flakyness but causing all SQLite databases to get corrupted will probably get old soon for the poor testers 😄 |
Not-Nik
force-pushed
the
sqlite-encryption
branch
from
4366c03 to
6c41571
Compare
Not-Nik
force-pushed
the
sqlite-encryption
branch
from
6c41571 to
904029f
Compare
Not-Nik
force-pushed
the
sqlite-encryption
branch
from
8afd65b to
a0458b4
Compare
security/keystore/Persist.cpp
Outdated
| // PK11SDR_Encrypt will allocate the needed buffer in SECItem | ||
| encryptedKey.reset(new SECItem()); | ||
|
|
||
| stat = PK11SDR_Encrypt(&keyid, key.get(), encryptedKey.get(), nullptr); |
There was a problem hiding this comment.
This uses 3DES. You want PK11SDR_EncryptWithMechanism.
There was a problem hiding this comment.
Is there a particular reason to have this in its own directory? These kinds of files tend to belong in security/manager (or at least a subdirectory therein).
There was a problem hiding this comment.
I think the key management component will be more visible one ladder up in its own directory. Also it is neither PKI or TLS specific, so I would prefer to keep it there for now... : )
security/keystore/Persist.cpp
Outdated
| mozilla::UniqueSECItem key = mozilla::UniqueSECItem(new SECItem()); | ||
| SECStatus stat = SECITEM_MakeItem(nullptr, key.get(), | ||
| (unsigned char*)encryptedKey.Data(), | ||
| encryptedKey.Length()); |
There was a problem hiding this comment.
Generally speaking, you probably don't need to do the whole new SECItem() ... SECITEM_MakeItem(...) - you can do something like SECItem key = { siBuffer, (unsigned char*)encryptedKey.Data(), encryptedKey.Length() }; (assuming the NSS functions you call either copy the data or only borrow it for the length of the call, which is most of them).
There was a problem hiding this comment.
That particular example needs a "proper" SECItem (on the heap), because it is later stored in KEY_MAP, which is static and thus outlives encryptedKey. I already tried to reduce buffer allocation, and I'll move to a stack SECItem in the path == SYSTEM_KEY_NAME path, but if I missed anything else do let me know.
There was a problem hiding this comment.
Some of this code seems very similar to NSSKeyStore - is there a reason to not re-use that? (currently it's only used as a fallback on Linux, but you could use it unconditionally here)
There was a problem hiding this comment.
For one the custom solution allows us some flexibility right away, only requiring the token to be unlocked once for loading all the keys. Later database open operations can then rely on the master key to do their work (create new key, decrypt existing key). Additionally, there is a plan to turn the keystore into the lockstore module which Benjamin has been working on.
Not-Nik
force-pushed
the
sqlite-encryption
branch
2 times, most recently
from
788f472 to
1190b4e
Compare
There was a problem hiding this comment.
Document why there is a new function, instead of just a boolean passed to initialize and why this doesn't use "readonly-immutable-nolock".
Not-Nik
force-pushed
the
sqlite-encryption
branch
3 times, most recently
from
1d06ea2 to
a5f339a
Compare
Not-Nik
force-pushed
the
sqlite-encryption
branch
3 times, most recently
from
bf5365c to
175aeb6
Compare
security/keystore/Persist.cpp
Outdated
There was a problem hiding this comment.
Running in debug mode will answer this question: https://searchfox.org/firefox-main/rev/286e75a82e5c489d020d18121674809ebf114ae4/xpcom/io/nsDirectoryService.cpp#184 😀 😀 😀 😀
Not-Nik
force-pushed
the
sqlite-encryption
branch
10 times, most recently
from
ca4be9c to
aabfe45
Compare
…elativePath(). r=nika Differential Revision: https://phabricator.services.mozilla.com/D285766
Not-Nik
force-pushed
the
sqlite-encryption
branch
from
aabfe45 to
adc3b8d
Compare
4 participants
Encrypt SQLite database whose connections are created in mozStorageService. Cloned and
ATTACHed connections are also affected. The mechanism is behind a newsecurity.storage.keystore.enabled. The keys for the connections are stored, encrypted by the SDR, in a newbikeshed/keystore.enc.