Encrypt SQLite databases from mozStorageService #173
Conversation
| } | ||
|
|
||
| nsresult GetKeyForFile(nsIFile* aFile, nsCString& keyString) { | ||
| nsAutoCString telemetryFilename; |
|
I think this wants tests as well. For Foxfooding we can deal with some flakyness but causing all SQLite databases to get corrupted will probably get old soon for the poor testers 😄 |
Not-Nik
force-pushed
the
sqlite-encryption
branch
from
4366c03 to
6c41571
Compare
Not-Nik
force-pushed
the
sqlite-encryption
branch
from
6c41571 to
904029f
Compare
Not-Nik
had a problem deploying
to
Credentials
GitHub Actions
Failure
Not-Nik
had a problem deploying
to
Credentials
GitHub Actions
Failure
Not-Nik
had a problem deploying
to
Credentials
GitHub Actions
Failure
Not-Nik
force-pushed
the
sqlite-encryption
branch
from
904029f to
8afd65b
Compare
Not-Nik
force-pushed
the
sqlite-encryption
branch
from
8afd65b to
a0458b4
Compare
security/keystore/Persist.cpp
Outdated
| // PK11SDR_Encrypt will allocate the needed buffer in SECItem | ||
| encryptedKey.reset(new SECItem()); | ||
|
|
||
| stat = PK11SDR_Encrypt(&keyid, key.get(), encryptedKey.get(), nullptr); |
There was a problem hiding this comment.
This uses 3DES. You want PK11SDR_EncryptWithMechanism.
There was a problem hiding this comment.
Is there a particular reason to have this in its own directory? These kinds of files tend to belong in security/manager (or at least a subdirectory therein).
| mozilla::UniqueSECItem key = mozilla::UniqueSECItem(new SECItem()); | ||
| SECStatus stat = SECITEM_MakeItem(nullptr, key.get(), | ||
| (unsigned char*)encryptedKey.Data(), | ||
| encryptedKey.Length()); |
There was a problem hiding this comment.
Generally speaking, you probably don't need to do the whole new SECItem() ... SECITEM_MakeItem(...) - you can do something like SECItem key = { siBuffer, (unsigned char*)encryptedKey.Data(), encryptedKey.Length() }; (assuming the NSS functions you call either copy the data or only borrow it for the length of the call, which is most of them).
There was a problem hiding this comment.
That particular example needs a "proper" SECItem (on the heap), because it is later stored in KEY_MAP, which is static and thus outlives encryptedKey. I already tried to reduce buffer allocation, and I'll move to a stack SECItem in the path == SYSTEM_KEY_NAME path, but if I missed anything else do let me know.
There was a problem hiding this comment.
Some of this code seems very similar to NSSKeyStore - is there a reason to not re-use that? (currently it's only used as a fallback on Linux, but you could use it unconditionally here)
There was a problem hiding this comment.
For one the custom solution allows us some flexibility right away, only requiring the token to be unlocked once for loading all the keys. Later database open operations can then rely on the master key to do their work (create new key, decrypt existing key). Additionally, there is a plan to turn the keystore into the lockstore module which Benjamin has been working on.
Not-Nik
force-pushed
the
sqlite-encryption
branch
from
a0458b4 to
788f472
Compare
Not-Nik
force-pushed
the
sqlite-encryption
branch
from
788f472 to
1190b4e
Compare
Encrypt SQLite database whose connections are created in mozStorageService. Cloned and
ATTACHed connections are also affected. The mechanism is behind a newsecurity.storage.keystore.enabled. The keys for the connections are stored, encrypted by the SDR, in a newbikeshed/keystore.enc.