Issue 1923953002: Integrate InstanceID with GCM crypto provider - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(166)

My Issues | Starred Open | Closed | All

Issue 1923953002: Integrate InstanceID with GCM crypto provider (Closed)

Created:
4 years, 7 months ago by johnme

Modified:
4 years, 6 months ago

Reviewers:
Peter Beverloo

CC:
chromium-reviews, Peter Beverloo, johnme+watch_chromium.org, zea+watch_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/src.git@iid5default

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Integrate InstanceID with GCM crypto provider It's now possible to get per-token encryption information from an InstanceID; and this is automatically removed when DeleteToken or DeleteID are called. Part of a series of patches: 1. https://codereview.chromium.org/1832833002 adds InstanceIDWithSubtype 2. https://codereview.chromium.org/1830983002 adds JNI bindings 3. https://codereview.chromium.org/1829023002 adds fake and test 4. https://codereview.chromium.org/1899753002 fixes strict mode violations 5. https://codereview.chromium.org/1854093002 enables InstanceID by default 6. https://codereview.chromium.org/1953273002 extends the GCMKeyStore 7. this patch 8. https://codereview.chromium.org/1851423003 switches Push to InstanceIDs BUG=589461 Committed: https://crrev.com/a00cc8ae26668aadb3ac84919c85e8672ed84f28 Cr-Commit-Position: refs/heads/master@{#397388}

Patch Set 1 #

Patch Set 2 : Add tests #

Patch Set 3 : Fix typos #

Patch Set 4 : Moved non-IID changes to https://codereview.chromium.org/1953273002 #

Patch Set 5 : Rebase and add omitted InstanceID::GetEncryptionInfo #

Patch Set 6 : Fix Android compile #

Total comments: 10

Patch Set 7 : Address review nits #

Patch Set 8 : Fix typo #

Patch Set 9 : RunUntilIdle after deleting GCMDriver #

Created: 4 years, 6 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+151 lines, -59 lines)			Patch
	M	components/gcm_driver/gcm_driver.h	View	1 2 3 4 5 6	2 chunks	+6 lines, -2 lines	0 comments	Download
	M	components/gcm_driver/gcm_driver.cc	View	1 2 3 4 5 6	1 chunk	+4 lines, -0 lines	0 comments	Download
	M	components/gcm_driver/instance_id/fake_gcm_driver_for_instance_id.cc	View	1 2 3 4 5 6 7	1 chunk	+2 lines, -2 lines	0 comments	Download
	M	components/gcm_driver/instance_id/instance_id.h	View	1 2 3 4 5 6	4 chunks	+40 lines, -10 lines	0 comments	Download
	M	components/gcm_driver/instance_id/instance_id.cc	View	1 2 3 4 5 6 7	2 chunks	+45 lines, -1 line	0 comments	Download
	M	components/gcm_driver/instance_id/instance_id_android.h	View	1 2 3 4 5	2 chunks	+5 lines, -5 lines	0 comments	Download
	M	components/gcm_driver/instance_id/instance_id_android.cc	View	1 2 3 4 5 6 7	3 chunks	+9 lines, -8 lines	0 comments	Download
	M	components/gcm_driver/instance_id/instance_id_driver.cc	View		1 chunk	+2 lines, -3 lines	0 comments	Download
	M	components/gcm_driver/instance_id/instance_id_driver_unittest.cc	View	1 2 3 4 5 6 7 8	1 chunk	+7 lines, -1 line	0 comments	Download
	M	components/gcm_driver/instance_id/instance_id_impl.h	View	1 2 3 4 5 6	4 chunks	+7 lines, -8 lines	0 comments	Download
	M	components/gcm_driver/instance_id/instance_id_impl.cc	View	1 2 3 4 5 6	5 chunks	+24 lines, -19 lines	0 comments	Download

Messages

Total messages: 28 (15 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Peter Beverloo

Hey John, Thanks for the CL! Firstly, let's split this up in two CLs: one ...

4 years, 7 months ago (2016-05-04 13:58:53 UTC) #5

Hey John,

Thanks for the CL! Firstly, let's split this up in two CLs: one where you
introduce the ability to store keys separately in the key store, one where
you hook up the key store with the InstanceID implementation.

I'm going to focus on the key store part of this CL for my comments, since
that is the meaty part. A few higher level comments:

- The GCMEncryptionProvider doesn't have to know about the distinction
  between the different key storage types supported by the GCMKeyStore.
  Can it just pass through what it knows ([app_id, sender_id]) to the
  GCMKeyStore in all cases, trusting that class to do the right thing?

- You're introducing the concept of a "key owner". The GCM Driver already
  has the established concepts of "app_id" and "sender_id" (even when its
  known as "authorized_entry"), I would like us to build on that.

Could we, instead, consider changing the GCMKeyStore API to provide the
following methods with the following contracts?

:: GCMKeyStore::GetKeys(app_id, authorized_entry, callback)

  1) Loads the key for [app_id, authorized_entry].
  2) If said key does not exist, loads the key for [app_id, ""].

:: GCMKeyStore::CreateKeys(app_id, authorized_entry, callback)

  1) Creates a key for [app_id, authorized_entry].

GCMDriver::GetEncryptionInfo() would deliberately pass an empty string for
the authorized_entry. InstanceID::GetEncryptionInfo() would pass both.

:: GCMKeyStore::RemoveKeys(app_id, authorized_entry, callback)

  1) If |authorized_entry| is "*", removes all non-empty keys associated
     with the |app_id|.
  2) Otherwise, removes the key for [app_id, authorized_entry]

This will support GCMDriver::Unregister (which will pass [app_id, ""]),
InstanceID::DeleteToken (which will pass [app_id, authorized_entry]) as
well as InstanceID::DeleteID (which will pass [app_id, "*"]), without
causing conflicts.

This API will allow us to limit the need for a "key owner" concept to the
GCMKeyStore, and even then it depends on how we decide to store the actual
key information. (I don't think we even have to do that.)

WDYT?

johnme

Addressed review comments. > Thanks for the CL! Firstly, let's split this up in two ...

4 years, 7 months ago (2016-05-06 12:33:01 UTC) #8

Addressed review comments.

> Thanks for the CL! Firstly, let's split this up in two CLs: one where you
> introduce the ability to store keys separately in the key store, one where
> you hook up the key store with the InstanceID implementation.

Done. Key store changes moved to https://codereview.chromium.org/1953273002

> The GCMEncryptionProvider doesn't have to know about the distinction
> between the different key storage types supported by the GCMKeyStore.
> Can it just pass through what it knows ([app_id, sender_id]) to the
> GCMKeyStore in all cases, trusting that class to do the right thing?

Doneish - it passes through an instance_id_authorized_entity, which is the
empty string for legacy GCM registrations.

> You're introducing the concept of a "key owner". The GCM Driver already
> has the established concepts of "app_id" and "sender_id" (even when its
> known as "authorized_entry"), I would like us to build on that.

Done. No more owner.

> :: GCMKeyStore::GetKeys(app_id, authorized_entry, callback)

Done, though see next point.

> 1) Loads the key for [app_id, authorized_entry].
> 2) If said key does not exist, loads the key for [app_id, ""].

No, this could potentially cause conflicts between legacy GCM registations
and IID tokens for the same app_id. Instead GCMEncryptionProvider's Decrypt
method still tries both.

> :: GCMKeyStore::CreateKeys(app_id, authorized_entry, callback)
>
> 1) Creates a key for [app_id, authorized_entry].
>
> GCMDriver::GetEncryptionInfo() would deliberately pass an empty string for
> the authorized_entry. InstanceID::GetEncryptionInfo() would pass both.

Done.

> :: GCMKeyStore::RemoveKeys(app_id, authorized_entry, callback)
>
> 1) If |authorized_entry| is "*", removes all non-empty keys associated
>    with the |app_id|.
> 2) Otherwise, removes the key for [app_id, authorized_entry]
>
> This will support GCMDriver::Unregister (which will pass [app_id, ""]),
> InstanceID::DeleteToken (which will pass [app_id, authorized_entry]) as
> well as InstanceID::DeleteID (which will pass [app_id, "*"]), without
> causing conflicts.

Done.

> This API will allow us to limit the need for a "key owner" concept to the
> GCMKeyStore, and even then it depends on how we decide to store the actual
> key information. (I don't think we even have to do that.)

Even the store no longer uses owners, since I used separate fields in the
proto. The only remnant is DatabaseKey in gcm_key_store.cc, since app_id is
no longer a valid unique key for database objects.

Peter Beverloo

Thank you, John! https://codereview.chromium.org/1923953002/diff/100001/components/gcm_driver/gcm_driver.h File components/gcm_driver/gcm_driver.h (right): https://codereview.chromium.org/1923953002/diff/100001/components/gcm_driver/gcm_driver.h#newcode242 components/gcm_driver/gcm_driver.h:242: GCMEncryptionProvider* encryption_provider_internal() { (1) Please move ...

4 years, 7 months ago (2016-05-11 16:05:00 UTC) #9

johnme

Addressed review nits - thanks! https://codereview.chromium.org/1923953002/diff/100001/components/gcm_driver/gcm_driver.h File components/gcm_driver/gcm_driver.h (right): https://codereview.chromium.org/1923953002/diff/100001/components/gcm_driver/gcm_driver.h#newcode242 components/gcm_driver/gcm_driver.h:242: GCMEncryptionProvider* encryption_provider_internal() { On ...

4 years, 7 months ago (2016-05-13 16:25:45 UTC) #11

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1923953002/120001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1923953002/120001

4 years, 7 months ago (2016-05-13 16:26:10 UTC) #14

commit-bot: I haz the power

Try jobs failed on following builders: ios-device on tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-device/builds/5165)

4 years, 7 months ago (2016-05-13 16:35:28 UTC) #16

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1923953002/140001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1923953002/140001

4 years, 7 months ago (2016-05-24 17:30:48 UTC) #19

commit-bot: I haz the power

Try jobs failed on following builders: linux_chromium_asan_rel_ng on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_asan_rel_ng/builds/166616)

4 years, 7 months ago (2016-05-24 19:04:18 UTC) #21

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1923953002/160001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1923953002/160001

4 years, 6 months ago (2016-06-02 12:58:13 UTC) #24

commit-bot: I haz the power

4 years, 6 months ago (2016-06-02 14:00:01 UTC) #28

Message was sent while issue was closed.

Patchset 9 (id:??) landed as
https://crrev.com/a00cc8ae26668aadb3ac84919c85e8672ed84f28
Cr-Commit-Position: refs/heads/master@{#397388}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Powered by Google App Engine

This is Rietveld 408576698