[sync] Introduce AgileSymmetricKeySet [chromium/src : main]

0 views
Skip to first unread message

Maksim Moskvitin (Gerrit)

unread,
Jul 3, 2026, 10:04:31 AM (5 days ago) Jul 3
to Mikel Astiz, Chromium LUCI CQ, chromium...@chromium.org
Attention needed from Mikel Astiz

Maksim Moskvitin added 6 comments

Patchset-level comments
File-level comment, Patchset 1 (Latest):
Maksim Moskvitin . resolved

Thanks! A few comments:

File components/sync/model/crypto/agile_symmetric_key_set.cc
Line 33, Patchset 1 (Latest): continue;
Maksim Moskvitin . unresolved

It feels a bit odd that we tolerate corrupted key, but not duplicates and the rest of violations below.

Line 41, Patchset 1 (Latest): if (proto.primary_key_id() == 0 ||
Maksim Moskvitin . unresolved

Maybe check has_primary_key_id() instead and avoid contract (id == 0 -> id is empty)?

Doesn't have to match each other, but related: primary_key_id_ could be optional instead of special casing 0.

Line 92, Patchset 1 (Latest): std::vector<uint8_t> raw_ciphertext = primary_key.Encrypt(plaintext);
Maksim Moskvitin . unresolved

nit: const?

Line 110, Patchset 1 (Latest): // 1. Try modern path if modern blob is present.
Maksim Moskvitin . unresolved

Looks like a good way to split this function (DecryptModern() vs DecryptLegacy()).

Line 115, Patchset 1 (Latest): if (encrypted_data.has_key_id_v2()) {
Maksim Moskvitin . unresolved

Looks a bit asymmetric: we don't require `key_id_v2`, but we do require it to be correct if preset. Is there any legit case, when `key_id_v2` is missing?

Open in Gerrit

Related details

Attention is currently required from:
  • Mikel Astiz
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedNo-Unresolved-Comments
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I7989b4dfa2af7b3603fc52d16324cfb1ad86d841
Gerrit-Change-Number: 8037022
Gerrit-PatchSet: 1
Gerrit-Owner: Mikel Astiz <mas...@chromium.org>
Gerrit-Reviewer: Maksim Moskvitin <mmosk...@google.com>
Gerrit-Reviewer: Mikel Astiz <mas...@chromium.org>
Gerrit-Attention: Mikel Astiz <mas...@chromium.org>
Gerrit-Comment-Date: Fri, 03 Jul 2026 14:04:15 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
satisfied_requirement
unsatisfied_requirement
open
diffy

Mikel Astiz (Gerrit)

unread,
Jul 3, 2026, 11:09:58 AM (5 days ago) Jul 3
to Maksim Moskvitin, Chromium LUCI CQ, chromium...@chromium.org
Attention needed from Maksim Moskvitin

Mikel Astiz added 6 comments

Patchset-level comments
File-level comment, Patchset 2 (Latest):
Mikel Astiz . resolved

Thanks, PTAL! I only tackled some comments as others warrant some discussion.

File components/sync/model/crypto/agile_symmetric_key_set.cc
Maksim Moskvitin . unresolved

It feels a bit odd that we tolerate corrupted key, but not duplicates and the rest of violations below.

Mikel Astiz

Two scenarios that concern me a bit are:
1) Unsupported future algorithms or fields.
2) No-longer-supported algorithms.

As long as they are not the primary key, it seems sensible to tolerate them.

Other scenarios like ID duplicates are just malformed data, so I don't see any reasonable way to recover from that.

Line 41, Patchset 1: if (proto.primary_key_id() == 0 ||
Maksim Moskvitin . unresolved

Maybe check has_primary_key_id() instead and avoid contract (id == 0 -> id is empty)?

Doesn't have to match each other, but related: primary_key_id_ could be optional instead of special casing 0.

Mikel Astiz

I don't think we should allow zero as key ID because it is most likely malformed data / a bug. See also how `RotatePrimaryToNewlyGeneratedRandomKey()` would avoid zero. From this PoV I think it's best to compare against zero here too. WDYT?

Line 92, Patchset 1: std::vector<uint8_t> raw_ciphertext = primary_key.Encrypt(plaintext);
Maksim Moskvitin . resolved

nit: const?

Mikel Astiz

Done

Line 110, Patchset 1: // 1. Try modern path if modern blob is present.
Maksim Moskvitin . resolved

Looks like a good way to split this function (DecryptModern() vs DecryptLegacy()).

Mikel Astiz

Done

Line 115, Patchset 1: if (encrypted_data.has_key_id_v2()) {
Maksim Moskvitin . unresolved

Looks a bit asymmetric: we don't require `key_id_v2`, but we do require it to be correct if preset. Is there any legit case, when `key_id_v2` is missing?

Mikel Astiz

There is a specific unit-test about the `key_id_v2` missing case. This follows Tink's approach, in that the ID is only an optimization and not required for decryption, with a fallback that tries all keys. It seems most sensible (future-proof) to do the same here.

Open in Gerrit

Related details

Attention is currently required from:
  • Maksim Moskvitin
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedNo-Unresolved-Comments
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I7989b4dfa2af7b3603fc52d16324cfb1ad86d841
Gerrit-Change-Number: 8037022
Gerrit-PatchSet: 2
Gerrit-Owner: Mikel Astiz <mas...@chromium.org>
Gerrit-Reviewer: Maksim Moskvitin <mmosk...@google.com>
Gerrit-Reviewer: Mikel Astiz <mas...@chromium.org>
Gerrit-Attention: Maksim Moskvitin <mmosk...@google.com>
Gerrit-Comment-Date: Fri, 03 Jul 2026 15:09:41 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Maksim Moskvitin <mmosk...@google.com>
satisfied_requirement
unsatisfied_requirement
open
diffy

Maksim Moskvitin (Gerrit)

unread,
Jul 3, 2026, 11:50:21 AM (5 days ago) Jul 3
to Mikel Astiz, Chromium LUCI CQ, chromium...@chromium.org
Attention needed from Mikel Astiz

Maksim Moskvitin voted and added 4 comments

Votes added by Maksim Moskvitin

Code-Review+1

4 comments

Patchset-level comments
Maksim Moskvitin . resolved

Some additions, but LGTM now given the upcoming OOO, I trust your judgement on this!

File components/sync/model/crypto/agile_symmetric_key_set.cc
Maksim Moskvitin . unresolved

It feels a bit odd that we tolerate corrupted key, but not duplicates and the rest of violations below.

Mikel Astiz

Two scenarios that concern me a bit are:
1) Unsupported future algorithms or fields.
2) No-longer-supported algorithms.

As long as they are not the primary key, it seems sensible to tolerate them.

Other scenarios like ID duplicates are just malformed data, so I don't see any reasonable way to recover from that.

Maksim Moskvitin

Ack, makes sense. Worth documenting though.

Line 41, Patchset 1: if (proto.primary_key_id() == 0 ||
Maksim Moskvitin . unresolved

Maybe check has_primary_key_id() instead and avoid contract (id == 0 -> id is empty)?

Doesn't have to match each other, but related: primary_key_id_ could be optional instead of special casing 0.

Mikel Astiz

I don't think we should allow zero as key ID because it is most likely malformed data / a bug. See also how `RotatePrimaryToNewlyGeneratedRandomKey()` would avoid zero. From this PoV I think it's best to compare against zero here too. WDYT?

Maksim Moskvitin

Partially agreed, banning zero makes sense to me, at the same time I still prefer using more elaborative has_() for proto and optional for class field.

Either way, please document this special case in proto file and around the class member.

Line 115, Patchset 1: if (encrypted_data.has_key_id_v2()) {
Maksim Moskvitin . resolved

Looks a bit asymmetric: we don't require `key_id_v2`, but we do require it to be correct if preset. Is there any legit case, when `key_id_v2` is missing?

Mikel Astiz

There is a specific unit-test about the `key_id_v2` missing case. This follows Tink's approach, in that the ID is only an optimization and not required for decryption, with a fallback that tries all keys. It seems most sensible (future-proof) to do the same here.

Maksim Moskvitin

Acknowledged

Open in Gerrit

Related details

Attention is currently required from:
  • Mikel Astiz
Submit Requirements:
    • requirement satisfiedCode-Coverage
    • requirement satisfiedCode-Owners
    • requirement satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I7989b4dfa2af7b3603fc52d16324cfb1ad86d841
    Gerrit-Change-Number: 8037022
    Gerrit-PatchSet: 2
    Gerrit-Owner: Mikel Astiz <mas...@chromium.org>
    Gerrit-Reviewer: Maksim Moskvitin <mmosk...@google.com>
    Gerrit-Reviewer: Mikel Astiz <mas...@chromium.org>
    Gerrit-Attention: Mikel Astiz <mas...@chromium.org>
    Gerrit-Comment-Date: Fri, 03 Jul 2026 15:50:03 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: Yes
    Comment-In-Reply-To: Mikel Astiz <mas...@chromium.org>
    Comment-In-Reply-To: Maksim Moskvitin <mmosk...@google.com>
    satisfied_requirement
    unsatisfied_requirement
    open
    diffy

    Mikel Astiz (Gerrit)

    unread,
    Jul 3, 2026, 1:27:28 PM (5 days ago) Jul 3
    to Maksim Moskvitin, Chromium LUCI CQ, chromium...@chromium.org
    Attention needed from Maksim Moskvitin

    Mikel Astiz added 3 comments

    Patchset-level comments
    File-level comment, Patchset 3 (Latest):
    Mikel Astiz . resolved

    I'm not sure why but your +1 was lost :-/

    File components/sync/model/crypto/agile_symmetric_key_set.cc
    Maksim Moskvitin . resolved

    It feels a bit odd that we tolerate corrupted key, but not duplicates and the rest of violations below.

    Mikel Astiz

    Two scenarios that concern me a bit are:
    1) Unsupported future algorithms or fields.
    2) No-longer-supported algorithms.

    As long as they are not the primary key, it seems sensible to tolerate them.

    Other scenarios like ID duplicates are just malformed data, so I don't see any reasonable way to recover from that.

    Maksim Moskvitin

    Ack, makes sense. Worth documenting though.

    Mikel Astiz

    Added comments.

    Line 41, Patchset 1: if (proto.primary_key_id() == 0 ||
    Maksim Moskvitin . resolved

    Maybe check has_primary_key_id() instead and avoid contract (id == 0 -> id is empty)?

    Doesn't have to match each other, but related: primary_key_id_ could be optional instead of special casing 0.

    Mikel Astiz

    I don't think we should allow zero as key ID because it is most likely malformed data / a bug. See also how `RotatePrimaryToNewlyGeneratedRandomKey()` would avoid zero. From this PoV I think it's best to compare against zero here too. WDYT?

    Maksim Moskvitin

    Partially agreed, banning zero makes sense to me, at the same time I still prefer using more elaborative has_() for proto and optional for class field.

    Either way, please document this special case in proto file and around the class member.

    Mikel Astiz

    Added a comment and sticking to current approach, as it seems like a optional request. Thanks!

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Maksim Moskvitin
    Submit Requirements:
      • requirement satisfiedCode-Coverage
      • requirement satisfiedCode-Owners
      • requirement is not satisfiedCode-Review
      • requirement is not satisfiedReview-Enforcement
      Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
      Gerrit-MessageType: comment
      Gerrit-Project: chromium/src
      Gerrit-Branch: main
      Gerrit-Change-Id: I7989b4dfa2af7b3603fc52d16324cfb1ad86d841
      Gerrit-Change-Number: 8037022
      Gerrit-PatchSet: 3
      Gerrit-Owner: Mikel Astiz <mas...@chromium.org>
      Gerrit-Reviewer: Maksim Moskvitin <mmosk...@google.com>
      Gerrit-Reviewer: Mikel Astiz <mas...@chromium.org>
      Gerrit-Attention: Maksim Moskvitin <mmosk...@google.com>
      Gerrit-Comment-Date: Fri, 03 Jul 2026 17:27:11 +0000
      Gerrit-HasComments: Yes
      Gerrit-Has-Labels: No
      satisfied_requirement
      unsatisfied_requirement
      open
      diffy

      Maksim Moskvitin (Gerrit)

      unread,
      Jul 3, 2026, 6:31:56 PM (4 days ago) Jul 3
      to Mikel Astiz, android-bu...@system.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org, droger+w...@chromium.org
      Attention needed from Mikel Astiz

      Maksim Moskvitin voted Code-Review+1

      Code-Review+1
      Open in Gerrit

      Related details

      Attention is currently required from:
      • Mikel Astiz
      Submit Requirements:
        • requirement satisfiedCode-Coverage
        • requirement satisfiedCode-Owners
        • requirement satisfiedCode-Review
        • requirement satisfiedReview-Enforcement
        Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
        Gerrit-MessageType: comment
        Gerrit-Project: chromium/src
        Gerrit-Branch: main
        Gerrit-Change-Id: I7989b4dfa2af7b3603fc52d16324cfb1ad86d841
        Gerrit-Change-Number: 8037022
        Gerrit-PatchSet: 3
        Gerrit-Owner: Mikel Astiz <mas...@chromium.org>
        Gerrit-Reviewer: Maksim Moskvitin <mmosk...@google.com>
        Gerrit-Reviewer: Mikel Astiz <mas...@chromium.org>
        Gerrit-Attention: Mikel Astiz <mas...@chromium.org>
        Gerrit-Comment-Date: Fri, 03 Jul 2026 22:31:38 +0000
        Gerrit-HasComments: No
        Gerrit-Has-Labels: Yes
        satisfied_requirement
        open
        diffy

        Mikel Astiz (Gerrit)

        unread,
        3:03 AM (1 hour ago) 3:03 AM
        to Marc Treib, Maksim Moskvitin, android-bu...@system.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org, droger+w...@chromium.org
        Attention needed from Maksim Moskvitin and Marc Treib

        Mikel Astiz added 1 comment

        Patchset-level comments
        File-level comment, Patchset 4 (Latest):
        Mikel Astiz . resolved

        +treib@ after maksim's LGTM got lost during rebase, thanks.

        Open in Gerrit

        Related details

        Attention is currently required from:
        • Maksim Moskvitin
        • Marc Treib
        Submit Requirements:
          • requirement satisfiedCode-Coverage
          • requirement satisfiedCode-Owners
          • requirement is not satisfiedCode-Review
          • requirement is not satisfiedReview-Enforcement
          Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
          Gerrit-MessageType: comment
          Gerrit-Project: chromium/src
          Gerrit-Branch: main
          Gerrit-Change-Id: I7989b4dfa2af7b3603fc52d16324cfb1ad86d841
          Gerrit-Change-Number: 8037022
          Gerrit-PatchSet: 4
          Gerrit-Owner: Mikel Astiz <mas...@chromium.org>
          Gerrit-Reviewer: Maksim Moskvitin <mmosk...@google.com>
          Gerrit-Reviewer: Marc Treib <tr...@chromium.org>
          Gerrit-Attention: Marc Treib <tr...@chromium.org>
          Gerrit-Attention: Maksim Moskvitin <mmosk...@google.com>
          Gerrit-Comment-Date: Wed, 08 Jul 2026 07:03:17 +0000
          Gerrit-HasComments: Yes
          Gerrit-Has-Labels: No
          satisfied_requirement
          unsatisfied_requirement
          open
          diffy
          Reply all
          Reply to author
          Forward
          0 new messages