RedPanda Sync

RedPanda Sync

Abstract

This is the main page for my project of the class "Ingeniería de Software". Maybe it's a mess, but It's hard work. This is a client/lib over the Firefox Sync Protocol. FxSync documentation is kind of a big mess.

MANUAL

This is our entry point. In order to use this extension, you first need to authenticate with the auth-server. We do this using your email and password. We don't actually store your password.

Screen-Shot-2021-12-02-at-23.24.25

So the first and most important thing is to login into the auth-server. This will generate secure keys that are going to be send to the Rust module.

Screen-Shot-2021-12-02-at-23.27.42

You may or not need to register this new device with your email. This is part of the 2F auth process established by Mozilla.

Screen-Shot-2021-12-02-at-23.29.54

We'll be able to gain access to our account after some cryptographic stuff and connections with the Token server are made.

In the menu we can emphasize two things: synchronize the system and select settings. There is also the option to close the section, but it is self explanatory.

Screen-Shot-2021-12-02-at-23.31.38

The options allow us to do two things: upload bookmark items and passwords. We can choose which ones it synchronizes with, so that we have control over the data we need.

Screen-Shot-2021-12-02-at-23.57.38

The sync button is in charge of doing what we want: synchronizing our data. We fetch the correct files from the server, so they can be decrypted.

Implementation...

It is not a precisely unique implementation, but the complexity of the project was increased and external libraries had to be dealt with. The original scope was to have a single Rust library that could authenticate, perform the requests, and handle the structure itself. Due to complexity issues, this could not be done in the end.

At the time of writing this post, only the first part of the authentication is successful. The second part fails not because the code is wrong, but because the specification of the document to read is not adequate.

It is likely that this can be solved by implementing certain methods that can directly work between the various languages of the world.

API

The Mozilla API is not specifically horrible, but it is a rather complicated one to process in several of the interfaces that are presented, this is because they are not specified well enough.

So part of the work done on this product was doing a bit of reverse engineering on the pre-existing codes from Mozilla and other wonderful people who gave their input.

The following coument gives an explanation of the code through the types: https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/docs/api.md#post-accountlogin

It might seem difficult to implement, and it certainly is because of the approach used. So you have to have enough knowledge to answer.

The entire cryptographic process requires many, many connections to continue

What's next?

The end as no end.

But seriously speaking, this is a project that I have been thinking of doing for more than seven months. Although the implementation achieved right now is very simple and basic, I believe that it sets the guidelines for a later library that can be very useful for people, or at least for myself.

In the end it was not in vain because I learned a lot about crypto and how Mozilla's infrastructure works. So the long-term challenge is to improve the things that are already done.

Links

There is a list of links that may be of your interest: