This post may come a bit late, but I’ve been pretty much hooked to my end of semester finals over the last few weeks. However, exams are gone now so I can start focusing on my summer project. Accordingly, I’ve been working hard these last days to catch up with my timeline before the midterm.
For those of you who are not aware of my project, I’m working on the Web: Session Sync project, aiming to introduce a bookmarks sync feature for Epiphany with the help of Mozilla’s servers. As I’ve mentioned in my previous post, the first part of my project involves establishing a working communication with the Firefox Accounts Server. This implies implementing the client side of the onepw protocol in Epiphany a.k.a. being able to compute the protocol’s tokens, send both normal requests and Hawk requests to the server and derive the sync keys.
These being said, here are the things I’ve completed so far:
- created different modules to divide my project’s functionality: a sync service (the core module, initiating every server-related action and invoking other modules), a cryptographic module (for computing and deriving the protocol’s tokens and generating Hawk requests headers), a secret module (for storing/retrieving encrypted tokens to/from disk – see below), and an utils module (for different utility functions).
- implemented the PBKDF2 and HKDF algorithms used to derive the authentication tokens from the user’s email and password. One handy tool for this task was Nettle, a low-level cryptographic library, that proved very useful, having great APIs for hmac, sha256, pbkdf and many others.
- implemented functionality for keeping the protocol’s tokens secret by encrypting them on disk with the help of libsecret. The idea behind this is that most of the tokens are persistent, meaning they won’t expire until the user logs out and the session is destroyed. Hence, once the user has logged in, the Sync Service will store the computed/retrieved tokens so they will be loaded directly from there for further use cases.
- implemented functionality for generating headers for the Hawk requests. Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response. This was totally new to me but, fortunately, I was able to peek at Mozilla’s Python Hawk library on GitHub and understand how to properly generate a Hawk header.
- added a new Sync tab to the Preferences dialog. This is the place where users should be able to log in with their Firefox Account in order to start the syncing process. As soon as the Login button is pressed, the Sync Service will stretch the user’s email and password and a subsequent call to the account/login endpoint will be issued, sending the previously computed tokens to the FxA Server. If the server validates the request, the sync service will proceed to compute the sync keys from the server’s response (this part I have yet to implement), otherwise a suggestive error message will be displayed.
That would be it for now. The next thing I’m planning to implement is the request to the account/keys endpoint along with the derivation of the sync keys from the response. I hope this post has shed some light on what I’m actually doing for my GSoC project!
See you the next weeks 🙂