canmove, Confirmed users
640
edits
Services/AndroidSyncFP: Difference between revisions
Jump to navigation
Jump to search
Adding attack plan, vague architecture notes.
(Created page with "{{FeatureStatus |Feature name=Firefox Sync for Android |Feature stage=Draft |Feature status=In progress |Feature version=Fennec Native |Feature health=OK }} {{FeatureTeam |Featur...") |
(Adding attack plan, vague architecture notes.) |
||
| Line 25: | Line 25: | ||
* Prefs (Q1) | * Prefs (Q1) | ||
|Feature dependencies=* Exposed + stable (and ideally async) APIs to local storage for synced data types as enumerated above. | |Feature dependencies=* Exposed + stable (and ideally async) APIs to local storage for synced data types as enumerated above. | ||
|Feature requirements=* Sync must run as a background service, respecting the system sync prefs | |Feature requirements=* Sync must run as a background service, respecting the system sync prefs | ||
* This implementation must be fully compatible with current implementations | * This implementation must be fully compatible with current implementations | ||
|Feature non-goals=* Any sort of revised security/setup scheme that would break compatibility with other clients | |Feature non-goals=* Any sort of revised security/setup scheme that would break compatibility with other clients | ||
* Any additional features beyond those currently supported on Fennec | * Any additional features beyond those currently supported on Fennec | ||
|Feature implementation plan=== Estimated attack sequence == | |||
liuche: -- UI ---------------------- ... | |||
rnewman: -- Cryp. Rev. -- Network --- ... | |||
jvoll: -- Repositories ------------ ... | |||
Justification: | |||
* UI is a big work item, and has lots of possible pitfalls, so get started now. Need an 'owner' for this. | |||
* Repositories are standalone, follow an existing design, and have possible pitfalls. Let's get started on these, with tests if we can. | |||
* The existing crypto code needs review and analysis from a broader perspective. That should happen before, e.g., J-PAKE tries to use it. | |||
* After that, start working through the bits that need to be built, starting at the edge and working back. | |||
* After some development experience, we can nail down the rest of the plan. | |||
|Feature implementation notes=== Components, in approximate independent chunks == | |||
* Network: talking to Sync server. | |||
** Interacts with credentials storage for username/password for Basic Auth. | |||
** Generates and consumes records via crypto middleware (or not, for non-encrypted records). | |||
** Extend record formats in https://github.com/mozilla-services/android-sync. | |||
** Raises protocol-level exceptions: 401, 503 with Retry-After/X-Weave-Backoff, .... Consumed by service equivalent. | |||
* Crypto. Consumes encrypted or decrypted records, produces the other. | |||
** Must be heavily tested. Expect this to get detailed security review at some point. | |||
** Raises crypto exceptions to be consumed by service. | |||
** Interacts with credentials storage to obtain Sync Key to decrypt key bundle. | |||
*** Likely via some orchestrating component to eliminate an external dependency. | |||
* UI: pref pane, setup wizard. | |||
** Implement full J-PAKE flow. | |||
** Interacts with credentials storage, of course. | |||
** Also: triggered by service on processing of credentials errors (e.g., 401)... | |||
** Preferences a la Google account for individual engines. | |||
* SyncAdapter: | |||
** Orchestrates repositories, crypto. | |||
** Proceeds through state machine. | |||
** Interaction point for Android sync infrastructure. | |||
* Repository implementations for: | |||
** Bookmarks | |||
** History | |||
** Passwords | |||
** ... | |||
}} | }} | ||
{{FeatureInfo | {{FeatureInfo | ||