|
|
| Line 28: |
Line 28: |
| [[File:RemoteControl_FirstTimeHandshake.png]] | | [[File:RemoteControl_FirstTimeHandshake.png]] |
|
| |
|
| # The user opens the URL in the client (e.g. mobile browser). | | # The user sends the tab to TV on fennec. |
| # Client requests the page without a valid UUID. | | # Client sends request to handshake without ID. |
| # Server responses the content of the "secure.html" as the requested page for key exchange. | | # Server replies with the handshake type is 1st time handshake. |
| # Client requests the RSA public key from "secure.sjs" via AJAX. ([[Firefox_OS/Remote_Control#RSA_public_key_exchange|Detail]]) | | # Client computes J-PAKE round 1 and sends the result to server. |
| # "Secure.sjs" responses the public key (RSA-OEAP, exported by SPKI) in base64. ([https://github.com/MDTsai/gecko-dev/blob/Bug_1235013_new_httpserver/b2g/remotecontrol/secure.sjs#L80 source]) | | # Server generates PIN code and show on screen, computes J-PAKE round 1 and sends the result to client. |
| # Client imports the RSA public key ([https://github.com/luke-chang/gaia/blob/1228262_tv_remote_control_secure/tv_apps/remote-control-client/js/secure.js#L95-L113 source]), generates a symmetric key (AES-GCM) ([https://github.com/luke-chang/gaia/blob/1228262_tv_remote_control_secure/tv_apps/remote-control-client/js/secure.js#L115-L146 source]) and wraps it by the public key (RSA-OEAP) ([https://github.com/luke-chang/gaia/blob/1228262_tv_remote_control_secure/tv_apps/remote-control-client/js/secure.js#L180-L208 source]). | | # Server computes J-PAKE round 2 with PIN code attached first 12 characters as weak secret. |
| # Client sends the wrapped symmetric key to "secure.sjs" in base64 via AJAX. ([[Firefox_OS/Remote_Control#Send_symmetric_key|Detail]]) | | # User enter PIN code, client computs J-PAKE round 2 with PIN code attached first 12 characters as weak secret. |
| # "Secure.sjs" generates a ticket number (a random number for polling only) and responses it to the client immediately. | | # Client sends round 2 result to server. |
| # "Secure.sjs" asynchronously unwraps the symmetric key with the private key (RSA-OEAP). ([https://github.com/MDTsai/gecko-dev/blob/Bug_1235013_new_httpserver/b2g/remotecontrol/secure.sjs#L30 source]) | | # Server dismisses PIN code notification on screen, sends round 2 result to client. |
| # "Secure.sjs" saves the symmetric key along with a corresponding UUID generated by Remote Control Service. | | # Both client and server compute J-PAKE final round, gets AES and HMAC key. |
| # Remote Control Service encrypts the UUID with its symmetric key, binds it with the ticket number and waits for polling. (The encrypted UUID makes the client be able to confirm if the server stores the symmetric key correctly.) ([https://github.com/MDTsai/gecko-dev/blob/Bug_1235013_new_httpserver/b2g/remotecontrol/secure.sjs#L30 source])
| | # Server use two keys to get a signature of H(H(AES key)), then send the signature to client. |
| # Client keeps polling the encrypted UUID from "secure.sjs" with the ticket number. ([[Firefox_OS/Remote_Control#Poll_UUID|Detail]]) | | # Client verifies the signature matches it has. |
| # Once receiving the encrypted UUID, the client decrypts it and stores it in the cookie. | | # Client use two keys to get a signature of H(AES key), then send the signature to server. |
| # Client reloads the URL with the valid UUID in the cookie. | | # Server verifies the signature matches it has. |
| | # Server replies with the handshake finish with client's ID for connection in the future. |
|
| |
|
| === PIN code pairing === | | === PIN code pairing === |