MozillaWiki

Firefox OS/Remote Control: Difference between revisions

Page Discussion

Firefox OS/Remote Control (view source)

Revision as of 03:39, 24 May 2016

2,469 bytes removed ,  24 May 2016
→‎Architecture Designs: add disconnect and reconnection description
(→‎Architecture Designs: add disconnect and reconnection description)
 
(26 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Introduction ==
== Introduction ==
Remote control is a new feature for Firefox OS on TV. We hope user can control TV at any device without installing any APP. Consider compatibility, remote control uses HTTP and AJAX as communication protocol between TV and user. User can easily connect to TV via open his/her browser, enter URL on TV and use the virtual touchpad to control TV just in seconds.
Remote control is a feature for Firefox OS on TV. After [https://addons.mozilla.org/en-US/android/addon/send-tab-to-tv/ Send tab to TV], user can easily extend browsing experience on TV via Firefox on Android, using virtual touchpad to control TV.


Meta Bug: {{Bug|1205939}}
Meta Bug: {{Bug|1205939}}
Line 17: Line 17:


* [[Firefox_OS/Remote_Control_Service|Remote Control Service]]: Entry point of remote control feature. Control service related logic and data in runtime.
* [[Firefox_OS/Remote_Control_Service|Remote Control Service]]: Entry point of remote control feature. Control service related logic and data in runtime.
* HTTP Server: Serves connections from user. Two types files can be served:
* TLS server: Serves connections from user.
** Static file: Stored in Remote Control Client App, packaged in app://remote-control-client.gaiamobile.org
** Service script: Handle AJAX request and response for secure connection initialization, PIN code pairing and control event processing. Packaged in resource://gre/res/remotecontrol.
* Remote Control App: Provides service related user interface on TV. Communicate with Remote Control Service via MozSettings.


User interaction of remote control is divided into three parts:
User interaction of remote control is divided into two parts:
# Establish secure connection
# Peer authentication
# PIN code pairing (optional, by user settings)
# Control event processing
# Control event processing


=== Establish secure connection ===
Any error occurs will close connection between server and client, reconnection is required. Server side error will sends message back to client to let user know what happen on Fennec.
Remote control is designed to protect data transmitted between client and server, for example: user input string may contains privacy data. Consider user scenario for remote control is in local network, TV is not able to get a unique name to provide HTTPS; remote control uses proprietary protocol to establish secure connection. Client is forced to exchange symmetric key (AES-GCM) with server in the first time. After key exchange, server uses UUID in cookie to identify client and key to decrypt messages. Following describes how keys are exchanged:


[[File:RemoteControl SecureConnectionInitialization.png]]
=== Peer authentication ===
Remote control is designed to protect data transmitted between client and server, for example: user input string may contains privacy data. The connection is based on self-signed TLS server. To prevent man in the middle(MITM) attack, we adopt [https://en.wikipedia.org/wiki/Password_Authenticated_Key_Exchange_by_Juggling J-PAKE] to exchange symmetric key for peer authentication. Following describes how it works:


# User opens the URL.
[[File:RemoteControl_FirstTimeHandshake.png]]
# Client requests page without valid UUID.
# Server response secure.html as requested page for key exchange.
# Client acquires RSA public key from secure.sjs. [[Firefox_OS/Remote_Control#RSA_public_key_exchange|Detail]]
# Secure.sjs replies RSA-OEAP public key SPKI in base64. [https://github.com/MDTsai/gecko-dev/blob/Bug_1235013_new_httpserver/b2g/remotecontrol/secure.sjs#L80 source]
# Client imports RSA public key and wrap symmetric key.
# Client sends wrapped symmetric key (AES-GCM) to secure.sjs in base64. [[Firefox_OS/Remote_Control#Send_symmetric_key|Detail]] [https://github.com/luke-chang/gaia/blob/1228262_tv_remote_control_secure/tv_apps/remote-control-client/js/secure.js#L210 source]
# Secure.sjs replies a ticket number.
# Secure.sjs unwraps symmetric key with RSA-OEAP private key. [https://github.com/MDTsai/gecko-dev/blob/Bug_1235013_new_httpserver/b2g/remotecontrol/secure.sjs#L30 source]
# Secure.sjs saves symmetric key.
# Remote Control Service generates a new UUID, encrypted with symmetric key and binds encrypted UUID with ticket number. [https://github.com/MDTsai/gecko-dev/blob/Bug_1235013_new_httpserver/b2g/remotecontrol/secure.sjs#L30 source]
# Client polls encrypted UUID from secure.sjs by ticket number. [[Firefox_OS/Remote_Control#Poll_UUID|Detail]]
# Client decrypts received UUID to double confirm server receives correct symmetric key.
# Client reloads the URL with UUID.


=== PIN code pairing ===
# The user sends the tab to TV on fennec.
PIN code is a mechanism to ensure the device connects to TV is physical near TV. While connects to TV, user needs to enter 4 digits PIN code on TV screen. After pass pairing, user is redirected to control page and not need to enter PIN code until: 1) 90 days, pairing expired or 2) user revokes all pairing in remote control app. Pairing can be turned off in remote control app. Following describes how PIN code pairing is done:
# Client sends request to handshake without ID.
# Server replies with the handshake type is 1st time handshake.
# Client computes J-PAKE round 1 and sends the result to server.
# Server generates PIN code and show on screen, computes J-PAKE round 1 and sends the result to client.
# User enter PIN code, client computs J-PAKE round 2 with PIN code attached first 12 characters of server's TLS certificate fingerprint as weak secret.
# Client sends round 2 result to server.
# Server computes J-PAKE round 2 with PIN code attached first 12 characters of server's TLS certificate fingerprint as weak secret.
# Server dismisses PIN code notification on screen, sends round 2 result to client.
# Both client and server compute J-PAKE final round, gets AES and HMAC key.
# Server use two keys to get a signature of H(H(AES key)), then send the signature to client.
# Client verifies the signature matches it has.
# Client use two keys to get a signature of H(AES key), then send the signature to server.
# Server verifies the signature matches it has.
# Server replies with the handshake finish with client's ID for connection in the future.


[[File:RemoteControl PINCodePairing.png]]
==== Re-authentication ====
User is only required to input PIN code when first time connect to TV. In the second time, client and server leverage previous AES key value and derive new AES and HMAC key. This can reduce number of user input and make the procedure from send tab to TV to remote control more smoothly.


# User opens the URL.
[[File:RemoteControl SecondTimeHandshake.png]]
# Client requests page with UUID requires pairing.
# Server get the UUID and generate a PIN code.
# Remote control service sends PIN code to Gaia system app to trigger pairing notification on screen. (send chrome event)
# Server returns pairing.html as requested page for PIN code pairing.
# User enter PIN code on screen.
# Client encrypts PIN code.
# Client sends PIN code to pairing.sjs. [[Firefox_OS/Remote_Control#Pair_PIN_code|Detail]]
# Pairing.sjs replies a ticket number.
# Pairing.sjs decrypts PIN code using symmetric key received in establish secure connection.
# Pairing.sjs confirms PIN code correct from remote control service and delete pending PIN code.
# Pairing.sjs requests Gaia system app to dismiss pairing notification on screen. (send chrome event)
# Client queries PIN code pairing result from pairing.sjs by ticket number. [[Firefox_OS/Remote_Control#Poll_pair_result|Detail]]
# Client reloads the URL with UUID.


After PIN code pairing, client reloads the URL with a valid UUID and get control page.
# The user sends the tab to TV on fennec.
# Client sends request to handshake with ID.
# Server looks up ID/AES key mapping and replies with the handshake type is 2nd time handshake.
# Client computes J-PAKE round 1 and sends the result to server.
# Server computes J-PAKE round 1 and sends the result to client.
# Client and server computes J-PAKE round 2 with first 4 characters of previous AES key value attached first 12 characters of server's TLS certificate fingerprint as weak secret.
# Client sends round 2 result to server.
# Server sends round 2 result to client.
# Both client and server compute J-PAKE final round, gets new AES and HMAC key.
# Server use two keys to get a signature of H(H(AES key)), then send the signature to client.
# Client verifies the signature matches it has.
# Client use two keys to get a signature of H(AES key), then send the signature to server.
# Server verifies the signature matches it has.
# Server replies with the handshake finish.
 
After authentication, client can sends control event to server.


=== Control event processing ===
=== Control event processing ===
Control page provides: 1) a virtual touchpad, 2) a virtual vertical scrollbar, 3) 3 function keys. Every touch, swipe or click will be generated to an event in JSON format, encrypted and send to TV. Following describes how control event is sent and processed:
Control page provides: 1) a virtual touchpad, 2) a virtual vertical scrollbar, 3) 3 function keys. Every touch, swipe or click will be generated to an event in JSON format then send to TV. Following describes how control event is sent and processed:


[[File:RemoteControl ControlEventProcessing.png]]
[[File:RemoteControl ControlEventProcessing.png]]


# User opens the URL.
# Client requests page with UUID can access control page.
# Server returns client.html as requested page for remote control.
# User operates control page.
# User operates control page.
# Client generates an event and encrypts the event using symmetric key.
# Client generates and sends the event in JSON format.
# Client sends encrypted event.
# Server parses the event to JSON object, dispatch to client.sjs.
# Client.sjs responses with latest event result.
# Client.sjs decrypts event with symmetric key received in establish secure connection.
# Client.sjs parses event and dispatch to Gecko or Gaia system app.
# Client.sjs parses event and dispatch to Gecko or Gaia system app.


=== Data encryption/decryption ===
=== Data used in JPAKE authentication ===
There are three kinds of data are encrypted while tranmission:
==== Singer ID for JPAKE round 1 & 2: ====
# Client polls '''UUID''' in establish secure connection stage
* TV: server
# Client sends '''PIN code''' in pin code pairing
* Fennec addon: client
# Client sends '''event''' in control event processing
 
==== Weak secret: ====
* TV: concatenate PIN and first 12 characters of TLS server cert SHA 256 fingerprint
* Fennec addon: concatenate user input PIN and first 12 characters connected TLS server cert SHA 256 fingerprint
 
==== HMAC Input for JAPKE final: ====
We use "AES_256_CBC-HMAC256", as aHkdfInfo, includes the full crypto spec, should be the same in both TV and fennec addon
 
==== Key confirmation: ====


As data are encrypted by symmetric key, AES-GCM, there are two things need noticed:
Double hash of AES key:
# AES-GCM need initialization vector(IV) to encrypt/decrypt. Currently, IV is random value for each data, length is 12 bytes. Encrypted data is appended after IV. Receiver needs to slice first 12 bytes as IV to decrypt.
## TV converts AES key to array buffer
# Each message type is string, use [https://developer.mozilla.org/en-US/docs/Web/API/TextEncoder/encode TextEncoder.encode()] to encode as an UInt8Array, then encrypt to ArrayBuffer. Vice versa.
## Sign AES key array buffer, get signature 1 (array buffer)
# Data encryption/decryption is asynchronous but HTTP request need response immediately. For UUID and PIN code case, remote control uses a ticket number to get status after decryption. But for event, we reduce polling result but use latest event's result instead.
## Sign signature 1, get signature 2
## Convert signature 2 to base 64, send to Fennec addon
## Fennec addon do the same as TV from step 1 to 4
## Compare received base 64 string of self and TV's signature 2


=== Ajax Protocol ===
Single hash of AES key:
==== RSA public key exchange ====
## Fennec addon converts AES key to array buffer
## Sign AES key array buffer, get signature 1 (array buffer)
## Convert signature 1 to base 64, send to TV
## TV use HMAC key, received signature, AES key array buffer to verify if the signature is valid.
 
=== Authentication and Event Protocol ===
==== Request handshake ====
Request
Request
   {
   {
     action: 'require-public-key'
    type: 'auth'
     action: 'request_handshake'
    detail: {
      id: <id assigned by server, optional>
    }
   }
   }
Response
Response
   {
   {
     publicKey: <base64>
     type: 'auth'
    action: 'response_handshake'
    detail: 1 or 2, 1 for 1st handshake, 2 for 2nd handshake
   }
   }
==== J-PAKE key exchange ====
Client send round 1
   {
   {
     error: <reason>
     type: 'auth'
    action: 'jpake_client_1',
    detail: {
      gx1: gx1.value,
      gx2: gx2.value,
      zkp_x1: { gr: gv1.value, b: r1.value, id: 'client' },
      zkp_x2: { gr: gv2.value, b: r2.value, id: 'client' }
    }
   }
   }
==== Send symmetric key ====
Server reply round 1
Request
   {
   {
     action: 'send-symmetric-key',
    type: 'auth'
     wrappedSymmetricKey: <base64>
     action: 'jpake_server_1',
     detail: {
      gx1: gx1.value,
      gx2: gx2.value,
      zkp_x1: { gr: gv1.value, b: r1.value, id: 'server' },
      zkp_x2: { gr: gv2.value, b: r2.value, id: 'server' }
    }
   }
   }
Response
Client send round 2
   {
   {
     ticket: <ticket>
     type: 'auth'
    action: 'jpake_client_2',
    detail: {
      A: A.value,
      zkp_A: { gr: gvA.value, b: rA.value, id: 'client' }
    }
   }
   }
Server reply round 2
   {
   {
     error: <reason>
     type: 'auth'
    action: 'jpake_server_2',
    detail: {
      A: A.value,
      zkp_A: { gr: gvA.value, b: rA.value, id: 'server' }
    }
   }
   }
==== Poll UUID ====
 
Request
==== Key confirmation ====
Server key confirmation
   {
   {
     action: 'poll-uuid'
    type: 'auth'
     ticket: <ticket>
     action: 'server_key_confirm'
     detail: {
      signature: <double signature of AES key by HMAC key, in base64>
    }
   }
   }
Response
Client key confirmation
   {
   {
     done: true,
     type: 'auth'
     encryptedUUID: <base64>,
    action: 'client_key_confirmation'
     detail: {
      signature: <signature of AES key by HMAC key, in base64>
    }
   }
   }
Server finish handshake
   {
   {
     done: true,
     type: 'auth'
    error: <reason>
     action: 'finish_handshake'
  }
     detail: {
  {
      id: <id assigned by server, optional>
    done: false // Symmetic key unwrapping or encrypting UUID
    }
  }
==== Pair PIN code ====
Request
  {
     action: 'pair-pincode'
     encryptedPIN: <base64>
  }
Response
  {
    ticket: <ticket>
  }
==== Poll pair result ====
Request
  {
    action: 'poll-pair-result'
    ticket: <ticket>
   }
   }
Response
  {
    done: true
    verified: <boolean>
    reason: <reason>
  }
  {
    done: false
  }
==== Encrypted control events ====
Client sends encrypted event in query string as:
  <IP_Address>:<Port>?message=<base64>


Response
  {
    verified: <boolean>
  }
After decrypted, following are control events:
==== Touch Events ====
==== Touch Events ====


   {
   {
     type: 'touchstart',
     type: 'command'
    action: 'touchstart',
     detail: {
     detail: {
       width: <touch panel width, integer, in pixels>,
       width: <touch panel width, integer, in pixels>,
Line 185: Line 204:


   {
   {
     type: 'touchmove',
     type: 'command'
    action: 'touchmove',
     detail: {
     detail: {
       dx: <dx between current point and starting point, integer, in pixels>,
       dx: <dx between current point and starting point, integer, in pixels>,
Line 195: Line 215:


   {
   {
     type: 'touchend',
     type: 'command'
    action: 'touchend',
     detail: {
     detail: {
       dx: <same as "touchmove">,
       dx: <same as "touchmove">,
Line 212: Line 233:


   {
   {
     type: 'keypress',
     type: 'command'
    action: 'keypress',
     detail: <KeyEvent constant, string, sush as "DOM_VK_RETURN">
     detail: <KeyEvent constant, string, sush as "DOM_VK_RETURN">
   }
   }
Line 219: Line 241:


   {
   {
     type: 'input',
     type: 'command'
    action: 'textinput',
     detail: {
     detail: {
       clear: <whether to clear the entire string in the current focused input field, boolean>,
       clear: <whether to clear the entire string in the current focused input field, boolean>,
Line 227: Line 250:
   }
   }


==== Custom Events ====
==== Server reply error ====
 
  {
    type: 'custom',
    action: <custom action name, string>,
    ...
  }
 
=== Pairing (Full version, without secure connection) ===
Meta Bug: {{Bug|1207996}}
 
==== Flowchart ====
 
First Time Connection (deprecated in secure connection)
 
[[File: RemoteControl FirstConnect.png]]
 
Enter PIN Code (deprecated in secure connection)
 
[[File:RemoteControl EnterPIN.png]]
 
Resume Connection (deprecated in secure connection)
 
[[File:RemoteControl ResumeConnection.png]]
 
Dismiss Pairing
 
[[File:RemoteControl DismissPairing.png]]
 
==== Protocol ====
 
from client to server via AJAX (deprecated in secure connection)
 
  {
    pincode: <pincode>
  }
 
response when success (deprecated in secure connection)
 
  {
    verified: true,
    uuid: <uuid>
  }
 
reponse when error
 
  {
    verified: false,
    reason: 'expired' / 'invalid'
  }
 
internal events at server side
 
  {
    type: 'mozChromeRemoteControlEvent',
    detail: {
      action: 'pin-created',
      pincode: <pincode>
    }
  }
 
  {
    type: 'mozChromeRemoteControlEvent',
    detail: {
      action: 'pin-destroyed'
    }
  }


   {
   {
     type: 'mozContentEvent',
     type: common, or the event type sent from client
     detail: {
     error: <error message of exception or root cause>
      type: 'remote-control-pin-dismissed',
      detail: {
        reason: 'timeout' / 'manually'
      }
    }
   }
   }
=== Secure Connection (deprecated) ===
To protect private data between user and TV, we provide a secure connection which refers to SSL and [http://www.jcryption.org/ jCryption]. Here is the concept:
# Client requests RSA public key from TV.
# Client sends symmetric key and PIN code (if any) to TV, encrypted with public key.
# TV decrypts symmetric key with private key
# TV generates an UUID, encrypts with symmetric key then sends 2 UUIDs to client, one is encrypted the other is not.
# Client decrypts UUID with symmetric key, confirm UUID
# Begin remote control with symmetric key.
Goal of Remote Control is to create an easy to use way for every device, we hide public key exchange at the background. User doesn't need to input a long URL with public key nor scan QRCode. Everything is done automatically without interrupting user experience.
[[File: Remote_Security.png]]


== Bug Status ==
== Bug Status ==
Eric Tsai
133

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1114437...1133983"