Firefox OS/Remote Control: Difference between revisions

← Older edit

Firefox OS/Remote Control (view source)

Revision as of 03:39, 24 May 2016

319 bytes added , 24 May 2016

→‎Architecture Designs: add disconnect and reconnection description

Eric Tsai

133

edits

@@ Line 22: / Line 22: @@
 # Peer authentication
 # Control event processing
+Any error occurs will close connection between server and client, reconnection is required. Server side error will sends message back to client to let user know what happen on Fennec.
 === Peer authentication ===
@@ Line 33: / Line 35: @@
 # Client computes J-PAKE round 1 and sends the result to server.
 # Server generates PIN code and show on screen, computes J-PAKE round 1 and sends the result to client.
-# Server computes J-PAKE round 2 with PIN code attached first 12 characters of server's TLS certificate fingerprint as weak secret.
 # User enter PIN code, client computs J-PAKE round 2 with PIN code attached first 12 characters of server's TLS certificate fingerprint as weak secret.
 # Client sends round 2 result to server.
+# Server computes J-PAKE round 2 with PIN code attached first 12 characters of server's TLS certificate fingerprint as weak secret.
 # Server dismisses PIN code notification on screen, sends round 2 result to client.
 # Both client and server compute J-PAKE final round, gets AES and HMAC key.
@@ Line 54: / Line 56: @@
 # Client computes J-PAKE round 1 and sends the result to server.
 # Server computes J-PAKE round 1 and sends the result to client.
-# Client and server computes J-PAKE round 2 with previous AES key value attached first 12 characters of server's TLS certificate fingerprint as weak secret.
+# Client and server computes J-PAKE round 2 with first 4 characters of previous AES key value attached first 12 characters of server's TLS certificate fingerprint as weak secret.
 # Client sends round 2 result to server.
 # Server sends round 2 result to client.
@@ Line 76: / Line 78: @@
 # Client.sjs parses event and dispatch to Gecko or Gaia system app.
-=== Data encryption/decryption ===
+=== Data used in JPAKE authentication ===
-There are three kinds of data are encrypted while tranmission:
+==== Singer ID for JPAKE round 1 & 2: ====
-# Client polls '''UUID''' in establish secure connection stage
+* TV: server
-# Client sends '''PIN code''' in pin code pairing
+* Fennec addon: client
-# Client sends '''event''' in control event processing
+==== Weak secret: ====
+* TV: concatenate PIN and first 12 characters of TLS server cert SHA 256 fingerprint
+* Fennec addon: concatenate user input PIN and first 12 characters connected TLS server cert SHA 256 fingerprint
+==== HMAC Input for JAPKE final: ====
+We use "AES_256_CBC-HMAC256", as aHkdfInfo, includes the full crypto spec, should be the same in both TV and fennec addon
+==== Key confirmation: ====
-As data are encrypted by symmetric key, AES-GCM, there are two things need noticed:
+Double hash of AES key:
-# AES-GCM need initialization vector(IV) to encrypt/decrypt. Currently, IV is random value for each data, length is 12 bytes. Encrypted data is appended after IV. Receiver needs to slice first 12 bytes as IV to decrypt.
+## TV converts AES key to array buffer
-# Each message type is string, use [https://developer.mozilla.org/en-US/docs/Web/API/TextEncoder/encode TextEncoder.encode()] to encode as an UInt8Array, then encrypt to ArrayBuffer. Vice versa.
+## Sign AES key array buffer, get signature 1 (array buffer)
-# Data encryption/decryption is asynchronous but HTTP request need response immediately. For UUID and PIN code case, remote control uses a ticket number to get status after decryption. But for event, we reduce polling result but use latest event's result instead.
+## Sign signature 1, get signature 2
+## Convert signature 2 to base 64, send to Fennec addon
+## Fennec addon do the same as TV from step 1 to 4
+## Compare received base 64 string of self and TV's signature 2
+Single hash of AES key:
+## Fennec addon converts AES key to array buffer
+## Sign AES key array buffer, get signature 1 (array buffer)
+## Convert signature 1 to base 64, send to TV
+## TV use HMAC key, received signature, AES key array buffer to verify if the signature is valid.
 === Authentication and Event Protocol ===
@@ Line 112: / Line 131: @@
        gx1: gx1.value,
        gx2: gx2.value,
-       zpk_x1: { gr: gv1.value, b: r1.value, id: 'client' },
+       zkp_x1: { gr: gv1.value, b: r1.value, id: 'client' },
-       zpk_x2: { gr: gv2.value, b: r2.value, id: 'client' }
+       zkp_x2: { gr: gv2.value, b: r2.value, id: 'client' }
      }
    }
@@ Line 123: / Line 142: @@
        gx1: gx1.value,
        gx2: gx2.value,
-       zpk_x1: { gr: gv1.value, b: r1.value, id: 'server' },
+       zkp_x1: { gr: gv1.value, b: r1.value, id: 'server' },
-       zpk_x2: { gr: gv2.value, b: r2.value, id: 'server' }
+       zkp_x2: { gr: gv2.value, b: r2.value, id: 'server' }
      }
    }
@@ Line 231: / Line 250: @@
    }
-==== Custom Events ====
+==== Server reply error ====
    {
-     type: 'command'
+     type: common, or the event type sent from client
-    action: 'custom',
+     error: <error message of exception or root cause>
-     detail: {
-      action: <custom action name, string>,
-      ...
-    }
    }