Firefox OS/Remote Control: Difference between revisions

Remote control is a feature for Firefox OS on TV. After Send tab to TV, user can easily extend browsing experience on TV via Firefox on Android, using virtual touchpad to control TV.

Meta Bug: bug 1205939

Prototype Demo Video: http://bit.ly/1Fa2ST1

UX Spec: http://bit.ly/1jrWqgn

Visual Spec: http://bit.ly/1jrWQU3

• Remote Control Service: Entry point of remote control feature. Control service related logic and data in runtime.
• TLS server: Serves connections from user.

User interaction of remote control is divided into two parts:

1. Peer authentication
2. Control event processing

Any error occurs will close connection between server and client, reconnection is required. Server side error will sends message back to client to let user know what happen on Fennec.

Peer authentication

Remote control is designed to protect data transmitted between client and server, for example: user input string may contains privacy data. The connection is based on self-signed TLS server. To prevent man in the middle(MITM) attack, we adopt J-PAKE to exchange symmetric key for peer authentication. Following describes how it works:

1. The user sends the tab to TV on fennec.
2. Client sends request to handshake without ID.
3. Server replies with the handshake type is 1st time handshake.
4. Client computes J-PAKE round 1 and sends the result to server.
5. Server generates PIN code and show on screen, computes J-PAKE round 1 and sends the result to client.
6. User enter PIN code, client computs J-PAKE round 2 with PIN code attached first 12 characters of server's TLS certificate fingerprint as weak secret.
7. Client sends round 2 result to server.
8. Server computes J-PAKE round 2 with PIN code attached first 12 characters of server's TLS certificate fingerprint as weak secret.
9. Server dismisses PIN code notification on screen, sends round 2 result to client.
10. Both client and server compute J-PAKE final round, gets AES and HMAC key.
11. Server use two keys to get a signature of H(H(AES key)), then send the signature to client.
12. Client verifies the signature matches it has.
13. Client use two keys to get a signature of H(AES key), then send the signature to server.
14. Server verifies the signature matches it has.
15. Server replies with the handshake finish with client's ID for connection in the future.

Re-authentication

User is only required to input PIN code when first time connect to TV. In the second time, client and server leverage previous AES key value and derive new AES and HMAC key. This can reduce number of user input and make the procedure from send tab to TV to remote control more smoothly.

1. The user sends the tab to TV on fennec.
2. Client sends request to handshake with ID.
3. Server looks up ID/AES key mapping and replies with the handshake type is 2nd time handshake.
4. Client computes J-PAKE round 1 and sends the result to server.
5. Server computes J-PAKE round 1 and sends the result to client.
6. Client and server computes J-PAKE round 2 with first 4 characters of previous AES key value attached first 12 characters of server's TLS certificate fingerprint as weak secret.
7. Client sends round 2 result to server.
8. Server sends round 2 result to client.
9. Both client and server compute J-PAKE final round, gets new AES and HMAC key.
10. Server use two keys to get a signature of H(H(AES key)), then send the signature to client.
11. Client verifies the signature matches it has.
12. Client use two keys to get a signature of H(AES key), then send the signature to server.
13. Server verifies the signature matches it has.
14. Server replies with the handshake finish.

After authentication, client can sends control event to server.

Control event processing

Control page provides: 1) a virtual touchpad, 2) a virtual vertical scrollbar, 3) 3 function keys. Every touch, swipe or click will be generated to an event in JSON format then send to TV. Following describes how control event is sent and processed:

1. User operates control page.
2. Client generates and sends the event in JSON format.
3. Server parses the event to JSON object, dispatch to client.sjs.
4. Client.sjs parses event and dispatch to Gecko or Gaia system app.

Data used in JPAKE authentication

Singer ID for JPAKE round 1 & 2:

• TV: server
• Fennec addon: client

Weak secret:

• TV: concatenate PIN and first 12 characters of TLS server cert SHA 256 fingerprint
• Fennec addon: concatenate user input PIN and first 12 characters connected TLS server cert SHA 256 fingerprint

HMAC Input for JAPKE final:

We use "AES_256_CBC-HMAC256", as aHkdfInfo, includes the full crypto spec, should be the same in both TV and fennec addon

Key confirmation:

Double hash of AES key:

1. 1. TV converts AES key to array buffer
   2. Sign AES key array buffer, get signature 1 (array buffer)
   3. Sign signature 1, get signature 2
   4. Convert signature 2 to base 64, send to Fennec addon
   5. Fennec addon do the same as TV from step 1 to 4
   6. Compare received base 64 string of self and TV's signature 2

Single hash of AES key:

1. 1. Fennec addon converts AES key to array buffer
   2. Sign AES key array buffer, get signature 1 (array buffer)
   3. Convert signature 1 to base 64, send to TV
   4. TV use HMAC key, received signature, AES key array buffer to verify if the signature is valid.

Authentication and Event Protocol

Request handshake

Request

 {
   type: 'auth'
   action: 'request_handshake'
   detail: {
     id: <id assigned by server, optional>
   }
 }

Response

 {
   type: 'auth'
   action: 'response_handshake'
   detail: 1 or 2, 1 for 1st handshake, 2 for 2nd handshake
 }

J-PAKE key exchange

Client send round 1

 {
   type: 'auth'
   action: 'jpake_client_1',
   detail: {
     gx1: gx1.value,
     gx2: gx2.value,
     zkp_x1: { gr: gv1.value, b: r1.value, id: 'client' },
     zkp_x2: { gr: gv2.value, b: r2.value, id: 'client' }
   }
 }

Server reply round 1

 {
   type: 'auth'
   action: 'jpake_server_1',
   detail: {
     gx1: gx1.value,
     gx2: gx2.value,
     zkp_x1: { gr: gv1.value, b: r1.value, id: 'server' },
     zkp_x2: { gr: gv2.value, b: r2.value, id: 'server' }
   }
 }

Client send round 2

 {
   type: 'auth'
   action: 'jpake_client_2',
   detail: {
     A: A.value,
     zkp_A: { gr: gvA.value, b: rA.value, id: 'client' }
   }
 }

Server reply round 2

 {
   type: 'auth'
   action: 'jpake_server_2',
   detail: {
     A: A.value,
     zkp_A: { gr: gvA.value, b: rA.value, id: 'server' }
   }
 }

Key confirmation

Server key confirmation

 {
   type: 'auth'
   action: 'server_key_confirm'
   detail: {
     signature: <double signature of AES key by HMAC key, in base64>
   }
 }

Client key confirmation

 {
   type: 'auth'
   action: 'client_key_confirmation'
   detail: {
     signature: <signature of AES key by HMAC key, in base64>
   }
 }

Server finish handshake

 {
   type: 'auth'
   action: 'finish_handshake'
   detail: {
     id: <id assigned by server, optional>
   }
 }

Touch Events

 {
   type: 'command'
   action: 'touchstart',
   detail: {
     width: <touch panel width, integer, in pixels>,
     height: <touch panel height, integer, in pixels>,
     identifier: <A simple unique identifier for server to distinguish touch events between different clients, string>
   }
 }

 {
   type: 'command'
   action: 'touchmove',
   detail: {
     dx: <dx between current point and starting point, integer, in pixels>,
     dy: <dy between current point and starting point, integer, in pixels>,
     identifier: <should be identical with "touchstart">,
     duration: <duration from "touchstart", integer, in milliseconds>
   }
 }

 {
   type: 'command'
   action: 'touchend',
   detail: {
     dx: <same as "touchmove">,
     dy: <same as "touchmove">,
     identifier: <should be identical with "touchstart">,
     duration: <same as "touchmove">,
     swipe: <the gesture within this touch, string, should be "left", "right", "up" and "down">
   }
 }

Scroll Events

There are "scrollstart", "scrollmove" and "scrollend" events which details are all identical with corresponding touch events above.

Key Events

 {
   type: 'command'
   action: 'keypress',
   detail: <KeyEvent constant, string, sush as "DOM_VK_RETURN">
 }

Input Events

 {
   type: 'command'
   action: 'textinput',
   detail: {
     clear: <whether to clear the entire string in the current focused input field, boolean>,
     string: <new string to append, string>,
     keycode: <a specified key to be pressed after the string inputted, integer>
   }
 }

Server reply error

 {
   type: common, or the event type sent from client
   error: <error message of exception or root cause>
 }

Top blockers of bug 1205939 - [TV][2.5][meta][TV side] Remote Control

19 Total; 0 Open (0%); 19 Resolved (100%); 0 Verified (0%);

Top blockers of bug 1207971 - [TV 2.5][meta] Provide a TV remote control app

3 Total; 0 Open (0%); 3 Resolved (100%); 0 Verified (0%);

Top blockers of bug 1208006 - [TV 2.5][meta] Implement a client-side page for TV remote control

4 Total; 0 Open (0%); 4 Resolved (100%); 0 Verified (0%);

Top blockers of bug 1212385 - [TV 2.5][meta] Remote Control features in Smart System

5 Total; 0 Open (0%); 5 Resolved (100%); 0 Verified (0%);

Top blockers of bug 1215457 - [TV 2.5] Secure connection between remote control server and client

4 Total; 0 Open (0%); 4 Resolved (100%); 0 Verified (0%);