133
edits
Firefox OS/Remote Control: Difference between revisions
→Architecture Designs: Add steps of PIN code pairing
(→Architecture Designs: Add steps of key exchange) |
(→Architecture Designs: Add steps of PIN code pairing) |
||
| Line 16: | Line 16: | ||
* HTTP Server: Serves connections from user. Two types files can be served: | * HTTP Server: Serves connections from user. Two types files can be served: | ||
** Static file: Stored in Remote Control Client App, packaged in app://remote-control-client.gaiamobile.org | ** Static file: Stored in Remote Control Client App, packaged in app://remote-control-client.gaiamobile.org | ||
** Service script: Handle AJAX request and response for secure connection initialization, PIN code pairing and control event processing. Packaged in resource://gre/res/remotecontrol | ** Service script: Handle AJAX request and response for secure connection initialization, PIN code pairing and control event processing. Packaged in resource://gre/res/remotecontrol. | ||
* Remote Control App: Provides service related user interface on TV. Communicate with Remote Control Service via MozSettings. | * Remote Control App: Provides service related user interface on TV. Communicate with Remote Control Service via MozSettings. | ||
| Line 25: | Line 25: | ||
=== Establish secure connection === | === Establish secure connection === | ||
Remote control is designed to protect data transmitted between client and server, for example: user input string may contains privacy data. Client is forced to exchange symmetric key (AES-GCM) with server in the first time. After key exchange, server uses UUID in cookie to identify client and key to decrypt messages. Following describes how keys are exchanged: | Remote control is designed to protect data transmitted between client and server, for example: user input string may contains privacy data. Consider user scenario for remote control is in local network, TV is not able to get a unique name to provide HTTPS; remote control uses proprietary protocol to establish secure connection. Client is forced to exchange symmetric key (AES-GCM) with server in the first time. After key exchange, server uses UUID in cookie to identify client and key to decrypt messages. Following describes how keys are exchanged: | ||
# User opens the URL | # User opens the URL. | ||
# Client requests page without valid UUID. | # Client requests page without valid UUID. | ||
# Server response secure.html as requested page for key exchange. | # Server response secure.html as requested page for key exchange. | ||
# Client | # Client acquires RSA public key from secure.sjs. | ||
# Secure.sjs replies RSA public key SPKI in base64. | # Secure.sjs replies RSA public key SPKI in base64. | ||
# Client | # Client imports RSA public key and wrap symmetric key. | ||
# Client sends wrapped symmetric key to secure.sjs in base64. | # Client sends wrapped symmetric key to secure.sjs in base64. | ||
# Secure.sjs replies | # Secure.sjs replies a ticket number. | ||
# Secure.sjs unwraps symmetric key with RSA private key. | # Secure.sjs unwraps symmetric key with RSA private key. | ||
# Secure.sjs saves symmetric key. | # Secure.sjs saves symmetric key. | ||
# Remote Control Service generates a new UUID, encrypted with symmetric key and binds encrypted UUID with ticket number. | # Remote Control Service generates a new UUID, encrypted with symmetric key and binds encrypted UUID with ticket number. | ||
# Client polls encrypted UUID from secure.sjs. | # Client polls encrypted UUID from secure.sjs by ticket number. | ||
# Client | # Client decrypts received UUID to double confirm server receives correct symmetric key. | ||
# Client reloads the URL with UUID. | # Client reloads the URL with UUID. | ||
=== PIN code pairing === | |||
PIN code is a mechanism to ensure the device connects to TV is physical near TV. While connects to TV, user needs to enter 4 digits PIN code on TV screen. After pass pairing, user is redirected to control page and not need to enter PIN code until: 1) 90 days, pairing expired or 2) user revokes all pairing in remote control app. Pairing can be turned off in remote control app. Following describes how PIN code pairing is done: | |||
# User opens the URL. | |||
# Client requests page with UUID requires pairing. | |||
# Server get the UUID and generate a PIN code. | |||
# Remote control service sends PIN code to Gaia system app to trigger pairing notification on screen. (send chrome event) | |||
# Server returns pairing.html as requested page for PIN code pairing. | |||
# User enter PIN code on screen. | |||
# Client encrypts PIN code. | |||
# Client sends PIN code to pairing.sjs. | |||
# Pairing.sjs replies a ticket number. | |||
# Pairing.sjs decrypts PIN code using symmetric key received in establish secure connection. | |||
# Pairing.sjs confirms PIN code correct from remote control service and delete pending PIN code. | |||
# Pairing.sjs requests Gaia system app to dismiss pairing notification on screen. (send chrome event) | |||
# Client queries PIN code pairing result from pairing.sjs by ticket number. | |||
# Client reloads the URL with UUID. | |||
After establish secure connection, client reloads the URL with a valid UUID and get control page. | |||
=== Control event processing === | === Control event processing === | ||