mirror of
https://gitlab.uni-freiburg.de/opensourcevdi/spice-protocol
synced 2025-12-26 22:55:30 +00:00
0386da3be4
Current version 2.0 of the SPICE protocol describes how the client
reply to the server SpiceLinkReply message with a RSA_public_encrypt()
of the password.
Instead of using the current Spice AUTH mechanism, we would like to
offer different AUTH mechanisms, in particular SASL, which is a
framework allowing different underlying mechanisms such as
GSSAPI/Kerberos v5 (and optionally adding a data security layer).
We could bump the protocol version, but that would make this feature
mandatory for the implementer of the protocol. By using the channel
caps, the client and server are left to negotiate and alter the AUTH
part of the protocol as follows:
- SPICE_COMMON_CAP_PROTOCOL_AUTH_SELECTION, if set, the authentication
mechanism can be chosen during link phase. If both client and server
have this cap, the client MUST reply to SpiceLinkReply with a
SpiceLinkAuthMechanism message, with the value of the CAP_AUTH
mechanism choosen (a uint32 auth_mechanism). The following
authentication steps are described by the selected authentication
mechanism.
The differents mechanisms selectable via
SPICE_COMMON_CAP_PROTOCOL_AUTH_SELECTION are also specified as part of
the common channel caps. They can be used only if both client and
server offer them.
Ex: no AUTH selection
C: SpiceLinkMess
S: SpiceLinkReply, CAP_PROTOCOL_AUTH_SELECTION not in common caps
- The client can't choose AUTH, and fallback on Spice RSA mechanism
Ex: AUTH selection
C: SpiceLinkMess, CAP_PROTOCOL_AUTH_SELECTION in common caps
S: SpiceLinkReply, CAP_PROTOCOL_AUTH_SELECTION in common caps
- The client MUST reply with SpiceLinkAuthMechanism
C: SpiceLinkAuthMechanism (with a matching CAP_AUTH)
- SPICE_COMMON_CAP_AUTH_SPICE, the following steps and authentication
mechanism are the same as with version 2.0: a RSA_public_encrypt()
of the password is sent.
This mechanism MUST be implemented in both client and server to
comply with the SPICE protocol.
- SPICE_COMMON_CAP_AUTH_SASL, the authentication exchange follows
SASL protocol has defined in RFC 2222.
This mechanism is OPTIONAL in both client and servers.
Ex: AUTH selection, followed by SASL authentication
AUTH Selection:
C: SpiceLinkMess, CAP_PROTOCOL_AUTH_SELECTION + CAP_AUTH_SASL in common caps
S: SpiceLinkReply, CAP_PROTOCOL_AUTH_SELECTION + CAP_AUTH_SASL in common caps
- The client MUST reply with SpiceLinkAuthMechanism
C: SpiceLinkAuthMechanism CAP_AUTH_SASL
Init:
S: u32 mechlist-length
u8-array mechlist-string
Start:
C: u32 mechname-length
u8-array mechname-string
u32 clientout-length
u8-array clientout-string
S: u32 serverin-length
u8-array serverin-string
u8 continue
Step: (while continue)
C: u32 clientout-length
u8-array clientout-string
S: u32 serverin-length
u8-array serverin-string
u8 continue
See also VNC SASL protocol description, which uses the same protocol:
http://sourceforge.net/mailarchive/forum.php?thread_name=20100719125155.GA14166%40evileye.atkac.brq.redhat.com&forum_name=tigervnc-rfbproto
Updated since v1 of this commit:
- renamed s/SPICE_CHANNEL_CAP/SPICE_COMMON_CAP
- added some note about mandatory vs optional mechanisms.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
115 lines
3.6 KiB
C
115 lines
3.6 KiB
C
/*
|
|
Copyright (C) 2009 Red Hat, Inc.
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
modification, are permitted provided that the following conditions are
|
|
met:
|
|
|
|
* Redistributions of source code must retain the above copyright
|
|
notice, this list of conditions and the following disclaimer.
|
|
* Redistributions in binary form must reproduce the above copyright
|
|
notice, this list of conditions and the following disclaimer in
|
|
the documentation and/or other materials provided with the
|
|
distribution.
|
|
* Neither the name of the copyright holder nor the names of its
|
|
contributors may be used to endorse or promote products derived
|
|
from this software without specific prior written permission.
|
|
|
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS "AS
|
|
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#ifndef _H_SPICE_PROTOCOL
|
|
#define _H_SPICE_PROTOCOL
|
|
|
|
#include <spice/types.h>
|
|
#include <spice/enums.h>
|
|
#include <spice/start-packed.h>
|
|
|
|
#define SPICE_MAGIC (*(uint32_t*)"REDQ")
|
|
#define SPICE_VERSION_MAJOR 2
|
|
#define SPICE_VERSION_MINOR 0
|
|
|
|
// Encryption & Ticketing Parameters
|
|
#define SPICE_MAX_PASSWORD_LENGTH 60
|
|
#define SPICE_TICKET_KEY_PAIR_LENGTH 1024
|
|
#define SPICE_TICKET_PUBKEY_BYTES (SPICE_TICKET_KEY_PAIR_LENGTH / 8 + 34)
|
|
|
|
typedef struct SPICE_ATTR_PACKED SpiceLinkHeader {
|
|
uint32_t magic;
|
|
uint32_t major_version;
|
|
uint32_t minor_version;
|
|
uint32_t size;
|
|
} SpiceLinkHeader;
|
|
|
|
enum {
|
|
SPICE_COMMON_CAP_PROTOCOL_AUTH_SELECTION,
|
|
SPICE_COMMON_CAP_AUTH_SPICE,
|
|
SPICE_COMMON_CAP_AUTH_SASL,
|
|
};
|
|
|
|
typedef struct SPICE_ATTR_PACKED SpiceLinkMess {
|
|
uint32_t connection_id;
|
|
uint8_t channel_type;
|
|
uint8_t channel_id;
|
|
uint32_t num_common_caps;
|
|
uint32_t num_channel_caps;
|
|
uint32_t caps_offset;
|
|
} SpiceLinkMess;
|
|
|
|
typedef struct SPICE_ATTR_PACKED SpiceLinkReply {
|
|
uint32_t error;
|
|
uint8_t pub_key[SPICE_TICKET_PUBKEY_BYTES];
|
|
uint32_t num_common_caps;
|
|
uint32_t num_channel_caps;
|
|
uint32_t caps_offset;
|
|
} SpiceLinkReply;
|
|
|
|
typedef struct SPICE_ATTR_PACKED SpiceLinkEncryptedTicket {
|
|
uint8_t encrypted_data[SPICE_TICKET_KEY_PAIR_LENGTH / 8];
|
|
} SpiceLinkEncryptedTicket;
|
|
|
|
typedef struct SPICE_ATTR_PACKED SpiceLinkAuthMechanism {
|
|
uint32_t auth_mechanism;
|
|
} SpiceLinkAuthMechanism;
|
|
|
|
typedef struct SPICE_ATTR_PACKED SpiceDataHeader {
|
|
uint64_t serial;
|
|
uint16_t type;
|
|
uint32_t size;
|
|
uint32_t sub_list; //offset to SpiceSubMessageList[]
|
|
} SpiceDataHeader;
|
|
|
|
typedef struct SPICE_ATTR_PACKED SpiceSubMessage {
|
|
uint16_t type;
|
|
uint32_t size;
|
|
} SpiceSubMessage;
|
|
|
|
typedef struct SPICE_ATTR_PACKED SpiceSubMessageList {
|
|
uint16_t size;
|
|
uint32_t sub_messages[0]; //offsets to SpicedSubMessage
|
|
} SpiceSubMessageList;
|
|
|
|
#define SPICE_INPUT_MOTION_ACK_BUNCH 4
|
|
|
|
enum {
|
|
SPICE_PLAYBACK_CAP_CELT_0_5_1,
|
|
};
|
|
|
|
enum {
|
|
SPICE_RECORD_CAP_CELT_0_5_1,
|
|
};
|
|
|
|
#include <spice/end-packed.h>
|
|
|
|
#endif /* _H_SPICE_PROTOCOL */
|