PCoIP: Difference between revisions
Suxen drol (talk | contribs) m (tidyup) |
Suxen drol (talk | contribs) (more) |
||
Line 8: | Line 8: | ||
The management channel establishes a PCoIP session between the client and server. The channel is created when the client connects to the server via SSL on port 4172. Existing PCoIP clients and servers perform validation of the SSL keys against the PCoIP Root Certificate Authority (see below). The channel is closed following negotiation of the data channel parameters. Parameters are listed below. | The management channel establishes a PCoIP session between the client and server. The channel is created when the client connects to the server via SSL on port 4172. Existing PCoIP clients and servers perform validation of the SSL keys against the PCoIP Root Certificate Authority (see below). The channel is closed following negotiation of the data channel parameters. Parameters are listed below. | ||
== PCoIP Root Certificate Authority | == Security == | ||
Existing server implementations check that the remote client's certificate is signed by the PCoIP Root Certificate Authority. | |||
=== PCoIP Certificate Authority Key === | |||
//FIXME: Public key | //FIXME: Public key | ||
//FIXME: Private key | //FIXME: Private key | ||
== | === PCoIP Client Key (libpcoip_client) === | ||
//FIXME: Public key | |||
//FIXME: Private key | |||
== Message Format == | |||
Each MGMT message consists of a 64-bit header followed by list of chunks. The first chunk is always the 'ssig' chunk, which identifies the purpose of the message. | |||
=== Header Record === | |||
uint64_t size; Packet size excluding this header (bytes) | |||
=== Chunk Record === | |||
uint32_t tag; FourCC code | |||
uint32_t size; Chunk data size (bytes) | |||
var data; Chunk data | |||
== | == General FourCC Codes == | ||
{| border="1" cellpadding="2" | {| border="1" cellpadding="2" | ||
! FourCC !! Length (Bytes) !! Name || Data type | ! FourCC !! Length (Bytes) !! Name || Data type | ||
|- | |||
| ssig || 4 || Purpose || 0=Invite, 1=Invite Ok, 2=Not Acceptable, 3=Ack, 4=Bye, 5=Bye Ok, 6=Ping, 7=Pong | |||
|- | |||
| byec || 4 || Bye reason || | |||
|- | |- | ||
| psec || 4 || security type || Integer; 0=NULL, 1=AES-128-GCM, 2=AES-256-GCM, 3=Salsa20-256-round12 | | psec || 4 || security type || Integer; 0=NULL, 1=AES-128-GCM, 2=AES-256-GCM, 3=Salsa20-256-round12 | ||
Line 73: | Line 89: | ||
|} | |} | ||
== Media FourCC Codes == | |||
When describing a specific media type (e.g. Audio), the following chunks are present, followed by chunks specific to the media. | When describing a specific media type (e.g. Audio), the following common chunks are present, followed by chunks specific to the media. | ||
{| border="1" cellpadding="2" | {| border="1" cellpadding="2" | ||
Line 82: | Line 98: | ||
| mtyp || 4 || Media type || 0=USB, 1=Audio, 2=Video, 3=DDC, 4=KMP, 5=VChan | | mtyp || 4 || Media type || 0=USB, 1=Audio, 2=Video, 3=DDC, 4=KMP, 5=VChan | ||
|- | |- | ||
| menc || var || Media encoding || | | menc || var || Media encoding || (Media specific) | ||
|- | |- | ||
| menb || 4 || Media | | menb || 4 || Media || Boolean | ||
|} | |} | ||
==== | === USB === | ||
Media Encoding: | |||
{| border="1" cellpadding="2" | |||
! Value !! Encoding | |||
|- | |||
| 0 || OHCI | |||
|- | |||
| 1 || EHCI | |||
|- | |||
| 3 || URB | |||
|} | |||
FourCCs: | |||
{| border="1" cellpadding="2" | {| border="1" cellpadding="2" | ||
! FourCC !! Length (Bytes) !! Name || Data type | ! FourCC !! Length (Bytes) !! Name || Data type | ||
|- | |- | ||
| audf || 1 || | | usbb || 4 || Client paramter version || | ||
|- | |||
| usbp || 4 || Plugin version || | |||
|- | |||
| usbc || 4 || Number of channels || | |||
|} | |||
=== Audio === | |||
Media Encoding: | |||
{| border="1" cellpadding="2" | |||
! Value !! Codec || Frequency || Channels | |||
|- | |||
| 1 || ADPCM || 48000 || Stereo | |||
|- | |||
| 2 || ADPCM || 8000 || Mono | |||
|- | |||
| 3 || ADPCM || 16000 || Mono | |||
|- | |||
| 4 || PCM 16-bit LE || 48000 || Stereo | |||
|- | |||
| 5 || PCM 16-bit LE || 48000 || Mono | |||
|} | |||
FourCCs: | |||
{| border="1" cellpadding="2" | |||
! FourCC !! Length (Bytes) !! Name || Data type | |||
|- | |||
| audf || <= 100 || FEC mode || array of byes, where 0=FEC Mode 1 | |||
|- | |||
| audi || 4 || Audio input || Boolean | |||
|- | |- | ||
| | | audy || 4 || Standy mode || | ||
|} | |} | ||
==== | === Video === | ||
Media Encoding: | |||
{| border="1" cellpadding="2" | |||
! Value !! Encoding | |||
|- | |||
| 0 || Video 1 | |||
|- | |||
| 1 || Video 2 | |||
|- | |||
| 2 || Video 3 | |||
|} | |||
FourCCs: | |||
{| border="1" cellpadding="2" | {| border="1" cellpadding="2" | ||
! FourCC !! Length (Bytes) !! Name || Data type | ! FourCC !! Length (Bytes) !! Name || Data type | ||
|- | |- | ||
| vidv || | | vidt || 4 || Topology caching || Boolean | ||
|- | |||
| vidn || 4 || Max number of displays || | |||
|- | |||
| vidv || 4 || Vertical extended motion || Boolean | |||
|- | |||
| vidh || 4 || Horizontal extended motion || Boolean | |||
|- | |||
| vidp || 4 || SACK || Boolean | |||
|- | |- | ||
| | | vidl || || ? (deprecated) || | ||
|- | |- | ||
| | | vidb || 4 || Image cache size || | ||
|- | |- | ||
| vidm || | | vidu || 4 || User config || Boolean | ||
|- | |||
| vidy || 4 || Standby mode || Boolean | |||
|- | |||
| vidm || 4 || Monitor power saving || Boolean | |||
|- | |||
| vidC || 4 || ? || | |||
|- | |||
| viCA || 4 || ? || | |||
|} | |} | ||
=== DDC === | |||
Always media encoding value 0 | |||
{| border="1" cellpadding="2" | {| border="1" cellpadding="2" | ||
! FourCC !! Length (Bytes) !! Name || Data type | ! FourCC !! Length (Bytes) !! Name || Data type | ||
|- | |- | ||
| | | ddce || 4 || Asynchronous EDID Update || Boolean | ||
|} | |||
=== KMP === | |||
Always media encoding value 0 | |||
{| border="1" cellpadding="2" | |||
! FourCC !! Length (Bytes) !! Name || Data type | |||
|- | |- | ||
| kmpb || | | kmpa || <= 100 || Auto repeat modes || array of bytes, where 0=client auto repeat | ||
|- | |||
| kmpb || <= 100 || Pointer shape bitmap types || array of bytes, where 0=alpha, 1=color, 2=xor, 3=compressed alpha, 4=compressed color, 5=compressed xor | |||
|- | |- | ||
| kmpc || 4 || Pointer shape caches || | | kmpc || 4 || Pointer shape caches || | ||
Line 128: | Line 218: | ||
|- | |- | ||
| kmps || 4 || Pointer shape max size || (x,y) | | kmps || 4 || Pointer shape max size || (x,y) | ||
|- | |||
| kmpf || 4 || Pointer fadeout || Boolean | |||
|- | |||
| kmpl || 4 || Multiple locale || Boolean | |||
|- | |||
| kmpu || 4 || Unicode key || Boolean | |||
|- | |||
| kmpk || 4 || Key block || Boolean | |||
|} | |} | ||
=== VChan === | |||
Always media encoding value 0 | |||
{| border="1" cellpadding="2" | {| border="1" cellpadding="2" | ||
! FourCC !! Length (Bytes) !! Name || Data type | ! FourCC !! Length (Bytes) !! Name || Data type | ||
|- | |- | ||
| vchc || 4 || Number of channels || | | vchc || 4 || Number of channels || | ||
|- | |||
| vchs || 4 || Buffer size || | |||
|} | |} | ||
Line 176: | Line 278: | ||
= Data Message Format = | = Data Message Format = | ||
Data message consist of a header followed by message-specific body. | |||
== Header == | |||
uint8_t type; Message type (see table below) | |||
uint8_t unknown[3]; | |||
uint16_t serial_no; Serial number; separate serial numbers maintained for each message type | |||
== Packet Type == | |||
{| border="1" cellpadding="2" | {| border="1" cellpadding="2" | ||
! Packet Type !! Name || Description || Source(s) | ! Packet Type !! Name || Description || Source(s) | ||
Line 184: | Line 291: | ||
| 2 || IMG || Video Channel || Server | | 2 || IMG || Video Channel || Server | ||
|- | |- | ||
| 6 || ? || || Client,Server | | 6 || ? || Redirection services || Client,Server | ||
|- | |- | ||
| 8 || DDC || Display Data Channel || Client,Server | | 8 || DDC || Display Data Channel || Client,Server |
Latest revision as of 06:48, 27 June 2012
- Company: Teradici
- Description: http://teradici.com/pcoip/pcoip-technology.php
PCoIP is a real-time Audio/Video/Keyboard/Mouse/USB streaming protocol intended for remote desktop access to physical and virtual machines. It exists primarily in the form of a Terradici hardware encoder/decoder ASIC that may be integrated into graphics cards and thin-clients. A software implementation exists within recent versions of the VMware View Agent and VMware View Client products. According to the website, PCoIP protocol continuously analyzes and decomposes image elements – graphics, text, icons, photographs, video, etc – and compresses them with the right codec for each and every pixel.
Management Channel (MGMT)
The management channel establishes a PCoIP session between the client and server. The channel is created when the client connects to the server via SSL on port 4172. Existing PCoIP clients and servers perform validation of the SSL keys against the PCoIP Root Certificate Authority (see below). The channel is closed following negotiation of the data channel parameters. Parameters are listed below.
Security
Existing server implementations check that the remote client's certificate is signed by the PCoIP Root Certificate Authority.
PCoIP Certificate Authority Key
//FIXME: Public key //FIXME: Private key
PCoIP Client Key (libpcoip_client)
//FIXME: Public key //FIXME: Private key
Message Format
Each MGMT message consists of a 64-bit header followed by list of chunks. The first chunk is always the 'ssig' chunk, which identifies the purpose of the message.
Header Record
uint64_t size; Packet size excluding this header (bytes)
Chunk Record
uint32_t tag; FourCC code uint32_t size; Chunk data size (bytes) var data; Chunk data
General FourCC Codes
FourCC | Length (Bytes) | Name | Data type |
---|---|---|---|
ssig | 4 | Purpose | 0=Invite, 1=Invite Ok, 2=Not Acceptable, 3=Ack, 4=Bye, 5=Bye Ok, 6=Ping, 7=Pong |
byec | 4 | Bye reason | |
psec | 4 | security type | Integer; 0=NULL, 1=AES-128-GCM, 2=AES-256-GCM, 3=Salsa20-256-round12 |
1key | 16 | AES 128 key | |
1slt | 4 | AES 128 salt | |
1spi | 4 | AES 128 spi | |
2key | 32 | AES 256 key | |
2slt | 4 | AES 256 salt | |
2spi | 4 | AES 256 spi | |
s12k | 32 | Salsa20-256-round12 key | |
s12s | 4 | Salsa20-256-round12 salt | |
s12t | 4 | Salsa20-256-round12 spi | |
cipa | <= 255 | Connection IP address | |
cmac | 6 | Connection MAC address | |
cpri | 4 | Connection PRI address | |
ctag | <= 127 | Connection tag | VMware View Client 'token' |
cprt | 2 | Connection port | Integer |
pca1 | 32 | AES-128-GCM key | |
pca2 | 48 | AES-256-GCM key | |
pcs2 | 48 | Salsa20-256-round12 key | |
penc | <= 64 | PCoIP encoding | Array of bytes, where 0=pcoip_data_1, 1=pcoip_data_2 |
pcap | <= 64 | PCoIP encapsulation | Array of bytes, where 0=IP, 1=UDP, 2=TCP |
pclr | 1 | Cleartext transport header supported | Boolean |
psak | 1 | Selective ACK supported | Boolean |
plnk | 4 | PCoIP link rate | Integer; BPS |
pmtu | 4 | MTU size | Integer |
pprf | <= 96 | PCoIP packet preference | Array of 3-byte records |
Media FourCC Codes
When describing a specific media type (e.g. Audio), the following common chunks are present, followed by chunks specific to the media.
FourCC | Length (Bytes) | Name | Data type |
---|---|---|---|
mtyp | 4 | Media type | 0=USB, 1=Audio, 2=Video, 3=DDC, 4=KMP, 5=VChan |
menc | var | Media encoding | (Media specific) |
menb | 4 | Media | Boolean |
USB
Media Encoding:
Value | Encoding |
---|---|
0 | OHCI |
1 | EHCI |
3 | URB |
FourCCs:
FourCC | Length (Bytes) | Name | Data type |
---|---|---|---|
usbb | 4 | Client paramter version | |
usbp | 4 | Plugin version | |
usbc | 4 | Number of channels |
Audio
Media Encoding:
Value | Codec | Frequency | Channels |
---|---|---|---|
1 | ADPCM | 48000 | Stereo |
2 | ADPCM | 8000 | Mono |
3 | ADPCM | 16000 | Mono |
4 | PCM 16-bit LE | 48000 | Stereo |
5 | PCM 16-bit LE | 48000 | Mono |
FourCCs:
FourCC | Length (Bytes) | Name | Data type |
---|---|---|---|
audf | <= 100 | FEC mode | array of byes, where 0=FEC Mode 1 |
audi | 4 | Audio input | Boolean |
audy | 4 | Standy mode |
Video
Media Encoding:
Value | Encoding |
---|---|
0 | Video 1 |
1 | Video 2 |
2 | Video 3 |
FourCCs:
FourCC | Length (Bytes) | Name | Data type |
---|---|---|---|
vidt | 4 | Topology caching | Boolean |
vidn | 4 | Max number of displays | |
vidv | 4 | Vertical extended motion | Boolean |
vidh | 4 | Horizontal extended motion | Boolean |
vidp | 4 | SACK | Boolean |
vidl | ? (deprecated) | ||
vidb | 4 | Image cache size | |
vidu | 4 | User config | Boolean |
vidy | 4 | Standby mode | Boolean |
vidm | 4 | Monitor power saving | Boolean |
vidC | 4 | ? | |
viCA | 4 | ? |
DDC
Always media encoding value 0
FourCC | Length (Bytes) | Name | Data type |
---|---|---|---|
ddce | 4 | Asynchronous EDID Update | Boolean |
KMP
Always media encoding value 0
FourCC | Length (Bytes) | Name | Data type |
---|---|---|---|
kmpa | <= 100 | Auto repeat modes | array of bytes, where 0=client auto repeat |
kmpb | <= 100 | Pointer shape bitmap types | array of bytes, where 0=alpha, 1=color, 2=xor, 3=compressed alpha, 4=compressed color, 5=compressed xor |
kmpc | 4 | Pointer shape caches | |
kmpx | 4 | Pointer shape cache size | |
kmps | 4 | Pointer shape max size | (x,y) |
kmpf | 4 | Pointer fadeout | Boolean |
kmpl | 4 | Multiple locale | Boolean |
kmpu | 4 | Unicode key | Boolean |
kmpk | 4 | Key block | Boolean |
VChan
Always media encoding value 0
FourCC | Length (Bytes) | Name | Data type |
---|---|---|---|
vchc | 4 | Number of channels | |
vchs | 4 | Buffer size |
Key Exchange Obfuscation
PCoIP supports an optional method to obfuscate the the key exchange with the management channel. Obfuscation is achieved by xoring the client and server keys with values derived from a shared secret. The shared secret is communicated to the client and server via the VMware View Client Protocol. The shared secret is called the reservation_vcs_tag or PCoIP token. The shared secret also contains a unique connection identifier called the reservation_ssig_tag or connection tag. This is exchanged over the management channel via the 'ctag' chunk.
if (reservation_vcs_tag starts with "SCS1" && strlen(reservation_vcs_tag) >= 104) { server key xor value = decodebase64(reservation_vcs_tag[4..47]) client key xor value = decodebase64(reservation_vcs_tag[48..91]) reservation_ssig_tag = reservation_vcs_tag[92..] } else { //server and client keys are exchanged verbatim reservation_ssig_tag = reservation_vcs_tag }
Data Channel (DATA)
The data channel exists to exchange encrypted data packets between the client and server. The channel is configured by the 'pcap' and 'penc' parameters negotiated in the MGMT channel. The following subsections relate to the (UDP, pcoip_data_2) configuration. In the default configuration, UDP messages are sent from client-to-server on UDP port 4172, and sent from the server-to-client on UDP port 50002. The network address and port are specified via the cipa and cprt chunks in the management channel.
Encrypted Data Packet
PCoIP supports Salsa20/12, AES-128 and AES-256 encryption algorithms. Different algorithm and key may be used in each directions of the channel. Each encrypted data packet is sent as a UDP datagram and (when decrypted) contains a single data message. Note that each encryption algorithm uses a different packet format, but the resulting plaintext message is the same format.
Salsa20/12 Encapsulated Packet
A reference Salsa20/12 algorithm can be found here: http://cr.yp.to/snuffle/salsa20/ref/salsa20.c. Note the final four bytes of the plaintext data message is always equal to 0xDEADBEEF. These bytes are not considered part of the data message.
uint32_t spi; Unique indicator uint32_t serial; Packet serial number, starts at zero uint8_t iv[8]; Crypto IV variable payload[] Ciphertext message
AES-128 Encapsulation Packet
//FIXME: Document
AES-256 Encapsulation Packet
//FIXME: Document
Data Message Format
Data message consist of a header followed by message-specific body.
Header
uint8_t type; Message type (see table below) uint8_t unknown[3]; uint16_t serial_no; Serial number; separate serial numbers maintained for each message type
Packet Type
Packet Type | Name | Description | Source(s) |
---|---|---|---|
2 | IMG | Video Channel | Server |
6 | ? | Redirection services | Client,Server |
8 | DDC | Display Data Channel | Client,Server |
9 | ? | Client,Server | |
10 | ? | Client,Server | |
12 | HDA | Audio Channel | Client,Server |