PCoIP: Difference between revisions
Suxen drol (talk | contribs) (more MGMT FourCCs) |
Suxen drol (talk | contribs) (cipa/cprt chunks) |
||
Line 139: | Line 139: | ||
= Data Channel (DATA) = | = Data Channel (DATA) = | ||
The data channel exists to exchange encrypted data packets between the client and server. The channel is configured by the 'pcap' and 'penc' parameters negotiated in the MGMT channel. The following subsections relate to the (UDP, pcoip_data_2) configuration. In | The data channel exists to exchange encrypted data packets between the client and server. The channel is configured by the 'pcap' and 'penc' parameters negotiated in the MGMT channel. The following subsections relate to the (UDP, pcoip_data_2) configuration. In the default configuration, UDP messages are sent from client-to-server on UDP port 4172, and sent from the server-to-client on UDP port 50002. The network address and port are specified via the '''cipa''' and '''cprt''' chunks in the management channel. | ||
== Encrypted Data Packet == | == Encrypted Data Packet == |
Revision as of 07:30, 26 June 2012
- Company: Teradici
- Description: http://teradici.com/pcoip/pcoip-technology.php
PCoIP is a real-time Audio/Video/Keyboard/Mouse/USB streaming protocol intended for remote desktop access to physical and virtual machines. It exists primarily in the form of a Terradici hardware encoder/decoder ASIC that may be integrated into graphics cards and thin-clients. A software implementation exists within recent versions of the VMware View Agent and VMware View Client products. According to the website, PCoIP protocol continuously analyzes and decomposes image elements – graphics, text, icons, photographs, video, etc – and compresses them with the right codec for each and every pixel.
Management Channel (MGMT)
The management channel establishes a PCoIP session between the client and server. The channel is created when the client connects to the server via SSL on port 4172. Existing PCoIP clients and servers perform validation of the SSL keys against the PCoIP Root Certificate Authority (see below). The channel is closed following negotiation of the data channel parameters. Parameters are listed below.
PCoIP Root Certificate Authority
//FIXME: Public key //FIXME: Private key
Management Packet
//FIXME: Document
Primary FourCC Codes
FourCC | Length (Bytes) | Name | Data type |
---|---|---|---|
psec | 4 | security type | Integer; 0=NULL, 1=AES-128-GCM, 2=AES-256-GCM, 3=Salsa20-256-round12 |
1key | 16 | AES 128 key | |
1slt | 4 | AES 128 salt | |
1spi | 4 | AES 128 spi | |
2key | 32 | AES 256 key | |
2slt | 4 | AES 256 salt | |
2spi | 4 | AES 256 spi | |
s12k | 32 | Salsa20-256-round12 key | |
s12s | 4 | Salsa20-256-round12 salt | |
s12t | 4 | Salsa20-256-round12 spi | |
cipa | <= 255 | Connection IP address | |
cmac | 6 | Connection MAC address | |
cpri | 4 | Connection PRI address | |
ctag | <= 127 | Connection tag | VMware View Client 'token' |
cprt | 2 | Connection port | Integer |
pca1 | 32 | AES-128-GCM key | |
pca2 | 48 | AES-256-GCM key | |
pcs2 | 48 | Salsa20-256-round12 key | |
penc | <= 64 | PCoIP encoding | Array of bytes, where 0=pcoip_data_1, 1=pcoip_data_2 |
pcap | <= 64 | PCoIP encapsulation | Array of bytes, where 0=IP, 1=UDP, 2=TCP |
pclr | 1 | Cleartext transport header supported | Boolean |
psak | 1 | Selective ACK supported | Boolean |
plnk | 4 | PCoIP link rate | Integer; BPS |
pmtu | 4 | MTU size | Integer |
pprf | <= 96 | PCoIP packet preference | Array of 3-byte records |
Media-specific FourCC Codes
When describing a specific media type (e.g. Audio), the following chunks are present, followed by chunks specific to the media.
FourCC | Length (Bytes) | Name | Data type |
---|---|---|---|
mtyp | 4 | Media type | 0=USB, 1=Audio, 2=Video, 3=DDC, 4=KMP, 5=VChan |
menc | var | Media encoding | |
menb | 4 | Media enable |
USB
(None)
Audio
FourCC | Length (Bytes) | Name | Data type |
---|---|---|---|
audf | 1 | FEC mode | |
audi | 4 | Audio input enable |
Video
FourCC | Length (Bytes) | Name | Data type |
---|---|---|---|
vidv | ? | Vertical extended motion enable | |
vidh | ? | Horizontal extended motion enable | |
vidp | ? | SACK enable | |
vidm | ? | Monitor power saving enable |
DDC
(None)
KMP
FourCC | Length (Bytes) | Name | Data type |
---|---|---|---|
kmpa | 4 | Auto repeat mode | |
kmpb | 4 | Pointer shape bitmap type | (alpha,color) |
kmpc | 4 | Pointer shape caches | |
kmpx | 4 | Pointer shape cache size | |
kmps | 4 | Pointer shape max size | (x,y) |
VChan
FourCC | Length (Bytes) | Name | Data type |
---|---|---|---|
vchc | 4 | Number of channels |
Data Channel (DATA)
The data channel exists to exchange encrypted data packets between the client and server. The channel is configured by the 'pcap' and 'penc' parameters negotiated in the MGMT channel. The following subsections relate to the (UDP, pcoip_data_2) configuration. In the default configuration, UDP messages are sent from client-to-server on UDP port 4172, and sent from the server-to-client on UDP port 50002. The network address and port are specified via the cipa and cprt chunks in the management channel.
Encrypted Data Packet
PCoIP supports Salsa20/12, AES-128 and AES-256 encryption algorithms. Different algorithm and key may be used in each directions of the channel. Each encrypted data packet is sent as a UDP datagram and (when decrypted) contains a single data message. Note that each encryption algorithm uses a different packet format, but the resulting plaintext message is the same format.
Salsa20/12 Encapsulated Packet
A reference Salsa20/12 algorithm can be found here: http://cr.yp.to/snuffle/salsa20/ref/salsa20.c. Note the final four bytes of the plaintext data message is always equal to 0xDEADBEEF. These bytes are not considered part of the data message.
uint32_t spi; Unique indicator uint32_t serial; Packet serial number, starts at zero uint8_t iv[8]; Crypto IV variable payload[] Ciphertext message
AES-128 Encapsulation Packet
//FIXME: Document
AES-256 Encapsulation Packet
//FIXME: Document
Data Message Format
//FIXME: Document
Packet Type | Name | Description | Source(s) |
---|---|---|---|
2 | IMG | Video Channel | Server |
6 | ? | Client,Server | |
8 | DDC | Display Data Channel | Client,Server |
9 | ? | Client,Server | |
10 | ? | Client,Server | |
12 | HDA | Audio Channel | Client,Server |