Re: [Qemu-devel] PATCH 3/8: VNC password authentication
This patch introduces support for VNC protocols upto 3.8 and with
it, support for password based authentication. VNC's password based
authentication is not entirely secure, but it is a standard and the
RFB spec requires that all clients support it. The password can be
provided by using the monitor 'change vnc password' and it will prompt
for a password to be entered. Passwords have upto 8 letters of context.
Until the 'change vnc password' monitor command is run, all client
connection attempts will be rejected. This avoids a startup race where
no password would be present. NB, we need a custom copy of d3des here
because VNC uses a 'special' modification of the algorithm. This d3des
code is public domain in all other VNC servers clients. For client
compatability, protocol 3.5 is treated as identical to protocol 3.3.
Example usage:
qemu [...OPTIONS...] -vnc :1,password -monitor stdio
(qemu) change vnc password
Password:
(qemu)
Signed-off-by: Daniel P. Berrange [EMAIL PROTECTED]
diff -r 08374728639d Makefile.target
--- a/Makefile.target Wed Aug 08 15:04:44 2007 -0400
+++ b/Makefile.target Mon Aug 13 11:25:43 2007 -0400
@@ -482,7 +482,7 @@ ifdef CONFIG_SDL
ifdef CONFIG_SDL
VL_OBJS+=sdl.o x_keymap.o
endif
-VL_OBJS+=vnc.o
+VL_OBJS+=vnc.o d3des.o
ifdef CONFIG_COCOA
VL_OBJS+=cocoa.o
COCOA_LIBS=-F/System/Library/Frameworks -framework Cocoa -framework IOKit
@@ -543,7 +543,7 @@ sdl.o: sdl.c keymaps.c sdl_keysym.h
sdl.o: sdl.c keymaps.c sdl_keysym.h
$(CC) $(CFLAGS) $(CPPFLAGS) $(SDL_CFLAGS) $(BASE_CFLAGS) -c -o $@ $
-vnc.o: vnc.c keymaps.c sdl_keysym.h vnchextile.h
+vnc.o: vnc.c keymaps.c sdl_keysym.h vnchextile.h d3des.c d3des.h
$(CC) $(CFLAGS) $(CPPFLAGS) $(BASE_CFLAGS) -c -o $@ $
sdlaudio.o: sdlaudio.c
diff -r 08374728639d d3des.c
--- /dev/null Thu Jan 01 00:00:00 1970 +
+++ b/d3des.c Wed Aug 08 15:04:47 2007 -0400
@@ -0,0 +1,434 @@
+/*
+ * This is D3DES (V5.09) by Richard Outerbridge with the double and
+ * triple-length support removed for use in VNC. Also the bytebit[] array
+ * has been reversed so that the most significant bit in each byte of the
+ * key is ignored, not the least significant.
+ *
+ * These changes are:
+ * Copyright (C) 1999 ATT Laboratories Cambridge. All Rights Reserved.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/* D3DES (V5.09) -
+ *
+ * A portable, public domain, version of the Data Encryption Standard.
+ *
+ * Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge.
+ * Thanks to: Dan Hoey for his excellent Initial and Inverse permutation
+ * code; Jim Gillogly Phil Karn for the DES key schedule code; Dennis
+ * Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau,
+ * for humouring me on.
+ *
+ * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge.
+ * (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992.
+ */
+
+#include d3des.h
+
+static void scrunch(unsigned char *, unsigned long *);
+static void unscrun(unsigned long *, unsigned char *);
+static void desfunc(unsigned long *, unsigned long *);
+static void cookey(unsigned long *);
+
+static unsigned long KnL[32] = { 0L };
+
+static unsigned short bytebit[8] = {
+ 01, 02, 04, 010, 020, 040, 0100, 0200 };
+
+static unsigned long bigbyte[24] = {
+ 0x80L, 0x40L, 0x20L, 0x10L,
+ 0x8L, 0x4L, 0x2L, 0x1L,
+ 0x8000L,0x4000L,0x2000L,0x1000L,
+ 0x800L, 0x400L, 0x200L, 0x100L,
+ 0x80L, 0x40L, 0x20L, 0x10L,
+ 0x8L, 0x4L, 0x2L, 0x1L};
+
+/* Use the key schedule specified in the Standard (ANSI X3.92-1981). */
+
+static unsigned char pc1[56] = {
+ 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17,
+9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35,
+ 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21,
+ 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 };
+
+static unsigned char totrot[16] = {
+ 1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28 };
+
+static unsigned char pc2[48] = {
+ 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9,
+ 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1,
+ 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47,
+ 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 };
+
+void deskey(key, edf) /* Thanks to James Gillogly Phil Karn! */
+unsigned char *key;
+int edf;
+{
+ register int i, j, l, m, n;
+ unsigned char pc1m[56], pcr[56];
+ unsigned long kn[32];
+
+ for ( j = 0; j 56; j++ ) {
+ l = pc1[j];
+ m = l 07;
+ pc1m[j] = (key[l 3] bytebit[m]) ? 1 : 0;
+ }
+ for( i = 0; i
Re: [Qemu-devel] PATCH 3/8: VNC password authentication
On Tue, Jul 31, 2007 at 08:46:49PM -0500, Anthony Liguori wrote:
Daniel P. Berrange wrote:
This patch introduces support for VNC protocols upto 3.8 and with
it, support for password based authentication. VNC's password based
authentication is not entirely secure, but it is a standard and the
RFB spec requires that all clients support it. The password can be
provided by using the monitor 'change vnc :1' and it will prompt for
a password to be entered. Passwords have upto 8 letters of context.
Pressing 'enter' without entering any characters disables password
auth in the server. NB, we need a custom copy of d3des here because
VNC uses a 'special' modification of the algorithm. This d3des code
is public domain in all other VNC servers clients.
I think it may be better to have a command to explicitly set the vnc
password. Issuing change vnc :1 just to change the password is a
little awkward IMHO.
Ok I'll add a separate command for that - any preference for naming.
I thought about 'change vncpassword', but the 'change' command requires
2 args and we'd only have 1 here. Or if we think there may be other
devices/drivers which will have passwords in the future we could have
'change password vnc' as the command.
-
-vnc_write_u32(vs, 1); /* None */
-vnc_flush(vs);
-
-vnc_read_when(vs, protocol_client_init, 1);
+VNC_DEBUG(Client request protocol version %d.%d\n, vs-major,
vs-minor);
+if (vs-major != 3 ||
+(vs-minor != 3
+ vs-minor != 7
+ vs-minor != 8)) {
+VNC_DEBUG(Unsupported client version\n);
+vnc_write_u32(vs, VNC_AUTH_INVALID);
+vnc_flush(vs);
+vnc_client_error(vs);
+return 0;
+}
A very popular VNC client uses 3.5 as the protocol version. I believe
the specification requires that 3.5 be treated at 3.3 because of that.
Good point. I'll add support for that.
Regards,
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
Re: [Qemu-devel] PATCH 3/8: VNC password authentication
This patch introduces support for VNC protocols upto 3.8 and with
it, support for password based authentication. VNC's password based
authentication is not entirely secure, but it is a standard and the
RFB spec requires that all clients support it. The password can be
provided by using the monitor 'change vnc :1' and it will prompt for
a password to be entered. Passwords have upto 8 letters of context.
Pressing 'enter' without entering any characters disables password
auth in the server. NB, we need a custom copy of d3des here because
VNC uses a 'special' modification of the algorithm. This d3des code
is public domain in all other VNC servers clients.
diff -r fccd2d79f407 Makefile.target
--- a/Makefile.target Tue Jul 31 14:48:18 2007 -0400
+++ b/Makefile.target Tue Jul 31 14:48:19 2007 -0400
@@ -479,7 +479,7 @@ ifdef CONFIG_SDL
ifdef CONFIG_SDL
VL_OBJS+=sdl.o x_keymap.o
endif
-VL_OBJS+=vnc.o
+VL_OBJS+=vnc.o d3des.o
ifdef CONFIG_COCOA
VL_OBJS+=cocoa.o
COCOA_LIBS=-F/System/Library/Frameworks -framework Cocoa -framework IOKit
@@ -540,7 +540,7 @@ sdl.o: sdl.c keymaps.c sdl_keysym.h
sdl.o: sdl.c keymaps.c sdl_keysym.h
$(CC) $(CFLAGS) $(CPPFLAGS) $(SDL_CFLAGS) $(BASE_CFLAGS) -c -o $@ $
-vnc.o: vnc.c keymaps.c sdl_keysym.h vnchextile.h
+vnc.o: vnc.c keymaps.c sdl_keysym.h vnchextile.h d3des.c d3des.h
$(CC) $(CFLAGS) $(CPPFLAGS) $(BASE_CFLAGS) -c -o $@ $
sdlaudio.o: sdlaudio.c
diff -r fccd2d79f407 d3des.c
--- /dev/null Thu Jan 01 00:00:00 1970 +
+++ b/d3des.c Tue Jul 31 14:48:19 2007 -0400
@@ -0,0 +1,434 @@
+/*
+ * This is D3DES (V5.09) by Richard Outerbridge with the double and
+ * triple-length support removed for use in VNC. Also the bytebit[] array
+ * has been reversed so that the most significant bit in each byte of the
+ * key is ignored, not the least significant.
+ *
+ * These changes are:
+ * Copyright (C) 1999 ATT Laboratories Cambridge. All Rights Reserved.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/* D3DES (V5.09) -
+ *
+ * A portable, public domain, version of the Data Encryption Standard.
+ *
+ * Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge.
+ * Thanks to: Dan Hoey for his excellent Initial and Inverse permutation
+ * code; Jim Gillogly Phil Karn for the DES key schedule code; Dennis
+ * Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau,
+ * for humouring me on.
+ *
+ * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge.
+ * (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992.
+ */
+
+#include d3des.h
+
+static void scrunch(unsigned char *, unsigned long *);
+static void unscrun(unsigned long *, unsigned char *);
+static void desfunc(unsigned long *, unsigned long *);
+static void cookey(unsigned long *);
+
+static unsigned long KnL[32] = { 0L };
+
+static unsigned short bytebit[8] = {
+ 01, 02, 04, 010, 020, 040, 0100, 0200 };
+
+static unsigned long bigbyte[24] = {
+ 0x80L, 0x40L, 0x20L, 0x10L,
+ 0x8L, 0x4L, 0x2L, 0x1L,
+ 0x8000L,0x4000L,0x2000L,0x1000L,
+ 0x800L, 0x400L, 0x200L, 0x100L,
+ 0x80L, 0x40L, 0x20L, 0x10L,
+ 0x8L, 0x4L, 0x2L, 0x1L};
+
+/* Use the key schedule specified in the Standard (ANSI X3.92-1981). */
+
+static unsigned char pc1[56] = {
+ 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17,
+9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35,
+ 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21,
+ 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 };
+
+static unsigned char totrot[16] = {
+ 1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28 };
+
+static unsigned char pc2[48] = {
+ 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9,
+ 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1,
+ 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47,
+ 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 };
+
+void deskey(key, edf) /* Thanks to James Gillogly Phil Karn! */
+unsigned char *key;
+int edf;
+{
+ register int i, j, l, m, n;
+ unsigned char pc1m[56], pcr[56];
+ unsigned long kn[32];
+
+ for ( j = 0; j 56; j++ ) {
+ l = pc1[j];
+ m = l 07;
+ pc1m[j] = (key[l 3] bytebit[m]) ? 1 : 0;
+ }
+ for( i = 0; i 16; i++ ) {
+ if( edf == DE1 ) m = (15 - i) 1;
+ else m = i 1;
+ n = m + 1;
+ kn[m] = kn[n] = 0L;
+ for( j = 0; j 28; j++ ) {
+ l = j + totrot[i];
+ if( l 28 ) pcr[j] = pc1m[l];
+ else pcr[j] = pc1m[l - 28];
+
Re: [Qemu-devel] PATCH 3/8: VNC password authentication
Daniel P. Berrange wrote:
This patch introduces support for VNC protocols upto 3.8 and with
it, support for password based authentication. VNC's password based
authentication is not entirely secure, but it is a standard and the
RFB spec requires that all clients support it. The password can be
provided by using the monitor 'change vnc :1' and it will prompt for
a password to be entered. Passwords have upto 8 letters of context.
Pressing 'enter' without entering any characters disables password
auth in the server. NB, we need a custom copy of d3des here because
VNC uses a 'special' modification of the algorithm. This d3des code
is public domain in all other VNC servers clients.
I think it may be better to have a command to explicitly set the vnc
password. Issuing change vnc :1 just to change the password is a
little awkward IMHO.
-
-vnc_write_u32(vs, 1); /* None */
-vnc_flush(vs);
-
-vnc_read_when(vs, protocol_client_init, 1);
+VNC_DEBUG(Client request protocol version %d.%d\n, vs-major, vs-minor);
+if (vs-major != 3 ||
+ (vs-minor != 3
+vs-minor != 7
+vs-minor != 8)) {
+ VNC_DEBUG(Unsupported client version\n);
+ vnc_write_u32(vs, VNC_AUTH_INVALID);
+ vnc_flush(vs);
+ vnc_client_error(vs);
+ return 0;
+}
A very popular VNC client uses 3.5 as the protocol version. I believe
the specification requires that 3.5 be treated at 3.3 because of that.
Regards,
Anthony Liguori
