From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1K3TpG-0000Gb-Jr
	for qemu-devel@nongnu.org; Tue, 03 Jun 2008 06:33:10 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1K3Tp5-0008Pv-LF
	for qemu-devel@nongnu.org; Tue, 03 Jun 2008 06:33:03 -0400
Received: from [199.232.76.173] (port=47706 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1K3Tp3-0008ML-Rv
	for qemu-devel@nongnu.org; Tue, 03 Jun 2008 06:32:57 -0400
Received: from mail.lysator.liu.se ([130.236.254.3]:42558)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <peda@lysator.liu.se>) id 1K3Tp0-0001kj-Hh
	for qemu-devel@nongnu.org; Tue, 03 Jun 2008 06:32:55 -0400
Date: Tue, 3 Jun 2008 12:31:44 +0200
From: Peter Rosin <peda@lysator.liu.se>
Subject: Re: [Qemu-devel] Re: PATCH: Secure TLS encrypted authentication for
	VNC
Message-ID: <20080603103144.GA23880@sellafield.lysator.liu.se>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "S. I. Becker" <stewart@sibecker.co.uk>
Cc: qemu-devel@nongnu.org

Hi!

Sorry for the response to this old post, but since it seems to be the
best reference for the VeNCrypt protocol on the web, I don't feel too
bad. Hopefully I got the message-id correct so that this post is
properly linked.

S. I. Becker skrev:
> Daniel P. Berrange wrote:
> > If there's any formal doc describing the VeNCrypt auth system in the
> > same style as the primary RFB protocol doc[1] that'd be very helpful.

*snip*

> Dan,
> 
> The closest I have to a formal spec are some emails going back-and-forth
> between Martin Koegler and myself over what the protocol should be.
> I've tried to collate and format these together below.  Please let me
> know if anything is not clear, or if you can spot any edge-cases that
> permit security flaws.

*snip*

> RFB Protocol Section 6.2.19.257 - TLSNone VeNCrypt sub-type
> 
> If the TLSNone, TLSVnc or TLSPlain sub-types have been chosen, Anonymous
> TLS authentication is initiated as described in the TLS protocol.
> 
> If the TLS authentication was not successful, the connection is closed.
>    Otherwise, all further communication takes place over the encrypted
> TLS channel.
> 
> If the TLSNone sub-type was chosen, authentication continues as for the
> None type described in section 6.2.1.

*snip*

I would like to point out that vencserver seems to be sending an
extra U8 (== 0x01. Is that a boolean? 0x00 means failure?) before
the SSL/TLS handshake is started. The QEMU implementation does
this also, so the bug is clearly in this "spec". This also affects
sub-types 258, 259, 260, 261 and 262.


Cheers,
Peter (not subscribed)