RemoteInputProtocol

Differences between revisions 1 and 2
Revision 1 as of 2009-09-03 00:42:18
Size: 1961
Editor: cpe-98-31-46-159
Comment:
Revision 2 as of 2009-09-03 00:47:57
Size: 2442
Editor: cpe-98-31-46-159
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
/!\ This protocol is a work in progress and is not complete.
Line 36: Line 38:

== Remote Input Message Protocol ==
All communication after the channel has been secured and authenticated must follow the Remote Input Message Protocol. All messages are padded as necessary to have a length of 12 bytes.

== Input Device Initialization ==
After the communication channel has been secured and authenticated, the client must begin initializing the input device to be instantiated by the server.

Warning /!\ This protocol is a work in progress and is not complete.

The remote input server uses an open protocol with encryption and authentication to communicate between the clients and the server.

Security

When the client connects to the server, an SSL connection must be initiated immediately. Most remote input server installations use self-signed certificates, so the client should be able to verify the server through the SSL certificate fingerprint. The fingerprint is a digest (usually SHA1) of the DER form of the SSL certificate. It may be determined on the server by running: 

$ openssl x509 -noout -in <certificate file> -fingerprint

If the client cannot verify the certificate through the certificate authority chain or by fingerprint verification it must close the connection immediately.

Authentication

After the SSL connection has been created, the client must send authentication credentials to the server. The credentials have the following form:

Field Bytes Type
Credentials Length 1 Unsigned Integer
NULL 1
Username Indeterminate UTF-8 Null-Terminated String
Password Indeterminate UTF-8 Null-Terminated String

The credentials length field specifies the total size of the following fields. The NULL fields must be set to 0. These fields put two limits on the username and password:

  1. The combined length of the username and password, not including the null terminator, must be less than 253.
  2. The username and the password may not include the null character.

The server must validate the credentials. The server sends a one byte message to the client indicating whether the credentials are valid:

Result Value Character
Authenticated 97 'a'
Invalid 105 'i'

If the result was invalid, the server must immediately close all communication with the client after sending the credential validation result. If the client was authenticated, the client should begin the input device initialization process.

Remote Input Message Protocol

All communication after the channel has been secured and authenticated must follow the Remote Input Message Protocol. All messages are padded as necessary to have a length of 12 bytes.

Input Device Initialization

After the communication channel has been secured and authenticated, the client must begin initializing the input device to be instantiated by the server.

RemoteInput/RemoteInputProtocol (last edited 2009-10-12 16:02:52 by cpe-75-180-27-10)