Attaching via ws + AES fails with 4.1.2

[olifre]

Using version 4.1.2 on Debian 10 / Buster, starting a server as follows:

/usr/bin/xpra start --html=on --bind-tcp=0.0.0.0:58745 --start="xterm -fa Monospace" --tcp-auth=file:filename=one --tcp-encryption=AES --tcp-encryption-keyfile=two --clipboard-direction=both --no-mdns --no-bell --no-speaker --no-printing --no-microphone --no-notifications --no-systemd-run --sharing --no-daemon

with "one" being a file with a random string, and "two" being a file with another random string, I can not attach to the server via:

xpra attach xpraws://localhost:58745  --tcp-auth=file:filename=one --tcp-encryption=AES --tcp-encryption-keyfile=two

During the attempt, the server logs:

2021-04-21 11:07:14,262 sending data using AES encryption
2021-04-21 11:07:14,263 receiving data using AES encryption
2021-04-21 11:07:14,263 Authentication required by password file authenticator module 1
2021-04-21 11:07:14,263  sending challenge for username 'olifre' using hmac+sha512 digest

while the client shows a password prompt. Whatever I enter there, it seems to fail.

Trying to attach using the HTML 5 web client, specifying the password (from file "one") and the AES encryption key (from file "two") reveals the same lines in the server logs, and in the browser just hangs at:

WebSocket connection established

for an indefinite time.

Is this a user error, i.e. has the syntax changed for starting the server?
Since I tried the HTML 5 client, too, I presume the client syntax did not change. All versions are 4.1.2 (the HTML 5 client shows 4.1.1, though). I can of course provide debug logs if required.

[totaam]

You're getting to the authentication stage so encryption is setup correctly, though the syntax you are using is being deprecated, see https://github.com/Xpra-org/xpra/blob/master/docs/Network/AES.md

For debugging authentication issues, run both the client and server with -d auth.
And make sure your password file does not contain newline characters.
https://github.com/Xpra-org/xpra/blob/master/docs/Usage/Authentication.md

[olifre]

You're getting to the authentication stage so encryption is setup correctly, though the syntax you are using is being deprecated, see https://github.com/Xpra-org/xpra/blob/master/docs/Network/AES.md

Many thanks, since that syntax is part of a wrapper I use, I'll adapt it for the future.

And make sure your password file does not contain newline characters.

Indeed, this was the case, but retrying without newline characters does not change the issue.

For debugging authentication issues, run both the client and server with -d auth.

Here are the debug lines I get, first from the server (keys are of course only random data):

2021-04-21 13:32:01,681 set output cipher using encryption key 'b'LxFbWx13KicDSxHR''
2021-04-21 13:32:01,683 sending data using AES encryption
2021-04-21 13:32:01,684 receiving data using AES encryption
2021-04-21 13:32:01,684 server cipher={'cipher': 'AES', 'cipher.iv': '6d00bc8151744815', 'cipher.key_salt': b'\xae\x1a\xe7\xd2\x02.5R)bs:OwV\x1b\xf0\x0b\xb1\xb1\xeaQ\xe8N\x13D\xbd@\xe4\xfdv\x9bv=\xef\xb9\x0b%\xec\x80$\x07K\xa0\x0c\x952\xfb\xa5+\xb086\xa3\xc3\x18-\xcf\xfdY\xe0[\xf61', 'cipher.key_stretch_iterations': 1000, 'cipher.padding': 'PKCS#7', 'cipher.padding.options': ['PKCS#7', 'legacy']}
2021-04-21 13:32:01,684 processing authentication with (password file,), remaining=(password file,), digest_modes=('xor', 'hmac+sha512', 'hmac+sha3_512', 'hmac+sha3_384', 'hmac+sha3_256', 'hmac+sha3_224', 'hmac+sha384', 'hmac+sha256', 'hmac+sha224', 'hmac+blake2s', 'hmac+blake2b', 'des', 'kerberos', 'gss', 'u2f'), salt_digest_modes=('hmac+sha512', 'hmac+sha3_512', 'hmac+sha3_384', 'hmac+sha3_256', 'hmac+sha3_224', 'hmac+sha384', 'hmac+sha256', 'hmac+sha224', 'hmac+blake2s', 'hmac+blake2b')
2021-04-21 13:32:01,685 authenticator[0]=password file, requires-challenge=True, challenge-sent=False
2021-04-21 13:32:01,685 get_challenge(('xor', 'hmac+sha512', 'hmac+sha3_512', 'hmac+sha3_384', 'hmac+sha3_256', 'hmac+sha3_224', 'hmac+sha384', 'hmac+sha256', 'hmac+sha224', 'hmac+blake2s', 'hmac+blake2b', 'des', 'kerberos', 'gss', 'u2f'))= db9b876e15eeb20bb3af730e5d888b70bff3e520c98903d0538572484e5c10955ab6e3e120501df101f8ea3b27bcc9256580dd29466038bc015560b86779cf99, hmac+sha512
2021-04-21 13:32:01,685 Authentication required by password file authenticator module 1
2021-04-21 13:32:01,685  sending challenge for username 'olifre' using hmac+sha512 digest
2021-04-21 13:34:01,689 Error: connection timed out: ws socket: 127.0.0.1:58745 <- 127.0.0.1:42608
2021-04-21 13:34:01,689  after 121 seconds
2021-04-21 13:34:01,689  received 72687 bytes

On the client:

2021-04-21 13:32:01,694 processing challenge: [b"\xdb\x9b\x87n\x15\xee\xb2\x0b\xb3\xafs\x0e]\x88\x8bp\xbf\xf3\xe5 \xc9\x89\x03\xd0S\x85rHN\\\x10\x95Z\xb6\xe3\xe1 P\x1d\xf1\x01\xf8\xea;'\xbc\xc9%e\x80\xdd)F`8\xbc\x01U`\xb8gy\xcf\x99", {b'cipher': b'AES', b'cipher.iv': b'6d00bc8151744815', b'cipher.key_salt': b'\xae\x1a\xe7\xd2\x02.5R)bs:OwV\x1b\xf0\x0b\xb1\xb1\xeaQ\xe8N\x13D\xbd@\xe4\xfdv\x9bv=\xef\xb9\x0b%\xec\x80$\x07K\xa0\x0c\x952\xfb\xa5+\xb086\xa3\xc3\x18-\xcf\xfdY\xe0[\xf61', b'cipher.key_stretch_iterations': 1000, b'cipher.padding': b'PKCS#7', b'cipher.padding.options': (b'PKCS#7', b'legacy')}, b'hmac+sha512', b'hmac+sha512', b'password']
2021-04-21 13:32:01,694 challenge handlers: [uri, file, env, kerberos, gss, u2f, prompt, prompt, prompt, prompt]
2021-04-21 13:32:01,694 calling challenge handler uri
2021-04-21 13:32:01,694 <bound method Handler.handle of uri>([b'challenge', b"\xdb\x9b\x87n\x15\xee\xb2\x0b\xb3\xafs\x0e]\x88\x8bp\xbf\xf3\xe5 \xc9\x89\x03\xd0S\x85rHN\\\x10\x95Z\xb6\xe3\xe1 P\x1d\xf1\x01\xf8\xea;'\xbc\xc9%e\x80\xdd)F`8\xbc\x01U`\xb8gy\xcf\x99", {b'cipher': b'AES', b'cipher.iv': b'6d00bc8151744815', b'cipher.key_salt': b'\xae\x1a\xe7\xd2\x02.5R)bs:OwV\x1b\xf0\x0b\xb1\xb1\xeaQ\xe8N\x13D\xbd@\xe4\xfdv\x9bv=\xef\xb9\x0b%\xec\x80$\x07K\xa0\x0c\x952\xfb\xa5+\xb086\xa3\xc3\x18-\xcf\xfdY\xe0[\xf61', b'cipher.key_stretch_iterations': 1000, b'cipher.padding': b'PKCS#7', b'cipher.padding.options': (b'PKCS#7', b'legacy')}, b'hmac+sha512', b'hmac+sha512', b'password'])=False
2021-04-21 13:32:01,694 calling challenge handler file
2021-04-21 13:32:01,694 handle(..) password_file=None
2021-04-21 13:32:01,694 <bound method Handler.handle of file>([b'challenge', b"\xdb\x9b\x87n\x15\xee\xb2\x0b\xb3\xafs\x0e]\x88\x8bp\xbf\xf3\xe5 \xc9\x89\x03\xd0S\x85rHN\\\x10\x95Z\xb6\xe3\xe1 P\x1d\xf1\x01\xf8\xea;'\xbc\xc9%e\x80\xdd)F`8\xbc\x01U`\xb8gy\xcf\x99", {b'cipher': b'AES', b'cipher.iv': b'6d00bc8151744815', b'cipher.key_salt': b'\xae\x1a\xe7\xd2\x02.5R)bs:OwV\x1b\xf0\x0b\xb1\xb1\xeaQ\xe8N\x13D\xbd@\xe4\xfdv\x9bv=\xef\xb9\x0b%\xec\x80$\x07K\xa0\x0c\x952\xfb\xa5+\xb086\xa3\xc3\x18-\xcf\xfdY\xe0[\xf61', b'cipher.key_stretch_iterations': 1000, b'cipher.padding': b'PKCS#7', b'cipher.padding.options': (b'PKCS#7', b'legacy')}, b'hmac+sha512', b'hmac+sha512', b'password'])=False
2021-04-21 13:32:01,695 calling challenge handler env
2021-04-21 13:32:01,695 <bound method Handler.handle of env>([b'challenge', b"\xdb\x9b\x87n\x15\xee\xb2\x0b\xb3\xafs\x0e]\x88\x8bp\xbf\xf3\xe5 \xc9\x89\x03\xd0S\x85rHN\\\x10\x95Z\xb6\xe3\xe1 P\x1d\xf1\x01\xf8\xea;'\xbc\xc9%e\x80\xdd)F`8\xbc\x01U`\xb8gy\xcf\x99", {b'cipher': b'AES', b'cipher.iv': b'6d00bc8151744815', b'cipher.key_salt': b'\xae\x1a\xe7\xd2\x02.5R)bs:OwV\x1b\xf0\x0b\xb1\xb1\xeaQ\xe8N\x13D\xbd@\xe4\xfdv\x9bv=\xef\xb9\x0b%\xec\x80$\x07K\xa0\x0c\x952\xfb\xa5+\xb086\xa3\xc3\x18-\xcf\xfdY\xe0[\xf61', b'cipher.key_stretch_iterations': 1000, b'cipher.padding': b'PKCS#7', b'cipher.padding.options': (b'PKCS#7', b'legacy')}, b'hmac+sha512', b'hmac+sha512', b'password'])=False
2021-04-21 13:32:01,695 calling challenge handler kerberos
2021-04-21 13:32:01,695 hmac+sha512 is not a kerberos challenge
2021-04-21 13:32:01,696 <bound method Handler.handle of kerberos>([b'challenge', b"\xdb\x9b\x87n\x15\xee\xb2\x0b\xb3\xafs\x0e]\x88\x8bp\xbf\xf3\xe5 \xc9\x89\x03\xd0S\x85rHN\\\x10\x95Z\xb6\xe3\xe1 P\x1d\xf1\x01\xf8\xea;'\xbc\xc9%e\x80\xdd)F`8\xbc\x01U`\xb8gy\xcf\x99", {b'cipher': b'AES', b'cipher.iv': b'6d00bc8151744815', b'cipher.key_salt': b'\xae\x1a\xe7\xd2\x02.5R)bs:OwV\x1b\xf0\x0b\xb1\xb1\xeaQ\xe8N\x13D\xbd@\xe4\xfdv\x9bv=\xef\xb9\x0b%\xec\x80$\x07K\xa0\x0c\x952\xfb\xa5+\xb086\xa3\xc3\x18-\xcf\xfdY\xe0[\xf61', b'cipher.key_stretch_iterations': 1000, b'cipher.padding': b'PKCS#7', b'cipher.padding.options': (b'PKCS#7', b'legacy')}, b'hmac+sha512', b'hmac+sha512', b'password'])=False
2021-04-21 13:32:01,696 calling challenge handler gss
2021-04-21 13:32:01,696 hmac+sha512 is not a gss challenge
2021-04-21 13:32:01,696 <bound method Handler.handle of gss>([b'challenge', b"\xdb\x9b\x87n\x15\xee\xb2\x0b\xb3\xafs\x0e]\x88\x8bp\xbf\xf3\xe5 \xc9\x89\x03\xd0S\x85rHN\\\x10\x95Z\xb6\xe3\xe1 P\x1d\xf1\x01\xf8\xea;'\xbc\xc9%e\x80\xdd)F`8\xbc\x01U`\xb8gy\xcf\x99", {b'cipher': b'AES', b'cipher.iv': b'6d00bc8151744815', b'cipher.key_salt': b'\xae\x1a\xe7\xd2\x02.5R)bs:OwV\x1b\xf0\x0b\xb1\xb1\xeaQ\xe8N\x13D\xbd@\xe4\xfdv\x9bv=\xef\xb9\x0b%\xec\x80$\x07K\xa0\x0c\x952\xfb\xa5+\xb086\xa3\xc3\x18-\xcf\xfdY\xe0[\xf61', b'cipher.key_stretch_iterations': 1000, b'cipher.padding': b'PKCS#7', b'cipher.padding.options': (b'PKCS#7', b'legacy')}, b'hmac+sha512', b'hmac+sha512', b'password'])=False
2021-04-21 13:32:01,697 calling challenge handler u2f
2021-04-21 13:32:01,697 hmac+sha512 is not a u2f challenge
2021-04-21 13:32:01,697 <bound method Handler.handle of u2f>([b'challenge', b"\xdb\x9b\x87n\x15\xee\xb2\x0b\xb3\xafs\x0e]\x88\x8bp\xbf\xf3\xe5 \xc9\x89\x03\xd0S\x85rHN\\\x10\x95Z\xb6\xe3\xe1 P\x1d\xf1\x01\xf8\xea;'\xbc\xc9%e\x80\xdd)F`8\xbc\x01U`\xb8gy\xcf\x99", {b'cipher': b'AES', b'cipher.iv': b'6d00bc8151744815', b'cipher.key_salt': b'\xae\x1a\xe7\xd2\x02.5R)bs:OwV\x1b\xf0\x0b\xb1\xb1\xeaQ\xe8N\x13D\xbd@\xe4\xfdv\x9bv=\xef\xb9\x0b%\xec\x80$\x07K\xa0\x0c\x952\xfb\xa5+\xb086\xa3\xc3\x18-\xcf\xfdY\xe0[\xf61', b'cipher.key_stretch_iterations': 1000, b'cipher.padding': b'PKCS#7', b'cipher.padding.options': (b'PKCS#7', b'legacy')}, b'hmac+sha512', b'hmac+sha512', b'password'])=False
2021-04-21 13:32:01,697 calling challenge handler prompt
2021-04-21 13:32:01,819 <bound method Handler.handle of prompt>([b'challenge', b"\xdb\x9b\x87n\x15\xee\xb2\x0b\xb3\xafs\x0e]\x88\x8bp\xbf\xf3\xe5 \xc9\x89\x03\xd0S\x85rHN\\\x10\x95Z\xb6\xe3\xe1 P\x1d\xf1\x01\xf8\xea;'\xbc\xc9%e\x80\xdd)F`8\xbc\x01U`\xb8gy\xcf\x99", {b'cipher': b'AES', b'cipher.iv': b'6d00bc8151744815', b'cipher.key_salt': b'\xae\x1a\xe7\xd2\x02.5R)bs:OwV\x1b\xf0\x0b\xb1\xb1\xeaQ\xe8N\x13D\xbd@\xe4\xfdv\x9bv=\xef\xb9\x0b%\xec\x80$\x07K\xa0\x0c\x952\xfb\xa5+\xb086\xa3\xc3\x18-\xcf\xfdY\xe0[\xf61', b'cipher.key_stretch_iterations': 1000, b'cipher.padding': b'PKCS#7', b'cipher.padding.options': (b'PKCS#7', b'legacy')}, b'hmac+sha512', b'hmac+sha512', b'password'])=True
2021-04-21 13:34:01,723 removing unix domain socket '/run/user/1000/xpra/clients/myhost-16127'
2021-04-21 13:34:03,693 Warning: server connection failure:
2021-04-21 13:34:03,693  disconnected before the session could be established
2021-04-21 13:34:03,693  login timeout

From a glance, I wonder what this means:

2021-04-21 13:32:01,694 calling challenge handler file
2021-04-21 13:32:01,694 handle(..) password_file=None

Is the syntax --tcp-auth=file:filename=one not picked up anymore?
But I also get the "getting stuck" issue with the HTML5 client (which should not suffer from syntax deprecation).

[totaam]

Is the syntax --tcp-auth=file:filename=one not picked up anymore?

I don't think it ever was. That's the legacy server side syntax for creating tcp sockets.
Client side, you should just be a able to use --password-file= or specify the password as part of the URI.

[olifre]

Client side, you should just be a able to use --password-file= or specify the password as part of the URI.

Indeed, that works like a charm!

Now the only remaining issue is that it does not work with the HTML 5 client, it always gets stuck at WebSocket connection established, and server-side, I see the very same thing as before when I did not specify the --password-file= option, i.e.:

 sending challenge for username 'olifre' using hmac+sha512 digest

and silence afterwards.

I can of course open an issue on this in the xpra-html5 repo if you prefer, but maybe this is related?
I use the very same password in the HTML 5 client, and of course also activate AES and specify the AES key.

[totaam]

I can of course open an issue on this in the xpra-html5 repo if you prefer, but maybe this is related?

Yes please. I don't think that it is related.
You may want to try to downgrade the html5 client, I think Xpra-org/xpra-html5#18 caused problems with encryption.

[olifre]

Thanks, done!
It's now at: Xpra-org/xpra-html5#43