ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/NEWS
(Generate patch)

Comparing gvpe/NEWS (file contents):
Revision 1.120 by root, Fri Oct 11 07:56:07 2013 UTC vs.
Revision 1.125 by root, Thu Jan 29 00:24:21 2015 UTC

3TODO: bridge mode, finally? 3TODO: bridge mode, finally?
4TODO: gcm mode? 4TODO: gcm mode?
5TODO: replace ripemd160 as the only authentication hash. 5TODO: replace ripemd160 as the only authentication hash.
6TODO: increase rsa size. 6TODO: increase rsa size.
7TODO: replace transport bits by transport endpoint structs? 7TODO: replace transport bits by transport endpoint structs?
8TODO: ecdh to avoid session replay attacks
9TODO: http://incog-izick.blogspot.de/2011/08/using-openssl-aes-gcm.html 8TODO: http://incog-izick.blogspot.de/2011/08/using-openssl-aes-gcm.html
10TODO: http://stackoverflow.com/questions/12153009/openssl-c-example-of-aes-gcm-using-evp-interfaces 9TODO: http://stackoverflow.com/questions/12153009/openssl-c-example-of-aes-gcm-using-evp-interfaces
11 10
12proposed: 3 types, req, resreq, res
13
14req (hmac1) rsa(seqno1 hmac1 aes1 seqno2 hmac2 aes2 auth) ecdh1
15res (hmac1) hash(rsa-contents) ecdh2
16
17req hmac0(*) rsa(seqno hmac0 hmac aes auth) hkdf-salt ecdh1
18res hmac0(rsa-contents ecdh2)
19 hmac_key = hkdf(hkdf-salt, hmac | ecdh)
20 aes_key = hkdf(hkdf-salt, aes | ecdh)
21
22TODO: protocol magic fixen(!!!)
23TODO: "global"
24TODO: verify 11TODO: verify
25TODO: make sense of overhead calculation 12TODO: make sense of overhead calculation
26TODO: if-up &c should not be scripts? 13TODO: if-up &c should not be scripts?
27TODO: low-power 14TODO: ipv6
15TODO: gvpectrl should not use default privatekey,. or maybe document it better
28 - INCOMPATIBLE CHANGE: core protocol version 1.0. 16 - INCOMPATIBLE CHANGE: core protocol version 1.0.
29 - INCOMPATIBLE CHANGE: node sextions are now introduced 17 - INCOMPATIBLE CHANGE: node sections are now introduced
30 with "node nodename", not "node = nodename". 18 with "node nodename", not "node = nodename".
31 - while individual packets couldn't be replayed, a whole session 19 - while individual packets couldn't be replayed, a whole session
32 could be replayed - this has been fixed by an extra key exchange. 20 could be replayed - this has been fixed by an extra key exchange.
33 - in addition to rsa key exchange and authentication, the handshake now 21 - in addition to rsa key exchange and authentication, the handshake now
34 adds a diffie-hellman key exchange (using curve25119) for perfect 22 adds a diffie-hellman key exchange (using curve25119) for perfect
40 - router reconnects could cause excessive rekeying on other connections. 28 - router reconnects could cause excessive rekeying on other connections.
41 - gvpectrl no longer generates all missing public keys, but 29 - gvpectrl no longer generates all missing public keys, but
42 only missing private keys. private keys are also put 30 only missing private keys. private keys are also put
43 into the configured location. 31 into the configured location.
44 - the pid-file now accepts %s as nodename as elsewhere. 32 - the pid-file now accepts %s as nodename as elsewhere.
33 - switch to counter mode (only aes supported at the moment in
34 openssl). this gets rid of the need to generate a random iv,
35 is likely more secure (and, as a side effect, gets rid of
36 slow randomness generation. counter mode is often faster
37 then cbc mode as well, and packets are smaller).
45 - no longer use RAND_bytes to generate session keys - you NEED 38 - no longer use RAND_bytes to generate session keys - you NEED
46 a real source of entropy now (e.g. egd or /dev/random - see the 39 a real source of entropy now (e.g. egd or /dev/random - see the
47 openssl documentation). 40 openssl documentation).
48 - multiple node statements for the same node are now supported 41 - multiple node statements for the same node are now supported
49 and will be merged. 42 and will be merged.
50 - a new directive "global" switches back to the global section 43 - a new directive "global" switches back to the global section
51 of the config file. 44 of the config file.
52 - 12 random prefix bytes are now properly supported, leading to
53 a fully random IV.
54 - use aes with a random key in counter-mode to generate IVs,
55 for speed reasons (generating 12 random bytes with openssl can
56 take longer than encrypting and mac'ing a 1.5kb packet, and IVs
57 do not need to be cryptographically strong random numbers
58 (and in fact, shouldn't be)).
59 - if-up scripts can now be specified with absolute paths. 45 - if-up scripts can now be specified with absolute paths.
60 - new global option: serial, to detect configuration mismatches. 46 - new global option: serial, to detect configuration mismatches.
61 - use HKDF as authentication proof, not HMAC or a plain hash 47 - use HKDF as authentication proof, not HMAC or a plain hash
62 (hint by Ilmari Karonen). 48 (hint by Ilmari Karonen).
63 - during rekeying or conenction establishments, hmac authentication 49 - during rekeying or conenction establishments, hmac authentication
64 errors could occur and reset the connection. Transient hmac 50 errors could occur and reset the connection. Transient hmac
65 authentication errors are now being ignored for 3 seconds. 51 authentication errors are now being ignored for 3 seconds.
66 - log the reason for a conneciton loss. 52 - log the reason for a conneciton loss.
53 - use a (hopefully) constant time memcmp to compare internal secrets.
67 54
682.25 Sat Jul 13 06:42:33 CEST 2013 552.25 Sat Jul 13 06:42:33 CEST 2013
69 - INCOMPATIBLE CHANGE: no longer enable udp protocol if no other 56 - INCOMPATIBLE CHANGE: no longer enable udp protocol if no other
70 protocols are enabled - this is necessary when you have nodes with 57 protocols are enabled - this is necessary when you have nodes with
71 completely unknown protocols, to force mediated connection requests. 58 completely unknown protocols, to force mediated connection requests.

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines