… | |
… | |
146 | SEQNO is a 32-bit sequence number. It is negotiated at every connection |
146 | SEQNO is a 32-bit sequence number. It is negotiated at every connection |
147 | initialization and starts at some random 31 bit value. VPE currently uses |
147 | initialization and starts at some random 31 bit value. VPE currently uses |
148 | a sliding window of 512 packets/sequence numbers to detect reordering, |
148 | a sliding window of 512 packets/sequence numbers to detect reordering, |
149 | duplication and replay attacks. |
149 | duplication and replay attacks. |
150 | |
150 | |
|
|
151 | The encryption is done on RAND+SEQNO+DATA in CBC mode with zero IV (or, |
|
|
152 | equivalently, the IV is RAND+SEQNO, encrypted with the block cipher, |
|
|
153 | unless RAND size is decreased or increased over the default value). |
|
|
154 | |
151 | =head2 The authentication protocol |
155 | =head2 The authentication protocol |
152 | |
156 | |
153 | Before nodes can exchange packets, they need to establish authenticity of |
157 | Before nodes can exchange packets, they need to establish authenticity of |
154 | the other side and a key. Every node has a private RSA key and the public |
158 | the other side and a key. Every node has a private RSA key and the public |
155 | RSA keys of all other nodes. |
159 | RSA keys of all other nodes. |
156 | |
160 | |
157 | A host establishes a simplex connection by sending the other node an |
161 | A host establishes a simplex connection by sending the other node an RSA |
158 | RSA encrypted challenge containing a random challenge (consisting of |
162 | encrypted challenge containing a random challenge (consisting of the |
159 | the encryption key to use when sending packets, more random data and |
163 | encryption and authentication keys to use when sending packets, more |
160 | PKCS1_OAEP padding) and a random 16 byte "challenge-id" (used to detect |
164 | random data and PKCS1_OAEP padding) and a random 16 byte "challenge-id" |
161 | duplicate auth packets). The destination node will respond by replying |
165 | (used to detect duplicate auth packets). The destination node will respond |
162 | with an (unencrypted) RIPEMD160 hash of the decrypted challenge, which |
166 | by replying with an (unencrypted) hash of the decrypted challenge, which |
163 | will authenticate that node. The destination node will also set the |
167 | will authenticate that node. The destination node will also set the |
164 | outgoing encryption parameters as given in the packet. |
168 | outgoing encryption parameters as given in the packet. |
165 | |
169 | |
166 | When the source node receives a correct auth reply (by verifying the |
170 | When the source node receives a correct auth reply (by verifying the |
167 | hash and the id, which will expire after 120 seconds), it will start to |
171 | hash and the id, which will expire after 120 seconds), it will start to |
… | |
… | |
203 | will try to connect every few seconds. |
207 | will try to connect every few seconds. |
204 | |
208 | |
205 | =head2 Routing and Protocol translation |
209 | =head2 Routing and Protocol translation |
206 | |
210 | |
207 | The GVPE routing algorithm is easy: there isn't much routing to speak |
211 | The GVPE routing algorithm is easy: there isn't much routing to speak |
208 | of: When routing packets to another node, GVPE trues the following |
212 | of: When routing packets to another node, GVPE tries the following |
209 | options, in order: |
213 | options, in order: |
210 | |
214 | |
211 | =over 4 |
215 | =over 4 |
212 | |
216 | |
213 | =item If the two nodes should be able to reach each other directly (common |
217 | =item If the two nodes should be able to reach each other directly (common |