ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/doc/gvpe.protocol.7
(Generate patch)

Comparing gvpe/doc/gvpe.protocol.7 (file contents):
Revision 1.14 by root, Wed Jun 18 20:40:51 2014 UTC vs.
Revision 1.15 by root, Fri Apr 24 21:55:29 2015 UTC

131.\} 131.\}
132.rm #[ #] #H #V #F C 132.rm #[ #] #H #V #F C
133.\" ======================================================================== 133.\" ========================================================================
134.\" 134.\"
135.IX Title "GVPE.PROTOCOL 7" 135.IX Title "GVPE.PROTOCOL 7"
136.TH GVPE.PROTOCOL 7 "2014-04-26" "2.25" "GNU Virtual Private Ethernet" 136.TH GVPE.PROTOCOL 7 "2015-01-29" "2.25" "GNU Virtual Private Ethernet"
137.\" For nroff, turn off justification. Always turn off hyphenation; it makes 137.\" For nroff, turn off justification. Always turn off hyphenation; it makes
138.\" way too many mistakes in technical documents. 138.\" way too many mistakes in technical documents.
139.if n .ad l 139.if n .ad l
140.nh 140.nh
141.SH "The GNU-VPE Protocols" 141.SH "The GNU-VPE Protocols"
269The \s-1DATA\s0 portion differs between each packet type, naturally, and is the 269The \s-1DATA\s0 portion differs between each packet type, naturally, and is the
270only part that can be encrypted. Data packets contain more fields, as 270only part that can be encrypted. Data packets contain more fields, as
271shown: 271shown:
272.PP 272.PP
273.Vb 3 273.Vb 3
274\& +\-\-\-\-\-\-+\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-+\-\-\-\-\-\-\-+\-\-\-\-\-\-+ 274\& +\-\-\-\-\-\-+\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-+\-\-\-\-\-\-+
275\& | HMAC | TYPE | SRCDST | RAND | SEQNO | DATA | 275\& | HMAC | TYPE | SRCDST | SEQNO | DATA |
276\& +\-\-\-\-\-\-+\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-+\-\-\-\-\-\-\-+\-\-\-\-\-\-+ 276\& +\-\-\-\-\-\-+\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-+\-\-\-\-\-\-+
277.Ve 277.Ve
278.PP
279\&\s-1RAND\s0 is a sequence of fully random bytes, used to increase the entropy of
280the data for encryption purposes.
281.PP 278.PP
282\&\s-1SEQNO\s0 is a 32\-bit sequence number. It is negotiated at every connection 279\&\s-1SEQNO\s0 is a 32\-bit sequence number. It is negotiated at every connection
283initialization and starts at some random 31 bit value. \s-1GVPE\s0 currently uses 280initialization and starts at some random 31 bit value. \s-1GVPE\s0 currently uses
284a sliding window of 512 packets/sequence numbers to detect reordering, 281a sliding window of 512 packets/sequence numbers to detect reordering,
285duplication and replay attacks. 282duplication and replay attacks.
286.PP 283.PP
287The encryption is done on \s-1RAND+SEQNO+DATA\s0 in \s-1CBC\s0 mode with zero \s-1IV \s0(or, 284The encryption is done on \s-1SEQNO+DATA\s0 in \s-1CTR\s0 mode with \s-1IV\s0 generated from
288equivalently, the \s-1IV\s0 is \s-1RAND+SEQNO,\s0 encrypted with the block cipher, 285the seqno (for \s-1AES:\s0 seqno || seqno || seqno || (u32)0), which ensures
289unless \s-1RAND\s0 size is decreased or increased over the default value). 286uniqueness for a given key.
290.PP
291The random prefix itself is generated by using \s-1AES\s0 in \s-1CTR\s0 mode with a
292random key and starting value, which should make them unpredictable even
293before encrypting them again. The sequence number additionally ensures
294that the \s-1IV\s0 is unique.
295.SS "The authentication/key exchange protocol" 287.SS "The authentication/key exchange protocol"
296.IX Subsection "The authentication/key exchange protocol" 288.IX Subsection "The authentication/key exchange protocol"
297Before nodes can exchange packets, they need to establish authenticity of 289Before nodes can exchange packets, they need to establish authenticity of
298the other side and a key. Every node has a private \s-1RSA\s0 key and the public 290the other side and a key. Every node has a private \s-1RSA\s0 key and the public
299\&\s-1RSA\s0 keys of all other nodes. 291\&\s-1RSA\s0 keys of all other nodes.

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines