| … | |
… | |
| 1189 | serial = string |
1189 | serial = string |
| 1190 | |
1190 | |
| 1191 | @cindex serial |
1191 | @cindex serial |
| 1192 | The configuration serial number. This can be any string up to 16 bytes length. Only when the serial matches on both sides of a conenction will the connection succeed. This is @emph{not} a security mechanism and eay to spoof, this mechanism exists to alert users that their config is outdated. |
1192 | The configuration serial number. This can be any string up to 16 bytes length. Only when the serial matches on both sides of a conenction will the connection succeed. This is @emph{not} a security mechanism and eay to spoof, this mechanism exists to alert users that their config is outdated. |
| 1193 | @refill |
1193 | @refill |
| 1194 | It's recommended to specify this is a date string such as @t{2013-05-05} or @t{20121205084417).} |
1194 | It's recommended to specify this is a date string such as @t{2013-05-05} or @t{20121205084417}. |
| 1195 | @refill |
1195 | @refill |
| 1196 | The exact algorithm is as this: if a connection request is received form a node with an identical serial, then it succeeds normally. |
1196 | The exact algorithm is as this: if a connection request is received form a node with an identical serial, then it succeeds normally. |
| 1197 | @refill |
1197 | @refill |
| 1198 | If the remote serial is lower than the local serial, it is ignored. |
1198 | If the remote serial is lower than the local serial, it is ignored. |
| 1199 | @refill |
1199 | @refill |
| … | |
… | |
| 1862 | The DATA portion differs between each packet type, naturally, and is the only part that can be encrypted. Data packets contain more fields, as shown: |
1862 | The DATA portion differs between each packet type, naturally, and is the only part that can be encrypted. Data packets contain more fields, as shown: |
| 1863 | @refill |
1863 | @refill |
| 1864 | |
1864 | |
| 1865 | |
1865 | |
| 1866 | @example |
1866 | @example |
| 1867 | +------+------+--------+------+-------+------+ |
1867 | +------+------+--------+-------+------+ |
| 1868 | | HMAC | TYPE | SRCDST | RAND | SEQNO | DATA | |
1868 | | HMAC | TYPE | SRCDST | SEQNO | DATA | |
| 1869 | +------+------+--------+------+-------+------+ |
1869 | +------+------+--------+-------+------+ |
| 1870 | @end example |
1870 | @end example |
| 1871 | |
1871 | |
| 1872 | RAND is a sequence of fully random bytes, used to increase the entropy of the data for encryption purposes. |
|
|
| 1873 | @refill |
|
|
| 1874 | SEQNO is a 32-bit sequence number. It is negotiated at every connection initialization and starts at some random 31 bit value. GVPE currently uses a sliding window of 512 packets/sequence numbers to detect reordering, duplication and replay attacks. |
1872 | SEQNO is a 32-bit sequence number. It is negotiated at every connection initialization and starts at some random 31 bit value. GVPE currently uses a sliding window of 512 packets/sequence numbers to detect reordering, duplication and replay attacks. |
| 1875 | @refill |
1873 | @refill |
| 1876 | The encryption is done on RAND+SEQNO+DATA in CBC mode with zero IV (or, equivalently, the IV is RAND+SEQNO, encrypted with the block cipher, unless RAND size is decreased or increased over the default value). |
1874 | The encryption is done on SEQNO+DATA in CTR mode with IV generated from the seqno (for AES: seqno || seqno || seqno || (u32)0), which ensures uniqueness for a given key. |
| 1877 | @refill |
|
|
| 1878 | The random prefix itself is generated by using AES in CTR mode with a random key and starting value, which should make them unpredictable even before encrypting them again. The sequence number additionally ensures that the IV is unique. |
|
|
| 1879 | @refill |
1875 | @refill |
| 1880 | |
1876 | |
| 1881 | |
1877 | |
| 1882 | @subsection The authentication/key exchange protocol |
1878 | @subsection The authentication/key exchange protocol |
| 1883 | Before nodes can exchange packets, they need to establish authenticity of the other side and a key. Every node has a private RSA key and the public RSA keys of all other nodes. |
1879 | Before nodes can exchange packets, they need to establish authenticity of the other side and a key. Every node has a private RSA key and the public RSA keys of all other nodes. |
