… | |
… | |
8 | |
8 | |
9 | +------+------+--------+------+ |
9 | +------+------+--------+------+ |
10 | | HMAC | TYPE | SRCDST | DATA | |
10 | | HMAC | TYPE | SRCDST | DATA | |
11 | +------+------+--------+------+ |
11 | +------+------+--------+------+ |
12 | |
12 | |
13 | The HMAC field is present in all packets, even if not used (e.g. in |
13 | The HMAC field is present in all packets, even if not used (e.g. in auth |
14 | authentification packets), in which case it is set to all zeroes. The |
14 | request packets), in which case it is set to all zeroes. The checksum |
15 | checksum itself is over the TYPE, SRCDST and DATA fields in all cases. |
15 | itself is over the TYPE, SRCDST and DATA fields in all cases. |
16 | |
16 | |
17 | The TYPE field is a single byte and determines the purpose of the packet |
17 | The TYPE field is a single byte and determines the purpose of the packet |
18 | (e.g. RESET, COMPRESSED/UNCOMPRESSED DATA, PING, AUTH REQUEST/RESPONSE, |
18 | (e.g. RESET, COMPRESSED/UNCOMPRESSED DATA, PING, AUTH REQUEST/RESPONSE, |
19 | CONNECT REQUEST/INFO etc.). |
19 | CONNECT REQUEST/INFO etc.). |
20 | |
20 | |
… | |
… | |
23 | hosts, since all hosts connect to each other on startup. But if restarts |
23 | hosts, since all hosts connect to each other on startup. But if restarts |
24 | are rare or tolerable and most connections are on demand, larger networks |
24 | are rare or tolerable and most connections are on demand, larger networks |
25 | are possible. |
25 | are possible. |
26 | |
26 | |
27 | The DATA portion differs between each packet type, naturally, and is the |
27 | The DATA portion differs between each packet type, naturally, and is the |
28 | only part that can be encrypted encrypted. Data packets contain more |
28 | only part that can be encrypted. Data packets contain more fields, as |
29 | fields, as shown: |
29 | shown: |
30 | |
30 | |
31 | +------+------+--------+------+-------+------+ |
31 | +------+------+--------+------+-------+------+ |
32 | | HMAC | TYPE | SRCDST | RAND | SEQNO | DATA | |
32 | | HMAC | TYPE | SRCDST | RAND | SEQNO | DATA | |
33 | +------+------+--------+------+-------+------+ |
33 | +------+------+--------+------+-------+------+ |
34 | |
34 | |
35 | RAND is a sequence of fully random bytes, used to increase the entropy of the data |
35 | RAND is a sequence of fully random bytes, used to increase the entropy of |
36 | for encryption purposes. |
36 | the data for encryption purposes. |
37 | |
37 | |
38 | SEQNO is a 32-bit sequence number. It is negotiated at every connection |
38 | SEQNO is a 32-bit sequence number. It is negotiated at every connection |
39 | initialization and starts at some random value. |
39 | initialization and starts at some random 31 bit value. VPE currently uses |
|
|
40 | a sliding window of 512 packets to detect reordering, duplication and |
|
|
41 | reply attacks. |
40 | |
42 | |
41 | =head2 The authentification protocol |
43 | =head2 The authentification protocol |
42 | |
44 | |
43 | Before hosts can exchange packets, they need to establish authenticity of |
45 | Before hosts can exchange packets, they need to establish authenticity of |
44 | the other side and a key. Every host has a private RSA key and the public |
46 | the other side and a key. Every host has a private RSA key and the public |
45 | RSA keys of all other hosts. |
47 | RSA keys of all other hosts. |
46 | |
48 | |
47 | A host establishes a simplex connection by sending the other host a RSA |
49 | A host establishes a simplex connection by sending the other host a |
48 | challenge containing the random digest and encryption keys (different) |
50 | RSA encrypted challenge containing a random challenge (consisting of |
49 | to use when sending packets, plus more randomness plus some PKCS1_OAEP |
51 | the encryption key to use when sending packets, more random data and |
50 | padding plus a random 16 byte id. The destination host will respond by |
52 | PKCS1_OAEP padding) and a random 16 byte "challenge-id" (used to detect |
|
|
53 | duplicate auth packets). The destination host will respond by replying |
51 | replying with an (unencrypted) RIPEMD160 hash of the decrypted data, which |
54 | with an (unencrypted) RIPEMD160 hash of the decrypted challenge, which |
52 | will authentify that host. The destination host will also set the outgoing |
55 | will authentify that host. The destination host will also set the outgoing |
53 | encryption parameters as given in the packet. |
56 | encryption parameters as given in the packet. |
54 | |
57 | |
55 | When the source host receives a correct auth reply (by verifying the |
58 | When the source host receives a correct auth reply (by verifying the |
56 | hash and the id, which will expire after 20 seconds). it will start to |
59 | hash and the id, which will expire after 120 seconds), it will start to |
57 | accept data packets from the destination host. The protocol is completely |
60 | accept data packets from the destination host. |
58 | symmetric, so to be able to send packets the destination host must send a |
61 | |
59 | challenge in the exact same way as already described. |
62 | This means that a host can only initate a simplex connection, telling the |
|
|
63 | other side the key it has to use when it sends packets. The challenge |
|
|
64 | reply is only used to set the current IP address and protocol parameters. |
|
|
65 | |
|
|
66 | The protocol here is completely symmetric, so to be able to send packets |
|
|
67 | the destination host must send a challenge in the exact same way as |
|
|
68 | already described (so, in essence, two simplex connections are created per |
|
|
69 | host pair). |
60 | |
70 | |
61 | =head2 Retrying |
71 | =head2 Retrying |
62 | |
72 | |
63 | When there is no response to an auth request, the host will send auth |
73 | When there is no response to an auth request, the host will send auth |
64 | requests in bursts with an exponential backoff. After some time it will |
74 | requests in bursts with an exponential backoff. After some time it will |
… | |
… | |
72 | floods due to protocol problems (like a rsa key file mismatch between two |
82 | floods due to protocol problems (like a rsa key file mismatch between two |
73 | hosts). |
83 | hosts). |
74 | |
84 | |
75 | =head2 Routing and Protocol translation |
85 | =head2 Routing and Protocol translation |
76 | |
86 | |
77 | ... not yet written, please bug me ... |
87 | The vpe routing algorithm is easy: there isn't any routing. Vped always |
|
|
88 | tries to establish direct connections, if the protocol abilities of the |
|
|
89 | two hosts allow it. |
78 | |
90 | |
|
|
91 | If the two hosts should be able to reach each other (common protocol, ip |
|
|
92 | and port all known), but cannot (network down), then there will be no |
|
|
93 | connection, point. |
|
|
94 | |
|
|
95 | A host can usually declare itself unreachable directly by setting it's |
|
|
96 | port number(s) to zero. It can declare other hosts as unreachable by using |
|
|
97 | a config-file that disables all protocols for these other hosts. |
|
|
98 | |
|
|
99 | If two hosts cannot connect to each other because their IP address(es) |
|
|
100 | are not known (such as dialup hosts), one side will send a connection |
|
|
101 | request to a router (routers must be configured to act as routers!), which |
|
|
102 | will send both the originating and the destination host a connection info |
|
|
103 | request with protocol information and IP address of the other host (if |
|
|
104 | known). Both hosts will then try to establish a connection to the other |
|
|
105 | peer, which is usually possible even when both hosts are behind a NAT |
|
|
106 | gateway. |
|
|
107 | |
|
|
108 | If the hosts cannot reach each other because they have no common protocol, |
|
|
109 | the originator instead use the router with highest priority and matching |
|
|
110 | protocol as peer. Since the SRCDST field is not encrypted, the router host |
|
|
111 | can just forward the packet to the destination host. Since each host uses |
|
|
112 | it's own private key, the router will not be able to decrypt or encrypt |
|
|
113 | packets, it will just act as a simple router and protocol translator. |
|
|
114 | |
|
|
115 | When no router is connected, the host will aggressively try to connect to |
|
|
116 | all routers, and if a router is asked for an unconnected host it will try |
|
|
117 | to ask another router to establish the connection. |
|
|
118 | |
|
|
119 | ... more not yet written about the details of the routing, please bug me |
|
|
120 | ... |
|
|
121 | |