1 | .\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.13 |
1 | .\" Automatically generated by Pod::Man v1.34, Pod::Parser v1.13 |
2 | .\" |
2 | .\" |
3 | .\" Standard preamble: |
3 | .\" Standard preamble: |
4 | .\" ======================================================================== |
4 | .\" ======================================================================== |
5 | .de Sh \" Subsection heading |
5 | .de Sh \" Subsection heading |
6 | .br |
6 | .br |
… | |
… | |
127 | .\} |
127 | .\} |
128 | .rm #[ #] #H #V #F C |
128 | .rm #[ #] #H #V #F C |
129 | .\" ======================================================================== |
129 | .\" ======================================================================== |
130 | .\" |
130 | .\" |
131 | .IX Title "VPE.PROTOCOL 7" |
131 | .IX Title "VPE.PROTOCOL 7" |
132 | .TH VPE.PROTOCOL 7 "2003-04-15" "0.9" "Virtual Private Ethernet" |
132 | .TH VPE.PROTOCOL 7 "2003-10-14" "1.2" "Virtual Private Ethernet" |
133 | .SH "The VPE Protocol" |
133 | .SH "The VPE Protocol" |
134 | .IX Header "The VPE Protocol" |
134 | .IX Header "The VPE Protocol" |
135 | .Sh "Anatomy of a \s-1VPN\s0 packet" |
135 | .Sh "Anatomy of a \s-1VPN\s0 packet" |
136 | .IX Subsection "Anatomy of a VPN packet" |
136 | .IX Subsection "Anatomy of a VPN packet" |
137 | The exact layout and field lengths of a \s-1VPN\s0 packet is determined at |
137 | The exact layout and field lengths of a \s-1VPN\s0 packet is determined at |
… | |
… | |
142 | \& +------+------+--------+------+ |
142 | \& +------+------+--------+------+ |
143 | \& | HMAC | TYPE | SRCDST | DATA | |
143 | \& | HMAC | TYPE | SRCDST | DATA | |
144 | \& +------+------+--------+------+ |
144 | \& +------+------+--------+------+ |
145 | .Ve |
145 | .Ve |
146 | .PP |
146 | .PP |
147 | The \s-1HMAC\s0 field is present in all packets, even if not used (e.g. in |
147 | The \s-1HMAC\s0 field is present in all packets, even if not used (e.g. in auth |
148 | authentification packets), in which case it is set to all zeroes. The |
148 | request packets), in which case it is set to all zeroes. The checksum |
149 | checksum itself is over the \s-1TYPE\s0, \s-1SRCDST\s0 and \s-1DATA\s0 fields in all cases. |
149 | itself is over the \s-1TYPE\s0, \s-1SRCDST\s0 and \s-1DATA\s0 fields in all cases. |
150 | .PP |
150 | .PP |
151 | The \s-1TYPE\s0 field is a single byte and determines the purpose of the packet |
151 | The \s-1TYPE\s0 field is a single byte and determines the purpose of the packet |
152 | (e.g. \s-1RESET\s0, \s-1COMPRESSED/UNCOMPRESSED\s0 \s-1DATA\s0, \s-1PING\s0, \s-1AUTH\s0 \s-1REQUEST/RESPONSE\s0, |
152 | (e.g. \s-1RESET\s0, \s-1COMPRESSED/UNCOMPRESSED\s0 \s-1DATA\s0, \s-1PING\s0, \s-1AUTH\s0 \s-1REQUEST/RESPONSE\s0, |
153 | \&\s-1CONNECT\s0 \s-1REQUEST/INFO\s0 etc.). |
153 | \&\s-1CONNECT\s0 \s-1REQUEST/INFO\s0 etc.). |
154 | .PP |
154 | .PP |
… | |
… | |
157 | hosts, since all hosts connect to each other on startup. But if restarts |
157 | hosts, since all hosts connect to each other on startup. But if restarts |
158 | are rare or tolerable and most connections are on demand, larger networks |
158 | are rare or tolerable and most connections are on demand, larger networks |
159 | are possible. |
159 | are possible. |
160 | .PP |
160 | .PP |
161 | The \s-1DATA\s0 portion differs between each packet type, naturally, and is the |
161 | The \s-1DATA\s0 portion differs between each packet type, naturally, and is the |
162 | only part that can be encrypted encrypted. Data packets contain more |
162 | only part that can be encrypted. Data packets contain more fields, as |
163 | fields, as shown: |
163 | shown: |
164 | .PP |
164 | .PP |
165 | .Vb 3 |
165 | .Vb 3 |
166 | \& +------+------+--------+------+-------+------+ |
166 | \& +------+------+--------+------+-------+------+ |
167 | \& | HMAC | TYPE | SRCDST | RAND | SEQNO | DATA | |
167 | \& | HMAC | TYPE | SRCDST | RAND | SEQNO | DATA | |
168 | \& +------+------+--------+------+-------+------+ |
168 | \& +------+------+--------+------+-------+------+ |
169 | .Ve |
169 | .Ve |
170 | .PP |
170 | .PP |
171 | \&\s-1RAND\s0 is a sequence of fully random bytes, used to increase the entropy of the data |
171 | \&\s-1RAND\s0 is a sequence of fully random bytes, used to increase the entropy of |
172 | for encryption purposes. |
172 | the data for encryption purposes. |
173 | .PP |
173 | .PP |
174 | \&\s-1SEQNO\s0 is a 32\-bit sequence number. It is negotiated at every connection |
174 | \&\s-1SEQNO\s0 is a 32\-bit sequence number. It is negotiated at every connection |
175 | initialization and starts at some random value. |
175 | initialization and starts at some random 31 bit value. \s-1VPE\s0 currently uses |
|
|
176 | a sliding window of 512 packets to detect reordering, duplication and |
|
|
177 | reply attacks. |
176 | .Sh "The authentification protocol" |
178 | .Sh "The authentification protocol" |
177 | .IX Subsection "The authentification protocol" |
179 | .IX Subsection "The authentification protocol" |
178 | Before hosts can exchange packets, they need to establish authenticity of |
180 | Before hosts can exchange packets, they need to establish authenticity of |
179 | the other side and a key. Every host has a private \s-1RSA\s0 key and the public |
181 | the other side and a key. Every host has a private \s-1RSA\s0 key and the public |
180 | \&\s-1RSA\s0 keys of all other hosts. |
182 | \&\s-1RSA\s0 keys of all other hosts. |
181 | .PP |
183 | .PP |
182 | A host establishes a simplex connection by sending the other host a \s-1RSA\s0 |
184 | A host establishes a simplex connection by sending the other host a |
183 | challenge containing the random digest and encryption keys (different) |
185 | \&\s-1RSA\s0 encrypted challenge containing a random challenge (consisting of |
184 | to use when sending packets, plus more randomness plus some \s-1PKCS1_OAEP\s0 |
186 | the encryption key to use when sending packets, more random data and |
185 | padding plus a random 16 byte id. The destination host will respond by |
187 | \&\s-1PKCS1_OAEP\s0 padding) and a random 16 byte \*(L"challenge\-id\*(R" (used to detect |
|
|
188 | duplicate auth packets). The destination host will respond by replying |
186 | replying with an (unencrypted) \s-1RIPEMD160\s0 hash of the decrypted data, which |
189 | with an (unencrypted) \s-1RIPEMD160\s0 hash of the decrypted challenge, which |
187 | will authentify that host. The destination host will also set the outgoing |
190 | will authentify that host. The destination host will also set the outgoing |
188 | encryption parameters as given in the packet. |
191 | encryption parameters as given in the packet. |
189 | .PP |
192 | .PP |
190 | When the source host receives a correct auth reply (by verifying the |
193 | When the source host receives a correct auth reply (by verifying the |
191 | hash and the id, which will expire after 20 seconds). it will start to |
194 | hash and the id, which will expire after 120 seconds), it will start to |
192 | accept data packets from the destination host. The protocol is completely |
195 | accept data packets from the destination host. |
193 | symmetric, so to be able to send packets the destination host must send a |
196 | .PP |
194 | challenge in the exact same way as already described. |
197 | This means that a host can only initate a simplex connection, telling the |
|
|
198 | other side the key it has to use when it sends packets. The challenge |
|
|
199 | reply is only used to set the current \s-1IP\s0 address and protocol parameters. |
|
|
200 | .PP |
|
|
201 | The protocol here is completely symmetric, so to be able to send packets |
|
|
202 | the destination host must send a challenge in the exact same way as |
|
|
203 | already described (so, in essence, two simplex connections are created per |
|
|
204 | host pair). |
195 | .Sh "Retrying" |
205 | .Sh "Retrying" |
196 | .IX Subsection "Retrying" |
206 | .IX Subsection "Retrying" |
197 | When there is no response to an auth request, the host will send auth |
207 | When there is no response to an auth request, the host will send auth |
198 | requests in bursts with an exponential backoff. After some time it will |
208 | requests in bursts with an exponential backoff. After some time it will |
199 | resort to \s-1PING\s0 packets, which are very small (8 byte) and lightweight (no |
209 | resort to \s-1PING\s0 packets, which are very small (8 byte) and lightweight (no |