diff options
| author | Martin Schanzenbach <schanzen@gnunet.org> | 2023-10-06 21:44:59 +0200 |
|---|---|---|
| committer | Martin Schanzenbach <schanzen@gnunet.org> | 2023-10-06 21:44:59 +0200 |
| commit | d9893bf282d42ba97e55df428d840f24c45f6e30 (patch) | |
| tree | fdd0d213bde32230dc1a2a8f332598acd1a0557d | |
| parent | f338d9e8d60464d758a5bd94f1b24a97ae12f96b (diff) | |
| download | gnunet-handbook-d9893bf282d42ba97e55df428d840f24c45f6e30.tar.gz gnunet-handbook-d9893bf282d42ba97e55df428d840f24c45f6e30.zip | |
rework cadet
| -rw-r--r-- | developers/cadet/cadet.rst | 47 | ||||
| -rw-r--r-- | users/index.rst | 1 |
2 files changed, 4 insertions, 44 deletions
diff --git a/developers/cadet/cadet.rst b/developers/cadet/cadet.rst index 8445305..f5db65c 100644 --- a/developers/cadet/cadet.rst +++ b/developers/cadet/cadet.rst | |||
| @@ -1,53 +1,12 @@ | |||
| 1 | 1 | ||
| 2 | .. _CADET-Subsystem: | 2 | .. _CADET-Subsystem-Dev: |
| 3 | 3 | ||
| 4 | .. index:: | 4 | .. index:: |
| 5 | double: CADET; subsystem | 5 | double: CADET; subsystem |
| 6 | 6 | ||
| 7 | CADET — Confidential Ad-hoc Decentralized End-to-end Transport | 7 | CADET |
| 8 | ============================================================== | 8 | ===== |
| 9 | 9 | ||
| 10 | The CADET subsystem in GNUnet is responsible for secure end-to-end | ||
| 11 | communications between nodes in the GNUnet overlay network. CADET builds | ||
| 12 | on the CORE subsystem, which provides for the link-layer communication, | ||
| 13 | by adding routing, forwarding, and additional security to the | ||
| 14 | connections. CADET offers the same cryptographic services as CORE, but | ||
| 15 | on an end-to-end level. This is done so peers retransmitting traffic on | ||
| 16 | behalf of other peers cannot access the payload data. | ||
| 17 | |||
| 18 | - CADET provides confidentiality with so-called perfect forward | ||
| 19 | secrecy; we use ECDHE powered by Curve25519 for the key exchange and | ||
| 20 | then use symmetric encryption, encrypting with both AES-256 and | ||
| 21 | Twofish | ||
| 22 | |||
| 23 | - authentication is achieved by signing the ephemeral keys using | ||
| 24 | Ed25519, a deterministic variant of ECDSA | ||
| 25 | |||
| 26 | - integrity protection (using SHA-512 to do encrypt-then-MAC, although | ||
| 27 | only 256 bits are sent to reduce overhead) | ||
| 28 | |||
| 29 | - replay protection (using nonces, timestamps, challenge-response, | ||
| 30 | message counters and ephemeral keys) | ||
| 31 | |||
| 32 | - liveness (keep-alive messages, timeout) | ||
| 33 | |||
| 34 | Additional to the CORE-like security benefits, CADET offers other | ||
| 35 | properties that make it a more universal service than CORE. | ||
| 36 | |||
| 37 | - CADET can establish channels to arbitrary peers in GNUnet. If a peer | ||
| 38 | is not immediately reachable, CADET will find a path through the | ||
| 39 | network and ask other peers to retransmit the traffic on its behalf. | ||
| 40 | |||
| 41 | - CADET offers (optional) reliability mechanisms. In a reliable channel | ||
| 42 | traffic is guaranteed to arrive complete, unchanged and in-order. | ||
| 43 | |||
| 44 | - CADET takes care of flow and congestion control mechanisms, not | ||
| 45 | allowing the sender to send more traffic than the receiver or the | ||
| 46 | network are able to process. | ||
| 47 | |||
| 48 | :index:`libgnunetcadet <single: libgnunet; cadet>` | ||
| 49 | libgnunetcadet | ||
| 50 | -------------- | ||
| 51 | 10 | ||
| 52 | The CADET API (defined in ``gnunet_cadet_service.h``) is the messaging | 11 | The CADET API (defined in ``gnunet_cadet_service.h``) is the messaging |
| 53 | API used by P2P applications built using GNUnet. It provides | 12 | API used by P2P applications built using GNUnet. It provides |
diff --git a/users/index.rst b/users/index.rst index bdfbe8a..96c8aea 100644 --- a/users/index.rst +++ b/users/index.rst | |||
| @@ -25,5 +25,6 @@ welcome. | |||
| 25 | fs | 25 | fs |
| 26 | vpn | 26 | vpn |
| 27 | messenger | 27 | messenger |
| 28 | cadet | ||
| 28 | configuration | 29 | configuration |
| 29 | 30 | ||