diff options
Diffstat (limited to 'developers/cadet/cadet.rst')
-rw-r--r-- | developers/cadet/cadet.rst | 47 |
1 files changed, 3 insertions, 44 deletions
diff --git a/developers/cadet/cadet.rst b/developers/cadet/cadet.rst index 8445305..f5db65c 100644 --- a/developers/cadet/cadet.rst +++ b/developers/cadet/cadet.rst | |||
@@ -1,53 +1,12 @@ | |||
1 | 1 | ||
2 | .. _CADET-Subsystem: | 2 | .. _CADET-Subsystem-Dev: |
3 | 3 | ||
4 | .. index:: | 4 | .. index:: |
5 | double: CADET; subsystem | 5 | double: CADET; subsystem |
6 | 6 | ||
7 | CADET — Confidential Ad-hoc Decentralized End-to-end Transport | 7 | CADET |
8 | ============================================================== | 8 | ===== |
9 | 9 | ||
10 | The CADET subsystem in GNUnet is responsible for secure end-to-end | ||
11 | communications between nodes in the GNUnet overlay network. CADET builds | ||
12 | on the CORE subsystem, which provides for the link-layer communication, | ||
13 | by adding routing, forwarding, and additional security to the | ||
14 | connections. CADET offers the same cryptographic services as CORE, but | ||
15 | on an end-to-end level. This is done so peers retransmitting traffic on | ||
16 | behalf of other peers cannot access the payload data. | ||
17 | |||
18 | - CADET provides confidentiality with so-called perfect forward | ||
19 | secrecy; we use ECDHE powered by Curve25519 for the key exchange and | ||
20 | then use symmetric encryption, encrypting with both AES-256 and | ||
21 | Twofish | ||
22 | |||
23 | - authentication is achieved by signing the ephemeral keys using | ||
24 | Ed25519, a deterministic variant of ECDSA | ||
25 | |||
26 | - integrity protection (using SHA-512 to do encrypt-then-MAC, although | ||
27 | only 256 bits are sent to reduce overhead) | ||
28 | |||
29 | - replay protection (using nonces, timestamps, challenge-response, | ||
30 | message counters and ephemeral keys) | ||
31 | |||
32 | - liveness (keep-alive messages, timeout) | ||
33 | |||
34 | Additional to the CORE-like security benefits, CADET offers other | ||
35 | properties that make it a more universal service than CORE. | ||
36 | |||
37 | - CADET can establish channels to arbitrary peers in GNUnet. If a peer | ||
38 | is not immediately reachable, CADET will find a path through the | ||
39 | network and ask other peers to retransmit the traffic on its behalf. | ||
40 | |||
41 | - CADET offers (optional) reliability mechanisms. In a reliable channel | ||
42 | traffic is guaranteed to arrive complete, unchanged and in-order. | ||
43 | |||
44 | - CADET takes care of flow and congestion control mechanisms, not | ||
45 | allowing the sender to send more traffic than the receiver or the | ||
46 | network are able to process. | ||
47 | |||
48 | :index:`libgnunetcadet <single: libgnunet; cadet>` | ||
49 | libgnunetcadet | ||
50 | -------------- | ||
51 | 10 | ||
52 | The CADET API (defined in ``gnunet_cadet_service.h``) is the messaging | 11 | The CADET API (defined in ``gnunet_cadet_service.h``) is the messaging |
53 | API used by P2P applications built using GNUnet. It provides | 12 | API used by P2P applications built using GNUnet. It provides |