From d9893bf282d42ba97e55df428d840f24c45f6e30 Mon Sep 17 00:00:00 2001 From: Martin Schanzenbach Date: Fri, 6 Oct 2023 21:44:59 +0200 Subject: rework cadet --- developers/cadet/cadet.rst | 47 +++------------------------------------------- users/index.rst | 1 + 2 files changed, 4 insertions(+), 44 deletions(-) diff --git a/developers/cadet/cadet.rst b/developers/cadet/cadet.rst index 8445305..f5db65c 100644 --- a/developers/cadet/cadet.rst +++ b/developers/cadet/cadet.rst @@ -1,53 +1,12 @@ -.. _CADET-Subsystem: +.. _CADET-Subsystem-Dev: .. index:: double: CADET; subsystem -CADET — Confidential Ad-hoc Decentralized End-to-end Transport -============================================================== +CADET +===== -The CADET subsystem in GNUnet is responsible for secure end-to-end -communications between nodes in the GNUnet overlay network. CADET builds -on the CORE subsystem, which provides for the link-layer communication, -by adding routing, forwarding, and additional security to the -connections. CADET offers the same cryptographic services as CORE, but -on an end-to-end level. This is done so peers retransmitting traffic on -behalf of other peers cannot access the payload data. - -- CADET provides confidentiality with so-called perfect forward - secrecy; we use ECDHE powered by Curve25519 for the key exchange and - then use symmetric encryption, encrypting with both AES-256 and - Twofish - -- authentication is achieved by signing the ephemeral keys using - Ed25519, a deterministic variant of ECDSA - -- integrity protection (using SHA-512 to do encrypt-then-MAC, although - only 256 bits are sent to reduce overhead) - -- replay protection (using nonces, timestamps, challenge-response, - message counters and ephemeral keys) - -- liveness (keep-alive messages, timeout) - -Additional to the CORE-like security benefits, CADET offers other -properties that make it a more universal service than CORE. - -- CADET can establish channels to arbitrary peers in GNUnet. If a peer - is not immediately reachable, CADET will find a path through the - network and ask other peers to retransmit the traffic on its behalf. - -- CADET offers (optional) reliability mechanisms. In a reliable channel - traffic is guaranteed to arrive complete, unchanged and in-order. - -- CADET takes care of flow and congestion control mechanisms, not - allowing the sender to send more traffic than the receiver or the - network are able to process. - -:index:`libgnunetcadet ` -libgnunetcadet --------------- The CADET API (defined in ``gnunet_cadet_service.h``) is the messaging API used by P2P applications built using GNUnet. It provides diff --git a/users/index.rst b/users/index.rst index bdfbe8a..96c8aea 100644 --- a/users/index.rst +++ b/users/index.rst @@ -25,5 +25,6 @@ welcome. fs vpn messenger + cadet configuration -- cgit v1.2.3