From: Sergey Matveev Date: Wed, 13 Jan 2016 19:37:56 +0000 (+0300) Subject: Merge branch 'develop' X-Git-Tag: 5.2^0 X-Git-Url: http://www.git.cypherpunks.ru/?p=govpn.git;a=commitdiff_plain;h=1fea06143f0580f3d40a9ddbb1425ab613910155;hp=a701f0dc18c15024298c84667e0edeea04e4cdf2 Merge branch 'develop' Signed-off-by: Sergey Matveev --- diff --git a/README.RU b/README.RU index d6f5bfa..a14edb0 100644 --- a/README.RU +++ b/README.RU @@ -6,23 +6,24 @@ GoVPN это простой демон виртуальных частных с несбалансированный протокол согласования ключей с двусторонней аутентификацией сторон (PAKE DH A-EKE). Зашифрованный, аутентифицируемый транспортный протокол передачи данных, скрывающий длины сообщений и их -временные характеристики. Свойство совершенной прямой секретности. -Устойчивость к: внесетевым (offline) атакам по словарю, атакам -повторного воспроизведения (replay), компрометации клиентских парольных -фраз на стороне сервера. Встроенные функции сердцебиения (heartbeat), -пересогласования ключей, статистика реального времени. Возможность -работы поверх UDP, TCP и HTTP прокси. Совместимость с IPv4 и IPv6. -Поддержка GNU/Linux и FreeBSD. +временные характеристики. Опциональный нешифрованный режим, который +всё-равно обеспечивает конфиденциальность и аутентичность данных. +Свойство совершенной прямой секретности. Устойчивость к: внесетевым +(offline) атакам по словарю, атакам повторного воспроизведения (replay), +компрометации клиентских парольных фраз на стороне сервера. Встроенные +функции сердцебиения (heartbeat), пересогласования ключей, статистика +реального времени. Возможность работы поверх UDP, TCP и HTTP прокси. +Совместимость с IPv4 и IPv6. Поддержка GNU/Linux и FreeBSD. GoVPN это свободное программное обеспечением: условия распространения находятся в файле COPYING. -Домашняя страница: http://govpn.info/ -> http://www.cypherpunks.ru/govpn/ +Домашняя страница: http://www.cypherpunks.ru/govpn/ (http://govpn.info/) также доступна как скрытый сервис Tor: http://vabu56j2ep2rwv3b.onion/govpn/ Пожалуйста все вопросы касающиеся использования GoVPN, отчёты об ошибках и патчи отправляйте в govpn-devel почтовую рассылку: -https://lists.cypherpunks.ru/mailman/listinfo/govpn-devel/ +https://lists.cypherpunks.ru/pipermail/govpn-devel/ Исходный код для разработчика находится в Git репозитории: http://git.cypherpunks.ru/cgit.cgi/govpn.git/ diff --git a/VERSION b/VERSION index a75b92f..ef425ca 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -5.1 +5.2 diff --git a/common.mk b/common.mk index 30ac491..95349c4 100644 --- a/common.mk +++ b/common.mk @@ -35,8 +35,8 @@ install: all doc cp -f doc/govpn.info $(INFODIR) chmod 644 $(INFODIR)/govpn.info mkdir -p $(SHAREDIR) - cp -f utils/newclient.sh utils/storekey.sh $(SHAREDIR) - chmod 755 $(SHAREDIR)/newclient.sh $(SHAREDIR)/storekey.sh + cp -f utils/newclient.sh $(SHAREDIR) + chmod 755 $(SHAREDIR)/newclient.sh mkdir -p $(DOCDIR) cp -f -L AUTHORS INSTALL NEWS README README.RU THANKS $(DOCDIR) chmod 644 $(DOCDIR)/* diff --git a/doc/about.ru.texi b/doc/about.ru.texi index 12910b5..e301259 100644 --- a/doc/about.ru.texi +++ b/doc/about.ru.texi @@ -1,76 +1,102 @@ @node О демоне +@cindex About (russian) +@cindex Description (russian) +@cindex О демоне +@cindex Описание +@cindex Вступление @unnumbered Подробнее о демоне GoVPN GoVPN это простой демон виртуальных частных сетей, код которого нацелен на лёгкость чтения и анализа, безопасность, устойчивость к DPI/цензуре. @itemize + @item Свободное программное обеспечение, копилефт: лицензировано под условиями @url{https://www.gnu.org/licenses/gpl-3.0.ru.html, GPLv3+}. + @item Быстрый сильный @ref{PAKE, аутентифицируемый по парольной фразе} несбалансированный протокол @ref{Handshake, согласования ключей} с двусторонней аутентификацией сторон и нулевым неразглашением (PAKE DH A-EKE (Diffie-Hellman Augmented Encrypted Key Exchange)). + @item @ref{Verifier structure, Несбалансированные аутентификационные токены} устойчивые к внесетевым (offline) атакам по словарю. Используют усиленный по CPU и памяти алгоритм хэширования. Злоумышленник не может замаскироваться под клиента даже скомпрометировав базу данных токенов сервера. + @item Зашифрованный и аутентифицируемый @ref{Transport, транспортный протокол} передачи данных с 128-бит @ref{Developer, порогом безопасности} и современной криптографией. + @item Опциональный @ref{Encless, нешифрованный режим}: функции шифрования не применяются для исходящего трафика, вместо них кодирование всё-равно обеспечивающее конфиденциальность. Юрисдикции и суды не могут вас вынудить выдать ключи шифрования или привлечь за использование шифрования. + @item Цензуроустойчивые сообщения транспорта и рукопожатия: неотличимые от шума с опциональным скрытием размеров сообщений. + @item Свойство @url{https://ru.wikipedia.org/wiki/Perfect_forward_secrecy, совершенной прямой секретности} (perfect forward secrecy). + @item Защита от атак повторного воспроизведения (replay) (используя одноразовые MAC). + @item Встроенные функции пересогласования ключей (ротация сессионных ключей) и сердцебиения (heartbeat). + @item Возможность скрывать размеры пакетов путём @ref{Noise, зашумления} данных. + @item Возможность скрывать временные характеристики полезной нагрузки путём @ref{CPR, постоянного по скорости} трафика. + @item Совместимость с @url{http://egd.sourceforge.net/, EGD} (демон сборки энтропии) генераторами псевдослучайных чисел. + @item Поддержка нескольких клиентов одновременно с специфичной для каждого конфигурацией. Клиенты имеют заранее установленный @ref{Identity, идентификатор}, невидимый третьим лицам (они анонимны для них). + @item Использует @url{https://ru.wikipedia.org/wiki/TUN/TAP, TAP} низлежащие сетевые интерфейсы. + @item Может работать поверх @ref{Network, UDP и TCP} или HTTP @ref{Proxy, прокси} для доступа к серверу. + @item Полностью IPv4 и IPv6 совместимый. + @item Опциональный встроенный HTTP-сервер для получения @ref{Stats, статистики} о подключённых клиентах в режиме реального времени в @url{http://json.org/, JSON} формате. + @item Сервер конфигурируется используя @url{http://yaml.org/, YAML} файл. + @item Написан на языке @url{https://golang.org/, Go} с простым кодом, ориентированным на лёгкость чтения и анализа. + @item Поддержка @url{https://www.gnu.org/, GNU}/Linux и @url{https://www.freebsd.org/, FreeBSD}. + @end itemize diff --git a/doc/about.texi b/doc/about.texi index ded06b6..de1abe9 100644 --- a/doc/about.texi +++ b/doc/about.texi @@ -1,70 +1,95 @@ +@cindex About +@cindex Description +@cindex Introduction + GoVPN is simple free software virtual private network daemon, aimed to be reviewable, secure and @url{https://en.wikipedia.org/wiki/Deep_packet_inspection, DPI}/censorship-resistant. @itemize + @item Copylefted free software: licenced under @url{https://www.gnu.org/licenses/gpl-3.0.html, GPLv3+}. + @item Fast strong @ref{PAKE, passphrase authenticated} augmented @ref{Handshake, key agreement protocol} with zero-knowledge mutual peers authentication (PAKE DH A-EKE (Diffie-Hellman Augmented Encrypted Key Exchange)). + @item @ref{Verifier structure, Augmented authentication tokens} resistant to offline dictionary attacks. They use CPU and memory hardened hashing algorithm. An attacker can not masquerade a client even with server passphrase verifiers compromising. + @item Encrypted and authenticated @ref{Transport, payload transport} with 128-bit @ref{Developer, security margin} state-of-the-art cryptography. + @item Optional @ref{Encless, encryptionless mode} of operation: no encryption functions are applied for outgoing traffic, but still confidentiality preserving encoding. Jurisdictions and courts can not either force you to reveal encryption keys or sue for encryption usage. + @item Censorship resistant handshake and transport messages: fully indistinguishable from the noise with optionally hidden packets length. + @item @url{https://en.wikipedia.org/wiki/Forward_secrecy, Perfect forward secrecy} property. + @item Replay attack protection (using one-time MACs). + @item Built-in rehandshake (session key rotation) and heartbeat features. + @item Ability to hide packets length with the @ref{Noise, noise} data. + @item Ability to hide payload timestamps with @ref{CPR, constant packet rate} traffic. + @item Compatible with @url{http://egd.sourceforge.net/, EGD} (entropy gathering daemon) PRNGs. + @item Several simultaneous clients support with per-client configuration options. Clients have pre-established @ref{Identity, identity} invisible for third-parties (they are anonymous). + @item Uses @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TAP} underlying network interfaces. + @item Can use @ref{Network, UDP and TCP} or HTTP @ref{Proxy, proxies} for accessing the server. + @item Fully IPv4 and IPv6 compatible. + @item Optional built-in HTTP-server for retrieving real-time @ref{Stats, statistics} information about known connected peers in @url{http://json.org/, JSON} format. + @item Server is configured through the @url{http://yaml.org/, YAML} file. + @item Written on @url{https://golang.org/, Go} programming language with simple code that can be read and reviewed. + @item @url{https://www.gnu.org/, GNU}/Linux and @url{https://www.freebsd.org/, FreeBSD} support. + @end itemize diff --git a/doc/client.texi b/doc/client.texi index 88e338e..ba75038 100644 --- a/doc/client.texi +++ b/doc/client.texi @@ -1,4 +1,10 @@ @node Client +@cindex Client +@cindex Client part +@cindex Client configuration +@cindex Client side +@cindex Configuring client +@cindex govpn-client @section Client part Except for common @code{-stats}, @code{-egd} options client has the @@ -31,8 +37,8 @@ TAP interface name. Our client's @ref{Verifier}. @item -key -Path to the file with the passphrase. See @ref{Verifier} for -how to enter passphrase from stdin silently and store it in the file. +Path to the file with the passphrase. If omitted, then you will be asked +to enter it in the terminal. @item -timeout @ref{Timeout} setting in seconds. diff --git a/doc/contacts.texi b/doc/contacts.texi index 3f96135..c6915ef 100644 --- a/doc/contacts.texi +++ b/doc/contacts.texi @@ -1,4 +1,9 @@ @node Contacts +@cindex Contacts +@cindex Feedback +@cindex Support +@cindex Help +@cindex Maillist @unnumbered Contacts Please send questions regarding the use of GoVPN, bug reports and patches to diff --git a/doc/cpr.texi b/doc/cpr.texi index 5ea5717..f4259f8 100644 --- a/doc/cpr.texi +++ b/doc/cpr.texi @@ -1,4 +1,6 @@ @node CPR +@cindex CPR +@cindex Constant Packet Rate @subsection Constant Packet Rate Constant Packet Rate is used to hide fact of underlying payload packets diff --git a/doc/developer.texi b/doc/developer.texi index 4293f80..30dd12f 100644 --- a/doc/developer.texi +++ b/doc/developer.texi @@ -1,4 +1,7 @@ @node Developer +@cindex Developer manual +@cindex Developer +@cindex Cryptography @unnumbered Developer manual Pay attention how to get @ref{Sources, development source code}. diff --git a/doc/download.texi b/doc/download.texi index 2217f3c..c67efed 100644 --- a/doc/download.texi +++ b/doc/download.texi @@ -1,4 +1,7 @@ @node Tarballs +@cindex Download +@cindex Tarball +@cindex Prepared tarballs @section Prepared tarballs You can obtain releases source code prepared tarballs from the links below: @@ -6,6 +9,10 @@ You can obtain releases source code prepared tarballs from the links below: @multitable {XXXXX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx} @headitem Version @tab Size @tab Tarball @tab SHA256 checksum +@item 5.1 @tab 287 KiB +@tab @url{download/govpn-5.1.tar.xz, link} @url{download/govpn-5.1.tar.xz.sig, sign} +@tab @code{0d456c5683287dca31f8c3302eb9a9329feab82bc1fbdb0098fca991513536d1} + @item 5.0 @tab 237 KiB @tab @url{download/govpn-5.0.tar.xz, link} @url{download/govpn-5.0.tar.xz.sig, sign} @tab @code{cc186a3b800279b6f5a7c86d61b250c24cf97235f6c3e1bb05a6cb60251085c6} diff --git a/doc/egd.texi b/doc/egd.texi index c0006db..9984a20 100644 --- a/doc/egd.texi +++ b/doc/egd.texi @@ -1,4 +1,7 @@ @node EGD +@cindex EGD +@cindex Entropy Gathering Daemon +@cindex Entropy @subsection Entropy Gathering Daemon Overall security mainly depends on client side: diff --git a/doc/encless.texi b/doc/encless.texi index 6d44191..fd267c7 100644 --- a/doc/encless.texi +++ b/doc/encless.texi @@ -1,4 +1,11 @@ @node Encless +@cindex Encryptionless +@cindex Encryptionless mode +@cindex Chaffing-and-Winnowing +@cindex AONT +@cindex All-Or-Nothing-Transformation +@cindex OAEP +@cindex SAEP+ @subsection Encryptionless mode Some jurisdictions can force user to reveal his encryption keys. However diff --git a/doc/example.texi b/doc/example.texi index f4f80f4..fe00545 100644 --- a/doc/example.texi +++ b/doc/example.texi @@ -1,4 +1,7 @@ @node Example +@cindex Example +@cindex Example usage +@cindex Tutorial @section Example usage Let's assume that there is some insecure link between your computer and @@ -19,9 +22,11 @@ software: download, @ref{Integrity, check the signature}, compile. @strong{Prepare the client}. Generate client's verifier for Alice as an example: +@cindex newclient.sh + @verbatim client% ./utils/newclient.sh Alice -Enter passphrase: +Passphrase: Your client verifier is: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg Place the following YAML configuration entry on the server's side: @@ -30,11 +35,6 @@ Place the following YAML configuration entry on the server's side: up: /path/to/up.sh iface: or TAP interface name verifier: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10 - -Verifier was generated with: - - ./utils/storekey.sh /tmp/passphrase - govpn-verifier -key /tmp/passphrase @end verbatim @strong{Prepare the server}. Add this entry to @code{peers.yaml} @@ -49,7 +49,6 @@ Alice: @strong{Prepare network on GNU/Linux IPv4 server}: @example -server% umask 077 server% ip addr add 192.168.0.1/24 dev wlan0 server% tunctl -t tap10 server% ip addr add 172.16.0.1/24 dev tap10 @@ -65,8 +64,6 @@ server% govpn-server -bind 192.168.0.1:1194 @strong{Prepare network on GNU/Linux IPv4 client}: @example -client% umask 066 -client% utils/storekey.sh key.txt client% ip addr add 192.168.0.2/24 dev wlan0 client% tunctl -t tap10 client% ip addr add 172.16.0.2/24 dev tap10 @@ -77,7 +74,6 @@ client% ip route add default via 172.16.0.1 @strong{Run client daemon itself}: @example client% govpn-client \ - -key key.txt \ -verifier '$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg' \ -iface tap10 \ -remote 192.168.0.1:1194 @@ -96,7 +92,6 @@ client% ifconfig tap10 client% ifconfig tap10 inet6 fc00::2/96 up client% route -6 add default fc00::1 client% govpn-client \ - -key key.txt \ -verifier '$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg' \ -iface tap10 \ -remote "[fe80::1%me0]":1194 diff --git a/doc/faq.ru.texi b/doc/faq.ru.texi index 10f7fda..9035137 100644 --- a/doc/faq.ru.texi +++ b/doc/faq.ru.texi @@ -1,4 +1,7 @@ @node ЧАВО +@cindex FAQ (russian) +@cindex ЧАВО +@cindex Часто задаваемые вопросы @unnumbered Часто задаваемые вопросы @table @asis @@ -39,6 +42,7 @@ Go очень легко читается, поддаётся ревью и по высокоэнтропийный ключ. Вам нужно доверять только себе, не аппаратному токену или другому устройству хранения. Это удобно. +@cindex Настройка сети @item Почему вся настройка сети делается вручную? Потому-что существует так много вариантов использования, конфигураций и установок, что или я поддерживаю их всех, или использую громоздкие @@ -57,10 +61,13 @@ Go очень легко читается, поддаётся ревью и по уровне сессии: оно не спасёт если сессионный ключ скомпрометирован из памяти. +@cindex Анонимность +@cindex Анонимные клиенты @item Что вы подразумеваете когда говорите что клиенты анонимны? Что третьей лицо не может отличить одного клиента от другого, смотря на трафик (транспортный или рукопожатия). +@cindex Цензуроустойчивость @item Что вы подразумеваете под цензуроустойчивостью? Невозможность определить GoVPN ли это трафик или просто @code{cat /dev/urandom | nc somehost}. Если вы не можете отличить один @@ -78,6 +85,11 @@ Go очень легко читается, поддаётся ревью и по виду, что этот режим требователен к ресурсам и трафику и пока работает только в TCP режиме. +@item Вы думаете нешифрованный режим с его случайными данными поможет в суде? +Если всё что не может быть прочитано кем-угодно считается шифрованием, +то нет, этот режим вам не поможет. Представьте что вы говорите на другом +иностранном языке или просто используете другую схему кодирования данных. + @item Когда я должен использовать @ref{Noise, noise} опцию? В большинстве случаев она вам не нужна без включённого @ref{CPR, постоянного по скорости трафика} (CPR). Без CPR и шума, в @@ -94,4 +106,11 @@ UMAC алгоритмом -- в большинстве случаев потре обрабатывается только если зашифрованный @ref{Identity, идентификатор} клиента найден: он использует быстрый PRP без потребления энтропии. +@item Почему YAML для конфигурации? +Есть не так много хорошо известных форматов позволяющих комментировать, +легко редактировать людьми (XML совсем не дружелюбен к человеку, JSON +более менее). Возможно самое важное свойство это шаблоны YAML: очень +удобно сохранить много клиентов, имеющих схожие настройки, в одном +конфигурационном файле. + @end table diff --git a/doc/faq.texi b/doc/faq.texi index 0ac8de8..c9da019 100644 --- a/doc/faq.texi +++ b/doc/faq.texi @@ -1,19 +1,24 @@ @node FAQ +@cindex FAQ +@cindex Frequently Asked Questions @unnumbered Frequently Asked Questions @table @asis +@cindex TLS @item Why do not you use TLS? It is complicated protocol. It uses Authenticate-then-Encrypt ordering of algorithms -- it is not secure. Moreover its libraries are huge and hard to read, review and analyze. +@cindex SSH @item Why do not you use SSH? Its first protocol versions used A-a-E ordering, however later ones supports even ChaCha20-Poly1305 algorithms. But its source code is not so trivial and rather big to read and review. OpenSSH does not support strong zero-knowledge password authentication. +@cindex IPsec @item Why do not you use IPsec? It is rather good protocol, supported by all modern OSes. But it lacks strong zero-knowledge password authentication and, again, its code is @@ -24,6 +29,8 @@ For the same reasons: most of software do not provide strong password authentication, high cryptographic protocol security, and most of this software is written in C -- it is hard to write right on it. +@cindex Why Go +@cindex Go @item Why GoVPN is written on Go? Go is very easy to read, review and support. It makes complex code writing a harder task. It provides everything needed to the C language: @@ -38,12 +45,17 @@ Human is capable of memorizing rather long passphrases (not passwords): You need to trust only yourself, not hardware token or some other storage device. It is convenient. +@cindex Network configuration @item Why all network configuration must be done manually? Because there are so many use-cases and setups, so many various protocols, that either I support all of them, or use complicated protocol setups like PPP, or just give right of the choice to the administrator. VPN is only just a layer. +@cindex Windows +@cindex Microsoft Windows +@cindex Apple OS X +@cindex OS X @item Why there is no either OS X or Windows support? Any closed source proprietary systems do not give ability to control the computer. You can not securely use cryptography-related stuff without @@ -55,10 +67,15 @@ You can not decrypt previously saved traffic by compromising long-lived keys. PFS property is per-session level: it won't protect from leaking the session key from the memory. +@cindex Anonymity +@cindex Anonymous clients @item What do you mean by saying that clients are anonymous? That third-party can not differentiate one client from another looking at the traffic (transport and handshake). +@cindex Censorship +@cindex Censorship resistance +@cindex DPI resistance @item What do you mean by censorship resistance? Unability to distinguish either is it GoVPN-traffic is passing by, or just @code{cat /dev/urandom | nc somehost}. If you can not differentiate @@ -75,6 +92,12 @@ provides confidentiality and authenticity of transmitted data! But pay attention that this mode is traffic and resource hungry and currently operate only in TCP mode. +@item Do you think encryptionless mode with all those random data helps in court? +If anything that can not be read by anyone is considered encryption, +then no, encryptionless mode won't help you. Imagine that either you are +talking on another foreign language, or just use another date encoding +scheme. + @item When should I use @ref{Noise, noise} option? In most cases you won't need it without @ref{CPR, constant packer rate} turned on. Without CPR and noise options GoVPN traffic (like TLS, IPsec, @@ -83,6 +106,7 @@ timestamps and sizes. You can run traffic analysis and predict what is going on in the network. With CPR option enabled you can tell either somebody is online, or not -- nothing less, nothing more. +@cindex DoS @item Can I DoS (denial of service) the daemon? Each transport packet is authenticated first with the very fast UMAC algorithm -- in most cases resource consumption of TCP/UDP layers will @@ -90,4 +114,12 @@ be higher then UMAC verifying. Each handshake message is processed only when an encrypted client's @ref{Identity, identity} is found: it uses fast PRP without any entropy usage. +@cindex Why YAML +@item Why YAML for configuration? +There are not so many well-known formats that allow commenting, easy +editing by human (XML is not human friendly at all, JSON is more or +less). Probably the most useful feature is YAML's templates: it is very +convenient for storing many clients sharing the same options in the +configuration file. + @end table diff --git a/doc/govpn.texi b/doc/govpn.texi index 7fab9f3..73e6908 100644 --- a/doc/govpn.texi +++ b/doc/govpn.texi @@ -40,6 +40,7 @@ A copy of the license is included in the section entitled "Copying conditions". * In the media: Media. * TODO:: * Copying conditions:: +* Concept index:: @end menu @include about.ru.texi @@ -60,4 +61,10 @@ A copy of the license is included in the section entitled "Copying conditions". @insertcopying @verbatiminclude fdl.txt + +@node Concept index +@unnumbered Concept index + +@printindex cp + @bye diff --git a/doc/handshake.texi b/doc/handshake.texi index f19fde0..3efe97d 100644 --- a/doc/handshake.texi +++ b/doc/handshake.texi @@ -1,4 +1,19 @@ @node Handshake +@cindex Handshake +@cindex Handshake protocol +@cindex Diffie-Hellman +@cindex ed25519 +@cindex curve25519 +@cindex Elligator +@cindex Perfect Forward Secrecy +@cindex PFS +@cindex IDtag +@cindex Shared key +@cindex DH-EKE +@cindex DH +@cindex EKE +@cindex A-EKE +@cindex DH-A-EKE @section Handshake protocol @verbatiminclude handshake.utxt diff --git a/doc/identity.texi b/doc/identity.texi index 3a37790..d74e6cf 100644 --- a/doc/identity.texi +++ b/doc/identity.texi @@ -1,4 +1,6 @@ @node Identity +@cindex Client identity +@cindex Identity @subsection Identity Client's identity is 128-bit string. It is not secret, so can be diff --git a/doc/installation.texi b/doc/installation.texi index c6ac214..ca95bb1 100644 --- a/doc/installation.texi +++ b/doc/installation.texi @@ -1,4 +1,13 @@ @node Installation +@cindex Installation +@cindex Getting GoVPN +@cindex Requirements +@cindex Dependencies +@cindex Ports +@cindex Packages +@cindex FreeBSD +@cindex AUR +@cindex Texinfo @unnumbered Installation Possibly GoVPN already exists in your distribution: diff --git a/doc/integrity.texi b/doc/integrity.texi index ccbb5c8..b9c6ff5 100644 --- a/doc/integrity.texi +++ b/doc/integrity.texi @@ -1,4 +1,8 @@ @node Integrity +@cindex Integrity +@cindex Tarball integrity +@cindex PGP +@cindex Public key @section Tarballs integrity check You @strong{have to} verify downloaded archives integrity and check diff --git a/doc/media.texi b/doc/media.texi index b129c0d..332ed63 100644 --- a/doc/media.texi +++ b/doc/media.texi @@ -1,4 +1,6 @@ @node Media +@cindex In the media +@cindex Articles @unnumbered In the media @itemize diff --git a/doc/mtu.texi b/doc/mtu.texi index 29930b6..2206c55 100644 --- a/doc/mtu.texi +++ b/doc/mtu.texi @@ -1,4 +1,6 @@ @node MTU +@cindex MTU +@cindex Maximum Transmission Unit @subsection Maximum Transmission Unit MTU option tells what maximum transmission unit is expected to get from diff --git a/doc/netproto.texi b/doc/netproto.texi index d57edb3..f5b26f4 100644 --- a/doc/netproto.texi +++ b/doc/netproto.texi @@ -1,4 +1,8 @@ @node Network +@cindex Transport +@cindex Network transport +@cindex TCP +@cindex UDP @subsection Network transport You can use either UDP or TCP underlying network transport protocols. diff --git a/doc/news.texi b/doc/news.texi index d704715..608613a 100644 --- a/doc/news.texi +++ b/doc/news.texi @@ -1,9 +1,19 @@ @node News +@cindex Releases +@cindex News @unnumbered News @table @strong +@item Release 5.2 +@cindex Release 5.2 +@itemize +@item Ability to read passphrases directly from the terminal (user's +input) without using of keyfiles. @code{storekey.sh} utility removed. +@end itemize + @item Release 5.1 +@cindex Release 5.1 @itemize @item Server is configured using @url{http://yaml.org/, YAML} file. It is very convenient to have comments and templates, comparing to JSON. @@ -12,6 +22,7 @@ with @emph{BLAKE2b} in handshake code. @end itemize @item Release 5.0 +@cindex Release 5.0 @itemize @item New optional @ref{Encless, encryptionless mode} of operation. Technically no encryption functions are applied for outgoing packets, so @@ -25,12 +36,14 @@ up-scripts for convenience. @end itemize @item Release 4.2 +@cindex Release 4.2 @itemize @item Fixed non-critical bug when server may fail if up-script is not executed successfully. @end itemize @item Release 4.1 +@cindex Release 4.1 @itemize @item @url{https://password-hashing.net/#argon2, Argon2d} is used instead of PBKDF2 for password verifier hashing. @@ -39,6 +52,7 @@ server-side configuration and the code. @end itemize @item Release 4.0 +@cindex Release 4.0 @itemize @item Handshake messages can be noised: their messages lengths are hidden. Now they are indistinguishable from transport messages. @@ -48,6 +62,7 @@ hidden. Now they are indistinguishable from transport messages. @end itemize @item Release 3.5 +@cindex Release 3.5 @itemize @item Ability to use @ref{Network, TCP} network transport. Server can listen on both UDP and TCP sockets. @@ -59,6 +74,7 @@ reasons. @end itemize @item Release 3.4 +@cindex Release 3.4 @itemize @item Ability to use external @ref{EGD}-compatible PRNGs. Now you are able to use GoVPN even on systems with the bad @code{/dev/random}, @@ -69,6 +85,7 @@ without performance degradation related to inbound packets reordering. @end itemize @item Release 3.3 +@cindex Release 3.3 @itemize @item Compatibility with an old GNU Make 3.x. Previously only BSD Make and GNU Make 4.x were supported. @@ -79,6 +96,7 @@ GNU/Linux systems. Previously /dev/random can produce less than required @end itemize @item Release 3.2 +@cindex Release 3.2 @itemize @item Deterministic building: dependent libraries source code commits are @@ -91,6 +109,7 @@ FreeBSD Make compatibility. GNU Make is not necessary anymore. @end itemize @item Release 3.1 +@cindex Release 3.1 @itemize @item Diffie-Hellman public keys are encoded with Elligator algorithm when @@ -101,6 +120,7 @@ consume twice entropy for DH key generation in average. @end itemize @item Release 3.0 +@cindex Release 3.0 @itemize @item EKE protocol is replaced by Augmented-EKE and static symmetric (both @@ -133,6 +153,7 @@ Per-peer @code{-timeout}, @code{-noncediff}, @code{-noise} and @end itemize @item Release 2.4 +@cindex Release 2.4 @itemize @item Added ability to optionally run built-in HTTP-server responding with @@ -144,6 +165,7 @@ Documentation is explicitly licenced under GNU FDL 1.3+. @end itemize @item Release 2.3 +@cindex Release 2.3 @itemize @item Handshake packets became indistinguishable from the random. @@ -159,16 +181,19 @@ consuming and resource heavy computations. @end itemize @item Release 2.2 +@cindex Release 2.2 @itemize @item Fixed several possible channel deadlocks. @end itemize @item Release 2.1 +@cindex Release 2.1 @itemize @item Fixed Linux-related building. @end itemize @item Release 2.0 +@cindex Release 2.0 @itemize @item Added clients identification. @item Simultaneous several clients support by server. @@ -176,16 +201,19 @@ consuming and resource heavy computations. @end itemize @item Release 1.5 +@cindex Release 1.5 @itemize @item Nonce obfuscation/encryption. @end itemize @item Release 1.4 +@cindex Release 1.4 @itemize @item Performance optimizations. @end itemize @item Release 1.3 +@cindex Release 1.3 @itemize @item Heartbeat feature. @item Rehandshake feature. @@ -193,11 +221,13 @@ consuming and resource heavy computations. @end itemize @item Release 1.1 +@cindex Release 1.1 @itemize @item FreeBSD support. @end itemize @item Release 1.0 +@cindex Release 1.0 @itemize @item Initial stable release. @end itemize diff --git a/doc/noise.texi b/doc/noise.texi index 5df68a9..9e171d1 100644 --- a/doc/noise.texi +++ b/doc/noise.texi @@ -1,4 +1,6 @@ @node Noise +@cindex Noise +@cindex Timestamps @subsection Noise So-called noise is used to hide underlying payload packets length. diff --git a/doc/pake.texi b/doc/pake.texi index b80f569..d343a49 100644 --- a/doc/pake.texi +++ b/doc/pake.texi @@ -1,30 +1,24 @@ @node PAKE +@cindex Password Authenticated Key Agreement +@cindex PAKE @subsection Password Authenticated Key Agreement -Previously we used pre-shared high-entropy long-term static key for -client-server authentication. Is is secure, but not convenient for some -user use-cases: +GoVPN uses strong password authentication. That means that it uses human +memorable @strong{passphrases}, instead of some small high-entropy keys +that must be carried with himself. Passphrases differ from passwords: +they are long string of low-entropy characters -- they are easy to +remember and can have high overall entropy. + +Strong zero-knowledge authentication means that: @itemize -@item Compromising of passphrase files on either server or client side -allows attacker to masquerade himself a client. -@item To prevent compromising of keys on the client side, one needs some -kind of passphrase protected secure storage (like either PGP with -decryption to the memory, or full-disk encryption). +@item compromising of passphrase files on either server or client sides +won't allow attackers to masquerade himself the client; +@item no need of protected secure storage on the server's side to keep +keys in safety. @end itemize -Overall security on the client side is concentrated in passphrase -(high-entropy password), so it is convenient to use it in GoVPN -directly, without static on-disk keys. That is why we use passphrase -authenticated key agreement. - -We use "passphrase" term instead of "password". Technically there may be -no difference between them. But as a rule passphrases are @strong{long} -strings with low entropy characters. Because of low entropy characters, -they are memorable. Because of their quantity, they acts as a high -entropy source. - Passphrases are entered directly by the human on the client side. Server -side stores previously shared so-called @ref{Verifier, verifier}. Verifier -contains dictionary attack resistant password derivative. Attacker can not -use it to act as a client. +side stores pre-shared @ref{Verifier, verifier}, containing dictionary +attack resistant passphrase derivative. Attacker can not use it to act +as a client. diff --git a/doc/precautions.texi b/doc/precautions.texi index fbf45d1..0401778 100644 --- a/doc/precautions.texi +++ b/doc/precautions.texi @@ -1,12 +1,14 @@ @node Precautions +@cindex Dangers +@cindex Precautions @unnumbered Precautions @enumerate @item -We use password (passphrase) authentication, so overall security fully -depends on its strength. You @strong{should} use long, high-entropy -passphrases. Also remember to keep passphrase in temporary file and read -it securely as described in @ref{Verifier, verifier}. +We use passphrase authentication, so overall security fully depends on +its strength. You @strong{should} use long, high-entropy passphrases. +Also remember to keep passphrase in temporary file and read it securely +as described in @ref{Verifier, verifier}. @item You must @strong{never} use the same key for multiple clients. diff --git a/doc/proxy.texi b/doc/proxy.texi index b0f08fc..a314b79 100644 --- a/doc/proxy.texi +++ b/doc/proxy.texi @@ -1,4 +1,9 @@ @node Proxy +@cindex Proxy +@cindex HTTP proxy +@cindex HTTP authentication +@cindex CONNECT +@cindex HTTP @subsection Proxy You can proxy your requests through HTTP using CONNECT method. This can diff --git a/doc/server.texi b/doc/server.texi index 0882ff2..ee132bd 100644 --- a/doc/server.texi +++ b/doc/server.texi @@ -1,4 +1,9 @@ @node Server +@cindex Server +@cindex Server part +@cindex Server configuration +@cindex Server side +@cindex govpn-server @section Server part Except for common @code{-stats}, @code{-egd} options server has the @@ -21,6 +26,9 @@ Start trivial HTTP @ref{Proxy} server on specified @emph{host:port}. @end table +@cindex YAML +@cindex YAML configuration +@cindex Configuration file Configuration file is YAML file with following example structure: @verbatim @@ -45,6 +53,8 @@ must output interface's name to stdout (first output line). For example up-script can be just @code{echo tap10}, or more advanced like the following one: +@cindex up-script + @example #!/bin/sh $tap=$(ifconfig tap create) diff --git a/doc/sources.texi b/doc/sources.texi index 862fa86..f1eb3eb 100644 --- a/doc/sources.texi +++ b/doc/sources.texi @@ -1,4 +1,10 @@ @node Sources +@cindex Sources +@cindex Source code +@cindex Development source code +@cindex Git +@cindex Repository +@cindex Mirrors @section Development source code Development source code contains the latest version of the code. It may diff --git a/doc/stats.texi b/doc/stats.texi index c543137..0c14700 100644 --- a/doc/stats.texi +++ b/doc/stats.texi @@ -1,4 +1,6 @@ @node Stats +@cindex Stats +@cindex Statistics @subsection Statistics Both client and server has ability to show statistics about known diff --git a/doc/thanks.texi b/doc/thanks.texi index d551819..aed296a 100644 --- a/doc/thanks.texi +++ b/doc/thanks.texi @@ -1,4 +1,5 @@ @node Thanks +@cindex Thanks @unnumbered Thanks Thanks for contributions and suggestions to: diff --git a/doc/timeout.texi b/doc/timeout.texi index 89dd5b0..89dcf1e 100644 --- a/doc/timeout.texi +++ b/doc/timeout.texi @@ -1,4 +1,5 @@ @node Timeout +@cindex Timeout @subsection Timeout Because of stateless UDP nature there is no way to reliably know if diff --git a/doc/todo.texi b/doc/todo.texi index 520192c..f77ab2f 100644 --- a/doc/todo.texi +++ b/doc/todo.texi @@ -1,4 +1,5 @@ @node TODO +@cindex TODO @unnumbered TODO @itemize diff --git a/doc/transport.texi b/doc/transport.texi index 4b8413b..3b894ec 100644 --- a/doc/transport.texi +++ b/doc/transport.texi @@ -1,4 +1,12 @@ @node Transport +@cindex Transport +@cindex Transport protocol +@cindex Salsa20 +@cindex PRP +@cindex Nonce +@cindex Poly1305 +@cindex XTEA +@cindex Serial @section Transport protocol @verbatim diff --git a/doc/user.texi b/doc/user.texi index d2118b3..ca2e81c 100644 --- a/doc/user.texi +++ b/doc/user.texi @@ -1,7 +1,10 @@ @node User +@cindex User +@cindex User manual @unnumbered User manual -Announcements about updates and new releases can be found in @ref{Contacts}. +Announcements about updates and new releases can be found in +@ref{Contacts, contacts}. GoVPN is split into two pieces: @ref{Client} and @ref{Server}. Each of them work on top of @ref{Network, UDP/TCP} and TAP virtual network @@ -9,6 +12,7 @@ interfaces. GoVPN is just a tunnelling of Ethernet frames, nothing less, nothing more. All you IP-related network management is not touched by VPN at all. You can automate it using up and down shell scripts. +@cindex Performance What network performance can user expect? For example single @emph{Intel i5-2450M 2.5 GHz} core on @emph{FreeBSD 10.2 amd64} with @emph{Go 1.5.1} gives 786 Mbps (UDP transport) throughput. diff --git a/doc/verifier.texi b/doc/verifier.texi index bb364d7..861bef0 100644 --- a/doc/verifier.texi +++ b/doc/verifier.texi @@ -1,15 +1,13 @@ @node Verifier +@cindex Verifier +@cindex govpn-verifier @subsection Verifier -Verifier is created using @code{govpn-verifier} utility. But currently -Go does not provide native instruments to read passwords without echoing -them to stdout. You can use @code{utils/storekey.sh} script to read them -silently. +Verifier is created using @code{govpn-verifier} utility. @example -% utils/storekey.sh mypass.txt -Enter passphrase:[hello world] -% govpn-verifier -key mypass.txt +% govpn-verifier +Passphrase:[hello world] $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10 $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg @end example @@ -22,10 +20,11 @@ You can check passphrase against verifier by specifying @code{-verifier} option with the path to verifier file: @example -% govpn-verifier -key mypass.txt -verifier '$argon2d...' +% govpn-verifier -verifier '$argon2d...' +Passphrase:[hello world] true @end example -Plaintext passphrases @strong{must} be stored on volatile memory, for -example either in memory disk, or on encrypted filesystem with -restrictive permissions to the file. +Optionally you can store plaintext passphrases on volatile memory +(memory disk, encrypted filesystem with restrictive permissions to the +file) and provide @code{-key} option. diff --git a/doc/verifierstruct.texi b/doc/verifierstruct.texi index 792506d..51cf289 100644 --- a/doc/verifierstruct.texi +++ b/doc/verifierstruct.texi @@ -1,4 +1,8 @@ @node Verifier structure +@cindex Verifier structure +@cindex Argon2 +@cindex Argon2d +@cindex Salt @section Verifier structure Verifier is a derivative of the password. It is resistant to diff --git a/src/govpn/cmd/govpn-client/main.go b/src/govpn/cmd/govpn-client/main.go index c441405..e73854c 100644 --- a/src/govpn/cmd/govpn-client/main.go +++ b/src/govpn/cmd/govpn-client/main.go @@ -74,7 +74,11 @@ func main() { if err != nil { log.Fatalln(err) } - priv := verifier.PasswordApply(govpn.StringFromFile(*keyPath)) + key, err := govpn.KeyRead(*keyPath) + if err != nil { + log.Fatalln("Unable to read the key", err) + } + priv := verifier.PasswordApply(key) if *encless { if *proto != "tcp" { log.Fatalln("Currently encryptionless mode works only with TCP") diff --git a/src/govpn/cmd/govpn-verifier/main.go b/src/govpn/cmd/govpn-verifier/main.go index a7c16f0..10bd90b 100644 --- a/src/govpn/cmd/govpn-verifier/main.go +++ b/src/govpn/cmd/govpn-verifier/main.go @@ -20,7 +20,7 @@ along with this program. If not, see . package main import ( - "crypto/subtle" + "bytes" "flag" "fmt" "log" @@ -42,6 +42,10 @@ func main() { if *egdPath != "" { govpn.EGDInit(*egdPath) } + key, err := govpn.KeyRead(*keyPath) + if err != nil { + log.Fatalln("Unable to read the key", err) + } if *verifier == "" { id := new([govpn.IDSize]byte) if _, err := govpn.Rand.Read(id[:]); err != nil { @@ -49,7 +53,7 @@ func main() { } pid := govpn.PeerId(*id) v := govpn.VerifierNew(*mOpt, *tOpt, *pOpt, &pid) - v.PasswordApply(govpn.StringFromFile(*keyPath)) + v.PasswordApply(key) fmt.Println(v.LongForm()) fmt.Println(v.ShortForm()) return @@ -62,6 +66,6 @@ func main() { log.Fatalln("Verifier does not contain public key") } pub := *v.Pub - v.PasswordApply(govpn.StringFromFile(*keyPath)) - fmt.Println(subtle.ConstantTimeCompare(v.Pub[:], pub[:]) == 1) + v.PasswordApply(key) + fmt.Println(bytes.Equal(v.Pub[:], pub[:])) } diff --git a/src/govpn/verifier.go b/src/govpn/verifier.go index ba51846..0dc9388 100644 --- a/src/govpn/verifier.go +++ b/src/govpn/verifier.go @@ -29,6 +29,7 @@ import ( "github.com/agl/ed25519" "github.com/magical/argon2" + "golang.org/x/crypto/ssh/terminal" ) const ( @@ -117,11 +118,26 @@ func (v *Verifier) LongForm() string { ) } -// Read string from the file, trimming newline. -func StringFromFile(path string) string { - s, err := ioutil.ReadFile(path) +// Read the key either from text file (if path is specified), or +// from the terminal. +func KeyRead(path string) (string, error) { + var p []byte + var err error + var pass string + if path == "" { + fmt.Print("Passphrase:") + p, err = terminal.ReadPassword(0) + fmt.Print("\n") + pass = string(p) + } else { + p, err = ioutil.ReadFile(path) + pass = strings.TrimRight(string(p), "\n") + } if err != nil { - log.Fatalln("Can not read string from", path, err) + return "", err + } + if len(pass) == 0 { + return "", errors.New("Empty passphrase submitted") } - return strings.TrimRight(string(s), "\n") + return pass, err } diff --git a/utils/makedist.sh b/utils/makedist.sh index 3c5ce99..2a6ee31 100755 --- a/utils/makedist.sh +++ b/utils/makedist.sh @@ -9,12 +9,12 @@ release=$1 git clone . $tmp/govpn-$release repos=" - src/github.com/bigeagle/water src/github.com/agl/ed25519 - src/github.com/magical/argon2 + src/github.com/bigeagle/water src/github.com/dchest/blake2b - src/golang.org/x/crypto src/github.com/go-yaml/yaml + src/github.com/magical/argon2 + src/golang.org/x/crypto " for repo in $repos; do git clone $repo $tmp/govpn-$release/$repo @@ -32,6 +32,7 @@ golang.org/x/crypto/README golang.org/x/crypto/curve25519 golang.org/x/crypto/poly1305 golang.org/x/crypto/salsa20 +golang.org/x/crypto/ssh/terminal golang.org/x/crypto/xtea EOF tar cfCI - src $tmp/includes | tar xfC - $tmp @@ -143,8 +144,8 @@ $(git cat-file -p $release | sed -n '6,/^.*BEGIN/p' | sed '$d') ----------------8<-----------------8<-----------------8<---------------- Домашняя страница GoVPN: http://www.cypherpunks.ru/govpn/ (http://govpn.info/) -Коротко о демоне: http://www.cypherpunks.ru/govpn/O-demone.html также доступна как скрытый сервис Tor: http://vabu56j2ep2rwv3b.onion/govpn/ +Коротко о демоне: http://www.cypherpunks.ru/govpn/O-demone.html Исходный код и его подпись для этой версии находится здесь: diff --git a/utils/newclient.sh b/utils/newclient.sh index 44c7ef5..aebc975 100755 --- a/utils/newclient.sh +++ b/utils/newclient.sh @@ -14,11 +14,7 @@ EOF } username=$1 -umask 077 -passphrase=$(mktemp) -$(dirname $0)/storekey.sh $passphrase -verifier=$(govpn-verifier -key $passphrase) -rm -f $passphrase +verifier=$(govpn-verifier) verifierS=$(echo $verifier | sed 's/^\(.*\) .*$/\1/') verifierC=$(echo $verifier | sed 's/^.* \(.*\)$/\1/') echo @@ -32,9 +28,4 @@ Place the following YAML configuration entry on the server's side: up: /path/to/up.sh iface: or TAP interface name verifier: $verifierS - -Verifier was generated with: - - $(dirname $0)/storekey.sh /tmp/passphrase - govpn-verifier -key /tmp/passphrase EOF diff --git a/utils/storekey.sh b/utils/storekey.sh deleted file mode 100755 index 299883d..0000000 --- a/utils/storekey.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -e - -[ -n "$1" ] || { - cat < -EOF - exit 1 -} - -echo -n Enter passphrase: -stty -echo -read passphrase -stty echo -umask 077 -cat > $1 <