[submodule "src/golang.org/x/crypto"]
path = src/golang.org/x/crypto
url = https://go.googlesource.com/crypto
-[submodule "src/github.com/magical/argon2"]
- path = src/github.com/magical/argon2
- url = https://github.com/magical/argon2.git
[submodule "src/github.com/dchest/blake2b"]
path = src/github.com/dchest/blake2b
url = https://github.com/dchest/blake2b.git
[submodule "src/github.com/go-yaml/yaml"]
path = src/github.com/go-yaml/yaml
url = https://github.com/go-yaml/yaml.git
+[submodule "src/cypherpunks.ru/balloon"]
+ path = src/cypherpunks.ru/balloon
+ url = git://git.cypherpunks.ru/balloon.git
GoVPN is free software: see the file COPYING for copying conditions.
-Home page: http://govpn.info/ -> http://www.cypherpunks.ru/govpn/
-also available as Tor hidden service: http://vabu56j2ep2rwv3b.onion/govpn/
+Home page: http://www.govpn.info/
+also available as Tor hidden service: http://2wir2p7ibeu72jk3.onion/
Please send questions regarding the use of GoVPN, bug reports and
patches to govpn-devel mailing list:
GoVPN это свободное программное обеспечением: условия распространения
находятся в файле COPYING.
-Домашняя страница: http://www.cypherpunks.ru/govpn/ (http://govpn.info/)
-также доступна как скрытый сервис Tor: http://vabu56j2ep2rwv3b.onion/govpn/
+Домашняя страница: http://www.govpn.info/
+также доступна как скрытый сервис Tor: http://2wir2p7ibeu72jk3.onion/
Пожалуйста все вопросы касающиеся использования GoVPN, отчёты об ошибках
и патчи отправляйте в govpn-devel почтовую рассылку:
--- /dev/null
+i4cdqgcarfjdjnba6y4jnf498asg8c6p
--- /dev/null
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFT/H6cBCADTf/oqoTTBAA/CCQuYtzg8vrXxyjXj9yy4lTWqMSwgLXMm8br/
+kG0Jnk63oP3hggI3hm2mpuiNwpwrJiORLBZCe8JgZW71zG4LfhVpQeWd7fu8WxDx
+0uUZWByz5KcK8c/kNWNDpSkMmmqdE/8v0YDFbsz5U+ytp/Kki/gj3BCeIX3jYOL1
+fxczkv2okoU+aGYXt9z50VzheLUSRLzkkX8yNSpszqfB0LEEmUk8HO2fSS/bXwaY
+ZXX5//suH8V5hwq8vB8dHHCquZW6blyzcTa2KGIh6g2CmpypIQp/i5QAbzOCHKTM
+A1F7A1r0kYF2WfZOrycCfjUx3GA5B7sytuA3ABEBAAG0JEdvVlBOIHJlbGVhc2Vz
+IDxyZWxlYXNlc0Bnb3Zwbi5pbmZvPokBQAQTAQgAKgUCV8sB0wIbAwwLCgkNCAwH
+CwMEAQIHFQoJCAsDAgUWAgEDAAIeAQIXgAAKCRDy9ZBF/+L0oTYyCADJJl4+7Px1
+baF9s1n9EoNsSLTd0QiModJ2bRdX8TBpCeOHIPIOZAKre3Ys3ox6MOcnZyApO141
+7NS557WNcmLyk+f274HqZurveZr/sc3MMdFvkPJ78LOueI6ttx9WlhXAingGR3ax
++m1ZY7vSfkrGJ7gwUE6ZVZKE1MbM1UIKqazRzTeu7wiiyXEpLYDWgNXSmg9Gl6oF
+EecChlcDp5VDQIaDzHyibUgBdwt32BX07AZcGHB7vIyPUavQJBqhg68hHjGoyFYA
+N+OHCAoqaIfHJUW2xYmvfa0cy3wd02NJWsiw4htxdI+JzcbRnE/XKPIeOr6L0oFB
+LoTku6Vg75g8iF4EEBEIAAYFAlfLAzQACgkQrhqBCeSYV+82HAD9HSVRIV8Li0MD
+pNNLMK6G9SLkvsBVOIBau5Oj1LEWeXcA/3vMiAtypumglnfEhBsa5OLFHgznsBJ2
+JJjYFGQMjWTG
+=RI3T
+-----END PGP PUBLIC KEY BLOCK-----
--set-customization-variable SHOW_TITLE=0 \
--set-customization-variable DATE_IN_HEADER=1 \
-o govpn.html index.texi
+ cp -r .well-known govpn.html/
@item
Зашифрованный и аутентифицируемый @ref{Transport, транспортный протокол}
передачи данных с 128-бит @ref{Developer, порогом безопасности} и
-современной криптографией.
+Ñ\81овÑ\80еменной не-NIST кÑ\80ипÑ\82огÑ\80аÑ\84ией.
@item
Опциональный @ref{Encless, нешифрованный режим}: функции шифрования не
@item
Encrypted and authenticated @ref{Transport, payload transport}
-with 128-bit @ref{Developer, security margin} state-of-the-art
+with 128-bit @ref{Developer, security margin} state-of-the-art non-NIST
cryptography.
@item
@url{https://lists.cypherpunks.ru/pipermail/govpn-devel/, govpn-devel}
mailing list. Announcements also go to this mailing list.
-Official website is @url{http://www.cypherpunks.ru/govpn/}
-(with @url{http://govpn.info/} alias), also available as
+Official website is @url{http://www.govpn.info/}, also available via
+@url{https://www.govpn.info/, HTTPS} and as
@url{https://www.torproject.org/, Tor} hidden service:
-@url{http://vabu56j2ep2rwv3b.onion/govpn/}.
+@url{http://2wir2p7ibeu72jk3.onion/}.
@item DH elliptic-curve point encoding for public keys
@url{http://elligator.cr.yp.to/, Elligator}.
@item Verifier password hashing algorithm
- @url{https://password-hashing.net/#argon2, Argon2d}.
+ @url{https://crypto.stanford.edu/balloon/, Balloon hashing} based
+ on BLAKE2b-256.
@item Encryptionless confidentiality preserving encoding
@url{http://people.csail.mit.edu/rivest/chaffing-980701.txt,
Chaffing-and-Winnowing} (two Poly1305 MACs for each bit of message)
@section Prepared tarballs
You can obtain releases source code prepared tarballs from the links below
-(or use @url{https://sourceforge.net/projects/govpn/files/, Sourceforge mirror}):
+(or use @url{https://sourceforge.net/projects/govpn/files/, Sourceforge mirror}).
+Do not forget to check tarball @ref{Integrity, integrity}.
@multitable {XXXXX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
@headitem Version @tab Size @tab Tarball @tab SHA256 checksum
+@item @ref{Release 5.10, 5.10} @tab 316 KiB
+@tab @url{download/govpn-5.10.tar.xz, link} @url{download/govpn-5.10.tar.xz.sig, sign}
+@tab @code{BC624265 CFCDA8CE 1C1BBF9D 016683C5 0EC6CBA5 AECCF33D 93FCA4E5 D52098BD}
+
@item @ref{Release 5.9, 5.9} @tab 315 KiB
@tab @url{download/govpn-5.9.tar.xz, link} @url{download/govpn-5.9.tar.xz.sig, sign}
-@tab @code{ff6afd2a9ef51a3c6640a33c63b060490f7d9460220307c4cb7e2f6226497945}
+@tab @code{FF6AFD2A 9EF51A3C 6640A33C 63B06049 0F7D9460 220307C4 CB7E2F62 26497945}
@item @ref{Release 5.8, 5.8} @tab 312 KiB
@tab @url{download/govpn-5.8.tar.xz, link} @url{download/govpn-5.8.tar.xz.sig, sign}
-@tab @code{a730dc3bbb97bc412a80f529b0f3043e70d011387f5d579cbd2e29964ddf94f4}
+@tab @code{A730DC3B BB97BC41 2A80F529 B0F3043E 70D01138 7F5D579C BD2E2996 4DDF94F4}
@item @ref{Release 5.7, 5.7} @tab 312 KiB
@tab @url{download/govpn-5.7.tar.xz, link} @url{download/govpn-5.7.tar.xz.sig, sign}
-@tab @code{17a8a223e2d9d4fd537f8de802bc6c72f16ebf8a8c5430e3fbf045c304f9dfec}
+@tab @code{17A8A223 E2D9D4FD 537F8DE8 02BC6C72 F16EBF8A 8C5430E3 FBF045C3 04F9DFEC}
@item @ref{Release 5.6, 5.6} @tab 311 KiB
@tab @url{download/govpn-5.6.tar.xz, link} @url{download/govpn-5.6.tar.xz.sig, sign}
-@tab @code{d46b8f742f1e2bf17236868512f1ea5ad80f59c3bac753a56ce41a1f465282a8}
+@tab @code{D46B8F74 2F1E2BF1 72368685 12F1EA5A D80F59C3 BAC753A5 6CE41A1F 465282A8}
@item @ref{Release 5.5, 5.5} @tab 310 KiB
@tab @url{download/govpn-5.5.tar.xz, link} @url{download/govpn-5.5.tar.xz.sig, sign}
-@tab @code{2f32e02c34a13eae538be7b44c11e16a8e68c43afc8e4a3071172f9c52b861d8}
+@tab @code{2F32E02C 34A13EAE 538BE7B4 4C11E16A 8E68C43A FC8E4A30 71172F9C 52B861D8}
@item @ref{Release 5.4, 5.4} @tab 310 KiB
@tab @url{download/govpn-5.4.tar.xz, link} @url{download/govpn-5.4.tar.xz.sig, sign}
-@tab @code{a1a001d9ef899ff6b61872eb7d2425a09eb0161574f50c8da6e4b14beb9b0ff6}
+@tab @code{A1A001D9 EF899FF6 B61872EB 7D2425A0 9EB01615 74F50C8D A6E4B14B EB9B0FF6}
@item @ref{Release 5.3, 5.3} @tab 301 KiB
@tab @url{download/govpn-5.3.tar.xz, link} @url{download/govpn-5.3.tar.xz.sig, sign}
-@tab @code{50955d0a2ea41236682cb5ac245210691fb6ecbe88d138c5873e2362e547da48}
+@tab @code{50955D0A 2EA41236 682CB5AC 24521069 1FB6ECBE 88D138C5 873E2362 E547DA48}
@item @ref{Release 5.2, 5.2} @tab 300 KiB
@tab @url{download/govpn-5.2.tar.xz, link} @url{download/govpn-5.2.tar.xz.sig, sign}
-@tab @code{44e3a3265b30305a4436e172565585c327fb28d26197e61b7496c437d032c0db}
+@tab @code{44E3A326 5B30305A 4436E172 565585C3 27FB28D2 6197E61B 7496C437 D032C0DB}
@item @ref{Release 5.1, 5.1} @tab 287 KiB
@tab @url{download/govpn-5.1.tar.xz, link} @url{download/govpn-5.1.tar.xz.sig, sign}
-@tab @code{0d456c5683287dca31f8c3302eb9a9329feab82bc1fbdb0098fca991513536d1}
+@tab @code{0D456C56 83287DCA 31F8C330 2EB9A932 9FEAB82B C1FBDB00 98FCA991 513536D1}
@item @ref{Release 5.0, 5.0} @tab 237 KiB
@tab @url{download/govpn-5.0.tar.xz, link} @url{download/govpn-5.0.tar.xz.sig, sign}
-@tab @code{cc186a3b800279b6f5a7c86d61b250c24cf97235f6c3e1bb05a6cb60251085c6}
+@tab @code{CC186A3B 800279B6 F5A7C86D 61B250C2 4CF97235 F6C3E1BB 05A6CB60 251085C6}
@item @ref{Release 4.2, 4.2} @tab 233 KiB
@tab @url{download/govpn-4.2.tar.xz, link} @url{download/govpn-4.2.tar.xz.sig, sign}
-@tab @code{dc2d390b9dcfb30a3612018d410b61ddf8edd82f4d9aa5ed2691b027be10ba0a}
+@tab @code{DC2D390B 9DCFB30A 3612018D 410B61DD F8EDD82F 4D9AA5ED 2691B027 BE10BA0A}
@item @ref{Release 4.1, 4.1} @tab 227 KiB
@tab @url{download/govpn-4.1.tar.xz, link} @url{download/govpn-4.1.tar.xz.sig, sign}
-@tab @code{fbc7a730afe96384827dc1e1402c53165710ade5113d90531427c39172e40aca}
+@tab @code{FBC7A730 AFE96384 827DC1E1 402C5316 5710ADE5 113D9053 1427C391 72E40ACA}
@item @ref{Release 4.0, 4.0} @tab 183 KiB
@tab @url{download/govpn-4.0.tar.xz, link} @url{download/govpn-4.0.tar.xz.sig, sign}
-@tab @code{a791c3569c01dea8b18aa2f21d27b797ded76f2c33a8d96c2db864a9abf2615b}
+@tab @code{A791C356 9C01DEA8 B18AA2F2 1D27B797 DED76F2C 33A8D96C 2DB864A9 ABF2615B}
@item @ref{Release 3.5, 3.5} @tab 179 KiB
@tab @url{download/govpn-3.5.tar.xz, link} @url{download/govpn-3.5.tar.xz.sig, sign}
-@tab @code{6b60c2cd4a8b4b2c893e52d3366510678704fd68a02a0ea24cb112bd753ea54b}
+@tab @code{6B60C2CD 4A8B4B2C 893E52D3 36651067 8704FD68 A02A0EA2 4CB112BD 753EA54B}
@item @ref{Release 3.4, 3.4} @tab 175 KiB
@tab @url{download/govpn-3.4.tar.xz, link} @url{download/govpn-3.4.tar.xz.sig, sign}
-@tab @code{266612a7f8faa6ceb2955ed611c0c21872776306f4eaad5b785145bbb0390c82}
+@tab @code{266612A7 F8FAA6CE B2955ED6 11C0C218 72776306 F4EAAD5B 785145BB B0390C82}
@item @ref{Release 3.3, 3.3} @tab 175 KiB
@tab @url{download/govpn-3.3.tar.xz, link} @url{download/govpn-3.3.tar.xz.sig, sign}
-@tab @code{1834a057215324f49d6272b2beb89f1532105156f7e853eae855659992ac0c84}
+@tab @code{1834A057 215324F4 9D6272B2 BEB89F15 32105156 F7E853EA E8556599 92AC0C84}
@item @ref{Release 3.2, 3.2} @tab 174 KiB
@tab @url{download/govpn-3.2.tar.xz, link} @url{download/govpn-3.2.tar.xz.sig, sign}
-@tab @code{388e98d6adef5ebf3431b0d48419f54d2e2064c657de67e23c669ebcf273126d}
+@tab @code{388E98D6 ADEF5EBF 3431B0D4 8419F54D 2E2064C6 57DE67E2 3C669EBC F273126D}
@item @ref{Release 3.1, 3.1} @tab 54 KiB
@tab @url{download/govpn-3.1.tar.xz, link} @url{download/govpn-3.1.tar.xz.sig, sign}
-@tab @code{4034a67eb472e33760ed1783ca871f531c3a6be99b9bd6213f4f83c1147c344b}
+@tab @code{4034A67E B472E337 60ED1783 CA871F53 1C3A6BE9 9B9BD621 3F4F83C1 147C344B}
@item @ref{Release 3.0, 3.0} @tab 53 KiB
@tab @url{download/govpn-3.0.tar.xz, link} @url{download/govpn-3.0.tar.xz.sig, sign}
-@tab @code{12579c5c3cccfe73c66b5893335bc70c42d7b13b8e94c7751ec65d421eaff9a5}
+@tab @code{12579C5C 3CCCFE73 C66B5893 335BC70C 42D7B13B 8E94C775 1EC65D42 1EAFF9A5}
@item @ref{Release 2.4, 2.4} @tab 42 KiB
@tab @url{download/govpn-2.4.tar.xz, link} @url{download/govpn-2.4.tar.xz.sig, sign}
-@tab @code{df45225bac2384c5eed73c5cdb05dc3581495e08d365317beb03a2487d46b98c}
+@tab @code{DF45225B AC2384C5 EED73C5C DB05DC35 81495E08 D365317B EB03A248 7D46B98C}
@item @ref{Release 2.3, 2.3} @tab 34 KiB
@tab @url{download/govpn-2.3.tar.xz, link} @url{download/govpn-2.3.tar.xz.sig, sign}
-@tab @code{92986ec6d6da107c6cc1143659e5a154cd19b8f2ede5fa7f5ccc4525ae468e97}
+@tab @code{92986EC6 D6DA107C 6CC11436 59E5A154 CD19B8F2 EDE5FA7F 5CCC4525 AE468E97}
@item @ref{Release 2.2, 2.2} @tab 32 KiB
@tab @url{download/govpn-2.2.tar.xz, link} @url{download/govpn-2.2.tar.xz.sig, sign}
-@tab @code{5745278bce8b9a3bd7ec1636507bbce8c17ba1d79f1568e2f3681b7a90bbe6e1}
+@tab @code{5745278B CE8B9A3B D7EC1636 507BBCE8 C17BA1D7 9F1568E2 F3681B7A 90BBE6E1}
@item @ref{Release 2.0, 2.0} @tab 31 KiB
@tab @url{download/govpn-2.0.tar.xz, link} @url{download/govpn-2.0.tar.xz.sig, sign}
-@tab @code{d43be1248d6a46ba8ca75be2fdab5e3d8b0660fb9df9b6d87cfa3973722b42be}
+@tab @code{D43BE124 8D6A46BA 8CA75BE2 FDAB5E3D 8B0660FB 9DF9B6D8 7CFA3973 722B42BE}
@item @ref{Release 1.5, 1.5} @tab 19 KiB
@tab @url{download/govpn-1.5.tar.xz, link} @url{download/govpn-1.5.tar.xz.sig, sign}
-@tab @code{715b07d4d1ea4396c3e37014ca65ec3768818423521f3c12e7200b6edca48c31}
+@tab @code{715B07D4 D1EA4396 C3E37014 CA65EC37 68818423 521F3C12 E7200B6E DCA48C31}
@end multitable
@verbatim
client% ./utils/newclient.sh Alice
Passphrase:
-Your client verifier is: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg
+Your client verifier is: $balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg
Place the following YAML configuration entry on the server's side:
Alice:
up: /path/to/up.sh
iface: or TAP interface name
- verifier: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
+ verifier: $balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
@end verbatim
@strong{Prepare the server}. Add this entry to @file{peers.yaml}
@verbatim
Alice:
iface: tap10
- verifier: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
+ verifier: $balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
@end verbatim
@strong{Prepare network on GNU/Linux IPv4 server}:
@strong{Run client daemon itself}:
@verbatim
client% govpn-client \
- -verifier '$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg' \
+ -verifier '$balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg' \
-iface tap10 \
-remote 192.168.0.1:1194
@end verbatim
client% ifconfig tap10 inet6 fc00::2/96 up
client% route -6 add default fc00::1
client% govpn-client \
- -verifier '$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg' \
+ -verifier '$balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg' \
-iface tap10 \
-remote "[fe80::1%me0]":1194
@end verbatim
@node Почему парольные фразы
@subsection Почему вы аутентифицируете по парольной фразе?
-Человек способ запоминать достаточно длинные парольные фразы (не
+Человек способен запоминать достаточно длинные парольные фразы (не
пароли): 100-200 символов, что даёт возможность использовать её как
высокоэнтропийный ключ. Вам нужно доверять только себе, не аппаратному
токену или другому устройству хранения. Это удобно.
@subsection Почему вся настройка сети делается вручную?
Потому-что существует так много вариантов использования, конфигураций и
-установок, что или я поддерживаю их всех, или использую громоздкие
+установок, что или я поддерживаю их все, или использую громоздкие
протоколы типы PPP, или просто даю право выбора администратору. VPN это
всего-лишь прослойка.
Possibly GoVPN already exists in your distribution:
@itemize
-@item @url{https://aur.archlinux.org/packages/govpn/, AUR}
+@item @url{https://aur.archlinux.org/packages/govpn/, Arch Linux AUR}
@item @url{http://www.freshports.org/security/govpn/, FreeBSD ports}
+@item @url{https://gpo.zugaina.org/net-misc/govpn, Gentoo Portage Overlay}
+@item @url{https://pkgs.org/download/govpn, openSUSE OSS}
@end itemize
GoVPN is written on @url{https://golang.org/, Go} programming language
@item @code{github.com/bigeagle/water} @tab GNU/Linux @tab BSD 3-Clause
@item @code{github.com/dchest/blake2b} @tab All @tab CC0 1.0
@item @code{github.com/go-yaml/yaml} @tab All @tab LGPLv3 and MIT
-@item @code{github.com/magical/argon2} @tab All @tab BSD 2-Clause
@item @code{golang.org/x/crypto} @tab All @tab BSD 3-Clause
@end multitable
binaries will be built in the current directory:
@verbatim
-% wget http://www.cypherpunks.ru/govpn/download/govpn-2.3.tar.xz
-% wget http://www.cypherpunks.ru/govpn/download/govpn-2.3.tar.xz.sig
+% wget http://www.govpn.info/download/govpn-2.3.tar.xz
+% wget http://www.govpn.info/download/govpn-2.3.tar.xz.sig
% gpg --verify govpn-2.3.tar.xz.sig govpn-2.3.tar.xz
% tar xf govpn-2.3.tar.xz
% make -C govpn-2.3 all
@url{https://www.gnupg.org/, The GNU Privacy Guard} is used. You must
download signature (@file{.sig}) provided with the tarball.
-For the very first time you need to import signing public keys. They
-are provided below, but be sure that you are reading them from the
-trusted source. Alternatively check this page from
-@ref{Contacts, other sources} and look for the mailing list announcements.
+For the very first time you need to import signing public key. It is
+provided below, but it is better to check alternative resources with it.
-@verbatiminclude pubkey.txt
+@verbatim
+pub rsa2048/0xF2F59045FFE2F4A1 2015-03-10
+ D269 9B73 3C41 2068 D8DA 656E F2F5 9045 FFE2 F4A1
+uid GoVPN releases <releases at govpn dot info>
+@end verbatim
+
+@itemize
+
+@item This website @ref{Contacts, alternates} and maillist containing
+public key fingerprint.
+
+@item
+@verbatim
+% gpg --auto-key-locate pka --locate-keys releases at govpn dot info
+% gpg --auto-key-locate dane --locate-keys releases at govpn dot info
+% gpg --auto-key-locate wkd --locate-keys releases at govpn dot info
+@end verbatim
+
+@item
+@verbatiminclude .well-known/openpgpkey/hu/i4cdqgcarfjdjnba6y4jnf498asg8c6p.asc
+
+@end itemize
+
+Then you could verify tarballs signature:
+@verbatim
+% gpg --verify govpn-2.3.tar.xz.sig govpn-2.3.tar.xz
+@end verbatim
@item @url{http://habrahabr.ru/company/ivi/blog/256365/, Реализуем безопасный VPN-протокол} (on russian)
@item @url{http://habrahabr.ru/company/ivi/blog/257431/, Реализуем ещё более безопасный VPN-протокол} (on russian)
@item @url{http://www.linuxspace.org/archives/9449, Установка и настройка безопасного VPN-демона GoVPN 3.2} (on russian)
+@item @url{http://www.linuxspace.org/archives/14123, Установка и настройка безопасного VPN-демона GoVPN 5.10} (on russian)
+@item @url{https://www.youtube.com/watch?v=Civ3CKW71pA, Презентация GoVPN на CryptoInstallFest 3} (on russian)
@end itemize
@ref{Noise, noise}, @ref{Encless, encryptionless mode} or @ref{CPR} are
enabled, then all outgoing packets are filled up to that MTU value.
-Default MTU equals to 1514 bytes (1500 bytes of Ethernet payload, 14
+Default MTU equals to 1515 bytes (1500 bytes of Ethernet payload, 15
bytes of Ethernet header).
@node Новости
@section Новости
+@node Релиз 6.0
+@subsection Релиз 6.0
+@itemize
+@item Argon2d заменён на Balloon хэширование. Найденные Argon2
+библиотеки, написанные полностью на Go, имеют различные проблемы. Более
+того, Argon2i должен был быть использован вместо Argon2d, но у него есть
+возможные @url{http://eprint.iacr.org/2016/027, криптографические
+недостатки}. Поэтому он заменён на гораздо более простое (и, похоже,
+даже криптографически лучшее)
+@url{https://crypto.stanford.edu/balloon/, Balloon хэширование}.
+@end itemize
+
@node Релиз 5.10
@subsection Релиз 5.10
@itemize
See also this page @ref{Новости, on russian}.
+@node Release 6.0
+@section Release 6.0
+@itemize
+@item Argon2d is replaced with Balloon hashing. Found Argon2 libraries
+written on pure Go have various problems. Moreover Argon2i should be
+used instead, but it has some possible
+@url{http://eprint.iacr.org/2016/027, cryptographic defects}. So it is
+replaced with much more simpler (and seems even cryptographically
+better) @url{https://crypto.stanford.edu/balloon/, Balloon hashing}.
+@end itemize
+
@node Release 5.10
@section Release 5.10
@itemize
+++ /dev/null
-pub rsa2048/0xF2F59045FFE2F4A1 2015-03-10
-uid Sergey Matveev (GoVPN release signing key) <stargrave@stargrave.org>
-sub rsa2048/0x3128EE3F8A6C750A 2015-03-10
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQENBFT/H6cBCADTf/oqoTTBAA/CCQuYtzg8vrXxyjXj9yy4lTWqMSwgLXMm8br/
-kG0Jnk63oP3hggI3hm2mpuiNwpwrJiORLBZCe8JgZW71zG4LfhVpQeWd7fu8WxDx
-0uUZWByz5KcK8c/kNWNDpSkMmmqdE/8v0YDFbsz5U+ytp/Kki/gj3BCeIX3jYOL1
-fxczkv2okoU+aGYXt9z50VzheLUSRLzkkX8yNSpszqfB0LEEmUk8HO2fSS/bXwaY
-ZXX5//suH8V5hwq8vB8dHHCquZW6blyzcTa2KGIh6g2CmpypIQp/i5QAbzOCHKTM
-A1F7A1r0kYF2WfZOrycCfjUx3GA5B7sytuA3ABEBAAG0RFNlcmdleSBNYXR2ZWV2
-IChHb1ZQTiByZWxlYXNlIHNpZ25pbmcga2V5KSA8c3RhcmdyYXZlQHN0YXJncmF2
-ZS5vcmc+iQE8BBMBCAAmBQJU/x+nAhsDCAsKCQgHBAMCBxUKCQgLAwIFFgIBAwAC
-HgECF4AACgkQ8vWQRf/i9KEZ/AgAqYF/RRNwwhgLgFqTLfw3ha0FeiSso7H9ITDo
-cdJ/domLHaFvmwFIDQQKV8Zd1Rnj6xTCs2bq2O5hYMLrFZg85A9i5tLwkgFc9J5G
-+8K3K/dh9Y4pArbM+craO+xydrwLyg1zlXCezthWbL0iXO/CuGiuBBCZJqRJ9HV4
-cZr4TRA3Znm5nt96rRsR86XqOgr0iOEDtYKfKW/IzDqOEgXUN5o2bUwuQawe9Y8d
-CngXzJcfb2eJ/TqSP9CxVWscjz4sAmD3/ECrHSjX7xsusIs46F2+VMlEXFuST52r
-zamfiGKlol8XvimUjKhlMWjqfdcJ0+jvFftsa7HXQUwRoQ1vJYheBBARCAAGBQJU
-/x/VAAoJEK4agQnkmFfvqn8A/ReK2ZZrnI9s0rzTsF1jrTZ1o5YowuINOzVMmLbE
-aYuGAP4iGwPgwVbANu4dWaP2N03oL4xFtmdaeNn3sB9ZqJOOyrkBDQRU/x+nAQgA
-uYBRyJVwhlE2SRIEmMggwr4gq1JBM2Ge5O46usf+YPUjCJKWoAj+MpQoq7r+oA/s
-E/6kGvWgngwV9prCdNkvcdwEWbb+n9PcMc2ZuIGRV3iOKYlYEBFV0bfM9zEV2jar
-1YQ+J/48UX7R00cYJuXel7Dy77V9eNd+Ukyowm93fggFlBDBGBjVbNtfIorHNYjB
-01CCu3i/8yxrMyFRvMKyAVEGp3obgmlam4DNkNIhFMv3du0tFnDFBsZf7N0kbLWI
-xEEJoc/jxaezDytQpUr3RhlMsLV6N/jjIZuy36QO1sbFeOe2to0E7ixaFzNCWsqY
-cxUfnJ3wi7hOiOwE2PF3tQARAQABiQEfBBgBCAAJBQJU/x+nAhsMAAoJEPL1kEX/
-4vShrVcIAKLUwMn7WgK6thmwPjdwP5V/jTlsWLWk2O/LEN4W/R0mw2hRsgRG/8Sz
-qlAP6vfl7ERaWuyL+fp72rKnGTGU9CEvn6PKmaG7bi4tGEvWXscNc10r0leIAP63
-pkQOa6Nyx2axJlJdSuTsYetd1ZgNpHNng+lxSUBlkPMOhPd/P/Ok7DShZjd2jhQ1
-jUbjWn+P7ARGEvgdd5utNjy/RaSwrLG8NXj3I+XuksG0/TPeG0zu9NOPzWZq9sCc
-5VbDNJTYtsMFs1etHE95Efmx6yUquQyB+g/HgvkH/LzthBawVVHxZNzzHgc6KN5w
-E0itJPXMaQL+juUfiNM0i2R1O8nJo14=
-=LJzj
------END PGP PUBLIC KEY BLOCK-----
Configuration file is YAML file with following example structure:
@verbatim
-stargrave: { <-- Peer human readable name
+stargrave: <-- Peer human readable name
iface: tap10 <-- OPTIONAL TAP interface name
- mtu: 1514 <-- OPTIONAL overriden MTU
+ mtu: 1515 <-- OPTIONAL overriden MTU
up: ./stargrave-up.sh <-- OPTIONAL up-script
down: ./stargrave-down.sh <-- OPTIONAL down-script
timeout: 60 <-- OPTIONAL overriden timeout
noise: No <-- OPTIONAL noise enabler
cpr: 64 <-- OPTIONAL constant packet rate, KiB/sec
encless: No <-- OPTIONAL Encryptionless mode
- verifier: $argon2d... <-- verifier received from client
+ verifier: $baloon... <-- verifier received from client
[...]
@end verbatim
@verbatim
% ./utils/newclient.sh Alice
[...]
-Your client verifier is: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg
+Your client verifier is: $balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg
Place the following YAML configuration entry on the server's side:
Alice:
up: /path/to/up.sh
iface: or TAP interface name
- verifier: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
+ verifier: $balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
@end verbatim
Example configuration file:
@verbatim
stargrave:
iface: tap0
- verifier: $argon2d$m=4096,t=128,p=1$VMirzcshcHuG2V4jhUsEjw$X5fC07L8k61h3S1Oro/rC76+m0oGDTA9Bq+aWJ1uOgY
+ verifier: $balloon$s=32768,t=16,p=2$VMirzcshcHuG2V4jhUsEjw$X5fC07L8k61h3S1Oro/rC76+m0oGDTA9Bq+aWJ1uOgY
slow:
iface: tap1
encless: Yes
mtu: 9000
cpr: 384
- verifier: $argon2d$m=4096,t=128,p=1$YbIA5garDqCOhtI/2EZVNg$gOo5vcEGynmpeepNscwclicfZsWxzgYFRLbgG21EZ1U
+ verifier: $balloon$s=32768,t=16,p=2$YbIA5garDqCOhtI/2EZVNg$gOo5vcEGynmpeepNscwclicfZsWxzgYFRLbgG21EZ1U
@end verbatim
@item @code{github.com/bigeagle/water} @tab @url{git://git.cypherpunks.ru/water.git}
@item @code{github.com/dchest/blake2b} @tab @url{git://git.cypherpunks.ru/blake2b.git}
@item @code{github.com/go-yaml/yaml} @tab @url{git://git.cypherpunks.ru/yaml.git}
-@item @code{github.com/magical/argon2} @tab @url{git://git.cypherpunks.ru/argon2.git}
@item @code{golang.org/x/crypto} @tab @url{git://git.cypherpunks.ru/crypto.git}
@end multitable
@item @url{https://www.cs.columbia.edu/~smb/papers/aeke.pdf, Augmented Encrypted Key Exchange}: a Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise @copyright{} Steven M. Belloving, Michael Merrit.
@item @email{watsonbladd@@gmail.com, Watson Ladd} for suggestion of @url{http://elligator.cr.yp.to/, Elligator} encoding.
@item @url{https://password-hashing.net/#argon2, Password Hashing Competition for Argon2}.
+@item @url{https://crypto.stanford.edu/balloon/, Balloon hashing}.
@item @url{http://people.csail.mit.edu/rivest/chaffing-980701.txt, Chaffing and Winnowing: Confidentiality without Encryption} @copyright{} Ronald L. Rivest
@item @email{wzyboy@@wzyboy.org, Zhuoyun Wei} for @url{https://aur.archlinux.org/packages/govpn/, AUR} port maintaining and his documentation related fixes.
@end itemize
Salsa20's output is ignored and only remaining is XORed with ther data,
encrypting it.
-@code{DATA} is padded with @code{PAD} (0x80 byte). Optional @code{ZEROS}
-may follow, to fill up packet to conceal payload packet length.
+@code{DATA} is padded using ISO/IEC 7816-4 format (@code{PAD} (0x80
+byte) with optional @code{ZEROS} following), to fill up packet to
+conceal payload packet length.
@code{AUTH} is Poly1305 authentication function. First 256 bits of
Salsa20's output are used as a one-time key for @code{AUTH}.
@verbatim
% govpn-verifier
Passphrase:[hello world]
-$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
-$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg
+$balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
+$balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg
@end verbatim
First line is the verifier for the server side. Second line is for the
option with the path to verifier file:
@verbatim
-% govpn-verifier -verifier '$argon2d...'
+% govpn-verifier -verifier '$balloon...'
Passphrase:[hello world]
true
@end verbatim
its verifying).
@verbatim
-SOURCE = Argon2d(m, t, p, SALT=PeerId, PASSWORD)
+SOURCE = Balloon(PASSWORD, SALT=PeerId, sCost, tCost, pJobs)
PUB, PRIV = Ed25519.Generate(SOURCE)
@end verbatim
+Balloon hashing uses BLAKE2b-256 hash. Space cost (sCost), time cost
+(tCost) and number of parallel jobs (pJobs) are specific to Balloon
+implementation.
+
Verifier is serialized representation of public data above:
@verbatim
-$argon2d$m=m,t=t,p=p$Base64(SALT)$Base64(PUB)
+$balloon$s=s,t=t,p=p$Base64(SALT)$Base64(PUB)
@end verbatim
-m, t and p parameters are Argon2d-specific: memory, iterations and
-parallelizm parameters.
-
Server stores and knows only verifier. Client can compute the whole
keypair every time he makes handshake.
--- /dev/null
+Subproject commit 9e7f63092012aa91a6690d93f00f5bc476e4d3b5
var (
keyPath = flag.String("key", "", "Path to passphrase file")
verifier = flag.String("verifier", "", "Optional verifier")
- mOpt = flag.Int("m", govpn.DefaultM, "Argon2d memory parameter (KiBs)")
- tOpt = flag.Int("t", govpn.DefaultT, "Argon2d iteration parameter")
- pOpt = flag.Int("p", govpn.DefaultP, "Argon2d parallelizm parameter")
+ sOpt = flag.Int("s", govpn.DefaultS, "Balloon space cost")
+ tOpt = flag.Int("t", govpn.DefaultT, "Balloon time cost")
+ pOpt = flag.Int("p", govpn.DefaultP, "Balloon parallel jobs")
egdPath = flag.String("egd", "", "Optional path to EGD socket")
version = flag.Bool("version", false, "Print version information")
warranty = flag.Bool("warranty", false, "Print warranty information")
log.Fatalln(err)
}
pid := govpn.PeerId(*id)
- v := govpn.VerifierNew(*mOpt, *tOpt, *pOpt, &pid)
+ v := govpn.VerifierNew(*sOpt, *tOpt, *pOpt, &pid)
v.PasswordApply(key)
fmt.Println(v.LongForm())
fmt.Println(v.ShortForm())
}
if isClient {
- peer.noncesT = newNonces(peer.key, 1 + 2)
- peer.noncesR = newNonces(peer.key, 0 + 2)
- peer.noncesExpect = newNonces(peer.key, 0 + 2)
+ peer.noncesT = newNonces(peer.key, 1+2)
+ peer.noncesR = newNonces(peer.key, 0+2)
+ peer.noncesExpect = newNonces(peer.key, 0+2)
} else {
- peer.noncesT = newNonces(peer.key, 0 + 2)
- peer.noncesR = newNonces(peer.key, 1 + 2)
- peer.noncesExpect = newNonces(peer.key, 1 + 2)
+ peer.noncesT = newNonces(peer.key, 0+2)
+ peer.noncesR = newNonces(peer.key, 1+2)
+ peer.noncesExpect = newNonces(peer.key, 1+2)
}
peer.NonceExpect = make([]byte, NonceSize)
}
func BenchmarkEnc(b *testing.B) {
- b.ResetTimer()
for i := 0; i < b.N; i++ {
testPeer.EthProcess(testPt)
}
"os"
"strings"
+ "cypherpunks.ru/balloon"
"github.com/agl/ed25519"
- "github.com/magical/argon2"
+ "github.com/dchest/blake2b"
"golang.org/x/crypto/ssh/terminal"
)
const (
- DefaultM = 1 << 12
- DefaultT = 1 << 7
- DefaultP = 1
+ DefaultS = 1 << 20 / 32
+ DefaultT = 1 << 4
+ DefaultP = 2
)
type Verifier struct {
- M int
+ S int
T int
P int
Id *PeerId
// Generate new verifier for given peer, with specified password and
// hashing parameters.
-func VerifierNew(m, t, p int, id *PeerId) *Verifier {
- return &Verifier{M: m, T: t, P: p, Id: id}
+func VerifierNew(s, t, p int, id *PeerId) *Verifier {
+ return &Verifier{S: s, T: t, P: p, Id: id}
}
// Apply the password: create Ed25519 keypair based on it, save public
// key in verifier.
func (v *Verifier) PasswordApply(password string) *[ed25519.PrivateKeySize]byte {
- r, err := argon2.Key([]byte(password), v.Id[:], v.T, v.P, int64(v.M), 32)
- if err != nil {
- log.Fatalln("Unable to apply Argon2d", err)
- }
+ r := balloon.H(blake2b.New256, []byte(password), v.Id[:], v.S, v.T, v.P)
defer SliceZero(r)
src := bytes.NewBuffer(r)
pub, prv, err := ed25519.GenerateKey(src)
// Parse either short or long verifier form.
func VerifierFromString(input string) (*Verifier, error) {
- s := strings.Split(input, "$")
- if len(s) < 4 || s[1] != "argon2d" {
+ ss := strings.Split(input, "$")
+ if len(ss) < 4 || ss[1] != "balloon" {
return nil, errors.New("Invalid verifier structure")
}
- var m, t, p int
- n, err := fmt.Sscanf(s[2], "m=%d,t=%d,p=%d", &m, &t, &p)
+ var s, t, p int
+ n, err := fmt.Sscanf(ss[2], "s=%d,t=%d,p=%d", &s, &t, &p)
if n != 3 || err != nil {
return nil, errors.New("Invalid verifier parameters")
}
- salt, err := base64.RawStdEncoding.DecodeString(s[3])
+ salt, err := base64.RawStdEncoding.DecodeString(ss[3])
if err != nil {
return nil, err
}
- v := Verifier{M: m, T: t, P: p}
+ v := Verifier{S: s, T: t, P: p}
id := new([IDSize]byte)
copy(id[:], salt)
pid := PeerId(*id)
v.Id = &pid
- if len(s) == 5 {
- pub, err := base64.RawStdEncoding.DecodeString(s[4])
+ if len(ss) == 5 {
+ pub, err := base64.RawStdEncoding.DecodeString(ss[4])
if err != nil {
return nil, err
}
// Does not include public key.
func (v *Verifier) ShortForm() string {
return fmt.Sprintf(
- "$argon2d$m=%d,t=%d,p=%d$%s",
- v.M, v.T, v.P, base64.RawStdEncoding.EncodeToString(v.Id[:]),
+ "$balloon$s=%d,t=%d,p=%d$%s",
+ v.S, v.T, v.P, base64.RawStdEncoding.EncodeToString(v.Id[:]),
)
}
-Subproject commit a83829b6f1293c91addabc89d0571c246397bbf4
+Subproject commit e4d366fc3c7938e2958e662b4258c7a89e1f0e3e
+++ /dev/null
-Subproject commit 190e3cf208e185668db6aa048e4985b7b7b4d890
-Subproject commit 81bf7719a6b7ce9b665598222362b50122dfc13b
+Subproject commit 0e31b188fd38db611d4fbab7de9373a95f36aae5
#!/bin/sh -ex
-[ -n "$SHA256" ] || SHA256=sha256
-
cur=$(pwd)
tmp=$(mktemp -d)
release=$1
src/github.com/bigeagle/water
src/github.com/dchest/blake2b
src/github.com/go-yaml/yaml
- src/github.com/magical/argon2
src/golang.org/x/crypto
"
for repo in $repos; do
@node Tarballs
@section Prepared tarballs
You can obtain releases source code prepared tarballs on
-@url{http://www.cypherpunks.ru/govpn/}.
+@url{http://www.govpn.info/}.
EOF
make -C doc
+rm -r doc/.well-known doc/govpn.html/.well-known
rm utils/makedist.sh
find . -name .git -type d | xargs rm -fr
tarball=$cur/doc/govpn.html/download/govpn-"$release".tar.xz
size=$(( $(cat $tarball | wc -c) / 1024 ))
-hash=$($SHA256 $tarball | sed 's/^.*\([0-9a-f]\{64\}\).*$/\1/')
+hash=$(gpg --print-md SHA256 < $tarball)
cat <<EOF
An entry for documentation:
@item @ref{Release $release, $release} @tab $size KiB
----------------8<-----------------8<-----------------8<----------------
-GoVPN's home page is: http://www.cypherpunks.ru/govpn/ (http://govpn.info/)
-also available as Tor hidden service: http://vabu56j2ep2rwv3b.onion/govpn/
+GoVPN's home page is: http://www.govpn.info/
+also available as Tor hidden service: http://2wir2p7ibeu72jk3.onion/
Source code and its signature for that version can be found here:
- http://www.cypherpunks.ru/govpn/download/govpn-${release}.tar.xz ($size KiB)
- http://www.cypherpunks.ru/govpn/download/govpn-${release}.tar.xz.sig
+ http://www.govpn.info/download/govpn-${release}.tar.xz ($size KiB)
+ http://www.govpn.info/download/govpn-${release}.tar.xz.sig
SHA256 hash: $hash
-GPG key ID: 0xF2F59045FFE2F4A1 GoVPN release signing key
+GPG key ID: 0xF2F59045FFE2F4A1 GoVPN releases <releases@govpn.info>
Fingerprint: D269 9B73 3C41 2068 D8DA 656E F2F5 9045 FFE2 F4A1
Please send questions regarding the use of GoVPN, bug reports and patches
----------------8<-----------------8<-----------------8<----------------
-Домашняя страница GoVPN: http://www.cypherpunks.ru/govpn/ (http://govpn.info/)
-также доступна как скрытый сервис Tor: http://vabu56j2ep2rwv3b.onion/govpn/
-Коротко о демоне: http://www.cypherpunks.ru/govpn/O-demone.html
+Домашняя страница GoVPN: http://www.govpn.info/
+также доступна как скрытый сервис Tor: http://2wir2p7ibeu72jk3.onion/
+Коротко о демоне: http://www.govpn.info/O-demone.html
Исходный код и его подпись для этой версии находится здесь:
- http://www.cypherpunks.ru/govpn/download/govpn-${release}.tar.xz ($size KiB)
- http://www.cypherpunks.ru/govpn/download/govpn-${release}.tar.xz.sig
+ http://www.govpn.info/download/govpn-${release}.tar.xz ($size KiB)
+ http://www.govpn.info/download/govpn-${release}.tar.xz.sig
SHA256 хэш: $hash
-Идентификатор GPG ключа: 0xF2F59045FFE2F4A1 GoVPN release signing key
+Идентификатор GPG ключа: 0xF2F59045FFE2F4A1 GoVPN releases <releases@govpn.info>
Отпечаток: D269 9B73 3C41 2068 D8DA 656E F2F5 9045 FFE2 F4A1
Пожалуйста все вопросы касающиеся использования GoVPN, отчёты об ошибках