File: network_protocol.txt

package info (click to toggle)
entropybroker 2.9-3
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 1,600 kB
  • sloc: cpp: 14,386; sh: 934; makefile: 188; java: 148; perl: 12
file content (75 lines) | stat: -rw-r--r-- 3,459 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
BC: broker to client/server
CB: client/server to broker

session setup:
	- BC 4 bytes ascii value protocol version
	- BC 4 bytes length of string (big endian):
		- string containing hash function for handshake (password hash)
	- BC 4 bytes length of string (big endian):
		- string containing hash function for data hash
	- BC 4 bytes length of string (big endian):
		- string containing cipher function for data encryption
	- BC 4 bytes length of string (big endian):
		- string containing a random used for authentication *1
		- this random is the ascii representation of a 64 bit value
		- this random is also used to initialize the IV for the blowfish cipher
	- CB 4 bytes length of string (big endian):
		- the client sends a string containing username

	- CB broker then expects 64 bytes of data from the connecting party containing a SHA512 hash of:
		random *1 concated with a space and then the password

	If this hash equals to the one calculated by the broker, then the connection proceeds.
	If not, the broker just closes the connection.

	- CB 1 byte: > 0 if server
	- CB 4 bytes length of string (big endian):
		- string containing description of client/server

	- BC 4 bytes: max. number of bits allowed to get/put in one go

loop:
	- client/server send 4 bytes ascii containing a command-code:
		0001: get bits
			- 4 bytes value (big endian) containing the number of bits (not bytes) requested
			  data is send in a multiple of bytes so this value is max 9992 (1249)
			  - if there are not enought bits in the broker, a 9000 is end back with a 4-bytes
			    value containing a suggestion for the number of seconds to delay a new get request
			  - if there's a quota problem (not implemented in v1.1), then a 9002 is send
			    with a 4-byte value containg the interval in which the counters will be reset
			  - if data is available, a 0002 is returned with the data:
			     - a hash of the data, using a SHA256 (*1) hash function so 32 bytes in size
			     - the data
                               - the data + hash are encrypted with blowfish (*1)
				  - the blowfish cipher is at start initialized with the user-password as the key
				  - the IV of the cipher is set to the password xored with the authentication
				    random value: this value is stored as 8 bytes
				  - the cipher is used in "cipher feedback" mode ("cfb64")

		0002: put bits
			- see get bits
			- a full pool will be notified using 9001 with a suggested number of seconds to sleep
			- a full pool but still allowing the put will be signaled using 9003 (and number of bits)
			- a regular ack is 0001 (and the number of bits allowed)

		0003: server type (type of a process producing entropy data)
			- 4 bytes value (endian) length of string:
				- an ascii string describing the server. format is arbitrary

		0006: client type
			- 4 bytes value (endian) length of string:
				- an ascii string describing the client. format is arbitrary

		0011: proxy auth
			- regular session setup
			- then, a 0012 reply is send with 0 = ok (yes, that is correct) and 1 = fail

	- if all pools are full, the broker sends a 9004 (with a 0 value) to all servers

	- if there's data available (after a pools empty situation), the broker sends a 0009 with a
	  value that can be ignored (= number of bits maxed at 9999)

	- if all pools are empty, the broker send 0010 (with a 0 value) to all servers


*1 since version 2.0, all ciphers, hashers, etc are configurable