diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2020-05-22 14:59:28 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2020-05-23 12:49:15 +0200 |
| commit | 8900036e927d757272b96625ab0a7018bf217533 (patch) | |
| tree | a3e53c9e291d7061a327ebaa574dfa355110518d | |
| parent | c394c09330760985d282cb866a06dea6294012aa (diff) | |
update README
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| -rw-r--r-- | README.md | 16 |
1 files changed, 9 insertions, 7 deletions
@@ -1,6 +1,7 @@ # Sodium TCP blueprint -This project is the outcome of some research. It provides some blueprint/boilerplate code on how to design a TCP protocol with performance and security in mind. As the complete TCP payload is encrypted starting with the *1st* packet, a detection by **D**eep **P**acket **I**nspection engines isn't as easy as for many other proprietary or non-proprietary TCP protocols. -It is tied to *libsodium* as cryptographic foundation and *libevent* for event based network IO. However, it should be easy to replace the *libevent* integration with something else. +This project is the outcome of some research. It provides some blueprint/boilerplate code on how to design a TCP protocol with performance and security in mind. As the complete TCP payload is *encrypted* starting with the *1st* packet, a detection by **D**eep **P**acket **I**nspection engines isn't as easy as for some proprietary and non-proprietary TCP based layer 7 protocols. Three things you'll need to successfully connect to a remote: servers public key, username and password. The latter ones could be replaced by something else e.g. an authentication token. But this is out of scope for this blueprint. +It is tied to *libsodium* as cryptographic foundation and *libevent* for event based network IO. +However, with some manageable effort *libevent* integration could be replaced by something else since the core functionality is IO-agnostic. # build see `make help` for configure options @@ -10,8 +11,8 @@ use `make ENABLE_DEBUG=y ENABLE_SANITIZER=y ENABLE_SHARED=y` to build client/server with: * verbose debug logging - * with ASAN, LSAN and UBSAN support - * build code used by both, client/server, as shared library + * ASAN, LSAN and UBSAN enabled + * build shared code used by client and server as shared library # run generate a private/public keypair: `./server` @@ -34,6 +35,7 @@ It is possible to use *FIFO*s as well for `-f`. The provided code should **not** used in production environments without further testing! ## Protocol -Simple REQUEST/RESPONSE based binary protocol. A **P**rotocol **D**ata **U**nit typically contains of a header (*struct protocol_header*) and a body (e.g. *struct protocol_data*). -The type of **PDU** is determined in the header as well the total size of the body. - +Simple REQUEST/RESPONSE based binary protocol. A **P**rotocol **D**ata **U**nit typically contains a header (*struct protocol_header*) and a body (e.g. *struct protocol_data*). +The type of a **PDU** is determined in the header. Same goes for the total size of the body. +Separating a **PDU** into header and body is necessary for stream ciphers provided by *libsodium*. +I wasn't able to find a more comfortable way for **PDU** encryption/decryption handling. Maybe you will? ;) |