Commit fed90445 authored by Julien Muchembled's avatar Julien Muchembled

TODO & code documentation

parent 15e1f891
- Test the package
- Put more information in the token mail (registry), such as:
- the ip address of the network being built
......@@ -7,7 +5,6 @@
- Babel limitations:
- The metric does not take latency into account.
- re6stnet needs to communicate with Babel so that only unused tunnels are
freed. For the moment, routes will be randomly broken throughout the
network, from time to time, for small amounts of time.
......@@ -22,3 +19,6 @@
- Abort in case of import child process failure (babel, openvpn server,
openvpn client if run with --client).
- registry: add '--home PATH' command line option so that / display an HTML
page from PATH (use new str.format for templating)
Authenticated communication:
handshake (hello):
C->S: CN
S->C: X = Encrypt(CN)(secret), Sign(CA)(X)
C->S: CN, ..., HMAC(secret+1)(path_info?query_string)
S->C: result, HMAC(secret+2)(result)
secret+1 = SHA1(secret) to protect from replay attacks
HMAC in custom header, base64-encoded
To prevent anyone from breaking an existing session,
keep 2 secrets for each client:
- the last one that was really used by the client (!hello)
- the one of the last handshake (hello)
import base64, hmac, hashlib, httplib, inspect, logging, mailbox, os, random
import select, smtplib, socket, sqlite3, string, struct, sys, threading, time
from collections import deque
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment