
		For psyv, march 20, 1979 - November 29, 2001,
		    My memories of you will always stay.

-------------------------------------------------------------------------------
Project:   Aesop - Advanced Encrypted Stackable Open Proxy
Release:   0.5
Author:	   bighawk <bighawk@kryptology.org>
Website:   http://kryptology.org/aesop/
Status:	   beta

Index

- What is Aesop?
- How does Aesop work?
- What's included in the package?
- How do i use Aesop?
- Getting started.
- What platforms does Aesop run on?
- I found a bug, what now?
- Additional information.

What is Aesop?

Aesop is a TCP-proxy which supports many advanced and powerful features.
It's designed to be secure, fast and reliable. Aesop makes use of strong
cryptography for all it's data-transmission up to the end-link. Another
powerful feature of Aesop is that Aesop proxies can be transparently
stacked into a secure chain. Aesop is implemented using multiplexing and
is therefore fast and lightweight. Aesop ships with libaesop, which is a
LD_PRELOAD wrapper around connect(), it enables almost any application to
be run over a defined chain of aesop proxies.

Key features:
	- Fast and reliable TCP-Proxy.
	- Strong cryptography: Arcfour (RC4) with a 512bit key exchanged
	  by the signed Diffie Hellman protocol (With RSA/MD5 for the
	  signature).
	- Encryption and key-exchange is all transparent to the user.
	- Multiple proxies can be stacked in a chain to create a secure
	  anonymous route, there is no limit on how many proxies can be
	  stacked. Stacking is done all transparent to the user.
	- Libaesop enables almost any application to be run over a defined
	  chain of aesop proxies.
	- Secure multihop authentication.
	- Full IPv6 support and protocol independancy.
	- Proper forwarding and handling of Out-of-Band (OOB) data.
	- Optimal performance by a single-thread design.
	- Advisory/mandatory endpoint sourceport specification.
	- Lightweight.

How does Aesop work?

Aesop exists of two important software programs: aesopd and aesoptunnel.
Aesopd is the main proxy application. It listens for connections, when a
connection comes in, it reads a control header, and relays the connection
according to what's in the control header. Aesoptunnel is used by the
client/user. The user specifies a chain of aesop proxies to relay a connection
over. And then connects via aesoptunnel which will do all the relaying
automatically.

Now, let's take a look at how a secure link is setup by aesoptunnel/aesop.

Let's consider the following situation:
	user <encrypted> proxy1 <encrypted> proxy2 <plain> destination

The real setup will look like this:
	application <e> aesoptunnel <e> proxy1 <e> proxy2 <p> destination

Where <e> is <encrypted> and <p> is <plain>.
In order to make this work the user needs the following information:
	- The network addresses of proxy1 and proxy2.
	- The TCP port number proxy1 and proxy2 are running on.
	- The public RSA key for proxy1 and proxy2.
	- The authenticationstring (password) required for proxy1 and proxy2.
	
Aesoptunnel is then setup to relay connections over proxy1 and proxy2 to the
destination at the specified port. You can read in the manual pages how this is
done.

Now when an application connects to the listening port of aesoptunnel.
Aesoptunnel will connect to the first proxy specified in the chain. In this
case that is proxy1. Aesoptunnel and proxy1 will do a signed Diffie Hellmann 
keyexchange where proxy1 signs his part of the DH protocol. Aesoptunnel 
validates the signature with the public key of proxy1. The 512bit key 
negotiated will be used to initialise a RC4 pseudo random number generator 
(PRNG) at both sides. From now on, all data transferred to proxy1 is encrypted
with this RC4 PRNG (encryption consists of xorring the plaintext bytes with the
output bytes of the RC4 PRNG). Then aesoptunnel sends two controlheaders to 
proxy1. One for proxy1 and one for proxy2. A controlheader contains the 
following information:
	- Four validity bytes.
	- Next hop information (network address and port of the next hop).
	- Public RSA key of the next hop (only if next hop is a proxy).
	- Control information. (A bit field containing various flags).
	- Two data bytes. (Optionally filled in).
	- Authentication data for the current proxy.

The controlheader is encrypted with the public RSA key of the proxy it's 
intended for.

Now proxy1 takes his control header and decrypts it with his private RSA key.
Then proxy1 verifies the four validity bytes ("AESO" in network order). Then it
verifies the authentication data: It base64 encodes the MD5 hash of the
authentication data and compares that with the base64 encoded MD5 hash stored. 
If not equal, the connection is dropped. Else proxy1 parses the control 
information and finds out that it's in chain mode. There are 3 different modes:
	Standalone mode: This aesop proxy is the only proxy in the chain. It's
			 talking with the destination at one end, and with the
			 user at the other end.
	Chain mode:	 The next hop is another aesop proxy. It talks with 
			 another aesop proxy at one end, and with the user or 
			 another aesop proxy at the other end.
	Endpoint mode:	 This aesop proxy is the last proxy in a chain of aesop
			 proxies. It talks with the destination at one end, and
			 with the previous proxy at the other end.

After proxy1 realises that it's in chain mode, it connects to the next aesop 
proxy specified in the next hop field, which is proxy2 in this case. If the 
connection is succesful proxy1 and proxy2 do signed DH key-exchange. Proxy2 
signs his part of the DH protocol and proxy1 validates the signature with the
public key of proxy2 he got in his control header. If the signature is not 
valid, the connection is closed. Then both proxy1 and proxy2 initialise another
RC4 PRNG. From now on all data transfer between proxy1 and proxy2 is encrypted
with this. Then proxy1 passes the remaining control header to proxy2. Proxy2 
validates the header and verifies the authentication data. If all correct, it 
reads the control information and sees that it's in endpoint mode. Then proxy2
does signed DH back with the user over the encrypted chain. Proxy2 signs his
part of the DH protocol. The user validates the signature and initialises his 
2nd RC4 PRNG. From now on, all data the user sends out will be double encrypted.
First with the key shared with proxy2, then with the key shared with proxy1. The
same situation counts for proxy2. It first encrypts data with the key shared 
with the user, and then with the key shared with the previous proxy (proxy1 in
this case). If this all succeeds, all the endpoint (proxy2) has to do is read 
the next hop information, and connect to the destination. Now the secure link is
succefully setup. This protocol has the following characteristics:
	- Nobody can ever recover any part of the plaintext data transfered 
	  between the user and the destination by either an active or a passive
	  attack. The only parties which will see the plaintext data are the 
	  user, the destination and the endpoint. Intermediate proxies can not 
	  see it, because of the double encryption with the key shared between
	  the user and the endpoint.
	- Nobody can ever recover any of the authentication strings of any of
	  the proxies, not even the other proxies in the chain (because the 
	  control headers are encrypted with the public RSA key of the proxy 
	  they are intended for).
	- An intermediate proxy in the chain will know nothing about the chain
	  other than the previous proxy and the next proxy. A proxy in the 
	  middle will have no idea who the destination or the user is.

This is how the final secure link will schematically look like this:

	user <RC4 encrypted> proxy1 <RC4 encrypted> proxy2 <plain> destination
	     <-----------RC4 encrypted------------>


What is included in the package?

The following files will be found in the distribution (alphabetically):
	BUILDING	- Building instructions.
	LICENSE		- A copy of the GPLv2 license aesop is released under.
	README		- This file, which some general information.
	Changelog	- A file describing the changes from previous aesop 
			  releases.
	Makefile	- The makefile (see BUILDING).
	configure	- Configuration script for building aesop (see 
			  BUILDING).
	man/		- Directory containing nroff formatted manual pages.
	runaesop.sh	- A sample shellscript to use with libaesop.
	src/		- Directory containing the sourcecode for aesop,
			  aesoptunnel libaesop, pwtool, keygen and librsaref.
	which		- A replacement for the 'which' utility used by 
			  configure.

After a succesful build you ll find the following additional files:
	aesopd		- The aesop proxy binary.
	aesoptunnel	- The aesop tunnel binary.
	keygen		- A utility for generating 1024bit RSA keypairs.
	pwtool		- A utility for base64 encoding and MD5 hashing
			  passphrases.
	libaesop.so.0	- The libaesop shared library.


How do i use aesop?

The manual pages included in the man/ directory explain the syntax of the
various aesop binaries and configuration files. You should read them carefully.
To read a manual page you can use the following command:
	nroff -mandoc -Tascii manual.num | less

Or troff/groff instead of nroff. You can also copy these manual pages into your
systems manual directory so you can just use the command:
	man num manual

If you're really stuck you can mail me your question. I'll collect questions and
answers and put then on the aesop website. So before you mail me, see if your 
question has been asked before. If you mail me a question which i feel is 
related to not reading the manual pages carefully, or which has been answered
before and is put on the aesop website, I ll simply discard your email.

Getting started

To get an aesop proxy running, you first need to generate an RSA keypair for the
proxy. This is done with:
	$ ./keygen Server.pub Server.prv
Then you need to create a passphrase which users need to have in order to be able
to use the proxy:
	$ ./pwtool "password phrase here"
Then you can start aesop like this:
	$ ./aesopd -a <value of AuthString outputted by pwtool> <port>
For more options/configuration consult the manual pages.


I found a bug, what now?

It's very possible that you ll find a bug in aesop during usage. If you discover
one, i would appreciate it if you could mail me the details. Try to be as clear
as possible in the description, and try to include as much of the following as
possible:
	- Bug summary in subject.
	- Extensive bug description.
	- How to reproduce the bug.
	- Your system information, (OS, architecture).
	- Building and version information. Output of aesopd -v or
	  aesoptunnel -v.
	- Aesopd/aesoptunnel debugging output.
	- Any ideas what may cause the bug.
	- A suggested patch :)
	- Any other information you think which can be of use.

You can mail your bug reports to bighawk@kryptology.org


Additional information:

Aesop has been written by bighawk and he can be reached at 
bighawk@kryptology.org. If you have any useful suggestions, please mail me them.

I would also like to thank the following persons, (alphabetically):
	- anakata (advise).
	- djbrown (testing).
	- doze	(Mirror, advise).
	- fut0n (Hosting).
	- scut (Idea for libaesop).
	- Any other people who might feel forgotten.
