little programming effort.
All connections between para_server and para_client are encrypted
-with a symmetric RC4 session key. For each user of paraslash you must
+with a symmetric session key. For each user of paraslash you must
create a public/secret RSA key pair for authentication.
If para_client is started without non-option arguments, an interactive
sudo apt-get install autoconf libssl-dev help2man gengetopt \
libmad0-dev libid3tag0-dev libasound2-dev libvorbis-dev \
libfaad-dev libspeex-dev libFLAC-dev libsamplerate-dev \
- libasound2-dev libao-dev libreadline-dev libncurses-dev
+ libasound2-dev libao-dev libreadline-dev libncurses-dev \
+ libopus-dev
Detailed description: In any case you'll need
para_server uses a challenge-response mechanism to authenticate
requests from incoming connections, similar to ssh's public key
authentication method. Authenticated connections are encrypted using
-the RC4 stream cipher.
+a stream cipher, either RC4 or AES in integer counter mode.
-In this chapter we briefly describe RSA and RC4 and sketch the
+In this chapter we briefly describe RSA, RC4 and AES, and sketch the
REFERENCE(Client-server authentication, authentication handshake)
between para_client and para_server. User management is discussed
in the section on REFERENCE(The user_list file, the user_list file).
-RSA and RC4
-~~~~~~~~~~~
+RSA, RC4, AES
+~~~~~~~~~~~~~
RSA is an asymmetric block cipher which is used in many applications,
including ssh and gpg. An RSA key consists in fact of two keys,
be used twice, a different, randomly-generated key is used for every
new connection.
+AES, the advanced encryption standard, is a well-known symmetric block
+cipher, i.e. a transformation operating on fixed-length blocks which
+is determined by a single key for both encryption and decryption. Any
+block cipher can be turned into a stream cipher by generating
+a pseudo-random key stream by encrypting successive values of a
+counter. The AES_CTR128 stream cipher used in paraslash is obtained
+in this way from the AES block cipher with a 128 bit block size.
+
+
Client-server authentication
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fixed-length buffer with random bytes, encrypts that buffer
using the public key and sends the encrypted buffer to the
client. The first part of the buffer is the challenge which
- is used for authentication while the second part is the RC4
+ is used for authentication while the second part is the
session key.
- para_client receives the encrypted buffer and decrypts it
- Otherwise the user is considered authenticated and the client
is allowed to proceed by sending a command to be executed. From
- this point on the communication is encrypted using the RC4
- stream cipher with the session key known to both peers.
+ this point on the communication is encrypted using the stream
+ cipher with the session key known to both peers.
paraslash relies on the quality of the pseudo-random bytes provided
by the crypto library (openssl or libgcrypt), on the security of
-the implementation of the RSA and RC4 crypto routines and on the
+the implementation of the RSA, RC4 and AES crypto routines and on the
infeasibility to invert the SHA1 function.
Neither para_server or para_client create RSA keys on their own. This
over IP applications, has modest complexity and a small memory
footprint. Wideband and narrowband (telephone quality) speech are
supported. As for Vorbis audio, Speex bit-streams are often stored
-in OGG files.
+in OGG files. As of 2012 this codec is considered obsolete since the
+Oppus codec, described below, surpasses its performance in all areas.
+
+*OGG/Opus*
+
+Opus is a lossy audio compression format standardized through RFC
+6716 in 2012. It combines the speech-oriented SILK codec and the
+low-latency CELT (Constrained Energy Lapped Transform) codec. Like
+OGG/Vorbis and OGG/Speex, Opus data is usually encapsulated in OGG
+containers. All known software patents which cover Opus are licensed
+under royalty-free terms.
*AAC*
The audio format handler code is linked into para_server and executed
via the _add_ command. The same code is also available as a stand-alone
-tool, para_afh, which can be used to print the technical data, the
-chunk table and the meta data of a file. Furthermore, one can use
-para_afh to cut an audio file, i.e. to select some of its chunks to
-produce a new file containing only these chunks.
+tool, para_afh, which prints the technical data, the chunk table
+and the meta data of a file. Moreover, all audio format handlers are
+combined in the afh receiver which is part of para_recv and para_play.
----------
Networking
Examples
~~~~~~~~
-The sender command of para_server allows to (de-)activate senders
-and to change the access permissions senders at runtime. The "si"
-(server info) command is used to list the streaming options of the
-currently running server as well as the various sender access lists.
+The "si" (server info) command lists some information about the
+currently running server process.
--> Show client/target/access lists:
+-> Show PIDs, number of connected clients, uptime, and more:
para_client si
+The sender command of para_server prints information about senders,
+like the various access control lists, and it allows to (de-)activate
+senders and to change the access permissions at runtime.
+
+-> List all senders
+
+ para_client sender
+
-> Obtain general help for the sender command:
para_client help sender
s=http # or dccp or udp
para_client sender $s help
+-> Show status of the http sender
+
+ para_client sender http status
+
By default para_server activates both the HTTP and th DCCP sender on
startup. This can be changed via command line options or para_server's
config file.
Congestion Control ID 2: TCP-like Congestion Control
- XREFERENCE(http://www.ietf.org/rfc/rfc4342.txt, RFC 4342) (2006):
Congestion Control ID 3: TCP-Friendly Rate Control (TFRC)
+ - XREFERENCE(http://www.ietf.org/rfc/rfc6716.txt, RFC 6716) (2012):
+ Definition of the Opus Audio Codec
Application web pages
~~~~~~~~~~~~~~~~~~~~~
projects / paraslash.git / blobdiff