Plan 9 from Bell Labs’s /usr/web/sources/contrib/anothy/lib/man/vernam.1

Copyright © 2021 Plan 9 Foundation.
Distributed under the MIT License.
Download the Plan 9 distribution. 


.TH VERNAM 8
.SH NAME
vernam \- create a Vernam tunnel
.SH SYNOPSIS
.B vernam
[
.B -9
]
[
.B -a
.I altaddr
]
[
.B -m
.I netdir
]
.I keyfile
.I addr
.SH DESCRIPTION
.I Vernam
is a variation on
.IR trampoline (8)
which masks all transmitted data with
.IR keyfile .
Given a cryptographically random
.I keyfile
which is at least as large as the data to be transmitted and is never
re-used, this implements a one-time pad, or
.IR "Vernam cipher" .
Usage is otherwise identical to
.IR trampoline (8).
.PP
.I Vernam
dials
.I addr
and copies data between that connection and its own standard
input and output, XORing the data with the contents of
.IR keyfile .
If the amount of data transmitted in either direction exceeds that in
.IR keyfile ,
.I vernam
will log the event and exit.
.PP
The options are:
.TP
.B -9
The connection carries only 9P messages.  In this case
.I vernam
will relay whole messages at a time.
.TP
.BI -a " altaddr
Dial
.I altaddr
and relay between the two network connections,
ignoring standard input and output.
The connection to
.I altaddr
is not encrypted.
.TP
.BI -m " netdir
Restrict forwarding to particular machines.
.I Netdir
must be the incoming call directory.
.I Vernam
finds the caller's MAC address
.I m
and checks that
.IR ndb (6)
contains an entry with
.BI ether= m
and the attribute
.BR trampok .
If no such entry is found, the call is rejected.
.PD
.SH FILES
.TF /sys/log/vernam
.TP
.B /sys/log/vernam
logs rejected calls and key exhaustion events
.SH SOURCE
.B /n/sources/contrib/anothy/src/cmd/vernam.c
.SH SEE ALSO
.PP
.IR trampoline (8),
.IR dial (2),
.IR listen (8)
.PP
The implementation which inspired this is at
.IR https://github.com/codeandsec/VernamTunnel/ .
These interoperate provided
.I --start-pos
is not used in
.I VernamTunnel
and
.I keyfile
is larger than the data sent or received.
.SH BUGS
.PP
Probably impractical.
.PP
You must ensure
.I keyfile
is suitably random and is not re-used yourself.
.PP
The MAC address verification isn't usable on
Unix. The code looks at files in 
.I $PLAN9/lib/ndb
directly, rather than
consulting
.IR cs (8),
which does not exist there, but, more importantly, there
isn't a way to provide 
.IR netdir .
.PP
If the keyfile is exhausted,
.I vernam
exits while
.I VernamTunnel
re-uses it from the beginning.
.PP
Under
.IR -9 ,
the four-byte message size on each 9p message
is not encrypted.

Bell Labs OSI certified Powered by Plan 9

(Return to Plan 9 Home Page)

Copyright © 2021 Plan 9 Foundation. All Rights Reserved.
Comments to [email protected].