void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-05 20:13:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

More stable and easier rule for occasionally tossing SIDH into the ratchet.

Browse source
This commit is contained in:
Adam Ierymenko 2021-11-17 10:19:40 -05:00
parent b335c631a9
commit b57104afe2
No known key found for this signature in database
GPG key ID: C8877CF2D7A5D7F3
1 changed files with 16 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
zerotier-network-hypervisor/src/vl1/ephemeral.rs
View file

@ -36,13 +36,19 @@ impl EphemeralKeyPairSet {
/// This contains key pairs for the asymmetric key agreement algorithms used and a /// This contains key pairs for the asymmetric key agreement algorithms used and a
/// timestamp used to enforce TTL. /// timestamp used to enforce TTL.
/// ///
/// SIDH is only used the first time since it's slow and its only purpose is to /// SIDH is only used the first time and then 1/255 of remaining ratchet clicks because
/// defend against further-future quantum computer attacks. /// it's slower than the others.
pub fn new(local_address: Address, remote_address: Address, previous_ephemeral_secret: Option<&EphemeralSymmetricSecret>) -> Self { pub fn new(local_address: Address, remote_address: Address, previous_ephemeral_secret: Option<&EphemeralSymmetricSecret>) -> Self {
let (sidhp751, previous_ratchet_state) = previous_ephemeral_secret.map_or_else(|| { let (sidhp751, previous_ratchet_state) = previous_ephemeral_secret.map_or_else(|| {
(Some(SIDHEphemeralKeyPair::generate(local_address, remote_address)), None) (
Some(SIDHEphemeralKeyPair::generate(local_address, remote_address)),
None
)
}, |previous_ephemeral_secret| { }, |previous_ephemeral_secret| {
(None, Some(previous_ephemeral_secret.ratchet_state.clone())) (
if previous_ephemeral_secret.ratchet_state[0] == 0 { Some(SIDHEphemeralKeyPair::generate(local_address, remote_address)) } else { None },
Some(previous_ephemeral_secret.ratchet_state.clone())
)
}); });
EphemeralKeyPairSet { EphemeralKeyPairSet {
previous_ratchet_state, previous_ratchet_state,
@ -103,7 +109,12 @@ impl EphemeralKeyPairSet {
/// Since ephemeral secrets should only be used once, this consumes the object. /// Since ephemeral secrets should only be used once, this consumes the object.
pub fn agree(self, time_ticks: i64, static_secret: &SymmetricSecret, previous_ephemeral_secret: Option<&EphemeralSymmetricSecret>, other_public_bytes: &[u8]) -> Option<EphemeralSymmetricSecret> { pub fn agree(self, time_ticks: i64, static_secret: &SymmetricSecret, previous_ephemeral_secret: Option<&EphemeralSymmetricSecret>, other_public_bytes: &[u8]) -> Option<EphemeralSymmetricSecret> {
let (mut key, mut c25519_ratchet_count, mut sidhp751_ratchet_count, mut nistp521_ratchet_count) = previous_ephemeral_secret.map_or_else(|| { let (mut key, mut c25519_ratchet_count, mut sidhp751_ratchet_count, mut nistp521_ratchet_count) = previous_ephemeral_secret.map_or_else(|| {
(static_secret.next_ephemeral_ratchet_key.clone(), 0, 0, 0) (
static_secret.next_ephemeral_ratchet_key.clone(),
0,
0,
0
)
}, |previous_ephemeral_secret| { }, |previous_ephemeral_secret| {
( (
Secret(SHA384::hmac(&static_secret.next_ephemeral_ratchet_key.0, &previous_ephemeral_secret.secret.next_ephemeral_ratchet_key.0)), Secret(SHA384::hmac(&static_secret.next_ephemeral_ratchet_key.0, &previous_ephemeral_secret.secret.next_ephemeral_ratchet_key.0)),