From cf6ffdb894278df0abaca8fcd73ada21b4e80ec2 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Mon, 29 Nov 2021 16:56:30 -0500 Subject: [PATCH] docs --- .../src/vl1/symmetricsecret.rs | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/zerotier-network-hypervisor/src/vl1/symmetricsecret.rs b/zerotier-network-hypervisor/src/vl1/symmetricsecret.rs index b8b7b8ab4..e42344020 100644 --- a/zerotier-network-hypervisor/src/vl1/symmetricsecret.rs +++ b/zerotier-network-hypervisor/src/vl1/symmetricsecret.rs @@ -30,20 +30,31 @@ impl PoolFactory for AesGmacSivPoolFactory { /// /// This contains the key and several sub-keys and ciphers keyed with sub-keys. pub struct SymmetricSecret { + /// The root shared symmetric secret from which other keys are derived. pub key: Secret, + + /// Key for adding an HMAC to packets e.g. in v2+ HELLO. pub packet_hmac_key: Secret, + + /// A key used as input to the ephemeral key ratcheting mechanism. pub next_ephemeral_ratchet_key: Secret, + + /// A key used to encrypt the secret portion of a HELLO packet. pub hello_dictionary_keyed_cipher: Mutex, + + /// A pool of reusable keyed and initialized AES-GMAC-SIV ciphers. pub aes_gmac_siv: Pool, } impl PartialEq for SymmetricSecret { + #[inline(always)] fn eq(&self, other: &Self) -> bool { self.key.0.eq(&other.key.0) } } impl Eq for SymmetricSecret {} impl SymmetricSecret { + /// Create a new symmetric secret, deriving all sub-keys and such. pub fn new(base_key: Secret) -> SymmetricSecret { let usage_packet_hmac = zt_kbkdf_hmac_sha384(&base_key.0, KBKDF_KEY_USAGE_LABEL_PACKET_HMAC, 0, 0); let usage_ephemeral_ratchet = zt_kbkdf_hmac_sha384(&base_key.0, KBKDF_KEY_USAGE_LABEL_EPHEMERAL_RATCHET, 0, 0);