void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-05-28 08:03:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs

Browse source
This commit is contained in:
Adam Ierymenko 2021-11-29 16:56:30 -05:00
parent ea8b05fa65
commit cf6ffdb894
No known key found for this signature in database
GPG key ID: C8877CF2D7A5D7F3
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
zerotier-network-hypervisor/src/vl1/symmetricsecret.rs
View file

@ -30,20 +30,31 @@ impl PoolFactory<AesGmacSiv> for AesGmacSivPoolFactory {
/// ///
/// This contains the key and several sub-keys and ciphers keyed with sub-keys. /// This contains the key and several sub-keys and ciphers keyed with sub-keys.
pub struct SymmetricSecret { pub struct SymmetricSecret {
/// The root shared symmetric secret from which other keys are derived.
pub key: Secret<SHA384_HASH_SIZE>, pub key: Secret<SHA384_HASH_SIZE>,
/// Key for adding an HMAC to packets e.g. in v2+ HELLO.
pub packet_hmac_key: Secret<SHA384_HASH_SIZE>, pub packet_hmac_key: Secret<SHA384_HASH_SIZE>,
/// A key used as input to the ephemeral key ratcheting mechanism.
pub next_ephemeral_ratchet_key: Secret<SHA384_HASH_SIZE>, pub next_ephemeral_ratchet_key: Secret<SHA384_HASH_SIZE>,
/// A key used to encrypt the secret portion of a HELLO packet.
pub hello_dictionary_keyed_cipher: Mutex<AesCtr>, pub hello_dictionary_keyed_cipher: Mutex<AesCtr>,
/// A pool of reusable keyed and initialized AES-GMAC-SIV ciphers.
pub aes_gmac_siv: Pool<AesGmacSiv, AesGmacSivPoolFactory>, pub aes_gmac_siv: Pool<AesGmacSiv, AesGmacSivPoolFactory>,
} }
impl PartialEq for SymmetricSecret { impl PartialEq for SymmetricSecret {
#[inline(always)]
fn eq(&self, other: &Self) -> bool { self.key.0.eq(&other.key.0) } fn eq(&self, other: &Self) -> bool { self.key.0.eq(&other.key.0) }
} }
impl Eq for SymmetricSecret {} impl Eq for SymmetricSecret {}
impl SymmetricSecret { impl SymmetricSecret {
/// Create a new symmetric secret, deriving all sub-keys and such.
pub fn new(base_key: Secret<SHA384_HASH_SIZE>) -> SymmetricSecret { pub fn new(base_key: Secret<SHA384_HASH_SIZE>) -> SymmetricSecret {
let usage_packet_hmac = zt_kbkdf_hmac_sha384(&base_key.0, KBKDF_KEY_USAGE_LABEL_PACKET_HMAC, 0, 0); let usage_packet_hmac = zt_kbkdf_hmac_sha384(&base_key.0, KBKDF_KEY_USAGE_LABEL_PACKET_HMAC, 0, 0);
let usage_ephemeral_ratchet = zt_kbkdf_hmac_sha384(&base_key.0, KBKDF_KEY_USAGE_LABEL_EPHEMERAL_RATCHET, 0, 0); let usage_ephemeral_ratchet = zt_kbkdf_hmac_sha384(&base_key.0, KBKDF_KEY_USAGE_LABEL_EPHEMERAL_RATCHET, 0, 0);