[noise] Generic fallback handling

Trevor Perrin trevp at trevp.net
Thu May 26 08:39:17 PDT 2016

Rhys wrote:
> I can see two possible approaches to generalize this: fallback tokens and pre-message analysis.
> Fallback tokens would be similar to message tokens, but instead define the primitive actions to perform for a specific before/after pattern pair.  For example, "clear-rs", "swap-roles", "keep-init-e", ... The downside of this is the O(n^2) nature - each potential pair needs a fallback token sequence defined.
> The other approach is pre-message analysis: look at the arguments and pre-messages for the new pattern.  Clear any key that is no longer required, and check that required keys are already present in the HandshakeState.  Each requirement is dealt with separately with a keep/clear decision for each.
> Pre-message analysis would allow fallbacks between lots of existing patterns. 

I'm leaning toward the second approach - use notation like "XX/IK" to indicate a pipe-like protocol, with rules like you suggest to auto-specify the fallback pattern.  Ideally we could extend this to PSK as well, so have things like "NX/PSK_NN".

Seems doable, though haven't looked at details.  Hopefully I can have some draft text for that next week.


More information about the Noise mailing list