[noise] Re-keying CipherState's
Rhys Weatherley
rhys.weatherley at gmail.com
Thu Dec 29 14:39:45 PST 2016
After posting my previous message, I thought a bit more about
re-negotiation of keys during a session.
Using resumption keys and a completely new NoisePSK_NN handshake may be a
bit heavy. And it is difficult to co-ordinate between the two directions
when they should stop using the previous keys and re-negotiate.
CipherState.Rekey():
- If k is empty or n is 2^64-1, then signal and error and fail.
- Set temp to the first 32 bytes of ENCRYPT(k, n, [], zeroes) where
zeroes is a sequence of 32 zero bytes.
- InitializeKey(temp)
Essentially, this is generating a resumption key with an earlier nonce
value than the special 2^64-1 value for generating cross-session PSK's.
This makes it easier to implement re-negotiation in a direction-independent
manner. For example:
Sender:
- If the total number of bytes sent so far in this direction is >1Gb,
then call Rekey() and send the next packet with type 2 instead of type 0.
And reset the byte count for this direction to 0.
Receiver:
- If the incoming packet has type 2, then call Rekey() for the direction
and reset the byte count to zero.
- If the total number of bytes received so far in this direction is >(1Gb
+ 64K), then abort the connection because an expected re-negotiation did
not occur.
Thoughts?
Cheers,
Rhys.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20161230/e69e77e9/attachment.html>
More information about the Noise
mailing list