lib: Add automatic key rotation for encryption

Implement forward-secret key rotation using HKDF key derivation. The
operation is based on QUIC RFC 9001 and wireguard.

Keys rotate every 2^KEY_ROTATION_BIT packets, with the current phase
(P) signaled via controlling a bit in the IV (bit 7, first bit on the
wire). Default 20 (1M packets).

The wire format, after the DT header is:

[ P | random IV ][ encrypted blob ][ AEAD tag ]

Works with and without retransmission, and the FRCT header is fully
contained in the encrypted blob if used.

The receiver detects phase changes and rotates accordingly, keeping
the previous key valid during a grace period. This handles packet
reordering in unreliable flows: the 3/4 period protection window
prevents premature rotation when late packets arrive, while the
1/2 period grace window ensures the old key remains available for
decryption.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>

1 files changed, 2 insertions, 0 deletions

diff --git a/cmake/lib/lib.cmake b/cmake/lib/lib.cmake
index 674d8503..bb24d1b9 100644
--- a/cmake/lib/lib.cmake
+++ b/cmake/lib/lib.cmake
@@ -85,6 +85,8 @@ set(TPM_DEBUG_REPORT_INTERVAL 0 CACHE STRING
   "Interval at wich the TPM will report long running threads (s), 0 disables")
 set(TPM_DEBUG_ABORT_TIMEOUT 0 CACHE STRING
   "TPM abort process after a thread reaches this timeout (s), 0 disables")
+set(KEY_ROTATION_BIT 20 CACHE STRING
+  "Bit position in packet counter that triggers key rotation (default 20 = every 2^20 packets)")
 
 if (HAVE_FUSE)
   set(PROC_FLOW_STATS TRUE CACHE BOOL