diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2026-06-21 13:35:45 +0200 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2026-06-29 08:32:59 +0200 |
| commit | 110d3ed8526197bd866e02199bfeae7569d73d8d (patch) | |
| tree | 2f1cd02c69dd6b7e1bf4924b488505f570e5c2b1 /include | |
| parent | 84e1a6c0e9f6a7aed3c367e5b6fce029db0fc453 (diff) | |
| download | ouroboros-110d3ed8526197bd866e02199bfeae7569d73d8d.tar.gz ouroboros-110d3ed8526197bd866e02199bfeae7569d73d8d.zip | |
irmd: Complete bidirectional flow re-keying
Extend re-key delivery beyond the locally-initiated watermark path:
Handle peer-initiated re-key requests, allowing one request and one
response per flow at a time. The client side wins if both ends try to
re-key at the same time. Caches the peer certificate to support
cert-less authenticated/signed re-keys.
After a rekey, the initiator promotes first (timer) and starts sending
under the new key. The responder observes the new key (peer_synced)
and then the responder promotes. The responder will self-decide to use
the new keys if it exhausted the older set in the case where it never
sees the peer (unidirectional flow).
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'include')
| -rw-r--r-- | include/ouroboros/serdes-irm.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/include/ouroboros/serdes-irm.h b/include/ouroboros/serdes-irm.h index 01c4153c..a5854d5b 100644 --- a/include/ouroboros/serdes-irm.h +++ b/include/ouroboros/serdes-irm.h @@ -75,7 +75,8 @@ int flow_update__irm_req_ser(buffer_t * buf, int flow_rekey__irm_result_des(buffer_t * buf, struct crypt_sk * sk, - bool * has_key); + bool * has_key, + bool * initiator); int ipcp_flow_dealloc__irm_req_ser(buffer_t * buf, const struct flow_info * info); |
