From a5d9c04f821b72e27f196ff2015078f87d4d9a5e Mon Sep 17 00:00:00 2001
From: Dimitri Staessens <dimitri@ouroboros.rocks>
Date: Thu, 22 Jan 2026 23:11:58 +0100
Subject: lib: Add automatic key rotation for encryption

Implement forward-secret key rotation using HKDF key derivation. The
operation is based on QUIC RFC 9001 and wireguard.

Keys rotate every 2^KEY_ROTATION_BIT packets, with the current phase
(P) signaled via controlling a bit in the IV (bit 7, first bit on the
wire). Default 20 (1M packets).

The wire format, after the DT header is:

[ P | random IV ][ encrypted blob ][ AEAD tag ]

Works with and without retransmission, and the FRCT header is fully
contained in the encrypted blob if used.

The receiver detects phase changes and rotates accordingly, keeping
the previous key valid during a grace period. This handles packet
reordering in unreliable flows: the 3/4 period protection window
prevents premature rotation when late packets arrive, while the
1/2 period grace window ensures the old key remains available for
decryption.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
---
 src/lib/config.h.in | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/lib/config.h.in')

diff --git a/src/lib/config.h.in b/src/lib/config.h.in
index b34e6a7b..465068cb 100644
--- a/src/lib/config.h.in
+++ b/src/lib/config.h.in
@@ -97,3 +97,5 @@
 
 #define ACKQ_SLOTS          (@ACK_WHEEL_SLOTS@)
 #define ACKQ_RES            (@ACK_WHEEL_RESOLUTION@)         /* 2^N ns */
+
+#define KEY_ROTATION_BIT    (@KEY_ROTATION_BIT@)             /* Bit for key rotation */
-- 
cgit v1.2.3