diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-06-20 02:02:47 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-06-25 16:48:39 +0200 |
commit | cec43eced713e32c28c1b557e3c7f066570f81d3 (patch) | |
tree | e2ebdf289c8a9d2755acf4b7572d8097e4bfd80d /src/noise.h | |
parent | Initial commit (diff) | |
download | wireguard-monolithic-historical-cec43eced713e32c28c1b557e3c7f066570f81d3.tar.xz wireguard-monolithic-historical-cec43eced713e32c28c1b557e3c7f066570f81d3.zip |
nonce: switch to RFC6479 to better support packet reordering
With packets hitting multiple cores, a 64bit backtrack was too small.
This algorithm increases our backtrack to 1984bits.
Diffstat (limited to 'src/noise.h')
-rw-r--r-- | src/noise.h | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/noise.h b/src/noise.h index 65ca9d8..289f60b 100644 --- a/src/noise.h +++ b/src/noise.h @@ -37,9 +37,15 @@ enum noise_lengths { NOISE_HASH_LEN = BLAKE2S_OUTBYTES }; +enum counter_values { + COUNTER_BITS_TOTAL = 2048, + COUNTER_REDUNDANT_BITS = BITS_PER_LONG, + COUNTER_WINDOW_SIZE = COUNTER_BITS_TOTAL - COUNTER_REDUNDANT_BITS +}; + enum wireguard_limits { REKEY_AFTER_MESSAGES = U64_MAX - 0xffff, - REJECT_AFTER_MESSAGES = U64_MAX - 0xf, /* It's important that this value is always at *least* one less than U64_MAX. */ + REJECT_AFTER_MESSAGES = U64_MAX - COUNTER_WINDOW_SIZE - 1, REKEY_TIMEOUT = 5 * HZ, REKEY_AFTER_TIME = 120 * HZ, REJECT_AFTER_TIME = 180 * HZ, @@ -50,7 +56,7 @@ enum wireguard_limits { union noise_counter { struct { u64 counter; - unsigned long backtrack; + unsigned long backtrack[COUNTER_BITS_TOTAL / BITS_PER_LONG]; spinlock_t lock; } receive; atomic64_t counter; |