diff options
| author |   dlg <dlg@openbsd.org> | 2015-04-19 12:56:42 +0000 |
|---|---|---|
| committer | dlg <dlg@openbsd.org> | 2015-04-19 12:56:42 +0000 |
| commit | 3ac8a363f0b51dc9474b01d0396fe3e8b9f6955e (patch) | |
| tree | 56b834db919657caf8002ced3f5c55300b0ba07e /lib/libsqlite3/src | |
| parent | add a mac to the timestamp payload and calculate it with siphash. (diff) | |
| download | wireguard-openbsd-3ac8a363f0b51dc9474b01d0396fe3e8b9f6955e.tar.xz wireguard-openbsd-3ac8a363f0b51dc9474b01d0396fe3e8b9f6955e.zip | |
by default fill the ping payload with a chacha stream instead of
an unvarying payload.
each ping process generates a random key, and each packet then uses
the timestamps mac as the IV for the stream.
this allows us to have a different payload per packet that we can
recalculate and compare in the same was as the static payload was
checked before. by aggressively varying the payload we hope to
generate more opportunities for dodgy network equipment to show
errors.
note that we do siphash before chacha because we want to be strict
about the timestamp payload, but we want to be able to recognise
errors in the rest of the payload and where those errors were. doing
chacha before siphash would have us than fail the whole packet if
a checksum doesnt match.
discussed with jp aumasson
ok florian@
Diffstat (limited to 'lib/libsqlite3/src')
0 files changed, 0 insertions, 0 deletions