![]() ![]() If a packet has been received from a given peer, but we have not sent one back to the given peer in KEEPALIVE ms, we send an empty packet.A handshake initiation is retried after REKEY_TIMEOUT + jitter ms, if a response has not been received, where jitter is some random value between 0 and 333 ms.You don't need to worry about asking it to reconnect or disconnect or reinitialize, or anything of that nature. In other words, you bring the device up, and everything else is handled for you automatically. It uses a separate packet queue per host, so that it can minimize packet loss during handshakes while providing steady performance for all clients. There is a clever pulse mechanism to ensure that the latest keys and handshakes are up to date, renegotiating when needed, by automatically detecting when handshakes are out of date. It is done based on time, and not based on the contents of prior packets, because it is designed to deal gracefully with packet loss. This handshake occurs every few minutes, in order to provide rotating keys for perfect forward secrecy. HKDF for key derivation, as described in RFC5869Īny secure protocol requires some state to be kept, so there is an initial very simple handshake that establishes symmetric keys to be used for data transfer.BLAKE2s for hashing and keyed hashing, described in RFC7693.ChaCha20 for symmetric encryption, authenticated with Poly1305, using RFC7539's AEAD construction.The following protocols and primitives are used: For just a quick & dirty overview, read onward here. Much more information may be found in the technical whitepaper. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |