nonce: switch to RFC6479 to better support packet reordering

With packets hitting multiple cores, a 64bit backtrack was too small. This algorithm increases our backtrack to 1984bits. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2016-06-20 02:02:47 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2016-06-25 16:48:39 +0200
commit: e20c4c14e65e62d21b1ffb78d4a50ae8be7db348 (patch)
tree: 1491cc44555c233430ef45dca108cb9283142a74 /src/noise.h
parent: b448d6f35bf1d3faf961347c23835f7237548065 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/src/noise.h b/src/noise.h
index 65ca9d8..289f60b 100644
--- a/src/noise.h
+++ b/src/noise.h
@@ -37,9 +37,15 @@ enum noise_lengths {
 	NOISE_HASH_LEN = BLAKE2S_OUTBYTES
 };
 
+enum counter_values {
+	COUNTER_BITS_TOTAL = 2048,
+	COUNTER_REDUNDANT_BITS = BITS_PER_LONG,
+	COUNTER_WINDOW_SIZE = COUNTER_BITS_TOTAL - COUNTER_REDUNDANT_BITS
+};
+
 enum wireguard_limits {
 	REKEY_AFTER_MESSAGES = U64_MAX - 0xffff,
-	REJECT_AFTER_MESSAGES = U64_MAX - 0xf, /* It's important that this value is always at *least* one less than U64_MAX. */
+	REJECT_AFTER_MESSAGES = U64_MAX - COUNTER_WINDOW_SIZE - 1,
 	REKEY_TIMEOUT = 5 * HZ,
 	REKEY_AFTER_TIME = 120 * HZ,
 	REJECT_AFTER_TIME = 180 * HZ,
@@ -50,7 +56,7 @@ enum wireguard_limits {
 union noise_counter {
 	struct {
 		u64 counter;
-		unsigned long backtrack;
+		unsigned long backtrack[COUNTER_BITS_TOTAL / BITS_PER_LONG];
 		spinlock_t lock;
 	} receive;
 	atomic64_t counter;
author	Jason A. Donenfeld <Jason@zx2c4.com>	2016-06-20 02:02:47 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2016-06-25 16:48:39 +0200
commit	e20c4c14e65e62d21b1ffb78d4a50ae8be7db348 (patch)
tree	1491cc44555c233430ef45dca108cb9283142a74 /src/noise.h
parent	b448d6f35bf1d3faf961347c23835f7237548065 (diff)