Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CID encryption and rotation #78

Closed
kazuho opened this issue Jan 29, 2019 · 1 comment
Closed

CID encryption and rotation #78

kazuho opened this issue Jan 29, 2019 · 1 comment

Comments

@kazuho
Copy link
Member

kazuho commented Jan 29, 2019

Using a structure like below:

struct PerServerCID {
    uint8_t version;           // hard-coded to zero
    uint16_t process_id : 4;   // for forwarding packets to the correct process
    uint16_t thread_id : 12;   // for forwarding packet to the correct thread
    uint32_t conn_id;          // unique ID per connection
    uint8_t  path_id;          // path id
};

struct CIDPlaintext {
    uint32_t     server_id[4];  // for forwarding packets to the correct server
    uint32_t     zero;
    PerServerCID per_server;
};

CID = AES_ECB(key_id || AES_ECB(key, CIDPlaintext))

Design requirements:

  • use 4-byte server ID (to store internal IP address of each server)
  • 4-byte zero to detect bogus CIDs
  • 8-byte per-server CID to support 9-byte CID when running on a single server (using 64-bit cipher)
  • encode path_id directly, to avoid adding multiple entries to the CID -> connection hashmap
@kazuho kazuho mentioned this issue Feb 21, 2019
Open
@kazuho
Copy link
Member Author

kazuho commented Feb 21, 2019

partially closed by #85, leftovers to be handled in #92.

@kazuho kazuho closed this as completed Feb 21, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kazuho