New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support concurrent SAs per route #47

Merged
merged 16 commits into from Sep 26, 2018

Conversation

Projects
None yet
1 participant
@eugeneia
Copy link
Member

eugeneia commented Aug 1, 2018

This bumps the SKE protocol to version 1i, adding support for negotiating child SPIs. The KeyManager app and data-plane are updated to retain the previous inbound SA throughout the rekeying to support cycling of keys without dropping in-flight packets that belong to the old SA.

Depends on: #46

Resolves: #44

eugeneia added some commits May 18, 2018

KeyManager: update to vita-ske-1h
A new version of Vita’s simple key exchange protocol and its implementation.

Changes:

Instead of using parts of the derived ephemeral key material as salts (as used
in RFC 4106) derive the salts from the authenticated nonces.Rationale: the
salts are public and it was suspicious and confusing that they were part of the
negotiated secret keys when they need not to be. Instead we do the obvious and
use part of the authenticated, unpredictable nonces that are exchanged during
the protocol for salts, and derive four bytes less ephemeral key material for
each key.
Revert "KeyManager: update to vita-ske-1h"
This reverts commit 727f772 but keeps
reasonable documentation changes and valid assertions.
vita: support two concurrent inbound SAs per route
This commit bumps the SKE protocol to version 1i, adding support for
negotiating child SPIs. The KeyManager app and data-plane are updated to retain
the previous inbound SA throughout the rekeying to support cycling of keys
without dropping in-flight packets that belong to the old SA.

eugeneia added some commits Aug 6, 2018

Merge branch 'vita-ptree3' into vita-concurrent-sa
This pulls in snabbco#1376 (lib.yang.data: represent some number-keyed
lists as Lua tables) and updates this branch accordingly.
KeyManager: increment message_type 'key'
Increments the Transport header message type for key messages to indicate the
changes introduced in da3d8e6 (vita: support two concurrent inbound SAs per
route).
Merge branch 'vita-ske-1h' into vita-concurrent-sa
Cherry pick sensible auxillary changes from vita-ske-1h branch.

eugeneia added a commit that referenced this pull request Sep 11, 2018

@eugeneia eugeneia merged commit dbde27c into inters:master Sep 26, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

eugeneia added a commit that referenced this pull request Sep 26, 2018

eugeneia added a commit that referenced this pull request Oct 10, 2018

PublicRouter: fix regression introduced in #47 (concurrent SAs)
Failure to run :link() in :reconfig() caused inconsistent FIB states.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment