<feed xmlns='http://www.w3.org/2005/Atom'>
<title>ouroboros/include, branch be</title>
<subtitle>Ouroboros main repository</subtitle>
<id>http://133.ip-51-38-114.eu/cgit/ouroboros/atom?h=be</id>
<link rel='self' href='http://133.ip-51-38-114.eu/cgit/ouroboros/atom?h=be'/>
<link rel='alternate' type='text/html' href='http://133.ip-51-38-114.eu/cgit/ouroboros/'/>
<updated>2026-06-29T06:32:59+00:00</updated>
<entry>
<title>irmd: Complete bidirectional flow re-keying</title>
<updated>2026-06-29T06:32:59+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T11:35:45+00:00</published>
<link rel='alternate' type='text/html' href='http://133.ip-51-38-114.eu/cgit/ouroboros/commit/?id=110d3ed8526197bd866e02199bfeae7569d73d8d'/>
<id>urn:sha1:110d3ed8526197bd866e02199bfeae7569d73d8d</id>
<content type='text'>
Extend re-key delivery beyond the locally-initiated watermark path:

Handle peer-initiated re-key requests, allowing one request and one
response per flow at a time. The client side wins if both ends try to
re-key at the same time. Caches the peer certificate to support
cert-less authenticated/signed re-keys.

After a rekey, the initiator promotes first (timer) and starts sending
under the new key. The responder observes the new key (peer_synced)
and then the responder promotes. The responder will self-decide to use
the new keys if it exhausted the older set in the case where it never
sees the peer (unidirectional flow).

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>lib: Add constant-time comparison helper</title>
<updated>2026-06-29T06:32:59+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T11:20:30+00:00</published>
<link rel='alternate' type='text/html' href='http://133.ip-51-38-114.eu/cgit/ouroboros/commit/?id=84e1a6c0e9f6a7aed3c367e5b6fce029db0fc453'/>
<id>urn:sha1:84e1a6c0e9f6a7aed3c367e5b6fce029db0fc453</id>
<content type='text'>
Add a function crypt_ct_cmp() that wraps CRYPTO_memcmp (OpenSSL) with
a volatile-loop fallback, for comparing authentication tags without
leaking timing.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>lib: Group sec_config authentication fields</title>
<updated>2026-06-29T06:32:59+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T11:18:35+00:00</published>
<link rel='alternate' type='text/html' href='http://133.ip-51-38-114.eu/cgit/ouroboros/commit/?id=a169a1cef5332a409efc2db07bcc1ae9b72f217e'/>
<id>urn:sha1:a169a1cef5332a409efc2db07bcc1ae9b72f217e</id>
<content type='text'>
Nest the flat req_auth and cacert members of struct sec_config into a
sub-struct a { req; cacert; }, keeping the authentication settings
together.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>config: Rename enc.conf to sec.conf</title>
<updated>2026-06-29T06:32:59+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T11:03:36+00:00</published>
<link rel='alternate' type='text/html' href='http://133.ip-51-38-114.eu/cgit/ouroboros/commit/?id=47034834790e778f28b082842b3ed1c7bd44f29a'/>
<id>urn:sha1:47034834790e778f28b082842b3ed1c7bd44f29a</id>
<content type='text'>
The per-name config file holds more than encryption settings (KEX,
cipher, KDF, peer authentication), so renamed it from enc.conf to
sec.conf and the code internals to match.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>lib: Guard logging against thread cancellation</title>
<updated>2026-06-29T06:32:59+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T10:46:27+00:00</published>
<link rel='alternate' type='text/html' href='http://133.ip-51-38-114.eu/cgit/ouroboros/commit/?id=e42a24f39afe15c5ac579fa519df98643d4fc6dd'/>
<id>urn:sha1:e42a24f39afe15c5ac579fa519df98643d4fc6dd</id>
<content type='text'>
POSIX defines printf() and syslog() as possible cancellation
points. This hardens thread cancellation cleanup by wrapping the log
macros in pthread_setcancelstate(PTHREAD_CANCEL_DISABLE) and restores
the prior cancel state afterwards.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>lib: Add MurmurHash3 hash_mix64 for hash tables</title>
<updated>2026-06-29T06:32:59+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T10:38:06+00:00</published>
<link rel='alternate' type='text/html' href='http://133.ip-51-38-114.eu/cgit/ouroboros/commit/?id=b46359c11b879d610997eb1e9069e943e19c4244'/>
<id>urn:sha1:b46359c11b879d610997eb1e9069e943e19c4244</id>
<content type='text'>
Adds a (non-cryptographic) MurmurHash3 fmix64 finalizer for hashing an
integer key to a table index, replacing the MD5-based bucket hashing
in the pft.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>irmd: Deliver flow re-keying</title>
<updated>2026-06-29T06:32:58+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-14T14:16:03+00:00</published>
<link rel='alternate' type='text/html' href='http://133.ip-51-38-114.eu/cgit/ouroboros/commit/?id=fdb50b8256f1038d5bc4f906b41605cacc769bf4'/>
<id>urn:sha1:fdb50b8256f1038d5bc4f906b41605cacc769bf4</id>
<content type='text'>
Re-key each encrypted flow's batch root periodically so a long-lived
flow never exhausts or over-uses a single root. The IRMd re-runs the
OAP exchange with the peer IRMd over the flow-update relay. The
per-flow re-keying state is tracked in the registry (reg_flow).

A re-key delivers one root seed from the OAP exchange. keyrot
immediately HKDF-expands it into 128 node keys (KR_NODES_SZ = 128 × 32
B) and wipes the root. Then each of the 128 node keys is itself a root
→ HKDF-expanded into 64 (2^KEY_NODE_BITS) leaf keys, forked per
direction; each leaf key is the actual AEAD key, good for 2^20 packets
(the low counter bits are its nonce/seq). If the number of keys runs
low, a re-key will be triggered (KEY_REKEY_WATERMARK).

The rekey is signalled out of band to the application. The rbuff ACL
is generalized into a flags word, so an RB_REKEY bit rides alongside
the access RB_RD/RB_WR and FLOWDOWN/FLOWPEER bits. The RD and WR bits
are revised ditching the fcntl historical weirdness. The seed is
pulled via flow_read/flow_write, installed with crypt_rekey(). TX
holds the old epoch until the peer is observed on the new one (or a
grace deadline elapses), promoted from both the read and write paths
so a recv-mostly flow still advances.

Also fix the FLOW_ACCEPT and FLOW_ALLOC handlers, which on a key-buffer
allocation failure returned from inside the cleanup-push region: that
leaked the reply message and skipped both the stack-key scrub and the
cleanup pop.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>ipcpd: Add flow-update relay</title>
<updated>2026-06-29T06:32:58+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-14T14:00:30+00:00</published>
<link rel='alternate' type='text/html' href='http://133.ip-51-38-114.eu/cgit/ouroboros/commit/?id=c386d9b7caa56f472fdce20ff5b2841ed41dd539'/>
<id>urn:sha1:c386d9b7caa56f472fdce20ff5b2841ed41dd539</id>
<content type='text'>
This adds an ipcp_flow_update() call to relay opaque messages between
the two IRMds (carried by FLOW_IRM_UPDATE messages), which passes it
back up to the peer IRMd via ipcp_flow_update_arr(). The broadcast
layer does not implement this.

Needed for periodic re-keying of encrypted flows via OAP.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>lib: Harden symmetric-key rotation</title>
<updated>2026-06-29T06:32:58+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-13T08:18:17+00:00</published>
<link rel='alternate' type='text/html' href='http://133.ip-51-38-114.eu/cgit/ouroboros/commit/?id=22e2380b09730a2f18deefd688585edb430d3299'/>
<id>urn:sha1:22e2380b09730a2f18deefd688585edb430d3299</id>
<content type='text'>
Flow crypto signalled rotation with a single phase-parity bit, so a
loss burst that hid an even number of rotations went unnoticed and
wedged the flow for good.

Each packet now carries a small cleartext selector naming its key
directly, so a receiver that falls behind recovers on the next packet
instead of getting stuck.

The selector also serves as the AEAD nonce and is authenticated as
associated data (AAD). Key rotation moves into a new backend-agnostic
keyrot module that rotates sub-keys to bound AEAD usage while
preserving forward secrecy.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>irmd: Fail OAP config load on read errors</title>
<updated>2026-06-29T06:32:58+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-12T19:19:25+00:00</published>
<link rel='alternate' type='text/html' href='http://133.ip-51-38-114.eu/cgit/ouroboros/commit/?id=df14e6cc81c296d91e9124cd09f25a83defb522f'/>
<id>urn:sha1:df14e6cc81c296d91e9124cd09f25a83defb522f</id>
<content type='text'>
load_sec_config_file() treated any fopen() failure as an absent
config and silently disabled encryption.

file_exists() similarly lumped non-ENOENT stat() errors in with
"present".

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
</feed>
