Comments (14)
Blake2b was selected as a convenient high-performance modern cryptographic hash function. It's fine to swap it out with another HMAC scheme (it's not even a breaking change) if you think increasing our use of ring is worth it.
from quinn.
I'd actually also have picked Blake2b if all other things were equal. But having one less dependency means less maintenance (and less compile time), and I don't think this particular area of the code is in a particularly hot loop that the difference between Blake2b and HMAC-SHA256 will be noticeable?
from quinn.
Yeah, should be fine. It's ran on small amounts of data for every packet that was successfully parsed but not associated with a connection, and (formerly) for every handshake when using stateless retries. No real hot loop.
from quinn.
I would like to take a look at this issue. What crate does the HMAC-SHA256 algorithm come from?
Edit: found it in the ring crate.
Should it be used like this:
let mut mac = SigningKey::new(&digest::SHA256, key.as_ref());
or this:
let mut mac = hmac::SigningContext::with_key(key.as_ref()).sign();
from quinn.
@kylegalloway great, thanks for working on this! The function that needs changing is here:
https://github.com/djc/quinn/blob/master/quinn-proto/src/crypto.rs#L110
Since (on quick skimming) it seems we're reusing the same key over time, it would probably good to store the SigningKey
in the ListenKeys
and work from that, but @Ralith knows more about this code.
from quinn.
@djc is correct; in particular, the reset
member of ListenKeys
should be replaced with a SigningKey
. Let's use SHA-512/256 rather than SHA-256 for the hash algorithm to take better advantage of current hardware, too.
from quinn.
@kylegalloway are you still interested in working on this? If not, someone else might want to take a swing.
from quinn.
@djc I have gotten really busy recently. Thanks for the opportunity, but if someone else wants to take a swing, please let them.
from quinn.
@kylegalloway no problem, thanks for the quick response.
from quinn.
I'd like to work on this one.
from quinn.
Great! Let me know if you have any questions.
from quinn.
SHA512/256 hash seem to have a size of 32 bytes, but the RESET_TOKEN_SIZE
is 16, the same as stateless_reset_token
field of tls's TransportParameters
. Should the digest be truncated?
from quinn.
OK, so I found in the ietf draft that it is the expected behavior:
The output of this function is truncated to 16 bytes to produce the Stateless Reset Token for that connection.
from quinn.
This is done, thanks again to @stammw.
from quinn.
Related Issues (20)
- Create my own AsyncUdpSocket HOT 1
- "SendableFrames was SendableFrames { acks: false, other: true }, but only ACKs have been written" HOT 11
- Black hole detection false-positives HOT 5
- Expose Packet Decoder? HOT 2
- ReadExactError::FinishedEarly byte count is sometimes incorrect HOT 1
- How to receive data in blocking way HOT 3
- Inconsistent documentation on platform availability of `local_ip` HOT 3
- long running bi stream HOT 5
- seems like quinn 0.11 not working well under heavy load HOT 12
- API for awaiting for stream reset on the reader HOT 5
- build fails on Solaris HOT 1
- Rotation of Connection IDs HOT 5
- How to run insecure connection example? HOT 1
- Weird issue when transferring large file HOT 3
- `ACKs are delivered in order` panic when packets are reordered
- Allow a client to specify Initial Connection ID HOT 2
- Bundle flow control and ACK frames opportunistically
- RTT calculation of connection is pretty unreliable when _just_ using the library as is HOT 8
- `SendStream::stopped` suffers excessive delay in terminating with `ZeroRttRejected`
- Dropping `Endpoint` can cause unnecessary "Incoming dropped without passing to..." warnings
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from quinn.