<feed xmlns='http://www.w3.org/2005/Atom'>
<title>ouroboros, branch be</title>
<subtitle>Ouroboros main repository</subtitle>
<id>http://www.ouroboros.rocks/cgit/ouroboros/atom?h=be</id>
<link rel='self' href='http://www.ouroboros.rocks/cgit/ouroboros/atom?h=be'/>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/'/>
<updated>2026-06-29T06:33:00+00:00</updated>
<entry>
<title>build: Make re-key watermark configurable</title>
<updated>2026-06-29T06:33:00+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-24T10:32:33+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=c59a6d54d6361298018edb021d2da818a6b5f09a'/>
<id>urn:sha1:c59a6d54d6361298018edb021d2da818a6b5f09a</id>
<content type='text'>
KEY_REKEY_WM_CHECK_BITS now controls the watermark check, once per 2^n
flow writes (FLOW_WM_CHECK in dev.c). Now the configuration check
(check watermark &lt; outstanding packets) is contained in lib.cmake
instead of assuming the value of FLOW_WM_CHECK.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>lib: Wipe unpacked session key after copy</title>
<updated>2026-06-29T06:33:00+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T12:50:25+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=451afac626648a4aa534f1dec0f318231dfd8874'/>
<id>urn:sha1:451afac626648a4aa534f1dec0f318231dfd8874</id>
<content type='text'>
Zeroize the symmetric key in the unpacked IRM message once it has been
copied into the crypt context, in both flow__irm_result_des and
flow_rekey__irm_result_des, so key material does not linger in the
protobuf buffer until it is freed.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>oap: Rename kex_config loaders to sec_config</title>
<updated>2026-06-29T06:33:00+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T12:18:38+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=4b16f7b9ba95f7e24ff443e5b215c2823c1387f7'/>
<id>urn:sha1:4b16f7b9ba95f7e24ff443e5b215c2823c1387f7</id>
<content type='text'>
Leftover from the kex_config-&gt;enc_config-&gt;sec_config rename. Finished
by renames load_kex_config and the cli/srv variants to
load_sec_config, the kcfg variables to scfg, and fixes the "KEX
config"/"encryption config" comments.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>irmd: Harden OAP handshake and add cert-less re-key</title>
<updated>2026-06-29T06:33:00+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T12:07:00+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=55a8136859d82d9bdb8f85abb25290177ca7e561'/>
<id>urn:sha1:55a8136859d82d9bdb8f85abb25290177ca7e561</id>
<content type='text'>
Adds support for:

Server key confirmation: the session key is bound to the
negotiated algorithm via the HKDF info. The server returns a
key-confirmation tag (rsp_tag, replacing the bare request-hash echo),
so a cipher downgrade or key desync is detected. The cleartext path
keeps a request echo, compared in constant time.

Sealed server identity: AEAD-seal the certificate, signature and
piggybacked data in the encrypted response (kex and rsp_tag move
ahead as AAD), hiding the server identity and response sizes.

Cert-less re-key: let the client omit its certificate, verifying the
peer against the cached certificate. On PQC flows, ephemeral
server-encap KEX (preserving forward secrecy) is used, even if the
original flow allocation was client-encap.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>irmd: Reject unsupported OAP kex and cipher</title>
<updated>2026-06-29T06:33:00+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T11:58:39+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=552a4c4469db1cedacc02eb4f9969afe73e0fb42'/>
<id>urn:sha1:552a4c4469db1cedacc02eb4f9969afe73e0fb42</id>
<content type='text'>
Validate the configured key exchange and cipher against the supported
ranks (returning ENOTSUP) instead of only rejecting an undefined
cipher NID, so an unsupported algorithm is caught at config load.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>lib: Bound crc_check against short packets</title>
<updated>2026-06-29T06:33:00+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T11:46:01+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=a4cb64c2dea5d1dc4d0f915c160513d0d751a8c4'/>
<id>urn:sha1:a4cb64c2dea5d1dc4d0f915c160513d0d751a8c4</id>
<content type='text'>
Reject a packet shorter than head_skip + CRCLEN before computing the
CRC, instead of hashing over an underflowed length when the buffer is
too small to hold the trailer.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>irmd: Complete bidirectional flow re-keying</title>
<updated>2026-06-29T06:32:59+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T11:35:45+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=110d3ed8526197bd866e02199bfeae7569d73d8d'/>
<id>urn:sha1:110d3ed8526197bd866e02199bfeae7569d73d8d</id>
<content type='text'>
Extend re-key delivery beyond the locally-initiated watermark path:

Handle peer-initiated re-key requests, allowing one request and one
response per flow at a time. The client side wins if both ends try to
re-key at the same time. Caches the peer certificate to support
cert-less authenticated/signed re-keys.

After a rekey, the initiator promotes first (timer) and starts sending
under the new key. The responder observes the new key (peer_synced)
and then the responder promotes. The responder will self-decide to use
the new keys if it exhausted the older set in the case where it never
sees the peer (unidirectional flow).

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>lib: Add constant-time comparison helper</title>
<updated>2026-06-29T06:32:59+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T11:20:30+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=84e1a6c0e9f6a7aed3c367e5b6fce029db0fc453'/>
<id>urn:sha1:84e1a6c0e9f6a7aed3c367e5b6fce029db0fc453</id>
<content type='text'>
Add a function crypt_ct_cmp() that wraps CRYPTO_memcmp (OpenSSL) with
a volatile-loop fallback, for comparing authentication tags without
leaking timing.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>lib: Group sec_config authentication fields</title>
<updated>2026-06-29T06:32:59+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T11:18:35+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=a169a1cef5332a409efc2db07bcc1ae9b72f217e'/>
<id>urn:sha1:a169a1cef5332a409efc2db07bcc1ae9b72f217e</id>
<content type='text'>
Nest the flat req_auth and cacert members of struct sec_config into a
sub-struct a { req; cacert; }, keeping the authentication settings
together.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>config: Rename enc.conf to sec.conf</title>
<updated>2026-06-29T06:32:59+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T11:03:36+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=47034834790e778f28b082842b3ed1c7bd44f29a'/>
<id>urn:sha1:47034834790e778f28b082842b3ed1c7bd44f29a</id>
<content type='text'>
The per-name config file holds more than encryption settings (KEX,
cipher, KDF, peer authentication), so renamed it from enc.conf to
sec.conf and the code internals to match.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
</feed>
