<feed xmlns='http://www.w3.org/2005/Atom'>
<title>ouroboros/src/irmd, branch be</title>
<subtitle>Ouroboros main repository</subtitle>
<id>http://www.ouroboros.rocks/cgit/ouroboros/atom?h=be</id>
<link rel='self' href='http://www.ouroboros.rocks/cgit/ouroboros/atom?h=be'/>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/'/>
<updated>2026-06-29T06:33:00+00:00</updated>
<entry>
<title>oap: Rename kex_config loaders to sec_config</title>
<updated>2026-06-29T06:33:00+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T12:18:38+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=4b16f7b9ba95f7e24ff443e5b215c2823c1387f7'/>
<id>urn:sha1:4b16f7b9ba95f7e24ff443e5b215c2823c1387f7</id>
<content type='text'>
Leftover from the kex_config-&gt;enc_config-&gt;sec_config rename. Finished
by renames load_kex_config and the cli/srv variants to
load_sec_config, the kcfg variables to scfg, and fixes the "KEX
config"/"encryption config" comments.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>irmd: Harden OAP handshake and add cert-less re-key</title>
<updated>2026-06-29T06:33:00+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T12:07:00+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=55a8136859d82d9bdb8f85abb25290177ca7e561'/>
<id>urn:sha1:55a8136859d82d9bdb8f85abb25290177ca7e561</id>
<content type='text'>
Adds support for:

Server key confirmation: the session key is bound to the
negotiated algorithm via the HKDF info. The server returns a
key-confirmation tag (rsp_tag, replacing the bare request-hash echo),
so a cipher downgrade or key desync is detected. The cleartext path
keeps a request echo, compared in constant time.

Sealed server identity: AEAD-seal the certificate, signature and
piggybacked data in the encrypted response (kex and rsp_tag move
ahead as AAD), hiding the server identity and response sizes.

Cert-less re-key: let the client omit its certificate, verifying the
peer against the cached certificate. On PQC flows, ephemeral
server-encap KEX (preserving forward secrecy) is used, even if the
original flow allocation was client-encap.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>irmd: Reject unsupported OAP kex and cipher</title>
<updated>2026-06-29T06:33:00+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T11:58:39+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=552a4c4469db1cedacc02eb4f9969afe73e0fb42'/>
<id>urn:sha1:552a4c4469db1cedacc02eb4f9969afe73e0fb42</id>
<content type='text'>
Validate the configured key exchange and cipher against the supported
ranks (returning ENOTSUP) instead of only rejecting an undefined
cipher NID, so an unsupported algorithm is caught at config load.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>irmd: Complete bidirectional flow re-keying</title>
<updated>2026-06-29T06:32:59+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T11:35:45+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=110d3ed8526197bd866e02199bfeae7569d73d8d'/>
<id>urn:sha1:110d3ed8526197bd866e02199bfeae7569d73d8d</id>
<content type='text'>
Extend re-key delivery beyond the locally-initiated watermark path:

Handle peer-initiated re-key requests, allowing one request and one
response per flow at a time. The client side wins if both ends try to
re-key at the same time. Caches the peer certificate to support
cert-less authenticated/signed re-keys.

After a rekey, the initiator promotes first (timer) and starts sending
under the new key. The responder observes the new key (peer_synced)
and then the responder promotes. The responder will self-decide to use
the new keys if it exhausted the older set in the case where it never
sees the peer (unidirectional flow).

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>lib: Group sec_config authentication fields</title>
<updated>2026-06-29T06:32:59+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T11:18:35+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=a169a1cef5332a409efc2db07bcc1ae9b72f217e'/>
<id>urn:sha1:a169a1cef5332a409efc2db07bcc1ae9b72f217e</id>
<content type='text'>
Nest the flat req_auth and cacert members of struct sec_config into a
sub-struct a { req; cacert; }, keeping the authentication settings
together.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>config: Rename enc.conf to sec.conf</title>
<updated>2026-06-29T06:32:59+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-21T11:03:36+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=47034834790e778f28b082842b3ed1c7bd44f29a'/>
<id>urn:sha1:47034834790e778f28b082842b3ed1c7bd44f29a</id>
<content type='text'>
The per-name config file holds more than encryption settings (KEX,
cipher, KDF, peer authentication), so renamed it from enc.conf to
sec.conf and the code internals to match.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>irmd: Deliver flow re-keying</title>
<updated>2026-06-29T06:32:58+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-14T14:16:03+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=fdb50b8256f1038d5bc4f906b41605cacc769bf4'/>
<id>urn:sha1:fdb50b8256f1038d5bc4f906b41605cacc769bf4</id>
<content type='text'>
Re-key each encrypted flow's batch root periodically so a long-lived
flow never exhausts or over-uses a single root. The IRMd re-runs the
OAP exchange with the peer IRMd over the flow-update relay. The
per-flow re-keying state is tracked in the registry (reg_flow).

A re-key delivers one root seed from the OAP exchange. keyrot
immediately HKDF-expands it into 128 node keys (KR_NODES_SZ = 128 × 32
B) and wipes the root. Then each of the 128 node keys is itself a root
→ HKDF-expanded into 64 (2^KEY_NODE_BITS) leaf keys, forked per
direction; each leaf key is the actual AEAD key, good for 2^20 packets
(the low counter bits are its nonce/seq). If the number of keys runs
low, a re-key will be triggered (KEY_REKEY_WATERMARK).

The rekey is signalled out of band to the application. The rbuff ACL
is generalized into a flags word, so an RB_REKEY bit rides alongside
the access RB_RD/RB_WR and FLOWDOWN/FLOWPEER bits. The RD and WR bits
are revised ditching the fcntl historical weirdness. The seed is
pulled via flow_read/flow_write, installed with crypt_rekey(). TX
holds the old epoch until the peer is observed on the new one (or a
grace deadline elapses), promoted from both the read and write paths
so a recv-mostly flow still advances.

Also fix the FLOW_ACCEPT and FLOW_ALLOC handlers, which on a key-buffer
allocation failure returned from inside the cleanup-push region: that
leaked the reply message and skipped both the stack-key scrub and the
cleanup pop.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>ipcpd: Add flow-update relay</title>
<updated>2026-06-29T06:32:58+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-14T14:00:30+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=c386d9b7caa56f472fdce20ff5b2841ed41dd539'/>
<id>urn:sha1:c386d9b7caa56f472fdce20ff5b2841ed41dd539</id>
<content type='text'>
This adds an ipcp_flow_update() call to relay opaque messages between
the two IRMds (carried by FLOW_IRM_UPDATE messages), which passes it
back up to the peer IRMd via ipcp_flow_update_arr(). The broadcast
layer does not implement this.

Needed for periodic re-keying of encrypted flows via OAP.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>lib: Harden symmetric-key rotation</title>
<updated>2026-06-29T06:32:58+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-13T08:18:17+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=22e2380b09730a2f18deefd688585edb430d3299'/>
<id>urn:sha1:22e2380b09730a2f18deefd688585edb430d3299</id>
<content type='text'>
Flow crypto signalled rotation with a single phase-parity bit, so a
loss burst that hid an even number of rotations went unnoticed and
wedged the flow for good.

Each packet now carries a small cleartext selector naming its key
directly, so a receiver that falls behind recovers on the next packet
instead of getting stuck.

The selector also serves as the AEAD nonce and is authenticated as
associated data (AAD). Key rotation moves into a new backend-agnostic
keyrot module that rotates sub-keys to bound AEAD usage while
preserving forward secrecy.

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
<entry>
<title>irmd: Fail OAP config load on read errors</title>
<updated>2026-06-29T06:32:58+00:00</updated>
<author>
<name>Dimitri Staessens</name>
<email>dimitri@ouroboros.rocks</email>
</author>
<published>2026-06-12T19:19:25+00:00</published>
<link rel='alternate' type='text/html' href='http://www.ouroboros.rocks/cgit/ouroboros/commit/?id=df14e6cc81c296d91e9124cd09f25a83defb522f'/>
<id>urn:sha1:df14e6cc81c296d91e9124cd09f25a83defb522f</id>
<content type='text'>
load_sec_config_file() treated any fopen() failure as an absent
config and silently disabled encryption.

file_exists() similarly lumped non-ENOENT stat() errors in with
"present".

Signed-off-by: Dimitri Staessens &lt;dimitri@ouroboros.rocks&gt;
Signed-off-by: Sander Vrijders &lt;sander@ouroboros.rocks&gt;
</content>
</entry>
</feed>
