Struct network::noise::handshake::AntiReplayTimestamps
source · pub struct AntiReplayTimestamps(_);
Expand description
In a mutually authenticated network, a client message is accompanied with a timestamp. This is in order to prevent replay attacks, where the attacker does not know the client’s static key, but can still replay a handshake message in order to force a peer into performing a few Diffie-Hellman key exchange operations.
Thus, to prevent replay attacks a responder will always check if the timestamp is strictly increasing, effectively considering it as a stateful counter.
If the client timestamp has been seen before, or is not strictly increasing, we can abort the handshake early and avoid heavy Diffie-Hellman computations. If the client timestamp is valid, we store it.
Implementations§
source§impl AntiReplayTimestamps
impl AntiReplayTimestamps
sourcepub const TIMESTAMP_SIZE: usize = 8usize
pub const TIMESTAMP_SIZE: usize = 8usize
The timestamp is sent as a payload, so that it is encrypted. Note that a millisecond value is a 16-byte value in rust, but as we use it to store a duration since UNIX_EPOCH we will never use more than 8 bytes.
sourcepub fn is_replay(&self, pubkey: PublicKey, timestamp: u64) -> bool
pub fn is_replay(&self, pubkey: PublicKey, timestamp: u64) -> bool
Returns true if the timestamp has already been observed for this peer or if it’s an old timestamp
sourcepub fn store_timestamp(&mut self, pubkey: PublicKey, timestamp: u64)
pub fn store_timestamp(&mut self, pubkey: PublicKey, timestamp: u64)
Stores the timestamp