Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UDP Encryption #120

Open
markmandel opened this issue Oct 28, 2020 · 9 comments
Open

UDP Encryption #120

markmandel opened this issue Oct 28, 2020 · 9 comments
Labels
help wanted Extra attention is needed kind/feature New feature or request priority/medium Issues that we want to resolve, but don't require immediate resolution.

Comments

@markmandel
Copy link
Contributor

This is a placeholder issue to put links for various libraries, ideas and research into encryption for UDP.
@markmandel markmandel added the kind/feature New feature or request label Oct 28, 2020
@markmandel
Copy link
Contributor Author

markmandel commented Oct 28, 2020
edited
Loading

@luna-duclos
Copy link
Collaborator

I think we should seriously look at implementing curvecp in rust and using it for our needs, the spec is detailed at http://curvecp.org/ and we should at least go over it and see if its viable for us

@luna-duclos
Copy link
Collaborator

There is a poc implementation of curvecp here: https://github.com/sovrin-foundation/rust-curvecp-poc

@markmandel
Copy link
Contributor Author

I didn't realise it, but QUIC has an unreliable packet extension, which is implemented by Quinn

And quinn is built on Tokio, so same async stack.

@markmandel
Copy link
Contributor Author

Reviewing https://github.com/ValveSoftware/GameNetworkingSockets

Encryption. AES-GCM-256 per packet, Curve25519 for
key exchange and cert signatures. The details for shared key derivation and
per-packet IV are based on the design
used by Google's QUIC protocol.

@markmandel
Copy link
Contributor Author

How easy is it to port libsodium around? (It is used in netcode.io so I'm figuring it's pretty good?)

Getting a lot of internal feedback that "to be secure, the libraries have to reach for at least C to have appropriate functionality" - so rusttls is fine, bindings to libsodium, bindings to BoringSSL for example would be ideal.

@markmandel
Copy link
Contributor Author

Getting lots of push from security folks I pinged to use BoringSSL or a variant - so https://github.com/google/mundane might be a good fit, or https://github.com/briansmith/ring directly.

(Just throwing this all down so I don't forget it)

@markmandel markmandel changed the title UDP Encyrption UDP Encryption Nov 2, 2020
@markmandel markmandel added the help wanted Extra attention is needed label Nov 25, 2020
@XAMPPRocky
Copy link
Collaborator

How is this issue different from #30? Seems to me that DTLS is UDP encryption.

@markmandel
Copy link
Contributor Author

How is this issue different from #30? Seems to me that DTLS is UDP encryption.

Given that there's really no standard for UDP encryption for games -- I think it makes sense to track separately. There are probably several encryption possibilities we could discuss and examine for UDP security (I expect once we release there will be many opinions on this) - one of which being DTLS.

@XAMPPRocky XAMPPRocky added the priority/medium Issues that we want to resolve, but don't require immediate resolution. label Jul 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed kind/feature New feature or request priority/medium Issues that we want to resolve, but don't require immediate resolution.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@markmandel @XAMPPRocky @luna-duclos