summaryrefslogtreecommitdiffhomepage
path: root/docs/architecture.md
diff options
context:
space:
mode:
authorDavid Lönnhager <david.l@mullvad.net>2023-02-28 10:09:54 +0100
committerDavid Lönnhager <david.l@mullvad.net>2023-02-28 10:09:54 +0100
commitdc10117f1cf3ed0cc8a26f4066844778bb061263 (patch)
treea81f034861f02fb0c4eb5dc11b3065c1d652851f /docs/architecture.md
parentace5f82b50c6165f0c7f0023a0f4d5aab030d0bd (diff)
parent8eb6c3dd395ed7a451908cee5a4708066ed0b029 (diff)
downloadmullvadvpn-dc10117f1cf3ed0cc8a26f4066844778bb061263.tar.xz
mullvadvpn-dc10117f1cf3ed0cc8a26f4066844778bb061263.zip
Merge branch 'pq-multihop'
Diffstat (limited to 'docs/architecture.md')
-rw-r--r--docs/architecture.md25
1 files changed, 25 insertions, 0 deletions
diff --git a/docs/architecture.md b/docs/architecture.md
index 22b3ac394d..4837758a45 100644
--- a/docs/architecture.md
+++ b/docs/architecture.md
@@ -190,6 +190,31 @@ metadata that might be useful.
### Firewall integration
+### Connection logic
+
+#### Quantum-resistant tunnels
+
+To establish a quantum-resistant tunnel, a pre-shared key (PSK) is derived using a quantum-safe
+key encapsulation mechanism (KEM) with the relay. This is achieved by initiating a regular
+WireGuard tunnel to the relay and deriving the PSK within the tunnel.
+The PSK is stored in memory on the relay and the client, along with a new client generated ephemeral
+WireGuard key. Subsequently, a new tunnel is created using the new WireGuard key and the PSK,
+ensuring that the tunnel is quantum-resistant.
+See the [protocol definition file](../talpid-tunnel-config-client/proto/tunnel_config.proto) for
+more details on the protocol.
+
+#### Quantum-resistant tunnels & Multihop
+
+To create a multihop tunnel where both hops are quantum resistant the client must negotiate a unique
+PSK with both the entry and the exit relay separately. It must use the same ephemeral WireGuard key
+on both relays since the end result (just as with regular multihop tunnels) is two peers on a
+single WireGuard interface, which can only have a single key for the local peer.
+
+The PSKs are established by first creating a regular multihop tunnel to the exit via the entry relay
+and negotiate a PSK with the exit. Then establish a regular tunnel to just the entry and negotiate a
+PSK with it. Lastly the client can set up a multihop tunnel using the new ephemeral WireGuard key
+and the two PSKs via the entry to the exit.
+
### Detecting device offline
The tunnel state machine has an offline monitor that tries to detect when a device will certainly