Add optional cipher/hmac algo remodulate on rekey

xsnet/consts.go

@@ -122,5 +122,19 @@ const (
 	HmacNoneDisallowed
 )
 
+// Conn opts outside of basic kex/cipher/hmac connect config
+const (
+	CONone              = iota
+	CORemodulateShields // if set, rekeying also reselects random cipher/hmac alg
+)
+
+type COValue uint32
+
 // Available HMACs for hkex.Conn
 type CSHmacAlg uint32
+
+// Some bounds-checking consts
+const (
+	REKEY_SECS_MIN       = 1
+	CHAFF_FREQ_MSECS_MIN = 1
+)