diff options
| author | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-02-23 20:16:13 +0100 |
|---|---|---|
| committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-02-23 20:16:13 +0100 |
| commit | 54c6ff1c419fffcb12ae33e45208b6dbe8914c02 (patch) | |
| tree | 2b09b7804d19871551b763bdcede76e414d09281 | |
| parent | 48a3812435c15c77c1ae752322cff63c8e0b092d (diff) | |
| download | fastd-54c6ff1c419fffcb12ae33e45208b6dbe8914c02.tar fastd-54c6ff1c419fffcb12ae33e45208b6dbe8914c02.zip | |
Subtract splay time to key refresh interval
A random splay time of up to 5 minutes will ensure that simultaneous handshakes
with many peers are desynchronized as fast as possible.
| -rw-r--r-- | src/config.c | 1 | ||||
| -rw-r--r-- | src/fastd.h | 1 | ||||
| -rw-r--r-- | src/method_aes128_gcm.c | 2 | ||||
| -rw-r--r-- | src/method_xsalsa20_poly1305.c | 2 |
4 files changed, 4 insertions, 2 deletions
diff --git a/src/config.c b/src/config.c index 5bfda15..c866b14 100644 --- a/src/config.c +++ b/src/config.c @@ -114,6 +114,7 @@ static void default_config(fastd_config_t *conf) { conf->method_default = &fastd_method_null; conf->key_valid = 3600; /* 60 minutes */ conf->key_refresh = 3300; /* 55 minutes */ + conf->key_refresh_splay = 300; /* 5 minutes */ #ifdef USE_CRYPTO_AES128CTR conf->crypto_aes128ctr = fastd_crypto_aes128ctr_default; diff --git a/src/fastd.h b/src/fastd.h index 3ebb44f..8b6eb7e 100644 --- a/src/fastd.h +++ b/src/fastd.h @@ -208,6 +208,7 @@ struct fastd_config { char *secret; unsigned key_valid; unsigned key_refresh; + unsigned key_refresh_splay; #ifdef USE_CRYPTO_AES128CTR const fastd_crypto_aes128ctr_t *crypto_aes128ctr; diff --git a/src/method_aes128_gcm.c b/src/method_aes128_gcm.c index 7dfabef..867e873 100644 --- a/src/method_aes128_gcm.c +++ b/src/method_aes128_gcm.c @@ -109,7 +109,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, u session->valid_till.tv_sec += ctx->conf->key_valid; session->refresh_after = ctx->now; - session->refresh_after.tv_sec += ctx->conf->key_refresh; + session->refresh_after.tv_sec += ctx->conf->key_refresh - fastd_rand(ctx, 0, ctx->conf->key_refresh_splay); fastd_block128_t key; memcpy(key.b, secret, sizeof(fastd_block128_t)); diff --git a/src/method_xsalsa20_poly1305.c b/src/method_xsalsa20_poly1305.c index 655f61b..4cadca9 100644 --- a/src/method_xsalsa20_poly1305.c +++ b/src/method_xsalsa20_poly1305.c @@ -102,7 +102,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, u session->valid_till.tv_sec += ctx->conf->key_valid; session->refresh_after = ctx->now; - session->refresh_after.tv_sec += ctx->conf->key_refresh; + session->refresh_after.tv_sec += ctx->conf->key_refresh - fastd_rand(ctx, 0, ctx->conf->key_refresh_splay); memcpy(session->key, secret, crypto_secretbox_xsalsa20poly1305_KEYBYTES); |