From 2d7472633ac356f1bc8f8122a1cc3b3226a95697 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 1 Apr 2012 04:00:33 +0200 Subject: Don't stop repeating handshakes until valid data using the new key is received --- src/peer.c | 7 ++++--- src/peer.h | 1 + src/protocol_ec25519_fhmqvc_xsalsa20_poly1305.c | 10 ++++++++++ src/protocol_null.c | 3 +++ 4 files changed, 18 insertions(+), 3 deletions(-) diff --git a/src/peer.c b/src/peer.c index dd73584..9e3e501 100644 --- a/src/peer.c +++ b/src/peer.c @@ -148,6 +148,10 @@ fastd_peer* fastd_peer_add_temp(fastd_context *ctx, const fastd_peer_address *ad return peer; } +void fastd_peer_clean_handshakes(fastd_context *ctx, fastd_peer *peer) { + fastd_task_delete_peer_handshakes(ctx, peer); +} + fastd_peer* fastd_peer_set_established_merge(fastd_context *ctx, fastd_peer *perm_peer, fastd_peer *temp_peer) { pr_debug(ctx, "merging peer %P into %P", temp_peer, perm_peer); @@ -168,7 +172,6 @@ fastd_peer* fastd_peer_set_established_merge(fastd_context *ctx, fastd_peer *per } fastd_task_replace_peer(ctx, temp_peer, perm_peer); - fastd_task_delete_peer_handshakes(ctx, perm_peer); fastd_peer_reset(ctx, temp_peer); @@ -178,8 +181,6 @@ fastd_peer* fastd_peer_set_established_merge(fastd_context *ctx, fastd_peer *per } void fastd_peer_set_established(fastd_context *ctx, fastd_peer *peer) { - fastd_task_delete_peer_handshakes(ctx, peer); - switch(peer->state) { case STATE_WAIT: pr_info(ctx, "Connection with %P established.", peer); diff --git a/src/peer.h b/src/peer.h index 1ffa18b..f3b9a93 100644 --- a/src/peer.h +++ b/src/peer.h @@ -75,6 +75,7 @@ fastd_peer_config* fastd_peer_config_new(fastd_context *ctx, fastd_config *conf) void fastd_peer_reset(fastd_context *ctx, fastd_peer *peer); fastd_peer* fastd_peer_add(fastd_context *ctx, fastd_peer_config *conf); fastd_peer* fastd_peer_add_temp(fastd_context *ctx, const fastd_peer_address *address); +void fastd_peer_clean_handshakes(fastd_context *ctx, fastd_peer *peer); fastd_peer* fastd_peer_set_established_merge(fastd_context *ctx, fastd_peer *perm_peer, fastd_peer *temp_peer); void fastd_peer_set_established(fastd_context *ctx, fastd_peer *peer); diff --git a/src/protocol_ec25519_fhmqvc_xsalsa20_poly1305.c b/src/protocol_ec25519_fhmqvc_xsalsa20_poly1305.c index e22ef19..8336db5 100644 --- a/src/protocol_ec25519_fhmqvc_xsalsa20_poly1305.c +++ b/src/protocol_ec25519_fhmqvc_xsalsa20_poly1305.c @@ -90,6 +90,8 @@ typedef struct _protocol_handshake { } protocol_handshake; typedef struct _protocol_session { + bool handshakes_cleaned; + struct timespec valid_till; struct timespec refresh_after; bool refreshing; @@ -369,6 +371,8 @@ static void establish(fastd_context *ctx, fastd_peer *peer, const fastd_peer_con memcpy(hashinput+4*PUBLICKEYBYTES, sigma->p, PUBLICKEYBYTES); crypto_hash_sha256(peer->protocol_state->session.key, hashinput, 5*PUBLICKEYBYTES); + peer->protocol_state->session.handshakes_cleaned = false; + peer->protocol_state->session.valid_till = ctx->now; peer->protocol_state->session.valid_till.tv_sec += ctx->conf->key_valid; @@ -674,6 +678,12 @@ static void protocol_handle_recv(fastd_context *ctx, fastd_peer *peer, fastd_buf } if (crypto_secretbox_xsalsa20poly1305_open(recv_buffer.data, buffer.data, buffer.len, nonce, session->key) == 0) { + if (!session->handshakes_cleaned) { + pr_debug(ctx, "cleaning left handshakes with %P", peer); + fastd_peer_clean_handshakes(ctx, peer); + session->handshakes_cleaned = true; + } + if (!is_session_zero(ctx, &peer->protocol_state->old_session)) { pr_debug(ctx, "invalidating old session with %P", peer); memset(&peer->protocol_state->old_session, 0, sizeof(protocol_session)); diff --git a/src/protocol_null.c b/src/protocol_null.c index 8648c88..163d164 100644 --- a/src/protocol_null.c +++ b/src/protocol_null.c @@ -100,6 +100,9 @@ static void protocol_handshake_handle(fastd_context *ctx, fastd_peer *peer, cons static void protocol_handle_recv(fastd_context *ctx, fastd_peer *peer, fastd_buffer buffer) { if (fastd_peer_is_established(peer) && buffer.len) { + /* this could be optimized a bit */ + fastd_peer_clean_handshakes(ctx, peer); + fastd_peer_seen(ctx, peer); fastd_task_put_handle_recv(ctx, peer, buffer); } -- cgit v1.2.3