From 54c6ff1c419fffcb12ae33e45208b6dbe8914c02 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Sat, 23 Feb 2013 20:16:13 +0100
Subject: Subtract splay time to key refresh interval

A random splay time of up to 5 minutes will ensure that simultaneous handshakes
with many peers are desynchronized as fast as possible.
---
 src/config.c                   | 1 +
 src/fastd.h                    | 1 +
 src/method_aes128_gcm.c        | 2 +-
 src/method_xsalsa20_poly1305.c | 2 +-
 4 files changed, 4 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/config.c b/src/config.c
index 5bfda15..c866b14 100644
--- a/src/config.c
+++ b/src/config.c
@@ -114,6 +114,7 @@ static void default_config(fastd_config_t *conf) {
 	conf->method_default = &fastd_method_null;
 	conf->key_valid = 3600;		/* 60 minutes */
 	conf->key_refresh = 3300;	/* 55 minutes */
+	conf->key_refresh_splay = 300;	/* 5 minutes */
 
 #ifdef USE_CRYPTO_AES128CTR
 	conf->crypto_aes128ctr = fastd_crypto_aes128ctr_default;
diff --git a/src/fastd.h b/src/fastd.h
index 3ebb44f..8b6eb7e 100644
--- a/src/fastd.h
+++ b/src/fastd.h
@@ -208,6 +208,7 @@ struct fastd_config {
 	char *secret;
 	unsigned key_valid;
 	unsigned key_refresh;
+	unsigned key_refresh_splay;
 
 #ifdef USE_CRYPTO_AES128CTR
 	const fastd_crypto_aes128ctr_t *crypto_aes128ctr;
diff --git a/src/method_aes128_gcm.c b/src/method_aes128_gcm.c
index 7dfabef..867e873 100644
--- a/src/method_aes128_gcm.c
+++ b/src/method_aes128_gcm.c
@@ -109,7 +109,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, u
 	session->valid_till.tv_sec += ctx->conf->key_valid;
 
 	session->refresh_after = ctx->now;
-	session->refresh_after.tv_sec += ctx->conf->key_refresh;
+	session->refresh_after.tv_sec += ctx->conf->key_refresh - fastd_rand(ctx, 0, ctx->conf->key_refresh_splay);
 
 	fastd_block128_t key;
 	memcpy(key.b, secret, sizeof(fastd_block128_t));
diff --git a/src/method_xsalsa20_poly1305.c b/src/method_xsalsa20_poly1305.c
index 655f61b..4cadca9 100644
--- a/src/method_xsalsa20_poly1305.c
+++ b/src/method_xsalsa20_poly1305.c
@@ -102,7 +102,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, u
 	session->valid_till.tv_sec += ctx->conf->key_valid;
 
 	session->refresh_after = ctx->now;
-	session->refresh_after.tv_sec += ctx->conf->key_refresh;
+	session->refresh_after.tv_sec += ctx->conf->key_refresh - fastd_rand(ctx, 0, ctx->conf->key_refresh_splay);
 
 	memcpy(session->key, secret, crypto_secretbox_xsalsa20poly1305_KEYBYTES);
 
-- 
cgit v1.2.3