X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/e04c2d50fd96f3f31bc96851c55c6efecc10469c..9cda68ab3974b1f2c08a5896929890bf4a973e9a:/server/keyexch.c?ds=sidebyside diff --git a/server/keyexch.c b/server/keyexch.c index 396ecaed..b1f23d73 100644 --- a/server/keyexch.c +++ b/server/keyexch.c @@ -1,7 +1,5 @@ /* -*-c-*- * - * $Id$ - * * Key exchange protocol * * (c) 2001 Straylight/Edgeware @@ -77,22 +75,25 @@ * Switch received. Committed; send data; move to @KXS_SWITCH@. */ -/*----- Tunable parameters ------------------------------------------------*/ - -#define T_VALID MIN(2) /* Challenge validity period */ -#define T_RETRY SEC(10) /* Challenge retransmit interval */ - -#define VALIDP(kx, now) ((now) < (kx)->t_valid) - /*----- Static tables -----------------------------------------------------*/ static const char *const pkname[] = { - "pre-challenge", "cookie", "challenge", - "reply", "switch-rq", "switch-ok" + "pre-challenge", "challenge", "reply", "switch-rq", "switch-ok" }; /*----- Various utilities -------------------------------------------------*/ +/* --- @VALIDP@ --- * + * + * Arguments: @const keyexch *kx@ = key exchange state + * @time_t now@ = current time in seconds + * + * Returns: Whether the challenge in the key-exchange state is still + * valid or should be regenerated. + */ + +#define VALIDP(kx, now) ((now) < (kx)->t_valid) + /* --- @hashge@ --- * * * Arguments: @ghash *h@ = pointer to hash context @@ -264,24 +265,102 @@ static void timer(struct timeval *tv, void *v) /* --- @settimer@ --- * * * Arguments: @keyexch *kx@ = pointer to key exchange context - * @time_t t@ = when to set the timer for + * @struct timeval *tv@ = when to set the timer for * * Returns: --- * * Use: Sets the timer for the next key exchange attempt. */ -static void settimer(keyexch *kx, time_t t) +static void settimer(keyexch *kx, struct timeval *tv) { - struct timeval tv; - if (kx->f & KXF_TIMER) - sel_rmtimer(&kx->t); - tv.tv_sec = t; - tv.tv_usec = 0; - sel_addtimer(&sel, &kx->t, &tv, timer, kx); + if (kx->f & KXF_TIMER) sel_rmtimer(&kx->t); + sel_addtimer(&sel, &kx->t, tv, timer, kx); kx->f |= KXF_TIMER; } +/* --- @f2tv@ --- * + * + * Arguments: @struct timeval *tv@ = where to write the timeval + * @double t@ = a time as a floating point number + * + * Returns: --- + * + * Use: Converts a floating-point time into a timeval. + */ + +static void f2tv(struct timeval *tv, double t) +{ + tv->tv_sec = t; + tv->tv_usec = (t - tv->tv_sec)*MILLION; +} + +/* --- @wobble@ --- * + * + * Arguments: @double t@ = a time interval + * + * Returns: The same time interval, with a random error applied. + */ + +static double wobble(double t) +{ + uint32 r = rand_global.ops->word(&rand_global); + double w = (r/F_2P32) - 0.5; + return (t + t*w*T_WOBBLE); +} + +/* --- @rs_time@ --- * + * + * Arguments: @retry *rs@ = current retry state + * @struct timeval *tv@ = where to write the result + * @const struct timeval *now@ = current time, or null + * + * Returns: --- + * + * Use: Computes a time at which to retry sending a key-exchange + * packet. This algorithm is subject to change, but it's + * currently a capped exponential backoff, slightly randomized + * to try to keep clients from hammering a server that's only + * just woken up. + * + * If @now@ is null then the function works out the time for + * itself. + */ + +static void rs_time(retry *rs, struct timeval *tv, const struct timeval *now) +{ + double t; + struct timeval rtv; + + if (!rs->t) + t = SEC(2); + else { + t = (rs->t * 5)/4; + if (t > MIN(5)) t = MIN(5); + } + rs->t = t; + + if (!now) { + now = tv; + gettimeofday(tv, 0); + } + f2tv(&rtv, wobble(t)); + TV_ADD(tv, now, &rtv); +} + +/* --- @retry_reset@ --- * + * + * Arguments: @retry *rs@ = retry state + * + * Returns: -- + * + * Use: Resets a retry state to indicate that progress has been + * made. Also useful for initializing the state in the first + * place. + */ + +static void rs_reset(retry *rs) { rs->t = 0; } + /*----- Challenge management ----------------------------------------------*/ /* --- Notes on challenge management --- * @@ -366,6 +445,7 @@ static kxchal *kxc_new(keyexch *kx) kxc->kx = kx; kxc->f = 0; kx->r[i] = kxc; + rs_reset(&kxc->rs); return (kxc); } @@ -460,7 +540,7 @@ static void kxc_answer(keyexch *kx, kxchal *kxc) if (kxc->f & KXF_TIMER) sel_rmtimer(&kxc->t); gettimeofday(&tv, 0); - tv.tv_sec += T_RETRY; + rs_time(&kxc->rs, &tv, &tv); sel_addtimer(&sel, &kxc->t, &tv, kxc_timer, kxc); kxc->f |= KXF_TIMER; } @@ -606,7 +686,7 @@ static kxchal *respond(keyexch *kx, unsigned msg, buf *b) h = GH_INIT(algs.h); HASH_STRING(h, "tripe-check-hash"); GH_HASH(h, ck, indexsz); - GH_DONE(h, kxc->hc); + GH_DONE(h, kxc->ck); GH_DESTROY(h); h = GH_INIT(algs.h); @@ -727,6 +807,7 @@ static void resend(keyexch *kx) kxchal *kxc; buf bb; stats *st = p_stats(kx->p); + struct timeval tv; buf *b; switch (kx->s) { @@ -769,8 +850,10 @@ static void resend(keyexch *kx) p_txend(kx->p); } - if (kx->s < KXS_SWITCH) - settimer(kx, time(0) + T_RETRY); + if (kx->s < KXS_SWITCH) { + rs_time(&kx->rs, &tv, 0); + settimer(kx, &tv); + } } /* --- @decryptrest@ --- * @@ -795,6 +878,7 @@ static int decryptrest(keyexch *kx, kxchal *kxc, unsigned msg, buf *b) a_warn("KX", "?PEER", kx->p, "decrypt-failed", "%s", pkname[msg], A_END); return (-1); } + if (!BOK(&bb)) return (-1); buf_init(b, BBASE(&bb), BLEN(&bb)); return (0); } @@ -910,8 +994,13 @@ bad: static void kxfinish(keyexch *kx) { kxchal *kxc = kx->r[0]; + struct timeval now, tv; + ks_activate(kxc->ks); - settimer(kx, ks_tregen(kxc->ks)); + gettimeofday(&now, 0); + f2tv(&tv, wobble(T_REGEN)); + TV_ADD(&tv, &now, &tv); + settimer(kx, &tv); kx->s = KXS_SWITCH; a_notify("KXDONE", "?PEER", kx->p, A_END); p_stats(kx->p)->t_kx = time(0); @@ -1067,7 +1156,7 @@ static void start(keyexch *kx, time_t now) assert(kx->f & KXF_DEAD); - kx->f &= ~KXF_DEAD; + kx->f &= ~(KXF_DEAD | KXF_CORK); kx->nr = 0; kx->alpha = mprand_range(MP_NEW, gg->r, &rand_global, 0); kx->c = G_CREATE(gg); G_EXP(gg, kx->c, gg->g, kx->alpha); @@ -1158,19 +1247,27 @@ void kx_start(keyexch *kx, int forcep) void kx_message(keyexch *kx, unsigned msg, buf *b) { - time_t now = time(0); + struct timeval now, tv; stats *st = p_stats(kx->p); size_t sz = BSZ(b); int rc; + gettimeofday(&now, 0); + rs_reset(&kx->rs); + if (kx->f & KXF_CORK) { + start(kx, now.tv_sec); + rs_time(&kx->rs, &tv, &now); + settimer(kx, &tv); + a_notify("KXSTART", A_END); + } + if (checkpub(kx)) return; - if (!VALIDP(kx, now)) { + if (!VALIDP(kx, now.tv_sec)) { stop(kx); - start(kx, now); + start(kx, now.tv_sec); } - T( trace(T_KEYEXCH, "keyexch: processing %s packet from `%s'", msg < KX_NMSG ? pkname[msg] : "unknown", p_name(kx->p)); ) @@ -1233,7 +1330,7 @@ void kx_free(keyexch *kx) void kx_newkeys(keyexch *kx) { - if (km_getpubkey(p_name(kx->p), kx->kpub, &kx->texp_kpub)) + if (km_getpubkey(p_tag(kx->p), kx->kpub, &kx->texp_kpub)) return; kx->f |= KXF_PUBKEY; if ((kx->f & KXF_DEAD) || kx->s != KXS_SWITCH) { @@ -1250,6 +1347,7 @@ void kx_newkeys(keyexch *kx) * Arguments: @keyexch *kx@ = pointer to key exchange context * @peer *p@ = pointer to peer context * @keyset **ks@ = pointer to keyset list + * @unsigned f@ = various useful flags * * Returns: Zero if OK, nonzero if it failed. * @@ -1258,19 +1356,22 @@ void kx_newkeys(keyexch *kx) * exchange. */ -int kx_init(keyexch *kx, peer *p, keyset **ks) +int kx_init(keyexch *kx, peer *p, keyset **ks, unsigned f) { kx->ks = ks; kx->p = p; kx->kpub = G_CREATE(gg); - if (km_getpubkey(p_name(p), kx->kpub, &kx->texp_kpub)) { + if (km_getpubkey(p_tag(p), kx->kpub, &kx->texp_kpub)) { G_DESTROY(gg, kx->kpub); return (-1); } - kx->f = KXF_DEAD | KXF_PUBKEY; - start(kx, time(0)); - resend(kx); - /* Don't notify here: the ADD message hasn't gone out yet. */ + kx->f = KXF_DEAD | KXF_PUBKEY | f; + rs_reset(&kx->rs); + if (!(kx->f & KXF_CORK)) { + start(kx, time(0)); + resend(kx); + /* Don't notify here: the ADD message hasn't gone out yet. */ + } return (0); }