From c2cd010a151fb2ed27e42b7087e26933965e8289 Mon Sep 17 00:00:00 2001 From: Bart Polot Date: Tue, 17 Jun 2014 12:13:34 +0000 Subject: [PATCH] Allow to send traffic with the new key when the rekey period is over. In case of a late PONG, very high latency or partial traffic censorship, this will allow the receiver to still receive the traffic if the ephemeral key did in fact get through. Additionally it doesn't stop the payload traffic after an interrupted Key eXchange, giving a mitm less information about the status of the session. --- src/cadet/gnunet-service-cadet_tunnel.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/cadet/gnunet-service-cadet_tunnel.c b/src/cadet/gnunet-service-cadet_tunnel.c index 6bceb5dff..dd73be63e 100644 --- a/src/cadet/gnunet-service-cadet_tunnel.c +++ b/src/cadet/gnunet-service-cadet_tunnel.c @@ -612,6 +612,7 @@ t_encrypt (struct CadetTunnel *t, void *dst, const void *src, LOG (GNUNET_ERROR_TYPE_DEBUG, " key exchange in progress, started %s ago\n", GNUNET_STRINGS_relative_time_to_string (age, GNUNET_YES)); + // FIXME make duration of old keys configurable if (age.rel_value_us < GNUNET_TIME_UNIT_MINUTES.rel_value_us) { LOG (GNUNET_ERROR_TYPE_DEBUG, " using old key\n"); @@ -1305,11 +1306,10 @@ rekey_tunnel (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) GNUNET_STRINGS_relative_time_to_string (duration, GNUNET_YES)); // FIXME make duration of old keys configurable - if (duration.rel_value_us > GNUNET_TIME_UNIT_MINUTES.rel_value_us) + if (duration.rel_value_us >= GNUNET_TIME_UNIT_MINUTES.rel_value_us) { memset (&t->kx_ctx->d_key_old, 0, sizeof (t->kx_ctx->d_key_old)); memset (&t->kx_ctx->e_key_old, 0, sizeof (t->kx_ctx->e_key_old)); - t->estate = CADET_TUNNEL3_KEY_PING; } } -- 2.25.1