From: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu, 17 May 2007 23:57:48 +0000 (+0000)
Subject: Move key regeneration handling to net_setup.c.
X-Git-Tag: release-1.1pre1~178
X-Git-Url: https://www.tinc-vpn.org/git/browse?a=commitdiff_plain;h=7e1117197ca4fc62af93fda50e28e0ff06cb736c;hp=563577a1479549fa0c20dcda45831a0fff8c7513;p=tinc

Move key regeneration handling to net_setup.c.
---

diff --git a/src/net.c b/src/net.c
index 405114fb..df5fae77 100644
--- a/src/net.c
+++ b/src/net.c
@@ -400,17 +400,6 @@ static void sigalrm_handler(int signal, short events, void *data) {
 	}
 }
 
-static void keyexpire_handler(int fd, short events, void *event) {
-	ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key"));
-
-	RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
-	if(myself->cipher)
-			EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len);
-	send_key_changed(broadcast, myself);
-
-	event_add(event, &(struct timeval){keylifetime, 0});
-}
-
 /*
   this is where it all happens...
 */
@@ -428,7 +417,6 @@ int main_loop(void)
 	struct event sigusr2_event;
 	struct event sigwinch_event;
 	struct event sigalrm_event;
-	struct event keyexpire_event;
 
 	cp();
 
@@ -448,8 +436,6 @@ int main_loop(void)
 	signal_add(&sigwinch_event, NULL);
 	signal_set(&sigalrm_event, SIGALRM, sigalrm_handler, NULL);
 	signal_add(&sigalrm_event, NULL);
-	timeout_set(&keyexpire_event, keyexpire_handler, &keyexpire_event);
-	event_add(&keyexpire_event, &(struct timeval){keylifetime, 0});
 
 	last_ping_check = now;
 	
@@ -505,7 +491,6 @@ int main_loop(void)
 	signal_del(&sigusr2_event);
 	signal_del(&sigwinch_event);
 	signal_del(&sigalrm_event);
-	event_del(&keyexpire_event);
 
 	return 0;
 }
diff --git a/src/net.h b/src/net.h
index 7d1ea7bf..28ec2eeb 100644
--- a/src/net.h
+++ b/src/net.h
@@ -124,7 +124,6 @@ extern int addressfamily;
 
 extern listen_socket_t listen_socket[MAXSOCKETS];
 extern int listen_sockets;
-extern int keyexpires;
 extern int keylifetime;
 extern bool do_prune;
 extern bool do_purge;
@@ -157,6 +156,7 @@ extern bool read_rsa_public_key(struct connection_t *);
 extern void send_mtu_probe(struct node_t *);
 extern void handle_device_data(int, short, void *);
 extern void handle_meta_connection_data(int, short, void *);
+extern void regenerate_key();
 
 #ifndef HAVE_MINGW
 #define closesocket(s) close(s)
diff --git a/src/net_packet.c b/src/net_packet.c
index 84b2707d..596b9d53 100644
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -52,7 +52,6 @@
 #endif
 
 int keylifetime = 0;
-int keyexpires = 0;
 EVP_CIPHER_CTX packet_ctx;
 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
 
@@ -248,7 +247,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
 		n->received_seqno = inpkt->seqno;
 			
 	if(n->received_seqno > MAX_SEQNO)
-		keyexpires = 0;
+		regenerate_key();
 
 	/* Decompress the packet */
 
diff --git a/src/net_setup.c b/src/net_setup.c
index 8aecfcdc..814d698f 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -208,6 +208,36 @@ bool read_rsa_private_key(void)
 	return true;
 }
 
+static struct event keyexpire_event;
+
+static void keyexpire_handler(int fd, short events, void *data) {
+	regenerate_key();
+}
+
+void regenerate_key() {
+	RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
+
+	if(timeout_initialized(&keyexpire_event)) {
+		ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key"));
+		event_del(&keyexpire_event);
+		send_key_changed(broadcast, myself);
+	} else {
+		timeout_set(&keyexpire_event, keyexpire_handler, NULL);
+	}
+
+	event_add(&keyexpire_event, &(struct timeval){keylifetime, 0});
+
+	if(myself->cipher) {
+		EVP_CIPHER_CTX_init(&packet_ctx);
+		if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) {
+			logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
+					myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL));
+			abort();
+		}
+
+	}
+}
+
 /*
   Configure node_t myself and set up the local sockets (listen only)
 */
@@ -368,23 +398,11 @@ bool setup_myself(void)
 	myself->connection->outcipher = EVP_bf_ofb();
 
 	myself->key = xmalloc(myself->keylength);
-	RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
 
 	if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
 		keylifetime = 3600;
 
-	keyexpires = now + keylifetime;
-	
-	if(myself->cipher) {
-		EVP_CIPHER_CTX_init(&packet_ctx);
-		if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) {
-			logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
-					myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL));
-			return false;
-		}
-
-	}
-
+	regenerate_key();
 	/* Check if we want to use message authentication codes... */
 
 	if(get_config_string