summaryrefslogtreecommitdiff
path: root/src/irmd/reg/reg.h
diff options
context:
space:
mode:
authorDimitri Staessens <dimitri@ouroboros.rocks>2026-06-21 13:35:45 +0200
committerSander Vrijders <sander@ouroboros.rocks>2026-06-29 08:32:59 +0200
commit110d3ed8526197bd866e02199bfeae7569d73d8d (patch)
tree2f1cd02c69dd6b7e1bf4924b488505f570e5c2b1 /src/irmd/reg/reg.h
parent84e1a6c0e9f6a7aed3c367e5b6fce029db0fc453 (diff)
downloadouroboros-110d3ed8526197bd866e02199bfeae7569d73d8d.tar.gz
ouroboros-110d3ed8526197bd866e02199bfeae7569d73d8d.zip
irmd: Complete bidirectional flow re-keying
Extend re-key delivery beyond the locally-initiated watermark path: Handle peer-initiated re-key requests, allowing one request and one response per flow at a time. The client side wins if both ends try to re-key at the same time. Caches the peer certificate to support cert-less authenticated/signed re-keys. After a rekey, the initiator promotes first (timer) and starts sending under the new key. The responder observes the new key (peer_synced) and then the responder promotes. The responder will self-decide to use the new keys if it exhausted the older set in the case where it never sees the peer (unidirectional flow). Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/irmd/reg/reg.h')
-rw-r--r--src/irmd/reg/reg.h43
1 files changed, 38 insertions, 5 deletions
diff --git a/src/irmd/reg/reg.h b/src/irmd/reg/reg.h
index e0c64fed..8a313d46 100644
--- a/src/irmd/reg/reg.h
+++ b/src/irmd/reg/reg.h
@@ -109,6 +109,9 @@ int reg_get_name_for_hash(char * buf,
int reg_get_name_for_flow_id(char * buf,
int flow_id);
+void reg_set_name_for_flow_id(const char * name,
+ int flow_id);
+
/* TODO don't rely on protobuf here */
int reg_list_names(name_info_msg_t *** names);
@@ -170,10 +173,15 @@ struct rekey_info {
pid_t n_1_pid;
char name[NAME_SIZE + 1];
uint8_t epoch;
+ bool direct;
};
-void reg_flow_set_rekey(int flow_id,
- bool initiator);
+void reg_flow_set_rekey(int flow_id,
+ bool initiator,
+ buffer_t peer_crt);
+
+int reg_flow_get_peer_crt(int flow_id,
+ buffer_t * crt);
int reg_flow_get_epoch(int flow_id);
@@ -186,17 +194,42 @@ int reg_flow_snapshot_rekey_due(struct rekey_info * snap,
void reg_flow_clear_in_flight(int flow_id);
+bool reg_flow_rekey_begin(int flow_id);
+
+bool reg_flow_rekey_should_yield(int flow_id);
+
int reg_flow_store_pending(int flow_id,
const uint8_t * seed,
- uint8_t epoch);
+ uint8_t epoch,
+ bool initiator);
+
+int reg_flow_store_pending_direct(int flow_id,
+ const uint8_t * seed,
+ uint8_t epoch);
-bool reg_flow_take_pending(int flow_id,
+int reg_flow_take_pending(int flow_id,
+ uid_t uid,
+ pid_t cpid,
uint8_t * seed,
- uint8_t * epoch);
+ uint8_t * epoch,
+ bool * initiator);
+
+bool reg_flow_rekey_arr_admit(int flow_id,
+ pid_t n_1_pid,
+ bool is_req);
+
+void reg_flow_rekey_arr_done(int flow_id,
+ bool is_req);
+
+bool reg_flow_owned_by(int flow_id,
+ uid_t uid);
void reg_notify_flow(int flow_id,
int event);
+void reg_notify_flow_peers(int flow_id,
+ int event);
+
void reg_dealloc_flow(struct flow_info * info);
void reg_dealloc_flow_resp(struct flow_info * info);