diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2026-06-21 13:35:45 +0200 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2026-06-29 08:32:59 +0200 |
| commit | 110d3ed8526197bd866e02199bfeae7569d73d8d (patch) | |
| tree | 2f1cd02c69dd6b7e1bf4924b488505f570e5c2b1 /src/irmd/reg/reg.h | |
| parent | 84e1a6c0e9f6a7aed3c367e5b6fce029db0fc453 (diff) | |
| download | ouroboros-110d3ed8526197bd866e02199bfeae7569d73d8d.tar.gz ouroboros-110d3ed8526197bd866e02199bfeae7569d73d8d.zip | |
irmd: Complete bidirectional flow re-keying
Extend re-key delivery beyond the locally-initiated watermark path:
Handle peer-initiated re-key requests, allowing one request and one
response per flow at a time. The client side wins if both ends try to
re-key at the same time. Caches the peer certificate to support
cert-less authenticated/signed re-keys.
After a rekey, the initiator promotes first (timer) and starts sending
under the new key. The responder observes the new key (peer_synced)
and then the responder promotes. The responder will self-decide to use
the new keys if it exhausted the older set in the case where it never
sees the peer (unidirectional flow).
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/irmd/reg/reg.h')
| -rw-r--r-- | src/irmd/reg/reg.h | 43 |
1 files changed, 38 insertions, 5 deletions
diff --git a/src/irmd/reg/reg.h b/src/irmd/reg/reg.h index e0c64fed..8a313d46 100644 --- a/src/irmd/reg/reg.h +++ b/src/irmd/reg/reg.h @@ -109,6 +109,9 @@ int reg_get_name_for_hash(char * buf, int reg_get_name_for_flow_id(char * buf, int flow_id); +void reg_set_name_for_flow_id(const char * name, + int flow_id); + /* TODO don't rely on protobuf here */ int reg_list_names(name_info_msg_t *** names); @@ -170,10 +173,15 @@ struct rekey_info { pid_t n_1_pid; char name[NAME_SIZE + 1]; uint8_t epoch; + bool direct; }; -void reg_flow_set_rekey(int flow_id, - bool initiator); +void reg_flow_set_rekey(int flow_id, + bool initiator, + buffer_t peer_crt); + +int reg_flow_get_peer_crt(int flow_id, + buffer_t * crt); int reg_flow_get_epoch(int flow_id); @@ -186,17 +194,42 @@ int reg_flow_snapshot_rekey_due(struct rekey_info * snap, void reg_flow_clear_in_flight(int flow_id); +bool reg_flow_rekey_begin(int flow_id); + +bool reg_flow_rekey_should_yield(int flow_id); + int reg_flow_store_pending(int flow_id, const uint8_t * seed, - uint8_t epoch); + uint8_t epoch, + bool initiator); + +int reg_flow_store_pending_direct(int flow_id, + const uint8_t * seed, + uint8_t epoch); -bool reg_flow_take_pending(int flow_id, +int reg_flow_take_pending(int flow_id, + uid_t uid, + pid_t cpid, uint8_t * seed, - uint8_t * epoch); + uint8_t * epoch, + bool * initiator); + +bool reg_flow_rekey_arr_admit(int flow_id, + pid_t n_1_pid, + bool is_req); + +void reg_flow_rekey_arr_done(int flow_id, + bool is_req); + +bool reg_flow_owned_by(int flow_id, + uid_t uid); void reg_notify_flow(int flow_id, int event); +void reg_notify_flow_peers(int flow_id, + int event); + void reg_dealloc_flow(struct flow_info * info); void reg_dealloc_flow_resp(struct flow_info * info); |
