From 110d3ed8526197bd866e02199bfeae7569d73d8d Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Sun, 21 Jun 2026 13:35:45 +0200 Subject: irmd: Complete bidirectional flow re-keying Extend re-key delivery beyond the locally-initiated watermark path: Handle peer-initiated re-key requests, allowing one request and one response per flow at a time. The client side wins if both ends try to re-key at the same time. Caches the peer certificate to support cert-less authenticated/signed re-keys. After a rekey, the initiator promotes first (timer) and starts sending under the new key. The responder observes the new key (peer_synced) and then the responder promotes. The responder will self-decide to use the new keys if it exhausted the older set in the case where it never sees the peer (unidirectional flow). Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders --- src/irmd/reg/flow.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src/irmd/reg/flow.h') diff --git a/src/irmd/reg/flow.h b/src/irmd/reg/flow.h index 15fc7b8f..166bed61 100644 --- a/src/irmd/reg/flow.h +++ b/src/irmd/reg/flow.h @@ -55,9 +55,14 @@ struct reg_flow { uint8_t epoch; /* last epoch installed by app */ bool initiator; /* OAP initiator (role 0) */ bool in_flight; /* a re-key is in progress */ - uint8_t pending_seed[SYMMKEYSZ]; + bool req_queued; /* a peer REQ is in the inbox */ + bool resp_queued; /* a peer RESP is in the inbox */ + uint8_t * pending_seed; /* secure heap; NULL until set */ uint8_t pending_epoch; + bool pending_initiator; /* pending seed: oap_cli side */ bool has_pending; /* new seed awaits app pull */ + uint8_t pulled; /* direct: per-app pull mask */ + buffer_t peer_crt; /* peer cert DER, cached at HS */ } rk; struct ssm_rbuff * n_rb; -- cgit v1.2.3