diff options
Diffstat (limited to 'src/timers.go')
-rw-r--r-- | src/timers.go | 214 |
1 files changed, 95 insertions, 119 deletions
diff --git a/src/timers.go b/src/timers.go index 5848b2a..64aeca8 100644 --- a/src/timers.go +++ b/src/timers.go @@ -18,10 +18,10 @@ func (peer *Peer) KeepKeyFreshSending() { }
nonce := atomic.LoadUint64(&kp.sendNonce)
if nonce > RekeyAfterMessages {
- signalSend(peer.signal.handshakeBegin)
+ peer.signal.handshakeBegin.Send()
}
if kp.isInitiator && time.Now().Sub(kp.created) > RekeyAfterTime {
- signalSend(peer.signal.handshakeBegin)
+ peer.signal.handshakeBegin.Send()
}
}
@@ -44,7 +44,7 @@ func (peer *Peer) KeepKeyFreshReceiving() { send := nonce > RekeyAfterMessages || time.Now().Sub(kp.created) > RekeyAfterTimeReceiving
if send {
// do a last minute attempt at initiating a new handshake
- signalSend(peer.signal.handshakeBegin)
+ peer.signal.handshakeBegin.Send()
peer.timer.sendLastMinuteHandshake = true
}
}
@@ -69,34 +69,36 @@ func (peer *Peer) SendKeepAlive() bool { * Sent non-empty (authenticated) transport message
*/
func (peer *Peer) TimerDataSent() {
- timerStop(peer.timer.keepalivePassive)
- if !peer.timer.pendingNewHandshake {
- peer.timer.pendingNewHandshake = true
+ peer.timer.keepalivePassive.Stop()
+ if peer.timer.newHandshake.Pending() {
peer.timer.newHandshake.Reset(NewHandshakeTime)
}
}
/* Event:
* Received non-empty (authenticated) transport message
+ *
+ * Action:
+ * Set a timer to confirm the message using a keep-alive (if not already set)
*/
func (peer *Peer) TimerDataReceived() {
- if peer.timer.pendingKeepalivePassive {
+ if !peer.timer.keepalivePassive.Start(KeepaliveTimeout) {
peer.timer.needAnotherKeepalive = true
- return
}
- peer.timer.pendingKeepalivePassive = false
- peer.timer.keepalivePassive.Reset(KeepaliveTimeout)
}
/* Event:
* Any (authenticated) packet received
*/
func (peer *Peer) TimerAnyAuthenticatedPacketReceived() {
- timerStop(peer.timer.newHandshake)
+ peer.timer.newHandshake.Stop()
}
/* Event:
* Any authenticated packet send / received.
+ *
+ * Action:
+ * Push persistent keep-alive into the future
*/
func (peer *Peer) TimerAnyAuthenticatedPacketTraversal() {
interval := atomic.LoadUint64(&peer.persistentKeepaliveInterval)
@@ -117,7 +119,7 @@ func (peer *Peer) TimerHandshakeComplete() { &peer.stats.lastHandshakeNano,
time.Now().UnixNano(),
)
- signalSend(peer.signal.handshakeCompleted)
+ peer.signal.handshakeCompleted.Send()
peer.device.log.Info.Println("Negotiated new handshake for", peer.String())
}
@@ -129,7 +131,8 @@ func (peer *Peer) TimerHandshakeComplete() { * CreateMessageInitiation
* CreateMessageResponse
*
- * Schedules the deletion of all key material
+ * Action:
+ * Schedule the deletion of all key material
* upon failure to complete a handshake
*/
func (peer *Peer) TimerEphemeralKeyCreated() {
@@ -139,18 +142,18 @@ func (peer *Peer) TimerEphemeralKeyCreated() { func (peer *Peer) RoutineTimerHandler() {
device := peer.device
+ logInfo := device.log.Info
logDebug := device.log.Debug
logDebug.Println("Routine, timer handler, started for peer", peer.String())
for {
select {
- case <-peer.signal.stop:
- return
+ /* timers */
- // keep-alives
+ // keep-alive
- case <-peer.timer.keepalivePersistent.C:
+ case <-peer.timer.keepalivePersistent.Wait():
interval := atomic.LoadUint64(&peer.persistentKeepaliveInterval)
if interval > 0 {
@@ -158,7 +161,7 @@ func (peer *Peer) RoutineTimerHandler() { peer.SendKeepAlive()
}
- case <-peer.timer.keepalivePassive.C:
+ case <-peer.timer.keepalivePassive.Wait():
logDebug.Println("Sending keep-alive to", peer.String())
@@ -169,17 +172,9 @@ func (peer *Peer) RoutineTimerHandler() { peer.timer.needAnotherKeepalive = false
}
- // unresponsive session
+ // clear key material timer
- case <-peer.timer.newHandshake.C:
-
- logDebug.Println("Retrying handshake with", peer.String(), "due to lack of reply")
-
- signalSend(peer.signal.handshakeBegin)
-
- // clear key material
-
- case <-peer.timer.zeroAllKeys.C:
+ case <-peer.timer.zeroAllKeys.Wait():
logDebug.Println("Clearing all key material for", peer.String())
@@ -215,125 +210,106 @@ func (peer *Peer) RoutineTimerHandler() { setZero(hs.chainKey[:])
setZero(hs.hash[:])
hs.mutex.Unlock()
- }
- }
-}
-/* This is the state machine for handshake initiation
- *
- * Associated with this routine is the signal "handshakeBegin"
- * The routine will read from the "handshakeBegin" channel
- * at most every RekeyTimeout seconds
- */
-func (peer *Peer) RoutineHandshakeInitiator() {
- device := peer.device
+ // handshake timers
- logInfo := device.log.Info
- logError := device.log.Error
- logDebug := device.log.Debug
- logDebug.Println("Routine, handshake initiator, started for", peer.String())
+ case <-peer.timer.newHandshake.Wait():
+ logInfo.Println("Retrying handshake with", peer.String())
+ peer.signal.handshakeBegin.Send()
- var temp [256]byte
+ case <-peer.timer.handshakeTimeout.Wait():
- for {
+ // clear source (in case this is causing problems)
- // wait for signal
+ peer.mutex.Lock()
+ if peer.endpoint != nil {
+ peer.endpoint.ClearSrc()
+ }
+ peer.mutex.Unlock()
- select {
- case <-peer.signal.handshakeBegin:
- case <-peer.signal.stop:
- return
- }
+ // send new handshake
- // set deadline
+ err := peer.sendNewHandshake()
+ if err != nil {
+ logInfo.Println(
+ "Failed to send handshake to peer:", peer.String())
+ }
- BeginHandshakes:
+ case <-peer.timer.handshakeDeadline.Wait():
- signalClear(peer.signal.handshakeReset)
- deadline := time.NewTimer(RekeyAttemptTime)
+ // clear all queued packets and stop keep-alive
- AttemptHandshakes:
+ logInfo.Println(
+ "Handshake negotiation timed out for:", peer.String())
- for attempts := uint(1); ; attempts++ {
+ peer.signal.flushNonceQueue.Send()
+ peer.timer.keepalivePersistent.Stop()
+ peer.signal.handshakeBegin.Enable()
- // check if deadline reached
+ /* signals */
- select {
- case <-deadline.C:
- logInfo.Println("Handshake negotiation timed out for:", peer.String())
- signalSend(peer.signal.flushNonceQueue)
- timerStop(peer.timer.keepalivePersistent)
- break
- case <-peer.signal.stop:
- return
- default:
- }
+ case <-peer.signal.stop.Wait():
+ return
- signalClear(peer.signal.handshakeCompleted)
+ case <-peer.signal.handshakeBegin.Wait():
- // create initiation message
+ peer.signal.handshakeBegin.Disable()
- msg, err := peer.device.CreateMessageInitiation(peer)
+ err := peer.sendNewHandshake()
if err != nil {
- logError.Println("Failed to create handshake initiation message:", err)
- break AttemptHandshakes
+ logInfo.Println(
+ "Failed to send handshake to peer:", peer.String())
}
- // marshal handshake message
-
- writer := bytes.NewBuffer(temp[:0])
- binary.Write(writer, binary.LittleEndian, msg)
- packet := writer.Bytes()
- peer.mac.AddMacs(packet)
-
- // send to endpoint
-
- err = peer.SendBuffer(packet)
- jitter := time.Millisecond * time.Duration(rand.Uint32()%334)
- timeout := time.NewTimer(RekeyTimeout + jitter)
- if err == nil {
- peer.TimerAnyAuthenticatedPacketTraversal()
- logDebug.Println(
- "Handshake initiation attempt",
- attempts, "sent to", peer.String(),
- )
- } else {
- logError.Println(
- "Failed to send handshake initiation message to",
- peer.String(), ":", err,
- )
- }
+ peer.timer.handshakeDeadline.Reset(RekeyAttemptTime)
- // wait for handshake or timeout
+ case <-peer.signal.handshakeCompleted.Wait():
- select {
+ logInfo.Println(
+ "Handshake completed for:", peer.String())
- case <-peer.signal.stop:
- return
+ peer.timer.handshakeTimeout.Stop()
+ peer.timer.handshakeDeadline.Stop()
+ peer.signal.handshakeBegin.Enable()
+ }
+ }
+}
- case <-peer.signal.handshakeCompleted:
- <-timeout.C
- peer.timer.sendLastMinuteHandshake = false
- break AttemptHandshakes
+/* Sends a new handshake initiation message to the peer (endpoint)
+ */
+func (peer *Peer) sendNewHandshake() error {
- case <-peer.signal.handshakeReset:
- <-timeout.C
- goto BeginHandshakes
+ // temporarily disable the handshake complete signal
- case <-timeout.C:
+ peer.signal.handshakeCompleted.Disable()
- // clear source address of peer
+ // create initiation message
- peer.mutex.Lock()
- if peer.endpoint != nil {
- peer.endpoint.ClearSrc()
- }
- peer.mutex.Unlock()
- }
- }
+ msg, err := peer.device.CreateMessageInitiation(peer)
+ if err != nil {
+ return err
+ }
+
+ // marshal handshake message
- // clear signal set in the meantime
+ var buff [MessageInitiationSize]byte
+ writer := bytes.NewBuffer(buff[:0])
+ binary.Write(writer, binary.LittleEndian, msg)
+ packet := writer.Bytes()
+ peer.mac.AddMacs(packet)
- signalClear(peer.signal.handshakeBegin)
+ // send to endpoint
+
+ err = peer.SendBuffer(packet)
+ if err == nil {
+ peer.TimerAnyAuthenticatedPacketTraversal()
+ peer.signal.handshakeCompleted.Enable()
}
+
+ // set timeout
+
+ jitter := time.Millisecond * time.Duration(rand.Uint32()%334)
+ peer.timer.handshakeTimeout.Reset(RekeyTimeout + jitter)
+
+ return err
}
|