rekey timer re-work for correctness

author: Jake McGinty <me@jake.su> 2018-02-23 16:54:09 +0000
committer: Jake McGinty <me@jake.su> 2018-02-24 14:29:28 +0000
commit: f0bd41ab3f5a04ab5382f2dc91561ac95d240890 (patch)
tree: dd294d53c7c5489331433aac56e00b9d1d5c300b /src/peer.rs
parent: simplify timer calls (diff)
download: wireguard-rs-f0bd41ab3f5a04ab5382f2dc91561ac95d240890.tar.xz
wireguard-rs-f0bd41ab3f5a04ab5382f2dc91561ac95d240890.zip
1 files changed, 25 insertions, 3 deletions
diff --git a/src/peer.rs b/src/peer.rs
index f364e3c..5721081 100644
--- a/src/peer.rs
+++ b/src/peer.rs
@@ -1,6 +1,7 @@
 use anti_replay::AntiReplay;
 use byteorder::{ByteOrder, LittleEndian};
-use consts::{TRANSPORT_OVERHEAD, TRANSPORT_HEADER_SIZE, MAX_SEGMENT_SIZE, REJECT_AFTER_MESSAGES, PADDING_MULTIPLE};
+use consts::{TRANSPORT_OVERHEAD, TRANSPORT_HEADER_SIZE, MAX_SEGMENT_SIZE, REKEY_AFTER_MESSAGES,
+             REKEY_AFTER_TIME, RECV_REKEY_AFTER_TIME, REJECT_AFTER_MESSAGES, PADDING_MULTIPLE};
 use cookie;
 use failure::{Error, err_msg};
 use interface::UtunPacket;
@@ -156,8 +157,29 @@ impl Peer {
         self.last_tun_queue = Timestamp::now();
     }
 
-    pub fn needs_new_handshake(&self) -> bool {
-        self.sessions.current.is_none() && self.sessions.next.is_none()
+    pub fn needs_new_handshake(&self, sending: bool) -> bool {
+        if self.sessions.next.is_some() {
+            return false;
+        }
+        if self.sessions.current.is_none() {
+            debug!("needs new handshake: no current session");
+            return true;
+        }
+        if sending && self.last_handshake.elapsed() > *REKEY_AFTER_TIME {
+            debug!("needs new handshake: sending after REKEY_AFTER_TIME");
+            return true;
+        }
+        if !sending && self.last_handshake.elapsed() > *RECV_REKEY_AFTER_TIME {
+            debug!("needs new handshake: receiving after RECV_REKEY_AFTER_TIME");
+            return true;
+        }
+        if let Some(ref session) = self.sessions.current {
+            if session.noise.sending_nonce().unwrap() >= REKEY_AFTER_MESSAGES {
+                debug!("needs new handshake: nonce >= REKEY_AFTER_MESSAGES");
+                return true;
+            }
+        }
+        false
     }
 
     pub fn ready_for_transport(&self) -> bool {
author	Jake McGinty <me@jake.su>	2018-02-23 16:54:09 +0000
committer	Jake McGinty <me@jake.su>	2018-02-24 14:29:28 +0000
commit	f0bd41ab3f5a04ab5382f2dc91561ac95d240890 (patch)
tree	dd294d53c7c5489331433aac56e00b9d1d5c300b /src/peer.rs
parent	simplify timer calls (diff)
download	wireguard-rs-f0bd41ab3f5a04ab5382f2dc91561ac95d240890.tar.xz wireguard-rs-f0bd41ab3f5a04ab5382f2dc91561ac95d240890.zip