summaryrefslogtreecommitdiff
path: root/src/irmd/main.c
diff options
context:
space:
mode:
authorDimitri Staessens <dimitri@ouroboros.rocks>2026-06-13 10:18:17 +0200
committerSander Vrijders <sander@ouroboros.rocks>2026-06-29 08:32:58 +0200
commit22e2380b09730a2f18deefd688585edb430d3299 (patch)
tree1fc03db35d93833220482f9c5f70d4c9d2d618c1 /src/irmd/main.c
parentdf14e6cc81c296d91e9124cd09f25a83defb522f (diff)
downloadouroboros-22e2380b09730a2f18deefd688585edb430d3299.tar.gz
ouroboros-22e2380b09730a2f18deefd688585edb430d3299.zip
lib: Harden symmetric-key rotation
Flow crypto signalled rotation with a single phase-parity bit, so a loss burst that hid an even number of rotations went unnoticed and wedged the flow for good. Each packet now carries a small cleartext selector naming its key directly, so a receiver that falls behind recovers on the next packet instead of getting stuck. The selector also serves as the AEAD nonce and is authenticated as associated data (AAD). Key rotation moves into a new backend-agnostic keyrot module that rotates sub-keys to bound AEAD usage while preserving forward secrecy. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/irmd/main.c')
-rw-r--r--src/irmd/main.c15
1 files changed, 15 insertions, 0 deletions
diff --git a/src/irmd/main.c b/src/irmd/main.c
index 66f341eb..484a265a 100644
--- a/src/irmd/main.c
+++ b/src/irmd/main.c
@@ -1717,6 +1717,13 @@ static irm_msg_t * do_command_msg(irm_msg_t * msg,
return ret_msg;
}
+/* Wipe the session key from a reply before its buffers are freed. */
+static void clear_msg_key(irm_msg_t * msg)
+{
+ if (msg != NULL && msg->has_sym_key)
+ crypt_secure_clear(msg->sym_key.data, msg->sym_key.len);
+}
+
static void * mainloop(void * o)
{
int sfd;
@@ -1728,6 +1735,7 @@ static void * mainloop(void * o)
while (true) {
irm_msg_t * ret_msg;
struct cmd * cmd;
+ bool had_key;
pthread_mutex_lock(&irmd.cmd_lock);
@@ -1791,6 +1799,9 @@ static void * mainloop(void * o)
irm_msg__pack(ret_msg, buffer.data);
+ had_key = ret_msg->has_sym_key;
+ clear_msg_key(ret_msg);
+
irm_msg__free_unpacked(ret_msg, NULL);
pthread_cleanup_push(__cleanup_close_ptr, &sfd);
@@ -1805,6 +1816,9 @@ static void * mainloop(void * o)
strerror(errno));
}
+ if (had_key)
+ crypt_secure_clear(buffer.data, buffer.len);
+
pthread_cleanup_pop(true);
pthread_cleanup_pop(true);
@@ -1812,6 +1826,7 @@ static void * mainloop(void * o)
continue;
fail:
+ clear_msg_key(ret_msg);
irm_msg__free_unpacked(ret_msg, NULL);
fail_msg:
close(sfd);