From fe6b60909d455abdac7885ceaba1097749e7aeb1 Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Mon, 24 Feb 2020 22:30:22 +0100 Subject: lib, ipcpd: piggyback ECDHE on flow allocation The initial implementation for the ECDHE key exchange was doing the key exchange after a flow was established. The public keys are now sent allowg on the flow allocation messages, so that an encrypted tunnel can be created within 1 RTT. The flow allocation steps had to be extended to pass the opaque data ('piggybacking'). Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders --- src/ipcpd/ipcp.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'src/ipcpd/ipcp.c') diff --git a/src/ipcpd/ipcp.c b/src/ipcpd/ipcp.c index 8f9fcd7d..95d2f783 100644 --- a/src/ipcpd/ipcp.c +++ b/src/ipcpd/ipcp.c @@ -408,6 +408,8 @@ static void * mainloop(void * o) } assert(msg->hash.len == ipcp_dir_hash_len()); + assert(msg->pk.len > 0 ? msg->pk.data != NULL + : msg->pk.data == NULL); if (ipcp_get_state() != IPCP_OPERATIONAL) { log_err("IPCP in wrong state."); @@ -429,7 +431,9 @@ static void * mainloop(void * o) ret_msg.result = ipcpi.ops->ipcp_flow_alloc(fd, msg->hash.data, - qs); + qs, + msg->pk.data, + msg->pk.len); break; case IPCP_MSG_CODE__IPCP_FLOW_JOIN: ret_msg.has_result = true; @@ -488,9 +492,14 @@ static void * mainloop(void * o) } } + assert(msg->pk.len > 0 ? msg->pk.data != NULL + : msg->pk.data == NULL); + ret_msg.result = ipcpi.ops->ipcp_flow_alloc_resp(fd, - msg->response); + msg->response, + msg->pk.data, + msg->pk.len); break; case IPCP_MSG_CODE__IPCP_FLOW_DEALLOC: ret_msg.has_result = true; @@ -568,7 +577,7 @@ static int parse_args(int argc, if (!(argc == 4 || argc == 3)) return -1; - /* argument 1: pid of irmd */ + /* argument 1: pid of irm */ if (atoi(argv[1]) == 0) return -1; -- cgit v1.2.3