server/keyset.c, server/keymgmt.c: Variable data limits.

The old static data volume limit isn't acceptable when trying to keep up
with LANs (e.g., wireless LANs) or other fast networks.  This change
configures a variable volume limit based on the width of the underlying
block cipher.  (That means it doesn't do anything sensible with stream
ciphers, but as currently implemented in Catacomb they're a bad idea
anyway.)

diff --git a/server/keymgmt.c b/server/keymgmt.c
index 601f42ed3db2ce1a8e861e1c39f90e7ad9fd22b7..ce0d4561d7384cab066caf758121bd86cf188ede 100644 (file)
--- a/server/keymgmt.c
+++ b/server/keymgmt.c
@@ -247,7 +247,8 @@ static const char *algs_check(algswitch *a, const group *g)
   /* --- Derive the key sizes --- *
    *
    * Must ensure that we have non-empty keys.  This isn't ideal, but it
-   * provides a handy sanity check.
+   * provides a handy sanity check.  Also must be based on a 64- or 128-bit
+   * block cipher or we can't do the data expiry properly.
    */
 
   a->hashsz = a->h->hashsz;
@@ -256,6 +257,11 @@ static const char *algs_check(algswitch *a, const group *g)
   if ((a->mksz = keysz(a->hashsz, a->m->keysz)) == 0)
     return ("no key size found for MAC");
 
+  /* --- Derive the data limit --- */
+
+  if (a->c->blksz < 16) a->expsz = MEG(64);
+  else a->expsz = MEG(2048);
+
   /* --- Ensure that the tag size is sane --- */
 
   if (a->tagsz > a->m->hashsz) return ("tag length too large");

diff --git a/server/keyset.c b/server/keyset.c
index 9dd17facc3af65fa364905f595a71f26cd6cb944..99fad2f52aa35803a592d20fd3a743b9e9d7f2a1 100644 (file)
--- a/server/keyset.c
+++ b/server/keyset.c
@@ -30,18 +30,8 @@
 
 /*----- Tunable parameters ------------------------------------------------*/
 
-/* --- Note on size limits --- *
- *
- * For a 64-bit block cipher (e.g., Blowfish), the probability of a collision
- * occurring after 32 MB is less than %$2^{-21}$%, and the probability of a
- * collision occurring after 64 MB is less than %$2^{-19}$%.  These could be
- * adjusted dependent on the encryption scheme, but it's too much pain.
- */
-
 #define T_EXP MIN(60)                  /* Expiry time for a key */
 #define T_REGEN MIN(45)                        /* Regeneration time for a key */
-#define SZ_EXP MEG(64)                 /* Expiry data size for a key */
-#define SZ_REGEN MEG(32)               /* Data size threshold for regen */
 
 /*----- Handy macros ------------------------------------------------------*/
 
@@ -153,7 +143,7 @@ static int doencrypt(keyset *ks, unsigned ty, buf *b, buf *bb)
     nsz = osz - sz;
   else
     nsz = 0;
-  if (osz >= SZ_REGEN && nsz < SZ_REGEN) {
+  if (osz >= ks->sz_regen && ks->sz_regen > nsz) {
     T( trace(T_KEYSET, "keyset: keyset %u data regen limit exceeded -- "
             "forcing exchange", ks->seq); )
     rc = KSERR_REGEN;
@@ -357,7 +347,8 @@ keyset *ks_gen(const void *k, size_t x, size_t y, size_t z, peer *p)
   T( ks->seq = seq++; )
   ks->ref = 1;
   ks->t_exp = now + T_EXP;
-  ks->sz_exp = SZ_EXP;
+  ks->sz_exp = algs.expsz;
+  ks->sz_regen = algs.expsz/2;
   ks->oseq = 0;
   seq_reset(&ks->iseq);
   ks->next = 0;

diff --git a/server/tripe.h b/server/tripe.h
index 47c8cf0f4bf1ff13d5fe5f21c6d9a1b2e8bdb0f3..71c6023e20d4c67c65fc3be4adf01143e223041b 100644 (file)
--- a/server/tripe.h
+++ b/server/tripe.h
@@ -144,6 +144,7 @@ typedef struct algswitch {
   const gcmac *m;                      /* Message authentication code */
   size_t hashsz;                       /* Hash output size */
   size_t tagsz;                                /* Length to truncate MAC tags */
+  size_t expsz;                                /* Size of data to process */
   size_t cksz, mksz;                   /* Key lengths for @c@ and @m@ */
 } algswitch;
 
@@ -204,7 +205,7 @@ typedef struct keyset {
   unsigned ref;                                /* Reference count for keyset */
   struct peer *p;                      /* Pointer to peer structure */
   time_t t_exp;                                /* Expiry time for this keyset */
-  unsigned long sz_exp;                        /* Data limit for the keyset */
+  unsigned long sz_exp, sz_regen;      /* Data limits for the keyset */
   T( unsigned seq; )                   /* Sequence number for tracing */
   unsigned f;                          /* Various useful flags */
   gcipher *cin, *cout;                 /* Keyset ciphers for encryption */