[SECNET PATCH v2 18/19] site: Randomise key setup retry time

[Ian Jackson]

This reduces the chance that retries (at both ends of a link, or
within a single secnet) end up synchronised.  Such synchronisation is
not supposed to matter but in practice there have been some bugs where
it does, and it is undesirable anyway.

Signed-off-by: Ian Jackson <ijackson at chiark.greenend.org.uk>
---
v2: New patch
---
 README | 5 +++--
 site.c | 8 +++++++-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/README b/README
index da1ea0b..5a4db52 100644
--- a/README
+++ b/README
@@ -395,8 +395,9 @@ site: dict argument
     packet [5; mobile: 30]
   setup-timeout (integer): time between retransmissions of key negotiation
     packets, in ms [2000; mobile: 1000]
-  wait-time (integer): after failed key setup, wait this long (in ms) before
-    allowing another attempt [20000; mobile: 10000]
+  wait-time (integer): after failed key setup, wait roughly this long
+    (in ms) before allowing another attempt [20000; mobile: 10000]
+    Actual wait time is randomly chosen between ~0.5x and ~1.5x this.
   renegotiate-time (integer): if we see traffic on the link after this time
     then renegotiate another session key immediately (in ms)
     [half key-lifetime, or key-lifetime minus 5 mins (mobile: 12 hours),
diff --git a/site.c b/site.c
index 6b09588..3f5e66c 100644
--- a/site.c
+++ b/site.c
@@ -536,7 +536,13 @@ struct msg {
 };
 
 static int32_t wait_timeout(struct site *st) {
-    return st->wait_timeout_mean;
+    int32_t t = st->wait_timeout_mean;
+    int8_t factor;
+    if (t < INT_MAX/2) {
+	st->random->generate(st->random->st,sizeof(factor),&factor);
+	t += (t / 256) * factor;
+    }
+    return t;
 }
 
 static _Bool set_new_transform(struct site *st, char *pk)
-- 
2.11.0