[freenet-dev] [freenet-cvs] r15390 - branches/freenet-jfk/src/freenet/node

Matthew Toseland toad at amphibian.dyndns.org
Sat Sep 29 20:26:53 UTC 2007 

Arguably this should occur on a separate thread.

On Saturday 29 September 2007 19:13, you wrote:
> Author: nextgens
> Date: 2007-09-29 18:13:44 +0000 (Sat, 29 Sep 2007)
> New Revision: 15390
> 
> Modified:
>    branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> Log:
> Renew DH parameters every 30mins
> 
> Modified: branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> ===================================================================
> --- branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java	2007-09-29 
17:49:29 UTC (rev 15389)
> +++ branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java	2007-09-29 
18:13:44 UTC (rev 15390)
> @@ -75,8 +75,10 @@
>  
>  	private final HashMap authenticatorCache;
>  	
> -	/** We renew it on each *successful* run of the protocol (the spec. 
says "once a while") - access is synchronized! */
> +	/** We renew it every 30mins (the spec. says "once a while") - access is 
synchronized! */
>  	private DiffieHellmanLightContext currentDHContext = null;
> +	private long currentDHContextLifetime = 0;
> +	
>  	protected static final int NONCE_SIZE = 8;
>  	/**
>  	 * How big can the authenticator get before we flush it ?
> @@ -815,7 +817,6 @@
>  		// Send reply
>  		sendMessage4Packet(1, 2, 3, nonceInitiator, 
nonceResponder,initiatorExponential, responderExponential, c, Ke, Ka, 
authenticator, pn, replyTo);
>  		
> -		//FIXME: rekey .... ?
>  		c.initialize(Ks);
>  		if(!pn.completedHandshake(bootID, data, 8, data.length-8, c, Ks, replyTo, 
true)) {
>  			Logger.error(this, "Handshake failure! with "+pn);
> @@ -2381,10 +2382,15 @@
>  		return crypto.config.alwaysAllowLocalAddresses();
>  	}
>  
> -	private synchronized DiffieHellmanLightContext 
getLightDiffieHellmanContext(PeerNode pn) {
> -		if(currentDHContext == null) {
> -			currentDHContext = DiffieHellman.generateLightContext();
> -			
currentDHContext.setSignature(signDHParams(currentDHContext.myExponential, 
pn.peerCryptoGroup));
> +	private DiffieHellmanLightContext getLightDiffieHellmanContext(PeerNode 
pn) {
> +		final long now = System.currentTimeMillis();
> +		
> +		synchronized (this) {
> +			if((currentDHContext == null) || (currentDHContextLifetime + 
1800000 /*30mins*/) < now) {
> +				currentDHContextLifetime = now;
> +				currentDHContext = DiffieHellman.generateLightContext();
> +				
currentDHContext.setSignature(signDHParams(currentDHContext.myExponential, 
pn.peerCryptoGroup));
> +			}
>  		}
>  		return currentDHContext;
>  	}
> 
> _______________________________________________
> cvs mailing list
> cvs at freenetproject.org
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070929/8ee502a8/attachment.pgp

More information about the Devl mailing list