* Matthew Toseland <toad at amphibian.dyndns.org> [2007-09-29 21:26:53]:
> Arguably this should occur on a separate thread.
The signature might take some time, yes... but that code should be
triggered only once every 30 mins.
>
> On Saturday 29 September 2007 19:13, you wrote:
> > Author: nextgens
> > Date: 2007-09-29 18:13:44 +0000 (Sat, 29 Sep 2007)
> > New Revision: 15390
> >
> > Modified:
> > branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> > Log:
> > Renew DH parameters every 30mins
> >
> > Modified: branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> > ===================================================================
> > --- branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> > 2007-09-29
> 17:49:29 UTC (rev 15389)
> > +++ branches/freenet-jfk/src/freenet/node/FNPPacketMangler.java
> > 2007-09-29
> 18:13:44 UTC (rev 15390)
> > @@ -75,8 +75,10 @@
> >
> > private final HashMap authenticatorCache;
> >
> > - /** We renew it on each *successful* run of the protocol (the spec.
> says "once a while") - access is synchronized! */
> > + /** We renew it every 30mins (the spec. says "once a while") - access
> > is
> synchronized! */
> > private DiffieHellmanLightContext currentDHContext = null;
> > + private long currentDHContextLifetime = 0;
> > +
> > protected static final int NONCE_SIZE = 8;
> > /**
> > * How big can the authenticator get before we flush it ?
> > @@ -815,7 +817,6 @@
> > // Send reply
> > sendMessage4Packet(1, 2, 3, nonceInitiator,
> nonceResponder,initiatorExponential, responderExponential, c, Ke, Ka,
> authenticator, pn, replyTo);
> >
> > - //FIXME: rekey .... ?
> > c.initialize(Ks);
> > if(!pn.completedHandshake(bootID, data, 8, data.length-8, c,
> > Ks, replyTo,
> true)) {
> > Logger.error(this, "Handshake failure! with "+pn);
> > @@ -2381,10 +2382,15 @@
> > return crypto.config.alwaysAllowLocalAddresses();
> > }
> >
> > - private synchronized DiffieHellmanLightContext
> getLightDiffieHellmanContext(PeerNode pn) {
> > - if(currentDHContext == null) {
> > - currentDHContext = DiffieHellman.generateLightContext();
> > -
> currentDHContext.setSignature(signDHParams(currentDHContext.myExponential,
> pn.peerCryptoGroup));
> > + private DiffieHellmanLightContext getLightDiffieHellmanContext(PeerNode
> pn) {
> > + final long now = System.currentTimeMillis();
> > +
> > + synchronized (this) {
> > + if((currentDHContext == null) ||
> > (currentDHContextLifetime +
> 1800000 /*30mins*/) < now) {
> > + currentDHContextLifetime = now;
> > + currentDHContext =
> > DiffieHellman.generateLightContext();
> > +
> currentDHContext.setSignature(signDHParams(currentDHContext.myExponential,
> pn.peerCryptoGroup));
> > + }
> > }
> > return currentDHContext;
> > }
> >
> > _______________________________________________
> > cvs mailing list
> > cvs at freenetproject.org
> > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs
> >
> >
> _______________________________________________
> Devl mailing list
> Devl at freenetproject.org
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20070929/f7a5bab3/attachment.pgp>
