[or-cvs] flagday} actually rotate onion keys.
Nick Mathewson
nickm at seul.org
Sun Apr 18 03:20:32 UTC 2004
Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/tmp/cvs-serv27573/or
Modified Files:
Tag: tor-0_0_6incompat
config.c main.c or.h router.c
Log Message:
{flagday} actually rotate onion keys.
Index: config.c
===================================================================
RCS file: /home/or/cvsroot/src/or/config.c,v
retrieving revision 1.106
retrieving revision 1.106.2.1
diff -u -d -r1.106 -r1.106.2.1
--- config.c 5 Apr 2004 00:47:47 -0000 1.106
+++ config.c 18 Apr 2004 03:20:29 -0000 1.106.2.1
@@ -655,6 +655,10 @@
log(LOG_WARN,"DirFetchPostPeriod option must be positive.");
result = -1;
}
+ if(options->DirFetchPostPeriod > MIN_ONION_KEY_LIFETIME/2) {
+ log(LOG_WARN,"DirFetchPostPeriod is too large; clipping.");
+ options->DirFetchPostPeriod = MIN_ONION_KEY_LIFETIME/2;
+ }
if(options->KeepalivePeriod < 1) {
log(LOG_WARN,"KeepalivePeriod option must be positive.");
Index: main.c
===================================================================
RCS file: /home/or/cvsroot/src/or/main.c,v
retrieving revision 1.240.2.1
retrieving revision 1.240.2.2
diff -u -d -r1.240.2.1 -r1.240.2.2
--- main.c 17 Apr 2004 18:15:00 -0000 1.240.2.1
+++ main.c 18 Apr 2004 03:20:29 -0000 1.240.2.2
@@ -339,7 +339,22 @@
static time_t last_uploaded_services = 0;
int i;
- /* 1. Every DirFetchPostPeriod seconds, we get a new directory and upload
+
+ /* 1a. Every MIN_ONION_KEY_LIFETIME seconds, rotate the onion keys,
+ * shut down and restart all cpuworkers, and update the directory if
+ * necessary.
+ */
+ if (options.ORPort && get_onion_key_set_at()+MIN_ONION_KEY_LIFETIME < now) {
+ rotate_onion_key();
+ cpuworkers_rotate();
+ if (router_rebuild_descriptor()<0) {
+ log_fn(LOG_WARN, "Couldn't rebuild router descriptor");
+ }
+ router_rebuild_descriptor();
+ router_upload_dir_desc_to_dirservers();
+ }
+
+ /* 1b. Every DirFetchPostPeriod seconds, we get a new directory and upload
* our descriptor (if any). */
if(time_to_fetch_directory < now) {
/* it's time to fetch a new directory and/or post our descriptor */
@@ -363,6 +378,7 @@
time_to_fetch_directory = now + options.DirFetchPostPeriod;
}
+
/* 2. Every second, we examine pending circuits and prune the
* ones which have been pending for more than a few seconds.
* We do this before step 3, so it can try building more if
Index: or.h
===================================================================
RCS file: /home/or/cvsroot/src/or/or.h,v
retrieving revision 1.319.2.1
retrieving revision 1.319.2.2
diff -u -d -r1.319.2.1 -r1.319.2.2
--- or.h 17 Apr 2004 01:37:28 -0000 1.319.2.1
+++ or.h 18 Apr 2004 03:20:29 -0000 1.319.2.2
@@ -109,6 +109,8 @@
#define MAX_DNS_ENTRY_AGE (15*60)
#endif
+#define MIN_ONION_KEY_LIFETIME (120*60)
+
#define CIRC_ID_TYPE_LOWER 0
#define CIRC_ID_TYPE_HIGHER 1
@@ -963,6 +965,7 @@
void set_onion_key(crypto_pk_env_t *k);
crypto_pk_env_t *get_onion_key(void);
crypto_pk_env_t *get_previous_onion_key(void);
+time_t get_onion_key_set_at(void);
void set_identity_key(crypto_pk_env_t *k);
crypto_pk_env_t *get_identity_key(void);
int init_keys(void);
Index: router.c
===================================================================
RCS file: /home/or/cvsroot/src/or/router.c,v
retrieving revision 1.26.2.1
retrieving revision 1.26.2.2
diff -u -d -r1.26.2.1 -r1.26.2.2
--- router.c 17 Apr 2004 01:37:28 -0000 1.26.2.1
+++ router.c 18 Apr 2004 03:20:30 -0000 1.26.2.2
@@ -11,12 +11,14 @@
/************************************************************/
/* private keys */
+static time_t onionkey_set_at=0;
static crypto_pk_env_t *onionkey=NULL;
static crypto_pk_env_t *lastonionkey=NULL;
static crypto_pk_env_t *identitykey=NULL;
void set_onion_key(crypto_pk_env_t *k) {
onionkey = k;
+ onionkey_set_at = time(NULL);
}
crypto_pk_env_t *get_onion_key(void) {
@@ -28,6 +30,10 @@
return lastonionkey;
}
+time_t get_onion_key_set_at(void) {
+ return onionkey_set_at;
+}
+
void set_identity_key(crypto_pk_env_t *k) {
identitykey = k;
}
@@ -68,7 +74,7 @@
/* XXXX WINDOWS on windows, we need to protect this next bit with a lock.
*/
lastonionkey = onionkey;
- onionkey = prkey;
+ set_onion_key(prkey);
if (router_rebuild_descriptor() <0) {
goto error;
}
More information about the tor-commits
mailing list