[tor-commits] [tor/master] Make MIN_ONION_KEY_LIFETIME a consensus parameter defined value.
nickm at torproject.org
nickm at torproject.org
Fri Mar 17 15:18:17 UTC 2017
commit 23ae5b655b9d94d62c6c9296cb8cc2b33ae345d7
Author: Alexander Færøy <ahf at torproject.org>
Date: Fri Mar 10 12:18:52 2017 +0100
Make MIN_ONION_KEY_LIFETIME a consensus parameter defined value.
This patch turns `MIN_ONION_KEY_LIFETIME` into a new function
`get_onion_key_lifetime()` which gets its value from a network consensus
parameter named "onion-key-rotation-days". This allows us to tune the
value at a later point in time with no code modifications.
We also bump the default onion key lifetime from 7 to 28 days as per
proposal #274.
See: https://bugs.torproject.org/21641
---
src/or/main.c | 11 ++++++-----
src/or/or.h | 11 +++++++++--
src/or/router.c | 29 +++++++++++++++++++++++++++--
src/or/router.h | 1 +
src/test/test_dir.c | 2 +-
5 files changed, 44 insertions(+), 10 deletions(-)
diff --git a/src/or/main.c b/src/or/main.c
index 475587e..107a484 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -1472,15 +1472,16 @@ run_scheduled_events(time_t now)
pt_configure_remaining_proxies();
}
-/* Periodic callback: Every MIN_ONION_KEY_LIFETIME seconds, rotate the onion
- * keys, shut down and restart all cpuworkers, and update our descriptor if
- * necessary.
+/* Periodic callback: rotate the onion keys after the period defined by the
+ * "onion-key-rotation-days" consensus parameter, shut down and restart all
+ * cpuworkers, and update our descriptor if necessary.
*/
static int
rotate_onion_key_callback(time_t now, const or_options_t *options)
{
if (server_mode(options)) {
- time_t rotation_time = get_onion_key_set_at()+MIN_ONION_KEY_LIFETIME;
+ int onion_key_lifetime = get_onion_key_lifetime();
+ time_t rotation_time = get_onion_key_set_at()+onion_key_lifetime;
if (rotation_time > now) {
return safe_timer_diff(now, rotation_time);
}
@@ -1493,7 +1494,7 @@ rotate_onion_key_callback(time_t now, const or_options_t *options)
}
if (advertised_server_mode() && !options->DisableNetwork)
router_upload_dir_desc_to_dirservers(0);
- return MIN_ONION_KEY_LIFETIME;
+ return onion_key_lifetime;
}
return PERIODIC_EVENT_NO_UPDATE;
}
diff --git a/src/or/or.h b/src/or/or.h
index 0e2dc24..2903f5e 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -147,8 +147,15 @@
/** Maximum size of a single extrainfo document, as above. */
#define MAX_EXTRAINFO_UPLOAD_SIZE 50000
-/** How often do we rotate onion keys? */
-#define MIN_ONION_KEY_LIFETIME (7*24*60*60)
+/** Minimum lifetime for an onion key in days. */
+#define MIN_ONION_KEY_LIFETIME_DAYS (1)
+
+/** Maximum lifetime for an onion key in days. */
+#define MAX_ONION_KEY_LIFETIME_DAYS (90)
+
+/** Default lifetime for an onion key in days. */
+#define DEFAULT_ONION_KEY_LIFETIME_DAYS (28)
+
/** How often do we rotate TLS contexts? */
#define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)
diff --git a/src/or/router.c b/src/or/router.c
index e4fa72a..1fa0f10 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -683,6 +683,31 @@ v3_authority_check_key_expiry(void)
last_warned = now;
}
+/** Get the lifetime of an onion key in days. This value is defined by the
+ * network consesus parameter "onion-key-rotation-days". Always returns a value
+ * between <b>MIN_ONION_KEY_LIFETIME_DAYS</b> and
+ * <b>MAX_ONION_KEY_LIFETIME_DAYS</b>.
+ */
+static int
+get_onion_key_rotation_days_(void)
+{
+ return networkstatus_get_param(NULL,
+ "onion-key-rotation-days",
+ DEFAULT_ONION_KEY_LIFETIME_DAYS,
+ MIN_ONION_KEY_LIFETIME_DAYS,
+ MAX_ONION_KEY_LIFETIME_DAYS);
+}
+
+/** Get the current lifetime of an onion key in seconds. This value is defined
+ * by the network consesus parameter "onion-key-rotation-days", but the value
+ * is converted to seconds.
+ */
+int
+get_onion_key_lifetime(void)
+{
+ return get_onion_key_rotation_days_()*24*60*60;
+}
+
/** Set up Tor's TLS contexts, based on our configuration and keys. Return 0
* on success, and -1 on failure. */
int
@@ -928,7 +953,7 @@ init_keys(void)
/* We have no LastRotatedOnionKey set; either we just created the key
* or it's a holdover from 0.1.2.4-alpha-dev or earlier. In either case,
* start the clock ticking now so that we will eventually rotate it even
- * if we don't stay up for a full MIN_ONION_KEY_LIFETIME. */
+ * if we don't stay up for the full lifetime of an onion key. */
state->LastRotatedOnionKey = onionkey_set_at = now;
or_state_mark_dirty(state, options->AvoidDiskWrites ?
time(NULL)+3600 : 0);
@@ -2760,7 +2785,7 @@ router_dump_router_to_string(routerinfo_t *router,
make_ntor_onion_key_crosscert(ntor_keypair,
&router->cache_info.signing_key_cert->signing_key,
router->cache_info.published_on,
- MIN_ONION_KEY_LIFETIME, &sign);
+ get_onion_key_lifetime(), &sign);
if (!cert) {
log_warn(LD_BUG,"make_ntor_onion_key_crosscert failed!");
goto err;
diff --git a/src/or/router.h b/src/or/router.h
index c30a030..9060bc2 100644
--- a/src/or/router.h
+++ b/src/or/router.h
@@ -31,6 +31,7 @@ void rotate_onion_key(void);
crypto_pk_t *init_key_from_file(const char *fname, int generate,
int severity, int log_greeting);
void v3_authority_check_key_expiry(void);
+int get_onion_key_lifetime(void);
di_digest256_map_t *construct_ntor_key_map(void);
void ntor_key_map_free(di_digest256_map_t *map);
diff --git a/src/test/test_dir.c b/src/test/test_dir.c
index 3906206..91d6af9 100644
--- a/src/test/test_dir.c
+++ b/src/test/test_dir.c
@@ -329,7 +329,7 @@ test_dir_formats(void *arg)
ntor_cc = make_ntor_onion_key_crosscert(&r2_onion_keypair,
&kp1.pubkey,
r2->cache_info.published_on,
- MIN_ONION_KEY_LIFETIME,
+ get_onion_key_lifetime(),
&ntor_cc_sign);
tt_assert(ntor_cc);
base64_encode(cert_buf, sizeof(cert_buf),
More information about the tor-commits
mailing list