Check onion key consensus parameters every hour.

This patch changes the way we decide when to check for whether it's time
to rotate and/or expiry our onion keys. Due to proposal #274 we can now
have the keys rotate at different frequencies than before and we thus
do the check once an hour when our Tor daemon is running in server mode.

This should allow us to quickly notice if the network consensus
parameter have changed while we are running instead of having to wait
until the current parameters timeout value have passed.

See: See: https://bugs.torproject.org/21641
This commit is contained in:
Alexander Færøy 2017-03-17 05:27:31 +01:00 committed by Nick Mathewson
parent 853b54dea4
commit 946ccf3e4d
2 changed files with 8 additions and 7 deletions

View File

@ -1485,7 +1485,7 @@ rotate_onion_key_callback(time_t now, const or_options_t *options)
int onion_key_lifetime = get_onion_key_lifetime(); int onion_key_lifetime = get_onion_key_lifetime();
time_t rotation_time = get_onion_key_set_at()+onion_key_lifetime; time_t rotation_time = get_onion_key_set_at()+onion_key_lifetime;
if (rotation_time > now) { if (rotation_time > now) {
return safe_timer_diff(now, rotation_time); return ONION_KEY_CONSENSUS_CHECK_INTERVAL;
} }
log_info(LD_GENERAL,"Rotating onion key."); log_info(LD_GENERAL,"Rotating onion key.");
@ -1496,7 +1496,7 @@ rotate_onion_key_callback(time_t now, const or_options_t *options)
} }
if (advertised_server_mode() && !options->DisableNetwork) if (advertised_server_mode() && !options->DisableNetwork)
router_upload_dir_desc_to_dirservers(0); router_upload_dir_desc_to_dirservers(0);
return onion_key_lifetime; return ONION_KEY_CONSENSUS_CHECK_INTERVAL;
} }
return PERIODIC_EVENT_NO_UPDATE; return PERIODIC_EVENT_NO_UPDATE;
} }
@ -1512,17 +1512,14 @@ check_onion_keys_expiry_time_callback(time_t now, const or_options_t *options)
if (server_mode(options)) { if (server_mode(options)) {
int onion_key_grace_period = get_onion_key_grace_period(); int onion_key_grace_period = get_onion_key_grace_period();
time_t expiry_time = get_onion_key_set_at()+onion_key_grace_period; time_t expiry_time = get_onion_key_set_at()+onion_key_grace_period;
if (expiry_time > now) { if (expiry_time > now) {
return safe_timer_diff(now, expiry_time); return ONION_KEY_CONSENSUS_CHECK_INTERVAL;
} }
log_info(LD_GENERAL, "Expiring old onion keys."); log_info(LD_GENERAL, "Expiring old onion keys.");
expire_old_onion_keys(); expire_old_onion_keys();
cpuworkers_rotate_keyinfo(); cpuworkers_rotate_keyinfo();
return ONION_KEY_CONSENSUS_CHECK_INTERVAL;
return onion_key_grace_period;
} }
return PERIODIC_EVENT_NO_UPDATE; return PERIODIC_EVENT_NO_UPDATE;

View File

@ -164,6 +164,10 @@
/** Default grace period for acceptance of an onion key in days. */ /** Default grace period for acceptance of an onion key in days. */
#define DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS (7) #define DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS (7)
/** How often we should check the network consensus if it is time to rotate or
* expire onion keys. */
#define ONION_KEY_CONSENSUS_CHECK_INTERVAL (60*60)
/** How often do we rotate TLS contexts? */ /** How often do we rotate TLS contexts? */
#define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60) #define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)