diff options
| author | Alexander Færøy <ahf@torproject.org> | 2017-03-10 13:00:20 +0100 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-03-17 11:15:43 -0400 |
| commit | 853b54dea4c56ea2913caf58ad6d337502b18b91 (patch) | |
| tree | 4814ecab621c193bf81a2b3cb8940123d8bbf392 /src/or/main.c | |
| parent | d88f10cdf2cc0682e607de5f63ebae9370c5fe55 (diff) | |
| download | tor-853b54dea4c56ea2913caf58ad6d337502b18b91.tar.gz tor-853b54dea4c56ea2913caf58ad6d337502b18b91.zip | |
Add periodic timer for expiring old onion keys.
This patch adds a new timer that is executed when it is time to expire
our current set of old onion keys. Because of proposal #274 this can no
longer be assumed to be at the same time we rotate our onion keys since
they will be updated less frequently.
See: https://bugs.torproject.org/21641
Diffstat (limited to 'src/or/main.c')
| -rw-r--r-- | src/or/main.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/src/or/main.c b/src/or/main.c index 107a4842a9..d24c674ba3 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -1161,6 +1161,7 @@ static int periodic_events_initialized = 0; #define CALLBACK(name) \ static int name ## _callback(time_t, const or_options_t *) CALLBACK(rotate_onion_key); +CALLBACK(check_onion_keys_expiry_time); CALLBACK(check_ed_keys); CALLBACK(launch_descriptor_fetches); CALLBACK(rotate_x509_certificate); @@ -1192,6 +1193,7 @@ CALLBACK(heartbeat); static periodic_event_item_t periodic_events[] = { CALLBACK(rotate_onion_key), + CALLBACK(check_onion_keys_expiry_time), CALLBACK(check_ed_keys), CALLBACK(launch_descriptor_fetches), CALLBACK(rotate_x509_certificate), @@ -1499,6 +1501,33 @@ rotate_onion_key_callback(time_t now, const or_options_t *options) return PERIODIC_EVENT_NO_UPDATE; } +/* Period callback: Check if our old onion keys are still valid after the + * period of time defined by the consensus parameter + * "onion-key-grace-period-days", otherwise expire them by setting them to + * NULL. + */ +static int +check_onion_keys_expiry_time_callback(time_t now, const or_options_t *options) +{ + if (server_mode(options)) { + int onion_key_grace_period = get_onion_key_grace_period(); + time_t expiry_time = get_onion_key_set_at()+onion_key_grace_period; + + if (expiry_time > now) { + return safe_timer_diff(now, expiry_time); + } + + log_info(LD_GENERAL, "Expiring old onion keys."); + + expire_old_onion_keys(); + cpuworkers_rotate_keyinfo(); + + return onion_key_grace_period; + } + + return PERIODIC_EVENT_NO_UPDATE; +} + /* Periodic callback: Every 30 seconds, check whether it's time to make new * Ed25519 subkeys. */ |