diff options
| author | Alexander Færøy <ahf@torproject.org> | 2017-03-10 13:00:20 +0100 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-03-17 11:15:43 -0400 |
| commit | 853b54dea4c56ea2913caf58ad6d337502b18b91 (patch) | |
| tree | 4814ecab621c193bf81a2b3cb8940123d8bbf392 /src/or/router.c | |
| parent | d88f10cdf2cc0682e607de5f63ebae9370c5fe55 (diff) | |
| download | tor-853b54dea4c56ea2913caf58ad6d337502b18b91.tar.gz tor-853b54dea4c56ea2913caf58ad6d337502b18b91.zip | |
Add periodic timer for expiring old onion keys.
This patch adds a new timer that is executed when it is time to expire
our current set of old onion keys. Because of proposal #274 this can no
longer be assumed to be at the same time we rotate our onion keys since
they will be updated less frequently.
See: https://bugs.torproject.org/21641
Diffstat (limited to 'src/or/router.c')
| -rw-r--r-- | src/or/router.c | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/src/or/router.c b/src/or/router.c index 2985753226..dd869d2361 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -148,6 +148,51 @@ dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last) tor_mutex_release(key_lock); } +/** Expire our old set of onion keys. This is done by setting + * last_curve25519_onion_key and lastonionkey to all zero's and NULL + * respectively. + * + * This function does not perform any grace period checks for the old onion + * keys. + */ +void +expire_old_onion_keys(void) +{ + char *fname = NULL; + + tor_mutex_acquire(key_lock); + + /* Free lastonionkey and set it to NULL. */ + if (lastonionkey) { + crypto_pk_free(lastonionkey); + lastonionkey = NULL; + } + + /* We zero out the keypair. See the tor_mem_is_zero() check made in + * construct_ntor_key_map() below. */ + memset(&last_curve25519_onion_key, 0, sizeof(last_curve25519_onion_key)); + + tor_mutex_release(key_lock); + + fname = get_datadir_fname2("keys", "secret_onion_key.old"); + if (file_status(fname) == FN_FILE) { + if (tor_unlink(fname) != 0) { + log_warn(LD_FS, "Couldn't unlink old onion key file %s: %s", + fname, strerror(errno)); + } + } + tor_free(fname); + + fname = get_datadir_fname2("keys", "secret_onion_key_ntor.old"); + if (file_status(fname) == FN_FILE) { + if (tor_unlink(fname) != 0) { + log_warn(LD_FS, "Couldn't unlink old ntor onion key file %s: %s", + fname, strerror(errno)); + } + } + tor_free(fname); +} + /** Return the current secret onion key for the ntor handshake. Must only * be called from the main thread. */ static const curve25519_keypair_t * |