faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nts: generate cookies from second newest key

Browse source 
Generate one server key in advance to give it time to be distributed to
other servers before it is actually used.
This commit is contained in:
Miroslav Lichvar 2020-04-15 10:48:29 +02:00
parent 04f6329773
commit 0344b9a9c9
2 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
nts_ke_server.c
View file

@ -50,6 +50,7 @@
#define KEY_ID_INDEX_BITS 2 #define KEY_ID_INDEX_BITS 2
#define MAX_SERVER_KEYS (1U << KEY_ID_INDEX_BITS) #define MAX_SERVER_KEYS (1U << KEY_ID_INDEX_BITS)
#define FUTURE_KEYS 1
#define MIN_KEY_ROTATE_INTERVAL 1.0 #define MIN_KEY_ROTATE_INTERVAL 1.0
@ -471,7 +472,7 @@ save_keys(void)
goto error; goto error;
for (i = 0; i < MAX_SERVER_KEYS; i++) { for (i = 0; i < MAX_SERVER_KEYS; i++) {
index = (current_server_key + i + 1) % MAX_SERVER_KEYS; index = (current_server_key + i + 1 + FUTURE_KEYS) % MAX_SERVER_KEYS;
if (key_length > sizeof (server_keys[index].key) || if (key_length > sizeof (server_keys[index].key) ||
!UTI_BytesToHex(server_keys[index].key, key_length, buf, sizeof (buf)) || !UTI_BytesToHex(server_keys[index].key, key_length, buf, sizeof (buf)) ||
@ -543,7 +544,7 @@ load_keys(void)
DEBUG_LOG("Loaded key %"PRIX32, id); DEBUG_LOG("Loaded key %"PRIX32, id);
current_server_key = index; current_server_key = (index + MAX_SERVER_KEYS - FUTURE_KEYS) % MAX_SERVER_KEYS;
} }
fclose(f); fclose(f);
@ -561,7 +562,7 @@ static void
key_timeout(void *arg) key_timeout(void *arg)
{ {
current_server_key = (current_server_key + 1) % MAX_SERVER_KEYS; current_server_key = (current_server_key + 1) % MAX_SERVER_KEYS;
generate_key(current_server_key); generate_key((current_server_key + FUTURE_KEYS) % MAX_SERVER_KEYS);
save_keys(); save_keys();
SCH_AddTimeoutByDelay(MAX(CNF_GetNtsRotate(), MIN_KEY_ROTATE_INTERVAL), SCH_AddTimeoutByDelay(MAX(CNF_GetNtsRotate(), MIN_KEY_ROTATE_INTERVAL),

8
test/simulation/139-nts
View file

@ -29,7 +29,7 @@ server_conf="
ntsserverkey tmp/server.key ntsserverkey tmp/server.key
ntsservercert tmp/server.crt ntsservercert tmp/server.crt
ntsprocesses 0 ntsprocesses 0
ntsrotate 64 ntsrotate 66
ntsdumpdir tmp ntsdumpdir tmp
" "
client_server_options="minpoll 6 maxpoll 6 nts" client_server_options="minpoll 6 maxpoll 6 nts"
@ -44,9 +44,9 @@ check_chronyd_exit || test_fail
check_source_selection || test_fail check_source_selection || test_fail
check_sync || test_fail check_sync || test_fail
check_file_messages "20.*123\.1.* 111 111 1111" 89 93 measurements.log || test_fail check_file_messages "20.*123\.1.* 111 111 1111" 75 80 measurements.log || test_fail
check_file_messages "20.*123\.1.* 111 001 0000" 30 32 measurements.log || test_fail check_file_messages "20.*123\.1.* 111 001 0000" 37 39 measurements.log || test_fail
check_file_messages " 2 1 .* 11443 " 200 240 log.packets || test_fail check_file_messages " 2 1 .* 11443 " 260 300 log.packets || test_fail
check_file_messages "." 6 6 ntskeys || test_fail check_file_messages "." 6 6 ntskeys || test_fail
rm -f tmp/measurements.log rm -f tmp/measurements.log