cmdmon: reload NTS server keys on rekey command

When ntsrotate is set to 0, allow the keys to be reloaded with the rekey command of chronyc.
2020-04-15 11:52:49 +02:00 · 2020-04-15 11:52:49 +02:00 · 958d66f8a7
commit 958d66f8a7
parent 85fa29c43d
5 changed files with 23 additions and 1 deletions
--- a/client.c
+++ b/client.c
@ -1268,7 +1268,7 @@ give_help(void)
    "Other daemon commands:\0\0"
    "cyclelogs\0Close and re-open log files\0"
    "dump\0Dump measurements and NTS keys/cookies\0"
-    "rekey\0Re-read keys from key file\0"
+    "rekey\0Re-read keys\0"
    "reset\0Drop all measurements\0"
    "shutdown\0Stop daemon\0"
    "\0\0"
--- a/cmdmon.c
+++ b/cmdmon.c
@ -620,6 +620,7 @@ static void
 handle_rekey(CMD_Request *rx_message, CMD_Reply *tx_message)
 {
  KEY_Reload();
+  NKS_ReloadKeys();
 }

 /* ================================================== */
--- a/nts_ke_server.c
+++ b/nts_ke_server.c
@ -722,6 +722,19 @@ NKS_DumpKeys(void)

 /* ================================================== */

+void
+NKS_ReloadKeys(void)
+{
+  /* Don't load the keys if they are expected to be generated by this server
+     instance (i.e. they are already loaded) to not delay the next rotation */
+  if (key_rotation_interval > 0)
+    return;
+
+  load_keys();
+}
+
+/* ================================================== */
+
 /* A server cookie consists of key ID, nonce, and encrypted C2S+S2C keys */

 int
--- a/nts_ke_server.h
+++ b/nts_ke_server.h
@ -36,6 +36,9 @@ extern void NKS_Finalise(void);
 /* Save the current server keys */
 extern void NKS_DumpKeys(void);

+/* Reload the keys */
+extern void NKS_ReloadKeys(void);
+
 /* Generate an NTS cookie with a given context */
 extern int NKS_GenerateCookie(NKE_Context *context, NKE_Cookie *cookie);

--- a/stubs.c
+++ b/stubs.c
@ -550,4 +550,9 @@ NKS_DumpKeys(void)
 {
 }

+void
+NKS_ReloadKeys(void)
+{
+}
+
 #endif /* !FEAT_NTS */