forked from I2P_Developers/i2p.i2p
Router:
- Change default RI sig type to Ed25519, with a 10% chance od
rekeying from DSA at each restart
- Don't initialize KeyManager before selecting sig type
- Don't log KeyManager error when changing sig type
This commit is contained in:
@ -60,6 +60,11 @@ public class KeyManager {
|
||||
_leaseSetKeys = new ConcurrentHashMap<Hash, LeaseSetKeys>();
|
||||
}
|
||||
|
||||
/**
|
||||
* Read keys in from disk, blocking
|
||||
*
|
||||
* @deprecated we never read keys in anymore
|
||||
*/
|
||||
public void startup() {
|
||||
// run inline so keys are loaded immediately
|
||||
(new SynchronizeKeysJob()).runJob();
|
||||
@ -79,17 +84,29 @@ public class KeyManager {
|
||||
queueWrite();
|
||||
}
|
||||
|
||||
/** router */
|
||||
public PrivateKey getPrivateKey() { return _privateKey; }
|
||||
/**
|
||||
* Router key
|
||||
* @return will be null on error or before startup() or setKeys() is called
|
||||
*/
|
||||
public synchronized PrivateKey getPrivateKey() { return _privateKey; }
|
||||
|
||||
/** router */
|
||||
public PublicKey getPublicKey() { return _publicKey; }
|
||||
/**
|
||||
* Router key
|
||||
* @return will be null on error or before startup() or setKeys() is called
|
||||
*/
|
||||
public synchronized PublicKey getPublicKey() { return _publicKey; }
|
||||
|
||||
/** router */
|
||||
public SigningPrivateKey getSigningPrivateKey() { return _signingPrivateKey; }
|
||||
/**
|
||||
* Router key
|
||||
* @return will be null on error or before startup() or setKeys() is called
|
||||
*/
|
||||
public synchronized SigningPrivateKey getSigningPrivateKey() { return _signingPrivateKey; }
|
||||
|
||||
/** router */
|
||||
public SigningPublicKey getSigningPublicKey() { return _signingPublicKey; }
|
||||
/**
|
||||
* Router key
|
||||
* @return will be null on error or before startup() or setKeys() is called
|
||||
*/
|
||||
public synchronized SigningPublicKey getSigningPublicKey() { return _signingPublicKey; }
|
||||
|
||||
/** client */
|
||||
public void registerKeys(Destination dest, SigningPrivateKey leaseRevocationPrivateKey, PrivateKey endpointDecryptionKey) {
|
||||
@ -216,6 +233,11 @@ public class KeyManager {
|
||||
_signingPublicKey = (SigningPublicKey) readin;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param param non-null, filled-in if exists is true, or without data if exists is false
|
||||
* @param exists write to file if true, read from file if false
|
||||
* @return structure or null on read error
|
||||
*/
|
||||
private DataStructure syncKey(File keyFile, DataStructure structure, boolean exists) {
|
||||
OutputStream out = null;
|
||||
InputStream in = null;
|
||||
|
||||
@ -577,8 +577,6 @@ public class Router implements RouterClock.ClockShiftListener {
|
||||
if (!SystemVersion.isAndroid())
|
||||
I2PThread.addOOMEventListener(_oomListener);
|
||||
|
||||
_context.keyManager().startup();
|
||||
|
||||
setupHandlers();
|
||||
//if (ALLOW_DYNAMIC_KEYS) {
|
||||
// if ("true".equalsIgnoreCase(_context.getProperty(Router.PROP_HIDDEN, "false")))
|
||||
|
||||
@ -18,7 +18,7 @@ public class RouterVersion {
|
||||
/** deprecated */
|
||||
public final static String ID = "Monotone";
|
||||
public final static String VERSION = CoreVersion.VERSION;
|
||||
public final static long BUILD = 2;
|
||||
public final static long BUILD = 3;
|
||||
|
||||
/** for example "-test" */
|
||||
public final static String EXTRA = "";
|
||||
|
||||
@ -35,6 +35,7 @@ import net.i2p.router.RouterContext;
|
||||
import net.i2p.router.util.EventLog;
|
||||
import net.i2p.util.Log;
|
||||
import net.i2p.util.SecureFileOutputStream;
|
||||
import net.i2p.util.SystemVersion;
|
||||
|
||||
/**
|
||||
* Warning - misnamed. This creates a new RouterIdentity, i.e.
|
||||
@ -49,9 +50,10 @@ public class CreateRouterInfoJob extends JobImpl {
|
||||
public static final String INFO_FILENAME = "router.info";
|
||||
public static final String KEYS_FILENAME = "router.keys";
|
||||
public static final String KEYS2_FILENAME = "router.keys.dat";
|
||||
private static final String PROP_ROUTER_SIGTYPE = "router.sigType";
|
||||
/** TODO when changing, check isAvailable() and fallback to DSA_SHA1 */
|
||||
private static final SigType DEFAULT_SIGTYPE = SigType.DSA_SHA1;
|
||||
static final String PROP_ROUTER_SIGTYPE = "router.sigType";
|
||||
/** TODO make everybody Ed */
|
||||
private static final SigType DEFAULT_SIGTYPE = (SystemVersion.isARM() || SystemVersion.isAndroid()) ?
|
||||
SigType.DSA_SHA1 : SigType.EdDSA_SHA512_Ed25519;
|
||||
|
||||
CreateRouterInfoJob(RouterContext ctx, Job next) {
|
||||
super(ctx);
|
||||
@ -166,7 +168,7 @@ public class CreateRouterInfoJob extends JobImpl {
|
||||
* @since 0.9.16
|
||||
*/
|
||||
public static SigType getSigTypeConfig(RouterContext ctx) {
|
||||
SigType cstype = CreateRouterInfoJob.DEFAULT_SIGTYPE;
|
||||
SigType cstype = DEFAULT_SIGTYPE;
|
||||
String sstype = ctx.getProperty(PROP_ROUTER_SIGTYPE);
|
||||
if (sstype != null) {
|
||||
SigType ntype = SigType.parseSigType(sstype);
|
||||
|
||||
@ -110,6 +110,16 @@ class LoadRouterInfoJob extends JobImpl {
|
||||
// check if the sigtype config changed
|
||||
SigType cstype = CreateRouterInfoJob.getSigTypeConfig(getContext());
|
||||
boolean sigTypeChanged = stype != cstype;
|
||||
if (sigTypeChanged && getContext().getProperty(CreateRouterInfoJob.PROP_ROUTER_SIGTYPE) == null) {
|
||||
// Not explicitly configured, and default has changed
|
||||
// Give a 10% chance of rekeying for each restart
|
||||
// TODO reduce from 10 to ~3 (i.e. increase probability) in future release
|
||||
if (getContext().random().nextInt(10) > 0) {
|
||||
sigTypeChanged = false;
|
||||
if (_log.shouldWarn())
|
||||
_log.warn("Deferring RI rekey from " + stype + " to " + cstype);
|
||||
}
|
||||
}
|
||||
|
||||
if (sigTypeChanged || shouldRebuild(privkey)) {
|
||||
if (sigTypeChanged)
|
||||
|
||||
Reference in New Issue
Block a user