Changeset b10b8581


Ignore:
Timestamp:
Aug 29, 2015 2:20:13 PM (5 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
3f91e44, f577a94
Parents:
6013765
Message:

Router:

  • Change default RI sig type to Ed25519, with a 10% chance od rekeying from DSA at each restart
  • Don't initialize KeyManager? before selecting sig type
  • Don't log KeyManager? error when changing sig type
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • history.txt

    r6013765 rb10b8581  
     12015-08-29 zzz
     2 * Router:
     3   - Change default RI sig type to Ed25519, with a 10% chance od
     4     rekeying from DSA at each restart
     5   - Don't initialize KeyManager before selecting sig type
     6   - Don't log KeyManager error when changing sig type
     7
    182015-08-25 zzz
    29 * i2psnark:
     
    815   - Fix NPE in Request constructor on error
    916   - Fix stuck before completion due to reject handling (ticket #1633)
     17   - Fix orphaned temp files due to reject handling (ticket #1635)
    1018
    11192015-08-02 zzz
  • router/java/src/net/i2p/router/KeyManager.java

    r6013765 rb10b8581  
    6161    }
    6262   
     63    /**
     64     *  Read keys in from disk, blocking
     65     *
     66     *  @deprecated we never read keys in anymore
     67     */
    6368    public void startup() {
    6469        // run inline so keys are loaded immediately
     
    8085    }
    8186
    82     /** router */
    83     public PrivateKey getPrivateKey() { return _privateKey; }
    84 
    85     /** router */
    86     public PublicKey getPublicKey() { return _publicKey; }
    87 
    88     /** router */
    89     public SigningPrivateKey getSigningPrivateKey() { return _signingPrivateKey; }
    90 
    91     /** router */
    92     public SigningPublicKey getSigningPublicKey() { return _signingPublicKey; }
     87    /**
     88     * Router key
     89     * @return will be null on error or before startup() or setKeys() is called
     90     */
     91    public synchronized PrivateKey getPrivateKey() { return _privateKey; }
     92
     93    /**
     94     * Router key
     95     * @return will be null on error or before startup() or setKeys() is called
     96     */
     97    public synchronized PublicKey getPublicKey() { return _publicKey; }
     98
     99    /**
     100     * Router key
     101     * @return will be null on error or before startup() or setKeys() is called
     102     */
     103    public synchronized SigningPrivateKey getSigningPrivateKey() { return _signingPrivateKey; }
     104
     105    /**
     106     * Router key
     107     * @return will be null on error or before startup() or setKeys() is called
     108     */
     109    public synchronized SigningPublicKey getSigningPublicKey() { return _signingPublicKey; }
    93110   
    94111    /** client */
     
    217234        }
    218235
     236        /**
     237         *  @param param non-null, filled-in if exists is true, or without data if exists is false
     238         *  @param exists write to file if true, read from file if false
     239         *  @return structure or null on read error
     240         */
    219241        private DataStructure syncKey(File keyFile, DataStructure structure, boolean exists) {
    220242            OutputStream out = null;
  • router/java/src/net/i2p/router/Router.java

    r6013765 rb10b8581  
    578578            I2PThread.addOOMEventListener(_oomListener);
    579579       
    580         _context.keyManager().startup();
    581        
    582580        setupHandlers();
    583581        //if (ALLOW_DYNAMIC_KEYS) {
  • router/java/src/net/i2p/router/RouterVersion.java

    r6013765 rb10b8581  
    1919    public final static String ID = "Monotone";
    2020    public final static String VERSION = CoreVersion.VERSION;
    21     public final static long BUILD = 2;
     21    public final static long BUILD = 3;
    2222
    2323    /** for example "-test" */
  • router/java/src/net/i2p/router/startup/CreateRouterInfoJob.java

    r6013765 rb10b8581  
    3636import net.i2p.util.Log;
    3737import net.i2p.util.SecureFileOutputStream;
     38import net.i2p.util.SystemVersion;
    3839
    3940/**
     
    5051    public static final String KEYS_FILENAME = "router.keys";
    5152    public static final String KEYS2_FILENAME = "router.keys.dat";
    52     private static final String PROP_ROUTER_SIGTYPE = "router.sigType";
    53     /** TODO when changing, check isAvailable() and fallback to DSA_SHA1 */
    54     private static final SigType DEFAULT_SIGTYPE = SigType.DSA_SHA1;
     53    static final String PROP_ROUTER_SIGTYPE = "router.sigType";
     54    /** TODO make everybody Ed */
     55    private static final SigType DEFAULT_SIGTYPE = (SystemVersion.isARM() || SystemVersion.isAndroid()) ?
     56                                                   SigType.DSA_SHA1 : SigType.EdDSA_SHA512_Ed25519;
    5557
    5658    CreateRouterInfoJob(RouterContext ctx, Job next) {
     
    167169     */
    168170    public static SigType getSigTypeConfig(RouterContext ctx) {
    169         SigType cstype = CreateRouterInfoJob.DEFAULT_SIGTYPE;
     171        SigType cstype = DEFAULT_SIGTYPE;
    170172        String sstype = ctx.getProperty(PROP_ROUTER_SIGTYPE);
    171173        if (sstype != null) {
  • router/java/src/net/i2p/router/startup/LoadRouterInfoJob.java

    r6013765 rb10b8581  
    111111                SigType cstype = CreateRouterInfoJob.getSigTypeConfig(getContext());
    112112                boolean sigTypeChanged = stype != cstype;
     113                if (sigTypeChanged && getContext().getProperty(CreateRouterInfoJob.PROP_ROUTER_SIGTYPE) == null) {
     114                    // Not explicitly configured, and default has changed
     115                    // Give a 10% chance of rekeying for each restart
     116                    // TODO reduce from 10 to ~3 (i.e. increase probability) in future release
     117                    if (getContext().random().nextInt(10) > 0) {
     118                        sigTypeChanged = false;
     119                        if (_log.shouldWarn())
     120                            _log.warn("Deferring RI rekey from " + stype + " to " + cstype);
     121                    }
     122                }
    113123
    114124                if (sigTypeChanged || shouldRebuild(privkey)) {
Note: See TracChangeset for help on using the changeset viewer.