diff options
| author | David Lönnhager <david.l@mullvad.net> | 2019-12-09 14:40:09 +0100 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2019-12-17 12:30:15 +0100 |
| commit | 5d3f8dbba974f2b94c4baf617a439961be72de2a (patch) | |
| tree | de226c789062780b0821271b7d2abf8d6933cc78 | |
| parent | 25e397a44c2ffdb1a604f49f0c6945621320d25c (diff) | |
| download | mullvadvpn-5d3f8dbba974f2b94c4baf617a439961be72de2a.tar.xz mullvadvpn-5d3f8dbba974f2b94c4baf617a439961be72de2a.zip | |
Add configurable key rotation interval
| -rw-r--r-- | mullvad-daemon/src/lib.rs | 1 | ||||
| -rw-r--r-- | mullvad-daemon/src/wireguard.rs | 38 | ||||
| -rw-r--r-- | mullvad-types/src/settings/mod.rs | 11 | ||||
| -rw-r--r-- | talpid-types/src/net/wireguard.rs | 2 |
4 files changed, 33 insertions, 19 deletions
diff --git a/mullvad-daemon/src/lib.rs b/mullvad-daemon/src/lib.rs index aabcbb6952..3dbd02d926 100644 --- a/mullvad-daemon/src/lib.rs +++ b/mullvad-daemon/src/lib.rs @@ -453,6 +453,7 @@ where internal_event_tx.clone(), rpc_handle.clone(), tokio_remote.clone(), + settings.get_tunnel_options().wireguard.automatic_rotation, ); // Attempt to download a fresh relay list diff --git a/mullvad-daemon/src/wireguard.rs b/mullvad-daemon/src/wireguard.rs index 3961a1d586..00dd132ad8 100644 --- a/mullvad-daemon/src/wireguard.rs +++ b/mullvad-daemon/src/wireguard.rs @@ -17,6 +17,8 @@ use tokio_retry::{ }; const TOO_MANY_KEYS_ERROR_CODE: i64 = -703; +/// Default automatic key rotation (in hours) +const DEFAULT_AUTOMATIC_KEY_ROTATION: u32 = 7 * 24; #[derive(err_derive::Error, Debug)] @@ -44,7 +46,7 @@ use talpid_core::tunnel_state_machine::TunnelCommand; pub struct KeyRotationScheduler { daemon_tx: mpsc::Sender<InternalDaemonEvent>, - delay: Option<Box<dyn Future<Item = (), Error = ()> + Send>>, + delay: Box<dyn Future<Item = (), Error = ()> + Send>, } impl Future for KeyRotationScheduler { @@ -54,12 +56,10 @@ impl Future for KeyRotationScheduler { fn poll(&mut self) -> Poll<(), Error> { log::debug!("Poll key rotation future"); - if let Some(delay) = &mut self.delay { - match delay.poll() { - Ok(Async::NotReady) => return Ok(Async::NotReady), - Err(_) => return Err(Error::Delay), - _ => (), - } + match self.delay.poll() { + Ok(Async::NotReady) => return Ok(Async::NotReady), + Err(_) => return Err(Error::Delay), + _ => (), } let (wg_tx, wg_rx) = oneshot::channel(); @@ -73,10 +73,8 @@ impl Future for KeyRotationScheduler { // TODO: replace with configurable interval let somedelay = Instant::now() + Duration::from_secs(30); - self.delay = Some(Box::new(Delay::new(somedelay).map_err(|_| ()))); + self.delay = Box::new(Delay::new(somedelay).map_err(|_| ())); return self.delay - .as_mut() - .unwrap() .poll() .map_err(|_| Error::Delay); } @@ -86,19 +84,22 @@ impl KeyRotationScheduler { pub(crate) fn new( tokio_remote: Remote, daemon_tx: mpsc::Sender<InternalDaemonEvent>, - initial_delay: Option<Duration>, + automatic_key_rotation: Option<u32>, ) -> Result<oneshot::Sender<()>> { let ( terminate_auto_rotation_tx, terminate_auto_rotation_rx ) = oneshot::channel(); - let delay: Option<Box<dyn Future<Item = (), Error = ()> + Send>> = - if let Some(delay) = initial_delay { - Some( Box::new(Delay::new(Instant::now() + delay).map_err(|_| ())) ) - } else { - None - }; + // TODO: calculate next interval. compare to 'automatic_key_rotation' + + let automatic_key_rotation = + automatic_key_rotation.unwrap_or(DEFAULT_AUTOMATIC_KEY_ROTATION); + let automatic_key_rotation = + Duration::from_secs((60 * automatic_key_rotation).into()); + + let delay: Box<dyn Future<Item = (), Error = ()> + Send> = + Box::new(Delay::new(Instant::now() + automatic_key_rotation).map_err(|_| ())); let fut = Self { daemon_tx: daemon_tx.clone(), @@ -134,6 +135,7 @@ impl KeyManager { daemon_tx: mpsc::Sender<InternalDaemonEvent>, http_handle: mullvad_rpc::HttpHandle, tokio_remote: Remote, + automatic_key_rotation: Option<u32>, ) -> Self { let remote_clone = tokio_remote.clone(); let daemon_tx_clone = daemon_tx.clone(); @@ -146,7 +148,7 @@ impl KeyManager { abort_scheduler_tx: KeyRotationScheduler::new( remote_clone, daemon_tx_clone, - Some(Duration::from_secs(30)), + automatic_key_rotation, ).ok() } } diff --git a/mullvad-types/src/settings/mod.rs b/mullvad-types/src/settings/mod.rs index 0c3aa2f6fe..e5049f2aa1 100644 --- a/mullvad-types/src/settings/mod.rs +++ b/mullvad-types/src/settings/mod.rs @@ -284,6 +284,15 @@ impl Settings { } } + pub fn set_wireguard_automatic_rotation(&mut self, automatic_rotation: Option<u32>) -> Result<bool> { + if self.tunnel_options.wireguard.automatic_rotation != automatic_rotation { + self.tunnel_options.wireguard.automatic_rotation = automatic_rotation; + self.save().map(|_| true) + } else { + Ok(false) + } + } + pub fn get_tunnel_options(&self) -> &TunnelOptions { &self.tunnel_options } @@ -334,7 +343,7 @@ impl Default for TunnelOptions { fn default() -> Self { TunnelOptions { openvpn: openvpn::TunnelOptions::default(), - wireguard: wireguard::TunnelOptions { mtu: None }, + wireguard: wireguard::TunnelOptions { mtu: None, automatic_rotation: None }, generic: GenericTunnelOptions { enable_ipv6: false }, } } diff --git a/talpid-types/src/net/wireguard.rs b/talpid-types/src/net/wireguard.rs index 68beef9aa0..805d1884ba 100644 --- a/talpid-types/src/net/wireguard.rs +++ b/talpid-types/src/net/wireguard.rs @@ -51,6 +51,8 @@ pub struct TunnelConfig { pub struct TunnelOptions { /// MTU for the wireguard tunnel pub mtu: Option<u16>, + /// Interval used for automatic key rotation, in hours + pub automatic_rotation: Option<u32>, } /// Wireguard x25519 private key |