/* * kickoff_time_sync.c - network time synchronization * Copyright (c) 2013 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #include "config.h" #ifdef USE_POLARSSL #include <polarssl/entropy.h> #include <polarssl/ctr_drbg.h> #else #include <openssl/rand.h> #endif #include <stdlib.h> #include <time.h> #include <unistd.h> #include <event2/event.h> #include "src/conf.h" #include "src/util.h" #include "src/tlsdate.h" #ifdef USE_POLARSSL static int random_init = 0; static entropy_context entropy; static ctr_drbg_context ctr_drbg; static char *pers = "tlsdated"; #endif int add_jitter (int base, int jitter) { int n = 0; if (!jitter) return base; #ifdef USE_POLARSSL if (0 == random_init) { entropy_init(&entropy); if (0 > ctr_drbg_init(&ctr_drbg, entropy_func, &entropy, (unsigned char *) pers, strlen(pers))) { pfatal ("Failed to initialize random source"); } random_init = 1; } if (0 != ctr_drbg_random(&ctr_drbg, (unsigned char *)&n, sizeof(n))) fatal ("ctr_drbg_random() failed"); #else if (RAND_bytes ( (unsigned char *) &n, sizeof (n)) != 1) fatal ("RAND_bytes() failed"); #endif return base + (abs (n) % (2 * jitter)) - jitter; } void invalidate_time (struct state *state) { state->last_sync_type = SYNC_TYPE_RTC; state->last_time = time (NULL); /* Note(!) this does not invalidate the clock_delta implicitly. * This allows forced invalidation to not lose synchronization * data. */ } void action_invalidate_time (evutil_socket_t fd, short what, void *arg) { struct state *state = arg; verb_debug ("[event:%s] fired", __func__); /* If time is already invalid and being acquired, do nothing. */ if (state->last_sync_type == SYNC_TYPE_RTC && event_pending (state->events[E_TLSDATE], EV_TIMEOUT, NULL)) return; /* Time out our trust in network synchronization but don't persist * the change to disk or notify the system. Let a network sync * failure or success do that. */ invalidate_time (state); /* Then trigger a network sync if possible. */ action_kickoff_time_sync (-1, EV_TIMEOUT, arg); } int setup_event_timer_sync (struct state *state) { int wait_time = add_jitter (state->opts.steady_state_interval, state->opts.jitter); struct timeval interval = { wait_time, 0 }; state->events[E_STEADYSTATE] = event_new (state->base, -1, EV_TIMEOUT|EV_PERSIST, action_invalidate_time, state); if (!state->events[E_STEADYSTATE]) { error ("Failed to create interval event"); return 1; } event_priority_set (state->events[E_STEADYSTATE], PRI_ANY); return event_add (state->events[E_STEADYSTATE], &interval); } /* Begins a network synchronization attempt. If the local clocks * are synchronized, then make sure that the _current_ synchronization * source is set to the real-time clock and note that the clock_delta * is unreliable. If the clock was in sync and the last synchronization * source was the network, then this action does nothing. * * In the case of desynchronization, the clock_delta value is used as a * guard to indicate that even if the synchronization source isn't the * network, the source is still tracking the clock delta that was * established from a network source. * TODO(wad) Change the name of clock_delta to indicate that it is the local * clock delta after the last network sync. */ void action_kickoff_time_sync (evutil_socket_t fd, short what, void *arg) { struct state *state = arg; verb_debug ("[event:%s] fired", __func__); time_t delta = state->clock_delta; int jitter = 0; if (check_continuity (&delta) > 0) { info ("[event:%s] clock delta desync detected (%d != %d)", __func__, state->clock_delta, delta); /* Add jitter iff we had network synchronization once before. */ if (state->clock_delta) jitter = add_jitter (30, 30); /* TODO(wad) make configurable */ /* Forget the old delta until we have time again. */ state->clock_delta = 0; invalidate_time (state); } if (state->last_sync_type == SYNC_TYPE_NET) { verb_debug ("[event:%s] time in sync. skipping", __func__); return; } /* Keep parity with run_tlsdate: for every wake, allow it to retry again. */ if (state->tries > 0) { state->tries -= 1; /* Don't bother re-triggering tlsdate */ verb_debug ("[event:%s] called while tries are in progress", __func__); return; } /* Don't over-schedule if the first attempt hasn't fired. If a wake event * impacts the result of a proxy resolution, then the updated value can be * acquired on the next run. If the wake comes in after E_TLSDATE is * serviced, then the tries count will be decremented. */ if (event_pending (state->events[E_TLSDATE], EV_TIMEOUT, NULL)) { verb_debug ("[event:%s] called while tlsdate is pending", __func__); return; } if (!state->events[E_RESOLVER]) { trigger_event (state, E_TLSDATE, jitter); return; } /* If the resolver relies on an external response, then make sure that a * tlsdate event is waiting in the wings if the resolver is too slow. Even * if this fires, it won't stop eventual handling of the resolver since it * doesn't event_del() E_RESOLVER. */ trigger_event (state, E_TLSDATE, jitter + RESOLVER_TIMEOUT); trigger_event (state, E_RESOLVER, jitter); }