[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Add API to query the current onion key grace period.
commit d88f10cdf2cc0682e607de5f63ebae9370c5fe55
Author: Alexander Færøy <ahf@xxxxxxxxxxxxxx>
Date: Fri Mar 10 12:56:36 2017 +0100
Add API to query the current onion key grace period.
This patch adds an API to get the current grace period, in days, defined
as the consensus parameter "onion-key-grace-period-days".
As per proposal #274 the values for "onion-key-grace-period-days" is a
default value of 7 days, a minimum value of 1 day, and a maximum value
defined by other consensus parameter "onion-key-rotation-days" also
defined in days.
See: https://bugs.torproject.org/21641
---
src/or/or.h | 8 ++++++++
src/or/router.c | 16 ++++++++++++++++
src/or/router.h | 1 +
3 files changed, 25 insertions(+)
diff --git a/src/or/or.h b/src/or/or.h
index 2903f5e..1c4e24e 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -156,6 +156,14 @@
/** Default lifetime for an onion key in days. */
#define DEFAULT_ONION_KEY_LIFETIME_DAYS (28)
+/** Minimum grace period for acceptance of an onion key in days.
+ * The maximum value is defined in proposal #274 as being the current network
+ * consensus parameter for "onion-key-rotation-days". */
+#define MIN_ONION_KEY_GRACE_PERIOD_DAYS (1)
+
+/** Default grace period for acceptance of an onion key in days. */
+#define DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS (7)
+
/** How often do we rotate TLS contexts? */
#define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)
diff --git a/src/or/router.c b/src/or/router.c
index 1fa0f10..2985753 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -708,6 +708,22 @@ get_onion_key_lifetime(void)
return get_onion_key_rotation_days_()*24*60*60;
}
+/** Get the grace period of an onion key in seconds. This value is defined by
+ * the network consesus parameter "onion-key-grace-period-days", but the value
+ * is converted to seconds.
+ */
+int
+get_onion_key_grace_period(void)
+{
+ int grace_period;
+ grace_period = networkstatus_get_param(NULL,
+ "onion-key-grace-period-days",
+ DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS,
+ MIN_ONION_KEY_GRACE_PERIOD_DAYS,
+ get_onion_key_rotation_days_());
+ return grace_period*24*60*60;
+}
+
/** Set up Tor's TLS contexts, based on our configuration and keys. Return 0
* on success, and -1 on failure. */
int
diff --git a/src/or/router.h b/src/or/router.h
index 9060bc2..55a3927 100644
--- a/src/or/router.h
+++ b/src/or/router.h
@@ -32,6 +32,7 @@ crypto_pk_t *init_key_from_file(const char *fname, int generate,
int severity, int log_greeting);
void v3_authority_check_key_expiry(void);
int get_onion_key_lifetime(void);
+int get_onion_key_grace_period(void);
di_digest256_map_t *construct_ntor_key_map(void);
void ntor_key_map_free(di_digest256_map_t *map);
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits