commit d88f10cdf2cc0682e607de5f63ebae9370c5fe55 Author: Alexander Færøy <ahf@torproject.org> Date: Fri Mar 10 12:56:36 2017 +0100 Add API to query the current onion key grace period. This patch adds an API to get the current grace period, in days, defined as the consensus parameter "onion-key-grace-period-days". As per proposal #274 the values for "onion-key-grace-period-days" is a default value of 7 days, a minimum value of 1 day, and a maximum value defined by other consensus parameter "onion-key-rotation-days" also defined in days. See: https://bugs.torproject.org/21641 --- src/or/or.h | 8 ++++++++ src/or/router.c | 16 ++++++++++++++++ src/or/router.h | 1 + 3 files changed, 25 insertions(+) diff --git a/src/or/or.h b/src/or/or.h index 2903f5e..1c4e24e 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -156,6 +156,14 @@ /** Default lifetime for an onion key in days. */ #define DEFAULT_ONION_KEY_LIFETIME_DAYS (28) +/** Minimum grace period for acceptance of an onion key in days. + * The maximum value is defined in proposal #274 as being the current network + * consensus parameter for "onion-key-rotation-days". */ +#define MIN_ONION_KEY_GRACE_PERIOD_DAYS (1) + +/** Default grace period for acceptance of an onion key in days. */ +#define DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS (7) + /** How often do we rotate TLS contexts? */ #define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60) diff --git a/src/or/router.c b/src/or/router.c index 1fa0f10..2985753 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -708,6 +708,22 @@ get_onion_key_lifetime(void) return get_onion_key_rotation_days_()*24*60*60; } +/** Get the grace period of an onion key in seconds. This value is defined by + * the network consesus parameter "onion-key-grace-period-days", but the value + * is converted to seconds. + */ +int +get_onion_key_grace_period(void) +{ + int grace_period; + grace_period = networkstatus_get_param(NULL, + "onion-key-grace-period-days", + DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS, + MIN_ONION_KEY_GRACE_PERIOD_DAYS, + get_onion_key_rotation_days_()); + return grace_period*24*60*60; +} + /** Set up Tor's TLS contexts, based on our configuration and keys. Return 0 * on success, and -1 on failure. */ int diff --git a/src/or/router.h b/src/or/router.h index 9060bc2..55a3927 100644 --- a/src/or/router.h +++ b/src/or/router.h @@ -32,6 +32,7 @@ crypto_pk_t *init_key_from_file(const char *fname, int generate, int severity, int log_greeting); void v3_authority_check_key_expiry(void); int get_onion_key_lifetime(void); +int get_onion_key_grace_period(void); di_digest256_map_t *construct_ntor_key_map(void); void ntor_key_map_free(di_digest256_map_t *map);