[tor-commits] [tor/master] Add API to query the current onion key grace period.

Fri Mar 17 15:18:17 UTC 2017

commit d88f10cdf2cc0682e607de5f63ebae9370c5fe55
Author: Alexander Færøy <ahf at torproject.org>
Date:   Fri Mar 10 12:56:36 2017 +0100

    Add API to query the current onion key grace period.
    
    This patch adds an API to get the current grace period, in days, defined
    as the consensus parameter "onion-key-grace-period-days".
    
    As per proposal #274 the values for "onion-key-grace-period-days" is a
    default value of 7 days, a minimum value of 1 day, and a maximum value
    defined by other consensus parameter "onion-key-rotation-days" also
    defined in days.
    
    See: https://bugs.torproject.org/21641
---
 src/or/or.h     |  8 ++++++++
 src/or/router.c | 16 ++++++++++++++++
 src/or/router.h |  1 +
 3 files changed, 25 insertions(+)

diff --git a/src/or/or.h b/src/or/or.h
index 2903f5e..1c4e24e 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -156,6 +156,14 @@
 /** Default lifetime for an onion key in days. */
 #define DEFAULT_ONION_KEY_LIFETIME_DAYS (28)
 
+/** Minimum grace period for acceptance of an onion key in days.
+ * The maximum value is defined in proposal #274 as being the current network
+ * consensus parameter for "onion-key-rotation-days". */
+#define MIN_ONION_KEY_GRACE_PERIOD_DAYS (1)
+
+/** Default grace period for acceptance of an onion key in days. */
+#define DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS (7)
+
 /** How often do we rotate TLS contexts? */
 #define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)
 
diff --git a/src/or/router.c b/src/or/router.c
index 1fa0f10..2985753 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -708,6 +708,22 @@ get_onion_key_lifetime(void)
   return get_onion_key_rotation_days_()*24*60*60;
 }
 
+/** Get the grace period of an onion key in seconds. This value is defined by
+ * the network consesus parameter "onion-key-grace-period-days", but the value
+ * is converted to seconds.
+ */
+int
+get_onion_key_grace_period(void)
+{
+  int grace_period;
+  grace_period = networkstatus_get_param(NULL,
+                                         "onion-key-grace-period-days",
+                                         DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS,
+                                         MIN_ONION_KEY_GRACE_PERIOD_DAYS,
+                                         get_onion_key_rotation_days_());
+  return grace_period*24*60*60;
+}
+
 /** Set up Tor's TLS contexts, based on our configuration and keys. Return 0
  * on success, and -1 on failure. */
 int
diff --git a/src/or/router.h b/src/or/router.h
index 9060bc2..55a3927 100644
--- a/src/or/router.h
+++ b/src/or/router.h
@@ -32,6 +32,7 @@ crypto_pk_t *init_key_from_file(const char *fname, int generate,
                                     int severity, int log_greeting);
 void v3_authority_check_key_expiry(void);
 int get_onion_key_lifetime(void);
+int get_onion_key_grace_period(void);
 
 di_digest256_map_t *construct_ntor_key_map(void);
 void ntor_key_map_free(di_digest256_map_t *map);



