Add API to query the current onion key grace period.

This patch adds an API to get the current grace period, in days, defined as the consensus parameter "onion-key-grace-period-days". As per proposal #274 the values for "onion-key-grace-period-days" is a default value of 7 days, a minimum value of 1 day, and a maximum value defined by other consensus parameter "onion-key-rotation-days" also defined in days. See: https://bugs.torproject.org/21641
2024-11-10 21:23:58 +01:00 · 2017-03-10 12:56:36 +01:00 · 2017-03-10 12:56:36 +01:00 · d88f10cdf2
commit d88f10cdf2
parent 23ae5b655b
3 changed files with 25 additions and 0 deletions
--- a/src/or/or.h
+++ b/src/or/or.h
@ -156,6 +156,14 @@
 /** Default lifetime for an onion key in days. */
 #define DEFAULT_ONION_KEY_LIFETIME_DAYS (28)

+/** Minimum grace period for acceptance of an onion key in days.
+ * The maximum value is defined in proposal #274 as being the current network
+ * consensus parameter for "onion-key-rotation-days". */
+#define MIN_ONION_KEY_GRACE_PERIOD_DAYS (1)
+
+/** Default grace period for acceptance of an onion key in days. */
+#define DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS (7)
+
 /** How often do we rotate TLS contexts? */
 #define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)

--- a/src/or/router.c
+++ b/src/or/router.c
@ -708,6 +708,22 @@ get_onion_key_lifetime(void)
  return get_onion_key_rotation_days_()*24*60*60;
 }

+/** Get the grace period of an onion key in seconds. This value is defined by
+ * the network consesus parameter "onion-key-grace-period-days", but the value
+ * is converted to seconds.
+ */
+int
+get_onion_key_grace_period(void)
+{
+  int grace_period;
+  grace_period = networkstatus_get_param(NULL,
+                                         "onion-key-grace-period-days",
+                                         DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS,
+                                         MIN_ONION_KEY_GRACE_PERIOD_DAYS,
+                                         get_onion_key_rotation_days_());
+  return grace_period*24*60*60;
+}
+
 /** Set up Tor's TLS contexts, based on our configuration and keys. Return 0
 * on success, and -1 on failure. */
 int
--- a/src/or/router.h
+++ b/src/or/router.h
@ -32,6 +32,7 @@ crypto_pk_t *init_key_from_file(const char *fname, int generate,
                                    int severity, int log_greeting);
 void v3_authority_check_key_expiry(void);
 int get_onion_key_lifetime(void);
+int get_onion_key_grace_period(void);

 di_digest256_map_t *construct_ntor_key_map(void);
 void ntor_key_map_free(di_digest256_map_t *map);