summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsis Lovecruft <isis@torproject.org>2016-09-21 19:34:18 +0000
committerNick Mathewson <nickm@torproject.org>2016-11-03 08:40:10 -0400
commita53059c6a0398bf2a74e08c3902e8a994e5fa120 (patch)
tree0f2f6d1b9ac2e2fa8b104c3eabdaf2e15e04db6f
parent70e7d28b3edebd1e288e68ba7c7c17acd4d91b2d (diff)
downloadtor-a53059c6a0398bf2a74e08c3902e8a994e5fa120.tar.gz
tor-a53059c6a0398bf2a74e08c3902e8a994e5fa120.zip
Document two additional functions in src/or/routerkeys.c.
Adds docstrings for generate_ed_link_cert() and should_make_new_ed_keys().
-rw-r--r--src/or/routerkeys.c24
1 files changed, 23 insertions, 1 deletions
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index f0f62522ae..0aeb2f92d4 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -927,7 +927,18 @@ load_ed_keys(const or_options_t *options, time_t now)
return -1;
}
-/* DOCDOC */
+/**
+ * Retrieve our currently-in-use Ed25519 link certificate and id certificate,
+ * and, if they would expire soon (based on the time <b>now</b>, generate new
+ * certificates (without embedding the public part of the signing key inside).
+ *
+ * The signed_key from the expiring certificate will be used to sign the new
+ * key within newly generated X509 certificate.
+ *
+ * Returns -1 upon error. Otherwise, returns 0 upon success (either when the
+ * current certificate is still valid, or when a new certificate was
+ * successfully generated).
+ */
int
generate_ed_link_cert(const or_options_t *options, time_t now)
{
@@ -967,6 +978,17 @@ generate_ed_link_cert(const or_options_t *options, time_t now)
#undef SET_KEY
#undef SET_CERT
+/**
+ * Return 1 if any of the following are true:
+ *
+ * - if one of our Ed25519 signing, auth, or link certificates would expire
+ * soon w.r.t. the time <b>now</b>,
+ * - if we do not currently have a link certificate, or
+ * - if our cached Ed25519 link certificate is not same as the one we're
+ * currently using.
+ *
+ * Otherwise, returns 0.
+ */
int
should_make_new_ed_keys(const or_options_t *options, const time_t now)
{