tor-keymgr: Provide an easy way to expire keys
We need to be able to delete any no-longer-relevant keys from the keystore. For example, we'll need to be able to clean up all KS_hs_blind_id
that belong to the time periods we're no longer interested in.
Today, the keymgr provides a simple remove
function for removing a specific instance of a key. This means that in order to remove a key, you need to know its key specifier, which in the case of KS_hs_blind_id
means knowing the time period (in the keystore, KS_hs_blind_id
keys are of the form KS_hs_blind_id_<time period>
). Since there's no way to ask the keymgr to e.g. "remove all KS_hs_blind_id
s belonging to time periods older than the current one", we can't implement the cleanup mechanism described here. Without keymgr support for listing keys, we'd need to call KeyMgr::remove
in a loop, passing in a specifier for every possible outdated TimePeriod
(remove(KS_hs_blind_id_<time period1>
, remove(KS_hs_blind_id_<time period2>
, ...). This is inefficient and error-prone, so we need the KeyMgr
to implement some sort of mechanism for listing all keys of a given type, as well as any metadata they might have (such as the time period).