diff options
| -rw-r--r-- | src/or/or.h | 8 | ||||
| -rw-r--r-- | src/or/router.c | 16 | ||||
| -rw-r--r-- | src/or/router.h | 1 |
3 files changed, 25 insertions, 0 deletions
diff --git a/src/or/or.h b/src/or/or.h index 2903f5e283..1c4e24ea4a 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -156,6 +156,14 @@ /** Default lifetime for an onion key in days. */ #define DEFAULT_ONION_KEY_LIFETIME_DAYS (28) +/** Minimum grace period for acceptance of an onion key in days. + * The maximum value is defined in proposal #274 as being the current network + * consensus parameter for "onion-key-rotation-days". */ +#define MIN_ONION_KEY_GRACE_PERIOD_DAYS (1) + +/** Default grace period for acceptance of an onion key in days. */ +#define DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS (7) + /** How often do we rotate TLS contexts? */ #define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60) diff --git a/src/or/router.c b/src/or/router.c index 1fa0f10b7e..2985753226 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -708,6 +708,22 @@ get_onion_key_lifetime(void) return get_onion_key_rotation_days_()*24*60*60; } +/** Get the grace period of an onion key in seconds. This value is defined by + * the network consesus parameter "onion-key-grace-period-days", but the value + * is converted to seconds. + */ +int +get_onion_key_grace_period(void) +{ + int grace_period; + grace_period = networkstatus_get_param(NULL, + "onion-key-grace-period-days", + DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS, + MIN_ONION_KEY_GRACE_PERIOD_DAYS, + get_onion_key_rotation_days_()); + return grace_period*24*60*60; +} + /** Set up Tor's TLS contexts, based on our configuration and keys. Return 0 * on success, and -1 on failure. */ int diff --git a/src/or/router.h b/src/or/router.h index 9060bc22c9..55a3927998 100644 --- a/src/or/router.h +++ b/src/or/router.h @@ -32,6 +32,7 @@ crypto_pk_t *init_key_from_file(const char *fname, int generate, int severity, int log_greeting); void v3_authority_check_key_expiry(void); int get_onion_key_lifetime(void); +int get_onion_key_grace_period(void); di_digest256_map_t *construct_ntor_key_map(void); void ntor_key_map_free(di_digest256_map_t *map); |