aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Pinto <danielpinto52@gmail.com>2020-06-06 11:34:47 +0100
committerNick Mathewson <nickm@torproject.org>2020-07-23 08:25:22 -0400
commitd72618eb7f152c8f1633294fa30978c7ac0a48f3 (patch)
treea8ed65e80420b8a7e254bcde56634f70051e95f4
parent27315de590da24fe55353332c29a3a4454ee7da2 (diff)
downloadtor-d72618eb7f152c8f1633294fa30978c7ac0a48f3.tar.gz
tor-d72618eb7f152c8f1633294fa30978c7ac0a48f3.zip
Remove padding from ntor-onion-key #7869
-rw-r--r--src/feature/dirauth/dirvote.c11
-rw-r--r--src/feature/dirauth/dirvote.h6
-rw-r--r--src/feature/relay/router.c8
-rw-r--r--src/test/test_dir.c8
4 files changed, 16 insertions, 17 deletions
diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c
index 85a23a12f6..a1a530b7fa 100644
--- a/src/feature/dirauth/dirvote.c
+++ b/src/feature/dirauth/dirvote.c
@@ -3848,11 +3848,10 @@ dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method)
smartlist_add_asprintf(chunks, "onion-key\n%s", key);
if (ri->onion_curve25519_pkey) {
- char kbuf[128];
- base64_encode(kbuf, sizeof(kbuf),
- (const char*)ri->onion_curve25519_pkey->public_key,
- CURVE25519_PUBKEY_LEN, BASE64_ENCODE_MULTILINE);
- smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf);
+ char kbuf[CURVE25519_BASE64_PADDED_LEN + 1];
+ bool add_padding = (consensus_method < MIN_METHOD_FOR_UNPADDED_NTOR_KEY);
+ curve25519_public_to_base64(kbuf, ri->onion_curve25519_pkey, add_padding);
+ smartlist_add_asprintf(chunks, "ntor-onion-key %s\n", kbuf);
}
if (family) {
@@ -3963,6 +3962,8 @@ static const struct consensus_method_range_t {
{MIN_SUPPORTED_CONSENSUS_METHOD,
MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS - 1},
{MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS,
+ MIN_METHOD_FOR_UNPADDED_NTOR_KEY - 1},
+ {MIN_METHOD_FOR_UNPADDED_NTOR_KEY,
MAX_SUPPORTED_CONSENSUS_METHOD},
{-1, -1}
};
diff --git a/src/feature/dirauth/dirvote.h b/src/feature/dirauth/dirvote.h
index fa7b1da4ab..3ab40367ae 100644
--- a/src/feature/dirauth/dirvote.h
+++ b/src/feature/dirauth/dirvote.h
@@ -53,7 +53,7 @@
#define MIN_SUPPORTED_CONSENSUS_METHOD 28
/** The highest consensus method that we currently support. */
-#define MAX_SUPPORTED_CONSENSUS_METHOD 29
+#define MAX_SUPPORTED_CONSENSUS_METHOD 30
/**
* Lowest consensus method where microdescriptor lines are put in canonical
@@ -61,6 +61,10 @@
**/
#define MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS 29
+/** Lowest consensus method where an unpadded base64 onion-key-ntor is allowed
+ * See #7869 */
+#define MIN_METHOD_FOR_UNPADDED_NTOR_KEY 30
+
/** Default bandwidth to clip unmeasured bandwidths to using method >=
* MIN_METHOD_TO_CLIP_UNMEASURED_BW. (This is not a consensus method; do not
* get confused with the above macros.) */
diff --git a/src/feature/relay/router.c b/src/feature/relay/router.c
index 34d8163c36..ffaf7c3cc5 100644
--- a/src/feature/relay/router.c
+++ b/src/feature/relay/router.c
@@ -2854,11 +2854,9 @@ router_dump_router_to_string(routerinfo_t *router,
}
if (router->onion_curve25519_pkey) {
- char kbuf[128];
- base64_encode(kbuf, sizeof(kbuf),
- (const char *)router->onion_curve25519_pkey->public_key,
- CURVE25519_PUBKEY_LEN, BASE64_ENCODE_MULTILINE);
- smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf);
+ char kbuf[CURVE25519_BASE64_PADDED_LEN + 1];
+ curve25519_public_to_base64(kbuf, router->onion_curve25519_pkey, false);
+ smartlist_add_asprintf(chunks, "ntor-onion-key %s\n", kbuf);
} else {
/* Authorities will start rejecting relays without ntor keys in 0.2.9 */
log_err(LD_BUG, "A relay must have an ntor onion key");
diff --git a/src/test/test_dir.c b/src/test/test_dir.c
index 3a0b8237cb..f6a21c804e 100644
--- a/src/test/test_dir.c
+++ b/src/test/test_dir.c
@@ -397,18 +397,14 @@ get_new_ntor_onion_key_line(const curve25519_public_key_t *ntor_onion_pubkey)
{
char *line = NULL;
char cert_buf[256];
- int rv = 0;
tor_assert(ntor_onion_pubkey);
- rv = base64_encode(cert_buf, sizeof(cert_buf),
- (const char*)ntor_onion_pubkey->public_key, 32,
- BASE64_ENCODE_MULTILINE);
- tor_assert(rv > 0);
+ curve25519_public_to_base64(cert_buf, ntor_onion_pubkey, false);
tor_assert(strlen(cert_buf) > 0);
tor_asprintf(&line,
- "ntor-onion-key %s",
+ "ntor-onion-key %s\n",
cert_buf);
tor_assert(line);