diff options
| author | Nick Mathewson <nickm@torproject.org> | 2024-06-25 09:01:21 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2024-06-26 11:42:36 -0400 |
| commit | 6c8b93538c5361d04c80da24ae7d2bb0be3d5d22 (patch) | |
| tree | 04ad618bb3fe516d927c0600b8d39bfb3e713ae5 | |
| parent | 9466cc9fdc86eb3211aa410827583a81e366bf26 (diff) | |
| download | tor-6c8b93538c5361d04c80da24ae7d2bb0be3d5d22.tar.gz tor-6c8b93538c5361d04c80da24ae7d2bb0be3d5d22.zip | |
Do not publish TAP key when publish-dummy-tap-key is 0.
| -rw-r--r-- | src/feature/relay/router.c | 37 |
1 files changed, 32 insertions, 5 deletions
diff --git a/src/feature/relay/router.c b/src/feature/relay/router.c index 1a29b54494..ab5fe697bc 100644 --- a/src/feature/relay/router.c +++ b/src/feature/relay/router.c @@ -211,8 +211,13 @@ set_onion_key(crypto_pk_t *k) mark_my_descriptor_dirty("set onion key"); } -/** Return the current onion key. Requires that the onion key has been - * loaded or generated. */ +/** Return the current TAP onion key. Requires that the onion key has been + * loaded or generated. + * + * Note that this key is no longer used for anything; we only keep it around + * because (as of June 2024) other Tor instances all expect to find it in + * our routerdescs. + **/ MOCK_IMPL(crypto_pk_t *, get_onion_key,(void)) { @@ -220,6 +225,25 @@ get_onion_key,(void)) return onionkey; } +/** + * Return true iff we should include our TAP onion key in our router + * descriptor. + */ +static int +should_publish_tap_onion_key(void) +{ +#define SHOULD_PUBLISH_TAP_MIN 0 +#define SHOULD_PUBLISH_TAP_MAX 1 + /* Note that we err on the side of publishing. */ +#define SHOULD_PUBLISH_TAP_DFLT 1 + + return networkstatus_get_param(NULL, + "publish-dummy-tap-key", + SHOULD_PUBLISH_TAP_DFLT, + SHOULD_PUBLISH_TAP_MIN, + SHOULD_PUBLISH_TAP_MAX); +} + /** Store a full copy of the current onion key into *<b>key</b>, and a full * copy of the most recent onion key into *<b>last</b>. Store NULL into * a pointer if the corresponding key does not exist. @@ -2138,9 +2162,12 @@ router_build_fresh_unsigned_routerinfo,(routerinfo_t **ri_out)) ri->supports_tunnelled_dir_requests = directory_permits_begindir_requests(options); ri->cache_info.published_on = time(NULL); - /* get_onion_key() must invoke from main thread */ - router_set_rsa_onion_pkey(get_onion_key(), &ri->tap_onion_pkey, - &ri->tap_onion_pkey_len); + + if (should_publish_tap_onion_key()) { + /* get_onion_key() must invoke from main thread */ + router_set_rsa_onion_pkey(get_onion_key(), &ri->tap_onion_pkey, + &ri->tap_onion_pkey_len); + } ri->onion_curve25519_pkey = tor_memdup(&get_current_curve25519_keypair()->pubkey, |