Make onion-key body optional in microdescs

Also, stop storing onion keys in microdesc_t.

(In prop350, for microdescs, we are making the body optional; the "onion-key"
entry is still mandatory, so that we can tell where microdescs begin.)

6 files changed, 16 insertions, 20 deletions

diff --git a/src/feature/dirparse/microdesc_parse.c b/src/feature/dirparse/microdesc_parse.c
index beb38bda30..eef52f14f3 100644
--- a/src/feature/dirparse/microdesc_parse.c
+++ b/src/feature/dirparse/microdesc_parse.c
@@ -30,7 +30,7 @@
 /** List of tokens recognized in microdescriptors */
 // clang-format off
 static token_rule_t microdesc_token_table[] = {
-  T1_START("onion-key",        K_ONION_KEY,        NO_ARGS,     NEED_KEY_1024),
+  T1_START("onion-key",        K_ONION_KEY,        NO_ARGS,     OPT_KEY_1024),
   T1("ntor-onion-key",         K_ONION_KEY_NTOR,   GE(1),       NO_OBJ ),
   T0N("id",                    K_ID,               GE(2),       NO_OBJ ),
   T0N("a",                     K_A,                GE(1),       NO_OBJ ),
@@ -200,14 +200,11 @@ microdesc_parse_fields(microdesc_t *md,
   }
 
   tok = find_by_keyword(tokens, K_ONION_KEY);
-  if (!crypto_pk_public_exponent_ok(tok->key)) {
+  if (tok && tok->key && !crypto_pk_public_exponent_ok(tok->key)) {
     log_warn(LD_DIR,
              "Relay's onion key had invalid exponent.");
     goto err;
   }
-  md->onion_pkey = tor_memdup(tok->object_body, tok->object_size);
-  md->onion_pkey_len = tok->object_size;
-  crypto_pk_free(tok->key);
 
   if ((tok = find_opt_by_keyword(tokens, K_ONION_KEY_NTOR))) {
     curve25519_public_key_t k;
diff --git a/src/feature/dirparse/parsecommon.c b/src/feature/dirparse/parsecommon.c
index d7a6d65346..be1457b730 100644
--- a/src/feature/dirparse/parsecommon.c
+++ b/src/feature/dirparse/parsecommon.c
@@ -215,6 +215,16 @@ token_check_object(memarea_t *area, const char *kwd,
         RET_ERR(ebuf);
       }
       break;
+    case OPT_KEY_1024:
+      /* If there is anything, it must be a 1024-bit RSA key. */
+      if (tok->object_body && !tok->key) {
+        tor_snprintf(ebuf, sizeof(ebuf), "Unexpected object for %s", kwd);
+        RET_ERR(ebuf);
+      }
+      if (!tok->key) {
+        break;
+      }
+      FALLTHROUGH;
     case NEED_KEY_1024: /* There must be a 1024-bit public key. */
       if (tok->key && crypto_pk_num_bits(tok->key) != PK_BYTES*8) {
         tor_snprintf(ebuf, sizeof(ebuf), "Wrong size on key for %s: %d bits",
@@ -395,7 +405,8 @@ get_next_token(memarea_t *area,
   }
 
   if (!strcmp(tok->object_type, "RSA PUBLIC KEY")) { /* If it's a public key */
-    if (o_syn != NEED_KEY && o_syn != NEED_KEY_1024 && o_syn != OBJ_OK) {
+    if (o_syn != OPT_KEY_1024 && o_syn != NEED_KEY &&
+        o_syn != NEED_KEY_1024 && o_syn != OBJ_OK) {
       RET_ERR("Unexpected public key.");
     }
     tok->key = crypto_pk_asn1_decode(tok->object_body, tok->object_size);
diff --git a/src/feature/dirparse/parsecommon.h b/src/feature/dirparse/parsecommon.h
index 9333ec4b27..d48d27499f 100644
--- a/src/feature/dirparse/parsecommon.h
+++ b/src/feature/dirparse/parsecommon.h
@@ -220,6 +220,7 @@ typedef struct directory_token_t {
 typedef enum {
   NO_OBJ,        /**< No object, ever. */
   NEED_OBJ,      /**< Object is required. */
+  OPT_KEY_1024,  /**< If object is present, it must be a 1024 bit public key */
   NEED_KEY_1024, /**< Object is required, and must be a 1024 bit public key */
   NEED_KEY,      /**< Object is required, and must be a public key. */
   OBJ_OK,        /**< Object is optional. */
diff --git a/src/feature/nodelist/microdesc.c b/src/feature/nodelist/microdesc.c
index 9e5f0bb9a4..3fd0f23fb5 100644
--- a/src/feature/nodelist/microdesc.c
+++ b/src/feature/nodelist/microdesc.c
@@ -909,8 +909,6 @@ microdesc_free_(microdesc_t *md, const char *fname, int lineno)
   //tor_assert(md->held_in_map == 0);
   //tor_assert(md->held_by_nodes == 0);
 
-  if (md->onion_pkey)
-    tor_free(md->onion_pkey);
   tor_free(md->onion_curve25519_pkey);
   tor_free(md->ed25519_identity_pkey);
   if (md->body && md->saved_location != SAVED_IN_CACHE)
diff --git a/src/feature/nodelist/microdesc_st.h b/src/feature/nodelist/microdesc_st.h
index ad56b6d6c2..c642e6e12b 100644
--- a/src/feature/nodelist/microdesc_st.h
+++ b/src/feature/nodelist/microdesc_st.h
@@ -63,14 +63,6 @@ struct microdesc_t {
 
   /* Fields in the microdescriptor. */
 
-  /**
-   * Public RSA TAP key for onions, ASN.1 encoded.  We store this
-   * in its encoded format since storing it as a crypto_pk_t uses
-   * significantly more memory. */
-  char *onion_pkey;
-  /** Length of onion_pkey, in bytes. */
-  size_t onion_pkey_len;
-
   /** As routerinfo_t.onion_curve25519_pkey */
   struct curve25519_public_key_t *onion_curve25519_pkey;
   /** Ed25519 identity key, if included. */
diff --git a/src/feature/nodelist/nodelist.c b/src/feature/nodelist/nodelist.c
index bbaa51a407..09b10f10f6 100644
--- a/src/feature/nodelist/nodelist.c
+++ b/src/feature/nodelist/nodelist.c
@@ -2052,11 +2052,8 @@ node_get_rsa_onion_key(const node_t *node)
   if (node->ri) {
     onion_pkey = node->ri->onion_pkey;
     onion_pkey_len = node->ri->onion_pkey_len;
-  } else if (node->rs && node->md) {
-    onion_pkey = node->md->onion_pkey;
-    onion_pkey_len = node->md->onion_pkey_len;
   } else {
-    /* No descriptor or microdescriptor. */
+    /* No descriptor; we don't take onion keys from microdescs. */
     goto end;
   }
   pk = router_get_rsa_onion_pkey(onion_pkey, onion_pkey_len);