6 files changed, 100 insertions, 130 deletions

diff --git a/src/feature/dirauth/dirauth_config.c b/src/feature/dirauth/dirauth_config.c
index f98513ef75..9378b0ffe6 100644
--- a/src/feature/dirauth/dirauth_config.c
+++ b/src/feature/dirauth/dirauth_config.c
@@ -16,9 +16,12 @@
 #include "lib/encoding/confline.h"
 #include "lib/confmgt/confmgt.h"
 #include "lib/conf/confdecl.h"
+#include "lib/version/torversion.h"
 
 /* Required for dirinfo_type_t in or_options_t */
 #include "core/or/or.h"
+#include "core/or/tor_version_st.h"
+#include "core/or/versions.h"
 #include "app/config/config.h"
 #include "app/config/resolve_addr.h"
 
@@ -426,6 +429,7 @@ static int
 dirauth_options_validate(const void *arg, char **msg)
 {
   const dirauth_options_t *options = arg;
+  tor_version_t minimal_accepted_server_version, recommended_version;
 
   if (options->VersioningAuthoritativeDirectory &&
       (!options->RecommendedClientVersions ||
@@ -439,12 +443,53 @@ dirauth_options_validate(const void *arg, char **msg)
     REJECT("Guard bandwdith threshold fraction is invalid.");
   }
 
-  char *t;
+  if (tor_version_parse(options->MinimalAcceptedServerVersion,
+        &minimal_accepted_server_version) != 0) {
+    REJECT("Invalid MinimalAcceptedServerVersion");
+  }
+
+  tor_assertf(tor_version_parse(get_short_version(),
+        &recommended_version) == 0,
+      "We failed to parse our own version");
+  if (tor_version_compare(&recommended_version,
+        &minimal_accepted_server_version) < 0) {
+    REJECT("MinimalAcceptedServerVersion wants to reject the version "
+        "this node is running");
+  }
+
+  char *recommended_versions;
+  int found_recommended_rejected_version = 0;
   /* Call these functions to produce warnings only. */
-  t = format_recommended_version_list(options->RecommendedClientVersions, 1);
-  tor_free(t);
-  t = format_recommended_version_list(options->RecommendedServerVersions, 1);
-  tor_free(t);
+  recommended_versions = format_recommended_version_list(
+      options->RecommendedClientVersions, 1);
+  tor_free(recommended_versions);
+
+  recommended_versions = format_recommended_version_list(
+      options->RecommendedServerVersions, 1);
+
+  smartlist_t *version_sl = smartlist_new();
+  smartlist_split_string(version_sl, recommended_versions, ",",
+      SPLIT_SKIP_SPACE, 0);
+  SMARTLIST_FOREACH_BEGIN(version_sl, const char *, version) {
+    if (version[0] != '\0' && tor_version_parse(version,
+          &recommended_version) != 0) {
+      COMPLAIN("Found unparseable version in RecommendedServerVersions");
+      continue;
+    }
+
+    if (tor_version_compare(&recommended_version,
+          &minimal_accepted_server_version) < 0) {
+      found_recommended_rejected_version = 1;
+      break;
+    }
+  } SMARTLIST_FOREACH_END(version);
+
+  SMARTLIST_FOREACH(version_sl, char *, version, tor_free(version));
+  smartlist_free(version_sl);
+  tor_free(recommended_versions);
+  if (found_recommended_rejected_version)
+      REJECT("MinimalAcceptedServerVersion wants to reject a recommended "
+          "version");
 
   if (options->TestingAuthDirTimeToLearnReachability > 2*60*60) {
     COMPLAIN("TestingAuthDirTimeToLearnReachability is insanely high.");
diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc
index e2056c9cc7..c6f9c09213 100644
--- a/src/feature/dirauth/dirauth_options.inc
+++ b/src/feature/dirauth/dirauth_options.inc
@@ -76,6 +76,9 @@ CONF_VAR(RecommendedClientVersions, LINELIST, 0, NULL)
 /** Which versions of tor should we tell users to run on relays? */
 CONF_VAR(RecommendedServerVersions, LINELIST, 0, NULL)
 
+/** Which minimal version of tor do we accept relay descriptors from? */
+CONF_VAR(MinimalAcceptedServerVersion, STRING, 0, "0.4.8.0-alpha-dev")
+
 /** Relays which should be voted Guard regardless of uptime and bandwidth. */
 CONF_VAR(AuthDirVoteGuard, ROUTERSET, 0, NULL)
 
diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c
index 0783fb1e91..42c0802433 100644
--- a/src/feature/dirauth/dirvote.c
+++ b/src/feature/dirauth/dirvote.c
@@ -1631,7 +1631,11 @@ networkstatus_compute_consensus(smartlist_t *votes,
                                                       n_versioning_servers);
     client_versions = compute_consensus_versions_list(combined_client_versions,
                                                       n_versioning_clients);
-    packages = compute_consensus_package_lines(votes);
+
+    if (consensus_method < MIN_METHOD_TO_OMIT_PACKAGE_FINGERPRINTS)
+      packages = tor_strdup("");
+    else
+      packages = compute_consensus_package_lines(votes);
 
     SMARTLIST_FOREACH(combined_server_versions, char *, cp, tor_free(cp));
     SMARTLIST_FOREACH(combined_client_versions, char *, cp, tor_free(cp));
@@ -1776,15 +1780,10 @@ networkstatus_compute_consensus(smartlist_t *votes,
   }
 
   {
-    if (consensus_method < MIN_METHOD_FOR_CORRECT_BWWEIGHTSCALE) {
-      max_unmeasured_bw_kb = (int32_t) extract_param_buggy(
-                  params, "maxunmeasuredbw", DEFAULT_MAX_UNMEASURED_BW_KB);
-    } else {
-      max_unmeasured_bw_kb = dirvote_get_intermediate_param_value(
-                  param_list, "maxunmeasuredbw", DEFAULT_MAX_UNMEASURED_BW_KB);
-      if (max_unmeasured_bw_kb < 1)
-        max_unmeasured_bw_kb = 1;
-    }
+    max_unmeasured_bw_kb = dirvote_get_intermediate_param_value(
+                param_list, "maxunmeasuredbw", DEFAULT_MAX_UNMEASURED_BW_KB);
+    if (max_unmeasured_bw_kb < 1)
+      max_unmeasured_bw_kb = 1;
   }
 
   /* Add the actual router entries. */
@@ -2130,7 +2129,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
       /* Starting with consensus method 32, we handle the middle-only
        * flag specially: when it is present, we clear some flags, and
        * set others. */
-      if (is_middle_only && consensus_method >= MIN_METHOD_FOR_MIDDLEONLY) {
+      if (is_middle_only) {
         remove_flag(chosen_flags, "Exit");
         remove_flag(chosen_flags, "V2Dir");
         remove_flag(chosen_flags, "Guard");
@@ -2367,15 +2366,10 @@ networkstatus_compute_consensus(smartlist_t *votes,
 
   {
     int64_t weight_scale;
-    if (consensus_method < MIN_METHOD_FOR_CORRECT_BWWEIGHTSCALE) {
-      weight_scale = extract_param_buggy(params, "bwweightscale",
-                                         BW_WEIGHT_SCALE);
-    } else {
-      weight_scale = dirvote_get_intermediate_param_value(
-                       param_list, "bwweightscale", BW_WEIGHT_SCALE);
-      if (weight_scale < 1)
-        weight_scale = 1;
-    }
+    weight_scale = dirvote_get_intermediate_param_value(
+                     param_list, "bwweightscale", BW_WEIGHT_SCALE);
+    if (weight_scale < 1)
+      weight_scale = 1;
     added_weights = networkstatus_compute_bw_weights_v10(chunks, G, M, E, D,
                                                          T, weight_scale);
   }
@@ -2477,53 +2471,6 @@ networkstatus_compute_consensus(smartlist_t *votes,
   return result;
 }
 
-/** Extract the value of a parameter from a string encoding a list of
- * parameters, badly.
- *
- * This is a deliberately buggy implementation, for backward compatibility
- * with versions of Tor affected by #19011.  Once all authorities have
- * upgraded to consensus method 31 or later, then we can throw away this
- * function.  */
-STATIC int64_t
-extract_param_buggy(const char *params,
-                    const char *param_name,
-                    int64_t default_value)
-{
-  int64_t value = default_value;
-  const char *param_str = NULL;
-
-  if (params) {
-    char *prefix1 = NULL, *prefix2=NULL;
-    tor_asprintf(&prefix1, "%s=", param_name);
-    tor_asprintf(&prefix2, " %s=", param_name);
-    if (strcmpstart(params, prefix1) == 0)
-      param_str = params;
-    else
-      param_str = strstr(params, prefix2);
-    tor_free(prefix1);
-    tor_free(prefix2);
-  }
-
-  if (param_str) {
-    int ok=0;
-    char *eq = strchr(param_str, '=');
-    if (eq) {
-      value = tor_parse_long(eq+1, 10, 1, INT32_MAX, &ok, NULL);
-      if (!ok) {
-        log_warn(LD_DIR, "Bad element '%s' in %s",
-                 escaped(param_str), param_name);
-        value = default_value;
-      }
-    } else {
-      log_warn(LD_DIR, "Bad element '%s' in %s",
-               escaped(param_str), param_name);
-      value = default_value;
-    }
-  }
-
-  return value;
-}
-
 /** Given a list of networkstatus_t for each vote, return a newly allocated
  * string containing the "package" lines for the vote. */
 STATIC char *
@@ -3919,13 +3866,18 @@ dirvote_get_vote(const char *fp, int flags)
 STATIC microdesc_t *
 dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method)
 {
+  (void) consensus_method; // Currently unneeded...
   microdesc_t *result = NULL;
   char *key = NULL, *summary = NULL, *family = NULL;
   size_t keylen;
   smartlist_t *chunks = smartlist_new();
   char *output = NULL;
-  crypto_pk_t *rsa_pubkey = router_get_rsa_onion_pkey(ri->onion_pkey,
-                                                      ri->onion_pkey_len);
+  crypto_pk_t *rsa_pubkey = router_get_rsa_onion_pkey(ri->tap_onion_pkey,
+                                                      ri->tap_onion_pkey_len);
+  if (!rsa_pubkey) {
+    /* We do not yet support creating MDs for relays without TAP onion keys. */
+    goto done;
+  }
 
   if (crypto_pk_write_public_key_to_string(rsa_pubkey, &key, &keylen)<0)
     goto done;
@@ -3937,20 +3889,15 @@ dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method)
 
   if (ri->onion_curve25519_pkey) {
     char kbuf[CURVE25519_BASE64_PADDED_LEN + 1];
-    bool add_padding = (consensus_method < MIN_METHOD_FOR_UNPADDED_NTOR_KEY);
-    curve25519_public_to_base64(kbuf, ri->onion_curve25519_pkey, add_padding);
+    curve25519_public_to_base64(kbuf, ri->onion_curve25519_pkey, false);
     smartlist_add_asprintf(chunks, "ntor-onion-key %s\n", kbuf);
   }
 
   if (family) {
-    if (consensus_method < MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS) {
-      smartlist_add_asprintf(chunks, "family %s\n", family);
-    } else {
-      const uint8_t *id = (const uint8_t *)ri->cache_info.identity_digest;
-      char *canonical_family = nodefamily_canonicalize(family, id, 0);
-      smartlist_add_asprintf(chunks, "family %s\n", canonical_family);
-      tor_free(canonical_family);
-    }
+    const uint8_t *id = (const uint8_t *)ri->cache_info.identity_digest;
+    char *canonical_family = nodefamily_canonicalize(family, id, 0);
+    smartlist_add_asprintf(chunks, "family %s\n", canonical_family);
+    tor_free(canonical_family);
   }
 
   if (summary && strcmp(summary, "reject 1-65535"))
@@ -4048,10 +3995,6 @@ static const struct consensus_method_range_t {
   int high;
 } microdesc_consensus_methods[] = {
   {MIN_SUPPORTED_CONSENSUS_METHOD,
-   MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS - 1},
-  {MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS,
-   MIN_METHOD_FOR_UNPADDED_NTOR_KEY - 1},
-  {MIN_METHOD_FOR_UNPADDED_NTOR_KEY,
    MAX_SUPPORTED_CONSENSUS_METHOD},
   {-1, -1}
 };
diff --git a/src/feature/dirauth/dirvote.h b/src/feature/dirauth/dirvote.h
index ae8d43a6f0..6ac07f171a 100644
--- a/src/feature/dirauth/dirvote.h
+++ b/src/feature/dirauth/dirvote.h
@@ -50,29 +50,10 @@
                 ((MIN_VOTE_SECONDS_TESTING)+(MIN_DIST_SECONDS_TESTING)+1)
 
 /** The lowest consensus method that we currently support. */
-#define MIN_SUPPORTED_CONSENSUS_METHOD 28
+#define MIN_SUPPORTED_CONSENSUS_METHOD 32
 
 /** The highest consensus method that we currently support. */
-#define MAX_SUPPORTED_CONSENSUS_METHOD 33
-
-/**
- * Lowest consensus method where microdescriptor lines are put in canonical
- * form for improved compressibility and ease of storage. See proposal 298.
- **/
-#define MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS 29
-
-/** Lowest consensus method where an unpadded base64 onion-key-ntor is allowed
- * See #7869 */
-#define MIN_METHOD_FOR_UNPADDED_NTOR_KEY 30
-
-/** Lowest consensus method for which we use the correct algorithm for
- * extracting the bwweightscale= and maxunmeasuredbw= parameters. See #19011.
- */
-#define MIN_METHOD_FOR_CORRECT_BWWEIGHTSCALE 31
-
-/** Lowest consensus method for which we handle the MiddleOnly flag specially.
- */
-#define MIN_METHOD_FOR_MIDDLEONLY 32
+#define MAX_SUPPORTED_CONSENSUS_METHOD 34
 
 /**
  * Lowest consensus method for which we suppress the published time in
@@ -80,6 +61,12 @@
  */
 #define MIN_METHOD_TO_SUPPRESS_MD_PUBLISHED 33
 
+/**
+ * Lowest (supported) consensus method for which we do not include
+ * any "package" lines.
+ **/
+#define MIN_METHOD_TO_OMIT_PACKAGE_FINGERPRINTS 34
+
 /** Default bandwidth to clip unmeasured bandwidths to using method >=
  * MIN_METHOD_TO_CLIP_UNMEASURED_BW.  (This is not a consensus method; do not
  * get confused with the above macros.) */
@@ -274,9 +261,6 @@ STATIC
 char *networkstatus_get_detached_signatures(smartlist_t *consensuses);
 STATIC microdesc_t *dirvote_create_microdescriptor(const routerinfo_t *ri,
                                                    int consensus_method);
-STATIC int64_t extract_param_buggy(const char *params,
-                                   const char *param_name,
-                                   int64_t default_value);
 
 #endif /* defined(DIRVOTE_PRIVATE) */
 
diff --git a/src/feature/dirauth/process_descs.c b/src/feature/dirauth/process_descs.c
index fafb781330..5b76e937ab 100644
--- a/src/feature/dirauth/process_descs.c
+++ b/src/feature/dirauth/process_descs.c
@@ -404,8 +404,8 @@ dirserv_rejects_tor_version(const char *platform,
   static const char please_upgrade_string[] =
     "Tor version is insecure or unsupported. Please upgrade!";
 
-  /* Anything before 0.4.8.0 is unsupported. Reject them. */
-  if (!tor_version_as_new_as(platform,"0.4.8.0-alpha-dev")) {
+  if (!tor_version_as_new_as(platform,
+        dirauth_get_options()->MinimalAcceptedServerVersion)) {
     if (msg) {
       *msg = please_upgrade_string;
     }
@@ -762,6 +762,16 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
   log_info(LD_DIR, "Assessing new descriptor: %s: %s",
            ri->nickname, ri->platform);
 
+  /* For now, TAP keys are still required. */
+  if (! ri->tap_onion_pkey) {
+    log_info(LD_DIRSERV, "Rejecting descriptor from %s (source: %s); "
+             "it has no TAP key.",
+             router_describe(ri), source);
+    *msg = "Missing TAP key in descriptor.";
+    r = ROUTER_AUTHDIR_REJECTS;
+    goto fail;
+  }
+
   /* Check whether this descriptor is semantically identical to the last one
    * from this server.  (We do this here and not in router_add_to_routerlist
    * because we want to be able to accept the newest router descriptor that
diff --git a/src/feature/dirauth/voteflags.c b/src/feature/dirauth/voteflags.c
index 71ee03e265..2fbac47b30 100644
--- a/src/feature/dirauth/voteflags.c
+++ b/src/feature/dirauth/voteflags.c
@@ -112,8 +112,7 @@ dirserv_thinks_router_is_unreliable(time_t now,
 }
 
 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
- * not hibernating, having observed bw greater 0, and not too old. Else
- * return 0.
+ * not hibernating, and not too old. Else return 0.
  */
 static int
 router_is_active(const routerinfo_t *ri, const node_t *node, time_t now)
@@ -125,20 +124,6 @@ router_is_active(const routerinfo_t *ri, const node_t *node, time_t now)
   if (!node->is_running || !node->is_valid || ri->is_hibernating) {
     return 0;
   }
-  /* Only require bandwidth capacity in non-test networks, or
-   * if TestingTorNetwork, and TestingMinExitFlagThreshold is non-zero */
-  if (!ri->bandwidthcapacity) {
-    if (get_options()->TestingTorNetwork) {
-      if (dirauth_get_options()->TestingMinExitFlagThreshold > 0) {
-        /* If we're in a TestingTorNetwork, and TestingMinExitFlagThreshold is,
-         * then require bandwidthcapacity */
-        return 0;
-      }
-    } else {
-      /* If we're not in a TestingTorNetwork, then require bandwidthcapacity */
-      return 0;
-    }
-  }
   return 1;
 }