4 files changed, 18 insertions, 14 deletions

diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c
index c3ab6fae15..080edd92f1 100644
--- a/src/feature/dirauth/dirvote.c
+++ b/src/feature/dirauth/dirvote.c
@@ -3848,11 +3848,10 @@ dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method)
   smartlist_add_asprintf(chunks, "onion-key\n%s", key);
 
   if (ri->onion_curve25519_pkey) {
-    char kbuf[128];
-    base64_encode(kbuf, sizeof(kbuf),
-                  (const char*)ri->onion_curve25519_pkey->public_key,
-                  CURVE25519_PUBKEY_LEN, BASE64_ENCODE_MULTILINE);
-    smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf);
+    char kbuf[CURVE25519_BASE64_PADDED_LEN + 1];
+    bool add_padding = (consensus_method < MIN_METHOD_FOR_UNPADDED_NTOR_KEY);
+    curve25519_public_to_base64(kbuf, ri->onion_curve25519_pkey, add_padding);
+    smartlist_add_asprintf(chunks, "ntor-onion-key %s\n", kbuf);
   }
 
   if (family) {
@@ -3963,6 +3962,8 @@ static const struct consensus_method_range_t {
   {MIN_SUPPORTED_CONSENSUS_METHOD,
    MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS - 1},
   {MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS,
+   MIN_METHOD_FOR_UNPADDED_NTOR_KEY - 1},
+  {MIN_METHOD_FOR_UNPADDED_NTOR_KEY,
    MAX_SUPPORTED_CONSENSUS_METHOD},
   {-1, -1}
 };
diff --git a/src/feature/dirauth/dirvote.h b/src/feature/dirauth/dirvote.h
index 1b1c9f2cc7..9cc87489b4 100644
--- a/src/feature/dirauth/dirvote.h
+++ b/src/feature/dirauth/dirvote.h
@@ -53,7 +53,7 @@
 #define MIN_SUPPORTED_CONSENSUS_METHOD 28
 
 /** The highest consensus method that we currently support. */
-#define MAX_SUPPORTED_CONSENSUS_METHOD 29
+#define MAX_SUPPORTED_CONSENSUS_METHOD 30
 
 /**
  * Lowest consensus method where microdescriptor lines are put in canonical
@@ -61,6 +61,10 @@
  **/
 #define MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS 29
 
+/** Lowest consensus method where an unpadded base64 onion-key-ntor is allowed
+ * See #7869 */
+#define MIN_METHOD_FOR_UNPADDED_NTOR_KEY 30
+
 /** Default bandwidth to clip unmeasured bandwidths to using method >=
  * MIN_METHOD_TO_CLIP_UNMEASURED_BW.  (This is not a consensus method; do not
  * get confused with the above macros.) */
diff --git a/src/feature/hs/hs_descriptor.c b/src/feature/hs/hs_descriptor.c
index 50a46fb40f..30a36030d1 100644
--- a/src/feature/hs/hs_descriptor.c
+++ b/src/feature/hs/hs_descriptor.c
@@ -55,6 +55,7 @@
 /* For unit tests.*/
 #define HS_DESCRIPTOR_PRIVATE
 
+#include <stdbool.h>
 #include "core/or/or.h"
 #include "app/config/config.h"
 #include "trunnel/ed25519_cert.h" /* Trunnel interface. */
@@ -404,7 +405,7 @@ encode_enc_key(const hs_desc_intro_point_t *ip)
   tor_assert(ip);
 
   /* Base64 encode the encryption key for the "enc-key" field. */
-  curve25519_public_to_base64(key_b64, &ip->enc_key);
+  curve25519_public_to_base64(key_b64, &ip->enc_key, true);
   if (tor_cert_encode_ed22519(ip->enc_key_cert, &encoded_cert) < 0) {
     goto done;
   }
@@ -430,7 +431,7 @@ encode_onion_key(const hs_desc_intro_point_t *ip)
   tor_assert(ip);
 
   /* Base64 encode the encryption key for the "onion-key" field. */
-  curve25519_public_to_base64(key_b64, &ip->onion_key);
+  curve25519_public_to_base64(key_b64, &ip->onion_key, true);
   tor_asprintf(&encoded, "%s ntor %s", str_ip_onion_key, key_b64);
 
   return encoded;
@@ -813,7 +814,7 @@ get_outer_encrypted_layer_plaintext(const hs_descriptor_t *desc,
     tor_assert(!fast_mem_is_zero((char *) ephemeral_pubkey->public_key,
                                 CURVE25519_PUBKEY_LEN));
 
-    curve25519_public_to_base64(ephemeral_key_base64, ephemeral_pubkey);
+    curve25519_public_to_base64(ephemeral_key_base64, ephemeral_pubkey, true);
     smartlist_add_asprintf(lines, "%s %s\n",
                            str_desc_auth_key, ephemeral_key_base64);
 
diff --git a/src/feature/relay/router.c b/src/feature/relay/router.c
index 4a0a4203aa..206545bdec 100644
--- a/src/feature/relay/router.c
+++ b/src/feature/relay/router.c
@@ -2936,11 +2936,9 @@ router_dump_router_to_string(routerinfo_t *router,
   }
 
   if (router->onion_curve25519_pkey) {
-    char kbuf[128];
-    base64_encode(kbuf, sizeof(kbuf),
-                  (const char *)router->onion_curve25519_pkey->public_key,
-                  CURVE25519_PUBKEY_LEN, BASE64_ENCODE_MULTILINE);
-    smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf);
+    char kbuf[CURVE25519_BASE64_PADDED_LEN + 1];
+    curve25519_public_to_base64(kbuf, router->onion_curve25519_pkey, false);
+    smartlist_add_asprintf(chunks, "ntor-onion-key %s\n", kbuf);
   } else {
     /* Authorities will start rejecting relays without ntor keys in 0.2.9 */
     log_err(LD_BUG, "A relay must have an ntor onion key");