mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 13:53:31 +01:00
Make onion-key body optional in microdescs
Also, stop storing onion keys in microdesc_t. (In prop350, for microdescs, we are making the body optional; the "onion-key" entry is still mandatory, so that we can tell where microdescs begin.)
This commit is contained in:
parent
f631145cbf
commit
07f0a2b964
@ -30,7 +30,7 @@
|
|||||||
/** List of tokens recognized in microdescriptors */
|
/** List of tokens recognized in microdescriptors */
|
||||||
// clang-format off
|
// clang-format off
|
||||||
static token_rule_t microdesc_token_table[] = {
|
static token_rule_t microdesc_token_table[] = {
|
||||||
T1_START("onion-key", K_ONION_KEY, NO_ARGS, NEED_KEY_1024),
|
T1_START("onion-key", K_ONION_KEY, NO_ARGS, OPT_KEY_1024),
|
||||||
T1("ntor-onion-key", K_ONION_KEY_NTOR, GE(1), NO_OBJ ),
|
T1("ntor-onion-key", K_ONION_KEY_NTOR, GE(1), NO_OBJ ),
|
||||||
T0N("id", K_ID, GE(2), NO_OBJ ),
|
T0N("id", K_ID, GE(2), NO_OBJ ),
|
||||||
T0N("a", K_A, GE(1), NO_OBJ ),
|
T0N("a", K_A, GE(1), NO_OBJ ),
|
||||||
@ -200,14 +200,11 @@ microdesc_parse_fields(microdesc_t *md,
|
|||||||
}
|
}
|
||||||
|
|
||||||
tok = find_by_keyword(tokens, K_ONION_KEY);
|
tok = find_by_keyword(tokens, K_ONION_KEY);
|
||||||
if (!crypto_pk_public_exponent_ok(tok->key)) {
|
if (tok && tok->key && !crypto_pk_public_exponent_ok(tok->key)) {
|
||||||
log_warn(LD_DIR,
|
log_warn(LD_DIR,
|
||||||
"Relay's onion key had invalid exponent.");
|
"Relay's onion key had invalid exponent.");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
md->onion_pkey = tor_memdup(tok->object_body, tok->object_size);
|
|
||||||
md->onion_pkey_len = tok->object_size;
|
|
||||||
crypto_pk_free(tok->key);
|
|
||||||
|
|
||||||
if ((tok = find_opt_by_keyword(tokens, K_ONION_KEY_NTOR))) {
|
if ((tok = find_opt_by_keyword(tokens, K_ONION_KEY_NTOR))) {
|
||||||
curve25519_public_key_t k;
|
curve25519_public_key_t k;
|
||||||
|
@ -215,6 +215,16 @@ token_check_object(memarea_t *area, const char *kwd,
|
|||||||
RET_ERR(ebuf);
|
RET_ERR(ebuf);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
case OPT_KEY_1024:
|
||||||
|
/* If there is anything, it must be a 1024-bit RSA key. */
|
||||||
|
if (tok->object_body && !tok->key) {
|
||||||
|
tor_snprintf(ebuf, sizeof(ebuf), "Unexpected object for %s", kwd);
|
||||||
|
RET_ERR(ebuf);
|
||||||
|
}
|
||||||
|
if (!tok->key) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
FALLTHROUGH;
|
||||||
case NEED_KEY_1024: /* There must be a 1024-bit public key. */
|
case NEED_KEY_1024: /* There must be a 1024-bit public key. */
|
||||||
if (tok->key && crypto_pk_num_bits(tok->key) != PK_BYTES*8) {
|
if (tok->key && crypto_pk_num_bits(tok->key) != PK_BYTES*8) {
|
||||||
tor_snprintf(ebuf, sizeof(ebuf), "Wrong size on key for %s: %d bits",
|
tor_snprintf(ebuf, sizeof(ebuf), "Wrong size on key for %s: %d bits",
|
||||||
@ -395,7 +405,8 @@ get_next_token(memarea_t *area,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!strcmp(tok->object_type, "RSA PUBLIC KEY")) { /* If it's a public key */
|
if (!strcmp(tok->object_type, "RSA PUBLIC KEY")) { /* If it's a public key */
|
||||||
if (o_syn != NEED_KEY && o_syn != NEED_KEY_1024 && o_syn != OBJ_OK) {
|
if (o_syn != OPT_KEY_1024 && o_syn != NEED_KEY &&
|
||||||
|
o_syn != NEED_KEY_1024 && o_syn != OBJ_OK) {
|
||||||
RET_ERR("Unexpected public key.");
|
RET_ERR("Unexpected public key.");
|
||||||
}
|
}
|
||||||
tok->key = crypto_pk_asn1_decode(tok->object_body, tok->object_size);
|
tok->key = crypto_pk_asn1_decode(tok->object_body, tok->object_size);
|
||||||
|
@ -220,6 +220,7 @@ typedef struct directory_token_t {
|
|||||||
typedef enum {
|
typedef enum {
|
||||||
NO_OBJ, /**< No object, ever. */
|
NO_OBJ, /**< No object, ever. */
|
||||||
NEED_OBJ, /**< Object is required. */
|
NEED_OBJ, /**< Object is required. */
|
||||||
|
OPT_KEY_1024, /**< If object is present, it must be a 1024 bit public key */
|
||||||
NEED_KEY_1024, /**< Object is required, and must be a 1024 bit public key */
|
NEED_KEY_1024, /**< Object is required, and must be a 1024 bit public key */
|
||||||
NEED_KEY, /**< Object is required, and must be a public key. */
|
NEED_KEY, /**< Object is required, and must be a public key. */
|
||||||
OBJ_OK, /**< Object is optional. */
|
OBJ_OK, /**< Object is optional. */
|
||||||
|
@ -909,8 +909,6 @@ microdesc_free_(microdesc_t *md, const char *fname, int lineno)
|
|||||||
//tor_assert(md->held_in_map == 0);
|
//tor_assert(md->held_in_map == 0);
|
||||||
//tor_assert(md->held_by_nodes == 0);
|
//tor_assert(md->held_by_nodes == 0);
|
||||||
|
|
||||||
if (md->onion_pkey)
|
|
||||||
tor_free(md->onion_pkey);
|
|
||||||
tor_free(md->onion_curve25519_pkey);
|
tor_free(md->onion_curve25519_pkey);
|
||||||
tor_free(md->ed25519_identity_pkey);
|
tor_free(md->ed25519_identity_pkey);
|
||||||
if (md->body && md->saved_location != SAVED_IN_CACHE)
|
if (md->body && md->saved_location != SAVED_IN_CACHE)
|
||||||
|
@ -63,14 +63,6 @@ struct microdesc_t {
|
|||||||
|
|
||||||
/* Fields in the microdescriptor. */
|
/* Fields in the microdescriptor. */
|
||||||
|
|
||||||
/**
|
|
||||||
* Public RSA TAP key for onions, ASN.1 encoded. We store this
|
|
||||||
* in its encoded format since storing it as a crypto_pk_t uses
|
|
||||||
* significantly more memory. */
|
|
||||||
char *onion_pkey;
|
|
||||||
/** Length of onion_pkey, in bytes. */
|
|
||||||
size_t onion_pkey_len;
|
|
||||||
|
|
||||||
/** As routerinfo_t.onion_curve25519_pkey */
|
/** As routerinfo_t.onion_curve25519_pkey */
|
||||||
struct curve25519_public_key_t *onion_curve25519_pkey;
|
struct curve25519_public_key_t *onion_curve25519_pkey;
|
||||||
/** Ed25519 identity key, if included. */
|
/** Ed25519 identity key, if included. */
|
||||||
|
@ -2052,11 +2052,8 @@ node_get_rsa_onion_key(const node_t *node)
|
|||||||
if (node->ri) {
|
if (node->ri) {
|
||||||
onion_pkey = node->ri->onion_pkey;
|
onion_pkey = node->ri->onion_pkey;
|
||||||
onion_pkey_len = node->ri->onion_pkey_len;
|
onion_pkey_len = node->ri->onion_pkey_len;
|
||||||
} else if (node->rs && node->md) {
|
|
||||||
onion_pkey = node->md->onion_pkey;
|
|
||||||
onion_pkey_len = node->md->onion_pkey_len;
|
|
||||||
} else {
|
} else {
|
||||||
/* No descriptor or microdescriptor. */
|
/* No descriptor; we don't take onion keys from microdescs. */
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
pk = router_get_rsa_onion_pkey(onion_pkey, onion_pkey_len);
|
pk = router_get_rsa_onion_pkey(onion_pkey, onion_pkey_len);
|
||||||
|
Loading…
Reference in New Issue
Block a user