Make onion-key body optional in microdescs

Also, stop storing onion keys in microdesc_t.

(In prop350, for microdescs, we are making the body optional; the "onion-key"
entry is still mandatory, so that we can tell where microdescs begin.)
This commit is contained in:
Nick Mathewson 2024-06-24 14:04:04 -04:00
parent f631145cbf
commit 07f0a2b964
6 changed files with 16 additions and 20 deletions

View File

@ -30,7 +30,7 @@
/** List of tokens recognized in microdescriptors */ /** List of tokens recognized in microdescriptors */
// clang-format off // clang-format off
static token_rule_t microdesc_token_table[] = { static token_rule_t microdesc_token_table[] = {
T1_START("onion-key", K_ONION_KEY, NO_ARGS, NEED_KEY_1024), T1_START("onion-key", K_ONION_KEY, NO_ARGS, OPT_KEY_1024),
T1("ntor-onion-key", K_ONION_KEY_NTOR, GE(1), NO_OBJ ), T1("ntor-onion-key", K_ONION_KEY_NTOR, GE(1), NO_OBJ ),
T0N("id", K_ID, GE(2), NO_OBJ ), T0N("id", K_ID, GE(2), NO_OBJ ),
T0N("a", K_A, GE(1), NO_OBJ ), T0N("a", K_A, GE(1), NO_OBJ ),
@ -200,14 +200,11 @@ microdesc_parse_fields(microdesc_t *md,
} }
tok = find_by_keyword(tokens, K_ONION_KEY); tok = find_by_keyword(tokens, K_ONION_KEY);
if (!crypto_pk_public_exponent_ok(tok->key)) { if (tok && tok->key && !crypto_pk_public_exponent_ok(tok->key)) {
log_warn(LD_DIR, log_warn(LD_DIR,
"Relay's onion key had invalid exponent."); "Relay's onion key had invalid exponent.");
goto err; goto err;
} }
md->onion_pkey = tor_memdup(tok->object_body, tok->object_size);
md->onion_pkey_len = tok->object_size;
crypto_pk_free(tok->key);
if ((tok = find_opt_by_keyword(tokens, K_ONION_KEY_NTOR))) { if ((tok = find_opt_by_keyword(tokens, K_ONION_KEY_NTOR))) {
curve25519_public_key_t k; curve25519_public_key_t k;

View File

@ -215,6 +215,16 @@ token_check_object(memarea_t *area, const char *kwd,
RET_ERR(ebuf); RET_ERR(ebuf);
} }
break; break;
case OPT_KEY_1024:
/* If there is anything, it must be a 1024-bit RSA key. */
if (tok->object_body && !tok->key) {
tor_snprintf(ebuf, sizeof(ebuf), "Unexpected object for %s", kwd);
RET_ERR(ebuf);
}
if (!tok->key) {
break;
}
FALLTHROUGH;
case NEED_KEY_1024: /* There must be a 1024-bit public key. */ case NEED_KEY_1024: /* There must be a 1024-bit public key. */
if (tok->key && crypto_pk_num_bits(tok->key) != PK_BYTES*8) { if (tok->key && crypto_pk_num_bits(tok->key) != PK_BYTES*8) {
tor_snprintf(ebuf, sizeof(ebuf), "Wrong size on key for %s: %d bits", tor_snprintf(ebuf, sizeof(ebuf), "Wrong size on key for %s: %d bits",
@ -395,7 +405,8 @@ get_next_token(memarea_t *area,
} }
if (!strcmp(tok->object_type, "RSA PUBLIC KEY")) { /* If it's a public key */ if (!strcmp(tok->object_type, "RSA PUBLIC KEY")) { /* If it's a public key */
if (o_syn != NEED_KEY && o_syn != NEED_KEY_1024 && o_syn != OBJ_OK) { if (o_syn != OPT_KEY_1024 && o_syn != NEED_KEY &&
o_syn != NEED_KEY_1024 && o_syn != OBJ_OK) {
RET_ERR("Unexpected public key."); RET_ERR("Unexpected public key.");
} }
tok->key = crypto_pk_asn1_decode(tok->object_body, tok->object_size); tok->key = crypto_pk_asn1_decode(tok->object_body, tok->object_size);

View File

@ -220,6 +220,7 @@ typedef struct directory_token_t {
typedef enum { typedef enum {
NO_OBJ, /**< No object, ever. */ NO_OBJ, /**< No object, ever. */
NEED_OBJ, /**< Object is required. */ NEED_OBJ, /**< Object is required. */
OPT_KEY_1024, /**< If object is present, it must be a 1024 bit public key */
NEED_KEY_1024, /**< Object is required, and must be a 1024 bit public key */ NEED_KEY_1024, /**< Object is required, and must be a 1024 bit public key */
NEED_KEY, /**< Object is required, and must be a public key. */ NEED_KEY, /**< Object is required, and must be a public key. */
OBJ_OK, /**< Object is optional. */ OBJ_OK, /**< Object is optional. */

View File

@ -909,8 +909,6 @@ microdesc_free_(microdesc_t *md, const char *fname, int lineno)
//tor_assert(md->held_in_map == 0); //tor_assert(md->held_in_map == 0);
//tor_assert(md->held_by_nodes == 0); //tor_assert(md->held_by_nodes == 0);
if (md->onion_pkey)
tor_free(md->onion_pkey);
tor_free(md->onion_curve25519_pkey); tor_free(md->onion_curve25519_pkey);
tor_free(md->ed25519_identity_pkey); tor_free(md->ed25519_identity_pkey);
if (md->body && md->saved_location != SAVED_IN_CACHE) if (md->body && md->saved_location != SAVED_IN_CACHE)

View File

@ -63,14 +63,6 @@ struct microdesc_t {
/* Fields in the microdescriptor. */ /* Fields in the microdescriptor. */
/**
* Public RSA TAP key for onions, ASN.1 encoded. We store this
* in its encoded format since storing it as a crypto_pk_t uses
* significantly more memory. */
char *onion_pkey;
/** Length of onion_pkey, in bytes. */
size_t onion_pkey_len;
/** As routerinfo_t.onion_curve25519_pkey */ /** As routerinfo_t.onion_curve25519_pkey */
struct curve25519_public_key_t *onion_curve25519_pkey; struct curve25519_public_key_t *onion_curve25519_pkey;
/** Ed25519 identity key, if included. */ /** Ed25519 identity key, if included. */

View File

@ -2052,11 +2052,8 @@ node_get_rsa_onion_key(const node_t *node)
if (node->ri) { if (node->ri) {
onion_pkey = node->ri->onion_pkey; onion_pkey = node->ri->onion_pkey;
onion_pkey_len = node->ri->onion_pkey_len; onion_pkey_len = node->ri->onion_pkey_len;
} else if (node->rs && node->md) {
onion_pkey = node->md->onion_pkey;
onion_pkey_len = node->md->onion_pkey_len;
} else { } else {
/* No descriptor or microdescriptor. */ /* No descriptor; we don't take onion keys from microdescs. */
goto end; goto end;
} }
pk = router_get_rsa_onion_pkey(onion_pkey, onion_pkey_len); pk = router_get_rsa_onion_pkey(onion_pkey, onion_pkey_len);