[tor-commits] [tor/master] Remove padding from ntor-onion-key #7869

[nickm at torproject.org]

commit d72618eb7f152c8f1633294fa30978c7ac0a48f3
Author: Daniel Pinto <danielpinto52 at gmail.com>
Date:   Sat Jun 6 11:34:47 2020 +0100

    Remove padding from ntor-onion-key #7869
---
 src/feature/dirauth/dirvote.c | 11 ++++++-----
 src/feature/dirauth/dirvote.h |  6 +++++-
 src/feature/relay/router.c    |  8 +++-----
 src/test/test_dir.c           |  8 ++------
 4 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c
index 85a23a12f6..a1a530b7fa 100644
--- a/src/feature/dirauth/dirvote.c
+++ b/src/feature/dirauth/dirvote.c
@@ -3848,11 +3848,10 @@ dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method)
   smartlist_add_asprintf(chunks, "onion-key\n%s", key);
 
   if (ri->onion_curve25519_pkey) {
-    char kbuf[128];
-    base64_encode(kbuf, sizeof(kbuf),
-                  (const char*)ri->onion_curve25519_pkey->public_key,
-                  CURVE25519_PUBKEY_LEN, BASE64_ENCODE_MULTILINE);
-    smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf);
+    char kbuf[CURVE25519_BASE64_PADDED_LEN + 1];
+    bool add_padding = (consensus_method < MIN_METHOD_FOR_UNPADDED_NTOR_KEY);
+    curve25519_public_to_base64(kbuf, ri->onion_curve25519_pkey, add_padding);
+    smartlist_add_asprintf(chunks, "ntor-onion-key %s\n", kbuf);
   }
 
   if (family) {
@@ -3963,6 +3962,8 @@ static const struct consensus_method_range_t {
   {MIN_SUPPORTED_CONSENSUS_METHOD,
    MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS - 1},
   {MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS,
+   MIN_METHOD_FOR_UNPADDED_NTOR_KEY - 1},
+  {MIN_METHOD_FOR_UNPADDED_NTOR_KEY,
    MAX_SUPPORTED_CONSENSUS_METHOD},
   {-1, -1}
 };
diff --git a/src/feature/dirauth/dirvote.h b/src/feature/dirauth/dirvote.h
index fa7b1da4ab..3ab40367ae 100644
--- a/src/feature/dirauth/dirvote.h
+++ b/src/feature/dirauth/dirvote.h
@@ -53,7 +53,7 @@
 #define MIN_SUPPORTED_CONSENSUS_METHOD 28
 
 /** The highest consensus method that we currently support. */
-#define MAX_SUPPORTED_CONSENSUS_METHOD 29
+#define MAX_SUPPORTED_CONSENSUS_METHOD 30
 
 /**
  * Lowest consensus method where microdescriptor lines are put in canonical
@@ -61,6 +61,10 @@
  **/
 #define MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS 29
 
+/** Lowest consensus method where an unpadded base64 onion-key-ntor is allowed
+ * See #7869 */
+#define MIN_METHOD_FOR_UNPADDED_NTOR_KEY 30
+
 /** Default bandwidth to clip unmeasured bandwidths to using method >=
  * MIN_METHOD_TO_CLIP_UNMEASURED_BW.  (This is not a consensus method; do not
  * get confused with the above macros.) */
diff --git a/src/feature/relay/router.c b/src/feature/relay/router.c
index 34d8163c36..ffaf7c3cc5 100644
--- a/src/feature/relay/router.c
+++ b/src/feature/relay/router.c
@@ -2854,11 +2854,9 @@ router_dump_router_to_string(routerinfo_t *router,
   }
 
   if (router->onion_curve25519_pkey) {
-    char kbuf[128];
-    base64_encode(kbuf, sizeof(kbuf),
-                  (const char *)router->onion_curve25519_pkey->public_key,
-                  CURVE25519_PUBKEY_LEN, BASE64_ENCODE_MULTILINE);
-    smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf);
+    char kbuf[CURVE25519_BASE64_PADDED_LEN + 1];
+    curve25519_public_to_base64(kbuf, router->onion_curve25519_pkey, false);
+    smartlist_add_asprintf(chunks, "ntor-onion-key %s\n", kbuf);
   } else {
     /* Authorities will start rejecting relays without ntor keys in 0.2.9 */
     log_err(LD_BUG, "A relay must have an ntor onion key");
diff --git a/src/test/test_dir.c b/src/test/test_dir.c
index 3a0b8237cb..f6a21c804e 100644
--- a/src/test/test_dir.c
+++ b/src/test/test_dir.c
@@ -397,18 +397,14 @@ get_new_ntor_onion_key_line(const curve25519_public_key_t *ntor_onion_pubkey)
 {
   char *line = NULL;
   char cert_buf[256];
-  int rv = 0;
 
   tor_assert(ntor_onion_pubkey);
 
-  rv = base64_encode(cert_buf, sizeof(cert_buf),
-                     (const char*)ntor_onion_pubkey->public_key, 32,
-                     BASE64_ENCODE_MULTILINE);
-  tor_assert(rv > 0);
+  curve25519_public_to_base64(cert_buf, ntor_onion_pubkey, false);
   tor_assert(strlen(cert_buf) > 0);
 
   tor_asprintf(&line,
-               "ntor-onion-key %s",
+               "ntor-onion-key %s\n",
                cert_buf);
   tor_assert(line);