Implement proposal 221: Stop sending CREATE_FAST

This makes FastFirstHopPK an AUTOBOOL; makes the default "auto"; and
makes the behavior of "auto" be "look at the consensus."

diff --git a/changes/prop221 b/changes/prop221
new file mode 100644 (file)
index 0000000..b2bf44b
--- /dev/null
+++ b/changes/prop221
@@ -0,0 +1,6 @@
+  o Minor features:
+    - Stop sending the CREATE_FAST cells by default; instead, use a
+      parameter in the consensus to decide whether to use
+      CREATE_FAST. This can improve security on connections where
+      Tor's circuit handshake is stronger than the available TLS
+      connection security levels. Implements proposal 221.

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index b9ee2961408620816e5885591755a773786089e8..51d2aab2dbd8fa2d9b16236247ae9fc9011491eb 100644 (file)
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1115,15 +1115,17 @@ The following options are useful only for clients (that is, if
     the node "foo". Disabled by default since attacking websites and exit
     relays can use it to manipulate your path selection. (Default: 0)
 
-[[FastFirstHopPK]] **FastFirstHopPK** **0**|**1**::
+[[FastFirstHopPK]] **FastFirstHopPK** **0**|**1**|**auto**::
     When this option is disabled, Tor uses the public key step for the first
     hop of creating circuits. Skipping it is generally safe since we have
     already used TLS to authenticate the relay and to establish forward-secure
-    keys. Turning this option off makes circuit building slower. +
+    keys. Turning this option off makes circuit building a little
+    slower. Setting this option to "auto" takes advice from the authorities
+    in the latest consensus about whether to use this feature.  +
  +
     Note that Tor will always use the public key step for the first hop if it's
     operating as a relay, and it will never use the public key step if it
-    doesn't yet know the onion key of the first hop. (Default: 1)
+    doesn't yet know the onion key of the first hop. (Default: auto)
 
 [[TransPort]] **TransPort**  \['address':]__port__|**auto** [_isolation flags_]::
     Open this port to listen for transparent proxy connections.  Set this to

diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 43d2ffe4db5fa39c64b5b64769739e2d601734f7..26c1e89822afaf9c57ebb492d163cb8eda019fe9 100644 (file)
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -600,16 +600,18 @@ should_use_create_fast_for_circuit(origin_circuit_t *circ)
 
   if (!circ->cpath->extend_info->onion_key)
     return 1; /* our hand is forced: only a create_fast will work. */
-  if (!options->FastFirstHopPK)
-    return 0; /* we prefer to avoid create_fast */
   if (public_server_mode(options)) {
     /* We're a server, and we know an onion key. We can choose.
      * Prefer to blend our circuit into the other circuits we are
      * creating on behalf of others. */
     return 0;
   }
+  if (options->FastFirstHopPK == -1) {
+    /* option is "auto", so look at the consensus. */
+    return networkstatus_get_param(NULL, "usecreatefast", 1, 0, 1);
+  }
 
-  return 1;
+  return options->FastFirstHopPK;
 }
 
 /** Return true if <b>circ</b> is the type of circuit we want to count

diff --git a/src/or/config.c b/src/or/config.c
index 18f1c2950146545e741d40e3239c73442ebcdfb9..491b2cd875522eec740f6624f09c4d7d97657c80 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -236,7 +236,7 @@ static config_var_t option_vars_[] = {
   OBSOLETE("FallbackNetworkstatusFile"),
   V(FascistFirewall,             BOOL,     "0"),
   V(FirewallPorts,               CSV,      ""),
-  V(FastFirstHopPK,              BOOL,     "1"),
+  V(FastFirstHopPK,              AUTOBOOL, "auto"),
   V(FetchDirInfoEarly,           BOOL,     "0"),
   V(FetchDirInfoExtraEarly,      BOOL,     "0"),
   V(FetchServerDescriptors,      BOOL,     "1"),