Add an option to disable dirauth ed25519 link key checks.

If there is some horrible bug in our ed25519 link authentication
code that causes us to label every single ed25519-having node as
non-running, we'll be glad we had this.  Otherwise we can remove it
later.

4 files changed, 18 insertions, 2 deletions

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 1071168441..9f6f95830a 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -2270,6 +2270,13 @@ on the public Tor network.
     (default), the flag "shared-rand-participate" is added to the authority
     vote indicating participation in the protocol. (Default: 1)
 
+[[AuthDirTestEd25519LinkKeys]] **AuthDirTestEd25519LinkKeys**  **0**|**1**::
+    Authoritative directories only. If this option is set to 0, then we treat
+    relays as "Running" if their RSA key is correct when we probe them,
+    regardless of their Ed25519 key. We should only ever set this option to 0
+    if there is some major bug in Ed25519 link authentication that causes us
+    to label all the relays as not Running.  (Default: 1)
+
 [[BridgePassword]] **BridgePassword** __Password__::
     If set, contains an HTTP authenticator that tells a bridge authority to
     serve all requested bridge information. Used by the (only partially
diff --git a/src/or/config.c b/src/or/config.c
index 51c62908e3..d100af812c 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -498,6 +498,7 @@ static config_var_t option_vars_[] = {
   V(User,                        STRING,   NULL),
   OBSOLETE("UserspaceIOCPBuffers"),
   V(AuthDirSharedRandomness,     BOOL,     "1"),
+  V(AuthDirTestEd25519LinkKeys,  BOOL,     "1"),
   OBSOLETE("V1AuthoritativeDirectory"),
   OBSOLETE("V2AuthoritativeDirectory"),
   VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index d060b297a7..0b896a2845 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -3186,7 +3186,8 @@ dirserv_orconn_tls_done(const tor_addr_t *addr,
 
   ri = node->ri;
 
-  if (ri->cache_info.signing_key_cert) {
+  if (get_options()->AuthDirTestEd25519LinkKeys &&
+      ri->cache_info.signing_key_cert) {
     /* We allow the node to have an ed25519 key if we haven't been told one in
      * the routerinfo, but if we *HAVE* been told one in the routerinfo, it
      * needs to match. */
@@ -3256,6 +3257,7 @@ dirserv_should_launch_reachability_test(const routerinfo_t *ri,
 void
 dirserv_single_reachability_test(time_t now, routerinfo_t *router)
 {
+  const or_options_t *options = get_options();
   channel_t *chan = NULL;
   node_t *node = NULL;
   tor_addr_t router_addr;
@@ -3266,7 +3268,8 @@ dirserv_single_reachability_test(time_t now, routerinfo_t *router)
   node = node_get_mutable_by_id(router->cache_info.identity_digest);
   tor_assert(node);
 
-  if (node_supports_ed25519_link_authentication(node)) {
+  if (options->AuthDirTestEd25519LinkKeys &&
+      node_supports_ed25519_link_authentication(node)) {
     ed_id_key = &router->cache_info.signing_key_cert->signing_key;
   } else {
     ed_id_key = NULL;
diff --git a/src/or/or.h b/src/or/or.h
index 14c2dd8bc2..7e11bf05aa 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -4577,6 +4577,11 @@ typedef struct {
   /** Autobool: Should we include Ed25519 identities in extend2 cells?
    * If -1, we should do whatever the consensus parameter says. */
   int ExtendByEd25519ID;
+
+  /** Bool (default: 1): When testing routerinfos as a directory authority,
+   * do we enforce Ed25519 identity match? */
+  /* NOTE: remove this option someday. */
+  int AuthDirTestEd25519LinkKeys;
 } or_options_t;
 
 /** Persistent state for an onion router, as saved to disk. */