summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2016-11-10 12:41:17 -0500
committerNick Mathewson <nickm@torproject.org>2016-12-08 16:47:59 -0500
commit3d7e485402752d21d01cdf36ae1102d4b013fe85 (patch)
treef6ee25e75c27d05e8c6bf7e353f08039d0d28eb3
parent7daf15217240acefaf2ef802b6d89e04f4e51cae (diff)
downloadtor-3d7e485402752d21d01cdf36ae1102d4b013fe85.tar.gz
tor-3d7e485402752d21d01cdf36ae1102d4b013fe85.zip
Add an option to disable dirauth ed25519 link key checks.
If there is some horrible bug in our ed25519 link authentication code that causes us to label every single ed25519-having node as non-running, we'll be glad we had this. Otherwise we can remove it later.
-rw-r--r--doc/tor.1.txt7
-rw-r--r--src/or/config.c1
-rw-r--r--src/or/dirserv.c7
-rw-r--r--src/or/or.h5
4 files changed, 18 insertions, 2 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 1071168441..9f6f95830a 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -2270,6 +2270,13 @@ on the public Tor network.
(default), the flag "shared-rand-participate" is added to the authority
vote indicating participation in the protocol. (Default: 1)
+[[AuthDirTestEd25519LinkKeys]] **AuthDirTestEd25519LinkKeys** **0**|**1**::
+ Authoritative directories only. If this option is set to 0, then we treat
+ relays as "Running" if their RSA key is correct when we probe them,
+ regardless of their Ed25519 key. We should only ever set this option to 0
+ if there is some major bug in Ed25519 link authentication that causes us
+ to label all the relays as not Running. (Default: 1)
+
[[BridgePassword]] **BridgePassword** __Password__::
If set, contains an HTTP authenticator that tells a bridge authority to
serve all requested bridge information. Used by the (only partially
diff --git a/src/or/config.c b/src/or/config.c
index 51c62908e3..d100af812c 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -498,6 +498,7 @@ static config_var_t option_vars_[] = {
V(User, STRING, NULL),
OBSOLETE("UserspaceIOCPBuffers"),
V(AuthDirSharedRandomness, BOOL, "1"),
+ V(AuthDirTestEd25519LinkKeys, BOOL, "1"),
OBSOLETE("V1AuthoritativeDirectory"),
OBSOLETE("V2AuthoritativeDirectory"),
VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir, "0"),
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index d060b297a7..0b896a2845 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -3186,7 +3186,8 @@ dirserv_orconn_tls_done(const tor_addr_t *addr,
ri = node->ri;
- if (ri->cache_info.signing_key_cert) {
+ if (get_options()->AuthDirTestEd25519LinkKeys &&
+ ri->cache_info.signing_key_cert) {
/* We allow the node to have an ed25519 key if we haven't been told one in
* the routerinfo, but if we *HAVE* been told one in the routerinfo, it
* needs to match. */
@@ -3256,6 +3257,7 @@ dirserv_should_launch_reachability_test(const routerinfo_t *ri,
void
dirserv_single_reachability_test(time_t now, routerinfo_t *router)
{
+ const or_options_t *options = get_options();
channel_t *chan = NULL;
node_t *node = NULL;
tor_addr_t router_addr;
@@ -3266,7 +3268,8 @@ dirserv_single_reachability_test(time_t now, routerinfo_t *router)
node = node_get_mutable_by_id(router->cache_info.identity_digest);
tor_assert(node);
- if (node_supports_ed25519_link_authentication(node)) {
+ if (options->AuthDirTestEd25519LinkKeys &&
+ node_supports_ed25519_link_authentication(node)) {
ed_id_key = &router->cache_info.signing_key_cert->signing_key;
} else {
ed_id_key = NULL;
diff --git a/src/or/or.h b/src/or/or.h
index 14c2dd8bc2..7e11bf05aa 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -4577,6 +4577,11 @@ typedef struct {
/** Autobool: Should we include Ed25519 identities in extend2 cells?
* If -1, we should do whatever the consensus parameter says. */
int ExtendByEd25519ID;
+
+ /** Bool (default: 1): When testing routerinfos as a directory authority,
+ * do we enforce Ed25519 identity match? */
+ /* NOTE: remove this option someday. */
+ int AuthDirTestEd25519LinkKeys;
} or_options_t;
/** Persistent state for an onion router, as saved to disk. */