From b1d029b9a13ffd3cc69bbbebf8d7d2b381751a59 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 09:38:25 -0500 Subject: Move AuthDirTestEd25519LinkKeys to the dirauth module. --- src/feature/dirauth/dirauth_options.inc | 5 +++++ src/feature/dirauth/reachability.c | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) (limited to 'src/feature/dirauth') diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index ec4d997f9f..ca70a51b9e 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -39,6 +39,11 @@ CONF_VAR(AuthDirPinKeys, BOOL, 0, "1") * vote indicating participation. */ CONF_VAR(AuthDirSharedRandomness, BOOL, 0, "1") +/** Bool (default: 1): When testing routerinfos as a directory authority, + * do we enforce Ed25519 identity match? */ +/* NOTE: remove this option someday. */ +CONF_VAR(AuthDirTestEd25519LinkKeys, BOOL, 0, "1") + /** Which versions of tor should we tell users to run? */ CONF_VAR(RecommendedVersions, LINELIST, 0, NULL) diff --git a/src/feature/dirauth/reachability.c b/src/feature/dirauth/reachability.c index 2f883d5034..27aa661f81 100644 --- a/src/feature/dirauth/reachability.c +++ b/src/feature/dirauth/reachability.c @@ -55,7 +55,7 @@ dirserv_orconn_tls_done(const tor_addr_t *addr, ri = node->ri; - if (get_options()->AuthDirTestEd25519LinkKeys && + if (dirauth_get_options()->AuthDirTestEd25519LinkKeys && node_supports_ed25519_link_authentication(node, 1) && ri->cache_info.signing_key_cert) { /* We allow the node to have an ed25519 key if we haven't been told one in @@ -127,7 +127,7 @@ dirserv_should_launch_reachability_test(const routerinfo_t *ri, void dirserv_single_reachability_test(time_t now, routerinfo_t *router) { - const or_options_t *options = get_options(); + const dirauth_options_t *dirauth_options = dirauth_get_options(); channel_t *chan = NULL; const node_t *node = NULL; tor_addr_t router_addr; @@ -138,7 +138,7 @@ dirserv_single_reachability_test(time_t now, routerinfo_t *router) node = node_get_by_id(router->cache_info.identity_digest); tor_assert(node); - if (options->AuthDirTestEd25519LinkKeys && + if (dirauth_options->AuthDirTestEd25519LinkKeys && node_supports_ed25519_link_authentication(node, 1) && router->cache_info.signing_key_cert) { ed_id_key = &router->cache_info.signing_key_cert->signing_key; -- cgit v1.2.3-54-g00ecf