[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #23254 [Core Tor/Tor]: BridgeAuth offline key mode seems broken
#23254: BridgeAuth offline key mode seems broken
-------------------------+-------------------------------------------------
Reporter: isis | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.3.x-final
Component: Core | Version: Tor: 0.3.0.10
Tor/Tor | Keywords: tor-dirauth, tor-bridgeauth, tor-
Severity: Normal | ed25519-keys, tor-offline-keys
Actual Points: | Parent ID:
Points: 3 | Reviewer:
Sponsor: |
SponsorM-can |
-------------------------+-------------------------------------------------
Yesterday I renewed the signing keys for the Bifröst (see #23253) but the
machine still couldn't join the network. This is my best understanding of
the problem, which I repeatedly witnessed trying to fix the machine:
{{{
19:29 isis+ | so it seems the bridgeauth was still down,
even though i "fixed" the expired signing keys yesterday
19:30 isis+ | which apparently it doesn't even need
signing keys, so why i wasted an afternoon fixing it when i'm supposed to
be preparing for a talk is a bit annoying
19:30 isis+ | but nobody runs this code so hey, what
should i expect
19:31 isis+ | this time it was not in the consensus
because the other dirauths didn't recognise it because it "had new keys"
19:33 isis+ | which, upon inspection, seemed to mean that,
even though i have always specified "OfflineKeys 1", the bridgeauth
somehow generated a ed25519_master_id_secret_key (??) however it kept the
old
ed25519_master_id_public_key, and then it
used this new ed25519_master_id_secret_key to sign the
ed25519_signing_cert (which had already been signed by the real
ed25519_master_id_secret_key which
is kept…
19:33 isis+ | …offline)
19:33 isis+ | this resulted in a complete clusterfuck of
mismatched and mis-signed keys
19:35 isis+ | and even though the ed25519_signing_cert was
already generated offline (afaict correctly) it was the bridgeauth's
insistence on making a new ed25519_master_id_secret_key that was causing
the
problem
19:37 isis+ | the only way i could think of, without
fixing all these probable bugs, to fix this, was to go back to the offline
machine and use the correct ed25519_master_id_secret_key to regenerate new
keypairs with "OfflineKeys 0" and no
signing_cert expiration, and then transfer all the keys to lapsedpacifist
19:37 isis+ | so the bridgeauth no longer has "offline
keys" but i guess it never really did, and it wouldn't even be useful even
if it could
}}}
Sorry, I'll clean up the IRC paste mess into a proper description later, I
seriously have to go prepare my slides for my talk. :(
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23254>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs