[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Tor's default behavior for ed25519 identities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I am also sending the steps I imagine Tor should take when started as
a relay. Apologies if I am missing something obvious.
They are expressed as simple as possible, Tor's interpretation is way
more complex than this, but I think/hope this might help with ordering
and architecture of the code.
The ed25519_keygen branch behaves _very_ _good_ (report in my previous
email), so I am sending this only for a fast verification. It is
easier to spot if the code jumps over a step if we have logic in ordering:
[0] If there are no ed25519* files at all in $datadirectory/keys,
generate a fresh new identity, signing key and cert, everything needed
(valid for 30 days unless otherwise specified in torrc) and use those.
1. Check if file ed25519_master_id_secret_key exists:
- - Do nothing if it doesn't exist. Proceed.
2. Check if file ed25519_master_id_secret_key_encrypted exists:
- - Do nothing if it doesn't exist. Proceed.
3. Check if file ed25519_master_id_public_key exists:
- - If it doesn't exist, try to generate it from
ed25519_master_id_secret_key;
- - If ed25519_master_id_secret_key is missing or _encrypted, do
nothing. Proceed.
4. Validate ed25519_master_id_public_key against
ed25519_master_id_secret_key:
- - Do nothing if ed25519_master_id_secret_key is missing. Proceed;
- - Do nothing if ed25519_master_id_secret_key_encrypted exists. Proceed;
- - Skip this step / do nothing if ed25519_master_id_public_key doesn't
exist and couldn't be generated at step 3. Proceed.
5. Check if file ed25519_signing_cert exists:
- - If it doesn't exist, try to generate a valid one from
ed25519_master_id_secret_key with the SigningKeyLifetime in torrc (30
days unless specified otherwise). Generate an
ed25519_signing_secret_key along with it to use together. Proceed;
- - Die if it is missing and cannot be generated because
ed25519_master_id_secret_key is missing or _encrypted.
6. Check if ed25519_signing_cert is expired:
- - If it is expired, try to generate a valid one from
ed25519_master_id_secret_key with the SigningKeyLifetime in torrc (30
days unless specified otherwise). Generate an
ed25519_signing_secret_key along with it to use together. Proceed;
- - Die if it is expired and a new one cannot be generated because
ed25519_master_id_secret_key is missing or _encrypted.
7. Validate ed25519_signing_cert against ed25519_master_id_public_key:
- - Do nothing if ed25519_master_id_public_key is missing. Proceed;
- - Die if it doesn't match.
8. Check if file ed25519_signing_secret_key exists:
- - Die if it doesn't exist.
9. Check if ed25519_signing_secret_key matches with ed25519_signing_cert:
- - Die if it doesn't match.
10. Finally, if we didn't complete step 7 because
ed25519_master_id_public_key was missing:
- - Compute and save to disk file ed25519_master_id_secret_key from
ed25519_signing_cert;
Use that to create descriptors, start the Tor magic, publish
descriptors, relay traffic, save the world.
On 8/7/2015 12:18 AM, s7r wrote:
>>> Thanks; this is incredibly helpful!
>
>>> I've started a branch to do a test case to demonstrate all
>>> these bugs ; it's called "ed25519_keygen" in my public
>>> repository. It also adds a couple more features to '--keygen'.
>>> It does cases 2...4 so far; I want to make it cover 5..10.
>
>>> Once I've got it demonstrating all the cases, I'll try to clean
>>> it up and start hammering down the bugs.
>>>
>
>
> Finished tests on branch ed25519_keygen, commit: b71dafcb3358fac7
>
> Things are indeed much much better. I am sending you the new
> (hopefully last) cases which need adjustments. Note that the case
> numbers do not match the ones in my previous email, since I am
> completely removing the cases where now Tor does what it should.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBCAAGBQJVw98hAAoJEIN/pSyBJlsRuO8H/jdmJvyVqNQUIojuOS8C+e9T
0edYCvjYM8vuPT68NDPpc5Y4j5DctuwDJeBtpCj7Rj5WHMB81ksFIGKkYaAuu30V
+OR43o8CWxXSukRgpOgiGqUfSSAJQ1cBKZlxFbzXn/Hrkhpr9Ty6Cteh/EJmnPk/
kwrXZPw2vh6LagvArT2w+YL9wKmjfZkHiuAkY52hFrieASQRkadySSN/J/weFoTQ
CZ947bmg7F8RrovprqOUDMQPauRCzjyZ15ScjodY3rIn6q23tCePIZA7MJQL2So9
3tb06z1PhgXDdtxjtSuBFG+RTIi9ZMcorxvsevSjpyhlI7e3vHavQ3KQFyHsISk=
=PlA4
-----END PGP SIGNATURE-----
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev