[chutney/master] Rewrite ed25519 key loading to be more robust - tor-commits

3 Jun 2020

commit 74a77f68897347053abea73c17e4cb045096c9c9
Author: teor teor@riseup.net
Date:   Mon May 18 14:24:05 2020 +1000
Rewrite ed25519 key loading to be more robust
Tolerate being called early during bootstrap, and being called on old
    tor versions without ed25519.
---
 lib/chutney/TorNet.py | 83 ++++++++++++++++++++++++++++-----------------------
 1 file changed, 46 insertions(+), 37 deletions(-)

diff --git a/lib/chutney/TorNet.py b/lib/chutney/TorNet.py
index 2eef368..5d28763 100644
--- a/lib/chutney/TorNet.py
+++ b/lib/chutney/TorNet.py
@@ -866,48 +866,53 @@ class LocalNodeBuilder(NodeBuilder):
class LocalNodeController(NodeController):
-    def _setEd25519Id(self):
+    def __init__(self, env):
+        NodeController.__init__(self, env)
+        self._env = env
+
+    def _loadEd25519Id(self):
         """
-           Read the ed25519 identity key for this router, and set up the
-           'ed25519_id' entry in the Environ
+           Read the ed25519 identity key for this router, encode it using
+           base64, strip trailing padding, and return it.
+
+           If the file does not exist, returns None.
+
+           Raises a ValueError if the file appears to be corrupt.
         """
         datadir = self._env['dir']
         key_file = os.path.join(datadir, 'keys',
                                 "ed25519_master_id_public_key")
-        EXPECTED_ED25519_FILE_SIZE = 64
-        CURRENT_FILE_SIZE = os.stat(key_file).st_size
+        # If we're called early during bootstrap, the file won't have been
+        # created yet. (And some very old tor versions don't have ed25519.)
         if not os.path.exists(key_file):
-            print(("File {} does not exist. "
-                   "Are you running a very old tor version?").format(key_file))
-            return
-        elif CURRENT_FILE_SIZE != EXPECTED_ED25519_FILE_SIZE:
-            raise ValueError(("The current size of the file is {} bytes, "
-                              "which is not matching the expected value of "
-                              "{} bytes").format(CURRENT_FILE_SIZE,
-                                                 EXPECTED_ED25519_FILE_SIZE))
-        else:
-            with open(key_file, 'rb') as f:
-                ED25519_KEY_POSITION = 32
-                f.seek(ED25519_KEY_POSITION)
-                rest_file = f.read()
-                encoded_value = base64.b64encode(rest_file)
-                ed25519_id = encoded_value.decode('utf-8').replace('=', '')
-                EXPECTED_ED25519_BASE64_KEY_SIZE = 43
-                CURRENT_ED25519_BASE64_KEY_SIZE = len(ed25519_id)
-                if (CURRENT_ED25519_BASE64_KEY_SIZE !=
-                    EXPECTED_ED25519_BASE64_KEY_SIZE):
-                    raise ValueError(("The current length of the key is {}, "
-                                     "which is not matching the expected "
-                                     "length of {}")
-                                     .format(CURRENT_ED25519_BASE64_KEY_SIZE,
-                                             EXPECTED_ED25519_BASE64_KEY_SIZE))
-                else:
-                    self._env['ed25519_id'] = ed25519_id
+            debug(("File {} does not exist. Are you running a very old tor "
+                   "version?").format(key_file))
+            return None
-    def __init__(self, env):
-        NodeController.__init__(self, env)
-        self._env = env
-        self._setEd25519Id()
+        EXPECTED_ED25519_FILE_SIZE = 64
+        key_file_size = os.stat(key_file).st_size
+        if key_file_size != EXPECTED_ED25519_FILE_SIZE:
+            raise ValueError(
+                ("The current size of the file is {} bytes, which is not"
+                 "matching the expected value of {} bytes")
+                .format(key_file_size, EXPECTED_ED25519_FILE_SIZE))
+
+        with open(key_file, 'rb') as f:
+            ED25519_KEY_POSITION = 32
+            f.seek(ED25519_KEY_POSITION)
+            rest_file = f.read()
+            encoded_value = base64.b64encode(rest_file)
+            # tor strips trailing base64 padding
+            ed25519_id = encoded_value.decode('utf-8').replace('=', '')
+            EXPECTED_ED25519_BASE64_KEY_SIZE = 43
+            key_base64_size = len(ed25519_id)
+            if (key_base64_size != EXPECTED_ED25519_BASE64_KEY_SIZE):
+                raise ValueError(
+                    ("The current length of the key is {}, which is not "
+                     "matching the expected length of {}")
+                    .format(key_base64_size,
+                            EXPECTED_ED25519_BASE64_KEY_SIZE))
+            return ed25519_id
def getNick(self):
         """Return the nickname for this node."""
@@ -921,11 +926,15 @@ class LocalNodeController(NodeController):
             return 0
def getEd25519Id(self):
-        """Return the value of ed25519 key"""
+        """Return the base64-encoded ed25519 public key of this node."""
         try:
             return self._env['ed25519_id']
         except KeyError:
-            return None
+            ed25519_id = self._loadEd25519Id()
+            # cache a copy for later
+            if ed25519_id:
+                self._env['ed25519_id'] = ed25519_id
+            return ed25519_id
def getBridgeClient(self):
         """Return the bridge client flag for this node."""

    