On Thu, Aug 6, 2015 at 6:26 PM, s7r s7r@sky-ip.org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
I am also sending the steps I imagine Tor should take when started as a relay. Apologies if I am missing something obvious.
They are expressed as simple as possible, Tor's interpretation is way more complex than this, but I think/hope this might help with ordering and architecture of the code.
The ed25519_keygen branch behaves _very_ _good_ (report in my previous email), so I am sending this only for a fast verification. It is easier to spot if the code jumps over a step if we have logic in ordering:
[0] If there are no ed25519* files at all in $datadirectory/keys, generate a fresh new identity, signing key and cert, everything needed (valid for 30 days unless otherwise specified in torrc) and use those.
Almost. Here's what I think is going on:
1) Load the secret signing key signing certificate. If they are absent, or expired, or if --keygen was called, we'll need to generate a new one. If it's going to expire soon, we _want_ to generate a new one.
2) If we need or want to generate a new signing key, load the master ID secret key. Otherwise, don't try. If we try to load it and it's absent or encrypted, log a message. If we need to generate a new signing key then exit on error; otherwise just warn.
2b) If we fail to load the master ID secret key, and there were no other keys in the keys directory, then generate a master ID secret key and save it.
3) Load the master ID public key. If we loaded a secret key, and it doesn't match, log and quit. If it doesn't match the master ID public key in a certificate we loaded, log and quit. If we have the public key from one of those other sources and the master ID public key file is missing, recreate it.
4) At this point, if we need to generate a new signing key and cert, and we don't have a secret master ID key, exit.
5) If we have a have a secret master ID key, and we need or want to generate a new signing key and cert, do so, and save them.