[tor-dev] Tor's default behavior for ed25519 identities

Thu Aug 6 22:26:41 UTC 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I am also sending the steps I imagine Tor should take when started as
a relay. Apologies if I am missing something obvious.

They are expressed as simple as possible, Tor's interpretation is way
more complex than this, but I think/hope this might help with ordering
and architecture of the code.

The ed25519_keygen branch behaves _very_ _good_ (report in my previous
email), so I am sending this only for a fast verification. It is
easier to spot if the code jumps over a step if we have logic in ordering:

[0] If there are no ed25519* files at all in $datadirectory/keys,
generate a fresh new identity, signing key and cert, everything needed
(valid for 30 days unless otherwise specified in torrc) and use those.

1. Check if file ed25519_master_id_secret_key exists:
- - Do nothing if it doesn't exist. Proceed.

2. Check if file ed25519_master_id_secret_key_encrypted exists:
- - Do nothing if it doesn't exist. Proceed.

3. Check if file ed25519_master_id_public_key exists:
- - If it doesn't exist, try to generate it from
ed25519_master_id_secret_key;
- - If ed25519_master_id_secret_key is missing or _encrypted, do
nothing. Proceed.

4. Validate ed25519_master_id_public_key against
ed25519_master_id_secret_key:
- - Do nothing if ed25519_master_id_secret_key is missing. Proceed;
- - Do nothing if ed25519_master_id_secret_key_encrypted exists. Proceed;
- - Skip this step / do nothing if ed25519_master_id_public_key doesn't
exist and couldn't be generated at step 3. Proceed.

5. Check if file ed25519_signing_cert exists:
- - If it doesn't exist, try to generate a valid one from
ed25519_master_id_secret_key with the SigningKeyLifetime in torrc (30
days unless specified otherwise). Generate an
ed25519_signing_secret_key along with it to use together. Proceed;
- - Die if it is missing and cannot be generated because
ed25519_master_id_secret_key is missing or _encrypted.

6. Check if ed25519_signing_cert is expired:
- - If it is expired, try to generate a valid one from
ed25519_master_id_secret_key with the SigningKeyLifetime in torrc (30
days unless specified otherwise). Generate an
ed25519_signing_secret_key along with it to use together. Proceed;
- - Die if it is expired and a new one cannot be generated because
ed25519_master_id_secret_key is missing or _encrypted.

7. Validate ed25519_signing_cert against ed25519_master_id_public_key:
- - Do nothing if ed25519_master_id_public_key is missing. Proceed;
- - Die if it doesn't match.

8. Check if file ed25519_signing_secret_key exists:
- - Die if it doesn't exist.

9. Check if ed25519_signing_secret_key matches with ed25519_signing_cert:
- - Die if it doesn't match.

10. Finally, if we didn't complete step 7 because
ed25519_master_id_public_key was missing:
- - Compute and save to disk file ed25519_master_id_secret_key from
ed25519_signing_cert;

Use that to create descriptors, start the Tor magic, publish
descriptors, relay traffic, save the world.

On 8/7/2015 12:18 AM, s7r wrote:
>>> Thanks; this is incredibly helpful!
> 
>>> I've started a branch to do a test case to demonstrate all
>>> these bugs ; it's called "ed25519_keygen" in my public
>>> repository.  It also adds a couple more features to '--keygen'.
>>> It does cases 2...4 so far; I want to make it cover 5..10.
> 
>>> Once I've got it demonstrating all the cases, I'll try to clean
>>>  it up and start hammering down the bugs.
>>> 
> 
> 
> Finished tests on branch ed25519_keygen, commit: b71dafcb3358fac7
> 
> Things are indeed much much better. I am sending you the new 
> (hopefully last) cases which need adjustments. Note that the case 
> numbers do not match the ones in my previous email, since I am 
> completely removing the cases where now Tor does what it should.
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJVw98hAAoJEIN/pSyBJlsRuO8H/jdmJvyVqNQUIojuOS8C+e9T
0edYCvjYM8vuPT68NDPpc5Y4j5DctuwDJeBtpCj7Rj5WHMB81ksFIGKkYaAuu30V
+OR43o8CWxXSukRgpOgiGqUfSSAJQ1cBKZlxFbzXn/Hrkhpr9Ty6Cteh/EJmnPk/
kwrXZPw2vh6LagvArT2w+YL9wKmjfZkHiuAkY52hFrieASQRkadySSN/J/weFoTQ
CZ947bmg7F8RrovprqOUDMQPauRCzjyZ15ScjodY3rIn6q23tCePIZA7MJQL2So9
3tb06z1PhgXDdtxjtSuBFG+RTIi9ZMcorxvsevSjpyhlI7e3vHavQ3KQFyHsISk=
=PlA4
-----END PGP SIGNATURE-----