[tor-dev] Tor's default behavior for ed25519 identities

Nick Mathewson nickm at alum.mit.edu
Mon Aug 10 15:04:40 UTC 2015 

On Thu, Aug 6, 2015 at 6:26 PM, s7r <s7r at sky-ip.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> I am also sending the steps I imagine Tor should take when started as
> a relay. Apologies if I am missing something obvious.
>
> They are expressed as simple as possible, Tor's interpretation is way
> more complex than this, but I think/hope this might help with ordering
> and architecture of the code.
>
> The ed25519_keygen branch behaves _very_ _good_ (report in my previous
> email), so I am sending this only for a fast verification. It is
> easier to spot if the code jumps over a step if we have logic in ordering:
>
> [0] If there are no ed25519* files at all in $datadirectory/keys,
> generate a fresh new identity, signing key and cert, everything needed
> (valid for 30 days unless otherwise specified in torrc) and use those.

Almost.  Here's what I think is going on:

1) Load the secret signing key signing certificate.  If they are
absent, or expired, or if --keygen was called, we'll need to generate
a new one.  If it's going to expire soon, we _want_ to generate a new
one.

2) If we need or want to generate a new signing key, load the master
ID secret key. Otherwise, don't try.  If we try to load it and it's
absent or encrypted, log a message.  If we need to generate a new
signing key then exit on error; otherwise just warn.

2b) If we fail to load the master ID secret key, and there were no
other keys in the keys directory, then generate a master ID secret key
and save it.

3) Load the master ID public key.  If we loaded a secret key, and it
doesn't match, log and quit.  If it doesn't match the master ID public
key in a certificate we loaded, log and quit.  If we have the public
key from one of those other sources and the master ID public key file
is missing, recreate it.

4) At this point, if we need to generate a new signing key and cert,
and we don't have a secret master ID key, exit.

5) If we have a have a secret master ID key, and we need or want to
generate a new signing key and cert, do so, and save them.

More information about the tor-dev mailing list