-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I am also sending the steps I imagine Tor should take when started as a relay. Apologies if I am missing something obvious.
They are expressed as simple as possible, Tor's interpretation is way more complex than this, but I think/hope this might help with ordering and architecture of the code. The ed25519_keygen branch behaves _very_ _good_ (report in my previous email), so I am sending this only for a fast verification. It is easier to spot if the code jumps over a step if we have logic in ordering: [0] If there are no ed25519* files at all in $datadirectory/keys, generate a fresh new identity, signing key and cert, everything needed (valid for 30 days unless otherwise specified in torrc) and use those. 1. Check if file ed25519_master_id_secret_key exists: - - Do nothing if it doesn't exist. Proceed. 2. Check if file ed25519_master_id_secret_key_encrypted exists: - - Do nothing if it doesn't exist. Proceed. 3. Check if file ed25519_master_id_public_key exists: - - If it doesn't exist, try to generate it from ed25519_master_id_secret_key; - - If ed25519_master_id_secret_key is missing or _encrypted, do nothing. Proceed. 4. Validate ed25519_master_id_public_key against ed25519_master_id_secret_key: - - Do nothing if ed25519_master_id_secret_key is missing. Proceed; - - Do nothing if ed25519_master_id_secret_key_encrypted exists. Proceed; - - Skip this step / do nothing if ed25519_master_id_public_key doesn't exist and couldn't be generated at step 3. Proceed. 5. Check if file ed25519_signing_cert exists: - - If it doesn't exist, try to generate a valid one from ed25519_master_id_secret_key with the SigningKeyLifetime in torrc (30 days unless specified otherwise). Generate an ed25519_signing_secret_key along with it to use together. Proceed; - - Die if it is missing and cannot be generated because ed25519_master_id_secret_key is missing or _encrypted. 6. Check if ed25519_signing_cert is expired: - - If it is expired, try to generate a valid one from ed25519_master_id_secret_key with the SigningKeyLifetime in torrc (30 days unless specified otherwise). Generate an ed25519_signing_secret_key along with it to use together. Proceed; - - Die if it is expired and a new one cannot be generated because ed25519_master_id_secret_key is missing or _encrypted. 7. Validate ed25519_signing_cert against ed25519_master_id_public_key: - - Do nothing if ed25519_master_id_public_key is missing. Proceed; - - Die if it doesn't match. 8. Check if file ed25519_signing_secret_key exists: - - Die if it doesn't exist. 9. Check if ed25519_signing_secret_key matches with ed25519_signing_cert: - - Die if it doesn't match. 10. Finally, if we didn't complete step 7 because ed25519_master_id_public_key was missing: - - Compute and save to disk file ed25519_master_id_secret_key from ed25519_signing_cert; Use that to create descriptors, start the Tor magic, publish descriptors, relay traffic, save the world. On 8/7/2015 12:18 AM, s7r wrote: >>> Thanks; this is incredibly helpful! > >>> I've started a branch to do a test case to demonstrate all >>> these bugs ; it's called "ed25519_keygen" in my public >>> repository. It also adds a couple more features to '--keygen'. >>> It does cases 2...4 so far; I want to make it cover 5..10. > >>> Once I've got it demonstrating all the cases, I'll try to clean >>> it up and start hammering down the bugs. >>> > > > Finished tests on branch ed25519_keygen, commit: b71dafcb3358fac7 > > Things are indeed much much better. I am sending you the new > (hopefully last) cases which need adjustments. Note that the case > numbers do not match the ones in my previous email, since I am > completely removing the cases where now Tor does what it should. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBCAAGBQJVw98hAAoJEIN/pSyBJlsRuO8H/jdmJvyVqNQUIojuOS8C+e9T 0edYCvjYM8vuPT68NDPpc5Y4j5DctuwDJeBtpCj7Rj5WHMB81ksFIGKkYaAuu30V +OR43o8CWxXSukRgpOgiGqUfSSAJQ1cBKZlxFbzXn/Hrkhpr9Ty6Cteh/EJmnPk/ kwrXZPw2vh6LagvArT2w+YL9wKmjfZkHiuAkY52hFrieASQRkadySSN/J/weFoTQ CZ947bmg7F8RrovprqOUDMQPauRCzjyZ15ScjodY3rIn6q23tCePIZA7MJQL2So9 3tb06z1PhgXDdtxjtSuBFG+RTIi9ZMcorxvsevSjpyhlI7e3vHavQ3KQFyHsISk= =PlA4 -----END PGP SIGNATURE----- _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
