Opened 5 years ago

Closed 5 years ago

#16679 closed defect (fixed)

Ed25519 --keygen won't work

Reported by: s7r Owned by: nickm
Priority: High Milestone: Tor: 0.2.7.x-final
Component: Core Tor/Tor Version: Tor: 0.2.7.2-alpha
Severity: Keywords: ed25519, identity, keys, TorCoreTeam201508
Cc: nickm, arma, asn Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Playing with Ed25519 keys to write the documentation and identify bugs or issues.

First one: tor --keygen and/or tor --datadirectory /var/lib/tor/keys --keygen will not work. It asks me for the password 2 times and aborts. Here is the output (using Debian Wheezy 64 bit and Tor 0.2.7.2-alpha installed from deb.tp.o tor-nightly-master-wheezy; checked permissions on directories):

Jul 27 21:03:21.080 [err] tor_assertion_failed_(): Bug: ../src/or/router.c:229: get_server_identity_key: Assertion server_identitykey failed; aborting. (on Tor 0.2.7.2-alpha-dev )
Jul 27 21:03:21.080 [err] Bug: Assertion server_identitykey failed in get_server_identity_key at ../src/or/router.c:229. Stack trace: (on Tor 0.2.7.2-alpha-dev )
Jul 27 21:03:21.080 [err] Bug: tor(log_backtrace+0x41) [0x7f6227482311] (on Tor 0.2.7.2-alpha-dev )
Jul 27 21:03:21.080 [err] Bug: tor(tor_assertion_failed_+0x9f) [0x7f622748fd9f] (on Tor 0.2.7.2-alpha-dev )
Jul 27 21:03:21.080 [err] Bug: tor(get_server_identity_key+0x93) [0x7f62273cb0d3] (on Tor 0.2.7.2-alpha-dev )
Jul 27 21:03:21.080 [err] Bug: tor(load_ed_keys+0x525) [0x7f62273d2075] (on Tor 0.2.7.2-alpha-dev )
Jul 27 21:03:21.080 [err] Bug: tor(tor_main+0x180a) [0x7f622739975a] (on Tor 0.2.7.2-alpha-dev )
Jul 27 21:03:21.080 [err] Bug: /lib/x86_64-linux-gnu/libc.so.6(libc_start_main+0xfd) [0x7f6225c81ead] (on Tor 0.2.7.2-alpha-dev )
Jul 27 21:03:21.080 [err] Bug: tor(+0x3cc9d) [0x7f6227392c9d] (on Tor 0.2.7.2-alpha-dev )
Aborted

Child Tickets

Change History (8)

comment:1 Changed 5 years ago by s7r

Even this error makes it look like the process fails to generate keys, it actually generates a master ID key, signing key and key-cert in $HOME/.tor/keys.

We should configure it that it would save the master id key to working directory (where the command is run) and not in $HOME/.tor/keys, unless otherwise specified via --datadirectory argument.

Secondly, why does it also generate automatically a signing key and key-cert? With what validity period, since it never asks? I assume it is just using the default of 30 days.

When --keygen command is run manually, Tor should just create an ed25519 master ID key. Signing key and key-cert should be generated with a second command, which would require the master ID key and a SigningKeyLifetime argument. When the master ID key is in /datadirectory/keys, it is not password protected and Tor service is started, then Tor can automatically create a signing key and key-cert with the validity period in torrc's SigningKeyLifetime (30 days unless specified otherwise).

Last edited 5 years ago by s7r (previous) (diff)

comment:2 Changed 5 years ago by nickm

Priority: normalmajor

Very odd; I'm not seeing that error when I try. I wonder what's going wrong.

comment:3 Changed 5 years ago by nickm

Keywords: TorCoreTeam201508 added
Owner: set to nickm
Status: newassigned

comment:4 Changed 5 years ago by s7r

This is fixed in git-018082ef88b688e2 (ed25519_keygen branch @ nickm). Tried on the same system where the error initially appeared. We can close this when we merge the changes into master.

comment:5 Changed 5 years ago by nickm

Status: assignedneeds_review

For this and other stuff, please review my ed25519_keygen branch.

comment:6 Changed 5 years ago by dgoulet

Status: needs_reviewneeds_revision

844ba78660819effabc28c21010d71f1c0114855

  • in src/or/or.h (duper bikeshed color)
    • The new enum in or_options_t would be great to have each value on different line and assigned with its value (= 1, = 2,).
    • Extra newline right after TestingAuthKeySlop
    • puts("E"); is removed in c0e89863ca354dac163c87d61a213466eff2c96f so good!
    • All fixup and the rest lgtm;

71257e22392eedbe10aca4345b22e8c5cab1a795

  • In src/or/routerkeys.c
    • Missing dot at the end of both sentences of the new log_notice introduced.

The rest lgtm; However, documentation is missing for some key things like the new arguments added to tor (--no-passphrase and --passphrase-fd, both in or.h and man page).

comment:7 Changed 5 years ago by nickm

Cleaned up and merged!

I'm opening a new ticket for the doc issues.

comment:8 Changed 5 years ago by nickm

Resolution: fixed
Status: needs_revisionclosed
Note: See TracTickets for help on using tickets.