Opened 4 years ago

Closed 4 years ago

#16944 closed enhancement (fixed)

We need a "never make or load an online master key" option

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: 0.2.7.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: PostFreeze027 TorCoreTeam201509 ed25519
Cc: s7r Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description


Child Tickets

Change History (11)

comment:1 Changed 4 years ago by nickm

Cc: s7r added
Status: newneeds_review

Branch feature16944 is ready for testing and review.

comment:2 Changed 4 years ago by nickm

Status: needs_reviewneeds_revision

whoops; broke the tests.

comment:3 Changed 4 years ago by nickm

Status: needs_revisionneeds_review

okay, better now.

comment:4 Changed 4 years ago by s7r

OK, test passed.

  1. No ed25519 key files in $datadirectory/keys:
    Sep 01 18:27:01.000 [warn] No key found in /root/torsrc/data/keys/ed25519_master_id_secret_key or /root/torsrc/data/keys/ed25519_master_id_public_key.
    Sep 01 18:27:01.000 [warn] Can't load master identity key; OfflineMasterKey is set.
    Sep 01 18:27:01.000 [err] Error initializing keys; exiting
    
  1. Only valid cert and medium term signing key:
    Sep 01 18:28:37.000 [warn] No key found in /root/torsrc/data/keys/ed25519_master_id_secret_key or /root/torsrc/data/keys/ed25519_master_id_public_key.
    Sep 01 18:28:37.000 [warn] Master public key was absent; inferring from public key in signing certificate and saving to disk.
    
  1. Expired cert and medium term signing key:
    Sep 01 18:31:41.000 [notice] It looks like I need to generate and sign a new medium-term signing key, because the one I have is expired. To do that, I need to load the permanent master identity key.
    Sep 01 18:31:41.000 [warn] No key found in /root/torsrc/data/keys/ed25519_master_id_secret_key or /root/torsrc/data/keys/ed25519_master_id_public_key.
    Sep 01 18:31:41.000 [warn] Can't load master identity key; OfflineMasterKey is set.
    Sep 01 18:31:41.000 [err] Error initializing keys; exiting
    

All good. Someone could have a look at the code so we can safely merge this.

comment:5 Changed 4 years ago by s7r

Somehow I missed this last night. There is a small misbehavior.

If OfflineMasterKey is set, and Tor is started with no ed25519 files in $datadirectory/keys, it will quit and not generate anything. OK

If OfflineMasterKey is set, and Tor is started with expired cert and medium term signing key, or cert expires while running, it will not try to load the master key. OK

If we have both ed25519_master_id_secret_key and ed25519_master_id_public_key (no cert and medium term signing key), of OfflineMasterKey is set Tor will not load it. OK

If OfflineMasterKey is set, and Tor is started just with ed25519_master_id_secret_key in $datadirectory/keys, it will generate public key, cert and medium term signing key and ignore OfflineMasterKey setting. Maybe not OK, but not the end of the world. Can we fix this? It behaves correct if we have master id secret key + master id public key but breaks if we only have the secret key, maybe it doesn't have to expect them both all the time.

Last edited 4 years ago by s7r (previous) (diff)

comment:6 Changed 4 years ago by nickm

I've tried to fix that last issue with a new commit in the branch.

comment:7 Changed 4 years ago by s7r

Confirm: fixed in (git-3b14c1eb169e9d85) feature16944 branch.

comment:8 Changed 4 years ago by nickm

feature16944_v2 is the same, but lightly squashed for improved code review.

comment:9 Changed 4 years ago by nickm

https://phablab.krautspace.de/D3 is a good place to try a codereview on phablab.

comment:10 Changed 4 years ago by dgoulet

lgtm!

comment:11 Changed 4 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

yay ok merged!

s7r, if you have free time, can you give this and #16769 another test after I've merged them, to confirm that I didn't break them while resolving conflicts?

Note: See TracTickets for help on using tickets.