Opened 3 years ago

Closed 6 months ago

#19506 closed enhancement (fixed)

Tool to inspect id signing certs

Reported by: weasel Owned by: rl1987
Priority: High Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor Version: Tor: 0.2.8.4-rc
Severity: Normal Keywords: ed25519, tor-relay, monitor, tooling, admin-tools, 035-triaged-in-20180711
Cc: nickm Actual Points:
Parent ID: Points: 2
Reviewer: mikeperry Sponsor:

Description

There is no tool to figure out what is inside an ed25519_signing_cert file.

For monitoring purposes it's important we have a way to learn something like expiration date.

Child Tickets

Change History (25)

comment:1 Changed 3 years ago by nickm

Milestone: Tor: 0.2.9.x-final

comment:2 Changed 2 years ago by isabela

Keywords: isaremoved added
Milestone: Tor: 0.2.9.x-finalTor: 0.2.???

comment:3 Changed 2 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:4 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:5 Changed 20 months ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:6 Changed 20 months ago by nickm

Keywords: isaremoved removed

comment:7 Changed 19 months ago by nickm

Keywords: ed25519 tor-relay monitor tooling admin-tools added
Points: 2
Priority: MediumHigh

comment:8 Changed 8 months ago by rl1987

Owner: set to rl1987
Status: newaccepted
Summary: missing a tool to inspect id signing certsTool to inspect id signing certs
Type: defectenhancement

comment:9 Changed 8 months ago by rl1987

Status: acceptedneeds_information

Is checking for expiration date the only intended use case? We already have --key-expiration for this. See commit b2a7e8df900eabe41d6e866f8b66aadd8a0d31d7.

If so, I suggest we close this ticket.

comment:10 Changed 8 months ago by teor

Resolution: fixed
Status: needs_informationclosed

It appears to be the only use case,

If it is not, please open another ticket that mentions the specific use cases that are missing.

comment:11 Changed 8 months ago by weasel

Resolution: fixed
Status: closedreopened

Having all this functionality in the tor binary is not ideal.

Also, it doesn't work for me, at least not out of the box. The problem appears to be that it tries to do too many things instead of just tell me what I care about .

debian-tor@odyssey:~$ tor --key-expiration
May 28 16:48:38.933 [notice] Tor 0.3.3.6 (git-c9903102c98cd028) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0f, Zlib 1.2.8, Liblzma 5.2.2, and Libzstd 1.1.2.
May 28 16:48:38.933 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
May 28 16:48:38.933 [notice] Read configuration file "/etc/tor/torrc".
May 28 16:48:38.938 [warn] Skipping obsolete configuration option 'SocksListenAddress'
May 28 16:48:38.938 [notice] Based on detected system memory, MaxMemInQueues is set to 5974 MB. You can override this by setting MaxMemInQueues by hand.
May 28 16:48:38.939 [warn] You have used DirAuthority or AlternateDirAuthority to specify alternate directory authorities in your configuration. This is potentially dangerous: it can make you look different from all other Tor users, and hurt your anonymity. Even if you've specified the same authorities as Tor uses by default, the defaults could change in the future. Be sure you know what you're doing.
May 28 16:48:38.939 [err] No key found in "/var/lib/tor/.tor/keys/authority_signing_key"
May 28 16:48:38.939 [warn] No version 3 directory key found in /var/lib/tor/.tor/keys/authority_signing_key
May 28 16:48:38.939 [err] We're configured as a V3 authority, but we were unable to load our v3 authority keys and certificate! Use tor-gencert to generate them. Dying.
No valid argument to --key-expiration found!
Currently recognised arguments are: 'sign'

comment:12 Changed 8 months ago by rl1987

You're supposed to run tor --key-expiration sign to see expiration date of your Ed25519 key/cert while your Tor instance is running. I can see why this isn't ideal, but do we really need it as a separate binary? Seems like (mostly) duplication of functionality.

Last edited 7 months ago by rl1987 (previous) (diff)

comment:13 Changed 8 months ago by weasel

The problem with running the tor binary is that it's not obvious what the heck it will do. It's scary very, very scary.

This failure actually is a prime example -- it tries to do thing it has no business doing. All I want is the expiration date of the id key, yet it tries to load secret key material that it doesn't need and shouldn't have.

tor --key-expiration sign
May 30 18:43:44.619 [notice] Tor 0.3.3.6 (git-c9903102c98cd028) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0f, Zlib 1.2.8, Liblzma 5.2.2, and Libzstd 1.1.2.
May 30 18:43:44.619 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
May 30 18:43:44.619 [notice] Read configuration file "/etc/tor/torrc".
May 30 18:43:44.623 [warn] Skipping obsolete configuration option 'SocksListenAddress'
May 30 18:43:44.624 [notice] Based on detected system memory, MaxMemInQueues is set to 5974 MB. You can override this by setting MaxMemInQueues by hand.
May 30 18:43:44.624 [warn] You have used DirAuthority or AlternateDirAuthority to specify alternate directory authorities in your configuration. This is potentially dangerous: it can make you look different from all other Tor users, and hurt your anonymity. Even if you've specified the same authorities as Tor uses by default, the defaults could change in the future. Be sure you know what you're doing.
May 30 18:43:44.625 [err] No key found in "/var/lib/tor/.tor/keys/authority_signing_key"
May 30 18:43:44.625 [warn] No version 3 directory key found in /var/lib/tor/.tor/keys/authority_signing_key
May 30 18:43:44.625 [err] We're configured as a V3 authority, but we were unable to load our v3 authority keys and certificate! Use tor-gencert to generate them. Dying.
May 30 18:43:44.625 [err] tor_assertion_failed_(): Bug: ../src/or/routerkeys.c:1187: log_master_signing_key_cert_expiration: Assertion server_identity_key_is_set() failed; aborting. (on Tor 0.3.3.6 )
May 30 18:43:44.625 [err] Bug: Assertion server_identity_key_is_set() failed in log_master_signing_key_cert_expiration at ../src/or/routerkeys.c:1187. Stack trace: (on Tor 0.3.3.6 )
May 30 18:43:44.625 [err] Bug:     tor(log_backtrace+0x44) [0x55af745bb864] (on Tor 0.3.3.6 )
May 30 18:43:44.625 [err] Bug:     tor(tor_assertion_failed_+0x8d) [0x55af745d6fad] (on Tor 0.3.3.6 )
May 30 18:43:44.625 [err] Bug:     tor(log_cert_expiration+0x13f) [0x55af744d0baf] (on Tor 0.3.3.6 )
May 30 18:43:44.625 [err] Bug:     tor(tor_run_main+0xf2) [0x55af74487e32] (on Tor 0.3.3.6 )
May 30 18:43:44.625 [err] Bug:     tor(tor_main+0x3a) [0x55af744813ea] (on Tor 0.3.3.6 )
May 30 18:43:44.625 [err] Bug:     tor(main+0x19) [0x55af74481159] (on Tor 0.3.3.6 )
May 30 18:43:44.625 [err] Bug:     /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f3ff8e242e1] (on Tor 0.3.3.6 )
May 30 18:43:44.625 [err] Bug:     tor(_start+0x2a) [0x55af744811aa] (on Tor 0.3.3.6 )

comment:14 Changed 7 months ago by rl1987

WIP: https://github.com/rl1987/tor/compare/master...rl1987:feature19506

However there's a problem with autotools. I can compile this stuff on macOS just fine, but on Linux it explodes with linker errors. See e.g. https://travis-ci.org/rl1987/tor/jobs/391725587 Would be great if anyone (nickm?) looked into it.

comment:15 Changed 7 months ago by rl1987

Cc: nickm added

comment:16 Changed 7 months ago by rl1987

Status: reopenedneeds_review

After rebasing and some fixups, I got it working.

https://github.com/torproject/tor/pull/172

comment:17 Changed 7 months ago by nickm

Milestone: Tor: unspecifiedTor: 0.3.5.x-final

comment:18 Changed 7 months ago by asn

Reviewer: mikeperry

comment:19 Changed 7 months ago by mikeperry

Status: needs_reviewneeds_revision

Few notes for revision:

  1. The got_tag variable here comes from a strdrup(). It needs to be freed.
  2. Instead of printing out the return value, consider using strerror() to get a human readable string for the errno? crypto_read_tagged_contents_from_file() preserves errno for this reason.
  3. Are we sure we want to make the user specify the path to the cert and not the cert file itself? This may be confusing? But I could be convinced that it is not, if it is hard to find the cert among whatever else is in that dir.

comment:20 Changed 6 months ago by rl1987

Status: needs_revisionneeds_review

It actually takes the path to ed25519_signing_cert file. Fixed the usage message to make it clear.

Addressed other things Mike mentioned as well.

https://github.com/torproject/tor/pull/216

comment:21 Changed 6 months ago by nickm

Keywords: 035-triaged-in-20180711 added

comment:22 Changed 6 months ago by mikeperry

Status: needs_reviewmerge_ready

Ok this lgtm now.

comment:23 Changed 6 months ago by nickm

Resolution: implemented
Status: merge_readyclosed

lovely; merged!

comment:24 Changed 6 months ago by teor

Resolution: implemented
Status: closedreopened

Appveyor CI didn't run on this pull request or branch, then the merge to master broke on Windows. See #26986.

comment:25 Changed 6 months ago by teor

Resolution: fixed
Status: reopenedclosed

Oops. Let's deal with it in #26986.

Note: See TracTickets for help on using tickets.