[tor-bugs] #26627 [Core Tor/Tor]: HSv3 throws many "Tried connecting to router at [IP:port], but RSA identity key was not as expected"

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jul 6 06:55:28 UTC 2018 

#26627: HSv3 throws many "Tried connecting to router at [IP:port], but RSA identity
key was not as expected"
-------------------------------------------------+-------------------------
 Reporter:  asn                                  |          Owner:  teor
     Type:  defect                               |         Status:
                                                 |  assigned
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.5.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.3.2.4-alpha
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-relay certs handshake ed25519    |  Actual Points:
  035-roadmap-proposed                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):

 * keywords:  security tor-relay certs handshake ed25519 035-roadmap-
     proposed => tor-relay certs handshake ed25519 035-roadmap-proposed
 * owner:  (none) => teor
 * version:   => Tor: 0.3.2.4-alpha
 * status:  new => assigned


Comment:

 Please see my branches bug26627_032 and bug26627 on
 https://github.com/teor2345/tor.git

 The Windows CI is failing on master due to #26662.

 Here's what I fixed:
 * backport #20895 and #23577 from 0.3.3 to 0.3.2
   * without the backport, clients can't check if the node supports ed25519
 link auth
   * these backports also make v3 client intro behaviour consistent between
 0.3.3+ and 0.3.2
 * only send ed25519 link specifiers in client intros if the rend point
 supports ed25519 link auth

 Here's what I still need to fix:
 * check that we only send ed25519 link specifiers in service descriptors
 if the intro point supports ed25519 link auth
 * make v3 single onion service to rend link authentication into a protocol
 warning
 * (we don't need to make v3 Tor2web client to intro link authentication
 into a protocol warning, because there is no v3 Tor2web)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26627#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list