[tor-bugs] #26627 [Core Tor/Tor]: HSv3 throws many "Tried connecting to router at [IP:port], but RSA identity key was not as expected"

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 24 23:35:42 UTC 2018 

#26627: HSv3 throws many "Tried connecting to router at [IP:port], but RSA identity
key was not as expected"
-------------------------------------------------+-------------------------
 Reporter:  asn                                  |          Owner:  teor
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.5.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.3.2.4-alpha
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-relay, certs, handshake,         |  Actual Points:
  ed25519, 035-roadmap-proposed, 035-must,       |
  fast-fix, 035-triaged-in-20180711              |
Parent ID:                                       |         Points:
 Reviewer:  asn                                  |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by teor):

 Please see my branches bug26627_032 and bug26627_033 on
 https://github.com/teor2345/tor.git
 * I did a forced update on bug26627_032 to rebase to get CI working
 * bug26627_033 merges cleanly to master (see bug26627_033_merged_master)

 Here's what I fixed:
 * backport #20895 and #23577 from 0.3.3 to 0.3.2
   * without the backport, clients can't check if the node supports ed25519
 link auth
   * these backports also make v3 client intro behaviour consistent between
 0.3.3+ and 0.3.2
 * only send ed25519 link specifiers in client intros if the rend point
 supports ed25519 link auth
 * only send ed25519 link specifiers in service descriptors if the intro
 point supports ed25519 link auth

 Relays already behave correctly:
 * all relays log a protocol warning when a client asks them to extend to
 an ed25519 id, but the relay they're extending to doesn't support ed25519
 link authentication

 I'm going to split off into #26924:
 * make v3 single onion service to rend link authentication into a protocol
 warning

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26627#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list