[tor-bugs] #29134 [Core Tor/Tor]: Document the max number of v3 client auths I can make

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Jan 19 18:45:13 UTC 2019


#29134: Document the max number of v3 client auths I can make
------------------------------+--------------------------
     Reporter:  pastly        |      Owner:  (none)
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:
    Component:  Core Tor/Tor  |    Version:  Tor: 0.3.5.7
     Severity:  Normal        |   Keywords:
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+--------------------------
 I'm testing out v3 onion service client auth. I couldn't find a documented
 maximum number of clients I can authorize for a single onion service, so I
 tried a really big number (400).

 Full log here: https://paste.debian.net/1061430/ and first bit here:

 {{{
 matt at spacecow:~/src/tor$ ./src/app/tor -f torrc-server
 Jan 19 13:34:11.635 [notice] Tor 0.3.5.7 (git-9beb085c10562a25) running on
 Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0j, Zlib 1.2.8, Liblzma
 N/A, and Libzstd N/A.
 Jan 19 13:34:11.635 [notice] Tor can't help you if you use it wrong! Learn
 how to be safe at https://www.torproject.org/download/download#warning
 Jan 19 13:34:11.635 [notice] Read configuration file "/home/matt/src/tor
 /torrc-server".
 Jan 19 13:34:11.640 [warn] Path for DataDirectory (data-server) is
 relative and will resolve to /home/matt/src/tor/data-server. Is this what
 you wanted?
 Jan 19 13:34:11.640 [warn] Path for PidFile (data-server/tor.pid) is
 relative and will resolve to /home/matt/src/tor/data-server/tor.pid. Is
 this what you wanted?
 Jan 19 13:34:11.640 [warn] Path for HiddenServiceDir (data-
 server/onion_service) is relative and will resolve to /home/matt/src/tor
 /data-server/onion_service. Is this what you wanted?
 Jan 19 13:34:11.641 [warn] Your log may contain sensitive information -
 you disabled SafeLogging. Don't log unless it serves an important reason.
 Overwrite the log afterwards.
 Jan 19 13:34:11.666 [notice] Bootstrapped 0%: Starting
 Jan 19 13:34:11.948 [notice] Starting with guard context "default"
 Jan 19 13:34:12.666 [notice] Bootstrapped 10%: Finishing handshake with
 directory server
 Jan 19 13:34:12.666 [notice] Bootstrapped 80%: Connecting to the Tor
 network
 Jan 19 13:34:12.722 [notice] Bootstrapped 90%: Establishing a Tor circuit
 Jan 19 13:34:13.048 [notice] Bootstrapped 100%: Done
 Jan 19 13:34:14.676 [warn] We just made an HS descriptor that's too big
 (54736).Failing.
 Jan 19 13:34:14.676 [warn] tor_bug_occurred_(): Bug:
 src/feature/hs/hs_service.c:2828: upload_descriptor_to_hsdir: Non-fatal
 assertion !(service_encode_descriptor(service, desc, &desc->signing_kp,
 &encoded_desc) < 0) failed. (on Tor 0.3.5.7 9beb085c10562a25)
 Jan 19 13:34:14.677 [warn] Bug: Non-fatal assertion
 !(service_encode_descriptor(service, desc, &desc->signing_kp,
 &encoded_desc) < 0) failed in upload_descriptor_to_hsdir at
 src/feature/hs/hs_service.c:2828. Stack trace: (on Tor 0.3.5.7
 9beb085c10562a25)
 Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(log_backtrace_impl+0x47)
 [0x564e05c29297] (on Tor 0.3.5.7 9beb085c10562a25)
 Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(tor_bug_occurred_+0xc0)
 [0x564e05c24930] (on Tor 0.3.5.7 9beb085c10562a25)
 Jan 19 13:34:14.677 [warn] Bug:
 ./src/app/tor(hs_service_run_scheduled_events+0x1d6a) [0x564e05b4c5ca] (on
 Tor 0.3.5.7 9beb085c10562a25)
 Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(+0x65e71)
 [0x564e05aa7e71] (on Tor 0.3.5.7 9beb085c10562a25)
 Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(+0x697e1)
 [0x564e05aab7e1] (on Tor 0.3.5.7 9beb085c10562a25)
 Jan 19 13:34:14.677 [warn] Bug:     /usr/lib/x86_64-linux-
 gnu/libevent-2.0.so.5(event_base_loop+0x6a0) [0x7f19b89755a0] (on Tor
 0.3.5.7 9beb085c10562a25)
 Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(do_main_loop+0x9d)
 [0x564e05aab21d] (on Tor 0.3.5.7 9beb085c10562a25)
 Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(tor_run_main+0x1215)
 [0x564e05a990a5] (on Tor 0.3.5.7 9beb085c10562a25)
 Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(tor_main+0x3a)
 [0x564e05a962ca] (on Tor 0.3.5.7 9beb085c10562a25)
 Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(main+0x19)
 [0x564e05a95e49] (on Tor 0.3.5.7 9beb085c10562a25)
 Jan 19 13:34:14.677 [warn] Bug:     /lib/x86_64-linux-
 gnu/libc.so.6(__libc_start_main+0xf1) [0x7f19b7ac12e1] (on Tor 0.3.5.7
 9beb085c10562a25)
 Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(_start+0x2a)
 [0x564e05a95e9a] (on Tor 0.3.5.7 9beb085c10562a25)
 }}}

 I didn't expect to be allowed an unlimited number of client
 authorizations, but I do expect Tor to handle too many more gracefully.

 {{{
 matt at spacecow:~/src/tor$ cat torrc-server
 DataDirectory data-server
 Log notice file data-server/notice.log
 Log notice stdout
 PidFile data-server/tor.pid
 SocksPort 0

 SafeLogging 0
 LogTimeGranularity 1

 HiddenServiceDir data-server/onion_service
 HiddenServicePort 80 11223
 }}}
 {{{
 matt at spacecow:~/src/tor$ cat torrc-client
 DataDirectory data-client
 Log notice file data-client/notice.log
 Log notice stdout
 PidFile data-client/tor.pid
 SocksPort auto

 SafeLogging 0
 LogTimeGranularity 1

 ClientOnionAuthDir data-client/v3onionauth

 }}}

 I wrote a script to generate a ton of .auth and .auth_private files.

 1. Start the server's tor with DisableNetwork set, wait for it to
 bootstrap, then stop it. Grab the hostname of the onion service
 2. Use this script (https://paste.debian.net/1061432/) to generate a bunch
 of .auth and .auth_private files. For example:

 {{{
 matt at spacecow:~/src/python-snippits/src ./x25519-gen.py \
 > ck7vkjy5dfk4dh564wnhqrdhmeh4qrnnkmo5tdwu4n7wickkhbzrb7yd \
 > 400 \
 > ~/src/tor/data-server/onion_service/authorized_clients/ \
 > ~/src/tor/data-client/v3onionauth/
 }}}

 3. Then remove DisableNetwork and start the server. It produces the above
 buggy logs

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29134>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list