[tor-dev] ClientAuthV3 for v3 onions via Tor controller is accepted by ADD_ONION but seems to get ignored
mig at mig5.net
Mon May 3 06:38:08 UTC 2021
I'm one of the OnionShare developers and I'm trying to implement the new support for ClientAuthV3 via the controller as per  (thanks for adding it!). Since OnionShare depends on Stem, I also began by adding support for passing the ClientAuthV3 argument and V3Auth flag into Stem (I intend on submitting that as a PR once I solve the problem below, but I think the problem isn't Stem specific)
I can send the ClientAuthV3 base32-encoded public key and the V3Auth flag to ADD_ONION, and get a 250 response back.
The problem is that when I then visit the onion address, it doesn't actually require the Client Auth that was set :)
I am running the nightly Tor on Debian 10 (Buster):
Tor version 0.4.7.0-alpha-dev.
Tor is running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, Libzstd 1.3.8 and Glibc 2.28 as libc.
Tor compiled with GCC version 8.3.0
Steps to reproduce:
1) Take these public and private base32-encoded strings (as generated by , if you want to generate different ones)
2) Start a simple service on localhost:9735:
echo Hi | nc -l 127.0.0.1 9735
3) Connect to Tor's control port and add an onion with a private key that will derive the onion address rujvluxdgiibem3odopgkgiiajgtwfbdgkuqfyydhl5qupotpwyxjaid.onion (or put your own if you wish):
user at onionshare:~$ sudo telnet localhost 9051
Connected to localhost.
Escape character is '^]'.
ADD_ONION ED25519-V3:MNkxu0oI0CX6Oq1AEroRGSAiqXurEbzBdraDKJB1pkNkl9hNCr+bagdAg7gA4F3M/FrF7BHBdh5zdvkHB7oO4w== ClientAuthV3=FGTORMIDKR7T2PR632HSHLWA4G6HF5TCWSGMHDUU4LWBEFTAVYQQ Flags=V3Auth Port=80,9735
4) Visit http://rujvluxdgiibem3odopgkgiiajgtwfbdgkuqfyydhl5qupotpwyxjaid.onion and expect to get the Tor Browser pop-up dialog '[onion service] is requesting that you authenticate.. Enter your private key for this onion service'. etc
Instead: the service loads 'Hi' without any requirement for Client Auth occurring. I never added the private key to Tor Browser in any way.
Is it a bug, or am I doing it wrong somehow?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the tor-dev