Skip to content
GitLab
Closed (moved) (moved)
Created by segfault@segfault

HSFETCH fails for hidden services which use client authentication

When using HSFETCH with a hidden service which uses client authentication, it does not return the descriptor.

Example:

echo "AUTHENTICATE
HSFETCH prkszpeygn2a3kxo | nc -U /var/run/tor/control

Output:

650 OK
650 HS_DESC REQUESTED prkszpeygn2a3kxo NO_AUTH $4D596DB0B8214621D60183B6CBF73DF67B0A97CD~CrashM jvdlgb7c3xkihcww5fypqnbkuv5dfima
650 HS_DESC FAILED prkszpeygn2a3kxo NO_AUTH $4D596DB0B8214621D60183B6CBF73DF67B0A97CD~CrashM rhdhss3jibwpmennesop3sops3mr42du REASON=BAD_DESC
650+HS_DESC_CONTENT prkszpeygn2a3kxo jvdlgb7c3xkihcww5fypqnbkuv5dfima $4D596DB0B8214621D60183B6CBF73DF67B0A97CD~CrashM

log:

Aug 27 13:29:45.000 [warn] Failed to parse introduction points. Either the service has published a corrupt descriptor or you have provided invalid authorization data.
Aug 27 13:29:45.000 [warn] Fetching v2 rendezvous descriptor failed. Retrying at another directory.

I took a quick look at the code and it seems like HSFETCH simply assumes no authentication is used:

{{{
rend_query = rend_data_client_create(hsaddress, desc_id, NULL, REND_NO_AUTH); }}}

https://gitweb.torproject.org/tor.git/tree/src/or/control.c#n4095

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information