Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Tor Tor
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 313
    • Issues 313
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 33
    • Merge requests 33
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Core
  • TorTor
  • Issues
  • #29134
Closed
Open
Created Jan 19, 2019 by pastly@pastly

Document the max number of v3 client auths I can make

I'm testing out v3 onion service client auth. I couldn't find a documented maximum number of clients I can authorize for a single onion service, so I tried a really big number (400).

Full log here: https://paste.debian.net/1061430/ and first bit here:

matt@spacecow:~/src/tor$ ./src/app/tor -f torrc-server
Jan 19 13:34:11.635 [notice] Tor 0.3.5.7 (git-9beb085c10562a25) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0j, Zlib 1.2.8, Liblzma N/A, and Libzstd N/A.
Jan 19 13:34:11.635 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jan 19 13:34:11.635 [notice] Read configuration file "/home/matt/src/tor/torrc-server".
Jan 19 13:34:11.640 [warn] Path for DataDirectory (data-server) is relative and will resolve to /home/matt/src/tor/data-server. Is this what you wanted?
Jan 19 13:34:11.640 [warn] Path for PidFile (data-server/tor.pid) is relative and will resolve to /home/matt/src/tor/data-server/tor.pid. Is this what you wanted?
Jan 19 13:34:11.640 [warn] Path for HiddenServiceDir (data-server/onion_service) is relative and will resolve to /home/matt/src/tor/data-server/onion_service. Is this what you wanted?
Jan 19 13:34:11.641 [warn] Your log may contain sensitive information - you disabled SafeLogging. Don't log unless it serves an important reason. Overwrite the log afterwards.
Jan 19 13:34:11.666 [notice] Bootstrapped 0%: Starting
Jan 19 13:34:11.948 [notice] Starting with guard context "default"
Jan 19 13:34:12.666 [notice] Bootstrapped 10%: Finishing handshake with directory server
Jan 19 13:34:12.666 [notice] Bootstrapped 80%: Connecting to the Tor network
Jan 19 13:34:12.722 [notice] Bootstrapped 90%: Establishing a Tor circuit
Jan 19 13:34:13.048 [notice] Bootstrapped 100%: Done
Jan 19 13:34:14.676 [warn] We just made an HS descriptor that's too big (54736).Failing.
Jan 19 13:34:14.676 [warn] tor_bug_occurred_(): Bug: src/feature/hs/hs_service.c:2828: upload_descriptor_to_hsdir: Non-fatal assertion !(service_encode_descriptor(service, desc, &desc->signing_kp, &encoded_desc) < 0) failed. (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: Non-fatal assertion !(service_encode_descriptor(service, desc, &desc->signing_kp, &encoded_desc) < 0) failed in upload_descriptor_to_hsdir at src/feature/hs/hs_service.c:2828. Stack trace: (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(log_backtrace_impl+0x47) [0x564e05c29297] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(tor_bug_occurred_+0xc0) [0x564e05c24930] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(hs_service_run_scheduled_events+0x1d6a) [0x564e05b4c5ca] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(+0x65e71) [0x564e05aa7e71] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(+0x697e1) [0x564e05aab7e1] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug:     /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5(event_base_loop+0x6a0) [0x7f19b89755a0] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(do_main_loop+0x9d) [0x564e05aab21d] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(tor_run_main+0x1215) [0x564e05a990a5] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(tor_main+0x3a) [0x564e05a962ca] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(main+0x19) [0x564e05a95e49] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug:     /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f19b7ac12e1] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug:     ./src/app/tor(_start+0x2a) [0x564e05a95e9a] (on Tor 0.3.5.7 9beb085c10562a25)

I didn't expect to be allowed an unlimited number of client authorizations, but I do expect Tor to handle too many more gracefully.

matt@spacecow:~/src/tor$ cat torrc-server 
DataDirectory data-server
Log notice file data-server/notice.log
Log notice stdout
PidFile data-server/tor.pid
SocksPort 0

SafeLogging 0
LogTimeGranularity 1

HiddenServiceDir data-server/onion_service
HiddenServicePort 80 11223
matt@spacecow:~/src/tor$ cat torrc-client
DataDirectory data-client
Log notice file data-client/notice.log
Log notice stdout
PidFile data-client/tor.pid
SocksPort auto

SafeLogging 0
LogTimeGranularity 1

ClientOnionAuthDir data-client/v3onionauth

I wrote a script to generate a ton of .auth and .auth_private files.

  1. Start the server's tor with DisableNetwork set, wait for it to bootstrap, then stop it. Grab the hostname of the onion service
  2. Use this script (https://paste.debian.net/1061432/) to generate a bunch of .auth and .auth_private files. For example:
matt@spacecow:~/src/python-snippits/src ./x25519-gen.py \
> ck7vkjy5dfk4dh564wnhqrdhmeh4qrnnkmo5tdwu4n7wickkhbzrb7yd \
> 400 \
> ~/src/tor/data-server/onion_service/authorized_clients/ \
> ~/src/tor/data-client/v3onionauth/
  1. Then remove DisableNetwork and start the server. It produces the above buggy logs
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking