Opened 21 months ago

Last modified 4 weeks ago

#20700 needs_revision enhancement

prop224: Implement standard client authorization

Reported by: dgoulet Owned by: haxxpop
Priority: Very High Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: prop224, tor-hs, 035-roadmap-master, 035-triaged-in-20180711
Cc: peter@…, dmr, nickm Actual Points:
Parent ID: #25955 Points: 3
Reviewer: dgoulet Sponsor:

Description

With upcoming work of proposal 224, we'll have a new better improved client authentication scheme that needs to be implemented.

Child Tickets

TicketTypeStatusOwnerSummary
#20742enhancementassignedasnprop224: Implement stealth client authorization

Change History (34)

comment:2 Changed 21 months ago by asn

Sponsor: SponsorR-mustSponsorR-can
Summary: prop224: Implement client authenticationprop224: Implement client authorization

comment:3 Changed 20 months ago by dgoulet

Owner: set to asn
Status: newassigned

comment:4 Changed 20 months ago by dgoulet

Keywords: triage-out-030-201612 added
Milestone: Tor: 0.3.0.x-finalTor: 0.3.1.x-final

Triaged out on December 2016 from 030 to 031.

comment:5 Changed 18 months ago by dgoulet

Priority: MediumVery High

Prioritize prop224 tickets for 031 milestone. They are all "Enhancement".

comment:6 Changed 17 months ago by dgoulet

Milestone: Tor: 0.3.1.x-finalTor: 0.3.2.x-final

prop224 tickets going in 032 for early merge. Decided after Amsterdam meeting.

comment:7 Changed 15 months ago by nickm

Keywords: triage-out-030-201612 removed

comment:8 Changed 12 months ago by dgoulet

Milestone: Tor: 0.3.2.x-finalTor: 0.3.3.x-final
Parent ID: #12424

Not going in the initial release of prop224.

comment:9 Changed 7 months ago by dgoulet

Milestone: Tor: 0.3.3.x-finalTor: 0.3.4.x-final

comment:10 Changed 5 months ago by haxxpop

Owner: changed from asn to haxxpop

comment:11 Changed 5 months ago by nickm

Keywords: 034-triage-20180328 added

comment:12 Changed 5 months ago by nickm

Keywords: 034-removed-20180328 added

Per our triage process, these tickets are pending removal from 0.3.4.

comment:13 Changed 5 months ago by pege

Cc: peter@… added

comment:14 Changed 4 months ago by nickm

Keywords: 034-removed-20180328 removed

We can take this in 0.3.4 if the code is ready, and I hear haxxpop is working on it. :)

comment:15 Changed 4 months ago by dmr

Cc: dmr added

comment:17 Changed 4 months ago by cypherpunks

YEEEEAHHHH I really need HidServAuth for v3 onion!!!

comment:18 in reply to:  17 Changed 4 months ago by asn

Replying to cypherpunks:

YEEEEAHHHH I really need HidServAuth for v3 onion!!!

Please give haxxpop's code (comment:16) a try and let us know how it works for you.

You can test it by adding HiddenServiceAuthorizeClient basic <client_name>
on the service torrc and HidServAuth <onion address> <base64-encoded x25519 private key> on the client torrc. You can get the private key from client_authorized_privkeys/<client_name>.privkey on the service file directory

Last edited 4 months ago by asn (previous) (diff)

comment:19 Changed 4 months ago by teor

Someone should also test that it works when the *client* generates the private key, and only gives the public key to the onion service.

comment:20 Changed 4 months ago by haxxpop

I just tested it. It works.

You can just put the public key in client_authorized_pubkeys before running the HS.
The HS will not generate a new key and it will use the public key in that file.

comment:21 Changed 4 months ago by cypherpunks

Parent ID: #25955

comment:22 Changed 4 months ago by cypherpunks

Summary: prop224: Implement client authorizationprop224: Implement basic client authorization

Uh... I need 'stealth', not loud 'basic'...

comment:23 Changed 3 months ago by teor

Summary: prop224: Implement basic client authorizationprop224: Implement standard client authorization

"basic" and "stealth" don't make sense for v3 onion services, because authentication works differently in v3.
We have "descriptor", "intro", and "standard" (both).

Depending on your use case, you might be looking for "descriptor" auth.

comment:24 Changed 3 months ago by teor

Status: assignedneeds_revision

meejah would like feature flags for v3 onion service client authentication.
https://trac.torproject.org/projects/tor/ticket/24617#comment:5

I suggest we have separate flags for descriptor and intro.

For new options, we could use GETINFO config/names:
https://gitweb.torproject.org/torspec.git/tree/control-spec.txt#n729

But we are re-using existing options, so I suggest we create:
config/onions/versions = 2 3
config/onions/auth/descriptor = 1
config/onions/auth/intro = 1

We might also want a flag when v3 single onions support IPv6-only, but that's a separate ticket.

comment:25 Changed 3 months ago by asn

Did an initial review of haxxpop's branch here. Next steps include: More careful review, valgrind, more testing on chutney and more testing on real net.

comment:26 Changed 3 months ago by asn

Milestone: Tor: 0.3.4.x-finalTor: 0.3.5.x-final

We are hoping to land this in 035.

comment:27 Changed 2 months ago by dgoulet

I've commented on about 1/4 of the whole branch. I hope to continue tomorrow!

comment:28 Changed 8 weeks ago by dgoulet

Reviewer: dgoulet

comment:29 Changed 8 weeks ago by dgoulet

Ok I've got the rest of my review in. There are couple show stopper comments that we need to address/discuss. Thanks!

comment:30 Changed 6 weeks ago by nickm

Keywords: 035-roadmap-master added; 034-triage-20180328 removed
Sponsor: SponsorR-can

comment:31 Changed 5 weeks ago by nickm

Keywords: 035-triaged-in-20180711 added

comment:32 Changed 5 weeks ago by dgoulet

Cc: nickm added

Latest spec branch that asn/dgoulet/haxxpop agree on: asn/ticket20700_01

comment:33 Changed 4 weeks ago by nickm

Notes:

  • Apparently we have two things called Appendix E in rend-spec-v3.txt now. I don't think this is new with this patch, but let's fix that.
  • When you list "./authorized_clients/alice", etc in appendix F, do you intend to specify that this list has to be inside the service directory? I ask because if you're doing this, I don't think it makes sense to list them all separately in the torrc, and list the directory separately as well.
  • Do we want to allow multiple keys per file?
  • I'd suggest renaming all the client options so that they don't start with "HiddenService": It makes things much easier if only our service-side options start with "HiddenService". How about ClientOnionAuth or something?
  • We should say what happens if Tor encounters an unrecognized auth-type, user name, or onion service name in one of these files. I say it should ignore that key.

comment:34 in reply to:  33 Changed 4 weeks ago by asn

Replying to nickm:

Notes:

  • Apparently we have two things called Appendix E in rend-spec-v3.txt now. I don't think this is new with this patch, but let's fix that.
  • When you list "./authorized_clients/alice", etc in appendix F, do you intend to specify that this list has to be inside the service directory? I ask because if you're doing this, I don't think it makes sense to list them all separately in the torrc, and list the directory separately as well.
  • Do we want to allow multiple keys per file?
  • I'd suggest renaming all the client options so that they don't start with "HiddenService": It makes things much easier if only our service-side options start with "HiddenService". How about ClientOnionAuth or something?
  • We should say what happens if Tor encounters an unrecognized auth-type, user name, or onion service name in one of these files. I say it should ignore that key.

Thanks for the review. Pushed relevant fixes on my github repo, same branch name.

Note: See TracTickets for help on using tickets.