Opened 3 months ago

Last modified 4 days ago

#30381 needs_revision defect

Provide control port commands to ADD/REMOVE/VIEW v3 client-auth

Reported by: asn Owned by: asn
Priority: Medium Milestone: Tor: 0.4.2.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs, tbb-usability, ux-team, hs-auth, network-team-roadmap-september
Cc: antonela, arthuredelstein, brade, mcs, gk, michael, special, erinn, patrick@…, lunar, linda, dmr Actual Points: 4.5
Parent ID: #14389 Points: 6
Reviewer: dgoulet Sponsor: Sponsor27-must

Description (last modified by asn)

We need control port commands so that TB can add/remove/view client auth credentials.

Furthermore, the 'add' command should be able to decrypt any existing non-decryptable descriptors in the cache (see #30382).

Child Tickets

Attachments (1)

tor-os-auth-crash.txt (4.7 KB) - added by mcs 5 weeks ago.
assertion failure log

Download all attachments as: .zip

Change History (15)

comment:1 Changed 3 months ago by asn

Points: 6

comment:3 Changed 3 months ago by asn

Description: modified (diff)

comment:4 Changed 3 months ago by asn

Owner: set to asn
Status: newassigned

comment:6 Changed 3 months ago by pili

Sponsor: Sponsor27-must

comment:7 Changed 2 months ago by gaba

Keywords: network-team-roadmap-2019-Q1Q2 added

comment:8 Changed 7 weeks ago by asn

Status: assignedneeds_review

Pushed branch here: https://github.com/torproject/tor/pull/1070

It's based on david's #30382 branch so that I can use his 'decrypt pending descriptors upon add' functionality. That's also the only part that is not unittested.

I also pushed a fixup commit to my spec patch based on the latest implementation: https://github.com/torproject/torspec/pull/81/commits/dafda3944241e4ab6dfe0fee90d2e97979ac8f94

comment:9 Changed 7 weeks ago by asn

Reviewer: dgoulet

comment:10 Changed 7 weeks ago by asn

Actual Points: 4.5

comment:11 Changed 7 weeks ago by dgoulet

Status: needs_reviewneeds_revision

Review on the PR. Looking good. No show stopper, just few minor things.

Changed 5 weeks ago by mcs

Attachment: tor-os-auth-crash.txt added

assertion failure log

comment:12 Changed 5 weeks ago by mcs

Kathy and I are trying to integrate our work-in-progress Tor Browser code with a tor we built from the code at https://github.com/asn-d6/tor/tree/bug30381. Unfortunately, when we access a v3 onion service that requires client auth we encounter an assertion failure inside tor. See the attached file tor-os-auth-crash.txt. Please let us know if you need any more info in order to debug the problem.

comment:13 Changed 5 weeks ago by dgoulet

Oh no... that is currently fixed in #30382... Let me do an updated branch for you to work with:

Try to use this branch: ticket30381_042_01
https://gitweb.torproject.org/user/dgoulet/tor.git/log/?h=ticket30381_042_01

It is not clean or anything but will have the latest code we have for your testing. Hopefully, should help you go forward!

comment:14 in reply to:  13 Changed 5 weeks ago by mcs

Replying to dgoulet:

Oh no... that is currently fixed in #30382... Let me do an updated branch for you to work with:

Try to use this branch: ticket30381_042_01
https://gitweb.torproject.org/user/dgoulet/tor.git/log/?h=ticket30381_042_01

Thanks; this works much better. We now receive the correct SOCKS error code (after a 120 second delay, which is a problem asn already mentioned in his review of your #30382 pull request). Kathy and I should be able to make more progress using this branch though. Next we will experiment with ONION_CLIENT_AUTH_ADD.

comment:15 Changed 4 days ago by gaba

Keywords: network-team-roadmap-september added; network-team-roadmap-2019-Q1Q2 removed
Note: See TracTickets for help on using tickets.