Opened 2 weeks ago

Last modified 10 days ago

#32634 new defect

Stem can't fetch hidden service descriptors with descriptor ID.

Reported by: moonsikpark Owned by: atagar
Priority: Medium Milestone:
Component: Core Tor/Stem Version:
Severity: Normal Keywords: tor-hs
Cc: atagar Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

https://gitweb.torproject.org/torspec.git/tree/control-spec.txt#n1548

"HSFETCH" SP (HSAddress / "v" Version "-" DescId)
              *[SP "SERVER=" Server] CRLF

Control-spec states that HSFETCH can be done with a specific descriptor ID, but because stem enforcesa address check with stem.util.tor_tools.is_valid_hidden_service_address() this can't be done.

Child Tickets

Change History (3)

comment:2 Changed 10 days ago by atagar

Thanks moonsikpark! If await_result is provided this looks like it'll fail (note the "event.address == address" conditionals below).

Would you mind describing your use case? I've never run across someone that wanted to query HS descriptors via their identifier.

In checking the spec there's a couple other wrinkles with identifier queries...

  • "DescIDs can only be version 2 IDs."

So despite taking a version prefix this doesn't work at all with v3 services. This is a bit concerning because v2 will be deprecated at some point. Is there a ticket for adding tor support for querying v3 services by their descriptor id? If not then it sounds like this capability might be going away.

  • "If a DescId is specified, at least one Server MUST also be provided"

If we do decide to support this within stem we'll need to raise a ValueError if we get a descriptor id and a server argument is not supplied.

comment:3 in reply to:  2 Changed 10 days ago by teor

Replying to atagar:

Thanks moonsikpark! If await_result is provided this looks like it'll fail (note the "event.address == address" conditionals below).

Would you mind describing your use case? I've never run across someone that wanted to query HS descriptors via their identifier.

In checking the spec there's a couple other wrinkles with identifier queries...

  • "DescIDs can only be version 2 IDs."

So despite taking a version prefix this doesn't work at all with v3 services. This is a bit concerning because v2 will be deprecated at some point. Is there a ticket for adding tor support for querying v3 services by their descriptor id? If not then it sounds like this capability might be going away.

  • "If a DescId is specified, at least one Server MUST also be provided"

If we do decide to support this within stem we'll need to raise a ValueError if we get a descriptor id and a server argument is not supplied.

There's no equivalent for the "Descriptor ID" in the v3 onion service protocol.

The onion address can be used to derive a blinded public key for each time period:
https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt#n655

The blinded public key works on any HSDir:
https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt#n974

And the blinded public key can be used to find the relevant set of HSDirs:
https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt#n781

For debugging, we might eventually want to query the previous/current/next sets of HSDirs, but that's complicated, and not implemented yet:
https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt#n885

Note: See TracTickets for help on using tickets.