[tor-bugs] #29700 [Core Tor/Tor]: ntor handshake auth failures with RPs
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Mar 8 22:12:18 UTC 2019
#29700: ntor handshake auth failures with RPs
------------------------------+--------------------
Reporter: mikeperry | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------
My vanguards addon was detecting dropped cells on my v3 service side due
to ntor failures to client chosen RPs. This happened while testing
vanguards 0.3.0 with tor 0.4.0.2-alpha and a v3 onion service that was
only for my testing.
This corresponded to control port lines like:
{{{
DEBUG[Thu Mar 07 09:51:28 2019]: 650 CIRC 12674 FAILED
$DD5DA21CC5036533AE2010DE2C7E72BE2CDF9C5E~Unnamed,$28C52CDBB78DA46124DA62EC1D6796689E719210~ayb,$516C2CCBB1502B7E46E4265D82474257324DF8E2~Unnamed,$E37724D8AD87B149EAD2F3DFD3E1681624AC9EE0~sheldon
BUILD_FLAGS=IS_INTERNAL,NEED_CAPACITY,NEED_UPTIME PURPOSE=HS_SERVICE_REND
HS_STATE=HSSR_CONNECTING
REND_QUERY=jxzsbx2wov6yrzwysw7mbmxal2ab6vwje745djczv4kyxe36a2rhmnid
TIME_CREATED=2019-03-07T09:47:54.889121 REASON=TORPROTOCOL
}}}
Which matched loglines:
{{{
Mar 07 09:51:28.000 [info] onion_skin_ntor_client_handshake(): Invalid
result from curve25519 handshake: 4
Mar 07 09:51:28.000 [info] circuit_mark_for_close_(): Circuit 3610696346
(id: 12674) marked for close at src/core/or/relay.c:1731 (orig reason: 1,
new reason: 0)
Mar 07 09:51:28.000 [info] circuit_build_failed(): Couldn't connect to the
client's chosen rend point "" (last hop failed).
Mar 07 09:51:28.000 [info] can_relaunch_service_rendezvous_point():
Attempt to build a rendezvous circuit to [scrubbed] has failed with 1
attempts and expiry time 1551952317. Giving up building.
}}}
I caused this by using Tor version 0.3.5.7 (git-9beb085c10562a25) to
connect to my HS like so:
{{{
while [ true ]; do
torsocks wget http://$MYV3_ONION_NAME.onion/404 -O /dev/null
killall -HUP tor;
done
}}}
That v3 404 url is in fact non-existent -- it does just send back a HTTP
404.
I think this might be caused by just normal onion key rotation of the
RP... In which case there might now be anything we can do?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29700>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list