From 4976eca8261015dd2a214c4f4722dcdbcfed9c64 Mon Sep 17 00:00:00 2001 From: David Goulet Date: Mon, 9 Jul 2018 16:11:39 -0400 Subject: [PATCH] hs: Render obsolete Tor2web Remove support for Tor2web in the code and build system. At this commit, tor doesn't have Tor2web support anymore. Ref: https://lists.torproject.org/pipermail/tor-dev/2018-July/013295.html Close #26367 Signed-off-by: David Goulet --- changes/bug26367 | 5 ++ configure.ac | 7 --- doc/tor.1.txt | 28 +--------- src/app/config/config.c | 64 ++------------------- src/app/config/or_options_st.h | 14 +---- src/core/or/channel.c | 7 --- src/core/or/channelpadding.c | 16 ------ src/core/or/channelpadding.h | 2 - src/core/or/circuitbuild.c | 96 ++------------------------------ src/core/or/circuitbuild.h | 8 +-- src/core/or/circuitstats.c | 8 +-- src/core/or/circuituse.c | 32 ++--------- src/core/or/connection_edge.c | 12 ---- src/core/or/or.h | 4 -- src/feature/dircache/directory.c | 6 +- src/feature/rend/rendclient.c | 14 +---- src/feature/rend/rendcommon.c | 8 +-- src/feature/rend/rendmid.c | 2 +- src/test/test_channelpadding.c | 73 +----------------------- src/test/test_hs.c | 75 ------------------------- src/test/test_options.c | 52 +---------------- 21 files changed, 40 insertions(+), 493 deletions(-) create mode 100644 changes/bug26367 diff --git a/changes/bug26367 b/changes/bug26367 new file mode 100644 index 0000000000..af098df9c4 --- /dev/null +++ b/changes/bug26367 @@ -0,0 +1,5 @@ + o Removed features (hidden service, tor2web): + - Remove Tor2web functionalities. The Tor2webMode and + Tor2webRendezvousPoints options are now obsolete. Note that this feature + was never shipped in vanilla Tor and it was only possible to use this + feature by building the support at compile time. Closes ticket 26367. diff --git a/configure.ac b/configure.ac index 296591f025..fea617708c 100644 --- a/configure.ac +++ b/configure.ac @@ -181,13 +181,6 @@ if test "$enable_local_appdata" = "yes"; then [Defined if we default to host local appdata paths on Windows]) fi -# Tor2web mode flag -AC_ARG_ENABLE(tor2web-mode, - AS_HELP_STRING(--enable-tor2web-mode, [support tor2web non-anonymous mode]), -[if test "x$enableval" = "xyes"; then - CFLAGS="$CFLAGS -D ENABLE_TOR2WEB_MODE=1" -fi]) - AC_ARG_ENABLE(tool-name-check, AS_HELP_STRING(--disable-tool-name-check, [check for sanely named toolchain when cross-compiling])) diff --git a/doc/tor.1.txt b/doc/tor.1.txt index f42ad0dd3c..f16d9c370c 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1335,7 +1335,7 @@ The following options are useful only for clients (that is, if to stick with them. This is desirable because constantly changing servers increases the odds that an adversary who owns some servers will observe a fraction of your paths. Entry Guards can not be used by Directory - Authorities, Single Onion Services, and Tor2web clients. In these cases, + Authorities, and Single Onion Services. In these cases, the this option is ignored. (Default: 1) [[GuardfractionFile]] **GuardfractionFile** __FILENAME__:: @@ -1525,32 +1525,6 @@ The following options are useful only for clients (that is, if Tor will look at the UseOptimisticData parameter in the networkstatus. (Default: auto) -[[Tor2webMode]] **Tor2webMode** **0**|**1**:: - When this option is set, Tor connects to hidden services - **non-anonymously**. This option also disables client connections to - non-hidden-service hostnames through Tor. It **must only** be used when - running a tor2web Hidden Service web proxy. - To enable this option the compile time flag --enable-tor2web-mode must be - specified. Since Tor2webMode is non-anonymous, you can not run an - anonymous Hidden Service on a tor version compiled with Tor2webMode. - (Default: 0) - -[[Tor2webRendezvousPoints]] **Tor2webRendezvousPoints** __node__,__node__,__...__:: - A list of identity fingerprints, nicknames, country codes and - address patterns of nodes that are allowed to be used as RPs - in HS circuits; any other nodes will not be used as RPs. - (Example: - Tor2webRendezvousPoints Fastyfasty, ABCD1234CDEF5678ABCD1234CDEF5678ABCD1234, \{cc}, 255.254.0.0/8) + - + - This feature can only be used if Tor2webMode is also enabled. + - + - ExcludeNodes have higher priority than Tor2webRendezvousPoints, - which means that nodes specified in ExcludeNodes will not be - picked as RPs. + - + - If no nodes in Tor2webRendezvousPoints are currently available for - use, Tor will choose a random node when building HS circuits. - [[HSLayer2Nodes]] **HSLayer2Nodes** __node__,__node__,__...__:: A list of identity fingerprints, nicknames, country codes, and address patterns of nodes that are allowed to be used as the diff --git a/src/app/config/config.c b/src/app/config/config.c index 665732ea56..95d6ce354a 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -173,7 +173,6 @@ static config_abbrev_t option_abbrevs_[] = { PLURAL(AuthDirRejectCC), PLURAL(EntryNode), PLURAL(ExcludeNode), - PLURAL(Tor2webRendezvousPoint), PLURAL(FirewallPort), PLURAL(LongLivedPort), PLURAL(HiddenServiceNode), @@ -597,8 +596,8 @@ static config_var_t option_vars_[] = { OBSOLETE("Support022HiddenServices"), V(TestSocks, BOOL, "0"), V(TokenBucketRefillInterval, MSEC_INTERVAL, "100 msec"), - V(Tor2webMode, BOOL, "0"), - V(Tor2webRendezvousPoints, ROUTERSET, NULL), + OBSOLETE("Tor2webMode"), + OBSOLETE("Tor2webRendezvousPoints"), OBSOLETE("TLSECGroup"), V(TrackHostExits, CSV, NULL), V(TrackHostExitsExpire, INTERVAL, "30 minutes"), @@ -1697,8 +1696,7 @@ options_need_geoip_info(const or_options_t *options, const char **reason_out) routerset_needs_geoip(options->ExcludeExitNodes) || routerset_needs_geoip(options->ExcludeNodes) || routerset_needs_geoip(options->HSLayer2Nodes) || - routerset_needs_geoip(options->HSLayer3Nodes) || - routerset_needs_geoip(options->Tor2webRendezvousPoints); + routerset_needs_geoip(options->HSLayer3Nodes); if (routerset_usage && reason_out) { *reason_out = "We've been configured to use (or avoid) nodes in certain " @@ -1881,27 +1879,6 @@ options_act(const or_options_t *old_options) "in a non-anonymous mode. It will provide NO ANONYMITY."); } -#ifdef ENABLE_TOR2WEB_MODE -/* LCOV_EXCL_START */ - // XXXX This should move into options_validate() - if (!options->Tor2webMode) { - log_err(LD_CONFIG, "This copy of Tor was compiled to run in " - "'tor2web mode'. It can only be run with the Tor2webMode torrc " - "option enabled."); - return -1; - } -/* LCOV_EXCL_STOP */ -#else /* !(defined(ENABLE_TOR2WEB_MODE)) */ - // XXXX This should move into options_validate() - if (options->Tor2webMode) { - log_err(LD_CONFIG, "This copy of Tor was not compiled to run in " - "'tor2web mode'. It cannot be run with the Tor2webMode torrc " - "option enabled. To enable Tor2webMode recompile with the " - "--enable-tor2web-mode option."); - return -1; - } -#endif /* defined(ENABLE_TOR2WEB_MODE) */ - /* If we are a bridge with a pluggable transport proxy but no Extended ORPort, inform the user that they are missing out. */ if (server_mode(options) && options->ServerTransportPlugin && @@ -2163,8 +2140,6 @@ options_act(const or_options_t *old_options) options->HSLayer2Nodes) || !routerset_equal(old_options->HSLayer3Nodes, options->HSLayer3Nodes) || - !routerset_equal(old_options->Tor2webRendezvousPoints, - options->Tor2webRendezvousPoints) || options->StrictNodes != old_options->StrictNodes) { log_info(LD_CIRC, "Changed to using entry guards or bridges, or changed " @@ -3306,23 +3281,12 @@ options_validate_single_onion(or_options_t *options, char **msg) options->NATDPort_set || options->DNSPort_set || options->HTTPTunnelPort_set); - if (rend_service_non_anonymous_mode_enabled(options) && client_port_set && - !options->Tor2webMode) { + if (rend_service_non_anonymous_mode_enabled(options) && client_port_set) { REJECT("HiddenServiceNonAnonymousMode is incompatible with using Tor as " "an anonymous client. Please set Socks/Trans/NATD/DNSPort to 0, or " "revert HiddenServiceNonAnonymousMode to 0."); } - /* If you run a hidden service in non-anonymous mode, the hidden service - * loses anonymity, even if SOCKSPort / Tor2web mode isn't used. */ - if (!rend_service_non_anonymous_mode_enabled(options) && - options->RendConfigLines && options->Tor2webMode) { - REJECT("Non-anonymous (Tor2web) mode is incompatible with using Tor as a " - "hidden service. Please remove all HiddenServiceDir lines, or use " - "a version of tor compiled without --enable-tor2web-mode, or use " - "HiddenServiceNonAnonymousMode."); - } - if (rend_service_allow_non_anonymous_connection(options) && options->UseEntryGuards) { /* Single Onion services only use entry guards when uploading descriptors; @@ -3807,26 +3771,6 @@ options_validate(or_options_t *old_options, or_options_t *options, REJECT("CircuitsAvailableTimeout is too large. Max is 24 hours."); } -#ifdef ENABLE_TOR2WEB_MODE - if (options->Tor2webMode && options->UseEntryGuards) { - /* tor2web mode clients do not (and should not) use entry guards - * in any meaningful way. Further, tor2web mode causes the hidden - * service client code to do things which break the path bias - * detector, and it's far easier to turn off entry guards (and - * thus the path bias detector with it) than to figure out how to - * make a piece of code which cannot possibly help tor2web mode - * users compatible with tor2web mode. - */ - log_notice(LD_CONFIG, - "Tor2WebMode is enabled; disabling UseEntryGuards."); - options->UseEntryGuards = 0; - } -#endif /* defined(ENABLE_TOR2WEB_MODE) */ - - if (options->Tor2webRendezvousPoints && !options->Tor2webMode) { - REJECT("Tor2webRendezvousPoints cannot be set without Tor2webMode."); - } - if (options->EntryNodes && !options->UseEntryGuards) { REJECT("If EntryNodes is set, UseEntryGuards must be enabled."); } diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index 0c0c5d32bb..32b6bc746f 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -256,14 +256,6 @@ struct or_options_t { int AllDirActionsPrivate; /**< Should every directory action be sent * through a Tor circuit? */ - /** Run in 'tor2web mode'? (I.e. only make client connections to hidden - * services, and use a single hop for all hidden-service-related - * circuits.) */ - int Tor2webMode; - - /** A routerset that should be used when picking RPs for HS circuits. */ - routerset_t *Tor2webRendezvousPoints; - /** A routerset that should be used when picking middle nodes for HS * circuits. */ routerset_t *HSLayer2Nodes; @@ -537,9 +529,9 @@ struct or_options_t { * of fixed nodes? */ int UseEntryGuards_option; /** Internal variable to remember whether we're actually acting on - * UseEntryGuards_option -- when we're a non-anonymous Tor2web client or - * Single Onion Service, it is always false, otherwise we use the value of - * UseEntryGuards_option. */ + * UseEntryGuards_option -- when we're a non-anonymous Single Onion Service, + * it is always false, otherwise we use the value of UseEntryGuards_option. + * */ int UseEntryGuards; int NumEntryGuards; /**< How many entry guards do we try to establish? */ diff --git a/src/core/or/channel.c b/src/core/or/channel.c index 476f31d5b4..0c204ddfb6 100644 --- a/src/core/or/channel.c +++ b/src/core/or/channel.c @@ -1882,13 +1882,6 @@ channel_do_open_actions(channel_t *chan) if (!get_options()->ConnectionPadding) { /* Disable if torrc disabled */ channelpadding_disable_padding_on_channel(chan); - } else if (get_options()->Tor2webMode && - !networkstatus_get_param(NULL, - CHANNELPADDING_TOR2WEB_PARAM, - CHANNELPADDING_TOR2WEB_DEFAULT, 0, 1)) { - /* Disable if we're using tor2web and the consensus disabled padding - * for tor2web */ - channelpadding_disable_padding_on_channel(chan); } else if (rend_service_allow_non_anonymous_connection(get_options()) && !networkstatus_get_param(NULL, CHANNELPADDING_SOS_PARAM, diff --git a/src/core/or/channelpadding.c b/src/core/or/channelpadding.c index b8cfd33d50..1a8f8209d0 100644 --- a/src/core/or/channelpadding.c +++ b/src/core/or/channelpadding.c @@ -52,8 +52,6 @@ static int consensus_nf_conntimeout_clients; static int consensus_nf_pad_before_usage; /** Should we pad relay-to-relay connections? */ static int consensus_nf_pad_relays; -/** Should we pad tor2web connections? */ -static int consensus_nf_pad_tor2web; /** Should we pad rosos connections? */ static int consensus_nf_pad_single_onion; @@ -141,11 +139,6 @@ channelpadding_new_consensus_params(networkstatus_t *ns) consensus_nf_pad_relays = networkstatus_get_param(ns, "nf_pad_relays", 0, 0, 1); - consensus_nf_pad_tor2web = - networkstatus_get_param(ns, - CHANNELPADDING_TOR2WEB_PARAM, - CHANNELPADDING_TOR2WEB_DEFAULT, 0, 1); - consensus_nf_pad_single_onion = networkstatus_get_param(ns, CHANNELPADDING_SOS_PARAM, @@ -740,15 +733,6 @@ channelpadding_decide_to_pad_channel(channel_t *chan) return CHANNELPADDING_WONTPAD; } - if (options->Tor2webMode && !consensus_nf_pad_tor2web) { - /* If the consensus just changed values, this channel may still - * think padding is enabled. Negotiate it off. */ - if (chan->padding_enabled) - channelpadding_disable_padding_on_channel(chan); - - return CHANNELPADDING_WONTPAD; - } - if (rend_service_allow_non_anonymous_connection(options) && !consensus_nf_pad_single_onion) { /* If the consensus just changed values, this channel may still diff --git a/src/core/or/channelpadding.h b/src/core/or/channelpadding.h index 7eddbdbe2d..7f8cfd4cc7 100644 --- a/src/core/or/channelpadding.h +++ b/src/core/or/channelpadding.h @@ -13,8 +13,6 @@ #include "trunnel/channelpadding_negotiation.h" -#define CHANNELPADDING_TOR2WEB_PARAM "nf_pad_tor2web" -#define CHANNELPADDING_TOR2WEB_DEFAULT 1 #define CHANNELPADDING_SOS_PARAM "nf_pad_single_onion" #define CHANNELPADDING_SOS_DEFAULT 1 diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c index e22ddabde3..5c3d209448 100644 --- a/src/core/or/circuitbuild.c +++ b/src/core/or/circuitbuild.c @@ -408,10 +408,10 @@ onion_populate_cpath(origin_circuit_t *circ) * edge cases. */ tor_assert(circuit_get_cpath_len(circ)); if (circuit_can_use_tap(circ)) { - /* Circuits from clients to intro points, and hidden services to - * rend points do not support ntor, because the hidden service protocol - * does not include ntor onion keys. This is also true for Tor2web clients - * and Single Onion Services. */ + /* Circuits from clients to intro points, and hidden services to rend + * points do not support ntor, because the hidden service protocol does + * not include ntor onion keys. This is also true for Single Onion + * Services. */ return 0; } @@ -824,7 +824,6 @@ circuit_timeout_want_to_count_circ(const origin_circuit_t *circ) * accordingly. * Note that TAP handshakes in CREATE cells are only used for direct * connections: - * - from Tor2web to intro points not in the client's consensus, and * - from Single Onions to rend points not in the service's consensus. * This is checked in onion_populate_cpath. */ static void @@ -1985,98 +1984,11 @@ choose_good_exit_server_general(router_crn_flags_t flags) return NULL; } -#if defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS) -/* The config option Tor2webRendezvousPoints has been set and we need - * to pick an RP out of that set. Make sure that the RP we choose is - * alive, and return it. Return NULL if no usable RP could be found in - * Tor2webRendezvousPoints. */ -STATIC const node_t * -pick_tor2web_rendezvous_node(router_crn_flags_t flags, - const or_options_t *options) -{ - const node_t *rp_node = NULL; - const int need_desc = (flags & CRN_NEED_DESC) != 0; - const int pref_addr = (flags & CRN_PREF_ADDR) != 0; - const int direct_conn = (flags & CRN_DIRECT_CONN) != 0; - - smartlist_t *whitelisted_live_rps = smartlist_new(); - smartlist_t *all_live_nodes = smartlist_new(); - - tor_assert(options->Tor2webRendezvousPoints); - - /* Add all running nodes to all_live_nodes */ - router_add_running_nodes_to_smartlist(all_live_nodes, - 0, 0, 0, - need_desc, - pref_addr, - direct_conn); - - /* Filter all_live_nodes to only add live *and* whitelisted RPs to - * the list whitelisted_live_rps. */ - SMARTLIST_FOREACH_BEGIN(all_live_nodes, node_t *, live_node) { - if (routerset_contains_node(options->Tor2webRendezvousPoints, live_node)) { - smartlist_add(whitelisted_live_rps, live_node); - } - } SMARTLIST_FOREACH_END(live_node); - - /* Honor ExcludeNodes */ - if (options->ExcludeNodes) { - routerset_subtract_nodes(whitelisted_live_rps, options->ExcludeNodes); - } - - /* Now pick randomly amongst the whitelisted RPs. No need to waste time - doing bandwidth load balancing, for most use cases - 'whitelisted_live_rps' contains a single OR anyway. */ - rp_node = smartlist_choose(whitelisted_live_rps); - - if (!rp_node) { - log_warn(LD_REND, "Could not find a Rendezvous Point that suits " - "the purposes of Tor2webRendezvousPoints. Choosing random one."); - } - - smartlist_free(whitelisted_live_rps); - smartlist_free(all_live_nodes); - - return rp_node; -} -#endif /* defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS) */ - /* Pick a Rendezvous Point for our HS circuits according to flags. */ static const node_t * pick_rendezvous_node(router_crn_flags_t flags) { const or_options_t *options = get_options(); - -#ifdef ENABLE_TOR2WEB_MODE - /* We want to connect directly to the node if we can */ - router_crn_flags_t direct_flags = flags; - direct_flags |= CRN_PREF_ADDR; - direct_flags |= CRN_DIRECT_CONN; - - /* The user wants us to pick specific RPs. */ - if (options->Tor2webRendezvousPoints) { - const node_t *tor2web_rp = pick_tor2web_rendezvous_node(direct_flags, - options); - if (tor2web_rp) { - return tor2web_rp; - } - } - - /* Else, if no direct, preferred tor2web RP was found, fall back to choosing - * a random direct node */ - const node_t *node = router_choose_random_node(NULL, options->ExcludeNodes, - direct_flags); - /* Return the direct node (if found), or log a message and fall back to an - * indirect connection. */ - if (node) { - return node; - } else { - log_info(LD_REND, - "Unable to find a random rendezvous point that is reachable via " - "a direct connection, falling back to a 3-hop path."); - } -#endif /* defined(ENABLE_TOR2WEB_MODE) */ - return router_choose_random_node(NULL, options->ExcludeNodes, flags); } diff --git a/src/core/or/circuitbuild.h b/src/core/or/circuitbuild.h index 9f5d99c2a5..0c6f2f6ce5 100644 --- a/src/core/or/circuitbuild.h +++ b/src/core/or/circuitbuild.h @@ -93,14 +93,10 @@ STATIC int onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit_ei, int is_hs_v3_rp_circuit); -#if defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS) -enum router_crn_flags_t; -STATIC const node_t *pick_tor2web_rendezvous_node( - enum router_crn_flags_t flags, - const or_options_t *options); +#if defined(TOR_UNIT_TESTS) unsigned int cpath_get_n_hops(crypt_path_t **head_ptr); -#endif /* defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS) */ +#endif /* defined(TOR_UNIT_TESTS) */ #endif /* defined(CIRCUITBUILD_PRIVATE) */ diff --git a/src/core/or/circuitstats.c b/src/core/or/circuitstats.c index 63cd21540d..9ebf618b45 100644 --- a/src/core/or/circuitstats.c +++ b/src/core/or/circuitstats.c @@ -113,8 +113,7 @@ get_circuit_build_timeout_ms(void) * 2. If the torrc option LearnCircuitBuildTimeout is false. * 3. If we are a directory authority * 4. If we fail to write circuit build time history to our state file. - * 5. If we are compiled or configured in Tor2web mode - * 6. If we are configured in Single Onion mode + * 5. If we are configured in Single Onion mode */ int circuit_build_times_disabled(const or_options_t *options) @@ -136,7 +135,7 @@ circuit_build_times_disabled_(const or_options_t *options, int config_disabled = !options->LearnCircuitBuildTimeout; int dirauth_disabled = authdir_mode(options); int state_disabled = did_last_state_file_write_fail() ? 1 : 0; - /* LearnCircuitBuildTimeout and Tor2web/Single Onion Services are + /* LearnCircuitBuildTimeout and Single Onion Services are * incompatible in two ways: * * - LearnCircuitBuildTimeout results in a low CBT, which @@ -148,12 +147,11 @@ circuit_build_times_disabled_(const or_options_t *options, * * If we fix both of these issues someday, we should test * these modes with LearnCircuitBuildTimeout on again. */ - int tor2web_disabled = rend_client_allow_non_anonymous_connection(options); int single_onion_disabled = rend_service_allow_non_anonymous_connection( options); if (consensus_disabled || config_disabled || dirauth_disabled || - state_disabled || tor2web_disabled || single_onion_disabled) { + state_disabled || single_onion_disabled) { #if 0 log_debug(LD_CIRC, "CircuitBuildTime learning is disabled. " diff --git a/src/core/or/circuituse.c b/src/core/or/circuituse.c index a3b9eb1713..4988a6b625 100644 --- a/src/core/or/circuituse.c +++ b/src/core/or/circuituse.c @@ -863,8 +863,7 @@ static time_t last_expired_clientside_circuits = 0; /** * As a diagnostic for bug 8387, log information about how many one-hop * circuits we have around that have been there for at least age - * seconds. Log a few of them. - * Ignores Single Onion Service intro and Tor2web redezvous circuits, they are + * seconds. Log a few of them. Ignores Single Onion Service intro, it is * expected to be long-term one-hop circuits. */ void @@ -889,10 +888,8 @@ circuit_log_ancient_one_hop_circuits(int age) (circ->purpose == CIRCUIT_PURPOSE_S_INTRO || circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED)) continue; - /* Tor2web deliberately makes long term one-hop rend connections, - * particularly when Tor2webRendezvousPoints is used. We only ignore - * active rend point connections, if we take a long time to rendezvous, - * that's worth logging. */ + /* We only ignore active rend point connections, if we take a long time + * to rendezvous, that's worth logging. */ if (rend_client_allow_non_anonymous_connection(options) && circ->purpose == CIRCUIT_PURPOSE_C_REND_JOINED) continue; @@ -1999,7 +1996,7 @@ circuit_should_use_vanguards(uint8_t purpose) * Return true for the set of conditions for which it is OK to use * a cannibalized circuit. * - * Don't cannibalize for onehops, or tor2web, or certain purposes. + * Don't cannibalize for onehops, or certain purposes. */ static int circuit_should_cannibalize_to_build(uint8_t purpose_to_build, @@ -2008,8 +2005,7 @@ circuit_should_cannibalize_to_build(uint8_t purpose_to_build, int need_specific_rp) { - /* Do not try to cannibalize if this is a one hop circuit, or - * is a tor2web/special rp. */ + /* Do not try to cannibalize if this is a one hop circuit. */ if (onehop_tunnel || need_specific_rp) { return 0; } @@ -2075,14 +2071,6 @@ circuit_launch_by_extend_info(uint8_t purpose, return NULL; } - /* If Tor2webRendezvousPoints is enabled and we are dealing with an - RP circuit, we want a specific RP node so we shouldn't canibalize - an already existing circuit. */ - if (get_options()->Tor2webRendezvousPoints && - purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND) { - need_specific_rp = 1; - } - /* If we can/should cannibalize another circuit to build this one, * then do so. */ if (circuit_should_cannibalize_to_build(purpose, @@ -2485,16 +2473,6 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn, else new_circ_purpose = desired_circuit_purpose; -#ifdef ENABLE_TOR2WEB_MODE - /* If tor2Web is on, then hidden service requests should be one-hop. - */ - if (options->Tor2webMode && - (new_circ_purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND || - new_circ_purpose == CIRCUIT_PURPOSE_C_INTRODUCING)) { - want_onehop = 1; - } -#endif /* defined(ENABLE_TOR2WEB_MODE) */ - /* Determine what kind of a circuit to launch, and actually launch it. */ { int flags = CIRCLAUNCH_NEED_CAPACITY; diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index 8e8a5e21ca..2ffd402502 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -1835,18 +1835,6 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, return -1; } -#ifdef ENABLE_TOR2WEB_MODE - /* If we're running in Tor2webMode, we don't allow anything BUT .onion - * addresses. */ - if (options->Tor2webMode) { - log_warn(LD_APP, "Refusing to connect to non-hidden-service hostname " - "or IP address %s because tor2web mode is enabled.", - safe_str_client(socks->address)); - connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY); - return -1; - } -#endif /* defined(ENABLE_TOR2WEB_MODE) */ - /* socks->address is a non-onion hostname or IP address. * If we can't do any non-onion requests, refuse the connection. * If we have a hostname but can't do DNS, refuse the connection. diff --git a/src/core/or/or.h b/src/core/or/or.h index 6edfd21dfb..e485b3a408 100644 --- a/src/core/or/or.h +++ b/src/core/or/or.h @@ -103,10 +103,6 @@ struct curve25519_public_key_t; #define cell_t tor_cell_t #endif -#ifdef ENABLE_TOR2WEB_MODE -#define NON_ANONYMOUS_MODE_ENABLED 1 -#endif - /** Helper macro: Given a pointer to to.base_, of type from*, return &to. */ #define DOWNCAST(to, ptr) ((to*)SUBTYPE_P(ptr, to, base_)) diff --git a/src/feature/dircache/directory.c b/src/feature/dircache/directory.c index a723176185..230fa69a1e 100644 --- a/src/feature/dircache/directory.c +++ b/src/feature/dircache/directory.c @@ -803,10 +803,8 @@ directory_choose_address_routerstatus(const routerstatus_t *status, * allowed by the firewall. * * (When Tor uploads and downloads a hidden service descriptor, it uses - * DIRIND_ANONYMOUS, except for Tor2Web, which uses DIRIND_ONEHOP. - * So this code will only modify the address for Tor2Web's HS descriptor - * fetches. Even Single Onion Servers (NYI) use DIRIND_ANONYMOUS, to avoid - * HSDirs denying service by rejecting descriptors.) + * DIRIND_ANONYMOUS. Even Single Onion Servers (NYI) use DIRIND_ANONYMOUS, + * to avoid HSDirs denying service by rejecting descriptors.) */ /* Initialise the OR / Dir addresses */ diff --git a/src/feature/rend/rendclient.c b/src/feature/rend/rendclient.c index 9f62156eb9..0b7d602d98 100644 --- a/src/feature/rend/rendclient.c +++ b/src/feature/rend/rendclient.c @@ -449,12 +449,7 @@ directory_get_from_hs_dir(const char *desc_id, char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64]; const rend_data_v2_t *rend_data; -#ifdef ENABLE_TOR2WEB_MODE - const int tor2web_mode = get_options()->Tor2webMode; - const int how_to_fetch = tor2web_mode ? DIRIND_ONEHOP : DIRIND_ANONYMOUS; -#else const int how_to_fetch = DIRIND_ANONYMOUS; -#endif /* defined(ENABLE_TOR2WEB_MODE) */ tor_assert(desc_id); tor_assert(rend_query); @@ -1226,15 +1221,12 @@ rend_parse_service_authorization(const or_options_t *options, /* Can Tor client code make direct (non-anonymous) connections to introduction * or rendezvous points? - * Returns true if tor was compiled with NON_ANONYMOUS_MODE_ENABLED, and is - * configured in Tor2web mode. */ + * Returns true if tor was compiled with NON_ANONYMOUS_MODE_ENABLED. */ int rend_client_allow_non_anonymous_connection(const or_options_t *options) { - /* Tor2web support needs to be compiled in to a tor binary. */ #ifdef NON_ANONYMOUS_MODE_ENABLED - /* Tor2web */ - return options->Tor2webMode ? 1 : 0; + return 1; #else (void)options; return 0; @@ -1247,9 +1239,7 @@ int rend_client_non_anonymous_mode_enabled(const or_options_t *options) { (void)options; - /* Tor2web support needs to be compiled in to a tor binary. */ #ifdef NON_ANONYMOUS_MODE_ENABLED - /* Tor2web */ return 1; #else return 0; diff --git a/src/feature/rend/rendcommon.c b/src/feature/rend/rendcommon.c index 5bf9477446..567cc5c1e4 100644 --- a/src/feature/rend/rendcommon.c +++ b/src/feature/rend/rendcommon.c @@ -983,7 +983,7 @@ rend_auth_decode_cookie(const char *cookie_in, uint8_t *cookie_out, * Onion services can be configured to start in this mode. * Prefer rend_client_allow_non_anonymous_connection() or * rend_service_allow_non_anonymous_connection() whenever possible, so that - * checks are specific to Single Onion Services or Tor2web. */ + * checks are specific to Single Onion Services. */ int rend_allow_non_anonymous_connection(const or_options_t* options) { @@ -996,7 +996,7 @@ rend_allow_non_anonymous_connection(const or_options_t* options) * Onion services can be configured to start in this mode. * Prefer rend_client_non_anonymous_mode_enabled() or * rend_service_non_anonymous_mode_enabled() whenever possible, so that checks - * are specific to Single Onion Services or Tor2web. */ + * are specific to Single Onion Services. */ int rend_non_anonymous_mode_enabled(const or_options_t *options) { @@ -1007,9 +1007,9 @@ rend_non_anonymous_mode_enabled(const or_options_t *options) /* Make sure that tor only builds one-hop circuits when they would not * compromise user anonymity. * - * One-hop circuits are permitted in Tor2web or Single Onion modes. + * One-hop circuits are permitted in Single Onion modes. * - * Tor2web or Single Onion modes are also allowed to make multi-hop circuits. + * Single Onion modes are also allowed to make multi-hop circuits. * For example, single onion HSDir circuits are 3-hop to prevent denial of * service. */ diff --git a/src/feature/rend/rendmid.c b/src/feature/rend/rendmid.c index 22cd6c3435..0fd6516eaa 100644 --- a/src/feature/rend/rendmid.c +++ b/src/feature/rend/rendmid.c @@ -237,7 +237,7 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request, } /* Check if we are configured to accept established rendezvous cells from - * client or in other words tor2web clients. */ + * client or in other words Tor2Web clients. */ if (channel_is_client(circ->p_chan) && dos_should_refuse_single_hop_client()) { /* Note it down for the heartbeat log purposes. */ diff --git a/src/test/test_channelpadding.c b/src/test/test_channelpadding.c index 5d696b8b80..de673de543 100644 --- a/src/test/test_channelpadding.c +++ b/src/test/test_channelpadding.c @@ -406,81 +406,12 @@ test_channelpadding_killonehop(void *arg) setup_mock_consensus(); setup_mock_network(); - /* Do we disable padding if tor2webmode or rsos are enabled, and - * the consensus says don't pad? */ - - /* Ensure we can kill tor2web and rsos padding if we want. */ - // First, test that padding works if either is enabled - smartlist_clear(current_md_consensus->net_params); - channelpadding_new_consensus_params(current_md_consensus); + /* Do we disable padding if rsos is enabled, and the consensus says don't + * pad? */ monotime_coarse_t now; monotime_coarse_get(&now); - tried_to_write_cell = 0; - get_options_mutable()->Tor2webMode = 1; - monotime_coarse_add_msec(&client_relay3->next_padding_time, &now, 100); - decision = channelpadding_decide_to_pad_channel(client_relay3); - tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED); - tt_assert(client_relay3->pending_padding_callback); - tt_int_op(tried_to_write_cell, OP_EQ, 0); - - decision = channelpadding_decide_to_pad_channel(client_relay3); - tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_ALREADY_SCHEDULED); - - // Wait for the timer - new_time += 101*NSEC_PER_MSEC; - monotime_coarse_set_mock_time_nsec(new_time); - monotime_set_mock_time_nsec(new_time); - monotime_coarse_get(&now); - timers_run_pending(); - tt_int_op(tried_to_write_cell, OP_EQ, 1); - tt_assert(!client_relay3->pending_padding_callback); - - // Then test disabling each via consensus param - smartlist_add(current_md_consensus->net_params, - (void*)"nf_pad_tor2web=0"); - channelpadding_new_consensus_params(current_md_consensus); - - // Before the client tries to pad, the relay will still pad: - tried_to_write_cell = 0; - monotime_coarse_add_msec(&relay3_client->next_padding_time, &now, 100); - get_options_mutable()->ORPort_set = 1; - get_options_mutable()->Tor2webMode = 0; - decision = channelpadding_decide_to_pad_channel(relay3_client); - tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED); - tt_assert(relay3_client->pending_padding_callback); - - // Wait for the timer - new_time += 101*NSEC_PER_MSEC; - monotime_coarse_set_mock_time_nsec(new_time); - monotime_set_mock_time_nsec(new_time); - monotime_coarse_get(&now); - timers_run_pending(); - tt_int_op(tried_to_write_cell, OP_EQ, 1); - tt_assert(!client_relay3->pending_padding_callback); - - // Test client side (it should stop immediately, but send a negotiate) - tried_to_write_cell = 0; - tt_assert(relay3_client->padding_enabled); - tt_assert(client_relay3->padding_enabled); - get_options_mutable()->Tor2webMode = 1; - /* For the relay to receive the negotiate: */ - get_options_mutable()->ORPort_set = 1; - decision = channelpadding_decide_to_pad_channel(client_relay3); - tt_int_op(decision, OP_EQ, CHANNELPADDING_WONTPAD); - tt_int_op(tried_to_write_cell, OP_EQ, 1); - tt_assert(!client_relay3->pending_padding_callback); - tt_assert(!relay3_client->padding_enabled); - - // Test relay side (it should have gotten the negotiation to disable) - get_options_mutable()->ORPort_set = 1; - get_options_mutable()->Tor2webMode = 0; - tt_int_op(channelpadding_decide_to_pad_channel(relay3_client), OP_EQ, - CHANNELPADDING_WONTPAD); - tt_assert(!relay3_client->padding_enabled); - - /* Repeat for SOS */ // First, test that padding works if either is enabled smartlist_clear(current_md_consensus->net_params); channelpadding_new_consensus_params(current_md_consensus); diff --git a/src/test/test_hs.c b/src/test/test_hs.c index 135df8e9f3..e3599d5720 100644 --- a/src/test/test_hs.c +++ b/src/test/test_hs.c @@ -354,76 +354,6 @@ test_hs_desc_event(void *arg) tor_free(received_msg); } -/* Make sure we always pick the right RP, given a well formatted - * Tor2webRendezvousPoints value. */ -static void -test_pick_tor2web_rendezvous_node(void *arg) -{ - or_options_t *options = get_options_mutable(); - const node_t *chosen_rp = NULL; - router_crn_flags_t flags = CRN_NEED_DESC; - int retval, i; - const char *tor2web_rendezvous_str = "test003r"; - - (void) arg; - - /* Setup fake routerlist. */ - helper_setup_fake_routerlist(); - - /* Parse Tor2webRendezvousPoints as a routerset. */ - options->Tor2webRendezvousPoints = routerset_new(); - options->UseMicrodescriptors = 0; - retval = routerset_parse(options->Tor2webRendezvousPoints, - tor2web_rendezvous_str, - "test_tor2web_rp"); - tt_int_op(retval, OP_GE, 0); - - /* Pick rendezvous point. Make sure the correct one is - picked. Repeat many times to make sure it works properly. */ - for (i = 0; i < 50 ; i++) { - chosen_rp = pick_tor2web_rendezvous_node(flags, options); - tt_assert(chosen_rp); - tt_str_op(chosen_rp->ri->nickname, OP_EQ, tor2web_rendezvous_str); - } - - done: - routerset_free(options->Tor2webRendezvousPoints); -} - -/* Make sure we never pick an RP if Tor2webRendezvousPoints doesn't - * correspond to an actual node. */ -static void -test_pick_bad_tor2web_rendezvous_node(void *arg) -{ - or_options_t *options = get_options_mutable(); - const node_t *chosen_rp = NULL; - router_crn_flags_t flags = CRN_NEED_DESC; - int retval, i; - const char *tor2web_rendezvous_str = "dummy"; - - (void) arg; - - /* Setup fake routerlist. */ - helper_setup_fake_routerlist(); - - /* Parse Tor2webRendezvousPoints as a routerset. */ - options->Tor2webRendezvousPoints = routerset_new(); - retval = routerset_parse(options->Tor2webRendezvousPoints, - tor2web_rendezvous_str, - "test_tor2web_rp"); - tt_int_op(retval, OP_GE, 0); - - /* Pick rendezvous point. Since Tor2webRendezvousPoints was set to a - dummy value, we shouldn't find any eligible RPs. */ - for (i = 0; i < 50 ; i++) { - chosen_rp = pick_tor2web_rendezvous_node(flags, options); - tt_ptr_op(chosen_rp, OP_EQ, NULL); - } - - done: - routerset_free(options->Tor2webRendezvousPoints); -} - /* Make sure rend_data_t is valid at creation, destruction and when * duplicated. */ static void @@ -1046,11 +976,6 @@ struct testcase_t hs_tests[] = { NULL, NULL }, { "hs_desc_event", test_hs_desc_event, TT_FORK, NULL, NULL }, - { "pick_tor2web_rendezvous_node", test_pick_tor2web_rendezvous_node, TT_FORK, - NULL, NULL }, - { "pick_bad_tor2web_rendezvous_node", - test_pick_bad_tor2web_rendezvous_node, TT_FORK, - NULL, NULL }, { "hs_auth_cookies", test_hs_auth_cookies, TT_FORK, NULL, NULL }, { "single_onion_poisoning_create_dir_none", test_single_onion_poisoning, diff --git a/src/test/test_options.c b/src/test/test_options.c index 396965401e..a0efd7d051 100644 --- a/src/test/test_options.c +++ b/src/test/test_options.c @@ -2423,36 +2423,6 @@ test_options_validate__circuits(void *ignored) tor_free(msg); } -static void -test_options_validate__tor2web(void *ignored) -{ - (void)ignored; - int ret; - char *msg; - options_test_data_t *tdata = NULL; - - free_options_test_data(tdata); - tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES - "Tor2webRendezvousPoints 1\n"); - ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg); - tt_int_op(ret, OP_EQ, -1); - tt_str_op(msg, OP_EQ, - "Tor2webRendezvousPoints cannot be set without Tor2webMode."); - tor_free(msg); - - free_options_test_data(tdata); - tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES - "Tor2webRendezvousPoints 1\nTor2webMode 1\n"); - ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg); - tt_int_op(ret, OP_EQ, 0); - tor_free(msg); - - done: - policies_free_all(); - free_options_test_data(tdata); - tor_free(msg); -} - static void test_options_validate__rend(void *ignored) { @@ -2566,13 +2536,11 @@ test_options_validate__single_onion(void *ignored) tt_ptr_op(msg, OP_EQ, NULL); free_options_test_data(tdata); - /* Test that SOCKSPort must come with Tor2webMode if - * HiddenServiceSingleHopMode is 1 */ + /* Test that SOCKSPort if HiddenServiceSingleHopMode is 1 */ tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES "SOCKSPort 5000\n" "HiddenServiceSingleHopMode 1\n" "HiddenServiceNonAnonymousMode 1\n" - "Tor2webMode 0\n" ); ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg); tt_int_op(ret, OP_EQ, -1); @@ -2587,7 +2555,6 @@ test_options_validate__single_onion(void *ignored) "SOCKSPort 0\n" "HiddenServiceSingleHopMode 1\n" "HiddenServiceNonAnonymousMode 1\n" - "Tor2webMode 0\n" ); ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg); tt_int_op(ret, OP_EQ, 0); @@ -2597,27 +2564,13 @@ test_options_validate__single_onion(void *ignored) tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES "SOCKSPort 5000\n" "HiddenServiceSingleHopMode 0\n" - "Tor2webMode 0\n" ); ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg); tt_int_op(ret, OP_EQ, 0); tt_ptr_op(msg, OP_EQ, NULL); free_options_test_data(tdata); - tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES - "SOCKSPort 5000\n" - "HiddenServiceSingleHopMode 1\n" - "HiddenServiceNonAnonymousMode 1\n" - "Tor2webMode 1\n" - ); - ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg); - tt_int_op(ret, OP_EQ, 0); - tt_ptr_op(msg, OP_EQ, NULL); - free_options_test_data(tdata); - - /* Test that a hidden service can't be run with Tor2web - * Use HiddenServiceNonAnonymousMode instead of Tor2webMode, because - * Tor2webMode requires a compilation #define */ + /* Test that a hidden service can't be run in non anonymous mode. */ tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES "HiddenServiceNonAnonymousMode 1\n" "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n" @@ -4222,7 +4175,6 @@ struct testcase_t options_tests[] = { LOCAL_VALIDATE_TEST(path_bias), LOCAL_VALIDATE_TEST(bandwidth), LOCAL_VALIDATE_TEST(circuits), - LOCAL_VALIDATE_TEST(tor2web), LOCAL_VALIDATE_TEST(rend), LOCAL_VALIDATE_TEST(single_onion), LOCAL_VALIDATE_TEST(accounting),