mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-11 21:53:48 +01:00
b560f852f2
Add experimental OnionServiceSingleHopMode and OnionServiceNonAnonymousMode options. When both are set to 1, every hidden service on a tor instance becomes a non-anonymous Single Onion Service. Single Onions make one-hop (direct) connections to their introduction and renzedvous points. One-hop circuits make Single Onion servers easily locatable, but clients remain location-anonymous. This is compatible with the existing hidden service implementation, and works on the current tor network without any changes to older relays or clients. Implements proposal #260, completes ticket #17178. Patch by teor & asn. squash! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Prop #260: Single Onion Services Redesign single onion service poisoning. When in OnionServiceSingleHopMode, each hidden service key is poisoned (marked as non-anonymous) on creation by creating a poison file in the hidden service directory. Existing keys are considered non-anonymous if this file exists, and anonymous if it does not. Tor refuses to launch in OnionServiceSingleHopMode if any existing keys are anonymous. Similarly, it refuses to launch in anonymous client mode if any existing keys are non-anonymous. Rewrite the unit tests to match and be more comprehensive. Adds a bonus unit test for rend_service_load_all_keys().
88 lines
3.4 KiB
C
88 lines
3.4 KiB
C
/* Copyright (c) 2001 Matej Pfajfar.
|
|
* Copyright (c) 2001-2004, Roger Dingledine.
|
|
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
|
* Copyright (c) 2007-2016, The Tor Project, Inc. */
|
|
/* See LICENSE for licensing information */
|
|
|
|
/**
|
|
* \file rendcommon.h
|
|
* \brief Header file for rendcommon.c.
|
|
**/
|
|
|
|
#ifndef TOR_RENDCOMMON_H
|
|
#define TOR_RENDCOMMON_H
|
|
|
|
typedef enum rend_intro_point_failure_t {
|
|
INTRO_POINT_FAILURE_GENERIC = 0,
|
|
INTRO_POINT_FAILURE_TIMEOUT = 1,
|
|
INTRO_POINT_FAILURE_UNREACHABLE = 2,
|
|
} rend_intro_point_failure_t;
|
|
|
|
/** Free all storage associated with <b>data</b> */
|
|
static inline void
|
|
rend_data_free(rend_data_t *data)
|
|
{
|
|
if (!data) {
|
|
return;
|
|
}
|
|
/* Cleanup the HSDir identity digest. */
|
|
SMARTLIST_FOREACH(data->hsdirs_fp, char *, d, tor_free(d));
|
|
smartlist_free(data->hsdirs_fp);
|
|
tor_free(data);
|
|
}
|
|
|
|
int rend_cmp_service_ids(const char *one, const char *two);
|
|
|
|
void rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint,
|
|
int command, size_t length,
|
|
const uint8_t *payload);
|
|
|
|
void rend_service_descriptor_free(rend_service_descriptor_t *desc);
|
|
int rend_get_service_id(crypto_pk_t *pk, char *out);
|
|
void rend_encoded_v2_service_descriptor_free(
|
|
rend_encoded_v2_service_descriptor_t *desc);
|
|
void rend_intro_point_free(rend_intro_point_t *intro);
|
|
|
|
int rend_valid_service_id(const char *query);
|
|
int rend_valid_descriptor_id(const char *query);
|
|
int rend_valid_client_name(const char *client_name);
|
|
int rend_encode_v2_descriptors(smartlist_t *descs_out,
|
|
rend_service_descriptor_t *desc, time_t now,
|
|
uint8_t period, rend_auth_type_t auth_type,
|
|
crypto_pk_t *client_key,
|
|
smartlist_t *client_cookies);
|
|
int rend_compute_v2_desc_id(char *desc_id_out, const char *service_id,
|
|
const char *descriptor_cookie,
|
|
time_t now, uint8_t replica);
|
|
void rend_get_descriptor_id_bytes(char *descriptor_id_out,
|
|
const char *service_id,
|
|
const char *secret_id_part);
|
|
int hid_serv_get_responsible_directories(smartlist_t *responsible_dirs,
|
|
const char *id);
|
|
|
|
rend_data_t *rend_data_dup(const rend_data_t *data);
|
|
rend_data_t *rend_data_client_create(const char *onion_address,
|
|
const char *desc_id,
|
|
const char *cookie,
|
|
rend_auth_type_t auth_type);
|
|
rend_data_t *rend_data_service_create(const char *onion_address,
|
|
const char *pk_digest,
|
|
const uint8_t *cookie,
|
|
rend_auth_type_t auth_type);
|
|
|
|
char *rend_auth_encode_cookie(const uint8_t *cookie_in,
|
|
rend_auth_type_t auth_type);
|
|
int rend_auth_decode_cookie(const char *cookie_in,
|
|
uint8_t *cookie_out,
|
|
rend_auth_type_t *auth_type_out,
|
|
char **err_msg_out);
|
|
|
|
int rend_allow_non_anonymous_connection(const or_options_t* options);
|
|
int rend_non_anonymous_mode_enabled(const or_options_t *options);
|
|
|
|
void assert_circ_anonymity_ok(origin_circuit_t *circ,
|
|
const or_options_t *options);
|
|
|
|
#endif
|
|
|