[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torspec/master] Add a NonAnonymous flag to ADD_ONION in control-spec

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [torspec/master] Add a NonAnonymous flag to ADD_ONION in control-spec
From: nickm@xxxxxxxxxxxxxx
Date: Tue, 13 Sep 2016 14:43:50 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 13 Sep 2016 10:52:01 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: teor <teor2345@xxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit b8fe774cb5d2d4b5ecc6edc0c0b1c7f82e363a77
Author: teor <teor2345@xxxxxxxxx>
Date:   Wed Sep 7 15:34:28 2016 +1000

    Add a NonAnonymous flag to ADD_ONION in control-spec
    
    Tor checks that the flag matches the onion service anonymity configured
    using OnionServiceSingleHopMode and OnionServiceNonAnonymousMode.
    
    Tor refuses to create unflagged onion service using ADD_ONION, if they
    would be non-anonymous. The error is:
    512 Tor is in non-anonymous onion mode
    
    Similarly, if the NonAnonymous flag is present, and Tor has the default
    anonymous onion config:
    512 Tor is in anonymous onion mode
---
 control-spec.txt | 34 +++++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/control-spec.txt b/control-spec.txt
index 37c6484..82524bb 100644
--- a/control-spec.txt
+++ b/control-spec.txt
@@ -1456,8 +1456,11 @@
                      private key as part of the response.
      "Detach"    / ; Do not associate the newly created Onion Service
                      to the current control connection.
-     "BasicAuth"   ; Client authorization is required using the "basic"
+     "BasicAuth" / ; Client authorization is required using the "basic"
                      method.
+     "NonAnonymous"; Add a non-anonymous Single Onion Service. Tor
+                     checks this flag matches its configured hidden
+                     service anonymity mode.
 
     VirtPort = The virtual TCP Port for the Onion Service (As in the
                HiddenServicePort "VIRTPORT" argument).
@@ -1499,6 +1502,16 @@
   "ClientBlob" is not specified for a client, a new credential will be
   randomly generated and returned.
 
+  Tor instances can either be in anonymous hidden service mode, or
+  non-anonymous single onion service mode. All hidden services on the same
+  tor instance have the same anonymity. To guard against unexpected loss
+  of anonymity, Tor checks that the ADD_ONION "NonAnonymous" flag matches
+  the current hidden service anonymity mode. The hidden service anonymity
+  mode is configured using the Tor options HiddenServiceSingleHopMode and
+  HiddenServiceNonAnonymousMode. If both these options are 1, the
+  "NonAnonymous" flag must be provided to ADD_ONION. If both these options
+  are 0 (the Tor default), the flag must NOT be provided.
+
   Once created the new Onion Service will remain active until either the
   Onion Service is removed via "DEL_ONION", the server terminates, or the
   control connection that originated the "ADD_ONION" command is closed.
@@ -1533,8 +1546,27 @@
      S: 250-ClientAuth=bob:[Blob Redacted]
      S: 250 OK
 
+  Examples with Tor in anonymous onion service mode:
+
+     C: ADD_ONION NEW:BEST Flags=DiscardPK Port=22
+     S: 250-ServiceID=testonion1234567
+     S: 250 OK
+
+     C: ADD_ONION NEW:BEST Flags=DiscardPK,NonAnonymous Port=22
+     S: 512 Tor is in anonymous hidden service mode
+
+  Examples with Tor in non-anonymous onion service mode:
+
+     C: ADD_ONION NEW:BEST Flags=DiscardPK Port=22
+     S: 512 Tor is in non-anonymous hidden service mode
+
+     C: ADD_ONION NEW:BEST Flags=DiscardPK,NonAnonymous Port=22
+     S: 250-ServiceID=testonion1234567
+     S: 250 OK
+
   [ADD_ONION was added in Tor 0.2.7.1-alpha.]
   [ClientAuth was added in Tor 0.2.9.1-alpha.]
+  [NonAnonymous was added in Tor 0.2.9.3-alpha.]
 
 3.28. DEL_ONION
 



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/master] Merge branch 'maint-0.2.8'
Next by Author: [tor-commits] [tor/master] Remove a little duplicated code before it becomes a lot
Previous by thread: [tor-commits] [tor/master] Ephemeral Single Onion Services must have the NonAnonymous ADD_ONION flag
Next by thread: [tor-commits] [tor/master] Fix a check-spaces warning.
Index(es):
- Author
- Thread