|
@@ -9,10 +9,12 @@ Status: Open
|
|
|
Change history:
|
|
Change history:
|
|
|
|
|
|
|
|
13-May-2007 Initial proposal
|
|
13-May-2007 Initial proposal
|
|
|
- 14-May-2007 Added changes suggested by Lasse Overlier
|
|
+ 14-May-2007 Added changes suggested by Lasse Øverlier
|
|
|
30-May-2007 Changed descriptor format, key length discussion, typos
|
|
30-May-2007 Changed descriptor format, key length discussion, typos
|
|
|
09-Jul-2007 Incorporated suggestions by Roger, added status of specification
|
|
09-Jul-2007 Incorporated suggestions by Roger, added status of specification
|
|
|
and implementation for upcoming GSoC mid-term evaluation
|
|
and implementation for upcoming GSoC mid-term evaluation
|
|
|
|
|
+ 11-Aug-2007 Updated implementation statuses, included non-consecutive
|
|
|
|
|
+ replication to descriptor format
|
|
|
|
|
|
|
|
Overview:
|
|
Overview:
|
|
|
|
|
|
|
@@ -128,8 +130,13 @@ Design:
|
|
|
- routerlist.c: Changed router_get_routerlist() to initialize routing list.
|
|
- routerlist.c: Changed router_get_routerlist() to initialize routing list.
|
|
|
- or.h: Added hs_dirs member to routerlist_t.
|
|
- or.h: Added hs_dirs member to routerlist_t.
|
|
|
|
|
|
|
|
- [July 9: Specified and running, though the routing list is compiled for
|
|
+ - Changed routerlist_free() to free storage held by routing list.
|
|
|
- each request anew.]
|
|
+ - Added UPDATE_HS_DIRS_INTERVAL.
|
|
|
|
|
+ - Added update_hs_dir_routing_table().
|
|
|
|
|
+ - Changed run_scheduled_events().
|
|
|
|
|
+ - Added is_hs_dir member to routerstatus_t.
|
|
|
|
|
+
|
|
|
|
|
+ [Aug 11: Specified and running.]
|
|
|
|
|
|
|
|
/2/ Determine responsible hidden service directory
|
|
/2/ Determine responsible hidden service directory
|
|
|
|
|
|
|
@@ -144,11 +151,13 @@ Design:
|
|
|
- rend-spec.txt, section 1.4: Added description of how to determine the
|
|
- rend-spec.txt, section 1.4: Added description of how to determine the
|
|
|
responsible node(s) for a given descriptor ID.
|
|
responsible node(s) for a given descriptor ID.
|
|
|
|
|
|
|
|
- - routerlist.c: Added get_responsible_hs_dir() to determine the router that
|
|
+ - routerlist.c: Added get_responsible_hs_dirs() to determine the routers
|
|
|
- is responsible for a given descriptor ID.
|
|
+ that are responsible for a given descriptor ID.
|
|
|
- - container.h: Added prototype for smartlist_digest_next_circular().
|
|
+
|
|
|
- - container.c: Added implementation for smartlist_digest_next_circular().
|
|
+ - Added is_hs_dir member to routerstatus_t.
|
|
|
-
|
|
+ - Added have_enough_hs_dirs().
|
|
|
|
|
+ - Added next_hs_dir().
|
|
|
|
|
+
|
|
|
[July 9: Specified and running.]
|
|
[July 9: Specified and running.]
|
|
|
|
|
|
|
|
Hidden service clients and providers:
|
|
Hidden service clients and providers:
|
|
@@ -220,20 +229,19 @@ Design:
|
|
|
- routerparse.c: Added 8 keywords to directory_keyword to parse v2 hidden
|
|
- routerparse.c: Added 8 keywords to directory_keyword to parse v2 hidden
|
|
|
service descriptors.
|
|
service descriptors.
|
|
|
- rendcommon.c: Added rend_cache_store_v2_dir() to allow a hidden service
|
|
- rendcommon.c: Added rend_cache_store_v2_dir() to allow a hidden service
|
|
|
- directory to store a v2 descriptor in the local cache under its
|
|
+ directory to parse a v2 descriptor and store it in the local cache under
|
|
|
- descriptor ID instead of its service ID.
|
|
+ its descriptor ID instead of its service ID.
|
|
|
- - rendcommon.c: Moved the parsing part from rend_cache_store() to the new
|
|
|
|
|
- function rend_cache_store_parse() to reuse it for v2 descriptors.
|
|
|
|
|
- or.h: Added constant REND_DESC_ID_V2_LEN to reflect that v2 descriptor
|
|
- or.h: Added constant REND_DESC_ID_V2_LEN to reflect that v2 descriptor
|
|
|
IDs are longer than v0/1 onion addresses.
|
|
IDs are longer than v0/1 onion addresses.
|
|
|
|
|
|
|
|
- [July 9: Base version specified and running; no checking of published
|
|
+ - Changed directory_handle_command_post().
|
|
|
- descriptors, tunneling over BEGIN_DIR cells not yet implemented.]
|
|
+
|
|
|
|
|
+ [Aug 11: Specified and running.]
|
|
|
|
|
|
|
|
/7/ Accept v2 fetch requests
|
|
/7/ Accept v2 fetch requests
|
|
|
|
|
|
|
|
Same as /6/, but with fetch requests for hidden service descriptors.
|
|
Same as /6/, but with fetch requests for hidden service descriptors.
|
|
|
- (requires /4/)
|
|
+ (requires /2/ and /4/)
|
|
|
|
|
|
|
|
- rend-spec.txt, section 3.3: Added the processing of v2 fetch requests.
|
|
- rend-spec.txt, section 3.3: Added the processing of v2 fetch requests.
|
|
|
|
|
|
|
@@ -243,8 +251,9 @@ Design:
|
|
|
- or.h: Added constant REND_DESC_ID_V2_LEN to reflect that v2 descriptor
|
|
- or.h: Added constant REND_DESC_ID_V2_LEN to reflect that v2 descriptor
|
|
|
IDs are longer than v0/1 onion addresses.
|
|
IDs are longer than v0/1 onion addresses.
|
|
|
|
|
|
|
|
- [July 9: Base version specified and running; tunneling over BEGIN_DIR
|
|
+ - Changed directory_handle_command_get().
|
|
|
- cells not yet implemented.]
|
|
+
|
|
|
|
|
+ [Aug 11: Specified and running.]
|
|
|
|
|
|
|
|
/8/ Replicate descriptors with neighbors
|
|
/8/ Replicate descriptors with neighbors
|
|
|
|
|
|
|
@@ -261,7 +270,18 @@ Design:
|
|
|
|
|
|
|
|
- rend-spec.txt, section 3.3: Added the replication of v2 descriptors.
|
|
- rend-spec.txt, section 3.3: Added the replication of v2 descriptors.
|
|
|
|
|
|
|
|
- [July 9: To some extend specified, but not yet implemented.]
|
|
+ - Added HS_DIR_REPLICATION_INTERVAL.
|
|
|
|
|
+ - Added next_hs_dir and previous_hs_dir.
|
|
|
|
|
+ - Changed directory_handle_command_get().
|
|
|
|
|
+ - Changed run_scheduled_events.
|
|
|
|
|
+ - Added hs_dir_perform_replication().
|
|
|
|
|
+ - Added rend_cache_lookup_v2_replicas.
|
|
|
|
|
+ - Added DIR_PURPOSE_REPLICATE_RENDDESC_V2.
|
|
|
|
|
+ - Changed directory_initiate_command.
|
|
|
|
|
+ - directory_send_command.
|
|
|
|
|
+ - Changed connection_dir_client_reached_eof.
|
|
|
|
|
+
|
|
|
|
|
+ [Aug 11: To some extend specified, running.]
|
|
|
|
|
|
|
|
Authoritative directory nodes:
|
|
Authoritative directory nodes:
|
|
|
|
|
|
|
@@ -286,15 +306,16 @@ Design:
|
|
|
"hidden-service-directory" flag in router descriptors.
|
|
"hidden-service-directory" flag in router descriptors.
|
|
|
- routerparse.c: Added 1 keyword to directory_keyword to parse the
|
|
- routerparse.c: Added 1 keyword to directory_keyword to parse the
|
|
|
"hidden-service-dir" flag in router descriptors.
|
|
"hidden-service-dir" flag in router descriptors.
|
|
|
- - or.h: Added is_hs_dir member to routerinfo_t and to routerstatus_t.
|
|
+ - or.h: Added is_hs_dir and wants_to_be_hs_dir members to routerinfo_t.
|
|
|
- dirserv.c: Changed routerstatus_format_entry() to include the "HSDir"
|
|
- dirserv.c: Changed routerstatus_format_entry() to include the "HSDir"
|
|
|
flag in vote and consensus status documents.
|
|
flag in vote and consensus status documents.
|
|
|
- dirserv.c: Changed set_routerstatus_from_routerinfo() to set the "HSDir"
|
|
- dirserv.c: Changed set_routerstatus_from_routerinfo() to set the "HSDir"
|
|
|
flag.
|
|
flag.
|
|
|
|
|
|
|
|
- [July 9: Base version specified and running in which all nodes that have
|
|
+ - Added dirserv_thinks_router_is_hs_dir().
|
|
|
- the hidden-service-dir flag set in their router descriptor get the
|
|
+ - Added MIN_UPTIME_HS_DIR and HS_DIR_REACHABLE_TIMEOUT.
|
|
|
- HSDir flag, not only those which are running for at least 24 hours.]
|
|
+
|
|
|
|
|
+ [Aug 11: Specified and running.]
|
|
|
|
|
|
|
|
Hidden service provider:
|
|
Hidden service provider:
|
|
|
|
|
|
|
@@ -339,6 +360,8 @@ Design:
|
|
|
service provider uses a freshly generated public key for every
|
|
service provider uses a freshly generated public key for every
|
|
|
introduction point.
|
|
introduction point.
|
|
|
|
|
|
|
|
|
|
+ - TODO: Change in rend_encode_v2_descriptors.
|
|
|
|
|
+
|
|
|
[July 9: Specified, but not yet implemented.]
|
|
[July 9: Specified, but not yet implemented.]
|
|
|
|
|
|
|
|
/12/ Encode v2 descriptors and send v2 publish requests
|
|
/12/ Encode v2 descriptors and send v2 publish requests
|
|
@@ -352,7 +375,7 @@ Design:
|
|
|
the next period. Publication is performed by sending the descriptor to all
|
|
the next period. Publication is performed by sending the descriptor to all
|
|
|
hidden service directories that are responsible for keeping replicas for
|
|
hidden service directories that are responsible for keeping replicas for
|
|
|
the descriptor ID. This includes two non-consecutive replicas that are
|
|
the descriptor ID. This includes two non-consecutive replicas that are
|
|
|
- stored at 3 consecutive nodes each. (requires /1/ and /3/)
|
|
+ stored at 3 consecutive nodes each. (requires /1/, /2/, and /3/)
|
|
|
|
|
|
|
|
- rend-spec.txt, section 1.2: Added the new v2 hidden service descriptor
|
|
- rend-spec.txt, section 1.2: Added the new v2 hidden service descriptor
|
|
|
format.
|
|
format.
|
|
@@ -365,24 +388,19 @@ Design:
|
|
|
- rendservice.c: Changed rend_consider_services_upload() to also initiate
|
|
- rendservice.c: Changed rend_consider_services_upload() to also initiate
|
|
|
the upload of v2 descriptors, if configured.
|
|
the upload of v2 descriptors, if configured.
|
|
|
- rendservice.c: Extended rend_service_t by a member secret_cookie.
|
|
- rendservice.c: Extended rend_service_t by a member secret_cookie.
|
|
|
- - rendcommon.c: Added rend_compute_v2_descriptor_fields() to prepare the
|
|
|
|
|
- encoding of a v2 descriptor.
|
|
|
|
|
- rendcommon.c: Added rend_encode_v2_descriptor() to encode a v2
|
|
- rendcommon.c: Added rend_encode_v2_descriptor() to encode a v2
|
|
|
descriptor.
|
|
descriptor.
|
|
|
- - or.h: Added 7 new members to rend_service_descriptor_t to store
|
|
|
|
|
- v2-specific information.
|
|
|
|
|
- or.h: Added constant DIR_PURPOSE_UPLOAD_RENDDESC_V2.
|
|
- or.h: Added constant DIR_PURPOSE_UPLOAD_RENDDESC_V2.
|
|
|
- directory.c: Added directory_post_to_hs_dir().
|
|
- directory.c: Added directory_post_to_hs_dir().
|
|
|
- directory.c: Changed directory_initiate_command() to also recognize v2
|
|
- directory.c: Changed directory_initiate_command() to also recognize v2
|
|
|
publish requests.
|
|
publish requests.
|
|
|
- directory.c: Changed directory_send_command() to also prepare v2 publish
|
|
- directory.c: Changed directory_send_command() to also prepare v2 publish
|
|
|
requests.
|
|
requests.
|
|
|
- - directory.c: Changed directory_handle_command_post() to handle v2 publish
|
|
|
|
|
- requests.
|
|
|
|
|
- crypto.c: Added implementation for crypto_cipher_encrypt_cbc().
|
|
- crypto.c: Added implementation for crypto_cipher_encrypt_cbc().
|
|
|
|
|
|
|
|
- [July 9: Base version specified and running; yet, replication is not
|
|
+ - Changed connection_dir_client_reached_eof().
|
|
|
- implemented, republication does not depend on publication periods, yet.]
|
|
+
|
|
|
|
|
+ [Aug 11: Specified and running.]
|
|
|
|
|
|
|
|
Hidden service client:
|
|
Hidden service client:
|
|
|
|
|
|
|
@@ -407,10 +425,10 @@ Design:
|
|
|
|
|
|
|
|
- rendcommon.c: Changed rend_cache_lookup_entry to enable it to also lookup
|
|
- rendcommon.c: Changed rend_cache_lookup_entry to enable it to also lookup
|
|
|
v2 descriptors.
|
|
v2 descriptors.
|
|
|
- - rendcommon.c: Added rend_compute_desc_id() to generate v2 descriptor IDs
|
|
+ - rendcommon.c: Added rend_compute_v2_desc_id() to generate v2 descriptor IDs
|
|
|
from v2 onion addresses.
|
|
from v2 onion addresses.
|
|
|
- rendcommon.c: Changed rend_valid_service_id() to also consider v2 onion
|
|
- rendcommon.c: Changed rend_valid_service_id() to also consider v2 onion
|
|
|
- addresses as valid and return the version number of the request (1 or 2).
|
|
+ addresses as valid and return the version number of the request (0 or 2).
|
|
|
- rendclient.c: Added rend_client_refetch_v2_renddesc() to fetch v2 service
|
|
- rendclient.c: Added rend_client_refetch_v2_renddesc() to fetch v2 service
|
|
|
descriptors using the secret cookie.
|
|
descriptors using the secret cookie.
|
|
|
- rendclient.c: Changed rend_client_remove_intro_point() to copy the secret
|
|
- rendclient.c: Changed rend_client_remove_intro_point() to copy the secret
|
|
@@ -425,16 +443,14 @@ Design:
|
|
|
fetch requests.
|
|
fetch requests.
|
|
|
- directory.c: Changed directory_send_command() to also prepare v2 fetch
|
|
- directory.c: Changed directory_send_command() to also prepare v2 fetch
|
|
|
requests.
|
|
requests.
|
|
|
- - directory.c: Changed directory_handle_command_get() to handle v2 fetch
|
|
|
|
|
- requests.
|
|
|
|
|
- connection_edge.c: Changed connection_ap_handshake_rewrite_and_attach()
|
|
- connection_edge.c: Changed connection_ap_handshake_rewrite_and_attach()
|
|
|
to fetch v2 service descriptors.
|
|
to fetch v2 service descriptors.
|
|
|
- connection_edge.c: Changed parse_extended_hostname() to accept both,
|
|
- connection_edge.c: Changed parse_extended_hostname() to accept both,
|
|
|
current and v2 onion addresses.
|
|
current and v2 onion addresses.
|
|
|
- config.c: Added config options FetchV2HidServDescriptors.
|
|
- config.c: Added config options FetchV2HidServDescriptors.
|
|
|
|
|
|
|
|
- [July 9: Base version specified and running in which only one node is
|
|
+ [Aug 11: Base version specified and running, but no memory of failed
|
|
|
- responsible for a specific descriptor ID.]
|
|
+ hidden service directories, yet.]
|
|
|
|
|
|
|
|
/14/ Process v2 fetch reply and parse v2 descriptors
|
|
/14/ Process v2 fetch reply and parse v2 descriptors
|
|
|
|
|
|
|
@@ -454,15 +470,14 @@ Design:
|
|
|
introduction points of v2 hidden service descriptors.
|
|
introduction points of v2 hidden service descriptors.
|
|
|
- routerparse.c: Added desc_token_table[] to parse v2 hidden service
|
|
- routerparse.c: Added desc_token_table[] to parse v2 hidden service
|
|
|
descriptors.
|
|
descriptors.
|
|
|
- - routerparse.c: Added 8 to directory_keyword to parse v2 hidden service
|
|
+ - routerparse.c: Added 8 keywords to directory_keyword to parse v2 hidden
|
|
|
- descriptors, and 5 to parse the decrypted list of introduction points.
|
|
+ service descriptors, and 5 to parse the decrypted list of introduction
|
|
|
|
|
+ points.
|
|
|
- rendcommon.c: Added rend_cache_store_v2_client() to parse a v2 descriptor
|
|
- rendcommon.c: Added rend_cache_store_v2_client() to parse a v2 descriptor
|
|
|
and parse the encrypted list of introduction points.
|
|
and parse the encrypted list of introduction points.
|
|
|
- - or.h: Added secret_cookie to edge_connection_t, to dir_connection_t, and
|
|
+ - or.h: Added rend_version and secret_cookie to edge_connection_t, to
|
|
|
- to origin_circuit_t to be able to decrypt introduction points when
|
|
+ dir_connection_t, and to origin_circuit_t to be able to decrypt
|
|
|
- receiving a v2 descriptor.
|
|
+ introduction points when receiving a v2 descriptor.
|
|
|
- - or.h: Added 7 new members to rend_service_descriptor_t to store
|
|
|
|
|
- v2-specific information.
|
|
|
|
|
- directory.c: Changed connection_dir_client_reached_eof() to also parse v2
|
|
- directory.c: Changed connection_dir_client_reached_eof() to also parse v2
|
|
|
fetch replies.
|
|
fetch replies.
|
|
|
- crypto.c: Added implementation for crypto_cipher_decrypt_cbc().
|
|
- crypto.c: Added implementation for crypto_cipher_decrypt_cbc().
|
|
@@ -492,8 +507,6 @@ Design:
|
|
|
- or.h: Added secret_cookie to edge_connection_t, to dir_connection_t, and
|
|
- or.h: Added secret_cookie to edge_connection_t, to dir_connection_t, and
|
|
|
to origin_circuit_t to be able to decrypt introduction points when
|
|
to origin_circuit_t to be able to decrypt introduction points when
|
|
|
receiving a v2 descriptor.
|
|
receiving a v2 descriptor.
|
|
|
- - or.h: Added 7 new members to rend_service_descriptor_t to store
|
|
|
|
|
- v2-specific information.
|
|
|
|
|
- circuitlist.c: Changed _circuit_mark_for_close() to pass the secret
|
|
- circuitlist.c: Changed _circuit_mark_for_close() to pass the secret
|
|
|
cookie to rend_client_remove_intro_point() when an intro circ has failed.
|
|
cookie to rend_client_remove_intro_point() when an intro circ has failed.
|
|
|
- circuituse.c: Changed circuit_get_open_circ_or_launch() to fetch a v2
|
|
- circuituse.c: Changed circuit_get_open_circ_or_launch() to fetch a v2
|
|
@@ -510,12 +523,12 @@ Design:
|
|
|
The new v2 hidden service descriptor format looks like this:
|
|
The new v2 hidden service descriptor format looks like this:
|
|
|
|
|
|
|
|
onion-address = h(public-key) + cookie
|
|
onion-address = h(public-key) + cookie
|
|
|
- descriptor-id = h(h(public-key) + h(time-period + cookie))
|
|
+ descriptor-id = h(h(public-key) + h(time-period + cookie + relica))
|
|
|
descriptor-content = {
|
|
descriptor-content = {
|
|
|
descriptor-id,
|
|
descriptor-id,
|
|
|
version,
|
|
version,
|
|
|
public-key,
|
|
public-key,
|
|
|
- h(time-period + cookie),
|
|
+ h(time-period + cookie + replica),
|
|
|
timestamp,
|
|
timestamp,
|
|
|
protocol-versions,
|
|
protocol-versions,
|
|
|
{ introduction-points } encrypted with cookie
|
|
{ introduction-points } encrypted with cookie
|
|
@@ -531,13 +544,14 @@ Design:
|
|
|
|
|
|
|
|
Therefore, "descriptor-id" is derived from the "public-key" of the hidden
|
|
Therefore, "descriptor-id" is derived from the "public-key" of the hidden
|
|
|
service provider, the current "time-period" which changes every 24 hours,
|
|
service provider, the current "time-period" which changes every 24 hours,
|
|
|
- and a secret "cookie" shared between hidden service provider and clients.
|
|
+ a secret "cookie" shared between hidden service provider and clients, and
|
|
|
- (The "time-period" is constructed in a way that time periods do not change
|
|
+ a "replica" denoting the number of this non-consecutive replica. (The
|
|
|
- at the same moment for all descriptors by deriving a value between 0:00 and
|
|
+ "time-period" is constructed in a way that time periods do not change at
|
|
|
- 23:59 hours from "public-key" and making the descriptors of this hidden
|
|
+ the same moment for all descriptors by deriving a value between 0:00 and
|
|
|
|
|
+ 23:59 hours from h(public-key) and making the descriptors of this hidden
|
|
|
service provider expire at that time of the day.) The "descriptor-id" is
|
|
service provider expire at that time of the day.) The "descriptor-id" is
|
|
|
defined to be 160 bits long. [extending the "descriptor-id" length
|
|
defined to be 160 bits long. [extending the "descriptor-id" length
|
|
|
- suggested by LO]
|
|
+ suggested by LØ]
|
|
|
|
|
|
|
|
Only the hidden service provider and the clients are able to generate
|
|
Only the hidden service provider and the clients are able to generate
|
|
|
future "descriptor-ID"s. Hence, the "onion-address" is extended from now
|
|
future "descriptor-ID"s. Hence, the "onion-address" is extended from now
|
|
@@ -556,7 +570,7 @@ Design:
|
|
|
The "introduction-points" that are included in the descriptor are encrypted
|
|
The "introduction-points" that are included in the descriptor are encrypted
|
|
|
using the same "cookie" that is shared between hidden service provider and
|
|
using the same "cookie" that is shared between hidden service provider and
|
|
|
clients. [correction to use another key than h(time-period + cookie) as
|
|
clients. [correction to use another key than h(time-period + cookie) as
|
|
|
- encryption key for introduction points made by LO]
|
|
+ encryption key for introduction points made by LØ]
|
|
|
|
|
|
|
|
A new text-based format is proposed for descriptors instead of an extension
|
|
A new text-based format is proposed for descriptors instead of an extension
|
|
|
of the existing binary format for reasons of future extensibility.
|
|
of the existing binary format for reasons of future extensibility.
|
|
@@ -940,4 +954,10 @@ Implementation:
|
|
|
Added rend_decrypt_introduction_points() to decrypt and parse the list of
|
|
Added rend_decrypt_introduction_points() to decrypt and parse the list of
|
|
|
introduction points (/14/).
|
|
introduction points (/14/).
|
|
|
|
|
|
|
|
-
|
|
+Test:
|
|
|
|
|
+
|
|
|
|
|
+ The changes were tested via test functions in test.c for separate,
|
|
|
|
|
+ short-running functionality and using an automatic validation based on
|
|
|
|
|
+ PuppeTor.
|
|
|
|
|
+
|
|
|
|
|
+
|
Karsten Loesing