commit 93cb8072becb4213525d08a87fdf7284e6257168
parent 975102869a3b5957bc0a1f2103697371fbe04cd3
Author: George Kadianakis <desnacked@riseup.net>
Date: Mon, 24 Feb 2020 12:15:35 +0200
Final touches to #32709 based on Nick's feedback.
- Fix a bug and add unittest.
- Add changes file.
- Add man page entry.
Diffstat:
4 files changed, 35 insertions(+), 8 deletions(-)
diff --git a/changes/bug32709 b/changes/bug32709
@@ -0,0 +1,4 @@
+ o Major features (v3 onion services):
+ - Allow v3 onion services to act as OnionBalance backend instances using
+ the HiddenServiceOnionBalanceInstance torrc option. Closes ticket 32709.
+
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
@@ -3128,6 +3128,19 @@ The next section describes the per service options that can only be set
The HAProxy version 1 protocol is described in detail at
https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
+[[HiddenServiceOnionBalanceInstance]] **HiddenServiceOnionBalanceInstance** **0**|**1**::
+
+ If set to 1, this onion service becomes an OnionBalance instance and will
+ accept client connections destined to an OnionBalance frontend. In this
+ case, Tor expects to find a file named "ob_config" inside the
+ **HiddenServiceDir** directory with content:
+ +
+ MasterOnionAddress <frontend_onion_address>
+ +
+ where <frontend_onion_address> is the onion address of the OnionBalance
+ frontend (e.g. wrxdvcaqpuzakbfww5sxs6r2uybczwijzfn2ezy2osaj7iox7kl7nhad.onion).
+
+
[[HiddenServiceMaxStreams]] **HiddenServiceMaxStreams** __N__::
The maximum number of simultaneous streams (connections) per rendezvous
circuit. The maximum value allowed is 65535. (Setting this to 0 will allow
diff --git a/src/feature/hs/hs_ob.c b/src/feature/hs/hs_ob.c
@@ -290,10 +290,10 @@ compute_subcredentials(const hs_service_t *service,
tor_assert(service->desc_current);
tor_assert(service->desc_next);
- /* Our caller made sure that we are an OB instance */
+ /* Make sure we are an OB instance, or bail out. */
num_pkeys = smartlist_len(service->config.ob_master_pubkeys);
if (!num_pkeys) {
- subcredentials_out = NULL;
+ *subcredentials_out = NULL;
return 0;
}
diff --git a/src/test/test_hs_ob.c b/src/test/test_hs_ob.c
@@ -171,6 +171,7 @@ test_get_subcredentials(void *arg)
int ret;
hs_service_t *service = NULL;
hs_service_config_t config;
+ hs_subcredential_t *subcreds = NULL;
(void) arg;
@@ -188,16 +189,24 @@ test_get_subcredentials(void *arg)
config.ob_master_pubkeys = smartlist_new();
tt_assert(config.ob_master_pubkeys);
- /* Generate a keypair to add to the list. */
- ed25519_keypair_generate(&onion_addr_kp_1, 0);
- smartlist_add(config.ob_master_pubkeys, &onion_addr_kp_1.pubkey);
-
/* Set up an instance */
service = tor_malloc_zero(sizeof(hs_service_t));
service->config = config;
+ /* Setup the service descriptors */
service->desc_current = service_descriptor_new();
service->desc_next = service_descriptor_new();
+ /* First try to compute subcredentials but with no OB keys. Make sure that
+ * subcreds get NULLed. To do this check we first poison subcreds. */
+ subcreds = (void*)999;
+ tt_ptr_op(subcreds, OP_NE, NULL);
+ size_t num = compute_subcredentials(service, &subcreds);
+ tt_ptr_op(subcreds, OP_EQ, NULL);
+
+ /* Generate a keypair to add to the OB keys list. */
+ ed25519_keypair_generate(&onion_addr_kp_1, 0);
+ smartlist_add(config.ob_master_pubkeys, &onion_addr_kp_1.pubkey);
+
/* Set up the instance subcredentials */
char current_subcred[SUBCRED_LEN];
char next_subcred[SUBCRED_LEN];
@@ -208,10 +217,11 @@ test_get_subcredentials(void *arg)
memcpy(service->desc_next->desc->subcredential.subcred, next_subcred,
SUBCRED_LEN);
- hs_subcredential_t *subcreds = NULL;
- size_t num = compute_subcredentials(service, &subcreds);
+ /* See that subcreds are computed properly */
+ num = compute_subcredentials(service, &subcreds);
/* 5 subcredentials: 3 for the frontend, 2 for the instance */
tt_uint_op(num, OP_EQ, 5);
+ tt_ptr_op(subcreds, OP_NE, NULL);
/* Validate the subcredentials we just got. We'll build them oursevles with
* the right time period steps and compare. */
