diff options
| author | Roger Dingledine <arma@torproject.org> | 2022-09-04 06:48:28 -0400 |
|---|---|---|
| committer | Micah Elizabeth Scott <beth@torproject.org> | 2023-05-10 07:37:11 -0700 |
| commit | 0716cd7cb203f21876bf6fe1e1acdc438d8e2031 (patch) | |
| tree | 709cbbe24cff950fd4e3144276d6d4d37be30a31 | |
| parent | d36144ba31e9841a3b8ebb1650406f72256a540b (diff) | |
| download | tor-0716cd7cb203f21876bf6fe1e1acdc438d8e2031.tar.gz tor-0716cd7cb203f21876bf6fe1e1acdc438d8e2031.zip | |
allow suggested effort to be 0
First (both client and service), make descriptor parsing not fail when
suggested_effort is 0.
Second (client side), if we get a descriptor with a pow_params section
but with suggested_effort of 0, treat it as not requiring a pow.
Third (service side), when deciding whether the suggested effort has
changed, don't treat "previous suggested effort 0, new suggested effort 0"
as a change.
An alternative design to resolve 'first' and 'second' above would be
to omit the pow_params from the descriptor when suggested_effort is 0,
so clients never see the pow_params so they don't compute a pow. But
I decided to include a pow_params with an explicit suggested_effort
of 0, since this way the client knows the seed etc so they can solve
a higher-effort pow if they want. The tradeoff is that the descriptor
reveals whether HiddenServicePoWDefensesEnabled is set to 1 for this onion
service, even if the AIMD calculation is currently requiring effort 0.
| -rw-r--r-- | src/feature/hs/hs_client.c | 3 | ||||
| -rw-r--r-- | src/feature/hs/hs_descriptor.c | 2 | ||||
| -rw-r--r-- | src/feature/hs/hs_service.c | 8 |
3 files changed, 7 insertions, 6 deletions
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index 2ba2692941..8ba6a5be55 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -675,7 +675,8 @@ send_introduce1(origin_circuit_t *intro_circ, /* If the descriptor contains PoW parameters then the service is * expecting a PoW solution in the INTRODUCE cell, which we solve here. */ - if (desc->encrypted_data.pow_params) { + if (desc->encrypted_data.pow_params && + desc->encrypted_data.pow_params->suggested_effort > 0) { log_debug(LD_REND, "PoW params present in descriptor."); pow_solution = tor_malloc_zero(sizeof(hs_pow_solution_t)); diff --git a/src/feature/hs/hs_descriptor.c b/src/feature/hs/hs_descriptor.c index 816946555b..d07f900e3a 100644 --- a/src/feature/hs/hs_descriptor.c +++ b/src/feature/hs/hs_descriptor.c @@ -2129,7 +2129,7 @@ decode_pow_params(const directory_token_t *tok, int ok; unsigned long effort = - tor_parse_ulong(tok->args[2], 10, 1, UINT32_MAX, &ok, NULL); + tor_parse_ulong(tok->args[2], 10, 0, UINT32_MAX, &ok, NULL); if (!ok) { log_warn(LD_REND, "Unparseable suggested effort %s in PoW params", escaped(tok->args[2])); diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 80f0863183..b50f996fbd 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -2464,16 +2464,16 @@ update_all_descriptors_pow_params(time_t now) /* Services SHOULD NOT upload a new descriptor if the suggested * effort value changes by less than 15 percent. */ previous_effort = encrypted->pow_params->suggested_effort; - if (pow_state->suggested_effort <= previous_effort * 0.85 || - previous_effort * 1.15 <= pow_state->suggested_effort) { + if (pow_state->suggested_effort < previous_effort * 0.85 || + previous_effort * 1.15 < pow_state->suggested_effort) { log_info(LD_REND, "Suggested effort changed significantly, " "updating descriptors..."); encrypted->pow_params->suggested_effort = pow_state->suggested_effort; descs_updated = 1; } else if (previous_effort != pow_state->suggested_effort) { /* The change in suggested effort was not significant enough to - warrant updating the descriptors, return 0 to reflect they are - unchanged. */ + * warrant updating the descriptors, return 0 to reflect they are + * unchanged. */ log_info(LD_REND, "Change in suggested effort didn't warrant " "updating descriptors."); } |