summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMicah Elizabeth Scott <beth@torproject.org>2023-03-08 15:44:55 -0800
committerMicah Elizabeth Scott <beth@torproject.org>2023-05-10 07:38:28 -0700
commitdcb9c4df67d116dc16f5361c8e4cd6e21fbb9abf (patch)
treee99810169c841c6cb74036d22a59dc4ccdf014a4 /src
parent9d1a57397739b869ab102783b858889bcc2e5066 (diff)
downloadtor-dcb9c4df67d116dc16f5361c8e4cd6e21fbb9abf.tar.gz
tor-dcb9c4df67d116dc16f5361c8e4cd6e21fbb9abf.zip
hs_pow: Make proof-of-work support optional in configure
This adds a new "pow" module for the user-visible proof of work support in ./configure, and this disables src/feature/hs/hs_pow at compile-time. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
Diffstat (limited to 'src')
-rw-r--r--src/app/config/config.c20
-rw-r--r--src/core/include.am1
-rw-r--r--src/feature/hs/hs_circuit.c2
-rw-r--r--src/feature/hs/hs_client.c11
-rw-r--r--src/feature/hs/hs_config.c6
-rw-r--r--src/feature/hs/hs_pow.c6
-rw-r--r--src/feature/hs/hs_pow.h55
-rw-r--r--src/feature/hs/hs_service.c8
-rw-r--r--src/feature/hs/include.am9
-rwxr-xr-xsrc/test/test_parseconf.sh6
10 files changed, 104 insertions, 20 deletions
diff --git a/src/app/config/config.c b/src/app/config/config.c
index cb71d0fb6d..24321b764f 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -88,9 +88,11 @@
#include "feature/control/control.h"
#include "feature/control/control_auth.h"
#include "feature/control/control_events.h"
+#include "feature/dircache/dirserv.h"
#include "feature/dirclient/dirclient_modes.h"
#include "feature/hibernate/hibernate.h"
#include "feature/hs/hs_config.h"
+#include "feature/hs/hs_pow.h"
#include "feature/metrics/metrics.h"
#include "feature/nodelist/dirlist.h"
#include "feature/nodelist/networkstatus.h"
@@ -2731,11 +2733,19 @@ list_deprecated_options(void)
static void
list_enabled_modules(void)
{
- printf("%s: %s\n", "relay", have_module_relay() ? "yes" : "no");
- printf("%s: %s\n", "dirauth", have_module_dirauth() ? "yes" : "no");
- // We don't list dircache, because it cannot be enabled or disabled
- // independently from relay. Listing it here would proliferate
- // test variants in test_parseconf.sh to no useful purpose.
+ static const struct {
+ const char *name;
+ bool have;
+ } list[] = {
+ { "relay", have_module_relay() },
+ { "dirauth", have_module_dirauth() },
+ { "dircache", have_module_dircache() },
+ { "pow", have_module_pow() }
+ };
+
+ for (unsigned i = 0; i < sizeof list / sizeof list[0]; i++) {
+ printf("%s: %s\n", list[i].name, list[i].have ? "yes" : "no");
+ }
}
/** Prints compile-time and runtime library versions. */
diff --git a/src/core/include.am b/src/core/include.am
index 7752a7974b..d24e5d5137 100644
--- a/src/core/include.am
+++ b/src/core/include.am
@@ -17,6 +17,7 @@ if UNITTESTS_ENABLED
LIBTOR_APP_TESTING_A_SOURCES += $(MODULE_RELAY_SOURCES)
LIBTOR_APP_TESTING_A_SOURCES += $(MODULE_DIRCACHE_SOURCES)
LIBTOR_APP_TESTING_A_SOURCES += $(MODULE_DIRAUTH_SOURCES)
+LIBTOR_APP_TESTING_A_SOURCES += $(MODULE_POW_SOURCES)
src_core_libtor_app_testing_a_SOURCES = $(LIBTOR_APP_TESTING_A_SOURCES)
else
diff --git a/src/feature/hs/hs_circuit.c b/src/feature/hs/hs_circuit.c
index 55b992ee28..f7ab6442b9 100644
--- a/src/feature/hs/hs_circuit.c
+++ b/src/feature/hs/hs_circuit.c
@@ -1369,7 +1369,7 @@ hs_circ_handle_introduce2(const hs_service_t *service,
/* Add the rendezvous request to the priority queue if PoW defenses are
* enabled, otherwise rendezvous as usual. */
- if (service->config.has_pow_defenses_enabled) {
+ if (have_module_pow() && service->config.has_pow_defenses_enabled) {
log_notice(LD_REND,
"Adding introduction request to pqueue with effort: %u",
data.rdv_data.pow_effort);
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 56547de7e7..6a404395ea 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -733,7 +733,8 @@ consider_sending_introduce1(origin_circuit_t *intro_circ,
/* If the descriptor contains PoW parameters then the service is
* expecting a PoW solution in the INTRODUCE cell, which we solve here. */
- if (desc->encrypted_data.pow_params &&
+ if (have_module_pow() &&
+ desc->encrypted_data.pow_params &&
desc->encrypted_data.pow_params->suggested_effort > 0) {
log_debug(LD_REND, "PoW params present in descriptor.");
@@ -752,9 +753,11 @@ consider_sending_introduce1(origin_circuit_t *intro_circ,
/* send it to the client-side pow cpuworker for solving. */
intro_circ->hs_currently_solving_pow = 1;
- pow_queue_work(intro_circ->global_identifier,
- rend_circ->global_identifier,
- desc->encrypted_data.pow_params);
+ if (0 != hs_pow_queue_work(intro_circ->global_identifier,
+ rend_circ->global_identifier,
+ desc->encrypted_data.pow_params)) {
+ log_debug(LD_REND, "Failed to enqueue PoW request");
+ }
/* can't proceed with the intro1 cell yet, so yield back to the
* main loop */
diff --git a/src/feature/hs/hs_config.c b/src/feature/hs/hs_config.c
index 0f5a8cf49a..296941138b 100644
--- a/src/feature/hs/hs_config.c
+++ b/src/feature/hs/hs_config.c
@@ -327,6 +327,12 @@ config_validate_service(const hs_service_config_t *config)
config->pow_queue_burst, config->pow_queue_rate);
goto invalid;
}
+ if (config->has_pow_defenses_enabled && !have_module_pow()) {
+ log_warn(LD_CONFIG, "Hidden service proof-of-work defenses are enabled "
+ "in our configuration but this build of tor does not "
+ "include the required 'pow' module.");
+ goto invalid;
+ }
/* Valid. */
return 0;
diff --git a/src/feature/hs/hs_pow.c b/src/feature/hs/hs_pow.c
index 3c02a4851e..8ca121762f 100644
--- a/src/feature/hs/hs_pow.c
+++ b/src/feature/hs/hs_pow.c
@@ -410,9 +410,9 @@ pow_worker_replyfn(void *work_)
* Queue the job of solving the pow in a worker thread.
*/
int
-pow_queue_work(uint32_t intro_circ_identifier,
- uint32_t rend_circ_identifier,
- const hs_pow_desc_params_t *pow_params)
+hs_pow_queue_work(uint32_t intro_circ_identifier,
+ uint32_t rend_circ_identifier,
+ const hs_pow_desc_params_t *pow_params)
{
tor_assert(in_main_thread());
diff --git a/src/feature/hs/hs_pow.h b/src/feature/hs/hs_pow.h
index 92ea011b2b..b27bd7441c 100644
--- a/src/feature/hs/hs_pow.h
+++ b/src/feature/hs/hs_pow.h
@@ -127,6 +127,9 @@ typedef struct hs_pow_solution_t {
equix_solution equix_solution;
} hs_pow_solution_t;
+#ifdef HAVE_MODULE_POW
+#define have_module_pow() (1)
+
/* API */
int hs_pow_solve(const hs_pow_desc_params_t *pow_params,
hs_pow_solution_t *pow_solution_out);
@@ -137,8 +140,54 @@ int hs_pow_verify(const hs_pow_service_state_t *pow_state,
void hs_pow_remove_seed_from_cache(uint32_t seed);
void hs_pow_free_service_state(hs_pow_service_state_t *state);
-int pow_queue_work(uint32_t intro_circ_identifier,
- uint32_t rend_circ_identifier,
- const hs_pow_desc_params_t *pow_params);
+int hs_pow_queue_work(uint32_t intro_circ_identifier,
+ uint32_t rend_circ_identifier,
+ const hs_pow_desc_params_t *pow_params);
+
+#else /* !defined(HAVE_MODULE_POW) */
+#define have_module_pow() (0)
+
+static inline int
+hs_pow_solve(const hs_pow_desc_params_t *pow_params,
+ hs_pow_solution_t *pow_solution_out)
+{
+ (void)pow_params;
+ (void)pow_solution_out;
+ return -1;
+}
+
+static inline int
+hs_pow_verify(const hs_pow_service_state_t *pow_state,
+ const hs_pow_solution_t *pow_solution)
+{
+ (void)pow_state;
+ (void)pow_solution;
+ return -1;
+}
+
+static inline void
+hs_pow_remove_seed_from_cache(uint32_t seed)
+{
+ (void)seed;
+}
+
+static inline void
+hs_pow_free_service_state(hs_pow_service_state_t *state)
+{
+ (void)state;
+}
+
+static inline int
+hs_pow_queue_work(uint32_t intro_circ_identifier,
+ uint32_t rend_circ_identifier,
+ const hs_pow_desc_params_t *pow_params)
+{
+ (void)intro_circ_identifier;
+ (void)rend_circ_identifier;
+ (void)pow_params;
+ return -1;
+}
+
+#endif /* defined(HAVE_MODULE_POW) */
#endif /* !defined(TOR_HS_POW_H) */
diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c
index dd360d3659..a9070024cb 100644
--- a/src/feature/hs/hs_service.c
+++ b/src/feature/hs/hs_service.c
@@ -2899,7 +2899,7 @@ run_housekeeping_event(time_t now)
/* Check if we need to initialize or update PoW parameters, if the
* defenses are enabled. */
- if (service->config.has_pow_defenses_enabled) {
+ if (have_module_pow() && service->config.has_pow_defenses_enabled) {
pow_housekeeping(service, now);
}
@@ -2937,8 +2937,10 @@ run_build_descriptor_event(time_t now)
* is useful for newly built descriptors. */
update_all_descriptors_intro_points(now);
- /* Update the PoW params if needed. */
- update_all_descriptors_pow_params(now);
+ if (have_module_pow()) {
+ /* Update the PoW params if needed. */
+ update_all_descriptors_pow_params(now);
+ }
}
/** For the given service, launch any intro point circuits that could be
diff --git a/src/feature/hs/include.am b/src/feature/hs/include.am
index f4966e6c54..b64ab1b41c 100644
--- a/src/feature/hs/include.am
+++ b/src/feature/hs/include.am
@@ -15,12 +15,19 @@ LIBTOR_APP_A_SOURCES += \
src/feature/hs/hs_intropoint.c \
src/feature/hs/hs_metrics.c \
src/feature/hs/hs_ob.c \
- src/feature/hs/hs_pow.c \
src/feature/hs/hs_service.c \
src/feature/hs/hs_stats.c \
src/feature/hs/hs_sys.c \
src/feature/hs/hs_metrics_entry.c
+# Proof of Work module
+MODULE_POW_SOURCES = \
+ src/feature/hs/hs_pow.c
+
+if BUILD_MODULE_POW
+LIBTOR_APP_A_SOURCES += $(MODULE_POW_SOURCES)
+endif
+
# ADD_C_FILE: INSERT HEADERS HERE.
noinst_HEADERS += \
src/feature/hs/hs_cache.h \
diff --git a/src/test/test_parseconf.sh b/src/test/test_parseconf.sh
index c02b8b23c0..85a8cbbf0c 100755
--- a/src/test/test_parseconf.sh
+++ b/src/test/test_parseconf.sh
@@ -98,6 +98,9 @@
# want to encode that knowledge in this test script, so we supply a
# separate result file for every combination of disabled modules that
# has a different result.)
+#
+# This logic ignores modules that are not listed by --list-modules
+# (dircache) and some that do not currently affect config parsing (pow).
umask 077
set -e
@@ -197,6 +200,8 @@ echo "This pattern should not match any log messages" \
"$NON_EMPTY"
STANDARD_LIBS="libevent\\|openssl\\|zlib"
+MODULES_WITHOUT_CONFIG_TESTS="dircache\\|pow"
+
# Lib names are restricted to [a-z0-9]* at the moment
# We don't actually want to support foreign accents here
# shellcheck disable=SC2018,SC2019
@@ -229,6 +234,7 @@ TOR_LIBS_ENABLED_SEARCH="$(echo "$TOR_LIBS_ENABLED_SEARCH" | tr ' ' '\n' \
| grep -v '^_*$' | tr '\n' ' ')"
TOR_MODULES_DISABLED="$("$TOR_BINARY" --list-modules | grep ': no' \
+ | grep -v "$MODULES_WITHOUT_CONFIG_TESTS" \
| cut -d ':' -f1 | sort | tr '\n' '_')"
# Remove the last underscore, if there is one
TOR_MODULES_DISABLED=${TOR_MODULES_DISABLED%_}