diff options
author | teor <teor2345@gmail.com> | 2016-09-07 15:34:28 +1000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2016-09-13 10:43:29 -0400 |
commit | b8fe774cb5d2d4b5ecc6edc0c0b1c7f82e363a77 (patch) | |
tree | 8574a37340a31cf2aae553dd8359cdbe54f0085c /control-spec.txt | |
parent | 3cc0e9b3a82435404f00036bd11b33689cc98080 (diff) | |
download | torspec-b8fe774cb5d2d4b5ecc6edc0c0b1c7f82e363a77.tar.gz torspec-b8fe774cb5d2d4b5ecc6edc0c0b1c7f82e363a77.zip |
Add a NonAnonymous flag to ADD_ONION in control-spec
Tor checks that the flag matches the onion service anonymity configured
using OnionServiceSingleHopMode and OnionServiceNonAnonymousMode.
Tor refuses to create unflagged onion service using ADD_ONION, if they
would be non-anonymous. The error is:
512 Tor is in non-anonymous onion mode
Similarly, if the NonAnonymous flag is present, and Tor has the default
anonymous onion config:
512 Tor is in anonymous onion mode
Diffstat (limited to 'control-spec.txt')
-rw-r--r-- | control-spec.txt | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/control-spec.txt b/control-spec.txt index 37c6484..82524bb 100644 --- a/control-spec.txt +++ b/control-spec.txt @@ -1456,8 +1456,11 @@ private key as part of the response. "Detach" / ; Do not associate the newly created Onion Service to the current control connection. - "BasicAuth" ; Client authorization is required using the "basic" + "BasicAuth" / ; Client authorization is required using the "basic" method. + "NonAnonymous"; Add a non-anonymous Single Onion Service. Tor + checks this flag matches its configured hidden + service anonymity mode. VirtPort = The virtual TCP Port for the Onion Service (As in the HiddenServicePort "VIRTPORT" argument). @@ -1499,6 +1502,16 @@ "ClientBlob" is not specified for a client, a new credential will be randomly generated and returned. + Tor instances can either be in anonymous hidden service mode, or + non-anonymous single onion service mode. All hidden services on the same + tor instance have the same anonymity. To guard against unexpected loss + of anonymity, Tor checks that the ADD_ONION "NonAnonymous" flag matches + the current hidden service anonymity mode. The hidden service anonymity + mode is configured using the Tor options HiddenServiceSingleHopMode and + HiddenServiceNonAnonymousMode. If both these options are 1, the + "NonAnonymous" flag must be provided to ADD_ONION. If both these options + are 0 (the Tor default), the flag must NOT be provided. + Once created the new Onion Service will remain active until either the Onion Service is removed via "DEL_ONION", the server terminates, or the control connection that originated the "ADD_ONION" command is closed. @@ -1533,8 +1546,27 @@ S: 250-ClientAuth=bob:[Blob Redacted] S: 250 OK + Examples with Tor in anonymous onion service mode: + + C: ADD_ONION NEW:BEST Flags=DiscardPK Port=22 + S: 250-ServiceID=testonion1234567 + S: 250 OK + + C: ADD_ONION NEW:BEST Flags=DiscardPK,NonAnonymous Port=22 + S: 512 Tor is in anonymous hidden service mode + + Examples with Tor in non-anonymous onion service mode: + + C: ADD_ONION NEW:BEST Flags=DiscardPK Port=22 + S: 512 Tor is in non-anonymous hidden service mode + + C: ADD_ONION NEW:BEST Flags=DiscardPK,NonAnonymous Port=22 + S: 250-ServiceID=testonion1234567 + S: 250 OK + [ADD_ONION was added in Tor 0.2.7.1-alpha.] [ClientAuth was added in Tor 0.2.9.1-alpha.] + [NonAnonymous was added in Tor 0.2.9.3-alpha.] 3.28. DEL_ONION |