Expand description
§tor-hsservice
Provide an onion service on the Tor network.
§Overview
This crate is part of Arti, a project to implement Tor in Rust.
It provides a service-side implementation of the onion service protocol, which enables Tor clients to provide a responder-anonymous service on the network. Other parties can connect to an onion service without learning where it is hosted.
This crate provides a low-level implementation of the onion service protocol
that may not be suitable for typical users.
Most users will instead want to use the arti binary
to run an onion service proxy, or use the TorClient::launch_onion_service API
in the arti-client crate.
§Limitations
This crate is a work in progress.
As of February 2024, there are some features missing that are necessary for running a secure, private onion service. Notably these include:
- Resistance to denial of service attacks
- Support for proof-of-work checking and validation
- Detection and response to out-of-memory conditions
- Vanguard relays for resistance to path discovery
- Descriptor encryption keys, so that only certain clients to connect to the service.
- Removal of old keys and state information. (Currently, the on-disk state will grow slowly but without bound, with sensitive information retained indefinitely.)
§Reference
You can learn more about the protocols here as part of the onion services Specification.
LICENSE: MIT OR Apache-2.0
Re-exports§
pub use config::OnionServiceConfig;
Modules§
- config
- Configuration information for onion services.
- status
- Support for reporting the status of an onion service.
Structs§
- Blind
IdKeypair Specifier - The blinded signing keypair.
- Blind
IdPublic KeySpecifier - The blinded public key.
- Desc
Signing Keypair Specifier - The descriptor signing key.
- HsId
- The identity of a v3 onion service. (KP_hs_id)
- HsId
Keypair Specifier - The long-term identity keypair of the service.
- HsId
Public KeySpecifier - The public part of the identity key of the service.
- HsNickname
- Nickname (local identifier) for a Tor hidden service
- Invalid
Nickname - Local nickname for Tor Hidden Service (
.onionservice) was syntactically invalid - Onion
Service - A handle to an instance of an onion service, which may or may not be running.
- Onion
Service Builder - Builder for
OnionService. - Rend
Request - Request to complete an introduction/rendezvous handshake.
- Running
Onion Service - A handle to a running instance of an onion service.
- Stream
Request - A request from a client to open a new stream to an onion service.
Enums§
- Anonymity
- The level of anonymity that an onion service should try to run with.
- Client
Error - An error which occurs trying to communicate with a particular client.
- Desc
Upload Error - An error that occurs while trying to upload a descriptor.
- Establish
Session Error - An error produced while trying to connect to a rendezvous point and open a session with a client.
- Fatal
Error - An error which means we cannot continue to try to operate an onion service.
- Intro
Request Error - An error produced while trying to process an introduction request we have received from a client via an introduction point.
- IptError
- An error caused by a faulty IPT.
- Startup
Error - An error which occurs trying to create and start up an onion service
Functions§
- handle_
rend_ requests - Consume a stream of
RendRequest, accepting them all, and produce a stream ofStreamRequest. - supported_
hsservice_ protocols - Return a list of the protocolssupported by this crate, running as a hidden service.