Struct tor_netdoc::doc::hsdesc::HsDesc

pub struct HsDesc { /* private fields */ }

Available on crate feature hs-common only.

A decrypted, decoded onion service descriptor.

This object includes information from both the outer (plaintext) document of the descriptor, and the inner (encrypted) documents. It tells the client the information it needs to contact the onion service, including necessary introduction points and public keys.

Implementations

impl HsDesc

pub fn parse( input: &str, blinded_onion_id: &HsBlindId ) -> Result<UncheckedEncryptedHsDesc>

Parse the outermost document of the descriptor in input, and validate that its identity is consistent with blinded_onion_id.

On success, the caller will get a wrapped object which they must validate and then decrypt.

Use HsDesc::parse_decrypt_validate if you just need an HsDesc and don’t want to handle the validation/decryption of the wrapped object yourself.

Example

// Parse the descriptor
let unchecked_desc = HsDesc::parse(unparsed_desc, &blinded_id)?;
// Validate the signature and timeliness of the outer document
let checked_desc = unchecked_desc
    .check_signature()?
    .check_valid_at(&timestamp)?;
// Decrypt the outer and inner layers of the descriptor
let unchecked_decrypted_desc = checked_desc.decrypt(&subcredential, None)?;
// Validate the signature and timeliness of the inner document
let hsdesc = unchecked_decrypted_desc
    .check_valid_at(&timestamp)?
    .check_signature()?;

pub fn parse_decrypt_validate( input: &str, blinded_onion_id: &HsBlindId, valid_at: SystemTime, subcredential: &Subcredential, hsc_desc_enc: Option<&HsClientDescEncKeypair> ) -> StdResult<TimerangeBound<Self>, HsDescError>

A convenience function for parsing, decrypting and validating HS descriptors.

This function:

• parses the outermost document of the descriptor in input, and validates that its identity is consistent with blinded_onion_id.
• decrypts both layers of encryption in the onion service descriptor. If hsc_desc_enc is provided, we use it to decrypt the inner encryption layer; otherwise, we require that the inner document is encrypted using the “no client authorization” method.
• checks if both layers are valid at the valid_at timestamp
• validates the signatures on both layers

Returns an error if the descriptor cannot be parsed, or if one of the validation steps fails.

pub fn intro_points(&self) -> &[IntroPointDesc]

One or more introduction points used to contact the onion service.

Always returns at least one introduction point, and never more than NUM_INTRO_POINT_MAX. (Descriptors which have fewer or more are dealt with during parsing.)

Accessor function.

pub fn is_single_onion_service(&self) -> bool

Return true if this onion service claims to be a non-anonymous “single onion service”.

(We should always anonymize our own connection to an onion service.)

pub fn requires_intro_authentication(&self) -> bool

Return true if this onion service claims that it needs user authentication of some kind in its INTRODUCE messages.

(Arti does not currently support sending this kind of authentication.)

Trait Implementations

impl Clone for HsDesc

fn clone(&self) -> HsDesc

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for HsDesc

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.