WIP Anyone DNS Integration

.github/workflows/build.yml

@@ -31,4 +31,4 @@ jobs:
           docker-platform: ${{ matrix.platform.name }}
           version: ${{ github.sha }}
           environment: dev
-          push: false
+          push: true

docker/Dockerfile.dev

@@ -0,0 +1,52 @@
+#
+# Development Dockerfile for building and testing Anyone Protocol Client
+#
+
+FROM debian:bookworm
+
+# Makes the default apt answers be used for all questions
+ARG DEBIAN_FRONTEND=noninteractive
+
+# Install build dependencies and development tools
+RUN apt-get update && \
+    apt-get -y --no-install-recommends install \
+        build-essential \
+        automake \
+        git \
+        libssl-dev \
+        zlib1g-dev \
+        libevent-dev \
+        ca-certificates \
+        dh-apparmor \
+        libseccomp-dev \
+        debhelper \
+        pkg-config \
+        python3 \
+        python3-pip \
+        lcov \
+        gcc \
+        valgrind \
+        gdb \
+        vim \
+        less \
+        curl \
+        && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+WORKDIR /workspace
+COPY . /workspace/
+
+# Set up build environment with test support
+RUN ./autogen.sh && \
+    ./configure \
+        --enable-unittests \
+        --enable-coverage \
+        --enable-asserts-in-tests \
+        --disable-asciidoc
+
+# Build the project
+RUN make -j$(nproc)
+
+# Default command to show help
+CMD [ "bash", "-c", "echo 'Anyone Protocol Client Development Container'; echo ''; echo 'Available commands:'; echo '  make check          - Run all tests'; echo '  make test           - Run unit tests'; echo '  make test-network   - Run network tests (requires Chutney)'; echo '  ./src/test/test     - Run unit tests directly'; echo '  bash                - Interactive shell'; echo ''; exec bash" ]

docker/README.md

@@ -1,9 +1,12 @@
 # ATOR Protocol Docker
+This directory contains configs to build and run ATOR protocol binaries using
+docker
 
-This directory contains configs to build and run ATOR protocol binaries using docker
+**Important!**
 
-**Important!** 
-`This docker image will be built with dummy directory authorities, production ready DAs will be introduced later.`
+This docker image will be built with dummy directory authorities.  To build with
+live directory authorities, run with `--build-arg ANON_ENV=blah` or any value
+other than `stage` (default) or `dev`.
 
 ## Building Docker Image
 

docker/config/anonrc-example

@@ -1,4 +1,4 @@
-##=================== /etc/anonrc =====================##
+##=================== /etc/anon/anonrc =====================##
 
 # Run Tor as a regular user (do not change this)
 User anond

src/app/config/config.c

@@ -344,7 +344,7 @@ static const config_var_t option_vars_[] = {
   OBSOLETE("AuthDirMaxServersPerAuthAddr"),
   VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
   V(AutomapHostsOnResolve,       BOOL,     "0"),
-  V(AutomapHostsSuffixes,        CSV,      ".anon,.exit"),
+  V(AutomapHostsSuffixes,        CSV,      ".anyone,.exit"),
   V(AvoidDiskWrites,             BOOL,     "0"),
   V(BandwidthBurst,              MEMUNIT,  "1 GB"),
   V(BandwidthRate,               MEMUNIT,  "1 GB"),
@@ -4595,10 +4595,10 @@ options_init_from_torrc(int argc, char **argv)
     }
   }
 
-  char *anons_fname = get_datadir_fname("anons");
+  char *anons_fname = get_datadir_fname("anyone_hosts");
   file_status_t anons_status = file_status(anons_fname);
   if (anons_status != FN_FILE) {
-    log_info(LD_CONFIG, "Creating anons file with default mapping");
+    log_info(LD_CONFIG, "Creating anyone_hosts file with default mapping");
     write_str_to_file(anons_fname, DEFAULT_ANON_DNS_MAPPING, 0);
   }
 
@@ -6378,7 +6378,7 @@ port_parse_config(smartlist_t *out,
             cfg->entry_cfg.onion_traffic = ! no;
             continue;
           } else if (!strcasecmp(elt, "OnionTrafficOnly")) {
-            /* Only connect to .anon addresses.  Equivalent to
+            /* Only connect to .anyone addresses.  Equivalent to
              * NoDNSRequest, NoIPv4Traffic, NoIPv6Traffic. The option
              * NoOnionTrafficOnly is not supported, it's too confusing. */
             if (no) {
@@ -6475,7 +6475,7 @@ port_parse_config(smartlist_t *out,
         cfg->entry_cfg.onion_traffic == 0 &&
         listener_type != CONN_TYPE_AP_DNS_LISTENER) {
       log_warn(LD_CONFIG, "You have a %sPort entry with all of IPv4 and "
-               "IPv6 and .anon disabled; that won't work.", portname);
+               "IPv6 and .anyone disabled; that won't work.", portname);
       goto err;
     }
     if (cfg->entry_cfg.dns_request == 1 &&

src/app/config/config.h

@@ -47,7 +47,7 @@ int get_protocol_warning_severity_level(void);
 /** Pattern for backing up configuration files */
 #define CONFIG_BACKUP_PATTERN "%s.orig.1"
 
-#define DEFAULT_ANON_DNS_MAPPING "anyone.anon 6zctvi63m7xxbd34hxn2uvnaw5ao7sec4l3k4bflzeqtve5jlehz6tyd.anon"
+#define DEFAULT_ANON_DNS_MAPPING "anyone.anyone 6zctvi63m7xxbd34hxn2uvnaw5ao7sec4l3k4bflzeqtve5jleh6ddyd.anyone"
 
 /** An error from options_trial_assign() or options_init_from_string(). */
 typedef enum setopt_err_t {

src/core/or/connection_edge.c

@@ -1252,7 +1252,7 @@ connection_ap_expire_beginning(void)
       if (seconds_idle >= options->SocksTimeout) {
         log_fn(severity, LD_REND,
                "Rend stream is %d seconds late. Giving up on address"
-               " '%s.anon'.",
+               " '%s.anyone'.",
                seconds_idle,
                safe_str_client(entry_conn->socks_request->address));
         /* Roll back path bias use state so that we probe the circuit
@@ -1683,15 +1683,15 @@ consider_plaintext_ports(entry_connection_t *conn, uint16_t port)
  *
  * The possible recognized forms are (where true is returned):
  *
- *  If address is of the form "y.anon" with a well-formed handle y:
+ *  If address is of the form "y.anyone" with a well-formed handle y:
  *     Put a NUL after y, lower-case it, and return ONION_V3_HOSTNAME
  *     depending on the HS version.
  *
- *  If address is of the form "x.y.anon" with a well-formed handle x:
+ *  If address is of the form "x.y.anyone" with a well-formed handle x:
  *     Drop "x.", put a NUL after y, lower-case it, and return
  *     ONION_V3_HOSTNAME depending on the HS version.
  *
- * If address is of the form "y.anon" with a badly-formed handle y:
+ * If address is of the form "y.anyone" with a badly-formed handle y:
  *     Return BAD_HOSTNAME and log a message.
  *
  * If address is of the form "y.exit":
@@ -1716,20 +1716,20 @@ parse_extended_hostname(char *address, hostname_type_t *type_out)
     *type_out = EXIT_HOSTNAME; /* .exit */
     goto success;
   }
-  if (strcmp(s+1,"anon")) {
-    *type_out = NORMAL_HOSTNAME; /* neither .exit nor .anon, thus normal */
+  if (strcmp(s+1,"anyone")) {
+    *type_out = NORMAL_HOSTNAME; /* neither .exit nor .anyone, thus normal */
     goto success;
   }
 
-  log_info(LD_APP, "Anon dns address lookup for: %s",address);
+  log_info(LD_APP, "Anyone dns address lookup for: %s",address);
   char onion_address[HS_SERVICE_ADDR_LENGTH_WITH_SUFFIX_WITH_NULL_TERMINATOR];
   if (lookup_anon_dns_mapping(address,onion_address,HS_SERVICE_ADDR_LENGTH_WITH_SUFFIX_WITH_NULL_TERMINATOR)) {
-    log_notice(LD_APP, "Anon dns address mapping found: %s -> %s",address,onion_address);
+    log_notice(LD_APP, "Anyone dns address mapping found: %s -> %s",address,onion_address);
     strlcpy(address,onion_address,HS_SERVICE_ADDR_LENGTH_WITH_SUFFIX_WITH_NULL_TERMINATOR);
     s = strrchr(address,'.');
   }
 
-  /* so it is .anon */
+  /* so it is .anyone */
   *s = 0; /* NUL-terminate it */
   /* locate a 'sub-domain' component, in order to remove it */
   q = strrchr(address, '.');
@@ -1795,10 +1795,10 @@ bool lookup_anon_dns_mapping(const char *anon_address, char *onion_address_out,
   }
 
   // Check if the file exists using `file_status`
-  char *dns_fname = get_datadir_fname("anons");
-  file_status_t terms_status = file_status(dns_fname);
-  if (terms_status != FN_FILE) {
-    log_notice(LD_APP,"DNS mapping file 'anons' is not found in data dir.");
+  char *dns_fname = get_datadir_fname("anyone_hosts");
+  file_status_t dns_file_status = file_status(dns_fname);
+  if (dns_file_status != FN_FILE) {
+    log_notice(LD_APP,"DNS mapping file 'anyone_hosts' is not found in data dir.");
     return false;
   }
 
@@ -1815,7 +1815,7 @@ bool lookup_anon_dns_mapping(const char *anon_address, char *onion_address_out,
     char anon[HS_SERVICE_DNS_MAX_ADDRESS_LENGTH_WITH_SUFFIX_WITH_NULL_TERMINATOR];
     char onion[HS_SERVICE_ADDR_LENGTH_WITH_SUFFIX_WITH_NULL_TERMINATOR];
     // Parse each line into anon and onion components
-    if (sscanf(line, "%260s %61s", anon, onion) == 2) {
+    if (sscanf(line, "%262s %63s", anon, onion) == 2) {
       if (strcmp(anon, anon_address) == 0) {
         if (strlen(onion) != HS_SERVICE_ADDR_LENGTH_WITH_SUFFIX) {
           log_warn(LD_APP, "Invalid onion address length");
@@ -1914,7 +1914,7 @@ connection_ap_handshake_rewrite(entry_connection_t *conn,
   /* First, apply MapAddress and MAPADDRESS mappings. We need to do
    * these only for non-reverse lookups, since they don't exist for those.
    * We also need to do this before we consider automapping, since we might
-   * e.g. resolve irc.oftc.net into irconionaddress.anon, at which point
+   * e.g. resolve irc.oftc.net into irconionaddress.anyone, at which point
    * we'd need to automap it. */
   if (socks->command != SOCKS_COMMAND_RESOLVE_PTR) {
     const unsigned rewrite_flags = AMR_FLAG_USE_MAPADDRESS;
@@ -1929,7 +1929,7 @@ connection_ap_handshake_rewrite(entry_connection_t *conn,
    * automapping.  Automapping happens when we're asked to resolve a
    * hostname, and AutomapHostsOnResolve is set, and the hostname has a
    * suffix listed in AutomapHostsSuffixes.  It's a handy feature
-   * that lets you have Tor assign e.g. IPv6 addresses for .anon
+   * that lets you have Tor assign e.g. IPv6 addresses for .anyone
    * names, and return them safely from DNSPort.
    */
   if (socks->command == SOCKS_COMMAND_RESOLVE &&
@@ -2071,9 +2071,9 @@ connection_ap_handle_onion(entry_connection_t *conn,
   time_t now = approx_time();
   connection_t *base_conn = ENTRY_TO_CONN(conn);
 
-  /* If .anon address requests are disabled, refuse the request */
+  /* If .anyone address requests are disabled, refuse the request */
   if (!conn->entry_cfg.onion_traffic) {
-    log_warn(LD_APP, "Onion address %s requested from a port with .anon "
+    log_warn(LD_APP, "Onion address %s requested from a port with .anyone "
              "disabled", safe_str_client(socks->address));
     connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
     return -1;
@@ -2094,11 +2094,11 @@ connection_ap_handle_onion(entry_connection_t *conn,
     return -1;
   }
 
-  /* If we were passed a circuit, then we need to fail.  .anon addresses
+  /* If we were passed a circuit, then we need to fail.  .anyone addresses
    * only work when we launch our own circuits for now. */
   if (circ) {
     log_warn(LD_CONTROL, "Attachstream to a circuit is not "
-             "supported for .anon addresses currently. Failing.");
+             "supported for .anyone addresses currently. Failing.");
     connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
     return -1;
   }
@@ -2358,7 +2358,7 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
        implies no. */
   }
 
-  /* Now, we handle everything that isn't a .anon address. */
+  /* Now, we handle everything that isn't a .anyone address. */
   if (addresstype != ONION_V3_HOSTNAME) {
     /* Not a hidden-service request.  It's either a hostname or an IP,
      * possibly with a .exit that we stripped off.  We're going to check
@@ -2643,7 +2643,7 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
 
     return 0;
   } else {
-    /* If we get here, it's a request for a .anon address! */
+    /* If we get here, it's a request for a .anyone address! */
     tor_assert(addresstype == ONION_V3_HOSTNAME);
     tor_assert(!automap);
     return connection_ap_handle_onion(conn, socks, circ);

src/core/or/connection_edge.h

@@ -40,7 +40,7 @@ const entry_connection_t *CONST_EDGE_TO_ENTRY_CONN(const edge_connection_t *);
 #define AP_CONN_STATE_MIN_ 5
 /** State for a SOCKS connection: waiting for SOCKS request. */
 #define AP_CONN_STATE_SOCKS_WAIT 5
-/** State for a SOCKS connection: got a y.anon URL; waiting to receive
+/** State for a SOCKS connection: got a y.anyone URL; waiting to receive
  * rendezvous descriptor. */
 #define AP_CONN_STATE_RENDDESC_WAIT 6
 /** The controller will attach this connection to a circuit; it isn't our

src/feature/control/control.c

@@ -243,7 +243,7 @@ connection_control_closed(control_connection_t *conn)
       if (hs_address_is_valid(cp)) {
         hs_service_del_ephemeral(cp);
       } else {
-        /* An invalid .anon in our list should NEVER happen */
+        /* An invalid .anyone in our list should NEVER happen */
         tor_fragile_assert();
       }
     } SMARTLIST_FOREACH_END(cp);

src/feature/control/control_cmd.c

@@ -1571,7 +1571,7 @@ handle_control_hspost(control_connection_t *conn,
  * The ownership of that list is transferred to the service.
  *
  * On success (RSAE_OKAY), the address_out points to a newly allocated string
- * containing the onion address without the .anon part. On error, address_out
+ * containing the onion address without the .anyone part. On error, address_out
  * is untouched. */
 STATIC hs_service_add_ephemeral_status_t
 add_onion_helper_add_service(int hs_version,

src/feature/control/control_fmt.c

@@ -41,7 +41,7 @@ write_stream_target_to_buf(entry_connection_t *conn, char *buf, size_t len)
                conn->socks_request->address,
                conn->chosen_exit_name ? buf2 : "",
                !conn->chosen_exit_name && connection_edge_is_rendezvous_stream(
-                                     ENTRY_TO_EDGE_CONN(conn)) ? ".anon" : "",
+                                     ENTRY_TO_EDGE_CONN(conn)) ? ".anyone" : "",
                conn->socks_request->port)<0)
     return -1;
   return 0;

src/feature/hs/hs_client.c

@@ -305,7 +305,7 @@ close_all_socks_conns_waiting_for_desc(const ed25519_public_key_t *identity_pk,
   if (count > 0) {
     char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
     hs_build_address(identity_pk, HS_VERSION_THREE, onion_address);
-    log_notice(LD_REND, "Closed %u streams for service %s.anon "
+    log_notice(LD_REND, "Closed %u streams for service %s.anyone "
                         "for reason %s. Fetch status: %s.",
                count, safe_str_client(onion_address),
                stream_end_reason_to_string(reason),

src/feature/hs/hs_common.c

@@ -478,7 +478,7 @@ build_blinded_key_param(const ed25519_public_key_t *pubkey,
 
 /** Using an ed25519 public key and version to build the checksum of an
  * address. Put in checksum_out. Format is:
- *    SHA3-256(".anon checksum" || PUBKEY || VERSION)
+ *    SHA3-256(".anyone checksum" || PUBKEY || VERSION)
  *
  * checksum_out must be large enough to receive 32 bytes (DIGEST256_LEN). */
 static void
@@ -895,7 +895,7 @@ hs_address_is_valid(const char *address)
  *
  * Format is as follows:
  *     base32(PUBKEY || CHECKSUM || VERSION)
- *     CHECKSUM = H(".anon checksum" || PUBKEY || VERSION)
+ *     CHECKSUM = H(".anyone checksum" || PUBKEY || VERSION)
  * */
 void
 hs_build_address(const ed25519_public_key_t *key, uint8_t version,

src/feature/hs/hs_common.h

@@ -57,13 +57,13 @@ struct ed25519_keypair_t;
 #define HS_TIME_PERIOD_LENGTH_MAX (60 * 24 * 10) /* 10 days or 14400 minutes */
 
 /** Prefix of the onion address checksum. */
-#define HS_SERVICE_ADDR_CHECKSUM_PREFIX ".anon checksum"
+#define HS_SERVICE_ADDR_CHECKSUM_PREFIX ".anyone checksum"
 /** Length of the checksum prefix minus the NUL terminated byte. */
 #define HS_SERVICE_ADDR_CHECKSUM_PREFIX_LEN \
   (sizeof(HS_SERVICE_ADDR_CHECKSUM_PREFIX) - 1)
 /** Length of the resulting checksum of the address. The construction of this
  * checksum looks like:
- *   CHECKSUM = ".anon checksum" || PUBKEY || VERSION
+ *   CHECKSUM = ".anyone checksum" || PUBKEY || VERSION
  * where VERSION is 1 byte. This is pre-hashing. */
 #define HS_SERVICE_ADDR_CHECKSUM_INPUT_LEN \
   (HS_SERVICE_ADDR_CHECKSUM_PREFIX_LEN + ED25519_PUBKEY_LEN + sizeof(uint8_t))
@@ -75,12 +75,12 @@ struct ed25519_keypair_t;
  * with 1 byte VERSION and 2 bytes CHECKSUM. The following is 35 bytes. */
 #define HS_SERVICE_ADDR_LEN \
   (ED25519_PUBKEY_LEN + HS_SERVICE_ADDR_CHECKSUM_LEN_USED + sizeof(uint8_t))
-/** Length of 'y' portion of 'y.anon' URL. This is base32 encoded and the
+/** Length of 'y' portion of 'y.anyone' URL. This is base32 encoded and the
  * length ends up to 56 bytes (not counting the terminated NUL byte.) */
 #define HS_SERVICE_ADDR_LEN_BASE32 \
   (CEIL_DIV(HS_SERVICE_ADDR_LEN * 8, 5))
 
-#define HS_SERVICE_ADDR_SUFFIX ".anon"
+#define HS_SERVICE_ADDR_SUFFIX ".anyone"
 /** Length of the suffix minus the NUL terminated byte. */
 #define HS_SERVICE_ADDR_SUFFIX_LENGTH (sizeof(HS_SERVICE_ADDR_SUFFIX) - 1)
 #define HS_SERVICE_ADDR_LENGTH_WITH_SUFFIX (HS_SERVICE_ADDR_LEN_BASE32 + HS_SERVICE_ADDR_SUFFIX_LENGTH)

src/feature/hs/hs_descriptor.h

@@ -73,11 +73,11 @@ typedef enum {
 
 /** Error code when decoding a descriptor. */
 typedef enum {
-  /* The configured client authorization for the requested .anon address
+  /* The configured client authorization for the requested .anyone address
    * failed to decode the descriptor. */
   HS_DESC_DECODE_BAD_CLIENT_AUTH  = -6,
 
-  /* The requested .anon address requires a client authorization. */
+  /* The requested .anyone address requires a client authorization. */
   HS_DESC_DECODE_NEED_CLIENT_AUTH = -5,
 
   /* Error during decryption of the encrypted layer. */