allow suggested effort to be 0

First (both client and service), make descriptor parsing not fail when
suggested_effort is 0.

Second (client side), if we get a descriptor with a pow_params section
but with suggested_effort of 0, treat it as not requiring a pow.

Third (service side), when deciding whether the suggested effort has
changed, don't treat "previous suggested effort 0, new suggested effort 0"
as a change.

An alternative design to resolve 'first' and 'second' above would be
to omit the pow_params from the descriptor when suggested_effort is 0,
so clients never see the pow_params so they don't compute a pow. But
I decided to include a pow_params with an explicit suggested_effort
of 0, since this way the client knows the seed etc so they can solve
a higher-effort pow if they want. The tradeoff is that the descriptor
reveals whether HiddenServicePoWDefensesEnabled is set to 1 for this onion
service, even if the AIMD calculation is currently requiring effort 0.

diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 2ba2692941b8370a6d012bd7a251adc646a30d88..8ba6a5be55bec0b15c5e1ae49aa96167c5924658 100644 (file)
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -675,7 +675,8 @@ send_introduce1(origin_circuit_t *intro_circ,
 
   /* If the descriptor contains PoW parameters then the service is
    * expecting a PoW solution in the INTRODUCE cell, which we solve here. */
-  if (desc->encrypted_data.pow_params) {
+  if (desc->encrypted_data.pow_params &&
+      desc->encrypted_data.pow_params->suggested_effort > 0) {
     log_debug(LD_REND, "PoW params present in descriptor.");
     pow_solution = tor_malloc_zero(sizeof(hs_pow_solution_t));
 

diff --git a/src/feature/hs/hs_descriptor.c b/src/feature/hs/hs_descriptor.c
index 816946555baf71e3b795378617169e26e10a3432..d07f900e3a5058f9b191d732b1d814880fde33f0 100644 (file)
--- a/src/feature/hs/hs_descriptor.c
+++ b/src/feature/hs/hs_descriptor.c
@@ -2129,7 +2129,7 @@ decode_pow_params(const directory_token_t *tok,
 
   int ok;
   unsigned long effort =
-      tor_parse_ulong(tok->args[2], 10, 1, UINT32_MAX, &ok, NULL);
+      tor_parse_ulong(tok->args[2], 10, 0, UINT32_MAX, &ok, NULL);
   if (!ok) {
     log_warn(LD_REND, "Unparseable suggested effort %s in PoW params",
              escaped(tok->args[2]));

diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c
index 80f0863183e8c19b93bf9d79bbb9a18bd95487f2..b50f996fbdea3e3e58947623675b0152b6a5a02c 100644 (file)
--- a/src/feature/hs/hs_service.c
+++ b/src/feature/hs/hs_service.c
@@ -2464,16 +2464,16 @@ update_all_descriptors_pow_params(time_t now)
       /* Services SHOULD NOT upload a new descriptor if the suggested
        * effort value changes by less than 15 percent. */
       previous_effort = encrypted->pow_params->suggested_effort;
-      if (pow_state->suggested_effort <= previous_effort * 0.85 ||
-          previous_effort * 1.15 <= pow_state->suggested_effort) {
+      if (pow_state->suggested_effort < previous_effort * 0.85 ||
+          previous_effort * 1.15 < pow_state->suggested_effort) {
         log_info(LD_REND, "Suggested effort changed significantly, "
                           "updating descriptors...");
         encrypted->pow_params->suggested_effort = pow_state->suggested_effort;
         descs_updated = 1;
       } else if (previous_effort != pow_state->suggested_effort) {
         /* The change in suggested effort was not significant enough to
-        warrant updating the descriptors, return 0 to reflect they are
-        unchanged. */
+         * warrant updating the descriptors, return 0 to reflect they are
+         * unchanged. */
         log_info(LD_REND, "Change in suggested effort didn't warrant "
                           "updating descriptors.");
       }