Lib.rs

Cryptography
#onion-service #message-authentication #tor #public-key #hash-ring #arti

tor-hscrypto

Basic onion service cryptography types used by Aerti

by Nick Mathewson, The Tor Project, Inc.. Co-owned by Ian Jackson, Gabi Moldovan, David Goulet.

25 releases (16 breaking)

new 0.27.0 Feb 7, 2025
0.25.0 Dec 2, 2024
0.24.0 Oct 31, 2024
0.20.0 Jun 27, 2024
0.1.2 Mar 31, 2023

#1089 in Cryptography

Download history 1133/week @ 2024-10-19 1185/week @ 2024-10-26 2142/week @ 2024-11-02 1186/week @ 2024-11-09 2397/week @ 2024-11-16 1754/week @ 2024-11-23 2224/week @ 2024-11-30 2473/week @ 2024-12-07 2323/week @ 2024-12-14 748/week @ 2024-12-21 915/week @ 2024-12-28 1506/week @ 2025-01-04 1750/week @ 2025-01-11 1310/week @ 2025-01-18 1380/week @ 2025-01-25 843/week @ 2025-02-01

5,517 downloads per month
Used in 50 crates (10 directly)

MIT/Apache and maybe LGPL-3.0-only

655KB
10K SLoC

tor-hscrypto

tor-hscrypto: Basic cryptography used by onion services

Overview

This crate is part of Arti, a project to implement Tor in Rust.

Onion services and the clients that connect to them need a few cryptographic operations not used by the rest of Tor. These include:

  • A set of key-blinding operations to derive short-term public keys from long-term public keys.
  • An ad-hoc SHA3-based message authentication code.
  • Operations to encode and decode public keys as .onion addresses.
  • A set of operations to divide time into different "periods". These periods are used as inputs to the DHT-style hash ring, and to the key-blinding operations.
  • Proof of work schemes for resisting denial of service attacks

This crate implements those operations, along with a set of wrapper types to keep us from getting confused about the numerous keys and nonces used for the onion services.

Compile-time features

  • memquota-memcost -- implement tor_memquota::HasMemoryCost for many types. (Does not actually force compiling in memory quota tracking; that's memquota in tor-memquota and higher-level crates.)

  • ope -- support for Order Preserving Encryption

  • full -- Enable all features above.

Experimental and unstable features

Note that the APIs enabled by these features are NOT covered by semantic versioning[^1] guarantees: we might break them or remove them between patch versions.

  • hs-pow-full -- Tor Hidden Services Proof of Work.

  • experimental: Enable all the above experimental features.

[^1]: Remember, semantic versioning is what makes various cargo features work reliably. To be explicit: if you want cargo update to only make safe changes, then you cannot enable these features.

License

MIT OR Apache-2.0

When the pow feature is used, we link with LGPL licensed dependencies.

Dependencies

~12–23MB
~331K SLoC