2017-03-15 21:13:17 +01:00
|
|
|
/* Copyright (c) 2016-2017, The Tor Project, Inc. */
|
2016-09-05 18:03:30 +02:00
|
|
|
/* See LICENSE for licensing information */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \file test_hs_service.c
|
|
|
|
* \brief Test hidden service functionality.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define HS_SERVICE_PRIVATE
|
|
|
|
#define HS_INTROPOINT_PRIVATE
|
|
|
|
#define RENDSERVICE_PRIVATE
|
|
|
|
#define CIRCUITLIST_PRIVATE
|
|
|
|
|
|
|
|
#include "test.h"
|
2017-01-10 15:24:21 +01:00
|
|
|
#include "log_test_helpers.h"
|
2016-09-05 18:03:30 +02:00
|
|
|
#include "crypto.h"
|
2016-11-15 21:09:27 +01:00
|
|
|
#include "log_test_helpers.h"
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
#include "or.h"
|
2017-04-28 19:41:34 +02:00
|
|
|
#include "circuitlist.h"
|
|
|
|
#include "circuituse.h"
|
2016-09-05 18:03:30 +02:00
|
|
|
#include "ht.h"
|
2017-04-28 19:41:34 +02:00
|
|
|
#include "relay.h"
|
|
|
|
#include "rendservice.h"
|
|
|
|
|
|
|
|
#include "hs_cell.h"
|
|
|
|
#include "hs_circuitmap.h"
|
|
|
|
#include "hs_common.h"
|
|
|
|
#include "hs_intropoint.h"
|
|
|
|
#include "hs_service.h"
|
2016-09-05 18:03:30 +02:00
|
|
|
|
2016-11-15 21:09:27 +01:00
|
|
|
/* Trunnel. */
|
2016-09-05 18:03:30 +02:00
|
|
|
#include "hs/cell_establish_intro.h"
|
2016-11-15 21:09:27 +01:00
|
|
|
#include "hs/cell_introduce1.h"
|
|
|
|
#include "hs/cell_common.h"
|
2016-09-05 18:03:30 +02:00
|
|
|
|
2017-04-28 19:41:34 +02:00
|
|
|
static size_t
|
|
|
|
new_establish_intro_cell(const char *circ_nonce,
|
|
|
|
trn_cell_establish_intro_t **cell_out)
|
|
|
|
{
|
|
|
|
ssize_t cell_len = 0;
|
|
|
|
uint8_t buf[RELAY_PAYLOAD_SIZE] = {0};
|
|
|
|
trn_cell_establish_intro_t *cell = NULL;
|
|
|
|
hs_service_intro_point_t *ip = NULL;
|
|
|
|
|
2018-06-23 10:48:42 +02:00
|
|
|
/* Ensure that *cell_out is NULL such that we can use to check if we need to
|
|
|
|
* free `cell` in case of an error. */
|
|
|
|
*cell_out = NULL;
|
|
|
|
|
2017-04-28 19:41:34 +02:00
|
|
|
/* Auth key pair is generated in the constructor so we are all set for
|
|
|
|
* using this IP object. */
|
|
|
|
ip = service_intro_point_new(NULL, 0);
|
|
|
|
tt_assert(ip);
|
|
|
|
cell_len = hs_cell_build_establish_intro(circ_nonce, ip, buf);
|
2017-08-28 16:11:49 +02:00
|
|
|
tt_i64_op(cell_len, OP_GT, 0);
|
2017-04-28 19:41:34 +02:00
|
|
|
|
|
|
|
cell_len = trn_cell_establish_intro_parse(&cell, buf, sizeof(buf));
|
2017-08-28 16:11:49 +02:00
|
|
|
tt_i64_op(cell_len, OP_GT, 0);
|
2017-04-28 19:41:34 +02:00
|
|
|
tt_assert(cell);
|
|
|
|
*cell_out = cell;
|
|
|
|
|
|
|
|
done:
|
2018-06-23 10:48:42 +02:00
|
|
|
if (*cell_out == NULL)
|
|
|
|
trn_cell_establish_intro_free(cell);
|
|
|
|
|
2017-04-28 19:41:34 +02:00
|
|
|
service_intro_point_free(ip);
|
|
|
|
return cell_len;
|
|
|
|
}
|
|
|
|
|
|
|
|
static ssize_t
|
|
|
|
new_establish_intro_encoded_cell(const char *circ_nonce, uint8_t *cell_out)
|
|
|
|
{
|
|
|
|
ssize_t cell_len = 0;
|
|
|
|
hs_service_intro_point_t *ip = NULL;
|
|
|
|
|
|
|
|
/* Auth key pair is generated in the constructor so we are all set for
|
|
|
|
* using this IP object. */
|
|
|
|
ip = service_intro_point_new(NULL, 0);
|
|
|
|
tt_assert(ip);
|
|
|
|
cell_len = hs_cell_build_establish_intro(circ_nonce, ip, cell_out);
|
2017-08-28 16:11:49 +02:00
|
|
|
tt_i64_op(cell_len, OP_GT, 0);
|
2017-04-28 19:41:34 +02:00
|
|
|
|
|
|
|
done:
|
|
|
|
service_intro_point_free(ip);
|
|
|
|
return cell_len;
|
|
|
|
}
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
/* Mock function to avoid networking in unittests */
|
|
|
|
static int
|
|
|
|
mock_send_intro_established_cell(or_circuit_t *circ)
|
|
|
|
{
|
|
|
|
(void) circ;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2016-11-15 21:09:27 +01:00
|
|
|
static int
|
|
|
|
mock_relay_send_command_from_edge(streamid_t stream_id, circuit_t *circ,
|
|
|
|
uint8_t relay_command, const char *payload,
|
2017-01-18 23:14:42 +01:00
|
|
|
size_t payload_len,
|
|
|
|
crypt_path_t *cpath_layer,
|
2016-11-15 21:09:27 +01:00
|
|
|
const char *filename, int lineno)
|
|
|
|
{
|
|
|
|
(void) stream_id;
|
|
|
|
(void) circ;
|
|
|
|
(void) relay_command;
|
|
|
|
(void) payload;
|
|
|
|
(void) payload_len;
|
|
|
|
(void) cpath_layer;
|
|
|
|
(void) filename;
|
|
|
|
(void) lineno;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static or_circuit_t *
|
|
|
|
helper_create_intro_circuit(void)
|
|
|
|
{
|
|
|
|
or_circuit_t *circ = or_circuit_new(0, NULL);
|
|
|
|
tt_assert(circ);
|
|
|
|
circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_OR);
|
|
|
|
done:
|
|
|
|
return circ;
|
|
|
|
}
|
|
|
|
|
2017-04-11 19:46:41 +02:00
|
|
|
static trn_cell_introduce1_t *
|
2016-11-15 21:09:27 +01:00
|
|
|
helper_create_introduce1_cell(void)
|
|
|
|
{
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_introduce1_t *cell = NULL;
|
2016-11-15 21:09:27 +01:00
|
|
|
ed25519_keypair_t auth_key_kp;
|
|
|
|
|
|
|
|
/* Generate the auth_key of the cell. */
|
|
|
|
if (ed25519_keypair_generate(&auth_key_kp, 0) < 0) {
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2017-04-11 19:46:41 +02:00
|
|
|
cell = trn_cell_introduce1_new();
|
2016-11-15 21:09:27 +01:00
|
|
|
tt_assert(cell);
|
|
|
|
|
|
|
|
/* Set the auth key. */
|
|
|
|
{
|
|
|
|
size_t auth_key_len = sizeof(auth_key_kp.pubkey);
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_introduce1_set_auth_key_type(cell,
|
2016-11-15 21:09:27 +01:00
|
|
|
HS_INTRO_AUTH_KEY_TYPE_ED25519);
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_introduce1_set_auth_key_len(cell, auth_key_len);
|
|
|
|
trn_cell_introduce1_setlen_auth_key(cell, auth_key_len);
|
|
|
|
uint8_t *auth_key_ptr = trn_cell_introduce1_getarray_auth_key(cell);
|
2016-11-15 21:09:27 +01:00
|
|
|
memcpy(auth_key_ptr, auth_key_kp.pubkey.pubkey, auth_key_len);
|
|
|
|
}
|
|
|
|
|
2018-01-24 09:55:15 +01:00
|
|
|
/* Set the cell extensions to none. */
|
2016-11-15 21:09:27 +01:00
|
|
|
{
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_extension_t *ext = trn_cell_extension_new();
|
|
|
|
trn_cell_extension_set_num(ext, 0);
|
|
|
|
trn_cell_introduce1_set_extensions(cell, ext);
|
2016-11-15 21:09:27 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Set the encrypted section to some data. */
|
|
|
|
{
|
|
|
|
size_t enc_len = 128;
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_introduce1_setlen_encrypted(cell, enc_len);
|
|
|
|
uint8_t *enc_ptr = trn_cell_introduce1_getarray_encrypted(cell);
|
2016-11-15 21:09:27 +01:00
|
|
|
memset(enc_ptr, 'a', enc_len);
|
|
|
|
}
|
|
|
|
|
|
|
|
return cell;
|
|
|
|
err:
|
|
|
|
done:
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_introduce1_free(cell);
|
2016-11-15 21:09:27 +01:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2016-09-05 18:03:30 +02:00
|
|
|
/* Try sending an ESTABLISH_INTRO cell on a circuit that is already an intro
|
|
|
|
* point. Should fail. */
|
|
|
|
static void
|
|
|
|
test_establish_intro_wrong_purpose(void *arg)
|
|
|
|
{
|
|
|
|
int retval;
|
|
|
|
ssize_t cell_len = 0;
|
2017-04-28 19:41:34 +02:00
|
|
|
char circ_nonce[DIGEST_LEN] = {0};
|
|
|
|
uint8_t cell_body[RELAY_PAYLOAD_SIZE];
|
2017-09-15 22:43:17 +02:00
|
|
|
or_circuit_t *intro_circ = or_circuit_new(0,NULL);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
(void)arg;
|
|
|
|
|
|
|
|
/* Get the auth key of the intro point */
|
2017-04-28 19:41:34 +02:00
|
|
|
crypto_rand(circ_nonce, sizeof(circ_nonce));
|
|
|
|
memcpy(intro_circ->rend_circ_nonce, circ_nonce, DIGEST_LEN);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
/* Set a bad circuit purpose!! :) */
|
|
|
|
circuit_change_purpose(TO_CIRCUIT(intro_circ), CIRCUIT_PURPOSE_INTRO_POINT);
|
|
|
|
|
|
|
|
/* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we
|
|
|
|
attempt to parse it. */
|
2017-04-28 19:41:34 +02:00
|
|
|
cell_len = new_establish_intro_encoded_cell(circ_nonce, cell_body);
|
2017-08-28 16:11:49 +02:00
|
|
|
tt_i64_op(cell_len, OP_GT, 0);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
2017-02-01 19:58:06 +01:00
|
|
|
/* Receive the cell. Should fail. */
|
|
|
|
setup_full_capture_of_logs(LOG_INFO);
|
2016-09-05 18:03:30 +02:00
|
|
|
retval = hs_intro_received_establish_intro(intro_circ, cell_body, cell_len);
|
2017-02-01 19:58:06 +01:00
|
|
|
expect_log_msg_containing("Rejecting ESTABLISH_INTRO on non-OR circuit.");
|
|
|
|
teardown_capture_of_logs();
|
2017-06-05 16:23:02 +02:00
|
|
|
tt_int_op(retval, OP_EQ, -1);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
done:
|
2017-11-21 14:29:42 +01:00
|
|
|
circuit_free_(TO_CIRCUIT(intro_circ));
|
2016-09-05 18:03:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Prepare a circuit for accepting an ESTABLISH_INTRO cell */
|
|
|
|
static void
|
2017-04-28 19:41:34 +02:00
|
|
|
helper_prepare_circ_for_intro(or_circuit_t *circ, const char *circ_nonce)
|
2016-09-05 18:03:30 +02:00
|
|
|
{
|
|
|
|
/* Prepare the circuit for the incoming ESTABLISH_INTRO */
|
|
|
|
circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_OR);
|
2017-04-28 19:41:34 +02:00
|
|
|
memcpy(circ->rend_circ_nonce, circ_nonce, DIGEST_LEN);
|
2016-09-05 18:03:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Send an empty ESTABLISH_INTRO cell. Should fail. */
|
|
|
|
static void
|
|
|
|
test_establish_intro_wrong_keytype(void *arg)
|
|
|
|
{
|
|
|
|
int retval;
|
2017-09-15 22:43:17 +02:00
|
|
|
or_circuit_t *intro_circ = or_circuit_new(0,NULL);
|
2017-04-28 19:41:34 +02:00
|
|
|
char circ_nonce[DIGEST_LEN] = {0};
|
2016-09-05 18:03:30 +02:00
|
|
|
|
2017-04-28 19:41:34 +02:00
|
|
|
(void) arg;
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
/* Get the auth key of the intro point */
|
2017-04-28 19:41:34 +02:00
|
|
|
crypto_rand(circ_nonce, sizeof(circ_nonce));
|
|
|
|
helper_prepare_circ_for_intro(intro_circ, circ_nonce);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
/* Receive the cell. Should fail. */
|
2017-02-01 19:58:06 +01:00
|
|
|
setup_full_capture_of_logs(LOG_INFO);
|
2017-04-28 19:41:34 +02:00
|
|
|
retval = hs_intro_received_establish_intro(intro_circ, (uint8_t *) "", 0);
|
2017-02-01 19:58:06 +01:00
|
|
|
expect_log_msg_containing("Empty ESTABLISH_INTRO cell.");
|
|
|
|
teardown_capture_of_logs();
|
2017-06-05 16:23:02 +02:00
|
|
|
tt_int_op(retval, OP_EQ, -1);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
done:
|
2017-11-21 14:29:42 +01:00
|
|
|
circuit_free_(TO_CIRCUIT(intro_circ));
|
2016-09-05 18:03:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Send an ESTABLISH_INTRO cell with an unknown auth key type. Should fail. */
|
|
|
|
static void
|
|
|
|
test_establish_intro_wrong_keytype2(void *arg)
|
|
|
|
{
|
|
|
|
int retval;
|
2017-04-28 19:41:34 +02:00
|
|
|
char circ_nonce[DIGEST_LEN] = {0};
|
2016-09-05 18:03:30 +02:00
|
|
|
uint8_t cell_body[RELAY_PAYLOAD_SIZE];
|
|
|
|
ssize_t cell_len = 0;
|
2017-09-15 22:43:17 +02:00
|
|
|
or_circuit_t *intro_circ = or_circuit_new(0,NULL);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
2017-04-28 19:41:34 +02:00
|
|
|
(void) arg;
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
/* Get the auth key of the intro point */
|
2017-04-28 19:41:34 +02:00
|
|
|
crypto_rand(circ_nonce, sizeof(circ_nonce));
|
|
|
|
helper_prepare_circ_for_intro(intro_circ, circ_nonce);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
/* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we
|
2017-04-28 19:41:34 +02:00
|
|
|
* attempt to parse it. */
|
|
|
|
cell_len = new_establish_intro_encoded_cell(circ_nonce, cell_body);
|
2017-08-28 16:11:49 +02:00
|
|
|
tt_i64_op(cell_len, OP_GT, 0);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
/* Mutate the auth key type! :) */
|
|
|
|
cell_body[0] = 42;
|
|
|
|
|
|
|
|
/* Receive the cell. Should fail. */
|
2017-02-01 19:58:06 +01:00
|
|
|
setup_full_capture_of_logs(LOG_INFO);
|
2016-09-05 18:03:30 +02:00
|
|
|
retval = hs_intro_received_establish_intro(intro_circ, cell_body, cell_len);
|
2017-02-01 19:58:06 +01:00
|
|
|
expect_log_msg_containing("Unrecognized AUTH_KEY_TYPE 42.");
|
|
|
|
teardown_capture_of_logs();
|
2017-06-05 16:23:02 +02:00
|
|
|
tt_int_op(retval, OP_EQ, -1);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
done:
|
2017-11-21 14:29:42 +01:00
|
|
|
circuit_free_(TO_CIRCUIT(intro_circ));
|
2016-09-05 18:03:30 +02:00
|
|
|
}
|
|
|
|
|
2017-01-10 15:24:21 +01:00
|
|
|
/* Send a legit ESTABLISH_INTRO cell but with a wrong MAC. Should fail. */
|
|
|
|
static void
|
|
|
|
test_establish_intro_wrong_mac(void *arg)
|
|
|
|
{
|
|
|
|
int retval;
|
2017-04-28 19:41:34 +02:00
|
|
|
char circ_nonce[DIGEST_LEN] = {0};
|
2017-01-10 15:24:21 +01:00
|
|
|
ssize_t cell_len = 0;
|
2017-04-28 19:41:34 +02:00
|
|
|
uint8_t cell_body[RELAY_PAYLOAD_SIZE];
|
|
|
|
trn_cell_establish_intro_t *cell = NULL;
|
2017-09-15 22:43:17 +02:00
|
|
|
or_circuit_t *intro_circ = or_circuit_new(0,NULL);
|
2017-01-10 15:24:21 +01:00
|
|
|
|
2017-04-28 19:41:34 +02:00
|
|
|
(void) arg;
|
2017-01-10 15:24:21 +01:00
|
|
|
|
|
|
|
/* Get the auth key of the intro point */
|
2017-04-28 19:41:34 +02:00
|
|
|
crypto_rand(circ_nonce, sizeof(circ_nonce));
|
|
|
|
helper_prepare_circ_for_intro(intro_circ, circ_nonce);
|
2017-01-10 15:24:21 +01:00
|
|
|
|
|
|
|
/* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we
|
2017-04-28 19:41:34 +02:00
|
|
|
* attempt to parse it. */
|
|
|
|
cell_len = new_establish_intro_cell(circ_nonce, &cell);
|
2017-08-28 16:11:49 +02:00
|
|
|
tt_i64_op(cell_len, OP_GT, 0);
|
2017-04-28 19:41:34 +02:00
|
|
|
tt_assert(cell);
|
|
|
|
|
2017-01-10 15:24:21 +01:00
|
|
|
/* Mangle one byte of the MAC. */
|
|
|
|
uint8_t *handshake_ptr =
|
2017-04-28 19:41:34 +02:00
|
|
|
trn_cell_establish_intro_getarray_handshake_mac(cell);
|
2017-01-10 15:24:21 +01:00
|
|
|
handshake_ptr[TRUNNEL_SHA3_256_LEN - 1]++;
|
|
|
|
/* We need to resign the payload with that change. */
|
|
|
|
{
|
|
|
|
ed25519_signature_t sig;
|
|
|
|
ed25519_keypair_t key_struct;
|
|
|
|
/* New keypair for the signature since we don't have access to the private
|
|
|
|
* key material generated earlier when creating the cell. */
|
|
|
|
retval = ed25519_keypair_generate(&key_struct, 0);
|
|
|
|
tt_int_op(retval, OP_EQ, 0);
|
|
|
|
uint8_t *auth_key_ptr =
|
2017-04-28 19:41:34 +02:00
|
|
|
trn_cell_establish_intro_getarray_auth_key(cell);
|
2017-01-10 15:24:21 +01:00
|
|
|
memcpy(auth_key_ptr, key_struct.pubkey.pubkey, ED25519_PUBKEY_LEN);
|
|
|
|
/* Encode payload so we can sign it. */
|
2017-04-28 19:41:34 +02:00
|
|
|
cell_len = trn_cell_establish_intro_encode(cell_body, sizeof(cell_body),
|
|
|
|
cell);
|
2017-08-28 16:11:49 +02:00
|
|
|
tt_i64_op(cell_len, OP_GT, 0);
|
2017-01-10 15:24:21 +01:00
|
|
|
|
|
|
|
retval = ed25519_sign_prefixed(&sig, cell_body,
|
|
|
|
cell_len -
|
2017-04-28 19:41:34 +02:00
|
|
|
(ED25519_SIG_LEN + sizeof(cell->sig_len)),
|
2017-01-10 15:24:21 +01:00
|
|
|
ESTABLISH_INTRO_SIG_PREFIX, &key_struct);
|
|
|
|
tt_int_op(retval, OP_EQ, 0);
|
|
|
|
/* And write the signature to the cell */
|
|
|
|
uint8_t *sig_ptr =
|
2017-04-28 19:41:34 +02:00
|
|
|
trn_cell_establish_intro_getarray_sig(cell);
|
|
|
|
memcpy(sig_ptr, sig.sig, cell->sig_len);
|
2017-01-10 15:24:21 +01:00
|
|
|
/* Re-encode with the new signature. */
|
2017-04-28 19:41:34 +02:00
|
|
|
cell_len = trn_cell_establish_intro_encode(cell_body, sizeof(cell_body),
|
|
|
|
cell);
|
2017-08-28 16:11:49 +02:00
|
|
|
tt_i64_op(cell_len, OP_GT, 0);
|
2017-01-10 15:24:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Receive the cell. Should fail because our MAC is wrong. */
|
|
|
|
setup_full_capture_of_logs(LOG_INFO);
|
|
|
|
retval = hs_intro_received_establish_intro(intro_circ, cell_body, cell_len);
|
|
|
|
expect_log_msg_containing("ESTABLISH_INTRO handshake_auth not as expected");
|
|
|
|
teardown_capture_of_logs();
|
2017-06-05 16:23:02 +02:00
|
|
|
tt_int_op(retval, OP_EQ, -1);
|
2017-01-10 15:24:21 +01:00
|
|
|
|
|
|
|
done:
|
2017-04-28 19:41:34 +02:00
|
|
|
trn_cell_establish_intro_free(cell);
|
2017-11-21 14:29:42 +01:00
|
|
|
circuit_free_(TO_CIRCUIT(intro_circ));
|
2017-01-10 15:24:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Send a legit ESTABLISH_INTRO cell but with a wrong auth key length. Should
|
|
|
|
* fail. */
|
|
|
|
static void
|
|
|
|
test_establish_intro_wrong_auth_key_len(void *arg)
|
|
|
|
{
|
|
|
|
int retval;
|
2017-04-28 19:41:34 +02:00
|
|
|
char circ_nonce[DIGEST_LEN] = {0};
|
2017-01-10 15:24:21 +01:00
|
|
|
uint8_t cell_body[RELAY_PAYLOAD_SIZE];
|
|
|
|
ssize_t cell_len = 0;
|
|
|
|
size_t bad_auth_key_len = ED25519_PUBKEY_LEN - 1;
|
2017-04-28 19:41:34 +02:00
|
|
|
trn_cell_establish_intro_t *cell = NULL;
|
2017-09-15 22:43:17 +02:00
|
|
|
or_circuit_t *intro_circ = or_circuit_new(0,NULL);
|
2017-01-10 15:24:21 +01:00
|
|
|
|
2017-04-28 19:41:34 +02:00
|
|
|
(void) arg;
|
2017-01-10 15:24:21 +01:00
|
|
|
|
|
|
|
/* Get the auth key of the intro point */
|
2017-04-28 19:41:34 +02:00
|
|
|
crypto_rand(circ_nonce, sizeof(circ_nonce));
|
|
|
|
helper_prepare_circ_for_intro(intro_circ, circ_nonce);
|
2017-01-10 15:24:21 +01:00
|
|
|
|
|
|
|
/* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we
|
2017-04-28 19:41:34 +02:00
|
|
|
* attempt to parse it. */
|
|
|
|
cell_len = new_establish_intro_cell(circ_nonce, &cell);
|
2017-08-28 16:11:49 +02:00
|
|
|
tt_i64_op(cell_len, OP_GT, 0);
|
2017-04-28 19:41:34 +02:00
|
|
|
tt_assert(cell);
|
|
|
|
|
2017-01-10 15:24:21 +01:00
|
|
|
/* Mangle the auth key length. */
|
2017-04-28 19:41:34 +02:00
|
|
|
trn_cell_establish_intro_set_auth_key_len(cell, bad_auth_key_len);
|
|
|
|
trn_cell_establish_intro_setlen_auth_key(cell, bad_auth_key_len);
|
|
|
|
/* Encode cell. */
|
|
|
|
cell_len = trn_cell_establish_intro_encode(cell_body, sizeof(cell_body),
|
|
|
|
cell);
|
|
|
|
tt_int_op(cell_len, OP_GT, 0);
|
2017-01-10 15:24:21 +01:00
|
|
|
|
|
|
|
/* Receive the cell. Should fail. */
|
|
|
|
setup_full_capture_of_logs(LOG_INFO);
|
|
|
|
retval = hs_intro_received_establish_intro(intro_circ, cell_body, cell_len);
|
|
|
|
expect_log_msg_containing("ESTABLISH_INTRO auth key length is invalid");
|
|
|
|
teardown_capture_of_logs();
|
2017-06-05 16:23:02 +02:00
|
|
|
tt_int_op(retval, OP_EQ, -1);
|
2017-01-10 15:24:21 +01:00
|
|
|
|
|
|
|
done:
|
2017-04-28 19:41:34 +02:00
|
|
|
trn_cell_establish_intro_free(cell);
|
2017-11-21 14:29:42 +01:00
|
|
|
circuit_free_(TO_CIRCUIT(intro_circ));
|
2017-01-10 15:24:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Send a legit ESTABLISH_INTRO cell but with a wrong sig length. Should
|
|
|
|
* fail. */
|
|
|
|
static void
|
|
|
|
test_establish_intro_wrong_sig_len(void *arg)
|
|
|
|
{
|
|
|
|
int retval;
|
2017-04-28 19:41:34 +02:00
|
|
|
char circ_nonce[DIGEST_LEN] = {0};
|
2017-01-10 15:24:21 +01:00
|
|
|
uint8_t cell_body[RELAY_PAYLOAD_SIZE];
|
|
|
|
ssize_t cell_len = 0;
|
|
|
|
size_t bad_sig_len = ED25519_SIG_LEN - 1;
|
2017-04-28 19:41:34 +02:00
|
|
|
trn_cell_establish_intro_t *cell = NULL;
|
2017-09-15 22:43:17 +02:00
|
|
|
or_circuit_t *intro_circ = or_circuit_new(0,NULL);
|
2017-01-10 15:24:21 +01:00
|
|
|
|
2017-04-28 19:41:34 +02:00
|
|
|
(void) arg;
|
2017-01-10 15:24:21 +01:00
|
|
|
|
|
|
|
/* Get the auth key of the intro point */
|
2017-04-28 19:41:34 +02:00
|
|
|
crypto_rand(circ_nonce, sizeof(circ_nonce));
|
|
|
|
helper_prepare_circ_for_intro(intro_circ, circ_nonce);
|
2017-01-10 15:24:21 +01:00
|
|
|
|
|
|
|
/* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we
|
2017-04-28 19:41:34 +02:00
|
|
|
* attempt to parse it. */
|
|
|
|
cell_len = new_establish_intro_cell(circ_nonce, &cell);
|
2017-08-28 16:11:49 +02:00
|
|
|
tt_i64_op(cell_len, OP_GT, 0);
|
2017-04-28 19:41:34 +02:00
|
|
|
tt_assert(cell);
|
|
|
|
|
2017-01-10 15:24:21 +01:00
|
|
|
/* Mangle the signature length. */
|
2017-04-28 19:41:34 +02:00
|
|
|
trn_cell_establish_intro_set_sig_len(cell, bad_sig_len);
|
|
|
|
trn_cell_establish_intro_setlen_sig(cell, bad_sig_len);
|
|
|
|
/* Encode cell. */
|
|
|
|
cell_len = trn_cell_establish_intro_encode(cell_body, sizeof(cell_body),
|
|
|
|
cell);
|
|
|
|
tt_int_op(cell_len, OP_GT, 0);
|
2017-01-10 15:24:21 +01:00
|
|
|
|
|
|
|
/* Receive the cell. Should fail. */
|
|
|
|
setup_full_capture_of_logs(LOG_INFO);
|
|
|
|
retval = hs_intro_received_establish_intro(intro_circ, cell_body, cell_len);
|
|
|
|
expect_log_msg_containing("ESTABLISH_INTRO sig len is invalid");
|
|
|
|
teardown_capture_of_logs();
|
2017-06-05 16:23:02 +02:00
|
|
|
tt_int_op(retval, OP_EQ, -1);
|
2017-01-10 15:24:21 +01:00
|
|
|
|
|
|
|
done:
|
2017-04-28 19:41:34 +02:00
|
|
|
trn_cell_establish_intro_free(cell);
|
2017-11-21 14:29:42 +01:00
|
|
|
circuit_free_(TO_CIRCUIT(intro_circ));
|
2017-01-10 15:24:21 +01:00
|
|
|
}
|
|
|
|
|
2016-09-05 18:03:30 +02:00
|
|
|
/* Send a legit ESTABLISH_INTRO cell but slightly change the signature. Should
|
|
|
|
* fail. */
|
|
|
|
static void
|
|
|
|
test_establish_intro_wrong_sig(void *arg)
|
|
|
|
{
|
|
|
|
int retval;
|
2017-04-28 19:41:34 +02:00
|
|
|
char circ_nonce[DIGEST_LEN] = {0};
|
2016-09-05 18:03:30 +02:00
|
|
|
uint8_t cell_body[RELAY_PAYLOAD_SIZE];
|
|
|
|
ssize_t cell_len = 0;
|
2017-09-15 22:43:17 +02:00
|
|
|
or_circuit_t *intro_circ = or_circuit_new(0,NULL);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
2017-04-28 19:41:34 +02:00
|
|
|
(void) arg;
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
/* Get the auth key of the intro point */
|
2017-04-28 19:41:34 +02:00
|
|
|
crypto_rand(circ_nonce, sizeof(circ_nonce));
|
|
|
|
helper_prepare_circ_for_intro(intro_circ, circ_nonce);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
/* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we
|
|
|
|
attempt to parse it. */
|
2017-04-28 19:41:34 +02:00
|
|
|
cell_len = new_establish_intro_encoded_cell(circ_nonce, cell_body);
|
2017-08-09 12:45:37 +02:00
|
|
|
tt_i64_op(cell_len, OP_GT, 0);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
/* Mutate the last byte (signature)! :) */
|
2017-04-28 19:41:34 +02:00
|
|
|
cell_body[cell_len - 1]++;
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
/* Receive the cell. Should fail. */
|
2017-02-01 19:58:06 +01:00
|
|
|
setup_full_capture_of_logs(LOG_INFO);
|
2017-08-09 12:45:37 +02:00
|
|
|
retval = hs_intro_received_establish_intro(intro_circ, cell_body,
|
|
|
|
(size_t)cell_len);
|
2017-02-01 19:58:06 +01:00
|
|
|
expect_log_msg_containing("Failed to verify ESTABLISH_INTRO cell.");
|
|
|
|
teardown_capture_of_logs();
|
2017-06-05 16:23:02 +02:00
|
|
|
tt_int_op(retval, OP_EQ, -1);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
done:
|
2017-11-21 14:29:42 +01:00
|
|
|
circuit_free_(TO_CIRCUIT(intro_circ));
|
2016-09-05 18:03:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Helper function: Send a well-formed v3 ESTABLISH_INTRO cell to
|
|
|
|
* <b>intro_circ</b>. Return the cell. */
|
2017-04-11 19:46:41 +02:00
|
|
|
static trn_cell_establish_intro_t *
|
2016-09-05 18:03:30 +02:00
|
|
|
helper_establish_intro_v3(or_circuit_t *intro_circ)
|
|
|
|
{
|
|
|
|
int retval;
|
2017-04-28 19:41:34 +02:00
|
|
|
char circ_nonce[DIGEST_LEN] = {0};
|
2016-09-05 18:03:30 +02:00
|
|
|
uint8_t cell_body[RELAY_PAYLOAD_SIZE];
|
|
|
|
ssize_t cell_len = 0;
|
2017-04-28 19:41:34 +02:00
|
|
|
trn_cell_establish_intro_t *cell = NULL;
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
tt_assert(intro_circ);
|
|
|
|
|
|
|
|
/* Prepare the circuit for the incoming ESTABLISH_INTRO */
|
2017-04-28 19:41:34 +02:00
|
|
|
crypto_rand(circ_nonce, sizeof(circ_nonce));
|
|
|
|
helper_prepare_circ_for_intro(intro_circ, circ_nonce);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
/* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we
|
2017-04-28 19:41:34 +02:00
|
|
|
* attempt to parse it. */
|
|
|
|
cell_len = new_establish_intro_cell(circ_nonce, &cell);
|
2017-08-09 12:45:37 +02:00
|
|
|
tt_i64_op(cell_len, OP_GT, 0);
|
2017-04-28 19:41:34 +02:00
|
|
|
tt_assert(cell);
|
|
|
|
cell_len = trn_cell_establish_intro_encode(cell_body, sizeof(cell_body),
|
|
|
|
cell);
|
|
|
|
tt_int_op(cell_len, OP_GT, 0);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
/* Receive the cell */
|
2017-08-09 12:45:37 +02:00
|
|
|
retval = hs_intro_received_establish_intro(intro_circ, cell_body,
|
|
|
|
(size_t) cell_len);
|
2017-06-05 16:23:02 +02:00
|
|
|
tt_int_op(retval, OP_EQ, 0);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
done:
|
2017-04-28 19:41:34 +02:00
|
|
|
return cell;
|
2016-09-05 18:03:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Helper function: Send a well-formed v2 ESTABLISH_INTRO cell to
|
|
|
|
* <b>intro_circ</b>. Return the public key advertised in the cell. */
|
|
|
|
static crypto_pk_t *
|
|
|
|
helper_establish_intro_v2(or_circuit_t *intro_circ)
|
|
|
|
{
|
|
|
|
crypto_pk_t *key1 = NULL;
|
|
|
|
int retval;
|
|
|
|
uint8_t cell_body[RELAY_PAYLOAD_SIZE];
|
|
|
|
ssize_t cell_len = 0;
|
2017-04-28 19:41:34 +02:00
|
|
|
char circ_nonce[DIGEST_LEN] = {0};
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
tt_assert(intro_circ);
|
|
|
|
|
|
|
|
/* Prepare the circuit for the incoming ESTABLISH_INTRO */
|
2017-04-28 19:41:34 +02:00
|
|
|
crypto_rand(circ_nonce, sizeof(circ_nonce));
|
|
|
|
helper_prepare_circ_for_intro(intro_circ, circ_nonce);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
/* Send legacy establish_intro */
|
|
|
|
key1 = pk_generate(0);
|
|
|
|
|
2017-04-28 19:41:34 +02:00
|
|
|
/* Use old circ_nonce why not */
|
2017-02-21 20:20:39 +01:00
|
|
|
cell_len = rend_service_encode_establish_intro_cell(
|
|
|
|
(char*)cell_body,
|
|
|
|
sizeof(cell_body), key1,
|
2017-04-28 19:41:34 +02:00
|
|
|
circ_nonce);
|
2017-08-09 12:45:37 +02:00
|
|
|
tt_int_op(cell_len, OP_GT, 0);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
/* Receive legacy establish_intro */
|
|
|
|
retval = hs_intro_received_establish_intro(intro_circ,
|
2017-08-09 12:45:37 +02:00
|
|
|
cell_body, (size_t) cell_len);
|
2017-06-05 16:23:02 +02:00
|
|
|
tt_int_op(retval, OP_EQ, 0);
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
done:
|
|
|
|
return key1;
|
|
|
|
}
|
|
|
|
|
2017-05-11 18:55:18 +02:00
|
|
|
/* Helper function: test circuitmap free_all function outside of
|
|
|
|
* test_intro_point_registration to prevent Coverity from seeing a
|
|
|
|
* double free if the assertion hypothetically fails.
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
test_circuitmap_free_all(void)
|
|
|
|
{
|
|
|
|
hs_circuitmap_ht *the_hs_circuitmap = NULL;
|
|
|
|
|
|
|
|
the_hs_circuitmap = get_hs_circuitmap();
|
|
|
|
tt_assert(the_hs_circuitmap);
|
|
|
|
hs_circuitmap_free_all();
|
|
|
|
the_hs_circuitmap = get_hs_circuitmap();
|
2017-08-24 21:55:27 +02:00
|
|
|
tt_ptr_op(the_hs_circuitmap, OP_EQ, NULL);
|
2017-05-11 18:55:18 +02:00
|
|
|
done:
|
|
|
|
;
|
|
|
|
}
|
|
|
|
|
2018-01-24 09:55:15 +01:00
|
|
|
/** Successfully register a v2 intro point and a v3 intro point. Ensure that HS
|
2016-09-05 18:03:30 +02:00
|
|
|
* circuitmap is maintained properly. */
|
|
|
|
static void
|
|
|
|
test_intro_point_registration(void *arg)
|
|
|
|
{
|
|
|
|
int retval;
|
|
|
|
hs_circuitmap_ht *the_hs_circuitmap = NULL;
|
|
|
|
|
|
|
|
or_circuit_t *intro_circ = NULL;
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_establish_intro_t *establish_intro_cell = NULL;
|
2016-09-05 18:03:30 +02:00
|
|
|
ed25519_public_key_t auth_key;
|
|
|
|
|
|
|
|
crypto_pk_t *legacy_auth_key = NULL;
|
|
|
|
or_circuit_t *legacy_intro_circ = NULL;
|
|
|
|
|
|
|
|
or_circuit_t *returned_intro_circ = NULL;
|
|
|
|
|
|
|
|
(void) arg;
|
|
|
|
|
|
|
|
MOCK(hs_intro_send_intro_established_cell, mock_send_intro_established_cell);
|
|
|
|
|
|
|
|
hs_circuitmap_init();
|
|
|
|
|
|
|
|
/* Check that the circuitmap is currently empty */
|
|
|
|
{
|
|
|
|
the_hs_circuitmap = get_hs_circuitmap();
|
|
|
|
tt_assert(the_hs_circuitmap);
|
2017-06-05 16:23:02 +02:00
|
|
|
tt_int_op(0, OP_EQ, HT_SIZE(the_hs_circuitmap));
|
2016-09-05 18:03:30 +02:00
|
|
|
/* Do a circuitmap query in any case */
|
2017-01-20 12:55:06 +01:00
|
|
|
returned_intro_circ =hs_circuitmap_get_intro_circ_v3_relay_side(&auth_key);
|
2017-06-05 16:23:02 +02:00
|
|
|
tt_ptr_op(returned_intro_circ, OP_EQ, NULL);
|
2016-09-05 18:03:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Create a v3 intro point */
|
|
|
|
{
|
|
|
|
intro_circ = or_circuit_new(0, NULL);
|
|
|
|
tt_assert(intro_circ);
|
|
|
|
establish_intro_cell = helper_establish_intro_v3(intro_circ);
|
|
|
|
|
|
|
|
/* Check that the intro point was registered on the HS circuitmap */
|
|
|
|
the_hs_circuitmap = get_hs_circuitmap();
|
|
|
|
tt_assert(the_hs_circuitmap);
|
2017-06-05 16:23:02 +02:00
|
|
|
tt_int_op(1, OP_EQ, HT_SIZE(the_hs_circuitmap));
|
2016-11-10 22:04:23 +01:00
|
|
|
get_auth_key_from_cell(&auth_key, RELAY_COMMAND_ESTABLISH_INTRO,
|
|
|
|
establish_intro_cell);
|
2017-04-13 20:36:57 +02:00
|
|
|
returned_intro_circ =
|
|
|
|
hs_circuitmap_get_intro_circ_v3_relay_side(&auth_key);
|
2017-06-05 16:23:02 +02:00
|
|
|
tt_ptr_op(intro_circ, OP_EQ, returned_intro_circ);
|
2016-09-05 18:03:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Create a v2 intro point */
|
|
|
|
{
|
|
|
|
char key_digest[DIGEST_LEN];
|
|
|
|
|
|
|
|
legacy_intro_circ = or_circuit_new(1, NULL);
|
|
|
|
tt_assert(legacy_intro_circ);
|
|
|
|
legacy_auth_key = helper_establish_intro_v2(legacy_intro_circ);
|
|
|
|
tt_assert(legacy_auth_key);
|
|
|
|
|
|
|
|
/* Check that the circuitmap now has two elements */
|
|
|
|
the_hs_circuitmap = get_hs_circuitmap();
|
|
|
|
tt_assert(the_hs_circuitmap);
|
2017-06-05 16:23:02 +02:00
|
|
|
tt_int_op(2, OP_EQ, HT_SIZE(the_hs_circuitmap));
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
/* Check that the new element is our legacy intro circuit. */
|
|
|
|
retval = crypto_pk_get_digest(legacy_auth_key, key_digest);
|
2017-06-05 16:23:02 +02:00
|
|
|
tt_int_op(retval, OP_EQ, 0);
|
2017-01-20 12:55:06 +01:00
|
|
|
returned_intro_circ =
|
|
|
|
hs_circuitmap_get_intro_circ_v2_relay_side((uint8_t*)key_digest);
|
2017-06-05 16:23:02 +02:00
|
|
|
tt_ptr_op(legacy_intro_circ, OP_EQ, returned_intro_circ);
|
2016-09-05 18:03:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* XXX Continue test and try to register a second v3 intro point with the
|
|
|
|
* same auth key. Make sure that old intro circuit gets closed. */
|
|
|
|
|
|
|
|
done:
|
|
|
|
crypto_pk_free(legacy_auth_key);
|
2017-11-21 14:29:42 +01:00
|
|
|
circuit_free_(TO_CIRCUIT(intro_circ));
|
|
|
|
circuit_free_(TO_CIRCUIT(legacy_intro_circ));
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_establish_intro_free(establish_intro_cell);
|
2017-05-11 18:55:18 +02:00
|
|
|
test_circuitmap_free_all();
|
2016-09-05 18:03:30 +02:00
|
|
|
|
|
|
|
UNMOCK(hs_intro_send_intro_established_cell);
|
|
|
|
}
|
|
|
|
|
2016-11-15 21:09:27 +01:00
|
|
|
static void
|
|
|
|
test_introduce1_suitable_circuit(void *arg)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
or_circuit_t *circ = NULL;
|
|
|
|
|
|
|
|
(void) arg;
|
|
|
|
|
|
|
|
/* Valid suitable circuit. */
|
|
|
|
{
|
|
|
|
circ = or_circuit_new(0, NULL);
|
|
|
|
circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_OR);
|
|
|
|
ret = circuit_is_suitable_for_introduce1(circ);
|
2017-11-21 14:29:42 +01:00
|
|
|
circuit_free_(TO_CIRCUIT(circ));
|
2016-11-15 21:09:27 +01:00
|
|
|
tt_int_op(ret, OP_EQ, 1);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Test if the circuit purpose safeguard works correctly. */
|
|
|
|
{
|
|
|
|
circ = or_circuit_new(0, NULL);
|
|
|
|
circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_INTRO_POINT);
|
|
|
|
ret = circuit_is_suitable_for_introduce1(circ);
|
2017-11-21 14:29:42 +01:00
|
|
|
circuit_free_(TO_CIRCUIT(circ));
|
2016-11-15 21:09:27 +01:00
|
|
|
tt_int_op(ret, OP_EQ, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Test the non-edge circuit safeguard works correctly. */
|
|
|
|
{
|
|
|
|
circ = or_circuit_new(0, NULL);
|
|
|
|
circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_OR);
|
|
|
|
/* Bogus pointer, the check is against NULL on n_chan. */
|
|
|
|
circ->base_.n_chan = (channel_t *) circ;
|
|
|
|
ret = circuit_is_suitable_for_introduce1(circ);
|
2017-11-21 14:29:42 +01:00
|
|
|
circuit_free_(TO_CIRCUIT(circ));
|
2016-11-15 21:09:27 +01:00
|
|
|
tt_int_op(ret, OP_EQ, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Mangle the circuit a bit more so see if our only one INTRODUCE1 cell
|
|
|
|
* limit works correctly. */
|
|
|
|
{
|
|
|
|
circ = or_circuit_new(0, NULL);
|
|
|
|
circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_OR);
|
|
|
|
circ->already_received_introduce1 = 1;
|
|
|
|
ret = circuit_is_suitable_for_introduce1(circ);
|
2017-11-21 14:29:42 +01:00
|
|
|
circuit_free_(TO_CIRCUIT(circ));
|
2016-11-15 21:09:27 +01:00
|
|
|
tt_int_op(ret, OP_EQ, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
done:
|
|
|
|
;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
test_introduce1_is_legacy(void *arg)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
uint8_t request[256];
|
|
|
|
|
|
|
|
(void) arg;
|
|
|
|
|
|
|
|
/* For a cell to be considered legacy, according to the specification, the
|
|
|
|
* first 20 bytes MUST BE non-zero else it's a v3 cell. */
|
|
|
|
memset(request, 'a', DIGEST_LEN);
|
|
|
|
memset(request + DIGEST_LEN, 0, sizeof(request) - DIGEST_LEN);
|
|
|
|
ret = introduce1_cell_is_legacy(request);
|
|
|
|
tt_int_op(ret, OP_EQ, 1);
|
|
|
|
|
|
|
|
/* This is a NON legacy cell. */
|
|
|
|
memset(request, 0, DIGEST_LEN);
|
|
|
|
memset(request + DIGEST_LEN, 'a', sizeof(request) - DIGEST_LEN);
|
|
|
|
ret = introduce1_cell_is_legacy(request);
|
|
|
|
tt_int_op(ret, OP_EQ, 0);
|
|
|
|
|
|
|
|
done:
|
|
|
|
;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
test_introduce1_validation(void *arg)
|
|
|
|
{
|
|
|
|
int ret;
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_introduce1_t *cell = NULL;
|
2016-11-15 21:09:27 +01:00
|
|
|
|
|
|
|
(void) arg;
|
|
|
|
|
|
|
|
/* Create our decoy cell that we'll modify as we go to test the validation
|
|
|
|
* function of that parsed cell. */
|
|
|
|
cell = helper_create_introduce1_cell();
|
2018-01-16 14:36:34 +01:00
|
|
|
tt_assert(cell);
|
2016-11-15 21:09:27 +01:00
|
|
|
|
|
|
|
/* It should NOT be a legacy cell which will trigger a BUG(). */
|
|
|
|
memset(cell->legacy_key_id, 'a', sizeof(cell->legacy_key_id));
|
|
|
|
tor_capture_bugs_(1);
|
|
|
|
ret = validate_introduce1_parsed_cell(cell);
|
|
|
|
tor_end_capture_bugs_();
|
|
|
|
tt_int_op(ret, OP_EQ, -1);
|
|
|
|
/* Reset legacy ID and make sure it's correct. */
|
|
|
|
memset(cell->legacy_key_id, 0, sizeof(cell->legacy_key_id));
|
|
|
|
ret = validate_introduce1_parsed_cell(cell);
|
|
|
|
tt_int_op(ret, OP_EQ, 0);
|
|
|
|
|
|
|
|
/* Non existing auth key type. */
|
|
|
|
cell->auth_key_type = 42;
|
|
|
|
ret = validate_introduce1_parsed_cell(cell);
|
|
|
|
tt_int_op(ret, OP_EQ, -1);
|
|
|
|
/* Reset is to correct value and make sure it's correct. */
|
|
|
|
cell->auth_key_type = HS_INTRO_AUTH_KEY_TYPE_ED25519;
|
|
|
|
ret = validate_introduce1_parsed_cell(cell);
|
|
|
|
tt_int_op(ret, OP_EQ, 0);
|
|
|
|
|
|
|
|
/* Really bad key length. */
|
|
|
|
cell->auth_key_len = 0;
|
|
|
|
ret = validate_introduce1_parsed_cell(cell);
|
|
|
|
tt_int_op(ret, OP_EQ, -1);
|
|
|
|
cell->auth_key_len = UINT16_MAX;
|
|
|
|
ret = validate_introduce1_parsed_cell(cell);
|
|
|
|
tt_int_op(ret, OP_EQ, -1);
|
|
|
|
/* Correct size, let's try that. */
|
|
|
|
cell->auth_key_len = sizeof(ed25519_public_key_t);
|
|
|
|
ret = validate_introduce1_parsed_cell(cell);
|
|
|
|
tt_int_op(ret, OP_EQ, 0);
|
|
|
|
/* Set an invalid size of the auth key buffer. */
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_introduce1_setlen_auth_key(cell, 3);
|
2016-11-15 21:09:27 +01:00
|
|
|
ret = validate_introduce1_parsed_cell(cell);
|
|
|
|
tt_int_op(ret, OP_EQ, -1);
|
|
|
|
/* Reset auth key buffer and make sure it works. */
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_introduce1_setlen_auth_key(cell, sizeof(ed25519_public_key_t));
|
2016-11-15 21:09:27 +01:00
|
|
|
ret = validate_introduce1_parsed_cell(cell);
|
|
|
|
tt_int_op(ret, OP_EQ, 0);
|
|
|
|
|
|
|
|
/* Empty encrypted section. */
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_introduce1_setlen_encrypted(cell, 0);
|
2016-11-15 21:09:27 +01:00
|
|
|
ret = validate_introduce1_parsed_cell(cell);
|
|
|
|
tt_int_op(ret, OP_EQ, -1);
|
|
|
|
/* Reset it to some non zero bytes and validate. */
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_introduce1_setlen_encrypted(cell, 1);
|
2016-11-15 21:09:27 +01:00
|
|
|
ret = validate_introduce1_parsed_cell(cell);
|
|
|
|
tt_int_op(ret, OP_EQ, 0);
|
|
|
|
|
|
|
|
done:
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_introduce1_free(cell);
|
2016-11-15 21:09:27 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
test_received_introduce1_handling(void *arg)
|
|
|
|
{
|
|
|
|
int ret;
|
2017-09-15 22:43:17 +02:00
|
|
|
uint8_t *request = NULL, buf[128];
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_introduce1_t *cell = NULL;
|
2016-11-15 21:09:27 +01:00
|
|
|
or_circuit_t *circ = NULL;
|
|
|
|
|
|
|
|
(void) arg;
|
|
|
|
|
|
|
|
MOCK(relay_send_command_from_edge_, mock_relay_send_command_from_edge);
|
|
|
|
|
|
|
|
hs_circuitmap_init();
|
|
|
|
|
|
|
|
/* Too small request length. An INTRODUCE1 expect at the very least a
|
|
|
|
* DIGEST_LEN size. */
|
|
|
|
{
|
2017-09-13 03:09:18 +02:00
|
|
|
memset(buf, 0, sizeof(buf));
|
2016-11-15 21:09:27 +01:00
|
|
|
circ = helper_create_intro_circuit();
|
|
|
|
ret = hs_intro_received_introduce1(circ, buf, DIGEST_LEN - 1);
|
|
|
|
tt_int_op(ret, OP_EQ, -1);
|
2017-11-21 14:29:42 +01:00
|
|
|
circuit_free_(TO_CIRCUIT(circ));
|
2016-11-15 21:09:27 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/* We have a unit test only for the suitability of a circuit to receive an
|
|
|
|
* INTRODUCE1 cell so from now on we'll only test the handling of a cell. */
|
|
|
|
|
|
|
|
/* Bad request. */
|
|
|
|
{
|
|
|
|
circ = helper_create_intro_circuit();
|
|
|
|
uint8_t test[2]; /* Too small request. */
|
2017-09-13 03:09:18 +02:00
|
|
|
memset(test, 0, sizeof(test));
|
2016-11-15 21:09:27 +01:00
|
|
|
ret = handle_introduce1(circ, test, sizeof(test));
|
|
|
|
tor_free(circ->p_chan);
|
2017-11-21 14:29:42 +01:00
|
|
|
circuit_free_(TO_CIRCUIT(circ));
|
2016-11-15 21:09:27 +01:00
|
|
|
tt_int_op(ret, OP_EQ, -1);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Valid case. */
|
|
|
|
{
|
|
|
|
cell = helper_create_introduce1_cell();
|
2017-04-11 19:46:41 +02:00
|
|
|
ssize_t request_len = trn_cell_introduce1_encoded_len(cell);
|
2017-04-17 15:23:58 +02:00
|
|
|
tt_int_op((int)request_len, OP_GT, 0);
|
2016-11-15 21:09:27 +01:00
|
|
|
request = tor_malloc_zero(request_len);
|
2017-01-18 23:14:42 +01:00
|
|
|
ssize_t encoded_len =
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_introduce1_encode(request, request_len, cell);
|
2017-04-17 15:23:58 +02:00
|
|
|
tt_int_op((int)encoded_len, OP_GT, 0);
|
2016-11-15 21:09:27 +01:00
|
|
|
|
|
|
|
circ = helper_create_intro_circuit();
|
|
|
|
or_circuit_t *service_circ = helper_create_intro_circuit();
|
2017-01-18 23:14:42 +01:00
|
|
|
circuit_change_purpose(TO_CIRCUIT(service_circ),
|
|
|
|
CIRCUIT_PURPOSE_INTRO_POINT);
|
2016-11-15 21:09:27 +01:00
|
|
|
/* Register the circuit in the map for the auth key of the cell. */
|
|
|
|
ed25519_public_key_t auth_key;
|
|
|
|
const uint8_t *cell_auth_key =
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_introduce1_getconstarray_auth_key(cell);
|
2016-11-15 21:09:27 +01:00
|
|
|
memcpy(auth_key.pubkey, cell_auth_key, ED25519_PUBKEY_LEN);
|
2017-01-20 12:55:06 +01:00
|
|
|
hs_circuitmap_register_intro_circ_v3_relay_side(service_circ, &auth_key);
|
2016-11-15 21:09:27 +01:00
|
|
|
ret = hs_intro_received_introduce1(circ, request, request_len);
|
2017-11-21 14:29:42 +01:00
|
|
|
circuit_free_(TO_CIRCUIT(circ));
|
|
|
|
circuit_free_(TO_CIRCUIT(service_circ));
|
2016-11-15 21:09:27 +01:00
|
|
|
tt_int_op(ret, OP_EQ, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Valid legacy cell. */
|
|
|
|
{
|
|
|
|
tor_free(request);
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_introduce1_free(cell);
|
2016-11-15 21:09:27 +01:00
|
|
|
cell = helper_create_introduce1_cell();
|
2017-04-11 19:46:41 +02:00
|
|
|
uint8_t *legacy_key_id = trn_cell_introduce1_getarray_legacy_key_id(cell);
|
2016-11-15 21:09:27 +01:00
|
|
|
memset(legacy_key_id, 'a', DIGEST_LEN);
|
|
|
|
/* Add an arbitrary amount of data for the payload of a v2 cell. */
|
2017-04-11 19:46:41 +02:00
|
|
|
size_t request_len = trn_cell_introduce1_encoded_len(cell) + 256;
|
2016-11-15 21:09:27 +01:00
|
|
|
tt_size_op(request_len, OP_GT, 0);
|
|
|
|
request = tor_malloc_zero(request_len + 256);
|
2017-01-18 23:14:42 +01:00
|
|
|
ssize_t encoded_len =
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_introduce1_encode(request, request_len, cell);
|
2017-04-17 15:23:58 +02:00
|
|
|
tt_int_op((int)encoded_len, OP_GT, 0);
|
2016-11-15 21:09:27 +01:00
|
|
|
|
|
|
|
circ = helper_create_intro_circuit();
|
|
|
|
or_circuit_t *service_circ = helper_create_intro_circuit();
|
2017-01-18 23:14:42 +01:00
|
|
|
circuit_change_purpose(TO_CIRCUIT(service_circ),
|
|
|
|
CIRCUIT_PURPOSE_INTRO_POINT);
|
2016-11-15 21:09:27 +01:00
|
|
|
/* Register the circuit in the map for the auth key of the cell. */
|
|
|
|
uint8_t token[REND_TOKEN_LEN];
|
|
|
|
memcpy(token, legacy_key_id, sizeof(token));
|
2017-01-20 12:55:06 +01:00
|
|
|
hs_circuitmap_register_intro_circ_v2_relay_side(service_circ, token);
|
2016-11-15 21:09:27 +01:00
|
|
|
ret = hs_intro_received_introduce1(circ, request, request_len);
|
2017-11-21 14:29:42 +01:00
|
|
|
circuit_free_(TO_CIRCUIT(circ));
|
|
|
|
circuit_free_(TO_CIRCUIT(service_circ));
|
2016-11-15 21:09:27 +01:00
|
|
|
tt_int_op(ret, OP_EQ, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
done:
|
2017-04-11 19:46:41 +02:00
|
|
|
trn_cell_introduce1_free(cell);
|
2016-11-15 21:09:27 +01:00
|
|
|
tor_free(request);
|
|
|
|
hs_circuitmap_free_all();
|
|
|
|
UNMOCK(relay_send_command_from_edge_);
|
|
|
|
}
|
|
|
|
|
2016-09-05 18:03:30 +02:00
|
|
|
struct testcase_t hs_intropoint_tests[] = {
|
|
|
|
{ "intro_point_registration",
|
|
|
|
test_intro_point_registration, TT_FORK, NULL, NULL },
|
|
|
|
|
|
|
|
{ "receive_establish_intro_wrong_keytype",
|
|
|
|
test_establish_intro_wrong_keytype, TT_FORK, NULL, NULL },
|
|
|
|
|
|
|
|
{ "receive_establish_intro_wrong_keytype2",
|
|
|
|
test_establish_intro_wrong_keytype2, TT_FORK, NULL, NULL },
|
|
|
|
|
|
|
|
{ "receive_establish_intro_wrong_purpose",
|
|
|
|
test_establish_intro_wrong_purpose, TT_FORK, NULL, NULL },
|
|
|
|
|
|
|
|
{ "receive_establish_intro_wrong_sig",
|
|
|
|
test_establish_intro_wrong_sig, TT_FORK, NULL, NULL },
|
|
|
|
|
2017-01-10 15:24:21 +01:00
|
|
|
{ "receive_establish_intro_wrong_sig_len",
|
|
|
|
test_establish_intro_wrong_sig_len, TT_FORK, NULL, NULL },
|
|
|
|
|
|
|
|
{ "receive_establish_intro_wrong_auth_key_len",
|
|
|
|
test_establish_intro_wrong_auth_key_len, TT_FORK, NULL, NULL },
|
|
|
|
|
|
|
|
{ "receive_establish_intro_wrong_mac",
|
|
|
|
test_establish_intro_wrong_mac, TT_FORK, NULL, NULL },
|
|
|
|
|
2016-11-15 21:09:27 +01:00
|
|
|
{ "introduce1_suitable_circuit",
|
|
|
|
test_introduce1_suitable_circuit, TT_FORK, NULL, NULL },
|
|
|
|
|
|
|
|
{ "introduce1_is_legacy",
|
|
|
|
test_introduce1_is_legacy, TT_FORK, NULL, NULL },
|
|
|
|
|
|
|
|
{ "introduce1_validation",
|
|
|
|
test_introduce1_validation, TT_FORK, NULL, NULL },
|
|
|
|
|
|
|
|
{ "received_introduce1_handling",
|
|
|
|
test_received_introduce1_handling, TT_FORK, NULL, NULL },
|
|
|
|
|
2016-09-05 18:03:30 +02:00
|
|
|
END_OF_TESTCASES
|
|
|
|
};
|
|
|
|
|