mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-09-21 13:34:59 +02:00
test: HS v3 client authorization loading secret key
Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
parent
8e81fcd51a
commit
9c36219236
@ -1428,7 +1428,7 @@ client_service_authorization_free_all(void)
|
||||
|
||||
/* Check if the auth key file name is valid or not. Return 1 if valid,
|
||||
* otherwise return 0. */
|
||||
static int
|
||||
STATIC int
|
||||
auth_key_filename_is_valid(const char *filename)
|
||||
{
|
||||
int ret = 1;
|
||||
@ -1448,7 +1448,7 @@ auth_key_filename_is_valid(const char *filename)
|
||||
return ret;
|
||||
}
|
||||
|
||||
static hs_client_service_authorization_t *
|
||||
STATIC hs_client_service_authorization_t *
|
||||
parse_auth_file_content(const char *client_key_str)
|
||||
{
|
||||
char *onion_address = NULL;
|
||||
@ -1836,3 +1836,13 @@ hs_client_dir_info_changed(void)
|
||||
* AP_CONN_STATE_RENDDESC_WAIT state in order to fetch the descriptor. */
|
||||
retry_all_socks_conn_waiting_for_desc();
|
||||
}
|
||||
|
||||
#ifdef TOR_UNIT_TESTS
|
||||
|
||||
STATIC digest256map_t *
|
||||
get_hs_client_auths_map(void)
|
||||
{
|
||||
return client_auths;
|
||||
}
|
||||
|
||||
#endif /* defined(TOR_UNIT_TESTS) */
|
||||
|
@ -84,6 +84,11 @@ void hs_client_free_all(void);
|
||||
|
||||
#ifdef HS_CLIENT_PRIVATE
|
||||
|
||||
STATIC int auth_key_filename_is_valid(const char *filename);
|
||||
|
||||
STATIC hs_client_service_authorization_t *
|
||||
parse_auth_file_content(const char *client_key_str);
|
||||
|
||||
STATIC routerstatus_t *
|
||||
pick_hsdir_v3(const ed25519_public_key_t *onion_identity_pk);
|
||||
|
||||
@ -99,6 +104,12 @@ STATIC int handle_rendezvous2(origin_circuit_t *circ, const uint8_t *payload,
|
||||
MOCK_DECL(STATIC hs_client_fetch_status_t,
|
||||
fetch_v3_desc, (const ed25519_public_key_t *onion_identity_pk));
|
||||
|
||||
#ifdef TOR_UNIT_TESTS
|
||||
|
||||
STATIC digest256map_t *get_hs_client_auths_map(void);
|
||||
|
||||
#endif /* defined(TOR_UNIT_TESTS) */
|
||||
|
||||
#endif /* defined(HS_CLIENT_PRIVATE) */
|
||||
|
||||
#endif /* !defined(TOR_HS_CLIENT_H) */
|
||||
|
@ -6,6 +6,7 @@
|
||||
* \brief Test prop224 HS client functionality.
|
||||
*/
|
||||
|
||||
#define CONFIG_PRIVATE
|
||||
#define CRYPTO_PRIVATE
|
||||
#define MAIN_PRIVATE
|
||||
#define HS_CLIENT_PRIVATE
|
||||
@ -32,6 +33,7 @@
|
||||
#include "feature/hs/hs_circuit.h"
|
||||
#include "feature/hs/hs_circuitmap.h"
|
||||
#include "feature/hs/hs_client.h"
|
||||
#include "feature/hs/hs_config.h"
|
||||
#include "feature/hs/hs_ident.h"
|
||||
#include "feature/hs/hs_cache.h"
|
||||
#include "core/or/circuitlist.h"
|
||||
@ -73,6 +75,20 @@ mock_networkstatus_get_live_consensus(time_t now)
|
||||
return &mock_ns;
|
||||
}
|
||||
|
||||
static int
|
||||
helper_config_client(const char *conf, int validate_only)
|
||||
{
|
||||
int ret = 0;
|
||||
or_options_t *options = NULL;
|
||||
tt_assert(conf);
|
||||
options = helper_parse_options(conf);
|
||||
tt_assert(options);
|
||||
ret = hs_config_client_auth_all(options, validate_only);
|
||||
done:
|
||||
or_options_free(options);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Test helper function: Setup a circuit and a stream with the same hidden
|
||||
* service destination, and put them in <b>circ_out</b> and
|
||||
* <b>conn_out</b>. Make the stream wait for circuits to be established to the
|
||||
@ -601,6 +617,158 @@ test_descriptor_fetch(void *arg)
|
||||
hs_free_all();
|
||||
}
|
||||
|
||||
static void
|
||||
test_auth_key_filename_is_valid(void *arg)
|
||||
{
|
||||
(void) arg;
|
||||
|
||||
/* Valid file name. */
|
||||
tt_assert(auth_key_filename_is_valid("a.auth_private"));
|
||||
/* Valid file name with special character. */
|
||||
tt_assert(auth_key_filename_is_valid("a-.auth_private"));
|
||||
/* Invalid extension. */
|
||||
tt_assert(!auth_key_filename_is_valid("a.ath_private"));
|
||||
/* Nothing before the extension. */
|
||||
tt_assert(!auth_key_filename_is_valid(".auth_private"));
|
||||
|
||||
done:
|
||||
;
|
||||
}
|
||||
|
||||
static void
|
||||
test_parse_auth_file_content(void *arg)
|
||||
{
|
||||
hs_client_service_authorization_t *auth = NULL;
|
||||
|
||||
(void) arg;
|
||||
|
||||
/* Valid authorized client. */
|
||||
auth = parse_auth_file_content(
|
||||
"4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad:descriptor:"
|
||||
"x25519:zdsyvn2jq534ugyiuzgjy4267jbtzcjbsgedhshzx5mforyxtryq");
|
||||
tt_assert(auth);
|
||||
|
||||
/* Wrong number of fields. */
|
||||
tt_assert(!parse_auth_file_content("a:b"));
|
||||
/* Wrong auth type. */
|
||||
tt_assert(!parse_auth_file_content(
|
||||
"4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad:x:"
|
||||
"x25519:zdsyvn2jq534ugyiuzgjy4267jbtzcjbsgedhshzx5mforyxtryq"));
|
||||
/* Wrong key type. */
|
||||
tt_assert(!parse_auth_file_content(
|
||||
"4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad:descriptor:"
|
||||
"x:zdsyvn2jq534ugyiuzgjy4267jbtzcjbsgedhshzx5mforyxtryq"));
|
||||
/* Some malformed string. */
|
||||
tt_assert(!parse_auth_file_content("xx:descriptor:x25519:aa=="));
|
||||
|
||||
done:
|
||||
tor_free(auth);
|
||||
}
|
||||
|
||||
static char *
|
||||
mock_read_file_to_str(const char *filename, int flags, struct stat *stat_out)
|
||||
{
|
||||
char *ret = NULL;
|
||||
|
||||
(void) flags;
|
||||
(void) stat_out;
|
||||
|
||||
if (!strcmp(filename, get_fname("auth_keys" PATH_SEPARATOR
|
||||
"client1.auth_private"))) {
|
||||
ret = tor_strdup(
|
||||
"4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad:descriptor:"
|
||||
"x25519:zdsyvn2jq534ugyiuzgjy4267jbtzcjbsgedhshzx5mforyxtryq");
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (!strcmp(filename, get_fname("auth_keys" PATH_SEPARATOR "dummy.xxx"))) {
|
||||
ret = tor_strdup(
|
||||
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:descriptor:"
|
||||
"x25519:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (!strcmp(filename, get_fname("auth_keys" PATH_SEPARATOR
|
||||
"client2.auth_private"))) {
|
||||
ret = tor_strdup(
|
||||
"25njqamcweflpvkl73j4szahhihoc4xt3ktcgjnpaingr5yhkenl5sid:descriptor:"
|
||||
"x25519:fdreqzjqso7d2ac7qscrxfl5qfpamdvgy5d6cxejcgzc3hvhurmq");
|
||||
goto done;
|
||||
}
|
||||
|
||||
done:
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int
|
||||
mock_check_private_dir(const char *dirname, cpd_check_t check,
|
||||
const char *effective_user)
|
||||
{
|
||||
(void) dirname;
|
||||
(void) check;
|
||||
(void) effective_user;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static smartlist_t *
|
||||
mock_tor_listdir(const char *dirname)
|
||||
{
|
||||
smartlist_t *file_list = smartlist_new();
|
||||
|
||||
(void) dirname;
|
||||
|
||||
smartlist_add(file_list, tor_strdup("client1.auth_private"));
|
||||
smartlist_add(file_list, tor_strdup("dummy.xxx"));
|
||||
smartlist_add(file_list, tor_strdup("client2.auth_private"));
|
||||
|
||||
return file_list;
|
||||
}
|
||||
|
||||
static void
|
||||
test_config_client_authorization(void *arg)
|
||||
{
|
||||
int ret;
|
||||
char *conf = NULL;
|
||||
ed25519_public_key_t pk1, pk2;
|
||||
digest256map_t *global_map = NULL;
|
||||
char *key_dir = tor_strdup(get_fname("auth_keys"));
|
||||
|
||||
(void) arg;
|
||||
|
||||
MOCK(read_file_to_str, mock_read_file_to_str);
|
||||
MOCK(tor_listdir, mock_tor_listdir);
|
||||
MOCK(check_private_dir, mock_check_private_dir);
|
||||
|
||||
#define conf_fmt \
|
||||
"ClientOnionAuthDir %s\n"
|
||||
|
||||
tor_asprintf(&conf, conf_fmt, key_dir);
|
||||
ret = helper_config_client(conf, 0);
|
||||
tor_free(conf);
|
||||
tt_int_op(ret, OP_EQ, 0);
|
||||
|
||||
#undef conf_fmt
|
||||
|
||||
global_map = get_hs_client_auths_map();
|
||||
tt_int_op(digest256map_size(global_map), OP_EQ, 2);
|
||||
|
||||
hs_parse_address("4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad",
|
||||
&pk1, NULL, NULL);
|
||||
hs_parse_address("25njqamcweflpvkl73j4szahhihoc4xt3ktcgjnpaingr5yhkenl5sid",
|
||||
&pk2, NULL, NULL);
|
||||
|
||||
tt_assert(digest256map_get(global_map, pk1.pubkey));
|
||||
tt_assert(digest256map_get(global_map, pk2.pubkey));
|
||||
|
||||
done:
|
||||
tor_free(key_dir);
|
||||
hs_free_all();
|
||||
UNMOCK(read_file_to_str);
|
||||
UNMOCK(tor_listdir);
|
||||
UNMOCK(check_private_dir);
|
||||
}
|
||||
|
||||
struct testcase_t hs_client_tests[] = {
|
||||
{ "e2e_rend_circuit_setup_legacy", test_e2e_rend_circuit_setup_legacy,
|
||||
TT_FORK, NULL, NULL },
|
||||
@ -610,5 +778,11 @@ struct testcase_t hs_client_tests[] = {
|
||||
TT_FORK, NULL, NULL },
|
||||
{ "descriptor_fetch", test_descriptor_fetch,
|
||||
TT_FORK, NULL, NULL },
|
||||
{ "auth_key_filename_is_valid", test_auth_key_filename_is_valid, TT_FORK,
|
||||
NULL, NULL },
|
||||
{ "parse_auth_file_content", test_parse_auth_file_content, TT_FORK,
|
||||
NULL, NULL },
|
||||
{ "config_client_authorization", test_config_client_authorization,
|
||||
TT_FORK, NULL, NULL },
|
||||
END_OF_TESTCASES
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user