test_hs_descriptor.c 32 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020
  1. /* Copyright (c) 2016, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. /**
  4. * \file test_hs_descriptor.c
  5. * \brief Test hidden service descriptor encoding and decoding.
  6. */
  7. #define HS_DESCRIPTOR_PRIVATE
  8. #include "crypto_ed25519.h"
  9. #include "ed25519_cert.h"
  10. #include "or.h"
  11. #include "hs_descriptor.h"
  12. #include "test.h"
  13. #include "torcert.h"
  14. static hs_desc_intro_point_t *
  15. helper_build_intro_point(const ed25519_keypair_t *blinded_kp, time_t now,
  16. const char *addr, int legacy)
  17. {
  18. int ret;
  19. ed25519_keypair_t auth_kp;
  20. hs_desc_intro_point_t *intro_point = NULL;
  21. hs_desc_intro_point_t *ip = tor_malloc_zero(sizeof(*ip));
  22. ip->link_specifiers = smartlist_new();
  23. {
  24. hs_desc_link_specifier_t *ls = tor_malloc_zero(sizeof(*ls));
  25. if (legacy) {
  26. ls->type = LS_LEGACY_ID;
  27. memcpy(ls->u.legacy_id, "0299F268FCA9D55CD157976D39AE92B4B455B3A8",
  28. DIGEST_LEN);
  29. } else {
  30. ls->u.ap.port = 9001;
  31. int family = tor_addr_parse(&ls->u.ap.addr, addr);
  32. switch (family) {
  33. case AF_INET:
  34. ls->type = LS_IPV4;
  35. break;
  36. case AF_INET6:
  37. ls->type = LS_IPV6;
  38. break;
  39. default:
  40. /* Stop the test, not suppose to have an error. */
  41. tt_int_op(family, OP_EQ, AF_INET);
  42. }
  43. }
  44. smartlist_add(ip->link_specifiers, ls);
  45. }
  46. ret = ed25519_keypair_generate(&auth_kp, 0);
  47. tt_int_op(ret, ==, 0);
  48. ip->auth_key_cert = tor_cert_create(blinded_kp, CERT_TYPE_AUTH_HS_IP_KEY,
  49. &auth_kp.pubkey, now,
  50. HS_DESC_CERT_LIFETIME,
  51. CERT_FLAG_INCLUDE_SIGNING_KEY);
  52. tt_assert(ip->auth_key_cert);
  53. if (legacy) {
  54. ip->enc_key.legacy = crypto_pk_new();
  55. ip->enc_key_type = HS_DESC_KEY_TYPE_LEGACY;
  56. tt_assert(ip->enc_key.legacy);
  57. ret = crypto_pk_generate_key(ip->enc_key.legacy);
  58. tt_int_op(ret, ==, 0);
  59. } else {
  60. ret = curve25519_keypair_generate(&ip->enc_key.curve25519, 0);
  61. tt_int_op(ret, ==, 0);
  62. ip->enc_key_type = HS_DESC_KEY_TYPE_CURVE25519;
  63. }
  64. intro_point = ip;
  65. done:
  66. return intro_point;
  67. }
  68. /* Return a valid hs_descriptor_t object. If no_ip is set, no introduction
  69. * points are added. */
  70. static hs_descriptor_t *
  71. helper_build_hs_desc(unsigned int no_ip)
  72. {
  73. int ret;
  74. time_t now = time(NULL);
  75. hs_descriptor_t *descp = NULL, *desc = tor_malloc_zero(sizeof(*desc));
  76. desc->plaintext_data.version = HS_DESC_SUPPORTED_FORMAT_VERSION_MAX;
  77. ret = ed25519_keypair_generate(&desc->plaintext_data.signing_kp, 0);
  78. tt_int_op(ret, ==, 0);
  79. ret = ed25519_keypair_generate(&desc->plaintext_data.blinded_kp, 0);
  80. tt_int_op(ret, ==, 0);
  81. desc->plaintext_data.signing_key_cert =
  82. tor_cert_create(&desc->plaintext_data.blinded_kp,
  83. CERT_TYPE_SIGNING_HS_DESC,
  84. &desc->plaintext_data.signing_kp.pubkey, now,
  85. 3600,
  86. CERT_FLAG_INCLUDE_SIGNING_KEY);
  87. tt_assert(desc->plaintext_data.signing_key_cert);
  88. desc->plaintext_data.revision_counter = 42;
  89. desc->plaintext_data.lifetime_sec = 3 * 60 * 60;
  90. /* Setup encrypted data section. */
  91. desc->encrypted_data.create2_ntor = 1;
  92. desc->encrypted_data.auth_types = smartlist_new();
  93. desc->encrypted_data.single_onion_service = 1;
  94. smartlist_add(desc->encrypted_data.auth_types, tor_strdup("ed25519"));
  95. desc->encrypted_data.intro_points = smartlist_new();
  96. if (!no_ip) {
  97. /* Add four intro points. */
  98. smartlist_add(desc->encrypted_data.intro_points,
  99. helper_build_intro_point(&desc->plaintext_data.blinded_kp, now,
  100. "1.2.3.4", 0));
  101. smartlist_add(desc->encrypted_data.intro_points,
  102. helper_build_intro_point(&desc->plaintext_data.blinded_kp, now,
  103. "[2600::1]", 0));
  104. smartlist_add(desc->encrypted_data.intro_points,
  105. helper_build_intro_point(&desc->plaintext_data.blinded_kp, now,
  106. "3.2.1.4", 1));
  107. smartlist_add(desc->encrypted_data.intro_points,
  108. helper_build_intro_point(&desc->plaintext_data.blinded_kp, now,
  109. "", 1));
  110. }
  111. descp = desc;
  112. done:
  113. return descp;
  114. }
  115. static void
  116. helper_compare_hs_desc(const hs_descriptor_t *desc1,
  117. const hs_descriptor_t *desc2)
  118. {
  119. /* Plaintext data section. */
  120. tt_int_op(desc1->plaintext_data.version, OP_EQ,
  121. desc2->plaintext_data.version);
  122. tt_uint_op(desc1->plaintext_data.lifetime_sec, OP_EQ,
  123. desc2->plaintext_data.lifetime_sec);
  124. tt_assert(tor_cert_eq(desc1->plaintext_data.signing_key_cert,
  125. desc2->plaintext_data.signing_key_cert));
  126. tt_mem_op(desc1->plaintext_data.signing_kp.pubkey.pubkey, OP_EQ,
  127. desc2->plaintext_data.signing_kp.pubkey.pubkey,
  128. ED25519_PUBKEY_LEN);
  129. tt_mem_op(desc1->plaintext_data.blinded_kp.pubkey.pubkey, OP_EQ,
  130. desc2->plaintext_data.blinded_kp.pubkey.pubkey,
  131. ED25519_PUBKEY_LEN);
  132. tt_u64_op(desc1->plaintext_data.revision_counter, ==,
  133. desc2->plaintext_data.revision_counter);
  134. /* NOTE: We can't compare the encrypted blob because when encoding the
  135. * descriptor, the object is immutable thus we don't update it with the
  136. * encrypted blob. As contrast to the decoding process where we populate a
  137. * descriptor object. */
  138. /* Encrypted data section. */
  139. tt_uint_op(desc1->encrypted_data.create2_ntor, ==,
  140. desc2->encrypted_data.create2_ntor);
  141. /* Authentication type. */
  142. tt_int_op(!!desc1->encrypted_data.auth_types, ==,
  143. !!desc2->encrypted_data.auth_types);
  144. if (desc1->encrypted_data.auth_types && desc2->encrypted_data.auth_types) {
  145. tt_int_op(smartlist_len(desc1->encrypted_data.auth_types), ==,
  146. smartlist_len(desc2->encrypted_data.auth_types));
  147. for (int i = 0; i < smartlist_len(desc1->encrypted_data.auth_types); i++) {
  148. tt_str_op(smartlist_get(desc1->encrypted_data.auth_types, i), OP_EQ,
  149. smartlist_get(desc2->encrypted_data.auth_types, i));
  150. }
  151. }
  152. /* Introduction points. */
  153. {
  154. tt_assert(desc1->encrypted_data.intro_points);
  155. tt_assert(desc2->encrypted_data.intro_points);
  156. tt_int_op(smartlist_len(desc1->encrypted_data.intro_points), ==,
  157. smartlist_len(desc2->encrypted_data.intro_points));
  158. for (int i=0; i < smartlist_len(desc1->encrypted_data.intro_points); i++) {
  159. hs_desc_intro_point_t *ip1 = smartlist_get(desc1->encrypted_data
  160. .intro_points, i),
  161. *ip2 = smartlist_get(desc2->encrypted_data
  162. .intro_points, i);
  163. tt_assert(tor_cert_eq(ip1->auth_key_cert, ip2->auth_key_cert));
  164. tt_int_op(ip1->enc_key_type, OP_EQ, ip2->enc_key_type);
  165. tt_assert(ip1->enc_key_type == HS_DESC_KEY_TYPE_LEGACY ||
  166. ip1->enc_key_type == HS_DESC_KEY_TYPE_CURVE25519);
  167. switch (ip1->enc_key_type) {
  168. case HS_DESC_KEY_TYPE_LEGACY:
  169. tt_int_op(crypto_pk_cmp_keys(ip1->enc_key.legacy, ip2->enc_key.legacy),
  170. OP_EQ, 0);
  171. break;
  172. case HS_DESC_KEY_TYPE_CURVE25519:
  173. tt_mem_op(ip1->enc_key.curve25519.pubkey.public_key, OP_EQ,
  174. ip2->enc_key.curve25519.pubkey.public_key,
  175. CURVE25519_PUBKEY_LEN);
  176. break;
  177. }
  178. tt_int_op(smartlist_len(ip1->link_specifiers), ==,
  179. smartlist_len(ip2->link_specifiers));
  180. for (int j = 0; j < smartlist_len(ip1->link_specifiers); j++) {
  181. hs_desc_link_specifier_t *ls1 = smartlist_get(ip1->link_specifiers, j),
  182. *ls2 = smartlist_get(ip2->link_specifiers, j);
  183. tt_int_op(ls1->type, ==, ls2->type);
  184. switch (ls1->type) {
  185. case LS_IPV4:
  186. case LS_IPV6:
  187. {
  188. char *addr1 = tor_addr_to_str_dup(&ls1->u.ap.addr),
  189. *addr2 = tor_addr_to_str_dup(&ls2->u.ap.addr);
  190. tt_str_op(addr1, OP_EQ, addr2);
  191. tor_free(addr1);
  192. tor_free(addr2);
  193. tt_int_op(ls1->u.ap.port, ==, ls2->u.ap.port);
  194. }
  195. break;
  196. case LS_LEGACY_ID:
  197. tt_mem_op(ls1->u.legacy_id, OP_EQ, ls2->u.legacy_id,
  198. sizeof(ls1->u.legacy_id));
  199. break;
  200. default:
  201. /* Unknown type, caught it and print its value. */
  202. tt_int_op(ls1->type, OP_EQ, -1);
  203. }
  204. }
  205. }
  206. }
  207. done:
  208. ;
  209. }
  210. /* Test certificate encoding put in a descriptor. */
  211. static void
  212. test_cert_encoding(void *arg)
  213. {
  214. int ret;
  215. char *encoded = NULL;
  216. time_t now = time(NULL);
  217. ed25519_keypair_t kp;
  218. ed25519_public_key_t signed_key;
  219. ed25519_secret_key_t secret_key;
  220. tor_cert_t *cert = NULL;
  221. (void) arg;
  222. ret = ed25519_keypair_generate(&kp, 0);
  223. tt_int_op(ret, == , 0);
  224. ret = ed25519_secret_key_generate(&secret_key, 0);
  225. tt_int_op(ret, == , 0);
  226. ret = ed25519_public_key_generate(&signed_key, &secret_key);
  227. tt_int_op(ret, == , 0);
  228. cert = tor_cert_create(&kp, CERT_TYPE_SIGNING_AUTH, &signed_key,
  229. now, 3600 * 2, CERT_FLAG_INCLUDE_SIGNING_KEY);
  230. tt_assert(cert);
  231. /* Test the certificate encoding function. */
  232. ret = encode_cert(cert, &encoded);
  233. tt_int_op(ret, ==, 0);
  234. /* Validated the certificate string. */
  235. {
  236. char *end, *pos = encoded;
  237. char *b64_cert, buf[256];
  238. size_t b64_cert_len;
  239. tor_cert_t *parsed_cert;
  240. tt_int_op(strcmpstart(pos, "-----BEGIN ED25519 CERT-----\n"), ==, 0);
  241. pos += strlen("-----BEGIN ED25519 CERT-----\n");
  242. /* Isolate the base64 encoded certificate and try to decode it. */
  243. end = strstr(pos, "-----END ED25519 CERT-----");
  244. tt_assert(end);
  245. b64_cert = pos;
  246. b64_cert_len = end - pos;
  247. ret = base64_decode(buf, sizeof(buf), b64_cert, b64_cert_len);
  248. tt_int_op(ret, >, 0);
  249. /* Parseable? */
  250. parsed_cert = tor_cert_parse((uint8_t *) buf, ret);
  251. tt_assert(parsed_cert);
  252. /* Signature is valid? */
  253. ret = tor_cert_checksig(parsed_cert, &kp.pubkey, now + 10);
  254. tt_int_op(ret, ==, 0);
  255. ret = tor_cert_eq(cert, parsed_cert);
  256. tt_int_op(ret, ==, 1);
  257. /* The cert did have the signing key? */
  258. ret= ed25519_pubkey_eq(&parsed_cert->signing_key, &kp.pubkey);
  259. tt_int_op(ret, ==, 1);
  260. tor_cert_free(parsed_cert);
  261. /* Get to the end part of the certificate. */
  262. pos += b64_cert_len;
  263. tt_int_op(strcmpstart(pos, "-----END ED25519 CERT-----"), ==, 0);
  264. pos += strlen("-----END ED25519 CERT-----");
  265. }
  266. done:
  267. tor_cert_free(cert);
  268. tor_free(encoded);
  269. }
  270. /* Test the descriptor padding. */
  271. static void
  272. test_descriptor_padding(void *arg)
  273. {
  274. char *plaintext;
  275. size_t plaintext_len, padded_len;
  276. uint8_t *padded_plaintext = NULL;
  277. /* Example: if l = 129, the ceiled division gives 2 and then multiplied by 128
  278. * to give 256. With l = 127, ceiled division gives 1 then times 128. */
  279. #define PADDING_EXPECTED_LEN(l) \
  280. CEIL_DIV(l, HS_DESC_PLAINTEXT_PADDING_MULTIPLE) * \
  281. HS_DESC_PLAINTEXT_PADDING_MULTIPLE
  282. (void) arg;
  283. { /* test #1: no padding */
  284. plaintext_len = HS_DESC_PLAINTEXT_PADDING_MULTIPLE;
  285. plaintext = tor_malloc(plaintext_len);
  286. padded_len = build_plaintext_padding(plaintext, plaintext_len,
  287. &padded_plaintext);
  288. tt_assert(padded_plaintext);
  289. tor_free(plaintext);
  290. /* Make sure our padding has been zeroed. */
  291. tt_int_op(tor_mem_is_zero((char *) padded_plaintext + plaintext_len,
  292. padded_len - plaintext_len), OP_EQ, 1);
  293. tor_free(padded_plaintext);
  294. /* Never never have a padded length smaller than the plaintext. */
  295. tt_int_op(padded_len, OP_GE, plaintext_len);
  296. tt_int_op(padded_len, OP_EQ, PADDING_EXPECTED_LEN(plaintext_len));
  297. }
  298. { /* test #2: one byte padding? */
  299. plaintext_len = HS_DESC_PLAINTEXT_PADDING_MULTIPLE - 1;
  300. plaintext = tor_malloc(plaintext_len);
  301. padded_plaintext = NULL;
  302. padded_len = build_plaintext_padding(plaintext, plaintext_len,
  303. &padded_plaintext);
  304. tt_assert(padded_plaintext);
  305. tor_free(plaintext);
  306. /* Make sure our padding has been zeroed. */
  307. tt_int_op(tor_mem_is_zero((char *) padded_plaintext + plaintext_len,
  308. padded_len - plaintext_len), OP_EQ, 1);
  309. tor_free(padded_plaintext);
  310. /* Never never have a padded length smaller than the plaintext. */
  311. tt_int_op(padded_len, OP_GE, plaintext_len);
  312. tt_int_op(padded_len, OP_EQ, PADDING_EXPECTED_LEN(plaintext_len));
  313. }
  314. { /* test #3: Lots more bytes of padding? */
  315. plaintext_len = HS_DESC_PLAINTEXT_PADDING_MULTIPLE + 1;
  316. plaintext = tor_malloc(plaintext_len);
  317. padded_plaintext = NULL;
  318. padded_len = build_plaintext_padding(plaintext, plaintext_len,
  319. &padded_plaintext);
  320. tt_assert(padded_plaintext);
  321. tor_free(plaintext);
  322. /* Make sure our padding has been zeroed. */
  323. tt_int_op(tor_mem_is_zero((char *) padded_plaintext + plaintext_len,
  324. padded_len - plaintext_len), OP_EQ, 1);
  325. tor_free(padded_plaintext);
  326. /* Never never have a padded length smaller than the plaintext. */
  327. tt_int_op(padded_len, OP_GE, plaintext_len);
  328. tt_int_op(padded_len, OP_EQ, PADDING_EXPECTED_LEN(plaintext_len));
  329. }
  330. done:
  331. return;
  332. }
  333. static void
  334. test_link_specifier(void *arg)
  335. {
  336. ssize_t ret;
  337. hs_desc_link_specifier_t spec;
  338. smartlist_t *link_specifiers = smartlist_new();
  339. (void) arg;
  340. /* Always this port. */
  341. spec.u.ap.port = 42;
  342. smartlist_add(link_specifiers, &spec);
  343. /* Test IPv4 for starter. */
  344. {
  345. char *b64, buf[256];
  346. uint32_t ipv4;
  347. link_specifier_t *ls;
  348. spec.type = LS_IPV4;
  349. ret = tor_addr_parse(&spec.u.ap.addr, "1.2.3.4");
  350. tt_int_op(ret, ==, AF_INET);
  351. b64 = encode_link_specifiers(link_specifiers);
  352. tt_assert(b64);
  353. /* Decode it and validate the format. */
  354. ret = base64_decode(buf, sizeof(buf), b64, strlen(b64));
  355. tt_int_op(ret, >, 0);
  356. /* First byte is the number of link specifier. */
  357. tt_int_op(get_uint8(buf), ==, 1);
  358. ret = link_specifier_parse(&ls, (uint8_t *) buf + 1, ret - 1);
  359. tt_int_op(ret, ==, 8);
  360. /* Should be 2 bytes for port and 4 bytes for IPv4. */
  361. tt_int_op(link_specifier_get_ls_len(ls), ==, 6);
  362. ipv4 = link_specifier_get_un_ipv4_addr(ls);
  363. tt_int_op(tor_addr_to_ipv4h(&spec.u.ap.addr), ==, ipv4);
  364. tt_int_op(link_specifier_get_un_ipv4_port(ls), ==, spec.u.ap.port);
  365. link_specifier_free(ls);
  366. tor_free(b64);
  367. }
  368. /* Test IPv6. */
  369. {
  370. char *b64, buf[256];
  371. uint8_t ipv6[16];
  372. link_specifier_t *ls;
  373. spec.type = LS_IPV6;
  374. ret = tor_addr_parse(&spec.u.ap.addr, "[1:2:3:4::]");
  375. tt_int_op(ret, ==, AF_INET6);
  376. b64 = encode_link_specifiers(link_specifiers);
  377. tt_assert(b64);
  378. /* Decode it and validate the format. */
  379. ret = base64_decode(buf, sizeof(buf), b64, strlen(b64));
  380. tt_int_op(ret, >, 0);
  381. /* First byte is the number of link specifier. */
  382. tt_int_op(get_uint8(buf), ==, 1);
  383. ret = link_specifier_parse(&ls, (uint8_t *) buf + 1, ret - 1);
  384. tt_int_op(ret, ==, 20);
  385. /* Should be 2 bytes for port and 16 bytes for IPv6. */
  386. tt_int_op(link_specifier_get_ls_len(ls), ==, 18);
  387. for (unsigned int i = 0; i < sizeof(ipv6); i++) {
  388. ipv6[i] = link_specifier_get_un_ipv6_addr(ls, i);
  389. }
  390. tt_mem_op(tor_addr_to_in6_addr8(&spec.u.ap.addr), ==, ipv6, sizeof(ipv6));
  391. tt_int_op(link_specifier_get_un_ipv6_port(ls), ==, spec.u.ap.port);
  392. link_specifier_free(ls);
  393. tor_free(b64);
  394. }
  395. /* Test legacy. */
  396. {
  397. char *b64, buf[256];
  398. uint8_t *id;
  399. link_specifier_t *ls;
  400. spec.type = LS_LEGACY_ID;
  401. memset(spec.u.legacy_id, 'Y', sizeof(spec.u.legacy_id));
  402. b64 = encode_link_specifiers(link_specifiers);
  403. tt_assert(b64);
  404. /* Decode it and validate the format. */
  405. ret = base64_decode(buf, sizeof(buf), b64, strlen(b64));
  406. tt_int_op(ret, >, 0);
  407. /* First byte is the number of link specifier. */
  408. tt_int_op(get_uint8(buf), ==, 1);
  409. ret = link_specifier_parse(&ls, (uint8_t *) buf + 1, ret - 1);
  410. /* 20 bytes digest + 1 byte type + 1 byte len. */
  411. tt_int_op(ret, ==, 22);
  412. tt_int_op(link_specifier_getlen_un_legacy_id(ls), OP_EQ, DIGEST_LEN);
  413. /* Digest length is 20 bytes. */
  414. tt_int_op(link_specifier_get_ls_len(ls), OP_EQ, DIGEST_LEN);
  415. id = link_specifier_getarray_un_legacy_id(ls);
  416. tt_mem_op(spec.u.legacy_id, OP_EQ, id, DIGEST_LEN);
  417. link_specifier_free(ls);
  418. tor_free(b64);
  419. }
  420. done:
  421. smartlist_free(link_specifiers);
  422. }
  423. static void
  424. test_encode_descriptor(void *arg)
  425. {
  426. int ret;
  427. char *encoded = NULL;
  428. hs_descriptor_t *desc = helper_build_hs_desc(0);
  429. (void) arg;
  430. ret = hs_desc_encode_descriptor(desc, &encoded);
  431. tt_int_op(ret, ==, 0);
  432. tt_assert(encoded);
  433. done:
  434. hs_descriptor_free(desc);
  435. tor_free(encoded);
  436. }
  437. static void
  438. test_decode_descriptor(void *arg)
  439. {
  440. int ret;
  441. char *encoded = NULL;
  442. hs_descriptor_t *desc = helper_build_hs_desc(0);
  443. hs_descriptor_t *decoded = NULL;
  444. hs_descriptor_t *desc_no_ip = NULL;
  445. (void) arg;
  446. /* Give some bad stuff to the decoding function. */
  447. ret = hs_desc_decode_descriptor("hladfjlkjadf", NULL, &decoded);
  448. tt_int_op(ret, OP_EQ, -1);
  449. ret = hs_desc_encode_descriptor(desc, &encoded);
  450. tt_int_op(ret, ==, 0);
  451. tt_assert(encoded);
  452. ret = hs_desc_decode_descriptor(encoded, NULL, &decoded);
  453. tt_int_op(ret, ==, 0);
  454. tt_assert(decoded);
  455. helper_compare_hs_desc(desc, decoded);
  456. /* Decode a descriptor with _no_ introduction points. */
  457. {
  458. desc_no_ip = helper_build_hs_desc(1);
  459. tt_assert(desc_no_ip);
  460. tor_free(encoded);
  461. ret = hs_desc_encode_descriptor(desc_no_ip, &encoded);
  462. tt_int_op(ret, ==, 0);
  463. tt_assert(encoded);
  464. hs_descriptor_free(decoded);
  465. ret = hs_desc_decode_descriptor(encoded, NULL, &decoded);
  466. tt_int_op(ret, ==, 0);
  467. tt_assert(decoded);
  468. }
  469. done:
  470. hs_descriptor_free(desc);
  471. hs_descriptor_free(desc_no_ip);
  472. hs_descriptor_free(decoded);
  473. tor_free(encoded);
  474. }
  475. static void
  476. test_supported_version(void *arg)
  477. {
  478. int ret;
  479. (void) arg;
  480. /* Unsupported. */
  481. ret = hs_desc_is_supported_version(42);
  482. tt_int_op(ret, OP_EQ, 0);
  483. /* To early. */
  484. ret = hs_desc_is_supported_version(HS_DESC_SUPPORTED_FORMAT_VERSION_MIN - 1);
  485. tt_int_op(ret, OP_EQ, 0);
  486. /* One too new. */
  487. ret = hs_desc_is_supported_version(HS_DESC_SUPPORTED_FORMAT_VERSION_MAX + 1);
  488. tt_int_op(ret, OP_EQ, 0);
  489. /* Valid version. */
  490. ret = hs_desc_is_supported_version(3);
  491. tt_int_op(ret, OP_EQ, 1);
  492. done:
  493. ;
  494. }
  495. static void
  496. test_encrypted_data_len(void *arg)
  497. {
  498. int ret;
  499. size_t value;
  500. (void) arg;
  501. /* No length, error. */
  502. ret = encrypted_data_length_is_valid(0);
  503. tt_int_op(ret, OP_EQ, 0);
  504. /* Not a multiple of our encryption algorithm (thus no padding). It's
  505. * suppose to be aligned on HS_DESC_PLAINTEXT_PADDING_MULTIPLE. */
  506. value = HS_DESC_PLAINTEXT_PADDING_MULTIPLE * 10 - 1;
  507. ret = encrypted_data_length_is_valid(value);
  508. tt_int_op(ret, OP_EQ, 0);
  509. /* Valid value. */
  510. value = HS_DESC_PADDED_PLAINTEXT_MAX_LEN + HS_DESC_ENCRYPTED_SALT_LEN +
  511. DIGEST256_LEN;
  512. ret = encrypted_data_length_is_valid(value);
  513. tt_int_op(ret, OP_EQ, 1);
  514. /* XXX: Test maximum possible size. */
  515. done:
  516. ;
  517. }
  518. static void
  519. test_decode_intro_point(void *arg)
  520. {
  521. int ret;
  522. char *encoded_ip = NULL;
  523. size_t len_out;
  524. hs_desc_intro_point_t *ip = NULL;
  525. hs_descriptor_t *desc = NULL;
  526. (void) arg;
  527. /* The following certificate expires in 2036. After that, one of the test
  528. * will fail because of the expiry time. */
  529. /* Seperate pieces of a valid encoded introduction point. */
  530. const char *intro_point =
  531. "introduction-point AQIUMDI5OUYyNjhGQ0E5RDU1Q0QxNTc=";
  532. const char *auth_key =
  533. "auth-key\n"
  534. "-----BEGIN ED25519 CERT-----\n"
  535. "AQkACOhAAQW8ltYZMIWpyrfyE/b4Iyi8CNybCwYs6ADk7XfBaxsFAQAgBAD3/BE4\n"
  536. "XojGE/N2bW/wgnS9r2qlrkydGyuCKIGayYx3haZ39LD4ZTmSMRxwmplMAqzG/XNP\n"
  537. "0Kkpg4p2/VnLFJRdU1SMFo1lgQ4P0bqw7Tgx200fulZ4KUM5z5V7m+a/mgY=\n"
  538. "-----END ED25519 CERT-----";
  539. const char *enc_key =
  540. "enc-key ntor bpZKLsuhxP6woDQ3yVyjm5gUKSk7RjfAijT2qrzbQk0=";
  541. const char *enc_key_legacy =
  542. "enc-key legacy\n"
  543. "-----BEGIN RSA PUBLIC KEY-----\n"
  544. "MIGJAoGBAO4bATcW8kW4h6RQQAKEgg+aXCpF4JwbcO6vGZtzXTDB+HdPVQzwqkbh\n"
  545. "XzFM6VGArhYw4m31wcP1Z7IwULir7UMnAFd7Zi62aYfU6l+Y1yAoZ1wzu1XBaAMK\n"
  546. "ejpwQinW9nzJn7c2f69fVke3pkhxpNdUZ+vplSA/l9iY+y+v+415AgMBAAE=\n"
  547. "-----END RSA PUBLIC KEY-----";
  548. const char *enc_key_cert =
  549. "enc-key-certification\n"
  550. "-----BEGIN ED25519 CERT-----\n"
  551. "AQsACOhZAUpNvCZ1aJaaR49lS6MCdsVkhVGVrRqoj0Y2T4SzroAtAQAgBABFOcGg\n"
  552. "lbTt1DF5nKTE/gU3Fr8ZtlCIOhu1A+F5LM7fqCUupfesg0KTHwyIZOYQbJuM5/he\n"
  553. "/jDNyLy9woPJdjkxywaY2RPUxGjLYtMQV0E8PUxWyICV+7y52fTCYaKpYQw=\n"
  554. "-----END ED25519 CERT-----";
  555. const char *enc_key_cert_legacy =
  556. "enc-key-certification\n"
  557. "-----BEGIN CROSSCERT-----\n"
  558. "Sk28JnVolppHj2VLowJ2xWSFUZWtGqiPRjZPhLOugC0ACOhZgFPA5egeRDUXMM1U\n"
  559. "Fn3c7Je0gJS6mVma5FzwlgwggeriF13UZcaT71vEAN/ZJXbxOfQVGMZ0rXuFpjUq\n"
  560. "C8CvqmZIwEUaPE1nDFtmnTcucvNS1YQl9nsjH3ejbxc+4yqps/cXh46FmXsm5yz7\n"
  561. "NZjBM9U1fbJhlNtOvrkf70K8bLk6\n"
  562. "-----END CROSSCERT-----";
  563. (void) enc_key_legacy;
  564. (void) enc_key_cert_legacy;
  565. /* Start by testing the "decode all intro points" function. */
  566. {
  567. char *line;
  568. desc = helper_build_hs_desc(0);
  569. tt_assert(desc);
  570. /* Only try to decode an incomplete introduction point section. */
  571. tor_asprintf(&line, "\n%s", intro_point);
  572. ret = decode_intro_points(desc, &desc->encrypted_data, line);
  573. tor_free(line);
  574. tt_int_op(ret, ==, -1);
  575. /* Decode one complete intro point. */
  576. smartlist_t *lines = smartlist_new();
  577. smartlist_add(lines, (char *) intro_point);
  578. smartlist_add(lines, (char *) auth_key);
  579. smartlist_add(lines, (char *) enc_key);
  580. smartlist_add(lines, (char *) enc_key_cert);
  581. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  582. tt_assert(encoded_ip);
  583. tor_asprintf(&line, "\n%s", encoded_ip);
  584. tor_free(encoded_ip);
  585. ret = decode_intro_points(desc, &desc->encrypted_data, line);
  586. tor_free(line);
  587. smartlist_free(lines);
  588. tt_int_op(ret, ==, 0);
  589. }
  590. /* Try to decode a junk string. */
  591. {
  592. hs_descriptor_free(desc);
  593. desc = helper_build_hs_desc(0);
  594. const char *junk = "this is not a descriptor";
  595. ip = decode_introduction_point(desc, junk);
  596. tt_assert(!ip);
  597. desc_intro_point_free(ip);
  598. ip = NULL;
  599. }
  600. /* Invalid link specifiers. */
  601. {
  602. smartlist_t *lines = smartlist_new();
  603. const char *bad_line = "introduction-point blah";
  604. smartlist_add(lines, (char *) bad_line);
  605. smartlist_add(lines, (char *) auth_key);
  606. smartlist_add(lines, (char *) enc_key);
  607. smartlist_add(lines, (char *) enc_key_cert);
  608. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  609. tt_assert(encoded_ip);
  610. ip = decode_introduction_point(desc, encoded_ip);
  611. tt_assert(!ip);
  612. tor_free(encoded_ip);
  613. smartlist_free(lines);
  614. desc_intro_point_free(ip);
  615. ip = NULL;
  616. }
  617. /* Invalid auth key type. */
  618. {
  619. smartlist_t *lines = smartlist_new();
  620. /* Try to put a valid object that our tokenize function will be able to
  621. * parse but that has nothing to do with the auth_key. */
  622. const char *bad_line =
  623. "auth-key\n"
  624. "-----BEGIN UNICORN CERT-----\n"
  625. "MIGJAoGBAO4bATcW8kW4h6RQQAKEgg+aXCpF4JwbcO6vGZtzXTDB+HdPVQzwqkbh\n"
  626. "XzFM6VGArhYw4m31wcP1Z7IwULir7UMnAFd7Zi62aYfU6l+Y1yAoZ1wzu1XBaAMK\n"
  627. "ejpwQinW9nzJn7c2f69fVke3pkhxpNdUZ+vplSA/l9iY+y+v+415AgMBAAE=\n"
  628. "-----END UNICORN CERT-----";
  629. /* Build intro point text. */
  630. smartlist_add(lines, (char *) intro_point);
  631. smartlist_add(lines, (char *) bad_line);
  632. smartlist_add(lines, (char *) enc_key);
  633. smartlist_add(lines, (char *) enc_key_cert);
  634. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  635. tt_assert(encoded_ip);
  636. ip = decode_introduction_point(desc, encoded_ip);
  637. tt_assert(!ip);
  638. tor_free(encoded_ip);
  639. smartlist_free(lines);
  640. }
  641. /* Invalid enc-key. */
  642. {
  643. smartlist_t *lines = smartlist_new();
  644. const char *bad_line =
  645. "enc-key unicorn bpZKLsuhxP6woDQ3yVyjm5gUKSk7RjfAijT2qrzbQk0=";
  646. /* Build intro point text. */
  647. smartlist_add(lines, (char *) intro_point);
  648. smartlist_add(lines, (char *) auth_key);
  649. smartlist_add(lines, (char *) bad_line);
  650. smartlist_add(lines, (char *) enc_key_cert);
  651. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  652. tt_assert(encoded_ip);
  653. ip = decode_introduction_point(desc, encoded_ip);
  654. tt_assert(!ip);
  655. tor_free(encoded_ip);
  656. smartlist_free(lines);
  657. }
  658. /* Invalid enc-key object. */
  659. {
  660. smartlist_t *lines = smartlist_new();
  661. const char *bad_line = "enc-key ntor";
  662. /* Build intro point text. */
  663. smartlist_add(lines, (char *) intro_point);
  664. smartlist_add(lines, (char *) auth_key);
  665. smartlist_add(lines, (char *) bad_line);
  666. smartlist_add(lines, (char *) enc_key_cert);
  667. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  668. tt_assert(encoded_ip);
  669. ip = decode_introduction_point(desc, encoded_ip);
  670. tt_assert(!ip);
  671. tor_free(encoded_ip);
  672. smartlist_free(lines);
  673. }
  674. /* Invalid enc-key base64 curv25519 key. */
  675. {
  676. smartlist_t *lines = smartlist_new();
  677. const char *bad_line = "enc-key ntor blah===";
  678. /* Build intro point text. */
  679. smartlist_add(lines, (char *) intro_point);
  680. smartlist_add(lines, (char *) auth_key);
  681. smartlist_add(lines, (char *) bad_line);
  682. smartlist_add(lines, (char *) enc_key_cert);
  683. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  684. tt_assert(encoded_ip);
  685. ip = decode_introduction_point(desc, encoded_ip);
  686. tt_assert(!ip);
  687. tor_free(encoded_ip);
  688. smartlist_free(lines);
  689. }
  690. /* Invalid enc-key invalid legacy. */
  691. {
  692. smartlist_t *lines = smartlist_new();
  693. const char *bad_line = "enc-key legacy blah===";
  694. /* Build intro point text. */
  695. smartlist_add(lines, (char *) intro_point);
  696. smartlist_add(lines, (char *) auth_key);
  697. smartlist_add(lines, (char *) bad_line);
  698. smartlist_add(lines, (char *) enc_key_cert);
  699. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  700. tt_assert(encoded_ip);
  701. ip = decode_introduction_point(desc, encoded_ip);
  702. tt_assert(!ip);
  703. tor_free(encoded_ip);
  704. smartlist_free(lines);
  705. }
  706. /* Valid object. */
  707. {
  708. smartlist_t *lines = smartlist_new();
  709. /* Build intro point text. */
  710. smartlist_add(lines, (char *) intro_point);
  711. smartlist_add(lines, (char *) auth_key);
  712. smartlist_add(lines, (char *) enc_key);
  713. smartlist_add(lines, (char *) enc_key_cert);
  714. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  715. tt_assert(encoded_ip);
  716. ip = decode_introduction_point(desc, encoded_ip);
  717. tt_assert(ip);
  718. tor_free(encoded_ip);
  719. smartlist_free(lines);
  720. }
  721. done:
  722. hs_descriptor_free(desc);
  723. desc_intro_point_free(ip);
  724. }
  725. static void
  726. test_decode_plaintext(void *arg)
  727. {
  728. int ret;
  729. hs_desc_plaintext_data_t desc_plaintext;
  730. const char *bad_value = "unicorn";
  731. (void) arg;
  732. #define template \
  733. "hs-descriptor %s\n" \
  734. "descriptor-lifetime %s\n" \
  735. "descriptor-signing-key-cert\n" \
  736. "-----BEGIN ED25519 CERT-----\n" \
  737. "AQgABjvPAQaG3g+dc6oV/oJV4ODAtkvx56uBnPtBT9mYVuHVOhn7AQAgBABUg3mQ\n" \
  738. "myBr4bu5LCr53wUEbW2EXui01CbUgU7pfo9LvJG3AcXRojj6HlfsUs9BkzYzYdjF\n" \
  739. "A69Apikgu0ewHYkFFASt7Il+gB3w6J8YstQJZT7dtbtl+doM7ug8B68Qdg8=\n" \
  740. "-----END ED25519 CERT-----\n" \
  741. "revision-counter %s\n" \
  742. "encrypted\n" \
  743. "-----BEGIN %s-----\n" \
  744. "UNICORN\n" \
  745. "-----END MESSAGE-----\n" \
  746. "signature m20WJH5agqvwhq7QeuEZ1mYyPWQDO+eJOZUjLhAiKu8DbL17DsDfJE6kXbWy" \
  747. "HimbNj2we0enV3cCOOAsmPOaAw\n"
  748. /* Invalid version. */
  749. {
  750. char *plaintext;
  751. tor_asprintf(&plaintext, template, bad_value, "180", "42", "MESSAGE");
  752. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  753. tor_free(plaintext);
  754. tt_int_op(ret, OP_EQ, -1);
  755. }
  756. /* Missing fields. */
  757. {
  758. const char *plaintext = "hs-descriptor 3\n";
  759. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  760. tt_int_op(ret, OP_EQ, -1);
  761. }
  762. /* Max length. */
  763. {
  764. size_t big = 64000;
  765. /* Must always be bigger than HS_DESC_MAX_LEN. */
  766. tt_int_op(HS_DESC_MAX_LEN, <, big);
  767. char *plaintext = tor_malloc_zero(big);
  768. memset(plaintext, 'a', big);
  769. plaintext[big - 1] = '\0';
  770. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  771. tor_free(plaintext);
  772. tt_int_op(ret, OP_EQ, -1);
  773. }
  774. /* Bad lifetime value. */
  775. {
  776. char *plaintext;
  777. tor_asprintf(&plaintext, template, "3", bad_value, "42", "MESSAGE");
  778. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  779. tor_free(plaintext);
  780. tt_int_op(ret, OP_EQ, -1);
  781. }
  782. /* Huge lifetime value. */
  783. {
  784. char *plaintext;
  785. tor_asprintf(&plaintext, template, "3", "7181615", "42", "MESSAGE");
  786. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  787. tor_free(plaintext);
  788. tt_int_op(ret, OP_EQ, -1);
  789. }
  790. /* Invalid encrypted section. */
  791. {
  792. char *plaintext;
  793. tor_asprintf(&plaintext, template, "3", "180", "42", bad_value);
  794. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  795. tor_free(plaintext);
  796. tt_int_op(ret, OP_EQ, -1);
  797. }
  798. /* Invalid revision counter. */
  799. {
  800. char *plaintext;
  801. tor_asprintf(&plaintext, template, "3", "180", bad_value, "MESSAGE");
  802. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  803. tor_free(plaintext);
  804. tt_int_op(ret, OP_EQ, -1);
  805. }
  806. done:
  807. ;
  808. }
  809. static void
  810. test_validate_cert(void *arg)
  811. {
  812. int ret;
  813. time_t now = time(NULL);
  814. ed25519_keypair_t kp;
  815. tor_cert_t *cert = NULL;
  816. (void) arg;
  817. ret = ed25519_keypair_generate(&kp, 0);
  818. tt_int_op(ret, ==, 0);
  819. /* Cert of type CERT_TYPE_AUTH_HS_IP_KEY. */
  820. cert = tor_cert_create(&kp, CERT_TYPE_AUTH_HS_IP_KEY,
  821. &kp.pubkey, now, 3600,
  822. CERT_FLAG_INCLUDE_SIGNING_KEY);
  823. tt_assert(cert);
  824. /* Test with empty certificate. */
  825. ret = cert_is_valid(NULL, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
  826. tt_int_op(ret, OP_EQ, 0);
  827. /* Test with a bad type. */
  828. ret = cert_is_valid(cert, CERT_TYPE_SIGNING_HS_DESC, "unicorn");
  829. tt_int_op(ret, OP_EQ, 0);
  830. /* Normal validation. */
  831. ret = cert_is_valid(cert, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
  832. tt_int_op(ret, OP_EQ, 1);
  833. /* Break signing key so signature verification will fails. */
  834. memset(&cert->signing_key, 0, sizeof(cert->signing_key));
  835. ret = cert_is_valid(cert, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
  836. tt_int_op(ret, OP_EQ, 0);
  837. tor_cert_free(cert);
  838. /* Try a cert without including the signing key. */
  839. cert = tor_cert_create(&kp, CERT_TYPE_AUTH_HS_IP_KEY, &kp.pubkey, now,
  840. 3600, 0);
  841. tt_assert(cert);
  842. /* Test with a bad type. */
  843. ret = cert_is_valid(cert, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
  844. tt_int_op(ret, OP_EQ, 0);
  845. done:
  846. tor_cert_free(cert);
  847. }
  848. static void
  849. test_desc_signature(void *arg)
  850. {
  851. int ret;
  852. char *data = NULL, *desc = NULL;
  853. char sig_b64[ED25519_SIG_BASE64_LEN + 1];
  854. ed25519_keypair_t kp;
  855. ed25519_signature_t sig;
  856. (void) arg;
  857. ed25519_keypair_generate(&kp, 0);
  858. /* Setup a phoony descriptor but with a valid signature token that is the
  859. * signature is verifiable. */
  860. tor_asprintf(&data, "This is a signed descriptor\n");
  861. ret = ed25519_sign_prefixed(&sig, (const uint8_t *) data, strlen(data),
  862. "Tor onion service descriptor sig v3", &kp);
  863. tt_int_op(ret, ==, 0);
  864. ret = ed25519_signature_to_base64(sig_b64, &sig);
  865. tt_int_op(ret, ==, 0);
  866. /* Build the descriptor that should be valid. */
  867. tor_asprintf(&desc, "%ssignature %s\n", data, sig_b64);
  868. ret = desc_sig_is_valid(sig_b64, &kp, desc, strlen(desc));
  869. tt_int_op(ret, ==, 1);
  870. /* Junk signature. */
  871. ret = desc_sig_is_valid("JUNK", &kp, desc, strlen(desc));
  872. tt_int_op(ret, ==, 0);
  873. done:
  874. tor_free(desc);
  875. tor_free(data);
  876. }
  877. struct testcase_t hs_descriptor[] = {
  878. /* Encoding tests. */
  879. { "cert_encoding", test_cert_encoding, TT_FORK,
  880. NULL, NULL },
  881. { "link_specifier", test_link_specifier, TT_FORK,
  882. NULL, NULL },
  883. { "encode_descriptor", test_encode_descriptor, TT_FORK,
  884. NULL, NULL },
  885. { "descriptor_padding", test_descriptor_padding, TT_FORK,
  886. NULL, NULL },
  887. /* Decoding tests. */
  888. { "decode_descriptor", test_decode_descriptor, TT_FORK,
  889. NULL, NULL },
  890. { "encrypted_data_len", test_encrypted_data_len, TT_FORK,
  891. NULL, NULL },
  892. { "decode_intro_point", test_decode_intro_point, TT_FORK,
  893. NULL, NULL },
  894. { "decode_plaintext", test_decode_plaintext, TT_FORK,
  895. NULL, NULL },
  896. /* Misc. */
  897. { "version", test_supported_version, TT_FORK,
  898. NULL, NULL },
  899. { "validate_cert", test_validate_cert, TT_FORK,
  900. NULL, NULL },
  901. { "desc_signature", test_desc_signature, TT_FORK,
  902. NULL, NULL },
  903. END_OF_TESTCASES
  904. };