test_hs_descriptor.c 30 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965
  1. /* Copyright (c) 2016-2018, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. /**
  4. * \file test_hs_descriptor.c
  5. * \brief Test hidden service descriptor encoding and decoding.
  6. */
  7. #define HS_DESCRIPTOR_PRIVATE
  8. #include "lib/crypt_ops/crypto_ed25519.h"
  9. #include "lib/crypt_ops/crypto_format.h"
  10. #include "lib/crypt_ops/crypto_digest.h"
  11. #include "lib/crypt_ops/crypto_rand.h"
  12. #include "trunnel/ed25519_cert.h"
  13. #include "core/or/or.h"
  14. #include "feature/hs/hs_descriptor.h"
  15. #include "test/test.h"
  16. #include "feature/nodelist/torcert.h"
  17. #include "test/hs_test_helpers.h"
  18. #include "test/test_helpers.h"
  19. #include "test/log_test_helpers.h"
  20. #ifdef HAVE_CFLAG_WOVERLENGTH_STRINGS
  21. DISABLE_GCC_WARNING(overlength-strings)
  22. /* We allow huge string constants in the unit tests, but not in the code
  23. * at large. */
  24. #endif
  25. #include "test_hs_descriptor.inc"
  26. ENABLE_GCC_WARNING(overlength-strings)
  27. /* Mock function to fill all bytes with 1 */
  28. static void
  29. mock_crypto_strongest_rand(uint8_t *out, size_t out_len)
  30. {
  31. memset(out, 1, out_len);
  32. }
  33. /* Test certificate encoding put in a descriptor. */
  34. static void
  35. test_cert_encoding(void *arg)
  36. {
  37. int ret;
  38. char *encoded = NULL;
  39. time_t now = time(NULL);
  40. ed25519_keypair_t kp;
  41. ed25519_public_key_t signed_key;
  42. ed25519_secret_key_t secret_key;
  43. tor_cert_t *cert = NULL;
  44. (void) arg;
  45. ret = ed25519_keypair_generate(&kp, 0);
  46. tt_int_op(ret, == , 0);
  47. ret = ed25519_secret_key_generate(&secret_key, 0);
  48. tt_int_op(ret, == , 0);
  49. ret = ed25519_public_key_generate(&signed_key, &secret_key);
  50. tt_int_op(ret, == , 0);
  51. cert = tor_cert_create(&kp, CERT_TYPE_SIGNING_AUTH, &signed_key,
  52. now, 3600 * 2, CERT_FLAG_INCLUDE_SIGNING_KEY);
  53. tt_assert(cert);
  54. /* Test the certificate encoding function. */
  55. ret = tor_cert_encode_ed22519(cert, &encoded);
  56. tt_int_op(ret, OP_EQ, 0);
  57. /* Validated the certificate string. */
  58. {
  59. char *end, *pos = encoded;
  60. char *b64_cert, buf[256];
  61. size_t b64_cert_len;
  62. tor_cert_t *parsed_cert;
  63. tt_int_op(strcmpstart(pos, "-----BEGIN ED25519 CERT-----\n"), OP_EQ, 0);
  64. pos += strlen("-----BEGIN ED25519 CERT-----\n");
  65. /* Isolate the base64 encoded certificate and try to decode it. */
  66. end = strstr(pos, "-----END ED25519 CERT-----");
  67. tt_assert(end);
  68. b64_cert = pos;
  69. b64_cert_len = end - pos;
  70. ret = base64_decode(buf, sizeof(buf), b64_cert, b64_cert_len);
  71. tt_int_op(ret, OP_GT, 0);
  72. /* Parseable? */
  73. parsed_cert = tor_cert_parse((uint8_t *) buf, ret);
  74. tt_assert(parsed_cert);
  75. /* Signature is valid? */
  76. ret = tor_cert_checksig(parsed_cert, &kp.pubkey, now + 10);
  77. tt_int_op(ret, OP_EQ, 0);
  78. ret = tor_cert_eq(cert, parsed_cert);
  79. tt_int_op(ret, OP_EQ, 1);
  80. /* The cert did have the signing key? */
  81. ret= ed25519_pubkey_eq(&parsed_cert->signing_key, &kp.pubkey);
  82. tt_int_op(ret, OP_EQ, 1);
  83. tor_cert_free(parsed_cert);
  84. /* Get to the end part of the certificate. */
  85. pos += b64_cert_len;
  86. tt_int_op(strcmpstart(pos, "-----END ED25519 CERT-----"), OP_EQ, 0);
  87. pos += strlen("-----END ED25519 CERT-----");
  88. tt_str_op(pos, OP_EQ, "");
  89. }
  90. done:
  91. tor_cert_free(cert);
  92. tor_free(encoded);
  93. }
  94. /* Test the descriptor padding. */
  95. static void
  96. test_descriptor_padding(void *arg)
  97. {
  98. char *plaintext;
  99. size_t plaintext_len, padded_len;
  100. uint8_t *padded_plaintext = NULL;
  101. /* Example: if l = 129, the ceiled division gives 2 and then multiplied by 128
  102. * to give 256. With l = 127, ceiled division gives 1 then times 128. */
  103. #define PADDING_EXPECTED_LEN(l) \
  104. CEIL_DIV(l, HS_DESC_SUPERENC_PLAINTEXT_PAD_MULTIPLE) * \
  105. HS_DESC_SUPERENC_PLAINTEXT_PAD_MULTIPLE
  106. (void) arg;
  107. { /* test #1: no padding */
  108. plaintext_len = HS_DESC_SUPERENC_PLAINTEXT_PAD_MULTIPLE;
  109. plaintext = tor_malloc(plaintext_len);
  110. padded_len = build_plaintext_padding(plaintext, plaintext_len,
  111. &padded_plaintext);
  112. tt_assert(padded_plaintext);
  113. tor_free(plaintext);
  114. /* Make sure our padding has been zeroed. */
  115. tt_int_op(tor_mem_is_zero((char *) padded_plaintext + plaintext_len,
  116. padded_len - plaintext_len), OP_EQ, 1);
  117. tor_free(padded_plaintext);
  118. /* Never never have a padded length smaller than the plaintext. */
  119. tt_int_op(padded_len, OP_GE, plaintext_len);
  120. tt_int_op(padded_len, OP_EQ, PADDING_EXPECTED_LEN(plaintext_len));
  121. }
  122. { /* test #2: one byte padding? */
  123. plaintext_len = HS_DESC_SUPERENC_PLAINTEXT_PAD_MULTIPLE - 1;
  124. plaintext = tor_malloc(plaintext_len);
  125. padded_plaintext = NULL;
  126. padded_len = build_plaintext_padding(plaintext, plaintext_len,
  127. &padded_plaintext);
  128. tt_assert(padded_plaintext);
  129. tor_free(plaintext);
  130. /* Make sure our padding has been zeroed. */
  131. tt_int_op(tor_mem_is_zero((char *) padded_plaintext + plaintext_len,
  132. padded_len - plaintext_len), OP_EQ, 1);
  133. tor_free(padded_plaintext);
  134. /* Never never have a padded length smaller than the plaintext. */
  135. tt_int_op(padded_len, OP_GE, plaintext_len);
  136. tt_int_op(padded_len, OP_EQ, PADDING_EXPECTED_LEN(plaintext_len));
  137. }
  138. { /* test #3: Lots more bytes of padding? */
  139. plaintext_len = HS_DESC_SUPERENC_PLAINTEXT_PAD_MULTIPLE + 1;
  140. plaintext = tor_malloc(plaintext_len);
  141. padded_plaintext = NULL;
  142. padded_len = build_plaintext_padding(plaintext, plaintext_len,
  143. &padded_plaintext);
  144. tt_assert(padded_plaintext);
  145. tor_free(plaintext);
  146. /* Make sure our padding has been zeroed. */
  147. tt_int_op(tor_mem_is_zero((char *) padded_plaintext + plaintext_len,
  148. padded_len - plaintext_len), OP_EQ, 1);
  149. tor_free(padded_plaintext);
  150. /* Never never have a padded length smaller than the plaintext. */
  151. tt_int_op(padded_len, OP_GE, plaintext_len);
  152. tt_int_op(padded_len, OP_EQ, PADDING_EXPECTED_LEN(plaintext_len));
  153. }
  154. done:
  155. return;
  156. }
  157. static void
  158. test_link_specifier(void *arg)
  159. {
  160. ssize_t ret;
  161. hs_desc_link_specifier_t spec;
  162. smartlist_t *link_specifiers = smartlist_new();
  163. char buf[256];
  164. char *b64 = NULL;
  165. link_specifier_t *ls = NULL;
  166. (void) arg;
  167. /* Always this port. */
  168. spec.u.ap.port = 42;
  169. smartlist_add(link_specifiers, &spec);
  170. /* Test IPv4 for starter. */
  171. {
  172. uint32_t ipv4;
  173. spec.type = LS_IPV4;
  174. ret = tor_addr_parse(&spec.u.ap.addr, "1.2.3.4");
  175. tt_int_op(ret, OP_EQ, AF_INET);
  176. b64 = encode_link_specifiers(link_specifiers);
  177. tt_assert(b64);
  178. /* Decode it and validate the format. */
  179. ret = base64_decode(buf, sizeof(buf), b64, strlen(b64));
  180. tt_int_op(ret, OP_GT, 0);
  181. /* First byte is the number of link specifier. */
  182. tt_int_op(get_uint8(buf), OP_EQ, 1);
  183. ret = link_specifier_parse(&ls, (uint8_t *) buf + 1, ret - 1);
  184. tt_int_op(ret, OP_EQ, 8);
  185. /* Should be 2 bytes for port and 4 bytes for IPv4. */
  186. tt_int_op(link_specifier_get_ls_len(ls), OP_EQ, 6);
  187. ipv4 = link_specifier_get_un_ipv4_addr(ls);
  188. tt_int_op(tor_addr_to_ipv4h(&spec.u.ap.addr), OP_EQ, ipv4);
  189. tt_int_op(link_specifier_get_un_ipv4_port(ls), OP_EQ, spec.u.ap.port);
  190. link_specifier_free(ls);
  191. ls = NULL;
  192. tor_free(b64);
  193. }
  194. /* Test IPv6. */
  195. {
  196. uint8_t ipv6[16];
  197. spec.type = LS_IPV6;
  198. ret = tor_addr_parse(&spec.u.ap.addr, "[1:2:3:4::]");
  199. tt_int_op(ret, OP_EQ, AF_INET6);
  200. b64 = encode_link_specifiers(link_specifiers);
  201. tt_assert(b64);
  202. /* Decode it and validate the format. */
  203. ret = base64_decode(buf, sizeof(buf), b64, strlen(b64));
  204. tt_int_op(ret, OP_GT, 0);
  205. /* First byte is the number of link specifier. */
  206. tt_int_op(get_uint8(buf), OP_EQ, 1);
  207. ret = link_specifier_parse(&ls, (uint8_t *) buf + 1, ret - 1);
  208. tt_int_op(ret, OP_EQ, 20);
  209. /* Should be 2 bytes for port and 16 bytes for IPv6. */
  210. tt_int_op(link_specifier_get_ls_len(ls), OP_EQ, 18);
  211. for (unsigned int i = 0; i < sizeof(ipv6); i++) {
  212. ipv6[i] = link_specifier_get_un_ipv6_addr(ls, i);
  213. }
  214. tt_mem_op(tor_addr_to_in6_addr8(&spec.u.ap.addr), OP_EQ, ipv6,
  215. sizeof(ipv6));
  216. tt_int_op(link_specifier_get_un_ipv6_port(ls), OP_EQ, spec.u.ap.port);
  217. link_specifier_free(ls);
  218. ls = NULL;
  219. tor_free(b64);
  220. }
  221. /* Test legacy. */
  222. {
  223. uint8_t *id;
  224. spec.type = LS_LEGACY_ID;
  225. memset(spec.u.legacy_id, 'Y', sizeof(spec.u.legacy_id));
  226. b64 = encode_link_specifiers(link_specifiers);
  227. tt_assert(b64);
  228. /* Decode it and validate the format. */
  229. ret = base64_decode(buf, sizeof(buf), b64, strlen(b64));
  230. tt_int_op(ret, OP_GT, 0);
  231. /* First byte is the number of link specifier. */
  232. tt_int_op(get_uint8(buf), OP_EQ, 1);
  233. ret = link_specifier_parse(&ls, (uint8_t *) buf + 1, ret - 1);
  234. /* 20 bytes digest + 1 byte type + 1 byte len. */
  235. tt_int_op(ret, OP_EQ, 22);
  236. tt_int_op(link_specifier_getlen_un_legacy_id(ls), OP_EQ, DIGEST_LEN);
  237. /* Digest length is 20 bytes. */
  238. tt_int_op(link_specifier_get_ls_len(ls), OP_EQ, DIGEST_LEN);
  239. id = link_specifier_getarray_un_legacy_id(ls);
  240. tt_mem_op(spec.u.legacy_id, OP_EQ, id, DIGEST_LEN);
  241. link_specifier_free(ls);
  242. ls = NULL;
  243. tor_free(b64);
  244. }
  245. done:
  246. link_specifier_free(ls);
  247. tor_free(b64);
  248. smartlist_free(link_specifiers);
  249. }
  250. static void
  251. test_encode_descriptor(void *arg)
  252. {
  253. int ret;
  254. ed25519_keypair_t signing_kp;
  255. hs_descriptor_t *desc = NULL;
  256. (void) arg;
  257. ret = ed25519_keypair_generate(&signing_kp, 0);
  258. tt_int_op(ret, OP_EQ, 0);
  259. desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
  260. {
  261. char *encoded = NULL;
  262. ret = hs_desc_encode_descriptor(desc, &signing_kp, NULL, &encoded);
  263. tt_int_op(ret, OP_EQ, 0);
  264. tt_assert(encoded);
  265. tor_free(encoded);
  266. }
  267. {
  268. char *encoded = NULL;
  269. uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN];
  270. crypto_strongest_rand(descriptor_cookie, sizeof(descriptor_cookie));
  271. ret = hs_desc_encode_descriptor(desc, &signing_kp,
  272. descriptor_cookie, &encoded);
  273. tt_int_op(ret, OP_EQ, 0);
  274. tt_assert(encoded);
  275. tor_free(encoded);
  276. }
  277. done:
  278. hs_descriptor_free(desc);
  279. }
  280. static void
  281. test_decode_descriptor(void *arg)
  282. {
  283. int ret;
  284. int i;
  285. char *encoded = NULL;
  286. ed25519_keypair_t signing_kp;
  287. hs_descriptor_t *desc = NULL;
  288. hs_descriptor_t *decoded = NULL;
  289. hs_descriptor_t *desc_no_ip = NULL;
  290. uint8_t subcredential[DIGEST256_LEN];
  291. (void) arg;
  292. ret = ed25519_keypair_generate(&signing_kp, 0);
  293. tt_int_op(ret, OP_EQ, 0);
  294. desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
  295. hs_helper_get_subcred_from_identity_keypair(&signing_kp,
  296. subcredential);
  297. /* Give some bad stuff to the decoding function. */
  298. ret = hs_desc_decode_descriptor("hladfjlkjadf", subcredential,
  299. NULL, &decoded);
  300. tt_int_op(ret, OP_EQ, -1);
  301. ret = hs_desc_encode_descriptor(desc, &signing_kp, NULL, &encoded);
  302. tt_int_op(ret, OP_EQ, 0);
  303. tt_assert(encoded);
  304. ret = hs_desc_decode_descriptor(encoded, subcredential, NULL, &decoded);
  305. tt_int_op(ret, OP_EQ, 0);
  306. tt_assert(decoded);
  307. hs_helper_desc_equal(desc, decoded);
  308. /* Decode a descriptor with _no_ introduction points. */
  309. {
  310. ed25519_keypair_t signing_kp_no_ip;
  311. ret = ed25519_keypair_generate(&signing_kp_no_ip, 0);
  312. tt_int_op(ret, OP_EQ, 0);
  313. hs_helper_get_subcred_from_identity_keypair(&signing_kp_no_ip,
  314. subcredential);
  315. desc_no_ip = hs_helper_build_hs_desc_no_ip(&signing_kp_no_ip);
  316. tt_assert(desc_no_ip);
  317. tor_free(encoded);
  318. ret = hs_desc_encode_descriptor(desc_no_ip, &signing_kp_no_ip,
  319. NULL, &encoded);
  320. tt_int_op(ret, OP_EQ, 0);
  321. tt_assert(encoded);
  322. hs_descriptor_free(decoded);
  323. ret = hs_desc_decode_descriptor(encoded, subcredential, NULL, &decoded);
  324. tt_int_op(ret, OP_EQ, 0);
  325. tt_assert(decoded);
  326. }
  327. /* Decode a descriptor with auth clients. */
  328. {
  329. uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN];
  330. curve25519_keypair_t auth_ephemeral_kp;
  331. curve25519_keypair_t client_kp, invalid_client_kp;
  332. smartlist_t *clients;
  333. hs_desc_authorized_client_t *client, *fake_client;
  334. client = tor_malloc_zero(sizeof(hs_desc_authorized_client_t));
  335. /* Prepare all the keys needed to build the auth client. */
  336. curve25519_keypair_generate(&auth_ephemeral_kp, 0);
  337. curve25519_keypair_generate(&client_kp, 0);
  338. curve25519_keypair_generate(&invalid_client_kp, 0);
  339. crypto_strongest_rand(descriptor_cookie, HS_DESC_DESCRIPTOR_COOKIE_LEN);
  340. memcpy(&desc->superencrypted_data.auth_ephemeral_pubkey,
  341. &auth_ephemeral_kp.pubkey, CURVE25519_PUBKEY_LEN);
  342. hs_helper_get_subcred_from_identity_keypair(&signing_kp,
  343. subcredential);
  344. /* Build and add the auth client to the descriptor. */
  345. clients = desc->superencrypted_data.clients;
  346. if (!clients) {
  347. clients = smartlist_new();
  348. }
  349. hs_desc_build_authorized_client(subcredential,
  350. &client_kp.pubkey,
  351. &auth_ephemeral_kp.seckey,
  352. descriptor_cookie, client);
  353. smartlist_add(clients, client);
  354. /* We need to add fake auth clients here. */
  355. for (i=0; i < 15; ++i) {
  356. fake_client = hs_desc_build_fake_authorized_client();
  357. smartlist_add(clients, fake_client);
  358. }
  359. desc->superencrypted_data.clients = clients;
  360. /* Test the encoding/decoding in the following lines. */
  361. tor_free(encoded);
  362. ret = hs_desc_encode_descriptor(desc, &signing_kp,
  363. descriptor_cookie, &encoded);
  364. tt_int_op(ret, OP_EQ, 0);
  365. tt_assert(encoded);
  366. /* If we do not have the client secret key, the decoding must fail. */
  367. hs_descriptor_free(decoded);
  368. ret = hs_desc_decode_descriptor(encoded, subcredential,
  369. NULL, &decoded);
  370. tt_int_op(ret, OP_LT, 0);
  371. tt_assert(!decoded);
  372. /* If we have an invalid client secret key, the decoding must fail. */
  373. hs_descriptor_free(decoded);
  374. ret = hs_desc_decode_descriptor(encoded, subcredential,
  375. &invalid_client_kp.seckey, &decoded);
  376. tt_int_op(ret, OP_LT, 0);
  377. tt_assert(!decoded);
  378. /* If we have the client secret key, the decoding must succeed and the
  379. * decoded descriptor must be correct. */
  380. ret = hs_desc_decode_descriptor(encoded, subcredential,
  381. &client_kp.seckey, &decoded);
  382. tt_int_op(ret, OP_EQ, 0);
  383. tt_assert(decoded);
  384. hs_helper_desc_equal(desc, decoded);
  385. }
  386. done:
  387. hs_descriptor_free(desc);
  388. hs_descriptor_free(desc_no_ip);
  389. hs_descriptor_free(decoded);
  390. tor_free(encoded);
  391. }
  392. static void
  393. test_supported_version(void *arg)
  394. {
  395. int ret;
  396. (void) arg;
  397. /* Unsupported. */
  398. ret = hs_desc_is_supported_version(42);
  399. tt_int_op(ret, OP_EQ, 0);
  400. /* To early. */
  401. ret = hs_desc_is_supported_version(HS_DESC_SUPPORTED_FORMAT_VERSION_MIN - 1);
  402. tt_int_op(ret, OP_EQ, 0);
  403. /* One too new. */
  404. ret = hs_desc_is_supported_version(HS_DESC_SUPPORTED_FORMAT_VERSION_MAX + 1);
  405. tt_int_op(ret, OP_EQ, 0);
  406. /* Valid version. */
  407. ret = hs_desc_is_supported_version(3);
  408. tt_int_op(ret, OP_EQ, 1);
  409. done:
  410. ;
  411. }
  412. static void
  413. test_encrypted_data_len(void *arg)
  414. {
  415. int ret;
  416. size_t value;
  417. (void) arg;
  418. /* No length, error. */
  419. ret = encrypted_data_length_is_valid(0);
  420. tt_int_op(ret, OP_EQ, 0);
  421. /* Valid value. */
  422. value = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN + 1;
  423. ret = encrypted_data_length_is_valid(value);
  424. tt_int_op(ret, OP_EQ, 1);
  425. done:
  426. ;
  427. }
  428. static void
  429. test_decode_invalid_intro_point(void *arg)
  430. {
  431. int ret;
  432. char *encoded_ip = NULL;
  433. size_t len_out;
  434. hs_desc_intro_point_t *ip = NULL;
  435. ed25519_keypair_t signing_kp;
  436. hs_descriptor_t *desc = NULL;
  437. (void) arg;
  438. /* Separate pieces of a valid encoded introduction point. */
  439. const char *intro_point =
  440. "introduction-point AQIUMDI5OUYyNjhGQ0E5RDU1Q0QxNTc=";
  441. const char *auth_key =
  442. "auth-key\n"
  443. "-----BEGIN ED25519 CERT-----\n"
  444. "AQkACOhAAQW8ltYZMIWpyrfyE/b4Iyi8CNybCwYs6ADk7XfBaxsFAQAgBAD3/BE4\n"
  445. "XojGE/N2bW/wgnS9r2qlrkydGyuCKIGayYx3haZ39LD4ZTmSMRxwmplMAqzG/XNP\n"
  446. "0Kkpg4p2/VnLFJRdU1SMFo1lgQ4P0bqw7Tgx200fulZ4KUM5z5V7m+a/mgY=\n"
  447. "-----END ED25519 CERT-----";
  448. const char *enc_key =
  449. "enc-key ntor bpZKLsuhxP6woDQ3yVyjm5gUKSk7RjfAijT2qrzbQk0=";
  450. const char *enc_key_cert =
  451. "enc-key-cert\n"
  452. "-----BEGIN ED25519 CERT-----\n"
  453. "AQsACOhZAUpNvCZ1aJaaR49lS6MCdsVkhVGVrRqoj0Y2T4SzroAtAQAgBABFOcGg\n"
  454. "lbTt1DF5nKTE/gU3Fr8ZtlCIOhu1A+F5LM7fqCUupfesg0KTHwyIZOYQbJuM5/he\n"
  455. "/jDNyLy9woPJdjkxywaY2RPUxGjLYtMQV0E8PUxWyICV+7y52fTCYaKpYQw=\n"
  456. "-----END ED25519 CERT-----";
  457. /* Try to decode a junk string. */
  458. {
  459. hs_descriptor_free(desc);
  460. desc = NULL;
  461. ret = ed25519_keypair_generate(&signing_kp, 0);
  462. tt_int_op(ret, OP_EQ, 0);
  463. desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
  464. const char *junk = "this is not a descriptor";
  465. ip = decode_introduction_point(desc, junk);
  466. tt_ptr_op(ip, OP_EQ, NULL);
  467. hs_desc_intro_point_free(ip);
  468. ip = NULL;
  469. }
  470. /* Invalid link specifiers. */
  471. {
  472. smartlist_t *lines = smartlist_new();
  473. const char *bad_line = "introduction-point blah";
  474. smartlist_add(lines, (char *) bad_line);
  475. smartlist_add(lines, (char *) auth_key);
  476. smartlist_add(lines, (char *) enc_key);
  477. smartlist_add(lines, (char *) enc_key_cert);
  478. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  479. tt_assert(encoded_ip);
  480. ip = decode_introduction_point(desc, encoded_ip);
  481. tt_ptr_op(ip, OP_EQ, NULL);
  482. tor_free(encoded_ip);
  483. smartlist_free(lines);
  484. hs_desc_intro_point_free(ip);
  485. ip = NULL;
  486. }
  487. /* Invalid auth key type. */
  488. {
  489. smartlist_t *lines = smartlist_new();
  490. /* Try to put a valid object that our tokenize function will be able to
  491. * parse but that has nothing to do with the auth_key. */
  492. const char *bad_line =
  493. "auth-key\n"
  494. "-----BEGIN UNICORN CERT-----\n"
  495. "MIGJAoGBAO4bATcW8kW4h6RQQAKEgg+aXCpF4JwbcO6vGZtzXTDB+HdPVQzwqkbh\n"
  496. "XzFM6VGArhYw4m31wcP1Z7IwULir7UMnAFd7Zi62aYfU6l+Y1yAoZ1wzu1XBaAMK\n"
  497. "ejpwQinW9nzJn7c2f69fVke3pkhxpNdUZ+vplSA/l9iY+y+v+415AgMBAAE=\n"
  498. "-----END UNICORN CERT-----";
  499. /* Build intro point text. */
  500. smartlist_add(lines, (char *) intro_point);
  501. smartlist_add(lines, (char *) bad_line);
  502. smartlist_add(lines, (char *) enc_key);
  503. smartlist_add(lines, (char *) enc_key_cert);
  504. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  505. tt_assert(encoded_ip);
  506. ip = decode_introduction_point(desc, encoded_ip);
  507. tt_ptr_op(ip, OP_EQ, NULL);
  508. tor_free(encoded_ip);
  509. smartlist_free(lines);
  510. }
  511. /* Invalid enc-key. */
  512. {
  513. smartlist_t *lines = smartlist_new();
  514. const char *bad_line =
  515. "enc-key unicorn bpZKLsuhxP6woDQ3yVyjm5gUKSk7RjfAijT2qrzbQk0=";
  516. /* Build intro point text. */
  517. smartlist_add(lines, (char *) intro_point);
  518. smartlist_add(lines, (char *) auth_key);
  519. smartlist_add(lines, (char *) bad_line);
  520. smartlist_add(lines, (char *) enc_key_cert);
  521. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  522. tt_assert(encoded_ip);
  523. ip = decode_introduction_point(desc, encoded_ip);
  524. tt_ptr_op(ip, OP_EQ, NULL);
  525. tor_free(encoded_ip);
  526. smartlist_free(lines);
  527. }
  528. /* Invalid enc-key object. */
  529. {
  530. smartlist_t *lines = smartlist_new();
  531. const char *bad_line = "enc-key ntor";
  532. /* Build intro point text. */
  533. smartlist_add(lines, (char *) intro_point);
  534. smartlist_add(lines, (char *) auth_key);
  535. smartlist_add(lines, (char *) bad_line);
  536. smartlist_add(lines, (char *) enc_key_cert);
  537. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  538. tt_assert(encoded_ip);
  539. ip = decode_introduction_point(desc, encoded_ip);
  540. tt_ptr_op(ip, OP_EQ, NULL);
  541. tor_free(encoded_ip);
  542. smartlist_free(lines);
  543. }
  544. /* Invalid enc-key base64 curv25519 key. */
  545. {
  546. smartlist_t *lines = smartlist_new();
  547. const char *bad_line = "enc-key ntor blah===";
  548. /* Build intro point text. */
  549. smartlist_add(lines, (char *) intro_point);
  550. smartlist_add(lines, (char *) auth_key);
  551. smartlist_add(lines, (char *) bad_line);
  552. smartlist_add(lines, (char *) enc_key_cert);
  553. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  554. tt_assert(encoded_ip);
  555. ip = decode_introduction_point(desc, encoded_ip);
  556. tt_ptr_op(ip, OP_EQ, NULL);
  557. tor_free(encoded_ip);
  558. smartlist_free(lines);
  559. }
  560. /* Invalid enc-key invalid legacy. */
  561. {
  562. smartlist_t *lines = smartlist_new();
  563. const char *bad_line = "legacy-key blah===";
  564. /* Build intro point text. */
  565. smartlist_add(lines, (char *) intro_point);
  566. smartlist_add(lines, (char *) auth_key);
  567. smartlist_add(lines, (char *) bad_line);
  568. smartlist_add(lines, (char *) enc_key_cert);
  569. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  570. tt_assert(encoded_ip);
  571. ip = decode_introduction_point(desc, encoded_ip);
  572. tt_ptr_op(ip, OP_EQ, NULL);
  573. tor_free(encoded_ip);
  574. smartlist_free(lines);
  575. }
  576. done:
  577. hs_descriptor_free(desc);
  578. hs_desc_intro_point_free(ip);
  579. }
  580. /** Make sure we fail gracefully when decoding the bad desc from #23233. */
  581. static void
  582. test_decode_bad_signature(void *arg)
  583. {
  584. hs_desc_plaintext_data_t desc_plaintext;
  585. int ret;
  586. (void) arg;
  587. memset(&desc_plaintext, 0, sizeof(desc_plaintext));
  588. /* Update approx time to dodge cert expiration */
  589. update_approx_time(1502661599);
  590. setup_full_capture_of_logs(LOG_WARN);
  591. ret = hs_desc_decode_plaintext(HS_DESC_BAD_SIG, &desc_plaintext);
  592. tt_int_op(ret, OP_EQ, -1);
  593. expect_log_msg_containing("Malformed signature line. Rejecting.");
  594. teardown_capture_of_logs();
  595. done:
  596. hs_desc_plaintext_data_free_contents(&desc_plaintext);
  597. }
  598. static void
  599. test_decode_plaintext(void *arg)
  600. {
  601. int ret;
  602. hs_desc_plaintext_data_t desc_plaintext;
  603. const char *bad_value = "unicorn";
  604. (void) arg;
  605. #define template \
  606. "hs-descriptor %s\n" \
  607. "descriptor-lifetime %s\n" \
  608. "descriptor-signing-key-cert\n" \
  609. "-----BEGIN ED25519 CERT-----\n" \
  610. "AQgABjvPAQaG3g+dc6oV/oJV4ODAtkvx56uBnPtBT9mYVuHVOhn7AQAgBABUg3mQ\n" \
  611. "myBr4bu5LCr53wUEbW2EXui01CbUgU7pfo9LvJG3AcXRojj6HlfsUs9BkzYzYdjF\n" \
  612. "A69Apikgu0ewHYkFFASt7Il+gB3w6J8YstQJZT7dtbtl+doM7ug8B68Qdg8=\n" \
  613. "-----END ED25519 CERT-----\n" \
  614. "revision-counter %s\n" \
  615. "encrypted\n" \
  616. "-----BEGIN %s-----\n" \
  617. "UNICORN\n" \
  618. "-----END MESSAGE-----\n" \
  619. "signature m20WJH5agqvwhq7QeuEZ1mYyPWQDO+eJOZUjLhAiKu8DbL17DsDfJE6kXbWy" \
  620. "HimbNj2we0enV3cCOOAsmPOaAw\n"
  621. /* Invalid version. */
  622. {
  623. char *plaintext;
  624. tor_asprintf(&plaintext, template, bad_value, "180", "42", "MESSAGE");
  625. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  626. tor_free(plaintext);
  627. tt_int_op(ret, OP_EQ, -1);
  628. }
  629. /* Missing fields. */
  630. {
  631. const char *plaintext = "hs-descriptor 3\n";
  632. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  633. tt_int_op(ret, OP_EQ, -1);
  634. }
  635. /* Max length. */
  636. {
  637. size_t big = 64000;
  638. /* Must always be bigger than HS_DESC_MAX_LEN. */
  639. tt_int_op(HS_DESC_MAX_LEN, OP_LT, big);
  640. char *plaintext = tor_malloc_zero(big);
  641. memset(plaintext, 'a', big);
  642. plaintext[big - 1] = '\0';
  643. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  644. tor_free(plaintext);
  645. tt_int_op(ret, OP_EQ, -1);
  646. }
  647. /* Bad lifetime value. */
  648. {
  649. char *plaintext;
  650. tor_asprintf(&plaintext, template, "3", bad_value, "42", "MESSAGE");
  651. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  652. tor_free(plaintext);
  653. tt_int_op(ret, OP_EQ, -1);
  654. }
  655. /* Huge lifetime value. */
  656. {
  657. char *plaintext;
  658. tor_asprintf(&plaintext, template, "3", "7181615", "42", "MESSAGE");
  659. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  660. tor_free(plaintext);
  661. tt_int_op(ret, OP_EQ, -1);
  662. }
  663. /* Invalid encrypted section. */
  664. {
  665. char *plaintext;
  666. tor_asprintf(&plaintext, template, "3", "180", "42", bad_value);
  667. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  668. tor_free(plaintext);
  669. tt_int_op(ret, OP_EQ, -1);
  670. }
  671. /* Invalid revision counter. */
  672. {
  673. char *plaintext;
  674. tor_asprintf(&plaintext, template, "3", "180", bad_value, "MESSAGE");
  675. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  676. tor_free(plaintext);
  677. tt_int_op(ret, OP_EQ, -1);
  678. }
  679. done:
  680. ;
  681. }
  682. static void
  683. test_validate_cert(void *arg)
  684. {
  685. int ret;
  686. time_t now = time(NULL);
  687. ed25519_keypair_t kp;
  688. tor_cert_t *cert = NULL;
  689. (void) arg;
  690. ret = ed25519_keypair_generate(&kp, 0);
  691. tt_int_op(ret, OP_EQ, 0);
  692. /* Cert of type CERT_TYPE_AUTH_HS_IP_KEY. */
  693. cert = tor_cert_create(&kp, CERT_TYPE_AUTH_HS_IP_KEY,
  694. &kp.pubkey, now, 3600,
  695. CERT_FLAG_INCLUDE_SIGNING_KEY);
  696. tt_assert(cert);
  697. /* Test with empty certificate. */
  698. ret = cert_is_valid(NULL, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
  699. tt_int_op(ret, OP_EQ, 0);
  700. /* Test with a bad type. */
  701. ret = cert_is_valid(cert, CERT_TYPE_SIGNING_HS_DESC, "unicorn");
  702. tt_int_op(ret, OP_EQ, 0);
  703. /* Normal validation. */
  704. ret = cert_is_valid(cert, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
  705. tt_int_op(ret, OP_EQ, 1);
  706. /* Break signing key so signature verification will fails. */
  707. memset(&cert->signing_key, 0, sizeof(cert->signing_key));
  708. ret = cert_is_valid(cert, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
  709. tt_int_op(ret, OP_EQ, 0);
  710. tor_cert_free(cert);
  711. /* Try a cert without including the signing key. */
  712. cert = tor_cert_create(&kp, CERT_TYPE_AUTH_HS_IP_KEY, &kp.pubkey, now,
  713. 3600, 0);
  714. tt_assert(cert);
  715. /* Test with a bad type. */
  716. ret = cert_is_valid(cert, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
  717. tt_int_op(ret, OP_EQ, 0);
  718. done:
  719. tor_cert_free(cert);
  720. }
  721. static void
  722. test_desc_signature(void *arg)
  723. {
  724. int ret;
  725. char *data = NULL, *desc = NULL;
  726. char sig_b64[ED25519_SIG_BASE64_LEN + 1];
  727. ed25519_keypair_t kp;
  728. ed25519_signature_t sig;
  729. (void) arg;
  730. ed25519_keypair_generate(&kp, 0);
  731. /* Setup a phoony descriptor but with a valid signature token that is the
  732. * signature is verifiable. */
  733. tor_asprintf(&data, "This is a signed descriptor\n");
  734. ret = ed25519_sign_prefixed(&sig, (const uint8_t *) data, strlen(data),
  735. "Tor onion service descriptor sig v3", &kp);
  736. tt_int_op(ret, OP_EQ, 0);
  737. ret = ed25519_signature_to_base64(sig_b64, &sig);
  738. tt_int_op(ret, OP_EQ, 0);
  739. /* Build the descriptor that should be valid. */
  740. tor_asprintf(&desc, "%ssignature %s\n", data, sig_b64);
  741. ret = desc_sig_is_valid(sig_b64, &kp.pubkey, desc, strlen(desc));
  742. tt_int_op(ret, OP_EQ, 1);
  743. /* Junk signature. */
  744. ret = desc_sig_is_valid("JUNK", &kp.pubkey, desc, strlen(desc));
  745. tt_int_op(ret, OP_EQ, 0);
  746. done:
  747. tor_free(desc);
  748. tor_free(data);
  749. }
  750. static void
  751. test_build_authorized_client(void *arg)
  752. {
  753. int ret;
  754. hs_desc_authorized_client_t *desc_client = NULL;
  755. uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN];
  756. curve25519_secret_key_t auth_ephemeral_sk;
  757. curve25519_secret_key_t client_auth_sk;
  758. curve25519_public_key_t client_auth_pk;
  759. const char ephemeral_sk_b16[] =
  760. "d023b674d993a5c8446bd2ca97e9961149b3c0e88c7dc14e8777744dd3468d6a";
  761. const char descriptor_cookie_b16[] =
  762. "07d087f1d8c68393721f6e70316d3b29";
  763. const char client_pubkey_b16[] =
  764. "8c1298fa6050e372f8598f6deca32e27b0ad457741422c2629ebb132cf7fae37";
  765. uint8_t subcredential[DIGEST256_LEN];
  766. char *mem_op_hex_tmp=NULL;
  767. (void) arg;
  768. ret = curve25519_secret_key_generate(&auth_ephemeral_sk, 0);
  769. tt_int_op(ret, OP_EQ, 0);
  770. ret = curve25519_secret_key_generate(&client_auth_sk, 0);
  771. tt_int_op(ret, OP_EQ, 0);
  772. curve25519_public_key_generate(&client_auth_pk, &client_auth_sk);
  773. memset(subcredential, 42, sizeof(subcredential));
  774. desc_client = tor_malloc_zero(sizeof(hs_desc_authorized_client_t));
  775. base16_decode((char *) &auth_ephemeral_sk,
  776. sizeof(auth_ephemeral_sk),
  777. ephemeral_sk_b16,
  778. strlen(ephemeral_sk_b16));
  779. base16_decode((char *) descriptor_cookie,
  780. sizeof(descriptor_cookie),
  781. descriptor_cookie_b16,
  782. strlen(descriptor_cookie_b16));
  783. base16_decode((char *) &client_auth_pk,
  784. sizeof(client_auth_pk),
  785. client_pubkey_b16,
  786. strlen(client_pubkey_b16));
  787. MOCK(crypto_strongest_rand_, mock_crypto_strongest_rand);
  788. hs_desc_build_authorized_client(subcredential,
  789. &client_auth_pk, &auth_ephemeral_sk,
  790. descriptor_cookie, desc_client);
  791. test_memeq_hex((char *) desc_client->client_id,
  792. "EC19B7FF4D2DDA13");
  793. test_memeq_hex((char *) desc_client->iv,
  794. "01010101010101010101010101010101");
  795. test_memeq_hex((char *) desc_client->encrypted_cookie,
  796. "B21222BE13F385F355BD07B2381F9F29");
  797. done:
  798. tor_free(desc_client);
  799. tor_free(mem_op_hex_tmp);
  800. UNMOCK(crypto_strongest_rand_);
  801. }
  802. struct testcase_t hs_descriptor[] = {
  803. /* Encoding tests. */
  804. { "cert_encoding", test_cert_encoding, TT_FORK,
  805. NULL, NULL },
  806. { "link_specifier", test_link_specifier, TT_FORK,
  807. NULL, NULL },
  808. { "encode_descriptor", test_encode_descriptor, TT_FORK,
  809. NULL, NULL },
  810. { "descriptor_padding", test_descriptor_padding, TT_FORK,
  811. NULL, NULL },
  812. /* Decoding tests. */
  813. { "decode_descriptor", test_decode_descriptor, TT_FORK,
  814. NULL, NULL },
  815. { "encrypted_data_len", test_encrypted_data_len, TT_FORK,
  816. NULL, NULL },
  817. { "decode_invalid_intro_point", test_decode_invalid_intro_point, TT_FORK,
  818. NULL, NULL },
  819. { "decode_plaintext", test_decode_plaintext, TT_FORK,
  820. NULL, NULL },
  821. { "decode_bad_signature", test_decode_bad_signature, TT_FORK,
  822. NULL, NULL },
  823. /* Misc. */
  824. { "version", test_supported_version, TT_FORK,
  825. NULL, NULL },
  826. { "validate_cert", test_validate_cert, TT_FORK,
  827. NULL, NULL },
  828. { "desc_signature", test_desc_signature, TT_FORK,
  829. NULL, NULL },
  830. { "build_authorized_client", test_build_authorized_client, TT_FORK,
  831. NULL, NULL },
  832. END_OF_TESTCASES
  833. };