test_hs_intropoint.c 29 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930
  1. /* Copyright (c) 2016-2018, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. /**
  4. * \file test_hs_service.c
  5. * \brief Test hidden service functionality.
  6. */
  7. #define HS_SERVICE_PRIVATE
  8. #define HS_INTROPOINT_PRIVATE
  9. #define RENDSERVICE_PRIVATE
  10. #define CIRCUITLIST_PRIVATE
  11. #include "test/test.h"
  12. #include "test/log_test_helpers.h"
  13. #include "lib/crypt_ops/crypto_rand.h"
  14. #include "core/or/or.h"
  15. #include "core/or/circuitlist.h"
  16. #include "core/or/circuituse.h"
  17. #include "ht.h"
  18. #include "core/or/relay.h"
  19. #include "feature/rend/rendservice.h"
  20. #include "feature/hs/hs_cell.h"
  21. #include "feature/hs/hs_circuitmap.h"
  22. #include "feature/hs/hs_common.h"
  23. #include "feature/hs/hs_intropoint.h"
  24. #include "feature/hs/hs_service.h"
  25. #include "core/or/or_circuit_st.h"
  26. /* Trunnel. */
  27. #include "trunnel/hs/cell_establish_intro.h"
  28. #include "trunnel/hs/cell_introduce1.h"
  29. #include "trunnel/hs/cell_common.h"
  30. static size_t
  31. new_establish_intro_cell(const char *circ_nonce,
  32. trn_cell_establish_intro_t **cell_out)
  33. {
  34. ssize_t cell_len = 0;
  35. uint8_t buf[RELAY_PAYLOAD_SIZE] = {0};
  36. trn_cell_establish_intro_t *cell = NULL;
  37. hs_service_intro_point_t *ip = NULL;
  38. /* Ensure that *cell_out is NULL such that we can use to check if we need to
  39. * free `cell` in case of an error. */
  40. *cell_out = NULL;
  41. /* Auth key pair is generated in the constructor so we are all set for
  42. * using this IP object. */
  43. ip = service_intro_point_new(NULL, 0);
  44. tt_assert(ip);
  45. cell_len = hs_cell_build_establish_intro(circ_nonce, ip, buf);
  46. tt_i64_op(cell_len, OP_GT, 0);
  47. cell_len = trn_cell_establish_intro_parse(&cell, buf, sizeof(buf));
  48. tt_i64_op(cell_len, OP_GT, 0);
  49. tt_assert(cell);
  50. *cell_out = cell;
  51. done:
  52. if (*cell_out == NULL)
  53. trn_cell_establish_intro_free(cell);
  54. service_intro_point_free(ip);
  55. return cell_len;
  56. }
  57. static ssize_t
  58. new_establish_intro_encoded_cell(const char *circ_nonce, uint8_t *cell_out)
  59. {
  60. ssize_t cell_len = 0;
  61. hs_service_intro_point_t *ip = NULL;
  62. /* Auth key pair is generated in the constructor so we are all set for
  63. * using this IP object. */
  64. ip = service_intro_point_new(NULL, 0);
  65. tt_assert(ip);
  66. cell_len = hs_cell_build_establish_intro(circ_nonce, ip, cell_out);
  67. tt_i64_op(cell_len, OP_GT, 0);
  68. done:
  69. service_intro_point_free(ip);
  70. return cell_len;
  71. }
  72. /* Mock function to avoid networking in unittests */
  73. static int
  74. mock_send_intro_established_cell(or_circuit_t *circ)
  75. {
  76. (void) circ;
  77. return 0;
  78. }
  79. static int
  80. mock_relay_send_command_from_edge(streamid_t stream_id, circuit_t *circ,
  81. uint8_t relay_command, const char *payload,
  82. size_t payload_len,
  83. crypt_path_t *cpath_layer,
  84. const char *filename, int lineno)
  85. {
  86. (void) stream_id;
  87. (void) circ;
  88. (void) relay_command;
  89. (void) payload;
  90. (void) payload_len;
  91. (void) cpath_layer;
  92. (void) filename;
  93. (void) lineno;
  94. return 0;
  95. }
  96. static or_circuit_t *
  97. helper_create_intro_circuit(void)
  98. {
  99. or_circuit_t *circ = or_circuit_new(0, NULL);
  100. tt_assert(circ);
  101. circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_OR);
  102. done:
  103. return circ;
  104. }
  105. static trn_cell_introduce1_t *
  106. helper_create_introduce1_cell(void)
  107. {
  108. trn_cell_introduce1_t *cell = NULL;
  109. ed25519_keypair_t auth_key_kp;
  110. /* Generate the auth_key of the cell. */
  111. if (ed25519_keypair_generate(&auth_key_kp, 0) < 0) {
  112. goto err;
  113. }
  114. cell = trn_cell_introduce1_new();
  115. tt_assert(cell);
  116. /* Set the auth key. */
  117. {
  118. size_t auth_key_len = sizeof(auth_key_kp.pubkey);
  119. trn_cell_introduce1_set_auth_key_type(cell,
  120. HS_INTRO_AUTH_KEY_TYPE_ED25519);
  121. trn_cell_introduce1_set_auth_key_len(cell, auth_key_len);
  122. trn_cell_introduce1_setlen_auth_key(cell, auth_key_len);
  123. uint8_t *auth_key_ptr = trn_cell_introduce1_getarray_auth_key(cell);
  124. memcpy(auth_key_ptr, auth_key_kp.pubkey.pubkey, auth_key_len);
  125. }
  126. /* Set the cell extensions to none. */
  127. {
  128. trn_cell_extension_t *ext = trn_cell_extension_new();
  129. trn_cell_extension_set_num(ext, 0);
  130. trn_cell_introduce1_set_extensions(cell, ext);
  131. }
  132. /* Set the encrypted section to some data. */
  133. {
  134. size_t enc_len = 128;
  135. trn_cell_introduce1_setlen_encrypted(cell, enc_len);
  136. uint8_t *enc_ptr = trn_cell_introduce1_getarray_encrypted(cell);
  137. memset(enc_ptr, 'a', enc_len);
  138. }
  139. return cell;
  140. err:
  141. done:
  142. trn_cell_introduce1_free(cell);
  143. return NULL;
  144. }
  145. /* Try sending an ESTABLISH_INTRO cell on a circuit that is already an intro
  146. * point. Should fail. */
  147. static void
  148. test_establish_intro_wrong_purpose(void *arg)
  149. {
  150. int retval;
  151. ssize_t cell_len = 0;
  152. char circ_nonce[DIGEST_LEN] = {0};
  153. uint8_t cell_body[RELAY_PAYLOAD_SIZE];
  154. or_circuit_t *intro_circ = or_circuit_new(0,NULL);
  155. (void)arg;
  156. /* Get the auth key of the intro point */
  157. crypto_rand(circ_nonce, sizeof(circ_nonce));
  158. memcpy(intro_circ->rend_circ_nonce, circ_nonce, DIGEST_LEN);
  159. /* Set a bad circuit purpose!! :) */
  160. circuit_change_purpose(TO_CIRCUIT(intro_circ), CIRCUIT_PURPOSE_INTRO_POINT);
  161. /* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we
  162. attempt to parse it. */
  163. cell_len = new_establish_intro_encoded_cell(circ_nonce, cell_body);
  164. tt_i64_op(cell_len, OP_GT, 0);
  165. /* Receive the cell. Should fail. */
  166. setup_full_capture_of_logs(LOG_INFO);
  167. retval = hs_intro_received_establish_intro(intro_circ, cell_body, cell_len);
  168. expect_log_msg_containing("Rejecting ESTABLISH_INTRO on non-OR circuit.");
  169. teardown_capture_of_logs();
  170. tt_int_op(retval, OP_EQ, -1);
  171. done:
  172. circuit_free_(TO_CIRCUIT(intro_circ));
  173. }
  174. /* Prepare a circuit for accepting an ESTABLISH_INTRO cell */
  175. static void
  176. helper_prepare_circ_for_intro(or_circuit_t *circ, const char *circ_nonce)
  177. {
  178. /* Prepare the circuit for the incoming ESTABLISH_INTRO */
  179. circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_OR);
  180. memcpy(circ->rend_circ_nonce, circ_nonce, DIGEST_LEN);
  181. }
  182. /* Send an empty ESTABLISH_INTRO cell. Should fail. */
  183. static void
  184. test_establish_intro_wrong_keytype(void *arg)
  185. {
  186. int retval;
  187. or_circuit_t *intro_circ = or_circuit_new(0,NULL);
  188. char circ_nonce[DIGEST_LEN] = {0};
  189. (void) arg;
  190. /* Get the auth key of the intro point */
  191. crypto_rand(circ_nonce, sizeof(circ_nonce));
  192. helper_prepare_circ_for_intro(intro_circ, circ_nonce);
  193. /* Receive the cell. Should fail. */
  194. setup_full_capture_of_logs(LOG_INFO);
  195. retval = hs_intro_received_establish_intro(intro_circ, (uint8_t *) "", 0);
  196. expect_log_msg_containing("Empty ESTABLISH_INTRO cell.");
  197. teardown_capture_of_logs();
  198. tt_int_op(retval, OP_EQ, -1);
  199. done:
  200. circuit_free_(TO_CIRCUIT(intro_circ));
  201. }
  202. /* Send an ESTABLISH_INTRO cell with an unknown auth key type. Should fail. */
  203. static void
  204. test_establish_intro_wrong_keytype2(void *arg)
  205. {
  206. int retval;
  207. char circ_nonce[DIGEST_LEN] = {0};
  208. uint8_t cell_body[RELAY_PAYLOAD_SIZE];
  209. ssize_t cell_len = 0;
  210. or_circuit_t *intro_circ = or_circuit_new(0,NULL);
  211. (void) arg;
  212. /* Get the auth key of the intro point */
  213. crypto_rand(circ_nonce, sizeof(circ_nonce));
  214. helper_prepare_circ_for_intro(intro_circ, circ_nonce);
  215. /* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we
  216. * attempt to parse it. */
  217. cell_len = new_establish_intro_encoded_cell(circ_nonce, cell_body);
  218. tt_i64_op(cell_len, OP_GT, 0);
  219. /* Mutate the auth key type! :) */
  220. cell_body[0] = 42;
  221. /* Receive the cell. Should fail. */
  222. setup_full_capture_of_logs(LOG_INFO);
  223. retval = hs_intro_received_establish_intro(intro_circ, cell_body, cell_len);
  224. expect_log_msg_containing("Unrecognized AUTH_KEY_TYPE 42.");
  225. teardown_capture_of_logs();
  226. tt_int_op(retval, OP_EQ, -1);
  227. done:
  228. circuit_free_(TO_CIRCUIT(intro_circ));
  229. }
  230. /* Send a legit ESTABLISH_INTRO cell but with a wrong MAC. Should fail. */
  231. static void
  232. test_establish_intro_wrong_mac(void *arg)
  233. {
  234. int retval;
  235. char circ_nonce[DIGEST_LEN] = {0};
  236. ssize_t cell_len = 0;
  237. uint8_t cell_body[RELAY_PAYLOAD_SIZE];
  238. trn_cell_establish_intro_t *cell = NULL;
  239. or_circuit_t *intro_circ = or_circuit_new(0,NULL);
  240. (void) arg;
  241. /* Get the auth key of the intro point */
  242. crypto_rand(circ_nonce, sizeof(circ_nonce));
  243. helper_prepare_circ_for_intro(intro_circ, circ_nonce);
  244. /* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we
  245. * attempt to parse it. */
  246. cell_len = new_establish_intro_cell(circ_nonce, &cell);
  247. tt_i64_op(cell_len, OP_GT, 0);
  248. tt_assert(cell);
  249. /* Mangle one byte of the MAC. */
  250. uint8_t *handshake_ptr =
  251. trn_cell_establish_intro_getarray_handshake_mac(cell);
  252. handshake_ptr[TRUNNEL_SHA3_256_LEN - 1]++;
  253. /* We need to resign the payload with that change. */
  254. {
  255. ed25519_signature_t sig;
  256. ed25519_keypair_t key_struct;
  257. /* New keypair for the signature since we don't have access to the private
  258. * key material generated earlier when creating the cell. */
  259. retval = ed25519_keypair_generate(&key_struct, 0);
  260. tt_int_op(retval, OP_EQ, 0);
  261. uint8_t *auth_key_ptr =
  262. trn_cell_establish_intro_getarray_auth_key(cell);
  263. memcpy(auth_key_ptr, key_struct.pubkey.pubkey, ED25519_PUBKEY_LEN);
  264. /* Encode payload so we can sign it. */
  265. cell_len = trn_cell_establish_intro_encode(cell_body, sizeof(cell_body),
  266. cell);
  267. tt_i64_op(cell_len, OP_GT, 0);
  268. retval = ed25519_sign_prefixed(&sig, cell_body,
  269. cell_len -
  270. (ED25519_SIG_LEN + sizeof(cell->sig_len)),
  271. ESTABLISH_INTRO_SIG_PREFIX, &key_struct);
  272. tt_int_op(retval, OP_EQ, 0);
  273. /* And write the signature to the cell */
  274. uint8_t *sig_ptr =
  275. trn_cell_establish_intro_getarray_sig(cell);
  276. memcpy(sig_ptr, sig.sig, cell->sig_len);
  277. /* Re-encode with the new signature. */
  278. cell_len = trn_cell_establish_intro_encode(cell_body, sizeof(cell_body),
  279. cell);
  280. tt_i64_op(cell_len, OP_GT, 0);
  281. }
  282. /* Receive the cell. Should fail because our MAC is wrong. */
  283. setup_full_capture_of_logs(LOG_INFO);
  284. retval = hs_intro_received_establish_intro(intro_circ, cell_body, cell_len);
  285. expect_log_msg_containing("ESTABLISH_INTRO handshake_auth not as expected");
  286. teardown_capture_of_logs();
  287. tt_int_op(retval, OP_EQ, -1);
  288. done:
  289. trn_cell_establish_intro_free(cell);
  290. circuit_free_(TO_CIRCUIT(intro_circ));
  291. }
  292. /* Send a legit ESTABLISH_INTRO cell but with a wrong auth key length. Should
  293. * fail. */
  294. static void
  295. test_establish_intro_wrong_auth_key_len(void *arg)
  296. {
  297. int retval;
  298. char circ_nonce[DIGEST_LEN] = {0};
  299. uint8_t cell_body[RELAY_PAYLOAD_SIZE];
  300. ssize_t cell_len = 0;
  301. size_t bad_auth_key_len = ED25519_PUBKEY_LEN - 1;
  302. trn_cell_establish_intro_t *cell = NULL;
  303. or_circuit_t *intro_circ = or_circuit_new(0,NULL);
  304. (void) arg;
  305. /* Get the auth key of the intro point */
  306. crypto_rand(circ_nonce, sizeof(circ_nonce));
  307. helper_prepare_circ_for_intro(intro_circ, circ_nonce);
  308. /* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we
  309. * attempt to parse it. */
  310. cell_len = new_establish_intro_cell(circ_nonce, &cell);
  311. tt_i64_op(cell_len, OP_GT, 0);
  312. tt_assert(cell);
  313. /* Mangle the auth key length. */
  314. trn_cell_establish_intro_set_auth_key_len(cell, bad_auth_key_len);
  315. trn_cell_establish_intro_setlen_auth_key(cell, bad_auth_key_len);
  316. /* Encode cell. */
  317. cell_len = trn_cell_establish_intro_encode(cell_body, sizeof(cell_body),
  318. cell);
  319. tt_int_op(cell_len, OP_GT, 0);
  320. /* Receive the cell. Should fail. */
  321. setup_full_capture_of_logs(LOG_INFO);
  322. retval = hs_intro_received_establish_intro(intro_circ, cell_body, cell_len);
  323. expect_log_msg_containing("ESTABLISH_INTRO auth key length is invalid");
  324. teardown_capture_of_logs();
  325. tt_int_op(retval, OP_EQ, -1);
  326. done:
  327. trn_cell_establish_intro_free(cell);
  328. circuit_free_(TO_CIRCUIT(intro_circ));
  329. }
  330. /* Send a legit ESTABLISH_INTRO cell but with a wrong sig length. Should
  331. * fail. */
  332. static void
  333. test_establish_intro_wrong_sig_len(void *arg)
  334. {
  335. int retval;
  336. char circ_nonce[DIGEST_LEN] = {0};
  337. uint8_t cell_body[RELAY_PAYLOAD_SIZE];
  338. ssize_t cell_len = 0;
  339. size_t bad_sig_len = ED25519_SIG_LEN - 1;
  340. trn_cell_establish_intro_t *cell = NULL;
  341. or_circuit_t *intro_circ = or_circuit_new(0,NULL);
  342. (void) arg;
  343. /* Get the auth key of the intro point */
  344. crypto_rand(circ_nonce, sizeof(circ_nonce));
  345. helper_prepare_circ_for_intro(intro_circ, circ_nonce);
  346. /* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we
  347. * attempt to parse it. */
  348. cell_len = new_establish_intro_cell(circ_nonce, &cell);
  349. tt_i64_op(cell_len, OP_GT, 0);
  350. tt_assert(cell);
  351. /* Mangle the signature length. */
  352. trn_cell_establish_intro_set_sig_len(cell, bad_sig_len);
  353. trn_cell_establish_intro_setlen_sig(cell, bad_sig_len);
  354. /* Encode cell. */
  355. cell_len = trn_cell_establish_intro_encode(cell_body, sizeof(cell_body),
  356. cell);
  357. tt_int_op(cell_len, OP_GT, 0);
  358. /* Receive the cell. Should fail. */
  359. setup_full_capture_of_logs(LOG_INFO);
  360. retval = hs_intro_received_establish_intro(intro_circ, cell_body, cell_len);
  361. expect_log_msg_containing("ESTABLISH_INTRO sig len is invalid");
  362. teardown_capture_of_logs();
  363. tt_int_op(retval, OP_EQ, -1);
  364. done:
  365. trn_cell_establish_intro_free(cell);
  366. circuit_free_(TO_CIRCUIT(intro_circ));
  367. }
  368. /* Send a legit ESTABLISH_INTRO cell but slightly change the signature. Should
  369. * fail. */
  370. static void
  371. test_establish_intro_wrong_sig(void *arg)
  372. {
  373. int retval;
  374. char circ_nonce[DIGEST_LEN] = {0};
  375. uint8_t cell_body[RELAY_PAYLOAD_SIZE];
  376. ssize_t cell_len = 0;
  377. or_circuit_t *intro_circ = or_circuit_new(0,NULL);
  378. (void) arg;
  379. /* Get the auth key of the intro point */
  380. crypto_rand(circ_nonce, sizeof(circ_nonce));
  381. helper_prepare_circ_for_intro(intro_circ, circ_nonce);
  382. /* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we
  383. attempt to parse it. */
  384. cell_len = new_establish_intro_encoded_cell(circ_nonce, cell_body);
  385. tt_i64_op(cell_len, OP_GT, 0);
  386. /* Mutate the last byte (signature)! :) */
  387. cell_body[cell_len - 1]++;
  388. /* Receive the cell. Should fail. */
  389. setup_full_capture_of_logs(LOG_INFO);
  390. retval = hs_intro_received_establish_intro(intro_circ, cell_body,
  391. (size_t)cell_len);
  392. expect_log_msg_containing("Failed to verify ESTABLISH_INTRO cell.");
  393. teardown_capture_of_logs();
  394. tt_int_op(retval, OP_EQ, -1);
  395. done:
  396. circuit_free_(TO_CIRCUIT(intro_circ));
  397. }
  398. /* Helper function: Send a well-formed v3 ESTABLISH_INTRO cell to
  399. * <b>intro_circ</b>. Return the cell. */
  400. static trn_cell_establish_intro_t *
  401. helper_establish_intro_v3(or_circuit_t *intro_circ)
  402. {
  403. int retval;
  404. char circ_nonce[DIGEST_LEN] = {0};
  405. uint8_t cell_body[RELAY_PAYLOAD_SIZE];
  406. ssize_t cell_len = 0;
  407. trn_cell_establish_intro_t *cell = NULL;
  408. tt_assert(intro_circ);
  409. /* Prepare the circuit for the incoming ESTABLISH_INTRO */
  410. crypto_rand(circ_nonce, sizeof(circ_nonce));
  411. helper_prepare_circ_for_intro(intro_circ, circ_nonce);
  412. /* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we
  413. * attempt to parse it. */
  414. cell_len = new_establish_intro_cell(circ_nonce, &cell);
  415. tt_i64_op(cell_len, OP_GT, 0);
  416. tt_assert(cell);
  417. cell_len = trn_cell_establish_intro_encode(cell_body, sizeof(cell_body),
  418. cell);
  419. tt_int_op(cell_len, OP_GT, 0);
  420. /* Receive the cell */
  421. retval = hs_intro_received_establish_intro(intro_circ, cell_body,
  422. (size_t) cell_len);
  423. tt_int_op(retval, OP_EQ, 0);
  424. done:
  425. return cell;
  426. }
  427. /* Helper function: Send a well-formed v2 ESTABLISH_INTRO cell to
  428. * <b>intro_circ</b>. Return the public key advertised in the cell. */
  429. static crypto_pk_t *
  430. helper_establish_intro_v2(or_circuit_t *intro_circ)
  431. {
  432. crypto_pk_t *key1 = NULL;
  433. int retval;
  434. uint8_t cell_body[RELAY_PAYLOAD_SIZE];
  435. ssize_t cell_len = 0;
  436. char circ_nonce[DIGEST_LEN] = {0};
  437. tt_assert(intro_circ);
  438. /* Prepare the circuit for the incoming ESTABLISH_INTRO */
  439. crypto_rand(circ_nonce, sizeof(circ_nonce));
  440. helper_prepare_circ_for_intro(intro_circ, circ_nonce);
  441. /* Send legacy establish_intro */
  442. key1 = pk_generate(0);
  443. /* Use old circ_nonce why not */
  444. cell_len = rend_service_encode_establish_intro_cell(
  445. (char*)cell_body,
  446. sizeof(cell_body), key1,
  447. circ_nonce);
  448. tt_int_op(cell_len, OP_GT, 0);
  449. /* Receive legacy establish_intro */
  450. retval = hs_intro_received_establish_intro(intro_circ,
  451. cell_body, (size_t) cell_len);
  452. tt_int_op(retval, OP_EQ, 0);
  453. done:
  454. return key1;
  455. }
  456. /* Helper function: test circuitmap free_all function outside of
  457. * test_intro_point_registration to prevent Coverity from seeing a
  458. * double free if the assertion hypothetically fails.
  459. */
  460. static void
  461. test_circuitmap_free_all(void)
  462. {
  463. hs_circuitmap_ht *the_hs_circuitmap = NULL;
  464. the_hs_circuitmap = get_hs_circuitmap();
  465. tt_assert(the_hs_circuitmap);
  466. hs_circuitmap_free_all();
  467. the_hs_circuitmap = get_hs_circuitmap();
  468. tt_ptr_op(the_hs_circuitmap, OP_EQ, NULL);
  469. done:
  470. ;
  471. }
  472. /** Successfully register a v2 intro point and a v3 intro point. Ensure that HS
  473. * circuitmap is maintained properly. */
  474. static void
  475. test_intro_point_registration(void *arg)
  476. {
  477. int retval;
  478. hs_circuitmap_ht *the_hs_circuitmap = NULL;
  479. or_circuit_t *intro_circ = NULL;
  480. trn_cell_establish_intro_t *establish_intro_cell = NULL;
  481. ed25519_public_key_t auth_key;
  482. crypto_pk_t *legacy_auth_key = NULL;
  483. or_circuit_t *legacy_intro_circ = NULL;
  484. or_circuit_t *returned_intro_circ = NULL;
  485. (void) arg;
  486. MOCK(hs_intro_send_intro_established_cell, mock_send_intro_established_cell);
  487. hs_circuitmap_init();
  488. /* Check that the circuitmap is currently empty */
  489. {
  490. the_hs_circuitmap = get_hs_circuitmap();
  491. tt_assert(the_hs_circuitmap);
  492. tt_int_op(0, OP_EQ, HT_SIZE(the_hs_circuitmap));
  493. /* Do a circuitmap query in any case */
  494. returned_intro_circ =hs_circuitmap_get_intro_circ_v3_relay_side(&auth_key);
  495. tt_ptr_op(returned_intro_circ, OP_EQ, NULL);
  496. }
  497. /* Create a v3 intro point */
  498. {
  499. intro_circ = or_circuit_new(0, NULL);
  500. tt_assert(intro_circ);
  501. establish_intro_cell = helper_establish_intro_v3(intro_circ);
  502. /* Check that the intro point was registered on the HS circuitmap */
  503. the_hs_circuitmap = get_hs_circuitmap();
  504. tt_assert(the_hs_circuitmap);
  505. tt_int_op(1, OP_EQ, HT_SIZE(the_hs_circuitmap));
  506. get_auth_key_from_cell(&auth_key, RELAY_COMMAND_ESTABLISH_INTRO,
  507. establish_intro_cell);
  508. returned_intro_circ =
  509. hs_circuitmap_get_intro_circ_v3_relay_side(&auth_key);
  510. tt_ptr_op(intro_circ, OP_EQ, returned_intro_circ);
  511. }
  512. /* Create a v2 intro point */
  513. {
  514. char key_digest[DIGEST_LEN];
  515. legacy_intro_circ = or_circuit_new(1, NULL);
  516. tt_assert(legacy_intro_circ);
  517. legacy_auth_key = helper_establish_intro_v2(legacy_intro_circ);
  518. tt_assert(legacy_auth_key);
  519. /* Check that the circuitmap now has two elements */
  520. the_hs_circuitmap = get_hs_circuitmap();
  521. tt_assert(the_hs_circuitmap);
  522. tt_int_op(2, OP_EQ, HT_SIZE(the_hs_circuitmap));
  523. /* Check that the new element is our legacy intro circuit. */
  524. retval = crypto_pk_get_digest(legacy_auth_key, key_digest);
  525. tt_int_op(retval, OP_EQ, 0);
  526. returned_intro_circ =
  527. hs_circuitmap_get_intro_circ_v2_relay_side((uint8_t*)key_digest);
  528. tt_ptr_op(legacy_intro_circ, OP_EQ, returned_intro_circ);
  529. }
  530. /* XXX Continue test and try to register a second v3 intro point with the
  531. * same auth key. Make sure that old intro circuit gets closed. */
  532. done:
  533. crypto_pk_free(legacy_auth_key);
  534. circuit_free_(TO_CIRCUIT(intro_circ));
  535. circuit_free_(TO_CIRCUIT(legacy_intro_circ));
  536. trn_cell_establish_intro_free(establish_intro_cell);
  537. test_circuitmap_free_all();
  538. UNMOCK(hs_intro_send_intro_established_cell);
  539. }
  540. static void
  541. test_introduce1_suitable_circuit(void *arg)
  542. {
  543. int ret;
  544. or_circuit_t *circ = NULL;
  545. (void) arg;
  546. /* Valid suitable circuit. */
  547. {
  548. circ = or_circuit_new(0, NULL);
  549. circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_OR);
  550. ret = circuit_is_suitable_for_introduce1(circ);
  551. circuit_free_(TO_CIRCUIT(circ));
  552. tt_int_op(ret, OP_EQ, 1);
  553. }
  554. /* Test if the circuit purpose safeguard works correctly. */
  555. {
  556. circ = or_circuit_new(0, NULL);
  557. circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_INTRO_POINT);
  558. ret = circuit_is_suitable_for_introduce1(circ);
  559. circuit_free_(TO_CIRCUIT(circ));
  560. tt_int_op(ret, OP_EQ, 0);
  561. }
  562. /* Test the non-edge circuit safeguard works correctly. */
  563. {
  564. circ = or_circuit_new(0, NULL);
  565. circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_OR);
  566. /* Bogus pointer, the check is against NULL on n_chan. */
  567. circ->base_.n_chan = (channel_t *) circ;
  568. ret = circuit_is_suitable_for_introduce1(circ);
  569. circuit_free_(TO_CIRCUIT(circ));
  570. tt_int_op(ret, OP_EQ, 0);
  571. }
  572. /* Mangle the circuit a bit more so see if our only one INTRODUCE1 cell
  573. * limit works correctly. */
  574. {
  575. circ = or_circuit_new(0, NULL);
  576. circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_OR);
  577. circ->already_received_introduce1 = 1;
  578. ret = circuit_is_suitable_for_introduce1(circ);
  579. circuit_free_(TO_CIRCUIT(circ));
  580. tt_int_op(ret, OP_EQ, 0);
  581. }
  582. done:
  583. ;
  584. }
  585. static void
  586. test_introduce1_is_legacy(void *arg)
  587. {
  588. int ret;
  589. uint8_t request[256];
  590. (void) arg;
  591. /* For a cell to be considered legacy, according to the specification, the
  592. * first 20 bytes MUST BE non-zero else it's a v3 cell. */
  593. memset(request, 'a', DIGEST_LEN);
  594. memset(request + DIGEST_LEN, 0, sizeof(request) - DIGEST_LEN);
  595. ret = introduce1_cell_is_legacy(request);
  596. tt_int_op(ret, OP_EQ, 1);
  597. /* This is a NON legacy cell. */
  598. memset(request, 0, DIGEST_LEN);
  599. memset(request + DIGEST_LEN, 'a', sizeof(request) - DIGEST_LEN);
  600. ret = introduce1_cell_is_legacy(request);
  601. tt_int_op(ret, OP_EQ, 0);
  602. done:
  603. ;
  604. }
  605. static void
  606. test_introduce1_validation(void *arg)
  607. {
  608. int ret;
  609. trn_cell_introduce1_t *cell = NULL;
  610. (void) arg;
  611. /* Create our decoy cell that we'll modify as we go to test the validation
  612. * function of that parsed cell. */
  613. cell = helper_create_introduce1_cell();
  614. tt_assert(cell);
  615. /* It should NOT be a legacy cell which will trigger a BUG(). */
  616. memset(cell->legacy_key_id, 'a', sizeof(cell->legacy_key_id));
  617. tor_capture_bugs_(1);
  618. ret = validate_introduce1_parsed_cell(cell);
  619. tor_end_capture_bugs_();
  620. tt_int_op(ret, OP_EQ, -1);
  621. /* Reset legacy ID and make sure it's correct. */
  622. memset(cell->legacy_key_id, 0, sizeof(cell->legacy_key_id));
  623. ret = validate_introduce1_parsed_cell(cell);
  624. tt_int_op(ret, OP_EQ, 0);
  625. /* Non existing auth key type. */
  626. cell->auth_key_type = 42;
  627. ret = validate_introduce1_parsed_cell(cell);
  628. tt_int_op(ret, OP_EQ, -1);
  629. /* Reset is to correct value and make sure it's correct. */
  630. cell->auth_key_type = HS_INTRO_AUTH_KEY_TYPE_ED25519;
  631. ret = validate_introduce1_parsed_cell(cell);
  632. tt_int_op(ret, OP_EQ, 0);
  633. /* Really bad key length. */
  634. cell->auth_key_len = 0;
  635. ret = validate_introduce1_parsed_cell(cell);
  636. tt_int_op(ret, OP_EQ, -1);
  637. cell->auth_key_len = UINT16_MAX;
  638. ret = validate_introduce1_parsed_cell(cell);
  639. tt_int_op(ret, OP_EQ, -1);
  640. /* Correct size, let's try that. */
  641. cell->auth_key_len = sizeof(ed25519_public_key_t);
  642. ret = validate_introduce1_parsed_cell(cell);
  643. tt_int_op(ret, OP_EQ, 0);
  644. /* Set an invalid size of the auth key buffer. */
  645. trn_cell_introduce1_setlen_auth_key(cell, 3);
  646. ret = validate_introduce1_parsed_cell(cell);
  647. tt_int_op(ret, OP_EQ, -1);
  648. /* Reset auth key buffer and make sure it works. */
  649. trn_cell_introduce1_setlen_auth_key(cell, sizeof(ed25519_public_key_t));
  650. ret = validate_introduce1_parsed_cell(cell);
  651. tt_int_op(ret, OP_EQ, 0);
  652. /* Empty encrypted section. */
  653. trn_cell_introduce1_setlen_encrypted(cell, 0);
  654. ret = validate_introduce1_parsed_cell(cell);
  655. tt_int_op(ret, OP_EQ, -1);
  656. /* Reset it to some non zero bytes and validate. */
  657. trn_cell_introduce1_setlen_encrypted(cell, 1);
  658. ret = validate_introduce1_parsed_cell(cell);
  659. tt_int_op(ret, OP_EQ, 0);
  660. done:
  661. trn_cell_introduce1_free(cell);
  662. }
  663. static void
  664. test_received_introduce1_handling(void *arg)
  665. {
  666. int ret;
  667. uint8_t *request = NULL, buf[128];
  668. trn_cell_introduce1_t *cell = NULL;
  669. or_circuit_t *circ = NULL;
  670. (void) arg;
  671. MOCK(relay_send_command_from_edge_, mock_relay_send_command_from_edge);
  672. hs_circuitmap_init();
  673. /* Too small request length. An INTRODUCE1 expect at the very least a
  674. * DIGEST_LEN size. */
  675. {
  676. memset(buf, 0, sizeof(buf));
  677. circ = helper_create_intro_circuit();
  678. ret = hs_intro_received_introduce1(circ, buf, DIGEST_LEN - 1);
  679. tt_int_op(ret, OP_EQ, -1);
  680. circuit_free_(TO_CIRCUIT(circ));
  681. }
  682. /* We have a unit test only for the suitability of a circuit to receive an
  683. * INTRODUCE1 cell so from now on we'll only test the handling of a cell. */
  684. /* Bad request. */
  685. {
  686. circ = helper_create_intro_circuit();
  687. uint8_t test[2]; /* Too small request. */
  688. memset(test, 0, sizeof(test));
  689. ret = handle_introduce1(circ, test, sizeof(test));
  690. tor_free(circ->p_chan);
  691. circuit_free_(TO_CIRCUIT(circ));
  692. tt_int_op(ret, OP_EQ, -1);
  693. }
  694. /* Valid case. */
  695. {
  696. cell = helper_create_introduce1_cell();
  697. ssize_t request_len = trn_cell_introduce1_encoded_len(cell);
  698. tt_int_op((int)request_len, OP_GT, 0);
  699. request = tor_malloc_zero(request_len);
  700. ssize_t encoded_len =
  701. trn_cell_introduce1_encode(request, request_len, cell);
  702. tt_int_op((int)encoded_len, OP_GT, 0);
  703. circ = helper_create_intro_circuit();
  704. or_circuit_t *service_circ = helper_create_intro_circuit();
  705. circuit_change_purpose(TO_CIRCUIT(service_circ),
  706. CIRCUIT_PURPOSE_INTRO_POINT);
  707. /* Register the circuit in the map for the auth key of the cell. */
  708. ed25519_public_key_t auth_key;
  709. const uint8_t *cell_auth_key =
  710. trn_cell_introduce1_getconstarray_auth_key(cell);
  711. memcpy(auth_key.pubkey, cell_auth_key, ED25519_PUBKEY_LEN);
  712. hs_circuitmap_register_intro_circ_v3_relay_side(service_circ, &auth_key);
  713. ret = hs_intro_received_introduce1(circ, request, request_len);
  714. circuit_free_(TO_CIRCUIT(circ));
  715. circuit_free_(TO_CIRCUIT(service_circ));
  716. tt_int_op(ret, OP_EQ, 0);
  717. }
  718. /* Valid legacy cell. */
  719. {
  720. tor_free(request);
  721. trn_cell_introduce1_free(cell);
  722. cell = helper_create_introduce1_cell();
  723. uint8_t *legacy_key_id = trn_cell_introduce1_getarray_legacy_key_id(cell);
  724. memset(legacy_key_id, 'a', DIGEST_LEN);
  725. /* Add an arbitrary amount of data for the payload of a v2 cell. */
  726. size_t request_len = trn_cell_introduce1_encoded_len(cell) + 256;
  727. tt_size_op(request_len, OP_GT, 0);
  728. request = tor_malloc_zero(request_len + 256);
  729. ssize_t encoded_len =
  730. trn_cell_introduce1_encode(request, request_len, cell);
  731. tt_int_op((int)encoded_len, OP_GT, 0);
  732. circ = helper_create_intro_circuit();
  733. or_circuit_t *service_circ = helper_create_intro_circuit();
  734. circuit_change_purpose(TO_CIRCUIT(service_circ),
  735. CIRCUIT_PURPOSE_INTRO_POINT);
  736. /* Register the circuit in the map for the auth key of the cell. */
  737. uint8_t token[REND_TOKEN_LEN];
  738. memcpy(token, legacy_key_id, sizeof(token));
  739. hs_circuitmap_register_intro_circ_v2_relay_side(service_circ, token);
  740. ret = hs_intro_received_introduce1(circ, request, request_len);
  741. circuit_free_(TO_CIRCUIT(circ));
  742. circuit_free_(TO_CIRCUIT(service_circ));
  743. tt_int_op(ret, OP_EQ, 0);
  744. }
  745. done:
  746. trn_cell_introduce1_free(cell);
  747. tor_free(request);
  748. hs_circuitmap_free_all();
  749. UNMOCK(relay_send_command_from_edge_);
  750. }
  751. struct testcase_t hs_intropoint_tests[] = {
  752. { "intro_point_registration",
  753. test_intro_point_registration, TT_FORK, NULL, NULL },
  754. { "receive_establish_intro_wrong_keytype",
  755. test_establish_intro_wrong_keytype, TT_FORK, NULL, NULL },
  756. { "receive_establish_intro_wrong_keytype2",
  757. test_establish_intro_wrong_keytype2, TT_FORK, NULL, NULL },
  758. { "receive_establish_intro_wrong_purpose",
  759. test_establish_intro_wrong_purpose, TT_FORK, NULL, NULL },
  760. { "receive_establish_intro_wrong_sig",
  761. test_establish_intro_wrong_sig, TT_FORK, NULL, NULL },
  762. { "receive_establish_intro_wrong_sig_len",
  763. test_establish_intro_wrong_sig_len, TT_FORK, NULL, NULL },
  764. { "receive_establish_intro_wrong_auth_key_len",
  765. test_establish_intro_wrong_auth_key_len, TT_FORK, NULL, NULL },
  766. { "receive_establish_intro_wrong_mac",
  767. test_establish_intro_wrong_mac, TT_FORK, NULL, NULL },
  768. { "introduce1_suitable_circuit",
  769. test_introduce1_suitable_circuit, TT_FORK, NULL, NULL },
  770. { "introduce1_is_legacy",
  771. test_introduce1_is_legacy, TT_FORK, NULL, NULL },
  772. { "introduce1_validation",
  773. test_introduce1_validation, TT_FORK, NULL, NULL },
  774. { "received_introduce1_handling",
  775. test_received_introduce1_handling, TT_FORK, NULL, NULL },
  776. END_OF_TESTCASES
  777. };