Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ed4aebcd97
Branches Tags
tor
/
src
/
test
/
test_hs_descriptor.c

test_hs_descriptor.c 36 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117 
  1. /* Copyright (c) 2016, The Tor Project, Inc. */
    2. 

  2. /* See LICENSE for licensing information */
    3. 

  3. 

  4. /**
    5. 

  5.  * \file test_hs_descriptor.c
    6. 

  6.  * \brief Test hidden service descriptor encoding and decoding.
    7. 

  7.  */
    8. 

  8. 

  9. #define HS_DESCRIPTOR_PRIVATE
    10. 

  10. 

  11. #include "crypto_ed25519.h"
    12. 

  12. #include "ed25519_cert.h"
    13. 

  13. #include "or.h"
    14. 

  14. #include "hs_descriptor.h"
    15. 

  15. #include "test.h"
    16. 

  16. #include "torcert.h"
    17. 

  17. 

  18. static hs_desc_intro_point_t *
    19. 

  19. helper_build_intro_point(const ed25519_keypair_t *blinded_kp, time_t now,
    20. 

  20.                          const char *addr, int legacy)
    21. 

  21. {
    22. 

  22.   int ret;
    23. 

  23.   ed25519_keypair_t auth_kp;
    24. 

  24.   hs_desc_intro_point_t *intro_point = NULL;
    25. 

  25.   hs_desc_intro_point_t *ip = tor_malloc_zero(sizeof(*ip));
    26. 

  26.   ip->link_specifiers = smartlist_new();
    27. 

  27. 

  28.   {
    29. 

  29.     hs_desc_link_specifier_t *ls = tor_malloc_zero(sizeof(*ls));
    30. 

  30.     if (legacy) {
    31. 

  31.       ls->type = LS_LEGACY_ID;
    32. 

  32.       memcpy(ls->u.legacy_id, "0299F268FCA9D55CD157976D39AE92B4B455B3A8",
    33. 

  33.              DIGEST_LEN);
    34. 

  34.     } else {
    35. 

  35.       ls->u.ap.port = 9001;
    36. 

  36.       int family = tor_addr_parse(&ls->u.ap.addr, addr);
    37. 

  37.       switch (family) {
    38. 

  38.       case AF_INET:
    39. 

  39.         ls->type = LS_IPV4;
    40. 

  40.         break;
    41. 

  41.       case AF_INET6:
    42. 

  42.         ls->type = LS_IPV6;
    43. 

  43.         break;
    44. 

  44.       default:
    45. 

  45.         /* Stop the test, not suppose to have an error. */
    46. 

  46.         tt_int_op(family, OP_EQ, AF_INET);
    47. 

  47.       }
    48. 

  48.     }
    49. 

  49.     smartlist_add(ip->link_specifiers, ls);
    50. 

  50.   }
    51. 

  51. 

  52.   ret = ed25519_keypair_generate(&auth_kp, 0);
    53. 

  53.   tt_int_op(ret, ==, 0);
    54. 

  54.   ip->auth_key_cert = tor_cert_create(blinded_kp, CERT_TYPE_AUTH_HS_IP_KEY,
    55. 

  55.                                       &auth_kp.pubkey, now,
    56. 

  56.                                       HS_DESC_CERT_LIFETIME,
    57. 

  57.                                       CERT_FLAG_INCLUDE_SIGNING_KEY);
    58. 

  58.   tt_assert(ip->auth_key_cert);
    59. 

  59. 

  60.   if (legacy) {
    61. 

  61.     ip->enc_key.legacy = crypto_pk_new();
    62. 

  62.     ip->enc_key_type = HS_DESC_KEY_TYPE_LEGACY;
    63. 

  63.     tt_assert(ip->enc_key.legacy);
    64. 

  64.     ret = crypto_pk_generate_key(ip->enc_key.legacy);
    65. 

  65.     tt_int_op(ret, ==, 0);
    66. 

  66.   } else {
    67. 

  67.     ret = curve25519_keypair_generate(&ip->enc_key.curve25519, 0);
    68. 

  68.     tt_int_op(ret, ==, 0);
    69. 

  69.     ip->enc_key_type = HS_DESC_KEY_TYPE_CURVE25519;
    70. 

  70.   }
    71. 

  71. 

  72.   intro_point = ip;
    73. 

  73.  done:
    74. 

  74.   return intro_point;
    75. 

  75. }
    76. 

  76. 

  77. /* Return a valid hs_descriptor_t object. If no_ip is set, no introduction
    78. 

  78.  * points are added. */
    79. 

  79. static hs_descriptor_t *
    80. 

  80. helper_build_hs_desc(unsigned int no_ip)
    81. 

  81. {
    82. 

  82.   int ret;
    83. 

  83.   time_t now = time(NULL);
    84. 

  84.   hs_descriptor_t *descp = NULL, *desc = tor_malloc_zero(sizeof(*desc));
    85. 

  85. 

  86.   desc->plaintext_data.version = HS_DESC_SUPPORTED_FORMAT_VERSION_MAX;
    87. 

  87.   ret = ed25519_keypair_generate(&desc->plaintext_data.signing_kp, 0);
    88. 

  88.   tt_int_op(ret, ==, 0);
    89. 

  89.   ret = ed25519_keypair_generate(&desc->plaintext_data.blinded_kp, 0);
    90. 

  90.   tt_int_op(ret, ==, 0);
    91. 

  91. 

  92.   desc->plaintext_data.signing_key_cert =
    93. 

  93.     tor_cert_create(&desc->plaintext_data.blinded_kp,
    94. 

  94.                     CERT_TYPE_SIGNING_HS_DESC,
    95. 

  95.                     &desc->plaintext_data.signing_kp.pubkey, now,
    96. 

  96.                     3600,
    97. 

  97.                     CERT_FLAG_INCLUDE_SIGNING_KEY);
    98. 

  98.   tt_assert(desc->plaintext_data.signing_key_cert);
    99. 

  99.   desc->plaintext_data.revision_counter = 42;
    100. 

  100.   desc->plaintext_data.lifetime_sec = 3 * 60 * 60;
    101. 

  101. 

  102.   /* Setup encrypted data section. */
    103. 

  103.   desc->encrypted_data.create2_ntor = 1;
    104. 

  104.   desc->encrypted_data.auth_types = smartlist_new();
    105. 

  105.   smartlist_add(desc->encrypted_data.auth_types, tor_strdup("ed25519"));
    106. 

  106.   desc->encrypted_data.intro_points = smartlist_new();
    107. 

  107.   if (!no_ip) {
    108. 

  108.     /* Add four intro points. */
    109. 

  109.     smartlist_add(desc->encrypted_data.intro_points,
    110. 

  110.                 helper_build_intro_point(&desc->plaintext_data.blinded_kp, now,
    111. 

  111.                                            "1.2.3.4", 0));
    112. 

  112.     smartlist_add(desc->encrypted_data.intro_points,
    113. 

  113.                 helper_build_intro_point(&desc->plaintext_data.blinded_kp, now,
    114. 

  114.                                            "[2600::1]", 0));
    115. 

  115.     smartlist_add(desc->encrypted_data.intro_points,
    116. 

  116.                 helper_build_intro_point(&desc->plaintext_data.blinded_kp, now,
    117. 

  117.                                            "3.2.1.4", 1));
    118. 

  118.     smartlist_add(desc->encrypted_data.intro_points,
    119. 

  119.                 helper_build_intro_point(&desc->plaintext_data.blinded_kp, now,
    120. 

  120.                                            "", 1));
    121. 

  121.   }
    122. 

  122. 

  123.   descp = desc;
    124. 

  124.  done:
    125. 

  125.   return descp;
    126. 

  126. }
    127. 

  127. 

  128. static void
    129. 

  129. helper_compare_hs_desc(const hs_descriptor_t *desc1,
    130. 

  130.                        const hs_descriptor_t *desc2)
    131. 

  131. {
    132. 

  132.   /* Plaintext data section. */
    133. 

  133.   tt_int_op(desc1->plaintext_data.version, OP_EQ,
    134. 

  134.             desc2->plaintext_data.version);
    135. 

  135.   tt_uint_op(desc1->plaintext_data.lifetime_sec, OP_EQ,
    136. 

  136.              desc2->plaintext_data.lifetime_sec);
    137. 

  137.   tt_assert(tor_cert_eq(desc1->plaintext_data.signing_key_cert,
    138. 

  138.                         desc2->plaintext_data.signing_key_cert));
    139. 

  139.   tt_mem_op(desc1->plaintext_data.signing_kp.pubkey.pubkey, OP_EQ,
    140. 

  140.             desc2->plaintext_data.signing_kp.pubkey.pubkey,
    141. 

  141.             ED25519_PUBKEY_LEN);
    142. 

  142.   tt_mem_op(desc1->plaintext_data.blinded_kp.pubkey.pubkey, OP_EQ,
    143. 

  143.             desc2->plaintext_data.blinded_kp.pubkey.pubkey,
    144. 

  144.             ED25519_PUBKEY_LEN);
    145. 

  145.   tt_uint_op(desc1->plaintext_data.revision_counter, ==,
    146. 

  146.              desc2->plaintext_data.revision_counter);
    147. 

  147. 

  148.   /* NOTE: We can't compare the encrypted blob because when encoding the
    149. 

  149.    * descriptor, the object is immutable thus we don't update it with the
    150. 

  150.    * encrypted blob. As contrast to the decoding process where we populate a
    151. 

  151.    * descriptor object. */
    152. 

  152. 

  153.   /* Encrypted data section. */
    154. 

  154.   tt_uint_op(desc1->encrypted_data.create2_ntor, ==,
    155. 

  155.              desc2->encrypted_data.create2_ntor);
    156. 

  156. 

  157.   /* Authentication type. */
    158. 

  158.   tt_int_op(!!desc1->encrypted_data.auth_types, ==,
    159. 

  159.             !!desc2->encrypted_data.auth_types);
    160. 

  160.   if (desc1->encrypted_data.auth_types && desc2->encrypted_data.auth_types) {
    161. 

  161.     tt_int_op(smartlist_len(desc1->encrypted_data.auth_types), ==,
    162. 

  162.               smartlist_len(desc2->encrypted_data.auth_types));
    163. 

  163.     for (int i = 0; i < smartlist_len(desc1->encrypted_data.auth_types); i++) {
    164. 

  164.       tt_str_op(smartlist_get(desc1->encrypted_data.auth_types, i), OP_EQ,
    165. 

  165.                 smartlist_get(desc2->encrypted_data.auth_types, i));
    166. 

  166.     }
    167. 

  167.   }
    168. 

  168. 

  169.   /* Introduction points. */
    170. 

  170.   {
    171. 

  171.     tt_assert(desc1->encrypted_data.intro_points);
    172. 

  172.     tt_assert(desc2->encrypted_data.intro_points);
    173. 

  173.     tt_int_op(smartlist_len(desc1->encrypted_data.intro_points), ==,
    174. 

  174.               smartlist_len(desc2->encrypted_data.intro_points));
    175. 

  175.     for (int i=0; i < smartlist_len(desc1->encrypted_data.intro_points); i++) {
    176. 

  176.       hs_desc_intro_point_t *ip1 = smartlist_get(desc1->encrypted_data
    177. 

  177.                                                  .intro_points, i),
    178. 

  178.                             *ip2 = smartlist_get(desc2->encrypted_data
    179. 

  179.                                                  .intro_points, i);
    180. 

  180.       tt_assert(tor_cert_eq(ip1->auth_key_cert, ip2->auth_key_cert));
    181. 

  181.       tt_int_op(ip1->enc_key_type, OP_EQ, ip2->enc_key_type);
    182. 

  182.       tt_assert(ip1->enc_key_type == HS_DESC_KEY_TYPE_LEGACY ||
    183. 

  183.                 ip1->enc_key_type == HS_DESC_KEY_TYPE_CURVE25519);
    184. 

  184.       switch (ip1->enc_key_type) {
    185. 

  185.       case HS_DESC_KEY_TYPE_LEGACY:
    186. 

  186.         tt_int_op(crypto_pk_cmp_keys(ip1->enc_key.legacy, ip2->enc_key.legacy),
    187. 

  187.                   OP_EQ, 0);
    188. 

  188.         break;
    189. 

  189.       case HS_DESC_KEY_TYPE_CURVE25519:
    190. 

  190.         tt_mem_op(ip1->enc_key.curve25519.pubkey.public_key, OP_EQ,
    191. 

  191.                   ip2->enc_key.curve25519.pubkey.public_key,
    192. 

  192.                   CURVE25519_PUBKEY_LEN);
    193. 

  193.         break;
    194. 

  194.       }
    195. 

  195. 

  196.       tt_int_op(smartlist_len(ip1->link_specifiers), ==,
    197. 

  197.                 smartlist_len(ip2->link_specifiers));
    198. 

  198.       for (int j = 0; j < smartlist_len(ip1->link_specifiers); j++) {
    199. 

  199.         hs_desc_link_specifier_t *ls1 = smartlist_get(ip1->link_specifiers, j),
    200. 

  200.                                  *ls2 = smartlist_get(ip2->link_specifiers, j);
    201. 

  201.         tt_int_op(ls1->type, ==, ls2->type);
    202. 

  202.         switch (ls1->type) {
    203. 

  203.         case LS_IPV4:
    204. 

  204.         case LS_IPV6:
    205. 

  205.         {
    206. 

  206.           char *addr1 = tor_addr_to_str_dup(&ls1->u.ap.addr),
    207. 

  207.                *addr2 = tor_addr_to_str_dup(&ls2->u.ap.addr);
    208. 

  208.           tt_str_op(addr1, OP_EQ, addr2);
    209. 

  209.           tor_free(addr1);
    210. 

  210.           tor_free(addr2);
    211. 

  211.           tt_int_op(ls1->u.ap.port, ==, ls2->u.ap.port);
    212. 

  212.         }
    213. 

  213.         break;
    214. 

  214.         case LS_LEGACY_ID:
    215. 

  215.           tt_mem_op(ls1->u.legacy_id, OP_EQ, ls2->u.legacy_id,
    216. 

  216.                     sizeof(ls1->u.legacy_id));
    217. 

  217.           break;
    218. 

  218.         default:
    219. 

  219.           /* Unknown type, caught it and print its value. */
    220. 

  220.           tt_int_op(ls1->type, OP_EQ, -1);
    221. 

  221.         }
    222. 

  222.       }
    223. 

  223.     }
    224. 

  224.   }
    225. 

  225. 

  226.  done:
    227. 

  227.   ;
    228. 

  228. }
    229. 

  229. 

  230. /* Test certificate encoding put in a descriptor. */
    231. 

  231. static void
    232. 

  232. test_cert_encoding(void *arg)
    233. 

  233. {
    234. 

  234.   int ret;
    235. 

  235.   char *encoded = NULL;
    236. 

  236.   time_t now = time(NULL);
    237. 

  237.   ed25519_keypair_t kp;
    238. 

  238.   ed25519_public_key_t signed_key;
    239. 

  239.   ed25519_secret_key_t secret_key;
    240. 

  240.   tor_cert_t *cert = NULL;
    241. 

  241. 

  242.   (void) arg;
    243. 

  243. 

  244.   ret = ed25519_keypair_generate(&kp, 0);
    245. 

  245.   tt_int_op(ret, == , 0);
    246. 

  246.   ret = ed25519_secret_key_generate(&secret_key, 0);
    247. 

  247.   tt_int_op(ret, == , 0);
    248. 

  248.   ret = ed25519_public_key_generate(&signed_key, &secret_key);
    249. 

  249.   tt_int_op(ret, == , 0);
    250. 

  250. 

  251.   cert = tor_cert_create(&kp, CERT_TYPE_SIGNING_AUTH, &signed_key,
    252. 

  252.                          now, 3600 * 2, CERT_FLAG_INCLUDE_SIGNING_KEY);
    253. 

  253.   tt_assert(cert);
    254. 

  254. 

  255.   /* Test the certificate encoding function. */
    256. 

  256.   ret = encode_cert(cert, &encoded);
    257. 

  257.   tt_int_op(ret, ==, 0);
    258. 

  258. 

  259.   /* Validated the certificate string. */
    260. 

  260.   {
    261. 

  261.     char *end, *pos = encoded;
    262. 

  262.     char *b64_cert, buf[256];
    263. 

  263.     size_t b64_cert_len;
    264. 

  264.     tor_cert_t *parsed_cert;
    265. 

  265. 

  266.     tt_int_op(strcmpstart(pos, "-----BEGIN ED25519 CERT-----\n"), ==, 0);
    267. 

  267.     pos += strlen("-----BEGIN ED25519 CERT-----\n");
    268. 

  268. 

  269.     /* Isolate the base64 encoded certificate and try to decode it. */
    270. 

  270.     end = strstr(pos, "-----END ED25519 CERT-----");
    271. 

  271.     tt_assert(end);
    272. 

  272.     b64_cert = pos;
    273. 

  273.     b64_cert_len = end - pos;
    274. 

  274.     ret = base64_decode(buf, sizeof(buf), b64_cert, b64_cert_len);
    275. 

  275.     tt_int_op(ret, >, 0);
    276. 

  276.     /* Parseable? */
    277. 

  277.     parsed_cert = tor_cert_parse((uint8_t *) buf, ret);
    278. 

  278.     tt_assert(parsed_cert);
    279. 

  279.     /* Signature is valid? */
    280. 

  280.     ret = tor_cert_checksig(parsed_cert, &kp.pubkey, now + 10);
    281. 

  281.     tt_int_op(ret, ==, 0);
    282. 

  282.     ret = tor_cert_eq(cert, parsed_cert);
    283. 

  283.     tt_int_op(ret, ==, 1);
    284. 

  284.     /* The cert did have the signing key? */
    285. 

  285.     ret= ed25519_pubkey_eq(&parsed_cert->signing_key, &kp.pubkey);
    286. 

  286.     tt_int_op(ret, ==, 1);
    287. 

  287.     tor_cert_free(parsed_cert);
    288. 

  288. 

  289.     /* Get to the end part of the certificate. */
    290. 

  290.     pos += b64_cert_len;
    291. 

  291.     tt_int_op(strcmpstart(pos, "-----END ED25519 CERT-----"), ==, 0);
    292. 

  292.     pos += strlen("-----END ED25519 CERT-----");
    293. 

  293.   }
    294. 

  294. 

  295.  done:
    296. 

  296.   tor_cert_free(cert);
    297. 

  297.   tor_free(encoded);
    298. 

  298. }
    299. 

  299. 

  300. /* Test the descriptor padding. */
    301. 

  301. static void
    302. 

  302. test_descriptor_padding(void *arg)
    303. 

  303. {
    304. 

  304.   char *plaintext;
    305. 

  305.   size_t plaintext_len, padded_len;
    306. 

  306.   uint8_t *padded_plaintext = NULL;
    307. 

  307. 

  308. /* Example: if l = 129, the ceiled division gives 2 and then multiplied by 128
    309. 

  309.  * to give 256. With l = 127, ceiled division gives 1 then times 128. */
    310. 

  310. #define PADDING_EXPECTED_LEN(l) \
    311. 

  311.   CEIL_DIV(l, HS_DESC_PLAINTEXT_PADDING_MULTIPLE) * \
    312. 

  312.   HS_DESC_PLAINTEXT_PADDING_MULTIPLE
    313. 

  313. 

  314.   (void) arg;
    315. 

  315. 

  316.   { /* test #1: no padding */
    317. 

  317.     plaintext_len = HS_DESC_PLAINTEXT_PADDING_MULTIPLE;
    318. 

  318.     plaintext = tor_malloc(plaintext_len);
    319. 

  319.     padded_len = build_plaintext_padding(plaintext, plaintext_len,
    320. 

  320.                                          &padded_plaintext);
    321. 

  321.     tt_assert(padded_plaintext);
    322. 

  322.     tor_free(plaintext);
    323. 

  323.     /* Make sure our padding has been zeroed. */
    324. 

  324.     tt_int_op(tor_mem_is_zero((char *) padded_plaintext + plaintext_len,
    325. 

  325.                               padded_len - plaintext_len), OP_EQ, 1);
    326. 

  326.     tor_free(padded_plaintext);
    327. 

  327.     /* Never never have a padded length smaller than the plaintext. */
    328. 

  328.     tt_int_op(padded_len, OP_GE, plaintext_len);
    329. 

  329.     tt_int_op(padded_len, OP_EQ, PADDING_EXPECTED_LEN(plaintext_len));
    330. 

  330.   }
    331. 

  331. 

  332.   { /* test #2: one byte padding? */
    333. 

  333.     plaintext_len = HS_DESC_PLAINTEXT_PADDING_MULTIPLE - 1;
    334. 

  334.     plaintext = tor_malloc(plaintext_len);
    335. 

  335.     padded_plaintext = NULL;
    336. 

  336.     padded_len = build_plaintext_padding(plaintext, plaintext_len,
    337. 

  337.                                          &padded_plaintext);
    338. 

  338.     tt_assert(padded_plaintext);
    339. 

  339.     tor_free(plaintext);
    340. 

  340.     /* Make sure our padding has been zeroed. */
    341. 

  341.     tt_int_op(tor_mem_is_zero((char *) padded_plaintext + plaintext_len,
    342. 

  342.                               padded_len - plaintext_len), OP_EQ, 1);
    343. 

  343.     tor_free(padded_plaintext);
    344. 

  344.     /* Never never have a padded length smaller than the plaintext. */
    345. 

  345.     tt_int_op(padded_len, OP_GE, plaintext_len);
    346. 

  346.     tt_int_op(padded_len, OP_EQ, PADDING_EXPECTED_LEN(plaintext_len));
    347. 

  347.   }
    348. 

  348. 

  349.   { /* test #3: Lots more bytes of padding? */
    350. 

  350.     plaintext_len = HS_DESC_PLAINTEXT_PADDING_MULTIPLE + 1;
    351. 

  351.     plaintext = tor_malloc(plaintext_len);
    352. 

  352.     padded_plaintext = NULL;
    353. 

  353.     padded_len = build_plaintext_padding(plaintext, plaintext_len,
    354. 

  354.                                          &padded_plaintext);
    355. 

  355.     tt_assert(padded_plaintext);
    356. 

  356.     tor_free(plaintext);
    357. 

  357.     /* Make sure our padding has been zeroed. */
    358. 

  358.     tt_int_op(tor_mem_is_zero((char *) padded_plaintext + plaintext_len,
    359. 

  359.                               padded_len - plaintext_len), OP_EQ, 1);
    360. 

  360.     tor_free(padded_plaintext);
    361. 

  361.     /* Never never have a padded length smaller than the plaintext. */
    362. 

  362.     tt_int_op(padded_len, OP_GE, plaintext_len);
    363. 

  363.     tt_int_op(padded_len, OP_EQ, PADDING_EXPECTED_LEN(plaintext_len));
    364. 

  364.   }
    365. 

  365. 

  366.  done:
    367. 

  367.   return;
    368. 

  368. }
    369. 

  369. 

  370. static void
    371. 

  371. test_link_specifier(void *arg)
    372. 

  372. {
    373. 

  373.   ssize_t ret;
    374. 

  374.   hs_desc_link_specifier_t spec;
    375. 

  375.   smartlist_t *link_specifiers = smartlist_new();
    376. 

  376. 

  377.   (void) arg;
    378. 

  378. 

  379.   /* Always this port. */
    380. 

  380.   spec.u.ap.port = 42;
    381. 

  381.   smartlist_add(link_specifiers, &spec);
    382. 

  382. 

  383.   /* Test IPv4 for starter. */
    384. 

  384.   {
    385. 

  385.     char *b64, buf[256];
    386. 

  386.     uint32_t ipv4;
    387. 

  387.     link_specifier_t *ls;
    388. 

  388. 

  389.     spec.type = LS_IPV4;
    390. 

  390.     ret = tor_addr_parse(&spec.u.ap.addr, "1.2.3.4");
    391. 

  391.     tt_int_op(ret, ==, AF_INET);
    392. 

  392.     b64 = encode_link_specifiers(link_specifiers);
    393. 

  393.     tt_assert(b64);
    394. 

  394. 

  395.     /* Decode it and validate the format. */
    396. 

  396.     ret = base64_decode(buf, sizeof(buf), b64, strlen(b64));
    397. 

  397.     tt_int_op(ret, >, 0);
    398. 

  398.     /* First byte is the number of link specifier. */
    399. 

  399.     tt_int_op(get_uint8(buf), ==, 1);
    400. 

  400.     ret = link_specifier_parse(&ls, (uint8_t *) buf + 1, ret - 1);
    401. 

  401.     tt_int_op(ret, ==, 8);
    402. 

  402.     /* Should be 2 bytes for port and 4 bytes for IPv4. */
    403. 

  403.     tt_int_op(link_specifier_get_ls_len(ls), ==, 6);
    404. 

  404.     ipv4 = link_specifier_get_un_ipv4_addr(ls);
    405. 

  405.     tt_int_op(tor_addr_to_ipv4h(&spec.u.ap.addr), ==, ipv4);
    406. 

  406.     tt_int_op(link_specifier_get_un_ipv4_port(ls), ==, spec.u.ap.port);
    407. 

  407. 

  408.     link_specifier_free(ls);
    409. 

  409.     tor_free(b64);
    410. 

  410.   }
    411. 

  411. 

  412.   /* Test IPv6. */
    413. 

  413.   {
    414. 

  414.     char *b64, buf[256];
    415. 

  415.     uint8_t ipv6[16];
    416. 

  416.     link_specifier_t *ls;
    417. 

  417. 

  418.     spec.type = LS_IPV6;
    419. 

  419.     ret = tor_addr_parse(&spec.u.ap.addr, "[1:2:3:4::]");
    420. 

  420.     tt_int_op(ret, ==, AF_INET6);
    421. 

  421.     b64 = encode_link_specifiers(link_specifiers);
    422. 

  422.     tt_assert(b64);
    423. 

  423. 

  424.     /* Decode it and validate the format. */
    425. 

  425.     ret = base64_decode(buf, sizeof(buf), b64, strlen(b64));
    426. 

  426.     tt_int_op(ret, >, 0);
    427. 

  427.     /* First byte is the number of link specifier. */
    428. 

  428.     tt_int_op(get_uint8(buf), ==, 1);
    429. 

  429.     ret = link_specifier_parse(&ls, (uint8_t *) buf + 1, ret - 1);
    430. 

  430.     tt_int_op(ret, ==, 20);
    431. 

  431.     /* Should be 2 bytes for port and 16 bytes for IPv6. */
    432. 

  432.     tt_int_op(link_specifier_get_ls_len(ls), ==, 18);
    433. 

  433.     for (unsigned int i = 0; i < sizeof(ipv6); i++) {
    434. 

  434.       ipv6[i] = link_specifier_get_un_ipv6_addr(ls, i);
    435. 

  435.     }
    436. 

  436.     tt_mem_op(tor_addr_to_in6_addr8(&spec.u.ap.addr), ==, ipv6, sizeof(ipv6));
    437. 

  437.     tt_int_op(link_specifier_get_un_ipv6_port(ls), ==, spec.u.ap.port);
    438. 

  438. 

  439.     link_specifier_free(ls);
    440. 

  440.     tor_free(b64);
    441. 

  441.   }
    442. 

  442. 

  443.   /* Test legacy. */
    444. 

  444.   {
    445. 

  445.     char *b64, buf[256];
    446. 

  446.     uint8_t *id;
    447. 

  447.     link_specifier_t *ls;
    448. 

  448. 

  449.     spec.type = LS_LEGACY_ID;
    450. 

  450.     memset(spec.u.legacy_id, 'Y', sizeof(spec.u.legacy_id));
    451. 

  451.     b64 = encode_link_specifiers(link_specifiers);
    452. 

  452.     tt_assert(b64);
    453. 

  453. 

  454.     /* Decode it and validate the format. */
    455. 

  455.     ret = base64_decode(buf, sizeof(buf), b64, strlen(b64));
    456. 

  456.     tt_int_op(ret, >, 0);
    457. 

  457.     /* First byte is the number of link specifier. */
    458. 

  458.     tt_int_op(get_uint8(buf), ==, 1);
    459. 

  459.     ret = link_specifier_parse(&ls, (uint8_t *) buf + 1, ret - 1);
    460. 

  460.     /* 20 bytes digest + 1 byte type + 1 byte len. */
    461. 

  461.     tt_int_op(ret, ==, 22);
    462. 

  462.     tt_int_op(link_specifier_getlen_un_legacy_id(ls), OP_EQ, DIGEST_LEN);
    463. 

  463.     /* Digest length is 20 bytes. */
    464. 

  464.     tt_int_op(link_specifier_get_ls_len(ls), OP_EQ, DIGEST_LEN);
    465. 

  465.     id = link_specifier_getarray_un_legacy_id(ls);
    466. 

  466.     tt_mem_op(spec.u.legacy_id, OP_EQ, id, DIGEST_LEN);
    467. 

  467. 

  468.     link_specifier_free(ls);
    469. 

  469.     tor_free(b64);
    470. 

  470.   }
    471. 

  471. 

  472.  done:
    473. 

  473.   smartlist_free(link_specifiers);
    474. 

  474. }
    475. 

  475. 

  476. static void
    477. 

  477. test_encode_descriptor(void *arg)
    478. 

  478. {
    479. 

  479.   int ret;
    480. 

  480.   char *encoded = NULL;
    481. 

  481.   hs_descriptor_t *desc = helper_build_hs_desc(0);
    482. 

  482. 

  483.   (void) arg;
    484. 

  484. 

  485.   ret = hs_desc_encode_descriptor(desc, &encoded);
    486. 

  486.   tt_int_op(ret, ==, 0);
    487. 

  487.   tt_assert(encoded);
    488. 

  488. 

  489.  done:
    490. 

  490.   hs_descriptor_free(desc);
    491. 

  491.   tor_free(encoded);
    492. 

  492. }
    493. 

  493. 

  494. static void
    495. 

  495. test_decode_descriptor(void *arg)
    496. 

  496. {
    497. 

  497.   int ret;
    498. 

  498.   char *encoded = NULL;
    499. 

  499.   hs_descriptor_t *desc = helper_build_hs_desc(0);
    500. 

  500.   hs_descriptor_t *decoded = NULL;
    501. 

  501.   hs_descriptor_t *desc_no_ip = NULL;
    502. 

  502. 

  503.   (void) arg;
    504. 

  504. 

  505.   /* Give some bad stuff to the decoding function. */
    506. 

  506.   ret = hs_desc_decode_descriptor("hladfjlkjadf", NULL, &decoded);
    507. 

  507.   tt_int_op(ret, OP_EQ, -1);
    508. 

  508. 

  509.   ret = hs_desc_encode_descriptor(desc, &encoded);
    510. 

  510.   tt_int_op(ret, ==, 0);
    511. 

  511.   tt_assert(encoded);
    512. 

  512. 

  513.   ret = hs_desc_decode_descriptor(encoded, NULL, &decoded);
    514. 

  514.   tt_int_op(ret, ==, 0);
    515. 

  515.   tt_assert(decoded);
    516. 

  516. 

  517.   helper_compare_hs_desc(desc, decoded);
    518. 

  518. 

  519.   /* Decode a descriptor with _no_ introduction points. */
    520. 

  520.   {
    521. 

  521.     desc_no_ip = helper_build_hs_desc(1);
    522. 

  522.     tt_assert(desc_no_ip);
    523. 

  523.     tor_free(encoded);
    524. 

  524.     ret = hs_desc_encode_descriptor(desc_no_ip, &encoded);
    525. 

  525.     tt_int_op(ret, ==, 0);
    526. 

  526.     tt_assert(encoded);
    527. 

  527.     hs_descriptor_free(decoded);
    528. 

  528.     ret = hs_desc_decode_descriptor(encoded, NULL, &decoded);
    529. 

  529.     tt_int_op(ret, ==, 0);
    530. 

  530.     tt_assert(decoded);
    531. 

  531.   }
    532. 

  532. 

  533.  done:
    534. 

  534.   hs_descriptor_free(desc);
    535. 

  535.   hs_descriptor_free(desc_no_ip);
    536. 

  536.   hs_descriptor_free(decoded);
    537. 

  537.   tor_free(encoded);
    538. 

  538. }
    539. 

  539. 

  540. static void
    541. 

  541. test_supported_version(void *arg)
    542. 

  542. {
    543. 

  543.   int ret;
    544. 

  544. 

  545.   (void) arg;
    546. 

  546. 

  547.   /* Unsupported. */
    548. 

  548.   ret = hs_desc_is_supported_version(42);
    549. 

  549.   tt_int_op(ret, OP_EQ, 0);
    550. 

  550.   /* To early. */
    551. 

  551.   ret = hs_desc_is_supported_version(HS_DESC_SUPPORTED_FORMAT_VERSION_MIN - 1);
    552. 

  552.   tt_int_op(ret, OP_EQ, 0);
    553. 

  553.   /* One too new. */
    554. 

  554.   ret = hs_desc_is_supported_version(HS_DESC_SUPPORTED_FORMAT_VERSION_MAX + 1);
    555. 

  555.   tt_int_op(ret, OP_EQ, 0);
    556. 

  556.   /* Valid version. */
    557. 

  557.   ret = hs_desc_is_supported_version(3);
    558. 

  558.   tt_int_op(ret, OP_EQ, 1);
    559. 

  559. 

  560.  done:
    561. 

  561.   ;
    562. 

  562. }
    563. 

  563. 

  564. static void
    565. 

  565. test_encrypted_data_len(void *arg)
    566. 

  566. {
    567. 

  567.   int ret;
    568. 

  568.   size_t value;
    569. 

  569. 

  570.   (void) arg;
    571. 

  571. 

  572.   /* No length, error. */
    573. 

  573.   ret = encrypted_data_length_is_valid(0);
    574. 

  574.   tt_int_op(ret, OP_EQ, 0);
    575. 

  575.   /* Not a multiple of our encryption algorithm (thus no padding). It's
    576. 

  576.    * suppose to be aligned on HS_DESC_PLAINTEXT_PADDING_MULTIPLE. */
    577. 

  577.   value = HS_DESC_PLAINTEXT_PADDING_MULTIPLE * 10 - 1;
    578. 

  578.   ret = encrypted_data_length_is_valid(value);
    579. 

  579.   tt_int_op(ret, OP_EQ, 0);
    580. 

  580.   /* Valid value. */
    581. 

  581.   value = HS_DESC_PADDED_PLAINTEXT_MAX_LEN + HS_DESC_ENCRYPTED_SALT_LEN +
    582. 

  582.           DIGEST256_LEN;
    583. 

  583.   ret = encrypted_data_length_is_valid(value);
    584. 

  584.   tt_int_op(ret, OP_EQ, 1);
    585. 

  585. 

  586.   /* XXX: Test maximum possible size. */
    587. 

  587. 

  588.  done:
    589. 

  589.   ;
    590. 

  590. }
    591. 

  591. 

  592. static void
    593. 

  593. test_decode_intro_point(void *arg)
    594. 

  594. {
    595. 

  595.   int ret;
    596. 

  596.   char *encoded_ip = NULL;
    597. 

  597.   size_t len_out;
    598. 

  598.   hs_desc_intro_point_t *ip = NULL;
    599. 

  599.   hs_descriptor_t *desc = NULL;
    600. 

  600. 

  601.   (void) arg;
    602. 

  602. 

  603.   /* The following certificate expires in 2036. After that, one of the test
    604. 

  604.    * will fail because of the expiry time. */
    605. 

  605. 

  606.   /* Seperate pieces of a valid encoded introduction point. */
    607. 

  607.   const char *intro_point =
    608. 

  608.     "introduction-point AQIUMDI5OUYyNjhGQ0E5RDU1Q0QxNTc=";
    609. 

  609.   const char *auth_key =
    610. 

  610.     "auth-key\n"
    611. 

  611.     "-----BEGIN ED25519 CERT-----\n"
    612. 

  612.     "AQkACOhAAQW8ltYZMIWpyrfyE/b4Iyi8CNybCwYs6ADk7XfBaxsFAQAgBAD3/BE4\n"
    613. 

  613.     "XojGE/N2bW/wgnS9r2qlrkydGyuCKIGayYx3haZ39LD4ZTmSMRxwmplMAqzG/XNP\n"
    614. 

  614.     "0Kkpg4p2/VnLFJRdU1SMFo1lgQ4P0bqw7Tgx200fulZ4KUM5z5V7m+a/mgY=\n"
    615. 

  615.     "-----END ED25519 CERT-----";
    616. 

  616.   const char *enc_key =
    617. 

  617.     "enc-key ntor bpZKLsuhxP6woDQ3yVyjm5gUKSk7RjfAijT2qrzbQk0=";
    618. 

  618.   const char *enc_key_legacy =
    619. 

  619.     "enc-key legacy\n"
    620. 

  620.     "-----BEGIN RSA PUBLIC KEY-----\n"
    621. 

  621.     "MIGJAoGBAO4bATcW8kW4h6RQQAKEgg+aXCpF4JwbcO6vGZtzXTDB+HdPVQzwqkbh\n"
    622. 

  622.     "XzFM6VGArhYw4m31wcP1Z7IwULir7UMnAFd7Zi62aYfU6l+Y1yAoZ1wzu1XBaAMK\n"
    623. 

  623.     "ejpwQinW9nzJn7c2f69fVke3pkhxpNdUZ+vplSA/l9iY+y+v+415AgMBAAE=\n"
    624. 

  624.     "-----END RSA PUBLIC KEY-----";
    625. 

  625.   const char *enc_key_cert =
    626. 

  626.     "enc-key-certification\n"
    627. 

  627.     "-----BEGIN ED25519 CERT-----\n"
    628. 

  628.     "AQsACOhZAUpNvCZ1aJaaR49lS6MCdsVkhVGVrRqoj0Y2T4SzroAtAQAgBABFOcGg\n"
    629. 

  629.     "lbTt1DF5nKTE/gU3Fr8ZtlCIOhu1A+F5LM7fqCUupfesg0KTHwyIZOYQbJuM5/he\n"
    630. 

  630.     "/jDNyLy9woPJdjkxywaY2RPUxGjLYtMQV0E8PUxWyICV+7y52fTCYaKpYQw=\n"
    631. 

  631.     "-----END ED25519 CERT-----";
    632. 

  632.   const char *enc_key_cert_legacy =
    633. 

  633.     "enc-key-certification\n"
    634. 

  634.     "-----BEGIN CROSSCERT-----\n"
    635. 

  635.     "Sk28JnVolppHj2VLowJ2xWSFUZWtGqiPRjZPhLOugC0ACOhZgFPA5egeRDUXMM1U\n"
    636. 

  636.     "Fn3c7Je0gJS6mVma5FzwlgwggeriF13UZcaT71vEAN/ZJXbxOfQVGMZ0rXuFpjUq\n"
    637. 

  637.     "C8CvqmZIwEUaPE1nDFtmnTcucvNS1YQl9nsjH3ejbxc+4yqps/cXh46FmXsm5yz7\n"
    638. 

  638.     "NZjBM9U1fbJhlNtOvrkf70K8bLk6\n"
    639. 

  639.     "-----END CROSSCERT-----";
    640. 

  640. 

  641.   (void) enc_key_legacy;
    642. 

  642.   (void) enc_key_cert_legacy;
    643. 

  643. 

  644.   /* Start by testing the "decode all intro points" function. */
    645. 

  645.   {
    646. 

  646.     char *line;
    647. 

  647.     desc = helper_build_hs_desc(0);
    648. 

  648.     tt_assert(desc);
    649. 

  649.     /* Only try to decode an incomplete introduction point section. */
    650. 

  650.     tor_asprintf(&line, "\n%s", intro_point);
    651. 

  651.     ret = decode_intro_points(desc, &desc->encrypted_data, line);
    652. 

  652.     tor_free(line);
    653. 

  653.     tt_int_op(ret, ==, -1);
    654. 

  654. 

  655.     /* Decode one complete intro point. */
    656. 

  656.     smartlist_t *lines = smartlist_new();
    657. 

  657.     smartlist_add(lines, (char *) intro_point);
    658. 

  658.     smartlist_add(lines, (char *) auth_key);
    659. 

  659.     smartlist_add(lines, (char *) enc_key);
    660. 

  660.     smartlist_add(lines, (char *) enc_key_cert);
    661. 

  661.     encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
    662. 

  662.     tt_assert(encoded_ip);
    663. 

  663.     tor_asprintf(&line, "\n%s", encoded_ip);
    664. 

  664.     tor_free(encoded_ip);
    665. 

  665.     ret = decode_intro_points(desc, &desc->encrypted_data, line);
    666. 

  666.     tor_free(line);
    667. 

  667.     smartlist_free(lines);
    668. 

  668.     tt_int_op(ret, ==, 0);
    669. 

  669.   }
    670. 

  670. 

  671.   /* Try to decode a junk string. */
    672. 

  672.   {
    673. 

  673.     hs_descriptor_free(desc);
    674. 

  674.     desc = helper_build_hs_desc(0);
    675. 

  675.     const char *junk = "this is not a descriptor";
    676. 

  676.     ip = decode_introduction_point(desc, junk);
    677. 

  677.     tt_assert(!ip);
    678. 

  678.     desc_intro_point_free(ip);
    679. 

  679.     ip = NULL;
    680. 

  680.   }
    681. 

  681. 

  682.   /* Invalid link specifiers. */
    683. 

  683.   {
    684. 

  684.     smartlist_t *lines = smartlist_new();
    685. 

  685.     const char *bad_line = "introduction-point blah";
    686. 

  686.     smartlist_add(lines, (char *) bad_line);
    687. 

  687.     smartlist_add(lines, (char *) auth_key);
    688. 

  688.     smartlist_add(lines, (char *) enc_key);
    689. 

  689.     smartlist_add(lines, (char *) enc_key_cert);
    690. 

  690.     encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
    691. 

  691.     tt_assert(encoded_ip);
    692. 

  692.     ip = decode_introduction_point(desc, encoded_ip);
    693. 

  693.     tt_assert(!ip);
    694. 

  694.     tor_free(encoded_ip);
    695. 

  695.     smartlist_free(lines);
    696. 

  696.     desc_intro_point_free(ip);
    697. 

  697.     ip = NULL;
    698. 

  698.   }
    699. 

  699. 

  700.   /* Invalid auth key type. */
    701. 

  701.   {
    702. 

  702.     smartlist_t *lines = smartlist_new();
    703. 

  703.     /* Try to put a valid object that our tokenize function will be able to
    704. 

  704.      * parse but that has nothing to do with the auth_key. */
    705. 

  705.     const char *bad_line =
    706. 

  706.       "auth-key\n"
    707. 

  707.       "-----BEGIN UNICORN CERT-----\n"
    708. 

  708.       "MIGJAoGBAO4bATcW8kW4h6RQQAKEgg+aXCpF4JwbcO6vGZtzXTDB+HdPVQzwqkbh\n"
    709. 

  709.       "XzFM6VGArhYw4m31wcP1Z7IwULir7UMnAFd7Zi62aYfU6l+Y1yAoZ1wzu1XBaAMK\n"
    710. 

  710.       "ejpwQinW9nzJn7c2f69fVke3pkhxpNdUZ+vplSA/l9iY+y+v+415AgMBAAE=\n"
    711. 

  711.       "-----END UNICORN CERT-----";
    712. 

  712.     /* Build intro point text. */
    713. 

  713.     smartlist_add(lines, (char *) intro_point);
    714. 

  714.     smartlist_add(lines, (char *) bad_line);
    715. 

  715.     smartlist_add(lines, (char *) enc_key);
    716. 

  716.     smartlist_add(lines, (char *) enc_key_cert);
    717. 

  717.     encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
    718. 

  718.     tt_assert(encoded_ip);
    719. 

  719.     ip = decode_introduction_point(desc, encoded_ip);
    720. 

  720.     tt_assert(!ip);
    721. 

  721.     tor_free(encoded_ip);
    722. 

  722.     smartlist_free(lines);
    723. 

  723.   }
    724. 

  724. 

  725.   /* Invalid enc-key. */
    726. 

  726.   {
    727. 

  727.     smartlist_t *lines = smartlist_new();
    728. 

  728.     const char *bad_line =
    729. 

  729.       "enc-key unicorn bpZKLsuhxP6woDQ3yVyjm5gUKSk7RjfAijT2qrzbQk0=";
    730. 

  730.     /* Build intro point text. */
    731. 

  731.     smartlist_add(lines, (char *) intro_point);
    732. 

  732.     smartlist_add(lines, (char *) auth_key);
    733. 

  733.     smartlist_add(lines, (char *) bad_line);
    734. 

  734.     smartlist_add(lines, (char *) enc_key_cert);
    735. 

  735.     encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
    736. 

  736.     tt_assert(encoded_ip);
    737. 

  737.     ip = decode_introduction_point(desc, encoded_ip);
    738. 

  738.     tt_assert(!ip);
    739. 

  739.     tor_free(encoded_ip);
    740. 

  740.     smartlist_free(lines);
    741. 

  741.   }
    742. 

  742. 

  743.   /* Invalid enc-key object. */
    744. 

  744.   {
    745. 

  745.     smartlist_t *lines = smartlist_new();
    746. 

  746.     const char *bad_line = "enc-key ntor";
    747. 

  747.     /* Build intro point text. */
    748. 

  748.     smartlist_add(lines, (char *) intro_point);
    749. 

  749.     smartlist_add(lines, (char *) auth_key);
    750. 

  750.     smartlist_add(lines, (char *) bad_line);
    751. 

  751.     smartlist_add(lines, (char *) enc_key_cert);
    752. 

  752.     encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
    753. 

  753.     tt_assert(encoded_ip);
    754. 

  754.     ip = decode_introduction_point(desc, encoded_ip);
    755. 

  755.     tt_assert(!ip);
    756. 

  756.     tor_free(encoded_ip);
    757. 

  757.     smartlist_free(lines);
    758. 

  758.   }
    759. 

  759. 

  760.   /* Invalid enc-key base64 curv25519 key. */
    761. 

  761.   {
    762. 

  762.     smartlist_t *lines = smartlist_new();
    763. 

  763.     const char *bad_line = "enc-key ntor blah===";
    764. 

  764.     /* Build intro point text. */
    765. 

  765.     smartlist_add(lines, (char *) intro_point);
    766. 

  766.     smartlist_add(lines, (char *) auth_key);
    767. 

  767.     smartlist_add(lines, (char *) bad_line);
    768. 

  768.     smartlist_add(lines, (char *) enc_key_cert);
    769. 

  769.     encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
    770. 

  770.     tt_assert(encoded_ip);
    771. 

  771.     ip = decode_introduction_point(desc, encoded_ip);
    772. 

  772.     tt_assert(!ip);
    773. 

  773.     tor_free(encoded_ip);
    774. 

  774.     smartlist_free(lines);
    775. 

  775.   }
    776. 

  776. 

  777.   /* Invalid enc-key invalid legacy. */
    778. 

  778.   {
    779. 

  779.     smartlist_t *lines = smartlist_new();
    780. 

  780.     const char *bad_line = "enc-key legacy blah===";
    781. 

  781.     /* Build intro point text. */
    782. 

  782.     smartlist_add(lines, (char *) intro_point);
    783. 

  783.     smartlist_add(lines, (char *) auth_key);
    784. 

  784.     smartlist_add(lines, (char *) bad_line);
    785. 

  785.     smartlist_add(lines, (char *) enc_key_cert);
    786. 

  786.     encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
    787. 

  787.     tt_assert(encoded_ip);
    788. 

  788.     ip = decode_introduction_point(desc, encoded_ip);
    789. 

  789.     tt_assert(!ip);
    790. 

  790.     tor_free(encoded_ip);
    791. 

  791.     smartlist_free(lines);
    792. 

  792.   }
    793. 

  793. 

  794.   /* Valid object. */
    795. 

  795.   {
    796. 

  796.     smartlist_t *lines = smartlist_new();
    797. 

  797.     /* Build intro point text. */
    798. 

  798.     smartlist_add(lines, (char *) intro_point);
    799. 

  799.     smartlist_add(lines, (char *) auth_key);
    800. 

  800.     smartlist_add(lines, (char *) enc_key);
    801. 

  801.     smartlist_add(lines, (char *) enc_key_cert);
    802. 

  802.     encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
    803. 

  803.     tt_assert(encoded_ip);
    804. 

  804.     ip = decode_introduction_point(desc, encoded_ip);
    805. 

  805.     tt_assert(ip);
    806. 

  806.     tor_free(encoded_ip);
    807. 

  807.     smartlist_free(lines);
    808. 

  808.   }
    809. 

  809. 

  810.  done:
    811. 

  811.   hs_descriptor_free(desc);
    812. 

  812.   desc_intro_point_free(ip);
    813. 

  813. }
    814. 

  814. 

  815. const char encrypted_desc_portion[] = "create2-formats 2\n"
    816. 

  816.   "authentication-required ed25519\n"
    817. 

  817.   "introduction-point AQAGAQIDBCMp\n"
    818. 

  818.   "auth-key\n"
    819. 

  819.   "-----BEGIN ED25519 CERT-----\n"
    820. 

  820.   "AQkABmRZASMANx4sbMyDd4i+MciVUw29vPQ/nOFrLwUdTGEBXSXrAQAgBABo2zfd\n"
    821. 

  821.   "wyqAdzSeaIzH1TUcV3u8nAG2YhNCRw2/2vVWuD6Z4Fn0aNHnh1FONNkbismC9t1X\n"
    822. 

  822.   "Rf07hdZkVYEbOaPsHnFwhJULVSUo8YYuL19jghRjwMqPGeGfD4iuQqdo3QA=\n"
    823. 

  823.   "-----END ED25519 CERT-----\n"
    824. 

  824.   "enc-key ntor xo2n5anLMoyIMuhcKSLdVZISyISBW8j1vXRbpdbK+lU=\n"
    825. 

  825.   "enc-key-certification\n"
    826. 

  826.   "-----BEGIN ED25519 CERT-----\n"
    827. 

  827.   "AQsABmRZATUYQypFY7pr8FpmV61pcqUylt5fEr/QLfavfcwbzlA7AQAgBADSI5Ie\n"
    828. 

  828.   "Ekdy+qeHngLmz6Gr7fQ5xvilhxB91UDIjwRfP0ufoVF+HalsyXKskYvcYhH67+lw\n"
    829. 

  829.   "D947flCHzeJyfAT38jO/Cw42qM7H+SObBMcsTB93J0lPNBy4OHosH9ybtwA=\n"
    830. 

  830.   "-----END ED25519 CERT-----\n"
    831. 

  831.   "introduction-point AQESJgAAAAAAAAAAAAAAAAAAASMp\n"
    832. 

  832.   "auth-key\n"
    833. 

  833.   "-----BEGIN ED25519 CERT-----\n"
    834. 

  834.   "AQkABmRZAVdPeZyzfCyUDC1fnYyom8eOS2O1opzTytEU7dlOf9brAQAgBABo2zfd\n"
    835. 

  835.   "wyqAdzSeaIzH1TUcV3u8nAG2YhNCRw2/2vVWuHVSGTrO1EM6Eu1jyOw/qtSS6Exf\n"
    836. 

  836.   "omV417y8uK2gHQ+1FWqg/KaogELYzDG6pcj2NkziovnIfET0W7nZB85YjwQ=\n"
    837. 

  837.   "-----END ED25519 CERT-----\n"
    838. 

  838.   "enc-key ntor MbxzxI1K+zcl7e+wysLK96UZWwFEJQqI0G7b0muRXx4=\n"
    839. 

  839.   "enc-key-certification\n"
    840. 

  840.   "-----BEGIN ED25519 CERT-----\n"
    841. 

  841.   "AQsABmRZATUYQypFY7pr8FpmV61pcqUylt5fEr/QLfavfcwbzlA7AQAgBADimELh\n"
    842. 

  842.   "lLZvy/LjXnCdpvaVRhiGBeIRAGIDGz1SY/zD6BAnpDL420ha2TdvdGsg8cgfTcJZ\n"
    843. 

  843.   "g84x85+zhuh8kkdgt7bOmjOXLlButDCfTarMgCfy6pSI/hUckk+j5Q43uws=\n"
    844. 

  844.   "-----END ED25519 CERT-----\n"
    845. 

  845.   "introduction-point AQIUMDI5OUYyNjhGQ0E5RDU1Q0QxNTc=\n"
    846. 

  846.   "auth-key\n"
    847. 

  847.   "-----BEGIN ED25519 CERT-----\n"
    848. 

  848.   "AQkABmRZASnpBjHsw0Gpvi+KNlW4ouXegIsUBHMvJN1CQHDTLdfnAQAgBABo2zfd\n"
    849. 

  849.   "wyqAdzSeaIzH1TUcV3u8nAG2YhNCRw2/2vVWuOlbHs8s8LAeEb36urVKTJ5exgss\n"
    850. 

  850.   "V+ylIwHSWF0qanCnnTnDyNg/3YRUo0AZr0d/CoiNV+XsGE4Vuho/TBVC+wY=\n"
    851. 

  851.   "-----END ED25519 CERT-----\n"
    852. 

  852.   "enc-key legacy\n"
    853. 

  853.   "-----BEGIN RSA PUBLIC KEY-----\n"
    854. 

  854.   "MIGJAoGBALttUA1paMCQiuIZeCp26REztziej5dN0o6/kTU//ItT4MGxTfmnLmcq\n"
    855. 

  855.   "WpvK4jdX1h2OlDCZmtA7sb0HOkjELgrDU0ATVwOaeG+3icSddmQyaeT8+cxQEktj\n"
    856. 

  856.   "SXMQ+iJDxJIIWFPmLmWWQHqb4IRfl021l3iTErhtZKBz37JNK7E/AgMBAAE=\n"
    857. 

  857.   "-----END RSA PUBLIC KEY-----\n"
    858. 

  858.   "enc-key-certification\n"
    859. 

  859.   "-----BEGIN CROSSCERT-----\n"
    860. 

  860.   "NRhDKkVjumvwWmZXrWlypTKW3l8Sv9At9q99zBvOUDsABmRZgBROMZr2Mhj8H8zd\n"
    861. 

  861.   "xbU6ZvDUwD9xkptNHq0W04CyWb8p0y56y89y2kBF6RrSrVBJCyaHyph6Bmi5z0Lc\n"
    862. 

  862.   "f4jjakRlHwB7oYqSo7l8EE9DGE0rEat3hNhN+tBIAJL5gKOL4dgfD5gMi51zzSFl\n"
    863. 

  863.   "epv8idTwhqZ/sxRMUIQrb9AB8sOD\n"
    864. 

  864.   "-----END CROSSCERT-----\n"
    865. 

  865.   "introduction-point AQIUMDI5OUYyNjhGQ0E5RDU1Q0QxNTc=\n"
    866. 

  866.   "auth-key\n"
    867. 

  867.   "-----BEGIN ED25519 CERT-----\n"
    868. 

  868.   "AQkABmRZAdBFQcE23cIoCMFTycnQ1st2752vdjGME+QPMTTxvqZhAQAgBABo2zfd\n"
    869. 

  869.   "wyqAdzSeaIzH1TUcV3u8nAG2YhNCRw2/2vVWuOGXGPnb3g9J8aSyN7jYs71ET0wC\n"
    870. 

  870.   "TlDLcXCgAMnKA6of/a4QceFfAFsCnI3qCd8YUo5NYCMh2d5mtFpLK41Wpwo=\n"
    871. 

  871.   "-----END ED25519 CERT-----\n"
    872. 

  872.   "enc-key legacy\n"
    873. 

  873.   "-----BEGIN RSA PUBLIC KEY-----\n"
    874. 

  874.   "MIGJAoGBALuyEVMz4GwZ8LnBYxLZDHNg1DHUZJZNmE7HsQDcM/FYeZ1LjYLe/K8s\n"
    875. 

  875.   "BFzgFmjMU1ondIWGWpRCLYcZxQMZaSU0ObdezDwelTkHo/u7K2fQTLmI9EofcsK0\n"
    876. 

  876.   "4OkY6eo8BFtXXoQJhAw5WatRpzah2sGqMPXs2jr7Ku4Pd8JuRd35AgMBAAE=\n"
    877. 

  877.   "-----END RSA PUBLIC KEY-----\n"
    878. 

  878.   "enc-key-certification\n"
    879. 

  879.   "-----BEGIN CROSSCERT-----\n"
    880. 

  880.   "NRhDKkVjumvwWmZXrWlypTKW3l8Sv9At9q99zBvOUDsABmRZgGwpo67ybC7skFYk\n"
    881. 

  881.   "JjvqcbrKg8Fwrvue9yF66p1O90fqziVsvpKGcsr3tcIJHtNsrWVRDpyFwnc1wlVE\n"
    882. 

  882.   "O7rHftF4GUsKaoz3wxxmb0YyyYVQvLpH0Y6lFIvw8nGurnsMefQWLcxuEX7xZOPl\n"
    883. 

  883.   "VAlVp+XtJE1ZNQ62hpnNgBDi1ikJ\n"
    884. 

  884.   "-----END CROSSCERT-----";
    885. 

  885. 

  886. static void
    887. 

  887. test_decode_multiple_intro_points(void *arg)
    888. 

  888. {
    889. 

  889.   int ret;
    890. 

  890.   hs_descriptor_t *desc = NULL;
    891. 

  891. 

  892.   /* XXXX test is broken! Assumes that signing key is as hardcoded in
    893. 

  893.    * crosscert code above. */
    894. 

  894.   if (1)
    895. 

  895.     tt_skip();
    896. 

  896. 

  897.   (void) arg;
    898. 

  898. 

  899.   {
    900. 

  900.     /* Build a descriptor with no intro points. */
    901. 

  901.     desc = helper_build_hs_desc(1);
    902. 

  902.     tt_assert(desc);
    903. 

  903.   }
    904. 

  904. 

  905.   ret = decode_intro_points(desc, &desc->encrypted_data,
    906. 

  906.                             encrypted_desc_portion);
    907. 

  907.   tt_int_op(ret, ==, 0);
    908. 

  908. 

  909.   tt_int_op(smartlist_len(desc->encrypted_data.intro_points), ==, 4);
    910. 

  910. 

  911.  done:
    912. 

  912.   ;
    913. 

  913. }
    914. 

  914. 

  915. static void
    916. 

  916. test_decode_plaintext(void *arg)
    917. 

  917. {
    918. 

  918.   int ret;
    919. 

  919.   hs_desc_plaintext_data_t desc_plaintext;
    920. 

  920.   const char *bad_value = "unicorn";
    921. 

  921. 

  922.   (void) arg;
    923. 

  923. 

  924. #define template \
    925. 

  925.     "hs-descriptor %s\n" \
    926. 

  926.     "descriptor-lifetime %s\n" \
    927. 

  927.     "descriptor-signing-key-cert\n" \
    928. 

  928.     "-----BEGIN ED25519 CERT-----\n" \
    929. 

  929.     "AQgABjvPAQaG3g+dc6oV/oJV4ODAtkvx56uBnPtBT9mYVuHVOhn7AQAgBABUg3mQ\n" \
    930. 

  930.     "myBr4bu5LCr53wUEbW2EXui01CbUgU7pfo9LvJG3AcXRojj6HlfsUs9BkzYzYdjF\n" \
    931. 

  931.     "A69Apikgu0ewHYkFFASt7Il+gB3w6J8YstQJZT7dtbtl+doM7ug8B68Qdg8=\n" \
    932. 

  932.     "-----END ED25519 CERT-----\n" \
    933. 

  933.     "revision-counter %s\n" \
    934. 

  934.     "encrypted\n" \
    935. 

  935.     "-----BEGIN %s-----\n" \
    936. 

  936.     "UNICORN\n" \
    937. 

  937.     "-----END MESSAGE-----\n" \
    938. 

  938.     "signature m20WJH5agqvwhq7QeuEZ1mYyPWQDO+eJOZUjLhAiKu8DbL17DsDfJE6kXbWy" \
    939. 

  939.     "HimbNj2we0enV3cCOOAsmPOaAw\n"
    940. 

  940. 

  941.   /* Invalid version. */
    942. 

  942.   {
    943. 

  943.     char *plaintext;
    944. 

  944.     tor_asprintf(&plaintext, template, bad_value, "180", "42", "MESSAGE");
    945. 

  945.     ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
    946. 

  946.     tor_free(plaintext);
    947. 

  947.     tt_int_op(ret, OP_EQ, -1);
    948. 

  948.   }
    949. 

  949. 

  950.   /* Missing fields. */
    951. 

  951.   {
    952. 

  952.     const char *plaintext = "hs-descriptor 3\n";
    953. 

  953.     ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
    954. 

  954.     tt_int_op(ret, OP_EQ, -1);
    955. 

  955.   }
    956. 

  956. 

  957.   /* Max length. */
    958. 

  958.   {
    959. 

  959.     size_t big = 64000;
    960. 

  960.     /* Must always be bigger than HS_DESC_MAX_LEN. */
    961. 

  961.     tt_int_op(HS_DESC_MAX_LEN, <, big);
    962. 

  962.     char *plaintext = tor_malloc_zero(big);
    963. 

  963.     memset(plaintext, 'a', big);
    964. 

  964.     plaintext[big - 1] = '\0';
    965. 

  965.     ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
    966. 

  966.     tor_free(plaintext);
    967. 

  967.     tt_int_op(ret, OP_EQ, -1);
    968. 

  968.   }
    969. 

  969. 

  970.   /* Bad lifetime value. */
    971. 

  971.   {
    972. 

  972.     char *plaintext;
    973. 

  973.     tor_asprintf(&plaintext, template, "3", bad_value, "42", "MESSAGE");
    974. 

  974.     ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
    975. 

  975.     tt_int_op(ret, OP_EQ, -1);
    976. 

  976.   }
    977. 

  977. 

  978.   /* Huge lifetime value. */
    979. 

  979.   {
    980. 

  980.     char *plaintext;
    981. 

  981.     tor_asprintf(&plaintext, template, "3", "7181615", "42", "MESSAGE");
    982. 

  982.     ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
    983. 

  983.     tt_int_op(ret, OP_EQ, -1);
    984. 

  984.   }
    985. 

  985. 

  986.   /* Invalid encrypted section. */
    987. 

  987.   {
    988. 

  988.     char *plaintext;
    989. 

  989.     tor_asprintf(&plaintext, template, "3", "180", "42", bad_value);
    990. 

  990.     ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
    991. 

  991.     tt_int_op(ret, OP_EQ, -1);
    992. 

  992.   }
    993. 

  993. 

  994.   /* Invalid revision counter. */
    995. 

  995.   {
    996. 

  996.     char *plaintext;
    997. 

  997.     tor_asprintf(&plaintext, template, "3", "180", bad_value, "MESSAGE");
    998. 

  998.     ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
    999. 

  999.     tt_int_op(ret, OP_EQ, -1);
    1000. 

  1000.   }
    1001. 

  1001. 

  1002.  done:
    1003. 

  1003.   ;
    1004. 

  1004. }
    1005. 

  1005. 

  1006. static void
    1007. 

  1007. test_validate_cert(void *arg)
    1008. 

  1008. {
    1009. 

  1009.   int ret;
    1010. 

  1010.   time_t now = time(NULL);
    1011. 

  1011.   ed25519_keypair_t kp;
    1012. 

  1012.   tor_cert_t *cert = NULL;
    1013. 

  1013. 

  1014.   (void) arg;
    1015. 

  1015. 

  1016.   ret = ed25519_keypair_generate(&kp, 0);
    1017. 

  1017.   tt_int_op(ret, ==, 0);
    1018. 

  1018. 

  1019.   /* Cert of type CERT_TYPE_AUTH_HS_IP_KEY. */
    1020. 

  1020.   cert = tor_cert_create(&kp, CERT_TYPE_AUTH_HS_IP_KEY,
    1021. 

  1021.                                      &kp.pubkey, now, 3600,
    1022. 

  1022.                                      CERT_FLAG_INCLUDE_SIGNING_KEY);
    1023. 

  1023.   tt_assert(cert);
    1024. 

  1024.   /* Test with empty certificate. */
    1025. 

  1025.   ret = cert_is_valid(NULL, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
    1026. 

  1026.   tt_int_op(ret, OP_EQ, 0);
    1027. 

  1027.   /* Test with a bad type. */
    1028. 

  1028.   ret = cert_is_valid(cert, CERT_TYPE_SIGNING_HS_DESC, "unicorn");
    1029. 

  1029.   tt_int_op(ret, OP_EQ, 0);
    1030. 

  1030.   /* Normal validation. */
    1031. 

  1031.   ret = cert_is_valid(cert, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
    1032. 

  1032.   tt_int_op(ret, OP_EQ, 1);
    1033. 

  1033.   /* Break signing key so signature verification will fails. */
    1034. 

  1034.   memset(&cert->signing_key, 0, sizeof(cert->signing_key));
    1035. 

  1035.   ret = cert_is_valid(cert, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
    1036. 

  1036.   tt_int_op(ret, OP_EQ, 0);
    1037. 

  1037.   tor_cert_free(cert);
    1038. 

  1038. 

  1039.   /* Try a cert without including the signing key. */
    1040. 

  1040.   cert = tor_cert_create(&kp, CERT_TYPE_AUTH_HS_IP_KEY, &kp.pubkey, now,
    1041. 

  1041.                          3600, 0);
    1042. 

  1042.   tt_assert(cert);
    1043. 

  1043.   /* Test with a bad type. */
    1044. 

  1044.   ret = cert_is_valid(cert, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
    1045. 

  1045.   tt_int_op(ret, OP_EQ, 0);
    1046. 

  1046. 

  1047.  done:
    1048. 

  1048.   tor_cert_free(cert);
    1049. 

  1049. }
    1050. 

  1050. 

  1051. static void
    1052. 

  1052. test_desc_signature(void *arg)
    1053. 

  1053. {
    1054. 

  1054.   int ret;
    1055. 

  1055.   char *data, *desc;
    1056. 

  1056.   char sig_b64[ED25519_SIG_BASE64_LEN + 1];
    1057. 

  1057.   ed25519_keypair_t kp;
    1058. 

  1058.   ed25519_signature_t sig;
    1059. 

  1059. 

  1060.   (void) arg;
    1061. 

  1061. 

  1062.   ed25519_keypair_generate(&kp, 0);
    1063. 

  1063.   /* Setup a phoony descriptor but with a valid signature token that is the
    1064. 

  1064.    * signature is verifiable. */
    1065. 

  1065.   tor_asprintf(&data, "This is a signed descriptor\n");
    1066. 

  1066.   ret = ed25519_sign_prefixed(&sig, (const uint8_t *) data, strlen(data),
    1067. 

  1067.                               "Tor onion service descriptor sig v3", &kp);
    1068. 

  1068.   tt_int_op(ret, ==, 0);
    1069. 

  1069.   ret = ed25519_signature_to_base64(sig_b64, &sig);
    1070. 

  1070.   tt_int_op(ret, ==, 0);
    1071. 

  1071.   /* Build the descriptor that should be valid. */
    1072. 

  1072.   tor_asprintf(&desc, "%ssignature %s\n", data, sig_b64);
    1073. 

  1073.   ret = desc_sig_is_valid(sig_b64, &kp, desc, strlen(desc));
    1074. 

  1074.   tt_int_op(ret, ==, 1);
    1075. 

  1075.   /* Junk signature. */
    1076. 

  1076.   ret = desc_sig_is_valid("JUNK", &kp, desc, strlen(desc));
    1077. 

  1077.   tt_int_op(ret, ==, 0);
    1078. 

  1078. 

  1079.  done:
    1080. 

  1080.   tor_free(desc);
    1081. 

  1081.   tor_free(data);
    1082. 

  1082. }
    1083. 

  1083. 

  1084. struct testcase_t hs_descriptor[] = {
    1085. 

  1085.   /* Encoding tests. */
    1086. 

  1086.   { "cert_encoding", test_cert_encoding, TT_FORK,
    1087. 

  1087.     NULL, NULL },
    1088. 

  1088.   { "link_specifier", test_link_specifier, TT_FORK,
    1089. 

  1089.     NULL, NULL },
    1090. 

  1090.   { "encode_descriptor", test_encode_descriptor, TT_FORK,
    1091. 

  1091.     NULL, NULL },
    1092. 

  1092.   { "descriptor_padding", test_descriptor_padding, TT_FORK,
    1093. 

  1093.     NULL, NULL },
    1094. 

  1094. 

  1095.   /* Decoding tests. */
    1096. 

  1096.   { "decode_descriptor", test_decode_descriptor, TT_FORK,
    1097. 

  1097.     NULL, NULL },
    1098. 

  1098.   { "encrypted_data_len", test_encrypted_data_len, TT_FORK,
    1099. 

  1099.     NULL, NULL },
    1100. 

  1100.   { "decode_intro_point", test_decode_intro_point, TT_FORK,
    1101. 

  1101.     NULL, NULL },
    1102. 

  1102.   { "decode_multiple_intro_points", test_decode_multiple_intro_points, TT_FORK,
    1103. 

  1103.     NULL, NULL },
    1104. 

  1104.   { "decode_plaintext", test_decode_plaintext, TT_FORK,
    1105. 

  1105.     NULL, NULL },
    1106. 

  1106. 

  1107.   /* Misc. */
    1108. 

  1108.   { "version", test_supported_version, TT_FORK,
    1109. 

  1109.     NULL, NULL },
    1110. 

  1110.   { "validate_cert", test_validate_cert, TT_FORK,
    1111. 

  1111.     NULL, NULL },
    1112. 

  1112.   { "desc_signature", test_desc_signature, TT_FORK,
    1113. 

  1113.     NULL, NULL },
    1114. 

  1114. 

  1115.   END_OF_TESTCASES
    1116. 

  1116. };
    1117. 

  1117.