test_hs_descriptor.c 28 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899
  1. /* Copyright (c) 2016-2018, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. /**
  4. * \file test_hs_descriptor.c
  5. * \brief Test hidden service descriptor encoding and decoding.
  6. */
  7. #define HS_DESCRIPTOR_PRIVATE
  8. #include "lib/crypt_ops/crypto_ed25519.h"
  9. #include "lib/crypt_ops/crypto_format.h"
  10. #include "lib/crypt_ops/crypto_digest.h"
  11. #include "lib/crypt_ops/crypto_rand.h"
  12. #include "trunnel/ed25519_cert.h"
  13. #include "core/or/or.h"
  14. #include "feature/hs/hs_descriptor.h"
  15. #include "test/test.h"
  16. #include "feature/nodelist/torcert.h"
  17. #include "test/hs_test_helpers.h"
  18. #include "test/test_helpers.h"
  19. #include "test/log_test_helpers.h"
  20. #ifdef HAVE_CFLAG_WOVERLENGTH_STRINGS
  21. DISABLE_GCC_WARNING(overlength-strings)
  22. /* We allow huge string constants in the unit tests, but not in the code
  23. * at large. */
  24. #endif
  25. #include "test_hs_descriptor.inc"
  26. ENABLE_GCC_WARNING(overlength-strings)
  27. /* Test certificate encoding put in a descriptor. */
  28. static void
  29. test_cert_encoding(void *arg)
  30. {
  31. int ret;
  32. char *encoded = NULL;
  33. time_t now = time(NULL);
  34. ed25519_keypair_t kp;
  35. ed25519_public_key_t signed_key;
  36. ed25519_secret_key_t secret_key;
  37. tor_cert_t *cert = NULL;
  38. (void) arg;
  39. ret = ed25519_keypair_generate(&kp, 0);
  40. tt_int_op(ret, == , 0);
  41. ret = ed25519_secret_key_generate(&secret_key, 0);
  42. tt_int_op(ret, == , 0);
  43. ret = ed25519_public_key_generate(&signed_key, &secret_key);
  44. tt_int_op(ret, == , 0);
  45. cert = tor_cert_create(&kp, CERT_TYPE_SIGNING_AUTH, &signed_key,
  46. now, 3600 * 2, CERT_FLAG_INCLUDE_SIGNING_KEY);
  47. tt_assert(cert);
  48. /* Test the certificate encoding function. */
  49. ret = tor_cert_encode_ed22519(cert, &encoded);
  50. tt_int_op(ret, OP_EQ, 0);
  51. /* Validated the certificate string. */
  52. {
  53. char *end, *pos = encoded;
  54. char *b64_cert, buf[256];
  55. size_t b64_cert_len;
  56. tor_cert_t *parsed_cert;
  57. tt_int_op(strcmpstart(pos, "-----BEGIN ED25519 CERT-----\n"), OP_EQ, 0);
  58. pos += strlen("-----BEGIN ED25519 CERT-----\n");
  59. /* Isolate the base64 encoded certificate and try to decode it. */
  60. end = strstr(pos, "-----END ED25519 CERT-----");
  61. tt_assert(end);
  62. b64_cert = pos;
  63. b64_cert_len = end - pos;
  64. ret = base64_decode(buf, sizeof(buf), b64_cert, b64_cert_len);
  65. tt_int_op(ret, OP_GT, 0);
  66. /* Parseable? */
  67. parsed_cert = tor_cert_parse((uint8_t *) buf, ret);
  68. tt_assert(parsed_cert);
  69. /* Signature is valid? */
  70. ret = tor_cert_checksig(parsed_cert, &kp.pubkey, now + 10);
  71. tt_int_op(ret, OP_EQ, 0);
  72. ret = tor_cert_eq(cert, parsed_cert);
  73. tt_int_op(ret, OP_EQ, 1);
  74. /* The cert did have the signing key? */
  75. ret= ed25519_pubkey_eq(&parsed_cert->signing_key, &kp.pubkey);
  76. tt_int_op(ret, OP_EQ, 1);
  77. tor_cert_free(parsed_cert);
  78. /* Get to the end part of the certificate. */
  79. pos += b64_cert_len;
  80. tt_int_op(strcmpstart(pos, "-----END ED25519 CERT-----"), OP_EQ, 0);
  81. pos += strlen("-----END ED25519 CERT-----");
  82. tt_str_op(pos, OP_EQ, "");
  83. }
  84. done:
  85. tor_cert_free(cert);
  86. tor_free(encoded);
  87. }
  88. /* Test the descriptor padding. */
  89. static void
  90. test_descriptor_padding(void *arg)
  91. {
  92. char *plaintext;
  93. size_t plaintext_len, padded_len;
  94. uint8_t *padded_plaintext = NULL;
  95. /* Example: if l = 129, the ceiled division gives 2 and then multiplied by 128
  96. * to give 256. With l = 127, ceiled division gives 1 then times 128. */
  97. #define PADDING_EXPECTED_LEN(l) \
  98. CEIL_DIV(l, HS_DESC_SUPERENC_PLAINTEXT_PAD_MULTIPLE) * \
  99. HS_DESC_SUPERENC_PLAINTEXT_PAD_MULTIPLE
  100. (void) arg;
  101. { /* test #1: no padding */
  102. plaintext_len = HS_DESC_SUPERENC_PLAINTEXT_PAD_MULTIPLE;
  103. plaintext = tor_malloc(plaintext_len);
  104. padded_len = build_plaintext_padding(plaintext, plaintext_len,
  105. &padded_plaintext);
  106. tt_assert(padded_plaintext);
  107. tor_free(plaintext);
  108. /* Make sure our padding has been zeroed. */
  109. tt_int_op(tor_mem_is_zero((char *) padded_plaintext + plaintext_len,
  110. padded_len - plaintext_len), OP_EQ, 1);
  111. tor_free(padded_plaintext);
  112. /* Never never have a padded length smaller than the plaintext. */
  113. tt_int_op(padded_len, OP_GE, plaintext_len);
  114. tt_int_op(padded_len, OP_EQ, PADDING_EXPECTED_LEN(plaintext_len));
  115. }
  116. { /* test #2: one byte padding? */
  117. plaintext_len = HS_DESC_SUPERENC_PLAINTEXT_PAD_MULTIPLE - 1;
  118. plaintext = tor_malloc(plaintext_len);
  119. padded_plaintext = NULL;
  120. padded_len = build_plaintext_padding(plaintext, plaintext_len,
  121. &padded_plaintext);
  122. tt_assert(padded_plaintext);
  123. tor_free(plaintext);
  124. /* Make sure our padding has been zeroed. */
  125. tt_int_op(tor_mem_is_zero((char *) padded_plaintext + plaintext_len,
  126. padded_len - plaintext_len), OP_EQ, 1);
  127. tor_free(padded_plaintext);
  128. /* Never never have a padded length smaller than the plaintext. */
  129. tt_int_op(padded_len, OP_GE, plaintext_len);
  130. tt_int_op(padded_len, OP_EQ, PADDING_EXPECTED_LEN(plaintext_len));
  131. }
  132. { /* test #3: Lots more bytes of padding? */
  133. plaintext_len = HS_DESC_SUPERENC_PLAINTEXT_PAD_MULTIPLE + 1;
  134. plaintext = tor_malloc(plaintext_len);
  135. padded_plaintext = NULL;
  136. padded_len = build_plaintext_padding(plaintext, plaintext_len,
  137. &padded_plaintext);
  138. tt_assert(padded_plaintext);
  139. tor_free(plaintext);
  140. /* Make sure our padding has been zeroed. */
  141. tt_int_op(tor_mem_is_zero((char *) padded_plaintext + plaintext_len,
  142. padded_len - plaintext_len), OP_EQ, 1);
  143. tor_free(padded_plaintext);
  144. /* Never never have a padded length smaller than the plaintext. */
  145. tt_int_op(padded_len, OP_GE, plaintext_len);
  146. tt_int_op(padded_len, OP_EQ, PADDING_EXPECTED_LEN(plaintext_len));
  147. }
  148. done:
  149. return;
  150. }
  151. static void
  152. test_link_specifier(void *arg)
  153. {
  154. ssize_t ret;
  155. hs_desc_link_specifier_t spec;
  156. smartlist_t *link_specifiers = smartlist_new();
  157. char buf[256];
  158. char *b64 = NULL;
  159. link_specifier_t *ls = NULL;
  160. (void) arg;
  161. /* Always this port. */
  162. spec.u.ap.port = 42;
  163. smartlist_add(link_specifiers, &spec);
  164. /* Test IPv4 for starter. */
  165. {
  166. uint32_t ipv4;
  167. spec.type = LS_IPV4;
  168. ret = tor_addr_parse(&spec.u.ap.addr, "1.2.3.4");
  169. tt_int_op(ret, OP_EQ, AF_INET);
  170. b64 = encode_link_specifiers(link_specifiers);
  171. tt_assert(b64);
  172. /* Decode it and validate the format. */
  173. ret = base64_decode(buf, sizeof(buf), b64, strlen(b64));
  174. tt_int_op(ret, OP_GT, 0);
  175. /* First byte is the number of link specifier. */
  176. tt_int_op(get_uint8(buf), OP_EQ, 1);
  177. ret = link_specifier_parse(&ls, (uint8_t *) buf + 1, ret - 1);
  178. tt_int_op(ret, OP_EQ, 8);
  179. /* Should be 2 bytes for port and 4 bytes for IPv4. */
  180. tt_int_op(link_specifier_get_ls_len(ls), OP_EQ, 6);
  181. ipv4 = link_specifier_get_un_ipv4_addr(ls);
  182. tt_int_op(tor_addr_to_ipv4h(&spec.u.ap.addr), OP_EQ, ipv4);
  183. tt_int_op(link_specifier_get_un_ipv4_port(ls), OP_EQ, spec.u.ap.port);
  184. link_specifier_free(ls);
  185. ls = NULL;
  186. tor_free(b64);
  187. }
  188. /* Test IPv6. */
  189. {
  190. uint8_t ipv6[16];
  191. spec.type = LS_IPV6;
  192. ret = tor_addr_parse(&spec.u.ap.addr, "[1:2:3:4::]");
  193. tt_int_op(ret, OP_EQ, AF_INET6);
  194. b64 = encode_link_specifiers(link_specifiers);
  195. tt_assert(b64);
  196. /* Decode it and validate the format. */
  197. ret = base64_decode(buf, sizeof(buf), b64, strlen(b64));
  198. tt_int_op(ret, OP_GT, 0);
  199. /* First byte is the number of link specifier. */
  200. tt_int_op(get_uint8(buf), OP_EQ, 1);
  201. ret = link_specifier_parse(&ls, (uint8_t *) buf + 1, ret - 1);
  202. tt_int_op(ret, OP_EQ, 20);
  203. /* Should be 2 bytes for port and 16 bytes for IPv6. */
  204. tt_int_op(link_specifier_get_ls_len(ls), OP_EQ, 18);
  205. for (unsigned int i = 0; i < sizeof(ipv6); i++) {
  206. ipv6[i] = link_specifier_get_un_ipv6_addr(ls, i);
  207. }
  208. tt_mem_op(tor_addr_to_in6_addr8(&spec.u.ap.addr), OP_EQ, ipv6,
  209. sizeof(ipv6));
  210. tt_int_op(link_specifier_get_un_ipv6_port(ls), OP_EQ, spec.u.ap.port);
  211. link_specifier_free(ls);
  212. ls = NULL;
  213. tor_free(b64);
  214. }
  215. /* Test legacy. */
  216. {
  217. uint8_t *id;
  218. spec.type = LS_LEGACY_ID;
  219. memset(spec.u.legacy_id, 'Y', sizeof(spec.u.legacy_id));
  220. b64 = encode_link_specifiers(link_specifiers);
  221. tt_assert(b64);
  222. /* Decode it and validate the format. */
  223. ret = base64_decode(buf, sizeof(buf), b64, strlen(b64));
  224. tt_int_op(ret, OP_GT, 0);
  225. /* First byte is the number of link specifier. */
  226. tt_int_op(get_uint8(buf), OP_EQ, 1);
  227. ret = link_specifier_parse(&ls, (uint8_t *) buf + 1, ret - 1);
  228. /* 20 bytes digest + 1 byte type + 1 byte len. */
  229. tt_int_op(ret, OP_EQ, 22);
  230. tt_int_op(link_specifier_getlen_un_legacy_id(ls), OP_EQ, DIGEST_LEN);
  231. /* Digest length is 20 bytes. */
  232. tt_int_op(link_specifier_get_ls_len(ls), OP_EQ, DIGEST_LEN);
  233. id = link_specifier_getarray_un_legacy_id(ls);
  234. tt_mem_op(spec.u.legacy_id, OP_EQ, id, DIGEST_LEN);
  235. link_specifier_free(ls);
  236. ls = NULL;
  237. tor_free(b64);
  238. }
  239. done:
  240. link_specifier_free(ls);
  241. tor_free(b64);
  242. smartlist_free(link_specifiers);
  243. }
  244. static void
  245. test_encode_descriptor(void *arg)
  246. {
  247. int ret;
  248. char *encoded = NULL;
  249. ed25519_keypair_t signing_kp;
  250. hs_descriptor_t *desc = NULL;
  251. (void) arg;
  252. ret = ed25519_keypair_generate(&signing_kp, 0);
  253. tt_int_op(ret, OP_EQ, 0);
  254. desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
  255. ret = hs_desc_encode_descriptor(desc, &signing_kp, &encoded);
  256. tt_int_op(ret, OP_EQ, 0);
  257. tt_assert(encoded);
  258. done:
  259. hs_descriptor_free(desc);
  260. tor_free(encoded);
  261. }
  262. static void
  263. test_decode_descriptor(void *arg)
  264. {
  265. int ret;
  266. char *encoded = NULL;
  267. ed25519_keypair_t signing_kp;
  268. hs_descriptor_t *desc = NULL;
  269. hs_descriptor_t *decoded = NULL;
  270. hs_descriptor_t *desc_no_ip = NULL;
  271. uint8_t subcredential[DIGEST256_LEN];
  272. (void) arg;
  273. ret = ed25519_keypair_generate(&signing_kp, 0);
  274. tt_int_op(ret, OP_EQ, 0);
  275. desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
  276. hs_helper_get_subcred_from_identity_keypair(&signing_kp,
  277. subcredential);
  278. /* Give some bad stuff to the decoding function. */
  279. ret = hs_desc_decode_descriptor("hladfjlkjadf", subcredential, &decoded);
  280. tt_int_op(ret, OP_EQ, -1);
  281. ret = hs_desc_encode_descriptor(desc, &signing_kp, &encoded);
  282. tt_int_op(ret, OP_EQ, 0);
  283. tt_assert(encoded);
  284. ret = hs_desc_decode_descriptor(encoded, subcredential, &decoded);
  285. tt_int_op(ret, OP_EQ, 0);
  286. tt_assert(decoded);
  287. hs_helper_desc_equal(desc, decoded);
  288. /* Decode a descriptor with _no_ introduction points. */
  289. {
  290. ed25519_keypair_t signing_kp_no_ip;
  291. ret = ed25519_keypair_generate(&signing_kp_no_ip, 0);
  292. tt_int_op(ret, OP_EQ, 0);
  293. hs_helper_get_subcred_from_identity_keypair(&signing_kp_no_ip,
  294. subcredential);
  295. desc_no_ip = hs_helper_build_hs_desc_no_ip(&signing_kp_no_ip);
  296. tt_assert(desc_no_ip);
  297. tor_free(encoded);
  298. ret = hs_desc_encode_descriptor(desc_no_ip, &signing_kp_no_ip, &encoded);
  299. tt_int_op(ret, OP_EQ, 0);
  300. tt_assert(encoded);
  301. hs_descriptor_free(decoded);
  302. ret = hs_desc_decode_descriptor(encoded, subcredential, &decoded);
  303. tt_int_op(ret, OP_EQ, 0);
  304. tt_assert(decoded);
  305. }
  306. done:
  307. hs_descriptor_free(desc);
  308. hs_descriptor_free(desc_no_ip);
  309. hs_descriptor_free(decoded);
  310. tor_free(encoded);
  311. }
  312. static void
  313. test_supported_version(void *arg)
  314. {
  315. int ret;
  316. (void) arg;
  317. /* Unsupported. */
  318. ret = hs_desc_is_supported_version(42);
  319. tt_int_op(ret, OP_EQ, 0);
  320. /* To early. */
  321. ret = hs_desc_is_supported_version(HS_DESC_SUPPORTED_FORMAT_VERSION_MIN - 1);
  322. tt_int_op(ret, OP_EQ, 0);
  323. /* One too new. */
  324. ret = hs_desc_is_supported_version(HS_DESC_SUPPORTED_FORMAT_VERSION_MAX + 1);
  325. tt_int_op(ret, OP_EQ, 0);
  326. /* Valid version. */
  327. ret = hs_desc_is_supported_version(3);
  328. tt_int_op(ret, OP_EQ, 1);
  329. done:
  330. ;
  331. }
  332. static void
  333. test_encrypted_data_len(void *arg)
  334. {
  335. int ret;
  336. size_t value;
  337. (void) arg;
  338. /* No length, error. */
  339. ret = encrypted_data_length_is_valid(0);
  340. tt_int_op(ret, OP_EQ, 0);
  341. /* Valid value. */
  342. value = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN + 1;
  343. ret = encrypted_data_length_is_valid(value);
  344. tt_int_op(ret, OP_EQ, 1);
  345. done:
  346. ;
  347. }
  348. static void
  349. test_decode_invalid_intro_point(void *arg)
  350. {
  351. int ret;
  352. char *encoded_ip = NULL;
  353. size_t len_out;
  354. hs_desc_intro_point_t *ip = NULL;
  355. ed25519_keypair_t signing_kp;
  356. hs_descriptor_t *desc = NULL;
  357. (void) arg;
  358. /* Separate pieces of a valid encoded introduction point. */
  359. const char *intro_point =
  360. "introduction-point AQIUMDI5OUYyNjhGQ0E5RDU1Q0QxNTc=";
  361. const char *auth_key =
  362. "auth-key\n"
  363. "-----BEGIN ED25519 CERT-----\n"
  364. "AQkACOhAAQW8ltYZMIWpyrfyE/b4Iyi8CNybCwYs6ADk7XfBaxsFAQAgBAD3/BE4\n"
  365. "XojGE/N2bW/wgnS9r2qlrkydGyuCKIGayYx3haZ39LD4ZTmSMRxwmplMAqzG/XNP\n"
  366. "0Kkpg4p2/VnLFJRdU1SMFo1lgQ4P0bqw7Tgx200fulZ4KUM5z5V7m+a/mgY=\n"
  367. "-----END ED25519 CERT-----";
  368. const char *enc_key =
  369. "enc-key ntor bpZKLsuhxP6woDQ3yVyjm5gUKSk7RjfAijT2qrzbQk0=";
  370. const char *enc_key_cert =
  371. "enc-key-cert\n"
  372. "-----BEGIN ED25519 CERT-----\n"
  373. "AQsACOhZAUpNvCZ1aJaaR49lS6MCdsVkhVGVrRqoj0Y2T4SzroAtAQAgBABFOcGg\n"
  374. "lbTt1DF5nKTE/gU3Fr8ZtlCIOhu1A+F5LM7fqCUupfesg0KTHwyIZOYQbJuM5/he\n"
  375. "/jDNyLy9woPJdjkxywaY2RPUxGjLYtMQV0E8PUxWyICV+7y52fTCYaKpYQw=\n"
  376. "-----END ED25519 CERT-----";
  377. /* Try to decode a junk string. */
  378. {
  379. hs_descriptor_free(desc);
  380. desc = NULL;
  381. ret = ed25519_keypair_generate(&signing_kp, 0);
  382. tt_int_op(ret, OP_EQ, 0);
  383. desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
  384. const char *junk = "this is not a descriptor";
  385. ip = decode_introduction_point(desc, junk);
  386. tt_ptr_op(ip, OP_EQ, NULL);
  387. hs_desc_intro_point_free(ip);
  388. ip = NULL;
  389. }
  390. /* Invalid link specifiers. */
  391. {
  392. smartlist_t *lines = smartlist_new();
  393. const char *bad_line = "introduction-point blah";
  394. smartlist_add(lines, (char *) bad_line);
  395. smartlist_add(lines, (char *) auth_key);
  396. smartlist_add(lines, (char *) enc_key);
  397. smartlist_add(lines, (char *) enc_key_cert);
  398. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  399. tt_assert(encoded_ip);
  400. ip = decode_introduction_point(desc, encoded_ip);
  401. tt_ptr_op(ip, OP_EQ, NULL);
  402. tor_free(encoded_ip);
  403. smartlist_free(lines);
  404. hs_desc_intro_point_free(ip);
  405. ip = NULL;
  406. }
  407. /* Invalid auth key type. */
  408. {
  409. smartlist_t *lines = smartlist_new();
  410. /* Try to put a valid object that our tokenize function will be able to
  411. * parse but that has nothing to do with the auth_key. */
  412. const char *bad_line =
  413. "auth-key\n"
  414. "-----BEGIN UNICORN CERT-----\n"
  415. "MIGJAoGBAO4bATcW8kW4h6RQQAKEgg+aXCpF4JwbcO6vGZtzXTDB+HdPVQzwqkbh\n"
  416. "XzFM6VGArhYw4m31wcP1Z7IwULir7UMnAFd7Zi62aYfU6l+Y1yAoZ1wzu1XBaAMK\n"
  417. "ejpwQinW9nzJn7c2f69fVke3pkhxpNdUZ+vplSA/l9iY+y+v+415AgMBAAE=\n"
  418. "-----END UNICORN CERT-----";
  419. /* Build intro point text. */
  420. smartlist_add(lines, (char *) intro_point);
  421. smartlist_add(lines, (char *) bad_line);
  422. smartlist_add(lines, (char *) enc_key);
  423. smartlist_add(lines, (char *) enc_key_cert);
  424. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  425. tt_assert(encoded_ip);
  426. ip = decode_introduction_point(desc, encoded_ip);
  427. tt_ptr_op(ip, OP_EQ, NULL);
  428. tor_free(encoded_ip);
  429. smartlist_free(lines);
  430. }
  431. /* Invalid enc-key. */
  432. {
  433. smartlist_t *lines = smartlist_new();
  434. const char *bad_line =
  435. "enc-key unicorn bpZKLsuhxP6woDQ3yVyjm5gUKSk7RjfAijT2qrzbQk0=";
  436. /* Build intro point text. */
  437. smartlist_add(lines, (char *) intro_point);
  438. smartlist_add(lines, (char *) auth_key);
  439. smartlist_add(lines, (char *) bad_line);
  440. smartlist_add(lines, (char *) enc_key_cert);
  441. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  442. tt_assert(encoded_ip);
  443. ip = decode_introduction_point(desc, encoded_ip);
  444. tt_ptr_op(ip, OP_EQ, NULL);
  445. tor_free(encoded_ip);
  446. smartlist_free(lines);
  447. }
  448. /* Invalid enc-key object. */
  449. {
  450. smartlist_t *lines = smartlist_new();
  451. const char *bad_line = "enc-key ntor";
  452. /* Build intro point text. */
  453. smartlist_add(lines, (char *) intro_point);
  454. smartlist_add(lines, (char *) auth_key);
  455. smartlist_add(lines, (char *) bad_line);
  456. smartlist_add(lines, (char *) enc_key_cert);
  457. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  458. tt_assert(encoded_ip);
  459. ip = decode_introduction_point(desc, encoded_ip);
  460. tt_ptr_op(ip, OP_EQ, NULL);
  461. tor_free(encoded_ip);
  462. smartlist_free(lines);
  463. }
  464. /* Invalid enc-key base64 curv25519 key. */
  465. {
  466. smartlist_t *lines = smartlist_new();
  467. const char *bad_line = "enc-key ntor blah===";
  468. /* Build intro point text. */
  469. smartlist_add(lines, (char *) intro_point);
  470. smartlist_add(lines, (char *) auth_key);
  471. smartlist_add(lines, (char *) bad_line);
  472. smartlist_add(lines, (char *) enc_key_cert);
  473. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  474. tt_assert(encoded_ip);
  475. ip = decode_introduction_point(desc, encoded_ip);
  476. tt_ptr_op(ip, OP_EQ, NULL);
  477. tor_free(encoded_ip);
  478. smartlist_free(lines);
  479. }
  480. /* Invalid enc-key invalid legacy. */
  481. {
  482. smartlist_t *lines = smartlist_new();
  483. const char *bad_line = "legacy-key blah===";
  484. /* Build intro point text. */
  485. smartlist_add(lines, (char *) intro_point);
  486. smartlist_add(lines, (char *) auth_key);
  487. smartlist_add(lines, (char *) bad_line);
  488. smartlist_add(lines, (char *) enc_key_cert);
  489. encoded_ip = smartlist_join_strings(lines, "\n", 0, &len_out);
  490. tt_assert(encoded_ip);
  491. ip = decode_introduction_point(desc, encoded_ip);
  492. tt_ptr_op(ip, OP_EQ, NULL);
  493. tor_free(encoded_ip);
  494. smartlist_free(lines);
  495. }
  496. done:
  497. hs_descriptor_free(desc);
  498. hs_desc_intro_point_free(ip);
  499. }
  500. /** Make sure we fail gracefully when decoding the bad desc from #23233. */
  501. static void
  502. test_decode_bad_signature(void *arg)
  503. {
  504. hs_desc_plaintext_data_t desc_plaintext;
  505. int ret;
  506. (void) arg;
  507. /* Update approx time to dodge cert expiration */
  508. update_approx_time(1502661599);
  509. setup_full_capture_of_logs(LOG_WARN);
  510. ret = hs_desc_decode_plaintext(HS_DESC_BAD_SIG, &desc_plaintext);
  511. tt_int_op(ret, OP_EQ, -1);
  512. expect_log_msg_containing("Malformed signature line. Rejecting.");
  513. teardown_capture_of_logs();
  514. done:
  515. desc_plaintext_data_free_contents(&desc_plaintext);
  516. }
  517. static void
  518. test_decode_plaintext(void *arg)
  519. {
  520. int ret;
  521. hs_desc_plaintext_data_t desc_plaintext;
  522. const char *bad_value = "unicorn";
  523. (void) arg;
  524. #define template \
  525. "hs-descriptor %s\n" \
  526. "descriptor-lifetime %s\n" \
  527. "descriptor-signing-key-cert\n" \
  528. "-----BEGIN ED25519 CERT-----\n" \
  529. "AQgABjvPAQaG3g+dc6oV/oJV4ODAtkvx56uBnPtBT9mYVuHVOhn7AQAgBABUg3mQ\n" \
  530. "myBr4bu5LCr53wUEbW2EXui01CbUgU7pfo9LvJG3AcXRojj6HlfsUs9BkzYzYdjF\n" \
  531. "A69Apikgu0ewHYkFFASt7Il+gB3w6J8YstQJZT7dtbtl+doM7ug8B68Qdg8=\n" \
  532. "-----END ED25519 CERT-----\n" \
  533. "revision-counter %s\n" \
  534. "encrypted\n" \
  535. "-----BEGIN %s-----\n" \
  536. "UNICORN\n" \
  537. "-----END MESSAGE-----\n" \
  538. "signature m20WJH5agqvwhq7QeuEZ1mYyPWQDO+eJOZUjLhAiKu8DbL17DsDfJE6kXbWy" \
  539. "HimbNj2we0enV3cCOOAsmPOaAw\n"
  540. /* Invalid version. */
  541. {
  542. char *plaintext;
  543. tor_asprintf(&plaintext, template, bad_value, "180", "42", "MESSAGE");
  544. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  545. tor_free(plaintext);
  546. tt_int_op(ret, OP_EQ, -1);
  547. }
  548. /* Missing fields. */
  549. {
  550. const char *plaintext = "hs-descriptor 3\n";
  551. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  552. tt_int_op(ret, OP_EQ, -1);
  553. }
  554. /* Max length. */
  555. {
  556. size_t big = 64000;
  557. /* Must always be bigger than HS_DESC_MAX_LEN. */
  558. tt_int_op(HS_DESC_MAX_LEN, OP_LT, big);
  559. char *plaintext = tor_malloc_zero(big);
  560. memset(plaintext, 'a', big);
  561. plaintext[big - 1] = '\0';
  562. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  563. tor_free(plaintext);
  564. tt_int_op(ret, OP_EQ, -1);
  565. }
  566. /* Bad lifetime value. */
  567. {
  568. char *plaintext;
  569. tor_asprintf(&plaintext, template, "3", bad_value, "42", "MESSAGE");
  570. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  571. tor_free(plaintext);
  572. tt_int_op(ret, OP_EQ, -1);
  573. }
  574. /* Huge lifetime value. */
  575. {
  576. char *plaintext;
  577. tor_asprintf(&plaintext, template, "3", "7181615", "42", "MESSAGE");
  578. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  579. tor_free(plaintext);
  580. tt_int_op(ret, OP_EQ, -1);
  581. }
  582. /* Invalid encrypted section. */
  583. {
  584. char *plaintext;
  585. tor_asprintf(&plaintext, template, "3", "180", "42", bad_value);
  586. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  587. tor_free(plaintext);
  588. tt_int_op(ret, OP_EQ, -1);
  589. }
  590. /* Invalid revision counter. */
  591. {
  592. char *plaintext;
  593. tor_asprintf(&plaintext, template, "3", "180", bad_value, "MESSAGE");
  594. ret = hs_desc_decode_plaintext(plaintext, &desc_plaintext);
  595. tor_free(plaintext);
  596. tt_int_op(ret, OP_EQ, -1);
  597. }
  598. done:
  599. ;
  600. }
  601. static void
  602. test_validate_cert(void *arg)
  603. {
  604. int ret;
  605. time_t now = time(NULL);
  606. ed25519_keypair_t kp;
  607. tor_cert_t *cert = NULL;
  608. (void) arg;
  609. ret = ed25519_keypair_generate(&kp, 0);
  610. tt_int_op(ret, OP_EQ, 0);
  611. /* Cert of type CERT_TYPE_AUTH_HS_IP_KEY. */
  612. cert = tor_cert_create(&kp, CERT_TYPE_AUTH_HS_IP_KEY,
  613. &kp.pubkey, now, 3600,
  614. CERT_FLAG_INCLUDE_SIGNING_KEY);
  615. tt_assert(cert);
  616. /* Test with empty certificate. */
  617. ret = cert_is_valid(NULL, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
  618. tt_int_op(ret, OP_EQ, 0);
  619. /* Test with a bad type. */
  620. ret = cert_is_valid(cert, CERT_TYPE_SIGNING_HS_DESC, "unicorn");
  621. tt_int_op(ret, OP_EQ, 0);
  622. /* Normal validation. */
  623. ret = cert_is_valid(cert, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
  624. tt_int_op(ret, OP_EQ, 1);
  625. /* Break signing key so signature verification will fails. */
  626. memset(&cert->signing_key, 0, sizeof(cert->signing_key));
  627. ret = cert_is_valid(cert, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
  628. tt_int_op(ret, OP_EQ, 0);
  629. tor_cert_free(cert);
  630. /* Try a cert without including the signing key. */
  631. cert = tor_cert_create(&kp, CERT_TYPE_AUTH_HS_IP_KEY, &kp.pubkey, now,
  632. 3600, 0);
  633. tt_assert(cert);
  634. /* Test with a bad type. */
  635. ret = cert_is_valid(cert, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
  636. tt_int_op(ret, OP_EQ, 0);
  637. done:
  638. tor_cert_free(cert);
  639. }
  640. static void
  641. test_desc_signature(void *arg)
  642. {
  643. int ret;
  644. char *data = NULL, *desc = NULL;
  645. char sig_b64[ED25519_SIG_BASE64_LEN + 1];
  646. ed25519_keypair_t kp;
  647. ed25519_signature_t sig;
  648. (void) arg;
  649. ed25519_keypair_generate(&kp, 0);
  650. /* Setup a phoony descriptor but with a valid signature token that is the
  651. * signature is verifiable. */
  652. tor_asprintf(&data, "This is a signed descriptor\n");
  653. ret = ed25519_sign_prefixed(&sig, (const uint8_t *) data, strlen(data),
  654. "Tor onion service descriptor sig v3", &kp);
  655. tt_int_op(ret, OP_EQ, 0);
  656. ret = ed25519_signature_to_base64(sig_b64, &sig);
  657. tt_int_op(ret, OP_EQ, 0);
  658. /* Build the descriptor that should be valid. */
  659. tor_asprintf(&desc, "%ssignature %s\n", data, sig_b64);
  660. ret = desc_sig_is_valid(sig_b64, &kp.pubkey, desc, strlen(desc));
  661. tt_int_op(ret, OP_EQ, 1);
  662. /* Junk signature. */
  663. ret = desc_sig_is_valid("JUNK", &kp.pubkey, desc, strlen(desc));
  664. tt_int_op(ret, OP_EQ, 0);
  665. done:
  666. tor_free(desc);
  667. tor_free(data);
  668. }
  669. /* bad desc auth type */
  670. static const char bad_superencrypted_text1[] = "desc-auth-type scoobysnack\n"
  671. "desc-auth-ephemeral-key A/O8DVtnUheb3r1JqoB8uJB7wxXL1XJX3eny4yB+eFA=\n"
  672. "auth-client oiNrQB8WwKo S5D02W7vKgiWIMygrBl8RQ FB//SfOBmLEx1kViEWWL1g\n"
  673. "encrypted\n"
  674. "-----BEGIN MESSAGE-----\n"
  675. "YmVpbmcgb24gbW91bnRhaW5zLCB0aGlua2luZyBhYm91dCBjb21wdXRlcnMsIGlzIG5vdC"
  676. "BiYWQgYXQgYWxs\n"
  677. "-----END MESSAGE-----\n";
  678. /* bad ephemeral key */
  679. static const char bad_superencrypted_text2[] = "desc-auth-type x25519\n"
  680. "desc-auth-ephemeral-key differentalphabet\n"
  681. "auth-client oiNrQB8WwKo S5D02W7vKgiWIMygrBl8RQ FB//SfOBmLEx1kViEWWL1g\n"
  682. "encrypted\n"
  683. "-----BEGIN MESSAGE-----\n"
  684. "YmVpbmcgb24gbW91bnRhaW5zLCB0aGlua2luZyBhYm91dCBjb21wdXRlcnMsIGlzIG5vdC"
  685. "BiYWQgYXQgYWxs\n"
  686. "-----END MESSAGE-----\n";
  687. /* bad encrypted msg */
  688. static const char bad_superencrypted_text3[] = "desc-auth-type x25519\n"
  689. "desc-auth-ephemeral-key A/O8DVtnUheb3r1JqoB8uJB7wxXL1XJX3eny4yB+eFA=\n"
  690. "auth-client oiNrQB8WwKo S5D02W7vKgiWIMygrBl8RQ FB//SfOBmLEx1kViEWWL1g\n"
  691. "encrypted\n"
  692. "-----BEGIN MESSAGE-----\n"
  693. "SO SMALL NOT GOOD\n"
  694. "-----END MESSAGE-----\n";
  695. static const char correct_superencrypted_text[] = "desc-auth-type x25519\n"
  696. "desc-auth-ephemeral-key A/O8DVtnUheb3r1JqoB8uJB7wxXL1XJX3eny4yB+eFA=\n"
  697. "auth-client oiNrQB8WwKo S5D02W7vKgiWIMygrBl8RQ FB//SfOBmLEx1kViEWWL1g\n"
  698. "auth-client Od09Qu636Qo /PKLzqewAdS/+0+vZC+MvQ dpw4NFo13zDnuPz45rxrOg\n"
  699. "auth-client JRr840iGYN0 8s8cxYqF7Lx23+NducC4Qg zAafl4wPLURkuEjJreZq1g\n"
  700. "encrypted\n"
  701. "-----BEGIN MESSAGE-----\n"
  702. "YmVpbmcgb24gbW91bnRhaW5zLCB0aGlua2luZyBhYm91dCBjb21wdXRlcnMsIGlzIG5vdC"
  703. "BiYWQgYXQgYWxs\n"
  704. "-----END MESSAGE-----\n";
  705. static const char correct_encrypted_plaintext[] = "being on mountains, "
  706. "thinking about computers, is not bad at all";
  707. static void
  708. test_parse_hs_desc_superencrypted(void *arg)
  709. {
  710. (void) arg;
  711. size_t retval;
  712. uint8_t *encrypted_out = NULL;
  713. {
  714. setup_full_capture_of_logs(LOG_WARN);
  715. retval = decode_superencrypted(bad_superencrypted_text1,
  716. strlen(bad_superencrypted_text1),
  717. &encrypted_out);
  718. tt_u64_op(retval, OP_EQ, 0);
  719. tt_ptr_op(encrypted_out, OP_EQ, NULL);
  720. expect_log_msg_containing("Unrecognized desc auth type");
  721. teardown_capture_of_logs();
  722. }
  723. {
  724. setup_full_capture_of_logs(LOG_WARN);
  725. retval = decode_superencrypted(bad_superencrypted_text2,
  726. strlen(bad_superencrypted_text2),
  727. &encrypted_out);
  728. tt_u64_op(retval, OP_EQ, 0);
  729. tt_ptr_op(encrypted_out, OP_EQ, NULL);
  730. expect_log_msg_containing("Bogus desc auth key in HS desc");
  731. teardown_capture_of_logs();
  732. }
  733. {
  734. setup_full_capture_of_logs(LOG_WARN);
  735. retval = decode_superencrypted(bad_superencrypted_text3,
  736. strlen(bad_superencrypted_text3),
  737. &encrypted_out);
  738. tt_u64_op(retval, OP_EQ, 0);
  739. tt_ptr_op(encrypted_out, OP_EQ, NULL);
  740. expect_log_msg_containing("Length of descriptor\'s encrypted data "
  741. "is too small.");
  742. teardown_capture_of_logs();
  743. }
  744. /* Now finally the good one */
  745. retval = decode_superencrypted(correct_superencrypted_text,
  746. strlen(correct_superencrypted_text),
  747. &encrypted_out);
  748. tt_u64_op(retval, OP_EQ, strlen(correct_encrypted_plaintext));
  749. tt_mem_op(encrypted_out, OP_EQ, correct_encrypted_plaintext,
  750. strlen(correct_encrypted_plaintext));
  751. done:
  752. tor_free(encrypted_out);
  753. }
  754. struct testcase_t hs_descriptor[] = {
  755. /* Encoding tests. */
  756. { "cert_encoding", test_cert_encoding, TT_FORK,
  757. NULL, NULL },
  758. { "link_specifier", test_link_specifier, TT_FORK,
  759. NULL, NULL },
  760. { "encode_descriptor", test_encode_descriptor, TT_FORK,
  761. NULL, NULL },
  762. { "descriptor_padding", test_descriptor_padding, TT_FORK,
  763. NULL, NULL },
  764. /* Decoding tests. */
  765. { "decode_descriptor", test_decode_descriptor, TT_FORK,
  766. NULL, NULL },
  767. { "encrypted_data_len", test_encrypted_data_len, TT_FORK,
  768. NULL, NULL },
  769. { "decode_invalid_intro_point", test_decode_invalid_intro_point, TT_FORK,
  770. NULL, NULL },
  771. { "decode_plaintext", test_decode_plaintext, TT_FORK,
  772. NULL, NULL },
  773. { "decode_bad_signature", test_decode_bad_signature, TT_FORK,
  774. NULL, NULL },
  775. /* Misc. */
  776. { "version", test_supported_version, TT_FORK,
  777. NULL, NULL },
  778. { "validate_cert", test_validate_cert, TT_FORK,
  779. NULL, NULL },
  780. { "desc_signature", test_desc_signature, TT_FORK,
  781. NULL, NULL },
  782. { "parse_hs_desc_superencrypted", test_parse_hs_desc_superencrypted,
  783. TT_FORK, NULL, NULL },
  784. END_OF_TESTCASES
  785. };