aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2021-10-19 10:24:24 -0400
committerDavid Goulet <dgoulet@torproject.org>2021-10-19 10:24:24 -0400
commita9913435bc66e5f0ec539c9ce6f72a3e52aa4f08 (patch)
tree5bb9f02aa97b84bdda286940d5fa4f4b871c962c
parentbc106b9e168730efa406b209acc7625c9c2e0133 (diff)
parent44e105c27f9ff7ce1fb62b09bac30679382c8d67 (diff)
downloadtor-a9913435bc66e5f0ec539c9ce6f72a3e52aa4f08.tar.gz
tor-a9913435bc66e5f0ec539c9ce6f72a3e52aa4f08.zip
Merge branch 'maint-0.3.5' into release-0.3.5
-rw-r--r--changes/ticket404768
-rw-r--r--src/core/or/connection_edge.c3
-rw-r--r--src/feature/control/control.c40
-rw-r--r--src/feature/dircache/dircache.c58
-rw-r--r--src/feature/hs/hs_common.h2
-rw-r--r--src/feature/hs/hs_config.c10
-rw-r--r--src/feature/hs/hs_intropoint.c3
-rw-r--r--src/test/include.am11
-rw-r--r--src/test/test_dir_handle_get.c74
-rw-r--r--src/test/test_entryconn.c41
-rw-r--r--src/test/test_hs_common.c9
-rw-r--r--src/test/test_hs_config.c199
-rw-r--r--src/test/test_hs_intropoint.c64
-rw-r--r--src/test/test_hs_service.c5
14 files changed, 72 insertions, 455 deletions
diff --git a/changes/ticket40476 b/changes/ticket40476
new file mode 100644
index 0000000000..062e36f9bc
--- /dev/null
+++ b/changes/ticket40476
@@ -0,0 +1,8 @@
+ o Major feature (onion service v2):
+ - Tor does NOT allow anymore to create v2 services, to connect as a client
+ to a v2 service and for a relay to be a v2 HSDir or introduction point.
+ This effectively disable onion service version 2 tor wide. Closes 40476.
+ - The control port command HSFETCH and HSPOST don't allow version 2 as well.
+ It is also not possible to create a v2 service with ADD_ONION.
+ - See https://blog.torproject.org/v2-deprecation-timeline for details on
+ how to transition from v2 to v3.
diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
index 84b80313ce..ae9177a2d0 100644
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -4348,9 +4348,6 @@ parse_extended_hostname(char *address)
if (q != address) {
memmove(address, q, strlen(q) + 1 /* also get \0 */);
}
- if (rend_valid_v2_service_id(query)) {
- return ONION_V2_HOSTNAME; /* success */
- }
if (hs_address_is_valid(query)) {
return ONION_V3_HOSTNAME;
}
diff --git a/src/feature/control/control.c b/src/feature/control/control.c
index 26ac12d307..c873d59f5e 100644
--- a/src/feature/control/control.c
+++ b/src/feature/control/control.c
@@ -4406,12 +4406,10 @@ handle_control_hsfetch(control_connection_t *conn, uint32_t len,
const char *body)
{
int i;
- char digest[DIGEST_LEN], *hsaddress = NULL, *arg1 = NULL, *desc_id = NULL;
+ char *hsaddress = NULL, *arg1 = NULL, *desc_id = NULL;
smartlist_t *args = NULL, *hsdirs = NULL;
(void) len; /* body is nul-terminated; it's safe to ignore the length */
static const char *hsfetch_command = "HSFETCH";
- static const char *v2_str = "v2-";
- const size_t v2_str_len = strlen(v2_str);
rend_data_t *rend_query = NULL;
/* Make sure we have at least one argument, the HSAddress. */
@@ -4422,21 +4420,13 @@ handle_control_hsfetch(control_connection_t *conn, uint32_t len,
/* Extract the first argument (either HSAddress or DescID). */
arg1 = smartlist_get(args, 0);
- /* Test if it's an HS address without the .onion part. */
- if (rend_valid_v2_service_id(arg1)) {
- hsaddress = arg1;
- } else if (strcmpstart(arg1, v2_str) == 0 &&
- rend_valid_descriptor_id(arg1 + v2_str_len) &&
- base32_decode(digest, sizeof(digest), arg1 + v2_str_len,
- REND_DESC_ID_V2_LEN_BASE32) == 0) {
- /* We have a well formed version 2 descriptor ID. Keep the decoded value
- * of the id. */
- desc_id = digest;
- } else {
- connection_printf_to_buf(conn, "513 Invalid argument \"%s\"\r\n",
- arg1);
- goto done;
- }
+
+ /* We no longer support version 2 on the network and so immediately return an
+ * error. We do this in order to not remove the code so to minimize the merge
+ * forward conflicts. */
+ connection_printf_to_buf(conn, "513 Invalid argument \"%s\"\r\n",
+ arg1);
+ goto done;
static const char *opt_server = "SERVER=";
@@ -4575,9 +4565,13 @@ handle_control_hspost(control_connection_t *conn,
send_control_done(conn);
}
tor_free(desc_str);
- goto done;
}
+ /* As for HSFETCH, we no longer support v2 on the network and so we stop
+ * right now. Code is not removed in order to minimize the merge forward
+ * conflicts. */
+ goto done;
+
/* From this point on, it is only v2. */
/* Read the dot encoded descriptor, and parse it. */
@@ -4653,11 +4647,13 @@ add_onion_helper_add_service(int hs_version,
tor_assert(port_cfgs);
tor_assert(address_out);
+ /* Version 2 is disabled. */
+ (void) auth_type;
+ (void) auth_clients;
+
switch (hs_version) {
case HS_VERSION_TWO:
- ret = rend_service_add_ephemeral(pk->v2, port_cfgs, max_streams,
- max_streams_close_circuit, auth_type,
- auth_clients, address_out);
+ ret = RSAE_INTERNAL;
break;
case HS_VERSION_THREE:
ret = hs_service_add_ephemeral(pk->v3, port_cfgs, max_streams,
diff --git a/src/feature/dircache/dircache.c b/src/feature/dircache/dircache.c
index 2f8a281cd1..e1f181273a 100644
--- a/src/feature/dircache/dircache.c
+++ b/src/feature/dircache/dircache.c
@@ -354,8 +354,6 @@ static int handle_get_descriptor(dir_connection_t *conn,
const get_handler_args_t *args);
static int handle_get_keys(dir_connection_t *conn,
const get_handler_args_t *args);
-static int handle_get_hs_descriptor_v2(dir_connection_t *conn,
- const get_handler_args_t *args);
static int handle_get_robots(dir_connection_t *conn,
const get_handler_args_t *args);
static int handle_get_networkstatus_bridges(dir_connection_t *conn,
@@ -371,7 +369,6 @@ static const url_table_ent_t url_table[] = {
{ "/tor/server/", 1, handle_get_descriptor },
{ "/tor/extra/", 1, handle_get_descriptor },
{ "/tor/keys/", 1, handle_get_keys },
- { "/tor/rendezvous2/", 1, handle_get_hs_descriptor_v2 },
{ "/tor/hs/3/", 1, handle_get_hs_descriptor_v3 },
{ "/tor/robots.txt", 0, handle_get_robots },
{ "/tor/networkstatus-bridges", 0, handle_get_networkstatus_bridges },
@@ -1325,44 +1322,6 @@ handle_get_keys(dir_connection_t *conn, const get_handler_args_t *args)
return 0;
}
-/** Helper function for GET /tor/rendezvous2/
- */
-static int
-handle_get_hs_descriptor_v2(dir_connection_t *conn,
- const get_handler_args_t *args)
-{
- const char *url = args->url;
- if (connection_dir_is_encrypted(conn)) {
- /* Handle v2 rendezvous descriptor fetch request. */
- const char *descp;
- const char *query = url + strlen("/tor/rendezvous2/");
- if (rend_valid_descriptor_id(query)) {
- log_info(LD_REND, "Got a v2 rendezvous descriptor request for ID '%s'",
- safe_str(escaped(query)));
- switch (rend_cache_lookup_v2_desc_as_dir(query, &descp)) {
- case 1: /* valid */
- write_http_response_header(conn, strlen(descp), NO_METHOD, 0);
- connection_buf_add(descp, strlen(descp), TO_CONN(conn));
- break;
- case 0: /* well-formed but not present */
- write_short_http_response(conn, 404, "Not found");
- break;
- case -1: /* not well-formed */
- write_short_http_response(conn, 400, "Bad request");
- break;
- }
- } else { /* not well-formed */
- write_short_http_response(conn, 400, "Bad request");
- }
- goto done;
- } else {
- /* Not encrypted! */
- write_short_http_response(conn, 404, "Not found");
- }
- done:
- return 0;
-}
-
/** Helper function for GET /tor/hs/3/<z>. Only for version 3.
*/
STATIC int
@@ -1551,6 +1510,8 @@ directory_handle_command_post,(dir_connection_t *conn, const char *headers,
char *url = NULL;
const or_options_t *options = get_options();
+ (void) body_len;
+
log_debug(LD_DIRSERV,"Received POST command.");
conn->base_.state = DIR_CONN_STATE_SERVER_WRITING;
@@ -1568,21 +1529,6 @@ directory_handle_command_post,(dir_connection_t *conn, const char *headers,
}
log_debug(LD_DIRSERV,"rewritten url as '%s'.", escaped(url));
- /* Handle v2 rendezvous service publish request. */
- if (connection_dir_is_encrypted(conn) &&
- !strcmpstart(url,"/tor/rendezvous2/publish")) {
- if (rend_cache_store_v2_desc_as_dir(body) < 0) {
- log_warn(LD_REND, "Rejected v2 rend descriptor (body size %d) from %s.",
- (int)body_len, conn->base_.address);
- write_short_http_response(conn, 400,
- "Invalid v2 service descriptor rejected");
- } else {
- write_short_http_response(conn, 200, "Service descriptor (v2) stored");
- log_info(LD_REND, "Handled v2 rendezvous descriptor post: accepted");
- }
- goto done;
- }
-
/* Handle HS descriptor publish request. */
/* XXX: This should be disabled with a consensus param until we want to
* the prop224 be deployed and thus use. */
diff --git a/src/feature/hs/hs_common.h b/src/feature/hs/hs_common.h
index a44505930a..94cdf5abc4 100644
--- a/src/feature/hs/hs_common.h
+++ b/src/feature/hs/hs_common.h
@@ -25,7 +25,7 @@ struct ed25519_keypair_t;
/* Version 3 of the protocol (prop224). */
#define HS_VERSION_THREE 3
/* Earliest and latest version we support. */
-#define HS_VERSION_MIN HS_VERSION_TWO
+#define HS_VERSION_MIN HS_VERSION_THREE
#define HS_VERSION_MAX HS_VERSION_THREE
/** Try to maintain this many intro points per service by default. */
diff --git a/src/feature/hs/hs_config.c b/src/feature/hs/hs_config.c
index ee4499ef5b..79fadf4c0d 100644
--- a/src/feature/hs/hs_config.c
+++ b/src/feature/hs/hs_config.c
@@ -135,9 +135,13 @@ helper_parse_uint64(const char *opt, const char *value, uint64_t min,
*ok = 0;
ret = tor_parse_uint64(value, 10, min, max, ok, NULL);
if (!*ok) {
- log_warn(LD_CONFIG, "%s must be between %" PRIu64 " and %"PRIu64
- ", not %s.",
- opt, min, max, value);
+ if (min == max) {
+ log_warn(LD_CONFIG, "%s must be %" PRIu64 ", not %s.", opt, max, value);
+ } else {
+ log_warn(LD_CONFIG, "%s must be between %" PRIu64 " and %"PRIu64
+ ", not %s.",
+ opt, min, max, value);
+ }
goto err;
}
log_info(LD_CONFIG, "%s was parsed to %" PRIu64, opt, ret);
diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c
index 7717ed53d4..9c886228c5 100644
--- a/src/feature/hs/hs_intropoint.c
+++ b/src/feature/hs/hs_intropoint.c
@@ -320,7 +320,8 @@ hs_intro_received_establish_intro(or_circuit_t *circ, const uint8_t *request,
switch (first_byte) {
case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY0:
case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY1:
- return rend_mid_establish_intro_legacy(circ, request, request_len);
+ /* Don't accept version 2 introduction anymore. */
+ goto err;
case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519:
return handle_establish_intro(circ, request, request_len);
default:
diff --git a/src/test/include.am b/src/test/include.am
index 75861fb9ef..c13c5f2c2d 100644
--- a/src/test/include.am
+++ b/src/test/include.am
@@ -51,15 +51,12 @@ TESTS += src/test/test-slow src/test/test-memwipe \
$(TESTSCRIPTS)
# These flavors are run using automake's test-driver and test-network.sh
-TEST_CHUTNEY_FLAVORS = basic-min bridges-min hs-v2-min hs-v3-min \
- single-onion-v23
+TEST_CHUTNEY_FLAVORS = basic-min bridges-min hs-v3-min single-onion-v3
# only run if we can ping6 ::1 (localhost)
-# IPv6-only v3 single onion services don't work yet, so we don't test the
-# single-onion-v23-ipv6-md flavor
-TEST_CHUTNEY_FLAVORS_IPV6 = bridges+ipv6-min ipv6-exit-min hs-v23-ipv6-md \
- single-onion-ipv6-md
+# IPv6-only v3 single onion services don't work yet.
+TEST_CHUTNEY_FLAVORS_IPV6 = bridges+ipv6-min ipv6-exit-min hs-v3-ipv6
# only run if we can find a stable (or simply another) version of tor
-TEST_CHUTNEY_FLAVORS_MIXED = mixed+hs-v2
+TEST_CHUTNEY_FLAVORS_MIXED = mixed+hs-v3
### This is a lovely feature, but it requires automake >= 1.12, and Tor
### doesn't require that yet.
diff --git a/src/test/test_dir_handle_get.c b/src/test/test_dir_handle_get.c
index 90691fff94..e71bcb9eb2 100644
--- a/src/test/test_dir_handle_get.c
+++ b/src/test/test_dir_handle_get.c
@@ -290,7 +290,7 @@ test_dir_handle_get_rendezvous2_on_encrypted_conn_with_invalid_desc_id(
fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
NULL, NULL, 1, 0);
- tt_str_op(header, OP_EQ, BAD_REQUEST);
+ tt_str_op(header, OP_EQ, NOT_FOUND);
done:
UNMOCK(connection_write_to_buf_impl_);
@@ -323,7 +323,7 @@ test_dir_handle_get_rendezvous2_on_encrypted_conn_not_well_formed(void *data)
fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
NULL, NULL, 1, 0);
- tt_str_op(header, OP_EQ, BAD_REQUEST);
+ tt_str_op(header, OP_EQ, NOT_FOUND);
done:
UNMOCK(connection_write_to_buf_impl_);
@@ -375,75 +375,6 @@ NS(router_get_my_routerinfo)(void)
return mock_routerinfo;
}
-static void
-test_dir_handle_get_rendezvous2_on_encrypted_conn_success(void *data)
-{
- dir_connection_t *conn = NULL;
- char *header = NULL;
- char *body = NULL;
- size_t body_used = 0;
- char buff[30];
- char req[70];
- rend_encoded_v2_service_descriptor_t *desc_holder = NULL;
- char *service_id = NULL;
- char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
- size_t body_len = 0;
- (void) data;
-
- MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
- NS_MOCK(router_get_my_routerinfo);
-
- rend_cache_init();
-
- /* create a valid rend service descriptor */
- #define RECENT_TIME -10
- generate_desc(RECENT_TIME, &desc_holder, &service_id, 3);
-
- tt_int_op(rend_cache_store_v2_desc_as_dir(desc_holder->desc_str),
- OP_EQ, 0);
-
- base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
- DIGEST_LEN);
-
- conn = new_dir_conn();
-
- // connection is encrypted
- TO_CONN(conn)->linked = 1;
- tt_assert(connection_dir_is_encrypted(conn));
-
- tor_snprintf(req, sizeof(req), RENDEZVOUS2_GET("%s"), desc_id_base32);
-
- tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
-
- body_len = strlen(desc_holder->desc_str);
- fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
- &body, &body_used, body_len+1, 0);
-
- tt_assert(header);
- tt_assert(body);
-
- tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
- tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
- tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
- tt_assert(strstr(header, "Pragma: no-cache\r\n"));
- tor_snprintf(buff, sizeof(buff), "Content-Length: %ld\r\n", (long) body_len);
- tt_assert(strstr(header, buff));
-
- tt_int_op(body_used, OP_EQ, strlen(body));
- tt_str_op(body, OP_EQ, desc_holder->desc_str);
-
- done:
- UNMOCK(connection_write_to_buf_impl_);
- NS_UNMOCK(router_get_my_routerinfo);
-
- connection_free_minimal(TO_CONN(conn));
- tor_free(header);
- tor_free(body);
- rend_encoded_v2_service_descriptor_free(desc_holder);
- tor_free(service_id);
- rend_cache_free_all();
-}
-
#define MICRODESC_GET(digest) GET("/tor/micro/d/" digest)
static void
test_dir_handle_get_micro_d_not_found(void *data)
@@ -2596,7 +2527,6 @@ struct testcase_t dir_handle_get_tests[] = {
DIR_HANDLE_CMD(rendezvous2_not_found, 0),
DIR_HANDLE_CMD(rendezvous2_on_encrypted_conn_with_invalid_desc_id, 0),
DIR_HANDLE_CMD(rendezvous2_on_encrypted_conn_not_well_formed, 0),
- DIR_HANDLE_CMD(rendezvous2_on_encrypted_conn_success, 0),
DIR_HANDLE_CMD(micro_d_not_found, 0),
DIR_HANDLE_CMD(micro_d_server_busy, 0),
DIR_HANDLE_CMD(micro_d, 0),
diff --git a/src/test/test_entryconn.c b/src/test/test_entryconn.c
index fc7c5d5800..fec0441234 100644
--- a/src/test/test_entryconn.c
+++ b/src/test/test_entryconn.c
@@ -728,46 +728,6 @@ test_entryconn_rewrite_mapaddress_automap_onion4(void *arg)
test_entryconn_rewrite_mapaddress_automap_onion_common(arg, 0, 1);
}
-/** Test that rewrite functions can handle v2 addresses */
-static void
-test_entryconn_rewrite_onion_v2(void *arg)
-{
- int retval;
- entry_connection_t *conn = arg;
-
- (void) arg;
-
- rend_cache_init();
-
- /* Make a SOCKS request */
- conn->socks_request->command = SOCKS_COMMAND_CONNECT;
- strlcpy(conn->socks_request->address,
- "pqeed46efnwmfuid.onion",
- sizeof(conn->socks_request->address));
-
- /* Make an onion connection using the SOCKS request */
- conn->entry_cfg.onion_traffic = 1;
- ENTRY_TO_CONN(conn)->state = AP_CONN_STATE_SOCKS_WAIT;
- tt_assert(!ENTRY_TO_EDGE_CONN(conn)->rend_data);
-
- /* Handle SOCKS and rewrite! */
- retval = connection_ap_handshake_rewrite_and_attach(conn, NULL, NULL);
- tt_int_op(retval, OP_EQ, 0);
-
- /* Check connection state after rewrite */
- tt_int_op(ENTRY_TO_CONN(conn)->state, OP_EQ, AP_CONN_STATE_RENDDESC_WAIT);
- /* check that the address got rewritten */
- tt_str_op(conn->socks_request->address, OP_EQ,
- "pqeed46efnwmfuid");
- /* check that HS information got attached to the connection */
- tt_assert(ENTRY_TO_EDGE_CONN(conn)->rend_data);
- tt_assert(!ENTRY_TO_EDGE_CONN(conn)->hs_ident);
-
- done:
- rend_cache_free_all();
- /* 'conn' is cleaned by handler */
-}
-
/** Test that rewrite functions can handle v3 onion addresses */
static void
test_entryconn_rewrite_onion_v3(void *arg)
@@ -830,7 +790,6 @@ struct testcase_t entryconn_tests[] = {
REWRITE(rewrite_mapaddress_automap_onion2),
REWRITE(rewrite_mapaddress_automap_onion3),
REWRITE(rewrite_mapaddress_automap_onion4),
- REWRITE(rewrite_onion_v2),
REWRITE(rewrite_onion_v3),
END_OF_TESTCASES
diff --git a/src/test/test_hs_common.c b/src/test/test_hs_common.c
index c6104301e1..a763b62356 100644
--- a/src/test/test_hs_common.c
+++ b/src/test/test_hs_common.c
@@ -792,14 +792,11 @@ test_parse_extended_hostname(void *arg)
"www.25njqamcweflpvkl73j4szahhihoc4xt3ktcgjnpaingr5yhkenl5sid.onion";
tt_assert(BAD_HOSTNAME == parse_extended_hostname(address1));
- tt_assert(ONION_V2_HOSTNAME == parse_extended_hostname(address2));
- tt_str_op(address2,OP_EQ, "aaaaaaaaaaaaaaaa");
+ tt_assert(BAD_HOSTNAME == parse_extended_hostname(address2));
tt_assert(EXIT_HOSTNAME == parse_extended_hostname(address3));
tt_assert(NORMAL_HOSTNAME == parse_extended_hostname(address4));
- tt_assert(ONION_V2_HOSTNAME == parse_extended_hostname(address5));
- tt_str_op(address5,OP_EQ, "abcdefghijklmnop");
- tt_assert(ONION_V2_HOSTNAME == parse_extended_hostname(address6));
- tt_str_op(address6,OP_EQ, "abcdefghijklmnop");
+ tt_assert(BAD_HOSTNAME == parse_extended_hostname(address5));
+ tt_assert(BAD_HOSTNAME == parse_extended_hostname(address6));
tt_assert(BAD_HOSTNAME == parse_extended_hostname(address7));
tt_assert(ONION_V3_HOSTNAME == parse_extended_hostname(address8));
tt_str_op(address8, OP_EQ,
diff --git a/src/test/test_hs_config.c b/src/test/test_hs_config.c
index c2c556307d..bd9c1b03ae 100644
--- a/src/test/test_hs_config.c
+++ b/src/test/test_hs_config.c
@@ -48,7 +48,19 @@ test_invalid_service(void *arg)
setup_full_capture_of_logs(LOG_WARN);
ret = helper_config_service(conf, 1);
tt_int_op(ret, OP_EQ, -1);
- expect_log_msg_containing("HiddenServiceVersion must be between 2 and 3");
+ expect_log_msg_containing("HiddenServiceVersion must be 3, not 1");
+ teardown_capture_of_logs();
+ }
+
+ /* Version 2 not accepted anymore. */
+ {
+ const char *conf =
+ "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
+ "HiddenServiceVersion 2\n";
+ setup_full_capture_of_logs(LOG_WARN);
+ ret = helper_config_service(conf, 1);
+ tt_int_op(ret, OP_EQ, -1);
+ expect_log_msg_containing("HiddenServiceVersion must be 3, not 2");
teardown_capture_of_logs();
}
@@ -56,7 +68,7 @@ test_invalid_service(void *arg)
{
const char *conf =
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
+ "HiddenServiceVersion 3\n"
"HiddenServiceAllowUnknownPorts 2\n"; /* Should be 0 or 1. */
setup_full_capture_of_logs(LOG_WARN);
ret = helper_config_service(conf, 1);
@@ -70,7 +82,7 @@ test_invalid_service(void *arg)
{
const char *conf =
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
+ "HiddenServiceVersion 3\n"
"HiddenServiceDirGroupReadable 2\n"; /* Should be 0 or 1. */
setup_full_capture_of_logs(LOG_WARN);
ret = helper_config_service(conf, 1);
@@ -84,7 +96,7 @@ test_invalid_service(void *arg)
{
const char *conf =
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
+ "HiddenServiceVersion 3\n"
"HiddenServiceMaxStreamsCloseCircuit 2\n"; /* Should be 0 or 1. */
setup_full_capture_of_logs(LOG_WARN);
ret = helper_config_service(conf, 1);
@@ -98,7 +110,7 @@ test_invalid_service(void *arg)
{
const char *conf =
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
+ "HiddenServiceVersion 3\n"
"HiddenServicePort 80\n"
"HiddenServiceMaxStreams 65536\n"; /* One too many. */
setup_full_capture_of_logs(LOG_WARN);
@@ -113,10 +125,10 @@ test_invalid_service(void *arg)
{
const char *conf =
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
+ "HiddenServiceVersion 3\n"
"HiddenServicePort 80\n"
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
+ "HiddenServiceVersion 3\n"
"HiddenServicePort 81\n";
setup_full_capture_of_logs(LOG_WARN);
ret = helper_config_service(conf, 1);
@@ -130,7 +142,7 @@ test_invalid_service(void *arg)
{
const char *conf =
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
+ "HiddenServiceVersion 3\n"
"HiddenServicePort 65536\n";
setup_full_capture_of_logs(LOG_WARN);
ret = helper_config_service(conf, 1);
@@ -143,7 +155,7 @@ test_invalid_service(void *arg)
{
const char *conf =
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
+ "HiddenServiceVersion 3\n"
"HiddenServicePort 80 127.0.0.1 8000\n";
setup_full_capture_of_logs(LOG_WARN);
ret = helper_config_service(conf, 1);
@@ -156,7 +168,7 @@ test_invalid_service(void *arg)
/* Out of order directives. */
{
const char *conf =
- "HiddenServiceVersion 2\n"
+ "HiddenServiceVersion 3\n"
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
"HiddenServicePort 80\n";
setup_full_capture_of_logs(LOG_WARN);
@@ -178,137 +190,12 @@ test_valid_service(void *arg)
(void) arg;
- /* Mix of v2 and v3. Still valid. */
+ /* v3. */
{
const char *conf =
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
- "HiddenServicePort 80\n"
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs2\n"
"HiddenServiceVersion 3\n"
- "HiddenServicePort 81\n"
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs3\n"
- "HiddenServiceVersion 2\n"
- "HiddenServicePort 82\n";
- ret = helper_config_service(conf, 1);
- tt_int_op(ret, OP_EQ, 0);
- }
-
- done:
- ;
-}
-
-static void
-test_invalid_service_v2(void *arg)
-{
- int validate_only = 1, ret;
-
- (void) arg;
-
- /* Try with a missing port configuration. */
- {
- const char *conf =
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n";
- setup_full_capture_of_logs(LOG_WARN);
- ret = helper_config_service(conf, validate_only);
- tt_int_op(ret, OP_EQ, -1);
- expect_log_msg_containing("with no ports configured.");
- teardown_capture_of_logs();
- }
-
- /* Too many introduction points. */
- {
- const char *conf =
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
- "HiddenServicePort 80\n"
- "HiddenServiceNumIntroductionPoints 11\n"; /* One too many. */
- setup_full_capture_of_logs(LOG_WARN);
- ret = helper_config_service(conf, validate_only);
- tt_int_op(ret, OP_EQ, -1);
- expect_log_msg_containing("HiddenServiceNumIntroductionPoints should "
- "be between 0 and 10, not 11");
- teardown_capture_of_logs();
- }
-
- /* Too little introduction points. */
- {
- const char *conf =
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
- "HiddenServicePort 80\n"
- "HiddenServiceNumIntroductionPoints -1\n";
- setup_full_capture_of_logs(LOG_WARN);
- ret = helper_config_service(conf, validate_only);
- tt_int_op(ret, OP_EQ, -1);
- expect_log_msg_containing("HiddenServiceNumIntroductionPoints should "
- "be between 0 and 10, not -1");
- teardown_capture_of_logs();
- }
-
- /* Bad authorized client type. */
- {
- const char *conf =
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
- "HiddenServicePort 80\n"
- "HiddenServiceAuthorizeClient blah alice,bob\n"; /* blah is no good. */
- setup_full_capture_of_logs(LOG_WARN);
- ret = helper_config_service(conf, validate_only);
- tt_int_op(ret, OP_EQ, -1);
- expect_log_msg_containing("HiddenServiceAuthorizeClient contains "
- "unrecognized auth-type");
- teardown_capture_of_logs();
- }
-
- done:
- ;
-}
-
-static void
-test_valid_service_v2(void *arg)
-{
- int ret;
-
- (void) arg;
-
- /* Valid complex configuration. Basic client authorization. */
- {
- const char *conf =
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
- "HiddenServicePort 80\n"
- "HiddenServicePort 22 localhost:22\n"
-#ifdef HAVE_SYS_UN_H
- "HiddenServicePort 42 unix:/path/to/socket\n"
-#endif
- "HiddenServiceAuthorizeClient basic alice,bob,eve\n"
- "HiddenServiceAllowUnknownPorts 1\n"
- "HiddenServiceMaxStreams 42\n"
- "HiddenServiceMaxStreamsCloseCircuit 0\n"
- "HiddenServiceDirGroupReadable 1\n"
- "HiddenServiceNumIntroductionPoints 7\n";
- ret = helper_config_service(conf, 1);
- tt_int_op(ret, OP_EQ, 0);
- }
-
- /* Valid complex configuration. Stealth client authorization. */
- {
- const char *conf =
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs2\n"
- "HiddenServiceVersion 2\n"
- "HiddenServicePort 65535\n"
- "HiddenServicePort 22 1.1.1.1:22\n"
-#ifdef HAVE_SYS_UN_H
- "HiddenServicePort 9000 unix:/path/to/socket\n"
-#endif
- "HiddenServiceAuthorizeClient stealth charlie,romeo\n"
- "HiddenServiceAllowUnknownPorts 0\n"
- "HiddenServiceMaxStreams 42\n"
- "HiddenServiceMaxStreamsCloseCircuit 0\n"
- "HiddenServiceDirGroupReadable 1\n"
- "HiddenServiceNumIntroductionPoints 8\n";
+ "HiddenServicePort 81\n";
ret = helper_config_service(conf, 1);
tt_int_op(ret, OP_EQ, 0);
}
@@ -366,22 +253,6 @@ test_invalid_service_v3(void *arg)
teardown_capture_of_logs();
}
- /* v2-specific HiddenServiceAuthorizeClient set. */
- {
- const char *conf =
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 3\n"
- "HiddenServiceAuthorizeClient stealth client1\n";
- setup_full_capture_of_logs(LOG_WARN);
- ret = helper_config_service(conf, validate_only);
- tt_int_op(ret, OP_EQ, -1);
- expect_log_msg_containing("Hidden service option "
- "HiddenServiceAuthorizeClient is incompatible "
- "with version 3 of service in "
- "/tmp/tor-test-hs-RANDOM/hs1");
- teardown_capture_of_logs();
- }
-
done:
;
}
@@ -431,22 +302,6 @@ test_valid_service_v3(void *arg)
tt_int_op(ret, OP_EQ, 0);
}
- /* Mix of v2 and v3. Still valid. */
- {
- const char *conf =
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
- "HiddenServiceVersion 2\n"
- "HiddenServicePort 80\n"
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs2\n"
- "HiddenServiceVersion 3\n"
- "HiddenServicePort 81\n"
- "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs3\n"
- "HiddenServiceVersion 2\n"
- "HiddenServicePort 82\n";
- ret = helper_config_service(conf, 1);
- tt_int_op(ret, OP_EQ, 0);
- }
-
done:
;
}
@@ -496,12 +351,6 @@ struct testcase_t hs_config_tests[] = {
{ "valid_service", test_valid_service, TT_FORK,
NULL, NULL },
- /* Test case only for version 2. */
- { "invalid_service_v2", test_invalid_service_v2, TT_FORK,
- NULL, NULL },
- { "valid_service_v2", test_valid_service_v2, TT_FORK,
- NULL, NULL },
-
/* Test case only for version 3. */
{ "invalid_service_v3", test_invalid_service_v3, TT_FORK,
NULL, NULL },
diff --git a/src/test/test_hs_intropoint.c b/src/test/test_hs_intropoint.c
index 558fc32c54..9493da2995 100644
--- a/src/test/test_hs_intropoint.c
+++ b/src/test/test_hs_intropoint.c
@@ -506,42 +506,6 @@ helper_establish_intro_v3(or_circuit_t *intro_circ)
return cell;
}
-/* Helper function: Send a well-formed v2 ESTABLISH_INTRO cell to
- * <b>intro_circ</b>. Return the public key advertised in the cell. */
-static crypto_pk_t *
-helper_establish_intro_v2(or_circuit_t *intro_circ)
-{
- crypto_pk_t *key1 = NULL;
- int retval;
- uint8_t cell_body[RELAY_PAYLOAD_SIZE];
- ssize_t cell_len = 0;
- char circ_nonce[DIGEST_LEN] = {0};
-
- tt_assert(intro_circ);
-
- /* Prepare the circuit for the incoming ESTABLISH_INTRO */
- crypto_rand(circ_nonce, sizeof(circ_nonce));
- helper_prepare_circ_for_intro(intro_circ, circ_nonce);
-
- /* Send legacy establish_intro */
- key1 = pk_generate(0);
-
- /* Use old circ_nonce why not */
- cell_len = rend_service_encode_establish_intro_cell(
- (char*)cell_body,
- sizeof(cell_body), key1,
- circ_nonce);
- tt_int_op(cell_len, OP_GT, 0);
-
- /* Receive legacy establish_intro */
- retval = hs_intro_received_establish_intro(intro_circ,
- cell_body, (size_t) cell_len);
- tt_int_op(retval, OP_EQ, 0);
-
- done:
- return key1;
-}
-
/* Helper function: test circuitmap free_all function outside of
* test_intro_point_registration to prevent Coverity from seeing a
* double free if the assertion hypothetically fails.
@@ -565,16 +529,12 @@ test_circuitmap_free_all(void)
static void
test_intro_point_registration(void *arg)
{
- int retval;
hs_circuitmap_ht *the_hs_circuitmap = NULL;
or_circuit_t *intro_circ = NULL;
trn_cell_establish_intro_t *establish_intro_cell = NULL;
ed25519_public_key_t auth_key;
- crypto_pk_t *legacy_auth_key = NULL;
- or_circuit_t *legacy_intro_circ = NULL;
-
or_circuit_t *returned_intro_circ = NULL;
(void) arg;
@@ -610,35 +570,11 @@ test_intro_point_registration(void *arg)
tt_ptr_op(intro_circ, OP_EQ, returned_intro_circ);
}
- /* Create a v2 intro point */
- {
- char key_digest[DIGEST_LEN];
-
- legacy_intro_circ = or_circuit_new(1, NULL);
- tt_assert(legacy_intro_circ);
- legacy_auth_key = helper_establish_intro_v2(legacy_intro_circ);
- tt_assert(legacy_auth_key);
-
- /* Check that the circuitmap now has two elements */
- the_hs_circuitmap = get_hs_circuitmap();
- tt_assert(the_hs_circuitmap);
- tt_int_op(2, OP_EQ, HT_SIZE(the_hs_circuitmap));
-
- /* Check that the new element is our legacy intro circuit. */
- retval = crypto_pk_get_digest(legacy_auth_key, key_digest);
- tt_int_op(retval, OP_EQ, 0);
- returned_intro_circ =
- hs_circuitmap_get_intro_circ_v2_relay_side((uint8_t*)key_digest);
- tt_ptr_op(legacy_intro_circ, OP_EQ, returned_intro_circ);
- }
-
/* XXX Continue test and try to register a second v3 intro point with the
* same auth key. Make sure that old intro circuit gets closed. */
done:
- crypto_pk_free(legacy_auth_key);
circuit_free_(TO_CIRCUIT(intro_circ));
- circuit_free_(TO_CIRCUIT(legacy_intro_circ));
trn_cell_establish_intro_free(establish_intro_cell);
test_circuitmap_free_all();
diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c
index c60ab6c930..3a3ef0c01a 100644
--- a/src/test/test_hs_service.c
+++ b/src/test/test_hs_service.c
@@ -356,10 +356,7 @@ test_load_keys(void *arg)
tor_asprintf(&conf, conf_fmt, hsdir_v2, HS_VERSION_TWO);
ret = helper_config_service(conf);
tor_free(conf);
- tt_int_op(ret, OP_EQ, 0);
- /* This one should now be registered into the v2 list. */
- tt_int_op(get_hs_service_staging_list_size(), OP_EQ, 0);
- tt_int_op(rend_num_services(), OP_EQ, 1);
+ tt_int_op(ret, OP_EQ, -1);
/* v3 service. */
tor_asprintf(&conf, conf_fmt, hsdir_v3, HS_VERSION_THREE);