aboutsummaryrefslogtreecommitdiff
path: root/src/test
diff options
context:
space:
mode:
authorSuphanat Chunhapanya <haxx.pop@gmail.com>2018-04-22 01:13:50 +0700
committerDavid Goulet <dgoulet@torproject.org>2018-09-07 14:02:43 -0400
commit69fb25b0f6f3c2e7397b3f5e49213025ab1e8173 (patch)
tree73255e42b50e416b2d7022a199ff96c953f3b185 /src/test
parent7acb720027dd702332fb5a539683742801443f00 (diff)
downloadtor-69fb25b0f6f3c2e7397b3f5e49213025ab1e8173.tar.gz
tor-69fb25b0f6f3c2e7397b3f5e49213025ab1e8173.zip
test: HS v3 descriptor decoding with client authorization
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/test')
-rw-r--r--src/test/hs_test_helpers.c26
-rw-r--r--src/test/test_hs_descriptor.c70
2 files changed, 96 insertions, 0 deletions
diff --git a/src/test/hs_test_helpers.c b/src/test/hs_test_helpers.c
index bb2ba981f9..f8c582afc8 100644
--- a/src/test/hs_test_helpers.c
+++ b/src/test/hs_test_helpers.c
@@ -226,6 +226,32 @@ hs_helper_desc_equal(const hs_descriptor_t *desc1,
* encrypted blob. As contrast to the decoding process where we populate a
* descriptor object. */
+ /* Superencrypted data section. */
+ tt_mem_op(desc1->superencrypted_data.auth_ephemeral_pubkey.public_key, OP_EQ,
+ desc2->superencrypted_data.auth_ephemeral_pubkey.public_key,
+ CURVE25519_PUBKEY_LEN);
+
+ /* Auth clients. */
+ {
+ tt_assert(desc1->superencrypted_data.clients);
+ tt_assert(desc2->superencrypted_data.clients);
+ tt_int_op(smartlist_len(desc1->superencrypted_data.clients), ==,
+ smartlist_len(desc2->superencrypted_data.clients));
+ for (int i=0;
+ i < smartlist_len(desc1->superencrypted_data.clients);
+ i++) {
+ hs_desc_authorized_client_t
+ *client1 = smartlist_get(desc1->superencrypted_data.clients, i),
+ *client2 = smartlist_get(desc2->superencrypted_data.clients, i);
+ tor_memeq(client1->client_id, client2->client_id,
+ sizeof(client1->client_id));
+ tor_memeq(client1->iv, client2->iv,
+ sizeof(client1->iv));
+ tor_memeq(client1->encrypted_cookie, client2->encrypted_cookie,
+ sizeof(client1->encrypted_cookie));
+ }
+ }
+
/* Encrypted data section. */
tt_uint_op(desc1->encrypted_data.create2_ntor, ==,
desc2->encrypted_data.create2_ntor);
diff --git a/src/test/test_hs_descriptor.c b/src/test/test_hs_descriptor.c
index e003ea5ff1..952499a2cf 100644
--- a/src/test/test_hs_descriptor.c
+++ b/src/test/test_hs_descriptor.c
@@ -330,6 +330,7 @@ static void
test_decode_descriptor(void *arg)
{
int ret;
+ int i;
char *encoded = NULL;
ed25519_keypair_t signing_kp;
hs_descriptor_t *desc = NULL;
@@ -381,6 +382,75 @@ test_decode_descriptor(void *arg)
tt_assert(decoded);
}
+ /* Decode a descriptor with auth clients. */
+ {
+ uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN];
+ curve25519_keypair_t auth_ephemeral_kp;
+ curve25519_keypair_t client_kp, invalid_client_kp;
+ smartlist_t *clients;
+ hs_desc_authorized_client_t *client, *fake_client;
+ client = tor_malloc_zero(sizeof(hs_desc_authorized_client_t));
+
+ /* Prepare all the keys needed to build the auth client. */
+ curve25519_keypair_generate(&auth_ephemeral_kp, 0);
+ curve25519_keypair_generate(&client_kp, 0);
+ curve25519_keypair_generate(&invalid_client_kp, 0);
+ crypto_strongest_rand(descriptor_cookie, HS_DESC_DESCRIPTOR_COOKIE_LEN);
+
+ memcpy(&desc->superencrypted_data.auth_ephemeral_pubkey,
+ &auth_ephemeral_kp.pubkey, CURVE25519_PUBKEY_LEN);
+
+ /* Build and add the auth client to the descriptor. */
+ clients = desc->superencrypted_data.clients;
+ if (!clients) {
+ clients = smartlist_new();
+ }
+ hs_desc_build_authorized_client(&client_kp.pubkey,
+ &auth_ephemeral_kp.seckey,
+ descriptor_cookie, client);
+ smartlist_add(clients, client);
+
+ /* We need to add fake auth clients here. */
+ for (i=0; i < 15; ++i) {
+ fake_client = tor_malloc_zero(sizeof(hs_desc_authorized_client_t));
+ hs_desc_build_fake_authorized_client(fake_client);
+ smartlist_add(clients, fake_client);
+ }
+ desc->superencrypted_data.clients = clients;
+
+ /* Test the encoding/decoding in the following lines. */
+ hs_helper_get_subcred_from_identity_keypair(&signing_kp,
+ subcredential);
+ tor_free(encoded);
+ ret = hs_desc_encode_descriptor(desc, &signing_kp,
+ descriptor_cookie, &encoded);
+ tt_int_op(ret, OP_EQ, 0);
+ tt_assert(encoded);
+
+ /* If we do not have the client secret key, the decoding must fail. */
+ hs_descriptor_free(decoded);
+ ret = hs_desc_decode_descriptor(encoded, subcredential,
+ NULL, &decoded);
+ tt_int_op(ret, OP_LT, 0);
+ tt_assert(!decoded);
+
+ /* If we have an invalid client secret key, the decoding must fail. */
+ hs_descriptor_free(decoded);
+ ret = hs_desc_decode_descriptor(encoded, subcredential,
+ &invalid_client_kp.seckey, &decoded);
+ tt_int_op(ret, OP_LT, 0);
+ tt_assert(!decoded);
+
+ /* If we have the client secret key, the decoding must succeed and the
+ * decoded descriptor must be correct. */
+ ret = hs_desc_decode_descriptor(encoded, subcredential,
+ &client_kp.seckey, &decoded);
+ tt_int_op(ret, OP_EQ, 0);
+ tt_assert(decoded);
+
+ hs_helper_desc_equal(desc, decoded);
+ }
+
done:
hs_descriptor_free(desc);
hs_descriptor_free(desc_no_ip);