diff options
| author | Suphanat Chunhapanya <haxx.pop@gmail.com> | 2018-04-14 04:04:31 +0700 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2018-09-07 13:59:22 -0400 |
| commit | fa50aee3663b6f6dca61e330df59af6d8c035fe4 (patch) | |
| tree | 98dc3f788f4f9a591cc1020ac3ad1af4acf940c9 /src/test | |
| parent | 10f4c46e50478e7620f3c23413ddd292d883e8ca (diff) | |
| download | tor-fa50aee3663b6f6dca61e330df59af6d8c035fe4.tar.gz tor-fa50aee3663b6f6dca61e330df59af6d8c035fe4.zip | |
hs-v3: Encrypt the descriptor using a cookie
Previously, we encrypted the descriptor without the descriptor cookie. This
commit, when the client auth is enabled, the descriptor cookie is always used.
I also removed the code that is used to generate fake auth clients because it
will not be used anymore.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/hs_test_helpers.c | 19 | ||||
| -rw-r--r-- | src/test/test_hs_cache.c | 16 | ||||
| -rw-r--r-- | src/test/test_hs_client.c | 2 | ||||
| -rw-r--r-- | src/test/test_hs_common.c | 6 | ||||
| -rw-r--r-- | src/test/test_hs_descriptor.c | 7 |
5 files changed, 36 insertions, 14 deletions
diff --git a/src/test/hs_test_helpers.c b/src/test/hs_test_helpers.c index afe3eafa2f..bb2ba981f9 100644 --- a/src/test/hs_test_helpers.c +++ b/src/test/hs_test_helpers.c @@ -98,8 +98,11 @@ static hs_descriptor_t * hs_helper_build_hs_desc_impl(unsigned int no_ip, const ed25519_keypair_t *signing_kp) { + int ret; + int i; time_t now = approx_time(); ed25519_keypair_t blinded_kp; + curve25519_keypair_t auth_ephemeral_kp; hs_descriptor_t *descp = NULL, *desc = tor_malloc_zero(sizeof(*desc)); desc->plaintext_data.version = HS_DESC_SUPPORTED_FORMAT_VERSION_MAX; @@ -126,6 +129,22 @@ hs_helper_build_hs_desc_impl(unsigned int no_ip, hs_get_subcredential(&signing_kp->pubkey, &blinded_kp.pubkey, desc->subcredential); + /* Setup superencrypted data section. */ + ret = curve25519_keypair_generate(&auth_ephemeral_kp, 0); + tt_int_op(ret, ==, 0); + memcpy(&desc->superencrypted_data.auth_ephemeral_pubkey, + &auth_ephemeral_kp.pubkey, + sizeof(curve25519_public_key_t)); + + desc->superencrypted_data.clients = smartlist_new(); + for (i = 0; i < HS_DESC_AUTH_CLIENT_MULTIPLE; i++) { + hs_desc_authorized_client_t *desc_client; + desc_client = tor_malloc_zero(sizeof(hs_desc_authorized_client_t)); + + hs_desc_build_fake_authorized_client(desc_client); + smartlist_add(desc->superencrypted_data.clients, desc_client); + } + /* Setup encrypted data section. */ desc->encrypted_data.create2_ntor = 1; desc->encrypted_data.intro_auth_types = smartlist_new(); diff --git a/src/test/test_hs_cache.c b/src/test/test_hs_cache.c index c1a69af829..33bb00e6e1 100644 --- a/src/test/test_hs_cache.c +++ b/src/test/test_hs_cache.c @@ -64,7 +64,7 @@ test_directory(void *arg) tt_int_op(ret, OP_EQ, 0); desc1 = hs_helper_build_hs_desc_with_ip(&signing_kp1); tt_assert(desc1); - ret = hs_desc_encode_descriptor(desc1, &signing_kp1, &desc1_str); + ret = hs_desc_encode_descriptor(desc1, &signing_kp1, NULL, &desc1_str); tt_int_op(ret, OP_EQ, 0); /* Very first basic test, should be able to be stored, survive a @@ -102,7 +102,7 @@ test_directory(void *arg) desc_zero_lifetime->plaintext_data.lifetime_sec = 0; char *desc_zero_lifetime_str; ret = hs_desc_encode_descriptor(desc_zero_lifetime, &signing_kp_zero, - &desc_zero_lifetime_str); + NULL, &desc_zero_lifetime_str); tt_int_op(ret, OP_EQ, 0); ret = hs_cache_store_as_dir(desc1_str); @@ -153,7 +153,7 @@ test_directory(void *arg) tt_int_op(ret, OP_EQ, 1); /* Bump revision counter. */ desc1->plaintext_data.revision_counter++; - ret = hs_desc_encode_descriptor(desc1, &signing_kp1, &new_desc_str); + ret = hs_desc_encode_descriptor(desc1, &signing_kp1, NULL, &new_desc_str); tt_int_op(ret, OP_EQ, 0); ret = hs_cache_store_as_dir(new_desc_str); tt_int_op(ret, OP_EQ, 0); @@ -187,7 +187,7 @@ test_clean_as_dir(void *arg) tt_int_op(ret, OP_EQ, 0); desc1 = hs_helper_build_hs_desc_with_ip(&signing_kp1); tt_assert(desc1); - ret = hs_desc_encode_descriptor(desc1, &signing_kp1, &desc1_str); + ret = hs_desc_encode_descriptor(desc1, &signing_kp1, NULL, &desc1_str); tt_int_op(ret, OP_EQ, 0); ret = hs_cache_store_as_dir(desc1_str); tt_int_op(ret, OP_EQ, 0); @@ -301,7 +301,7 @@ test_upload_and_download_hs_desc(void *arg) published_desc = hs_helper_build_hs_desc_with_ip(&signing_kp); tt_assert(published_desc); retval = hs_desc_encode_descriptor(published_desc, &signing_kp, - &published_desc_str); + NULL, &published_desc_str); tt_int_op(retval, OP_EQ, 0); } @@ -365,7 +365,7 @@ test_hsdir_revision_counter_check(void *arg) published_desc = hs_helper_build_hs_desc_with_ip(&signing_kp); tt_assert(published_desc); retval = hs_desc_encode_descriptor(published_desc, &signing_kp, - &published_desc_str); + NULL, &published_desc_str); tt_int_op(retval, OP_EQ, 0); } @@ -407,7 +407,7 @@ test_hsdir_revision_counter_check(void *arg) published_desc->plaintext_data.revision_counter = 1313; tor_free(published_desc_str); retval = hs_desc_encode_descriptor(published_desc, &signing_kp, - &published_desc_str); + NULL, &published_desc_str); tt_int_op(retval, OP_EQ, 0); retval = handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str); @@ -482,7 +482,7 @@ test_client_cache(void *arg) published_desc = hs_helper_build_hs_desc_with_ip(&signing_kp); tt_assert(published_desc); retval = hs_desc_encode_descriptor(published_desc, &signing_kp, - &published_desc_str); + NULL, &published_desc_str); tt_int_op(retval, OP_EQ, 0); memcpy(wanted_subcredential, published_desc->subcredential, DIGEST256_LEN); tt_assert(!tor_mem_is_zero((char*)wanted_subcredential, DIGEST256_LEN)); diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c index 57da03ca28..e03c80098b 100644 --- a/src/test/test_hs_client.c +++ b/src/test/test_hs_client.c @@ -366,7 +366,7 @@ test_client_pick_intro(void *arg) { char *encoded = NULL; desc = hs_helper_build_hs_desc_with_ip(&service_kp); - ret = hs_desc_encode_descriptor(desc, &service_kp, &encoded); + ret = hs_desc_encode_descriptor(desc, &service_kp, NULL, &encoded); tt_int_op(ret, OP_EQ, 0); tt_assert(encoded); diff --git a/src/test/test_hs_common.c b/src/test/test_hs_common.c index c1001ee5c4..c60d6e2640 100644 --- a/src/test/test_hs_common.c +++ b/src/test/test_hs_common.c @@ -428,11 +428,13 @@ mock_directory_initiate_request(directory_request_t *req) static int mock_hs_desc_encode_descriptor(const hs_descriptor_t *desc, - const ed25519_keypair_t *signing_kp, - char **encoded_out) + const ed25519_keypair_t *signing_kp, + const uint8_t *descriptor_cookie, + char **encoded_out) { (void)desc; (void)signing_kp; + (void)descriptor_cookie; tor_asprintf(encoded_out, "lulu"); return 0; diff --git a/src/test/test_hs_descriptor.c b/src/test/test_hs_descriptor.c index 9191b74d9d..bc72b34c0e 100644 --- a/src/test/test_hs_descriptor.c +++ b/src/test/test_hs_descriptor.c @@ -300,7 +300,7 @@ test_encode_descriptor(void *arg) ret = ed25519_keypair_generate(&signing_kp, 0); tt_int_op(ret, OP_EQ, 0); desc = hs_helper_build_hs_desc_with_ip(&signing_kp); - ret = hs_desc_encode_descriptor(desc, &signing_kp, &encoded); + ret = hs_desc_encode_descriptor(desc, &signing_kp, NULL, &encoded); tt_int_op(ret, OP_EQ, 0); tt_assert(encoded); @@ -333,7 +333,7 @@ test_decode_descriptor(void *arg) ret = hs_desc_decode_descriptor("hladfjlkjadf", subcredential, &decoded); tt_int_op(ret, OP_EQ, -1); - ret = hs_desc_encode_descriptor(desc, &signing_kp, &encoded); + ret = hs_desc_encode_descriptor(desc, &signing_kp, NULL, &encoded); tt_int_op(ret, OP_EQ, 0); tt_assert(encoded); @@ -353,7 +353,8 @@ test_decode_descriptor(void *arg) desc_no_ip = hs_helper_build_hs_desc_no_ip(&signing_kp_no_ip); tt_assert(desc_no_ip); tor_free(encoded); - ret = hs_desc_encode_descriptor(desc_no_ip, &signing_kp_no_ip, &encoded); + ret = hs_desc_encode_descriptor(desc_no_ip, &signing_kp_no_ip, + NULL, &encoded); tt_int_op(ret, OP_EQ, 0); tt_assert(encoded); hs_descriptor_free(decoded); |