summaryrefslogtreecommitdiff
path: root/src/test
diff options
context:
space:
mode:
authorMicah Elizabeth Scott <beth@torproject.org>2023-05-17 18:33:19 -0700
committerDavid Goulet <dgoulet@torproject.org>2023-05-24 11:12:15 -0400
commit71b2958a624259ac4a10a67b76a12b0064f17616 (patch)
treeb9337ea0958ab78f5f7bc794cdd197ab40560d46 /src/test
parent459b775a7eb5b26fb73b56c1a0f02548e53c45cc (diff)
downloadtor-71b2958a624259ac4a10a67b76a12b0064f17616.tar.gz
tor-71b2958a624259ac4a10a67b76a12b0064f17616.zip
test_hs_descriptor: Add a test case that fails without the fix for 40793
This adds a bit more to hs_descriptor/test_decode_descriptor, mostly testing pow-params and triggering the tor_assert() in issue #40793. There was no mechanism for adding arbitrary test strings to the encrypted portion of the desc without duplicating encode logic. One option might be to publicize get_inner_encrypted_layer_plaintext enough to add a mock implementation. In this patch I opt for what seems like the simplest solution, at the cost of a small amount of #ifdef noise. The unpacked descriptor grows a new test-only member that's used for dropping arbitrary data in at encode time. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
Diffstat (limited to 'src/test')
-rw-r--r--src/test/hs_test_helpers.c12
-rw-r--r--src/test/test_hs_descriptor.c69
2 files changed, 81 insertions, 0 deletions
diff --git a/src/test/hs_test_helpers.c b/src/test/hs_test_helpers.c
index 20b225ba4a..4ef2398095 100644
--- a/src/test/hs_test_helpers.c
+++ b/src/test/hs_test_helpers.c
@@ -354,6 +354,18 @@ hs_helper_desc_equal(const hs_descriptor_t *desc1,
}
}
+ /* Proof of Work DoS mitigation options */
+ tt_int_op(!!desc1->encrypted_data.pow_params, OP_EQ,
+ !!desc2->encrypted_data.pow_params);
+ if (desc1->encrypted_data.pow_params && desc2->encrypted_data.pow_params) {
+ hs_pow_desc_params_t *params1 = desc1->encrypted_data.pow_params;
+ hs_pow_desc_params_t *params2 = desc2->encrypted_data.pow_params;
+ tt_int_op(params1->type, OP_EQ, params2->type);
+ tt_mem_op(params1->seed, OP_EQ, params2->seed, HS_POW_SEED_LEN);
+ tt_int_op(params1->suggested_effort, OP_EQ, params2->suggested_effort);
+ tt_int_op(params1->expiration_time, OP_EQ, params2->expiration_time);
+ }
+
/* Introduction points. */
{
tt_assert(desc1->encrypted_data.intro_points);
diff --git a/src/test/test_hs_descriptor.c b/src/test/test_hs_descriptor.c
index 469e3c39f9..d96048a0f6 100644
--- a/src/test/test_hs_descriptor.c
+++ b/src/test/test_hs_descriptor.c
@@ -364,6 +364,75 @@ test_decode_descriptor(void *arg)
hs_helper_desc_equal(desc, decoded);
}
+ /* Decode a descriptor without auth clients, and with PoW data added via
+ * test_extra_plaintext to test both the normal case of PoW decoding and the
+ * extra plaintext mechanism itself. */
+ {
+ tor_assert(!desc->encrypted_data.pow_params);
+
+ char pow_seed_base64[HS_POW_SEED_LEN*2];
+ uint8_t pow_seed[HS_POW_SEED_LEN];
+ crypto_strongest_rand(pow_seed, sizeof pow_seed);
+ tt_int_op(base64_encode_nopad(pow_seed_base64, sizeof pow_seed_base64,
+ pow_seed, sizeof pow_seed), OP_GT, 0);
+
+ time_t expiration_time = time(NULL);
+ char time_buf[ISO_TIME_LEN + 1];
+ format_iso_time_nospace(time_buf, expiration_time);
+
+ const unsigned suggested_effort = 123456;
+ char *extra_plaintext = NULL;
+ tor_asprintf(&extra_plaintext,
+ "pow-params v1 %s %u %s\n",
+ pow_seed_base64, suggested_effort, time_buf);
+
+ tor_free(encoded);
+ desc->encrypted_data.test_extra_plaintext = extra_plaintext;
+ ret = hs_desc_encode_descriptor(desc, &signing_kp, NULL, &encoded);
+ tor_free(extra_plaintext);
+ desc->encrypted_data.test_extra_plaintext = extra_plaintext;
+
+ tt_int_op(ret, OP_EQ, 0);
+ tt_assert(encoded);
+
+ desc->encrypted_data.pow_params =
+ tor_malloc_zero(sizeof(hs_pow_desc_params_t));
+ desc->encrypted_data.pow_params->type = HS_POW_DESC_V1;
+ memcpy(desc->encrypted_data.pow_params->seed, pow_seed, HS_POW_SEED_LEN);
+ desc->encrypted_data.pow_params->suggested_effort = suggested_effort;
+ desc->encrypted_data.pow_params->expiration_time = expiration_time;
+
+ hs_descriptor_free(decoded);
+ ret = hs_desc_decode_descriptor(encoded, &subcredential, NULL, &decoded);
+ tt_int_op(ret, OP_EQ, HS_DESC_DECODE_OK);
+ tt_assert(decoded);
+
+ hs_helper_desc_equal(desc, decoded);
+
+ tor_free(desc->encrypted_data.pow_params);
+ }
+
+ /* Now a version of the above that's expected to fail. This reproduces the
+ * issue from ticket tor#40793, in which pow_params gets too few parameters
+ * but this would cause an assert instead of an early validation fail.
+ * Make sure it fails to parse. Prior to the fix for #40793 this fails
+ * an assertion instead. */
+ {
+ tor_free(encoded);
+ tor_assert(!desc->encrypted_data.pow_params);
+ desc->encrypted_data.test_extra_plaintext = "pow-params v1 a a\n";
+ ret = hs_desc_encode_descriptor(desc, &signing_kp, NULL, &encoded);
+ desc->encrypted_data.test_extra_plaintext = NULL;
+
+ tt_int_op(ret, OP_EQ, 0);
+ tt_assert(encoded);
+
+ hs_descriptor_free(decoded);
+ ret = hs_desc_decode_descriptor(encoded, &subcredential, NULL, &decoded);
+ tt_int_op(ret, OP_EQ, HS_DESC_DECODE_ENCRYPTED_ERROR);
+ tt_assert(!decoded);
+ }
+
done:
hs_descriptor_free(desc);
hs_descriptor_free(desc_no_ip);