diff options
155 files changed, 4501 insertions, 3291 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ba61c71b2b..a672d8ed39 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -170,6 +170,7 @@ debian-tracing: variables: TRACING: "yes" CHECK: "no" + DISTCHECK: "yes" script: - ./scripts/ci/ci-driver.sh # Ensure that we only run tracing when it's implemented. @@ -1,3 +1,726 @@ +Changes in version 0.4.4.6 - 2020-11-12 + Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It + backports fixes from later releases, including a fix for TROVE-2020- + 005, a security issue that could be used, under certain cases, by an + adversary to observe traffic patterns on a limited number of circuits + intended for a different relay. + + o Major bugfixes (security, backport from 0.4.5.1-alpha): + - When completing a channel, relays now check more thoroughly to + make sure that it matches any pending circuits before attaching + those circuits. Previously, address correctness and Ed25519 + identities were not checked in this case, but only when extending + circuits on an existing channel. Fixes bug 40080; bugfix on + 0.2.7.2-alpha. Resolves TROVE-2020-005. + + o Minor features (directory authorities, backport from 0.4.5.1-alpha): + - Authorities now list a different set of protocols as required and + recommended. These lists have been chosen so that only truly + recommended and/or required protocols are included, and so that + clients using 0.2.9 or later will continue to work (even though + they are not supported), whereas only relays running 0.3.5 or + later will meet the requirements. Closes ticket 40162. + - Make it possible to specify multiple ConsensusParams torrc lines. + Now directory authority operators can for example put the main + ConsensusParams config in one torrc file and then add to it from a + different torrc file. Closes ticket 40164. + + o Minor features (subprotocol versions, backport from 0.4.5.1-alpha): + - Tor no longer allows subprotocol versions larger than 63. + Previously version numbers up to UINT32_MAX were allowed, which + significantly complicated our code. Implements proposal 318; + closes ticket 40133. + + o Minor features (tests, v2 onion services, backport from 0.4.5.1-alpha): + - Fix a rendezvous cache unit test that was triggering an underflow + on the global rend cache allocation. Fixes bug 40125; bugfix + on 0.2.8.1-alpha. + - Fix another rendezvous cache unit test that was triggering an + underflow on the global rend cache allocation. Fixes bug 40126; + bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (compilation, backport from 0.4.5.1-alpha): + - Fix compiler warnings that would occur when building with + "--enable-all-bugs-are-fatal" and "--disable-module-relay" at the + same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha. + - Resolve a compilation warning that could occur in + test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (logging, backport from 0.4.5.1-alpha): + - Remove a debug logging statement that uselessly spammed the logs. + Fixes bug 40135; bugfix on 0.3.5.0-alpha. + + o Minor bugfixes (relay configuration, crash, backport from 0.4.5.1-alpha): + - Avoid a fatal assert() when failing to create a listener + connection for an address that was in use. Fixes bug 40073; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (v2 onion services, backport from 0.4.5.1-alpha): + - For HSFETCH commands on v2 onion services addresses, check the + length of bytes decoded, not the base32 length. Fixes bug 34400; + bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan. + + +Changes in version 0.4.3.7 - 2020-11-12 + Tor 0.4.3.7 backports several bugfixes from later releases. It + includes a fix for TROVE-2020-005, a security issue that could be + used, under certain cases, by an adversary to observe traffic patterns + on a limited number of circuits intended for a different relay. + + Please be aware that support for the 0.4.3.x series will end on 15 + January 2020. Please upgrade to 0.4.4.x or 0.4.5.x before then, or + downgrade to 0.3.5.x, which will be supported until at least 1 + February 2022. + + o Major features (fallback directory list, backport form 0.4.4.3-alpha): + - Replace the 148 fallback directories originally included in Tor + 0.4.1.4-rc (of which around 105 are still functional) with a list + of 144 fallbacks generated in July 2020. Closes ticket 40061. + + o Major bugfixes (security, backport from 0.4.5.1-alpha): + - When completing a channel, relays now check more thoroughly to + make sure that it matches any pending circuits before attaching + those circuits. Previously, address correctness and Ed25519 + identities were not checked in this case, but only when extending + circuits on an existing channel. Fixes bug 40080; bugfix on + 0.2.7.2-alpha. Resolves TROVE-2020-005. + + o Major bugfixes (NSS, backport from 0.4.4.3-alpha): + - When running with NSS enabled, make sure that NSS knows to expect + nonblocking sockets. Previously, we set our TCP sockets as + nonblocking, but did not tell NSS, which in turn could lead to + unexpected blocking behavior. Fixes bug 40035; bugfix + on 0.3.5.1-alpha. + + o Minor features (security, backport from 0.4.4.4-rc): + - Channels using obsolete versions of the Tor link protocol are no + longer allowed to circumvent address-canonicity checks. (This is + only a minor issue, since such channels have no way to set ed25519 + keys, and therefore should always be rejected for circuits that + specify ed25519 identities.) Closes ticket 40081. + + o Minor features (subprotocol versions, backport from 0.4.5.1-alpha): + - Tor no longer allows subprotocol versions larger than 63. + Previously version numbers up to UINT32_MAX were allowed, which + significantly complicated our code. Implements proposal 318; + closes ticket 40133. + + o Minor features (tests, backport from 0.4.4.5): + - Our "make check" target now runs the unit tests in 8 parallel + chunks. Doing this speeds up hardened CI builds by more than a + factor of two. Closes ticket 40098. + + o Minor features (tests, v2 onion services, backport from 0.4.5.1-alpha): + - Fix a rendezvous cache unit test that was triggering an underflow + on the global rend cache allocation. Fixes bug 40125; bugfix + on 0.2.8.1-alpha. + - Fix another rendezvous cache unit test that was triggering an + underflow on the global rend cache allocation. Fixes bug 40126; + bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (correctness, buffers, backport from 0.4.4.4-rc): + - Fix a correctness bug that could cause an assertion failure if we + ever tried using the buf_move_all() function with an empty input + buffer. As far as we know, no released versions of Tor do this. + Fixes bug 40076; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.5.1-alpha): + - Remove a debug logging statement that uselessly spammed the logs. + Fixes bug 40135; bugfix on 0.3.5.0-alpha. + + o Minor bugfixes (rate limiting, bridges, pluggable transports, backport from 0.4.4.4-rc): + - On a bridge, treat all connections from an ExtORPort as remote by + default for the purposes of rate-limiting. Previously, bridges + would treat the connection as local unless they explicitly + received a "USERADDR" command. ExtORPort connections still count + as local if there is a USERADDR command with an explicit local + address. Fixes bug 33747; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (relay configuration, crash, backport from 0.4.5.1-alpha): + - Avoid a fatal assert() when failing to create a listener + connection for an address that was in use. Fixes bug 40073; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (relay, usability, backport from 0.4.4.3-alpha): + - Adjust the rules for when to warn about having too many + connections to other relays. Previously we'd tolerate up to 1.5 + connections per relay on average. Now we tolerate more connections + for directory authorities, and raise the number of total + connections we need to see before we warn. Fixes bug 33880; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (tests, 0.4.4.5): + - Fix the behavior of the rend_cache/clean_v2_descs_as_dir when run + on its own. Previously, it would exit with an error. Fixes bug + 40099; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (v2 onion services, backport from 0.4.5.1-alpha): + - For HSFETCH commands on v2 onion services addresses, check the + length of bytes decoded, not the base32 length. Fixes bug 34400; + bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (windows, backport from 0.4.4.4-rc): + - Fix a bug that prevented Tor from starting if its log file grew + above 2GB. Fixes bug 31036; bugfix on 0.2.1.8-alpha. + + o Deprecated features (onion service v2, backport form 0.4.4.2-alpha): + - Add a deprecation warning for version 2 onion services. Closes + ticket 40003. + + o Removed features (backport from 0.4.4.3-alpha): + - Our "check-local" test target no longer tries to use the + Coccinelle semantic patching tool parse all the C files. While it + is a good idea to try to make sure Coccinelle works on our C + before we run a Coccinelle patch, doing so on every test run has + proven to be disruptive. You can still run this tool manually with + "make check-cocci". Closes ticket 40030. ticket 40030. + + +Changes in version 0.3.5.12 - 2020-11-12 + Tor 0.4.3.7 backports several bugfixes from later releases. It + includes a fix for TROVE-2020-005, a security issue that could be + used, under certain cases, by an adversary to observe traffic patterns + on a limited number of circuits intended for a different relay. + + o Major features (fallback directory list, backport form 0.4.4.3-alpha): + - Replace the 148 fallback directories originally included in Tor + 0.4.1.4-rc (of which around 105 are still functional) with a list + of 144 fallbacks generated in July 2020. Closes ticket 40061. + + o Major bugfixes (security, backport from 0.4.5.1-alpha): + - When completing a channel, relays now check more thoroughly to + make sure that it matches any pending circuits before attaching + those circuits. Previously, address correctness and Ed25519 + identities were not checked in this case, but only when extending + circuits on an existing channel. Fixes bug 40080; bugfix on + 0.2.7.2-alpha. Resolves TROVE-2020-005. + + o Major bugfixes (NSS, backport from 0.4.4.3-alpha): + - When running with NSS enabled, make sure that NSS knows to expect + nonblocking sockets. Previously, we set our TCP sockets as + nonblocking, but did not tell NSS, which in turn could lead to + unexpected blocking behavior. Fixes bug 40035; bugfix + on 0.3.5.1-alpha. + + o Minor features (security, backport from 0.4.4.4-rc): + - Channels using obsolete versions of the Tor link protocol are no + longer allowed to circumvent address-canonicity checks. (This is + only a minor issue, since such channels have no way to set ed25519 + keys, and therefore should always be rejected for circuits that + specify ed25519 identities.) Closes ticket 40081. + + o Minor features (debugging, directory system): + - Don't crash when we find a non-guard with a guard-fraction value + set. Instead, log a bug warning, in an attempt to figure out how + this happened. Diagnostic for ticket 32868. + + o Minor features (subprotocol versions, backport from 0.4.5.1-alpha): + - Tor no longer allows subprotocol versions larger than 63. + Previously version numbers up to UINT32_MAX were allowed, which + significantly complicated our code. Implements proposal 318; + closes ticket 40133. + + o Minor features (tests, backport from 0.4.4.5): + - Our "make check" target now runs the unit tests in 8 parallel + chunks. Doing this speeds up hardened CI builds by more than a + factor of two. Closes ticket 40098. + + o Minor features (tests, v2 onion services, backport from 0.4.5.1-alpha): + - Fix a rendezvous cache unit test that was triggering an underflow + on the global rend cache allocation. Fixes bug 40125; bugfix + on 0.2.8.1-alpha. + - Fix another rendezvous cache unit test that was triggering an + underflow on the global rend cache allocation. Fixes bug 40126; + bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (correctness, buffers, backport from 0.4.4.4-rc): + - Fix a correctness bug that could cause an assertion failure if we + ever tried using the buf_move_all() function with an empty input + buffer. As far as we know, no released versions of Tor do this. + Fixes bug 40076; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.5.1-alpha): + - Remove a debug logging statement that uselessly spammed the logs. + Fixes bug 40135; bugfix on 0.3.5.0-alpha. + + o Minor bugfixes (rate limiting, bridges, pluggable transports, backport from 0.4.4.4-rc): + - On a bridge, treat all connections from an ExtORPort as remote by + default for the purposes of rate-limiting. Previously, bridges + would treat the connection as local unless they explicitly + received a "USERADDR" command. ExtORPort connections still count + as local if there is a USERADDR command with an explicit local + address. Fixes bug 33747; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (relay configuration, crash, backport from 0.4.5.1-alpha): + - Avoid a fatal assert() when failing to create a listener + connection for an address that was in use. Fixes bug 40073; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (relay, usability, backport from 0.4.4.3-alpha): + - Adjust the rules for when to warn about having too many + connections to other relays. Previously we'd tolerate up to 1.5 + connections per relay on average. Now we tolerate more connections + for directory authorities, and raise the number of total + connections we need to see before we warn. Fixes bug 33880; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (relays, backport from 0.4.4.1-alpha): + - Stop advertising incorrect IPv6 ORPorts in relay and bridge + descriptors, when the IPv6 port was configured as "auto". Fixes + bug 32588; bugfix on 0.2.3.9-alpha. + + o Minor bugfixes (tests, 0.4.4.5): + - Fix the behavior of the rend_cache/clean_v2_descs_as_dir when run + on its own. Previously, it would exit with an error. Fixes bug + 40099; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (windows, backport from 0.4.4.4-rc): + - Fix a bug that prevented Tor from starting if its log file grew + above 2GB. Fixes bug 31036; bugfix on 0.2.1.8-alpha. + + o Deprecated features (onion service v2, backport form 0.4.4.2-alpha): + - Add a deprecation warning for version 2 onion services. Closes + ticket 40003. + + +Changes in version 0.4.5.1-alpha - 2020-11-01 + Tor 0.4.5.1-alpha is the first alpha release in the 0.4.5.x series. It + improves support for IPv6, address discovery and self-testing, code + metrics and tracing. + + This release also fixes TROVE-2020-005, a security issue that could be + used, under certain cases, by an adversary to observe traffic patterns + on a limited number of circuits intended for a different relay. To + mount this attack, the adversary would need to actively extend + circuits to an incorrect address, as well as compromise a relay's + legacy RSA-1024 key. We'll be backporting this fix to other release + series soon, after it has had some testing. + + Here are the changes since 0.4.4.5. + + o Major features (build): + - When building Tor, first link all object files into a single + static library. This may help with embedding Tor in other + programs. Note that most Tor functions do not constitute a part of + a stable or supported API: only those functions in tor_api.h + should be used if embedding Tor. Closes ticket 40127. + + o Major features (metrics): + - Introduce a new MetricsPort which exposes, through an HTTP + interface, a series of metrics that tor collects at runtime. At + the moment, the only supported output format is Prometheus data + model. Closes ticket 40063. See the manual page for more + information and security considerations. + o Major features (relay, IPv6): + - The torrc option Address now supports IPv6. This unifies our + address discovery interface to support IPv4, IPv6, and hostnames. + Closes ticket 33233. + - Launch IPv4 and IPv6 ORPort self-test circuits on relays and + bridges. Closes ticket 33222. + - Relays now automatically bind on IPv6 for their ORPort, unless + specified otherwise with the IPv4Only flag. Closes ticket 33246. + - When a relay with IPv6 support is told to open a connection to + another relay, and the extend cell lists both IPv4 and IPv6 + addresses, the first relay now picks randomly which address to + use. Closes ticket 33220. + - Relays now track their IPv6 ORPort reachability separately from + the reachability of their IPv4 ORPort. They will not publish a + descriptor unless _both_ ports appear to be externally reachable. + Closes ticket 34067. + + o Major features (tracing): + - Add event-tracing library support for USDT and LTTng-UST, and a + few tracepoints in the circuit subsystem. More will come + incrementally. This feature is compiled out by default: it needs + to be enabled at configure time. See documentation in + doc/HACKING/Tracing.md. Closes ticket 32910. + + o Major bugfixes (security): + - When completing a channel, relays now check more thoroughly to + make sure that it matches any pending circuits before attaching + those circuits. Previously, address correctness and Ed25519 + identities were not checked in this case, but only when extending + circuits on an existing channel. Fixes bug 40080; bugfix on + 0.2.7.2-alpha. Resolves TROVE-2020-005. + + o Major bugfixes (TLS, buffer): + - When attempting to read N bytes on a TLS connection, really try to + read all N bytes. Previously, Tor would stop reading after the + first TLS record, which can be smaller than the N bytes requested, + and not check for more data until the next mainloop event. Fixes + bug 40006; bugfix on 0.1.0.5-rc. + + o Minor features (address discovery): + - If no Address statements are found, relays now prioritize guessing + their address by looking at the local interface instead of the + local hostname. If the interface address can't be found, the local + hostname is used. Closes ticket 33238. + + o Minor features (admin tools): + - Add a new --format argument to -key-expiration option to allow + specifying the time format of the expiration date. Adds Unix + timestamp format support. Patch by Daniel Pinto. Closes + ticket 30045. + + o Minor features (bootstrap reporting): + - When reporting bootstrapping status on a relay, do not consider + connections that have never been the target of an origin circuit. + Previously, all connection failures were treated as potential + bootstrapping failures, including connections that had been opened + because of client requests. Closes ticket 25061. + + o Minor features (build): + - When running the configure script, try to detect version + mismatches between the OpenSSL headers and libraries, and suggest + that the user should try "--with-openssl-dir". Closes 40138. + - If the configure script has given any warnings, remind the user + about them at the end of the script. Related to 40138. + + o Minor features (configuration): + - Allow using wildcards (* and ?) with the %include option on + configuration files. Closes ticket 25140. Patch by Daniel Pinto. + - Allow the configuration options EntryNodes, ExcludeNodes, + ExcludeExitNodes, ExitNodes, MiddleNodes, HSLayer2Nodes and + HSLayer3Nodes to be specified multiple times. Closes ticket 28361. + Patch by Daniel Pinto. + + o Minor features (control port): + - Add a DROPTIMEOUTS command to drop circuit build timeout history + and reset the current timeout. Closes ticket 40002. + - When a stream enters the AP_CONN_STATE_CONTROLLER_WAIT status, + send a control port event. Closes ticket 32190. Patch by + Neel Chauhan. + - Introduce GETINFO "stats/ntor/{assigned/requested}" and + "stats/tap/{assigned/requested}" to get the NTor and TAP circuit + onion handshake counts respectively. Closes ticket 28279. Patch by + Neel Chauhan. + + o Minor features (control port, IPv6): + - Tor relays now try to report to the controller when they are + launching an IPv6 self-test. Closes ticket 34068. + - Introduce "GETINFO address/v4" and "GETINFO address/v6" in the + control port to fetch the Tor host's respective IPv4 or IPv6 + address. We keep "GETINFO address" for backwards-compatibility. + Closes ticket 40039. Patch by Neel Chauhan. + + o Minor features (directory authorities): + - Authorities now list a different set of protocols as required and + recommended. These lists have been chosen so that only truly + recommended and/or required protocols are included, and so that + clients using 0.2.9 or later will continue to work (even though + they are not supported), whereas only relays running 0.3.5 or + later will meet the requirements. Closes ticket 40162. + - Add a new consensus method 30 that removes the unnecessary "=" + padding from ntor-onion-key. Closes ticket 7869. Patch by + Daniel Pinto. + - Directory authorities now reject descriptors from relays running + Tor versions from the obsolete 0.4.1 series. Resolves ticket + 34357. Patch by Neel Chauhan. + - Make it possible to specify multiple ConsensusParams torrc lines. + Now directory authority operators can for example put the main + ConsensusParams config in one torrc file and then add to it from a + different torrc file. Closes ticket 40164. + - The AssumeReachable option no longer stops directory authorities + from checking whether other relays are running. A new + AuthDirTestReachability option can be used to disable these + checks. Closes ticket 34445. + - When looking for possible Sybil attacks, also consider IPv6 + addresses. Two routers are considered to have "the same" address + by this metric if they are in the same /64 network. Patch from + Maurice Pibouin. Closes ticket 7193. + + o Minor features (directory authorities, IPv6): + - Make authorities add their IPv6 ORPort (if any) to the trusted + servers list. Authorities previously added only their IPv4 + addresses. Closes ticket 32822. + + o Minor features (ed25519, relay): + - Save a relay's base64-encoded ed25519 identity key to the data + directory in a file named fingerprint-ed25519. Closes ticket + 30642. Patch by Neel Chauhan. + + o Minor features (heartbeat): + - Include the total number of inbound and outbound IPv4 and IPv6 + connections in the heartbeat message. Closes ticket 29113. + + o Minor features (IPv6, ExcludeNodes): + - Handle IPv6 addresses in ExcludeNodes; previously they were + ignored. Closes ticket 34065. Patch by Neel Chauhan. + + o Minor features (logging): + - Add the running glibc version to the log, and the compiled glibc + version to the library list returned when using --library-versions. + Patch from Daniel Pinto. Closes ticket 40047. + - Consider an HTTP 301 response to be an error (like a 404) when + processing a directory response. Closes ticket 40053. + - Log directory fetch statistics as a single line. Closes + ticket 40159. + - Provide more complete descriptions of our connections when logging + about them. Closes ticket 40041. + - When describing a relay in the logs, we now include its ed25519 + identity. Closes ticket 22668. + + o Minor features (onion services): + - Only overwrite an onion service's existing hostname file if its + contents are wrong. This enables read-only onion-service + directories. Resolves ticket 40062. Patch by Neel Chauhan. + + o Minor features (pluggable transports): + - Add an OutboundBindAddressPT option to allow users to specify + which IPv4 and IPv6 address pluggable transports should use for + outgoing IP packets. Tor does not have a way to enforce that the + pluggable transport honors this option, so each pluggable transport + needs to implement support on its own. Closes ticket 5304. + + o Minor features (relay address tracking): + - We now store relay addresses for OR connections in a more logical + way. Previously we would sometimes overwrite the actual address of + a connection with a "canonical address", and then store the "real + address" elsewhere to remember it. We now track the "canonical + address" elsewhere for the cases where we need it, and leave the + connection's address alone. Closes ticket 33898. + + o Minor features (relay): + - If a relay is unable to discover its address, attempt to learn it + from the NETINFO cell. Closes ticket 40022. + - Log immediately when launching a relay self-check. Previously we + would try to log before launching checks, or approximately when we + intended to launch checks, but this tended to be error-prone. + Closes ticket 34137. + + o Minor features (relay, address discovery): + - If Address option is not found in torrc, attempt to learn our + address with the configured ORPort address if any. Closes + ticket 33236. + + o Minor features (relay, IPv6): + - Add an AssumeReachableIPv6 option to disable self-checking IPv6 + reachability. Closes part of ticket 33224. + - Add new "assume-reachable" and "assume-reachable-ipv6" consensus + parameters to be used in an emergency to tell relays that they + should publish even if they cannot complete their ORPort self- + checks. Closes ticket 34064 and part of 33224. + - Allow relays to send IPv6-only extend cells. Closes ticket 33222. + - Declare support for the Relay=3 subprotocol version. Closes + ticket 33226. + - When launching IPv6 ORPort self-test circuits, make sure that the + second-last hop can initiate an IPv6 extend. Closes ticket 33222. + + o Minor features (specification update): + - Several fields in microdescriptors, router descriptors, and + consensus documents that were formerly optional are now required. + Implements proposal 315; closes ticket 40132. + + o Minor features (state management): + - When loading the state file, remove entries from the statefile + that have been obsolete for a long time. Ordinarily Tor preserves + unrecognized entries in order to keep forward-compatibility, but + these entries have not actually been used in any release since + before 0.3.5.x. Closes ticket 40137. + + o Minor features (statistics, ipv6): + - Relays now publish IPv6-specific counts of single-direction versus + bidirectional relay connections. Closes ticket 33264. + - Relays now publish their IPv6 read and write statistics over time, + if statistics are enabled. Closes ticket 33263. + + o Minor features (subprotocol versions): + - Tor no longer allows subprotocol versions larger than 63. + Previously version numbers up to UINT32_MAX were allowed, which + significantly complicated our code. Implements proposal 318; + closes ticket 40133. + - Use the new limitations on subprotocol versions due to proposal + 318 to simplify our implementation. Part of ticket 40133. + + o Minor features (testing configuration): + - The TestingTorNetwork option no longer implicitly sets + AssumeReachable to 1. This change allows us to test relays' self- + testing mechanisms, and to test authorities' relay-testing + functionality. Closes ticket 34446. + + o Minor features (testing): + - Added unit tests for channel_matches_target_addr_for_extend(). + Closes Ticket 33919. Patch by MrSquanchee. + + o Minor features (tests, v2 onion services): + - Fix a rendezvous cache unit test that was triggering an underflow + on the global rend cache allocation. Fixes bug 40125; bugfix + on 0.2.8.1-alpha. + - Fix another rendezvous cache unit test that was triggering an + underflow on the global rend cache allocation. Fixes bug 40126; + bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (circuit padding): + - When circpad_send_padding_cell_for_callback is called, + `is_padding_timer_scheduled` flag was not reset. Now it is set to + 0 at the top of that function. Fixes bug 32671; bugfix + on 0.4.0.1-alpha. + - Add a per-circuit padding machine instance counter, so we can + differentiate between shutdown requests for old machines on a + circuit. Fixes bug 30992; bugfix on 0.4.1.1-alpha. + - Add the ability to keep circuit padding machines if they match a + set of circuit states or purposes. This allows us to have machines + that start up under some conditions but don't shut down under + others. We now use this mask to avoid starting up introduction + circuit padding again after the machines have already completed. + Fixes bug 32040; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (compatibility): + - Strip '\r' characters when reading text files on Unix platforms. + This should resolve an issue where a relay operator migrates a + relay from Windows to Unix, but does not change the line ending of + Tor's various state files to match the platform, and the CRLF line + endings from Windows end up leaking into other files such as the + extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. + + o Minor bugfixes (compilation): + - Fix compiler warnings that would occur when building with + "--enable-all-bugs-are-fatal" and "--disable-module-relay" at the + same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha. + - Resolve a compilation warning that could occur in + test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (configuration): + - Fix bug where %including a pattern ending with */ would include + files and folders (instead of folders only) in versions of glibc < + 2.19. Fixes bug 40141; bugfix on 0.4.5.0-alpha-dev. Patch by + Daniel Pinto. + + o Minor bugfixes (control port): + - Make sure we send the SOCKS request address in relay begin cells + when a stream is attached with the purpose + CIRCUIT_PURPOSE_CONTROLLER. Fixes bug 33124; bugfix on 0.0.5. + Patch by Neel Chauhan. + + o Minor bugfixes (logging): + - Remove a debug logging statement that uselessly spammed the logs. + Fixes bug 40135; bugfix on 0.3.5.0-alpha. + - When logging a rate-limited message about how many messages have + been suppressed in the last N seconds, give an accurate value for + N, rounded up to the nearest minute. Previously we would report + the size of the rate-limiting interval, regardless of when the + messages started to occur. Fixes bug 19431; bugfix + on 0.2.2.16-alpha. + + o Minor bugfixes (relay configuration, crash): + - Avoid a fatal assert() when failing to create a listener + connection for an address that was in use. Fixes bug 40073; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (rust, protocol versions): + - Declare support for the onion service introduction point denial of + service extensions when building with Rust. Fixes bug 34248; + bugfix on 0.4.2.1-alpha. + - Make Rust protocol version support checks consistent with the + undocumented error behavior of the corresponding C code. Fixes bug + 34251; bugfix on 0.3.3.5-rc. + + o Minor bugfixes (self-testing): + - When receiving an incoming circuit, only accept it as evidence + that we are reachable if the declared address of its channel is + the same address we think that we have. Otherwise, it could be + evidence that we're reachable on some other address. Fixes bug + 20165; bugfix on 0.1.0.1-rc. + + o Minor bugfixes (spec conformance): + - Use the correct key type when generating signing->link + certificates. Fixes bug 40124; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (subprotocol versions): + - Consistently reject extra commas, instead of only rejecting + leading commas. Fixes bug 27194; bugfix on 0.2.9.4-alpha. + - In summarize_protover_flags(), treat empty strings the same as + NULL. This prevents protocols_known from being set. Previously, we + treated empty strings as normal strings, which led to + protocols_known being set. Fixes bug 34232; bugfix on + 0.3.3.2-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (v2 onion services): + - For HSFETCH commands on v2 onion services addresses, check the + length of bytes decoded, not the base32 length. Fixes bug 34400; + bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan. + + o Code simplification and refactoring: + - Add and use a set of functions to perform down-casts on constant + connection and channel pointers. Closes ticket 40046. + - Refactor our code that logs descriptions of connections, channels, + and the peers on them, to use a single call path. This change + enables us to refactor the data types that they use, and eliminates + many confusing usages of those types. Closes ticket 40041. + - Refactor some common node selection code into a single function. + Closes ticket 34200. + - Remove the now-redundant 'outbuf_flushlen' field from our + connection type. It was previously used for an older version of + our rate-limiting logic. Closes ticket 33097. + - Rename "fascist_firewall_*" identifiers to "reachable_addr_*" + instead, for consistency with other code. Closes ticket 18106. + - Rename functions about "advertised" ports which are not in fact + guaranteed to return the ports that have been advertised. Closes + ticket 40055. + - Split implementation of several command line options from + options_init_from_torrc into smaller isolated functions. Patch by + Daniel Pinto. Closes ticket 40102. + - When an extend cell is missing an IPv4 or IPv6 address, fill in + the address from the extend info. This is similar to what was done + in ticket 33633 for ed25519 keys. Closes ticket 33816. Patch by + Neel Chauhan. + + o Deprecated features: + - The "non-builtin" argument to the "--dump-config" command is now + deprecated. When it works, it behaves the same as "short", which + you should use instead. Closes ticket 33398. + + o Documentation: + - Replace URLs from our old bugtracker so that they refer to the new + bugtracker and wiki. Closes ticket 40101. + + o Removed features: + - We no longer ship or build a "tor.service" file for use with + systemd. No distribution included this script unmodified, and we + don't have the expertise ourselves to maintain this in a way that + all the various systemd-based distributions can use. Closes + ticket 30797. + - We no longer ship support for the Android logging API. Modern + versions of Android can use the syslog API instead. Closes + ticket 32181. + - The "optimistic data" feature is now always on; there is no longer + an option to disable it from the torrc file or from the consensus + directory. Closes part of 40139. + - The "usecreatefast" network parameter is now removed; there is no + longer an option for authorities to turn it off. Closes part + of 40139. + + o Testing: + - Add unit tests for bandwidth statistics manipulation functions. + Closes ticket 33812. Patch by MrSquanchee. + + o Code simplification and refactoring (autoconf): + - Remove autoconf checks for unused funcs and headers. Closes ticket + 31699; Patch by @bduszel + + o Code simplification and refactoring (maintainer scripts): + - Disable by default the pre-commit hook. Use the environment + variable TOR_EXTRA_PRE_COMMIT_CHECKS in order to run it. + Furthermore, stop running practracker in the pre-commit hook and + make check-local. Closes ticket 40019. + + o Code simplification and refactoring (relay address): + - Most of IPv4 representation was using "uint32_t". It has now been + moved to use the internal "tor_addr_t" interface instead. This is + so we can properly integrate IPv6 along IPv4 with common + interfaces. Closes ticket 40043. + + o Documentation (manual page): + - Move them from doc/ to doc/man/. Closes ticket 40044. + - Describe the status of the "Sandbox" option more accurately. It is + no longer "experimental", but it _is_ dependent on kernel and libc + versions. Closes ticket 23378. + + o Documentation (tracing): + - Document in depth the circuit subsystem trace events in the new + doc/tracing/EventsCircuit.md. Closes ticket 40036. + + Changes in version 0.4.4.5 - 2020-09-15 Tor 0.4.4.5 is the first stable release in the 0.4.4.x series. This series improves our guard selection algorithms, adds v3 onion balance diff --git a/Makefile.am b/Makefile.am index 96658230f7..6e8ba37e3a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -143,6 +143,7 @@ TOR_INTERNAL_LIBS = \ libtor.a: $(TOR_INTERNAL_LIBS) $(AM_V_AR) export AR="$(AR)"; \ export ARFLAGS="$(ARFLAGS)"; \ + export RANLIB="$(RANLIB)"; \ $(top_srcdir)/scripts/build/combine_libs libtor.a $(TOR_INTERNAL_LIBS) MOSTLYCLEANFILES += libtor.a diff --git a/ReleaseNotes b/ReleaseNotes index 3febaaa853..0861040741 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,289 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.4.4.6 - 2020-11-12 + Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It + backports fixes from later releases, including a fix for TROVE-2020- + 005, a security issue that could be used, under certain cases, by an + adversary to observe traffic patterns on a limited number of circuits + intended for a different relay. + + o Major bugfixes (security, backport from 0.4.5.1-alpha): + - When completing a channel, relays now check more thoroughly to + make sure that it matches any pending circuits before attaching + those circuits. Previously, address correctness and Ed25519 + identities were not checked in this case, but only when extending + circuits on an existing channel. Fixes bug 40080; bugfix on + 0.2.7.2-alpha. Resolves TROVE-2020-005. + + o Minor features (directory authorities, backport from 0.4.5.1-alpha): + - Authorities now list a different set of protocols as required and + recommended. These lists have been chosen so that only truly + recommended and/or required protocols are included, and so that + clients using 0.2.9 or later will continue to work (even though + they are not supported), whereas only relays running 0.3.5 or + later will meet the requirements. Closes ticket 40162. + - Make it possible to specify multiple ConsensusParams torrc lines. + Now directory authority operators can for example put the main + ConsensusParams config in one torrc file and then add to it from a + different torrc file. Closes ticket 40164. + + o Minor features (subprotocol versions, backport from 0.4.5.1-alpha): + - Tor no longer allows subprotocol versions larger than 63. + Previously version numbers up to UINT32_MAX were allowed, which + significantly complicated our code. Implements proposal 318; + closes ticket 40133. + + o Minor features (tests, v2 onion services, backport from 0.4.5.1-alpha): + - Fix a rendezvous cache unit test that was triggering an underflow + on the global rend cache allocation. Fixes bug 40125; bugfix + on 0.2.8.1-alpha. + - Fix another rendezvous cache unit test that was triggering an + underflow on the global rend cache allocation. Fixes bug 40126; + bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (compilation, backport from 0.4.5.1-alpha): + - Fix compiler warnings that would occur when building with + "--enable-all-bugs-are-fatal" and "--disable-module-relay" at the + same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha. + - Resolve a compilation warning that could occur in + test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (logging, backport from 0.4.5.1-alpha): + - Remove a debug logging statement that uselessly spammed the logs. + Fixes bug 40135; bugfix on 0.3.5.0-alpha. + + o Minor bugfixes (relay configuration, crash, backport from 0.4.5.1-alpha): + - Avoid a fatal assert() when failing to create a listener + connection for an address that was in use. Fixes bug 40073; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (v2 onion services, backport from 0.4.5.1-alpha): + - For HSFETCH commands on v2 onion services addresses, check the + length of bytes decoded, not the base32 length. Fixes bug 34400; + bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan. + + +Changes in version 0.4.3.7 - 2020-11-12 + Tor 0.4.3.7 backports several bugfixes from later releases. It + includes a fix for TROVE-2020-005, a security issue that could be + used, under certain cases, by an adversary to observe traffic patterns + on a limited number of circuits intended for a different relay. + + Please be aware that support for the 0.4.3.x series will end on 15 + January 2020. Please upgrade to 0.4.4.x or 0.4.5.x before then, or + downgrade to 0.3.5.x, which will be supported until at least 1 + February 2022. + + o Major features (fallback directory list, backport form 0.4.4.3-alpha): + - Replace the 148 fallback directories originally included in Tor + 0.4.1.4-rc (of which around 105 are still functional) with a list + of 144 fallbacks generated in July 2020. Closes ticket 40061. + + o Major bugfixes (security, backport from 0.4.5.1-alpha): + - When completing a channel, relays now check more thoroughly to + make sure that it matches any pending circuits before attaching + those circuits. Previously, address correctness and Ed25519 + identities were not checked in this case, but only when extending + circuits on an existing channel. Fixes bug 40080; bugfix on + 0.2.7.2-alpha. Resolves TROVE-2020-005. + + o Major bugfixes (NSS, backport from 0.4.4.3-alpha): + - When running with NSS enabled, make sure that NSS knows to expect + nonblocking sockets. Previously, we set our TCP sockets as + nonblocking, but did not tell NSS, which in turn could lead to + unexpected blocking behavior. Fixes bug 40035; bugfix + on 0.3.5.1-alpha. + + o Minor features (security, backport from 0.4.4.4-rc): + - Channels using obsolete versions of the Tor link protocol are no + longer allowed to circumvent address-canonicity checks. (This is + only a minor issue, since such channels have no way to set ed25519 + keys, and therefore should always be rejected for circuits that + specify ed25519 identities.) Closes ticket 40081. + + o Minor features (subprotocol versions, backport from 0.4.5.1-alpha): + - Tor no longer allows subprotocol versions larger than 63. + Previously version numbers up to UINT32_MAX were allowed, which + significantly complicated our code. Implements proposal 318; + closes ticket 40133. + + o Minor features (tests, backport from 0.4.4.5): + - Our "make check" target now runs the unit tests in 8 parallel + chunks. Doing this speeds up hardened CI builds by more than a + factor of two. Closes ticket 40098. + + o Minor features (tests, v2 onion services, backport from 0.4.5.1-alpha): + - Fix a rendezvous cache unit test that was triggering an underflow + on the global rend cache allocation. Fixes bug 40125; bugfix + on 0.2.8.1-alpha. + - Fix another rendezvous cache unit test that was triggering an + underflow on the global rend cache allocation. Fixes bug 40126; + bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (correctness, buffers, backport from 0.4.4.4-rc): + - Fix a correctness bug that could cause an assertion failure if we + ever tried using the buf_move_all() function with an empty input + buffer. As far as we know, no released versions of Tor do this. + Fixes bug 40076; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.5.1-alpha): + - Remove a debug logging statement that uselessly spammed the logs. + Fixes bug 40135; bugfix on 0.3.5.0-alpha. + + o Minor bugfixes (rate limiting, bridges, pluggable transports, backport from 0.4.4.4-rc): + - On a bridge, treat all connections from an ExtORPort as remote by + default for the purposes of rate-limiting. Previously, bridges + would treat the connection as local unless they explicitly + received a "USERADDR" command. ExtORPort connections still count + as local if there is a USERADDR command with an explicit local + address. Fixes bug 33747; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (relay configuration, crash, backport from 0.4.5.1-alpha): + - Avoid a fatal assert() when failing to create a listener + connection for an address that was in use. Fixes bug 40073; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (relay, usability, backport from 0.4.4.3-alpha): + - Adjust the rules for when to warn about having too many + connections to other relays. Previously we'd tolerate up to 1.5 + connections per relay on average. Now we tolerate more connections + for directory authorities, and raise the number of total + connections we need to see before we warn. Fixes bug 33880; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (tests, 0.4.4.5): + - Fix the behavior of the rend_cache/clean_v2_descs_as_dir when run + on its own. Previously, it would exit with an error. Fixes bug + 40099; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (v2 onion services, backport from 0.4.5.1-alpha): + - For HSFETCH commands on v2 onion services addresses, check the + length of bytes decoded, not the base32 length. Fixes bug 34400; + bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (windows, backport from 0.4.4.4-rc): + - Fix a bug that prevented Tor from starting if its log file grew + above 2GB. Fixes bug 31036; bugfix on 0.2.1.8-alpha. + + o Deprecated features (onion service v2, backport form 0.4.4.2-alpha): + - Add a deprecation warning for version 2 onion services. Closes + ticket 40003. + + o Removed features (backport from 0.4.4.3-alpha): + - Our "check-local" test target no longer tries to use the + Coccinelle semantic patching tool parse all the C files. While it + is a good idea to try to make sure Coccinelle works on our C + before we run a Coccinelle patch, doing so on every test run has + proven to be disruptive. You can still run this tool manually with + "make check-cocci". Closes ticket 40030. ticket 40030. + + +Changes in version 0.3.5.12 - 2020-11-12 + Tor 0.4.3.7 backports several bugfixes from later releases. It + includes a fix for TROVE-2020-005, a security issue that could be + used, under certain cases, by an adversary to observe traffic patterns + on a limited number of circuits intended for a different relay. + + o Major features (fallback directory list, backport form 0.4.4.3-alpha): + - Replace the 148 fallback directories originally included in Tor + 0.4.1.4-rc (of which around 105 are still functional) with a list + of 144 fallbacks generated in July 2020. Closes ticket 40061. + + o Major bugfixes (security, backport from 0.4.5.1-alpha): + - When completing a channel, relays now check more thoroughly to + make sure that it matches any pending circuits before attaching + those circuits. Previously, address correctness and Ed25519 + identities were not checked in this case, but only when extending + circuits on an existing channel. Fixes bug 40080; bugfix on + 0.2.7.2-alpha. Resolves TROVE-2020-005. + + o Major bugfixes (NSS, backport from 0.4.4.3-alpha): + - When running with NSS enabled, make sure that NSS knows to expect + nonblocking sockets. Previously, we set our TCP sockets as + nonblocking, but did not tell NSS, which in turn could lead to + unexpected blocking behavior. Fixes bug 40035; bugfix + on 0.3.5.1-alpha. + + o Minor features (security, backport from 0.4.4.4-rc): + - Channels using obsolete versions of the Tor link protocol are no + longer allowed to circumvent address-canonicity checks. (This is + only a minor issue, since such channels have no way to set ed25519 + keys, and therefore should always be rejected for circuits that + specify ed25519 identities.) Closes ticket 40081. + + o Minor features (debugging, directory system): + - Don't crash when we find a non-guard with a guard-fraction value + set. Instead, log a bug warning, in an attempt to figure out how + this happened. Diagnostic for ticket 32868. + + o Minor features (subprotocol versions, backport from 0.4.5.1-alpha): + - Tor no longer allows subprotocol versions larger than 63. + Previously version numbers up to UINT32_MAX were allowed, which + significantly complicated our code. Implements proposal 318; + closes ticket 40133. + + o Minor features (tests, backport from 0.4.4.5): + - Our "make check" target now runs the unit tests in 8 parallel + chunks. Doing this speeds up hardened CI builds by more than a + factor of two. Closes ticket 40098. + + o Minor features (tests, v2 onion services, backport from 0.4.5.1-alpha): + - Fix a rendezvous cache unit test that was triggering an underflow + on the global rend cache allocation. Fixes bug 40125; bugfix + on 0.2.8.1-alpha. + - Fix another rendezvous cache unit test that was triggering an + underflow on the global rend cache allocation. Fixes bug 40126; + bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (correctness, buffers, backport from 0.4.4.4-rc): + - Fix a correctness bug that could cause an assertion failure if we + ever tried using the buf_move_all() function with an empty input + buffer. As far as we know, no released versions of Tor do this. + Fixes bug 40076; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.5.1-alpha): + - Remove a debug logging statement that uselessly spammed the logs. + Fixes bug 40135; bugfix on 0.3.5.0-alpha. + + o Minor bugfixes (rate limiting, bridges, pluggable transports, backport from 0.4.4.4-rc): + - On a bridge, treat all connections from an ExtORPort as remote by + default for the purposes of rate-limiting. Previously, bridges + would treat the connection as local unless they explicitly + received a "USERADDR" command. ExtORPort connections still count + as local if there is a USERADDR command with an explicit local + address. Fixes bug 33747; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (relay configuration, crash, backport from 0.4.5.1-alpha): + - Avoid a fatal assert() when failing to create a listener + connection for an address that was in use. Fixes bug 40073; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (relay, usability, backport from 0.4.4.3-alpha): + - Adjust the rules for when to warn about having too many + connections to other relays. Previously we'd tolerate up to 1.5 + connections per relay on average. Now we tolerate more connections + for directory authorities, and raise the number of total + connections we need to see before we warn. Fixes bug 33880; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (relays, backport from 0.4.4.1-alpha): + - Stop advertising incorrect IPv6 ORPorts in relay and bridge + descriptors, when the IPv6 port was configured as "auto". Fixes + bug 32588; bugfix on 0.2.3.9-alpha. + + o Minor bugfixes (tests, 0.4.4.5): + - Fix the behavior of the rend_cache/clean_v2_descs_as_dir when run + on its own. Previously, it would exit with an error. Fixes bug + 40099; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (windows, backport from 0.4.4.4-rc): + - Fix a bug that prevented Tor from starting if its log file grew + above 2GB. Fixes bug 31036; bugfix on 0.2.1.8-alpha. + + o Deprecated features (onion service v2, backport form 0.4.4.2-alpha): + - Add a deprecation warning for version 2 onion services. Closes + ticket 40003. Changes in version 0.4.4.5 - 2020-09-15 Tor 0.4.4.5 is the first stable release in the 0.4.4.x series. This diff --git a/changes/bug19431 b/changes/bug19431 deleted file mode 100644 index 09f16b422d..0000000000 --- a/changes/bug19431 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (logging): - - When logging a rate-limited message about how many messages have been - suppressed in the last N seconds, give an accurate value for N, rounded - up to the nearest minute. Previously we would report the size of the - rate-limiting interval, regardless of when the messages started to - occur. Fixes bug 19431; bugfix on 0.2.2.16-alpha. diff --git a/changes/bug20165 b/changes/bug20165 deleted file mode 100644 index bbe9f00032..0000000000 --- a/changes/bug20165 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (self-testing): - - When receiving an incoming circuit, only accept it as evidence that we - are reachable if the declared address of its channel is the same - address we think that we have. Otherwise, it could be evidence that - we're reachable on some other address. Fixes bug 20165; bugfix on - 0.1.0.1-rc. diff --git a/changes/bug27194 b/changes/bug27194 deleted file mode 100644 index a1919c6c49..0000000000 --- a/changes/bug27194 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (protover): - - Consistently reject extra commas, instead of only rejecting leading commas. - Fixes bug 27194; bugfix on 0.2.9.4-alpha. diff --git a/changes/bug30187 b/changes/bug30187 new file mode 100644 index 0000000000..2a3358d6be --- /dev/null +++ b/changes/bug30187 @@ -0,0 +1,5 @@ + o Major bugfixes (relay, windows): + - Fix bug where running a relay on Windows would use 100% + CPU after some time. Makes Windows >= Vista the required + Windows version to build and run tor. Fixes bug 30187; + bugfix on 0.4.5.1-alpha. Patch by Daniel Pinto. diff --git a/changes/bug30992 b/changes/bug30992 deleted file mode 100644 index f318319016..0000000000 --- a/changes/bug30992 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (circuitpadding): - - Add a per-circuit padding machine instance counter, so we can - differentiate between shutdown requests for old machines on a circuit; - Fixes bug 30992; bugfix on 0.4.1.1-alpha. diff --git a/changes/bug32040 b/changes/bug32040 deleted file mode 100644 index 1cdc0bec9a..0000000000 --- a/changes/bug32040 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (circuitpadding): - - Add the abilility to keep circuit padding machines if they match a set - of circuit state or purposes. This allows us to have machines that start - up under some conditions but don't shut down under others. We now - use this mask to avoid starting up introduction circuit padding - again after the machines have already completed. Fixes bug 32040; - bugfix on 0.4.1.1-alpha. diff --git a/changes/bug32671 b/changes/bug32671 deleted file mode 100644 index aa43d46543..0000000000 --- a/changes/bug32671 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (circuit padding): - - When circpad_send_padding_cell_for_callback is called, - `is_padding_timer_scheduled` flag was not reset. Now it is set to 0 at - the top of that function. Fixes bug 32671; bugfix on 0.4.0.1-alpha. diff --git a/changes/bug33097 b/changes/bug33097 deleted file mode 100644 index ef1a431daf..0000000000 --- a/changes/bug33097 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring: - - Remove the now-redundant 'outbuf_flushlen' field from our connection - type. It was previously used for an older version of our rate-limiting - logic. Closes ticket 33097. diff --git a/changes/bug33124 b/changes/bug33124 deleted file mode 100644 index bc7003d9b5..0000000000 --- a/changes/bug33124 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (SOCKS, onion services): - - Make sure we send the SOCKS request address in relay begin cells when a - stream is attached with the purpose CIRCUIT_PURPOSE_CONTROLLER. Fixes bug - 33124; bugfix on 0.0.5. Patch by Neel Chauhan. diff --git a/changes/bug33781 b/changes/bug33781 deleted file mode 100644 index 9f63ab0a2c..0000000000 --- a/changes/bug33781 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (compatibility): - - Strip '\r' characters when reading text files on Unix platforms. - This should resolve an issue where a relay operator migrates a relay from - Windows to Unix, but does not change the line ending of Tor's various state - files to match the platform, the CRLF line endings from Windows ends up leaking - into other files such as the extra-info document. Fixes bug 33781; bugfix on - 0.0.9pre5. diff --git a/changes/bug34065 b/changes/bug34065 deleted file mode 100644 index f81cb77c21..0000000000 --- a/changes/bug34065 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (IPv6, ExcludeNodes): - - Make routerset_contains_router() capable of handling IPv6 - addresses. This makes ExcludeNodes capable of excluding an - IPv6 adddress. Previously, ExcludeNodes ignored IPv6 - addresses. Closes ticket 34065. Patch by Neel Chauhan. diff --git a/changes/bug34248 b/changes/bug34248 deleted file mode 100644 index b89df444ed..0000000000 --- a/changes/bug34248 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (rust, protocol versions): - - Declare support for the onion service introduction point denial of - service extensions, when building tor with Rust. - Fixes bug 34248; bugfix on 0.4.2.1-alpha. diff --git a/changes/bug34251 b/changes/bug34251 deleted file mode 100644 index bbf0535256..0000000000 --- a/changes/bug34251 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (rust, protocol versions): - - Make Rust protocol version support checks consistent with the - undocumented error behaviour of the corresponding C code. - Fixes bug 34251; bugfix on 0.3.3.5-rc. diff --git a/changes/bug34357 b/changes/bug34357 deleted file mode 100644 index 69fada7cc0..0000000000 --- a/changes/bug34357 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (directory authorities): - - Directory authorities now reject descriptors from relays running - Tor versions from the 0.4.1 series, but still allow the 0.3.5 - series. Resolves ticket 34357. Patch by Neel Chauhan. diff --git a/changes/bug34400 b/changes/bug34400 deleted file mode 100644 index e2b56688b9..0000000000 --- a/changes/bug34400 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (v2 onion services): - - For HSFETCH commands on v2 onion services addresses, check the length of - bytes decoded, not the base32 length. This takes the behavior introduced - in commit a517daa56f5848d25ba79617a1a7b82ed2b0a7c0 into consideration. - Fixes bug 34400; bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan. diff --git a/changes/bug40062 b/changes/bug40062 deleted file mode 100644 index 9f18685a94..0000000000 --- a/changes/bug40062 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (onion services): - - When writing an onion service hostname file, first read it to make - sure it contains what we want before attempting to write it. Now - onion services can set their existing onion service directories to - read-only and Tor will still work. Resolves ticket 40062. Patch by - Neel Chauhan. diff --git a/changes/bug40113 b/changes/bug40113 deleted file mode 100644 index adf4634097..0000000000 --- a/changes/bug40113 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Resolve a compilation warning that could occur in test_connection.c. - Fixes bug 40113; bugfix on 0.2.9.3-alpha. diff --git a/changes/bug40129 b/changes/bug40129 deleted file mode 100644 index 80de5ef355..0000000000 --- a/changes/bug40129 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Fix compiler warnings that would occur when building with - "--enable-all-bugs-are-fatal" and "--disable-module-relay" - at the same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha. diff --git a/changes/bug40141 b/changes/bug40141 deleted file mode 100644 index a766993b32..0000000000 --- a/changes/bug40141 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (configuration): - - Fix bug where %including a pattern ending with */ would include files - and folders (instead of folders only) in versions of glibc < 2.19. - Fixes bug 40141; bugfix on 0.4.5.0-alpha-dev. Patch by Daniel Pinto. diff --git a/changes/bug40172 b/changes/bug40172 new file mode 100644 index 0000000000..a73fcb39a3 --- /dev/null +++ b/changes/bug40172 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Fix a compilation issue in which the correct 'ranlib' program was not + used when building libtor.a. Fixes bug 40172; bugfix on 0.4.5.1-alpha. diff --git a/changes/bug40177 b/changes/bug40177 new file mode 100644 index 0000000000..b08be64e47 --- /dev/null +++ b/changes/bug40177 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Remove a duplicate typedef in metrics_store.c. Fixes bug 40177; + bugfix on 0.4.5.1-alpha. diff --git a/changes/bug5304 b/changes/bug5304 deleted file mode 100644 index 9afa838129..0000000000 --- a/changes/bug5304 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (pluggable transports): - - Added option OutboundBindAddressPT to torrc. This option allows users to - specify which IPv4 and IPv6 address they want pluggable transports to use - for outgoing IP packets. Tor does not have a way to enforce that the pluggable - transport honors this option so each pluggable transport will have to - implement support for this feature. Closes ticket 5304. diff --git a/changes/feature25140 b/changes/feature25140 deleted file mode 100644 index 5202fa11ce..0000000000 --- a/changes/feature25140 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (configuration): - - Allow the using wildcards (* and ?) with the %include option on - configuration files. Closes ticket 25140. Patch by Daniel Pinto. diff --git a/changes/feature28361 b/changes/feature28361 deleted file mode 100644 index 55bed9aea0..0000000000 --- a/changes/feature28361 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor feature (configuration): - - Allows configuration options EntryNodes, ExcludeNodes, - ExcludeExitNodes, ExitNodes, MiddleNodes, HSLayer2Nodes and - HSLayer3Nodes to be specified multiple times. Closes ticket - 28361. Patch by Daniel Pinto. diff --git a/changes/feature30045 b/changes/feature30045 deleted file mode 100644 index 9a0b8c041a..0000000000 --- a/changes/feature30045 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (admin tools): - - Add new --format argument to -key-expiration option to allow - specifying the time format of expiration date. Adds Unix - timestamp format support. Patch by Daniel Pinto. Closes - ticket 30045. - diff --git a/changes/feature34068 b/changes/feature34068 deleted file mode 100644 index 10812c8eca..0000000000 --- a/changes/feature34068 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (controller, IPv6): - - Tor relays now try to report to the controller when they are launching - an IPv6 self-test. Closes ticket 34068. diff --git a/changes/feature40047 b/changes/feature40047 deleted file mode 100644 index ff313a9fa5..0000000000 --- a/changes/feature40047 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (logging): - - Adds the running glibc version to the log. Also adds the - running and compiled glibc version to the library list - returned when using the flag --library-versions. Patch - from Daniel Pinto. Closes ticket 40047; bugfix on - 0.4.5.0-alpha-dev. diff --git a/changes/ticket18106 b/changes/ticket18106 deleted file mode 100644 index b3d8635f29..0000000000 --- a/changes/ticket18106 +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplification and refactoring: - - Rename "fascist_firewall_*" identifiers to "reachable_addr_*" instead, - for consistency with other code. Closes ticket 18106. diff --git a/changes/ticket18888 b/changes/ticket18888 new file mode 100644 index 0000000000..279eab76ad --- /dev/null +++ b/changes/ticket18888 @@ -0,0 +1,3 @@ + o Minor features (safety): + - Log a warning at startup if Tor is built with compile-time options that + are likely to make it less stable or reliable. Closes ticket 18888. diff --git a/changes/ticket22473 b/changes/ticket22473 new file mode 100644 index 0000000000..c7496f9da7 --- /dev/null +++ b/changes/ticket22473 @@ -0,0 +1,3 @@ + o Removed features (controller): + - Remove the "GETINFO network-status" controller command. It has + been deprecated since 0.3.1.1-alpha. Closes ticket 22473. diff --git a/changes/ticket22668 b/changes/ticket22668 deleted file mode 100644 index 49e05e4d8c..0000000000 --- a/changes/ticket22668 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (logging): - - When describing a relay in th elogs, we now include its ed25519 identity. - Closes ticket 22668. diff --git a/changes/ticket23378 b/changes/ticket23378 deleted file mode 100644 index 783d02edfc..0000000000 --- a/changes/ticket23378 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation (manual page): - - Describe the status of the "Sandbox" option more accurately. It is no - longer "experimental", but it _is_ dependent on kernel and libc - versions. Closes ticket 23378. diff --git a/changes/ticket25061 b/changes/ticket25061 deleted file mode 100644 index 9ab0e660bb..0000000000 --- a/changes/ticket25061 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (bootstrap reporting): - - When reporting bootstrapping status on a relay, do not consider - connections that have never been the target of an origin circuit. - Previously, all connection failures were treated as potential - bootstrapping failures, including those that had been opened because of - client requests. Closes ticket 25061. diff --git a/changes/ticket28279 b/changes/ticket28279 deleted file mode 100644 index 1c085c2a6e..0000000000 --- a/changes/ticket28279 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (control port, rephist): - - Introduce GETINFO "stats/ntor/{assigned/requested}" and - "stats/tap/{assigned/requested}" to get the NTorand TAP - circuit onion handshake rephist values respectively. - Closes ticket 28279. Patch by Neel Chauhan. diff --git a/changes/ticket29113 b/changes/ticket29113 deleted file mode 100644 index b883999f5b..0000000000 --- a/changes/ticket29113 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (heartbeat): - - Include the total number of inbound and outbound IPv4 and IPv6 - connections in the heartbeat message . Closes ticket 29113. diff --git a/changes/ticket30642 b/changes/ticket30642 deleted file mode 100644 index 13941b2ac5..0000000000 --- a/changes/ticket30642 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (ed25519, relay): - - Save a relay's base64-encoded ed25519 identity key to the data - directory in a file named fingerprint-ed25519. Closes ticket 30642. - Patch by Neel Chauhan. diff --git a/changes/ticket30797 b/changes/ticket30797 deleted file mode 100644 index 0c116bd664..0000000000 --- a/changes/ticket30797 +++ /dev/null @@ -1,5 +0,0 @@ - o Removed features: - - We no longer ship or build a "tor.service" file for use with systemd. - No distribution included this script unmodified, and we don't have the - expertise ourselves to maintain this in a way that all the various - systemd-based distributions can use. Closes ticket 30797. diff --git a/changes/ticket31699 b/changes/ticket31699 deleted file mode 100644 index 1998248d57..0000000000 --- a/changes/ticket31699 +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplification and refactoring (autoconf): - - Remove autoconf checks for unused funcs and headers. Closes ticket - 31699; Patch by @bduszel diff --git a/changes/ticket32178 b/changes/ticket32178 new file mode 100644 index 0000000000..c13e490cb0 --- /dev/null +++ b/changes/ticket32178 @@ -0,0 +1,3 @@ + o Minor bugfixes (logging): + - Remove trailing whitespaces from control event log messages. Fixes bug + 32178; bugfix on 0.1.1.1-alpha. Based on a patch by Amadeusz Pawlik. diff --git a/changes/ticket32181 b/changes/ticket32181 deleted file mode 100644 index c0bf3d50e1..0000000000 --- a/changes/ticket32181 +++ /dev/null @@ -1,4 +0,0 @@ - o Removed features: - - We no longer ship support for the Android logging API. Modern - versions of Android can use the syslog API instead. - Closes ticket 32181. diff --git a/changes/ticket32190 b/changes/ticket32190 deleted file mode 100644 index a34fd51c60..0000000000 --- a/changes/ticket32190 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (control port): - - When a stream enters the AP_CONN_STATE_CONTROLLER_WAIT status, - send a control port event CONTROLLER_WAIT. Closes ticket 32190. - Patch by Neel Chauhan. diff --git a/changes/ticket32822 b/changes/ticket32822 deleted file mode 100644 index ca62f0cc53..0000000000 --- a/changes/ticket32822 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (directory authorities, IPv6): - - Make authorities add their IPv6 ORPort (if any) to the trusted dir - servers list. Authorities currently add themselves to the trusted dir - servers list, but they only add their IPv4 address and ports to the list. - Closes ticket 32822. diff --git a/changes/ticket32910 b/changes/ticket32910 deleted file mode 100644 index e3d64d4333..0000000000 --- a/changes/ticket32910 +++ /dev/null @@ -1,5 +0,0 @@ - o Major feature (tracing): - - Add a tracing library with USDT and LTTng-UST support. Few tracepoints - were added in the circuit subsystem. More will come incrementally. This - feature is compiled out by default. It needs to be enabled at configure - time. See documentation in doc/HACKING/Tracing.md. Closes ticket 32910. diff --git a/changes/ticket33220 b/changes/ticket33220 deleted file mode 100644 index e064dcd1c1..0000000000 --- a/changes/ticket33220 +++ /dev/null @@ -1,5 +0,0 @@ - o Major features (relay, IPv6): - - When a relay with IPv6 support opens a connection to another - relay, and the extend cell lists both IPv4 and IPv6 addresses, the - first relay now picks randomly which address to use. Closes - ticket 33220. diff --git a/changes/ticket33222 b/changes/ticket33222 deleted file mode 100644 index f7b117d6ad..0000000000 --- a/changes/ticket33222 +++ /dev/null @@ -1,8 +0,0 @@ - o Major features (IPv6, relay): - - Launch IPv4 and IPv6 ORPort self-test circuits on relays and bridges. - Closes ticket 33222. - o Minor features (IPv6, relay): - - Allow relays to send IPv6-only extend cells. Closes ticket 33222. - - Declare support for the Relay=3 subprotocol version. Closes ticket 33226. - - When launching IPv6 ORPort self-test circuits, make sure that the - second-last hop can initiate an IPv6 extend. Closes ticket 33222. diff --git a/changes/ticket33224 b/changes/ticket33224 deleted file mode 100644 index 3fdab7dc53..0000000000 --- a/changes/ticket33224 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (relay, IPv6): - - Add an AssumeReachableIPv6 option to disable self-checking IPv6 - reachability. Closes part of ticket 33224. diff --git a/changes/ticket33233 b/changes/ticket33233 deleted file mode 100644 index 977286c323..0000000000 --- a/changes/ticket33233 +++ /dev/null @@ -1,4 +0,0 @@ - o Major feature (IPv6, relay): - - The torrc option Address now supports IPv6. By doing so, we've also - unified the interface to find our address to support IPv4, IPv6 and - hostname. Closes ticket 33233; diff --git a/changes/ticket33236 b/changes/ticket33236 deleted file mode 100644 index d2b1d7e4da..0000000000 --- a/changes/ticket33236 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor feature (relay, address discovery): - - If Address is not found in torrc, attempt to learn our address with the - configured ORPort address if any. Closes ticket 33236. - diff --git a/changes/ticket33238 b/changes/ticket33238 deleted file mode 100644 index 2c4c3968cc..0000000000 --- a/changes/ticket33238 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor feature (address discovery): - - If no Address statements are found, relays now prioritize guessing their - address by looking at the local interface instead of the local hostname. - If the interface address can't be found, the local hostname is used. - Closes ticket 33238. diff --git a/changes/ticket33246 b/changes/ticket33246 deleted file mode 100644 index c44c2992b0..0000000000 --- a/changes/ticket33246 +++ /dev/null @@ -1,3 +0,0 @@ - o Major feature (relay, IPv6): - - Relays now automatically bind on IPv6 for their ORPort unless specified - otherwise with the IPv4Only flag. Closes ticket 33246. diff --git a/changes/ticket33263 b/changes/ticket33263 deleted file mode 100644 index ab5d9c9693..0000000000 --- a/changes/ticket33263 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (statistics, ipv6): - - Relays now publish their IPv6 read and write statistics over time, - if statistics are enabled. - Closes ticket 33263. diff --git a/changes/ticket33264 b/changes/ticket33264 deleted file mode 100644 index c72ea1c57a..0000000000 --- a/changes/ticket33264 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (statistics, ipv6): - - Relays now publish IPv6-specific counts of single-direction - versus bidirectional relay connections. - Closes ticket 33264. diff --git a/changes/ticket33398 b/changes/ticket33398 deleted file mode 100644 index bd175bad2f..0000000000 --- a/changes/ticket33398 +++ /dev/null @@ -1,4 +0,0 @@ - o Deprecated features: - - The "non-builtin" argument to the "--dump-config" command is now - deprecated. When it works, it behaves the same as "short", which - you should use instead. Closes ticket 33398. diff --git a/changes/ticket33812 b/changes/ticket33812 deleted file mode 100644 index 9c675df19c..0000000000 --- a/changes/ticket33812 +++ /dev/null @@ -1,3 +0,0 @@ - o Testing: - - Add unit tests for bandwidth statistics manipulation functions. - Closes ticket 33812. Patch by MrSquanchee. diff --git a/changes/ticket33816 b/changes/ticket33816 deleted file mode 100644 index 6412e78443..0000000000 --- a/changes/ticket33816 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring: - - When an extend cell is missing an IPv4 or IPv6 address, fill in the address - from the extend info. This is similar to what was done in ticket 33633 for - ed25519 keys. Closes ticket 33816. Patch by Neel Chauhan. diff --git a/changes/ticket33898 b/changes/ticket33898 deleted file mode 100644 index 7c8d9d0009..0000000000 --- a/changes/ticket33898 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (relay address tracking): - - We store relay addresses for OR connections in a more logical way. - Previously we would sometimes overwrite the actual address of a - connection with a "canonical address", and then store the "real - address" elsewhere to remember it. We now track the "canonical address" - elsewhere for the cases where we need it, and leave the connection's - address alone. Closes ticket 33898. diff --git a/changes/ticket33919 b/changes/ticket33919 deleted file mode 100644 index a9991b7419..0000000000 --- a/changes/ticket33919 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (testing): - - Added unit tests for channel_matches_target_addr_for_extend(). - Closes Ticket 33919. Patch by MrSquanchee. diff --git a/changes/ticket34064 b/changes/ticket34064 deleted file mode 100644 index 13ed70c8f6..0000000000 --- a/changes/ticket34064 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (relay, ipv6): - - Add new "assume-reachable" and "assume-reachable-ipv6" parameters - to be used in an emergency to tell relays that they should publish - even if they cannot complete their ORPort self-checks. - Closes ticket 34064 and part of 33224. diff --git a/changes/ticket34067 b/changes/ticket34067 deleted file mode 100644 index b67ccf6082..0000000000 --- a/changes/ticket34067 +++ /dev/null @@ -1,4 +0,0 @@ - o Major features (relay self-testing, IPv6): - - Relays now track their IPv6 ORPort separately from the reachability of - their IPv4 ORPort. They will not publish a descriptor unless _both_ - ports appear to be externally reachable. Closes ticket 34067. diff --git a/changes/ticket34137 b/changes/ticket34137 deleted file mode 100644 index 0982d9dd3b..0000000000 --- a/changes/ticket34137 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (relay): - - Log immediately when launching a relay self-check. Previously - we would try to log before launching checks, or approximately - when we intended to launch checks, but this tended to be - error-prone. Closes ticket 34137. diff --git a/changes/ticket34200 b/changes/ticket34200 deleted file mode 100644 index b984bd83bb..0000000000 --- a/changes/ticket34200 +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplification and refactoring: - - Refactor some common node selection code into a single function. - Closes ticket 34200. diff --git a/changes/ticket34232 b/changes/ticket34232 deleted file mode 100644 index 2e00465427..0000000000 --- a/changes/ticket34232 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (string handling): - - In summarize_protover_flags(), treat empty strings the same as NULL. - This prevents protocols_known from being set. Previously, we treated - empty strings as normal strings, which led to protocols_known being - set. Fixes bug 34232; bugfix on 0.3.3.2-alpha. Patch by Neel Chauhan. diff --git a/changes/ticket34445 b/changes/ticket34445 deleted file mode 100644 index 111c815dac..0000000000 --- a/changes/ticket34445 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (directory authority): - - The AssumeReachable option no longer stops directory authorities - from checking whether other relays are running. A new - AuthDirTestReachability option can be used to disable these checks. - Closes ticket 34445. diff --git a/changes/ticket34446 b/changes/ticket34446 deleted file mode 100644 index 2ec7723129..0000000000 --- a/changes/ticket34446 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (testing configuration): - - The TestingTorNetwork no longer implicitly sets AssumeReachable to 1. - This change will allow us to test relays' self-testing mechanisms, - and eventually to test authorities' relay-testing functionality. - Closes ticket 34446. diff --git a/changes/ticket40002 b/changes/ticket40002 deleted file mode 100644 index bd40dd055a..0000000000 --- a/changes/ticket40002 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (control port): - - Add a DROPTIMEOUTS control port command to drop circuit build timeout - history and reset the timeout. Closes ticket 40002. diff --git a/changes/ticket40006 b/changes/ticket40006 deleted file mode 100644 index ad10e236c3..0000000000 --- a/changes/ticket40006 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfix (TLS, buffer): - - When attempting to read N bytes on a TLS connection, really try to read - those N bytes. Before that, Tor would stop reading after the first TLS - record which can be smaller than N bytes even though more data was waiting - on the TLS connection socket. The remaining data would have been read at - the next mainloop event. Fixes bug 40006; bugfix on 0.1.0.5-rc. diff --git a/changes/ticket40019 b/changes/ticket40019 deleted file mode 100644 index 61ba171786..0000000000 --- a/changes/ticket40019 +++ /dev/null @@ -1,5 +0,0 @@ - o Code simplification and refactoring (maintainer scripts): - - Disable by default the pre-commit hook. Use the environment variable - TOR_EXTRA_PRE_COMMIT_CHECKS in order to run it. Furthermore, stop running - practracker in the pre-commit hook and make check-local. Closes ticket - 40019. diff --git a/changes/ticket40022 b/changes/ticket40022 deleted file mode 100644 index aa7bb256e6..0000000000 --- a/changes/ticket40022 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor feature (relay): - - If a relay is unable to discover its address, attempt to learn it from the - NETINFO cell. Closes ticket 40022. - diff --git a/changes/ticket40036 b/changes/ticket40036 deleted file mode 100644 index 3586e44694..0000000000 --- a/changes/ticket40036 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation (tracing): - - Document in depth the circuit subsystem trace events in the new - doc/tracing/EventsCircuit.md. Closes ticket 40036. diff --git a/changes/ticket40038 b/changes/ticket40038 deleted file mode 100644 index df648f7a7a..0000000000 --- a/changes/ticket40038 +++ /dev/null @@ -1,3 +0,0 @@ - o Testing (CI): - - Build tracing configure option into our CI. Closes ticket 40038. - diff --git a/changes/ticket40039 b/changes/ticket40039 deleted file mode 100644 index 41b34c6407..0000000000 --- a/changes/ticket40039 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (control port, relay): - - Introduce "GETINFO address/v4" and "GETINFO address/v6" in the control - port to fetch the Tor host's respective IPv4 or IPv6 address. We keep - "GETINFO address" for backwords-compatibility which retains the current - behavior. Closes ticket 40039. Patch by Neel Chauhan. diff --git a/changes/ticket40041 b/changes/ticket40041 deleted file mode 100644 index cc680db7c5..0000000000 --- a/changes/ticket40041 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features (logging): - - Provide more complete descriptions of our connections when logging - about them. Closes ticket 40041. - - o Code simplification and refactoring: - - Refactor our code that logs a descriptions of connections, channels, - and the peers on them, to use a single call path. This change - enables us to refactor the data types that they use, and eliminate - many confusing users of those types. Closes ticket 40041. diff --git a/changes/ticket40043 b/changes/ticket40043 deleted file mode 100644 index 4f63bbb400..0000000000 --- a/changes/ticket40043 +++ /dev/null @@ -1,5 +0,0 @@ - o Code simplification and refactoring (relay address): - - Most of IPv4 representation was using "uint32_t". It has now been moved to - use the internal "tor_addr_t" interface instead. This is so we can - properly integrate IPv6 along IPv4 with common interfaces. Closes ticket - 40043. diff --git a/changes/ticket40044 b/changes/ticket40044 deleted file mode 100644 index 8bd6d04e0a..0000000000 --- a/changes/ticket40044 +++ /dev/null @@ -1,2 +0,0 @@ - o Documentation (manpages): - - Move them from doc/ to doc/man/. Closes ticket 40044. diff --git a/changes/ticket40046 b/changes/ticket40046 deleted file mode 100644 index 68e1ed2544..0000000000 --- a/changes/ticket40046 +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplification and refactoring: - - Add and use a set of functions to perform downcasts on constant - connection and channel pointers. Closes ticket 40046. diff --git a/changes/ticket40053 b/changes/ticket40053 deleted file mode 100644 index ec46ff269b..0000000000 --- a/changes/ticket40053 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (logging): - - Consider 301 as an error like a 404 when processing the response to a - request for a group of server descriptors or an extrainfo documents. - Closes ticket 40053. - diff --git a/changes/ticket40055 b/changes/ticket40055 deleted file mode 100644 index cf375722a5..0000000000 --- a/changes/ticket40055 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring: - - Rename functions about "advertised" ports which are not in fact - guaranteed to return the ports have been advertised. Closes - ticket 40055. diff --git a/changes/ticket40063 b/changes/ticket40063 deleted file mode 100644 index ddf1349044..0000000000 --- a/changes/ticket40063 +++ /dev/null @@ -1,5 +0,0 @@ - o Major features (metrics): - - Introduce a new MetricsPort which exposes, through an HTTP GET /metrics, a - series of metrics that tor collects at runtime. At the moment, the only - supported output format is Prometheus data model. Closes ticket 40063; - diff --git a/changes/ticket40073 b/changes/ticket40073 deleted file mode 100644 index 30b028c042..0000000000 --- a/changes/ticket40073 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (relay configuration, crash): - - Avoid a fatal assert() when failing to create a listener connection for an - address that was in use. Fixes bug 40073; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40101 b/changes/ticket40101 deleted file mode 100644 index 7af42b9499..0000000000 --- a/changes/ticket40101 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Replace URLs from our old bugtracker so that they refer to the - new bugtracker and wiki. Closes ticket 40101. diff --git a/changes/ticket40102 b/changes/ticket40102 deleted file mode 100644 index 7347953fd4..0000000000 --- a/changes/ticket40102 +++ /dev/null @@ -1,4 +0,0 @@ - o Code simplification and refactoring: - - Split implementation of several command line options from - options_init_from_torrc into smaller isolated functions. - Patch by Daniel Pinto. Closes ticket 40102. diff --git a/changes/ticket40124 b/changes/ticket40124 deleted file mode 100644 index e412c401df..0000000000 --- a/changes/ticket40124 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (spec conformance): - - Use the correct key type when generating signing->link - certificates. Fixes bug 40124; bugfix on 0.2.7.2-alpha. diff --git a/changes/ticket40125 b/changes/ticket40125 deleted file mode 100644 index c68e3ce7b3..0000000000 --- a/changes/ticket40125 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing (onion service v2): - - Fix a rendezvous cache unit test that was triggering an underflow on the - global rend cache allocation. Fixes bug 40125; bugfix on - 0.2.8.1-alpha. diff --git a/changes/ticket40126 b/changes/ticket40126 deleted file mode 100644 index 1f5806e6cb..0000000000 --- a/changes/ticket40126 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing (onion service v2): - - Fix another rendezvous cache unit test that was triggering an underflow on the - global rend cache allocation. Fixes bug 40126; bugfix on - 0.2.8.1-alpha. diff --git a/changes/ticket40127 b/changes/ticket40127 deleted file mode 100644 index f546a8ea3b..0000000000 --- a/changes/ticket40127 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (compilation): - - When building Tor, first link all object files into a single - static library. This may help with embedding Tor in other - programs. Note that most Tor functions do not constitute a - part of a stable or supported API: Only those functions in - tor_api.h should be used if embedding Tor. Closes ticket - 40127. diff --git a/changes/ticket40135 b/changes/ticket40135 deleted file mode 100644 index 9b60b4f655..0000000000 --- a/changes/ticket40135 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (logging): - - Remove a debug logging statement that uselessly spam the logs. Fixes bug - 40135; bugfix on 0.3.5.0-alpha. diff --git a/changes/ticket40137 b/changes/ticket40137 deleted file mode 100644 index 056f1bc4a5..0000000000 --- a/changes/ticket40137 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (state): - - When loading the state file, remove entries from the statefile that - have been obsolete for a long time. Ordinarily Tor preserves - unrecognized entries in order to keep forward-compatibility, but - these statefile entries have not actually been used in any release - since before the 0.3.5.x. Closes ticket 40137. diff --git a/changes/ticket40138 b/changes/ticket40138 deleted file mode 100644 index 6facbb819f..0000000000 --- a/changes/ticket40138 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (build): - - When running the configure script, try to detect version mismatches - between the openssl headers and libraries, and suggest that the - user should try "--with-openssl-dir". Closes 40138. - - If the configure script has given any warnings, remind the user about - them at the end of the script. Related to 40138. diff --git a/changes/ticket40139 b/changes/ticket40139 deleted file mode 100644 index fce29233ef..0000000000 --- a/changes/ticket40139 +++ /dev/null @@ -1,7 +0,0 @@ - o Removed features (network parameters): - - The "optimistic data" feature is now always on; there is no longer an - option to disable it from the torrc file or from the consensus - directory. - Closes part of 40139. - - The "usecreatefast" network parameter is now removed; there is no - longer an option for authorities to turn it off. Closes part of 40139. diff --git a/changes/ticket40159 b/changes/ticket40159 deleted file mode 100644 index 6484097544..0000000000 --- a/changes/ticket40159 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (logging): - - Print directory fetch information a single line. Closes ticket 40159. diff --git a/changes/ticket40162 b/changes/ticket40162 deleted file mode 100644 index 093042f9af..0000000000 --- a/changes/ticket40162 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (authorities): - - Authorities now list a different set of protocols as required and - recommended. These lists are chosen so that only truly recommended - and/or required protocols are included, and so that clients using 0.2.9 - or later will continue to work (even though they are not supported), - whereas only relays running 0.3.5 or later will meet the requirements. - Closes ticket 40162. diff --git a/changes/ticket40164 b/changes/ticket40164 deleted file mode 100644 index c96118d0a4..0000000000 --- a/changes/ticket40164 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (directory authority): - - Make it possible to specify multiple ConsensusParams torrc lines. - Now directory authority operators can for example put the main - ConsensusParams config in one torrc file and then add to it from - a different torrc file. Closes ticket 40164. - diff --git a/changes/ticket40165 b/changes/ticket40165 new file mode 100644 index 0000000000..a8dd0a339b --- /dev/null +++ b/changes/ticket40165 @@ -0,0 +1,5 @@ + o Minor features (compilation): + - Disable deprecation warnings when building with OpenSSL 3.0.0 or later. + There are a number of newly deprecated APIs in OpenSSL 3.0.0 that Tor + still requires. (A later version of Tor will try to stop depending on + these.) Closes ticket 40165. diff --git a/changes/ticket40170 b/changes/ticket40170 new file mode 100644 index 0000000000..cc1c8dbad1 --- /dev/null +++ b/changes/ticket40170 @@ -0,0 +1,3 @@ + o Minor bugfixes (tests): + - Fix the "tortls/openssl/log_one_error" test to work with OpenSSL 3.0.0. + Fixes bug 40170; bugfix on 0.2.8.1-alpha. diff --git a/changes/ticket40174 b/changes/ticket40174 new file mode 100644 index 0000000000..869a2756f4 --- /dev/null +++ b/changes/ticket40174 @@ -0,0 +1,4 @@ + o Minor bugfixes (configure, build): + - With USDT tracing enabled, if STAP_PROBEV() is missing, don't attempt to + build. Linux supports that macro but not the BSDs. Fixes bug 40174; bugfix + on 0.4.5.1-alpha. diff --git a/changes/ticket7193 b/changes/ticket7193 deleted file mode 100644 index 27faffa498..0000000000 --- a/changes/ticket7193 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (directory authority): - - When looking for possible sybil attacks, also consider IPv6 addresses. - Two routers are considered to have "the same" address by this metric - if they are in the same /64 network. Patch from Maurice Pibouin. Closes - ticket 7193. diff --git a/changes/ticket7869 b/changes/ticket7869 deleted file mode 100644 index 001b165ff5..0000000000 --- a/changes/ticket7869 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (directory authorities): - - Create new consensus method that removes the unecessary = padding - from ntor-onion-key. Closes ticket 7869. Patch by Daniel Pinto. diff --git a/configure.ac b/configure.ac index 9abc1e530a..5e16884f74 100644 --- a/configure.ac +++ b/configure.ac @@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc. dnl See LICENSE for licensing information AC_PREREQ([2.63]) -AC_INIT([tor],[0.4.5.0-alpha-dev]) +AC_INIT([tor],[0.4.5.1-alpha-dev]) AC_CONFIG_SRCDIR([src/app/main/tor_main.c]) AC_CONFIG_MACRO_DIR([m4]) @@ -16,7 +16,7 @@ configure_flags="$*" # version number changes. Tor uses it to make sure that it # only shuts down for missing "required protocols" when those protocols # are listed as required by a consensus after this date. -AC_DEFINE(APPROX_RELEASE_DATE, ["2020-06-09"], # for 0.4.5.0-alpha-dev +AC_DEFINE(APPROX_RELEASE_DATE, ["2020-11-01"], # for 0.4.5.1-alpha-dev [Approximate date when this software was released. (Updated when the version changes.)]) # "foreign" means we don't follow GNU package layout standards @@ -292,11 +292,25 @@ if test "x$enable_tracing_instrumentation_usdt" = "xyes"; then AC_CHECK_HEADERS([sys/sdt.h], [], [AC_MSG_ERROR([USDT instrumentation requires sys/sdt.h header. On Debian, apt install systemtap-sdt-dev])], []) - dnl LTTng generates USDT probes if the UST library was built with - dnl --with-sdt. There is unfortunately no way to check that so we always - dnl build the USDT probes even though LTTng instrumentation was requested. - AC_DEFINE([USE_TRACING_INSTRUMENTATION_USDT], [1], [Using USDT instrumentation]) - have_tracing=1 + AC_MSG_CHECKING([STAP_PROBEV()]) + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #define SDT_USE_VARIADIC + #include <sys/sdt.h> + void test(void) + { + STAP_PROBEV(p, n, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12); + } + ]])], [ + AC_MSG_RESULT([yes]) + dnl LTTng generates USDT probes if the UST library was built with + dnl --with-sdt. There is unfortunately no way to check that so we always + dnl build the USDT probes even though LTTng instrumentation was requested. + AC_DEFINE([USE_TRACING_INSTRUMENTATION_USDT], [1], [Using USDT instrumentation]) + have_tracing=1 + ], [ + AC_MSG_RESULT([no]) + AC_MSG_ERROR([USDT tracing support requires STAP_PROBEV()]) + ]) fi dnl Tracepoints event to debug logs. @@ -560,14 +574,14 @@ fi AH_BOTTOM([ #ifdef _WIN32 -/* Defined to access windows functions and definitions for >=WinXP */ +/* Defined to access windows functions and definitions for >=WinVista */ # ifndef WINVER -# define WINVER 0x0501 +# define WINVER 0x0600 # endif -/* Defined to access _other_ windows functions and definitions for >=WinXP */ +/* Defined to access _other_ windows functions and definitions for >=WinVista */ # ifndef _WIN32_WINNT -# define _WIN32_WINNT 0x0501 +# define _WIN32_WINNT 0x0600 # endif /* Defined to avoid including some windows headers as part of Windows.h */ @@ -1065,13 +1079,30 @@ LIBS="$TOR_OPENSSL_LIBS $LIBS" LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS" CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS" +dnl Tor currently uses a number of APIs that are deprecated in OpenSSL 3.0.0 +dnl and later. We want to migrate away from them, but that will be a lot of +dnl work. (See ticket tor#40166.) For now, we disable the deprecation +dnl warnings. + +AC_MSG_CHECKING([for OpenSSL >= 3.0.0]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include <openssl/opensslv.h> +#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER <= 0x30000000L +#error "you_have_version_3" +#endif + ]], [[]])], + [ AC_MSG_RESULT([no]) ], + [ AC_MSG_RESULT([yes]); + AC_DEFINE(OPENSSL_SUPPRESS_DEPRECATED, 1, [disable openssl deprecated-function warnings]) ]) + +AC_MSG_CHECKING([for OpenSSL < 1.0.1]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <openssl/opensslv.h> #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL #error "too old" #endif ]], [[]])], - [ : ], + [ AC_MSG_RESULT([no]) ], [ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in index 8ca918b15b..9e5ccfa6bc 100644 --- a/contrib/win32build/tor-mingw.nsi.in +++ b/contrib/win32build/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.4.5.0-alpha-dev" +!define VERSION "0.4.5.1-alpha-dev" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/scripts/codegen/makedesc.py b/scripts/codegen/makedesc.py index 48d1d31a02..5c59a52af1 100644 --- a/scripts/codegen/makedesc.py +++ b/scripts/codegen/makedesc.py @@ -70,19 +70,39 @@ i2d_RSAPublicKey.argtypes = [ i2d_RSAPublicKey.restype = ctypes.c_int +HEADER = """\ +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +""" + +FOOTER=""" + +""" + def rsa_sign(msg, rsa): - buf = ctypes.create_string_buffer(1024) + buf = ctypes.create_string_buffer(2048) n = RSA_private_encrypt(len(msg), msg, buf, rsa, 1) if n <= 0: raise Exception() return buf.raw[:n] -def b64(x): - x = base64.b64encode(x) +def b64(x1): + x = binascii.b2a_base64(x1) res = [] for i in xrange(0, len(x), 64): - res.append(x[i:i+64]+"\n") - return "".join(res) + res.append((x[i:i+64]).decode("ascii")) + return "\n".join(res) def bio_extract(bio): buf = ctypes.c_char_p() @@ -100,18 +120,19 @@ def make_rsa_key(e=65537): n = crypt.i2d_RSAPublicKey(rsa, ctypes.byref(pBuf)) s = buf.raw[:n] digest = hashlib.sha1(s).digest() + pem = pem.decode("ascii") return (rsa,pem,digest) def makeEdSigningKeyCert(sk_master, pk_master, pk_signing, date, includeSigning=False, certType=1): assert len(pk_signing) == len(pk_master) == 32 - expiration = struct.pack("!L", date//3600) + expiration = struct.pack(b"!L", date//3600) if includeSigning: - extensions = "\x01\x00\x20\x04\x00%s"%(pk_master) + extensions = b"\x01\x00\x20\x04\x00%s"%(pk_master) else: - extensions = "\x00" - signed = "\x01%s%s\x01%s%s" % ( - chr(certType), expiration, pk_signing, extensions) + extensions = b"\x00" + signed = b"\x01%s%s\x01%s%s" % ( + bytes([certType]), expiration, pk_signing, extensions) signature = ed25519_exts_ref.signatureWithESK(signed, sk_master, pk_master) assert len(signature) == 64 return signed+signature @@ -127,7 +148,7 @@ MAGIC2 = "<<<<<!#!#!#XYZZY#!#!#!>>>>>" class OnDemandKeys(object): def __init__(self, certDate=None): if certDate is None: - certDate = time.time() + 86400 + certDate = int(time.time()) + 86400 self.certDate = certDate self.rsa_id = None self.rsa_onion_key = None @@ -151,7 +172,7 @@ class OnDemandKeys(object): @property def RSA_FINGERPRINT_NOSPACE(self): - return binascii.b2a_hex(self.RSA_ID_DIGEST).upper() + return binascii.b2a_hex(self.RSA_ID_DIGEST).upper().decode("ascii") @property def RSA_ONION_KEY(self): @@ -162,7 +183,7 @@ class OnDemandKeys(object): @property def RSA_FINGERPRINT(self): - hexdigest = self.RSA_FINGERPRINT_NOSPACEK + hexdigest = self.RSA_FINGERPRINT_NOSPACE return " ".join(hexdigest[i:i+4] for i in range(0,len(hexdigest),4)) @property @@ -178,7 +199,7 @@ class OnDemandKeys(object): if self.ntor_sk is None: self.ntor_sk = slownacl_curve25519.Private() self.ntor_pk = self.ntor_sk.get_public() - return base64.b64encode(self.ntor_pk.serialize()) + return base64.b64encode(self.ntor_pk.serialize()).decode("ascii") @property def ED_CERT(self): @@ -192,6 +213,11 @@ class OnDemandKeys(object): return objwrap('ED25519 CERT', b64(self.ed_cert)) @property + def ED_IDENTITY(self): + self.ED_CERT + return binascii.b2a_base64(self.ed_id_pk).strip().decode("ascii") + + @property def NTOR_CROSSCERT(self): if self.ntor_crosscert is None: self.ED_CERT @@ -199,7 +225,7 @@ class OnDemandKeys(object): ed_privkey = self.ntor_sk.serialize() + os.urandom(32) ed_pub0 = ed25519_exts_ref.publickeyFromESK(ed_privkey) - sign = (ord(ed_pub0[31]) & 255) >> 7 + sign = ((ed_pub0[31]) & 255) >> 7 self.ntor_crosscert = makeEdSigningKeyCert(self.ntor_sk.serialize() + os.urandom(32), ed_pub0, self.ed_id_pk, self.certDate, certType=10) self.ntor_crosscert_sign = sign @@ -234,18 +260,19 @@ class OnDemandKeys(object): self.ED_CERT signed_part = body[:idx+len("\nrouter-sig-ed25519 ")] signed_part = "Tor router descriptor signature v1" + signed_part - digest = hashlib.sha256(signed_part).digest() + digest = hashlib.sha256(signed_part.encode("utf-8")).digest() ed_sig = ed25519_exts_ref.signatureWithESK(digest, self.ed_signing_sk, self.ed_signing_pk) - body = body.replace(MAGIC2, base64.b64encode(ed_sig).replace("=","")) + body = body.replace(MAGIC2, base64.b64encode(ed_sig).decode("ascii").replace("=","")) + self.RSA_IDENTITY idx = body.rindex("\nrouter-signature") end_of_sig = body.index("\n", idx+1) signed_part = body[:end_of_sig+1] - digest = hashlib.sha1(signed_part).digest() + digest = hashlib.sha1(signed_part.encode("utf-8")).digest() assert len(digest) == 20 rsasig = rsa_sign(digest, self.rsa_id) @@ -318,29 +345,42 @@ def emit_ri(name, body): body = info.sign_desc(body) print_c_string("EX_RI_%s"%name.upper(), body) -def emit_ei(name, body): +def emit_ei(name, body, fields): info = OnDemandKeys() body = body.format(d=info) body = info.sign_desc(body) print_c_string("EX_EI_%s"%name.upper(), body) - print('const char EX_EI_{NAME}_FP[] = "{d.RSA_FINGERPRINT_NOSPACE}";'.format( + print('ATTR_UNUSED static const char EX_EI_{NAME}_FP[] = "{d.RSA_FINGERPRINT_NOSPACE}";'.format( d=info, NAME=name.upper())) + print("ATTR_UNUSED") print_c_string("EX_EI_%s_KEY"%name.upper(), info.RSA_IDENTITY) def analyze(s): - fields = {} - while s.startswith(":::"): - first,s=s.split("\n", 1) - m = re.match(r'^:::(\w+)=(.*)',first) - if not m: - raise ValueError(first) - k,v = m.groups() - fields[k] = v - return fields, s - -def process_file(s): - fields, s = analyze(s) + while s: + fields = {} + s_pre = s + while s.startswith(":::"): + first,s=s.split("\n", 1) + m = re.match(r'^:::(\w+)=(.*)',first) + if not m: + raise ValueError(first) + k,v = m.groups() + fields[k] = v + if "name" not in fields: + print(repr(s_pre)) + + idx = s.find(":::") + if idx != -1: + body = s[:idx].rstrip() + s = s[idx:] + else: + body = s.rstrip() + s = "" + + yield (fields, body) + +def emit_entry(fields, s): try: name = fields['name'] tp = fields['type'] @@ -348,12 +388,21 @@ def process_file(s): raise ValueError("missing required field") if tp == 'ei': - emit_ei(name, s) + emit_ei(name, s, fields) elif tp == 'ri': emit_ri(name, s) else: raise ValueError("unrecognized type") +def process_file(s): + print("""\ +/* These entries are automatically generated by makedesc.py to make sure + * that their keys and signatures are right except when otherwise + * specified. */ +""") + for (fields, s) in analyze(s): + emit_entry(fields, s) + if __name__ == '__main__': import sys for fn in sys.argv[1:]: diff --git a/src/app/main/include.am b/src/app/main/include.am index ea392a8581..576c750377 100644 --- a/src/app/main/include.am +++ b/src/app/main/include.am @@ -2,6 +2,7 @@ # ADD_C_FILE: INSERT SOURCES HERE. LIBTOR_APP_A_SOURCES += \ src/app/main/main.c \ + src/app/main/risky_options.c \ src/app/main/shutdown.c \ src/app/main/subsystem_list.c \ src/app/main/subsysmgr.c @@ -10,6 +11,7 @@ LIBTOR_APP_A_SOURCES += \ noinst_HEADERS += \ src/app/main/main.h \ src/app/main/ntmain.h \ + src/app/main/risky_options.h \ src/app/main/shutdown.h \ src/app/main/subsysmgr.h diff --git a/src/app/main/main.c b/src/app/main/main.c index ff530c0ad0..589d365add 100644 --- a/src/app/main/main.c +++ b/src/app/main/main.c @@ -16,6 +16,7 @@ #include "app/config/quiet_level.h" #include "app/main/main.h" #include "app/main/ntmain.h" +#include "app/main/risky_options.h" #include "app/main/shutdown.h" #include "app/main/subsysmgr.h" #include "core/mainloop/connection.h" @@ -539,6 +540,7 @@ tor_init(int argc, char *argv[]) { char progname[256]; quiet_level_t quiet = QUIET_NONE; + bool running_tor = false; time_of_process_start = time(NULL); tor_init_connection_lists(); @@ -562,8 +564,10 @@ tor_init(int argc, char *argv[]) whether we log anything at all to stdout. */ parsed_cmdline_t *cmdline; cmdline = config_parse_commandline(argc, argv, 1); - if (cmdline) + if (cmdline) { quiet = cmdline->quiet_level; + running_tor = (cmdline->command == CMD_RUN_TOR); + } parsed_cmdline_free(cmdline); } @@ -599,6 +603,12 @@ tor_init(int argc, char *argv[]) log_notice(LD_GENERAL, "This version is not a stable Tor release. " "Expect more bugs than usual."); + if (strlen(risky_option_list) && running_tor) { + log_warn(LD_GENERAL, "This build of Tor has been compiled with one " + "or more options that might make it less reliable or secure! " + "They are:%s", risky_option_list); + } + tor_compress_log_init_warnings(); } diff --git a/src/app/main/risky_options.c b/src/app/main/risky_options.c new file mode 100644 index 0000000000..747dda766b --- /dev/null +++ b/src/app/main/risky_options.c @@ -0,0 +1,35 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file risky_options.c + * \brief List compile-time options that might make Tor less reliable. + **/ + +#include "orconfig.h" +#include "app/main/risky_options.h" + +/** A space-separated list of the compile-time options might make Tor less + * reliable or secure. These options mainly exist for testing or debugging. + */ +const char risky_option_list[] = + "" +#ifdef DISABLE_ASSERTS_IN_TEST + " --disable-asserts-in-test" +#endif +#ifdef TOR_UNIT_TESTS + " TOR_UNIT_TESTS" +#endif +#ifdef ENABLE_RESTART_DEBUGGING + " --enable-restart-debugging" +#endif +#ifdef ALL_BUGS_ARE_FATAL + " --enable-all-bugs-are-fatal" +#endif +#ifdef DISABLE_MEMORY_SENTINELS + " --disable-memory-sentinels" +#endif + ; diff --git a/src/app/main/risky_options.h b/src/app/main/risky_options.h new file mode 100644 index 0000000000..4548ae3efb --- /dev/null +++ b/src/app/main/risky_options.h @@ -0,0 +1,17 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file risky_options.h + * \brief Header for risky_options.c + **/ + +#ifndef TOR_RISKY_OPTIONS_H +#define TOR_RISKY_OPTIONS_H + +extern const char risky_option_list[]; + +#endif diff --git a/src/core/or/channel.c b/src/core/or/channel.c index c163f53488..5300a07608 100644 --- a/src/core/or/channel.c +++ b/src/core/or/channel.c @@ -663,7 +663,7 @@ channel_find_by_global_id(uint64_t global_identifier) /** Return true iff <b>chan</b> matches <b>rsa_id_digest</b> and <b>ed_id</b>. * as its identity keys. If either is NULL, do not check for a match. */ -static int +int channel_remote_identity_matches(const channel_t *chan, const char *rsa_id_digest, const ed25519_public_key_t *ed_id) diff --git a/src/core/or/channel.h b/src/core/or/channel.h index 206d0fdc97..a1517aee37 100644 --- a/src/core/or/channel.h +++ b/src/core/or/channel.h @@ -735,6 +735,9 @@ int channel_is_outgoing(channel_t *chan); void channel_mark_client(channel_t *chan); void channel_clear_client(channel_t *chan); int channel_matches_extend_info(channel_t *chan, extend_info_t *extend_info); +int channel_remote_identity_matches(const channel_t *chan, + const char *rsa_id_digest, + const ed25519_public_key_t *ed_id); unsigned int channel_num_circuits(channel_t *chan); MOCK_DECL(void,channel_set_circid_type,(channel_t *chan, crypto_pk_t *identity_rcvd, diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c index a3a7a8cf58..af38014c69 100644 --- a/src/core/or/circuitbuild.c +++ b/src/core/or/circuitbuild.c @@ -654,21 +654,37 @@ circuit_n_chan_done(channel_t *chan, int status, int close_origin_circuits) circ->state != CIRCUIT_STATE_CHAN_WAIT) continue; - if (tor_digest_is_zero(circ->n_hop->identity_digest)) { + const char *rsa_ident = NULL; + const ed25519_public_key_t *ed_ident = NULL; + if (! tor_digest_is_zero(circ->n_hop->identity_digest)) { + rsa_ident = circ->n_hop->identity_digest; + } + if (! ed25519_public_key_is_zero(&circ->n_hop->ed_identity)) { + ed_ident = &circ->n_hop->ed_identity; + } + + if (rsa_ident == NULL && ed_ident == NULL) { /* Look at addr/port. This is an unkeyed connection. */ if (!channel_matches_extend_info(chan, circ->n_hop)) continue; } else { - /* We expected a key. See if it's the right one. */ - if (tor_memneq(chan->identity_digest, - circ->n_hop->identity_digest, DIGEST_LEN)) + /* We expected a key or keys. See if they matched. */ + if (!channel_remote_identity_matches(chan, rsa_ident, ed_ident)) continue; + + /* If the channel is canonical, great. If not, it needs to match + * the requested address exactly. */ + if (! chan->is_canonical && + ! channel_matches_extend_info(chan, circ->n_hop)) { + continue; + } } if (!status) { /* chan failed; close circ */ log_info(LD_CIRC,"Channel failed; closing circ."); circuit_mark_for_close(circ, END_CIRC_REASON_CHANNEL_CLOSED); continue; } + if (close_origin_circuits && CIRCUIT_IS_ORIGIN(circ)) { log_info(LD_CIRC,"Channel deprecated for origin circs; closing circ."); circuit_mark_for_close(circ, END_CIRC_REASON_CHANNEL_CLOSED); diff --git a/src/core/or/include.am b/src/core/or/include.am index 9ff92adbde..7c42268c46 100644 --- a/src/core/or/include.am +++ b/src/core/or/include.am @@ -71,6 +71,7 @@ noinst_HEADERS += \ src/core/or/entry_port_cfg_st.h \ src/core/or/extend_info_st.h \ src/core/or/listener_connection_st.h \ + src/core/or/lttng_circuit.inc \ src/core/or/onion.h \ src/core/or/or.h \ src/core/or/or_periodic.h \ diff --git a/src/core/or/protover.c b/src/core/or/protover.c index 26fcefe8ac..5a87ade3da 100644 --- a/src/core/or/protover.c +++ b/src/core/or/protover.c @@ -33,6 +33,8 @@ static const smartlist_t *get_supported_protocol_list(void); static int protocol_list_contains(const smartlist_t *protos, protocol_type_t pr, uint32_t ver); +static const proto_entry_t *find_entry_by_name(const smartlist_t *protos, + const char *name); /** Mapping between protocol type string and protocol type. */ /// C_RUST_COUPLED: src/rust/protover/protover.rs `PROTOCOL_NAMES` @@ -83,27 +85,6 @@ protocol_type_to_str(protocol_type_t pr) } /** - * Given a string, find the corresponding protocol type and store it in - * <b>pr_out</b>. Return 0 on success, -1 on failure. - */ -STATIC int -str_to_protocol_type(const char *s, protocol_type_t *pr_out) -{ - if (BUG(!pr_out)) - return -1; - - unsigned i; - for (i=0; i < N_PROTOCOL_NAMES; ++i) { - if (0 == strcmp(s, PROTOCOL_NAMES[i].name)) { - *pr_out = PROTOCOL_NAMES[i].protover_type; - return 0; - } - } - - return -1; -} - -/** * Release all space held by a single proto_entry_t structure */ STATIC void @@ -112,19 +93,17 @@ proto_entry_free_(proto_entry_t *entry) if (!entry) return; tor_free(entry->name); - SMARTLIST_FOREACH(entry->ranges, proto_range_t *, r, tor_free(r)); - smartlist_free(entry->ranges); tor_free(entry); } /** The largest possible protocol version. */ -#define MAX_PROTOCOL_VERSION (UINT32_MAX-1) +#define MAX_PROTOCOL_VERSION (63) /** * Given a string <b>s</b> and optional end-of-string pointer * <b>end_of_range</b>, parse the protocol range and store it in * <b>low_out</b> and <b>high_out</b>. A protocol range has the format U, or - * U-U, where U is an unsigned 32-bit integer. + * U-U, where U is an unsigned integer between 0 and 63 inclusive. */ static int parse_version_range(const char *s, const char *end_of_range, @@ -194,6 +173,23 @@ is_valid_keyword(const char *s, size_t n) return 1; } +/** The x'th bit in a bitmask. */ +#define BIT(x) (UINT64_C(1)<<(x)) + +/** + * Return a bitmask so that bits 'low' through 'high' inclusive are set, + * and all other bits are cleared. + **/ +static uint64_t +bitmask_for_range(uint32_t low, uint32_t high) +{ + uint64_t mask = ~(uint64_t)0; + mask <<= 63 - high; + mask >>= 63 - high + low; + mask <<= low; + return mask; +} + /** Parse a single protocol entry from <b>s</b> up to an optional * <b>end_of_entry</b> pointer, and return that protocol entry. Return NULL * on error. @@ -205,8 +201,6 @@ parse_single_entry(const char *s, const char *end_of_entry) proto_entry_t *out = tor_malloc_zero(sizeof(proto_entry_t)); const char *equals; - out->ranges = smartlist_new(); - if (BUG (!end_of_entry)) end_of_entry = s + strlen(s); // LCOV_EXCL_LINE @@ -240,15 +234,16 @@ parse_single_entry(const char *s, const char *end_of_entry) s = equals + 1; while (s < end_of_entry) { const char *comma = memchr(s, ',', end_of_entry-s); - proto_range_t *range = tor_malloc_zero(sizeof(proto_range_t)); if (! comma) comma = end_of_entry; - smartlist_add(out->ranges, range); - if (parse_version_range(s, comma, &range->low, &range->high) < 0) { + uint32_t low=0, high=0; + if (parse_version_range(s, comma, &low, &high) < 0) { goto error; } + out->bitmask |= bitmask_for_range(low,high); + s = comma; // Skip the comma separator between ranges. Don't ignore a trailing comma. if (s < (end_of_entry - 1)) @@ -372,15 +367,15 @@ protocol_list_supports_protocol_or_later(const char *list, const char *pr_name = protocol_type_to_str(tp); int contains = 0; + const uint64_t mask = bitmask_for_range(version, 63); + SMARTLIST_FOREACH_BEGIN(protocols, proto_entry_t *, proto) { if (strcasecmp(proto->name, pr_name)) continue; - SMARTLIST_FOREACH_BEGIN(proto->ranges, const proto_range_t *, range) { - if (range->high >= version) { - contains = 1; - goto found; - } - } SMARTLIST_FOREACH_END(range); + if (0 != (proto->bitmask & mask)) { + contains = 1; + goto found; + } } SMARTLIST_FOREACH_END(proto); found: @@ -436,6 +431,23 @@ get_supported_protocol_list(void) return supported_protocol_list; } +/** Return the number of trailing zeros in x. Undefined if x is 0. */ +static int +trailing_zeros(uint64_t x) +{ +#ifdef __GNUC__ + return __builtin_ctzll((unsigned long long)x); +#else + int i; + for (i = 0; i <= 64; ++i) { + if (x&1) + return i; + x>>=1; + } + return i; +#endif +} + /** * Given a protocol entry, encode it at the end of the smartlist <b>chunks</b> * as one or more newly allocated strings. @@ -445,20 +457,30 @@ proto_entry_encode_into(smartlist_t *chunks, const proto_entry_t *entry) { smartlist_add_asprintf(chunks, "%s=", entry->name); - SMARTLIST_FOREACH_BEGIN(entry->ranges, proto_range_t *, range) { - const char *comma = ""; - if (range_sl_idx != 0) - comma = ","; - - if (range->low == range->high) { - smartlist_add_asprintf(chunks, "%s%lu", - comma, (unsigned long)range->low); + uint64_t mask = entry->bitmask; + int shift = 0; // how much have we shifted by so far? + bool first = true; + while (mask) { + const char *comma = first ? "" : ","; + if (first) { + first = false; + } + int zeros = trailing_zeros(mask); + mask >>= zeros; + shift += zeros; + int ones = !mask ? 64 : trailing_zeros(~mask); + if (ones == 1) { + smartlist_add_asprintf(chunks, "%s%d", comma, shift); } else { - smartlist_add_asprintf(chunks, "%s%lu-%lu", - comma, (unsigned long)range->low, - (unsigned long)range->high); + smartlist_add_asprintf(chunks, "%s%d-%d", comma, + shift, shift + ones - 1); } - } SMARTLIST_FOREACH_END(range); + if (ones == 64) { + break; // avoid undefined behavior; can't shift by 64. + } + mask >>= ones; + shift += ones; + } } /** Given a list of space-separated proto_entry_t items, @@ -484,192 +506,6 @@ encode_protocol_list(const smartlist_t *sl) return result; } -/* We treat any protocol list with more than this many subprotocols in it - * as a DoS attempt. */ -/// C_RUST_COUPLED: src/rust/protover/protover.rs -/// `MAX_PROTOCOLS_TO_EXPAND` -static const int MAX_PROTOCOLS_TO_EXPAND = (1<<16); - -/** Voting helper: Given a list of proto_entry_t, return a newly allocated - * smartlist of newly allocated strings, one for each included protocol - * version. (So 'Foo=3,5-7' expands to a list of 'Foo=3', 'Foo=5', 'Foo=6', - * 'Foo=7'.) - * - * Do not list any protocol version more than once. - * - * Return NULL if the list would be too big. - */ -static smartlist_t * -expand_protocol_list(const smartlist_t *protos) -{ - smartlist_t *expanded = smartlist_new(); - if (!protos) - return expanded; - - SMARTLIST_FOREACH_BEGIN(protos, const proto_entry_t *, ent) { - const char *name = ent->name; - if (strlen(name) > MAX_PROTOCOL_NAME_LENGTH) { - log_warn(LD_NET, "When expanding a protocol entry, I got a very large " - "protocol name. This is possibly an attack or a bug, unless " - "the Tor network truly supports protocol names larger than " - "%ud characters. The offending string was: %s", - MAX_PROTOCOL_NAME_LENGTH, escaped(name)); - continue; - } - SMARTLIST_FOREACH_BEGIN(ent->ranges, const proto_range_t *, range) { - uint32_t u; - for (u = range->low; u <= range->high; ++u) { - smartlist_add_asprintf(expanded, "%s=%lu", name, (unsigned long)u); - if (smartlist_len(expanded) > MAX_PROTOCOLS_TO_EXPAND) - goto too_many; - } - } SMARTLIST_FOREACH_END(range); - } SMARTLIST_FOREACH_END(ent); - - smartlist_sort_strings(expanded); - smartlist_uniq_strings(expanded); // This makes voting work. do not remove - return expanded; - - too_many: - SMARTLIST_FOREACH(expanded, char *, cp, tor_free(cp)); - smartlist_free(expanded); - return NULL; -} - -/** Voting helper: compare two singleton proto_entry_t items by version - * alone. (A singleton item is one with a single range entry where - * low==high.) */ -static int -cmp_single_ent_by_version(const void **a_, const void **b_) -{ - const proto_entry_t *ent_a = *a_; - const proto_entry_t *ent_b = *b_; - - tor_assert(smartlist_len(ent_a->ranges) == 1); - tor_assert(smartlist_len(ent_b->ranges) == 1); - - const proto_range_t *a = smartlist_get(ent_a->ranges, 0); - const proto_range_t *b = smartlist_get(ent_b->ranges, 0); - - tor_assert(a->low == a->high); - tor_assert(b->low == b->high); - - if (a->low < b->low) { - return -1; - } else if (a->low == b->low) { - return 0; - } else { - return 1; - } -} - -/** Voting helper: Given a list of singleton protocol strings (of the form - * Foo=7), return a canonical listing of all the protocol versions listed, - * with as few ranges as possible, with protocol versions sorted lexically and - * versions sorted in numerically increasing order, using as few range entries - * as possible. - **/ -static char * -contract_protocol_list(const smartlist_t *proto_strings) -{ - if (smartlist_len(proto_strings) == 0) { - return tor_strdup(""); - } - - // map from name to list of single-version entries - strmap_t *entry_lists_by_name = strmap_new(); - // list of protocol names - smartlist_t *all_names = smartlist_new(); - // list of strings for the output we're building - smartlist_t *chunks = smartlist_new(); - - // Parse each item and stick it entry_lists_by_name. Build - // 'all_names' at the same time. - SMARTLIST_FOREACH_BEGIN(proto_strings, const char *, s) { - if (BUG(!s)) - continue;// LCOV_EXCL_LINE - proto_entry_t *ent = parse_single_entry(s, s+strlen(s)); - if (BUG(!ent)) - continue; // LCOV_EXCL_LINE - smartlist_t *lst = strmap_get(entry_lists_by_name, ent->name); - if (!lst) { - smartlist_add(all_names, ent->name); - lst = smartlist_new(); - strmap_set(entry_lists_by_name, ent->name, lst); - } - smartlist_add(lst, ent); - } SMARTLIST_FOREACH_END(s); - - // We want to output the protocols sorted by their name. - smartlist_sort_strings(all_names); - - SMARTLIST_FOREACH_BEGIN(all_names, const char *, name) { - const int first_entry = (name_sl_idx == 0); - smartlist_t *lst = strmap_get(entry_lists_by_name, name); - tor_assert(lst); - // Sort every entry with this name by version. They are - // singletons, so there can't be overlap. - smartlist_sort(lst, cmp_single_ent_by_version); - - if (! first_entry) - smartlist_add_strdup(chunks, " "); - - /* We're going to construct this entry from the ranges. */ - proto_entry_t *entry = tor_malloc_zero(sizeof(proto_entry_t)); - entry->ranges = smartlist_new(); - entry->name = tor_strdup(name); - - // Now, find all the ranges of versions start..end where - // all of start, start+1, start+2, ..end are included. - int start_of_cur_series = 0; - while (start_of_cur_series < smartlist_len(lst)) { - const proto_entry_t *ent = smartlist_get(lst, start_of_cur_series); - const proto_range_t *range = smartlist_get(ent->ranges, 0); - const uint32_t ver_low = range->low; - uint32_t ver_high = ver_low; - - int idx; - for (idx = start_of_cur_series+1; idx < smartlist_len(lst); ++idx) { - ent = smartlist_get(lst, idx); - range = smartlist_get(ent->ranges, 0); - if (range->low != ver_high + 1) - break; - ver_high += 1; - } - - // Now idx is either off the end of the list, or the first sequence - // break in the list. - start_of_cur_series = idx; - - proto_range_t *new_range = tor_malloc_zero(sizeof(proto_range_t)); - new_range->low = ver_low; - new_range->high = ver_high; - smartlist_add(entry->ranges, new_range); - } - proto_entry_encode_into(chunks, entry); - proto_entry_free(entry); - - } SMARTLIST_FOREACH_END(name); - - // Build the result... - char *result = smartlist_join_strings(chunks, "", 0, NULL); - - // And free all the stuff we allocated. - SMARTLIST_FOREACH_BEGIN(all_names, const char *, name) { - smartlist_t *lst = strmap_get(entry_lists_by_name, name); - tor_assert(lst); - SMARTLIST_FOREACH(lst, proto_entry_t *, e, proto_entry_free(e)); - smartlist_free(lst); - } SMARTLIST_FOREACH_END(name); - - strmap_free(entry_lists_by_name, NULL); - smartlist_free(all_names); - SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp)); - smartlist_free(chunks); - - return result; -} - /** * Protocol voting implementation. * @@ -684,13 +520,18 @@ char * protover_compute_vote(const smartlist_t *list_of_proto_strings, int threshold) { + // we use u8 counters below. + tor_assert(smartlist_len(list_of_proto_strings) < 256); + if (smartlist_len(list_of_proto_strings) == 0) { return tor_strdup(""); } - smartlist_t *all_entries = smartlist_new(); + smartlist_t *parsed = smartlist_new(); // smartlist of smartlist of entries + smartlist_t *proto_names = smartlist_new(); // smartlist of strings + smartlist_t *result = smartlist_new(); // smartlist of entries - // First, parse the inputs and break them into singleton entries. + // First, parse the inputs, and accumulate a list of protocol names. SMARTLIST_FOREACH_BEGIN(list_of_proto_strings, const char *, vote) { smartlist_t *unexpanded = parse_protocol_list(vote); if (! unexpanded) { @@ -699,54 +540,62 @@ protover_compute_vote(const smartlist_t *list_of_proto_strings, escaped(vote)); continue; } - smartlist_t *this_vote = expand_protocol_list(unexpanded); - if (this_vote == NULL) { - log_warn(LD_NET, "When expanding a protocol list from an authority, I " - "got too many protocols. This is possibly an attack or a bug, " - "unless the Tor network truly has expanded to support over %d " - "different subprotocol versions. The offending string was: %s", - MAX_PROTOCOLS_TO_EXPAND, escaped(vote)); - } else { - smartlist_add_all(all_entries, this_vote); - smartlist_free(this_vote); - } - SMARTLIST_FOREACH(unexpanded, proto_entry_t *, e, proto_entry_free(e)); - smartlist_free(unexpanded); + SMARTLIST_FOREACH_BEGIN(unexpanded, const proto_entry_t *, ent) { + if (!smartlist_contains_string(proto_names,ent->name)) { + smartlist_add(proto_names, ent->name); + } + } SMARTLIST_FOREACH_END(ent); + smartlist_add(parsed, unexpanded); } SMARTLIST_FOREACH_END(vote); - if (smartlist_len(all_entries) == 0) { - smartlist_free(all_entries); - return tor_strdup(""); - } - - // Now sort the singleton entries - smartlist_sort_strings(all_entries); + // Sort the list of names. + smartlist_sort_strings(proto_names); + + // For each named protocol, compute the consensus. + // + // This is not super-efficient, but it's not critical path. + SMARTLIST_FOREACH_BEGIN(proto_names, const char *, name) { + uint8_t counts[64]; + memset(counts, 0, sizeof(counts)); + // Count how many votes we got for each bit. + SMARTLIST_FOREACH_BEGIN(parsed, const smartlist_t *, vote) { + const proto_entry_t *ent = find_entry_by_name(vote, name); + if (! ent) + continue; + + for (int i = 0; i < 64; ++i) { + if ((ent->bitmask & BIT(i)) != 0) { + ++ counts[i]; + } + } + } SMARTLIST_FOREACH_END(vote); - // Now find all the strings that appear at least 'threshold' times. - smartlist_t *include_entries = smartlist_new(); - const char *cur_entry = smartlist_get(all_entries, 0); - int n_times = 0; - SMARTLIST_FOREACH_BEGIN(all_entries, const char *, ent) { - if (!strcmp(ent, cur_entry)) { - n_times++; - } else { - if (n_times >= threshold && cur_entry) - smartlist_add(include_entries, (void*)cur_entry); - cur_entry = ent; - n_times = 1 ; + uint64_t result_bitmask = 0; + for (int i = 0; i < 64; ++i) { + if (counts[i] >= threshold) { + result_bitmask |= BIT(i); + } } - } SMARTLIST_FOREACH_END(ent); + if (result_bitmask != 0) { + proto_entry_t *newent = tor_malloc_zero(sizeof(proto_entry_t)); + newent->name = tor_strdup(name); + newent->bitmask = result_bitmask; + smartlist_add(result, newent); + } + } SMARTLIST_FOREACH_END(name); - if (n_times >= threshold && cur_entry) - smartlist_add(include_entries, (void*)cur_entry); + char *consensus = encode_protocol_list(result); - // Finally, compress that list. - char *result = contract_protocol_list(include_entries); - smartlist_free(include_entries); - SMARTLIST_FOREACH(all_entries, char *, cp, tor_free(cp)); - smartlist_free(all_entries); + SMARTLIST_FOREACH(result, proto_entry_t *, ent, proto_entry_free(ent)); + smartlist_free(result); + smartlist_free(proto_names); // no need to free members; they are aliases. + SMARTLIST_FOREACH_BEGIN(parsed, smartlist_t *, v) { + SMARTLIST_FOREACH(v, proto_entry_t *, ent, proto_entry_free(ent)); + smartlist_free(v); + } SMARTLIST_FOREACH_END(v); + smartlist_free(parsed); - return result; + return consensus; } /** Return true if every protocol version described in the string <b>s</b> is @@ -755,19 +604,10 @@ protover_compute_vote(const smartlist_t *list_of_proto_strings, * * If the protocol version string is unparseable, treat it as if it defines no * protocols, and return 1. - * - * NOTE: This is quadratic, but we don't do it much: only a few times per - * consensus. Checking signatures should be way more expensive than this - * ever would be. **/ int protover_all_supported(const char *s, char **missing_out) { - int all_supported = 1; - smartlist_t *missing_some; - smartlist_t *missing_completely; - smartlist_t *missing_all; - if (!s) { return 1; } @@ -778,101 +618,37 @@ protover_all_supported(const char *s, char **missing_out) " from the consensus", escaped(s)); return 1; } - - missing_some = smartlist_new(); - missing_completely = smartlist_new(); + const smartlist_t *supported = get_supported_protocol_list(); + smartlist_t *missing = smartlist_new(); SMARTLIST_FOREACH_BEGIN(entries, const proto_entry_t *, ent) { - protocol_type_t tp; - if (str_to_protocol_type(ent->name, &tp) < 0) { - if (smartlist_len(ent->ranges)) { - goto unsupported; + const proto_entry_t *mine = find_entry_by_name(supported, ent->name); + if (mine == NULL) { + if (ent->bitmask != 0) { + proto_entry_t *m = tor_malloc_zero(sizeof(proto_entry_t)); + m->name = tor_strdup(ent->name); + m->bitmask = ent->bitmask; + smartlist_add(missing, m); } continue; } - SMARTLIST_FOREACH_BEGIN(ent->ranges, const proto_range_t *, range) { - proto_entry_t *unsupported = tor_malloc_zero(sizeof(proto_entry_t)); - proto_range_t *versions = tor_malloc_zero(sizeof(proto_range_t)); - uint32_t i; - - unsupported->name = tor_strdup(ent->name); - unsupported->ranges = smartlist_new(); - - for (i = range->low; i <= range->high; ++i) { - if (!protover_is_supported_here(tp, i)) { - if (versions->low == 0 && versions->high == 0) { - versions->low = i; - /* Pre-emptively add the high now, just in case we're in a single - * version range (e.g. "Link=999"). */ - versions->high = i; - } - /* If the last one to be unsupported is one less than the current - * one, we're in a continuous range, so set the high field. */ - if ((versions->high && versions->high == i - 1) || - /* Similarly, if the last high wasn't set and we're currently - * one higher than the low, add current index as the highest - * known high. */ - (!versions->high && versions->low == i - 1)) { - versions->high = i; - continue; - } - } else { - /* If we hit a supported version, and we previously had a range, - * we've hit a non-continuity. Copy the previous range and add it to - * the unsupported->ranges list and zero-out the previous range for - * the next iteration. */ - if (versions->low != 0 && versions->high != 0) { - proto_range_t *versions_to_add = tor_malloc(sizeof(proto_range_t)); - - versions_to_add->low = versions->low; - versions_to_add->high = versions->high; - smartlist_add(unsupported->ranges, versions_to_add); - - versions->low = 0; - versions->high = 0; - } - } - } - /* Once we've run out of versions to check, see if we had any unsupported - * ones and, if so, add them to unsupported->ranges. */ - if (versions->low != 0 && versions->high != 0) { - smartlist_add(unsupported->ranges, versions); - } else { - tor_free(versions); - } - /* Finally, if we had something unsupported, add it to the list of - * missing_some things and mark that there was something missing. */ - if (smartlist_len(unsupported->ranges) != 0) { - smartlist_add(missing_some, (void*) unsupported); - all_supported = 0; - } else { - proto_entry_free(unsupported); - } - } SMARTLIST_FOREACH_END(range); - - continue; - - unsupported: - all_supported = 0; - smartlist_add(missing_completely, (void*) ent); + uint64_t missing_mask = ent->bitmask & ~mine->bitmask; + if (missing_mask != 0) { + proto_entry_t *m = tor_malloc_zero(sizeof(proto_entry_t)); + m->name = tor_strdup(ent->name); + m->bitmask = missing_mask; + smartlist_add(missing, m); + } } SMARTLIST_FOREACH_END(ent); - /* We keep the two smartlists separate so that we can free the proto_entry_t - * we created and put in missing_some, so here we add them together to build - * the string. */ - missing_all = smartlist_new(); - smartlist_add_all(missing_all, missing_some); - smartlist_add_all(missing_all, missing_completely); - - if (missing_out && !all_supported) { - tor_assert(smartlist_len(missing_all) != 0); - *missing_out = encode_protocol_list(missing_all); + const int all_supported = (smartlist_len(missing) == 0); + if (!all_supported && missing_out) { + *missing_out = encode_protocol_list(missing); } - SMARTLIST_FOREACH(missing_some, proto_entry_t *, ent, proto_entry_free(ent)); - smartlist_free(missing_some); - smartlist_free(missing_completely); - smartlist_free(missing_all); + + SMARTLIST_FOREACH(missing, proto_entry_t *, ent, proto_entry_free(ent)); + smartlist_free(missing); SMARTLIST_FOREACH(entries, proto_entry_t *, ent, proto_entry_free(ent)); smartlist_free(entries); @@ -880,6 +656,23 @@ protover_all_supported(const char *s, char **missing_out) return all_supported; } +/** Helper: return the member of 'protos' whose name is + * 'name', or NULL if there is no such member. */ +static const proto_entry_t * +find_entry_by_name(const smartlist_t *protos, const char *name) +{ + if (!protos) { + return NULL; + } + SMARTLIST_FOREACH_BEGIN(protos, const proto_entry_t *, ent) { + if (!strcmp(ent->name, name)) { + return ent; + } + } SMARTLIST_FOREACH_END(ent); + + return NULL; +} + /** Helper: Given a list of proto_entry_t, return true iff * <b>pr</b>=<b>ver</b> is included in that list. */ static int @@ -893,17 +686,14 @@ protocol_list_contains(const smartlist_t *protos, if (BUG(pr_name == NULL)) { return 0; // LCOV_EXCL_LINE } + if (ver > MAX_PROTOCOL_VERSION) { + return 0; + } - SMARTLIST_FOREACH_BEGIN(protos, const proto_entry_t *, ent) { - if (strcasecmp(ent->name, pr_name)) - continue; - /* name matches; check the ranges */ - SMARTLIST_FOREACH_BEGIN(ent->ranges, const proto_range_t *, range) { - if (ver >= range->low && ver <= range->high) - return 1; - } SMARTLIST_FOREACH_END(range); - } SMARTLIST_FOREACH_END(ent); - + const proto_entry_t *ent = find_entry_by_name(protos, pr_name); + if (ent) { + return (ent->bitmask & BIT(ver)) != 0; + } return 0; } diff --git a/src/core/or/protover.h b/src/core/or/protover.h index 24008f46b9..88fcbb0b61 100644 --- a/src/core/or/protover.h +++ b/src/core/or/protover.h @@ -86,13 +86,6 @@ int protocol_list_supports_protocol_or_later(const char *list, void protover_free_all(void); #ifdef PROTOVER_PRIVATE -/** Represents a range of subprotocols of a given type. All subprotocols - * between <b>low</b> and <b>high</b> inclusive are included. */ -typedef struct proto_range_t { - uint32_t low; - uint32_t high; -} proto_range_t; - /** Represents a set of ranges of subprotocols of a given type. */ typedef struct proto_entry_t { /** The name of the protocol. @@ -101,8 +94,9 @@ typedef struct proto_entry_t { * we don't recognize yet, so it's a char* rather than a protocol_type_t.) */ char *name; - /** Smartlist of proto_range_t */ - struct smartlist_t *ranges; + /** Bitmask of supported protocols. Version 'x' is included in this + * entry if and only if bit '1<<x' is set here. */ + uint64_t bitmask; } proto_entry_t; #if !defined(HAVE_RUST) && defined(TOR_UNIT_TESTS) diff --git a/src/feature/control/control_events.c b/src/feature/control/control_events.c index 2970745ca0..0dd52659ec 100644 --- a/src/feature/control/control_events.c +++ b/src/feature/control/control_events.c @@ -1352,6 +1352,27 @@ enable_control_logging(void) tor_assert(0); } +/** Remove newline and carriage-return characters from @a msg, replacing them + * with spaces, and discarding any that appear at the end of the message */ +void +control_logmsg_strip_newlines(char *msg) +{ + char *cp; + for (cp = msg; *cp; ++cp) { + if (*cp == '\r' || *cp == '\n') { + *cp = ' '; + } + } + if (cp == msg) + return; + /* Remove trailing spaces */ + for (--cp; *cp == ' '; --cp) { + *cp = '\0'; + if (cp == msg) + break; + } +} + /** We got a log message: tell any interested control connections. */ void control_event_logmsg(int severity, log_domain_mask_t domain, const char *msg) @@ -1380,11 +1401,8 @@ control_event_logmsg(int severity, log_domain_mask_t domain, const char *msg) char *b = NULL; const char *s; if (strchr(msg, '\n')) { - char *cp; b = tor_strdup(msg); - for (cp = b; *cp; ++cp) - if (*cp == '\r' || *cp == '\n') - *cp = ' '; + control_logmsg_strip_newlines(b); } switch (severity) { case LOG_DEBUG: s = "DEBUG"; break; diff --git a/src/feature/control/control_events.h b/src/feature/control/control_events.h index 6e3cfef4e9..0ac233cc6e 100644 --- a/src/feature/control/control_events.h +++ b/src/feature/control/control_events.h @@ -341,6 +341,8 @@ struct control_event_t { extern const struct control_event_t control_event_table[]; +void control_logmsg_strip_newlines(char *msg); + #ifdef TOR_UNIT_TESTS MOCK_DECL(STATIC void, send_control_event_string,(uint16_t event, const char *msg)); diff --git a/src/feature/control/control_getinfo.c b/src/feature/control/control_getinfo.c index cfac59d499..5feadd23d1 100644 --- a/src/feature/control/control_getinfo.c +++ b/src/feature/control/control_getinfo.c @@ -29,7 +29,6 @@ #include "feature/control/control_fmt.h" #include "feature/control/control_getinfo.h" #include "feature/control/control_proto.h" -#include "feature/control/fmt_serverstatus.h" #include "feature/control/getinfo_geoip.h" #include "feature/dircache/dirserv.h" #include "feature/dirclient/dirclient.h" @@ -721,18 +720,6 @@ getinfo_helper_dir(control_connection_t *control_conn, if (consensus_result < 0) { return -1; } - } else if (!strcmp(question, "network-status")) { /* v1 */ - static int network_status_warned = 0; - if (!network_status_warned) { - log_warn(LD_CONTROL, "GETINFO network-status is deprecated; it will " - "go away in a future version of Tor."); - network_status_warned = 1; - } - routerlist_t *routerlist = router_get_routerlist(); - if (!routerlist || !routerlist->routers || - list_server_status_v1(routerlist->routers, answer, 1) < 0) { - return -1; - } } else if (!strcmpstart(question, "extra-info/digest/")) { question += strlen("extra-info/digest/"); if (strlen(question) == HEX_DIGEST_LEN) { diff --git a/src/feature/control/fmt_serverstatus.c b/src/feature/control/fmt_serverstatus.c deleted file mode 100644 index ed9ad95ce2..0000000000 --- a/src/feature/control/fmt_serverstatus.c +++ /dev/null @@ -1,103 +0,0 @@ -/* Copyright (c) 2001-2004, Roger Dingledine. - * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -/** - * @file fmt_serverstatus.c - * @brief Format relay info for a controller. - **/ - -#include "core/or/or.h" -#include "feature/control/fmt_serverstatus.h" - -#include "app/config/config.h" -#include "feature/dirauth/authmode.h" -#include "feature/dirauth/voteflags.h"// XXXX remove -#include "feature/nodelist/describe.h" -#include "feature/nodelist/nodelist.h" - -#include "feature/nodelist/node_st.h" -#include "feature/nodelist/routerinfo_st.h" - -/** - * Allocate and return a description of the status of the server <b>desc</b>, - * for use in a v1-style router-status line. The server is listed - * as running iff <b>is_live</b> is true. - * - * This is deprecated: it's only used for controllers that want outputs in - * the old format. - */ -static char * -list_single_server_status(const routerinfo_t *desc, int is_live) -{ - char buf[MAX_NICKNAME_LEN+HEX_DIGEST_LEN+4]; /* !nickname=$hexdigest\0 */ - char *cp; - const node_t *node; - - tor_assert(desc); - - cp = buf; - if (!is_live) { - *cp++ = '!'; - } - node = node_get_by_id(desc->cache_info.identity_digest); - if (node && node->is_valid) { - strlcpy(cp, desc->nickname, sizeof(buf)-(cp-buf)); - cp += strlen(cp); - *cp++ = '='; - } - *cp++ = '$'; - base16_encode(cp, HEX_DIGEST_LEN+1, desc->cache_info.identity_digest, - DIGEST_LEN); - return tor_strdup(buf); -} - -/** Based on the routerinfo_ts in <b>routers</b>, allocate the - * contents of a v1-style router-status line, and store it in - * *<b>router_status_out</b>. Return 0 on success, -1 on failure. - * - * If for_controller is true, include the routers with very old descriptors. - * - * This is deprecated: it's only used for controllers that want outputs in - * the old format. - */ -int -list_server_status_v1(smartlist_t *routers, char **router_status_out, - int for_controller) -{ - /* List of entries in a router-status style: An optional !, then an optional - * equals-suffixed nickname, then a dollar-prefixed hexdigest. */ - smartlist_t *rs_entries; - time_t now = time(NULL); - time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH; - /* We include v2 dir auths here too, because they need to answer - * controllers. Eventually we'll deprecate this whole function; - * see also networkstatus_getinfo_by_purpose(). */ - tor_assert(router_status_out); - - rs_entries = smartlist_new(); - - SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) { - const node_t *node = node_get_by_id(ri->cache_info.identity_digest); - tor_assert(node); - if (for_controller) { - char name_buf[MAX_VERBOSE_NICKNAME_LEN+2]; - char *cp = name_buf; - if (!node->is_running) - *cp++ = '!'; - router_get_verbose_nickname(cp, ri); - smartlist_add_strdup(rs_entries, name_buf); - } else if (ri->cache_info.published_on >= cutoff) { - smartlist_add(rs_entries, list_single_server_status(ri, - node->is_running)); - } - } SMARTLIST_FOREACH_END(ri); - - *router_status_out = smartlist_join_strings(rs_entries, " ", 0, NULL); - - SMARTLIST_FOREACH(rs_entries, char *, cp, tor_free(cp)); - smartlist_free(rs_entries); - - return 0; -} diff --git a/src/feature/control/fmt_serverstatus.h b/src/feature/control/fmt_serverstatus.h deleted file mode 100644 index 9dd9fe125c..0000000000 --- a/src/feature/control/fmt_serverstatus.h +++ /dev/null @@ -1,18 +0,0 @@ -/* Copyright (c) 2001 Matej Pfajfar. - * Copyright (c) 2001-2004, Roger Dingledine. - * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -/** - * \file fmt_serverstatus.h - * \brief Header file for fmt_serverstatus.c. - **/ - -#ifndef TOR_FMT_SERVERSTATUS_H -#define TOR_FMT_SERVERSTATUS_H - -int list_server_status_v1(smartlist_t *routers, char **router_status_out, - int for_controller); - -#endif /* !defined(TOR_FMT_SERVERSTATUS_H) */ diff --git a/src/feature/control/include.am b/src/feature/control/include.am index 07094f23bb..101fe3c705 100644 --- a/src/feature/control/include.am +++ b/src/feature/control/include.am @@ -15,7 +15,6 @@ LIBTOR_APP_A_SOURCES += \ src/feature/control/control_fmt.c \ src/feature/control/control_getinfo.c \ src/feature/control/control_proto.c \ - src/feature/control/fmt_serverstatus.c \ src/feature/control/getinfo_geoip.c # ADD_C_FILE: INSERT HEADERS HERE. @@ -35,5 +34,4 @@ noinst_HEADERS += \ src/feature/control/control_fmt.h \ src/feature/control/control_getinfo.h \ src/feature/control/control_proto.h \ - src/feature/control/fmt_serverstatus.h \ src/feature/control/getinfo_geoip.h diff --git a/src/feature/dirparse/microdesc_parse.c b/src/feature/dirparse/microdesc_parse.c index 9231080aaa..31415f3fb7 100644 --- a/src/feature/dirparse/microdesc_parse.c +++ b/src/feature/dirparse/microdesc_parse.c @@ -31,7 +31,7 @@ // clang-format off static token_rule_t microdesc_token_table[] = { T1_START("onion-key", K_ONION_KEY, NO_ARGS, NEED_KEY_1024), - T01("ntor-onion-key", K_ONION_KEY_NTOR, GE(1), NO_OBJ ), + T1("ntor-onion-key", K_ONION_KEY_NTOR, GE(1), NO_OBJ ), T0N("id", K_ID, GE(2), NO_OBJ ), T0N("a", K_A, GE(1), NO_OBJ ), T01("family", K_FAMILY, CONCAT_ARGS, NO_OBJ ), diff --git a/src/feature/dirparse/ns_parse.c b/src/feature/dirparse/ns_parse.c index 927870c4aa..d24b0cb18d 100644 --- a/src/feature/dirparse/ns_parse.c +++ b/src/feature/dirparse/ns_parse.c @@ -54,7 +54,7 @@ static token_rule_t rtrstatus_token_table[] = { T01("w", K_W, ARGS, NO_OBJ ), T0N("m", K_M, CONCAT_ARGS, NO_OBJ ), T0N("id", K_ID, GE(2), NO_OBJ ), - T01("pr", K_PROTO, CONCAT_ARGS, NO_OBJ ), + T1("pr", K_PROTO, CONCAT_ARGS, NO_OBJ ), T0N("opt", K_OPT, CONCAT_ARGS, OBJ_OK ), END_OF_TABLE }; diff --git a/src/feature/dirparse/routerparse.c b/src/feature/dirparse/routerparse.c index 42a53101b0..687d699dfb 100644 --- a/src/feature/dirparse/routerparse.c +++ b/src/feature/dirparse/routerparse.c @@ -91,24 +91,24 @@ const token_rule_t routerdesc_token_table[] = { T01("ipv6-policy", K_IPV6_POLICY, CONCAT_ARGS, NO_OBJ), T1( "signing-key", K_SIGNING_KEY, NO_ARGS, NEED_KEY_1024 ), T1( "onion-key", K_ONION_KEY, NO_ARGS, NEED_KEY_1024 ), - T01("ntor-onion-key", K_ONION_KEY_NTOR, GE(1), NO_OBJ ), + T1("ntor-onion-key", K_ONION_KEY_NTOR, GE(1), NO_OBJ ), T1_END( "router-signature", K_ROUTER_SIGNATURE, NO_ARGS, NEED_OBJ ), T1( "published", K_PUBLISHED, CONCAT_ARGS, NO_OBJ ), T01("uptime", K_UPTIME, GE(1), NO_OBJ ), T01("fingerprint", K_FINGERPRINT, CONCAT_ARGS, NO_OBJ ), T01("hibernating", K_HIBERNATING, GE(1), NO_OBJ ), T01("platform", K_PLATFORM, CONCAT_ARGS, NO_OBJ ), - T01("proto", K_PROTO, CONCAT_ARGS, NO_OBJ ), + T1("proto", K_PROTO, CONCAT_ARGS, NO_OBJ ), T01("contact", K_CONTACT, CONCAT_ARGS, NO_OBJ ), T01("read-history", K_READ_HISTORY, ARGS, NO_OBJ ), T01("write-history", K_WRITE_HISTORY, ARGS, NO_OBJ ), T01("extra-info-digest", K_EXTRA_INFO_DIGEST, GE(1), NO_OBJ ), T01("hidden-service-dir", K_HIDDEN_SERVICE_DIR, NO_ARGS, NO_OBJ ), - T01("identity-ed25519", K_IDENTITY_ED25519, NO_ARGS, NEED_OBJ ), - T01("master-key-ed25519", K_MASTER_KEY_ED25519, GE(1), NO_OBJ ), - T01("router-sig-ed25519", K_ROUTER_SIG_ED25519, GE(1), NO_OBJ ), - T01("onion-key-crosscert", K_ONION_KEY_CROSSCERT, NO_ARGS, NEED_OBJ ), - T01("ntor-onion-key-crosscert", K_NTOR_ONION_KEY_CROSSCERT, + T1("identity-ed25519", K_IDENTITY_ED25519, NO_ARGS, NEED_OBJ ), + T1("master-key-ed25519", K_MASTER_KEY_ED25519, GE(1), NO_OBJ ), + T1("router-sig-ed25519", K_ROUTER_SIG_ED25519, GE(1), NO_OBJ ), + T1("onion-key-crosscert", K_ONION_KEY_CROSSCERT, NO_ARGS, NEED_OBJ ), + T1("ntor-onion-key-crosscert", K_NTOR_ONION_KEY_CROSSCERT, EQ(1), NEED_OBJ ), T01("allow-single-hop-exits",K_ALLOW_SINGLE_HOP_EXITS, NO_ARGS, NO_OBJ ), @@ -131,8 +131,8 @@ const token_rule_t routerdesc_token_table[] = { static token_rule_t extrainfo_token_table[] = { T1_END( "router-signature", K_ROUTER_SIGNATURE, NO_ARGS, NEED_OBJ ), T1( "published", K_PUBLISHED, CONCAT_ARGS, NO_OBJ ), - T01("identity-ed25519", K_IDENTITY_ED25519, NO_ARGS, NEED_OBJ ), - T01("router-sig-ed25519", K_ROUTER_SIG_ED25519, GE(1), NO_OBJ ), + T1("identity-ed25519", K_IDENTITY_ED25519, NO_ARGS, NEED_OBJ ), + T1("router-sig-ed25519", K_ROUTER_SIG_ED25519, GE(1), NO_OBJ ), T0N("opt", K_OPT, CONCAT_ARGS, OBJ_OK ), T01("read-history", K_READ_HISTORY, ARGS, NO_OBJ ), T01("write-history", K_WRITE_HISTORY, ARGS, NO_OBJ ), diff --git a/src/feature/dirparse/sigcommon.c b/src/feature/dirparse/sigcommon.c index 8b970d7d1f..fb81b2da6e 100644 --- a/src/feature/dirparse/sigcommon.c +++ b/src/feature/dirparse/sigcommon.c @@ -139,13 +139,13 @@ signed_digest_equals, (const uint8_t *d1, const uint8_t *d2, size_t len)) * the document when generating log messages. Return 0 on success, negative * on failure. */ -int -check_signature_token(const char *digest, +MOCK_IMPL(int, +check_signature_token,(const char *digest, ssize_t digest_len, directory_token_t *tok, crypto_pk_t *pkey, int flags, - const char *doctype) + const char *doctype)) { char *signed_digest; size_t keysize; diff --git a/src/feature/dirparse/sigcommon.h b/src/feature/dirparse/sigcommon.h index c2ed9df494..c7f370f8e8 100644 --- a/src/feature/dirparse/sigcommon.h +++ b/src/feature/dirparse/sigcommon.h @@ -20,12 +20,12 @@ int router_get_hash_impl(const char *s, size_t s_len, char *digest, #define CST_NO_CHECK_OBJTYPE (1<<0) struct directory_token_t; -int check_signature_token(const char *digest, - ssize_t digest_len, - struct directory_token_t *tok, - crypto_pk_t *pkey, - int flags, - const char *doctype); +MOCK_DECL(int, check_signature_token,(const char *digest, + ssize_t digest_len, + struct directory_token_t *tok, + crypto_pk_t *pkey, + int flags, + const char *doctype)); int router_get_hash_impl_helper(const char *s, size_t s_len, const char *start_str, diff --git a/src/lib/crypt_ops/compat_openssl.h b/src/lib/crypt_ops/compat_openssl.h index 5fd073bea1..c2e1459078 100644 --- a/src/lib/crypt_ops/compat_openssl.h +++ b/src/lib/crypt_ops/compat_openssl.h @@ -32,10 +32,6 @@ #define OPENSSL_1_1_API #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */ -#ifndef OPENSSL_VERSION -#define OPENSSL_VERSION SSLEAY_VERSION -#endif - #ifndef OPENSSL_1_1_API #define OpenSSL_version(v) SSLeay_version(v) #define OpenSSL_version_num() SSLeay() @@ -54,4 +50,3 @@ #endif /* defined(ENABLE_OPENSSL) */ #endif /* !defined(TOR_COMPAT_OPENSSL_H) */ - diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.c b/src/lib/crypt_ops/crypto_openssl_mgt.c index f2f5a55d05..065cbca1cc 100644 --- a/src/lib/crypt_ops/crypto_openssl_mgt.c +++ b/src/lib/crypt_ops/crypto_openssl_mgt.c @@ -101,13 +101,22 @@ static char *crypto_openssl_version_str = NULL; const char * crypto_openssl_get_version_str(void) { +#ifdef OPENSSL_VERSION + const int query = OPENSSL_VERSION; +#else + /* This old name was changed around OpenSSL 1.1.0 */ + const int query = SSLEAY_VERSION; +#endif + if (crypto_openssl_version_str == NULL) { - const char *raw_version = OpenSSL_version(OPENSSL_VERSION); + const char *raw_version = OpenSSL_version(query); crypto_openssl_version_str = parse_openssl_version_str(raw_version); } return crypto_openssl_version_str; } +#undef QUERY_OPENSSL_VERSION + static char *crypto_openssl_header_version_str = NULL; /* Return a human-readable version of the compile-time openssl version * number. */ @@ -214,7 +223,7 @@ crypto_openssl_early_init(void) setup_openssl_threading(); unsigned long version_num = OpenSSL_version_num(); - const char *version_str = OpenSSL_version(OPENSSL_VERSION); + const char *version_str = crypto_openssl_get_version_str(); if (version_num == OPENSSL_VERSION_NUMBER && !strcmp(version_str, OPENSSL_VERSION_TEXT)) { log_info(LD_CRYPTO, "OpenSSL version matches version from headers " diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.h b/src/lib/crypt_ops/crypto_openssl_mgt.h index 083df00033..c67ab6467c 100644 --- a/src/lib/crypt_ops/crypto_openssl_mgt.h +++ b/src/lib/crypt_ops/crypto_openssl_mgt.h @@ -16,8 +16,7 @@ #include "orconfig.h" #ifdef ENABLE_OPENSSL -#include <openssl/engine.h> - +#include <openssl/opensslv.h> /* Macro to create an arbitrary OpenSSL version number as used by OPENSSL_VERSION_NUMBER or SSLeay(), since the actual numbers are a bit hard diff --git a/src/lib/metrics/metrics_store.c b/src/lib/metrics/metrics_store.c index 4f048e103d..abc093a564 100644 --- a/src/lib/metrics/metrics_store.c +++ b/src/lib/metrics/metrics_store.c @@ -22,7 +22,7 @@ #include "lib/metrics/prometheus.h" /** A metric store which contains a map of entries. */ -typedef struct metrics_store_t { +struct metrics_store_t { /** Indexed by metrics entry name. An entry is a smartlist_t of one or more * metrics_store_entry_t allowing for multiple metrics of the same name. * @@ -31,7 +31,7 @@ typedef struct metrics_store_t { * One example is an onion service with multiple ports, the port specific * metrics will have a port value as a label. */ strmap_t *entries; -} metrics_store_t; +}; /** Function pointer to the format function of a specific driver. */ typedef void (fmt_driver_fn_t)(const metrics_store_entry_t *, buf_t *); diff --git a/src/lib/metrics/metrics_store_entry.h b/src/lib/metrics/metrics_store_entry.h index 6fff9d10eb..8e8a8f3917 100644 --- a/src/lib/metrics/metrics_store_entry.h +++ b/src/lib/metrics/metrics_store_entry.h @@ -17,7 +17,7 @@ /** Metrics store entry. They reside in a metrics_store_t object and are * opaque to the outside world. */ -typedef struct metrics_store_entry_t { +struct metrics_store_entry_t { /** Type of entry. */ metrics_type_t type; @@ -38,7 +38,7 @@ typedef struct metrics_store_entry_t { metrics_counter_t counter; metrics_gauge_t gauge; } u; -} metrics_store_entry_t; +}; #endif /* METRICS_STORE_ENTRY_PRIVATE */ diff --git a/src/lib/thread/compat_winthreads.c b/src/lib/thread/compat_winthreads.c index 2ca5620d23..fcc9c0279b 100644 --- a/src/lib/thread/compat_winthreads.c +++ b/src/lib/thread/compat_winthreads.c @@ -10,18 +10,32 @@ * functions. */ +#include "orconfig.h" + #ifdef _WIN32 +/* For condition variable support */ +#ifndef WINVER +#error "orconfig.h didn't define WINVER" +#endif +#ifndef _WIN32_WINNT +#error "orconfig.h didn't define _WIN32_WINNT" +#endif +#if WINVER < 0x0600 +#error "winver too low" +#endif +#if _WIN32_WINNT < 0x0600 +#error "winver too low" +#endif #include <windows.h> #include <process.h> +#include <time.h> + #include "lib/thread/threads.h" #include "lib/log/log.h" #include "lib/log/util_bug.h" #include "lib/log/win32err.h" -/* This value is more or less total cargo-cult */ -#define SPIN_COUNT 2000 - /** Minimalist interface to run a void function in the background. On * Unix calls fork, on win32 calls beginthread. Returns -1 on failure. * func should not return, but rather should call spawn_exit. @@ -64,45 +78,24 @@ tor_get_thread_id(void) int tor_cond_init(tor_cond_t *cond) { - memset(cond, 0, sizeof(tor_cond_t)); - if (InitializeCriticalSectionAndSpinCount(&cond->lock, SPIN_COUNT)==0) { - return -1; - } - if ((cond->event = CreateEvent(NULL,TRUE,FALSE,NULL)) == NULL) { - DeleteCriticalSection(&cond->lock); - return -1; - } - cond->n_waiting = cond->n_to_wake = cond->generation = 0; + InitializeConditionVariable(&cond->cond); return 0; } void tor_cond_uninit(tor_cond_t *cond) { - DeleteCriticalSection(&cond->lock); - CloseHandle(cond->event); + (void) cond; } -static void -tor_cond_signal_impl(tor_cond_t *cond, int broadcast) -{ - EnterCriticalSection(&cond->lock); - if (broadcast) - cond->n_to_wake = cond->n_waiting; - else - ++cond->n_to_wake; - cond->generation++; - SetEvent(cond->event); - LeaveCriticalSection(&cond->lock); -} void tor_cond_signal_one(tor_cond_t *cond) { - tor_cond_signal_impl(cond, 0); + WakeConditionVariable(&cond->cond); } void tor_cond_signal_all(tor_cond_t *cond) { - tor_cond_signal_impl(cond, 1); + WakeAllConditionVariable(&cond->cond); } int @@ -152,66 +145,23 @@ int tor_cond_wait(tor_cond_t *cond, tor_mutex_t *lock_, const struct timeval *tv) { CRITICAL_SECTION *lock = &lock_->mutex; - int generation_at_start; - int waiting = 1; - int result = -1; - DWORD ms = INFINITE, ms_orig = INFINITE, startTime, endTime; - if (tv) - ms_orig = ms = tv->tv_sec*1000 + (tv->tv_usec+999)/1000; - - EnterCriticalSection(&cond->lock); - ++cond->n_waiting; - generation_at_start = cond->generation; - LeaveCriticalSection(&cond->lock); - - LeaveCriticalSection(lock); - - startTime = GetTickCount(); - do { - DWORD res; - res = WaitForSingleObject(cond->event, ms); - EnterCriticalSection(&cond->lock); - if (cond->n_to_wake && - cond->generation != generation_at_start) { - --cond->n_to_wake; - --cond->n_waiting; - result = 0; - waiting = 0; - goto out; - } else if (res != WAIT_OBJECT_0) { - result = (res==WAIT_TIMEOUT) ? 1 : -1; - --cond->n_waiting; - waiting = 0; - goto out; - } else if (ms != INFINITE) { - endTime = GetTickCount(); - if (startTime + ms_orig <= endTime) { - result = 1; /* Timeout */ - --cond->n_waiting; - waiting = 0; - goto out; - } else { - ms = startTime + ms_orig - endTime; - } - } - /* If we make it here, we are still waiting. */ - if (cond->n_to_wake == 0) { - /* There is nobody else who should wake up; reset - * the event. */ - ResetEvent(cond->event); - } - out: - LeaveCriticalSection(&cond->lock); - } while (waiting); - - EnterCriticalSection(lock); - - EnterCriticalSection(&cond->lock); - if (!cond->n_waiting) - ResetEvent(cond->event); - LeaveCriticalSection(&cond->lock); + DWORD ms = INFINITE; + if (tv) { + ms = tv->tv_sec*1000 + (tv->tv_usec+999)/1000; + } - return result; + BOOL ok = SleepConditionVariableCS(&cond->cond, lock, ms); + if (!ok) { + DWORD err = GetLastError(); + if (err == ERROR_TIMEOUT) { + return 1; + } + char *msg = format_win32_error(err); + log_err(LD_GENERAL, "Error waiting for condition variable: %s", msg); + tor_free(msg); + return -1; + } + return 0; } void diff --git a/src/lib/thread/threads.h b/src/lib/thread/threads.h index fcc0c23a87..ead4dc3874 100644 --- a/src/lib/thread/threads.h +++ b/src/lib/thread/threads.h @@ -42,12 +42,7 @@ typedef struct tor_cond_t { #ifdef USE_PTHREADS pthread_cond_t cond; #elif defined(USE_WIN32_THREADS) - HANDLE event; - - CRITICAL_SECTION lock; - int n_waiting; - int n_to_wake; - int generation; + CONDITION_VARIABLE cond; #else #error no known condition implementation. #endif /* defined(USE_PTHREADS) || ... */ diff --git a/src/rust/protover/errors.rs b/src/rust/protover/errors.rs index dc0d8735f4..04397ac4fe 100644 --- a/src/rust/protover/errors.rs +++ b/src/rust/protover/errors.rs @@ -36,7 +36,7 @@ impl Display for ProtoverError { ProtoverError::Unparseable => write!(f, "The protover string was unparseable."), ProtoverError::ExceedsMax => write!( f, - "The high in a (low, high) protover range exceeds u32::MAX." + "The high in a (low, high) protover range exceeds 63." ), ProtoverError::ExceedsExpansionLimit => write!( f, diff --git a/src/rust/protover/protoset.rs b/src/rust/protover/protoset.rs index 3b283983c8..0ab94457c5 100644 --- a/src/rust/protover/protoset.rs +++ b/src/rust/protover/protoset.rs @@ -294,6 +294,10 @@ impl ProtoSet { } } +/// Largest allowed protocol version. +/// C_RUST_COUPLED: protover.c `MAX_PROTOCOL_VERSION` +const MAX_PROTOCOL_VERSION: Version = 63; + impl FromStr for ProtoSet { type Err = ProtoverError; @@ -370,7 +374,7 @@ impl FromStr for ProtoSet { let pieces: ::std::str::Split<char> = version_string.split(','); for p in pieces { - if p.contains('-') { + let (lo,hi) = if p.contains('-') { let mut pair = p.splitn(2, '-'); let low = pair.next().ok_or(ProtoverError::Unparseable)?; @@ -379,12 +383,17 @@ impl FromStr for ProtoSet { let lo: Version = low.parse().or(Err(ProtoverError::Unparseable))?; let hi: Version = high.parse().or(Err(ProtoverError::Unparseable))?; - pairs.push((lo, hi)); + (lo,hi) } else { let v: u32 = p.parse().or(Err(ProtoverError::Unparseable))?; - pairs.push((v, v)); + (v, v) + }; + + if lo > MAX_PROTOCOL_VERSION || hi > MAX_PROTOCOL_VERSION { + return Err(ProtoverError::ExceedsMax); } + pairs.push((lo, hi)); } ProtoSet::from_slice(&pairs[..]) @@ -674,12 +683,11 @@ mod test { #[test] fn test_protoset_into_vec() { - let ps: ProtoSet = "1-13,42,9001,4294967294".parse().unwrap(); + let ps: ProtoSet = "1-13,42".parse().unwrap(); let v: Vec<Version> = ps.into(); assert!(v.contains(&7)); - assert!(v.contains(&9001)); - assert!(v.contains(&4294967294)); + assert!(v.contains(&42)); } } diff --git a/src/rust/protover/protover.rs b/src/rust/protover/protover.rs index 550732734c..0060864a2e 100644 --- a/src/rust/protover/protover.rs +++ b/src/rust/protover/protover.rs @@ -884,12 +884,12 @@ mod test { #[test] fn test_protoentry_from_str_allowed_number_of_versions() { - assert_protoentry_is_parseable!("Desc=1-4294967294"); + assert_protoentry_is_parseable!("Desc=1-63"); } #[test] fn test_protoentry_from_str_too_many_versions() { - assert_protoentry_is_unparseable!("Desc=1-4294967295"); + assert_protoentry_is_unparseable!("Desc=1-64"); } #[test] @@ -923,10 +923,10 @@ mod test { #[test] fn test_protoentry_all_supported_unsupported_high_version() { - let protocols: UnvalidatedProtoEntry = "HSDir=12-100".parse().unwrap(); + let protocols: UnvalidatedProtoEntry = "HSDir=12-60".parse().unwrap(); let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); assert_eq!(true, unsupported.is_some()); - assert_eq!("HSDir=12-100", &unsupported.unwrap().to_string()); + assert_eq!("HSDir=12-60", &unsupported.unwrap().to_string()); } #[test] @@ -975,7 +975,7 @@ mod test { ProtoSet::from_str(&versions).unwrap().to_string() ); - versions = "1-3,500"; + versions = "1-3,50"; assert_eq!( String::from(versions), ProtoSet::from_str(&versions).unwrap().to_string() diff --git a/src/rust/protover/tests/protover.rs b/src/rust/protover/tests/protover.rs index c97810a6f2..a6305ac39a 100644 --- a/src/rust/protover/tests/protover.rs +++ b/src/rust/protover/tests/protover.rs @@ -86,10 +86,10 @@ fn protocol_all_supported_with_unsupported_protocol() { #[test] fn protocol_all_supported_with_unsupported_versions() { - let protocols: UnvalidatedProtoEntry = "Link=3-999".parse().unwrap(); + let protocols: UnvalidatedProtoEntry = "Link=3-63".parse().unwrap(); let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); assert_eq!(true, unsupported.is_some()); - assert_eq!("Link=6-999", &unsupported.unwrap().to_string()); + assert_eq!("Link=6-63", &unsupported.unwrap().to_string()); } #[test] @@ -102,10 +102,10 @@ fn protocol_all_supported_with_unsupported_low_version() { #[test] fn protocol_all_supported_with_unsupported_high_version() { - let protocols: UnvalidatedProtoEntry = "Cons=1-2,999".parse().unwrap(); + let protocols: UnvalidatedProtoEntry = "Cons=1-2,60".parse().unwrap(); let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); assert_eq!(true, unsupported.is_some()); - assert_eq!("Cons=999", &unsupported.unwrap().to_string()); + assert_eq!("Cons=60", &unsupported.unwrap().to_string()); } #[test] @@ -182,27 +182,27 @@ fn protover_compute_vote_returns_protocols_that_it_doesnt_currently_support() { #[test] fn protover_compute_vote_returns_matching_for_mix() { - let protocols: &[UnvalidatedProtoEntry] = &["Link=1-10,500 Cons=1,3-7,8".parse().unwrap()]; + let protocols: &[UnvalidatedProtoEntry] = &["Link=1-10,50 Cons=1,3-7,8".parse().unwrap()]; let listed = ProtoverVote::compute(protocols, &1); - assert_eq!("Cons=1,3-8 Link=1-10,500", listed.to_string()); + assert_eq!("Cons=1,3-8 Link=1-10,50", listed.to_string()); } #[test] fn protover_compute_vote_returns_matching_for_longer_mix() { let protocols: &[UnvalidatedProtoEntry] = &[ - "Desc=1-10,500 Cons=1,3-7,8".parse().unwrap(), - "Link=123-456,78 Cons=2-6,8 Desc=9".parse().unwrap(), + "Desc=1-10,50 Cons=1,3-7,8".parse().unwrap(), + "Link=12-45,8 Cons=2-6,8 Desc=9".parse().unwrap(), ]; let listed = ProtoverVote::compute(protocols, &1); - assert_eq!("Cons=1-8 Desc=1-10,500 Link=78,123-456", listed.to_string()); + assert_eq!("Cons=1-8 Desc=1-10,50 Link=8,12-45", listed.to_string()); } #[test] fn protover_compute_vote_returns_matching_for_longer_mix_with_threshold_two() { let protocols: &[UnvalidatedProtoEntry] = &[ - "Desc=1-10,500 Cons=1,3-7,8".parse().unwrap(), - "Link=123-456,78 Cons=2-6,8 Desc=9".parse().unwrap(), + "Desc=1-10,50 Cons=1,3-7,8".parse().unwrap(), + "Link=8,12-45 Cons=2-6,8 Desc=9".parse().unwrap(), ]; let listed = ProtoverVote::compute(protocols, &2); @@ -307,30 +307,20 @@ fn protocol_all_supported_with_single_protocol_and_protocol_range() { assert_eq!(true, unsupported.is_none()); } -// By allowing us to add to votes, the C implementation allows us to -// exceed the limit. -#[test] -fn protover_compute_vote_may_exceed_limit() { - let proto1: UnvalidatedProtoEntry = "Sleen=1-65535".parse().unwrap(); - let proto2: UnvalidatedProtoEntry = "Sleen=100000".parse().unwrap(); - - let _result: UnvalidatedProtoEntry = ProtoverVote::compute(&[proto1, proto2], &1); -} - #[test] fn protover_all_supported_should_exclude_versions_we_actually_do_support() { - let proto: UnvalidatedProtoEntry = "Link=3-999".parse().unwrap(); + let proto: UnvalidatedProtoEntry = "Link=3-63".parse().unwrap(); let result: String = proto.all_supported().unwrap().to_string(); - assert_eq!(result, "Link=6-999".to_string()); + assert_eq!(result, "Link=6-63".to_string()); } #[test] fn protover_all_supported_should_exclude_versions_we_actually_do_support_complex1() { - let proto: UnvalidatedProtoEntry = "Link=1-3,345-666".parse().unwrap(); + let proto: UnvalidatedProtoEntry = "Link=1-3,30-63".parse().unwrap(); let result: String = proto.all_supported().unwrap().to_string(); - assert_eq!(result, "Link=345-666".to_string()); + assert_eq!(result, "Link=30-63".to_string()); } #[test] @@ -343,26 +333,10 @@ fn protover_all_supported_should_exclude_versions_we_actually_do_support_complex #[test] fn protover_all_supported_should_exclude_some_versions_and_entire_protocols() { - let proto: UnvalidatedProtoEntry = "Link=1-3,5-12 Quokka=9000-9001".parse().unwrap(); - let result: String = proto.all_supported().unwrap().to_string(); - - assert_eq!(result, "Link=6-12 Quokka=9000-9001".to_string()); -} - -#[test] -fn protover_all_supported_should_not_dos_anyones_computer() { - let proto: UnvalidatedProtoEntry = "Link=1-2147483648".parse().unwrap(); - let result: String = proto.all_supported().unwrap().to_string(); - - assert_eq!(result, "Link=6-2147483648".to_string()); -} - -#[test] -fn protover_all_supported_should_not_dos_anyones_computer_max_versions() { - let proto: UnvalidatedProtoEntry = "Link=1-4294967294".parse().unwrap(); + let proto: UnvalidatedProtoEntry = "Link=1-3,5-12 Quokka=50-51".parse().unwrap(); let result: String = proto.all_supported().unwrap().to_string(); - assert_eq!(result, "Link=6-4294967294".to_string()); + assert_eq!(result, "Link=6-12 Quokka=50-51".to_string()); } #[test] diff --git a/src/test/ed25519_exts_ref.py b/src/test/ed25519_exts_ref.py index ae537ff15b..dcc0a7c25a 100644 --- a/src/test/ed25519_exts_ref.py +++ b/src/test/ed25519_exts_ref.py @@ -53,7 +53,7 @@ def blindPK(pk, param): def expandSK(sk): h = H(sk) a = 2**(b-2) + sum(2**i * bit(h,i) for i in range(3,b-2)) - k = ''.join([h[i] for i in range(b/8,b/4)]) + k = bytes(h[i] for i in range(b//8,b//4)) assert len(k) == 32 return encodeint(a)+k @@ -64,7 +64,7 @@ def publickeyFromESK(h): def signatureWithESK(m,h,pk): a = decodeint(h[:32]) - r = Hint(''.join([h[i] for i in range(b/8,b/4)]) + m) + r = Hint(bytes([h[i] for i in range(b//8,b//4)]) + m) R = scalarmult(B,r) S = (r + Hint(encodepoint(R) + pk + m) * a) % l return encodepoint(R) + encodeint(S) @@ -263,5 +263,3 @@ if __name__ == '__main__': unittest.main() else: makeTestVectors() - - diff --git a/src/test/example_extrainfo.inc b/src/test/example_extrainfo.inc index 0bf2341ef5..94708e6812 100644 --- a/src/test/example_extrainfo.inc +++ b/src/test/example_extrainfo.inc @@ -1,25 +1,42 @@ +/* These entries are automatically generated by makedesc.py to make sure + * that their keys and signatures are right except when otherwise + * specified. */ + static const char EX_EI_MINIMAL[] = - "extra-info bob 3E1B2DC141F2B7C6A0F3C4ED9A14A9C35762E24B\n" - "published 2014-10-05 20:07:00\n" + "extra-info HomersRelay 3390094906366A15D5CD78550424FAD141CF1067\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstTAd17tFTNejNRgbv721EkIcbFOsiQYWMvXPIwupcMVOSRAQAgBABG7Eha\n" + "cQElmfndkTBiOJBk18P4nP6BtRWGhYEz9th4chXWqOuA+/8IfLPYb39YuFUOadAE\n" + "cgKPEa14EHB7K5QbGToAm91E0H5kVX6A9GDAc7QKKMYLGO4Tcu2WntzSmgY=\n" + "-----END ED25519 CERT-----\n" + "published 2020-10-14 20:58:04\n" + "router-sig-ed25519 3c5gw2tHzcjS0zKSdZrL2Mx3pdEe2j8Gc62nQWKl8m2DLhWqrTz9dC6LimoiipWuV0Xo8tT2f/fStMBGbayRAQ\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "K5GAkVjpUlofL78NIOE1VDxFn8yYbHK50rVuZG2HxqG/727bon+uMprv4MHjfDcP\n" - "V3l9u1uUdGiUPOl8j+hRNw4z/ODeCj/24r2+L32MTjyfUhK49Ld2IlK9iZKlgKYi\n" - "zyoatxdAjU8Xc5WPX692HO4/R9CGLsUfYcEEFU2R3EA=\n" + "tcFC3oRyHAaZTQn0g5G5rsjq3CI9Ky/GlhIQz1G5VWczjTXIb0fGGyerraq5HW7v\n" + "UEDQrA3dYjuFB3ACyKesoR9HbMSVOPSHkge4WWtlm9XoPzgU6IGWPhlnWjYC9ozV\n" + "2m8J8Gx+3IUy4xWWIDOXLV0Wlp6PWwXbYHWllHQLjKM=\n" "-----END SIGNATURE-----\n" ; - -static const char EX_EI_MINIMAL_FP[] = "3E1B2DC141F2B7C6A0F3C4ED9A14A9C35762E24B"; +ATTR_UNUSED static const char EX_EI_MINIMAL_FP[] = "3390094906366A15D5CD78550424FAD141CF1067"; +ATTR_UNUSED static const char EX_EI_MINIMAL_KEY[] = "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBALSppIF3t3wOAm4fzxRvK+q/wh1gGAWwS0JEn8d+c/x+rt1oQabGkqsB\n" - "GU6rz1z1AN02W0P2+EcyJQVBjGR3gHQNoDGx0KIdnr3caGAw3XmQXrJLPaViEk28\n" - "RJMxx6umpP27YKSyEMHgVTDXblKImT0mE7fVOx8tD0EWRYazmp4NAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n"; - + "MIGJAoGBANNVP8AEuktLfk1QmK5SYrfPF9KBxub5dubqaPGMGEHwtOpR8Mo8ZfKZ\n" + "bi3nmpO273uVZDz0toqgcI9v87x6v/2ZPaksRcFXl2vVdJ2L8R51yvr6EjhatEi/\n" + "ntPRQ67oSEA9sqeI4R1NRcrfEpzLyBOGZ/SHsctGX+9edZGZVpkrAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + ; static const char EX_EI_MAXIMAL[] = - "extra-info bob FF8248FE780A7236D3FA5D62DEA642055135F942\n" - "published 2014-10-05 20:07:00\n" + "extra-info HomersRelay 7369E5BE5E183609D08A766F6FF36F9F5DE2AD32\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstTAY8EcZ8LbMYKiBCrVu1KMM1b0nM5amNOdjzblJezWiJSAQAgBABdtyfT\n" + "YOvrB4cdPm0k7IoyXzVi3qYFtr82nshImKJ/tGO8H7DhU7s+7lsOKInn4RVaUS1/\n" + "r2Z05Qb7lj9q/jhVnruoiG/N6Ii0rjWuRZmmR7sZdCpAGzJoRx0hO1vshAU=\n" + "-----END ED25519 CERT-----\n" + "published 2020-10-14 20:58:04\n" "opt foobarbaz\n" "read-history 900 1,2,3\n" "write-history 900 1,2,3\n" @@ -46,390 +63,322 @@ static const char EX_EI_MAXIMAL[] = "exit-kibibytes-written FOO\n" "exit-kibibytes-read FOO\n" "exit-streams-opened FOO\n" + "router-sig-ed25519 JKJB3EvFZUOff5RgwgSowwTB/TP6VB+IbbeqGPA0Mp9ft9KiulgCuoWqGiUdu/1Zm02dSdYWIlKNf2AijTy0Cg\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "ZO79bLlWVNIruCnWW9duDcOKydPWbL5DfrpUv5IRLF4MMFoacMUdJPDUs9e+wY2C\n" - "zndHe6i2JK7yKJj+uCOSC8cx61OLG+kVxMLJ/qhA4H5thrYb+GpzMKwbHzQc3PTH\n" - "zHRzj041iWXTL7/DMaQlpJOBoac/wTSIKzoV2B00jBw=\n" + "rk8hYNILFc+Ka3a8vyVg3O4Qs5++ih5KmCP1f/onm++fUM/kGCA13KP3hF0conRH\n" + "bTdDas6PJALVgNq1bWsCbuqtz2eIf8r22+gE5nRuahh5u0JLzJzEXeZo/jpHQDAM\n" + "ZbMqs2SOKQk8QmGyUa+ul89FR9El0mBE8dMPwYnWl14=\n" "-----END SIGNATURE-----\n" ; - -static const char EX_EI_MAXIMAL_FP[] = "FF8248FE780A7236D3FA5D62DEA642055135F942"; +ATTR_UNUSED static const char EX_EI_MAXIMAL_FP[] = "7369E5BE5E183609D08A766F6FF36F9F5DE2AD32"; +ATTR_UNUSED static const char EX_EI_MAXIMAL_KEY[] = "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBANSpkYhHUW1EqodY4d3JRbvEM1vjjR/vEE8gjONiJ5t2Sten53jzt8bh\n" - "8/VJn7pQGs8zR5CIxCw4P68xMtZJJedS3hhjqubheOE/yW1DtpkiCf+zVEaLpeA8\n" - "fYQChkRICnR/BZd4W9bbohLVII5ym2PaJt2ihB3FeVZIsGXm4wxhAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n"; - + "MIGJAoGBAMJ9qPjQ0i7LGsRDIBJw+gMZLx1rYNCmu0KPSf7BixQP1Tk7u8TVL+/O\n" + "jmzOP8L2etdsl5ousnDjulXbxF3wn5pU1+d35XxkfUbcuYzKc90SwYsXp0HOdH0q\n" + "XdKofHK0TyTfWknBp9JId1r6lmjR2Sk+o88yES05NS95evaRkX2/AgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + ; static const char EX_EI_BAD_SIG1[] = - "extra-info bob 3E1B2DC141F2B7C6A0F3C4ED9A14A9C35762E24B\n" - "published 2014-10-05 20:07:00\n" + "extra-info HomersRelay 2F6C040BC5154D4A0F5BDFC1D6560EBD33B735C7\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstTAQhl8HDHWPB6RgLDaVIHfzcJ0CKg6wZINNChtW8QyAacAQAgBAA0yzGH\n" + "Ny+LC1czePmvy4QZMKgiyWIhrqqtT5cYgTnnF+oBcVpKEYkEvl/z2/bOTcIFW46U\n" + "wqGWJkQxqMbrxYKRo3dspN5Z7E1E8inkI3+oAv2rn4Xj+ZG7lWTwwuw97wc=\n" + "-----END ED25519 CERT-----\n" + "published 2020-10-14 20:58:04\n" + "router-sig-ed25519 1O2wsG/FhFdr117eNcqlB0RSJy5G4ExPCSAS8VG5yDirv6SepYLn99ppqGDH80WtOTc1+LzwZYkQ8tyko1vYAw\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "K5GAkVjpUlofL78NIOE1VDxFn8yYbHK50rVuZG2HxqG/727bon+uMprv4MHjfDcP\n" "V3l9u1uUdGiUPOl8j+hXXw4z/ODeCj/24r2+L32MTjyfUhK49Ld2IlK9iZKlgKYi\n" "zyoatxdAjU8Xc5WPX692HO4/R9CGLsUfYcEEFU2R3EA=\n" "-----END SIGNATURE-----\n" ; - -static const char EX_EI_BAD_SIG2[] = - "extra-info bob 3E1B2DC141F2B7C6A0F3C4ED9A14A9C35762E24B\n" - "published 2014-10-06 20:07:00\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "K5GAkVjpUlofL78NIOE1VDxFn8yYbHK50rVuZG2HxqG/727bon+uMprv4MHjfDcP\n" - "V3l9u1uUdGiUPOl8j+hRNw4z/ODeCj/24r2+L32MTjyfUhK49Ld2IlK9iZKlgKYi\n" - "zyoatxdAjU8Xc5WPX692HO4/R9CGLsUfYcEEFU2R3EA=\n" - "-----END SIGNATURE-----\n" - ; - -static const char EX_EI_BAD_SIG3[] = - "extra-info bob 3E1B2DC141F2B7C6A0F3C4ED9A14A9C35762E24B\n" - "published 2014-10-05 20:07:00\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "K5GAkVjpUlofL78NIOE1VDxFn8yYbHK50rVuZG2HxqG/727bon+uMprv4MHjfDcP\n" - "V3l9u1uUdGiUPOl8j+hRNw4z/ODeCj/24r2+L32MTjyfUhK49Ld2IlK9iZKlgKYi\n" - "zyoatxdAjU8Xc5WPX692HO4/R9CGLsUfYcEEFU2=\n" - "-----END SIGNATURE-----\n" +ATTR_UNUSED static const char EX_EI_BAD_SIG1_FP[] = "2F6C040BC5154D4A0F5BDFC1D6560EBD33B735C7"; +ATTR_UNUSED +static const char EX_EI_BAD_SIG1_KEY[] = + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIGJAoGBAKN5UTDCnsKYmUa2kORmJZUbpNv+dn66Fy4tj3x4rwFHKp7MOlgwK0Zj\n" + "C4dh77PUXRvnqM0yb3hDCiVJ9XsMbql8JCO8KrMoCoBvKXCVud30/gCY7G0Nf+Py\n" + "Z8j1NnOmKLuXnvX5saLtFKLEgAGMf/JTUExWmTAWKk0Ax9rQjVtVAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" ; - -static const char EX_EI_BAD_FP[] = - "extra-info bob C34293303F0F1E42CB14E593717B834E8E53797D8888\n" - "published 2014-10-05 20:07:00\n" +static const char EX_EI_BAD_SIG2[] = + "extra-info HomersRelay 292CB24DC90BEB8210E33B54F63271ED4034ABF9\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstTAS/RMEB+g3lPq9f9/tSb67KQWzKS1B8ujutOZv0byqpyAQAgBABZsEqr\n" + "UbN2SrNDRAIWkC7EL8hpUJOCbIRYKRuQ9HQFDrIM8ZI7h542JOKJexNOQmiZA5Ut\n" + "cWa/cJvraK48DChLlOZq62S2fNpX43pTktDVV6WqGp/P8IJwT+l6zBqFZQQ=\n" + "-----END ED25519 CERT-----\n" + "published 2020-10-14 20:58:04\n" + "router-sig-ed25519 XFBQj7H4bitpx5Bq9c0Od7dO4qiZKDHbeLGeV4FP+SsGfpft2VvY8/V0oHx2z2Sl3938MIfNxQMjBQ+EtHrdYDA\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "IDA8ryUYeMx7+Au/xQmX7Y8fXksoHUOXmePND2JYM4rPfishQJ1LpQ15KrolOZDH\n" - "FVIk3RmCefNlJeS1/UgWPcU8u2nGw1YQuRBHF4ViTmZ0OevI1pTsSApl4+oIx2dy\n" - "DGgCQmKfMbaOixIK8Ioh1Z2NUfMkjbUUE2WWgFTAsac=\n" + "sb8tYPSeSmaTEUpu7v374PVPEoYqTbIpaHezqbC/PfldVenXRLkoB893hP72IJQZ\n" + "ru9go6Kc6LuobMuVtpwey8nsPqhu8WZn3E4pSL8lCXosttvxtZnDD7/Fu6Ddj05A\n" + "ehZpDi2oyBVdR0b5JI7a+m6/j5snn0TTjbGmHHnDPY0=\n" "-----END SIGNATURE-----\n" ; - -static const char EX_EI_BAD_FP_FP[] = "C34293303F0F1E42CB14E593717B834E8E53797D"; -static const char EX_EI_BAD_FP_KEY[] = +ATTR_UNUSED static const char EX_EI_BAD_SIG2_FP[] = "292CB24DC90BEB8210E33B54F63271ED4034ABF9"; +ATTR_UNUSED +static const char EX_EI_BAD_SIG2_KEY[] = "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAKXMSbif4fG+BW/5lIq5V1tMRondIUfKiNizp0E6EcBw5LvYfQV6zrj8\n" - "HmMFbB/WGf9XGVMxIBzxzeQBRvCQJh+0QH7+ju5/isIHJZsACMILepr6ywmCcjVU\n" - "iYRtC8zGQLqfkf2cNoo7AhcI5i/YzyW2u1zmbPX5J+8sUErfxydbAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n"; - + "MIGJAoGBAM3PF/tml0dOEm53J54liJStfBBlK8cgYhApmm9NMDxqK1DssZBIL4v7\n" + "6KTx4yTr9U/rIBHF/0rISy9l86J38eT4twFxuIGcFtGSEFnUgp21uVysev+svQdW\n" + "s+RrFLkPu0Wus9v72f7QeAdFA2GKQmZnybsvRhLiGfomQls062wDAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + ; static const char EX_EI_BAD_NICKNAME[] = - "extra-info bobhasaverylongnameandidontthinkweshouldlethim A4EA2389A52459B3F7C7121A46012F098BDFC2A4\n" - "published 2014-10-05 20:07:00\n" + "extra-info bobhasaverylongnameandidontthinkweshouldlethim AB6C1ABB2A8F6D48ABE641912C8829F686BC6A9D\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstTAdi62xiknL6gvZDhCF37r7jL281WUDop4iImEX8bTeSYAQAgBAAfBLo2\n" + "i4Yuo3t/HGACeJZoHvVww8HTJq4NyDH5HBdU594t+qpdy/3rlQDsZFxTdh6nYV27\n" + "F6aZ6ZkgUSKW//XfX9Vn2xCSGhhwM2kkbWPQCelHAeVUwkCmScz4/rWo0wg=\n" + "-----END ED25519 CERT-----\n" + "published 2020-10-14 20:58:04\n" + "router-sig-ed25519 2YBjWS4B6+ZmLDt7DXxyckF/RgAu9PnaVgpJQTEbrogAjyeoiOplwzx86nc1YtxggCde1KsqicqsYENa+kgiCA\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "e2wLJFThRMGawxKrQPuH2XCLek/LJsg4XOB8waAjE0xdHOrzjur9x1jIxy7DVU6t\n" - "z1edbIoL24qucMJvFy2xjSQhFRX4OsyNc0nWr3LfJnTW9aEmxuwXM+mltUD2uFN1\n" - "2vYOIQjUmJwS2yfeSKnhXEl2PWVUmgzYL3r4S5kHco4=\n" + "YiYQB9RBEDxJf729Qgil/pzRqKNR5hsvTD3ODN2IcF/hbwKTtjURCTQYBDXAIB1q\n" + "mRpS1R+Rxcp6ta2kfKv5xeuDTcoYcCLeee6Cwivq8/JHhoqQcndG+2Bh8WUGPrRN\n" + "8X2AKAVVy/OF+/AZmTAhvWqYfJEZ9HaKEj+k8Ot/u5w=\n" "-----END SIGNATURE-----\n" ; - -static const char EX_EI_BAD_NICKNAME_FP[] = "A4EA2389A52459B3F7C7121A46012F098BDFC2A4"; +ATTR_UNUSED static const char EX_EI_BAD_NICKNAME_FP[] = "AB6C1ABB2A8F6D48ABE641912C8829F686BC6A9D"; +ATTR_UNUSED static const char EX_EI_BAD_NICKNAME_KEY[] = "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAKfq7oxD1kMu1+zeG2UVXN4vOu6FDp0V/olA3ttmXpUCgCiBxWTgtwNl\n" - "nPf0HcKMaCp/0D9XrbhvIoOsg0OTf1TcJfGsA/zPG7jrWYa4xhD50KYvty9EINK9\n" - "/UBWNSyXCFDMqnddb/LZ8+VgttmxfYkpeRzSSmDijN3RbOvYJhhBAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n"; - + "MIGJAoGBAMhug5Yec6r7TIViU3V4BeGGIckfWDVS1ewrhWe/mK5JP2jWZ8JJov7v\n" + "Wc2WArhMWYm8idmA+QwFKMmywdfkwc4jHu2jTcIFxTxl2zjFddThSgMgIGXtaBwc\n" + "Rn4kuIAG8PekuNNL903rol5OakE6EUvLmJcMYB3rO4W8C6oMhvalAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + ; static const char EX_EI_BAD_TOKENS[] = - "extra-info bob 6F314FB01A31162BD5E473D4977AC570DC5B86BB\n" - "published 2014-10-05 20:07:00\n" - "published 2014-10-05 20:07:00\n" + "extra-info HomersRelay 50AF9F6CE4107055260137181DEA24095D292F81\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstTAfELNKA/8+s09sVWDRCVk0hfX3+ysqp2vFE6atiPZ4hGAQAgBADVXm9g\n" + "BXoEjAjHvPwNPaZmrtjYTIc4ssiqud7/XKN1R1Ys+yJuZv23pJrGktXHiNBPI3UX\n" + "JOfbtNtw8depsxsDa232u1ZSLWCQ6LtaoalyT/mqs47ASSyYwcvgauWPYQY=\n" + "-----END ED25519 CERT-----\n" + "published 2020-10-14 20:58:04\n" + "published 2020-10-14 20:58:04\n" + "router-sig-ed25519 8ggCNPsFzbfbILBVpiKRlUqEaATq5F17Xo+5op/aoPPhp0pCmucYpl0aGX0hbJCGAOjShBmX362ARmpBBDoADQ\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "lhRIafrkKoQmnUoBLiq4XC8XKXrleGJZ5vefkLcgjOJ5IffsvVdIA7Vqq/ISbPrG\n" - "b/Zs0sJNL6naHPxJBglgHJqksSyiYHaeOetXg2Rb+vZ1v2S5BrVgk1nPMDhyIzqc\n" - "zU7eCxFf/1sXKtWlEKxGdX4LmVfnIln5aI31Bc4xRrE=\n" + "LW/DIzbGzTmvvr/wKQo41utHqwAbHvrtF/X4wCQ0Db4GDHgDlac2gtzhz++X8Rrh\n" + "fiLBdby4omYP/uPkk9pTwvNaSHpsE17zCWrg6re7lUfgq/mJ7VB8eRGzd8NIELEQ\n" + "gBK/DQ9oF4yHHRTbNRusUBwtU/UB8wNdkvTYAVw9VWw=\n" "-----END SIGNATURE-----\n" ; - -static const char EX_EI_BAD_TOKENS_FP[] = - "6F314FB01A31162BD5E473D4977AC570DC5B86BB"; +ATTR_UNUSED static const char EX_EI_BAD_TOKENS_FP[] = "50AF9F6CE4107055260137181DEA24095D292F81"; +ATTR_UNUSED static const char EX_EI_BAD_TOKENS_KEY[] = "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAL7Z8tz45Tb4tnEFS2sAyjubBV/giSfZdmXRkDV8Jo4xqWqhWFJn7+zN\n" - "AXBWBThGeVH2WXrpz5seNJXgZJPxMTMsrnSCGcRXZw0Npti2MkLuQ6+prZa+OPwE\n" - "OyC6jivtAaY/o9iYQjDC2avLXD3N4LvoygyF418KnNcjbzuFygffAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n"; - + "MIGJAoGBAMOlFKzgAdxLVePfB0epCUtq3v4vVptYdQNLpqtjhNVZaNwrYKcyO6Wd\n" + "115iHgAwbeh7Eva0qb/S3F1KKspiCoTNC2O54Yn8i3kIWfWXjDsdWEJ/CtOZumwH\n" + "DbcAQuczG0D8nTxxn42+QaoHFzTMo1sJ2c91qY7OV7kWYqMB++2VAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + ; static const char EX_EI_BAD_START[] = - "published 2014-10-05 20:07:00\n" - "extra-info bob 5CCCACE71A9BDB5E8E0C942AB3407452350434C0\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstTAT5Axv+qhd0NtmmMe+AXThBG1h3cs559MPKDxbV5Y5TzAQAgBABOa2zh\n" + "7y8bgCx3/uQCJ+v9kxNGZDQu+soUPbXyd7OZEaUE/2S7+YtdmqEtQNaF5T+MfEe8\n" + "6zDRnfXeNQaQSVGM2mhrkvWGYJkKecOQzuBsnlUmicLqyDV3HY9iefo8Two=\n" + "-----END ED25519 CERT-----\n" + "published 2020-10-14 20:58:04\n" + "router-sig-ed25519 Q3p7pd9YoXRgrRJN9dVqmR382KLxsGQu0zBr0JrfFaqow2fmTwXHnKYJZb5SzQeeYIjnHG/uSRWMmAcQoHnrBw\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "BOiWgexqCAMZ8uyJ7jwBwRkz7Ox8cT4BImkmkV3bQiZgcWvPiYA3EnCm2ye48Ldg\n" - "zBST2p6zJM5o4MEDYGMxfViS86Abj/z7DOY1gtLhjmAaVjIIpXc3koxEZtzCecqy\n" - "JQz6xEg9/KoEuoT0DRrfYQ+KtQfzBDWrotfOvEa1rvc=\n" + "mk0iHF8QMUfJUCjFWXihHQQjFflulpFDYeBgvCwUqrnIlbufuzLdoKEnrio0HCMq\n" + "VcJ+84iAW0likR4qflmerDobhbEpeA21pZx1zCkLdi4KzV1u79xvY5qHKHxWBbeY\n" + "W8yDErz6jVoGEqGOlg9Whlo6QSukttdKK974ugebVTw=\n" "-----END SIGNATURE-----\n" ; - -static const char EX_EI_BAD_START_FP[] = "5CCCACE71A9BDB5E8E0C942AB3407452350434C0"; +ATTR_UNUSED static const char EX_EI_BAD_START_FP[] = "0B6D931123DA9B41F901D6EFCCD64CFBB89C6010"; +ATTR_UNUSED static const char EX_EI_BAD_START_KEY[] = "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAK2OCIfM6Cin/lq99Z3w9tl6HeyGlkBZu9MQEPHxqGIHTq78lIC1UkrC\n" - "6NTqlrHBV9dmfzdwJn4GgMWsCZafL0FPIH3HNyNKUxLgyjixyKljHx2rfErSfOxI\n" - "bMoOGBKv7m1EZZ0O5uG9ly9MBiNGdJyLdlnVvH7wSCnYciizpO4lAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n"; - -static const char EX_EI_BAD_PUBLISHED[] = - "extra-info bob E67C477E3536BDE348BD407426D9679E5AE0BC16\n" - "published 2014-99-05 20:07:00\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "l45IziBaXRKIjPAIUogMFNjQgH6k6Vm0+6r5+oByr4sP+B3ufNdUA6+WqBs43F0Z\n" - "IqcJiT9nFn0DuNd/liOyOCixppDLx5h5NrhoGqcT3ySADEEXhzjlmc35TI3YBNVO\n" - "v98fotmwIEg9YRWVGPg6XuIn2PRyiboFyjUpaYGCV0Q=\n" - "-----END SIGNATURE-----\n" + "MIGJAoGBAMfN4ZtcZcKFtmMakKEghsW4SWYPlxg5DTtSD3OSbarO0mucpQqsQnkx\n" + "Nr4yFOGHmJiZxkKbqVwAq78ZUfFzWVW+I2TaPCWKvCdEib6SlMXueufgcsW2eQLz\n" + "URbswEArwivNzY2wcnweGI6fdoN1FZloE1pk6YR9aZLI91RaWhHNAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" ; - -static const char EX_EI_BAD_PUBLISHED_FP[] = "E67C477E3536BDE348BD407426D9679E5AE0BC16"; -static const char EX_EI_BAD_PUBLISHED_KEY[] = - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAL7q8GEI18iv8Fo0QbNHmFatQ2FNacalPldpmKUdMJYEVZtdOR0nhcrY\n" - "BvG6303md3INygg+KP49RvWEJR/cU4RZ9QfHpORxH2OocMyRedw2rLex2E7jNNSi\n" - "52yd1sHFYI8ZQ4aff+ZHUjJUGKRyqpbc8okVbq/Rl7vug0dd12eHAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n"; - -static const char EX_EI_GOOD_ED_EI[] = - "extra-info emma A692FE045C32B5E3A54B52882EF678A9DAC46A73\n" +static const char EX_EI_BAD_PUBLISHED[] = + "extra-info HomersRelay 94C608B2CB50E5D488D345A0F54D1C78D13C69E1\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf55AYgHn/OKR8GHBlscN5VkO73wA9jSci8QgTM30615ZT44AQAgBAC08woT\n" - "MBZpKzRcaoEJhEG7+RmuYtnB2+nODk9IRIs8ZoyYPTZ6dLzI+MLMmtzUuo/Wmvw0\n" - "PflTyCb2RlWitOEhAErWH3Z9UmYGnzM/COId0Fe3ScSriyvRoFnJY1+GVAQ=\n" + "AQQABstTAUUzHVvllaO8HwZE3nF9kV7fqSK3WzuS3GvWRF69YHJ3AQAgBACUuECr\n" + "PwY0R1fw7rzTgcYuoWCeHhAbePuO6SNk39cQYsI26HPCQakL3yK4258tXsxC4LGN\n" + "DzH21SnS5gopeyg17C3ME6LtV1AAUz3Ytmf+2iNHIEJG9FHruZUeX7vCmA0=\n" "-----END ED25519 CERT-----\n" - "published 2014-10-05 20:07:00\n" - "router-sig-ed25519 a7K8nwfg+HrdlSGQwr9rnLBq0qozkyZZs6d6aiLEiXGdhV1r9KJncmlQ5SNoY/zMQlyQm8EV5rCyBiVliKQ1Bw\n" + "published 2020-99-14 20:58:04\n" + "router-sig-ed25519 9AtZy5azhX81mxtY/ujFfZvoR3biUDtkZnnFMMLg25A2zmjou6WAQeoRQkPH/lN7sBN68NSiJ9+qF2Ef9m+qCQ\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "GvmCmIGgbC1DeawRyRuChy62VmBOG0EviryG/a2qSZiFy0iPPwqSp5ZyZDQEIEId\n" - "kkk1zPzK1+S3fmgOAXyXGH0r4YFkoLGnhMk07BoEwi6HEXzjJsabmcNkOHfaOWgs\n" - "/5nvnLfcmxL4c6FstZ7t9VQpE06y3GU0zwBeIy1qjp0=\n" + "eBc/YKRfl2OLethfPnK+rp6WF4Q//dCEI63eYMesUuLomAiOWdvPjW8Ispl9auPx\n" + "DLw5BQR4bYuO2oTNWS0fGyh7sykepCkuuvfcxRMDuGDGz9KmfJezKOiHgPENpzD+\n" + "hlTqtTKRwD1TP3hJtHSxYi8ZTR9XuR0MuZ/uQxVSwW8=\n" "-----END SIGNATURE-----\n" - "\n" - "\n" ; -static const char EX_EI_GOOD_ED_EI_FP[] = - "A692FE045C32B5E3A54B52882EF678A9DAC46A73"; -static const char EX_EI_GOOD_ED_EI_KEY[] = +ATTR_UNUSED static const char EX_EI_BAD_PUBLISHED_FP[] = "94C608B2CB50E5D488D345A0F54D1C78D13C69E1"; +ATTR_UNUSED +static const char EX_EI_BAD_PUBLISHED_KEY[] = "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAM3jdYwjwGxDWYj/vyFkQT7RgeCNIn89Ei6D2+L/fdtFnqrMXOreFFHL\n" - "C7CK2v2uN3v+uXxfb5lADz3NcalxJrCfGTGtaBk7PwMZraTSh2luFKOvSRBQCmB1\n" - "yD5N0QqnIhBJoGr6NITpbWyiTKWvYLjl9PZd9af8e8jQCAa5P1j1AgMBAAE=\n" + "MIGJAoGBALSDc0v0jfhvfcx7rxGQhCGzBGPZepZoJQY/dQrjBlMo0EqZg3KjYXiv\n" + "JpukXfXMgbiTyTv2Kknsbhjx1WhVTwNs+smdea6RryQJX/PbO7HzriaCm99XFO/b\n" + "IlJ918osvoU1VIhiPTzTJPUT6hmP4RNHXJe2ZTjDACGa/Kk16SLlAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" ; - static const char EX_EI_ED_MISSING_SIG[] = - "extra-info rachel 2A7521497B91A8437021515308A47491164EDBA1\n" + "extra-info HomersRelay 961B50E8433A0ECDAFFB51FBC951B869BD89A7E5\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf55AT2/T71LFYHiI1ppwNiuaewIu2Hq+GWWQ85O8gpWcUxeAQAgBAC2dgYu\n" - "moxhtuip7GVlthT9iomZKba1IllVa7uE1u2uO9BUYZQWXciFt7OnNzMH5mlffwxB\n" - "1dWCl+G5nbOsV5jYLbfhrF5afZotf+EQTfob4cCH79AV223LPcySbTHTtQ4=\n" + "AQQABstTAWCgrsRHajn+P0SbnvG/WcI46/wS061O1ImRCajjJY8WAQAgBADH8/EZ\n" + "onxMi+CrbK3/xNGakEevRzyE2bFAF45l/y8SYeBhcvfzQuGaxuHgIt6D6UAFiVyV\n" + "jM+vwjyLTrSicJAPFiVJkbu4tbDijcjr34IlwsAVV/NYX05bX8hVpaSSPQU=\n" "-----END ED25519 CERT-----\n" - "published 2014-10-05 20:07:00\n" + "published 2020-10-14 20:58:04\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "oypRD2IZQ5EttOE8dvofrW80nnBfijSkvYzBrM6H4KVeayRYvWfmi96dYO6ybMqm\n" - "Yp7Gs3ngqeeNdfHtkRPuQVUXUGYZgBTvYItuagnFlFgRqaHy0knwUIVOL35eqWYx\n" - "xSbQKA7fglxEDMFs/RK7FRP4dWc731ZMt5wzzfJHZ8E=\n" + "fcD3kYMeOBr4wwKKuRKz7KoHSDIInwYFVnm/kFAMKrSeU+z1MOqchobpp4AuN2p0\n" + "BiOLYz621PcTxpURvagwoPcqulkIoWazng9fKyy+ZUk2z9QOjZ2A1PXZVnSKNLxm\n" + "P5nNO78Ev5qg6fsYcE40UppOu6mOAXKaKhwyl7ZEvNc=\n" "-----END SIGNATURE-----\n" - "\n" - "\n" ; -static const char EX_EI_ED_MISSING_SIG_FP[] = - "2A7521497B91A8437021515308A47491164EDBA1"; +ATTR_UNUSED static const char EX_EI_ED_MISSING_SIG_FP[] = "961B50E8433A0ECDAFFB51FBC951B869BD89A7E5"; +ATTR_UNUSED static const char EX_EI_ED_MISSING_SIG_KEY[] = "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAOOB8ccxbtk2dB5FuKFhGndDcO6STNjB6KiG0b9X2QwKrOZMfmXSigto\n" - "mtC1JfPTxECayRjLSiP/9UD8iTVvlcnc8mMWBGM12Pa/KoCZRn7McHI3JJ7n9lfn\n" - "qw9+iZ9b/rBimzOb3W6k3uxzg9r8secdq4jJwTnwSjTObgxZtC8/AgMBAAE=\n" + "MIGJAoGBALlAaT9rapqG8s8WuOI/wt9hdIMEZrjFyywelTuY3wDMvWMqKJUX0VCT\n" + "TtRco0+Q0QiQcMmcbvWz+BknC7L457XAeBmKckLjSGhu8Ett1/nYiT/wKv4eCOtT\n" + "KxkSGkrJX4L9mgdrquwCY6Eq4pUXFHHA2OkE/w25wmbud5GiZ7stAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" ; - static const char EX_EI_ED_MISSING_CERT[] = - "extra-info lynne E88E43E86015345A323D93D825C33E4AD1028F65\n" - "published 2014-10-05 20:07:00\n" - "router-sig-ed25519 H4gKIKm5K9Pfkriy7SlMUD6BdYVp6B5mXKzR/rTyYlpH0tEZ4Fx2hlHNfNNdWXJieXzKZQZo8e7SOVzvrAC3CQ\n" + "extra-info HomersRelay 65EE5370C2EFEC112E351206CF00C4DB89670356\n" + "published 2020-10-14 20:58:04\n" + "router-sig-ed25519 VaqCeYmnufCStWecAdhxAUs2tBY7DlWBVVtkduk1dJkBzRi9aDTi+7lU80wrYbH1Hb3lykXM+TI5GOabbO8uBQ\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "dIrbQjK5T9t5KM8CpsMF85hh2i060oPIxzYQMgE1q4j99dtb/n7SE8nhj1Sjij4D\n" - "7JvTjGdLHi3bFSxXaSmla0wxD9PUYFN7VsBQmwSaDrqrzJFb1SGwZuzW1IEZ7BBi\n" - "H0czsxEteg5hcNRwISj5WVthuWmau9v13MijtZGSK40=\n" + "Bum6OqCQ4asVALAzusLhkn9YgjazJo1Ta4Ff/qubOGcY7JqIC0f7oUfd6D+EhsZS\n" + "nRuZjp3KS1jM3gLPaWDI1cGNIG2RwS7QoWjFhjsUAQuBtKVmfBNtdiS9syNLxIlw\n" + "zxhm2sGMJ9gxhTIK2noGd36ur+XaQrRousdbkjpwiRk=\n" "-----END SIGNATURE-----\n" - "\n" - "\n" - "\n" ; -static const char EX_EI_ED_MISSING_CERT_FP[] = - "E88E43E86015345A323D93D825C33E4AD1028F65"; +ATTR_UNUSED static const char EX_EI_ED_MISSING_CERT_FP[] = "65EE5370C2EFEC112E351206CF00C4DB89670356"; +ATTR_UNUSED static const char EX_EI_ED_MISSING_CERT_KEY[] = "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBALjA/geb0TR9rp/UPvLhABQpB0XUDYuZAnLkrv+i7AAV7FemTDveEGnc\n" - "XdXNSusO1mHOquvr0YYKPhwauInxD56S8QOzLYiWWajGq8XHARQ33b4/9K2TUrAx\n" - "W9HTHV1U1zrPlCJtrkbjxsYoHpUg5ljzM7FGYGY5xuvyHu18SQvzAgMBAAE=\n" + "MIGJAoGBALir3RWzz5UpiEP+kV4qPtsKzt3C2cwZ0c/k/UusCnszyCVRFJSRa/Iw\n" + "Er59Y+Qe/r8ehHts7KXlv9r4CIKGUlXv2YKMI6Dernxnl8e68F3sUyy+GY4a0UJd\n" + "sQyMwWcVlOkD6kSUPT4ryAGw3wlL8MAA2xllNl+7Lexpb7VficZLAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" ; static const char EX_EI_ED_BAD_CERT1[] = - "extra-info marcie F78D8A655607D32281D02144817A4F1D26AE520F\n" + "extra-info HomersRelay 82D64A389FBADE8BB38C8F7027EE15B34BBA0CB3\n" "identity-ed25519\n" "-----BEGIN PLAGICAL SPELL-----\n" "aaaa\n" - "-----END PLAGICAL SPELL\n" - "published 2014-10-05 20:07:00\n" - "router-sig-ed25519 KQJ+2AH7EkkjrD0RtDtUAIr+Vc7wndwILYnoUxFLSJiTP+5fMi54eFF/f1OgkG8gYyTh8phMij9WOxK/dsOpBg\n" + "-----END PLAGICAL SPELL-----\n" + "published 2020-10-14 20:58:04\n" + "router-sig-ed25519 q0SZRiMpJ4CG7rebOJk6HzR/TNEmsU7wXDjFYxLMdJgvkQZf9ynsyEIvS9buInsY09czmAFQOUnY2poCBkHeCw\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "XWD+P25AH6moi79j20Si3hqKGcJDws+FORL1MTu+GeJLV1mp5CR9N83UH4ffulcL\n" - "CpSSBDL/j74HqapzW7QvBx3FilaNT55GvcobZDFK4TKkCEyEmcuWKpEceBS7JTTV\n" - "SvwZeOObTjWPafELbsc/gI9Rh5Idwu7mZt3ZVntCGaQ=\n" + "OlhdHgl8dxV4+GRqjsE45qk8QlBYL4+hqSdf4biQGgVGpQv+kbUqzioS8jmiMC4e\n" + "VzeFBwEbHxD4OI6C/LWjgOk33uZ3Re7yWnlMqnnWKZOLAEX1/BD4SuTSwlTlzci8\n" + "48mzwzTnjh3I1j7ChMm5r/QIpgiC1iwrgw7oVK7mvE8=\n" "-----END SIGNATURE-----\n" - "\n" ; -static const char EX_EI_ED_BAD_CERT1_FP[] = - "F78D8A655607D32281D02144817A4F1D26AE520F"; +ATTR_UNUSED static const char EX_EI_ED_BAD_CERT1_FP[] = "82D64A389FBADE8BB38C8F7027EE15B34BBA0CB3"; +ATTR_UNUSED static const char EX_EI_ED_BAD_CERT1_KEY[] = "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMlR46JhxsCmWYtmIB/JjTV2TUYIhJLmHy+X7FfkK3ZVQvvl9/3GSXFL\n" - "3USfyf3j34XLh8An7pJBi9LAHkIXgnRbglCud7dXoexabmC+c2mSbw5RnuxDGEwz\n" - "krXUph/r2b+2UY1CgEt28nFigaHrIQbCmF4szFX/2GPYCLi5SrRNAgMBAAE=\n" + "MIGJAoGBAMBDm5sHAbst7tvS5k9sCh6/7b3fEMW9cpARKuK5VR5PdcNJDkxWPTPr\n" + "J/Jy0xTqnWrUD0njXpsdE7PKIspn6a5dnk775GmpH8Z8KnRcCrx7AX1Rd0evg4+s\n" + "nCPASoD8RlfduLuJ2ZtdGZ8fWOYc2pQmLLYzy0BxoLKC0P9+/CwBAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" ; static const char EX_EI_ED_BAD_CERT2[] = - "extra-info jaeger 7C2B42E783C4E0EB0CC3BDB37385D16737BACFBD\n" + "extra-info HomersRelay 590FDF3A7684E2F9FCC29CFC7941D73570AF5457\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" "AQoABf55Acpw27GZBdwGCgawCj2F/DPadt8F/9DnEWywEew1Yi3qAOtLpCB8KXL7\n" "4w5deFW2RBg8qTondNSUvAmwYLbLjNXMmgA3+nkoJOP3fcmQMHz1jm5xzgs2lCVP\n" "t5txApaBIA4=\n" "-----END ED25519 CERT-----\n" - "published 2014-10-05 20:07:00\n" - "router-sig-ed25519 DRQ4MLOGosBbW8M+17klNu8uWVkPxErmmEYoSo6OuH2Tzrcs6sUY+8Xi2qLoV1SbOugJ214Htl0I+6ceag+vBA\n" + "published 2020-10-14 20:58:04\n" + "router-sig-ed25519 3vgrf5SH8v7s6BNlXH/+RckQExrLwkY9mCgxewnXqvefYzyORy3GAiUQ9Iu0TbldP/Vtf+UgqnaZVbTERCoRBA\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "DfdA+DbuN9nVJNujuSY5wNCDLk7Hfzkrde/sK0hVmZRvivtpF/Fy/dVQHHGNFY5i\n" - "L1cESAgq9HLdbHU+hcc08XXxTIaGwvoklcJClcG3ENVBWkTXbJNT+ifr7chEagIi\n" - "cVrtU6RVmzldSbyir8V/Z4S/Cm67gYAgjM5gfoFUqDs=\n" + "IKKNccP7/3owyYgAC0fnnsyx22Yc7yHqQFMVXwcqV9XH43yhN8KUrbzoZH2pkZzA\n" + "0Mn47I82FCd+yQyCmURmWFSAVRQGH8rmBzl+lG9TiRdlBdZfp7YaazQGOVpE6BcM\n" + "N4Rh1XY1zV1c82mdQW/JgJ9qDCvflILm597sADqdfyI=\n" "-----END SIGNATURE-----\n" ; -static const char EX_EI_ED_BAD_CERT2_FP[] = - "7C2B42E783C4E0EB0CC3BDB37385D16737BACFBD"; +ATTR_UNUSED static const char EX_EI_ED_BAD_CERT2_FP[] = "590FDF3A7684E2F9FCC29CFC7941D73570AF5457"; +ATTR_UNUSED static const char EX_EI_ED_BAD_CERT2_KEY[] = "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBALAM1F/0XJEsbxIQqb3+ObX/yGVnq9of8Q9sLsmxffD6hwVpCqnV3lTg\n" - "iC6+xZ/bSlTGLPi0k8QLCaTmYxgKwmlMPpbQZ4kpZUrsb9flKdChMN7w8hd48pY9\n" - "lu8QiAEgErsl5rCCJIHHjrxxM/Cnd0TnedRnj/Z2YqpNx/ggsmsRAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - ; -static const char EX_EI_ED_BAD_SIG1[] = - "extra-info vary 5AC3A538FEEFC6F9FCC5FA0CE64704396C30D62A\n" - "identity-ed25519\n" - "-----BEGIN ED25519 CERT-----\n" - "AQQABf55AbPp++GrRb6WphSu+PkMaYsqY/beiLBmtiV3YP5i2JkKAQAgBABKXjg1\n" - "aiz2JfQpNOG308i2EojnUAZEk0C0x9g2BAAXGL63sv3eO/qrlytsG1x2hkcamxFn\n" - "LmfZBb/prqe1Vy4wABuhqWHAUtM29vXR6lpiCJeddt9Pa8XVy/tgWLX6TAw=\n" - "-----END ED25519 CERT-----\n" - "published 2014-10-05 20:07:00\n" - "router-sig-ed25519 a7K8nwfg+HrdlSGQwr9rnLBq0qozkyZZs6d6aiLEiXGdhV1r9KJncmlQ5SNoY/zMQlyQm8EV5rCyBiVliKQ1Bw\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "xhZX8Qmgft51NJ7eMd4vrESzf/VdxDrBz7hgn8K+5bLtZUksG0s6s7IyGRYWQtp4\n" - "/7oc9sYe3lcQiUN2K7DkeBDlL8Pcsl8aIlKuujWomCE3j0TIu+8XK6oJeo7eYic+\n" - "IA7EwVbdZsKsW5/eJVzbX2eO0a5zyJ5RIYotFNYNCSE=\n" - "-----END SIGNATURE-----\n" - "\n" - ; -static const char EX_EI_ED_BAD_SIG1_FP[] = - "5AC3A538FEEFC6F9FCC5FA0CE64704396C30D62A"; -static const char EX_EI_ED_BAD_SIG1_KEY[] = - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMvb6SuoIkPfBkJgQuo5aQDepAs1kEETZ9VXotMlhB0JJikrqBrAAz+7\n" - "rjIJ4JsBaeQuN0Z5ksXk2ebxtef7oMIUs37NfekLQHbNR0VsXkFXPEGmOAqpZjW0\n" - "P524eHqybWYZTckvZtUvKI3xYGD6kEEkz4qmV6dcExU1OiAYO9jrAgMBAAE=\n" + "MIGJAoGBAK5yV8+I/GiI+Vz6ob7Oecf7TpuLoBPEppLzY3RLv9GqwrIyAhWR7oQk\n" + "qrImJE3U+QPdf/Sw/+LG6fIuZPQAyHx8E7FtUBrT6X9gmel+H/4bj40OQhs6nynV\n" + "XKnq0tsaNnQrb5ofdFrlCcG+a+ij7gqq1gd9JzITGK7tEdGIMKprAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" ; -static const char EX_EI_ED_BAD_SIG2[] = - "extra-info coward 7F1D4DD477E340C6D6B389FAC26EDC746113082F\n" - "identity-ed25519\n" - "-----BEGIN ED25519 CERT-----\n" - "AQQABf56AZkSDiFZ1QaiLJhcKdFDE5Kei/sPaPEIEoPMGP4BvOVXAQAgBAAlRLzx\n" - "U029tgIL9BRe47MVgcPJGy48db6ntzhjil7iOnWKT70z2LorUD5CZoLJs72TjB6r\n" - "8+HYNyFLEM6dvytWZf9NA5gLdhogbFcUk/R3gbNepmCF7XoZjbhPIp8zOwg=\n" - "-----END ED25519 CERT-----\n" - "published 2014-10-05 20:07:00\n" - "router-sig-ed25519 yfV+GySMIP1fw1oVa1C1de4XOWBqT4pUtEmSHq1h+WrLBNCh3/HZWvNC/denf2YVntuQrMLCJEv5ZaFKU+AIDQ\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "g+BWq69i9CP19va2cYMAXCQ6jK3IG0VmNYspjjUFgmFpJKGG6bHeOkuy1GXp47fG\n" - "LzZ3OPfJLptxU5AOQDUUYf25hu9uSl6gyknCzsszFs5n6ticuNejvcpzw6UfO1LP\n" - "5u+mGJlgpcMtmSraImDZrRipmZ3oRWvEULltlvzGQcQ=\n" - "-----END SIGNATURE-----\n" - "\n" - ; -static const char EX_EI_ED_BAD_SIG2_FP[] = - "7F1D4DD477E340C6D6B389FAC26EDC746113082F"; -static const char EX_EI_ED_BAD_SIG2_KEY[] = - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBALzOyfCEUZnvCyhlyMctPkdXg/XRE3Cr6QgyzdKf5kQbUiu2n0FgSHOX\n" - "iP5gfq8sO9eVeTPZtjE7/+KiR8aQJECy+eoye+lpsfm3tXpLxnpOIgL4DlURxlo/\n" - "rfCyv30SYBN9j62qgU9m6U2ydI0tH7/9Ep8yIY/QL8me8VAjLbf/AgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - ; - static const char EX_EI_ED_MISPLACED_CERT[] = - "extra-info msselene 3B788BD0CE348BC5CED48313307C78175EB6D0F3\n" - "published 2014-10-05 20:07:00\n" + "extra-info HomersRelay 8CEBCF8A15C8C1F0537C31C4286E56BDFD710235\n" + "published 2020-10-14 20:58:04\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf55AWBcqjzLESDuLNGsqQ/tHn32XueXwj2fDlgEy/kQNVf/AQAgBAAFOegg\n" - "XY1LR82xE9ohAYJxYpwJJw0YfXsBhGHqfakEoBtSgFJ3cQAUXZQX4lX6G8IxAlQB\n" - "7Rj7dPQuQRUmqD1yyKb/ScBgCa8esxlhNlATz47kRNR38A3TcoJ4c1Zv6AE=\n" + "AQQABstTAe3zhxsBmvrWABOzif60p/X+9bZrLiRVcYhAMELIWvSwAQAgBAAAyj9D\n" + "q/oQQN8BgmK0cUk1kNsnpNOvCNZ9BorUZY+EtFHiND/PYtDe0SNmODVcA4eBvdXy\n" + "v5/0QI2S8roW7h1X8V0QVRguZ/3WwJpFE/qLHJ7LWu7kDPqzCjXHE5hQgQw=\n" "-----END ED25519 CERT-----\n" - "router-sig-ed25519 Q52JKH9/iMsr1jIPlWHHxakSBvyqjT1gzL944vad4OhzCZuNuAYGWyWSGzTb1DVmBqqbAUq73TiZKAz77YLNCQ\n" + "router-sig-ed25519 beLJb1fZrhBz4t6pBCnJl1UGX6QWFoKzbwRwxLUTUHUDyGpPIIbIEdxxem/RPcaYiqXti45lW57v0CEgYktcBw\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "YplvAIwExGf5/L8AoroVQXtGm+26EffrxKBArMKn0zS1NOOie1p0oF/+qJg+rNWU\n" - "6cv3Anf188EXGlkUOddavgVH8CQbvve2nHSfIAPxjgEX9QNXbM5CiaMwgpCewXnF\n" - "UoNBVo5tydeLHVns15MBg/JNIxUQMd6svMoPp2WqmaE=\n" + "BfdqDEu4Qk0SxBTelpzTqjlj1B3Yd0rQO0dftyGLtQmp3gVhUQqiFrW5/R1nTJKc\n" + "uOn9o/Te93+OOBLn0joJZ7JpHQJHjcHgW4kCoc2cAYUBEwgCHAa+eV5+jAVQHIm9\n" + "YHGkwZNaQct0ZiYnzWtnWzDVLB8ZpJltvYecflLTq88=\n" "-----END SIGNATURE-----\n" - "\n" ; -static const char EX_EI_ED_MISPLACED_CERT_FP[] = - "3B788BD0CE348BC5CED48313307C78175EB6D0F3"; +ATTR_UNUSED static const char EX_EI_ED_MISPLACED_CERT_FP[] = "8CEBCF8A15C8C1F0537C31C4286E56BDFD710235"; +ATTR_UNUSED static const char EX_EI_ED_MISPLACED_CERT_KEY[] = "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBALTwNqhTprg1oC6bEbDqwIYBoER6prqUXQFbwbFDn+ekXhZj8vltgGwp\n" - "aDGl9ceZWDKfi+reR6rZXjAJGctmv0VHkfe7maUX4FC/d2T8N8DvS+3IvJzFMpbT\n" - "O0fFrDTrCSnPikqFfQWnlP8yoF5vO7wo0jRRY432fLRXg9WqVzdrAgMBAAE=\n" + "MIGJAoGBAK0gXKx7t/EMu82I7+XV+/D7zuaZdzInBi/ieys1iiKpYqfSsvIS3hBu\n" + "TEWeuCUds9O81RMOqgGRktHPGu+6D863BGlzL+Ib+iih5ceclmYAJ6WvZF7w9enc\n" + "JGjP+wwJGWQVKTltlt9y/S/KM7KEGnCf5Biy1ZqJb9V3Fjp8R8DtAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" ; static const char EX_EI_ED_MISPLACED_SIG[] = - "extra-info grazie 384E40A5DEED4AB1D8A74F1FCBDB18B7C24A8284\n" + "extra-info HomersRelay 3D9E654300A20118E237361CBBBBCFC71CA34BAD\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf55AcGuIBoa6TBqD8Gg5atcwp/+r9ThxIBkULmPv9OSGhv+AQAgBACXH13y\n" - "mUvdpcN6oRN1nX6mnH40LyfYR5um8xogJZk3oINse5cRNrfMgVWiBpDlJZAwlDDa\n" - "lx99hzuZBong+CiOcnEvLMsBaVJmNTm5mpdetYclZpl0g8QEXznXXeRBMgM=\n" + "AQQABstTAfBKg56c9SNv+Hhf8VjMX2h9s7MS1jPh5WIbHfJ+JgLuAQAgBADdptx9\n" + "uqI1om7gmESf4MImZeK+wKjgv0gttLYUyFu39dcjvDoAWdzQXjJMtR5Q2WlEqqPC\n" + "Fe41S7M6zYz6O5dbLp4vdDtdr6ZM5gWZwfdxqAfxWKwIsu8IOFOpjAkgVAQ=\n" "-----END ED25519 CERT-----\n" - "router-sig-ed25519 TxuO86dQ3pUaIY2raQ3hoDBmh4TTPC0OVgY98T5cf6Y+sHyiELCkkKQ3lqqXCjqnbTLr1/4riH980JoWPpR+Dw\n" - "published 2014-10-05 20:07:00\n" + "router-sig-ed25519 re8w0o9hmBdpenf9ifhETkcWriJG9sWXDpkogyA4lyQ9MDDrlT7C1IJyGI666ZctCS4lT/btn9/t2Omal4Y7AQ\n" + "published 2020-10-14 20:58:04\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "kV2CtArl1VF1nUSyHL00mO3nEdNxlQU5N7/hZNTd+45lej5Veb+6vb4ujelsFERJ\n" - "YoxwIs6SuKAR4orQytCL0e+GgZsrg8zGTveEtMX/+u//OcCwQBYEevR5duBZjVw/\n" - "yzpEHwdIdB2PPyDBLkf1VKnP7uDj059tXiQRWl7LXgE=\n" + "okoxxnCsf3+V7oKGbmIqiQf7uKDfHOFdamYFGXIFRysn8aZx+o0eMb3I7xlSQfyz\n" + "eXdw7m7zHMerCsMLPuWsPBzt9ZPzQ3yvOJWNezzSGtZm8CW/3vLbaxOfI88teIZT\n" + "GcqZzbrlvCspGvC2doxep6zQS3ApEdZWpF19/agq2kQ=\n" "-----END SIGNATURE-----\n" - "\n" ; -static const char EX_EI_ED_MISPLACED_SIG_FP[] = - "384E40A5DEED4AB1D8A74F1FCBDB18B7C24A8284"; +ATTR_UNUSED static const char EX_EI_ED_MISPLACED_SIG_FP[] = "3D9E654300A20118E237361CBBBBCFC71CA34BAD"; +ATTR_UNUSED static const char EX_EI_ED_MISPLACED_SIG_KEY[] = "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAK0HgOCG/6433VCrwz/vhk3cKmyOfenCp0GZ4DIUwPWt4DeyP4nTbN6T\n" - "1HJ1H8+hXC9bMuI4m43IWrzgLycQ9UaskUn372ZjHP9InPqHMJU6GQ7vZUe9Tgza\n" - "qnBdRPoxnrZzUOzlvatGrePt0hDiOZaMtDAkeEojFp9Wp2ZN7+tZAgMBAAE=\n" + "MIGJAoGBAMLLN1IOWTOw9I3FSQHW9YpDJu4Wdj51vZmXUS3bxxiPinMJo7caSMyy\n" + "fyRmgWhzkRKxDXAchBDcLqylvfYRFryIg/fh0zFC6IBvdkHezrJ07KSK4t4TU22I\n" + "6luR5LdfNvcAxs3bbHhajvpPeD2iQCcENWdRl5efgtJ8gOeGo0znAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" ; - diff --git a/src/test/example_extrainfo.template b/src/test/example_extrainfo.template new file mode 100644 index 0000000000..357bd30896 --- /dev/null +++ b/src/test/example_extrainfo.template @@ -0,0 +1,182 @@ +:::comment=this file is to be used with the makedescs.py utility +:::name=minimal +:::type=ei +extra-info HomersRelay {d.RSA_FINGERPRINT_NOSPACE} +identity-ed25519 +{d.ED_CERT} +published 2020-10-14 20:58:04 +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + + +:::name=maximal +:::type=ei +extra-info HomersRelay {d.RSA_FINGERPRINT_NOSPACE} +identity-ed25519 +{d.ED_CERT} +published 2020-10-14 20:58:04 +opt foobarbaz +read-history 900 1,2,3 +write-history 900 1,2,3 +dirreq-v2-ips 1 +dirreq-v3-ips 100 +dirreq-v3-reqs blahblah +dirreq-v2-share blahblah +dirreq-v3-share blahblah +dirreq-v2-resp djfkdj +dirreq-v3-resp djfkdj +dirreq-v2-direct-dl djfkdj +dirreq-v3-direct-dl djfkdj +dirreq-v2-tunneled-dl djfkdj +dirreq-v3-tunneled-dl djfkdj +dirreq-stats-end foobar +entry-ips jfsdfds +entry-stats-end ksdflkjfdkf +cell-stats-end FOO +cell-processed-cells FOO +cell-queued-cells FOO +cell-time-in-queue FOO +cell-circuits-per-decile FOO +exit-stats-end FOO +exit-kibibytes-written FOO +exit-kibibytes-read FOO +exit-streams-opened FOO +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + + +:::name=bad_sig1 +:::type=ei +extra-info HomersRelay {d.RSA_FINGERPRINT_NOSPACE} +identity-ed25519 +{d.ED_CERT} +published 2020-10-14 20:58:04 +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +-----BEGIN SIGNATURE----- +V3l9u1uUdGiUPOl8j+hXXw4z/ODeCj/24r2+L32MTjyfUhK49Ld2IlK9iZKlgKYi +zyoatxdAjU8Xc5WPX692HO4/R9CGLsUfYcEEFU2R3EA= +-----END SIGNATURE----- + +:::name=bad_sig2 +:::type=ei +extra-info HomersRelay {d.RSA_FINGERPRINT_NOSPACE} +identity-ed25519 +{d.ED_CERT} +published 2020-10-14 20:58:04 +router-sig-ed25519 X{d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + + +:::name=bad_nickname +:::type=ei +extra-info bobhasaverylongnameandidontthinkweshouldlethim {d.RSA_FINGERPRINT_NOSPACE} +identity-ed25519 +{d.ED_CERT} +published 2020-10-14 20:58:04 +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + + +:::name=bad_tokens +:::type=ei +extra-info HomersRelay {d.RSA_FINGERPRINT_NOSPACE} +identity-ed25519 +{d.ED_CERT} +published 2020-10-14 20:58:04 +published 2020-10-14 20:58:04 +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + + +:::name=bad_start +:::type=ei +identity-ed25519 +{d.ED_CERT} +published 2020-10-14 20:58:04 +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=bad_published +:::type=ei +extra-info HomersRelay {d.RSA_FINGERPRINT_NOSPACE} +identity-ed25519 +{d.ED_CERT} +published 2020-99-14 20:58:04 +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=ed_missing_sig +:::type=ei +extra-info HomersRelay {d.RSA_FINGERPRINT_NOSPACE} +identity-ed25519 +{d.ED_CERT} +published 2020-10-14 20:58:04 +router-signature +{d.RSA_SIGNATURE} + + +:::name=ed_missing_cert +:::type=ei +extra-info HomersRelay {d.RSA_FINGERPRINT_NOSPACE} +published 2020-10-14 20:58:04 +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + + + +:::name=ed_bad_cert1 +:::type=ei +extra-info HomersRelay {d.RSA_FINGERPRINT_NOSPACE} +identity-ed25519 +-----BEGIN PLAGICAL SPELL----- +aaaa +-----END PLAGICAL SPELL----- +published 2020-10-14 20:58:04 +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=ed_bad_cert2 +:::type=ei +extra-info HomersRelay {d.RSA_FINGERPRINT_NOSPACE} +identity-ed25519 +-----BEGIN ED25519 CERT----- +AQoABf55Acpw27GZBdwGCgawCj2F/DPadt8F/9DnEWywEew1Yi3qAOtLpCB8KXL7 +4w5deFW2RBg8qTondNSUvAmwYLbLjNXMmgA3+nkoJOP3fcmQMHz1jm5xzgs2lCVP +t5txApaBIA4= +-----END ED25519 CERT----- +published 2020-10-14 20:58:04 +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + + +:::name=ed_misplaced_cert +:::type=ei +extra-info HomersRelay {d.RSA_FINGERPRINT_NOSPACE} +published 2020-10-14 20:58:04 +identity-ed25519 +{d.ED_CERT} +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + + +:::name=ed_misplaced_sig +:::type=ei +extra-info HomersRelay {d.RSA_FINGERPRINT_NOSPACE} +identity-ed25519 +{d.ED_CERT} +router-sig-ed25519 {d.ED_SIGNATURE} +published 2020-10-14 20:58:04 +router-signature +{d.RSA_SIGNATURE} diff --git a/src/test/failing_routerdescs.inc b/src/test/failing_routerdescs.inc index e2b72c58a0..a612bf8b96 100644 --- a/src/test/failing_routerdescs.inc +++ b/src/test/failing_routerdescs.inc @@ -1,56 +1,100 @@ -/* This one actually succeeds */ +/* These entries are automatically generated by makedesc.py to make sure + * that their keys and signatures are right except when otherwise + * specified. */ + static const char EX_RI_MINIMAL[] = "router fred 127.0.0.1 9001 0 9002\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstQAbeja00FtmqpWPIF6GPZtoI0uBiRk7InZ3EV/8U/e1KRAQAgBADZeEW7\n" + "LYPn7S5mD4DnQpTVdns8xJtRboTtfqTs6nTpOwWV8+WI94ZME6k6T2FEChi/3qs8\n" + "VeCQIM2wW6rEQyUcQzFwqk9bks20K/8x/2vxGopxeAPpJ3glHYqweNM1ZAQ=\n" + "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAObzT4opT9uaThByupbb96tYxVpGxzL9CRPKUcU0beGpHyognD9USHWc\n" - "SpSpKfBL5P3xr2i/XTs34M4UTbT9PE7bVyxv7RD/BZmI4gc8R3PMU77xxbpEU5bK\n" - "LF3QUPpuB88m/2fXUGgMNVDc5MIq6pod2NRoDpeU7WA8T3ewXzK5AgMBAAE=\n" + "MIGJAoGBAL2WKwBXssq8ImAdp9VauVXKiKNPsW2ocRlEVsmTLc+R7KORI7ssMM33\n" + "1TV5fjKw9a7kSAVKWuthHlpYf8zVosEaECEon2K9zlKPzpGYTfIecKzMTZdjP4mR\n" + "Eo10yberjn0W9dRbqCM2Cq6ofJpz8du3o2hDCx4N880Fyr+G1or3AgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 2XhFuy2D5+0uZg+A50KU1XZ7PMSbUW6E7X6k7Op06Ts=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAM1QKsQiup9DNMCgNeE2FkAhCWzpMZKCn1nNlZbDGfE3Z22ex6bdWWY6\n" - "ocEZ3JZDsZsnaZrdYxrL3Mquq7MbHdfx90EdlOvDRP1SAIbZ55mLR77fZTu4BKd/\n" - "h9BC6I26uZE0QavFq3+BhoVVhVn5Mqv05nR9CeUMSSZLxw/RJm4DAgMBAAE=\n" + "MIGJAoGBANfuddZ47R/rAqf1vgryApzX6k3Lp4kfY8dgortrpeIY2AMrPPBrDc+r\n" + "TVBeKRtnlOUstHtZ6ZV9BNUUg1zd0+RlkITWlSRrKXDI8SskNh5RhyB6cYNyKmld\n" + "tpyTl1BCvqDb+5QHzNtuQ6zGfo2U2WqZarGEwb5edfPy5iMRNyNtAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key 2kTFTRb+2MmTBjlS9o1bD/1YGQSqYez46+ROA777jGw=\n" + "ntor-onion-key-crosscert 0\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABstQAdl4Rbstg+ftLmYPgOdClNV2ezzEm1FuhO1+pOzqdOk7AGsEQYwHCV65\n" + "YCx4fS6zYcrq/nMtz0EfoVyVBbBsRemZ4eXH+a5tOZf6uQDHwE2na8s1sdLB0LcJ\n" + "k4lxJJAT6wE=\n" + "-----END ED25519 CERT-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "1xp9J+HTe7Xz9otke8bGVo0jeTICkbV372X0x4r2Nlex+U4pNMI+H7r2VEn0xCa4\n" + "0Mv6huE9/oYVZL0/XgDNJKiYlzDTQvaabvb5teLc31O5AnFS6LvIo0FFflNvaoLE\n" + "6h/siROaO9/n3Y56hGNbkg/omkuRsv0+UddLjLxxs8Y=\n" + "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" + "router-sig-ed25519 WGGVwF/5vU7kD4U3N26vuh5cie0AQc+xmVeV4ikdhGOgChNqqVG5fRN8pl2x0wPJipC1aJwJf9GOamMChSP4Ag\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "Ft/y3JXowjItgfTHwYcZzuUgXrskluoINW5sr+GQoNYE2F4sT8o0tBBJwqJ6FwKd\n" - "fkIprv9UXqkv5iY+pXSYSI12mY1K5GMNkXiObk46NjuoNNP9l8oidhO6eNfcE+k3\n" - "CRIYS4FbBaD0fWUSwgMuo0Bp83/Wzp3B9ytEBh0/624=\n" - "-----END SIGNATURE-----\n"; - -/* So does this, and it's bigger. */ + "UQ4017wr2yQlu0wVBuLJlJLWudEGJ+9Z+ZiyJRCrsVauB1L2o+oCK5fsrQeKIWQM\n" + "PSJ2o1tXgHAxJixOoTu1tlWNdZeQGNYRh7N2IbRvtwZ1p7NwgM5cG7CCQ/JDiGGy\n" + "exMCOnyJpT2pD6KS2SEhbFe4nGxeUnmiJhSFsxAl9Q0=\n" + "-----END SIGNATURE-----\n" + ; static const char EX_RI_MAXIMAL[] = "router fred 127.0.0.1 9001 0 9002\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstQAcDfLx3m1n7Cd3ZUnm+i/fjYWdxZJ2OxffZTq+C5Qhh8AQAgBAD8rDLK\n" + "Vraijk0AAOo1CC2vJ+D+E5NwcwrOyKW9Q9wa17CXmHNUAw3LzqxT6RfoWtvKTNZ7\n" + "CtrLhi7vW4ypl9u0KC2DUofm2of/vmGDVeNqbe8EYWdvLnU284Xy6GCt6QQ=\n" + "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBANNI56H+b7SW5LMzvXyY5NJzXszsHZZ4O1CPm4CePhBsAz1r0s1JYJ1F\n" - "Anrc0mEcLtmj0c5+HnhPBNrfpjO6G94Wp3NZMVykHDhfNVDBRyFZMroG8/GlysYB\n" - "MQPGQYR0xBgiuclNHoyk/vygQhZekumamu2O86EIPcfg9LhGIgEbAgMBAAE=\n" + "MIGJAoGBAL0rYefTyz0UxOqvMHkcMN/Otd5PpHQeEOuEI0CwnIe1BaHP9Z3o2T7c\n" + "BoIkjYN4WWUss2ymcpFsikHO1/Qt7Jjeg0teLKeRk6kxoBeoXU3jH/XWIZQ72C0b\n" + "NDxIvm0ZO8hHXpXySbL7WdUE2FmPZA92+LI02PVh05FNdvPODnTBAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 /Kwyyla2oo5NAADqNQgtryfg/hOTcHMKzsilvUPcGtc=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBALvuNVSmg6R9USFbQcNbRjMCJAV0Rwdv0DlS6Rl02ibJgb01G7v391xE\n" - "d9Njzgf93n8gOrE195bkUbvS6k/DM3HFGgArq6q9AZ2LTbu3KbAYy1YPsSIh07kB\n" - "/8kkvRRGx37X9WGZU3j5VUEuzqI//xDE9lbanlnnFXpnb6ymehDJAgMBAAE=\n" + "MIGJAoGBANPEmrfTxh6KAokO33hjwdCG5VqwSRf8D85MF7as4WrqIvmq3l+yhX4N\n" + "rxBXU/oH2NHdkEJp+wDi3ec0U4RO3x5N3c+pkLJ7T3PzX2bqyhXw+M8KFH9OgV8R\n" + "uDjeZde+6/I78zf9c93N+44348otSnOIVJi7J2XcKc1nLEg+kaSVAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key XNNdSQl9M8leFmXQy8fR4LBWUpSMAq/5sVrm1gdBcUo=\n" + "ntor-onion-key-crosscert 0\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABstQAfysMspWtqKOTQAA6jUILa8n4P4Tk3BzCs7Ipb1D3BrXAHKPG/YoVIfa\n" + "3eEbf1Z5PTnWgUXAPjGnDsVwSRiO+L3cW55varIF4OzANq0YbBVk6DxuSKQRhitV\n" + "Em9uzK+n9gw=\n" + "-----END ED25519 CERT-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "pUhJD9GilzzJmZg7BKErxfjlqABZmV1/6U6MpquraNZy1q5/8Q/VMvVVyqkavLQd\n" + "ue3QrEr9bUCG7TcrNYkCS95D0+Pgigzwmrxd7Ry4eBZTwUbm+G2HYLVCFX6YMX2r\n" + "kkmsX8KYlVZxgkUPVsbTmjVjWxK9nRN9A7+8shNYzAQ=\n" + "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject 127.0.0.1:*\n" "accept *:80\n" "reject *:*\n" "ipv6-policy accept 80,100,101\n" - "ntor-onion-key s7rSohmz9SXn8WWh1EefTHIsWePthsEntQi0WL+ScVw\n" "uptime 1000\n" "hibernating 0\n" "unrecognized-keywords are just dandy in this format\n" "platform Tor 0.2.4.23 on a Banana PC Jr 6000 Series\n" "contact O.W.Jones\n" - "fingerprint CC43 DC8E 8C9E 3E6D 59CD 0399 2491 0C8C E1E4 50D2\n" + "fingerprint E9D3 2FC2 7674 5958 C315 803D BAF0 9EE5 C29C 3A0B\n" "read-history 900 1,2,3,4\n" "write-history 900 1,2,3,4\n" "extra-info-digest AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n" @@ -61,1509 +105,1431 @@ static const char EX_RI_MAXIMAL[] = "or-address [::1:2:3:4]:9999\n" "or-address 127.0.0.99:10000\n" "opt fred is a fine router\n" + "router-sig-ed25519 uBj+IWQchmSBwFO9m2wyaGL2jQ6mz7vx9bUxavKAWovIBtB8b3XCyxOfs7bYP5yXM5MYGcAb2FG0S7BS344pCw\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "x5cxL2h2UsEKk2OVnCTxOF8a89HAe/HwQnSlrBy8+l0YdVCcePDJhm1WyWU7ToHZ\n" - "K8auwreuw+u/n14sQHPYrM9NQE689hP4LC9AYOnrCnMHysfVqKuou+DSKYYRgs0D\n" - "ySCmJ9p+xekfmms+JBmS5o5DVo48VGlG0VksegoB264=\n" + "Y/kIU3v/wA0Uq2mwGyELOMiBqhU2ydgqJVtgH/0oXWvl3YTX3JJCP0lSCWTYFX8N\n" + "QZ6zlk9SCPcQ7etUFOZz7XNkDXChZCjRwK921+ko18b+6AK+OCZ1rTi8EepsgTGS\n" + "DicGNpmReRVQc9wGWyXsRYS0KBeRBB42gweZ6vlG+6w=\n" "-----END SIGNATURE-----\n" ; - -/* I've messed with 12 bits of the signature on this one */ static const char EX_RI_BAD_SIG1[] = "router fred 127.0.0.1 9001 0 9002\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstQAYXI0XoJPqR80XqwEbqmiOLL5CwG71dv+66mseJUGu+gAQAgBADAWmwm\n" + "dp+JZnolhz8FLdL6abtj+MRbcbhTTg5gDRdcSsc39Bf3UPkhUEhOtTn7tbyNXEtO\n" + "iPDCvdR8t4xBgOqDLnNygoqMdCsf2eNYR8hzxXF4zn/La20L4g3hRwX5OgA=\n" + "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAObzT4opT9uaThByupbb96tYxVpGxzL9CRPKUcU0beGpHyognD9USHWc\n" - "SpSpKfBL5P3xr2i/XTs34M4UTbT9PE7bVyxv7RD/BZmI4gc8R3PMU77xxbpEU5bK\n" - "LF3QUPpuB88m/2fXUGgMNVDc5MIq6pod2NRoDpeU7WA8T3ewXzK5AgMBAAE=\n" + "MIGJAoGBANhXTGXVE78ronMXn5Im4nML51N69oYpEjh3QqLCq7V19vNCnCbQjcRT\n" + "1zHEpL2+HIBHGW7r4phYtq6jRrPOkRk+9A43KMbyYUX8I6Zx/DrryYWKOyZi5Gh0\n" + "9VmIp8uwL3oD2icNTIkvAZQ2N2EkMeqkHeqLvHhotDgNvWmOW2+lAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 wFpsJnafiWZ6JYc/BS3S+mm7Y/jEW3G4U04OYA0XXEo=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAM1QKsQiup9DNMCgNeE2FkAhCWzpMZKCn1nNlZbDGfE3Z22ex6bdWWY6\n" - "ocEZ3JZDsZsnaZrdYxrL3Mquq7MbHdfx90EdlOvDRP1SAIbZ55mLR77fZTu4BKd/\n" - "h9BC6I26uZE0QavFq3+BhoVVhVn5Mqv05nR9CeUMSSZLxw/RJm4DAgMBAAE=\n" + "MIGJAoGBAMAXX3EzjnH+PyThsoj9klX/WZRWSOzzCEKWu4+galdvzex4BRLnFjQd\n" + "RWRPcu6jd4eT+niaf0xacmDZuUlObhH0KdMx85JV1DfIO+LicGXwf+A8capCMsdT\n" + "E+ZRv+myozxvtYF5dXWWfBtb/HGyLBGP7LbiFM1a9Fy/opdCPI+/AgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key LzriIs6B1YnUXISLCa0Ncgol4tt9coK0TlsyH9L8oyg=\n" + "ntor-onion-key-crosscert 1\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABstQAcBabCZ2n4lmeiWHPwUt0vppu2P4xFtxuFNODmANF1xKABvGX+C/nEsG\n" + "zqV/hrnqlfA/+3Pslp9+uPNs7nuq/gfsVlIjcOMcH1wpun1LxJ4CfaHbRoV9Azjm\n" + "AbJ4+sLFxgk=\n" + "-----END ED25519 CERT-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "CLhxMDL3CG8PG1UADvY604uoSwWZ5qDmlHLBc2FkJvdpP/wzovI615W+ew/DA/Jp\n" + "i5eHenjefH7LSfzGV1ZbjMZpRASqyHBsyl5nhOUEijRYlRi/LCsJutnOve6rJGfh\n" + "dedKLdeCqplto7xhROxvZcqhpwJTC+iJ4ghM4Xcg8Sk=\n" + "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" + "router-sig-ed25519 stCTjuw9egedA5hdDe1PQoljcLW3Fsg2ZYR3mre1moOd3mxTDI1Hz4uN+ZEDjedG4BNjDNcFY3qDS71Bs5cqDA\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "Ft/y3JXowjItgfTHwYcZzuUgXrskluoINW5sr+GQoNYE2F4sT8o0tBBJwqJ6FwKd\n" - "fkIprv9UXqkv5iY+pXSYXX12mY1K5GMNkXiObk46NjuoNNP9l8oidhO6eNfcE+k3\n" - "CRIYS4FbBaD0fWUSwgMuo0Bp83/Wzp3B9ytEBh0/624=\n" - "-----END SIGNATURE-----\n"; - -/* This is a good signature of the wrong data: I changed 'published' */ -static const char EX_RI_BAD_SIG2[] = - "router fred 127.0.0.1 9001 0 9002\n" - "signing-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAObzT4opT9uaThByupbb96tYxVpGxzL9CRPKUcU0beGpHyognD9USHWc\n" - "SpSpKfBL5P3xr2i/XTs34M4UTbT9PE7bVyxv7RD/BZmI4gc8R3PMU77xxbpEU5bK\n" - "LF3QUPpuB88m/2fXUGgMNVDc5MIq6pod2NRoDpeU7WA8T3ewXzK5AgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "onion-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAM1QKsQiup9DNMCgNeE2FkAhCWzpMZKCn1nNlZbDGfE3Z22ex6bdWWY6\n" - "ocEZ3JZDsZsnaZrdYxrL3Mquq7MbHdfx90EdlOvDRP1SAIbZ55mLR77fZTu4BKd/\n" - "h9BC6I26uZE0QavFq3+BhoVVhVn5Mqv05nR9CeUMSSZLxw/RJm4DAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "published 2014-10-05 12:00:01\n" - "bandwidth 1000 1000 1000\n" - "reject *:*\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "Ft/y3JXowjItgfTHwYcZzuUgXrskluoINW5sr+GQoNYE2F4sT8o0tBBJwqJ6FwKd\n" - "fkIprv9UXqkv5iY+pXSYSI12mY1K5GMNkXiObk46NjuoNNP9l8oidhO6eNfcE+k3\n" - "CRIYS4FbBaD0fWUSwgMuo0Bp83/Wzp3B9ytEBh0/624=\n" - "-----END SIGNATURE-----\n"; - -/* This one will fail while tokenizing the first line. */ + "aV5gqy5fTtsrdntTPRPGdeN376lXK+blHJuqbAL0WQ7XaMB4r+F8/whFu0cObOqD\n" + "AqAhxkcMu721iYCkUNQvhc3FDou2i1mBJFDrhZEtux/2aXODIMG+OPdDUCyBqeQR\n" + "oYLLfLR4ZZic1tlBFRRNdtXGF2SHeIM052F7PbeJz2A=\n" + "-----END SIGNATURE-----\n" + ; static const char EX_RI_BAD_TOKENS[] = "router bob\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstQAY1Po0v0V6qx88GtnuvL+A1OgBABUAjtKSNXR3ZZbB7BAQAgBADilhyL\n" + "8kQhWtuPIYxVEQNYAqH/zZCGy7Dj84NEHauI7RaK3GtpbxrIKsMV6oIjyabSSwck\n" + "lTBMZ21/EQERwvzyJC6XhSbPIWjI2MpZa5zez+RueZuGhOfqPDidE3sJUA8=\n" + "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBANGCgvZc+JRtAzuzk3gBD2rH9SHrXzjJ1wqdU3tLKr7FamKCMI2pLwSA\n" - "FZUpTuSqB9wJ/iVcYws+/kA3FjLqgPtzJFI0SVLvQcz5oIC1rEWpuP6t88duMlO9\n" - "flOUzmYu29sBffrXkQr8pesYvakyXArOJVeRR7fSvouneV5aDYWrAgMBAAE=\n" + "MIGJAoGBAOMS5ORipGxb7cm0JEUMxbTh6Jj8t2fMSC4sSAEWtScFVSa5Lc9duuPO\n" + "QFRBMFSN7JPp7yv4MiQ/7UWQbm8KeSHwTdLJAaU9IaK8We0oQYPrW5qjHZGexYBu\n" + "xy27uSSerxMnk9tulG/AGLQUwTaVVzMZKswvvx4Rerk1QBVQKAzhAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 4pYci/JEIVrbjyGMVREDWAKh/82Qhsuw4/ODRB2riO0=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAML+pYZoYc+whKLijupd63xn0gzlEQqe7k07x/lWMqWFT37FfG6YeNr5\n" - "fpFoo77FDfuFaL+VfPfI8i88g157hcPKBVX6OyRH54+l5By0tN91S0H+abXjXQpv\n" - "U/Bvmul+5QpUeVJa1nPg71HRIauoDnBNexUQ7Xf/Bwb2xCt+IJ6DAgMBAAE=\n" + "MIGJAoGBANEtuNrjt+lqyvpAOhb1KgoZrtHOVsgvxbQxntUFWxNFWDu0pQ1oeD2Z\n" + "sKK1LchHdDAZMo5Hx6Kph8zYtrOW5lP1uo8Q2UfZfkUvmMFWFzPE60Sw7OHW0emI\n" + "53qvAsaKcGkqjH7/BqkNhoz+Z7kPrp1hj3bzPJL2WRwl5Oc5v0EDAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key /O0T65ZXDCLznQB8kW5e24GfH5Ep1Hp8Wn72d7MLKHc=\n" + "ntor-onion-key-crosscert 1\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABstQAeKWHIvyRCFa248hjFURA1gCof/NkIbLsOPzg0Qdq4jtALHBaxDDFa82\n" + "TnVkxKLU/OQ+b8w1OFtaphO6OUPnF9TCuxcL1Q7uEyD8aVpgSHs6+vAsGEA/iYjV\n" + "qNRsst8dAwQ=\n" + "-----END ED25519 CERT-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "ILLtKDOLTh4o9trasbxFq0mXfZylPyo3CBjYwZlrSONma9vLmjVob6uU4hugoL9V\n" + "Ti5+GgkfNszCiyDJfTkZtL57HtnbHEF6xrMcVDF4j3/ChJR4leaE9IiT2i2Qqe/k\n" + "pQVThYaTVooBjuuenqqduGdkQD0sWR0Nd9sormczWbg=\n" + "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" + "router-sig-ed25519 B/2mFc4gjSmcRguwheihVNruRrqjWWULorDNIIbF2eIER8ZG5DMiG9x57dKf68ga1MeL2Jx6BLhvIHpBxdloBA\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "tbxtYYzyVqi6w6jz1k8NPjFvZaSNR0WzixVTTvKKGoMPx/6+Z8QAFK1ILzRUVucB\n" - "nRhmZMFaPr3vREMErLRE47ODAzwoBCE9C+vYFvROhgfzuQ3cYXla+4sMaRXYZzjH\n" - "PQ82bTwvSbHsR8fTTgePD/Ac082WxXTGpx6HOLBfNsQ=\n" + "ymrdXf4aSaFDb5Qy39rn8u97kKqzs5HZ62dCWLHDyfewUSyNilg7Wt11v4cs7l/7\n" + "zizuBHz0Y4E8d6rdoO4PP9KBWFnpcIblaPC5f/SLnNyP93Z6H55gzm1fvTU9cTZM\n" + "zKSyCKiUSYpHba5jO70pyR0uOHeu6QhnuphxEN7/KOc=\n" "-----END SIGNATURE-----\n" ; - static const char EX_RI_BAD_PUBLISHED[] = "router fred 127.0.0.1 9001 0 9002\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstQAdYwLWzkkORAf4oCu7/DXxkHqpAuz/6kHURFX99fxos7AQAgBACvXQAY\n" + "eQLaT3/Y512bMp/QFMwqhb3LZJrdQaamSfIkpeQgxtDmcMb2pzU4Qvq34qyBON0z\n" + "3yqEUA8PkjK8F/tCayXzftZIMn88qna4OWtytpnRI+qhfkZ2qeCcsXKCTAE=\n" + "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMoipSwZgTG6SpSOm6ENbyALS1Ljqqa1LSGmtHSRfGYgUQGWZXERXKQj\n" - "P5ql6o7EbGr1wnispGW/KB8Age09jGDvd/oGhQ9TDFluhLZon3obkZSFw7f9iA7Q\n" - "s29rNxoeXXLZVyS7+sux70b8x2Dt4CeG8GA8nQLljy1euwU+qYYJAgMBAAE=\n" + "MIGJAoGBALoFN+2xSVUeUDh9zMC5O3MRa3T3hS1Uiw0KMgai6TXM4vYvIva5Hsmf\n" + "jkD5eERRn9NvYF+dVM6mZqUsra93Q0P93WJjSS0V9Hi4KERAZEJYXpdOq6xwF2A0\n" + "fy7AfcxrARjk6Scjqq4WRdWJ80F7fmtRC2aJQx9hrsoYJUylkzc9AgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 r10AGHkC2k9/2OddmzKf0BTMKoW9y2Sa3UGmpknyJKU=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAPzfzQ+2WFMUvnB3z0xD+zwczWcFyYYNW8Lj7/aRGSNN2DICp5uzSjKq\n" - "qkYQ+C8jG21+MR2PE+ZBmq6CL5mvlFKlWKouXUlN7BejwWf2gw0UYag0SYctae1b\n" - "bu8NuUEvdeGWg5Odgs+abH7U9S0hEtjKrmE5vvJS5L841IcaPLCFAgMBAAE=\n" + "MIGJAoGBALKTuo70dMO6xF89bE/ke4IkN2V9t49UtSI+X607oul59J32YEjCdhOh\n" + "mGDw9c/IpUg/fC6yyhNxrVJttKHju3bcHqMTMbkjvyQcEqRRR3f8i5YNmLj3bNxc\n" + "vyom0RpyUopuVUx3IFhd1R3MkBVLjMVYOu9zpre8PnDeEtjFNpZlAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key v6c+IGW5pPiYjt/7EUjzO5VAEYETPAAr/qGw3H/N6AE=\n" + "ntor-onion-key-crosscert 1\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABstQAa9dABh5AtpPf9jnXZsyn9AUzCqFvctkmt1BpqZJ8iSlAEzibhI3GhEl\n" + "AuLAGw9oa+6KcgVuJb77xBj/9uezeCXCkiPDA6HPjhLsBGlZTchRSZ2CNnRkMB5I\n" + "phz7u5XhWgE=\n" + "-----END ED25519 CERT-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "lyaSCIaSAW5R09tUtkwRvJBDYgCGq2zbgO3hkG8L0XoUAjBU+VyGdqUeWwt3mMeH\n" + "nzOTa+oiO4uGbCic8nMXSQMeSD8X1uLTDn5w1QgJlGbJP0nfJyHPzFafIMKPYe9u\n" + "bUWThv2WwfygfZLpm9Vtg+wOuCf6CEPUekBtV/mzDkw=\n" + "-----END CROSSCERT-----\n" "published 2014-10-05 99:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" + "router-sig-ed25519 4VtXGU7x0OmWCijvK6CGTrKEtEqmbfwau2oIWfmX2anU7rWKrHp29HlBljK62cso22ODdfjDA9xOIUF3/Rx2BA\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "G92pnwCIXGJ9Q0fI9y4m/fHpWCsD0Hnk81/6T4TmRH3jt77fc0uRdomUOC5id4kz\n" - "J2M4vqXwRs5OK+eaPbtxf8Yv6FPmB3OBNCIhwNHIIqzKQStHUhPxD3P6j8uJFwot\n" - "/CNGciDN+owZ2DzwrXpszDfzcyp/nmwhApbi3W601vY=\n" + "CLIS6weTFUdRmbZQXuu6084omWxMbVmbbEvVZcgxNJdFA1Kjj5XLLw4xU9710FHH\n" + "FHqftfs5e483aw3ge/A44L03JL6aUeeQiRU7+A4daLq2h+pw7sTM5CzB9nQYMaQQ\n" + "1PyCDtVGLPXlFcNyVsJV135RplESfC/SMOJCdqqErew=\n" "-----END SIGNATURE-----\n" ; - -/* Bandwidth field isn't an integer. */ static const char EX_RI_BAD_BANDWIDTH[] = "router fred 127.0.0.1 9001 0 9002\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstQAaUhoYyIeOU1shTEDUP1aHQqyxQrwwVfEQgqR30hmhxgAQAgBAD/v+wN\n" + "v7f62EeJZlcfrx3ar1tVPwbYg+tr8nI6vAsfZ5CnHu+tFZwH/z8wYr99xeLNE1WM\n" + "PSS5gecVO5O/dmX2prMLZC+3+wTUNPMPhUeZEalQQmqtm1Lf132P7jQIpQY=\n" + "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAN32LAvXQaq0p554FcL4LVwnxyiZvscfuFnfpXwWTDRJJHd2+JCttWIx\n" - "v+eW7dNq+rq/tzSzaZwnp8b4V2skLRojSt6UUHD234eZcsPwUNhSr0y1eMuoZbnV\n" - "UBBPevpuXea85aSFEXXRlIpQfvFc43y3/UFoRzo5iMPqReo2uQ4BAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "onion-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMBuF1GvOyVcRDNjzlEmGHJkTA7qkaWgTp33NSY/DPEJoahg0Qswuh2w\n" - "1YCBqem6Txp+/Vl9hoUoUGwb7Vwq0+YDMSyr0z3Ih2NcNjOMZPVtjJuv+3wXrQC8\n" - "LPpCpfU9m9QvhQ7f9zprEqUHOQTT0v5j2a5bpfd++6LFxrMUNwbfAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "published 2014-10-05 12:00:00\n" - "bandwidth hello world today\n" - "reject *:*\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "svABTGDNJOgaiPLqDlkRU6ldYJcoEe2qHlr4O30lVM2hS3Gg6o4QARL7QRt7VepT\n" - "SruR6pE83xOr7/5Ijq5PlamS4WtODMJSH3DXT2hM5dYYrEX5jsJNZTQ+cYwPQI3y\n" - "ykuvQIutH6ipz5MYc9n0GWAzDjLq1G8wlcEfFXQLD10=\n" - "-----END SIGNATURE-----\n" - ; - -/* Onion key is actually a signature. */ -static const char EX_RI_BAD_ONIONKEY1[] = - "router fred 127.0.0.1 9001 0 9002\n" - "signing-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBANByIdFOKA3r2nnWyLjdZE8oGHqJE62T1zjW/nsCzCJQ8/kBMRYeGDu4\n" - "SeUJJ2rsh2t3PNzkqJM14f4DKmc2q76STsOW0Zcj70Bjhxb9r/OfyELVsi+x3CsE\n" - "Zo/W4JtdlVFjqevhODJdyFNLKOvqwG7sZo/K++Hx01Iu0zXLeg8nAgMBAAE=\n" + "MIGJAoGBAMJ1zsaN0EPSavqoy/FCS/fbm4MYJFcawEbMmB6mh0cQSR5koddyHeFO\n" + "eQZAs9kAPgSOU7Ka1eMTJEZxYqOY3vsqUojdwqV4KGsSaWhPck74D0pZBEK6iaXP\n" + "5R7dfo4Z/msPV0w7lWRkgn1WXCEq9Z6RXeW+82kZlq4tgQtwh3xvAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 /7/sDb+3+thHiWZXH68d2q9bVT8G2IPra/JyOrwLH2c=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "svABTGDNJOgaiPLqDlkRU6ldYJcoEe2qHlr4O30lVM2hS3Gg6o4QARL7QRt7VepT\n" - "SruR6pE83xOr7/5Ijq5PlamS4WtODMJSH3DXT2hM5dYYrEX5jsJNZTQ+cYwPQI3y\n" - "ykuvQIutH6ipz5MYc9n0GWAzDjLq1G8wlcEfFXQLD10=\n" + "MIGJAoGBAKmq+DEg6AMhSUN7MFblSU3TcDg6fpmHANdELEKKIfSTu0uzjqpctZ8J\n" + "GY0BHAFx/ckd3Sz6MFYo6UYgsKw93349DFG8KNTwxZH6ZvD1MhLQf1YcT2GRxGIZ\n" + "lnisR0FRM8sw1d6gWd69wet9McE0+2BwsD2HgZDmHG5IZfNBq02tAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key 5VBTNKFPXQyw/SIdNg7zgW/pXqTh+VKIo8kObZQU5Go=\n" + "ntor-onion-key-crosscert 0\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABstQAf+/7A2/t/rYR4lmVx+vHdqvW1U/BtiD62vycjq8Cx9nAASWPz85p2Es\n" + "QOD8JH26Zc5NWVauFqaTtoOrUnddgpfabhbugZ8jugBc47D9SJhkIMp3EfC6GlPw\n" + "W3vOM1ovpA0=\n" + "-----END ED25519 CERT-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "HY3nfEgabs7A4X1xrKk+4aIZGhrXycSXVaS7Xth0WogrNhK342+OfFkl9VdhYDpF\n" + "SLAw54Vu4M9t18fQtDPaVANujrsvdItkm9YEnOATgXR4vFqBDWXO6NJjMpnmkpYR\n" + "6OdOu2FpKi5K+WYuUUrkabeXdykPP11rmLx8QGfXKng=\n" + "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" - "bandwidth 1000 1000 1000\n" + "bandwidth why hello there\n" + "proto Link=5\n" "reject *:*\n" + "router-sig-ed25519 W6O58DzFB5fa36RszIIcRUgLD5M/7CeVEXPjgfn/SVn2EXz2TMzTqZvJpEMSDWx++ZDvQ4x9VCZB35Rvu2SZBw\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "Cc/Y22KFvxXPXZtjvGIyQdjm4EMhXVXJEBwt8PvK7qlO1AgiVjEBPkUrTQQ/paLQ\n" - "lmeCN6jEVcZ8lNiVZgzRQ/2mTO3xLBPj26UNSDuouUwZ01tZ4wPENylNYnLKv5hg\n" - "gYARg/nXEJiTVe9LHl99Hr9EWWruRG2wFQjjTILaWzI=\n" + "tDz9zY+0EzMa7m33Bu6D1GApdsSh06uoVGKpbXT2FqQEa/Pl3xdkNURNIlqMqupi\n" + "riyUaVud31+fQtkqV+KpAHBYCfKN6eT6KGloocCx8eK/w22+O/vAnF9wviDJLcg5\n" + "q5LyGgs6ZGO6x9VfOScemj8BRjBQ5ro4MRyzSekm3ew=\n" "-----END SIGNATURE-----\n" ; - -/* Onion key has exponent 3 */ -static const char EX_RI_BAD_ONIONKEY2[] = +static const char EX_RI_BAD_ONIONKEY[] = "router fred 127.0.0.1 9001 0 9002\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstQAW1xClFKHwnXFI+597t7/uU2mng7CGM9sc7FRKee3UlfAQAgBACPfVQl\n" + "9cApxwShdfQ9+w4Akbp+zzrxQjJLwq0Qe7qvKgyl7u1hWyJH/aguIbkCQDPhDUsj\n" + "Mc5xVdNamPsWuPRIyxKJLQ9+bhJtUeI3SYc0BwMCUzP4a4EkqeGvvbOEvw0=\n" + "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAKP1kWHsH/BZhNSZmn0FyzIrAHtMl1IVPzc7ABbx+kK+IIEMD9k1fy2h\n" - "AP2JTm2UmJDUwutVxPsxmndI+9QsRDpu33E5Ai4U1Rb6Qu+2BRj43YAyg414caIu\n" - "J5LLn6bOzt7gtz0+q69WHbnwgI4zUgUbwYpwoB7k0dRY97xip9fHAgMBAAE=\n" + "MIGJAoGBALiWTCyh2ZwplM4DQDwQ1DKVmTInxsuILLmv8DATTZXyMhsBnHf7UPTf\n" + "qYZz78V/bW5JSluXYPaLvt1ZteZelLAabbaTl9ezmH0unaXQ7K4lE+Ige/rA0Vfj\n" + "YKF/MLdSsEeFj8pAomQvaqUoBgByGHz+eLLVcSAGTvl8hiEXTBSjAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 j31UJfXAKccEoXX0PfsOAJG6fs868UIyS8KtEHu6ryo=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" "MIGHAoGBANBKlyoqApWzG7UzmXcxhXM4T370FbN1edPbw4WAczBDXJslXCU9Xk1r\n" "fKfoi/+WiTGvH7RcZWPm7wnThq2u2EAO/IPPcLE9cshLBkK28EvDg5K/WsYedbY9\n" - "1Gou+7ZSwMEPv2b13c7eWnSW1YvFa64pVDKu2sKnIjX6Bm0HZGbXAgED\n" + "1Gou+7ZSwMEPv2b13c7eWnSW1YvFa64pVDKu2sKnIjX6Bm0HZGbXAgED=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key wIOhItdhRuyT0Feij9xNXTEPuV9mE6fXU8Y6l1Mjjx4=\n" + "ntor-onion-key-crosscert 1\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABstQAY99VCX1wCnHBKF19D37DgCRun7POvFCMkvCrRB7uq8qAEYfc9irhCYM\n" + "WseTLWwjMSClI277sp1lzy1Y7PN/tlQqZkG1mRcGELYARY1cWkj4b2G09oKY41TF\n" + "1+EG5BTCSA4=\n" + "-----END ED25519 CERT-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "E/Sq3MBmp6wnl6QQXI9pt+B2cGzepUMuOvb+v9tN0+YHE81VRHzXORq6kEVRvc5e\n" + "t/7qpynQ9QcsPMfPHr/6hFJMHvBKJAKl4ulbdy+dIkKSiwhgp1bXqUV9GoUjDAHy\n" + "fw1CA6oKififqoMVqZN6infAVIo7yl6OPAhY1yZLIMI=\n" + "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" + "router-sig-ed25519 Iw6AuWlz9lT69zV9UjBWiPrenfnuTITlv0YxJlJ00k2kzQTKOTcbEBYrqbm1uDWzgcLqtw2BI48V/VpE9JzFAA\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "cYcBOlapA+R4xq3nn5CjpnzNXdDArMlHuXv4MairjleF1n755ecH8A/R8YIc2ioV\n" - "n/C1TACzFVQ12Q9P3iikVOjIXNxYzaz4Lm/L/Lq4sEOPRJC38QEXeIHEaeM51lE6\n" - "p6kCqXcGu/51p5vAFCSiXI1ciucmx93N+TH1yGKRLV0=\n" + "U15TJrcDOWr7qwtZH46wpAfSZlN/oinnf0a1wPEYQvHditLj6WgH9p4/r0BT8dI1\n" + "hi1Y6KWZhMx7/Qwq/MyigMeQelHV2caiWEySKqqfxfa7yore5+ismj0quBTCJaWv\n" + "3sM4zWkwaVPvTNtz1btsJYkEKWG3NvPNcZHpxZr2dj4=\n" "-----END SIGNATURE-----\n" ; - static const char EX_RI_BAD_PORTS[] = "router fred 127.0.0.1 900001 0 9002\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstQAfb3eBF1wYkkPlk5AHyDmRwtEQDfd7pzfAYRcInfzwnvAQAgBABFNYwJ\n" + "gZyXCSt9SbuYCDYXpKt4cPuAW9BCmRHABo7BUcRuOWtfVn0zH5qs4V3490Anu8p6\n" + "KHYDAiAS2gfcnTc2OCz1iw1rY1egGjH5+uUIjckdftghs4QOghLVmyUSHQM=\n" + "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBANVi/MVWhzT5uo3Jxw4ElS7UGmA24dnckdkCLetMhZOcE9e9mg4WcImL\n" - "NuBe2L/9YaL4PFVchCGlq73phKG6yFdqJdjDV8Qh9MJdAYWW2ORrjRvCrspPaYPN\n" - "BGJrkD2Gd4u3sq7f26TIkzmBx0Acd/FD4PQf8+XOt9YYd36ooS4vAgMBAAE=\n" + "MIGJAoGBANKi30IsA+x93+fyVJjP8IC3iF8TWe4lJsYbTCvfcJa0+j/GSPLdxClT\n" + "AT4QJkNCNgZcJmo1QqiFAUZHeWs7kKhlSyQT7YLrpSlnjRIBwPBn8ddAY/X67tpS\n" + "eXAiWzhpEuzHgle3nCQMlYNUQJp0Yyj6UvK9SiD9B/WCs/ICmWzDAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 RTWMCYGclwkrfUm7mAg2F6SreHD7gFvQQpkRwAaOwVE=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBALtP4cIpAYp9nqo1ak4SxALcndFw4o51U36R4oa+uJS/lYQPHkMMOj6K\n" - "+AVnj9sxkDJ1POaU5lsCQ5JPG1t+Tkh7vDlJb6RCUy25vJOuaQCb9GVVY7KQTJqA\n" - "E0fU73JdKACNjMlbF36aliQhrG4Fq2Uv+y7yp8qsRxQ8jvzEMES/AgMBAAE=\n" + "MIGJAoGBALpZKULTdehX4/NbsioiJ6i3m5YiUe0iKpRnx51VkFOd0HaRdfY1AEyo\n" + "FSQtRBYgzugvd6RnWknzcl5r3f38irYS1aAidS4fkTBq1Ce58Yx5iiaHIjylrFlH\n" + "3f9N9m/mny5l0QgGvqI+dl94/zr80hDDSxrlH7eIvcIa+BuoTfdNAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key qR1PUvc7ky3rgJ6mWwjNo1aAQZsFZDsJHVy8akTgHls=\n" + "ntor-onion-key-crosscert 0\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABstQAUU1jAmBnJcJK31Ju5gINhekq3hw+4Bb0EKZEcAGjsFRABHNkPpYhab0\n" + "ehvtfFPDt90wzDnWsebaqe6EZe+bPSrZCGGDMjgs/1VajEK09zH0FV/F3d5B+XYw\n" + "YegiFba6mwE=\n" + "-----END ED25519 CERT-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "QJCikM5x69I4ErNhwwLTGZ8utGy9P5NjAK+T1BgPOkJJJTzLWz/t5AhLUorAmvC3\n" + "fa4byUrVFX8wO6bmnMINaBDVPVlVVcWp2fclI7f9l8q/oCp1GKdmYnyky2RxoXoK\n" + "qJBi5CnLCRjpaO36Y4OeUld5jr3gzezDmkD7YQLtzAc=\n" + "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" + "router-sig-ed25519 9tBjrFWWzCXx3ZUUgDHXykKsi+9sOoSYBneo+QZMtgWPJnYH16sT4eAQ0Y0PYd7OlXOZvOB5u3JX/yCujJpnCA\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "xzu2T+pMZtdsS5q1cwXM2hMIH2c8mpAV31G2hKIuiQRwtPD1ne4iJsnoVCXhFakd\n" - "QTq7eTXM174fGWyIT93wvQx/Uqnp29dGZp/VaNOsxHFdYVB4VIVqkBh757h+PSJ+\n" - "VNV5JUm4XQ1QbmniJGdTQp4PLBM++fOXMR3ZNd6rt4o=\n" + "AKtLxm4FGx5TawJi8kKQL5X8SyQTcDoyHXM+MH8SGjsx3tq560HCK+SGSeoWayGa\n" + "s69aHl0nUmH5UMnDOdiWPZqzTi+K5kmO3ik3zkSZQ7/XsUMl+o6In3OkxQrqL7ka\n" + "Xdqh3Zz3MT5DE6LBvTSRjnET1Bocfx2+bqkYpUEpxyo=\n" "-----END SIGNATURE-----\n" ; static const char EX_RI_NEG_BANDWIDTH[] = - "router fred 100.127.0.0.1 9001 0 9002\n" + "router fred 127.0.0.1 9001 0 9002\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstQAbfU59VhOWlweNlw/DQgCRjBh7EtF0hewpRHsuiVKUnTAQAgBABEV12f\n" + "2PB6QzHgt/bGosT8rLoBpR16XSi8aqCdurCvr4niKEyudgp+d1h3J8UyB7stQ6T7\n" + "qaKCyhXg4v96Rctc8nbi/2HMWvPj+wUqc8ArTrVSH8b3XPijrBU1RLTeFgU=\n" + "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMCG/ZCXNCF02uXRSCP7qWBN75jDMQZ363ubnQWhF9KDDNWWiwj3UiZR\n" - "zqsM4zKRgjtarWZvp2qxKABFAODd+j9iq5DvUGRbbXv+aR8TT/ifMtwwxHZQBk1F\n" - "1hbsLdwWzGIiyz5k2MVhXnt6JTlklH2hgT++gt9YTHYKxkssaq5TAgMBAAE=\n" + "MIGJAoGBAMTLuiE+qY3Msi3rgMQ6/jLJu3JyunkZ1MqMTgdqwLi7kPTQHUKg15v+\n" + "6xUpEJG9lgdn55OKx4EWda0nntm+TvmPg32ijgX9+hfmQ/euy/kgfrFkN23JAa3k\n" + "myqNj9p/LcUML3QFHi7V0mQkcNvXPKOQ001JqW78EGxBccuFQcP7AgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 RFddn9jwekMx4Lf2xqLE/Ky6AaUdel0ovGqgnbqwr68=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAM3vk/4kOTB1VXrve29JeHOzNUsPwKruBcjxJf+aatxjf6KO2/RW41bM\n" - "gRYq9V7VAYeZTsbS727fy03F5rk3QIBhMJxm9FHatQ6rT/iEDD4Q1UZQsNtm+OLf\n" - "/TkZZhgfB3MiDQ4ld/+GKd7qww8HXTE+m/g1rXNyZPKozn8K7YUHAgMBAAE=\n" + "MIGJAoGBANKNi9dzOok4QWBoT//XU/ok0UySUyZH41gNH5AM1kCMC34DNvfcTnHb\n" + "KG57vyi9fUBQPpg6dOTav0feit8v6Mm18v0P1dMUzeFiiu3HjEeoEhpfCRyUGbtd\n" + "LSaLLyLrFbM0Ejhh/DJXOdtSKBdPCgdRGceq3z1zihVvqOypm5eDAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key cGIQnSfgCDYXatS8Iiu7MN8iLAoFVageRdeDYd6Y4SM=\n" + "ntor-onion-key-crosscert 1\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABstQAURXXZ/Y8HpDMeC39saixPysugGlHXpdKLxqoJ26sK+vAC2ouHrvGEya\n" + "blACfJBgviThszToS+i4ohSdWOXVEvXflIQPjttaduf6+B6YwLTcXnmCVDEq8Z0o\n" + "Qc1FSGXkLgw=\n" + "-----END ED25519 CERT-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "CN6jEFhWkQ3j46kbqRgfH5ngz6exkJj000887E7oinmWITJyVA2oX75NeU4uNdt+\n" + "Qrv7bjQIvKyJ+ThzW+E6lNoDbd2Nb+9TkK25tOO7QEzWMOeG2ASvI9NOVlzOktIh\n" + "w80DXx5kYgYQ3diDC136rkU4BBdnQDX5aryIqvhESEs=\n" + "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 -1000 1000\n" + "proto Link=5\n" "reject *:*\n" + "router-sig-ed25519 GN+uBj6dVw//1wQfItXo//CCQxgse+Ch45REa7XrJaJJHlThviicTmYL6gH4Ft76n6QElNppbys7MJpL/KuNDQ\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "bUBBZYZWqCbsH4/7fNXtC/HgIZNGOfDF9v4d9YfKaDs5xDYf2o67hRcwx5imhrgC\n" - "IU7n9AI4AGxkFoN6g3Y/t4pqebxdkF678rRDCtrlwwreAiUktgrwnetp9Tpo16xj\n" - "V7Uf6LcqQdvu78lRh1dsrY78sf7sb90vusFMPLXGUKM=\n" + "h0ksY36ssG9o8ypJM9gedjDsw816vTOKhiJfaiC/jDdj95aflz3C/WfVviwVPrru\n" + "2ThlVuJqESbBykEsW7zBQxJzR3m+1xo3aGpyK37pHx2M7Ys1NkxravfvTw2MVe2C\n" + "ZSORjIQZirKTNq9OAPF6h/xxiRvI1tlvMBN6bfeyVe8=\n" "-----END SIGNATURE-----\n" ; static const char EX_RI_BAD_IP[] = "router fred 100.127.0.0.1 9001 0 9002\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstQAXBpI4NGHpiYtqH9QSueuPqjGjV+NwTGv1Wr7AAEr/lAAQAgBABzxwnC\n" + "88ko/02rKCpajAup4icjbr7R2Yzj4i3/d36G8LmUMVTI8TRIwjV9CMQehqfNWMq7\n" + "Cmm5b79vpKgjk7ahT/UajbwPxdmec5C72pUiszuTkAdh7OLFeA89BUPkYQQ=\n" + "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMtMrM24AJpJCevxnseIpRlSuAIMksfkfky2+noe7Rok8xn6AMQzMrwx\n" - "AiCJ8Jy4DBzIKUiJK4/y1FimyM08qZGR0xeqblCxZ1lbSiXv6OYxoaD2xmWw8zEP\n" - "Zgu4jKReHh+gan1D+XpAbFNY0KrANhjRo96ZZ3AQsZQcWBiPKCynAgMBAAE=\n" + "MIGJAoGBAPG7HhynsWUO4hRHZ9yljs1/DFba8wuw56k//JLHDaM7GXwvfOjzTznZ\n" + "Iz8GjT7a0s+XvIqIwBxxUfsffAdRpoUVoJGTvcuLrbYTjVvhZ2rKBgXk1Dy+HOSZ\n" + "rF7/3X7n73Jw27g07yB4Ymz7pCrqFTEdHUSEe998IE5yWRwPcJKhAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 c8cJwvPJKP9NqygqWowLqeInI26+0dmM4+It/3d+hvA=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAOPclmBO/amw1RWTSI1y80qY/EPjc0I+sk9HKr0BQOovxqJ0lmy9Gaue\n" - "y+MOejQ9H2hNev0nd7z1fPxEogt7SCe22qJHHX3xDf+D9RpKsvVzDYZsk7hVL7T1\n" - "mwHzuiV/dtRa7yAMp7+q0vTUGesU2PYFYMOyPvz5skNLSWrXOm05AgMBAAE=\n" + "MIGJAoGBAMWXC95x/pQF+LVa7Z2LKjuL1Zow6+I/2pK5pxqwTv0LiZHEjrCq5Yyn\n" + "cXobbDuQqMIQs9MiZl9mceXNz9gORncgN9MGae7mAcQFJIH+Hv5Bp2h1QVpjllcl\n" + "yhGFtDVfGjOmr1AUAP2gR7GsmLMzjH6bUtD0o8JujF683x6VRGTDAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key Ue8UgMdiy+jJN+u+N304hAjGzli0ckutdhwTwpJj5Bs=\n" + "ntor-onion-key-crosscert 1\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABstQAXPHCcLzySj/TasoKlqMC6niJyNuvtHZjOPiLf93fobwALDJghOhBUQ6\n" + "PvjUF4HdnKk94mFUnVEuXhbDQkqVpUSwqaDgs8pvMps+kysskBrQT9m8UdtvFg+b\n" + "7hC2d+i5iwg=\n" + "-----END ED25519 CERT-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "fmwhrHV1jQWhrQ3GnQZoY1l2LPcw0kRMEobEyIcDiy3hCTQDQcaChlTVM+fzmcoL\n" + "3aF5FFn7UICK8NAJ9P2HyyC185+KEoLKF6haXCMiTWye0tVN/pZgxvwY49WBEkfs\n" + "yUcQa9Ixq6BxBjyxaDvsp7zXcdhFKYU3ukI3IAFVlqs=\n" + "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" + "router-sig-ed25519 +GEY9H7Q+FV5nimwaLadRy4etG7TgGCKal0LqFhHc4L0dXv8EtcplaKUDxivN2u7bm05enwRWr/z/YxvAiR4DQ\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "g6besL/zxOp0N6Q5/7QZgai2kmCU5EAWJlvZrf5jyrjKhsv2a4LDkap07m9QRFqW\n" - "GGe7g5iiABIqnl0kzv7NLX7ah+d/xxv+IILXyZfVTxSw0e+zFb3uPlQ7f9JsGJ8i\n" - "a+w8wyyDBpOAmi8Ny866Cnp9ojVzCyIErUYHFaPvKao=\n" + "0fO8rKE3VjyjmF506pxkOH8tIHaN+VBVQViRPE/JmCzBPnaNPIj3FnSaQ3lowlzz\n" + "Gy4JE8+/6TS5t2C+MGHUsfTlTZOudtnd09fF/FGERljzzGNx4ABEhGIxf79TG3rj\n" + "H0bMCfO3Q1x7X01WZ7f7kreVWC5z6fbrcCgvR7PIxuw=\n" "-----END SIGNATURE-----\n" ; - static const char EX_RI_BAD_DIRPORT[] = "router fred 127.0.0.1 9001 0 bob\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstQAeSXj4cWNVaGVBdAZZDkDAdmQFTUpxHYo0ux4eoc7bytAQAgBAC4EaEq\n" + "+La3x6f1fJqlT8YhqxetiSdlhLPcFkeWLTOTf3BRXHAQ1EVdiSu76J9il/gn6u4h\n" + "j7jaUEIf3v6WovHJ2qAy7wiJRDuXO3aExat3RLJCvqvkaQjgrKFYAmlpDAc=\n" + "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBANKcD6DJ16X3yvdq05jatdwgjO+hyoIpckW9sV/OkdfIZwf+S6Q4pZGC\n" - "doMw5XeOM52gjpx42kUp6M2WlTGDFEpaNU0VyeZYG/M1CM1xvfj3+1PoebioAGdf\n" - "GuhNBCHZdaYNiOGnh9t2GgUomgpE6njdS/lovSrDeTL469hfcUghAgMBAAE=\n" + "MIGJAoGBALJUtCdVl3BTyy761sZAnKa8N6VOT4QNBLSXxbmVOExMbyr7AVTvOeNk\n" + "rrcDbKj35e6fcEFaJbPWHBuHCcRqH54BI2nD4CzR+t0RFSXYK7ZbyM1mhRR4Kshg\n" + "WlEAaawZiXte09FAaSNZNrkzdQwXy86JXdZjwjyegfDRj9aaxS3xAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 uBGhKvi2t8en9XyapU/GIasXrYknZYSz3BZHli0zk38=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBANWeGHig5wE9UijaNnEW5au3B3hZKSlzCi+T6MYDPbbYhm8qJaVoXUXF\n" - "EP1EUgzDcX3dPEo9upUA1+91GkjGQCo9eOYlqGib8kHIwKnHZK+hernBc/DnOeUp\n" - "Wyk9SW5s+fi12OQhr3NGjbSn76FMY9XU3Qt7m3EviTwWpI3Jr5eRAgMBAAE=\n" + "MIGJAoGBAL5TunHoAxAC+j3w9P9KmspLn/xl8EZZUfovx9gJ95S/R7uPZYMY1Cdf\n" + "d0sObKeV/bdO+7EUT2dpu6ngMj+sS6xam1/VhI0DZemTVHVGh/NOr4P/5Gtgd5+L\n" + "g21nRpc77sPtFibJSHhA8M3LGbwZEhbtje4N6r+HlOitX6u69z0JAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key XHq9XhW9b+fh+ZTAUiZw835EI5QzC0t353VeYWUrQFU=\n" + "ntor-onion-key-crosscert 1\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABstQAbgRoSr4trfHp/V8mqVPxiGrF62JJ2WEs9wWR5YtM5N/AD84uDUsUs8x\n" + "FOOzaneZZrA38hU/7ocJJ0c8uyAHyJ2FKGsRrLvtK3dbrb1WEyZMTF4U0Ht5tF9h\n" + "FYNzHcqFBA4=\n" + "-----END ED25519 CERT-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "plpu9CjEVOV598popgY9KpeKyXYdhgV4e4cn8xq4ulQOAmqodjw5cd8iEkXYQF6z\n" + "g6LT87XHdyLbVOa6Diz8ed7lX6gV0bNLId+mfu+wowTCKp9NxF/+/oZGF6gHrT9z\n" + "XsoRUk89LO5JhHMhHH/WdHNe+d6EQGdqMC8oDzrZlTg=\n" + "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" + "router-sig-ed25519 iIG3Qv7UShaMwFLJRnoplp6iS/Y+oz60D5hLbE41zpH3CzHNz/5dkbDrss5yMWPyWyBC9bZzUytNusyjBWjaDA\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "t77wEoLjyfMf9LKgBfjveosgwvJ8Go0nb27Ae3Ng9tGtR4qaJQfmwZ5fOOuVU9QC\n" - "3s8ww3aY91KD3NTcN3v3FKngxWtRM8AIfwh4pqT3zW6OSP4+nO3xml7ql0Zf6wfj\n" - "TPFV2941O3yplAsmBJ41sRSWizF04wTtZAIgzY7dMLA=\n" + "eK0fcXaG9ZE5PseMnntHv2PQwEiSZZ3T+wrpQb97MwgIrU0zgBPc8fZZemMpiJ6O\n" + "f+0SziFXrYWPOOji3fATBHm1w132bE/0lDbUYf17tHMq9/Uvy9cA03f7Vt2+A9tW\n" + "xG0iqGpeqoJqg9DcYXbzB58tGkTGwVwSba6MXBRJSnU=\n" "-----END SIGNATURE-----\n" ; static const char EX_RI_BAD_NAME2[] = "router verylongnamethatnevereverendsandgoesontoolong 127.0.0.1 9001 0 9002\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstQAXPRPZ2/Fwcf6Y7r0OZ/DsY50YcgEUsDcYU9SNPRJRolAQAgBAA0NkVW\n" + "i3wAeoIg9BeSaD11/nqc5+lOqxsRW5KgrUF5F9EaBcn1mK8QMpZmStY2pyk4PHtE\n" + "dAHvytGNgzllNG8ZqCYWQbB38OcYIVp6snV5P6O5FVDzoLHKxB2RZq9CKA8=\n" + "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAL0mcUxg7GJ6oxgciLiBCbo+NuZ/OVKRrERCSM6j6iHERcB9+ciSRgQ5\n" - "H6o6FUX2LoRmHYzBk1x7kIjHa9kx9g6CAbBamdZrQbdVnc1y2NrdHB/jvwLj3C48\n" - "PgzFIrLg9OlkuoWck/E+YpPllONfF65e0+ualgVjPgpQpXwmz+ktAgMBAAE=\n" + "MIGJAoGBAK1B43OIRWXV0MifW6xipNWJbezgje3v81ks04dgu4nNi/4opPzV5wJU\n" + "3d244I4/KlRgzY4L7D/mxBYtoNtpC2Dae53TkgnLAwHdx77XkoEGuQMjFUtRxejj\n" + "KtVUZW5N5kDCG6bItzpmULvRmYoJa0kSGn5nROo4CCiyJSX1tK6xAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 NDZFVot8AHqCIPQXkmg9df56nOfpTqsbEVuSoK1BeRc=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAOgHvvTAxyjJtHx9W2X7aOI05H9sYDDY+sxhovT/8EpAHrioex54tsMT\n" - "ifgtoXTjGIBEOTDi/1ry39nEW5WPbowqvyzRfR2M43pc96WV7e1nhmD/JrnTYgtR\n" - "5/15KxcMJxoDhod7WZ/wlXBnHc2VevX8JTaeOe9KYORCj5iNbtVZAgMBAAE=\n" + "MIGJAoGBAMWiMIxbssLwJpiCvHvZrg3sbXPMLu/EN3naP1PI0+R2NrlU5AAIEw2X\n" + "NeK4LJyBdO4XXBFL+R3HBlUcXjzphHWxeRgYgg85AfF1xhqIgXpzA0AgGRaQ8GcZ\n" + "5BZm8fBg8CRiS/DLIgwloQmvOJcUDqYLWqvz91zxeGHK+92msp0jAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key J7+npqmFouE4EuXuQAbhc8d6lGGab27mFTQLeXCnAzU=\n" + "ntor-onion-key-crosscert 1\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABstQATQ2RVaLfAB6giD0F5JoPXX+epzn6U6rGxFbkqCtQXkXALDsSLNkQF1E\n" + "8OpEiD4TyefBcLptg136A7UXqXbC1nWC+xUHYBCgkI5ymEtMHOn9bpl01ULisRH/\n" + "29OEIlRPwQQ=\n" + "-----END ED25519 CERT-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "tVZrb1HMx1OCvD61ulJgLwwRZz5mLv/qmIXym5JaWApvKPFwUkTeqlMKVD6HwmQq\n" + "FWAVIvqZNSA5jkq5PJ+LpM7QBuUrA1tuDVnieCQKpC+iP3Gs9c1aad7jrpciDB9A\n" + "MqaJkfketFTtOEa858NWMO/bHAIjcfnGHxRVf3vwIQk=\n" + "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" + "router-sig-ed25519 +ZJ6ovLWqUfLCwpGqge14MwQfPiWhQYopxbzQQKPtgHnRO5qaMb4K7oIKmMkmKaDchTrz0WyIGFZez6u40qQCA\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "j/nFT5gyj20cLHWv94O1jmnqy3n6qkO8Av0OdvvfNeXsMK2UHxk84vzFvEwpUF/Y\n" - "i+VR3LXY4CjTpuliMtjt7BQGtmJSvB8W0CeIUenIGzfwDxW9dG2o7spDldKDB/OU\n" - "C1wyHvKaA6Yss/02RIDa4AxyjsfbgdJ91qK+aAnYAtA=\n" + "PRiWQYy6k2mmwHHkP0AvQN/r318tQXWGzkNBlwoNwewVTRbq0J6Ds9aIWHAijd4b\n" + "vW8E+AHWt3so1ucjq2ix5NwYInhiGHcTSRUqGOKo1WtgcrmGP00g5axZCVxsRDRf\n" + "Ev4TNKSLXDRvblNSpYTccuTc/ExvKREplVrajjxN0X8=\n" "-----END SIGNATURE-----\n" ; static const char EX_RI_BAD_BANDWIDTH2[] = "router fred 127.0.0.1 9001 0 9002\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstQAYnSPlxnc+nZZZIokyW+85uwJkjxUDEqTweLYVXCtdekAQAgBAD9bAif\n" + "9zqaYAZfgnkiER+TADvD001LseJa0fQEPA8EN+zx+GpjHP2yBU1ZHPo4rtIDoaCl\n" + "AioFwzs546cZoZGJsp7U6NDvncqIcu1rGEeOk2MK9Tw7Bfxvi5vkgEO6wAw=\n" + "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBALQDCm9VEopiYILmt4X9kP6DQazfgKnLXv+6rHbc4qtmvQQD3TVYbxMP\n" - "F4sEUaz+YHAPnomfDVW3a0YFRYXwDzUm1n47YYCyhUzEaD2f69Mcl/gLpKdg+QOy\n" - "boGB1oD4CStWL3y05KhxxTNiTrg+veMzXTqNwryCYm+GoihIAM9fAgMBAAE=\n" + "MIGJAoGBAMWlPXGRLRI5kHuR7pMHD977D0XkwSJ5QwrFnbi0FVG5tN79nRRfmZcJ\n" + "5DRQAJu35CFo8wgHTJDec9/gXu1gjjDq6SfIcEVjIF1JX/pKC9+CpYbqhGBxTJLg\n" + "ysPqgQDq4PdkqSU1FMzcW08FOXmVZCkPTm0J7CwKIefubo/IghjZAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 /WwIn/c6mmAGX4J5IhEfkwA7w9NNS7HiWtH0BDwPBDc=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBALYHwdx6bmYy09AW5ElN/DWh0fHh3mBK97ryiIMi8FImYfzbw2BR6xuT\n" - "aQT5omqS3PNJJcNWZt5gOyDtA9kLh03cch7t1PenXSYJshbME2bDrZDJKVJMN6vV\n" - "B1v/9HjXsVF50jBzZsJo3j26XCPT5s6u9wqUFWW09QR3E/1HInHVAgMBAAE=\n" + "MIGJAoGBAK80UOCQiPEWjOB8yPslBNOEPFcK5AKeA+hIIh6FFceGYxeiIWF5LBIC\n" + "5g4dn1GBlUcPX3P/d5m0DXGnGPskwHFyQLpFO0ga4F5HdirTnEUMiko0Nonbrseu\n" + "F44Dk+x/KGa1B+8Xr68HZbJGf3kHSlGVDFwVnSBwmRsMjTkW8qyDAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key wrcJB+L6TYel2UOh6d2/11nrQI5TePnxJUZZ54NUShs=\n" + "ntor-onion-key-crosscert 0\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABstQAf1sCJ/3OppgBl+CeSIRH5MAO8PTTUux4lrR9AQ8DwQ3AK0mat83aPjn\n" + "XxaHRYZ0M6qHd5NhM0z6RGtw1SmT4AtK1g0ZkcVdDhgzjdu62Y5tU0pzBlK0A9Pr\n" + "BW+haJUp4Qc=\n" + "-----END ED25519 CERT-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "JDqs9wmPisHZOZ0s2Dj6E0jFvFhy6KcXuH0De6Ssud5TJqqY8RNOruJA+OIc5/mV\n" + "7rAGsedOETg8d37D09q35RPCPNDC7Ja/Xud0BLeB2VBn3AwxDimHLtp6KyU93CzC\n" + "nsUu8iblk6M/hPiinoo8s2qRWj3CvtX9xgkWxrfmI4o=\n" + "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" - "bandwidth 1000 -1000 1000\n" + "bandwidth 1000 hello 1000\n" + "proto Link=5\n" "reject *:*\n" + "router-sig-ed25519 c5WgGlFiqkcoxrblfnz6S14En3b3F6TkHEqYDg3p9BHA0doDNntOiOJZr6y1hxuZZVxHkGyqz26wqHl1OXWrAA\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "p09ijyuvcW+WKRj4mJA/nkLCvZkRcMzykAWheJi1IHCoqhXFdkFLiIRqjaeDVHRr\n" - "zBtD+YCQiGvFcaQJ9IUhh7IleHcyyljmDYlvuBAxWiKvVZstJac0kclCU4W+g8yK\n" - "0Qug3PmGKk115x2TllHaCZqMo5OkK4I/WAsKp+DnJ1A=\n" + "Vkqau37qjImmyVIa1+w8f8JdXAFiQ1js7gTmkHBxNJrNpNuwAIogOt8KVDwYL3yV\n" + "fR3I+kRNjbWn5PfKY8fENtmwj25IpOeJB1UcC3bBpfaUHnUYj4nNLoOxfKO+cOoN\n" + "uUhb2jyxJzbSFLuPmIlD5ZiDK9cT/J+Q/o36Ll9TLXE=\n" "-----END SIGNATURE-----\n" ; static const char EX_RI_BAD_UPTIME[] = "router fred 127.0.0.1 9001 0 9002\n" - "signing-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMM0Nubr1VXQ/FcgIQTFxZpZDlAEh2XN8FoJ8d+X5S46VDGijmMoYmyN\n" - "oLXqMTGmOaR0RGZOeGLgDzeY8tLrfF821IjfkXeAANZibUjdsHwqHO3wlWD2v+GN\n" - "0GBocWXEdAp/os229mQQKgYAATJ0Ib3jKhBdtgm5R444u8VX5XnbAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "onion-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMpyOr4kEtSTZw4H9eSkH2+WmwIlO4VBpY2HkPS00l6L5fM2REjt50Xi\n" - "lsNOz8Q6mAn5cMYmsGlv61kg01mCvYc7Z715jGh+1hhVAxMaNS3ED/nSPnslyjhq\n" - "BUm51LhYNHD4ktISIqPMurx6aC8B68UYgKzLgCYNzkathFXSBpjRAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "uptime forever-and-a-day\n" - "published 2014-10-05 12:00:00\n" - "bandwidth 1000 1000 1000\n" - "reject *:*\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "NHYeiQOu0nZdrhSy31Xz4F0T6OTU23hPQDzoLax1/zq6iTVrz9xi3HGm7HhOMW1j\n" - "YgFGK3+Xm4iJL+DwriunsAIuL5axr3z2hlmFDQHYItP//KyPpOqSrfEOhwcuj/PE\n" - "VbWsiVYwz9VJLO8SfHoBeHI6PsjQRQFt2REBKZhYdxA=\n" - "-----END SIGNATURE-----\n" - ; - -static const char EX_RI_BAD_BANDWIDTH3[] = - "router lucy 127.0.0.1 9001 0 9002\n" - "signing-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAO6HrITQTEjV/v/rInQ2REmCFZa4dZg8zIh6+B51U/I6hDiZaKGwpNey\n" - "9OfjoRqT2DwyLEe3ORm9A2RAz2twLBixrpt5IvC0sbGustmW964BHW7k9VvRupwl\n" - "ovujHpLIj5dkLxD15jGXHoTp1yHUVk9NkMGN+ahg6y+QhTbIrWbRAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "onion-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAOEpciJFXauEqs31GMTUTzu6edBj9WtV+sIflhGKvU1KKRfwCgOcuKMx\n" - "QiLHHD9AjhMAFGT/qtNbPFkzfYxHKLHw+NLJsxmNtdkYM26FX3ButPiX+69sq9fI\n" - "PCHqQy6z/A7hHwtEk6niWgK2PLhAZCg9duAv+mqFVXe2QEBjax/lAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "published 2014-10-05 12:00:00\n" - "bandwidth 1000 1000 electric\n" - "reject *:*\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "Jk0Xk1RMJSjEflNRcp4qznaHKcfe2r0kOc7TdLAnM8zyNDVj6+Bn8HWmyp/oFmf6\n" - "xtWKKgkKxriAVIJgqZMchPbr9RuZS+i+cad++FCwpTVkyBP920XWC47jA3ZXSBee\n" - "HK6FaoK5LfmUm8XEU9BVhiwISXaUfTdkR8HfzugFbWk=\n" - "-----END SIGNATURE-----\n" - ; -static const char EX_RI_BAD_NTOR_KEY[] = - "router fred 127.0.0.1 9001 0 9002\n" - "signing-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAKYDCSr0Jh9d/mJKjnGYAHKNBcxR3EJk6GGLwKUrRpN8z/aHRxdWlZF2\n" - "lBml6yQNK/VPftcvOekxrKq3/dISrIFBzFYj6XHNtg31d09UgitVkk0VfRarZiGu\n" - "O6Yv55GSJ9a3AZDE4YmIp5eBjVuChyVkeDFYKVn0ed4sj9gg35rjAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "onion-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBALXdUQuq1pYHyYP0qU6Ik+oOmwl0eOsuwiLWf9Vd+dsgEszICX4DRWPx\n" - "syDxfxyA/g9FEPvlI7Nglx6cKe2MT0AutSRLbbML4smfuRZNIF35Cnfu5qTGVVzL\n" - "GWVSA2Ip7p+9S9xLhLBdc6qmrxEXCPL6anEhCR4f8AeybXAsz2JLAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "published 2014-10-05 12:00:00\n" - "ntor-onion-key s7rSohmz9SXn8WWh1EefTHIsWePthsEntQi0WL+ScVfjdklsdfjkf\n" - "bandwidth 1000 1000 1000\n" - "reject *:*\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "Yf9axWyzPudnRvQstNdbtBYo7pGpUEIdECMGcJtFb6v/00pxk4Tt3RiOKa84cOBV\n" - "7V9NjOLdqlx88pGz0DNCJKqToIrwjZDeQ8Q1yi9XClLDkC32fQRX4y6vNBZ3LXLe\n" - "ayVrdRrb41/DP+E7FP4RNPA5czujTfs8xLBMbGew8AA=\n" - "-----END SIGNATURE-----\n" - ; -static const char EX_RI_BAD_FINGERPRINT[] = - "router fred 127.0.0.1 9001 0 9002\n" - "signing-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAM0wDWF2dBLzsmoIDHRugzosCSR9TSvEE0TkvKu6+agfogGtkQJwQ5zO\n" - "sGzZbRR+okO7d+QCED2i3rUs1iikoMUT+pwgvOm8Bxg9R64GK7fl9K5WuAiG11Uj\n" - "DQAfSx5Fo30+rhOhe16c9CT7xJhj//ZKDbXUW7BrJI8zpuOnvgD5AgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "onion-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAKACg1nWM/WjpUiGwlLQsY3Tq1h0RTz/HmOMx/6rTRxS5HLz0KnLg5zV\n" - "dvmfhxqQVKBkt1N2+y+qO7x71oFzIsFMfHYWSxOCEo8Nkff1BqAPqxxUHvM0HwJo\n" - "d7lswJ/UT1j4+WZNZ4sFIujsIW2/zZqKlxG9xaw0GXJ082Cj9XkPAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "published 2014-10-05 12:00:00\n" - "fingerprint 5555\n" - "bandwidth 1000 1000 1000\n" - "reject *:*\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "mlqyJ/ZGBINKwSNEi7GpNBCMqIVbL0pGAOBYHJF1GbRlU28uRyNyeELIxIK5ZIet\n" - "ZzKr7KPvlBxlyolScPhTJfP98TFSubrwYz7NnQv0vLI0bD0OyoBf/9/1GYlzgTso\n" - "3mKfnV7THUalpxe9EjQ/x61Yqf26Co0+jYpt8/Ck6tg=\n" - "-----END SIGNATURE-----\n" - ; -static const char EX_RI_MISMATCHED_FINGERPRINT[] = - "router fred 127.0.0.1 9001 0 9002\n" - "signing-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBANUAvwbpGbsAyA+mBwjFkvurtRzdw9btDqNKtPImufIE+q+AFTaCnwPr\n" - "kA7vm/O6h6OhgfdYEC2GfYJfwPGM7MDuz+NnuKxUb3qb2DQN2laqow6qWs9La/if\n" - "oHKUjC5mNeAgHcbWapx9CygwaFeVW6FBPl6Db6GIRAlywPSX+XMJAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "onion-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBANlSGd+Vm9nLiUk6zgu8dPnSFfw4F0R2GYfmzncIGJWtRFTF9ThW/0av\n" - "/9vZAWyVBjjtnpAP5R1BzdJYV2RwimC/6tqoHtkSbCBhdq5Cb/EHG7Xgb8KwNWVJ\n" - "NV1EESDwvWnRfSPGTreRw9+2LkdXri17FhDo2GjRxAq/N7YkLK5hAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "published 2014-10-05 12:00:00\n" - "fingerprint CC43 DC8E 8C9E 3E6D 59CD 0399 2491 0C8C E1E4 50D2\n" - "bandwidth 1000 1000 1000\n" - "reject *:*\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "Y8MwYBeEfMhoAABK/FgpVRYolZ7jQ2BJL+8Lb6i4yAuk+HeVmPKTX7MqQoekUuin\n" - "/HdPKP+g/9HPMS5pCiW4FMwnXAF0ZocPXF0ndmsTuh0/7VWVOUGgvBpPbIW6guvt\n" - "sLLQ3Cq9a4Kwmd+koatfLB6xSZjhXmOn7nRy7gOdwJ8=\n" - "-----END SIGNATURE-----\n" - ; -static const char EX_RI_BAD_HAS_ACCEPT6[] = - "router fred 127.0.0.1 9001 0 9002\n" - "signing-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAJfPJNA3zZ77v2nlX2j5dXImcB/NhRtkG8XQgF7z+3H17sqoXgBgZ1dq\n" - "IbyJmAy2Lrvk/8VkXNFrT5/ErThn1B98V/PsJOOW1x7jGcix6X4zDYn/MvwC+AxA\n" - "zNP0ozNcVZ6BzVYq8w4I1V4O3Cd6VJesxRVX6mUeSeNawOb7fBY7AgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "onion-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAKBzfB4mDEJjFTnmtqZxDG8G1yAiccVgAtq9ECEREL/BOQyukixUBeBe\n" - "j/FgXzbMJ7DZAuopuJZU2ma6h14G63fZs7eNFceDtmdLpuCOsFuvJ5Mlkf3hDZ1u\n" - "1KK5q+tiG7MKxgnGrqjPBUO2uubs2Cpx0HmsqBNUalXd/KAkFJbXAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "published 2014-10-05 12:00:00\n" - "bandwidth 1000 1000 1000\n" - "reject *:*\n" - "accept6 *:80\n" - "reject6 *:*\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "Dp9dLgs9s5beMPxfD0m96as9gNBvlmKhH1RQ/kcOKscia4R8Q42CnUtIqLkCdjOu\n" - "zErc2Vj9QzjKOvlqUqHxP+J+l+ZJez6F+E1tcmK/Ydz3exL8cg9f4sAOCSXcpBey\n" - "llTFDibz6GkQ2j3/Uc4bN/uLzoyZKunpJbSKZP5nt8Q=\n" - "-----END SIGNATURE-----\n" - ; -static const char EX_RI_BAD_NO_EXIT_POLICY[] = - "router fred 127.0.0.1 9001 0 9002\n" - "signing-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAK4fbjTKYqv2fygfjzY53sVTdtbNMjq293/uffKKxFYnOVvPzrHlP6Go\n" - "2S19ZcyDxOuH1unbBChPnV0GpxXX6+bgfDkaFh7+jef0RQ3fpJl84hSvdM8J8SCt\n" - "Q/F4Oqk3NeKKs+zAHDjhAU1G4LkF9/SZ9WZVXlH4a4pf7xgQtaShAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "onion-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAKahvyDkmh33ob/bLVO1icgz2ntOZN6ZQUfgpMU4Cd6DQtOEwFUGhbVt\n" - "gvtMHv2+VbxM31ZfUsyBqJ1rJBLpOqlPvSoYwSac2+twa+w/qjfGqcJYhBjP9TV9\n" - "n9y8DzBX85p6vRcCzcuZ4qUJ2nRzdLHwjdgzeLmmCHuPO2dQxQhXAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "published 2014-10-05 12:00:00\n" - "bandwidth 1000 1000 1000\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "ntgCtMC0VrsY42dKts8igGQ2Nu1BpuzUltisIsJz75dDx2LCqTn7p4VpWbTrj1sH\n" - "MRNOvEPFxVMs0Lu50ZUGRzeV6GrHmzIRnOIWanb3I/jyrJLM0jTIjCOLwdMRA298\n" - "tw8Y9Hnwj4K7K6VvgU8LP4l7MAJNfR6UT46AJ6vkgL0=\n" - "-----END SIGNATURE-----\n" - ; -static const char EX_RI_BAD_IPV6_EXIT_POLICY[] = - "router fred 127.0.0.1 9001 0 9002\n" - "signing-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAKHJKLHqjYoW9M+1q0CGHJRT5u2CnZWb8Qr1DpLkkusQ6ru+cDAG12so\n" - "IpDQh7IyB2JosVJi9ogekYxJ3O1p5WlFUi0X19DMoer9FJ9J7/3s4enGJ/yMBeuu\n" - "jLVRkjMJhsfhj3Cykon+8Rrf520wSmBg1dpJQCXTwtb7DARgYRpZAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "onion-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAPJH61Ir6XSu9/Q9tXGaINbXO1GWQQUXtwh6TX9lxnaCNDLGnxiY+ZZw\n" - "+Vqj3LAQoMrz1PpPsF5e0VIxok10Vc8y4cWC+kIitcecut4vWC5FYTtVVP9wtlyg\n" - "YCcVOVhtFQxtLiGqprl84+EVxrR7RQVCMLNDUXIgxAfdnS24eBPDAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "published 2014-10-05 12:00:00\n" - "bandwidth 1000 1000 1000\n" - "reject *:*\n" - "ipv6-policy kfdslfdfj sdjfk sdfjsdf\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "XWorzVT5Owg+QcsBtksiUNtpQQ5+IdvbsN+0O9FbFtGZeaeBAbPJ3Poz+KFCUjZY\n" - "DeDAiu1cVgODx2St+99LpwEuIBx78HaD8RYU8tHx8LoA+mGC43ogQQS9lmfxzvP5\n" - "eT5WXhkOS5AZ8LZOCOmT+tj/LkSXev2x/NC9+Vc1HPo=\n" - "-----END SIGNATURE-----\n" - ; -static const char EX_RI_BAD_FAMILY[] = - "router fred 127.0.0.1 9001 0 9002\n" - "signing-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAM62QoRxSPnm+ZM4fv9p03Qqbz5SzhXYSNjKWqylBruaofTw6oIM8DtX\n" - "7QnrEe/ou/WtfB+swV/2rt/r0EzmeWBWuDmuSUrN5TC2AdOi9brSJMgXVW6VW77X\n" - "fuIlLd5DVSId2zs3cKLDqp36CUsooA9sS6I5HrvW9QDf3VS3pGBtAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "onion-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBANg1trpnRzkCi4t4Z4qnBKF612H5A3Zrjg7Jo2b3ajUnON/KEuLPTc3t\n" - "PPN0W4qqeCMmVQEuxf3DRbTPS20ycy4B/JDWYfxCNwuj5YAx04REf7T0Hlx7Aee/\n" - "sHEQBhIBfasA2idhTh3cAm4DMYn+00BqjxF6jmyRA0hyntEABabrAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "published 2014-10-05 12:00:00\n" - "bandwidth 1000 1000 1000\n" - "family aaaa,bbbb\n" - "reject *:*\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "xOgP3liKF/WEvwbbGzUUVRZ5WPrOI7jex8pZU/02UEnHjit7vCf9fsUcvkeo0xjz\n" - "n3FQHIO1iAJS7dEaEM4nz6wtPUb2iXSU9QajkGBkJ9/V7NHMFIU3FGfP47PIJJkd\n" - "nz5INoS+AsE7PmnDjUMm1H45TCCl8N8y4FO6TtN7p8I=\n" - "-----END SIGNATURE-----\n" - ; -static const char EX_RI_BAD_EI_DIGEST[] = - "router fred 127.0.0.1 9001 0 9002\n" - "signing-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAJ8Sn8AxBRbeIAHUvaKjqmcYOvXz7YFlpYFiVHp/cn+l+KUkIYTOFQXf\n" - "K8AtwjmJ4R2qJIbNlY/6oZGFbizt/B+WPuWsTj+8ACEEDlxx0ibg3EJRB8AZYiWv\n" - "0zC/loiUvHm6fXF5ghvDr9BQzEUo9kBk5haoHwROtGawr1+vOEiNAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "onion-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMzok3ZJtLjXOC8RKltXI8xulwn/ctCvQFHImR0+ccA1uBxaZNYgiIcc\n" - "q8XngROfV8xEgDbYPiWiLXJOMSwOd7hfs3YzRWF+LKftYs8PuRyMJcCoBjOPZ4QX\n" - "HRfTetEvu2SijZMby+lkqpZg2nuF/ipsXUjrabRZdNiIGhC451vdAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "extra-info-digest not-a-digest\n" - "published 2014-10-05 12:00:00\n" - "bandwidth 1000 1000 1000\n" - "reject *:*\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "c/6zAxO04izQvqdM4bZVGE+ak0nna5pz9XZizFkieZEDWGzWQuVMhXyL5sbsFbsx\n" - "6Hn7DvNRYR/2nA0teDeRyIHMoMHi76te5X9OFDgaeUVCbyJ8h/KZYfPnN86IDbsR\n" - "dCSmj9kX55keu64ccCAH1CqwcN/UsbplXiJJVG5pTfI=\n" - "-----END SIGNATURE-----\n" - ; -static const char EX_RI_ZERO_ORPORT[] = - "router fred 127.0.0.1 0 0 9002\n" - "signing-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMc4MOhLG3PKPgc+xYVf4eScWzeOf8wq7Cb/JxZm50G0LuvVbhHtHEZX\n" - "VOSHI7mLE1ifakJvCFJRLobMU7lU0yhn18/nKl2Cu5NfFHHeF/NieUBSxBGb2wD6\n" - "aM1azheXrRqvDVVfbI0DLc/XfQC/YNiohOsQ/c9C6wuffA4+Sg85AgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "onion-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBALBWdl9/Vft+NQKQlg5kgvZo+krnhNTRVQojWtUEzom4TFIT+NNKJyMG\n" - "reQXcNdzNptTB0aOBGGwqAesqzsZ2Hje699NsDe7hdl7Sb5yhKDqtdQY6yDXJUFt\n" - "zqpAUkmYMLe2p3kPiWefNso56KYXrZrlNAiIS/FhQ5cmuMC2jPydAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "published 2014-10-05 12:00:00\n" - "bandwidth 1000 1000 1000\n" - "reject *:*\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "gFg08P9A6QNQjURlebfdhU3DSV0BeM0j2SFza1jF9JcBOWDRmT8FvYFK1B3js6jK\n" - "8LNV8JOUssv14z5CnUY9CO1BD0xSl+vGlSS4VOXD7rxui8IoWgnqnZsitq+Qzs95\n" - "wgFKhHI/49NHyWHX5IMQpeicg0T7Qa6qwnUvspH62p8=\n" - "-----END SIGNATURE-----\n" - ; - -static const char EX_RI_MINIMAL_ED[] = - "router fred 127.0.0.1 9001 0 9002\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf5iAa+2yD5ryD5kXaWbpmzaTyuTjRfjMTFleDuFGkHe26wrAQAgBABFTAHm\n" - "hdZriC+6BRCCMYu48cYc9tUN1adfEROqSHZN3HHP4k/fYgncoxrS3OYDX1x8Ysm/\n" - "sqxAXBY4NhCMswWvuDYgtQpro9YaFohiorJkHjyLQXjUeZikCfDrlxyR8AM=\n" + "AQQABstQAQvNaHu5qx4lh0J5u39pwIR+4bHrHty+wSqMbmR4i5mGAQAgBAAm5VPl\n" + "ChSd6wSrmDX50ZZmvkr3EZwt+R3JtUiYZ77yqVlAGBws0BGvUIbYOUHcS4pWuDSX\n" + "KwVT5wktWdgm/VKqZv75Ekbt1HqVAtJVrTXWramFH1JfX+di4xIaYmYRZA4=\n" "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAOsjlHgM/lPQgjJyfrq0y+cR+iipcAeS2HAU8CK9SATETOTZYrxoL5vH\n" - "1BNteT+JxAxpjva+j7r7XZV41xPDx7alVr8G3zQsjqkAt5NnleTfUREUbg0+OSMV\n" - "10gU+DgcZJTMehfGYJnuJsF4eQHio/ZTdJLaZML7qwq0iWg3sZfBAgMBAAE=\n" + "MIGJAoGBAMn6qgw7XEvpr8+99/6trahXGW2laXSQGZzrgLdOAIeCK85uqhOmE15V\n" + "4J+fvueDykuU5KpgIjvqC8GdzWWZ8THDMOfi2L4kfnF+KZLAxE2b/M67+8dYlIJY\n" + "Xip1Wy9LRmJvlnLpwJtm4R6eYFSANEX1sSkQQKS3mgsJbAx9sOtPAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 JuVT5QoUnesEq5g1+dGWZr5K9xGcLfkdybVImGe+8qk=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAK9NjRY7GtAZnlxrAZlImChXmGzml0uk2KlCugvju+eIsjSA/zW3LuqW\n" - "wqp7Kh488Ak5nUFSlCaV9GjAexT134pynst8P0m/ofrejwlzl5DHd6sFbR33Fkzl\n" - "H48zic0QDY+8tKXI732dA4GveEwZDlxxy8sPcvUDaVyTsuZLHR4zAgMBAAE=\n" + "MIGJAoGBAKjYRj75Sv9HEGOb+MTtlOkBUHubxF6inexiMOOIeypOTU4tGbxz5CBx\n" + "IPMR9HGSxR0maExkaBXjA35zIy9mjAMoclTc/cXdMiD/hJfcPACGBFyeKlblYNKd\n" + "clR72dRskggOXPo8wSQMX+4ngB6wOfi6HWH+tT4ZW+VoO8DmraHBAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key 71DgscFrk4i58O5GuTerI9g3JL0kz+6QaCstAllz9xw=\n" - "ntor-onion-key-crosscert 1\n" + "ntor-onion-key eQjy89b9KtHPSi5/+lxGB2L2l98lbxP4wqOwVRbJPzc=\n" + "ntor-onion-key-crosscert 0\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf5iAUVMAeaF1muIL7oFEIIxi7jxxhz21Q3Vp18RE6pIdk3cAH5ijeKqa+LM\n" - "T5Nb0I42Io4Z7BVjXG7sYVSxrospCOI4dqkl2ln3BKNuEFFT42xJwt+XGz3aMyK2\n" - "Cpp8w8I8nwU=\n" + "AQoABstQASblU+UKFJ3rBKuYNfnRlma+SvcRnC35Hcm1SJhnvvKpAHV+58GHOOCu\n" + "AdKmVPv2VitBQgdgYhgITdTEo4gHSWSnJ7NSf59IZQmleYAQDFC2ZJUJy0n5zTQj\n" + "R4u9ikE2XQk=\n" "-----END ED25519 CERT-----\n" "onion-key-crosscert\n" "-----BEGIN CROSSCERT-----\n" - "lAZwD6YVic61NvJ0Iy62cSPuzJl5hJOFYNh9iSG/vn4/lVfnnCik+Gqi2v9pwItC\n" - "acwmutCSrMprmmFAW1dgzoU7GzUtdbxaGaOJdg8WwtO4JjFSzScTDB8R6sp0SCAI\n" - "PdbzAzJyiMqYcynyyCTiL77iwhUOBPzs2fXlivMtW2E=\n" + "mrgyJtcOK97/nva7eGZLk1slPCGmRUm6CvfC/cVrbAiiJF7OxkPEb0SOO8291wKQ\n" + "qCxQVXp1Ox/gcILrgRuOTMDDCEAKlYtofKaw+ya3XNqImLtxLNS4MzzNR4kNvuD5\n" + "cd9wxTdUZMcbNnWxrwAtp3knuUbv5s+fPB/C9dPK+u8=\n" "-----END CROSSCERT-----\n" + "uptime forever-and-a-day\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" - "router-sig-ed25519 Oyo/eES+/wsgse1f+YSiJDGatBDaiB4fASf7vJ7GxFeD4OfLbB7OYa4hYNEo5NBssNt/PA55AQVSL8hvzBE3Cg\n" + "router-sig-ed25519 YZgLS52VJa/LEUkgPEoWAuv6fpmD7BnTIYlxa/gF6OsQiriCTtZp1rg351eoMDt4lxaHFXdiE+uVj+97/thWDw\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "wdk26ZtS1H81IxcUThyirANLoszrnYYhOMP57YRAUDEzUr88X6yNDZ5S0tLl+FoT\n" - "9XlEVrpN7Z3k4N9WloWb0o/zVVidPMRVwt8YQakSgR8axzMQg6QhQ6zXTiYhiXa4\n" - "mawlwYFXsaVDSIIqYA2CudIyF3UBRZuTbw0CFZElMWc=\n" + "O4zO6U4LPp/eEzhLMA1fCdkHW2GxlkvQx4x+v5v/DDf22r3YqQpazRoScAMXgqPd\n" + "m6SWYs13ipqs1/9WDLbwv3dPqOAIgGvOeQobQ06Yxqi4nqg7WW+asbM5K7iNIFYZ\n" + "SL51DpGbMKDwgRCaobua9LjxzOtrBROKgwpudn4drkM=\n" "-----END SIGNATURE-----\n" - "\n" ; - -static const char EX_RI_ED_MISSING_CROSSCERT[] = +static const char EX_RI_BAD_BANDWIDTH3[] = "router fred 127.0.0.1 9001 0 9002\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf54AfsyyHhGluzfESzL4LP8AhFEm83+GkFoHbe1KnssVngHAQAgBABNzJRw\n" - "BLXT3QMlic0QZ4eG612wkfSRS4yzONIbATKLHIgyzgGiGl4gaSX0JTeHeGfIlu7P\n" - "5SKocZVNxm1mp55PG+tgBqHObDRJRSgbOyUbUgfOtcbQGUeVgUlFKWZ9FAY=\n" + "AQQABstQAZGXxVfBig1quo5wNr6AAbHSuTo8wQga3b0wyrhm49IrAQAgBAD8KBVe\n" + "paDp9WBD9Yk6CbO7dqW2bGBYDYHxhMVrAP/xDV2Z7HOjXFjZa5dgz+kcqdxV9BQK\n" + "Fvd6c3ZhRpb2jqTKSyoiwwnYOJ0qpbLbHjNC6kIiwzpMKF5/eBIRnL4vugY=\n" "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMqT7K8cEzWIaPNXbNgvoZ5ejavoszI2OjW9XXetPD/S2f+N7TfQXHBW\n" - "bnjpgj87gmk59w0OXTMCv+XofZ0xOy2YR/jG5l1VJIvqgJhhFJ8oSEGVzy+97Ekn\n" - "Lb1FEYuVfVxSxnU2jhHW6KPtee/gvuyRI/TvZuwmYWxLRpikVn4pAgMBAAE=\n" + "MIGJAoGBAMQHT7ehq+M8EKdXLpxc244S7bFsV99WL9B38RS6uWp+Zw5iMhMqBQDU\n" + "gLyTzojkB6/MhCQRlai5xmOdexpT9Il9H+C3d2L8A7tHj/58SMH5fUK9Pk91p1xV\n" + "pTSkelUNNTTivrkhWYKkZ83N1X9QHEiyM9UOBrx+yQh/ANVOF90lAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 /CgVXqWg6fVgQ/WJOgmzu3altmxgWA2B8YTFawD/8Q0=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAM4nITNe8UykgsIuo5czSSSl3Okr1K+UVWTzDGLznDg77MkLy7mydmk9\n" - "vf51OB+ogQhozYKIh9uHvecOzY4EhSIuKhui4hNyQklD9juGoW7RVTSpGdYT1ymp\n" - "dDYS30JBPwCZ7KjdMtXiU8ch2WgbzYBuI+JfjwOhfcsuNC9QPfbfAgMBAAE=\n" + "MIGJAoGBAKpe3Vz5SPLedYcIun0NxBb9WHU+PF52CNtyfFSX7ydLk1fEq7ug2Kc3\n" + "iT0kZYnYUqIM9tlp94JwOiFLaOfiYdqi1NF8eCHaljf0Fkl+LI4i7+TAxIvSWF9E\n" + "00vfFN5vRmH2vnR/tGyM1kbrVJiaBKZLu2FkN7wS5gqXhQl40s3hAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key lx8o212IYw5Ly2KbH2ua1+fr4YvDq5nKd7LHMdPzTGo=\n" - "ntor-onion-key-crosscert 1\n" + "ntor-onion-key VxoUHpKVDO1CwJrUaszxPFyPFBYJpXscprJARNOUFCw=\n" + "ntor-onion-key-crosscert 0\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf54AU3MlHAEtdPdAyWJzRBnh4brXbCR9JFLjLM40hsBMoscAJ8cHMIc71+p\n" - "Qa+lg5JiYb551mLgtPWLy12xdhog7SXiJl3NvnMgbMZXHDqkU2YZCidnVz+xqMdh\n" - "mjQFK4AtRwg=\n" + "AQoABstQAfwoFV6loOn1YEP1iToJs7t2pbZsYFgNgfGExWsA//ENAHxn+CYVO2ow\n" + "HY22+Iab30Z52szYAWonI/ivMFc1JXDwhZEYw6p2S9tg5VhPc0EZyFdF1i/HrVwZ\n" + "rLdd9n0apg0=\n" "-----END ED25519 CERT-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "qAE8PqbI12yeyLWaGyW8TtGv+LNXddZF7hTalGr/Hrd9JD3SrT0sPdn//qQZZbMe\n" + "fFAiGR42w8P5XlLXp2O8hbpn24dr0MLAPsxL6YwRBWFCUknPtgnHDau5ycXctUlS\n" + "zjLi32GfA3FQKnMUp5tJs5hjbeNAUld7Hi3Lu2z6MRc=\n" + "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" - "bandwidth 1000 1000 1000\n" + "bandwidth 1000 -1000 1000\n" + "proto Link=5\n" "reject *:*\n" - "router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dg\n" + "router-sig-ed25519 AO4AMaoDJC3BCSY9WGz/MuOx9IO1jZwEuTM/PTacIB3Q2+6MR+mnuaWDh7fB+IgyGeBgo1s4ScccosxHDBH3Bw\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "cv1yL8HhQzQfjzkSosziu2kMecNUQGle4d103h6tVMoZS1ua1xiDpVKeuWPl9Z0+\n" - "wpFwRkOmK0HpNeOXCNHJwfJaWBGQXunB3WQ6Oi1BLilwLtWQixGTYG0hZ6xYLTnX\n" - "PdSQIbsohSgCzo9HLTAgTnkyBgklIO1PHJBJsaNOwfI=\n" + "LkLZaaP2n1OwlzJZ93jWCO1qegtUqLCh1TyHhpb/PzREJsfsqWATfl14TK+Bhytu\n" + "H2xDuGFCejTWH1+g+rh7Fkd33W3SirppNpr9Q7s5Sj8fA51HAWk7nYArSiWYmwBR\n" + "ITqgfNVhi192LE2mkgFJeP7SDBcs3dYXTu/nbpwXtXM=\n" "-----END SIGNATURE-----\n" - "\n" ; - -static const char EX_RI_ED_MISSING_CROSSCERT2[] = +static const char EX_RI_BAD_NTOR_KEY[] = "router fred 127.0.0.1 9001 0 9002\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf54AXXgm0CUWQr+rxvgdIslqaFdBiwosT+9PaC8zOxYGIsZAQAgBAA6yeH7\n" - "3AfGIGuDpVihVUUo0QwguWDPwk2dBJan7B0qgPWF5Y4YL5XDh2nMatskUrtUGCr1\n" - "abLYlJPozmYd6QBSv6eyBfITS/oNOMyZpjDiIjcLQD08tVQ2Jho+WmN64wc=\n" + "AQQABstQAeHEwGvEQ6Q0Q4feihyajToFJ/tJdYb7X0U6LJX83+x4AQAgBABfIsFo\n" + "zK+xiF5YqrRX9jIluwrJqUXcnRBc6jzzEnMIXCFIlaXAHlR7FtlVjhoUy+pClNul\n" + "WcT+JjHbzUwXwAtqhV/tDhLAHk+Ay1vwH1pVlqDBC6UYE1WnAfzUGdGz9AE=\n" "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMdyTK/VPZloLUaLsvj1+NOFs33/E9HmA0VgvZ1nNUrR+PxSR71QF7Tw\n" - "DKz+/p2rJE+MPfQ/Na3dH0vH4CDZ+FH2m4A8SB9emF8aKxdc/7KCjQNDQCNlEQYn\n" - "O9WvZJhbNPHUmX0z4OotI+Sk3qBzVHu0BGDsPYC9gwszIumDUILxAgMBAAE=\n" + "MIGJAoGBAKScAJYuwEgWW/u1K9zpBmTcM2/iwH1yfdQ3MgAcLEGTukHyMb0FJ8GI\n" + "zetrQJn0mBY+W/Hb4xylMMz2GL9pgsmGjKxDLcW9at9rA5FXunCEvRkfCvJhhSzS\n" + "KDbtTM0030k6uvSo1MQKt1zrntdUXkCDZYl8+yDewb3MfNgOCNZNAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 XyLBaMyvsYheWKq0V/YyJbsKyalF3J0QXOo88xJzCFw=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAL8o6CJiLfW4vdRFvJ2nFt/H/ei0ov83rilOuwSmNORmL9lvnHY++HrD\n" - "dmEEvBv74xqWJxGbJ6OQ3VOwRpf2X/cb4gAvsQDqDmNwpJsrPYRQVXp/KY/8z7bJ\n" - "dM4CjcsuJHHmj3yc3iCzgqt/Xr6vR24X4bee12/bP7R8IETvWoiHAgMBAAE=\n" + "MIGJAoGBAMpVLmZCeEHM7aRPjxGrcYYTlm2YmFVYkQCMealSBwoP/zMEPnLXODPx\n" + "vNx0syUAKg9WraLRoVoTNgHQvPWJCIHULthD61O+S966zItMUoWjD3lfrwZRkA2S\n" + "NDvzxUAuxhqS01zfoXGw9jq058b4yhGxdkeloz/6ctIf78dCbfC3AgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key qpNEGrLMVn28Odonk/nDtZq1ljy0fBshwgoAm4X1yzQ=\n" + "ntor-onion-key xjiodE8eCJMDycIoosVW5OnhmvEDSn3zQ9uFSpVnI7RI=\n" + "ntor-onion-key-crosscert 0\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABstQAV8iwWjMr7GIXliqtFf2MiW7CsmpRdydEFzqPPMScwhcANqd8l+sKSqF\n" + "jfzw43nwQ24k+ktkImehYV443lPygB45J9hfk1Frtf73sdnb3r/Oq3nFfkqTHiZA\n" + "vfpkxWg3qgM=\n" + "-----END ED25519 CERT-----\n" "onion-key-crosscert\n" "-----BEGIN CROSSCERT-----\n" - "i4RKGIeaUrO6nzfdtb6j+ijYJh1Vgc9bsHMpW9cVCOjoJKFW9xljgl9xp6LytviN\n" - "ppKYCt9/JflbZUZjny34ESltPGrdquvHe8TtdQazjiZBWQok/kKnx2i+PioRF/xI\n" - "P8D0512kbJjXSuuq9tGl94RKPM/ySGjkTJPevN4TaJE=\n" + "t3ByKPtpGpveOkZI5ArpxDsdjmRbo+vdmqGmDOdUzGEQ7xLZ4tfsul/yvkKNX9WT\n" + "f40zkn1kOpEkiNRhpJT1z33yUeGO4Sps8oezTf9mQJCccsTyZ8Jj49V1VSZ2jrAw\n" + "J3GJNoqr1lO68HvCA5avXKb8M+uUlB1zoimkTyq14Tg=\n" "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" - "router-sig-ed25519 pMAOpepn5Q9MxcV9+Yiftu50oBzBsItQcBV9qdZCIt3lvSFqFY9+wJjaShvW3N9ICHkunrC0h/w5VEfx4SQdDA\n" + "router-sig-ed25519 r73EDnNHPxOwmwTR4mcoeM0/P51/WmFnvW/oLzgaR+Cjx1QObZEKO45xqB+QatM0IQ+7H23R2m6cD0iTi6GzDQ\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "Du5fJYDzvEeGqKTJwgaQsJJgz39K/J4qEM2TZ3Mh0XuDM1ZWDtjyzP03PaPQqbJ1\n" - "FsN5IStjOqN3O1IWuLzGaZGpGVuqcyYOxjs7REkGQn2LfqCjpzjaAdcsL0fI4ain\n" - "o/in8GQ6S/qhsx8enKlN0tffTmWmH9bmmVz0+yYmBSo=\n" + "SpSRg72z5U5RUIVQymJNyufSYH3RZPdlGweBzUypnaU4+iBum7IB69M2VPE4bchK\n" + "EObhVkqTisg6utm6h9HyDUgpgtAIS25IfeRhb713RNdJYeD1KW5KBcmdI5g/eoCB\n" + "4N8XrU4+xI6B6chj8I2GiYCMCT7gWFOqAIoJlOJN/UY=\n" "-----END SIGNATURE-----\n" - "\n" ; -static const char EX_RI_ED_MISSING_CROSSCERT_SIGN[] = +static const char EX_RI_BAD_FINGERPRINT[] = "router fred 127.0.0.1 9001 0 9002\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf54AfoVFYuJnDNBWbjbTqfXACUtXWPipmqEYC++Ok/+4VoFAQAgBADH7JzI\n" - "fjSMV158AMiftgNY+KyHYIECuL9SnV3CSO+8+I7+r9n+A3DQQmGLULo/uZnkbteJ\n" - "+uy6uRG4kW0fnuBlKhseJQm9hjNGWzC8hmebp1M+bxwG41EGI7BZvnTrRgM=\n" + "AQQABstQARuzNoxmRJWC5XJHiZrz6JnjmLqWZdGCf7gxcyDanXhqAQAgBAC96/co\n" + "YtwP7WOha/PdIPmAj9uCv7vl/GtDI7SYowz/i0AqWXGk1T/GIGeSJZ3uSWq9u3tP\n" + "ytPSnJvmqj6wMkGLQ7oZsi3G1DTuh/gU4fY3aIAQcm6LEestgnI6RkQF1gY=\n" "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBALEqlijoFIDX1y1i5zfei8DuDIsFtSw56PGgnMRGcybwD1PRQCheCUZM\n" - "erQgFCWjgLgvGJERBK/oILW1dFXp4MAR5RgnrPGTfWTinCj32obMLN1gIczpq6a9\n" - "P9uv6Cz0ApSxpA/AuvjyAZwQKbUXuMvIY4aTprAKSqqVohk6E+E1AgMBAAE=\n" + "MIGJAoGBAOhMzS1rZAYB2AZpV9VvAF3twjoMaKuwscP0Z2eFih5/WhUWBSlq0ik7\n" + "4XgTYXS1EtV2GjgCE3aIdElr1eBar4+cz58jKssZH5FFWDzPmEN4g6qzifIbsvXk\n" + "MeAF1u6wCr/TDJ7srCSp4EL/f6V2y0uC951Z24wKGnRZadBQlmo/AgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 vev3KGLcD+1joWvz3SD5gI/bgr+75fxrQyO0mKMM/4s=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMZbbBjGV7xPri4XNmejq4add93p+XsWlsfbM930bcC2JZiwg4g4cq6W\n" - "idl8VDmCXeaWg5y3kb82Ch/Q9vPG0QYQbXxUA3JxQKKbcEK3QsEvqQh8Nb7krILK\n" - "YnSGAnLG2Nc3PnKb7Wpb8M3rAysC5O99Gq1mSfm8ntj3zlIM7NSHAgMBAAE=\n" + "MIGJAoGBALdUFqqQlTglmEhthhBDk4ZYeG6NA08jemECh1Eusl+cgiQzvD9nMwdC\n" + "euE8OTZkDa2CxlhCdUNV0D67X4hp5C77uJzLGL1LHUeQQaNIkJeMP9A1iZpHcpki\n" + "Q9iN/XEMiDK5z42IGc40cimSU1SDCgKquDg+mLyUmQzpo/9GzRvVAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key CYcpfIF4T9PJcfROfVJTUYl0zNd4Ia5u0L9eng/EBSo=\n" - "ntor-onion-key-crosscert\n" + "ntor-onion-key e7xFX5txUS4DxZsux+D2Pz7YGIy60IfBCsxqgSbcCTg=\n" + "ntor-onion-key-crosscert 1\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf54AcfsnMh+NIxXXnwAyJ+2A1j4rIdggQK4v1KdXcJI77z4AMRc2LxiKbyr\n" - "fqRVynHuB031C4TN/HAlNPBjVoRvQRgzpiyyoyCqMDxLZdM8KtzdLLeqZJOXtWod\n" - "UXbYG3L70go=\n" + "AQoABstQAb3r9yhi3A/tY6Fr890g+YCP24K/u+X8a0MjtJijDP+LAH5UAsebB7YK\n" + "McQQD2Kt1QtPfkIClLENUG410z6SwWNU1A1p7nJQ0AcCUrsM/5gZfwPzaoEfFZWJ\n" + "dmRHtqF/4As=\n" "-----END ED25519 CERT-----\n" "onion-key-crosscert\n" "-----BEGIN CROSSCERT-----\n" - "BRwRAK2lWxWGS49k8gXFHLEQ/h4k8gOQxM0WgCaN4LjAOilLHFjsjXkmKgttVpHl\n" - "f0V9ebSf+HgkpQnDSD8ittnr/0QaohUbD4lzslW4e/tQYEiM46soSoFft85J6U3G\n" - "D3D63+GmaOfIaa4nv7CD0Rw/Jz0zTuyEuARsdJIr1IY=\n" + "DO+sLD0Q6Ls39UplbwmIP1kqrYPdUTO1ydHtdEl22+nXbzQ+vIEaMprv77fbOkJS\n" + "adq3HQ7WDJ+ESxYyvnOn0rxCv/P4zENgbWE4s10uMWQ5Oqirwlk6peNou9MZ8Re1\n" + "1VChxzgerdCJcOOvTW7CCR/7A4QKnn8zu38cT51ncO4=\n" "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" + "fingerprint 5555\n" "reject *:*\n" - "router-sig-ed25519 7XfV5r7FXbXPEvrxlecWmAJxat/6VT+/4tE5cHrQnvLM4zslysstWH6/AfIfcmUuDlQ0watmfg1MvVnjavcfDA\n" + "router-sig-ed25519 lF577k8aob8csasyKZnvyyfbBze3dgO5QhHRrUCDEoE5bFLRLs50RLwWSn9wNiuOc8tFOFvXqT9o/Y0rziEWCg\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "eigLL3S/oMGL2tJULt9bl3S0iY+YIxdKeGFCcKZci59zD786m+n+BpGM3yPpvrXr\n" - "bGvl4IBqCa1I+TqPP1rM9lIEcUWaBT7Zo5uMcL1o+zZl1ZWPWVVKP5hC5ehDueu8\n" - "/blzNhTEFAp23ftDK9PnFf+bXxqbgKkEoZsxnd3e9Ns=\n" + "S4yw7hIs9NHODCiTFcSh4YpYHbG4XP3rq9YyJgUG+uWen18N904p+4iQwGh+Ye3T\n" + "cHl++4ZkXajAuSm4ZT784/SserPJmxxZroeSMVcdBgGdngOq62kVtfqBRyFDUtBU\n" + "CvCb6eHRB+BoKHWcSSyr/abEqO+AfjjWRVEsd7B4PT8=\n" "-----END SIGNATURE-----\n" - "\n" ; - -static const char EX_RI_ED_BAD_SIG1[] = +static const char EX_RI_MISMATCHED_FINGERPRINT[] = "router fred 127.0.0.1 9001 0 9002\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf54AR8QC+SNBpPOTVY198IQBANNwZjy+SBqQNxfzjEmo204AQAgBABjz4FP\n" - "zW/G+fu7YirvANvvqJeb7S1YYJnf6IrPaPsPRzDqJcO3/sTzFC5OSb9iJmzQAWnn\n" - "ADPOl+nOJC58XJnJ7CUJdPtyoVdMvUiUT/Jtg4RuCN1iDaDYaTh2VavImAY=\n" + "AQQABstQAblHLIIIJbgQ7K3DMC/bztGu14OqVAr9A/sTA3/eethrAQAgBACvXlt6\n" + "ONBSjN/eXPqM26//TBLhJ880ueBSi2sw+UBpUXqJJsJcW/nChhopJvXkM2LAMF2Q\n" + "fnXee5XVoAO50gMaDU7vvh9GVnuAiV4coKDzmDyKVYnGN5CdCk0zj9LlegI=\n" "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAKuLC0kzCBTV6+WPZcAOQPKjqbjvMIyaehIQS1o90dYM+Tosrhtk3bw8\n" - "QBLMaiWL3kfIWPZuWi2ai40dmqAXMrXH3yBgKRNZ6zZSbUUuJ1IknqmrQ2PKjC/p\n" - "sIW2awC6Tq+zrZ7vntDb02zY857vP59j8eolTDg1Vvn6l2ieL+WhAgMBAAE=\n" + "MIGJAoGBAKNE/KxjoKl5AIVfvGBm2o863+0/NS3DZsEo0nKaO2n4ZDeAjwezHYl2\n" + "HVCod3XUGRrYs4pAz0x7QYcWrI+v1RSy9JqouZeZsCI06lB/4tedve7hUN6nh+9r\n" + "AmxK/9RF7O2dosFWTss8ZdK7zYiNTOVcu9nrzpZCsx62TJl48l4VAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 r15bejjQUozf3lz6jNuv/0wS4SfPNLngUotrMPlAaVE=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMnBQPOJBQLZ3NAa70n6lGZGvS3DYZFNOZ2QnHVeVvOSFIFsuvHtnUdX\n" - "svDafznYAuRFRVqJS2xtKKGu0cmy6ulEbBF+4uAEMwQY7dGRPMgVF1Z33U0CSd08\n" - "ChCJGPTE7tGGuoeSIGN3mfC4z2v9SP3McBdAiLHisPzaUjfRTcwRAgMBAAE=\n" + "MIGJAoGBAJbj7YfrDjilYtStM+ujxajNuayX+IUE2ZXBn4ZD37BAVXSdnoDBnV2q\n" + "TMyelhaQlPHHlJKhDnU6l9IJhMYS81rHcavShnbq6xRk/MyIYT5m9a8e9zGjpFOu\n" + "++tnFR3CO9QM3PL2gKln9Ta+yRbFJ1Dut6Nx5BOsKQsQwU9Hekl9AgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key W8fUvBpKBoePmqb70rdJUcRT0NhELDWH7/BSXJtkXS0=\n" - "ntor-onion-key-crosscert 1\n" + "ntor-onion-key z3SSwtgbp0wv2AUpqmoRh+r0Ebc4DNy8s0nO9v/IDRQ=\n" + "ntor-onion-key-crosscert 0\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf54AWPPgU/Nb8b5+7tiKu8A2++ol5vtLVhgmd/ois9o+w9HAAPwWqmL0HXa\n" - "bYKrKPWQYnpQHQ3Ty0MmCgj3ABF940JURnV161RlN8CRAOJaeQ0Z8wBRLFC1NqLT\n" - "+GVdtewGeQA=\n" + "AQoABstQAa9eW3o40FKM395c+ozbr/9MEuEnzzS54FKLazD5QGlRAImd//fC+Kly\n" + "EP8g9NhXLgNwyYMPv4AVK/IHBodacLoBibzr3tjOEryYVjp5GMjdV31FM48yUMEP\n" + "684oirlXMwo=\n" "-----END ED25519 CERT-----\n" "onion-key-crosscert\n" "-----BEGIN CROSSCERT-----\n" - "x0vT5Wv7Guc0/Vu2BqomWwenh8oda9+8K/7ILi5GQL/WC29Tj51i0EE7PVSnSMJ7\n" - "33I/V+N5neauqWnbg7TxYaLsPfr6SpPTpBL1Xt0OiwT1//PvPYZ1gCcF3ig3KcfI\n" - "mreQd5C5Vri6ukWkMtz/zNDaDpDanzaNXTdaUXmFHF4=\n" + "iPAp07r37ZfIGSVkunV7GbD4wUg9YTzkfZqqK6v/k+PktFD3ymFMm17xSWB+iDBZ\n" + "kPHuPL7n00fARbs7hZxmxB+Z8VV8aIU2o4Tnh91NHVxd1WIfrqNIwKUIXt821Qc/\n" + "fhotsrR6u1NGcqHiUZLOq7DFCtX4xvTMXDnQA2Y3F1Q=\n" "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "fingerprint CC43 DC8E 8C9E 3E6D 59CD 0399 2491 0C8C E1E4 50D2\n" + "proto Link=5\n" "reject *:*\n" - "router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dg\n" + "router-sig-ed25519 I1vjiJ3q04pz1mO5zxsoy3ng4y3Ix6YxNEUaO7O83kOiU+VvGmaO+fzlXkTMuAz30BFm75Yckpeiqodak+F7Dg\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "Hci/Br1+NNymDZBmQy1QWMlCeLe8Z1vtZ2ZTj42jDhWg1OC/v72ptI072x4x5cmi\n" - "X3EONy8wQUvTNowkfG6/V/B768C7FYJYBId1GAFZZymXnON9zUYnE3z1J20eu6l6\n" - "QepmmdvRmteIHMQ7HLSrBuDuXZUDJD0yXm6g8bMT+Ek=\n" + "NRlkV2yLpVDu9fppAPrOyw6rcNvcDjATuZbiwL13KR9NOKFZtF9KQ+qSme4Y8Hcg\n" + "hjlVuRiShZPmjq3n6iktNRryn1+ziVrjr6WQQBZyd0HuJ86PAUW8LOC7bI18AzT7\n" + "fibS1unSsKBzcFjuP5Uz/ZGABG6lhbgvoleRbAFbd4s=\n" "-----END SIGNATURE-----\n" - "\n" - "\n" - "\n" ; -static const char EX_RI_ED_BAD_SIG2[] = +static const char EX_RI_BAD_HAS_ACCEPT6[] = "router fred 127.0.0.1 9001 0 9002\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf54AW8fyx54c7vQQA/AmShAitFP7XI1CLdifEVPSrFKwYq6AQAgBAChqjVA\n" - "/wKKJZ30BIQoXe5+QMiPR6meNxF1lBttQ2t5AhauZbH5XzRhZkdGo114wuyPNEM9\n" - "PrBwp5akTtari9doVy6gs3McqdoIbRdWevpaGj5g5oOEOtA9b5UNWQSwUAs=\n" + "AQQABstQATlCWYR3MJXT0ttJyn6HikvWxiw1QlFMUv6P9aVNxSeoAQAgBADrOgV7\n" + "plvP37tRpQENPGYV8J0+hJAK5YcnEtfnPFSIf2TimQb9VZZ4Zcn/7WLIsAkWP7lu\n" + "BPY5GC8YPPz5kaHDkrsX7LExapYw0KrrLrHHOf3DWuNayjzRfkPFOIitIAI=\n" "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBALp0Croi9zhpGxi9sUj54jr/flZdzxVVS+8VNldJG2c1soSx8kwlwotu\n" - "7mGGudJDAzDHGo5F5CCPEfQov2OmDehpefYUz/AaMLly6PrLRJlcUcpLogGf1+KU\n" - "1lLwE8kanXUkgvDhVQiFvNjy2Dxxuv3AHH4WdZZfbMbm8FJRGoHzAgMBAAE=\n" + "MIGJAoGBANEcIzy+Sq/G43SLJDO9cVZWUC9aPR6VX+C3A7nToJgl7eqRuI9EWdLc\n" + "ORZTRoLWfEeu9ciJpjfOdIt45Sz23lZ1ZULRQEOrgZ4rXMolSdVYMKPKuldvj6fz\n" + "t4QRUdkVGISNn7lVmdF6Dti6NNMdS0H+vFM4C6OK7qc1WY2qD3NlAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 6zoFe6Zbz9+7UaUBDTxmFfCdPoSQCuWHJxLX5zxUiH8=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMoI9vQT4g2sV2dViGOWOzxckk367T9sMjVwcYfJCmnixGxjWeKScQFB\n" - "K9v1uK73cfZR8AxiUGK4/iOX/9en14mJOGF7fftAqypFLAt1TBvb07IgXljOBoHc\n" - "Paw4oZoJQzEoazt0Oa181LyNnNIoaZpHVZd1+a1Gs1gKoM4xDBv1AgMBAAE=\n" + "MIGJAoGBAOChxY+BMY6iajCYdjz3My8oqJw++gvhnH3aQk+a+pmXO5dFnSeWnnxU\n" + "7kue4Kc/F9C5ZLdArObXegUYE7nge3Sss0gxlNj8E1eItCkh5mDXKxj4wGoYFxqi\n" + "tMuJIcMSkz6mt9iOIC/33AcFLHCH2fEPL9lNqKZw324+2B/HwBkZAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key KjyvXYkMcpke5ZsUYf2gZAUNeEoz8NAwYoQvvbcDGiw=\n" - "ntor-onion-key-crosscert 0\n" + "ntor-onion-key oOTk28yuw1rfN9ieyNcjsR41nmWZ3sMl7WAq/8rIyWU=\n" + "ntor-onion-key-crosscert 1\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf54AaGqNUD/AoolnfQEhChd7n5AyI9HqZ43EXWUG21Da3kCAI6MRHm7GpCF\n" - "/3zDGR/6jKe625uFZX9HpLt6FgAdGSJeMQ9W4Np9VkrFXAB3gvh7xxRzSgZ1rXgR\n" - "lUomgi7N1gc=\n" + "AQoABstQAes6BXumW8/fu1GlAQ08ZhXwnT6EkArlhycS1+c8VIh/AFfG1jFn0GEz\n" + "Izr4UdQrqbSIW4GnGZt/cWF+5GgrFqVLKjLQn0qL59+RcI5uL8t4HYMeX7DDW05D\n" + "kFEyCR0K3QM=\n" "-----END ED25519 CERT-----\n" "onion-key-crosscert\n" "-----BEGIN CROSSCERT-----\n" - "xJXvCCpP4ExBuT3OTsdn2HJB0HidupmQq5zBh8fx/ox6+047ZBOM7+hVxxWapcMg\n" - "PMXbcLD4L/FCBpA/rjnFUE/9kztdq7FH/rOdi0nB6FZWhwDcsZuyfvbnDTxz5iHJ\n" - "87gd5nXA5PE649SRCxW5LX0OtSiPFPazu4KyyBgnTIM=\n" + "WiHEajyWxVHtfGW2zk1P/oiayJ71SooJ5h8VTJvt3Ll6EwTk0OLKrT+WHfnKyIsx\n" + "Zc0ocAD/fB89k8aD9doEbyGhtxYOnbHzm+Bu/HBpHcsom3sJ8V5dAG7T0SsA2e7j\n" + "/nUR/px6AhyLRVTPCwHJffU7BgCBpZR5qpxwE6iFJec=\n" "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" - "router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dgxx\n" + "accept6 *:80\n" + "reject6 *:*\n" + "router-sig-ed25519 UPASGxdHFoEI9MK012Ip83qfdYAAAaaDpr/2xn4dDozCGisojWJ1Cdv5HDLpXRsdcjkvOjg48XQHMiFQHLWEDg\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "tk4kBNYqB8utOmX30HrV8YfnwBXYODIiL3M/juRS6nPn0uvbW7pjoZ3ck/ahgW+6\n" - "FNQsgTJnEADCWS1r6v7PcvzQjtrOUUpNxGJxYw1r8yZkvmIxSQD6GMzuTxq7o1VA\n" - "/wZYDLonLhCWRdPjxnrl12+z92NdyISJCHMLRVqs2QY=\n" + "m+JqBjl516GHFnz/BMCX2Fc3vJkZxcstqa1+QScfj+hagYlW97SyUSTlGrNJcP0R\n" + "F6ZP5p8DFRoyMPLUsHv3cXodSCmmlGYZLctIAlAwNPyvjx8K4viE4/ImEemoKWzd\n" + "D1ylziMbpPYQ//9w3a5zNrOuigFGKyQJdtc4eKbMkQM=\n" "-----END SIGNATURE-----\n" - "\n" - "\n" ; -static const char EX_RI_ED_BAD_SIG3[] = +static const char EX_RI_BAD_NO_EXIT_POLICY[] = "router fred 127.0.0.1 9001 0 9002\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf54AYYiKZrFWZ/Cj5mZbfK11MZHYbwchllsUl4qPqY9gfi6AQAgBAB4irxT\n" - "86FYA0NbZssSTmfyG6Edcf0ge61OwB4QD35kHCrvuZk2HnmL+63Tj4QoFqIVnwVC\n" - "3wRGJGcmS7y+vS64GUXbuyTgqgpl/KuoHo5Aqe6IxJlVWYtU6W0M6FV9tAM=\n" + "AQQABstQATYAnLUERikTHIW5W60T/eDjs/+G8GViekaCOpm7O5oAAQAgBADvnTrF\n" + "bsB6EXhry4mELlXb0xIK+zDsMniuXXOs3dZhondVXKfc/6XyytBWFt3V2323aYwg\n" + "W1uRiwqrqdbGGCelO6Vfp02HtSKOUELhzb3XRfJjrTTOf/ov0TFKqZq4oAo=\n" "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMUEvXTVTl5xkQ2MTEsB4sXQ3MQkz8sQrU63rlqglpi1yUv24fotjzvE\n" - "oJpeKJBwwg5WBW/fW0bUDJF2cOHRHkj/R4Is3m+2PR1Kn3UbYfxNkFkTE11l099V\n" - "H6xlsi0TJOJKlgrcbSuB7se2QctZVhwsdsJvFRptC9Qd+klAPb7tAgMBAAE=\n" + "MIGJAoGBAKKGX1tx5+kYDoBULSeIl8Yj+bfOwoQACHT/S/W9Mt3OKcfrjjaUxxoY\n" + "TYu9W4m0CbVOmTcNnB/StDwub+fhFgg/jf8dUywFuzl8Dv0+Elvd6rhr8sQO6UWm\n" + "nUpZL4yvOVehl5pcY9lIUYX8SE6akUCLo6S1mJ1/aUnNK6i9TxSrAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 7506xW7AehF4a8uJhC5V29MSCvsw7DJ4rl1zrN3WYaI=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMooTeSUX7GPoyklSd1/6cF1u8e2LbjOLIpZrMon0Xt7c/aNwlrG9rVo\n" - "TSokHs3AQ2H2XIceySVRRWR4AdX9KApO4CX0gGTuVUmq6hFJWMnHdAs2mKL0kt1w\n" - "I+YWzjUqn4jIVa2nMbyHVQWzIysWwWiO4yduIjAYpBbWd9Biew4BAgMBAAE=\n" + "MIGJAoGBANM184uIu8XUgWZBARcAOJSZ9UxN2aecqJ0QcicJ/OSt1GDrxrmIuvCh\n" + "+lGA2dT1uqGVJrrSKMQoBYsvJXK1gMFwvhl9pjg4LGkXLS3CUJffjwSxRJ2wF8Ga\n" + "yVC8SLWJqFPE7/ReWLES5Qx8/LqpJwIORwQbJc9r2g325U07HYGLAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key BN0I+pLmFkDQD5iRsdkcped4eZwGIuXnLiX2K0Zoi2I=\n" + "ntor-onion-key jQrLewVdDUe3MvTdLNB9H2Is2mhQx+TCOlbIdDyxTlQ=\n" "ntor-onion-key-crosscert 1\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf54AXiKvFPzoVgDQ1tmyxJOZ/IboR1x/SB7rU7AHhAPfmQcAOrIvaG/xJqe\n" - "adM6mai+FlV8Dbt6QrXTcNHJU1m+CUDthA9TPTAYz9D8W0mTEQ6KEAKGfQrNLy2r\n" - "G1B+9wWSpA4=\n" + "AQoABstQAe+dOsVuwHoReGvLiYQuVdvTEgr7MOwyeK5dc6zd1mGiALA5bpkro0Qh\n" + "9tV7U1Ym6Pngmgs/Tx8yUzwGIoefT4A1L14yYokNBBe9DQ207rA5y9u9WnuT5mZH\n" + "2mcZOMGzywM=\n" "-----END ED25519 CERT-----\n" "onion-key-crosscert\n" "-----BEGIN CROSSCERT-----\n" - "BpLBsl6Yo64QzczJn0TjdcXC1Jv9IhUG2m/Re3v0voCELOP+t5vkZXXLoVL23oKv\n" - "JheSkWiuAIEPsatb4afXZ8wZxPcQjwy3zTOBM7p9CG5fA+KYpqKTxAi+dhVYlcDo\n" - "M7S5nMV63FclkZIT70FFTHwWed1sAKwEO3/Ny24eppc=\n" + "WC79UXdGUGKTPFfB7Oz4qtk5uytmNA5XoCH4w9cpKOUBxG5Fc9Dol58STLr/AWoS\n" + "A9Gfx2zN5MoOyv34z2UlUV5Kp75zT8emxun47SqKv+lqRqRTtHrFavOkO0LbSRH3\n" + "bxYDdx/HmQnz48vQyK+VLm8lowsxCjgIBVmTKs93t3c=\n" "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" - "reject *:*\n" - "router-sig-ed25519 abcdvEzGFYMcJ/Ea7sbessW1qRJmnNNo2Khkkl0rEEgtLX0b4L4MMhK/ktS52Y6jX3PRQWK5PZc6gjV7Jaldh+g0Aw\n" + "proto Link=5\n" + "router-sig-ed25519 DA5Fd5XeIyZWetlWbLRKUPBZ6MLW16/C3/m42sSMV5ya4MRMIql9keH/m7apzd6F8UqHztuHnFpgfOXwyN3OCQ\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "Vyj7g3eQ3K4+tm49fJkAtsAYnYHcEiMnlucYCEPeKojzYStNfZwQO2SG5gsoBIif\n" - "urgQZ/heaF4uiGFg64UFw08doXqQkd5SHO3B4astslITvmq0jyaqzSXhdB5uUzvp\n" - "QCR0fqGLVS1acUiqGbRr4PiZ9G7OJkm230N3rGdet+0=\n" + "aGvBliAHSDUmrFcHMLuEKQVFY+zr6oYKgJjBe2G0j3Xcw9VpwSpZkgmZa5jJI0br\n" + "HJwA0sd8NhzGuP9oCLbRI6pdT5l8TDCM+zM/G93Sz3cgxATj2bxDTg9/B4HNObCn\n" + "1VufCazt1ild43svRJa2bLsqWKTRHKA8LGKmwYsvlWI=\n" "-----END SIGNATURE-----\n" - "\n" ; -static const char EX_RI_ED_BAD_SIG4[] = +static const char EX_RI_BAD_IPV6_EXIT_POLICY[] = "router fred 127.0.0.1 9001 0 9002\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf55AaEnncX/t0cbLm1xrtlUpkXghaA8fVuV7g1VF3YNfCaIAQAgBAC7Ki3S\n" - "zzH9Aezz5X4fbwHeF+BQEDfVasfyTxTI4fhRi7t3RxHzBJd60uEMXy2FchD8VO5d\n" - "j4Dl7R4btrohPVSVBQZuemBQSW6g3ufNl0txpFWu0R7vBPTFH6oyXYfY9gQ=\n" + "AQQABstQAUGR5G6d4pKIbn8TsRPUlzF3aG+bGlSRq5CmgY3FHvXCAQAgBADHVYAg\n" + "VsnLCsUgF4yKxR8mDyeVRASJ6Lan1xwA49u0MrcvHJDohop1C2fRi6npUKM+G80J\n" + "vebsEbexWjnaWURBrwx6YvvF22lw5TEc6dm8KxhGNOWSBFukr3tWJpn6ogA=\n" "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBALGKwzhOui2/jJPjU1ngW5IZRPcoDk7RAfGDO4xaef4VfAFHCV9CQO1c\n" - "/wQ09CcRdggTvUcv9hJTGJhSObUUooCkxw4/35f/A6/NoW1Gi0JqF9EsQWHpuAfr\n" - "n/ATlJQ9oGdTCNDq/BXSPWXhoI6UhUe0wiD4P4x4QwaYHcZh+lE5AgMBAAE=\n" + "MIGJAoGBAMebdGK2Ac/1eewX+boQNlZA+msq7kCqqS3FM8GRBrCZGm4MFCx6bDZT\n" + "sMWjOqN3FGPjN49I4GYlgkqlcvgaKFB/DGbXOn7X1W8fa0qzKK7okK9qtHMAjINg\n" + "RjZ4aHWmeGhsVpGD1ifEEofWWjx7/T8dx7XIvNdu2zgKVjuySdGrAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 x1WAIFbJywrFIBeMisUfJg8nlUQEiei2p9ccAOPbtDI=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAOKrizVm2h5/jE/HqqLCBLWJZVVoGspasCtDDqHhSqsPzyjpqa52iMKi\n" - "q/deJ92le3J2NJRGKxPmPQqWxwhIjnMS5kUMoW182iLpO/G9qyPZ0dh6jXB0NBLF\n" - "ySfW6V2s3h4G4D2P+fqnsnzQnAX7YufkvgDau/qTWi2CqD0CjavDAgMBAAE=\n" + "MIGJAoGBAOFfyR3mbBZMu85gSrw/VBofkCmp8CwKU68pEWc3SL29c6LjV9LCXrDZ\n" + "08jUZ1RRHR8hYeLaz3ZxLhOQ50JYw55w6YhLbfzZS5+xt7gay6M2iFjj6vH8QPqc\n" + "T1zFNy0DAYID6u2AcvTGrRdRPv9NBs64wf2fJAGWUXNPQMlCIjKtAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key A9h8jY9dPbhHTDbIc/NYWXmRP65wwSMrkY1MN8dV3BM=\n" - "ntor-onion-key-crosscert 1\n" + "ntor-onion-key 43r7FnWu5hrjSRXEIEGIOsja18U1+5/zMUDWqOlKSRc=\n" + "ntor-onion-key-crosscert 0\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf55AbsqLdLPMf0B7PPlfh9vAd4X4FAQN9Vqx/JPFMjh+FGLAN8xr/w3KFVi\n" - "yXoP/az6hIbJh0HYCwH8D1rPoQLcdpe8XVwFSrHGarZesdslIwc9dZa/D1dx3OGO\n" - "UhJOrdv51QY=\n" + "AQoABstQAcdVgCBWycsKxSAXjIrFHyYPJ5VEBInotqfXHADj27QyAFEDwHRfJikw\n" + "3q2nD4w+XXQg5kk4g+pKuFaVSIbO1Xem9F2Hd+0JgiLlDSuAgLeUKiZIqGAm2Cil\n" + "vDw1Z+8kHAA=\n" "-----END ED25519 CERT-----\n" "onion-key-crosscert\n" "-----BEGIN CROSSCERT-----\n" - "bLmdO7ME5vq+c9y/Hd8EyBviMBTeo85sHZF/z6Pehc3Wg3i1BJ8DHSd1cK24Pg48\n" - "4WUrGTfonewuzJBDd3MLkKe6epXmvUgvuQN5wQszq1+u9ap/mRf6b3nEG0MHxMlO\n" - "FLx5MBsScuo+Q+pwXZa8vPuKTtEjqbVZivdKExJuIX0=\n" + "LVjbq3IyLJSQ09ywgtPZ11ddpq6Mbldd7CsX7VAE66ihd5LMJmEVuugilHZqIvQW\n" + "JeXJylZWvqbwFEy4DDZCTZBh9aXUouZEIm3jNxyWDu5LKs9M/cKZTXcleWiipDue\n" + "yS72i2K2l9zPY+YoNMElc9TlC+lrOlpaT+fwR+93cWo=\n" "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" - " router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dgxx\n" + "ipv6-policy kfdslfdfj sdjfk sdfjsdf\n" + "router-sig-ed25519 T9pQHeYGU9voVeSoywCtL62Ep2EyYSO7DWjwVOkLxQccAyBa3NS1sBaEVEPXyDtnXeZQUL2hCDy4kEulLimnDQ\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "LqNGEa10zwSPeomBXTfgvBnnWAdWyiR7KYZq9T++jK4ctR6hUaWngH8qSteUrkMx\n" - "gyWb6UMmlxdfOG0sdcU463HsqV7zObaKya8/WwQ9elj3FfsToswUCeOaLR/Rg7wC\n" - "zcUjI5VsneQoXT2WVZbZBLsLB3+7QfezVHRMB377GAY=\n" + "HDzaU7OdsTuFtjmHwqXkJ/+DCkTyz1vzd39F5L1x2dDZHqk0DJNHy5E6jWpN4yqF\n" + "m3nvoKS2II8r06NX7gloF67lfwTtEVc11HZWqyuzAQPZZj2VlPGH/vbTA1NL8MjM\n" + "Qn7yzykq8Ry+mLVJ4b1vtZOHm67K4q3V3pSBG5AKO68=\n" "-----END SIGNATURE-----\n" ; - -static const char EX_RI_ED_BAD_CROSSCERT1[] = +static const char EX_RI_BAD_FAMILY[] = "router fred 127.0.0.1 9001 0 9002\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf55AV1AfOvQWKlWsbzoBdJc5m72ShIJuA8eNV15basjhXYdAQAgBABy+KQK\n" - "3oLDGtqL5kwRmjAsls/+C6SAoAALll7U7wNSH7en5RVBal4RUzCf57ea/KG0c9V8\n" - "2DmZ3PdOt2aY/M2bWGmmH/tyyapOoV98dhDwFU7zcx/pMfRnJTDRSDwl8QE=\n" + "AQQABstQAURbCqkJspCMD7ju6hc5A5b+nTEaKJ+Pay1TpF7nYZXhAQAgBADzX5sn\n" + "pjOeXa3eX/C9pVLjwtq5VRddbd7lf0JNlZ1ad3wtO0l5ETftHyU6QoA4g1ZU6itY\n" + "IQVLmIdvHo4nXMvUDPWvzEMZiD1epyNnVHglyJXMzC5dzUteE/Jdb0wx8gU=\n" "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMP6xbqbj+x1mq5XImjeT0rUzqKZTgBd5zvK4Xcy9IifJuFC9+mMzrY4\n" - "WhYbdClxKUkDMkit9MVhek+P/w5TSHKl6AuqGaO09ID+hZpoUSdoBUYktynxfGsx\n" - "kIDu0XvgtAeSyJaVvoV1SKVChY0IBbzUqbHt4O2Q1BhzFCKEJTEzAgMBAAE=\n" + "MIGJAoGBAMIwbAgXUtGKe8W2wsaJPqFz2cCaRZy+1ZHEpyMWSN69UDdl+QTEI5qI\n" + "W52+bXLXOCQOPLaFtSmfv6i09pPlb9XcyZCfI3W/01KgpKDWFji4QACK7BQCCxaZ\n" + "avKwo8eN0XSL5ihcPSZvSMFjX3AdAMLdtYdQVNpCg80NjmfHK1FfAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 81+bJ6Yznl2t3l/wvaVS48LauVUXXW3e5X9CTZWdWnc=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBANwWlBh7e/eSLlhto5YUdj1iGYOq+yAmlosDItVfYrSPJuUfM2ocMBAn\n" - "udbRbWiADoqsbKn/gwwHCC/f1HX2FkRXxxnOlJKLo+NEi8tGmOlcQXSQol1pCpvK\n" - "sA9TxtYr+Ft4LRpxNrexF+pIBxqzwetqQrZbKYr0CFJi8q1qlMynAgMBAAE=\n" + "MIGJAoGBALNX/+fYN5lj6v7UqrK+URDxRBPnrMGCv79WZ7lfSc1yaxFPWqAG/OD1\n" + "X7Voqb5xhr5bsszliBe2m0DfOTOPTQ91SyjUoPEXznfHYkbwGVRhNKNa2eN7E1Sl\n" + "xw2iSoCnZEpKSaQsLvHvIaYiWnhvHtRl7QCuAym1I1hPPw+BTnkrAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key cs1AP+xF5cXTLuKeOeItdoDAzfALTJkwk9lB4mtC4QI=\n" - "ntor-onion-key-crosscert 3\n" + "ntor-onion-key XjO8+6SaRrPblN+i3FftAlAR1SAij1e/Tlj6x2L6T3U=\n" + "ntor-onion-key-crosscert 1\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf55AXL4pAregsMa2ovmTBGaMCyWz/4LpICgAAuWXtTvA1IfAKo6ANUq+hi+\n" - "xb3J4aYafnszlj87oi/DR+SDf29wzwNw8gmaqGzJ5GbfISfABuTUCzlilZyVnLxi\n" - "BHcCH6PWiAQ=\n" + "AQoABstQAfNfmyemM55drd5f8L2lUuPC2rlVF11t3uV/Qk2VnVp3AFoeOhW877qn\n" + "nmT9epNCicfIcyEynHC2865A0htIKT1CCRA6MFNnCMPIs9TpYU0G1zyrvdObtPsm\n" + "w+QHaRhFuwg=\n" "-----END ED25519 CERT-----\n" "onion-key-crosscert\n" "-----BEGIN CROSSCERT-----\n" - "qC9Kph/kGtONR2DxZDoIFFgnDFC+/7H07EgCiYQdIFIROc+gGK9qBOgeFEptrkXF\n" - "XdE35xxox5xSASQvp7hjFwxUtJRGOtf2O98regqeeaz6O9VPXHkLf51uqX3bVgq8\n" - "KvFAsFFS66GxhtbrVjpyRgIwHAYvse1WVESfLuZZTn0=\n" + "q0Pp+duh37vyrIjY1gW+16ueGRoXOmFwILm9Eq/6zQedtnUrReTS4CqtkRvMTJp6\n" + "JeOOHWD4mcYdoC31NxaYhr/E7aafE/rzRZk0b5H5RgtixVdsrUUcFyWXLsYP+koC\n" + "pTk9g3nsOfQCF3u/p0nspsogkZd8qq4fLqyJDK4qh2s=\n" "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" + "family aaaa,bbbb\n" "reject *:*\n" - "router-sig-ed25519 3uW8Q1aetIQLOsqSco128ZUaHlhqdYiBvrxV7x75BGNS5RzIMTEwYDNtEX1LNPFJ5N0YOV0HEEOLhrJUV9QCBA\n" + "router-sig-ed25519 h4sKEoqV2V/jvbP+AM8dEW7gyXWzMi5u680qa0k4VvgDwj8mkQG7NYguy2O5ovZX5wTE81b9pjNmR7Fx4Wm+Bw\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "WuD7S/saTYBxKvItITbHRi8n+e6g/oVbosicfbRbafYPzPp4Prb+RK03UTafzXrV\n" - "QEQIzDNhfePcIMH8qX+qrogLMXFqiXx6TVQ0GqNvqirokk8ar3AgtRtewhChAuAj\n" - "8pmQTj2JpZn/iB3PCE2l/93O9LHZfp44hc8QOWKs6BE=\n" + "qEFvYELbbiKjTnXxmbYZDHdeEDIAJrIhxbgLfTFKI6LlOQ+sy5XGd+fCU365U6Mu\n" + "0jOej6XL1XQaHE1tFhviGj1pNLlaKL3xK/VDLNhjJSR20adtOQo7UX5NutWhQdSv\n" + "L8k5Kqc43XXhqQrMC2nKdFAF43mcp3MesBAnkJVFBqw=\n" "-----END SIGNATURE-----\n" - "\n" - "\n" - "\n" ; -static const char EX_RI_ED_BAD_CROSSCERT4[] = - "router fred 127.0.0.1 9001 0 9002\n" +static const char EX_RI_ZERO_ORPORT[] = + "router fred 127.0.0.1 0 0 9002\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf55AW5TTGF9jCMl7aALZzqypD9Bj8WYnAPIrKCoIJdgMbY0AQAgBAB7eCn8\n" - "rukx7t/egZUdqU7+FYqsnO4wdmOkLZkp0+gpF3jjk6N1Q0037NNVNZBjONB0Nm2F\n" - "CpB3nWSJliSSKr5tOYsuBPFy5VVGYeKPakpOoxanQ1UcqevMBAQy0zf9hwA=\n" + "AQQABstQAUmwuikZ7vHosMBCYuyHaTxtFLZstIlPgiR7CYZNyfC6AQAgBABYaoui\n" + "ahSEC4liv03C91ZzmpKPUy09X9nOUYgRtb+rsJ6/GklBLyC1pX7YGiCbUfnRcIXE\n" + "PRaFkYvku9qdIvj8Zxf+dxPLOQbuNbR7Ky2oLVgLJnC65N5tzoqcN7axWgY=\n" "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBALeS5YbeDuKQ5iiuUvh3REoyJ47/YU9lslWmTrVBf9b66pMnYJv/awPu\n" - "m2HredUAJ3VzwQ38VJA39w3fQXUhQDnQ0OPpKzeAmIiuG+6WdW/mBSK7uKcezC23\n" - "LA1d6Afyl79LjZz/n+ENXqNMlJk4QPcPHuRnAvwBl3t8YVRPJmxhAgMBAAE=\n" + "MIGJAoGBALbQl2VvUsDYFiqLWZdJI5w44z8mmtrDyYC2in84CI7NmBqrqODyVDDV\n" + "xU7ZJtIfzmBFiN+oxl3Xja+p2UeZ2qhaPxNwBvpkj3uLoyqjrzxRvzrXOILxrJq0\n" + "zsVU6F9J4PD8khEK472XsnEwmY5wK1cVNm/n6eodGppqQbjMal6XAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 WGqLomoUhAuJYr9NwvdWc5qSj1MtPV/ZzlGIEbW/q7A=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAPprokY7utWuO/0252dBB5MCxmVD/dROaIBDyFtpdH+YVv04rkOlDzYD\n" - "W4mgHVBMxEm/cspTgQmJ4exRHJPpcSe1RYHt1ONZdLYr6D7OOWf0y1IUrVSzF6K4\n" - "lqlmNuH1H4+TKGbkvixYc5GU/2ZmAy6gFEuphYnBbsN2Ywc38mnfAgMBAAE=\n" + "MIGJAoGBAJ71N74R9kO7XgyH0CH2Z4qtr2YKwu+U4FCgBZozMoBe+vcynzNNXRMR\n" + "UOKl+hD5nl6CjDO+1Q36iUJPu873CzZv6SXsICnMIkFx/nrMD8JGEiqupjj8H4SS\n" + "t3hRhlU6pStjwhqqJozUVinJ+CKCwHG9UnUBGiPNRAwAPU+2VVcHAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key Cgo6xniGfEiuYoLSPUdE4Vb2D4zj2NQzC1lRjysRRXs=\n" + "ntor-onion-key 6qko2boqKfkcENCGbCSZ1RbZN3TY2AFqo5WMFnwioC8=\n" "ntor-onion-key-crosscert 1\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf54AU3MlHAEtdPdAyWJzRBnh4brXbCR9JFLjLM40hsBMoscAJ8cHMIc71+p\n" - "Qa+lg5JiYb551mLgtPWLy12xdhog7SXiJl3NvnMgbMZXHDqkU2YZCidnVz+xqMdh\n" - "mjQFK4AtRwg=\n" + "AQoABstQAVhqi6JqFIQLiWK/TcL3VnOako9TLT1f2c5RiBG1v6uwAIB8Iig7LEAU\n" + "CcznIarqADUWZK/MjxQZHoCdVmb3DlVZ86BWnulrjUnFPINqBRsM1m7a92AHJI28\n" + "SdQ+PEw5VAs=\n" "-----END ED25519 CERT-----\n" "onion-key-crosscert\n" "-----BEGIN CROSSCERT-----\n" - "bi4M/AJLZF7/vSNmOj4uhrgKBQA/KfcZy5e58mhGL4owxd9vaWfl3aelvb9jf9zN\n" - "Q7FMv8f9aXzeVIoXIpRJxSKIJgBtG2wnMumIc80pqBvTyGInharszb6njfm0bg1u\n" - "PfJkbQYyf/dA5l5UwCrjFs06ImDmjFTAdsSWf6DfZ/k=\n" + "VAzikUKMdtT0ejXQ9XjA0IFKYyJK3LUpwYRx5jHupvpM9pMww1UpVORwEySOuu/l\n" + "iWy+YT2BJ1T1gybHO/BUbMUOCJs746wKaRu1TNoa0iB5hBS08eZHsLcuMPWNj4HZ\n" + "8ul4kp0JL6s3SwCyHPx+3ZiXWlAlyixIMwYMYp3iUwA=\n" "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" - "router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dgxx\n" + "router-sig-ed25519 wYbZMmEuVaKbcQVwPDuNfqoowIUQB2AXmLhuZn7x7c7Le1K6GJvGxUP51xamZNJtPZpb3B2hY0Q8x+gk5JI9CA\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "io16v+e0pK3sbFzPGnkQrAjrRgIOJHrVZ1RXcxZ1+UNXagWM/MOLhQpkU/cw49Wd\n" - "4rQeZD3JQh16330eXbxc97AyDgp0b30He846SI0MfW/DnmGI8ZNeYfLbMv2bmbs9\n" - "QULzyIH8C+5mnMI1arcuiAua+Dpa34F79vgqPuvw5fU=\n" + "tiwHHQTe0A/QpY6oom3lG7CbFvTtd9KfAyHN8kZAxo/mctogQw3ZBZbUFZWhrQhl\n" + "L57BcL/UgaAAtl7eD3X/91uaoEZl/avxlmvgTEg59aQnBzhAkhj/ZYOjQqTTlfWS\n" + "fv8wOQgiuJSKTBBY2LZAJyMDj0oI7PK2JYBtnUvi27A=\n" "-----END SIGNATURE-----\n" - "\n" - "\n" ; -static const char EX_RI_ED_BAD_CROSSCERT3[] = +static const char EX_RI_ED_MISSING_CROSSCERT[] = "router fred 127.0.0.1 9001 0 9002\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf55AVB+j+B2yPgGywvp7nvejyhMh9ejKmw7LCwufV83Zl9eAQAgBAConA3B\n" - "jJ3X2tES40jd94rRUFS2/s/Yv7E4LEQ9z0+jz8horNivzK3O/t7IGxJggi+b41/9\n" - "Uaqt+wqtVuKj0xJ9jwBlCXFt28G2P9s4ZyXYgGZqo7MlJlboybnOMvmoTQA=\n" + "AQQABstQAbLkl65prybuOHnQxRi+wVzjNlEsViHPH/T6RWQHtNaIAQAgBAAEVy+i\n" + "zeBNENBHHpiag6H+8XDe77msq4YHvxeycWRuJjjNnEcLLQMbtnNFmgzKWwGT2uPj\n" + "+U3Z9Rg0+PRkXHKnJKZJLYrglWHjQdiFELn8opGTNX3rkd/FdU9Ws/Fliws=\n" "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAPWuEWckT4aYAVNrZzLA8xVwfXp0wzfXeTWBztLS8VzssN6w/+cwXdeY\n" - "N1YNc2DiD3u8f+7kmuZIqL1EFQUwTvRwEzQXm2dqGM7qkm5ZGNMb5FKu+QwO2ImI\n" - "FLNiO5zO/LqP3cf/2L8/DuvruLenUrhRtecGFaHmhDYl+2brHIiPAgMBAAE=\n" + "MIGJAoGBANyNH7TLjpmgV1TTkT716iNp9tpZHwDHoYWduoiZntmDHpRN4rp0AdhD\n" + "LQ5/JEdW/XjAhcnynzINgvGw1nK2XiC/UdTv/Gx6/6Nt9Izn7oAT5YRUOOUaBDYm\n" + "9Q8uNo8d/4FrXDEsxaMJme88v2Z6LJd8FozBwlkfeTKdOJon6IabAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 BFcvos3gTRDQRx6YmoOh/vFw3u+5rKuGB78XsnFkbiY=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMtHTfk0gDvp9+PtIG8Ks7rgCiJZ2aihSvr6WaKHYuIprgspFuga98cg\n" - "D//J80CrgH5Dw68YnkG+gU40IxP7YzhQ4glFlJGu3s2y7Qazcv5ww1XtHur+GDoA\n" - "cY0zCLhltNQFxIsoVUepY97XA6Y2ejYJjyqNXQcAmoPNoVhnTdkhAgMBAAE=\n" + "MIGJAoGBAKT6X+Qm7moNEV7o0oAcrbzpOa0UyOkqWxQkfijqcMbreuMXvfLyBB9l\n" + "dgttee0cf0LmWWv9nBtwlbQNgFzkOwcvPRQZ2e1AiFsk/bFlQ5Ow9nxRJoUboL/r\n" + "9VCaflE+ETtV+fTl5R1sn3j3OsxK8SOhOl5s+6OAisp3wEaVhjVTAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key ibZf57LptdOK3WpVFXkYMatEEqPhuVWxsnkwF6638V4=\n" + "ntor-onion-key DqsbD32Vw56RVM6+gdrE3x0b3DqBsuMsbwOpzYPSB2k=\n" "ntor-onion-key-crosscert 0\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf55AaicDcGMndfa0RLjSN33itFQVLb+z9i/sTgsRD3PT6PPAEbkxCdI/bH/\n" - "B06DAjRuoDiv1HKsGuW+UN1iGEiWu2ieFzf3m0Z7BL9p2u2zIbHYkP50b3T3sebD\n" - "1AksemmMdA0=\n" + "AQoABstQAQRXL6LN4E0Q0EcemJqDof7xcN7vuayrhge/F7JxZG4mAHlxXgoRkCMR\n" + "QRUsroTKgpVFI6FasFLpfbn1PNzhBwrA0x2Jf5VftmgraI40+oLxL9SiMGzakBfJ\n" + "FRXjeMEk2AU=\n" "-----END ED25519 CERT-----\n" - "onion-key-crosscert\n" - "-----BEGIN CROSSCERT-----\n" - "BpLBsl6Yo64QzczJn0TjdcXC1Jv9IhUG2m/Re3v0voCELOP+t5vkZXXLoVL23oKv\n" - "JheSkWiuAIEPsatb4afXZ8wZxPcQjwy3zTOBM7p9CG5fA+KYpqKTxAi+dhVYlcDo\n" - "M7S5nMV63FclkZIT70FFTHwWed1sAKwEO3/Ny24eppc=\n" - "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" - "router-sig-ed25519 XS4zVi46Xl3xKhuozPCDlW0QRFD4qUhJmkefonQNsRlMVsrPkALnP2tfnfdfTc69hbNa22pOjJNf6Gm505EnAw\n" + "router-sig-ed25519 Dxt546uUdpCxCbO21HaaA6JtW70Xsx5evw9l2eVlWpGDzCTfGO4cMlIUku4ABQdrT6wk3Er9qL5paNyhrYjfBQ\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "Q+R3OpO8VhfvFbXuE5qolhVbgosBHy2A5QS91TMzCbsxa8pBA6Li4QdPR37wvdLq\n" - "KayfmmNCMKU5qiZMyXqJZm4fdpxiSi50Z0tYlXM3b2OVfza3+pSOEBl89fN6G4Qc\n" - "pAmM14eEo1UzXrqZw76tMS2CwOYF5vR2xFGCYC0b5hM=\n" + "ik0LYc81zprhK5GN0SxE1ikzF+sAzCjo2vhFsihljOyg3d9XxhbriTpROJeUe8Ig\n" + "PpgLPeJxPFOvs5jC2XeTAOpxdYyMqC7d/RfupG2v9qBzcj9a84p+tOP1DZKg9snn\n" + "NZS6fGWijh+okwRlvbFPk9e4Z6gJUSLthTUhz6P8/LA=\n" "-----END SIGNATURE-----\n" - "\n" - "\n" - "\n" ; -static const char EX_RI_ED_BAD_CROSSCERT5[] = +static const char EX_RI_ED_MISSING_CROSSCERT2[] = "router fred 127.0.0.1 9001 0 9002\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf55AaCfOaispi7dJhK0c8HXJHIwoBkMgRpmmHu+3Zce/soMAQAgBAB5bAIo\n" - "5i4TSY/bV2KQAyziRwvgJm+nEiECClflPbP9Um+zOzOgxtDmNnR5UFQj+VWNG4uf\n" - "5lnaryN+PfUXZMTcs8AARof3fFz9tVPINHDrsGvKt8gpzgZEHkVioAXOFwg=\n" + "AQQABstQAXpNZkKl/K3IRSQvhjsdeSGChzvAux17KOfhfmTGqNXIAQAgBADG8kM5\n" + "+9iJxF/Hf2jvvpiZddN8V4RPcJH5i3tIsekmwsaoy3FMnMisGFsOFUjxtSRLmAM5\n" + "EtGNJayNNny0qDRo6o/LxmXhl7fVxQPnyFEPjSn93cLWVV6/0LjYaYHUsAo=\n" "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAL3Fr/ovZ9SMGYrAM24taKBm/NpemZaXdD/JeBXFYm5Zs3szLwJC4Etm\n" - "zjNL6tVy+I21O1g3cs16TkflcidsjPXNx//PHAn7bqWMekjrt3SQdkHW2gDPgT2c\n" - "zYJ/hBR96JYG796jP3pkfJz6Iz5uT/ci3A/cdaVbzM1uZbMUgYGzAgMBAAE=\n" + "MIGJAoGBALJTSfgKFoMA5o4dDduwgwHfjU2KE3rZ430TGK9xhBFrum2wG8ct4my7\n" + "LS/EbTtxhQjNSrW3D1loThQH7H//cjjrtZyFs4cKwIimpnkRWpQzDtjSUF9vwAGZ\n" + "nUPuStPG/hBvJROVUmHV15nAgi+bWigEtXrNCPlpGaojBBIqDRAjAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 xvJDOfvYicRfx39o776YmXXTfFeET3CR+Yt7SLHpJsI=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMHB+1dWa8BBrKE94vTqfbkSEuysG5LyyZF/WrqHq/3W+ocDLz795k8O\n" - "2Zvgr9im/Ib4hD7IyrtRexcuBdwujdG7cBALdCcWiUTGAMkl96HNETSX+lUVIpJ9\n" - "pMsc9O7+yz+/0Cl2RpILZCdE/7I96qHpZl3tzlRKSu15WeIm5U77AgMBAAE=\n" + "MIGJAoGBAMXYiBXNlbvmWAM3tVe2fC7fazqaQzsXLH39QRhPE2DyldBdsmf8anc9\n" + "0rbY8uS/O5WNqc0KK0wivSt8zDLxfkw9GFM3WKgvdiqvRkmpOs5GDvzRdM/yGRNc\n" + "gCUBe9q/pE6LQJqoWx6cCcLKGG9Ga8c4WB0ttpiVc3cfoFXEz1RbAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key GXi0a2VLcRHQMMYys85zu3IPqOn5ZTsOixYyQvTGnQs=\n" - "ntor-onion-key-crosscert 1\n" - "-----BEGIN BUTTERED CRUMPET-----\n" - "AQoABf54AU3MlHAEtdPdAyWJzRBnh4brXbCR9JFLjLM40hsBMoscAJ8cHMIc71+p\n" - "Qa+lg5JiYb551mLgtPWLy12xdhog7SXiJl3NvnMgbMZXHDqkU2YZCidnVz+xqMdh\n" - "mjQFK4AtRwg=\n" - "-----END BUTTERED CRUMPET-----\n" + "ntor-onion-key N+jVTn3dmb40NOrpkFGvGTskcX6mGPp7uruGdhIlMXk=\n" "onion-key-crosscert\n" "-----BEGIN CROSSCERT-----\n" - "T9NHMBhuJo+TlfU3TztNgCc9fK1naNRwPOyoqr5R6lJvJ40jkHnIVOFuvuzvZ35O\n" - "QgPbyFcMjv6leV5xcW+/I9tWaBUFXiRGI27qjCFth4Gxq2B6B2dIcQliLXSvW9b+\n" - "CMTgDwVa4h2R2PMh18TRx1596ywE09YhCgBF3CwYsiM=\n" + "Cnbs898bRLOgjytkt2bzfJmewumRwscGqXDMG10y9QtU+MuZuTl+Mv0w/GmlJG0v\n" + "H8ECNQhv642hJOBOuiS1huF4dW2lEhFm+xh0LaxaGFFvJRtuH6NfWDmI1bhN5zbK\n" + "RqKeu6QamghmtcwiEym4M1fPPkGbOY2nwJhhEEZOQCg=\n" "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" - "router-sig-ed25519 sRpiP9kyW/DGOphp4V2VCtcKNA8i7zGuv2tnljNIPTB7r7KsTvdUk/Ha9ArRQEivO4nC2HHENtknDl3GtWIPCA\n" + "router-sig-ed25519 nZA7TcgGlFa64ZViIMqIVNP3d9C6XGY+5so6Ll2Yeu31N6MdIbwrYL99nfCkfwyD2islcHl0kp45c3ZZrkmQDg\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "DtORw3+gO/yUUIp70xDaWSOgQZrJAAoZTNCB7q5WCoZOngeaCiC1Gtc+Fmdn7tER\n" - "uPqQC5H/Kh3Mi82PCj0JxvNivnNTNY1AZVaIX5YoioXVOkWF0B2pqMvFuDSdm2oJ\n" - "29PqSVcklquu19EjJRTopIHvYn3sFhQL4LarMsYY11c=\n" + "gD19cH/jeIsTBAjds6FflLMXw++Ix9MoWEfFDPAxbD07rdjtU9x6Z9smDAUG29/v\n" + "bWvaQPz7mD62IVu/IxINEVOS7vGrSbgvFKzUm9a3FJiQf8oWfHrNE2PNPAZ8GCgF\n" + "sdyo0rXyPgMkuW5ZtxDxejaybzVBkIbpADFkJI3B210=\n" "-----END SIGNATURE-----\n" - "\n" - "\n" - "\n" ; -static const char EX_RI_ED_BAD_CROSSCERT6[] = +static const char EX_RI_ED_MISSING_CROSSCERT_SIGN[] = "router fred 127.0.0.1 9001 0 9002\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf55ARMMCtQ8pObC5bq02AUE9Lx2bqsZBBkeOsDZVaEq6JavAQAgBABtV0xF\n" - "CsWXL/uFIBnoEsnXBeU1MvYRFrj1vR7QHdWXnxywXvBYUAC8lu/uyc8qqLp+aQSJ\n" - "5JzpDYlg3hp1fl5k97iv5F9WrR6s554YpmgYy9agFaxZ4LmRgz7n0UJ8mwM=\n" + "AQQABstQAY4Q/FgXCRTVdPYd+7V5rMNtz2yUwCCUHXzduBIWfmbjAQAgBADwQyw5\n" + "OWRsl2fz/uGjbzBhT/2AqRNTZCZ1oIR/Lf8ZhY/JbQRCrYwMqMfJz6AHaOJ+gYE9\n" + "Z/ooJfYDXMkhBufAy6pgq5HQKKPY9f4drPGrcspQSilJYNsc7xdaPKHfAwk=\n" "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAO5qd1TndKD2pEs1ZLWsHlvfO/E7cA0H7NKGLSioGpBf4P0rtkueX4ci\n" - "kJNa/4Fn/QsLECqEF2lUjkIc8YL+HMS6qteKvN8+nn16DfvnIhPDNZWTJjLl1bOI\n" - "sWSSiduhanoWQnhRtl3Rxg3opdNd9ApO0DLUNy4Qy18Ai6SgksfHAgMBAAE=\n" + "MIGJAoGBAMk3FKSQ9eH4MipJoEzJ8ts3ujO8ed1YutjfFuRZVI658MX1ra9wZdjs\n" + "bKfICz0CoT3uJMs5QesGh75r1iXZuFcLq6+WJq/kzI2cIhdDRMQsP48kbKxhwI4C\n" + "FkDtK8urxS7Qpq7R2OhLjJwwrN2BcWa8sIOVXZaSp8qxauE11OoVAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 8EMsOTlkbJdn8/7ho28wYU/9gKkTU2QmdaCEfy3/GYU=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAJkMYNpK7eJJyGwD/xG/iNg6gzzbIwrOSvmtoP7Rot42qtBiQ9A9kdsy\n" - "sazwkWkM93U1+1OaAADPYxeHoyHnuia95Cnc5y2lFSH3I7gnGGSPKSTwXtdyvDWZ\n" - "P1LbmQ4Bnh5leTCNZ/eFC4/GjNVzqHxjbb8a11dQhA8dOk8PrUq9AgMBAAE=\n" + "MIGJAoGBAMGSYXKAwFsZbEbRjiHyGoiiq6EdY0tW9hrmW1ma1nMaIoNbjpR1AVOh\n" + "ItYigmRi9zwLZy1b/P9Q8dlazdafc0bb+TISwu+4Cd8BKa7Ca2B43JAR1i7StxpT\n" + "DMw5/QqrFw7hiTrFN3K1RVH3ZDMyCD+KjjfQh0RM9ytf3ySniUDFAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key HdSQOqvLr4YnJE1XzzVIddgKgnjaHKJqnq0GqF4wXDg=\n" - "ntor-onion-key-crosscert 0\n" + "ntor-onion-key t1Ps5TqoFvAJxqCLMUcuoovr8Nq2AzwjDPB49Mi48SA=\n" + "ntor-onion-key-crosscert\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf55AW1XTEUKxZcv+4UgGegSydcF5TUy9hEWuPW9HtAd1ZefACVwif1deQry\n" - "K5GeemRa32sGzujVDDe75WRiPKFT3l/EtjTq3oeVq2xwbVJklnG3ASejKTr3YcHt\n" - "ov0jOl0jywc=\n" + "AQoABstQAfBDLDk5ZGyXZ/P+4aNvMGFP/YCpE1NkJnWghH8t/xmFAIQzKPwLjOWJ\n" + "VnP514SdbuwehSRrkUMxBSqDxzsDyC5pUCqJhrj3EuXDAMeW5Hz5ukuimdIJyvPu\n" + "2cLXN/1Emg4=\n" "-----END ED25519 CERT-----\n" "onion-key-crosscert\n" - "-----BEGIN NAUGHTY MARMOSET-----\n" - "BpLBsl6Yo64QzczJn0TjdcXC1Jv9IhUG2m/Re3v0voCELOP+t5vkZXXLoVL23oKv\n" - "JheSkWiuAIEPsatb4afXZ8wZxPcQjwy3zTOBM7p9CG5fA+KYpqKTxAi+dhVYlcDo\n" - "M7S5nMV63FclkZIT70FFTHwWed1sAKwEO3/Ny24eppc=\n" - "-----END NAUGHTY MARMOSET-----\n" + "-----BEGIN CROSSCERT-----\n" + "SaVwgM+jd1yrKldHqi8XalnXOplkBHFOn6AXtxDlCm4rnsb3Spt0006nErCDJJQn\n" + "xWkcz3mF2g3Hdf6NeSvAkH13SfqZbHZXQeYVtQHrmIF7TEHL6KHVNJD8ZxIoe0xp\n" + "IawxfHSj3FHheiVvXGamM/7fpWyoNvYP3cnZJv6zqCo=\n" + "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" - "router-sig-ed25519 lNY8TRX/FZdH5eFbsBkFHuRi8bPDsE5P+v7zExyD/IXnKS/ffYlP8qw1XIPdEDOIzGQ14+kyPX0SotaAqHRtBA\n" + "router-sig-ed25519 f/KOmiv/aPMOnY3S4sKQsnp08KBrQVCT443ehtvYtiTnaSuxUC5tYY4S4rbQaGjNRFNX1Befwi4OvJ3dLFTtCA\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "BHamS+epF77iozo5cBt+tbs22m9GhwY55DRXpEWAtvn67jsMnmn7qCOLONigK1RT\n" - "adZNezIydcCxXltgHTdKaZw4lcqv3s0KL8kI8frbBmm7PjXtWnrdXBYY+YK54MN/\n" - "t4N3162o9hzzKSwye0gPjgzpQ1xtEIkzWhBcmE9Vw5s=\n" + "JtCuaAENvHhc1tLTI9kkUsRne/OlEeIgB6f+BqMIbxWDpmiw2SHTbYVx6TbKZ2wU\n" + "qR3R7SvapeGUIfoVhvVEzxExYTRvFvF/ICDs5vve1aoWilrFstpXsMcL5tG5+ljm\n" + "cGJ5PNsTJXrlOy7p/UEHyvgqWcMKxMRBjgMe6je5w7w=\n" "-----END SIGNATURE-----\n" - "\n" ; -static const char EX_RI_ED_BAD_CROSSCERT7[] = +static const char EX_RI_ED_BAD_SIG1[] = "router fred 127.0.0.1 9001 0 9002\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf55AfVmH2ReTyatl4VnS5YREtCM2dwikWuAPffq6M5bysZxAQAgBAAXoqE7\n" - "taqwLDXLZrZukpF1eBkCwYQK9uzctHTuMdqOHChguvkfX7V4H3O76Ayqvz+Z1ut1\n" - "KYRdgiArn3viRaBv3ZKT4Z75suMI3bjqGOSGLAKfOa0uLkOmKblHHhSUkwQ=\n" + "AQQABstQARhWF2mKrRP75a4g/xPp+fAkIlyKgZa5rKIzGZJiABheAQAgBAB8rr8g\n" + "E3MaKYmA93baIS0pvM2tjjeozZTQVzCrP2PykhNcs24ytb7LHgquweVH71Pk3Ltf\n" + "Dvl/2MoSFelmOjq4ikrLjntVmnIO1a3aNpt8XmeqjrVg3pBlXqdLdloedQI=\n" "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAOLNugzUezzzw+N1SuQWzILJYkUJyQDoVXSZjT0dzBplHCjlrv0WZCUP\n" - "/pbonE7SlCChIovHcdiASaLj7MVaGgYDq3M1Vtgt5vhgGl10/+evBAD1QEt8AVfr\n" - "5+PH/sbZvOWucAhNUhOlqFKAn4vdRY39VEEXC5/Jz5fsk1E/DBu5AgMBAAE=\n" + "MIGJAoGBAMnGnWWnyF3uo3aFhiph4x2i6yjnHC6ssgDsDR1UA0dUZ7938LcOMPU/\n" + "WWUQP50kRx3l7lWPRd3IBm8Xqkg5QFKIoB+0UmHp6jqpVv6p10EyJ7Am0SYcswre\n" + "vIZzz6XLEAVeeKVBW5p53KrzIhi8cjbOIofUspcBlHX9omB6Va2nAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 fK6/IBNzGimJgPd22iEtKbzNrY43qM2U0Fcwqz9j8pI=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAKxzg1hsYMS+0zAIrgYxSGO0GbKRrL/VhdlMEGu7ACaoqlGnmGQS3B4B\n" - "gLk8xDdx9N//8+YTx0hUIxP38w08lubPl1WXMq8s7wAiFd06Nklf65mHs0sXVtS1\n" - "EG3f97PQqmBpEJOwYBATNcA9e6F62P8SXNkpSjOzNaE0h9wHNKk7AgMBAAE=\n" + "MIGJAoGBAMy673ilZFIPOsfMdt1sNYFw9Na/UoOGH8peXmGp5gpFpkJSHamZpqGj\n" + "8OdW+KVU2/WzS96fEQ01wC1IiXwcjUtrD6Ny2JKJPARxPADQ31hS67z7gDVjJe9Q\n" + "vFzYBf5x3aBKjKHbFMUz7y4L1IeBYfb+F5RBg6yrDA6LsPKKhJdRAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key msdr3O4W4bm/xdmZLzj35363ZSFex8yQxLWsV3wRCAQ=\n" + "ntor-onion-key /7ar3nf3rOfiv8Ab01rqVT/ku2jiWZgHHMGW14GPhTs=\n" "ntor-onion-key-crosscert 1\n" "-----BEGIN ED25519 CERT-----\n" - "VQoABx54AU3MlHAEtgPdAyWJzRBnh4brXbCR9JFLjLM40hsBMoscAJ8cHMIc71+p\n" - "Qa+lg5JiYb551mLgtPWLy12xdhog7SXiJl3NvnMgbMZXHDqkU2YZCidnVz+xqMdh\n" - "mjQFK4AtRwg=\n" + "AQoABstQAXyuvyATcxopiYD3dtohLSm8za2ON6jNlNBXMKs/Y/KSAFcBPlSKXOxY\n" + "F25sS5nNj58Z13bBW/WnQ7Dq0kYvS4o80iO4ds91ktwMZiiadfVu2az6tjNRb5+o\n" + "iShsVStqfw8=\n" "-----END ED25519 CERT-----\n" "onion-key-crosscert\n" "-----BEGIN CROSSCERT-----\n" - "RJJRiU0vjVtRi3bVZru3aTvV5l56X/WOOp/ii316yPAS3aAMpOm1+piFVR5MNqcB\n" - "ZGyrA2Kx0hawdL2buU47iZ12GOCi4f1Es4V4N0TQgJICsKX38DsRdct9c1qMcqpp\n" - "1aENSRuaw0szTIr9OgR7/8stqR5c3iF1H5fOhmTi6xM=\n" + "TnfcFWCbg72d4tlGSFpe/FATTeRcJVF2R+c6/d86lyPwntkdF6eEJDesEFW2Leil\n" + "CQP9eJMiBbaEXU7xcMn9irguQl211lZj3+G47XUFNlORU+HWAR5PNeXj6jSGK89Y\n" + "SIduafU14iKNUy2fzAFZooem+OzzDwMKIxTUTiqItfg=\n" "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" - "router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dgxx\n" + "router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dg\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "F3ZqvsyL6RRhPEnNFFIZY4WJM7LK082rseWzRkGNXjwoEwOWUK8enQ4Wjit+wozW\n" - "4HVIY1F+vP7gm6IiOEAFgEpB4C8FGuyoFw2q0ONA2tqTcvBJDDnqbx08FO7v2Dij\n" - "d3ucfc5gf7YNaoFCMMuyAzC56eyNk4U+6cSKy6wnJds=\n" + "p0PBLzGrU5B4BIwcVcTiJCsSdnWcglG2urJuOSWh2tHx0lWIg5kPUX+WGMh/xarE\n" + "0X7xQt6amBZxkL/d70RM222CHg4IwXhRAV1qotY9cBNDKS6nop1Pkx1HOCqmsldy\n" + "VSmLG15Igt/y0aYvxPhVDfPUK1UmLH7eYKA7lKOCAbs=\n" "-----END SIGNATURE-----\n" ; - -static const char EX_RI_ED_MISPLACED1[] = +static const char EX_RI_ED_BAD_SIG2[] = "router fred 127.0.0.1 9001 0 9002\n" - "signing-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAKT6OIN6TsDB+xcp1uLeE0K3aiHGqa7hdxMBGpvcD0UFSyzpVv1A/fJa\n" - "tClDCwTpfTGbyK2L7AO75Ci0c7jf6Pq+V7L6R7o12g6WBTMrgsceC4YqXSKpXNhi\n" - "oudJyPfVzBfKcJUSynv89FUQOyul/WRRqWTfv0xUsJ3yjuOESfCNAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf55AbBV9NVz0Hdl0Uiv87LiXaTAoeSXE+bheNG4Dju1GzQHAQAgBAD16h+T\n" - "ygzSgPN4Qat5ITthvm+lvMwMVGbVNWMxNy9i33NGhgp8kqMp2iPAY+LhX8It2b+X\n" - "8H9cBmYLO5G7AlMPj7GsuWdCdP/M/ldMvFfznlqeE3pCpRas6W48CFJ+9Ao=\n" + "AQQABstQAWoTtIdIR0KUNFswr/4eaP/cjngCX15TLiYqCH9qtCSHAQAgBAATcxt4\n" + "jNZlgrlMe5Ide4pmPN3MkpkrXFa9ZjIWjFZs/TC7Lg8D70xjvWo9l9GlIMUVcMYV\n" + "fWvzlrzTByup2wz9etZfpP4BfuFXgPlQyTHyANTQlEMzlXnA28lD1y8DZg0=\n" "-----END ED25519 CERT-----\n" + "signing-key\n" + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIGJAoGBAL3cADWgf3FVXZvBxRY9dkgCCSy9kcbk0bTbdvvhJSWHpaerpDFTrHou\n" + "ELWhGyu5A5yxs9YvK76R6v3Gj/wB/mIhZCJSViTSoyZnBNb0szfJVVyf1/6iOeVH\n" + "jtKj3B3kY/WzNVX246lVC2M47F/TmZ2n4TLE2avcnRQjAtULDQk/AgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 E3MbeIzWZYK5THuSHXuKZjzdzJKZK1xWvWYyFoxWbP0=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBANMO/MepK3uCkKTLRCwIWc/8URVza2gEmDx6mDTJIB/Mw8U8VRDuu4iJ\n" - "v+LL3D8/HGLvT9a8OXbl5525Zszt8XueF3uePBF0Qp0fjGBL8GFqmrmFe6plurPJ\n" - "TfrS/m3q+KhXAUowmghciVGDY0kMiDG9X/t/zKLMKWVDYRZk+fupAgMBAAE=\n" + "MIGJAoGBAL0Gax09X2sIcIQrDw9mjLVeVHnXEhMteHZtadDkXZJMjdJJaurt55hw\n" + "N01apm2qXB9nyUn5sShBadzygFTZzFHe1/MafUTAo7KUdJrpWZr8mBbxWFRBx0W/\n" + "OE2Gm1LqIETkeolT+v8LW6VvMPLyexL6myQCGB6yfa6AQkWi335bAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key I8yDO62Flx5O/QsFvgb2ArIRqwJLWetHMeZdxngRl2A=\n" - "ntor-onion-key-crosscert 1\n" + "ntor-onion-key XI8YQWjxy6mxUIPwgS+ZP8GURSEw0r1IgbbOvYNLz2o=\n" + "ntor-onion-key-crosscert 0\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf55AfXqH5PKDNKA83hBq3khO2G+b6W8zAxUZtU1YzE3L2LfAGC1uXxN2KwW\n" - "w4PqRidM1UPZ5jVOHceZYNQcTzzzArfBpr9OraOO2up4TGte8GVqjJNxrZc1gfjn\n" - "CwPW5WxpFg0=\n" + "AQoABstQARNzG3iM1mWCuUx7kh17imY83cySmStcVr1mMhaMVmz9AN7rBobY682w\n" + "ItzgJHnDFJv32kjQGc3eKRpZ851GsF/Jj7WXSnLa1oLaLmfFf5tgAKlA3Mi4jUzE\n" + "JQCy7jvAygc=\n" "-----END ED25519 CERT-----\n" "onion-key-crosscert\n" "-----BEGIN CROSSCERT-----\n" - "jLg3D3VO4i0sN8p2qtB6+5C3tai/K4M89mP7z2abQnUTbynOacPoNXIk4o64DjBJ\n" - "kaR42yfA7yQZ8Rj8abwgz0Zz6zbd+JjE+s/EklrEEtOl+jZAl3i+92FaHROJojXq\n" - "hw+ZEPOb9zgb1UQ7S1Fo+GoqA5bdGm/Wg1kSQielkNE=\n" + "KxfRSdISHvFhJrKQX018NEb4rtZBZUgdrvaYWjazMkYz4o361wTOxD6lP3azblf9\n" + "IqhiXydwCRA7Akye7+muib7JzxSm3wX5iJknRrt8DY141pViMaMvrwXEAqEFyB6b\n" + "M/dYGQwUW2iYMkoQ6difHkDQihebE9lgl/WCmq4nRQs=\n" "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" - "router-sig-ed25519 TRKvIl/wIIRD4Xcmd6HYmy7tD0KhVGgoStpWPtX0zmXGZ7+jugItrY0frDu9n82syiruuA45ZOs1Rfi4CbOSCg\n" + "router-sig-ed25519 XheVxa1Z1HTviM/peYPSAB04YBivv+4v6/HGZ/K4UbEhKTrjSLcvdLG80vP6Owv8676A5al43MLMprjGn7tF6Cg\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "NYpRfurB1YhFmDAdRc2Sd77S7By2V/0kgEHpJhtySb7efiQsyOA4ZBr1zEFPAXdp\n" - "TviKzyS9kN2fnz3hORoqFul33BDZbiLMNLtt5tzp62TYtmIg9IZdjjczbJUgbVLt\n" - "KCJL0vM7fdbXkZX61GIBbMYwzwIiHvVxG7F/AS5RbtE=\n" + "j9qheDodbn9NZ1S61hjo9aCdHQgRrOqlEYrCMDv8LsMQU1LK6UjmszRxh1q9Hu6V\n" + "v7/qGUrsQLjg1Lfdw4qXQYmxTiWnleyncLnxn0Xd5I/S46SCsLoewgGN9uJ6gS/j\n" + "UdOEhvT7ShgNSemx9SpRriMKKqTuTQxRmZynr5ibvvw=\n" "-----END SIGNATURE-----\n" - "\n" ; -static const char EX_RI_ED_MISPLACED2[] = +static const char EX_RI_ED_BAD_SIG3[] = "router fred 127.0.0.1 9001 0 9002\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf55AfJo9FIePrxeDNnWT6SWkoz0/L27018XjUNWEHfaR06MAQAgBAAMgolK\n" - "nLg3ZnVv0skzHCfmX+ZR9Ttwj7FNXfhXCsyr860S79OW5LD0/m1GcS9JflWhP+FO\n" - "ng5cRb+aqNc8Ul+/4sQudZRx8w4U3d5rOuMGCqhQXnktH9AFzQHFq0jpAAU=\n" + "AQQABstQAVdvNBeuh/0X6D1QG7U4LBsMF66U4SuKDKplzNXLiKv7AQAgBADNUwKD\n" + "ETv10GLuZWuupZtT6HAGZNIhMHvYd1gGyBaoy86fsINj4Vxi9YctBHudNk2P8VIn\n" + "qFkmPvvSkJJaBgjVT638CvpTU3Bva4+8YTor4jpY3Ni6K9f9ALjg4U+UBQ8=\n" "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAPeK/znKLRvSUmCIUiZOgfhiRFt7XGN//C2GFuey4xkKiIr9LWMuVe9m\n" - "Wx39Ea2UGEtNGCEVvZdJMDVRl7heFTfJTN4L1YeyWx6iNRWlpAmgQOKII7slHwlq\n" - "seEULOLOXc9AsU/v9ba9G54DFbHfe2k44ZOwEmaQZW5VF/I0YMMdAgMBAAE=\n" + "MIGJAoGBANws+5gBYCgJhS4fYgStezRe+Y9mfuvTKWub9ytiZIiaPjtC4cu6+wuP\n" + "9bEQgiESx6GXL4L+CtcOSc8COFRPv1PxFXjkMKXfTAx57Rw8xc1qotWNshSUp7rL\n" + "JxSjOuEHd/dctIebor9akKPypAwnJhqrq+bqf9/kGaHckxK/ask/AgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 zVMCgxE79dBi7mVrrqWbU+hwBmTSITB72HdYBsgWqMs=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAKFRzlrqPPxEW0nboAJ1qzKFb/vFtvRW0xNVb8RtbOY/NY5FV1hS8yfH\n" - "igtugkrOBmWah7cmJhiON2j+TKeBxEoXwJMZeyV+HLbr7nY/mFhad4BQ3Frkl8d6\n" - "1kQMhOJswMdwnnVHPNGUob4YAX0SpFA6MpBVj92zmMBeaihqUS9VAgMBAAE=\n" + "MIGJAoGBAMD0OLUYVhMiZz7tpxztxNwMTj4dQU9l++rRTfb+7vVZ+KAIb/8rjiU1\n" + "XXyV3AekijxQlOghj36lZBtethX8RyahsHmWyGqo1UmqCU1PtwfihdYuofvyI8Iu\n" + "V89G6QilsCPy2rpgYmEkmHt68FwlMnTjPUiKI5dZUk5WKrxsTgsxAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key br8svioLcJCAQxoo3KvlT288p8rb4lQIZNLlplkIKkw=\n" - "ntor-onion-key-crosscert 0\n" + "ntor-onion-key DTa03lDz0APjbwCJN864xaYSxbPbVulLoAZIC4M4wGE=\n" + "ntor-onion-key-crosscert 1\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf55AQyCiUqcuDdmdW/SyTMcJ+Zf5lH1O3CPsU1d+FcKzKvzAG9XqwmRm0uJ\n" - "E49NoHcWr9IzdIwSGo+PJSkVpk95a5p2s065BetCWxEEBJQniajQf2hZ36zmV9rq\n" - "a6puqkEAKAM=\n" + "AQoABstQAc1TAoMRO/XQYu5la66lm1PocAZk0iEwe9h3WAbIFqjLABej8E/aUX6f\n" + "2KFbmHFALYZCxszNCfg9HGQ+hfTjuTPONZ9yzudUoTTKq8MIMCD/5WKfzMJAHq/P\n" + "qNQuVt/gGA8=\n" "-----END ED25519 CERT-----\n" "onion-key-crosscert\n" "-----BEGIN CROSSCERT-----\n" - "d6QGIVAJL5JjHUyV+aicLIdBYyxHwviKpPcp7uldRF8vfDGFpu0qFgJ5KT+3t36w\n" - "QY1r75bvUMG/ZzGKDg95dcK0X2AK6GFlcrYyCoQEVOsuPc1QEUeK9P2s7viNQE4V\n" - "tRwG/CvJhPfcnxErzVGfXIeYRL1r/hPNFDZSeSxPPM0=\n" + "syosw/6anYcwlNT5fGd1vCw9uFBUckIjGz3DmS1vVXzsTrdppcFotmzzYjV491xR\n" + "q8AyGyLlVIIuXabVuE+94ZpzDLWs82NqWMiYPNSNW2ctSVu+AE/KYjJCCz0SIE8/\n" + "bq40OQNQ6TNLWv1ubxZSDwcXrn4/VcV9IJrFjLpw2rA=\n" "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" - "router-sig-ed25519 ts9pFk8PnDWtXgQad09XC/ZCbruSx1U1pNOMWF9fyoNG0CodxdDH9Vglg+BOS7Nd9fmsINfPWKCVdVuSSM7zCA\n" + "proto Link=5\n" "reject *:*\n" + "router-sig-ed25519 lemondcustard\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "YMl6mpQm7UCsPQhZKMm0aZ7fzGevWzRbQO+de20HTn7fVqMWQf2hBDJe9QTN/uDK\n" - "/VKYT8SnIBexbrSMy1N5q8kNFKxxUtwA9GRtz620Vvc4m+lz/tnT9qucIKCDL5iJ\n" - "eRpnls0JoAMIHKl99zdUioYubmOZuqUaRAdT8ulWy+Y=\n" + "d6F2sfCgQmo60QBPGGLZvMvwxw1h6DOlJO5NR31lgBrkLjnbaMJEtA8fNWOX5zW0\n" + "gXXrJlL0qlENGJUZeUFobxDOVzTA3dz92q97t/jqBu3pgjmyESesFFkAgqqAGjYh\n" + "RxUxJCDlyrmduGnl5GkjOVkS6UDhzRSRc+csxyXXp7E=\n" "-----END SIGNATURE-----\n" - "\n" ; -static const char EX_RI_ED_BAD_CERT1[] = +static const char EX_RI_ED_BAD_CROSSCERT1[] = "router fred 127.0.0.1 9001 0 9002\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf55AYf+rX8a5rzdTBGPvLdQIP8XcElDDQnJIruGqfDTj+tjAP+3XOL2UTmn\n" - "Hu39PbLZV+m9DIj/DvG38M0hP4MmHUjP/iZG5PaCX6/aMe+nQSNuTl0IDGpIo1l8\n" - "dZToQTFSzAQ=\n" + "AQQABstQAdQYl0NSJKxsHa9dGLZVBp+MohQmFDGSYOxdAmmrPS79AQAgBAD17lds\n" + "HKOpu0Y2u4RCynTWwgdA9YZWYgkB1GSeOzuy/8CaWrZvEg0iaZmsYIlgeujMxq/v\n" + "WEFzug6zYefoz93cN13o3pzAKY05A+KMvWPUnmvSlMqwlbnhjt3EjYoW9QQ=\n" "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAM4o2DrTwn3wrvUMm41S/hFL5ZtRHGRDh26o8htn14AKMC65vpygKFY7\n" - "fUQVClAiJthAs5fD/8sE5XDtQrLnFv5OegQx8kSPuwyS/+5pI1bdxRJvKMOUl2Tc\n" - "fAUhzeNBmPvW3lMi9Fksw5sCSAKQ5VH/+DlYvBGZIO49pTnOAty1AgMBAAE=\n" + "MIGJAoGBAMBQN6sno1t3m1izKZEoo63H5WrHfskJVor73sc7lDAo8BvQk110pIEd\n" + "2SGaFS9BNIUe51u4y8X+rDi3qXt5I11ifusvI1S6CMaM0p+Xh4osQGuvb31COpU7\n" + "MMOOxCVhmf2D/Vu1KuB+pNB91I7Id3BXRNdX7cuBCjdVEzdVZ9MTAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 9e5XbByjqbtGNruEQsp01sIHQPWGVmIJAdRknjs7sv8=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMzIsJeEWWjN3Lp6qrzaJGn8uhJPJyjy2Wt3sp7z7iD/yBWW6Q7Jku3e\n" - "C5QfKmSmNi2pNjS0SqPjqZZNsbcxpq/bEOcZdysZG1lqi/QgxUevk57RWjh3EFsG\n" - "TwK3ougKWB5Q6/3m32dNsnnnDqzVapgZo7Zd3V/aCo0BVtL5VXZbAgMBAAE=\n" + "MIGJAoGBANK1iFyjGQGns3jmNpkO8t1f2RkWQTA9VS2xwbIZ0QE2QT3miu7ny3F5\n" + "992sLvs/XJGRh0Wr8I06MTXYqu1aZdqF+ailw/WTWwsqkWZwwRni8zWGW20zJ4Wv\n" + "2X5FmPQXQFVXb1pRmICIt94zQONE67xxfzG7pPs5IVl71WRFs6JnAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key W28nwT/5FJ818M78y/5sNOkxhQ7ENBhjVhGG2j6KvFY=\n" - "ntor-onion-key-crosscert 0\n" + "ntor-onion-key ddfknkGy8CYAOi/IVWmQyBLb6hgY2KZSct8tCNRXzx0=\n" + "ntor-onion-key-crosscert 1\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf55AYf+rX8a5rzdTBGPvLdQIP8XcElDDQnJIruGqfDTj+tjAP+3XOL2UTmn\n" - "Hu39PbLZV+m9DIj/DvG38M0hP4MmHUjP/iZG5PaCX6/aMe+nQSNuTl0IDGpIo1l8\n" - "dZToQTFSzAQ=\n" + "AQoABf55AXL4pAregsMa2ovmTBGaMCyWz/4LpICgAAuWXtTvA1IfAKo6ANUq+hi+\n" + "xb3J4aYafnszlj87oi/DR+SDf29wzwNw8gmaqGzJ5GbfISfABuTUCzlilZyVnLxi\n" + "BHcCH6PWiAQ=\n" "-----END ED25519 CERT-----\n" "onion-key-crosscert\n" "-----BEGIN CROSSCERT-----\n" - "FWnEjvFob0ObgqohMT7miwGsAuioCT7Urz6tyWaGWph/TP9hbFWj4MPK5mt998mn\n" - "xA8zHSF5n/edu7wVX+rtnPrYPBmg+qN8+Pq6XMg64CwtWu+sqigsi6vtz/TfAIDL\n" - "mypENmSY32sWPvy/CA8dAZ2ASh57EH9a+WcFModpXkM=\n" + "zW3a26ATVWny3gEALe2VETRNIOFKMlRMCGjAKEyGQsGddSRYm08daaZkX7TzKRFq\n" + "TwZAcQ4BzhwCcnQtb/zwMSW1eIdKgO1rqZLhdo/awUuRtuPeG0vPoqahIQH3X81r\n" + "vh/Iy6f1xp3sfasib5AO8wZWhJ+LHaA1yt7DCfQBudU=\n" "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" - "router-sig-ed25519 88YqJdGJS4O6XiUCNrc9xbOHxujvcN/TkCoRuQQeKfZGHM+4IhI6AcXFlPIfDYq0SAavMhVmzsDDw0ROl7vyCQ\n" + "router-sig-ed25519 hKynmNoTSZn+Au4mlsO+yWIvCn9g2SpITDdbKDAgdLQ8qXJRG/oxiKOlmGuhpz7Q4ETSChkfOab4II3GNhQWBg\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "cU4WDO3w9ZfVRbNUgxOQMbwS2xWXvaL+cZmIV6AAjAZVWkLEpif4g6uYu+jJUZOS\n" - "NUT7lNOMwTu4tE4b1YJpnD9T8iW0DlOXxlvRBMQYmKwhQuYk898BDGTSk+0AY0HJ\n" - "vv8wRVewDajNhW7tFY907IdHvPXG0u83GANxkYrRyUg=\n" + "X37fMViJCh6+AQbMIWW9y8XwHridRmgcW5vZT93357C1NRy4MkuJt5O7sZ9YWE9g\n" + "8kKeeKRjXUfudbu00P/pmTKbLBucsPounK5uSpTs18FAed1p0wRDeM3KaddQsGjI\n" + "WuJe8hOufwyUWdFBBLJhH1rsCLJlY5P2lC6Wgs5WyEE=\n" "-----END SIGNATURE-----\n" - "\n" ; -static const char EX_RI_ED_BAD_CERT2[] = +static const char EX_RI_ED_MISPLACED1[] = "router fred 127.0.0.1 9001 0 9002\n" - "identity-ed25519\n" - "-----BEGIN WOBBLY RUTABAGA-----\n" - "helo\n" - "-----END WOBBLY RUTABAGA-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBANZvqyqFeiekh8ApqIGK4ZtOqjaX87EzDestvAWwamVOXiPoUrzXgM3O\n" - "l8uuTnMA4TfnjLyyA2TnaMzJylOI1OMHuW/D9B/liWDstSxWNNIlKgLQ/Dh9xBS7\n" - "uQb2PYlI+iMkPKPyJQSTDdGHE7cdFPewUfhRtJU3F5ztm/3FLBFvAgMBAAE=\n" + "MIGJAoGBAKh/VcmuyOszxrGZY8xIGAbQ7bXnSVf3iL+9RBKi3Lva0oN90zLYKfKt\n" + "Z0hBB/lHukUeaUZhTNx8ASTcoFnTcMD8rw1XQbjVyTdPWrHNVhZEGAD8TmeOrjEP\n" + "6/cLJTKxY2EAv/1Uli0F+mWInINRzdsa0EB9MbU9R1yr0YZMQZ8NAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABstQAWka/Nj7mht9fCo+vwXF59aGNWMDeuOhkcBq1m/WjG2vAQAgBABDDm8X\n" + "xgMoftELU7Umgf44257ImjgG1okFpkTGOq+K489uFUre+q+Ikurp+4H7j9d6kCIA\n" + "htYSDr1LfVBzxPttICRAX0cLg1rnIWRdB8TzXehF4/0hHAjtwkYKnPiVQQI=\n" + "-----END ED25519 CERT-----\n" + "master-key-ed25519 Qw5vF8YDKH7RC1O1JoH+ONueyJo4BtaJBaZExjqviuM=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBANZl8U/Z8KCPS7EBDzt8i9kNETXS7vnp9gnw3BQNXfjiDtDg9eO7ChxY\n" - "NBwuOTXmRxfX3W9kvZ0op9Hno6hixIhHzDql+vZ+hN7yPanVVDglSUXcr31yBm5K\n" - "kA+ZnRvH3oVQ97E4rRzpi09dtI13Pzu7JS5jRMtH+JF1kQBoNC0dAgMBAAE=\n" + "MIGJAoGBAO9rHWfTdV5l8VtwNtwEDhd0BtmQpqxkXN0SV9pa6NLKeVMcROmlKL0u\n" + "EmF5njuLZTDRJk48HaT3/anU4qUGiDxtIU2np+eFkrYyLvyiaGyc20ph4ffLVzbG\n" + "VCSSkIVz4TYamplaBkY6yY+IBBk1u/klmeCBvgMhSIISxUklkxudAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key lUrEL+TVXpjjHQ2BIKk34vblyDmoyMro1a6/9hJ4VRc=\n" - "ntor-onion-key-crosscert 0\n" + "ntor-onion-key PKfyrBmRFyANA+2PZAXawdNZom3VF+Cfg9lKy2OjuWM=\n" + "ntor-onion-key-crosscert 1\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf55Abm5E7FBdd3F8N1xuz/vdv03zh2lABrmGjzPQ3AFJtntALNeQTgjv0JL\n" - "jON4+SPNi0B2Bva3yKaSsdxiHQ1rIwQqIUVkzXmmX4jmsvJK/9gERAdD7GafTKZQ\n" - "BaZbNXBvmQw=\n" + "AQoABstQAUMObxfGAyh+0QtTtSaB/jjbnsiaOAbWiQWmRMY6r4rjAJQykafOIJRQ\n" + "ex8+e+xpwVpyJJOidTVW2bBWG0ZIi+4W5Dj9eFiuV9x2kPTy7ZFueNAWZ7NstyTr\n" + "vLtNc5qRrg4=\n" "-----END ED25519 CERT-----\n" "onion-key-crosscert\n" "-----BEGIN CROSSCERT-----\n" - "OxkqFsw1vHUQ9iPYcKC/MHUBtbLPK6JY2i81ccAai2eW118UXcTbeCRccrXyqSkl\n" - "RLcooZyli1D6wg9x7O8+2+HXIbUa6WcTOD1Qi7Z9wKZfk4sDUy7QHKENMRfAXwX3\n" - "U/gqd4BflMPp4+XrYfPzz+6yQPWp0t9wXbFv5hZ9F3k=\n" + "tqzgSiMy4U6J/yyYhg5hVIqO0vAgAwIMYPXWDRvAIomfnIpUCkHSIdyLD+7a4Yp3\n" + "ZhXbLug85b6bK3pOTB2cLI9v2gwsgOyewUdt8prZLTOPDF3EDRD7UKCNMrQIIBw6\n" + "kKwKIJVhAQKPi+gC2n7i07Y4zjGTaV4CiWe2h6E61lc=\n" "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" - "router-sig-ed25519 fW6Bt4R3xVk5KMDyOcYg8n5ANP0OrQq2PQFK2cW0lTAdi+eX+oT/BeWnkrn0uSWOC/t4omCmH4Rdl8M9xtpfBA\n" + "router-sig-ed25519 A1DMqknKoPrPRHr1Y1j8cd22Ziwcfl7b/3VKI4pthyLnFRpb768nlHi615YdwSve4L71d+c4vGMuKyeCcGbFDQ\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "DHxiQXuLxZR0ylqwUGGePgN4KF4ItlOV/DuGmmszCO/Ut0p+5s4FP2v6Mm9M92Wj\n" - "75rS9xF/Ts0Kf49dvgc+c5VTvhX5I5SwGQkRk0RNJtNoP0t+qXBHaFV8BlAeaWF6\n" - "Lg3O+GUK325fQv9uDPCe37mFQV9jafAzsZUrO/ggb1U=\n" + "KaOyGt84OBS8/83TQWKkfMLk/r/1ebWiA2Wkgda2cWx2L3Dh9V/3PDGwAWoG6m1r\n" + "20mVuLKwWCCNYG2fGC4J/NMETXI5p5b1+ze1KDYiO5hQtTJvMktmfa5+p0xLB43M\n" + "xjzpDoX0A37hP9XJa5d1Q7G2cnd64P70QqhToDtoswc=\n" "-----END SIGNATURE-----\n" - "\n" ; -static const char EX_RI_ED_BAD_CERT3[] = +static const char EX_RI_ED_MISPLACED2[] = "router fred 127.0.0.1 9001 0 9002\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "BVVVnf55AW5TTGF9jCMl7aALZzqypD9Bj8WYnAPIrKCoIJdgMbY0AQAgBAB7eCn8\n" - "rukx7t/egZUdqU7+FYqsnO4wdmOkLZkp0+gpF3jjk6N1Q0037NNVNZBjONB0Nm2F\n" - "CpB3nWSJliSSKr5tOYsuBPFy5VVGYeKPakpOoxanQ1UcqevMBAQy0zf9hwA=\n" + "AQQABstQATjkYvZoN/RVHbJNtRWwmkazJVupqF/prNxdNJnRDWlDAQAgBADCNrLD\n" + "VQBs6tkIMGcR0PB+jrCvIuiQGGJzLsIfvxrG5UXWZsFEA5CnF6Lvjqu6p1CRkUF4\n" + "kpNC9xWcK8yDWhDCd5DLmFEDGFw/cD4rRACKatnQsGMN3KfDioWweSBI9wk=\n" "-----END ED25519 CERT-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAPgeQNbKwpnTU+qW/2djh66hptS9rcy1B4vdyWkDTdREao2ECuCv691Y\n" - "oIw3MpTWvpC1qHIKorunusR0FKgwXw3xQTikXbDq/1ptsekzoIA1R/hltQV3UuGH\n" - "zdzHuQXAMX7Fdll2gyya03c3Yq5s+xSDvGdkEeaIoctKjwxp4SdNAgMBAAE=\n" + "MIGJAoGBAKdyNeuXJvnloOXD3iUxvvS7OBux3tpTfKxGdx124adeAKkiRL7EmXk3\n" + "LaUbHL3IhsVaf6JeyRzc+onEsD/uNeO0P7+GtvC5ZAkj1/6MxBaJioLGXoIacMak\n" + "NpmDYxhTcG75aEwgZX2RTla1j+5bIoG1o5Z76dkFMVUWsRtthFNRAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 wjayw1UAbOrZCDBnEdDwfo6wryLokBhicy7CH78axuU=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAOzWuH4cPW9rIrfi8MrruMUg4IUVHz4BxfY4/szMIUvzeEAdHn4FYkWy\n" - "Vt7MDtUELZsmZeFNmkn72kLxnrdZ5XhxZBriq1Fzq11cSWRBF+SyE1MdcouY4GyG\n" - "drw6T8xb8ty19q0eO6C/gw27iqXPAp1clvkroLg6Nv9lGZvsedVDAgMBAAE=\n" + "MIGJAoGBANBQwXgkKvrnfMDKDkV5x1bxlR07x+AOru5ypJH4qQh+GMYXpnkw0T7r\n" + "anIJtEFP0+FpbaRRI/xAPMpFUFsbeNH/+Yeove/6kKfv1rlgqWr/yI2XIW8Fl70i\n" + "DW2cnW43cwa/HDitFjE5vnkvkMWFn1XIgwhm7+NDIDbnmDkKZ8U7AgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key /vYZ+9yLqG7yUnutoI57s96JBl36GTz0IDWE244rbzE=\n" + "ntor-onion-key CbrcCjCeTGum8vZumB6lvTA00BztRN8tNn41GLHdkUI=\n" "ntor-onion-key-crosscert 0\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf55AZ4zVBWP/fIYEgWmyj0WpO6CkXRJjtrWXtiT02k3IddiAMpYgMemGIpN\n" - "xj7TQRULsHHYvo4fLcKrSgndQbUUhfLTUuVhIzbnE2TBLMVOEkpxKU6mTuvTT/3h\n" - "MJugrwTWVg4=\n" + "AQoABstQAcI2ssNVAGzq2QgwZxHQ8H6OsK8i6JAYYnMuwh+/GsblANS8qpQqkLmw\n" + "vcRttr/HvckIBY8i99OoqctPQziRUq2Up6Ag1b1MSgN3knRfi6wjmpz9Jn149kFx\n" + "HQ8sTCSu+QI=\n" "-----END ED25519 CERT-----\n" "onion-key-crosscert\n" "-----BEGIN CROSSCERT-----\n" - "c/Vqu3wtsTsYMdnhTS9Tn1Pq6jDmH4uRD5WmbaCKKrkin2DjuYSMVpypndkdlZDE\n" - "He7uF7SUO3QG/UcRIXYOsg9MSLUmvn2kIwef8ykyqlRh95Csjo5DyattUhL2w4QF\n" - "tJkJBQAnXWaAVW1O8XimGCAvJ84cxbmZEcpN6WKjrXI=\n" + "DOH8ntVhHlms3NjkOvsCf5Qu1/DhHmJOL+J8ySD89lT2RBt0K07G9vAjc4NkkUpD\n" + "N2e9myNWbDCp8sjsYzWfqpv94IypSBEfwQFgV6peoAZxHkq35Nj9sIJ+rQloanJJ\n" + "RZkWyu1GILpggcNvWS6BYQQcRxu/lStLy917s24U7co=\n" "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "router-sig-ed25519 whWcVxkGo+l29Hsn+BLP96MReHTxQHTSgmMMzeQ4jZ0qV6B9kkj1Ma21oyl3iTmUCOtexgOiX5fImfMLkOxFDQ\n" + "proto Link=5\n" "reject *:*\n" - "router-sig-ed25519 Ue7bkPpOoc8ca7cyQj/Vq3BP5X4vwLA5QmpLGw/WfRNVRPojJRxU3RVqWMi3JbsJFRTe6pH6ZHyXER33G5aAAA\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "ifKUtbxmqHVs8A0oT5n7Te0c6D/XqWQTc0RxX9OKGspzh6wNX26h0Xa2vpK1Q9Zu\n" - "sj61I7vbHuZN6rxiWs9IzJgb//XaNJasX1pd9tbGSXW+yYzc9G9kaa7vp3HcnhIP\n" - "XVWzzS8WmOiVNGcF65j6f7yGloTgN7cHMptgJG7pWes=\n" + "py73sIYGI4awS9g4JFTSElHCg5pWYqEjLz/jbON7pZ80GGUG5wxXVxNRwtGvMrWk\n" + "zG2tW7SBm0TH6wdWeE5NhN1VSjgCqw7qSk2MJS2XHn5hBRTxzF4/Es/TJaziAqvY\n" + "e8ehZwqDPcG0vMhd97/uxoyKNdkyObhW+RNYRtGvCxg=\n" "-----END SIGNATURE-----\n" - "\n" ; -static const char EX_RI_BAD_EI_DIGEST2[] = +static const char EX_RI_ED_BAD_CERT1[] = "router fred 127.0.0.1 9001 0 9002\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf55ATrK8IVBWLO2yXKCqXLXJOTu89W2b+hREPO+tCrxjVqWAQAgBACG/vVx\n" - "NK8wKVZvf34d75ZObSR0ge1N2RrAIKNslNXBq/tcllIrNE4S0ZNcMpA+hxXoVFeo\n" - "jbxifYX7nTs5N3GrGPmkiuo82v2X6ZwoIXJGFnvWMxCjsYsUVDDxoT6h/w8=\n" + "AQoABf55AYf+rX8a5rzdTBGPvLdQIP8XcElDDQnJIruGqfDTj+tjAP+3XOL2UTmn\n" + "Hu39PbLZV+m9DIj/DvG38M0hP4MmHUjP/iZG5PaCX6/aMe+nQSNuTl0IDGpIo1l8\n" + "dZToQTFSzAQ=\n" "-----END ED25519 CERT-----\n" - "extra-info-digest E5FAC29E766D63F96AD175069640E803F2723765 99oo\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAK9wHSdRalxkuAybrSCA3dlEC1ZGc7oHOzXRGLg+z6batuiCdQtus1Rk\n" - "LP821eZJtEMAE56aewCIHDcTiCxVa6DMqmxRjm5pfW4G5H5QCPYT6Fu0RoYck3Ef\n" - "vkgits5/fNYGPPVC7k8AdGax5dKj5oFVGq+JWolYFRv6tyR9AThvAgMBAAE=\n" + "MIGJAoGBALkr+jsRorIXiOA6obO6OLPitE/d+OzWz1SH6CHRs0m5KL+T6M9t0qqK\n" + "O2BTOmrjPTaGdEsakkcfiZeSj02MviuSadZ/JF8FoAYx9yCbmlAh/FE3qvoY1lrE\n" + "mAZhA2sTc32sHusQNBKRFfGHeckaE0i9MW7L+Crq2dLcwI/YZEldAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "master-key-ed25519 brKx2WhJlN4ExqUOr6CTx20MX57JkAetrrTwpt1cEt8=\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAKxjxTQ/T/MHpFbk7/zwA7l5b3IW3yVcyVe6eIGFoYun8FI0fbYRmR4M\n" - "G5Asu07gP9Bbgt3AFPuEqrjg4u+lIkgqTcCgKWJbAgm7fslwaDTXQ36A7I1M95PD\n" - "GJ10Dk5v4dVbrqwoF7MSrQPFtMO91RP11nGPSvDqXZJ4XpwqwdxpAgMBAAE=\n" + "MIGJAoGBAM8kNdNCiheKwYmN+wA+/aCLtr1aRJtoYggQPGT3rhm8m2bOhxixjdCD\n" + "jiDkqfYjnaNizNnwpS47h1MWHzgTWKF/QS4JXvCG5M56KDJot2z03qbdoRUv5+Z9\n" + "yQIx6ad1p2Km24P4IHmAYItwFBGir7y86C6mOdX4Sp139hDJOIsZAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key LuVmHxpj4F5mPXGNi4MtxbIbLMav6frJRBsRgAvpdzo=\n" - "ntor-onion-key-crosscert 0\n" + "ntor-onion-key AP9U8b/4WUiOB899TlNgoYrnUdUqrwQYLgF0Smsj8E0=\n" + "ntor-onion-key-crosscert 1\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf55AYb+9XE0rzApVm9/fh3vlk5tJHSB7U3ZGsAgo2yU1cGrAKBcSzwi4lY/\n" - "salCELOLdeZzOjDNnBd6cKp2WJg7Yz5zFlbVbyNk0iwfGmucHk8vQZe5BS0Oq/Pz\n" - "B1u/BcJv8gk=\n" + "AQoABstQAW6ysdloSZTeBMalDq+gk8dtDF+eyZAHra608KbdXBLfAKPMVgkcGgA4\n" + "8B+Bu8/lk14zBtzryJKvwg8UVOVd0tPnX7GiVyPmDCPbEZPnHG3Yvq+ir6HkiZAO\n" + "mirgIIhkPwI=\n" "-----END ED25519 CERT-----\n" "onion-key-crosscert\n" "-----BEGIN CROSSCERT-----\n" - "QsAQVdDVHtasDbhrZG4ZxImdTTMY7fz3vouAiGyZx6/jCCB5v0gHwTn4xo6pgLEW\n" - "LQfMhQZIr76Ky67c0hAN2hihuDlfvhfVe9c2c5UOH1BOhq3llE3Hc3xGyEy3rw7r\n" - "5y38YGi759CvsP2/L8JfXMuBg89OcgJYFa27Q6e6MdQ=\n" + "GnUJtlnkqHZKQAzwNPgAesR1R7hebqY/hMIKj9s/y+PxGgs+aNP2gfv4W+dtQ209\n" + "jHGxF+n6s2hm3Am0EFQ2h1ULTJh9uYnIs1f1kyx8DdydXdx3pZcURLRenmiRowB7\n" + "iGn76ICqqGVZKpGtszmSe3L35XXl7HwzJTjYzcs95vo=\n" "-----END CROSSCERT-----\n" "published 2014-10-05 12:00:00\n" "bandwidth 1000 1000 1000\n" + "proto Link=5\n" "reject *:*\n" - "router-sig-ed25519 5zoQ0dufeeOJ/tE/BgcWgM8JpfW1ELSXLz4dI+K8YRH/gUtaPmYJgU2QfeUHD0oy1iwv4Qvl8Ferga7aBk1+DA\n" + "router-sig-ed25519 RqA4oirneie/ywl6j99vc2B1mUlMfIlakR7M6M4Minf7x6t7EMOsNVvOMKBSsPaBu/qcoOwhMynHdhTCmWHpBw\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "D6KRMwkb6JmVEnpZ825SD3LMB84UmVy0i94xk44OwhoWNKLXhaSTWJgf6AqnPG5o\n" - "QrCypSb44bYLn+VaDN5LVUl36jeZqCT4xd+4ZwIRdPOUj7vcVmyUDg3lXcAIk97Q\n" - "E5PrQY1mQuLSIjjKInAR2NRBumNJtRw31Y/DTB7tODU=\n" + "Ui31suskhBbwTRc24NfUneh1c2LfUqjap5dCCfdmoVgvTSnk2RDW+IC4jwwFliWp\n" + "Gs2RJsPy527LRPRrXKJv3MnKO6uUPZXUjs/QZjdJgTMCzLY7jJBwnmAqj5BjUMfO\n" + "+S3hOhBZlDmLeYk4p+sppZjR0P9EFy2e3U3homiz1dM=\n" "-----END SIGNATURE-----\n" - "\n" ; diff --git a/src/test/failing_routerdescs.template b/src/test/failing_routerdescs.template new file mode 100644 index 0000000000..cc2bae3a40 --- /dev/null +++ b/src/test/failing_routerdescs.template @@ -0,0 +1,812 @@ +:::comment=this file is to be used with the makedescs.py utility +:::name=MINIMAL +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + + + +:::name=MAXIMAL +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject 127.0.0.1:* +accept *:80 +reject *:* +ipv6-policy accept 80,100,101 +uptime 1000 +hibernating 0 +unrecognized-keywords are just dandy in this format +platform Tor 0.2.4.23 on a Banana PC Jr 6000 Series +contact O.W.Jones +fingerprint {d.RSA_FINGERPRINT} +read-history 900 1,2,3,4 +write-history 900 1,2,3,4 +extra-info-digest AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +hidden-service-dir +allow-single-hop-exits +family $AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB +caches-extra-info +or-address [::1:2:3:4]:9999 +or-address 127.0.0.99:10000 +opt fred is a fine router +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + + + +:::comment=this one has somebody else's signature. +:::name=BAD_SIG1 +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +-----BEGIN SIGNATURE----- +aV5gqy5fTtsrdntTPRPGdeN376lXK+blHJuqbAL0WQ7XaMB4r+F8/whFu0cObOqD +AqAhxkcMu721iYCkUNQvhc3FDou2i1mBJFDrhZEtux/2aXODIMG+OPdDUCyBqeQR +oYLLfLR4ZZic1tlBFRRNdtXGF2SHeIM052F7PbeJz2A= +-----END SIGNATURE----- + + +:::name=bad_tokens +:::type=ri +router bob +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=bad_published +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 99:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=bad_bandwidth +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth why hello there +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + + +:::name=bad_onionkey +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +-----BEGIN RSA PUBLIC KEY----- +MIGHAoGBANBKlyoqApWzG7UzmXcxhXM4T370FbN1edPbw4WAczBDXJslXCU9Xk1r +fKfoi/+WiTGvH7RcZWPm7wnThq2u2EAO/IPPcLE9cshLBkK28EvDg5K/WsYedbY9 +1Gou+7ZSwMEPv2b13c7eWnSW1YvFa64pVDKu2sKnIjX6Bm0HZGbXAgED= +-----END RSA PUBLIC KEY----- +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=bad_ports +:::type=ri +router fred 127.0.0.1 900001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=neg_bandwidth +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 -1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + + +:::name=bad_ip +:::type=ri +router fred 100.127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=bad_dirport +:::type=ri +router fred 127.0.0.1 9001 0 bob +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=bad_name2 +:::type=ri +router verylongnamethatnevereverendsandgoesontoolong 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=bad_bandwidth2 +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 hello 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + + +:::name=bad_uptime +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +uptime forever-and-a-day +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=bad_bandwidth3 +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 -1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=bad_ntor_key +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key x{d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=bad_fingerprint +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +fingerprint 5555 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=mismatched_fingerprint +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +fingerprint CC43 DC8E 8C9E 3E6D 59CD 0399 2491 0C8C E1E4 50D2 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=bad_has_accept6 +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +accept6 *:80 +reject6 *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=bad_no_exit_policy +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=bad_ipv6_exit_policy +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +ipv6-policy kfdslfdfj sdjfk sdfjsdf +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=bad_family +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +family aaaa,bbbb +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=zero_orport +:::type=ri +router fred 127.0.0.1 0 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=ed_missing_crosscert +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=ed_missing_crosscert2 +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + + +:::name=ed_missing_crosscert_sign +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + +:::name=ed_bad_sig1 +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dg +router-signature +{d.RSA_SIGNATURE} + + +:::name=ed_bad_sig2 +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 X{d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + + +:::name=ed_bad_sig3 +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 lemondcustard +router-signature +{d.RSA_SIGNATURE} + + +:::name=ed_bad_crosscert1 +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert 1 +-----BEGIN ED25519 CERT----- +AQoABf55AXL4pAregsMa2ovmTBGaMCyWz/4LpICgAAuWXtTvA1IfAKo6ANUq+hi+ +xb3J4aYafnszlj87oi/DR+SDf29wzwNw8gmaqGzJ5GbfISfABuTUCzlilZyVnLxi +BHcCH6PWiAQ= +-----END ED25519 CERT----- +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + + +:::name=ed_misplaced1 +:::type=ri +router fred 127.0.0.1 9001 0 9002 +signing-key +{d.RSA_IDENTITY} +identity-ed25519 +{d.ED_CERT} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} + + +:::name=ed_misplaced2 +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +{d.ED_CERT} +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +router-sig-ed25519 {d.ED_SIGNATURE} +proto Link=5 +reject *:* +router-signature +{d.RSA_SIGNATURE} + + +:::name=ed_bad_cert1 +:::type=ri +router fred 127.0.0.1 9001 0 9002 +identity-ed25519 +-----BEGIN ED25519 CERT----- +AQoABf55AYf+rX8a5rzdTBGPvLdQIP8XcElDDQnJIruGqfDTj+tjAP+3XOL2UTmn +Hu39PbLZV+m9DIj/DvG38M0hP4MmHUjP/iZG5PaCX6/aMe+nQSNuTl0IDGpIo1l8 +dZToQTFSzAQ= +-----END ED25519 CERT----- +signing-key +{d.RSA_IDENTITY} +master-key-ed25519 {d.ED_IDENTITY} +onion-key +{d.RSA_ONION_KEY} +ntor-onion-key {d.NTOR_ONION_KEY} +ntor-onion-key-crosscert {d.NTOR_CROSSCERT_SIGN} +{d.NTOR_CROSSCERT} +onion-key-crosscert +{d.RSA_CROSSCERT_ED} +published 2014-10-05 12:00:00 +bandwidth 1000 1000 1000 +proto Link=5 +reject *:* +router-sig-ed25519 {d.ED_SIGNATURE} +router-signature +{d.RSA_SIGNATURE} diff --git a/src/test/slow_ed25519.py b/src/test/slow_ed25519.py index be4eeab857..df1456b811 100644 --- a/src/test/slow_ed25519.py +++ b/src/test/slow_ed25519.py @@ -24,7 +24,7 @@ def H(m): def expmod(b,e,m): if e == 0: return 1 - t = expmod(b,e/2,m)**2 % m + t = expmod(b,e//2,m)**2 % m if e & 1: t = (t*b) % m return t @@ -32,11 +32,11 @@ def inv(x): return expmod(x,q-2,q) d = -121665 * inv(121666) -I = expmod(2,(q-1)/4,q) +I = expmod(2,(q-1)//4,q) def xrecover(y): xx = (y*y-1) * inv(d*y*y+1) - x = expmod(xx,(q+3)/8,q) + x = expmod(xx,(q+3)//8,q) if (x*x - xx) % q != 0: x = (x*I) % q if x % 2 != 0: x = q-x return x @@ -56,23 +56,23 @@ def edwards(P,Q): def scalarmult(P,e): if e == 0: return [0,1] - Q = scalarmult(P,e/2) + Q = scalarmult(P,e//2) Q = edwards(Q,Q) if e & 1: Q = edwards(Q,P) return Q def encodeint(y): bits = [(y >> i) & 1 for i in range(b)] - return ''.join([chr(sum([bits[i * 8 + j] << j for j in range(8)])) for i in range(b/8)]) + return bytes(sum([bits[i * 8 + j] << j for j in range(8)]) for i in range(b//8)) def encodepoint(P): x = P[0] y = P[1] bits = [(y >> i) & 1 for i in range(b - 1)] + [x & 1] - return ''.join([chr(sum([bits[i * 8 + j] << j for j in range(8)])) for i in range(b/8)]) + return bytes([(sum([bits[i * 8 + j] << j for j in range(8)])) for i in range(b//8)]) def bit(h,i): - return (ord(h[i/8]) >> (i%8)) & 1 + return (h[i//8] >> (i%8)) & 1 def publickey(sk): h = H(sk) @@ -87,7 +87,7 @@ def Hint(m): def signature(m,sk,pk): h = H(sk) a = 2**(b-2) + sum(2**i * bit(h,i) for i in range(3,b-2)) - r = Hint(''.join([h[i] for i in range(b/8,b/4)]) + m) + r = Hint(bytes([h[i] for i in range(b//8,b//4)]) + m) R = scalarmult(B,r) S = (r + Hint(encodepoint(R) + pk + m) * a) % l return encodepoint(R) + encodeint(S) @@ -109,12 +109,11 @@ def decodepoint(s): return P def checkvalid(s,m,pk): - if len(s) != b/4: raise Exception("signature length is wrong") - if len(pk) != b/8: raise Exception("public-key length is wrong") - R = decodepoint(s[0:b/8]) + if len(s) != b//4: raise Exception("signature length is wrong") + if len(pk) != b//8: raise Exception("public-key length is wrong") + R = decodepoint(s[0:b//8]) A = decodepoint(pk) - S = decodeint(s[b/8:b/4]) + S = decodeint(s[b//8:b//4]) h = Hint(encodepoint(R) + pk + m) if scalarmult(B,S) != edwards(R,scalarmult(A,h)): raise Exception("signature does not pass verification") - diff --git a/src/test/test_controller_events.c b/src/test/test_controller_events.c index 60dfbd630a..3cd529fa10 100644 --- a/src/test/test_controller_events.c +++ b/src/test/test_controller_events.c @@ -437,6 +437,33 @@ test_cntev_signal(void *arg) } static void +test_cntev_log_fmt(void *arg) +{ + (void) arg; + char *result = NULL; +#define CHECK(pre, post) \ + do { \ + result = tor_strdup((pre)); \ + control_logmsg_strip_newlines(result); \ + tt_str_op(result, OP_EQ, (post)); \ + tor_free(result); \ + } while (0) + + CHECK("There is a ", "There is a"); + CHECK("hello", "hello"); + CHECK("", ""); + CHECK("Put spaces at the end ", "Put spaces at the end"); + CHECK(" ", ""); + CHECK("\n\n\n", ""); + CHECK("Testing\r\n", "Testing"); + CHECK("T e s t\ni n g\n", "T e s t i n g"); + + done: + tor_free(result); +#undef CHECK +} + +static void setup_orconn_state(orconn_state_msg_t *msg, uint64_t gid, uint64_t chan, int proxy_type) { @@ -718,6 +745,7 @@ struct testcase_t controller_event_tests[] = { TEST(event_mask, TT_FORK), TEST(format_stream, TT_FORK), TEST(signal, TT_FORK), + TEST(log_fmt, 0), T_PUBSUB(dirboot_defer_desc, TT_FORK), T_PUBSUB(dirboot_defer_orconn, TT_FORK), T_PUBSUB(orconn_state, TT_FORK), diff --git a/src/test/test_descriptors.inc b/src/test/test_descriptors.inc index ecbccbd43a..445768e4bf 100644 --- a/src/test/test_descriptors.inc +++ b/src/test/test_descriptors.inc @@ -1,305 +1,431 @@ const char TEST_DESCRIPTORS[] = -"@uploaded-at 2014-06-08 19:20:11\n" -"@source \"127.0.0.1\"\n" -"router test000a 127.0.0.1 5000 0 7000\n" -"platform Tor 0.2.5.3-alpha-dev on Linux\n" -"protocols Link 1 2 Circuit 1\n" -"published 2014-06-08 19:20:11\n" -"fingerprint C7E7 CCB8 179F 8CC3 7F5C 8A04 2B3A 180B 934B 14BA\n" -"uptime 0\n" -"bandwidth 1073741824 1073741824 0\n" -"extra-info-digest 67A152A4C7686FB07664F872620635F194D76D95\n" -"caches-extra-info\n" -"onion-key\n" -"-----BEGIN RSA PUBLIC KEY-----\n" -"MIGJAoGBAOuBUIEBARMkkka/TGyaQNgUEDLP0KG7sy6KNQTNOlZHUresPr/vlVjo\n" -"HPpLMfu9M2z18c51YX/muWwY9x4MyQooD56wI4+AqXQcJRwQfQlPn3Ay82uZViA9\n" -"DpBajRieLlKKkl145KjArpD7F5BVsqccvjErgFYXvhhjSrx7BVLnAgMBAAE=\n" -"-----END RSA PUBLIC KEY-----\n" -"signing-key\n" -"-----BEGIN RSA PUBLIC KEY-----\n" -"MIGJAoGBAN6NLnSxWQnFXxqZi5D3b0BMgV6y9NJLGjYQVP+eWtPZWgqyv4zeYsqv\n" -"O9y6c5lvxyUxmNHfoAbe/s8f2Vf3/YaC17asAVSln4ktrr3e9iY74a9RMWHv1Gzk\n" -"3042nMcqj3PEhRN0PoLkcOZNjjmNbaqki6qy9bWWZDNTdo+uI44dAgMBAAE=\n" -"-----END RSA PUBLIC KEY-----\n" -"hidden-service-dir\n" -"contact auth0@test.test\n" -"ntor-onion-key pK4bs08ERYN591jj7ca17Rn9Q02TIEfhnjR6hSq+fhU=\n" -"reject *:*\n" -"router-signature\n" -"-----BEGIN SIGNATURE-----\n" -"rx88DuM3Y7tODlHNDDEVzKpwh3csaG1or+T4l2Xs1oq3iHHyPEtB6QTLYrC60trG\n" -"aAPsj3DEowGfjga1b248g2dtic8Ab+0exfjMm1RHXfDam5TXXZU3A0wMyoHjqHuf\n" -"eChGPgFNUvEc+5YtD27qEDcUjcinYztTs7/dzxBT4PE=\n" -"-----END SIGNATURE-----\n" -"@uploaded-at 2014-06-08 19:20:11\n" -"@source \"127.0.0.1\"\n" -"router test001a 127.0.0.1 5001 0 7001\n" -"platform Tor 0.2.5.3-alpha-dev on Linux\n" -"protocols Link 1 2 Circuit 1\n" -"published 2014-06-08 19:20:11\n" -"fingerprint 35DA 711C FC62 F88B C243 DE32 DC0B C28A 3F62 2610\n" -"uptime 0\n" -"bandwidth 1073741824 1073741824 0\n" -"extra-info-digest 9E12278D6CF7608071FE98CE9DCEE48FA264518A\n" -"caches-extra-info\n" -"onion-key\n" -"-----BEGIN RSA PUBLIC KEY-----\n" -"MIGJAoGBAPbyUrorqoXMW4oezqd307ZGxgobqvQs2nb3TdQyWrwsHtJmS3utdrJS\n" -"xJUZPNHOQ2hrDWW1VvevYqRTGeXGZr9TDZ3+t/gVUttqYRhuzzgEKVAZSsTo5ctO\n" -"QNHnzJ6Xx/w/trhWqPTeJ7R0TCyAbWW7aE3KaKdwvZilRZp/oRUnAgMBAAE=\n" -"-----END RSA PUBLIC KEY-----\n" -"signing-key\n" -"-----BEGIN RSA PUBLIC KEY-----\n" -"MIGJAoGBALwOJ7XZHBnjJEuwF3Os6eashNbTH9YnH8TBZBdKgu3iFJYqDslcMIPX\n" -"gWCJ9apPHyh1+/8OLRWeEYlwoZzgGi0rjm/+BNeOOmJbjfyjk97DuB9/2O5zr1BM\n" -"CvOHqQSzMD+vz1ebvfM039a2mO8lXruUFPZQaFVxk8371XP2khqhAgMBAAE=\n" -"-----END RSA PUBLIC KEY-----\n" -"hidden-service-dir\n" -"contact auth1@test.test\n" -"ntor-onion-key t5bI1ksTdigOksMKRHUDwx/34ajEvDN1IpArOxIEWgk=\n" -"reject *:*\n" -"router-signature\n" -"-----BEGIN SIGNATURE-----\n" -"KtMW7A/pzu+np6aKJSy6d7drIb4yjz8SPCo+oQNxj2IqNHJir2O2nWu69xy+K0c1\n" -"RL05KkcDaYzr5hC80FD1H+sTpGYD28SPkQkzPw+0pReSDl93pVXh0rU6Cdcm75FC\n" -"t0UZzDt4TsMuFB0ZYpM3phKcQPpiDG6aR0LskL/YUvY=\n" -"-----END SIGNATURE-----\n" -"@uploaded-at 2014-06-08 19:20:11\n" -"@source \"127.0.0.1\"\n" -"router test004r 127.0.0.1 5004 0 7004\n" -"platform Tor 0.2.5.3-alpha-dev on Linux\n" -"protocols Link 1 2 Circuit 1\n" -"published 2014-06-08 19:20:10\n" -"fingerprint CC6A 48BD 52BD 9A2C 6670 5863 AC31 AE17 6E63 8B02\n" -"uptime 0\n" -"bandwidth 1073741824 1073741824 0\n" -"extra-info-digest B5CC249CEF394B5AFCA0C77FA7D5605615FA487C\n" -"onion-key\n" -"-----BEGIN RSA PUBLIC KEY-----\n" -"MIGJAoGBAMze36Hupy7HACcF3TMv5mJuZbx3d3cS0WYLl6vTeChBgpS5CEXq6zIu\n" -"d31YmtUcxH6fOjDOudhbnXuoh1nH4CP+LocVHAdlGG1giAm7u8yZudVvVJiIqFgQ\n" -"wVDcWx8LbGCi5P9J/ZPKAIVsSyS7xkOqHjz3VMo/uYLbQCFAwfkdAgMBAAE=\n" -"-----END RSA PUBLIC KEY-----\n" -"signing-key\n" -"-----BEGIN RSA PUBLIC KEY-----\n" -"MIGJAoGBAM/qGP365x6bH+ug7rKVy7V5lC9Ff2Jfk0wlTFIzzwn+DMSG6xDvulKe\n" -"wcIzgGNdQu7qlKlQUif3GPMr0KSS32cRsmoRQJcsm9+lGUK871NyZ8AyrHT+LhyF\n" -"cs718P0iN5yKF2FikNr727kEANCzvC1l9eP4qF5GGzsNtglbJ7bTAgMBAAE=\n" -"-----END RSA PUBLIC KEY-----\n" -"hidden-service-dir\n" -"ntor-onion-key a9Pavqnx7DFhMWUO0d17qF9Py8+iie4FnxTHaTgfIXY=\n" -"reject *:25\n" -"reject *:119\n" -"reject *:135-139\n" -"reject *:445\n" -"reject *:563\n" -"reject *:1214\n" -"reject *:4661-4666\n" -"reject *:6346-6429\n" -"reject *:6699\n" -"reject *:6881-6999\n" -"accept *:*\n" -"router-signature\n" -"-----BEGIN SIGNATURE-----\n" -"HVW7kjBgEt+Qdvcrq+NQE1F9B8uV9D38KA2Bp6cYHLWCxL6N4GS8JQqbOEtnqaj7\n" -"Vxrv7uy1Fzb15Zr+1sUVMxNv+LLRfr+JzfETMNYVkYDrNgr1cAAVEQzFWbIziond\n" -"xMFp64yjEW9/I+82lb5GBZEiKdEd4QqWMmQosoYMTM8=\n" -"-----END SIGNATURE-----\n" -"@uploaded-at 2014-06-08 19:20:12\n" -"@source \"127.0.0.1\"\n" -"router test002a 127.0.0.1 5002 0 7002\n" -"platform Tor 0.2.5.3-alpha-dev on Linux\n" -"protocols Link 1 2 Circuit 1\n" -"published 2014-06-08 19:20:11\n" -"fingerprint 29C7 BBB6 C437 32D5 BDF1 5671 F5C5 F1FB 6E36 4B47\n" -"uptime 0\n" -"bandwidth 1073741824 1073741824 0\n" -"extra-info-digest 9BB181EA86E0130680C3CC04AD7DE4C341ADC2C7\n" -"caches-extra-info\n" -"onion-key\n" -"-----BEGIN RSA PUBLIC KEY-----\n" -"MIGJAoGBALNH19oF8Ajf+djlH/g7L+enFBf5Wwjmf3bPwNKWZ9G+B+Lg8SpfhZiw\n" -"rUqi7h21f45BV/dN05dK6leWD8rj1T9kuM9TKBOEZxIWeq7zbXihyu4XPxP4FNTS\n" -"+0G7BhdP4biALENmeyLhUCZaw5Ic/jFkHT4gV9S0iVZiEDwC9twXAgMBAAE=\n" -"-----END RSA PUBLIC KEY-----\n" -"signing-key\n" -"-----BEGIN RSA PUBLIC KEY-----\n" -"MIGJAoGBALeyQGMQBHgTxpO/i30uHjflTm9MNi3ZBNcOKpvBXWYgY42qTqOZ7Uam\n" -"c5pmZhTLrQ1W8XlGDw8Cl8ktZ0ylodLZyUNajBtJvSFWTb8iwdZsshW6Ahb8TyfI\n" -"Y7MwTlQ/7xw4mj1NEaui6bwGgEZUs18RTqhDrUc2Mcj1Yf61Rq+7AgMBAAE=\n" -"-----END RSA PUBLIC KEY-----\n" -"hidden-service-dir\n" -"contact auth2@test.test\n" -"ntor-onion-key ukR41RjtiZ69KO0SrFTvL0LoZK/ZTT01FQWmCXTCUlE=\n" -"reject *:*\n" -"router-signature\n" -"-----BEGIN SIGNATURE-----\n" -"IY2s/RY4tdahrgfGG+vW7lOvpfofoxxSo7guGpSKGxVApiroCQtumoYifnnJ88G2\n" -"K4IbxwEO8pgO8fnz1mibblUWw2vdDNjCifc1wtXJUE+ONA0UcLRlfQ94GbL8h2PG\n" -"72z6i1+NN0QahXMk7MUbzI7bOXTJOiO8e2Zjk9vRnxI=\n" -"-----END SIGNATURE-----\n" -"@uploaded-at 2014-06-08 19:20:12\n" -"@source \"127.0.0.1\"\n" -"router test006r 127.0.0.1 5006 0 7006\n" -"platform Tor 0.2.5.3-alpha-dev on Linux\n" -"protocols Link 1 2 Circuit 1\n" -"published 2014-06-08 19:20:11\n" -"fingerprint 829B 3FAA A42B 605A EB0B F380 8F32 8ED1 73E7 0D25\n" -"uptime 0\n" -"bandwidth 1073741824 1073741824 0\n" -"extra-info-digest 7ECB757002EB9B5838B13AE6F2357A5E585131B8\n" -"onion-key\n" -"-----BEGIN RSA PUBLIC KEY-----\n" -"MIGJAoGBALsNBChcLVndlS4HNXL3hxBJVgXctATz6yXcJt3bkDB5cjv7Q9fqN3Ue\n" -"j3SI1OUBx4YrLcSLD/hELHVilLrrfbaraAFfAsydlRLjTVcMRx5FFlDd0E7TAadc\n" -"71CkTipNnjwqz1mTRKkEFeepnh/JaFDidY9ER1rMBA5JRyBvqrD9AgMBAAE=\n" -"-----END RSA PUBLIC KEY-----\n" -"signing-key\n" -"-----BEGIN RSA PUBLIC KEY-----\n" -"MIGJAoGBAPgipA8yLj1kqrMlAH7cK7IQEdmqmfNHGXdkYQ+TKtfLh0zeEIvvh9yh\n" -"k+vKHS+HVoHo3tecB9QjJyDyyJTiETXCupSOY+ebG648JADAvv8v1WiE+KBXtjpl\n" -"qgDTrDj5CwGuY6cvQdej5yg1UAVlMMZSg3thL3tCYtQbOq66lAlnAgMBAAE=\n" -"-----END RSA PUBLIC KEY-----\n" -"hidden-service-dir\n" -"ntor-onion-key q02F3AQsCX7+zXNpfTqBF8O8lusPhRJpQVxOnBvbOwc=\n" -"reject *:25\n" -"reject *:119\n" -"reject *:135-139\n" -"reject *:445\n" -"reject *:563\n" -"reject *:1214\n" -"reject *:4661-4666\n" -"reject *:6346-6429\n" -"reject *:6699\n" -"reject *:6881-6999\n" -"accept *:*\n" -"router-signature\n" -"-----BEGIN SIGNATURE-----\n" -"L1fdgoN/eXgdzIIXO63W4yGoC9lRozMU+T0Fimhd/XFV8qxeUT83Vgf63vxLUHIb\n" -"D4a80Wj7Pm4y5a766qLGXxlz2FYjCdkp070UpgZneB+VifUlFd/bNAjsiYTstBKM\n" -"EI2L0mhl9d/7KK8vgtadHdX1z1u7QjyF6ccnzhfqeiY=\n" -"-----END SIGNATURE-----\n" -"@uploaded-at 2014-06-08 19:20:12\n" -"@source \"127.0.0.1\"\n" -"router test003r 127.0.0.1 5003 0 7003\n" -"platform Tor 0.2.5.3-alpha-dev on Linux\n" -"protocols Link 1 2 Circuit 1\n" -"published 2014-06-08 19:20:11\n" -"fingerprint 71FD 3A35 F705 8020 D595 B711 D52A 9A0A 99BB B467\n" -"uptime 0\n" -"bandwidth 1073741824 1073741824 0\n" -"extra-info-digest 3796BE0A95B699595445DFD3453CA2074E75BCE8\n" -"onion-key\n" -"-----BEGIN RSA PUBLIC KEY-----\n" -"MIGJAoGBAL44ctIioIfCYFzMTYNfK5qFAPGGUpsAFmS8pThQEY/tJU14+frJDBrC\n" -"BkLvBs05Bw7xOUb0f2geiYGowBA6028smiq5HzTO7Kaga8vfV7AnANPX+n9cfHCr\n" -"/2cMnKkT/GZzpdk0WbUw5Kc/G1ATIPFQHA8gZAi1fsSIDDn3GRV5AgMBAAE=\n" -"-----END RSA PUBLIC KEY-----\n" -"signing-key\n" -"-----BEGIN RSA PUBLIC KEY-----\n" -"MIGJAoGBALlPo5AI1mVTi+194yOSf40caoFlxSTfXt8KjGVa1dO/bpX7L3noOjYg\n" -"goU4Aqim7BHmBWQDE/tZNTrchFoLQFHi9N4pv/0ND3sY904pzqGpe3FeTuU8P9Jg\n" -"q2w3MeO3GwG8CJf4FOdSkgi8UKkJhOld4g4kViQbrFLXfdFvnT/zAgMBAAE=\n" -"-----END RSA PUBLIC KEY-----\n" -"hidden-service-dir\n" -"ntor-onion-key qluYCRrsesOTkavCLnNK6H1ToywyDquCyYeP0h/qol4=\n" -"reject *:25\n" -"reject *:119\n" -"reject *:135-139\n" -"reject *:445\n" -"reject *:563\n" -"reject *:1214\n" -"reject *:4661-4666\n" -"reject *:6346-6429\n" -"reject *:6699\n" -"reject *:6881-6999\n" -"accept *:*\n" -"router-signature\n" -"-----BEGIN SIGNATURE-----\n" -"d09K7rW/OpVzoUpfZXJuJW7a+P4pROCOZTgvDUIy/Nv+EAjcYqv95PlJ8cAMqnn3\n" -"1oQibRmmQwn0OmG5cB8NaZiueaVIRheGzHEM8rndpHn5oFXdFvV7KKjScvfuBbTk\n" -"RYME8XyawRaqsEZnwirDDlZuiZOjdQs8bbGsko3grJE=\n" -"-----END SIGNATURE-----\n" -"@uploaded-at 2014-06-08 19:20:12\n" -"@source \"127.0.0.1\"\n" -"router test005r 127.0.0.1 5005 0 7005\n" -"platform Tor 0.2.5.3-alpha-dev on Linux\n" -"protocols Link 1 2 Circuit 1\n" -"published 2014-06-08 19:20:11\n" -"fingerprint EB6E 42ED E6BF 5EE0 19F5 EFC1 53AD 094C 1327 7B76\n" -"uptime 0\n" -"bandwidth 1073741824 1073741824 0\n" -"extra-info-digest C031EE4E1AE826C1E3C4E21D81C961869E63F5D2\n" -"onion-key\n" -"-----BEGIN RSA PUBLIC KEY-----\n" -"MIGJAoGBAMd9Fm4KTSjFDzEABPZ1fwBCC2DNgee6nAmlde8FRbCVfcIHRiJyv9YG\n" -"h530yUJal3hBfiWwy/SBA4LDz1flNCEwJm81s3waj4T9c676dAOLPcnOcJM5SbaQ\n" -"hYPDrIZLEZHAk+IoM+avKYYocwCJXwx6WTtsedF0wJBZ9mQAJERJAgMBAAE=\n" -"-----END RSA PUBLIC KEY-----\n" -"signing-key\n" -"-----BEGIN RSA PUBLIC KEY-----\n" -"MIGJAoGBAKT7ldhV43S1CgoER/pU0Rigf0NzcSy25DQJrMRQnNmXnL03Dwuv/Iu7\n" -"dCjgg64odnvSkXHFhkbjGcg8aXikvfbMyZTbsD8NrrP6FS6pfgPgZD9W2TK7QdHI\n" -"QXwx1IYaaJK4nDUNfJhjrclydEdxmHbO1nLG1aS0ypn/G0EBpOSnAgMBAAE=\n" -"-----END RSA PUBLIC KEY-----\n" -"hidden-service-dir\n" -"ntor-onion-key umFmyRPA0dIsi0CFYCbGIPe2+OUkyslTkKKDEohjQQg=\n" -"reject *:25\n" -"reject *:119\n" -"reject *:135-139\n" -"reject *:445\n" -"reject *:563\n" -"reject *:1214\n" -"reject *:4661-4666\n" -"reject *:6346-6429\n" -"reject *:6699\n" -"reject *:6881-6999\n" -"accept *:*\n" -"router-signature\n" -"-----BEGIN SIGNATURE-----\n" -"JiXEbqPgDPWEb9DzCYINRXfmvMIc/IRtvshS8Vmmn7DW67TrTLKCEAnisGo92gMA\n" -"bhxGb9G5Mxq/8YqGoqdI2Vp6tfKlz/9AmjHzFAo01y42gafXIdr1oUS2RimA8jfF\n" -"hwfQkbG0FYEsJrH3EUa8sMhcjsEaohK/kgklMR7OgQY=\n" -"-----END SIGNATURE-----\n" -"@uploaded-at 2014-06-08 19:20:12\n" -"@source \"127.0.0.1\"\n" -"router test007r 127.0.0.1 5007 0 7007\n" -"platform Tor 0.2.5.3-alpha-dev on Linux\n" -"protocols Link 1 2 Circuit 1\n" -"published 2014-06-08 19:20:11\n" -"fingerprint DABD 2AAF 8C9F 3B71 7839 9C08 DCD8 CD9D 341D 0002\n" -"uptime 0\n" -"bandwidth 1073741824 1073741824 0\n" -"extra-info-digest F80104A0DFFB4EB429325D41D1F71E5BF8C6C726\n" -"onion-key\n" -"-----BEGIN RSA PUBLIC KEY-----\n" -"MIGJAoGBAL42fYAriR/JeB/9NpVq5Y5EEHca+ugIpaSdRfbopWDtFjXLEk2jmO5A\n" -"KoAGIkTKDr7e9101x63H+0Nh/7w3uYs/WqTXEH8/1sHwe+0PY2HL0S6qhlOo6X54\n" -"EfK0nDDBAWFOpyiAMHRk8JVikKb56+FVIhCJgi1RIbLIiUQK2/kxAgMBAAE=\n" -"-----END RSA PUBLIC KEY-----\n" -"signing-key\n" -"-----BEGIN RSA PUBLIC KEY-----\n" -"MIGJAoGBAKQj2U5hmB68V6NQBqD8DfIkJjovvM8t6nGfYpkT8ORsROnmgI5mjM38\n" -"cmh5GIjY9RgoOWolLmsWQ4SXtS0FvrPft1M61UMTSHzlrEeuod5KenV7vGlX2TxT\n" -"0DoA5TL9yY7CmxCk8CNRCtN/g7WocgIiP4KCIiEZ4VE6LIb6sxUnAgMBAAE=\n" -"-----END RSA PUBLIC KEY-----\n" -"hidden-service-dir\n" -"ntor-onion-key 1UBS8rTlL39u9YxRJWhz+GTG1dS15VRi4au1i5qZOyI=\n" -"reject *:25\n" -"reject *:119\n" -"reject *:135-139\n" -"reject *:445\n" -"reject *:563\n" -"reject *:1214\n" -"reject *:4661-4666\n" -"reject *:6346-6429\n" -"reject *:6699\n" -"reject *:6881-6999\n" -"accept *:*\n" -"router-signature\n" -"-----BEGIN SIGNATURE-----\n" -"m7xHh+XPdLN+qcMLz1dBAEAmcdCFrtdseMHCc0FyAP2kXdayxqe3o2IOOHN++bTH\n" -"Y5iHsZembsIJJ+D/d0YEKWKh42TUWCXBu0Gbfc4OcNuR6PFlTWO2wk7rDT3HOiFr\n" -"pe3wJqZYkLxlBDamROAlMMRe71iag89H/4EulC18opw=\n" -"-----END SIGNATURE-----\n"; + "@uploaded-at 2020-10-13 13:27:09\n" + "@source \"127.0.0.1\"\n" + "router test001a 127.0.0.1 5001 0 7001\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABs1eAaaOTHiF5TNABkcl/U1x6qvlb8dyNBjuezXxF2wFLgrRAQAgBAD/a0Xx\n" + "SqkjrxcXc1h00vvkSqjNuGb4xYg1BZUoZnwegCQmxELY6fQ3m3EzYfSSl1tbP2u8\n" + "sN4SBJCsV7aRdoYebs80CnrsPiUecVdTwruODb+wAKqKSl3u7+qx8dd1yAI=\n" + "-----END ED25519 CERT-----\n" + "master-key-ed25519 /2tF8UqpI68XF3NYdNL75Eqozbhm+MWINQWVKGZ8HoA\n" + "or-address [::]:5001\n" + "platform Tor 0.4.5.0-alpha-dev on Linux\n" + "proto Cons=1-2 Desc=1-2 DirCache=1-2 FlowCtrl=1 HSDir=1-2 HSIntro=3-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-3\n" + "published 2020-10-13 13:27:09\n" + "fingerprint 2403 20EC F589 C1F4 DC0B 864B 28AF 8113 59CE FD86\n" + "uptime 324426\n" + "bandwidth 1073741824 1073741824 640416\n" + "extra-info-digest FD0FEB6B7F99C2E9A3C98968F6FB2C61B1688760 FDt9yIgtRYfaANh+E7NV6MUAvOR7DcJIjjBkhGMN6Vs\n" + "caches-extra-info\n" + "onion-key\n" + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIGJAoGBAOrByE3R1SqUkYLMDDB408uliYrBj860aKU0sbS9F9xmxFONB4xHP6uA\n" + "MyBgHQGL91N30yZxWKkdRiuKpCZafxLrflx20U/JTijJugNWPBcLXG7pTaJsL7LQ\n" + "61WRwo7md8X5zRhSGd8Pisq2Ru2yDrd0DNfoxy2CSLJX0DN9aw4xAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + "signing-key\n" + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIGJAoGBALb83qDqIq7U75NuDnzZL/A1YvxMp/YqoxtKd2GuCOMRpu+DLpEJfAkB\n" + "0o9IP+CeCkT3JPP2irY+WEw8gLU9bx2VfdK4sm59Q7G0gWcfYsvn3wb3q43e0LOf\n" + "KQ/HMkZ+sJwQ5sCteAhGqbr9XNBfRE0bT5pyEZGKNg3ufCd1c7MLAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "Mr8P5CTgWB/J84yzF/zY4tnQixbFyNBXi+KXBVvRmFRKBKtRRf7NYKDlXpTWA+yv\n" + "lyVzzKyVlSreRIZbmS/VZrS0adj8EL8VAGVg3l/7ZumKFRB0JSiVpidd2yu0K8/2\n" + "qENpmGQbFco+6tj8dsxr4HrPaV7UBDxwjDR/2HADiiI=\n" + "-----END CROSSCERT-----\n" + "ntor-onion-key-crosscert 0\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABs2OAf9rRfFKqSOvFxdzWHTS++RKqM24ZvjFiDUFlShmfB6AAFr/gG3LV3nx\n" + "pFWmVimT3w4a9RX4sihTdCQKtYIO2JTSUaBnBBCGWNKL/pgMq13Y+fUnrrltFprb\n" + "ts9KP+yi/QU=\n" + "-----END ED25519 CERT-----\n" + "hidden-service-dir\n" + "contact auth1@test.test\n" + "ntor-onion-key rrw3paBStz7xhguZJDdjl/Tcpqwgv4u37Zi1zJcVNFk\n" + "reject *:*\n" + "tunnelled-dir-server\n" + "router-sig-ed25519 pVC4W6LarfI5xgQIjwoizvHiU6HXf0P9t7M4nWQfYduzNuIk3KPDVxZWfm+r3QDMBVDSBc9yAmFVmxFi4PfeAg\n" + "router-signature\n" + "-----BEGIN SIGNATURE-----\n" + "KHkPXBETKq3xyIckAS8BfL5Numjx2f3wLxkkDbDtsJt4nhXuL3CyWwtQGGQOqo10\n" + "HJfxeV2FktxHjlW08BGp8/EwnOcHsJkKg2yOlJodYXln8ATsHaMDS6inllyACIfC\n" + "680xs6LMJlUh/7qjPK3if7ayD+vPDCh+5IXq4n4Rn3k=\n" + "-----END SIGNATURE-----\n" + "@uploaded-at 2020-10-13 13:27:10\n" + "@source \"127.0.0.1\"\n" + "router test002a 127.0.0.1 5002 0 7002\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABs1eAW2RVTJizfLKok8vZjvtdSQfTkjJbwuBJJah89MpjJJ1AQAgBAD7AE/p\n" + "ZVnOoor55N3BTseFvzTESbjQVJkMEw2jNMmkMUeolbJlRtsklLCMGjY9H79EFdY1\n" + "QamhpTz5AR4IyKdruX5SD+h8ovvWQK/pvVD20rI7Em6Qbg8OVvEPaZwxQwo=\n" + "-----END ED25519 CERT-----\n" + "master-key-ed25519 +wBP6WVZzqKK+eTdwU7Hhb80xEm40FSZDBMNozTJpDE\n" + "or-address [::]:5002\n" + "platform Tor 0.4.5.0-alpha-dev on Linux\n" + "proto Cons=1-2 Desc=1-2 DirCache=1-2 FlowCtrl=1 HSDir=1-2 HSIntro=3-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-3\n" + "published 2020-10-13 13:27:10\n" + "fingerprint 1849 2918 5A95 1CF2 DDA7 C3B0 1ACB 32D7 360C C4BF\n" + "uptime 324427\n" + "bandwidth 1073741824 1073741824 776649\n" + "extra-info-digest 8CB745E0CD4FD3E7E22739124F8FE88840CAFF05 f+jRe7cLSC7bCBEQfHhVxWYZbu5MXsdqQbFRAFhUFNo\n" + "caches-extra-info\n" + "onion-key\n" + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIGJAoGBALkdaGnfYPMk4Gb6tEM0VkAHvf52ETyxn/yz876JzmbBqhMRz7BGMUKX\n" + "et6pLXZRrL0TbYbDkESCkWvOj9nq6pyxwoYcBTNBo/w3kdDk/RlVlc0egrvXQPgO\n" + "O0XJ3qjfW88aCyW4pr1XPpiLedj7GAMkHLXKSjHptKvkMH8UBIWrAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + "signing-key\n" + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIGJAoGBANf2NRv0Si2EBM/Bt055XgLdUAHJhAu+kI9/EOfZbHf/hXeV/NAA8QJB\n" + "TsqoN/v1krBFTUUZmushA7SAYJk69SipJDzYEOg3ZaaPVGanrLh7hiMTemgKh5j1\n" + "6ABIbUfZz4GufalIUzyVxF7qUNF7xZgKBzmxR7eW3jSabrEFdrPFAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "Q8rGB57opO5DQrRdIO4EoUphDbRNhIIYzs43UeZk+BDxYkMdMSMcmj7JqemH2AC1\n" + "yjOKbjy14w1cVmGvlXzvOKAA3ylpF7c3UkLhaVurKBmiZKXtZaWLns744QSGUbog\n" + "erN+WT0syXaXXEZGr6pPDtK9NJld/nMBw8TBGwNL8nc=\n" + "-----END CROSSCERT-----\n" + "ntor-onion-key-crosscert 1\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABs2OAfsAT+llWc6iivnk3cFOx4W/NMRJuNBUmQwTDaM0yaQxANuEvTxfukyO\n" + "lPKM02Lzm0hIvhFmbEqmekfwrqYG+avRmAeDc8eStlm8CQBw7LRJE++MJgAHWh9r\n" + "1tB3DcJxiQU=\n" + "-----END ED25519 CERT-----\n" + "hidden-service-dir\n" + "contact auth2@test.test\n" + "ntor-onion-key /vAbEzRKRi0j/0mrhyKBdNMxR56xnzl6fQvtHT/QcAE\n" + "reject *:*\n" + "tunnelled-dir-server\n" + "router-sig-ed25519 yo7QljYNLR1qIYtRUO4j769qUiDAOk4ueL1XQWFWi+TIenwiBc55fgUFQZAg3wgEwPM37CUdMkAMWKA2CQgSCw\n" + "router-signature\n" + "-----BEGIN SIGNATURE-----\n" + "hYDgjk0GH3xiBOgAccLQntNTYWGmzEvjozZIfqh6IzJtAfZkqpg9O7xaEiMRmkwj\n" + "+BHuMHiLj9BIHrMAP89pW9SoK+UfQdzKEI6VLFz/Z3c7H9F2OHse5HVc01X0Z6w7\n" + "eCPEOYUid7JJuVcABnJjs5PDo81LLOzY3089xRepC+c=\n" + "-----END SIGNATURE-----\n" + "@uploaded-at 2020-10-13 13:27:12\n" + "@source \"127.0.0.1\"\n" + "router test000a 127.0.0.1 5000 0 7000\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABs1eAX4HwKEhOktiFqMiJKxeCjj6o9/7Q/2+ssa3coYnhbYaAQAgBAAaycSq\n" + "2pbQLnRy2Yn8wiUhsge+cD6Yq3e/Bgq8hgYgJzhFP3znXvYpZJ9dT1J+4G3ykeVE\n" + "RK0wTU8Utb/+2XfYbXoECmBlb0Hyb87gTsB20O/d1gBssxpIcrjXwyzh/wI=\n" + "-----END ED25519 CERT-----\n" + "master-key-ed25519 GsnEqtqW0C50ctmJ/MIlIbIHvnA+mKt3vwYKvIYGICc\n" + "or-address [::]:5000\n" + "platform Tor 0.4.5.0-alpha-dev on Linux\n" + "proto Cons=1-2 Desc=1-2 DirCache=1-2 FlowCtrl=1 HSDir=1-2 HSIntro=3-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-3\n" + "published 2020-10-13 13:27:12\n" + "fingerprint F003 9DE0 BFF7 FCB9 F2AB BC3E 6936 9DC6 83B2 D429\n" + "uptime 324429\n" + "bandwidth 1073741824 1073741824 780830\n" + "extra-info-digest 6233C6BC8DAEE31AFBCD71C01C74B3EC7429F77F tEmOGBsYCTolEuqcAL6f4wpaVNn98Y/ONFyZUKxsRUY\n" + "caches-extra-info\n" + "onion-key\n" + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIGJAoGBANLNgThrQ1xGSi/aV/pWQUwOe0uy/ITcU/MSng6orKp0yzzzXc8Ntjfi\n" + "EFXuD3aEk1lUgwOvRlO2xuiOoHAZNAmim6+h4OfBcFgTeRWbfSMOdaG6Fjvc62C8\n" + "JJ7kvQIsJoWyCN9QF9366dM8RWLGbzkJ1Ayq6FBcgx59zh6Du2w3AgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + "signing-key\n" + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIGJAoGBAMR2w3ESy+Nifvpvzx0ZlIaHzVa/prZIonYdGS95ZsCL8ImDUvPFswAq\n" + "Xf0DLF8bYMfaXQhnNsDsdyH4hlfEVrTua8ww06LPQaEw1qhC9gYfUxoHQ6s4f9yC\n" + "23KPMsw3MWnwdNspsVDjRgJlCH3JTWStNSB0TgHoRy3LYnKjzvldAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "A3PiP6XlMo9KAO+3Y9+znbqxSujOWNBJlgtQumqbTOCsnUp4tcZiqJx1Tnmd1pN5\n" + "ZPpiHl9Q4gJ7OcsgyRvNKHE1t0q+CSie5U5n70Zr6ygymcsfLGoV5E/wonmbRRyW\n" + "roEkTHQGXUtjZ6nWRGd6nhVcLCq/mfv2w7RWvkkEMyA=\n" + "-----END CROSSCERT-----\n" + "ntor-onion-key-crosscert 1\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABs2OARrJxKraltAudHLZifzCJSGyB75wPpird78GCryGBiAnADqu/a1EDc8r\n" + "SVN5RI6gC4nZRjPEg2kV4kPDTILGxTEDBfo8zwogr1gKWlclqFD4AVk/4W10hi+V\n" + "SRNLYyQfzgk=\n" + "-----END ED25519 CERT-----\n" + "hidden-service-dir\n" + "contact auth0@test.test\n" + "ntor-onion-key VLJF0ibPKRzAq/Qc9nCN9Eyv1JBk4EMBN9jQSQtxfGM\n" + "reject *:*\n" + "tunnelled-dir-server\n" + "router-sig-ed25519 +wqG2xtPPfF3Qg/xEvjxOXLjMr5NCX7muDM+sVUEXiPYpPkxxN39Y6XcSMYJf6KgmO5AmlU+7csL5OdQeENlAQ\n" + "router-signature\n" + "-----BEGIN SIGNATURE-----\n" + "q23Fmc55TMJhJW5bFN4BZKt5spInNdBtXIOj78WCpHheEY3LXs0LRiU5pOMQPIhR\n" + "BZ8lhToo72hZr0BErZqP0AAR+7yrKdvNKFp49opwfBCQAdw+a5UxvmCxyy2zebaW\n" + "UWHVtAUrohyct9Bd2Ji8mwohjRz/kxLAufUMtJVw1oE=\n" + "-----END SIGNATURE-----\n" + "@uploaded-at 2020-10-13 13:27:14\n" + "@source \"127.0.0.1\"\n" + "router test007r 127.0.0.1 5007 0 7007\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABs1eAYJYgXIkzMMOaM6v7/IOs5NUaPdVHwPgYWDTZ/3ju2vnAQAgBAAHB+2c\n" + "K3h4v+X4dzLh1Cl8U1hwUKBSmgE6KSE+oWeM6iZ8lEFJlMPA90v9hc1xnTe9zjjS\n" + "LkFWFIJcR3W54CJw56uTGcd0AcrCcJKph1tebIv+7y1Kz9i6SsZBpoWxcQI=\n" + "-----END ED25519 CERT-----\n" + "master-key-ed25519 BwftnCt4eL/l+Hcy4dQpfFNYcFCgUpoBOikhPqFnjOo\n" + "or-address [::]:5007\n" + "platform Tor 0.4.5.0-alpha-dev on Linux\n" + "proto Cons=1-2 Desc=1-2 DirCache=1-2 FlowCtrl=1 HSDir=1-2 HSIntro=3-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-3\n" + "published 2020-10-13 13:27:14\n" + "fingerprint 53F5 0783 5270 D39A 1E47 62C6 8F5E D21F C5F7 F7E9\n" + "uptime 324431\n" + "bandwidth 1073741824 1073741824 777802\n" + "extra-info-digest CC5F5C9F98FEE42D36C186052C88F4AF08ABCE19 q9AA03Hu526wTSvrdqNdWIzjCr+OzUREXfO6HKF6/9s\n" + "onion-key\n" + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIGJAoGBAKHxn6yov5enz1uNzpMOtk74kEpwLvlcSmEGd0gwi3VPs6V64a9X15Ku\n" + "OD9TXWY4pcjXTGAUZ0IDEfLziAVpUUByVL7uMXD5Lm/5CoLEGgyBqsvAynK0JymR\n" + "uLJKkdKosR589jGyQpgb9yEk6n/VtlJUsTutsOgYgO/KFh/dmP/5AgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + "signing-key\n" + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIGJAoGBAL5sykSg1TVaP0WNbydIhdC2fwBNkIlPv+wR9DbZ7+4b18vGmrQz8sgJ\n" + "ZpSyRmfe6jkZBOvPDPOLBCtU8+QptmPX6+w2AZhPXr8kpUfYRRrrnaWtMTzYKgmj\n" + "R/1lC29PWzDAl98TXid08H36jCUZwcbqrOmOBBQi6hzBOPz9syb7AgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "CVKyWa+nJnimA22PG9+NMklfgCwWF8EUIhgbLNZAlnC16RHvwQsnAUeEs6frstin\n" + "UCZ84MXSntqn/Tore0Vs102BrSjv8uIFXaXEH8jRaLcDPeYJKyBXAOINtlVtc3Ze\n" + "faMUiR7X3cxZsoGJPeAYjLEKghIbEj2sMfWDqfTUeYk=\n" + "-----END CROSSCERT-----\n" + "ntor-onion-key-crosscert 1\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABs2OAQcH7ZwreHi/5fh3MuHUKXxTWHBQoFKaATopIT6hZ4zqACWhqDvK437I\n" + "OLfulZGKeyPcWCaMHjdYp9HByRW1xZhCV98maaTkpTCy7kGa0oaHGYl1hETMeIXN\n" + "1I8YTDv4pQM=\n" + "-----END ED25519 CERT-----\n" + "hidden-service-dir\n" + "ntor-onion-key vCYC3rCCj+emJh8uNnK3OcX2mRrgPWGgeka617QnGFM\n" + "accept *:*\n" + "tunnelled-dir-server\n" + "router-sig-ed25519 PnDFvJl9otq2sXsDkm023L9+VAftkADmn8ocYVU8z5UcpwQ/2ZrZOUBthWOgt+j7SuiOb6rDw4KT5zWNwSusDw\n" + "router-signature\n" + "-----BEGIN SIGNATURE-----\n" + "H+/0VaNq9cX7GGj8s1ZWaaoLEuocakqcvZOUB4XoL5qmN3TCPfLMUDGM56EMkrvx\n" + "bzR6/iUm8RAK5bVoPMynYm3iJW7xwvXg6W4qTSIxaTX9SnZh03+UfnyPE3uykkSa\n" + "8+JZ6F9kqabWhi4yKsZtHt64A0/F+jyR5CvXl1kdt40=\n" + "-----END SIGNATURE-----\n" + "@uploaded-at 2020-10-13 13:27:14\n" + "@source \"127.0.0.1\"\n" + "router test006r 127.0.0.1 5006 0 7006\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABs1eAaRBmBZIcRzdZXo2qSBLNy9nZXvSyCmVMTbs+SLH8ozAAQAgBAANeGA+\n" + "qbvQAb9cMCjnGewaWlVp3xFaV2EWHV/IVnRmJodgXot9/W1v/eyGjzJ5mxTLLzDQ\n" + "a68Ry1NrLeDBX3ERX9XjiZ8YUrQlqWz8HsSZYdMoH7fDpaBG7SONxuCVqAo=\n" + "-----END ED25519 CERT-----\n" + "master-key-ed25519 DXhgPqm70AG/XDAo5xnsGlpVad8RWldhFh1fyFZ0ZiY\n" + "or-address [::]:5006\n" + "platform Tor 0.4.5.0-alpha-dev on Linux\n" + "proto Cons=1-2 Desc=1-2 DirCache=1-2 FlowCtrl=1 HSDir=1-2 HSIntro=3-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-3\n" + "published 2020-10-13 13:27:14\n" + "fingerprint A0E2 FA39 D23F BB97 0B56 0C53 3BD8 B16D 0E63 548B\n" + "uptime 324431\n" + "bandwidth 1073741824 1073741824 347136\n" + "extra-info-digest BF56A5D6A1DB3090F4FE6AA37D0C4F97732AE49C B92bY5UKX7LVqvxvI4KZDlST1VQ+gy9IOO4SYIKdMnY\n" + "onion-key\n" + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIGJAoGBALyNFEPoUDXHUprDPXMIKWoCeWDo4ztVh6yHJQE8v88tc3WiuBt7ExBP\n" + "3Hjrh10/julakjsQWqB/8neJc7lJqdnQqFp0G8KhViwRaWgxiMAAfgq9kRB8UDPD\n" + "GpgVGrvBB4mY9REnLlAeDjPK+rJ2ww5TSDe7GP5SYJh/5jBIAmShAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + "signing-key\n" + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIGJAoGBANnUmF9BJ77e1Vc+sIN+gXO4FGb+NYeEkzg8yTjlUCu/8eQCmNLjwO2A\n" + "S9cnfeK8vD0l7EgiYQWRUZRR5aK06VLDDbLZ6O5Kbey4gibgRCkXj85SGBsV0upr\n" + "rmozECBg3RshdvD1nRrubUYIbDQd5rH+XTYn7O42QVRodHuBJP2DAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "MsINH4fEw+GMWeLSxxmHfpSas1KEaX1RD0oo5GdyJjRs5Q2+ieDiW0T0VVN0auAp\n" + "niJoPf8er4oDjuJPuUTzsfiZUxBjCiMgLigdwI7FLFhbL/7dgZFzF+2a/JoFKbGv\n" + "2LKrEl0B8DsyG5aoF5T45eY5cx6fFXOkQjvYDEJ8cyM=\n" + "-----END CROSSCERT-----\n" + "ntor-onion-key-crosscert 0\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABs2OAQ14YD6pu9ABv1wwKOcZ7BpaVWnfEVpXYRYdX8hWdGYmANmc1AEsD0I4\n" + "+PKxTbE3RgpP0aUxiRBaQ3GGIvWyNZsix1bE1As/Y4N1/Vtn57b0eMd2xLokeEvG\n" + "JTGrTHoELA0=\n" + "-----END ED25519 CERT-----\n" + "hidden-service-dir\n" + "ntor-onion-key 2OKE+7fTI/CKOZ4bzzfSuNaSBzsBNlyjg7PJhWaMMmw\n" + "accept *:*\n" + "tunnelled-dir-server\n" + "router-sig-ed25519 Ez2DIieIvjFe8tZt5P4yOGuNH5Nw2PO6dD0hLylGhnk/elmG4hxf+qBj6LHybos88TP2fAh0mwceomGoUQQZDg\n" + "router-signature\n" + "-----BEGIN SIGNATURE-----\n" + "dxOuYd7waHjZjfWMQwKWhJxrFA/z1dKwkAZSVwglSHCCD8EmAcuerxhTiEzmKJm1\n" + "areR0g1oNigVyQd8Y5gYam9lgLLM4vEyHVkRhgluzKBcWnwS1PAF4oYOvMxTqBuw\n" + "5dfhm58uU6h8/jeKL4J4VSNnYDwY6G4+YzOcQkU25sY=\n" + "-----END SIGNATURE-----\n" + "@uploaded-at 2020-10-13 13:27:14\n" + "@source \"127.0.0.1\"\n" + "router test004r 127.0.0.1 5004 0 7004\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABs1eATTDPEX+F/fXy60oU+qlU3kFPYm11GLFpGIkXJ3+ULD1AQAgBADBcugt\n" + "WlMsFJtdBOshhXHYNabLhZgnsHmlCrw6MR/qpwNL7TqsdPpsEvYKAuHSozOaof4V\n" + "4sy9Zd1NFvwOJLyp1QkErf4TXWDoMQUCir1AcPsj/AGDIGq48DFpZUZyego=\n" + "-----END ED25519 CERT-----\n" + "master-key-ed25519 wXLoLVpTLBSbXQTrIYVx2DWmy4WYJ7B5pQq8OjEf6qc\n" + "or-address [::]:5004\n" + "platform Tor 0.4.5.0-alpha-dev on Linux\n" + "proto Cons=1-2 Desc=1-2 DirCache=1-2 FlowCtrl=1 HSDir=1-2 HSIntro=3-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-3\n" + "published 2020-10-13 13:27:14\n" + "fingerprint C763 47FA 498E 3929 F2AC 563C B958 1249 137F F656\n" + "uptime 324431\n" + "bandwidth 1073741824 1073741824 640261\n" + "extra-info-digest 93E7E827FA057EEACE951B7D3F26A1E8FCCBC12B sHuKfKSpRmXKocb79/PgbMfM7z6UcGbbgW3aQvQIuRE\n" + "onion-key\n" + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIGJAoGBAMFoSwvDavnsMuT8v5D9vcWATYziPOe6erYE1cWAKMLL6BIrqUhCKEIi\n" + "g2hKE7XeGypQURhtV/mkvx43N1NwMTzPlbkEtL1LdDmb1kKKxsQ0kSpX75yc6g8y\n" + "5aKLVjPBMRDk5+eszo0qHs/lOO+Pn0M5zBurWv6Jk12iN9ETMT6XAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + "signing-key\n" + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIGJAoGBAOLXEVTTTkEqg47/I/JqORoqg/2r1bCa4LjPMThE6HoyvNIJRhGIsS18\n" + "37PZ3YGdkVY6bMdJWed4r4DGoqGu4I5p0hjv7CeONbGjIa19R4shkSKxGw8Prrr7\n" + "jHHg4eaK2i6p2bRPpn6V5Z/dAmfKz70682uKakZSsCA5hUoBMVr5AgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "ZO/f8nN9QYAm0O2SgaH5Zb9T6o5ibiKVC3N8nwzPzEA7xxli/OR81tCobHYoTDQt\n" + "ZYKZXLvH0LAmjdHVVOGYAyfQKR7Ig2djVQuB4VVf8ix31jpL8guUIG14IKI/XSnz\n" + "ZgHnGkAkhZC+Q+FHAc341DeSHBy9iZbwooXyuK+rfnM=\n" + "-----END CROSSCERT-----\n" + "ntor-onion-key-crosscert 0\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABs2OAcFy6C1aUywUm10E6yGFcdg1psuFmCeweaUKvDoxH+qnAJDQqV067Kgn\n" + "q56Hsi6zUgK87nX3ENuQuKtjl86uWq1QmpmMt259vMa/rouA61sglMDGsZ1YVgEC\n" + "yoUVkFxVkQM=\n" + "-----END ED25519 CERT-----\n" + "hidden-service-dir\n" + "ntor-onion-key XBpzf4GSuvJZ/PP0PM4ECNotP/VOtHcFimQ2COb+NGA\n" + "accept *:*\n" + "tunnelled-dir-server\n" + "router-sig-ed25519 fUGEaiokY5dyMBtQ7x6BWBKwsJC6MQVYfewSMiWagE+T8H2EY2Lww0yowQo0+40FIKSG4g6GNpSMvs1g0cYIAg\n" + "router-signature\n" + "-----BEGIN SIGNATURE-----\n" + "h/nND9oB+dIiHzm93xm2Fi9pemP4B5B5qJkyEJg/CcpitaXvugBIw1EOWMwqrsr2\n" + "x7ZyDz8gUp7WcXwhqbXlsLgSFT96RC4cBG6Qjvly0t+gvvcxG7RHV2ytJ7VlakyP\n" + "uENuwPYre230OfOjm5Jg+wFdlF6OMLphj2Yd7o48Xcw=\n" + "-----END SIGNATURE-----\n" + "@uploaded-at 2020-10-13 13:27:34\n" + "@source \"127.0.0.1\"\n" + "router test005r 127.0.0.1 5005 0 7005\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABs1eAfTuBhu6ypB5/9avDiY3qBzulkCvfYqbFN/ABk/o4xFcAQAgBAAnmWRG\n" + "rIvqpb4Kk3cThEiWAll4uDCO2Y46uNm9WG7AtPt4LG+XfktG3GAxv6aVQimwlyHc\n" + "1x2Lfm9KG3mWWj+hxnum4Z7873OE0B9l2Hg0YQZCW/PuHSWN0rspTvY5SgA=\n" + "-----END ED25519 CERT-----\n" + "master-key-ed25519 J5lkRqyL6qW+CpN3E4RIlgJZeLgwjtmOOrjZvVhuwLQ\n" + "or-address [::]:5005\n" + "platform Tor 0.4.5.0-alpha-dev on Linux\n" + "proto Cons=1-2 Desc=1-2 DirCache=1-2 FlowCtrl=1 HSDir=1-2 HSIntro=3-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-3\n" + "published 2020-10-13 13:27:34\n" + "fingerprint D219 590A C951 3BCD EBBA 9AB7 2100 7A4C C01B BAE3\n" + "uptime 324451\n" + "bandwidth 1073741824 1073741824 637796\n" + "extra-info-digest 78E6D382BC826B95B4111554EEE7D541A32AAAA3 c61Onjpq+1S0TrdvoaOvGAxew6yfO+uHNhipbemQmgA\n" + "onion-key\n" + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIGJAoGBAMvEJ/JVNK7I38PPWhQMuCgkET/ki4WIas4tj5Kmqfb9kHqxMR+EunRD\n" + "83k4pel1yB7QdV+iTd/4SZOI8RpZP+BO1KnOTWfpztAU1lDGr19/PwdwcHaILpBD\n" + "nNzm6otk4/bKUQ0vqpOfJljtg0DfAm4uMAQ6BMFy6uEAF7+JupuPAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + "signing-key\n" + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIGJAoGBANBzejGAwyPTPq2Gm03wpg3qICo0uDQau8opude2mW3eyxAqOqHzC8De\n" + "gRgbmn040vqe9gwvH4iaHpVeTxyDwQefbfULdq6bETmX3aSUj6LKBCqqcyuOJFQu\n" + "7M2QfNSfHtldUABpIaqFvEA3AV8qjOoUtauoFNJKMy7Wj2//S70VAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "pD3Nkkunt8zP6PO6H3uHT0t7xnorC7cY/KfF75mFB+90pHCD9f0Xdu3Pjrur/q23\n" + "PIKV3hdtdsODoJuoh8LPGNAjS5rO6HMCtHNDNunNOs69bvfaO0jThnurXmOpY0sW\n" + "eRfBeYN2KNgrN0B1eDejfPSr03dkFY48yoUDROv9EJQ=\n" + "-----END CROSSCERT-----\n" + "ntor-onion-key-crosscert 0\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABs2OASeZZEasi+qlvgqTdxOESJYCWXi4MI7Zjjq42b1YbsC0AKc5y5qYUYvw\n" + "VATtWkV9DVIZbZSb9mQP5pmNaqmX+DbmINCYt8j7l+U7g3ftUyh0Wlrgevx0pFUI\n" + "RcIU0HKHZQA=\n" + "-----END ED25519 CERT-----\n" + "hidden-service-dir\n" + "ntor-onion-key FChIfm77vrWB7JsxQ+jMbN6VSSp1P0DYbw/2aqey4iA\n" + "accept *:*\n" + "tunnelled-dir-server\n" + "router-sig-ed25519 Xm56dYbo/hCHWyzcdUPmfTeZ4qly2TYf1/2Q1lXKQDMJyBti8ZE8R2TTYsYimr+UtAapbzBItccZLze505nhBw\n" + "router-signature\n" + "-----BEGIN SIGNATURE-----\n" + "bbeN0lq6nCfJQXGcKa1M9TQ6b2upig7clrlVXuzKeR0JhGwnDCXUAFxDtrw3vkVo\n" + "ExBXXvJeBPyustFOQkdiAEWHHSW5CwEgeVCBYZeEnaiySIgDVKuu+9B53ezFdC0Y\n" + "iFJkKxxDx7ksxX0zdl7aPT4ORFEuRhCYS6el7YJmoyg=\n" + "-----END SIGNATURE-----\n" + "@uploaded-at 2020-10-13 13:28:13\n" + "@source \"127.0.0.1\"\n" + "router test003r 127.0.0.1 5003 0 7003\n" + "identity-ed25519\n" + "-----BEGIN ED25519 CERT-----\n" + "AQQABs1eAUC9IBXmVO3yeYhG6VI5o6+uyPI8tNFBR38n8RDxW91MAQAgBAD6reoi\n" + "ucfyRvLfC++3TyajT1IHbggd8/D5Gp9DlzbDf4vRNbII2iCDxilKG60yNurDcDWA\n" + "W9H2JRwrZpiQgQvEzGQJRISaGHQIVlEKpER7RvjDZvQG9KtHyDdH0txcdgo=\n" + "-----END ED25519 CERT-----\n" + "master-key-ed25519 +q3qIrnH8kby3wvvt08mo09SB24IHfPw+RqfQ5c2w38\n" + "or-address [::]:5003\n" + "platform Tor 0.4.5.0-alpha-dev on Linux\n" + "proto Cons=1-2 Desc=1-2 DirCache=1-2 FlowCtrl=1 HSDir=1-2 HSIntro=3-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-3\n" + "published 2020-10-13 13:28:13\n" + "fingerprint 09C5 1D0C D3F4 F3D5 8C73 D219 9BF3 F0FC 55F5 2965\n" + "uptime 324490\n" + "bandwidth 1073741824 1073741824 640359\n" + "extra-info-digest 64AD921120758875124DEBC83808AE282BEA76F6 6xEyhjSnACEk+bScEqhoTI43p4+bcnFh8E+9fvBdeow\n" + "onion-key\n" + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIGJAoGBANQMTqT/mcGSnwA7MsqKrtmK0re+XsJesFNeRwozZLKLgsB0ARoHvlAp\n" + "iBb/9kU++GhRBUs3EsMaU7rHN+yahDzwrVlWgRm3YV17aj1guQnHm8RaTbDtKCii\n" + "G0aBo2quU1LqXot/XVOE2BCFO0DO+4tZE5mCChpnALy0AYs2Dj4HAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + "signing-key\n" + "-----BEGIN RSA PUBLIC KEY-----\n" + "MIGJAoGBAJ2yCCvgp0/HYyvW+DIX+nMEZ8Q1Sjzke9oEVcx1UQKFDmCCRJA4cJA5\n" + "xx5hVedkIXug7DJ/2xkMR+QT+Cwqxij1K0jlJlOmnixsT/TnwyyhP6eIxNef0HuG\n" + "MAgptAEMltR9OqDEESvfGv0cz+U4fru6xHpfH9c/P4S3aeihUbSnAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n" + "onion-key-crosscert\n" + "-----BEGIN CROSSCERT-----\n" + "UaR88eoWRuFJjYqns3RP92bgZv5AKYjxNrcm0SpZIOgDeayq/1mDA/jdVbDPa4de\n" + "KRJ9ezXCo+2O2zl6rhvsRsMgVwrZEr5Hz4+Zf1H6hpvk8NoOEBCb5g3jef6nMmGr\n" + "1p+NV/OULow266pKnWidPQCWLjc+ladBLQU8EJxT65Q=\n" + "-----END CROSSCERT-----\n" + "ntor-onion-key-crosscert 1\n" + "-----BEGIN ED25519 CERT-----\n" + "AQoABs2OAfqt6iK5x/JG8t8L77dPJqNPUgduCB3z8Pkan0OXNsN/AGVx0xPqhPuo\n" + "n9nnmtt+48y9Wkcdo43Si3Nrl96TxAiOMB0NKoTIk7++puAreR364CBPM8LM0TrT\n" + "AxIjl/GuMQE=\n" + "-----END ED25519 CERT-----\n" + "hidden-service-dir\n" + "ntor-onion-key bLeD2EdnozYyTnxk9PeRykzjPEw65lVLmlBhWk5+ATI\n" + "accept *:*\n" + "tunnelled-dir-server\n" + "router-sig-ed25519 wGsA4xlKdM0rzborPOil8cvAzUS2ImXvsm9PgTQDiosGf8ve3ucdDUjKLNOTd6iFVDIl4ESG2Y3eOsqAgQddBA\n" + "router-signature\n" + "-----BEGIN SIGNATURE-----\n" + "k8ndhNl9lCng7IfgeoYGWKnvmxgfo41M9Sq3754HUAVRJcVZ1RJm4OGI/Z/fw38I\n" + "ievnndu81y/L2cuHnSr+MTXY7B2pLXueOo8YpKlx799Wugn5dnfOhz9WHkFNhWQL\n" + "8iOty3iG3VIJVi0pU3qgj5Xc1zKVa3pZ/QQfs4k/g44=\n" + "-----END SIGNATURE-----\n"; diff --git a/src/test/test_dir.c b/src/test/test_dir.c index 88fbd5ca7d..4dec05ecfd 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -29,6 +29,7 @@ #include "lib/confmgt/confmgt.h" #include "core/mainloop/connection.h" #include "core/or/relay.h" +#include "core/or/protover.h" #include "core/or/versions.h" #include "feature/client/bridges.h" #include "feature/client/entrynodes.h" @@ -100,6 +101,14 @@ #include <unistd.h> #endif +static void setup_ei_digests(void); +static uint8_t digest_ei_minimal[20]; +static uint8_t digest_ei_bad_nickname[20]; +static uint8_t digest_ei_maximal[20]; +static uint8_t digest_ei_bad_tokens[20]; +static uint8_t digest_ei_bad_sig2[20]; +static uint8_t digest_ei_bad_published[20]; + static networkstatus_t * networkstatus_parse_vote_from_string_(const char *s, const char **eos_out, @@ -216,6 +225,7 @@ basic_routerinfo_new(const char *nickname, uint32_t ipv4_addr, r1->bandwidthcapacity = bandwidthcapacity; r1->cache_info.published_on = published_on; + r1->protocol_list = tor_strdup(protover_get_supported_protocols()); if (rsa_onion_keypair_out) { *rsa_onion_keypair_out = pk1; @@ -433,13 +443,6 @@ mock_get_configured_ports(void) return mocked_configured_ports; } -static tor_cert_t * -mock_tor_cert_dup_null(const tor_cert_t *cert) -{ - (void)cert; - return NULL; -} - static crypto_pk_t *mocked_server_identitykey = NULL; /* Returns mocked_server_identitykey with no checks. */ @@ -664,211 +667,6 @@ STMT_BEGIN \ tt_str_op(e1->nickname, OP_EQ, r1->nickname); \ STMT_END -/** Run unit tests for router descriptor generation logic for a RSA-only - * router. Tor versions without ed25519 (0.2.6 and earlier) are no longer - * officially supported, but the authorities still accept their descriptors. - */ -static void -test_dir_formats_rsa(void *arg) -{ - char *buf = NULL; - char *buf2 = NULL; - char *cp = NULL; - - uint8_t *rsa_cc = NULL; - - routerinfo_t *r1 = NULL; - extrainfo_t *e1 = NULL; - routerinfo_t *rp1 = NULL; - extrainfo_t *ep1 = NULL; - - smartlist_t *chunks = NULL; - const char *msg = NULL; - int rv = -1; - - or_options_t *options = get_options_mutable(); - setup_dir_formats_options((const char *)arg, options); - - hibernate_set_state_for_testing_(HIBERNATE_STATE_LIVE); - - /* r1 is a minimal, RSA-only descriptor, with DirPort and IPv6 */ - r1 = basic_routerinfo_new("Magri", 0xc0a80001u /* 192.168.0.1 */, - 9000, 9003, - 1000, 5000, 10000, - 0, - NULL); - - /* Fake just enough of an ntor key to get by */ - curve25519_keypair_t r1_onion_keypair; - curve25519_keypair_generate(&r1_onion_keypair, 0); - r1->onion_curve25519_pkey = tor_memdup(&r1_onion_keypair.pubkey, - sizeof(curve25519_public_key_t)); - - /* Now add IPv6 */ - tor_addr_parse(&r1->ipv6_addr, "1:2:3:4::"); - r1->ipv6_orport = 9999; - - r1->exit_policy = NULL; - - /* XXXX+++ router_dump_to_string should really take this from ri. */ - options->ContactInfo = tor_strdup("Magri White " - "<magri@elsewhere.example.com>"); - - setup_mock_configured_ports(r1->ipv4_orport, r1->ipv4_dirport); - - buf = router_dump_router_to_string(r1, r1->identity_pkey, NULL, NULL, NULL); - tt_assert(buf); - - tor_free(options->ContactInfo); - cleanup_mock_configured_ports(); - - /* Synthesise a router descriptor, without the signature */ - chunks = smartlist_new(); - - smartlist_add(chunks, get_new_router_line(r1)); - smartlist_add_strdup(chunks, "or-address [1:2:3:4::]:9999\n"); - - smartlist_add(chunks, get_new_platform_line()); - smartlist_add(chunks, get_new_published_line(r1)); - smartlist_add(chunks, get_new_fingerprint_line(r1)); - - smartlist_add(chunks, get_new_uptime_line(0)); - smartlist_add(chunks, get_new_bandwidth_line(r1)); - - smartlist_add(chunks, get_new_onion_key_block(r1)); - smartlist_add(chunks, get_new_signing_key_block(r1)); - - smartlist_add_strdup(chunks, "hidden-service-dir\n"); - - smartlist_add_strdup(chunks, "contact Magri White " - "<magri@elsewhere.example.com>\n"); - - smartlist_add(chunks, get_new_bridge_distribution_request_line(options)); - smartlist_add(chunks, get_new_ntor_onion_key_line(&r1_onion_keypair.pubkey)); - smartlist_add_strdup(chunks, "reject *:*\n"); - smartlist_add_strdup(chunks, "tunnelled-dir-server\n"); - - smartlist_add_strdup(chunks, "router-signature\n"); - - size_t len_out = 0; - buf2 = smartlist_join_strings(chunks, "", 0, &len_out); - SMARTLIST_FOREACH(chunks, char *, s, tor_free(s)); - smartlist_free(chunks); - - tt_assert(len_out > 0); - - buf[strlen(buf2)] = '\0'; /* Don't compare the sig; it's never the same - * twice */ - - tt_str_op(buf,OP_EQ, buf2); - tor_free(buf); - - setup_mock_configured_ports(r1->ipv4_orport, r1->ipv4_dirport); - - buf = router_dump_router_to_string(r1, r1->identity_pkey, NULL, NULL, NULL); - tt_assert(buf); - - cleanup_mock_configured_ports(); - - /* Now, try to parse buf */ - cp = buf; - rp1 = router_parse_entry_from_string((const char*)cp,NULL,1,0,NULL,NULL); - - CHECK_ROUTERINFO_CONSISTENCY(r1, rp1); - - tt_assert(rp1->policy_is_reject_star); - - tor_free(buf); - routerinfo_free(rp1); - - /* Test extrainfo creation. - * We avoid calling router_build_fresh_unsigned_routerinfo(), because it's - * too complex. Instead, we re-use the manually-created routerinfos. - */ - - /* Set up standard mocks and data */ - setup_mocks_for_fresh_descriptor(r1, NULL); - - /* router_build_fresh_signed_extrainfo() passes the result of - * get_master_signing_key_cert() directly to tor_cert_dup(), which fails on - * NULL. But we want a NULL ei->cache_info.signing_key_cert to test the - * non-ed key path. - */ - MOCK(tor_cert_dup, mock_tor_cert_dup_null); - - /* Fake just enough of an ORPort and DirPort to get by */ - setup_mock_configured_ports(r1->ipv4_orport, r1->ipv4_dirport); - - /* Test some of the low-level static functions. */ - e1 = router_build_fresh_signed_extrainfo(r1); - tt_assert(e1); - router_update_routerinfo_from_extrainfo(r1, e1); - rv = router_dump_and_sign_routerinfo_descriptor_body(r1); - tt_assert(rv == 0); - msg = ""; - rv = routerinfo_incompatible_with_extrainfo(r1->identity_pkey, e1, - &r1->cache_info, &msg); - /* If they are incompatible, fail and show the msg string */ - tt_str_op(msg, OP_EQ, ""); - tt_assert(rv == 0); - - /* Now cleanup */ - cleanup_mocks_for_fresh_descriptor(); - - UNMOCK(tor_cert_dup); - - cleanup_mock_configured_ports(); - - CHECK_EXTRAINFO_CONSISTENCY(r1, e1); - - /* Test that the signed ri is parseable */ - tt_assert(r1->cache_info.signed_descriptor_body); - cp = r1->cache_info.signed_descriptor_body; - rp1 = router_parse_entry_from_string((const char*)cp,NULL,1,0,NULL,NULL); - - CHECK_ROUTERINFO_CONSISTENCY(r1, rp1); - - tt_assert(rp1->policy_is_reject_star); - - routerinfo_free(rp1); - - /* Test that the signed ei is parseable */ - tt_assert(e1->cache_info.signed_descriptor_body); - cp = e1->cache_info.signed_descriptor_body; - ep1 = extrainfo_parse_entry_from_string((const char*)cp,NULL,1,NULL,NULL); - - CHECK_EXTRAINFO_CONSISTENCY(r1, ep1); - - /* In future tests, we could check the actual extrainfo statistics. */ - - extrainfo_free(ep1); - - done: - dirserv_free_fingerprint_list(); - - tor_free(options->ContactInfo); - tor_free(options->Nickname); - - cleanup_mock_configured_ports(); - cleanup_mocks_for_fresh_descriptor(); - - if (chunks) { - SMARTLIST_FOREACH(chunks, char *, s, tor_free(s)); - smartlist_free(chunks); - } - - routerinfo_free(r1); - routerinfo_free(rp1); - - extrainfo_free(e1); - extrainfo_free(ep1); - - tor_free(rsa_cc); - - tor_free(buf); - tor_free(buf2); -} - /* Check that the exit policy in rp2 is as expected. */ #define CHECK_PARSED_EXIT_POLICY(rp2) \ STMT_BEGIN \ @@ -999,6 +797,8 @@ test_dir_formats_rsa_ed25519(void *arg) } smartlist_add(chunks, get_new_platform_line()); + smartlist_add_asprintf(chunks, + "proto %s\n", protover_get_supported_protocols()); smartlist_add(chunks, get_new_published_line(r2)); smartlist_add(chunks, get_new_fingerprint_line(r2)); @@ -1064,7 +864,9 @@ test_dir_formats_rsa_ed25519(void *arg) setup_mock_configured_ports(r2->ipv4_orport, 0); - buf = router_dump_router_to_string(r2, r2->identity_pkey, NULL, NULL, NULL); + buf = router_dump_router_to_string(r2, r2->identity_pkey, + r2_onion_pkey, + &r2_onion_keypair, &kp2); tt_assert(buf); cleanup_mock_configured_ports(); @@ -1217,14 +1019,12 @@ test_dir_routerinfo_parsing(void *arg) again = 999; \ ri = router_parse_entry_from_string((s), NULL, 0, 0, NULL, &again); \ tt_assert(ri == NULL); \ - tt_int_op(again, OP_EQ, (againval)); \ + tt_int_op(again, OP_EQ, (againval)); \ } while (0) CHECK_OK(EX_RI_MINIMAL); CHECK_OK(EX_RI_MAXIMAL); - CHECK_OK(EX_RI_MINIMAL_ED); - /* good annotations prepended */ routerinfo_free(ri); ri = router_parse_entry_from_string(EX_RI_MINIMAL, NULL, 0, 0, @@ -1259,14 +1059,13 @@ test_dir_routerinfo_parsing(void *arg) tt_ptr_op(ri, OP_EQ, NULL); CHECK_FAIL(EX_RI_BAD_SIG1, 1); - CHECK_FAIL(EX_RI_BAD_SIG2, 1); CHECK_FAIL(EX_RI_BAD_TOKENS, 0); CHECK_FAIL(EX_RI_BAD_PUBLISHED, 0); CHECK_FAIL(EX_RI_NEG_BANDWIDTH, 0); CHECK_FAIL(EX_RI_BAD_BANDWIDTH, 0); CHECK_FAIL(EX_RI_BAD_BANDWIDTH2, 0); - CHECK_FAIL(EX_RI_BAD_ONIONKEY1, 0); - CHECK_FAIL(EX_RI_BAD_ONIONKEY2, 0); + CHECK_FAIL(EX_RI_BAD_BANDWIDTH3, 0); + CHECK_FAIL(EX_RI_BAD_ONIONKEY, 0); CHECK_FAIL(EX_RI_BAD_PORTS, 0); CHECK_FAIL(EX_RI_BAD_IP, 0); CHECK_FAIL(EX_RI_BAD_DIRPORT, 0); @@ -1289,22 +1088,10 @@ test_dir_routerinfo_parsing(void *arg) CHECK_FAIL(EX_RI_ED_BAD_SIG1, 0); CHECK_FAIL(EX_RI_ED_BAD_SIG2, 0); CHECK_FAIL(EX_RI_ED_BAD_SIG3, 0); - CHECK_FAIL(EX_RI_ED_BAD_SIG4, 0); CHECK_FAIL(EX_RI_ED_BAD_CROSSCERT1, 0); - CHECK_FAIL(EX_RI_ED_BAD_CROSSCERT3, 0); - CHECK_FAIL(EX_RI_ED_BAD_CROSSCERT4, 0); - CHECK_FAIL(EX_RI_ED_BAD_CROSSCERT5, 0); - CHECK_FAIL(EX_RI_ED_BAD_CROSSCERT6, 0); - CHECK_FAIL(EX_RI_ED_BAD_CROSSCERT7, 0); CHECK_FAIL(EX_RI_ED_MISPLACED1, 0); CHECK_FAIL(EX_RI_ED_MISPLACED2, 0); CHECK_FAIL(EX_RI_ED_BAD_CERT1, 0); - CHECK_FAIL(EX_RI_ED_BAD_CERT2, 0); - CHECK_FAIL(EX_RI_ED_BAD_CERT3, 0); - - /* This is allowed; we just ignore it. */ - CHECK_OK(EX_RI_BAD_EI_DIGEST); - CHECK_OK(EX_RI_BAD_EI_DIGEST2); #undef CHECK_FAIL #undef CHECK_OK @@ -1360,14 +1147,10 @@ test_dir_extrainfo_parsing(void *arg) tt_assert(ei->pending_sig); CHECK_OK(EX_EI_MAXIMAL); tt_assert(ei->pending_sig); - CHECK_OK(EX_EI_GOOD_ED_EI); - tt_assert(ei->pending_sig); map = (struct digest_ri_map_t *)digestmap_new(); ADD(EX_EI_MINIMAL); ADD(EX_EI_MAXIMAL); - ADD(EX_EI_GOOD_ED_EI); - ADD(EX_EI_BAD_FP); ADD(EX_EI_BAD_NICKNAME); ADD(EX_EI_BAD_TOKENS); ADD(EX_EI_BAD_START); @@ -1377,8 +1160,6 @@ test_dir_extrainfo_parsing(void *arg) ADD(EX_EI_ED_MISSING_CERT); ADD(EX_EI_ED_BAD_CERT1); ADD(EX_EI_ED_BAD_CERT2); - ADD(EX_EI_ED_BAD_SIG1); - ADD(EX_EI_ED_BAD_SIG2); ADD(EX_EI_ED_MISPLACED_CERT); ADD(EX_EI_ED_MISPLACED_SIG); @@ -1386,13 +1167,9 @@ test_dir_extrainfo_parsing(void *arg) tt_ptr_op(ei->pending_sig, OP_EQ, NULL); CHECK_OK(EX_EI_MAXIMAL); tt_ptr_op(ei->pending_sig, OP_EQ, NULL); - CHECK_OK(EX_EI_GOOD_ED_EI); - tt_ptr_op(ei->pending_sig, OP_EQ, NULL); CHECK_FAIL(EX_EI_BAD_SIG1,1); - CHECK_FAIL(EX_EI_BAD_SIG2,1); - CHECK_FAIL(EX_EI_BAD_SIG3,1); - CHECK_FAIL(EX_EI_BAD_FP,0); + CHECK_FAIL(EX_EI_BAD_SIG2,0); CHECK_FAIL(EX_EI_BAD_NICKNAME,0); CHECK_FAIL(EX_EI_BAD_TOKENS,0); CHECK_FAIL(EX_EI_BAD_START,0); @@ -1402,8 +1179,6 @@ test_dir_extrainfo_parsing(void *arg) CHECK_FAIL(EX_EI_ED_MISSING_CERT,0); CHECK_FAIL(EX_EI_ED_BAD_CERT1,0); CHECK_FAIL(EX_EI_ED_BAD_CERT2,0); - CHECK_FAIL(EX_EI_ED_BAD_SIG1,0); - CHECK_FAIL(EX_EI_ED_BAD_SIG2,0); CHECK_FAIL(EX_EI_ED_MISPLACED_CERT,0); CHECK_FAIL(EX_EI_ED_MISPLACED_SIG,0); @@ -1460,11 +1235,14 @@ test_dir_parse_router_list(void *arg) tt_mem_op(r->cache_info.signed_descriptor_body, OP_EQ, EX_RI_MAXIMAL, strlen(EX_RI_MAXIMAL)); + setup_ei_digests(); + tt_int_op(2, OP_EQ, smartlist_len(invalid)); + test_memeq_hex(smartlist_get(invalid, 0), - "ab9eeaa95e7d45740185b4e519c76ead756277a9"); + "10F951AF93AED0D3BC7FA5FFA232EB8C17747ACE"); test_memeq_hex(smartlist_get(invalid, 1), - "9a651ee03b64325959e8f1b46f2b689b30750b4c"); + "41D8723CDD4B1AADCCE538C28CDE7F69828C73D0"); /* Now tidy up */ SMARTLIST_FOREACH(dest, routerinfo_t *, rinfo, routerinfo_free(rinfo)); @@ -1479,6 +1257,7 @@ test_dir_parse_router_list(void *arg) ADD(EX_EI_MAXIMAL); ADD(EX_EI_BAD_NICKNAME); ADD(EX_EI_BAD_PUBLISHED); + ADD(EX_EI_BAD_SIG2); cp = list; tt_int_op(0,OP_EQ, router_parse_list_from_string(&cp, NULL, dest, SAVED_NOWHERE, @@ -1491,11 +1270,16 @@ test_dir_parse_router_list(void *arg) tt_mem_op(e->cache_info.signed_descriptor_body, OP_EQ, EX_EI_MINIMAL, strlen(EX_EI_MINIMAL)); - tt_int_op(2, OP_EQ, smartlist_len(invalid)); - test_memeq_hex(smartlist_get(invalid, 0), - "d5df4aa62ee9ffc9543d41150c9864908e0390af"); - test_memeq_hex(smartlist_get(invalid, 1), - "f61efd2a7f4531f3687a9043e0de90a862ec64ba"); + tt_int_op(3, OP_EQ, smartlist_len(invalid)); + tt_mem_op(smartlist_get(invalid, 0), + OP_EQ, + digest_ei_bad_sig2, DIGEST_LEN); + tt_mem_op(smartlist_get(invalid, 1), + OP_EQ, + digest_ei_bad_nickname, DIGEST_LEN); + tt_mem_op(smartlist_get(invalid, 2), + OP_EQ, + digest_ei_bad_published, DIGEST_LEN); done: tor_free(list); @@ -1522,10 +1306,34 @@ test_dir_parse_router_list(void *arg) static download_status_t dls_minimal; static download_status_t dls_maximal; static download_status_t dls_bad_fingerprint; -static download_status_t dls_bad_sig2; +static download_status_t dls_bad_sig1; static download_status_t dls_bad_ports; static download_status_t dls_bad_tokens; +static uint8_t digest_minimal[20]; +static uint8_t digest_maximal[20]; +static uint8_t digest_bad_fingerprint[20]; +static uint8_t digest_bad_sig1[20]; +static uint8_t digest_bad_ports[20]; +static uint8_t digest_bad_tokens[20]; + +static void +setup_dls_digests(void) +{ +#define SETUP(string, name) \ + do { \ + router_get_router_hash(string, strlen(string), (char*)digest_##name); \ + } while (0) + + SETUP(EX_RI_MINIMAL, minimal); + SETUP(EX_RI_MAXIMAL, maximal); + SETUP(EX_RI_BAD_FINGERPRINT, bad_fingerprint); + SETUP(EX_RI_BAD_SIG1, bad_sig1); + SETUP(EX_RI_BAD_PORTS, bad_ports); + SETUP(EX_RI_BAD_TOKENS, bad_tokens); +#undef SETUP +} + static int mock_router_get_dl_status_unrecognized = 0; static int mock_router_get_dl_status_calls = 0; @@ -1533,24 +1341,22 @@ static download_status_t * mock_router_get_dl_status(const char *d) { ++mock_router_get_dl_status_calls; - char hex[HEX_DIGEST_LEN+1]; - base16_encode(hex, sizeof(hex), d, DIGEST_LEN); - if (!strcmp(hex, "3E31D19A69EB719C00B02EC60D13356E3F7A3452")) { - return &dls_minimal; - } else if (!strcmp(hex, "581D8A368A0FA854ECDBFAB841D88B3F1B004038")) { - return &dls_maximal; - } else if (!strcmp(hex, "2578AE227C6116CDE29B3F0E95709B9872DEE5F1")) { - return &dls_bad_fingerprint; - } else if (!strcmp(hex, "16D387D3A58F7DB3CF46638F8D0B90C45C7D769C")) { - return &dls_bad_sig2; - } else if (!strcmp(hex, "AB9EEAA95E7D45740185B4E519C76EAD756277A9")) { - return &dls_bad_ports; - } else if (!strcmp(hex, "A0CC2CEFAD59DBF19F468BFEE60E0868C804B422")) { - return &dls_bad_tokens; - } else { - ++mock_router_get_dl_status_unrecognized; - return NULL; - } +#define CHECK(name) \ + do { \ + if (fast_memeq(d, digest_##name, DIGEST_LEN)) \ + return &dls_##name; \ + } while (0) + + CHECK(minimal); + CHECK(maximal); + CHECK(bad_fingerprint); + CHECK(bad_sig1); + CHECK(bad_ports); + CHECK(bad_tokens); + + ++mock_router_get_dl_status_unrecognized; + return NULL; +#undef CHECK } static void @@ -1569,13 +1375,15 @@ test_dir_load_routers(void *arg) smartlist_add_strdup(wanted, hex_str(buf, DIGEST_LEN)); \ } while (0) + setup_dls_digests(); + MOCK(router_get_dl_status_by_descriptor_digest, mock_router_get_dl_status); update_approx_time(1412510400); smartlist_add_strdup(chunks, EX_RI_MINIMAL); smartlist_add_strdup(chunks, EX_RI_BAD_FINGERPRINT); - smartlist_add_strdup(chunks, EX_RI_BAD_SIG2); + smartlist_add_strdup(chunks, EX_RI_BAD_SIG1); smartlist_add_strdup(chunks, EX_RI_MAXIMAL); smartlist_add_strdup(chunks, EX_RI_BAD_PORTS); smartlist_add_strdup(chunks, EX_RI_BAD_TOKENS); @@ -1583,7 +1391,7 @@ test_dir_load_routers(void *arg) /* not ADDing MINIMIAL */ ADD(EX_RI_MAXIMAL); ADD(EX_RI_BAD_FINGERPRINT); - ADD(EX_RI_BAD_SIG2); + ADD(EX_RI_BAD_SIG1); /* Not ADDing BAD_PORTS */ ADD(EX_RI_BAD_TOKENS); @@ -1597,7 +1405,7 @@ test_dir_load_routers(void *arg) tt_int_op(smartlist_len(router_get_routerlist()->routers),OP_EQ,1); routerinfo_t *r = smartlist_get(router_get_routerlist()->routers, 0); test_memeq_hex(r->cache_info.signed_descriptor_digest, - "581D8A368A0FA854ECDBFAB841D88B3F1B004038"); + "1F437798ACD1FC9CBD1C3C04DBF80F7E9F819C3F"); tt_int_op(dls_minimal.n_download_failures, OP_EQ, 0); tt_int_op(dls_maximal.n_download_failures, OP_EQ, 0); @@ -1610,13 +1418,12 @@ test_dir_load_routers(void *arg) /* bad_sig2 and bad ports" are retriable -- one since only the signature * was bad, and one because we didn't ask for it. */ - tt_int_op(dls_bad_sig2.n_download_failures, OP_EQ, 0); + tt_int_op(dls_bad_sig1.n_download_failures, OP_EQ, 0); tt_int_op(dls_bad_ports.n_download_failures, OP_EQ, 0); - /* Wanted still contains "BAD_SIG2" */ tt_int_op(smartlist_len(wanted), OP_EQ, 1); tt_str_op(smartlist_get(wanted, 0), OP_EQ, - "E0A3753CEFD54128EAB239F294954121DB23D2EF"); + "3BB7D03C1C4DBC1DDE840096FF3C330914757B77"); #undef ADD @@ -1639,38 +1446,51 @@ static signed_descriptor_t sd_ei_maximal; static signed_descriptor_t sd_ei_bad_tokens; static signed_descriptor_t sd_ei_bad_sig2; +static void +setup_ei_digests(void) +{ +#define SETUP(string, name) \ + do { \ + router_get_extrainfo_hash(string, strlen(string), \ + (char*)digest_ei_##name); \ + } while (0) + + SETUP(EX_EI_MINIMAL, minimal); + SETUP(EX_EI_MAXIMAL, maximal); + SETUP(EX_EI_BAD_NICKNAME, bad_nickname); + SETUP(EX_EI_BAD_TOKENS, bad_tokens); + SETUP(EX_EI_BAD_SIG2, bad_sig2); + SETUP(EX_EI_BAD_PUBLISHED, bad_published); + +#undef SETUP +} + static signed_descriptor_t * mock_get_by_ei_desc_digest(const char *d) { - ++mock_get_by_ei_dd_calls; - char hex[HEX_DIGEST_LEN+1]; - base16_encode(hex, sizeof(hex), d, DIGEST_LEN); - - if (!strcmp(hex, "11E0EDF526950739F7769810FCACAB8C882FAEEE")) { - return &sd_ei_minimal; - } else if (!strcmp(hex, "47803B02A0E70E9E8BDA226CB1D74DE354D67DFF")) { - return &sd_ei_maximal; - } else if (!strcmp(hex, "D5DF4AA62EE9FFC9543D41150C9864908E0390AF")) { - return &sd_ei_bad_nickname; - } else if (!strcmp(hex, "16D387D3A58F7DB3CF46638F8D0B90C45C7D769C")) { - return &sd_ei_bad_sig2; - } else if (!strcmp(hex, "9D90F8C42955BBC57D54FB05E54A3F083AF42E8B")) { - return &sd_ei_bad_tokens; - } else { - ++mock_get_by_ei_dd_unrecognized; - return NULL; - } +#define CHECK(name) \ + do { \ + if (fast_memeq(d, digest_ei_##name, DIGEST_LEN)) \ + return &sd_ei_##name; \ + } while (0) + + CHECK(minimal); + CHECK(maximal); + CHECK(bad_nickname); + CHECK(bad_sig2); + CHECK(bad_tokens); + ++mock_get_by_ei_dd_unrecognized; + return NULL; +#undef CHECK } static signed_descriptor_t * mock_ei_get_by_ei_digest(const char *d) { - char hex[HEX_DIGEST_LEN+1]; - base16_encode(hex, sizeof(hex), d, DIGEST_LEN); signed_descriptor_t *sd = &sd_ei_minimal; - if (!strcmp(hex, "11E0EDF526950739F7769810FCACAB8C882FAEEE")) { + if (fast_memeq(d, digest_ei_minimal, DIGEST_LEN)) { sd->signed_descriptor_body = (char *)EX_EI_MINIMAL; sd->signed_descriptor_len = sizeof(EX_EI_MINIMAL); sd->annotations_len = 0; @@ -1706,6 +1526,7 @@ test_dir_load_extrainfo(void *arg) smartlist_add_strdup(wanted, hex_str(buf, DIGEST_LEN)); \ } while (0) + setup_ei_digests(); mock_ei_insert_list = smartlist_new(); MOCK(router_get_by_extrainfo_digest, mock_get_by_ei_desc_digest); MOCK(extrainfo_insert, mock_ei_insert); @@ -1732,12 +1553,12 @@ test_dir_load_extrainfo(void *arg) tt_int_op(smartlist_len(mock_ei_insert_list),OP_EQ,2); extrainfo_t *e = smartlist_get(mock_ei_insert_list, 0); - test_memeq_hex(e->cache_info.signed_descriptor_digest, - "11E0EDF526950739F7769810FCACAB8C882FAEEE"); + tt_mem_op(e->cache_info.signed_descriptor_digest, OP_EQ, + digest_ei_minimal, DIGEST_LEN); e = smartlist_get(mock_ei_insert_list, 1); - test_memeq_hex(e->cache_info.signed_descriptor_digest, - "47803B02A0E70E9E8BDA226CB1D74DE354D67DFF"); + tt_mem_op(e->cache_info.signed_descriptor_digest, OP_EQ, + digest_ei_maximal, DIGEST_LEN); tt_int_op(dls_minimal.n_download_failures, OP_EQ, 0); tt_int_op(dls_maximal.n_download_failures, OP_EQ, 0); @@ -1753,8 +1574,11 @@ test_dir_load_extrainfo(void *arg) /* Wanted still contains "BAD_SIG2" */ tt_int_op(smartlist_len(wanted), OP_EQ, 1); - tt_str_op(smartlist_get(wanted, 0), OP_EQ, - "16D387D3A58F7DB3CF46638F8D0B90C45C7D769C"); + const char *got_wanted =smartlist_get(wanted, 0); + tt_int_op(strlen(got_wanted), OP_EQ, HEX_DIGEST_LEN); + char d[DIGEST_LEN]; + base16_decode(d, DIGEST_LEN, got_wanted, strlen(got_wanted)); + tt_mem_op(d, OP_EQ, digest_ei_bad_sig2, DIGEST_LEN); #undef ADD @@ -1774,12 +1598,17 @@ test_dir_getinfo_extra(void *arg) int r; char *answer = NULL; const char *errmsg = NULL; - + char buf[128]; + char hexdigest[HEX_DIGEST_LEN+1]; (void)arg; + + setup_ei_digests(); + base16_encode(hexdigest, sizeof(hexdigest), + (const char*)digest_ei_minimal, DIGEST_LEN); + tor_snprintf(buf, sizeof(buf), "extra-info/digest/%s", hexdigest); + MOCK(extrainfo_get_by_descriptor_digest, mock_ei_get_by_ei_digest); - r = getinfo_helper_dir(NULL, "extra-info/digest/" - "11E0EDF526950739F7769810FCACAB8C882FAEEE", &answer, - &errmsg); + r = getinfo_helper_dir(NULL, buf, &answer, &errmsg); tt_int_op(0, OP_EQ, r); tt_ptr_op(NULL, OP_EQ, errmsg); tt_str_op(answer, OP_EQ, EX_EI_MINIMAL); @@ -4157,6 +3986,7 @@ gen_routerstatus_for_umbw(int idx, time_t now) vrs->has_measured_bw = 1; rs->has_bandwidth = 1; vrs->measured_bw_kb = rs->bandwidth_kb = max_unmeasured_bw_kb / 2; + vrs->protocols = tor_strdup("Link=2 Wombat=40"); break; case 1: /* Generate the second routerstatus. */ @@ -4183,6 +4013,7 @@ gen_routerstatus_for_umbw(int idx, time_t now) vrs->has_measured_bw = 1; rs->has_bandwidth = 1; vrs->measured_bw_kb = rs->bandwidth_kb = 2 * max_unmeasured_bw_kb; + vrs->protocols = tor_strdup("Link=2 Wombat=40"); break; case 2: /* Generate the third routerstatus. */ @@ -4208,6 +4039,7 @@ gen_routerstatus_for_umbw(int idx, time_t now) rs->has_bandwidth = 1; vrs->measured_bw_kb = 0; rs->bandwidth_kb = 2 * max_unmeasured_bw_kb; + vrs->protocols = tor_strdup("Link=2 Wombat=40"); break; case 3: /* Generate a fourth routerstatus that is not running. */ @@ -4233,6 +4065,7 @@ gen_routerstatus_for_umbw(int idx, time_t now) rs->has_bandwidth = 1; vrs->measured_bw_kb = 0; rs->bandwidth_kb = max_unmeasured_bw_kb / 2; + vrs->protocols = tor_strdup("Link=2 Wombat=40"); break; case 4: /* No more for this test; return NULL */ @@ -6906,7 +6739,8 @@ test_dir_matching_flags(void *arg) "r example hereiswhereyouridentitygoes 2015-08-30 12:00:00 " "192.168.0.1 9001 0\n" "m thisoneislongerbecauseitisa256bitmddigest33\n" - "s\n"; + "s\n" + "pr Link=4\n"; const char *cp = ex_noflags; rs_noflags = routerstatus_parse_entry_from_string( area, &cp, @@ -6920,6 +6754,7 @@ test_dir_matching_flags(void *arg) "r example hereiswhereyouridentitygoes 2015-08-30 12:00:00 " \ "192.168.0.1 9001 0\n" \ "m thisoneislongerbecauseitisa256bitmddigest33\n" \ + "pr Link=4\n" \ "s %s\n", string); \ cp = s; \ rs = routerstatus_parse_entry_from_string( \ @@ -6977,7 +6812,8 @@ test_dir_assumed_flags(void *arg) "r example hereiswhereyouridentitygoes 2015-08-30 12:00:00 " "192.168.0.1 9001 0\n" "m thisoneislongerbecauseitisa256bitmddigest33\n" - "s Fast Guard Stable\n"; + "s Fast Guard Stable\n" + "pr Link=4\n"; const char *eos = str1 + strlen(str1); const char *cp = str1; @@ -7439,20 +7275,14 @@ test_dir_dirserv_add_own_fingerprint(void *arg) struct testcase_t dir_tests[] = { DIR_LEGACY(nicknames), /* extrainfo without any stats */ - DIR_ARG(formats_rsa, TT_FORK, ""), DIR_ARG(formats_rsa_ed25519, TT_FORK, ""), /* on a bridge */ - DIR_ARG(formats_rsa, TT_FORK, "b"), DIR_ARG(formats_rsa_ed25519, TT_FORK, "b"), /* extrainfo with basic stats */ - DIR_ARG(formats_rsa, TT_FORK, "e"), DIR_ARG(formats_rsa_ed25519, TT_FORK, "e"), - DIR_ARG(formats_rsa, TT_FORK, "be"), DIR_ARG(formats_rsa_ed25519, TT_FORK, "be"), /* extrainfo with all stats */ - DIR_ARG(formats_rsa, TT_FORK, "es"), DIR_ARG(formats_rsa_ed25519, TT_FORK, "es"), - DIR_ARG(formats_rsa, TT_FORK, "bes"), DIR_ARG(formats_rsa_ed25519, TT_FORK, "bes"), DIR(routerinfo_parsing, 0), DIR(extrainfo_parsing, 0), diff --git a/src/test/test_dir_common.c b/src/test/test_dir_common.c index 6eb4fb6d43..77e3851183 100644 --- a/src/test/test_dir_common.c +++ b/src/test/test_dir_common.c @@ -104,6 +104,7 @@ dir_common_gen_routerstatus_for_v3ns(int idx, time_t now) rs->is_flagged_running = 1; rs->is_v2_dir = 1; rs->is_valid = 1; /* xxxxx */ + vrs->protocols = tor_strdup("Link=7 HSDir=3"); break; case 1: /* Generate the second routerstatus. */ @@ -122,6 +123,7 @@ dir_common_gen_routerstatus_for_v3ns(int idx, time_t now) rs->ipv6_orport = 4711; rs->is_exit = rs->is_stable = rs->is_fast = rs->is_flagged_running = rs->is_valid = rs->is_possible_guard = rs->is_v2_dir = 1; + vrs->protocols = tor_strdup("Link=3,4 HSDir=2,3"); break; case 2: /* Generate the third routerstatus. */ @@ -138,6 +140,7 @@ dir_common_gen_routerstatus_for_v3ns(int idx, time_t now) rs->is_authority = rs->is_exit = rs->is_stable = rs->is_fast = rs->is_flagged_running = rs->is_valid = rs->is_v2_dir = rs->is_possible_guard = 1; + vrs->protocols = tor_strdup("Link=3,4 HSDir=2,3"); break; case 3: /* Generate a fourth routerstatus that is not running. */ @@ -152,6 +155,7 @@ dir_common_gen_routerstatus_for_v3ns(int idx, time_t now) rs->ipv4_orport = 500; rs->ipv4_dirport = 1999; rs->is_v2_dir = 1; + vrs->protocols = tor_strdup("Link=3,4 HSDir=3"); /* Running flag (and others) cleared */ break; case 4: diff --git a/src/test/test_dir_handle_get.c b/src/test/test_dir_handle_get.c index f446bbb5eb..53c81b8599 100644 --- a/src/test/test_dir_handle_get.c +++ b/src/test/test_dir_handle_get.c @@ -31,6 +31,7 @@ #include "feature/nodelist/nodelist.h" #include "feature/client/entrynodes.h" #include "feature/dirparse/authcert_parse.h" +#include "feature/dirparse/sigcommon.h" #include "feature/nodelist/networkstatus.h" #include "core/proto/proto_http.h" #include "lib/geoip/geoip.h" @@ -73,6 +74,23 @@ ENABLE_GCC_WARNING("-Woverlength-strings") #define consdiffmgr_add_consensus consdiffmgr_add_consensus_nulterm +static int +mock_ignore_signature_token(const char *digest, + ssize_t digest_len, + struct directory_token_t *tok, + crypto_pk_t *pkey, + int flags, + const char *doctype) +{ + (void)digest; + (void)digest_len; + (void)tok; + (void)pkey; + (void)flags; + (void)doctype; + return 0; +} + static dir_connection_t * new_dir_conn(void) { @@ -500,7 +518,8 @@ static const char microdesc[] = "MIGJAoGBAMjlHH/daN43cSVRaHBwgUfnszzAhg98EvivJ9Qxfv51mvQUxPjQ07es\n" "gV/3n8fyh3Kqr/ehi9jxkdgSRfSnmF7giaHL1SLZ29kA7KtST+pBvmTpDtHa3ykX\n" "Xorc7hJvIyTZoc1HU+5XSynj3gsBE5IGK1ZRzrNS688LnuZMVp1tAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n"; + "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key QlrOXAa8j3LD31LESsPm/lIKFBwevk2oXdqJcd9SEUc=\n"; static void test_dir_handle_get_micro_d(void *data) @@ -1976,7 +1995,8 @@ test_dir_handle_get_status_vote_current_not_found(void* data) tor_free(header); } -#define VOTE_DIGEST "312A4890D4D832597ABBD3089C782DBBFB81E48D" +/* What vote do we ask for, to get the vote in vote_descriptors.inc ? */ +#define VOTE_DIGEST "78400095d8e834d87135cfc46235c909f0e99911" static void status_vote_current_d_test(char **header, char **body, size_t *body_l) @@ -2058,6 +2078,7 @@ test_dir_handle_get_status_vote_d(void* data) const char digest[DIGEST_LEN] = ""; (void) data; + MOCK(check_signature_token, mock_ignore_signature_token); clear_dir_servers(); dirvote_free_all(); @@ -2094,7 +2115,7 @@ test_dir_handle_get_status_vote_d(void* data) tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header); tt_assert(strstr(header, "Content-Type: text/plain\r\n")); tt_assert(strstr(header, "Content-Encoding: identity\r\n")); - tt_assert(strstr(header, "Content-Length: 4135\r\n")); + tt_assert(strstr(header, "Content-Length: 4403\r\n")); tt_str_op(VOTE_BODY_V3, OP_EQ, body); @@ -2107,11 +2128,12 @@ test_dir_handle_get_status_vote_d(void* data) tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header); tt_assert(strstr(header, "Content-Type: text/plain\r\n")); tt_assert(strstr(header, "Content-Encoding: identity\r\n")); - tt_assert(strstr(header, "Content-Length: 4135\r\n")); + tt_assert(strstr(header, "Content-Length: 4403\r\n")); tt_str_op(VOTE_BODY_V3, OP_EQ, body); done: + UNMOCK(check_signature_token); tor_free(header); tor_free(body); or_options_free(mock_options); mock_options = NULL; @@ -2188,6 +2210,7 @@ test_dir_handle_get_status_vote_current_authority_not_found(void* data) (void) data; MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock); + MOCK(check_signature_token, mock_ignore_signature_token); conn = new_dir_conn(); tt_int_op(0, OP_EQ, directory_handle_command_get(conn, @@ -2199,6 +2222,7 @@ test_dir_handle_get_status_vote_current_authority_not_found(void* data) tt_str_op(NOT_FOUND, OP_EQ, header); done: + UNMOCK(check_signature_token); UNMOCK(connection_write_to_buf_impl_); connection_free_minimal(TO_CONN(conn)); tor_free(header); @@ -2212,6 +2236,7 @@ test_dir_handle_get_status_vote_next_authority_not_found(void* data) (void) data; MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock); + MOCK(check_signature_token, mock_ignore_signature_token); conn = new_dir_conn(); tt_int_op(0, OP_EQ, directory_handle_command_get(conn, @@ -2223,6 +2248,7 @@ test_dir_handle_get_status_vote_next_authority_not_found(void* data) tt_str_op(NOT_FOUND, OP_EQ, header); done: + UNMOCK(check_signature_token); UNMOCK(connection_write_to_buf_impl_); connection_free_minimal(TO_CONN(conn)); tor_free(header); @@ -2236,7 +2262,7 @@ test_dir_handle_get_status_vote_next_bandwidth_not_found(void* data) (void) data; MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock); - + MOCK(check_signature_token, mock_ignore_signature_token); conn = new_dir_conn(); tt_int_op(0, OP_EQ, directory_handle_command_get(conn, @@ -2248,6 +2274,7 @@ test_dir_handle_get_status_vote_next_bandwidth_not_found(void* data) tt_str_op(NOT_FOUND, OP_EQ, header); done: + UNMOCK(check_signature_token); UNMOCK(connection_write_to_buf_impl_); connection_free_minimal(TO_CONN(conn)); tor_free(header); @@ -2428,6 +2455,7 @@ test_dir_handle_get_status_vote_next_authority(void* data) const char digest[DIGEST_LEN] = ""; (void) data; + MOCK(check_signature_token, mock_ignore_signature_token); clear_dir_servers(); routerlist_free_all(); dirvote_free_all(); @@ -2477,11 +2505,12 @@ test_dir_handle_get_status_vote_next_authority(void* data) tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header); tt_assert(strstr(header, "Content-Type: text/plain\r\n")); tt_assert(strstr(header, "Content-Encoding: identity\r\n")); - tt_assert(strstr(header, "Content-Length: 4135\r\n")); + tt_assert(strstr(header, "Content-Length: 4403\r\n")); tt_str_op(VOTE_BODY_V3, OP_EQ, body); done: + UNMOCK(check_signature_token); UNMOCK(connection_write_to_buf_impl_); UNMOCK(get_my_v3_authority_cert); connection_free_minimal(TO_CONN(conn)); @@ -2587,6 +2616,7 @@ test_dir_handle_get_status_vote_current_authority(void* data) dir_server_t *ds = NULL; (void) data; + MOCK(check_signature_token, mock_ignore_signature_token); clear_dir_servers(); routerlist_free_all(); dirvote_free_all(); @@ -2640,11 +2670,12 @@ test_dir_handle_get_status_vote_current_authority(void* data) tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header); tt_assert(strstr(header, "Content-Type: text/plain\r\n")); tt_assert(strstr(header, "Content-Encoding: identity\r\n")); - tt_assert(strstr(header, "Content-Length: 4135\r\n")); + tt_assert(strstr(header, "Content-Length: 4403\r\n")); tt_str_op(VOTE_BODY_V3, OP_EQ, body); done: + UNMOCK(check_signature_token); UNMOCK(connection_write_to_buf_impl_); UNMOCK(get_my_v3_authority_cert); connection_free_minimal(TO_CONN(conn)); @@ -2672,6 +2703,7 @@ test_dir_handle_get_status_vote_too_late(void* data) dir_server_t *ds = NULL; const char* mode = (const char *)data; + MOCK(check_signature_token, mock_ignore_signature_token); clear_dir_servers(); routerlist_free_all(); dirvote_free_all(); @@ -2817,11 +2849,12 @@ test_dir_handle_get_status_vote_too_late(void* data) tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header); tt_assert(strstr(header, "Content-Type: text/plain\r\n")); tt_assert(strstr(header, "Content-Encoding: identity\r\n")); - tt_assert(strstr(header, "Content-Length: 4135\r\n")); + tt_assert(strstr(header, "Content-Length: 4403\r\n")); tt_str_op(VOTE_BODY_V3, OP_EQ, body); done: + UNMOCK(check_signature_token); UNMOCK(connection_write_to_buf_impl_); UNMOCK(get_my_v3_authority_cert); connection_free_minimal(TO_CONN(conn)); diff --git a/src/test/test_metrics.c b/src/test/test_metrics.c index 26e84a5798..1c645813a4 100644 --- a/src/test/test_metrics.c +++ b/src/test/test_metrics.c @@ -80,6 +80,7 @@ test_config(void *arg) SMARTLIST_FOREACH(ports, port_cfg_t *, c, port_cfg_free(c)); smartlist_free(ports); or_options_free(options); + tor_free(err_msg); } static char _c_buf[256]; diff --git a/src/test/test_microdesc.c b/src/test/test_microdesc.c index f89025aa6c..6bd1f56859 100644 --- a/src/test/test_microdesc.c +++ b/src/test/test_microdesc.c @@ -40,7 +40,8 @@ static const char test_md1[] = "MIGJAoGBAMjlHH/daN43cSVRaHBwgUfnszzAhg98EvivJ9Qxfv51mvQUxPjQ07es\n" "gV/3n8fyh3Kqr/ehi9jxkdgSRfSnmF7giaHL1SLZ29kA7KtST+pBvmTpDtHa3ykX\n" "Xorc7hJvIyTZoc1HU+5XSynj3gsBE5IGK1ZRzrNS688LnuZMVp1tAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n"; + "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key AppBt6CSeb1kKid/36ototmFA24ddfW5JpjWPLuoJgs=\n"; static const char test_md2[] = "onion-key\n" @@ -48,7 +49,8 @@ static const char test_md2[] = "MIGJAoGBAMIixIowh2DyPmDNMDwBX2DHcYcqdcH1zdIQJZkyV6c6rQHnvbcaDoSg\n" "jgFSLJKpnGmh71FVRqep+yVB0zI1JY43kuEnXry2HbZCD9UDo3d3n7t015X5S7ON\n" "bSSYtQGPwOr6Epf96IF6DoQxy4iDnPUAlejuhAG51s1y6/rZQ3zxAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n"; + "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key AppBt6CSeb1kKid/36ototmFA24ddfW5JpjWPLuoJgs=\n"; static const char test_md3[] = "@last-listed 2009-06-22\n" @@ -58,6 +60,7 @@ static const char test_md3[] = "qj2fRZzfxlc88G/tmiaHshmdtEpklZ740OFqaaJVj4LjPMKFNE+J7Xc1142BE9Ci\n" "KgsbjGYe2RY261aADRWLetJ8T9QDMm+JngL4288hc8pq1uB/3TAbAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key AppBt6CSeb1kKid/36ototmFA24ddfW5JpjWPLuoJgs=\n" "p accept 1-700,800-1000\n" "family nodeX nodeY nodeZ\n"; @@ -309,140 +312,94 @@ test_md_cache_broken(void *data) /* Generated by chutney. */ static const char test_ri[] = "router test005r 127.0.0.1 5005 0 7005\n" - "platform Tor 0.2.5.4-alpha-dev on Linux\n" - "protocols Link 1 2 Circuit 1\n" - "published 2014-05-06 22:57:55\n" - "fingerprint 09DE 3BA2 48C2 1C3F 3760 6CD3 8460 43A6 D5EC F59E\n" - "uptime 0\n" - "bandwidth 1073741824 1073741824 0\n" - "extra-info-digest 361F9428F9FA4DD854C03DDBCC159D0D9FA996C9\n" - "onion-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBANBJz8Vldl12aFeSMPLiA4nOetLDN0oxU8bB1SDhO7Uu2zdWYVYAF5J0\n" - "st7WvrVy/jA9v/fsezNAPskBanecHRSkdMTpkcgRPMHE7CTGEwIy1Yp1X4bPgDlC\n" - "VCnbs5Pcts5HnWEYNK7qHDAUn+IlmjOO+pTUY8uyq+GQVz6H9wFlAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "signing-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBANbGUC4802Ke6C3nOVxN0U0HhIRrs32cQFEL4v+UUMJPgjbistHBvOax\n" - "CWVR/sMXM2kKJeGThJ9ZUs2p9dDG4WHPUXgkMqzTTEeeFa7pQKU0brgbmLaJq0Pi\n" - "mxmqC5RkTHa5bQvq6QlSFprAEoovV27cWqBM9jVdV9hyc//6kwPzAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "hidden-service-dir\n" - "ntor-onion-key Gg73xH7+kTfT6bi1uNVx9gwQdQas9pROIfmc4NpAdC4=\n" - "reject *:25\n" - "reject *:119\n" - "reject *:135-139\n" - "reject *:445\n" - "reject *:563\n" - "reject *:1214\n" - "reject *:4661-4666\n" - "reject *:6346-6429\n" - "reject *:6699\n" - "reject *:6881-6999\n" - "accept *:*\n" - "router-signature\n" - "-----BEGIN SIGNATURE-----\n" - "ImzX5PF2vRCrG1YzGToyjoxYhgh1vtHEDjmP+tIS/iil1DSnHZNpHSuHp0L1jE9S\n" - "yZyrtKaqpBE/aecAM3j4CWCn/ipnAAQkHcyRLin1bYvqBtRzyopVCRlUhF+uWrLq\n" - "t0xkIE39ss/EwmQr7iIgkdVH4oRIMsjYnFFJBG26nYY=\n" - "-----END SIGNATURE-----\n"; - -static const char test_ri2[] = - "router test001a 127.0.0.1 5001 0 7001\n" "identity-ed25519\n" "-----BEGIN ED25519 CERT-----\n" - "AQQABf/FAf5iDuKCZP2VxnAaQWdklilAh6kaEeFX4z8261Yx2T1/AQAgBADCp8vO\n" - "B8K1F9g2DzwuwvVCnPFLSK1qknVqPpNucHLH9DY7fuIYogBAdz4zHv1qC7RKaMNG\n" - "Jux/tMO2tzPcm62Ky5PjClMQplKUOnZNQ+RIpA3wYCIfUDy/cQnY7XWgNQ0=\n" + "AQQABs1eAfTuBhu6ypB5/9avDiY3qBzulkCvfYqbFN/ABk/o4xFcAQAgBAAnmWRG\n" + "rIvqpb4Kk3cThEiWAll4uDCO2Y46uNm9WG7AtPt4LG+XfktG3GAxv6aVQimwlyHc\n" + "1x2Lfm9KG3mWWj+hxnum4Z7873OE0B9l2Hg0YQZCW/PuHSWN0rspTvY5SgA=\n" "-----END ED25519 CERT-----\n" - "platform Tor 0.2.6.0-alpha-dev on Darwin\n" - "protocols Link 1 2 Circuit 1\n" - "published 2014-10-08 12:58:04\n" - "fingerprint B7E2 7F10 4213 C36F 13E7 E982 9182 845E 4959 97A0\n" - "uptime 0\n" - "bandwidth 1073741824 1073741824 0\n" - "extra-info-digest 568F27331B6D8C73E7024F1EF5D097B90DFC7CDB\n" - "caches-extra-info\n" + "master-key-ed25519 J5lkRqyL6qW+CpN3E4RIlgJZeLgwjtmOOrjZvVhuwLQ\n" + "or-address [::]:5005\n" + "platform Tor 0.4.5.0-alpha-dev on Linux\n" + "proto Cons=1-2 Desc=1-2 DirCache=1-2 FlowCtrl=1 HSDir=1-2 HSIntro=3-5 " + "HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-3\n" + "published 2020-10-13 13:27:34\n" + "fingerprint D219 590A C951 3BCD EBBA 9AB7 2100 7A4C C01B BAE3\n" + "uptime 324451\n" + "bandwidth 1073741824 1073741824 637796\n" + "extra-info-digest 78E6D382BC826B95B4111554EEE7D541A32AAAA3 " + "c61Onjpq+1S0TrdvoaOvGAxew6yfO+uHNhipbemQmgA\n" "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAL2R8EfubUcahxha4u02P4VAR0llQIMwFAmrHPjzcK7apcQgDOf2ovOA\n" - "+YQnJFxlpBmCoCZC6ssCi+9G0mqo650lFuTMP5I90BdtjotfzESfTykHLiChyvhd\n" - "l0dlqclb2SU/GKem/fLRXH16aNi72CdSUu/1slKs/70ILi34QixRAgMBAAE=\n" + "MIGJAoGBAMvEJ/JVNK7I38PPWhQMuCgkET/ki4WIas4tj5Kmqfb9kHqxMR+EunRD\n" + "83k4pel1yB7QdV+iTd/4SZOI8RpZP+BO1KnOTWfpztAU1lDGr19/PwdwcHaILpBD\n" + "nNzm6otk4/bKUQ0vqpOfJljtg0DfAm4uMAQ6BMFy6uEAF7+JupuPAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" "signing-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAN8+78KUVlgHXdMMkYJxcwh1Zv2y+Gb5eWUyltUaQRajhrT9ij2T5JZs\n" - "M0g85xTcuM3jNVVpV79+33hiTohdC6UZ+Bk4USQ7WBFzRbVFSXoVKLBJFkCOIexg\n" - "SMGNd5WEDtHWrXl58mizmPFu1eG6ZxHzt7RuLSol5cwBvawXPNkFAgMBAAE=\n" + "MIGJAoGBANBzejGAwyPTPq2Gm03wpg3qICo0uDQau8opude2mW3eyxAqOqHzC8De\n" + "gRgbmn040vqe9gwvH4iaHpVeTxyDwQefbfULdq6bETmX3aSUj6LKBCqqcyuOJFQu\n" + "7M2QfNSfHtldUABpIaqFvEA3AV8qjOoUtauoFNJKMy7Wj2//S70VAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" "onion-key-crosscert\n" "-----BEGIN CROSSCERT-----\n" - "ETFDzU49bvNfoZnKK1j6JeBP2gDirgj6bBCgWpUYs663OO9ypbZRO0JwWANssKl6\n" - "oaq9vKTsKGRsaNnqnz/JGMhehymakjjNtqg7crWwsahe8+7Pw9GKmW+YjFtcOkUf\n" - "KfOn2bmKBa1FoJb4yW3oXzHcdlLSRuCciKqPn+Hky5o=\n" + "pD3Nkkunt8zP6PO6H3uHT0t7xnorC7cY/KfF75mFB+90pHCD9f0Xdu3Pjrur/q23\n" + "PIKV3hdtdsODoJuoh8LPGNAjS5rO6HMCtHNDNunNOs69bvfaO0jThnurXmOpY0sW\n" + "eRfBeYN2KNgrN0B1eDejfPSr03dkFY48yoUDROv9EJQ=\n" "-----END CROSSCERT-----\n" "ntor-onion-key-crosscert 0\n" "-----BEGIN ED25519 CERT-----\n" - "AQoABf2dAcKny84HwrUX2DYPPC7C9UKc8UtIrWqSdWo+k25wcsf0AFohutG+xI06\n" - "Ef21c5Zl1j8Hw6DzHDjYyJevXLFuOneaL3zcH2Ldn4sjrG3kc5UuVvRfTvV120UO\n" - "xk4f5s5LGwY=\n" + "AQoABs2OASeZZEasi+qlvgqTdxOESJYCWXi4MI7Zjjq42b1YbsC0AKc5y5qYUYvw\n" + "VATtWkV9DVIZbZSb9mQP5pmNaqmX+DbmINCYt8j7l+U7g3ftUyh0Wlrgevx0pFUI\n" + "RcIU0HKHZQA=\n" "-----END ED25519 CERT-----\n" "hidden-service-dir\n" - "contact auth1@test.test\n" - "ntor-onion-key hbxdRnfVUJJY7+KcT4E3Rs7/zuClbN3hJrjSBiEGMgI=\n" - "reject *:*\n" - "router-sig-ed25519 5aQXyTif7PExIuL2di37UvktmJECKnils2OWz2vDi" - "hFxi+5TTAAPxYkS5clhc/Pjvw34itfjGmTKFic/8httAQ\n" + "ntor-onion-key FChIfm77vrWB7JsxQ+jMbN6VSSp1P0DYbw/2aqey4iA\n" + "accept *:*\n" + "tunnelled-dir-server\n" + "router-sig-ed25519 Xm56dYbo/hCHWyzcdUPmfTeZ4qly2TYf1/2Q1lXKQDMJyBti" + "8ZE8R2TTYsYimr+UtAapbzBItccZLze505nhBw\n" "router-signature\n" "-----BEGIN SIGNATURE-----\n" - "BaUB+aFPQbb3BwtdzKsKqV3+6cRlSqJF5bI3UTmwRoJk+Z5Pz+W5NWokNI0xArHM\n" - "T4T5FZCCP9350jXsUCIvzyIyktU6aVRCGFt76rFlo1OETpN8GWkMnQU0w18cxvgS\n" - "cf34GXHv61XReJF3AlzNHFpbrPOYmowmhrTULKyMqow=\n" + "bbeN0lq6nCfJQXGcKa1M9TQ6b2upig7clrlVXuzKeR0JhGwnDCXUAFxDtrw3vkVo\n" + "ExBXXvJeBPyustFOQkdiAEWHHSW5CwEgeVCBYZeEnaiySIgDVKuu+9B53ezFdC0Y\n" + "iFJkKxxDx7ksxX0zdl7aPT4ORFEuRhCYS6el7YJmoyg=\n" "-----END SIGNATURE-----\n"; -static const char test_md_18[] = - "onion-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBANBJz8Vldl12aFeSMPLiA4nOetLDN0oxU8bB1SDhO7Uu2zdWYVYAF5J0\n" - "st7WvrVy/jA9v/fsezNAPskBanecHRSkdMTpkcgRPMHE7CTGEwIy1Yp1X4bPgDlC\n" - "VCnbs5Pcts5HnWEYNK7qHDAUn+IlmjOO+pTUY8uyq+GQVz6H9wFlAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key Gg73xH7+kTfT6bi1uNVx9gwQdQas9pROIfmc4NpAdC4=\n" - "p reject 25,119,135-139,445,563,1214,4661-4666,6346-6429,6699,6881-6999\n" - "id rsa1024 Cd47okjCHD83YGzThGBDptXs9Z4\n"; - -static const char test_md2_21[] = +static const char test_md2_25[] = "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAL2R8EfubUcahxha4u02P4VAR0llQIMwFAmrHPjzcK7apcQgDOf2ovOA\n" - "+YQnJFxlpBmCoCZC6ssCi+9G0mqo650lFuTMP5I90BdtjotfzESfTykHLiChyvhd\n" - "l0dlqclb2SU/GKem/fLRXH16aNi72CdSUu/1slKs/70ILi34QixRAgMBAAE=\n" + "MIGJAoGBAMvEJ/JVNK7I38PPWhQMuCgkET/ki4WIas4tj5Kmqfb9kHqxMR+EunRD\n" + "83k4pel1yB7QdV+iTd/4SZOI8RpZP+BO1KnOTWfpztAU1lDGr19/PwdwcHaILpBD\n" + "nNzm6otk4/bKUQ0vqpOfJljtg0DfAm4uMAQ6BMFy6uEAF7+JupuPAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key hbxdRnfVUJJY7+KcT4E3Rs7/zuClbN3hJrjSBiEGMgI=\n" - "id ed25519 wqfLzgfCtRfYNg88LsL1QpzxS0itapJ1aj6TbnByx/Q\n"; + "ntor-onion-key FChIfm77vrWB7JsxQ+jMbN6VSSp1P0DYbw/2aqey4iA=\n" + "p accept 1-65535\n" + "id ed25519 J5lkRqyL6qW+CpN3E4RIlgJZeLgwjtmOOrjZvVhuwLQ\n"; static const char test_md2_withfamily_28[] = "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAL2R8EfubUcahxha4u02P4VAR0llQIMwFAmrHPjzcK7apcQgDOf2ovOA\n" - "+YQnJFxlpBmCoCZC6ssCi+9G0mqo650lFuTMP5I90BdtjotfzESfTykHLiChyvhd\n" - "l0dlqclb2SU/GKem/fLRXH16aNi72CdSUu/1slKs/70ILi34QixRAgMBAAE=\n" + "MIGJAoGBAMvEJ/JVNK7I38PPWhQMuCgkET/ki4WIas4tj5Kmqfb9kHqxMR+EunRD\n" + "83k4pel1yB7QdV+iTd/4SZOI8RpZP+BO1KnOTWfpztAU1lDGr19/PwdwcHaILpBD\n" + "nNzm6otk4/bKUQ0vqpOfJljtg0DfAm4uMAQ6BMFy6uEAF7+JupuPAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key hbxdRnfVUJJY7+KcT4E3Rs7/zuClbN3hJrjSBiEGMgI=\n" + "ntor-onion-key FChIfm77vrWB7JsxQ+jMbN6VSSp1P0DYbw/2aqey4iA=\n" "family OtherNode !Strange\n" - "id ed25519 wqfLzgfCtRfYNg88LsL1QpzxS0itapJ1aj6TbnByx/Q\n"; + "p accept 1-65535\n" + "id ed25519 J5lkRqyL6qW+CpN3E4RIlgJZeLgwjtmOOrjZvVhuwLQ\n"; static const char test_md2_withfamily_29[] = "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAL2R8EfubUcahxha4u02P4VAR0llQIMwFAmrHPjzcK7apcQgDOf2ovOA\n" - "+YQnJFxlpBmCoCZC6ssCi+9G0mqo650lFuTMP5I90BdtjotfzESfTykHLiChyvhd\n" - "l0dlqclb2SU/GKem/fLRXH16aNi72CdSUu/1slKs/70ILi34QixRAgMBAAE=\n" + "MIGJAoGBAMvEJ/JVNK7I38PPWhQMuCgkET/ki4WIas4tj5Kmqfb9kHqxMR+EunRD\n" + "83k4pel1yB7QdV+iTd/4SZOI8RpZP+BO1KnOTWfpztAU1lDGr19/PwdwcHaILpBD\n" + "nNzm6otk4/bKUQ0vqpOfJljtg0DfAm4uMAQ6BMFy6uEAF7+JupuPAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key hbxdRnfVUJJY7+KcT4E3Rs7/zuClbN3hJrjSBiEGMgI=\n" - "family !Strange $B7E27F104213C36F13E7E9829182845E495997A0 othernode\n" - "id ed25519 wqfLzgfCtRfYNg88LsL1QpzxS0itapJ1aj6TbnByx/Q\n"; + "ntor-onion-key FChIfm77vrWB7JsxQ+jMbN6VSSp1P0DYbw/2aqey4iA=\n" + "family !Strange $D219590AC9513BCDEBBA9AB721007A4CC01BBAE3 othernode\n" + "p accept 1-65535\n" + "id ed25519 J5lkRqyL6qW+CpN3E4RIlgJZeLgwjtmOOrjZvVhuwLQ\n"; static void test_md_generate(void *arg) @@ -454,23 +411,8 @@ test_md_generate(void *arg) ri = router_parse_entry_from_string(test_ri, NULL, 0, 0, NULL, NULL); tt_assert(ri); - microdesc_free(md); - md = NULL; - md = dirvote_create_microdescriptor(ri, 18); - tt_str_op(md->body, OP_EQ, test_md_18); - - microdesc_free(md); - md = NULL; - md = dirvote_create_microdescriptor(ri, 21); - tt_str_op(md->body, OP_EQ, test_md_18); - - routerinfo_free(ri); - ri = router_parse_entry_from_string(test_ri2, NULL, 0, 0, NULL, NULL); - - microdesc_free(md); - md = NULL; - md = dirvote_create_microdescriptor(ri, 21); - tt_str_op(md->body, OP_EQ, test_md2_21); + md = dirvote_create_microdescriptor(ri, 25); + tt_str_op(md->body, OP_EQ, test_md2_25); tt_assert(ed25519_pubkey_eq(md->ed25519_identity_pkey, &ri->cache_info.signing_key_cert->signing_key)); @@ -505,6 +447,7 @@ static const char MD_PARSE_TEST_DATA[] = "DBr/ij6+JqgVFeriuiMzHKREytzjdaTuKsKBFFpLwb+Ppcjr5nMIH/AR6/aHO8hW\n" "T3B9lx5T6Kl7CqZ4yqXxYRHzn50EPTIZuz0y9se4J4gi9mLmL+pHAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key AppBt6CSeb1kKid/36ototmFA24ddfW5JpjWPLuoJgs=\n" "p accept 20-23,43,53,79-81,88,110,143,194,220,443,464,531,543-544\n" "id rsa1024 GEo59/iR1GWSIWZDzXTd5QxtqnU\n" /* Bad 0: I've messed with the onion-key in the second one. */ @@ -564,6 +507,7 @@ static const char MD_PARSE_TEST_DATA[] = "h8G5OJZHRarJQyCIf7vpZQAi0oP0OkGGaCaDQsM+D8TnqhnU++RWGnMqY/cXxPrL\n" "MEq+n6aGiLmzkO7ah8yorZpoREk4GqLUIN89/tHHGOhJL3c4CPGjAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key AppBt6CSeb1kKid/36ototmFA24ddfW5JpjWPLuoJgs=\n" "p reject 25,119,135-139,445,563,1214,4661-4666,6346-6429,6699,6881-6999\n" "id rsa1234 jlqAKFD2E7uMKv+8TmKSeo7NBho\n" /* Good 5: Extra id type. */ @@ -785,6 +729,7 @@ test_md_parse_id_ed25519(void *arg) "sgdN1wJpWpTQMXJ2DssfSgmOVXETP7qJuZyRprxalQhaEATMDNJA/66Ml1jSO9mZ\n" "+8Xb7m/4q778lNtkSbsvMaYD2Dq6k2QQ3kMhr9z8oUtX0XA23+pfAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key AppBt6CSeb1kKid/36ototmFA24ddfW5JpjWPLuoJgs=\n" "id ed25519 VGhpcyBpc24ndCBhY3R1YWxseSBhIHB1YmxpYyBrZXk\n" "id wumpus dodecahedron\n"; @@ -809,6 +754,7 @@ test_md_parse_id_ed25519(void *arg) "sgdN1wJpWpTQMXJ2DssfSgmOVXETP7qJuZyRprxalQhaEATMDNJA/66Ml1jSO9mZ\n" "+8Xb7m/4q778lNtkSbsvMaYD2Dq6k2QQ3kMhr9z8oUtX0XA23+pfAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key AppBt6CSeb1kKid/36ototmFA24ddfW5JpjWPLuoJgs\n" "id ed25519 VGhpcyBpc24ndCBhY3R1YWxseSBhIHB1YmxpYyBrZXk\n" "id ed25519 VGhpcyBpc24ndCBhY3R1YWxseSBhIHB1YmxpYyBrZXk\n"; @@ -829,6 +775,7 @@ test_md_parse_id_ed25519(void *arg) "sgdN1wJpWpTQMXJ2DssfSgmOVXETP7qJuZyRprxalQhaEATMDNJA/66Ml1jSO9mZ\n" "+8Xb7m/4q778lNtkSbsvMaYD2Dq6k2QQ3kMhr9z8oUtX0XA23+pfAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" + "ntor-onion-key AppBt6CSeb1kKid/36ototmFA24ddfW5JpjWPLuoJgs\n" "id ed25519 VGhpcyBpc24ndCBhY3R1YWxseSBhIHB1YmxpYyZZZZZZZZZZZ\n"; mds = microdescs_parse_from_string(BOGUS_KEY, diff --git a/src/test/test_protover.c b/src/test/test_protover.c index 4ccec73699..be3aeb5e40 100644 --- a/src/test/test_protover.c +++ b/src/test/test_protover.c @@ -32,64 +32,32 @@ test_protover_parse(void *arg) #else /* !defined(HAVE_RUST) */ char *re_encoded = NULL; - const char *orig = "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,900"; + const char *orig = "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16"; smartlist_t *elts = parse_protocol_list(orig); tt_assert(elts); tt_int_op(smartlist_len(elts), OP_EQ, 4); const proto_entry_t *e; - const proto_range_t *r; e = smartlist_get(elts, 0); tt_str_op(e->name, OP_EQ, "Foo"); - tt_int_op(smartlist_len(e->ranges), OP_EQ, 2); - { - r = smartlist_get(e->ranges, 0); - tt_int_op(r->low, OP_EQ, 1); - tt_int_op(r->high, OP_EQ, 1); - - r = smartlist_get(e->ranges, 1); - tt_int_op(r->low, OP_EQ, 3); - tt_int_op(r->high, OP_EQ, 3); - } + tt_int_op(e->bitmask, OP_EQ, 0x0a); e = smartlist_get(elts, 1); tt_str_op(e->name, OP_EQ, "Bar"); - tt_int_op(smartlist_len(e->ranges), OP_EQ, 1); - { - r = smartlist_get(e->ranges, 0); - tt_int_op(r->low, OP_EQ, 3); - tt_int_op(r->high, OP_EQ, 3); - } + tt_int_op(e->bitmask, OP_EQ, 0x08); e = smartlist_get(elts, 2); tt_str_op(e->name, OP_EQ, "Baz"); - tt_int_op(smartlist_len(e->ranges), OP_EQ, 0); + tt_int_op(e->bitmask, OP_EQ, 0x00); e = smartlist_get(elts, 3); tt_str_op(e->name, OP_EQ, "Quux"); - tt_int_op(smartlist_len(e->ranges), OP_EQ, 4); - { - r = smartlist_get(e->ranges, 0); - tt_int_op(r->low, OP_EQ, 9); - tt_int_op(r->high, OP_EQ, 12); - - r = smartlist_get(e->ranges, 1); - tt_int_op(r->low, OP_EQ, 14); - tt_int_op(r->high, OP_EQ, 14); - - r = smartlist_get(e->ranges, 2); - tt_int_op(r->low, OP_EQ, 15); - tt_int_op(r->high, OP_EQ, 16); - - r = smartlist_get(e->ranges, 3); - tt_int_op(r->low, OP_EQ, 900); - tt_int_op(r->high, OP_EQ, 900); - } + tt_int_op(e->bitmask, OP_EQ, 0x1de00); re_encoded = encode_protocol_list(elts); tt_assert(re_encoded); - tt_str_op(re_encoded, OP_EQ, orig); + tt_str_op(re_encoded, OP_EQ, "Foo=1,3 Bar=3 Baz= Quux=9-12,14-16"); done: if (elts) @@ -156,14 +124,14 @@ test_protover_vote(void *arg) tt_str_op(result, OP_EQ, ""); tor_free(result); - smartlist_add(lst, (void*) "Foo=1-10,500 Bar=1,3-7,8"); + smartlist_add(lst, (void*) "Foo=1-10,63 Bar=1,3-7,8"); result = protover_compute_vote(lst, 1); - tt_str_op(result, OP_EQ, "Bar=1,3-8 Foo=1-10,500"); + tt_str_op(result, OP_EQ, "Bar=1,3-8 Foo=1-10,63"); tor_free(result); - smartlist_add(lst, (void*) "Quux=123-456,78 Bar=2-6,8 Foo=9"); + smartlist_add(lst, (void*) "Quux=12-45 Bar=2-6,8 Foo=9"); result = protover_compute_vote(lst, 1); - tt_str_op(result, OP_EQ, "Bar=1-8 Foo=1-10,500 Quux=78,123-456"); + tt_str_op(result, OP_EQ, "Bar=1-8 Foo=1-10,63 Quux=12-45"); tor_free(result); result = protover_compute_vote(lst, 2); @@ -201,45 +169,16 @@ test_protover_vote(void *arg) /* Just below the threshold: Rust */ smartlist_clear(lst); - smartlist_add(lst, (void*) "Sleen=1-500"); + smartlist_add(lst, (void*) "Sleen=1-50"); result = protover_compute_vote(lst, 1); - tt_str_op(result, OP_EQ, "Sleen=1-500"); + tt_str_op(result, OP_EQ, "Sleen=1-50"); tor_free(result); /* Just below the threshold: C */ smartlist_clear(lst); - smartlist_add(lst, (void*) "Sleen=1-65536"); - result = protover_compute_vote(lst, 1); - tt_str_op(result, OP_EQ, "Sleen=1-65536"); - tor_free(result); - - /* Large protover lists that exceed the threshold */ - - /* By adding two votes, C allows us to exceed the limit */ - smartlist_add(lst, (void*) "Sleen=1-65536"); - smartlist_add(lst, (void*) "Sleen=100000"); + smartlist_add(lst, (void*) "Sleen=1-63"); result = protover_compute_vote(lst, 1); - tt_str_op(result, OP_EQ, "Sleen=1-65536,100000"); - tor_free(result); - - /* Large integers */ - smartlist_clear(lst); - smartlist_add(lst, (void*) "Sleen=4294967294"); - result = protover_compute_vote(lst, 1); - tt_str_op(result, OP_EQ, "Sleen=4294967294"); - tor_free(result); - - /* This parses, but fails at the vote stage */ - smartlist_clear(lst); - smartlist_add(lst, (void*) "Sleen=4294967295"); - result = protover_compute_vote(lst, 1); - tt_str_op(result, OP_EQ, ""); - tor_free(result); - - smartlist_clear(lst); - smartlist_add(lst, (void*) "Sleen=4294967296"); - result = protover_compute_vote(lst, 1); - tt_str_op(result, OP_EQ, ""); + tt_str_op(result, OP_EQ, "Sleen=1-63"); tor_free(result); /* Protocol name too long */ @@ -279,8 +218,8 @@ test_protover_all_supported(void *arg) tt_assert(! protover_all_supported("Wombat=9", &msg)); tt_str_op(msg, OP_EQ, "Wombat=9"); tor_free(msg); - tt_assert(! protover_all_supported("Link=999", &msg)); - tt_str_op(msg, OP_EQ, "Link=999"); + tt_assert(! protover_all_supported("Link=60", &msg)); + tt_str_op(msg, OP_EQ, "Link=60"); tor_free(msg); // Mix of things we support and things we don't @@ -290,11 +229,11 @@ test_protover_all_supported(void *arg) /* Mix of things we support and don't support within a single protocol * which we do support */ - tt_assert(! protover_all_supported("Link=3-999", &msg)); - tt_str_op(msg, OP_EQ, "Link=6-999"); + tt_assert(! protover_all_supported("Link=3-60", &msg)); + tt_str_op(msg, OP_EQ, "Link=6-60"); tor_free(msg); - tt_assert(! protover_all_supported("Link=1-3,345-666", &msg)); - tt_str_op(msg, OP_EQ, "Link=345-666"); + tt_assert(! protover_all_supported("Link=1-3,50-63", &msg)); + tt_str_op(msg, OP_EQ, "Link=50-63"); tor_free(msg); tt_assert(! protover_all_supported("Link=1-3,5-12", &msg)); tt_str_op(msg, OP_EQ, "Link=6-12"); @@ -302,18 +241,8 @@ test_protover_all_supported(void *arg) /* Mix of protocols we do support and some we don't, where the protocols * we do support have some versions we don't support. */ - tt_assert(! protover_all_supported("Link=1-3,5-12 Quokka=9000-9001", &msg)); - tt_str_op(msg, OP_EQ, "Link=6-12 Quokka=9000-9001"); - tor_free(msg); - - /* We shouldn't be able to DoS ourselves parsing a large range. */ - tt_assert(! protover_all_supported("Sleen=1-2147483648", &msg)); - tt_str_op(msg, OP_EQ, "Sleen=1-2147483648"); - tor_free(msg); - - /* This case is allowed. */ - tt_assert(! protover_all_supported("Sleen=1-4294967294", &msg)); - tt_str_op(msg, OP_EQ, "Sleen=1-4294967294"); + tt_assert(! protover_all_supported("Link=1-3,5-12 Quokka=40-41", &msg)); + tt_str_op(msg, OP_EQ, "Link=6-12 Quokka=40-41"); tor_free(msg); /* If we get a (barely) valid (but unsupported list, we say "yes, that's @@ -606,9 +535,9 @@ test_protover_vote_roundtrip(void *args) /* Will fail because of 4294967295. */ { "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,900 Zn=1,4294967295", NULL }, - { "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,900 Zn=1,4294967294", - "Bar=3 Foo=1,3 Quux=9-12,14-16,900 Zn=1,4294967294" }, - { "Zu16=1,65536", "Zu16=1,65536" }, + { "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,50 Zn=1,42", + "Bar=3 Foo=1,3 Quux=9-12,14-16,50 Zn=1,42" }, + { "Zu16=1,63", "Zu16=1,63" }, { "N-1=1,2", "N-1=1-2" }, { "-1=4294967295", NULL }, { "-1=3", "-1=3" }, @@ -646,12 +575,8 @@ test_protover_vote_roundtrip(void *args) /* Large integers */ { "Link=4294967296", NULL }, /* Large range */ - { "Sleen=1-501", "Sleen=1-501" }, + { "Sleen=1-63", "Sleen=1-63" }, { "Sleen=1-65537", NULL }, - /* Both C/Rust implementations should be able to handle this mild DoS. */ - { "Sleen=1-2147483648", NULL }, - /* Rust tests are built in debug mode, so ints are bounds-checked. */ - { "Sleen=1-4294967295", NULL }, }; unsigned u; smartlist_t *votes = smartlist_new(); diff --git a/src/test/test_router.c b/src/test/test_router.c index ddd043b941..895178f788 100644 --- a/src/test/test_router.c +++ b/src/test/test_router.c @@ -23,6 +23,7 @@ #include "feature/nodelist/routerinfo_st.h" #include "feature/nodelist/routerlist.h" #include "feature/nodelist/routerstatus_st.h" +#include "feature/nodelist/torcert.h" #include "feature/relay/router.h" #include "feature/stats/bwhist.h" #include "lib/crypt_ops/crypto_curve25519.h" @@ -35,44 +36,34 @@ #include "test/test.h" #include "test/log_test_helpers.h" -static const routerinfo_t * rtr_tests_router_get_my_routerinfo(void); -ATTR_UNUSED static int rtr_tests_router_get_my_routerinfo_called = 0; - -static routerinfo_t* mock_routerinfo; - -static const routerinfo_t* -rtr_tests_router_get_my_routerinfo(void) +static routerinfo_t * +rtr_tests_gen_routerinfo(crypto_pk_t *ident_key, crypto_pk_t *tap_key) { - crypto_pk_t* ident_key; - crypto_pk_t* tap_key; time_t now; - if (!mock_routerinfo) { - /* Mock the published timestamp, otherwise router_dump_router_to_string() - * will poop its pants. */ - time(&now); - - /* We'll need keys, or router_dump_router_to_string() would return NULL. */ - ident_key = pk_generate(0); - tap_key = pk_generate(0); - - tor_assert(ident_key != NULL); - tor_assert(tap_key != NULL); - - mock_routerinfo = tor_malloc_zero(sizeof(routerinfo_t)); - mock_routerinfo->nickname = tor_strdup("ConlonNancarrow"); - tor_addr_from_ipv4h(&mock_routerinfo->ipv4_addr, 123456789); - mock_routerinfo->ipv4_orport = 443; - mock_routerinfo->platform = tor_strdup("unittest"); - mock_routerinfo->cache_info.published_on = now; - mock_routerinfo->identity_pkey = crypto_pk_dup_key(ident_key); - router_set_rsa_onion_pkey(tap_key, &mock_routerinfo->onion_pkey, - &mock_routerinfo->onion_pkey_len); - mock_routerinfo->bandwidthrate = 9001; - mock_routerinfo->bandwidthburst = 9002; - crypto_pk_free(ident_key); - crypto_pk_free(tap_key); - } + routerinfo_t *mock_routerinfo; + + /* Mock the published timestamp, otherwise router_dump_router_to_string() + * will poop its pants. */ + time(&now); + + /* We'll need keys, or router_dump_router_to_string() would return NULL. */ + tor_assert(ident_key != NULL); + tor_assert(tap_key != NULL); + + mock_routerinfo = tor_malloc_zero(sizeof(routerinfo_t)); + mock_routerinfo->nickname = tor_strdup("ConlonNancarrow"); + tor_addr_from_ipv4h(&mock_routerinfo->ipv4_addr, 123456789); + mock_routerinfo->ipv4_orport = 443; + mock_routerinfo->platform = tor_strdup("unittest"); + mock_routerinfo->cache_info.published_on = now; + mock_routerinfo->identity_pkey = crypto_pk_dup_key(ident_key); + mock_routerinfo->protocol_list = + tor_strdup("Cons=1-2 Desc=1-2 DirCache=1-2"); + router_set_rsa_onion_pkey(tap_key, &mock_routerinfo->onion_pkey, + &mock_routerinfo->onion_pkey_len); + mock_routerinfo->bandwidthrate = 9001; + mock_routerinfo->bandwidthburst = 9002; return mock_routerinfo; } @@ -87,12 +78,12 @@ test_router_dump_router_to_string_no_bridge_distribution_method(void *arg) routerinfo_t* router = NULL; curve25519_keypair_t ntor_keypair; ed25519_keypair_t signing_keypair; + ed25519_keypair_t identity_keypair; char* desc = NULL; char* found = NULL; (void)arg; - - MOCK(router_get_my_routerinfo, - rtr_tests_router_get_my_routerinfo); + crypto_pk_t *ident_key = pk_generate(0); + crypto_pk_t *tap_key = pk_generate(0); options->ORPort_set = 1; options->BridgeRelay = 1; @@ -100,12 +91,21 @@ test_router_dump_router_to_string_no_bridge_distribution_method(void *arg) /* Generate keys which router_dump_router_to_string() expects to exist. */ tt_int_op(0, OP_EQ, curve25519_keypair_generate(&ntor_keypair, 0)); tt_int_op(0, OP_EQ, ed25519_keypair_generate(&signing_keypair, 0)); + tt_int_op(0, OP_EQ, ed25519_keypair_generate(&identity_keypair, 0)); /* Set up part of our routerinfo_t so that we don't trigger any other * assertions in router_dump_router_to_string(). */ - router = (routerinfo_t*)router_get_my_routerinfo(); + router = rtr_tests_gen_routerinfo(ident_key, tap_key); tt_ptr_op(router, OP_NE, NULL); + router->cache_info.signing_key_cert = + tor_cert_create_ed25519(&identity_keypair, + CERT_TYPE_ID_SIGNING, + &signing_keypair.pubkey, + time(NULL), + 86400, + CERT_FLAG_INCLUDE_SIGNING_KEY); + /* The real router_get_my_routerinfo() looks up onion_curve25519_pkey using * get_current_curve25519_keypair(), but we don't initialise static data in * this test. */ @@ -113,22 +113,22 @@ test_router_dump_router_to_string_no_bridge_distribution_method(void *arg) /* Generate our server descriptor and ensure that the substring * "bridge-distribution-request any" occurs somewhere within it. */ - crypto_pk_t *onion_pkey = router_get_rsa_onion_pkey(router->onion_pkey, - router->onion_pkey_len); desc = router_dump_router_to_string(router, - router->identity_pkey, - onion_pkey, + ident_key, + tap_key, &ntor_keypair, &signing_keypair); - crypto_pk_free(onion_pkey); tt_ptr_op(desc, OP_NE, NULL); found = strstr(desc, needle); tt_ptr_op(found, OP_NE, NULL); done: - UNMOCK(router_get_my_routerinfo); - + if (router) + router->onion_curve25519_pkey = NULL; // avoid double-free + routerinfo_free(router); tor_free(desc); + crypto_pk_free(ident_key); + crypto_pk_free(tap_key); } static routerinfo_t *mock_router_get_my_routerinfo_result = NULL; diff --git a/src/test/test_routerlist.c b/src/test/test_routerlist.c index 91a75d7080..c7b65006f0 100644 --- a/src/test/test_routerlist.c +++ b/src/test/test_routerlist.c @@ -52,8 +52,6 @@ #include "test/test_dir_common.h" #include "test/log_test_helpers.h" -void construct_consensus(char **consensus_text_md, time_t now); - static authority_cert_t *mock_cert; static authority_cert_t * @@ -150,7 +148,7 @@ test_routerlist_launch_descriptor_downloads(void *arg) smartlist_free(downloadable); } -void +static void construct_consensus(char **consensus_text_md, time_t now) { networkstatus_t *vote = NULL; diff --git a/src/test/test_tortls_openssl.c b/src/test/test_tortls_openssl.c index e20b0d1ede..42a901fe77 100644 --- a/src/test/test_tortls_openssl.c +++ b/src/test/test_tortls_openssl.c @@ -279,8 +279,7 @@ test_tortls_log_one_error(void *ignored) mock_clean_saved_logs(); tor_tls_log_one_error(tls, ERR_PACK(1, 2, 3), LOG_WARN, 0, NULL); - expect_log_msg("TLS error with 127.hello: " - "BN lib (in unknown library:(null):---)\n"); + expect_log_msg_containing("TLS error with 127.hello"); mock_clean_saved_logs(); tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST), diff --git a/src/test/vote_descriptors.inc b/src/test/vote_descriptors.inc index 895dc6c65c..51cf465170 100644 --- a/src/test/vote_descriptors.inc +++ b/src/test/vote_descriptors.inc @@ -1,3 +1,6 @@ +/* Not sure where we got this; it appears to be hand-generated and signed. + * It's been edited so that the signature doesn't verify any more; + * you need to mock check_signature_token for this to work. */ static const char* VOTE_BODY_V3 = "network-status-version 3\n" "vote-status vote\n" @@ -60,6 +63,7 @@ static const char* VOTE_BODY_V3 = "w Bandwidth=30 Measured=30\n" "p reject 1-65535\n" "id ed25519 none\n" +"pr Cons=1-2 Desc=1-2 DirCache=1-2 FlowCtrl=1 HSDir=1-2 HSIntro=3-5\n" "m 9,10,11,12,13,14,15,16,17 sha256=xyzajkldsdsajdadlsdjaslsdksdjlsdjsdaskdaaa0\n" "r router1 BQUFBQUFBQUFBQUFBQUFBQUFBQU TU1NTU1NTU1NTU1NTU1NTU1NTU0 2015-09-02 19:17:35 153.0.153.1 443 0\n" "a [1:2:3::4]:4711\n" @@ -68,6 +72,7 @@ static const char* VOTE_BODY_V3 = "w Bandwidth=120 Measured=120\n" "p reject 1-65535\n" "id ed25519 none\n" +"pr Cons=1-2 Desc=1-2 DirCache=1-2 FlowCtrl=1 HSDir=1-2 HSIntro=3-5\n" "m 9,10,11,12,13,14,15,16,17 sha256=xyzajkldsdsajdadlsdjaslsdksdjlsdjsdaskdaaa1\n" "r router3 MzMzMzMzMzMzMzMzMzMzMzMzMzM T09PT09PT09PT09PT09PT09PT08 2015-09-02 19:17:35 170.0.153.1 400 9999\n" "s Authority Exit Fast Guard Running Stable V2Dir Valid\n" @@ -75,6 +80,7 @@ static const char* VOTE_BODY_V3 = "w Bandwidth=120\n" "p reject 1-65535\n" "id ed25519 none\n" +"pr Cons=1-2 Desc=1-2 DirCache=1-2 FlowCtrl=1 HSDir=1-2 HSIntro=3-5\n" "m 9,10,11,12,13,14,15,16,17 " "sha256=xyzajkldsdsajdadlsdjaslsdksdjlsdjsdaskdaaa2\n" "r router4 NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ Ly8vLy8vLy8vLy8vLy8vLy8vLy8 2015-09-02 19:17:35 192.0.2.3 500 1999\n" @@ -83,6 +89,7 @@ static const char* VOTE_BODY_V3 = "w Bandwidth=30\n" "p reject 1-65535\n" "id ed25519 none\n" +"pr Cons=1-2 Desc=1-2 DirCache=1-2 FlowCtrl=1 HSDir=1-2 HSIntro=3-5\n" "m 9,10,11,12,13,14,15,16,17 sha256=xyzajkldsdsajdadlsdjaslsdksdjlsdjsdaskdaaa3\n" "directory-footer\n" "directory-signature D867ACF56A9D229B35C25F0090BC9867E906BE69 CBF56A83368A5150F1A9AAADAFB4D77F8C4170E2\n" @@ -91,4 +98,3 @@ static const char* VOTE_BODY_V3 = "TXQWGUq9Z7jdSVnzWT3xqPA4zjw6eZkj+DKUtwq+oEDZGlf8eHTFmr0NAWfwZbk9\n" "NAjbMTUXUP37N2XAZwkoCWwFCrrfMwXrL7OhZbj7ifo=\n" "-----END SIGNATURE-----\n"; - diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index 3c7b2ab5fc..57ec53cf34 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -217,7 +217,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.4.5.0-alpha-dev" +#define VERSION "0.4.5.1-alpha-dev" #define HAVE_STRUCT_SOCKADDR_IN6 #define HAVE_STRUCT_IN6_ADDR |