diff options
Diffstat (limited to 'src/test/test.c')
| -rw-r--r-- | src/test/test.c | 955 |
1 files changed, 253 insertions, 702 deletions
diff --git a/src/test/test.c b/src/test/test.c index 4ec8792344..45f7c097d9 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -28,11 +28,10 @@ const char tor_git_revision[] = ""; /* These macros pull in declarations for some functions and structures that * are typically file-private. */ -#define BUFFERS_PRIVATE -#define CONFIG_PRIVATE #define GEOIP_PRIVATE #define ROUTER_PRIVATE #define CIRCUITSTATS_PRIVATE +#define CIRCUITLIST_PRIVATE /* * Linux doesn't provide lround in math.h by default, but mac os does... @@ -55,6 +54,7 @@ double fabs(double x); #include "mempool.h" #include "memarea.h" #include "onion.h" +#include "onion_ntor.h" #include "onion_tap.h" #include "policies.h" #include "rephist.h" @@ -218,667 +218,138 @@ free_pregenerated_keys(void) } } -typedef struct socks_test_data_t { - socks_request_t *req; - buf_t *buf; -} socks_test_data_t; - -static void * -socks_test_setup(const struct testcase_t *testcase) -{ - socks_test_data_t *data = tor_malloc(sizeof(socks_test_data_t)); - (void)testcase; - data->buf = buf_new_with_capacity(256); - data->req = socks_request_new(); - config_register_addressmaps(get_options()); - return data; -} -static int -socks_test_cleanup(const struct testcase_t *testcase, void *ptr) -{ - socks_test_data_t *data = ptr; - (void)testcase; - buf_free(data->buf); - socks_request_free(data->req); - tor_free(data); - return 1; -} - -const struct testcase_setup_t socks_setup = { - socks_test_setup, socks_test_cleanup -}; - -#define SOCKS_TEST_INIT() \ - socks_test_data_t *testdata = ptr; \ - buf_t *buf = testdata->buf; \ - socks_request_t *socks = testdata->req; -#define ADD_DATA(buf, s) \ - write_to_buf(s, sizeof(s)-1, buf) - -static void -socks_request_clear(socks_request_t *socks) -{ - tor_free(socks->username); - tor_free(socks->password); - memset(socks, 0, sizeof(socks_request_t)); -} - -/** Perform unsupported SOCKS 4 commands */ -static void -test_socks_4_unsupported_commands(void *ptr) -{ - SOCKS_TEST_INIT(); - - /* SOCKS 4 Send BIND [02] to IP address 2.2.2.2:4369 */ - ADD_DATA(buf, "\x04\x02\x11\x11\x02\x02\x02\x02\x00"); - test_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, - get_options()->SafeSocks) == -1); - test_eq(4, socks->socks_version); - test_eq(0, socks->replylen); /* XXX: shouldn't tor reply? */ - - done: - ; -} - -/** Perform supported SOCKS 4 commands */ -static void -test_socks_4_supported_commands(void *ptr) -{ - SOCKS_TEST_INIT(); - - test_eq(0, buf_datalen(buf)); - - /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4370 */ - ADD_DATA(buf, "\x04\x01\x11\x12\x02\x02\x02\x03\x00"); - test_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, - get_options()->SafeSocks) == 1); - test_eq(4, socks->socks_version); - test_eq(0, socks->replylen); /* XXX: shouldn't tor reply? */ - test_eq(SOCKS_COMMAND_CONNECT, socks->command); - test_streq("2.2.2.3", socks->address); - test_eq(4370, socks->port); - test_assert(socks->got_auth == 0); - test_assert(! socks->username); - - test_eq(0, buf_datalen(buf)); - socks_request_clear(socks); - - /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4369 with userid*/ - ADD_DATA(buf, "\x04\x01\x11\x12\x02\x02\x02\x04me\x00"); - test_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, - get_options()->SafeSocks) == 1); - test_eq(4, socks->socks_version); - test_eq(0, socks->replylen); /* XXX: shouldn't tor reply? */ - test_eq(SOCKS_COMMAND_CONNECT, socks->command); - test_streq("2.2.2.4", socks->address); - test_eq(4370, socks->port); - test_assert(socks->got_auth == 1); - test_assert(socks->username); - test_eq(2, socks->usernamelen); - test_memeq("me", socks->username, 2); - - test_eq(0, buf_datalen(buf)); - socks_request_clear(socks); - - /* SOCKS 4a Send RESOLVE [F0] request for torproject.org */ - ADD_DATA(buf, "\x04\xF0\x01\x01\x00\x00\x00\x02me\x00torproject.org\x00"); - test_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, - get_options()->SafeSocks) == 1); - test_eq(4, socks->socks_version); - test_eq(0, socks->replylen); /* XXX: shouldn't tor reply? */ - test_streq("torproject.org", socks->address); - - test_eq(0, buf_datalen(buf)); - - done: - ; -} - -/** Perform unsupported SOCKS 5 commands */ -static void -test_socks_5_unsupported_commands(void *ptr) -{ - SOCKS_TEST_INIT(); - - /* SOCKS 5 Send unsupported BIND [02] command */ - ADD_DATA(buf, "\x05\x02\x00\x01"); - - test_eq(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, - get_options()->SafeSocks), 0); - test_eq(0, buf_datalen(buf)); - test_eq(5, socks->socks_version); - test_eq(2, socks->replylen); - test_eq(5, socks->reply[0]); - test_eq(0, socks->reply[1]); - ADD_DATA(buf, "\x05\x02\x00\x01\x02\x02\x02\x01\x01\x01"); - test_eq(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, - get_options()->SafeSocks), -1); - /* XXX: shouldn't tor reply 'command not supported' [07]? */ - - buf_clear(buf); - socks_request_clear(socks); - - /* SOCKS 5 Send unsupported UDP_ASSOCIATE [03] command */ - ADD_DATA(buf, "\x05\x03\x00\x01\x02"); - test_eq(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, - get_options()->SafeSocks), 0); - test_eq(5, socks->socks_version); - test_eq(2, socks->replylen); - test_eq(5, socks->reply[0]); - test_eq(2, socks->reply[1]); - ADD_DATA(buf, "\x05\x03\x00\x01\x02\x02\x02\x01\x01\x01"); - test_eq(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, - get_options()->SafeSocks), -1); - /* XXX: shouldn't tor reply 'command not supported' [07]? */ - - done: - ; -} - -/** Perform supported SOCKS 5 commands */ -static void -test_socks_5_supported_commands(void *ptr) -{ - SOCKS_TEST_INIT(); - - /* SOCKS 5 Send CONNECT [01] to IP address 2.2.2.2:4369 */ - ADD_DATA(buf, "\x05\x01\x00"); - test_eq(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, - get_options()->SafeSocks), 0); - test_eq(5, socks->socks_version); - test_eq(2, socks->replylen); - test_eq(5, socks->reply[0]); - test_eq(0, socks->reply[1]); - - ADD_DATA(buf, "\x05\x01\x00\x01\x02\x02\x02\x02\x11\x11"); - test_eq(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, - get_options()->SafeSocks), 1); - test_streq("2.2.2.2", socks->address); - test_eq(4369, socks->port); - - test_eq(0, buf_datalen(buf)); - socks_request_clear(socks); - - /* SOCKS 5 Send CONNECT [01] to FQDN torproject.org:4369 */ - ADD_DATA(buf, "\x05\x01\x00"); - ADD_DATA(buf, "\x05\x01\x00\x03\x0Etorproject.org\x11\x11"); - test_eq(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, - get_options()->SafeSocks), 1); - - test_eq(5, socks->socks_version); - test_eq(2, socks->replylen); - test_eq(5, socks->reply[0]); - test_eq(0, socks->reply[1]); - test_streq("torproject.org", socks->address); - test_eq(4369, socks->port); - - test_eq(0, buf_datalen(buf)); - socks_request_clear(socks); - - /* SOCKS 5 Send RESOLVE [F0] request for torproject.org:4369 */ - ADD_DATA(buf, "\x05\x01\x00"); - ADD_DATA(buf, "\x05\xF0\x00\x03\x0Etorproject.org\x01\x02"); - test_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, - get_options()->SafeSocks) == 1); - test_eq(5, socks->socks_version); - test_eq(2, socks->replylen); - test_eq(5, socks->reply[0]); - test_eq(0, socks->reply[1]); - test_streq("torproject.org", socks->address); - - test_eq(0, buf_datalen(buf)); - socks_request_clear(socks); - - /* SOCKS 5 Send RESOLVE_PTR [F1] for IP address 2.2.2.5 */ - ADD_DATA(buf, "\x05\x01\x00"); - ADD_DATA(buf, "\x05\xF1\x00\x01\x02\x02\x02\x05\x01\x03"); - test_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, - get_options()->SafeSocks) == 1); - test_eq(5, socks->socks_version); - test_eq(2, socks->replylen); - test_eq(5, socks->reply[0]); - test_eq(0, socks->reply[1]); - test_streq("2.2.2.5", socks->address); - - test_eq(0, buf_datalen(buf)); - - done: - ; -} - -/** Perform SOCKS 5 authentication */ -static void -test_socks_5_no_authenticate(void *ptr) -{ - SOCKS_TEST_INIT(); - - /*SOCKS 5 No Authentication */ - ADD_DATA(buf,"\x05\x01\x00"); - test_assert(!fetch_from_buf_socks(buf, socks, - get_options()->TestSocks, - get_options()->SafeSocks)); - test_eq(2, socks->replylen); - test_eq(5, socks->reply[0]); - test_eq(SOCKS_NO_AUTH, socks->reply[1]); - - test_eq(0, buf_datalen(buf)); - - /*SOCKS 5 Send username/password anyway - pretend to be broken */ - ADD_DATA(buf,"\x01\x02\x01\x01\x02\x01\x01"); - test_assert(!fetch_from_buf_socks(buf, socks, - get_options()->TestSocks, - get_options()->SafeSocks)); - test_eq(5, socks->socks_version); - test_eq(2, socks->replylen); - test_eq(1, socks->reply[0]); - test_eq(0, socks->reply[1]); - - test_eq(2, socks->usernamelen); - test_eq(2, socks->passwordlen); - - test_memeq("\x01\x01", socks->username, 2); - test_memeq("\x01\x01", socks->password, 2); - - done: - ; -} - -/** Perform SOCKS 5 authentication */ -static void -test_socks_5_authenticate(void *ptr) -{ - SOCKS_TEST_INIT(); - - /* SOCKS 5 Negotiate username/password authentication */ - ADD_DATA(buf, "\x05\x01\x02"); - - test_assert(!fetch_from_buf_socks(buf, socks, - get_options()->TestSocks, - get_options()->SafeSocks)); - test_eq(2, socks->replylen); - test_eq(5, socks->reply[0]); - test_eq(SOCKS_USER_PASS, socks->reply[1]); - test_eq(5, socks->socks_version); - - test_eq(0, buf_datalen(buf)); - - /* SOCKS 5 Send username/password */ - ADD_DATA(buf, "\x01\x02me\x08mypasswd"); - test_assert(!fetch_from_buf_socks(buf, socks, - get_options()->TestSocks, - get_options()->SafeSocks)); - test_eq(5, socks->socks_version); - test_eq(2, socks->replylen); - test_eq(1, socks->reply[0]); - test_eq(0, socks->reply[1]); - - test_eq(2, socks->usernamelen); - test_eq(8, socks->passwordlen); - - test_memeq("me", socks->username, 2); - test_memeq("mypasswd", socks->password, 8); - - done: - ; -} - -/** Perform SOCKS 5 authentication and send data all in one go */ -static void -test_socks_5_authenticate_with_data(void *ptr) -{ - SOCKS_TEST_INIT(); - - /* SOCKS 5 Negotiate username/password authentication */ - ADD_DATA(buf, "\x05\x01\x02"); - - test_assert(!fetch_from_buf_socks(buf, socks, - get_options()->TestSocks, - get_options()->SafeSocks)); - test_eq(2, socks->replylen); - test_eq(5, socks->reply[0]); - test_eq(SOCKS_USER_PASS, socks->reply[1]); - test_eq(5, socks->socks_version); - - test_eq(0, buf_datalen(buf)); - - /* SOCKS 5 Send username/password */ - /* SOCKS 5 Send CONNECT [01] to IP address 2.2.2.2:4369 */ - ADD_DATA(buf, "\x01\x02me\x03you\x05\x01\x00\x01\x02\x02\x02\x02\x11\x11"); - test_assert(fetch_from_buf_socks(buf, socks, - get_options()->TestSocks, - get_options()->SafeSocks) == 1); - test_eq(5, socks->socks_version); - test_eq(2, socks->replylen); - test_eq(1, socks->reply[0]); - test_eq(0, socks->reply[1]); - - test_streq("2.2.2.2", socks->address); - test_eq(4369, socks->port); - - test_eq(2, socks->usernamelen); - test_eq(3, socks->passwordlen); - test_memeq("me", socks->username, 2); - test_memeq("you", socks->password, 3); - - done: - ; -} - -/** Perform SOCKS 5 authentication before method negotiated */ -static void -test_socks_5_auth_before_negotiation(void *ptr) -{ - SOCKS_TEST_INIT(); - - /* SOCKS 5 Send username/password */ - ADD_DATA(buf, "\x01\x02me\x02me"); - test_assert(fetch_from_buf_socks(buf, socks, - get_options()->TestSocks, - get_options()->SafeSocks) == -1); - test_eq(0, socks->socks_version); - test_eq(0, socks->replylen); - test_eq(0, socks->reply[0]); - test_eq(0, socks->reply[1]); - - done: - ; -} - +/** Run unit tests for the onion handshake code. */ static void -test_buffer_copy(void *arg) +test_onion_handshake(void) { - generic_buffer_t *buf=NULL, *buf2=NULL; - const char *s; - size_t len; - char b[256]; + /* client-side */ + crypto_dh_t *c_dh = NULL; + char c_buf[TAP_ONIONSKIN_CHALLENGE_LEN]; + char c_keys[40]; + /* server-side */ + char s_buf[TAP_ONIONSKIN_REPLY_LEN]; + char s_keys[40]; int i; - (void)arg; - - buf = generic_buffer_new(); - tt_assert(buf); - - /* Copy an empty buffer. */ - tt_int_op(0, ==, generic_buffer_set_to_copy(&buf2, buf)); - tt_assert(buf2); - tt_int_op(0, ==, generic_buffer_len(buf2)); - - /* Now try with a short buffer. */ - s = "And now comes an act of enormous enormance!"; - len = strlen(s); - generic_buffer_add(buf, s, len); - tt_int_op(len, ==, generic_buffer_len(buf)); - /* Add junk to buf2 so we can test replacing.*/ - generic_buffer_add(buf2, "BLARG", 5); - tt_int_op(0, ==, generic_buffer_set_to_copy(&buf2, buf)); - tt_int_op(len, ==, generic_buffer_len(buf2)); - generic_buffer_get(buf2, b, len); - test_mem_op(b, ==, s, len); - /* Now free buf2 and retry so we can test allocating */ - generic_buffer_free(buf2); - buf2 = NULL; - tt_int_op(0, ==, generic_buffer_set_to_copy(&buf2, buf)); - tt_int_op(len, ==, generic_buffer_len(buf2)); - generic_buffer_get(buf2, b, len); - test_mem_op(b, ==, s, len); - /* Clear buf for next test */ - generic_buffer_get(buf, b, len); - tt_int_op(generic_buffer_len(buf),==,0); - - /* Okay, now let's try a bigger buffer. */ - s = "Quis autem vel eum iure reprehenderit qui in ea voluptate velit " - "esse quam nihil molestiae consequatur, vel illum qui dolorem eum " - "fugiat quo voluptas nulla pariatur?"; - len = strlen(s); - for (i = 0; i < 256; ++i) { - b[0]=i; - generic_buffer_add(buf, b, 1); - generic_buffer_add(buf, s, len); - } - tt_int_op(0, ==, generic_buffer_set_to_copy(&buf2, buf)); - tt_int_op(generic_buffer_len(buf2), ==, generic_buffer_len(buf)); - for (i = 0; i < 256; ++i) { - generic_buffer_get(buf2, b, len+1); - tt_int_op((unsigned char)b[0],==,i); - test_mem_op(b+1, ==, s, len); - } - - done: - if (buf) - generic_buffer_free(buf); - if (buf2) - generic_buffer_free(buf2); -} - -/** Run unit tests for buffers.c */ -static void -test_buffers(void) -{ - char str[256]; - char str2[256]; - - buf_t *buf = NULL, *buf2 = NULL; - const char *cp; + /* shared */ + crypto_pk_t *pk = NULL, *pk2 = NULL; - int j; - size_t r; + pk = pk_generate(0); + pk2 = pk_generate(1); - /**** - * buf_new - ****/ - if (!(buf = buf_new())) - test_fail(); + /* client handshake 1. */ + memset(c_buf, 0, TAP_ONIONSKIN_CHALLENGE_LEN); + test_assert(! onion_skin_TAP_create(pk, &c_dh, c_buf)); - //test_eq(buf_capacity(buf), 4096); - test_eq(buf_datalen(buf), 0); + for (i = 1; i <= 3; ++i) { + crypto_pk_t *k1, *k2; + if (i==1) { + /* server handshake: only one key known. */ + k1 = pk; k2 = NULL; + } else if (i==2) { + /* server handshake: try the right key first. */ + k1 = pk; k2 = pk2; + } else { + /* server handshake: try the right key second. */ + k1 = pk2; k2 = pk; + } - /**** - * General pointer frobbing - */ - for (j=0;j<256;++j) { - str[j] = (char)j; - } - write_to_buf(str, 256, buf); - write_to_buf(str, 256, buf); - test_eq(buf_datalen(buf), 512); - fetch_from_buf(str2, 200, buf); - test_memeq(str, str2, 200); - test_eq(buf_datalen(buf), 312); - memset(str2, 0, sizeof(str2)); - - fetch_from_buf(str2, 256, buf); - test_memeq(str+200, str2, 56); - test_memeq(str, str2+56, 200); - test_eq(buf_datalen(buf), 56); - memset(str2, 0, sizeof(str2)); - /* Okay, now we should be 512 bytes into the 4096-byte buffer. If we add - * another 3584 bytes, we hit the end. */ - for (j=0;j<15;++j) { - write_to_buf(str, 256, buf); - } - assert_buf_ok(buf); - test_eq(buf_datalen(buf), 3896); - fetch_from_buf(str2, 56, buf); - test_eq(buf_datalen(buf), 3840); - test_memeq(str+200, str2, 56); - for (j=0;j<15;++j) { - memset(str2, 0, sizeof(str2)); - fetch_from_buf(str2, 256, buf); - test_memeq(str, str2, 256); - } - test_eq(buf_datalen(buf), 0); - buf_free(buf); - buf = NULL; - - /* Okay, now make sure growing can work. */ - buf = buf_new_with_capacity(16); - //test_eq(buf_capacity(buf), 16); - write_to_buf(str+1, 255, buf); - //test_eq(buf_capacity(buf), 256); - fetch_from_buf(str2, 254, buf); - test_memeq(str+1, str2, 254); - //test_eq(buf_capacity(buf), 256); - assert_buf_ok(buf); - write_to_buf(str, 32, buf); - //test_eq(buf_capacity(buf), 256); - assert_buf_ok(buf); - write_to_buf(str, 256, buf); - assert_buf_ok(buf); - //test_eq(buf_capacity(buf), 512); - test_eq(buf_datalen(buf), 33+256); - fetch_from_buf(str2, 33, buf); - test_eq(*str2, str[255]); - - test_memeq(str2+1, str, 32); - //test_eq(buf_capacity(buf), 512); - test_eq(buf_datalen(buf), 256); - fetch_from_buf(str2, 256, buf); - test_memeq(str, str2, 256); - - /* now try shrinking: case 1. */ - buf_free(buf); - buf = buf_new_with_capacity(33668); - for (j=0;j<67;++j) { - write_to_buf(str,255, buf); - } - //test_eq(buf_capacity(buf), 33668); - test_eq(buf_datalen(buf), 17085); - for (j=0; j < 40; ++j) { - fetch_from_buf(str2, 255,buf); - test_memeq(str2, str, 255); - } + memset(s_buf, 0, TAP_ONIONSKIN_REPLY_LEN); + memset(s_keys, 0, 40); + test_assert(! onion_skin_TAP_server_handshake(c_buf, k1, k2, + s_buf, s_keys, 40)); - /* now try shrinking: case 2. */ - buf_free(buf); - buf = buf_new_with_capacity(33668); - for (j=0;j<67;++j) { - write_to_buf(str,255, buf); - } - for (j=0; j < 20; ++j) { - fetch_from_buf(str2, 255,buf); - test_memeq(str2, str, 255); - } - for (j=0;j<80;++j) { - write_to_buf(str,255, buf); - } - //test_eq(buf_capacity(buf),33668); - for (j=0; j < 120; ++j) { - fetch_from_buf(str2, 255,buf); - test_memeq(str2, str, 255); - } + /* client handshake 2 */ + memset(c_keys, 0, 40); + test_assert(! onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, 40)); - /* Move from buf to buf. */ - buf_free(buf); - buf = buf_new_with_capacity(4096); - buf2 = buf_new_with_capacity(4096); - for (j=0;j<100;++j) - write_to_buf(str, 255, buf); - test_eq(buf_datalen(buf), 25500); - for (j=0;j<100;++j) { - r = 10; - move_buf_to_buf(buf2, buf, &r); - test_eq(r, 0); - } - test_eq(buf_datalen(buf), 24500); - test_eq(buf_datalen(buf2), 1000); - for (j=0;j<3;++j) { - fetch_from_buf(str2, 255, buf2); - test_memeq(str2, str, 255); - } - r = 8192; /*big move*/ - move_buf_to_buf(buf2, buf, &r); - test_eq(r, 0); - r = 30000; /* incomplete move */ - move_buf_to_buf(buf2, buf, &r); - test_eq(r, 13692); - for (j=0;j<97;++j) { - fetch_from_buf(str2, 255, buf2); - test_memeq(str2, str, 255); + test_memeq(c_keys, s_keys, 40); + memset(s_buf, 0, 40); + test_memneq(c_keys, s_buf, 40); } - buf_free(buf); - buf_free(buf2); - buf = buf2 = NULL; - - buf = buf_new_with_capacity(5); - cp = "Testing. This is a moderately long Testing string."; - for (j = 0; cp[j]; j++) - write_to_buf(cp+j, 1, buf); - test_eq(0, buf_find_string_offset(buf, "Testing", 7)); - test_eq(1, buf_find_string_offset(buf, "esting", 6)); - test_eq(1, buf_find_string_offset(buf, "est", 3)); - test_eq(39, buf_find_string_offset(buf, "ing str", 7)); - test_eq(35, buf_find_string_offset(buf, "Testing str", 11)); - test_eq(32, buf_find_string_offset(buf, "ng ", 3)); - test_eq(43, buf_find_string_offset(buf, "string.", 7)); - test_eq(-1, buf_find_string_offset(buf, "shrdlu", 6)); - test_eq(-1, buf_find_string_offset(buf, "Testing thing", 13)); - test_eq(-1, buf_find_string_offset(buf, "ngx", 3)); - buf_free(buf); - buf = NULL; - - /* Try adding a string too long for any freelist. */ - { - char *cp = tor_malloc_zero(65536); - buf = buf_new(); - write_to_buf(cp, 65536, buf); - tor_free(cp); - - tt_int_op(buf_datalen(buf), ==, 65536); - buf_free(buf); - buf = NULL; - } - done: - if (buf) - buf_free(buf); - if (buf2) - buf_free(buf2); + crypto_dh_free(c_dh); + crypto_pk_free(pk); + crypto_pk_free(pk2); } -/** Run unit tests for the onion handshake code. */ static void -test_onion_handshake(void) +test_bad_onion_handshake(void *arg) { + char junk_buf[TAP_ONIONSKIN_CHALLENGE_LEN]; + char junk_buf2[TAP_ONIONSKIN_CHALLENGE_LEN]; /* client-side */ crypto_dh_t *c_dh = NULL; char c_buf[TAP_ONIONSKIN_CHALLENGE_LEN]; char c_keys[40]; - /* server-side */ char s_buf[TAP_ONIONSKIN_REPLY_LEN]; char s_keys[40]; - /* shared */ - crypto_pk_t *pk = NULL; + crypto_pk_t *pk = NULL, *pk2 = NULL; + + (void)arg; pk = pk_generate(0); + pk2 = pk_generate(1); - /* client handshake 1. */ + /* Server: Case 1: the encrypted data is degenerate. */ + memset(junk_buf, 0, sizeof(junk_buf)); + crypto_pk_public_hybrid_encrypt(pk, junk_buf2, TAP_ONIONSKIN_CHALLENGE_LEN, + junk_buf, DH_KEY_LEN, PK_PKCS1_OAEP_PADDING, 1); + tt_int_op(-1, ==, + onion_skin_TAP_server_handshake(junk_buf2, pk, NULL, + s_buf, s_keys, 40)); + + /* Server: Case 2: the encrypted data is not long enough. */ + memset(junk_buf, 0, sizeof(junk_buf)); + memset(junk_buf2, 0, sizeof(junk_buf2)); + crypto_pk_public_encrypt(pk, junk_buf2, sizeof(junk_buf2), + junk_buf, 48, PK_PKCS1_OAEP_PADDING); + tt_int_op(-1, ==, + onion_skin_TAP_server_handshake(junk_buf2, pk, NULL, + s_buf, s_keys, 40)); + + /* client handshake 1: do it straight. */ memset(c_buf, 0, TAP_ONIONSKIN_CHALLENGE_LEN); test_assert(! onion_skin_TAP_create(pk, &c_dh, c_buf)); - /* server handshake */ - memset(s_buf, 0, TAP_ONIONSKIN_REPLY_LEN); - memset(s_keys, 0, 40); - test_assert(! onion_skin_TAP_server_handshake(c_buf, pk, NULL, + /* Server: Case 3: we just don't have the right key. */ + tt_int_op(-1, ==, + onion_skin_TAP_server_handshake(c_buf, pk2, NULL, s_buf, s_keys, 40)); - /* client handshake 2 */ - memset(c_keys, 0, 40); - test_assert(! onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, 40)); + /* Server: Case 4: The RSA-encrypted portion is corrupt. */ + c_buf[64] ^= 33; + tt_int_op(-1, ==, + onion_skin_TAP_server_handshake(c_buf, pk, NULL, + s_buf, s_keys, 40)); + c_buf[64] ^= 33; - if (memcmp(c_keys, s_keys, 40)) { - puts("Aiiiie"); - exit(1); - } - test_memeq(c_keys, s_keys, 40); - memset(s_buf, 0, 40); - test_memneq(c_keys, s_buf, 40); + /* (Let the server procede) */ + tt_int_op(0, ==, + onion_skin_TAP_server_handshake(c_buf, pk, NULL, + s_buf, s_keys, 40)); + + /* Client: Case 1: The server sent back junk. */ + s_buf[64] ^= 33; + tt_int_op(-1, ==, + onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, 40)); + s_buf[64] ^= 33; + + /* Let the client finish; make sure it can. */ + tt_int_op(0, ==, + onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, 40)); + test_memeq(s_keys, c_keys, 40); + + /* Client: Case 2: The server sent back a degenerate DH. */ + memset(s_buf, 0, sizeof(s_buf)); + tt_int_op(-1, ==, + onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, 40)); done: - if (c_dh) - crypto_dh_free(c_dh); - if (pk) - crypto_pk_free(pk); + crypto_dh_free(c_dh); + crypto_pk_free(pk); + crypto_pk_free(pk2); } #ifdef CURVE25519_ENABLED @@ -956,10 +427,12 @@ test_onion_queues(void) test_eq(0, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); test_eq(0, onion_pending_add(circ1, create1)); + create1 = NULL; test_eq(1, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); test_eq(0, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); test_eq(0, onion_pending_add(circ2, create2)); + create2 = NULL; test_eq(1, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); test_eq_ptr(circ2, onion_next_task(&onionskin)); @@ -971,11 +444,10 @@ test_onion_queues(void) test_eq(0, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); done: - ; -// circuit_free(circ1); -// circuit_free(circ2); - /* and free create1 and create2 */ - /* XXX leaks everything here */ + circuit_free(TO_CIRCUIT(circ1)); + circuit_free(TO_CIRCUIT(circ2)); + tor_free(create1); + tor_free(create2); } static void @@ -1403,6 +875,7 @@ test_policies(void) { int i; char *policy = NULL; + short_policy_t *parsed; smartlist_t *chunks = smartlist_new(); smartlist_add(chunks, tor_strdup("accept ")); for (i=1; i<10000; ++i) @@ -1411,8 +884,9 @@ test_policies(void) policy = smartlist_join_strings(chunks, "", 0, NULL); SMARTLIST_FOREACH(chunks, char *, ch, tor_free(ch)); smartlist_free(chunks); - tt_ptr_op(NULL, ==, parse_short_policy(policy));/* shouldn't be accepted */ - tor_free(policy); /* could leak. */ + parsed = parse_short_policy(policy);/* shouldn't be accepted */ + tor_free(policy); + tt_ptr_op(NULL, ==, parsed); } /* truncation ports */ @@ -1579,6 +1053,34 @@ test_rend_fns(void) tor_free(intro_points_encrypted); } + /* Record odd numbered fake-IPs using ipv6, even numbered fake-IPs + * using ipv4. Since our fake geoip database is the same between + * ipv4 and ipv6, we should get the same result no matter which + * address family we pick for each IP. */ +#define SET_TEST_ADDRESS(i) do { \ + if ((i) & 1) { \ + SET_TEST_IPV6(i); \ + tor_addr_from_in6(&addr, &in6); \ + } else { \ + tor_addr_from_ipv4h(&addr, (uint32_t) i); \ + } \ + } while (0) + + /* Make sure that country ID actually works. */ +#define SET_TEST_IPV6(i) \ + do { \ + set_uint32(in6.s6_addr + 12, htonl((uint32_t) (i))); \ + } while (0) +#define CHECK_COUNTRY(country, val) do { \ + /* test ipv4 country lookup */ \ + test_streq(country, \ + geoip_get_country_name(geoip_get_country_by_ipv4(val))); \ + /* test ipv6 country lookup */ \ + SET_TEST_IPV6(val); \ + test_streq(country, \ + geoip_get_country_name(geoip_get_country_by_ipv6(&in6))); \ + } while (0) + /** Run unit tests for GeoIP code. */ static void test_geoip(void) @@ -1589,7 +1091,8 @@ test_geoip(void) const char *bridge_stats_1 = "bridge-stats-end 2010-08-12 13:27:30 (86400 s)\n" "bridge-ips zz=24,xy=8\n" - "bridge-ip-versions v4=16,v6=16\n", + "bridge-ip-versions v4=16,v6=16\n" + "bridge-ip-transports <OR>=24\n", *dirreq_stats_1 = "dirreq-stats-end 2010-08-12 13:27:30 (86400 s)\n" "dirreq-v3-ips ab=8\n" @@ -1653,21 +1156,6 @@ test_geoip(void) test_eq(4, geoip_get_n_countries()); memset(&in6, 0, sizeof(in6)); - /* Make sure that country ID actually works. */ -#define SET_TEST_IPV6(i) \ - do { \ - set_uint32(in6.s6_addr + 12, htonl((uint32_t) (i))); \ - } while (0) -#define CHECK_COUNTRY(country, val) do { \ - /* test ipv4 country lookup */ \ - test_streq(country, \ - geoip_get_country_name(geoip_get_country_by_ipv4(val))); \ - /* test ipv6 country lookup */ \ - SET_TEST_IPV6(val); \ - test_streq(country, \ - geoip_get_country_name(geoip_get_country_by_ipv6(&in6))); \ - } while (0) - CHECK_COUNTRY("??", 3); CHECK_COUNTRY("ab", 32); CHECK_COUNTRY("??", 5); @@ -1680,40 +1168,25 @@ test_geoip(void) SET_TEST_IPV6(3); test_eq(0, geoip_get_country_by_ipv6(&in6)); -#undef CHECK_COUNTRY - - /* Record odd numbered fake-IPs using ipv6, even numbered fake-IPs - * using ipv4. Since our fake geoip database is the same between - * ipv4 and ipv6, we should get the same result no matter which - * address family we pick for each IP. */ -#define SET_TEST_ADDRESS(i) do { \ - if ((i) & 1) { \ - SET_TEST_IPV6(i); \ - tor_addr_from_in6(&addr, &in6); \ - } else { \ - tor_addr_from_ipv4h(&addr, (uint32_t) i); \ - } \ - } while (0) - get_options_mutable()->BridgeRelay = 1; get_options_mutable()->BridgeRecordUsageByCountry = 1; /* Put 9 observations in AB... */ for (i=32; i < 40; ++i) { SET_TEST_ADDRESS(i); - geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, now-7200); + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, NULL, now-7200); } SET_TEST_ADDRESS(225); - geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, now-7200); + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, NULL, now-7200); /* and 3 observations in XY, several times. */ for (j=0; j < 10; ++j) for (i=52; i < 55; ++i) { SET_TEST_ADDRESS(i); - geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, now-3600); + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, NULL, now-3600); } /* and 17 observations in ZZ... */ for (i=110; i < 127; ++i) { SET_TEST_ADDRESS(i); - geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, now); + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, NULL, now); } geoip_get_client_history(GEOIP_CLIENT_CONNECT, &s, &v); test_assert(s); @@ -1762,7 +1235,7 @@ test_geoip(void) /* Start testing dirreq statistics by making sure that we don't collect * dirreq stats without initializing them. */ SET_TEST_ADDRESS(100); - geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS, &addr, now); + geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS, &addr, NULL, now); s = geoip_format_dirreq_stats(now + 86400); test_assert(!s); @@ -1770,7 +1243,7 @@ test_geoip(void) * dirreq-stats history string. */ geoip_dirreq_stats_init(now); SET_TEST_ADDRESS(100); - geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS, &addr, now); + geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS, &addr, NULL, now); s = geoip_format_dirreq_stats(now + 86400); test_streq(dirreq_stats_1, s); tor_free(s); @@ -1779,7 +1252,7 @@ test_geoip(void) * don't generate a history string. */ geoip_dirreq_stats_term(); SET_TEST_ADDRESS(101); - geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS, &addr, now); + geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS, &addr, NULL, now); s = geoip_format_dirreq_stats(now + 86400); test_assert(!s); @@ -1787,7 +1260,7 @@ test_geoip(void) * that we get an all empty history string. */ geoip_dirreq_stats_init(now); SET_TEST_ADDRESS(100); - geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS, &addr, now); + geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS, &addr, NULL, now); geoip_reset_dirreq_stats(now); s = geoip_format_dirreq_stats(now + 86400); test_streq(dirreq_stats_2, s); @@ -1814,7 +1287,7 @@ test_geoip(void) /* Start testing entry statistics by making sure that we don't collect * anything without initializing entry stats. */ SET_TEST_ADDRESS(100); - geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, now); + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, NULL, now); s = geoip_format_entry_stats(now + 86400); test_assert(!s); @@ -1822,7 +1295,7 @@ test_geoip(void) * entry-stats history string. */ geoip_entry_stats_init(now); SET_TEST_ADDRESS(100); - geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, now); + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, NULL, now); s = geoip_format_entry_stats(now + 86400); test_streq(entry_stats_1, s); tor_free(s); @@ -1831,7 +1304,7 @@ test_geoip(void) * don't generate a history string. */ geoip_entry_stats_term(); SET_TEST_ADDRESS(101); - geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, now); + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, NULL, now); s = geoip_format_entry_stats(now + 86400); test_assert(!s); @@ -1839,15 +1312,12 @@ test_geoip(void) * that we get an all empty history string. */ geoip_entry_stats_init(now); SET_TEST_ADDRESS(100); - geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, now); + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, NULL, now); geoip_reset_entry_stats(now); s = geoip_format_entry_stats(now + 86400); test_streq(entry_stats_2, s); tor_free(s); -#undef SET_TEST_ADDRESS -#undef SET_TEST_IPV6 - /* Stop collecting entry statistics. */ geoip_entry_stats_term(); get_options_mutable()->EntryStatistics = 0; @@ -1857,6 +1327,79 @@ test_geoip(void) tor_free(v); } +static void +test_geoip_with_pt(void) +{ + time_t now = 1281533250; /* 2010-08-11 13:27:30 UTC */ + char *s = NULL; + int i; + tor_addr_t addr; + struct in6_addr in6; + + get_options_mutable()->BridgeRelay = 1; + get_options_mutable()->BridgeRecordUsageByCountry = 1; + + /* No clients seen yet. */ + s = geoip_get_transport_history(); + tor_assert(!s); + + /* 4 connections without a pluggable transport */ + for (i=0; i < 4; ++i) { + SET_TEST_ADDRESS(i); + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, NULL, now-7200); + } + + /* 9 connections with "alpha" */ + for (i=4; i < 13; ++i) { + SET_TEST_ADDRESS(i); + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, "alpha", now-7200); + } + + /* one connection with "beta" */ + SET_TEST_ADDRESS(13); + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, "beta", now-7200); + + /* 14 connections with "charlie" */ + for (i=14; i < 28; ++i) { + SET_TEST_ADDRESS(i); + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, "charlie", now-7200); + } + + /* 131 connections with "ddr" */ + for (i=28; i < 159; ++i) { + SET_TEST_ADDRESS(i); + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, "ddr", now-7200); + } + + /* 8 connections with "entropy" */ + for (i=159; i < 167; ++i) { + SET_TEST_ADDRESS(i); + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, "entropy", now-7200); + } + + /* 2 connections from the same IP with two different transports. */ + SET_TEST_ADDRESS(++i); + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, "fire", now-7200); + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, "google", now-7200); + + /* Test the transport history string. */ + s = geoip_get_transport_history(); + tor_assert(s); + test_streq(s, "<OR>=8,alpha=16,beta=8,charlie=16,ddr=136," + "entropy=8,fire=8,google=8"); + + /* Stop collecting entry statistics. */ + geoip_entry_stats_term(); + get_options_mutable()->EntryStatistics = 0; + + done: + tor_free(s); +} + +#undef SET_TEST_ADDRESS +#undef SET_TEST_IPV6 +#undef CHECK_COUNTRY + /** Run unit tests for stats code. */ static void test_stats(void) @@ -2047,9 +1590,8 @@ const struct testcase_setup_t legacy_setup = { { #name, legacy_test_helper, TT_FORK, &legacy_setup, test_ ## name } static struct testcase_t test_array[] = { - ENT(buffers), - { "buffer_copy", test_buffer_copy, 0, NULL, NULL }, ENT(onion_handshake), + { "bad_onion_handshake", test_bad_onion_handshake, 0, NULL, NULL }, ENT(onion_queues), #ifdef CURVE25519_ENABLED { "ntor_handshake", test_ntor_handshake, 0, NULL, NULL }, @@ -2058,29 +1600,14 @@ static struct testcase_t test_array[] = { ENT(policies), ENT(rend_fns), ENT(geoip), + FORK(geoip_with_pt), FORK(stats), END_OF_TESTCASES }; -#define SOCKSENT(name) \ - { #name, test_socks_##name, TT_FORK, &socks_setup, NULL } - -static struct testcase_t socks_tests[] = { - SOCKSENT(4_unsupported_commands), - SOCKSENT(4_supported_commands), - - SOCKSENT(5_unsupported_commands), - SOCKSENT(5_supported_commands), - SOCKSENT(5_no_authenticate), - SOCKSENT(5_auth_before_negotiation), - SOCKSENT(5_authenticate), - SOCKSENT(5_authenticate_with_data), - - END_OF_TESTCASES -}; - extern struct testcase_t addr_tests[]; +extern struct testcase_t buffer_tests[]; extern struct testcase_t crypto_tests[]; extern struct testcase_t container_tests[]; extern struct testcase_t util_tests[]; @@ -2091,21 +1618,42 @@ extern struct testcase_t config_tests[]; extern struct testcase_t introduce_tests[]; extern struct testcase_t replaycache_tests[]; extern struct testcase_t cell_format_tests[]; +extern struct testcase_t circuitlist_tests[]; +extern struct testcase_t circuitmux_tests[]; +extern struct testcase_t cell_queue_tests[]; +extern struct testcase_t options_tests[]; +extern struct testcase_t socks_tests[]; +extern struct testcase_t extorport_tests[]; +extern struct testcase_t controller_event_tests[]; +extern struct testcase_t logging_tests[]; +extern struct testcase_t backtrace_tests[]; +extern struct testcase_t hs_tests[]; +extern struct testcase_t nodelist_tests[]; static struct testgroup_t testgroups[] = { { "", test_array }, + { "buffer/", buffer_tests }, { "socks/", socks_tests }, { "addr/", addr_tests }, { "crypto/", crypto_tests }, { "container/", container_tests }, { "util/", util_tests }, + { "util/logging/", logging_tests }, { "cellfmt/", cell_format_tests }, + { "cellqueue/", cell_queue_tests }, { "dir/", dir_tests }, { "dir/md/", microdesc_tests }, { "pt/", pt_tests }, { "config/", config_tests }, { "replaycache/", replaycache_tests }, { "introduce/", introduce_tests }, + { "circuitlist/", circuitlist_tests }, + { "circuitmux/", circuitmux_tests }, + { "options/", options_tests }, + { "extorport/", extorport_tests }, + { "control/", controller_event_tests }, + { "hs/", hs_tests }, + { "nodelist/", nodelist_tests }, END_OF_GROUPS }; @@ -2118,6 +1666,7 @@ main(int c, const char **v) char *errmsg = NULL; int i, i_out; int loglevel = LOG_ERR; + int accel_crypto = 0; #ifdef USE_DMALLOC { @@ -2140,6 +1689,8 @@ main(int c, const char **v) loglevel = LOG_INFO; } else if (!strcmp(v[i], "--debug")) { loglevel = LOG_DEBUG; + } else if (!strcmp(v[i], "--accel")) { + accel_crypto = 1; } else { v[i_out++] = v[i]; } @@ -2154,7 +1705,7 @@ main(int c, const char **v) } options->command = CMD_RUN_UNITTESTS; - if (crypto_global_init(0, NULL, NULL)) { + if (crypto_global_init(accel_crypto, NULL, NULL)) { printf("Can't initialize crypto subsystem; exiting.\n"); return 1; } |