diff options
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/include.am | 4 | ||||
| -rwxr-xr-x | src/test/test-network.sh | 2 | ||||
| -rw-r--r-- | src/test/test_checkdir.c | 5 | ||||
| -rw-r--r-- | src/test/test_entryconn.c | 6 | ||||
| -rw-r--r-- | src/test/test_relaycell.c | 12 | ||||
| -rw-r--r-- | src/test/test_util.c | 55 | ||||
| -rwxr-xr-x | src/test/zero_length_keys.sh | 115 |
7 files changed, 160 insertions, 39 deletions
diff --git a/src/test/include.am b/src/test/include.am index 46db801d27..134c2ff56c 100644 --- a/src/test/include.am +++ b/src/test/include.am @@ -123,9 +123,11 @@ if USEPYTHON ./src/test/test-bt-cl assert | $(PYTHON) $(top_srcdir)/src/test/bt_test.py ./src/test/test-bt-cl crash | $(PYTHON) $(top_srcdir)/src/test/bt_test.py endif + $(top_srcdir)/src/test/zero_length_keys.sh EXTRA_DIST += \ src/test/bt_test.py \ src/test/ntor_ref.py \ src/test/slownacl_curve25519.py \ - src/test/test_cmdline_args.py + src/test/test_cmdline_args.py \ + src/test/zero_length_keys.sh diff --git a/src/test/test-network.sh b/src/test/test-network.sh index d28fbde80f..be57cafb7f 100755 --- a/src/test/test-network.sh +++ b/src/test/test-network.sh @@ -45,7 +45,7 @@ PATH="$TOR_DIR/src/or:$TOR_DIR/src/tools:$PATH" # Sleep some, waiting for the network to bootstrap. # TODO: Add chutney command 'bootstrap-status' and use that instead. -BOOTSTRAP_TIME=${BOOTSTRAP_TIME:-18} +BOOTSTRAP_TIME=${BOOTSTRAP_TIME:-25} $ECHO_N "$myname: sleeping for $BOOTSTRAP_TIME seconds" n=$BOOTSTRAP_TIME; while [ $n -gt 0 ]; do sleep 1; n=$(expr $n - 1); $ECHO_N . diff --git a/src/test/test_checkdir.c b/src/test/test_checkdir.c index 882e3b3a61..ae859449cb 100644 --- a/src/test/test_checkdir.c +++ b/src/test/test_checkdir.c @@ -11,6 +11,7 @@ #ifdef _WIN32 #define mkdir(a,b) mkdir(a) #define tt_int_op_nowin(a,op,b) do { (void)(a); (void)(b); } while (0) +#define umask(mask) ((void)0) #else #define tt_int_op_nowin(a,op,b) tt_int_op((a),op,(b)) #endif @@ -28,6 +29,8 @@ test_checkdir_perms(void *testdata) cpd_check_t unix_verify_optsmask; struct stat st; + umask(022); + /* setup data directory before tests. */ tor_free(options->DataDirectory); options->DataDirectory = tor_strdup(get_fname(subdir)); @@ -134,7 +137,7 @@ test_checkdir_perms(void *testdata) { #name, test_checkdir_##name, (flags), NULL, NULL } struct testcase_t checkdir_tests[] = { - CHECKDIR(perms, 0), + CHECKDIR(perms, TT_FORK), END_OF_TESTCASES }; diff --git a/src/test/test_entryconn.c b/src/test/test_entryconn.c index 4c14edefd7..146cddc331 100644 --- a/src/test/test_entryconn.c +++ b/src/test/test_entryconn.c @@ -269,7 +269,7 @@ test_entryconn_rewrite_automap_reverse(void *arg) strlcpy(ec2->socks_request->address, ec->socks_request->address, sizeof(ec2->socks_request->address)); - ec2->use_cached_ipv4_answers = 1; // XXXX REMOVE. This is only there to hide a bug. + ec2->entry_cfg.use_cached_ipv4_answers = 1; // XXXX REMOVE. This is only there to hide a bug. ec2->socks_request->command = SOCKS_COMMAND_RESOLVE_PTR; connection_ap_handshake_rewrite(ec2, &rr); @@ -310,7 +310,7 @@ test_entryconn_rewrite_cached_dns_ipv4(void *arg) ec->socks_request->command = SOCKS_COMMAND_CONNECT; ec2->socks_request->command = SOCKS_COMMAND_CONNECT; - ec2->use_cached_ipv4_answers = 1; /* only ec2 gets this flag */ + ec2->entry_cfg.use_cached_ipv4_answers = 1; /* only ec2 gets this flag */ connection_ap_handshake_rewrite(ec, &rr); tt_int_op(rr.automap, OP_EQ, 0); @@ -362,7 +362,7 @@ test_entryconn_rewrite_cached_dns_ipv6(void *arg) ec->socks_request->command = SOCKS_COMMAND_CONNECT; ec2->socks_request->command = SOCKS_COMMAND_CONNECT; - ec2->use_cached_ipv6_answers = 1; /* only ec2 gets this flag */ + ec2->entry_cfg.use_cached_ipv6_answers = 1; /* only ec2 gets this flag */ connection_ap_handshake_rewrite(ec, &rr); tt_int_op(rr.automap, OP_EQ, 0); diff --git a/src/test/test_relaycell.c b/src/test/test_relaycell.c index 28c8f4e8ef..0a6fef729c 100644 --- a/src/test/test_relaycell.c +++ b/src/test/test_relaycell.c @@ -137,9 +137,9 @@ test_relaycell_resolved(void *arg) /* Now put it in the right state. */ ENTRY_TO_CONN(entryconn)->state = AP_CONN_STATE_RESOLVE_WAIT; entryconn->socks_request->command = SOCKS_COMMAND_RESOLVE; - entryconn->ipv4_traffic_ok = 1; - entryconn->ipv6_traffic_ok = 1; - entryconn->prefer_ipv6_traffic = 0; + entryconn->entry_cfg.ipv4_traffic = 1; + entryconn->entry_cfg.ipv6_traffic = 1; + entryconn->entry_cfg.prefer_ipv6 = 0; /* We prefer ipv4, so we should get the first ipv4 answer */ MOCK_RESET(); @@ -159,7 +159,7 @@ test_relaycell_resolved(void *arg) ASSERT_RESOLVED_CALLED(RESOLVED_TYPE_IPV4, "\x12\x00\x00\x01", 512, -1); /* now prefer ipv6, and get the first ipv6 answer */ - entryconn->prefer_ipv6_traffic = 1; + entryconn->entry_cfg.prefer_ipv6 = 1; MOCK_RESET(); r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh); tt_int_op(r, OP_EQ, 0); @@ -182,7 +182,7 @@ test_relaycell_resolved(void *arg) /* But if we don't allow IPv4, we report nothing if the cell contains only * ipv4 */ MOCK_RESET(); - entryconn->ipv4_traffic_ok = 0; + entryconn->entry_cfg.ipv4_traffic = 0; r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh); tt_int_op(r, OP_EQ, 0); ASSERT_MARK_CALLED(END_STREAM_REASON_DONE| @@ -191,7 +191,7 @@ test_relaycell_resolved(void *arg) /* If we wanted hostnames, we report nothing, since we only had IPs. */ MOCK_RESET(); - entryconn->ipv4_traffic_ok = 1; + entryconn->entry_cfg.ipv4_traffic = 1; entryconn->socks_request->command = SOCKS_COMMAND_RESOLVE_PTR; r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh); tt_int_op(r, OP_EQ, 0); diff --git a/src/test/test_util.c b/src/test/test_util.c index 15470e8efa..2ee1d6dfc1 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -4614,26 +4614,26 @@ test_util_round_to_next_multiple_of(void *arg) { (void)arg; - tt_assert(round_uint64_to_next_multiple_of(0,1) == 0); - tt_assert(round_uint64_to_next_multiple_of(0,7) == 0); + tt_u64_op(round_uint64_to_next_multiple_of(0,1), ==, 0); + tt_u64_op(round_uint64_to_next_multiple_of(0,7), ==, 0); - tt_assert(round_uint64_to_next_multiple_of(99,1) == 99); - tt_assert(round_uint64_to_next_multiple_of(99,7) == 105); - tt_assert(round_uint64_to_next_multiple_of(99,9) == 99); + tt_u64_op(round_uint64_to_next_multiple_of(99,1), ==, 99); + tt_u64_op(round_uint64_to_next_multiple_of(99,7), ==, 105); + tt_u64_op(round_uint64_to_next_multiple_of(99,9), ==, 99); - tt_assert(round_int64_to_next_multiple_of(0,1) == 0); - tt_assert(round_int64_to_next_multiple_of(0,7) == 0); + tt_i64_op(round_int64_to_next_multiple_of(0,1), ==, 0); + tt_i64_op(round_int64_to_next_multiple_of(0,7), ==, 0); - tt_assert(round_int64_to_next_multiple_of(99,1) == 99); - tt_assert(round_int64_to_next_multiple_of(99,7) == 105); - tt_assert(round_int64_to_next_multiple_of(99,9) == 99); + tt_i64_op(round_int64_to_next_multiple_of(99,1), ==, 99); + tt_i64_op(round_int64_to_next_multiple_of(99,7), ==, 105); + tt_i64_op(round_int64_to_next_multiple_of(99,9), ==, 99); - tt_assert(round_int64_to_next_multiple_of(-99,1) == -99); - tt_assert(round_int64_to_next_multiple_of(-99,7) == -98); - tt_assert(round_int64_to_next_multiple_of(-99,9) == -99); + tt_i64_op(round_int64_to_next_multiple_of(-99,1), ==, -99); + tt_i64_op(round_int64_to_next_multiple_of(-99,7), ==, -98); + tt_i64_op(round_int64_to_next_multiple_of(-99,9), ==, -99); - tt_assert(round_int64_to_next_multiple_of(INT64_MIN,2) == INT64_MIN); - tt_assert(round_int64_to_next_multiple_of(INT64_MAX,2) == + tt_i64_op(round_int64_to_next_multiple_of(INT64_MIN,2), ==, INT64_MIN); + tt_i64_op(round_int64_to_next_multiple_of(INT64_MAX,2), ==, INT64_MAX-INT64_MAX%2); done: ; @@ -4654,25 +4654,26 @@ test_util_laplace(void *arg) const double delta_f = 15.0, epsilon = 0.3; /* b = 15.0 / 0.3 = 50.0 */ (void)arg; - tt_assert(isinf(sample_laplace_distribution(mu, b, 0.0))); - test_feq(-69.88855213, sample_laplace_distribution(mu, b, 0.01)); - test_feq(24.0, sample_laplace_distribution(mu, b, 0.5)); - test_feq(24.48486498, sample_laplace_distribution(mu, b, 0.51)); - test_feq(117.88855213, sample_laplace_distribution(mu, b, 0.99)); + tt_i64_op(INT64_MIN, ==, sample_laplace_distribution(mu, b, 0.0)); + tt_i64_op(-69, ==, sample_laplace_distribution(mu, b, 0.01)); + tt_i64_op(24, ==, sample_laplace_distribution(mu, b, 0.5)); + tt_i64_op(24, ==, sample_laplace_distribution(mu, b, 0.51)); + tt_i64_op(117, ==, sample_laplace_distribution(mu, b, 0.99)); /* >>> laplace.ppf([0.0, 0.1, 0.25, 0.5, 0.75, 0.9, 0.99], * ... loc = 0, scale = 50) * array([ -inf, -80.47189562, -34.65735903, 0. , * 34.65735903, 80.47189562, 195.60115027]) */ - tt_assert(INT64_MIN + 20 == + tt_i64_op(INT64_MIN + 20, ==, add_laplace_noise(20, 0.0, delta_f, epsilon)); - tt_assert(-60 == add_laplace_noise(20, 0.1, delta_f, epsilon)); - tt_assert(-14 == add_laplace_noise(20, 0.25, delta_f, epsilon)); - tt_assert(20 == add_laplace_noise(20, 0.5, delta_f, epsilon)); - tt_assert(54 == add_laplace_noise(20, 0.75, delta_f, epsilon)); - tt_assert(100 == add_laplace_noise(20, 0.9, delta_f, epsilon)); - tt_assert(215 == add_laplace_noise(20, 0.99, delta_f, epsilon)); + tt_i64_op(-60, ==, add_laplace_noise(20, 0.1, delta_f, epsilon)); + tt_i64_op(-14, ==, add_laplace_noise(20, 0.25, delta_f, epsilon)); + tt_i64_op(20, ==, add_laplace_noise(20, 0.5, delta_f, epsilon)); + tt_i64_op(54, ==, add_laplace_noise(20, 0.75, delta_f, epsilon)); + tt_i64_op(100, ==, add_laplace_noise(20, 0.9, delta_f, epsilon)); + tt_i64_op(215, ==, add_laplace_noise(20, 0.99, delta_f, epsilon)); + done: ; } diff --git a/src/test/zero_length_keys.sh b/src/test/zero_length_keys.sh new file mode 100755 index 0000000000..3a99ca1f1d --- /dev/null +++ b/src/test/zero_length_keys.sh @@ -0,0 +1,115 @@ +#!/bin/sh +# Check that tor regenerates keys when key files are zero-length +# Test for bug #13111 - Tor fails to start if onion keys are zero length +# +# Usage: +# ./zero_length_keys.sh +# Run all the tests below +# ./zero_length_keys.sh -z +# Check tor will launch and regenerate zero-length keys +# ./zero_length_keys.sh -d +# Check tor regenerates deleted keys (existing behaviour) +# ./zero_length_keys.sh -e +# Check tor does not overwrite existing keys (existing behaviour) +# +# Exit Statuses: +# -2: test failed - tor did not generate the key files on first run +# -1: a command failed - the test could not be completed +# 0: test succeeded - tor regenerated/kept the files +# 1: test failed - tor did not regenerate/keep the files +# + +if [ $# -lt 1 ]; then + echo "Testing that tor correctly handles zero-length keys" + "$0" -z && "$0" -d && "$0" -e + exit $? +fi + +export DATA_DIR=`mktemp -d -t tor_zero_length_keys.XXXXXX` +# DisableNetwork means that the ORPort won't actually be opened. +# 'ExitRelay 0' suppresses a warning. +TOR="./src/or/tor --hush --DisableNetwork 1 --ShutdownWaitLength 0 --ORPort 12345 --ExitRelay 0" + +if [ -s "$DATA_DIR"/keys/secret_id_key -a -s "$DATA_DIR"/keys/secret_onion_key -a -s "$DATA_DIR"/keys/secret_onion_key_ntor ]; then + echo "Failure: Previous tor keys present in tor data directory" + exit -1 +else + echo "Generating initial tor keys" + $TOR --DataDirectory "$DATA_DIR" --PidFile "$DATA_DIR"/pid & + TOR_PID=$! + # generate SIGTERM, hopefully after the keys have been regenerated + sleep 5 + kill $TOR_PID + wait $TOR_PID + + # tor must successfully generate non-zero-length key files + if [ -s "$DATA_DIR"/keys/secret_id_key -a -s "$DATA_DIR"/keys/secret_onion_key -a -s "$DATA_DIR"/keys/secret_onion_key_ntor ]; then + true #echo "tor generated the initial key files" + else + echo "Failure: tor failed to generate the initial key files" + exit -2 + fi +fi + +#ls -lh "$DATA_DIR"/keys/ || exit -1 + +# backup and keep/delete/create zero-length files for the keys + +FILE_DESC="keeps existing" +# make a backup +cp -r "$DATA_DIR"/keys "$DATA_DIR"/keys.old + +# delete keys for -d or -z +if [ "$1" != "-e" ]; then + FILE_DESC="regenerates deleted" + rm "$DATA_DIR"/keys/secret_id_key || exit -1 + rm "$DATA_DIR"/keys/secret_onion_key || exit -1 + rm "$DATA_DIR"/keys/secret_onion_key_ntor || exit -1 +fi + +# create empty files for -z +if [ "$1" = "-z" ]; then + FILE_DESC="regenerates zero-length" + touch "$DATA_DIR"/keys/secret_id_key || exit -1 + touch "$DATA_DIR"/keys/secret_onion_key || exit -1 + touch "$DATA_DIR"/keys/secret_onion_key_ntor || exit -1 +fi + +echo "Running tor again to check if it $FILE_DESC keys" +$TOR --DataDirectory "$DATA_DIR" --PidFile "$DATA_DIR"/pid & +TOR_PID=$! +# generate SIGTERM, hopefully after the keys have been regenerated +sleep 5 +kill $TOR_PID +wait $TOR_PID + +#ls -lh "$DATA_DIR"/keys/ || exit -1 + +# tor must always have non-zero-length key files +if [ -s "$DATA_DIR"/keys/secret_id_key -a -s "$DATA_DIR"/keys/secret_onion_key -a -s "$DATA_DIR"/keys/secret_onion_key_ntor ]; then + # check if the keys are different to the old ones + diff -q -r "$DATA_DIR"/keys "$DATA_DIR"/keys.old > /dev/null + SAME_KEYS=$? + # if we're not testing existing keys, + # the current keys should be different to the old ones + if [ "$1" != "-e" ]; then + if [ $SAME_KEYS -ne 0 ]; then + echo "Success: test that tor $FILE_DESC key files: different keys" + exit 0 + else + echo "Failure: test that tor $FILE_DESC key files: same keys" + exit 1 + fi + else #[ "$1" == "-e" ]; then + if [ $SAME_KEYS -eq 0 ]; then + echo "Success: test that tor $FILE_DESC key files: same keys" + exit 0 + else + echo "Failure: test that tor $FILE_DESC key files: different keys" + exit 1 + fi + fi +else + echo "Failure: test that tor $FILE_DESC key files: no key files" + exit 1 +fi |