diff options
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/bench.c | 71 | ||||
| -rw-r--r-- | src/test/test.c | 207 | ||||
| -rw-r--r-- | src/test/test_cell_formats.c | 127 | ||||
| -rw-r--r-- | src/test/test_circuitpadding.c | 2 | ||||
| -rw-r--r-- | src/test/test_conflux_pool.c | 6 | ||||
| -rw-r--r-- | src/test/test_dir.c | 92 | ||||
| -rw-r--r-- | src/test/test_dirvote.c | 25 | ||||
| -rw-r--r-- | src/test/test_entrynodes.c | 2 | ||||
| -rw-r--r-- | src/test/test_hs_client.c | 8 | ||||
| -rw-r--r-- | src/test/test_hs_service.c | 2 | ||||
| -rw-r--r-- | src/test/test_microdesc.c | 70 | ||||
| -rw-r--r-- | src/test/test_protover.c | 4 | ||||
| -rw-r--r-- | src/test/test_router.c | 4 | ||||
| -rw-r--r-- | src/test/test_sandbox.c | 20 | ||||
| -rw-r--r-- | src/test/test_socks.c | 65 | ||||
| -rw-r--r-- | src/test/test_status.c | 13 |
16 files changed, 237 insertions, 481 deletions
diff --git a/src/test/bench.c b/src/test/bench.c index a76e600cfa..044351b4be 100644 --- a/src/test/bench.c +++ b/src/test/bench.c @@ -11,7 +11,6 @@ #include "orconfig.h" #include "core/or/or.h" -#include "core/crypto/onion_tap.h" #include "core/crypto/relay_crypto.h" #include "lib/intmath/weakrng.h" @@ -127,75 +126,6 @@ bench_aes(void) } static void -bench_onion_TAP(void) -{ - const int iters = 1<<9; - int i; - crypto_pk_t *key, *key2; - uint64_t start, end; - char os[TAP_ONIONSKIN_CHALLENGE_LEN]; - char or[TAP_ONIONSKIN_REPLY_LEN]; - crypto_dh_t *dh_out = NULL; - - key = crypto_pk_new(); - key2 = crypto_pk_new(); - if (crypto_pk_generate_key_with_bits(key, 1024) < 0) - goto done; - if (crypto_pk_generate_key_with_bits(key2, 1024) < 0) - goto done; - - reset_perftime(); - start = perftime(); - for (i = 0; i < iters; ++i) { - onion_skin_TAP_create(key, &dh_out, os); - crypto_dh_free(dh_out); - } - end = perftime(); - printf("Client-side, part 1: %f usec.\n", NANOCOUNT(start, end, iters)/1e3); - - onion_skin_TAP_create(key, &dh_out, os); - start = perftime(); - for (i = 0; i < iters; ++i) { - char key_out[CPATH_KEY_MATERIAL_LEN]; - onion_skin_TAP_server_handshake(os, key, NULL, or, - key_out, sizeof(key_out)); - } - end = perftime(); - printf("Server-side, key guessed right: %f usec\n", - NANOCOUNT(start, end, iters)/1e3); - - start = perftime(); - for (i = 0; i < iters; ++i) { - char key_out[CPATH_KEY_MATERIAL_LEN]; - onion_skin_TAP_server_handshake(os, key2, key, or, - key_out, sizeof(key_out)); - } - end = perftime(); - printf("Server-side, key guessed wrong: %f usec.\n", - NANOCOUNT(start, end, iters)/1e3); - - start = perftime(); - for (i = 0; i < iters; ++i) { - crypto_dh_t *dh; - char key_out[CPATH_KEY_MATERIAL_LEN]; - int s; - dh = crypto_dh_dup(dh_out); - s = onion_skin_TAP_client_handshake(dh, or, key_out, sizeof(key_out), - NULL); - crypto_dh_free(dh); - tor_assert(s == 0); - } - end = perftime(); - printf("Client-side, part 2: %f usec.\n", - NANOCOUNT(start, end, iters)/1e3); - - done: - crypto_dh_free(dh_out); - crypto_pk_free(key); - crypto_pk_free(key2); -} - -static void bench_onion_ntor_impl(void) { const int iters = 1<<10; @@ -754,7 +684,6 @@ static struct benchmark_t benchmarks[] = { ENT(siphash), ENT(digest), ENT(aes), - ENT(onion_TAP), ENT(onion_ntor), ENT(ed25519), ENT(rand), diff --git a/src/test/test.c b/src/test/test.c index 2030a8336e..317b570d8e 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -50,7 +50,6 @@ #include "core/or/onion.h" #include "core/crypto/onion_ntor.h" #include "core/crypto/onion_fast.h" -#include "core/crypto/onion_tap.h" #include "core/or/policies.h" #include "lib/sandbox/sandbox.h" #include "app/config/statefile.h" @@ -61,150 +60,6 @@ #include "core/or/or_circuit_st.h" #include "feature/relay/onion_queue.h" -/** Run unit tests for the onion handshake code. */ -static void -test_onion_handshake(void *arg) -{ - /* client-side */ - crypto_dh_t *c_dh = NULL; - char c_buf[TAP_ONIONSKIN_CHALLENGE_LEN]; - char c_keys[40]; - /* server-side */ - char s_buf[TAP_ONIONSKIN_REPLY_LEN]; - char s_keys[40]; - int i; - /* shared */ - crypto_pk_t *pk = NULL, *pk2 = NULL; - - (void)arg; - pk = pk_generate(0); - pk2 = pk_generate(1); - - /* client handshake 1. */ - memset(c_buf, 0, TAP_ONIONSKIN_CHALLENGE_LEN); - tt_assert(! onion_skin_TAP_create(pk, &c_dh, c_buf)); - - for (i = 1; i <= 3; ++i) { - crypto_pk_t *k1, *k2; - if (i==1) { - /* server handshake: only one key known. */ - k1 = pk; k2 = NULL; - } else if (i==2) { - /* server handshake: try the right key first. */ - k1 = pk; k2 = pk2; - } else { - /* server handshake: try the right key second. */ - k1 = pk2; k2 = pk; - } - - memset(s_buf, 0, TAP_ONIONSKIN_REPLY_LEN); - memset(s_keys, 0, 40); - tt_assert(! onion_skin_TAP_server_handshake(c_buf, k1, k2, - s_buf, s_keys, 40)); - - /* client handshake 2 */ - memset(c_keys, 0, 40); - tt_assert(! onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, - 40, NULL)); - - tt_mem_op(c_keys,OP_EQ, s_keys, 40); - memset(s_buf, 0, 40); - tt_mem_op(c_keys,OP_NE, s_buf, 40); - } - done: - crypto_dh_free(c_dh); - crypto_pk_free(pk); - crypto_pk_free(pk2); -} - -static void -test_bad_onion_handshake(void *arg) -{ - char junk_buf[TAP_ONIONSKIN_CHALLENGE_LEN]; - char junk_buf2[TAP_ONIONSKIN_CHALLENGE_LEN]; - /* client-side */ - crypto_dh_t *c_dh = NULL; - char c_buf[TAP_ONIONSKIN_CHALLENGE_LEN]; - char c_keys[40]; - /* server-side */ - char s_buf[TAP_ONIONSKIN_REPLY_LEN]; - char s_keys[40]; - /* shared */ - crypto_pk_t *pk = NULL, *pk2 = NULL; - - (void)arg; - - pk = pk_generate(0); - pk2 = pk_generate(1); - - /* Server: Case 1: the encrypted data is degenerate. */ - memset(junk_buf, 0, sizeof(junk_buf)); - crypto_pk_obsolete_public_hybrid_encrypt(pk, - junk_buf2, TAP_ONIONSKIN_CHALLENGE_LEN, - junk_buf, DH1024_KEY_LEN, - PK_PKCS1_OAEP_PADDING, 1); - tt_int_op(-1, OP_EQ, - onion_skin_TAP_server_handshake(junk_buf2, pk, NULL, - s_buf, s_keys, 40)); - - /* Server: Case 2: the encrypted data is not long enough. */ - memset(junk_buf, 0, sizeof(junk_buf)); - memset(junk_buf2, 0, sizeof(junk_buf2)); - crypto_pk_public_encrypt(pk, junk_buf2, sizeof(junk_buf2), - junk_buf, 48, PK_PKCS1_OAEP_PADDING); - tt_int_op(-1, OP_EQ, - onion_skin_TAP_server_handshake(junk_buf2, pk, NULL, - s_buf, s_keys, 40)); - - /* client handshake 1: do it straight. */ - memset(c_buf, 0, TAP_ONIONSKIN_CHALLENGE_LEN); - tt_assert(! onion_skin_TAP_create(pk, &c_dh, c_buf)); - - /* Server: Case 3: we just don't have the right key. */ - tt_int_op(-1, OP_EQ, - onion_skin_TAP_server_handshake(c_buf, pk2, NULL, - s_buf, s_keys, 40)); - - /* Server: Case 4: The RSA-encrypted portion is corrupt. */ - c_buf[64] ^= 33; - tt_int_op(-1, OP_EQ, - onion_skin_TAP_server_handshake(c_buf, pk, NULL, - s_buf, s_keys, 40)); - c_buf[64] ^= 33; - - /* (Let the server proceed) */ - tt_int_op(0, OP_EQ, - onion_skin_TAP_server_handshake(c_buf, pk, NULL, - s_buf, s_keys, 40)); - - /* Client: Case 1: The server sent back junk. */ - const char *msg = NULL; - s_buf[64] ^= 33; - tt_int_op(-1, OP_EQ, - onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, 40, &msg)); - s_buf[64] ^= 33; - tt_str_op(msg, OP_EQ, "Digest DOES NOT MATCH on onion handshake. " - "Bug or attack."); - - /* Let the client finish; make sure it can. */ - msg = NULL; - tt_int_op(0, OP_EQ, - onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, 40, &msg)); - tt_mem_op(s_keys,OP_EQ, c_keys, 40); - tt_ptr_op(msg, OP_EQ, NULL); - - /* Client: Case 2: The server sent back a degenerate DH. */ - memset(s_buf, 0, sizeof(s_buf)); - tt_int_op(-1, OP_EQ, - onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, 40, &msg)); - tt_str_op(msg, OP_EQ, "DH computation failed."); - - done: - crypto_dh_free(c_dh); - crypto_pk_free(pk); - crypto_pk_free(pk2); -} - static void test_ntor_handshake(void *arg) { @@ -306,37 +161,35 @@ test_fast_handshake(void *arg) static void test_onion_queues(void *arg) { - uint8_t buf1[TAP_ONIONSKIN_CHALLENGE_LEN] = {0}; + uint8_t buf1[NTOR_ONIONSKIN_LEN] = {0}; uint8_t buf2[NTOR_ONIONSKIN_LEN] = {0}; or_circuit_t *circ1 = or_circuit_new(0, NULL); or_circuit_t *circ2 = or_circuit_new(0, NULL); - create_cell_t *onionskin = NULL, *create2_ptr; + create_cell_t *onionskin = NULL, *create1_ptr; create_cell_t *create1 = tor_malloc_zero(sizeof(create_cell_t)); create_cell_t *create2 = tor_malloc_zero(sizeof(create_cell_t)); (void)arg; - create2_ptr = create2; /* remember, but do not free */ + create1_ptr = create1; /* remember, but do not free */ - create_cell_init(create1, CELL_CREATE, ONION_HANDSHAKE_TYPE_TAP, - TAP_ONIONSKIN_CHALLENGE_LEN, buf1); + create_cell_init(create1, CELL_CREATE, ONION_HANDSHAKE_TYPE_NTOR, + NTOR_ONIONSKIN_LEN, buf1); create_cell_init(create2, CELL_CREATE, ONION_HANDSHAKE_TYPE_NTOR, NTOR_ONIONSKIN_LEN, buf2); - tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); tt_int_op(0,OP_EQ, onion_pending_add(circ1, create1)); create1 = NULL; - tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); - tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); tt_int_op(0,OP_EQ, onion_pending_add(circ2, create2)); create2 = NULL; - tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); + tt_int_op(2,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); - tt_ptr_op(circ2,OP_EQ, onion_next_task(&onionskin)); - tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); - tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); - tt_ptr_op(onionskin, OP_EQ, create2_ptr); + tt_ptr_op(circ1,OP_EQ, onion_next_task(&onionskin)); + tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); + tt_ptr_op(onionskin, OP_EQ, create1_ptr); clear_pending_onions(); tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); @@ -365,24 +218,19 @@ test_onion_queues(void *arg) static void test_onion_queue_order(void *arg) { - uint8_t buf_tap[TAP_ONIONSKIN_CHALLENGE_LEN] = {0}; uint8_t buf_ntor[NTOR_ONIONSKIN_LEN] = {0}; uint8_t buf_ntor3[CELL_PAYLOAD_SIZE] = {0}; - or_circuit_t *circ_tap = or_circuit_new(0, NULL); or_circuit_t *circ_ntor = or_circuit_new(0, NULL); or_circuit_t *circ_ntor3 = or_circuit_new(0, NULL); create_cell_t *onionskin = NULL; - create_cell_t *create_tap1 = tor_malloc_zero(sizeof(create_cell_t)); create_cell_t *create_ntor1 = tor_malloc_zero(sizeof(create_cell_t)); create_cell_t *create_ntor2 = tor_malloc_zero(sizeof(create_cell_t)); create_cell_t *create_v3ntor1 = tor_malloc_zero(sizeof(create_cell_t)); create_cell_t *create_v3ntor2 = tor_malloc_zero(sizeof(create_cell_t)); (void)arg; - create_cell_init(create_tap1, CELL_CREATE, ONION_HANDSHAKE_TYPE_TAP, - TAP_ONIONSKIN_CHALLENGE_LEN, buf_tap); create_cell_init(create_ntor1, CELL_CREATE, ONION_HANDSHAKE_TYPE_NTOR, NTOR_ONIONSKIN_LEN, buf_ntor); create_cell_init(create_ntor2, CELL_CREATE, ONION_HANDSHAKE_TYPE_NTOR, @@ -393,78 +241,63 @@ test_onion_queue_order(void *arg) NTOR_ONIONSKIN_LEN, buf_ntor3); /* sanity check queue init */ - tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); - tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); - tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); - - /* Add tap first so we can ensure it comes out last */ - tt_int_op(0,OP_EQ, onion_pending_add(circ_tap, create_tap1)); - tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); /* Now add interleaving ntor2 and ntor3, to ensure they share * the same queue and come out in this order */ tt_int_op(0,OP_EQ, onion_pending_add(circ_ntor, create_ntor1)); - tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); tt_int_op(0,OP_EQ, onion_pending_add(circ_ntor3, create_v3ntor1)); - tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); tt_int_op(2,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); tt_int_op(2,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); tt_int_op(0,OP_EQ, onion_pending_add(circ_ntor, create_ntor2)); - tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); tt_int_op(3,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); tt_int_op(3,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); tt_int_op(0,OP_EQ, onion_pending_add(circ_ntor3, create_v3ntor2)); - tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); tt_int_op(4,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); tt_int_op(4,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); /* Now remove 5 tasks, ensuring order and queue sizes */ tt_ptr_op(circ_ntor, OP_EQ, onion_next_task(&onionskin)); - tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); tt_int_op(3,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); tt_int_op(3,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); tt_ptr_op(onionskin, OP_EQ, create_ntor1); tt_ptr_op(circ_ntor3, OP_EQ, onion_next_task(&onionskin)); - tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); tt_int_op(2,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); tt_int_op(2,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); tt_ptr_op(onionskin, OP_EQ, create_v3ntor1); tt_ptr_op(circ_ntor, OP_EQ, onion_next_task(&onionskin)); - tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); tt_ptr_op(onionskin, OP_EQ, create_ntor2); tt_ptr_op(circ_ntor3, OP_EQ, onion_next_task(&onionskin)); - tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); - tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); - tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); - tt_ptr_op(onionskin, OP_EQ, create_v3ntor2); - - tt_ptr_op(circ_tap, OP_EQ, onion_next_task(&onionskin)); tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); - tt_ptr_op(onionskin, OP_EQ, create_tap1); + tt_ptr_op(onionskin, OP_EQ, create_v3ntor2); clear_pending_onions(); tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); done: - circuit_free_(TO_CIRCUIT(circ_tap)); circuit_free_(TO_CIRCUIT(circ_ntor)); circuit_free_(TO_CIRCUIT(circ_ntor3)); - tor_free(create_tap1); tor_free(create_ntor1); tor_free(create_ntor2); tor_free(create_v3ntor1); @@ -740,8 +573,6 @@ test_circuit_timeout(void *arg) { #name, test_ ## name , TT_FORK, NULL, NULL } static struct testcase_t test_array[] = { - ENT(onion_handshake), - { "bad_onion_handshake", test_bad_onion_handshake, 0, NULL, NULL }, ENT(onion_queues), ENT(onion_queue_order), { "ntor_handshake", test_ntor_handshake, 0, NULL, NULL }, diff --git a/src/test/test_cell_formats.c b/src/test/test_cell_formats.c index b7b149cd66..e01a3461fc 100644 --- a/src/test/test_cell_formats.c +++ b/src/test/test_cell_formats.c @@ -14,7 +14,6 @@ #include "app/config/config.h" #include "lib/crypt_ops/crypto_rand.h" #include "core/or/onion.h" -#include "core/crypto/onion_tap.h" #include "core/crypto/onion_fast.h" #include "core/crypto/onion_ntor.h" #include "core/or/relay.h" @@ -399,21 +398,6 @@ test_cfmt_create_cells(void *arg) /* === Let's try parsing some good cells! */ - /* A valid create cell. */ - memset(&cell, 0, sizeof(cell)); - memset(b, 0, sizeof(b)); - crypto_rand((char*)b, TAP_ONIONSKIN_CHALLENGE_LEN); - cell.command = CELL_CREATE; - memcpy(cell.payload, b, TAP_ONIONSKIN_CHALLENGE_LEN); - tt_int_op(0, OP_EQ, create_cell_parse(&cc, &cell)); - tt_int_op(CELL_CREATE, OP_EQ, cc.cell_type); - tt_int_op(ONION_HANDSHAKE_TYPE_TAP, OP_EQ, cc.handshake_type); - tt_int_op(TAP_ONIONSKIN_CHALLENGE_LEN, OP_EQ, cc.handshake_len); - tt_mem_op(cc.onionskin,OP_EQ, b, TAP_ONIONSKIN_CHALLENGE_LEN + 10); - tt_int_op(0, OP_EQ, create_cell_format(&cell2, &cc)); - tt_int_op(cell.command, OP_EQ, cell2.command); - tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE); - /* A valid create_fast cell. */ memset(&cell, 0, sizeof(cell)); memset(b, 0, sizeof(b)); @@ -429,22 +413,6 @@ test_cfmt_create_cells(void *arg) tt_int_op(cell.command, OP_EQ, cell2.command); tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE); - /* A valid create2 cell with a TAP payload */ - memset(&cell, 0, sizeof(cell)); - memset(b, 0, sizeof(b)); - crypto_rand((char*)b, TAP_ONIONSKIN_CHALLENGE_LEN); - cell.command = CELL_CREATE2; - memcpy(cell.payload, "\x00\x00\x00\xBA", 4); /* TAP, 186 bytes long */ - memcpy(cell.payload+4, b, TAP_ONIONSKIN_CHALLENGE_LEN); - tt_int_op(0, OP_EQ, create_cell_parse(&cc, &cell)); - tt_int_op(CELL_CREATE2, OP_EQ, cc.cell_type); - tt_int_op(ONION_HANDSHAKE_TYPE_TAP, OP_EQ, cc.handshake_type); - tt_int_op(TAP_ONIONSKIN_CHALLENGE_LEN, OP_EQ, cc.handshake_len); - tt_mem_op(cc.onionskin,OP_EQ, b, TAP_ONIONSKIN_CHALLENGE_LEN + 10); - tt_int_op(0, OP_EQ, create_cell_format(&cell2, &cc)); - tt_int_op(cell.command, OP_EQ, cell2.command); - tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE); - /* A valid create2 cell with an ntor payload */ memset(&cell, 0, sizeof(cell)); memset(b, 0, sizeof(b)); @@ -461,22 +429,6 @@ test_cfmt_create_cells(void *arg) tt_int_op(cell.command, OP_EQ, cell2.command); tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE); - /* A valid create cell with an ntor payload, in legacy format. */ - memset(&cell, 0, sizeof(cell)); - memset(b, 0, sizeof(b)); - crypto_rand((char*)b, NTOR_ONIONSKIN_LEN); - cell.command = CELL_CREATE; - memcpy(cell.payload, "ntorNTORntorNTOR", 16); - memcpy(cell.payload+16, b, NTOR_ONIONSKIN_LEN); - tt_int_op(0, OP_EQ, create_cell_parse(&cc, &cell)); - tt_int_op(CELL_CREATE, OP_EQ, cc.cell_type); - tt_int_op(ONION_HANDSHAKE_TYPE_NTOR, OP_EQ, cc.handshake_type); - tt_int_op(NTOR_ONIONSKIN_LEN, OP_EQ, cc.handshake_len); - tt_mem_op(cc.onionskin,OP_EQ, b, NTOR_ONIONSKIN_LEN + 10); - tt_int_op(0, OP_EQ, create_cell_format(&cell2, &cc)); - tt_int_op(cell.command, OP_EQ, cell2.command); - tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE); - /* == Okay, now let's try to parse some impossible stuff. */ /* It has to be some kind of a create cell! */ @@ -517,20 +469,6 @@ test_cfmt_created_cells(void *arg) (void)arg; - /* A good CREATED cell */ - memset(&cell, 0, sizeof(cell)); - memset(b, 0, sizeof(b)); - crypto_rand((char*)b, TAP_ONIONSKIN_REPLY_LEN); - cell.command = CELL_CREATED; - memcpy(cell.payload, b, TAP_ONIONSKIN_REPLY_LEN); - tt_int_op(0, OP_EQ, created_cell_parse(&cc, &cell)); - tt_int_op(CELL_CREATED, OP_EQ, cc.cell_type); - tt_int_op(TAP_ONIONSKIN_REPLY_LEN, OP_EQ, cc.handshake_len); - tt_mem_op(cc.reply,OP_EQ, b, TAP_ONIONSKIN_REPLY_LEN + 10); - tt_int_op(0, OP_EQ, created_cell_format(&cell2, &cc)); - tt_int_op(cell.command, OP_EQ, cell2.command); - tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE); - /* A good CREATED_FAST cell */ memset(&cell, 0, sizeof(cell)); memset(b, 0, sizeof(b)); @@ -606,54 +544,6 @@ test_cfmt_extend_cells(void *arg) (void) arg; - /* Let's start with a simple EXTEND cell. */ - memset(p, 0, sizeof(p)); - memset(b, 0, sizeof(b)); - crypto_rand((char*)b, TAP_ONIONSKIN_CHALLENGE_LEN); - memcpy(p, "\x12\xf4\x00\x01\x01\x02", 6); /* 18 244 0 1 : 258 */ - memcpy(p+6,b,TAP_ONIONSKIN_CHALLENGE_LEN); - memcpy(p+6+TAP_ONIONSKIN_CHALLENGE_LEN, "electroencephalogram", 20); - tt_int_op(0, OP_EQ, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND, - p, 26+TAP_ONIONSKIN_CHALLENGE_LEN)); - tt_int_op(RELAY_COMMAND_EXTEND, OP_EQ, ec.cell_type); - tt_str_op("18.244.0.1", OP_EQ, fmt_addr(&ec.orport_ipv4.addr)); - tt_int_op(258, OP_EQ, ec.orport_ipv4.port); - tt_int_op(AF_UNSPEC, OP_EQ, tor_addr_family(&ec.orport_ipv6.addr)); - tt_mem_op(ec.node_id,OP_EQ, "electroencephalogram", 20); - tt_int_op(cc->cell_type, OP_EQ, CELL_CREATE); - tt_int_op(cc->handshake_type, OP_EQ, ONION_HANDSHAKE_TYPE_TAP); - tt_int_op(cc->handshake_len, OP_EQ, TAP_ONIONSKIN_CHALLENGE_LEN); - tt_mem_op(cc->onionskin,OP_EQ, b, TAP_ONIONSKIN_CHALLENGE_LEN+20); - tt_int_op(0, OP_EQ, extend_cell_format(&p2_cmd, &p2_len, p2, &ec)); - tt_int_op(p2_cmd, OP_EQ, RELAY_COMMAND_EXTEND); - tt_int_op(p2_len, OP_EQ, 26+TAP_ONIONSKIN_CHALLENGE_LEN); - tt_mem_op(p2,OP_EQ, p, RELAY_PAYLOAD_SIZE); - - /* Let's do an ntor stuffed in a legacy EXTEND cell */ - memset(p, 0, sizeof(p)); - memset(b, 0, sizeof(b)); - crypto_rand((char*)b, NTOR_ONIONSKIN_LEN); - memcpy(p, "\x12\xf4\x00\x01\x01\x02", 6); /* 18 244 0 1 : 258 */ - memcpy(p+6,"ntorNTORntorNTOR", 16); - memcpy(p+22, b, NTOR_ONIONSKIN_LEN); - memcpy(p+6+TAP_ONIONSKIN_CHALLENGE_LEN, "electroencephalogram", 20); - tt_int_op(0, OP_EQ, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND, - p, 26+TAP_ONIONSKIN_CHALLENGE_LEN)); - tt_int_op(RELAY_COMMAND_EXTEND, OP_EQ, ec.cell_type); - tt_str_op("18.244.0.1", OP_EQ, fmt_addr(&ec.orport_ipv4.addr)); - tt_int_op(258, OP_EQ, ec.orport_ipv4.port); - tt_int_op(AF_UNSPEC, OP_EQ, tor_addr_family(&ec.orport_ipv6.addr)); - tt_mem_op(ec.node_id,OP_EQ, "electroencephalogram", 20); - tt_int_op(cc->cell_type, OP_EQ, CELL_CREATE2); - tt_int_op(cc->handshake_type, OP_EQ, ONION_HANDSHAKE_TYPE_NTOR); - tt_int_op(cc->handshake_len, OP_EQ, NTOR_ONIONSKIN_LEN); - tt_mem_op(cc->onionskin,OP_EQ, b, NTOR_ONIONSKIN_LEN+20); - tt_int_op(0, OP_EQ, extend_cell_format(&p2_cmd, &p2_len, p2, &ec)); - tt_int_op(p2_cmd, OP_EQ, RELAY_COMMAND_EXTEND); - tt_int_op(p2_len, OP_EQ, 26+TAP_ONIONSKIN_CHALLENGE_LEN); - tt_mem_op(p2,OP_EQ, p, RELAY_PAYLOAD_SIZE); - tt_int_op(0, OP_EQ, create_cell_format_relayed(&cell, cc)); - /* Now let's do a minimal ntor EXTEND2 cell. */ memset(&ec, 0xff, sizeof(ec)); memset(p, 0, sizeof(p)); @@ -896,23 +786,6 @@ test_cfmt_extended_cells(void *arg) (void) arg; - /* Try a regular EXTENDED cell. */ - memset(&ec, 0xff, sizeof(ec)); - memset(p, 0, sizeof(p)); - memset(b, 0, sizeof(b)); - crypto_rand((char*)b, TAP_ONIONSKIN_REPLY_LEN); - memcpy(p,b,TAP_ONIONSKIN_REPLY_LEN); - tt_int_op(0, OP_EQ, extended_cell_parse(&ec, RELAY_COMMAND_EXTENDED, p, - TAP_ONIONSKIN_REPLY_LEN)); - tt_int_op(RELAY_COMMAND_EXTENDED, OP_EQ, ec.cell_type); - tt_int_op(cc->cell_type, OP_EQ, CELL_CREATED); - tt_int_op(cc->handshake_len, OP_EQ, TAP_ONIONSKIN_REPLY_LEN); - tt_mem_op(cc->reply,OP_EQ, b, TAP_ONIONSKIN_REPLY_LEN); - tt_int_op(0, OP_EQ, extended_cell_format(&p2_cmd, &p2_len, p2, &ec)); - tt_int_op(RELAY_COMMAND_EXTENDED, OP_EQ, p2_cmd); - tt_int_op(TAP_ONIONSKIN_REPLY_LEN, OP_EQ, p2_len); - tt_mem_op(p2,OP_EQ, p, sizeof(p2)); - /* Try an EXTENDED2 cell */ memset(&ec, 0xff, sizeof(ec)); memset(p, 0, sizeof(p)); diff --git a/src/test/test_circuitpadding.c b/src/test/test_circuitpadding.c index 63b7136a11..95401465c1 100644 --- a/src/test/test_circuitpadding.c +++ b/src/test/test_circuitpadding.c @@ -1608,7 +1608,7 @@ simulate_single_hop_extend(circuit_t *client, circuit_t *mid_relay, hop->extend_info = extend_info_new( padding ? "padding" : "non-padding", - digest, NULL, NULL, NULL, + digest, NULL, NULL, &addr, padding, NULL, false); cpath_init_circuit_crypto(hop, whatevs_key, sizeof(whatevs_key), 0, 0); diff --git a/src/test/test_conflux_pool.c b/src/test/test_conflux_pool.c index fc30677377..6fe3c8b65b 100644 --- a/src/test/test_conflux_pool.c +++ b/src/test/test_conflux_pool.c @@ -349,7 +349,7 @@ simulate_single_hop_extend(origin_circuit_t *client, int exit) hop->extend_info = extend_info_new( exit ? "exit" : "non-exit", - digest, NULL, NULL, NULL, + digest, NULL, NULL, &addr, exit, NULL, exit); cpath_init_circuit_crypto(hop, whatevs_key, sizeof(whatevs_key), 0, 0); @@ -396,6 +396,7 @@ test_setup(void) static void test_clear_circs(void) { + conflux_notify_shutdown(); SMARTLIST_FOREACH(circ_pairs, circ_pair_t *, circ_pair, { tor_free(circ_pair); }); @@ -430,6 +431,9 @@ test_clear_circs(void) tor_assert(smartlist_len(mock_cell_delivery) == 0); (void)free_fake_origin_circuit; + + /* Clear shutdown flag so we can resume testing again. */ + conflux_clear_shutdown(); } static void diff --git a/src/test/test_dir.c b/src/test/test_dir.c index d09afcb9e6..b34711dcad 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -217,7 +217,7 @@ basic_routerinfo_new(const char *nickname, uint32_t ipv4_addr, r1->ipv4_dirport = dir_port; r1->supports_tunnelled_dir_requests = 1; - router_set_rsa_onion_pkey(pk1, &r1->onion_pkey, &r1->onion_pkey_len); + router_set_rsa_onion_pkey(pk1, &r1->tap_onion_pkey, &r1->tap_onion_pkey_len); r1->identity_pkey = pk2; r1->bandwidthrate = bandwidthrate; @@ -382,8 +382,8 @@ get_new_onion_key_block(const routerinfo_t *r1) { char *block = NULL; tor_assert(r1); - crypto_pk_t *pk_tmp = router_get_rsa_onion_pkey(r1->onion_pkey, - r1->onion_pkey_len); + crypto_pk_t *pk_tmp = router_get_rsa_onion_pkey(r1->tap_onion_pkey, + r1->tap_onion_pkey_len); block = get_new_rsa_key_block("onion-key", pk_tmp); crypto_pk_free(pk_tmp); return block; @@ -587,8 +587,8 @@ setup_mocks_for_fresh_descriptor(const routerinfo_t *r1, if (rsa_onion_keypair) { mocked_onionkey = crypto_pk_dup_key(rsa_onion_keypair); } else { - mocked_onionkey = router_get_rsa_onion_pkey(r1->onion_pkey, - r1->onion_pkey_len); + mocked_onionkey = router_get_rsa_onion_pkey(r1->tap_onion_pkey, + r1->tap_onion_pkey_len); } MOCK(get_onion_key, mock_get_onion_key); } @@ -643,10 +643,12 @@ STMT_BEGIN \ tt_int_op(rp1->bandwidthrate,OP_EQ, r1->bandwidthrate); \ tt_int_op(rp1->bandwidthburst,OP_EQ, r1->bandwidthburst); \ tt_int_op(rp1->bandwidthcapacity,OP_EQ, r1->bandwidthcapacity); \ - crypto_pk_t *rp1_onion_pkey = router_get_rsa_onion_pkey(rp1->onion_pkey, \ - rp1->onion_pkey_len); \ - crypto_pk_t *r1_onion_pkey = router_get_rsa_onion_pkey(r1->onion_pkey, \ - r1->onion_pkey_len); \ + crypto_pk_t *rp1_onion_pkey = router_get_rsa_onion_pkey( \ + rp1->tap_onion_pkey, \ + rp1->tap_onion_pkey_len); \ + crypto_pk_t *r1_onion_pkey = router_get_rsa_onion_pkey( \ + r1->tap_onion_pkey, \ + r1->tap_onion_pkey_len); \ tt_int_op(crypto_pk_cmp_keys(rp1_onion_pkey, r1_onion_pkey), OP_EQ, 0); \ crypto_pk_free(rp1_onion_pkey); \ crypto_pk_free(r1_onion_pkey); \ @@ -1303,6 +1305,72 @@ test_dir_parse_router_list(void *arg) #undef ADD } +/* Made with chutney and a patched tor: Has no onion-key or + * onion-key-crosscert */ +static const char ROUTERDESC_NO_ONION_KEY[] = +"router test001a 127.0.0.1 5001 0 7001\n" +"identity-ed25519\n" +"-----BEGIN ED25519 CERT-----\n" +"AQQAB0xWARbCJfDrX0OTtpM0fDxU9cLweMnZeUq/KBfAN1wwWHtMAQAgBADBQJ1o\n" +"ClrXUenWC90FYEUQDpMSdxdxKlrR83rYy+keGe61WQHYP0ebowJC19UvPnYryLeA\n" +"Gnhko2WwmbUDGicdnY4j2VSFU15oxBjln65IznZJyiZM4zGE1GkNZzKGmQY=\n" +"-----END ED25519 CERT-----\n" +"master-key-ed25519 wUCdaApa11Hp1gvdBWBFEA6TEncXcSpa0fN62MvpHhk\n" +"or-address [::]:5001\n" +"platform Tor 0.4.9.0-alpha-dev on Linux\n" +"proto Conflux=1 Cons=1-2 Desc=1-2 DirCache=2 FlowCtrl=1-2 HSDir=2 " + "HSIntro=4-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 " + "Relay=1-4\n" +"published 2024-06-24 21:34:22\n" +"fingerprint FD3A 6FA4 E716 C379 3CBA FEC3 39EA 01C8 B49D 7189\n" +"uptime 0\n" +"bandwidth 1073741824 1073741824 0\n" +"extra-info-digest 9946CAC41485EDFFDD83F7DAF1A088C30563126C " + "lpAMRlRTy9QR2xVCu1nnnxOHA2I05TTKvCSPPcr1geo\n" +"caches-extra-info\n" +"signing-key\n" +"-----BEGIN RSA PUBLIC KEY-----\n" +"MIGJAoGBALcIIij7gNpvSZPvaCLDDNyyQZq7fR0aXiHgmiIc5hYVcBl+zF5sTX6a\n" +"jQF+GQdbSHcRzA1IMWPXnA7+nGOxSNayrQwExuf7ESsBaQHU81/dmV+rgTwtcd3K\n" +"9lobTQUm+idLvGjVF5P1XJkduPvURIgpIfXT1ZHJUQhwxWSw8MmnAgMBAAE=\n" +"-----END RSA PUBLIC KEY-----\n" +"ntor-onion-key-crosscert 1\n" +"-----BEGIN ED25519 CERT-----\n" +"AQoAB0wmAcFAnWgKWtdR6dYL3QVgRRAOkxJ3F3EqWtHzetjL6R4ZAFPSCMLyQ82v\n" +"dvcpZDa7C/qp8TsJn2Z8v77RjRc2QD1KYDzGfg5euwlB1lu8+IR38l3mmC1PXXhe\n" +"ZB84q4aUdAA=\n" +"-----END ED25519 CERT-----\n" +"hidden-service-dir\n" +"contact auth1@test.test\n" +"ntor-onion-key m0dedSB2vjtvz08bNu+LCdIApVuspRlzXbsphXZ62zQ\n" +"reject *:*\n" +"tunnelled-dir-server\n" +"router-sig-ed25519 VMwmiN9KhWWFSFSuVZxG1g46mb2QhMhv0UlatvPKyAV+1jPl" + "EbDFaO1Qur0335Rn0ToysC6UqB1p78pefX67Aw\n" +"router-signature\n" +"-----BEGIN SIGNATURE-----\n" +"q9Hxy4FJVIK2ks/ByBv8P1p7Pc68ie/TTlDN+tce9opPlijy9+ze9/Gd2SKonRm1\n" +"J+WBj/kKYKw+YoUExIT0qMfa6QTCOe/ecp1sNmgeW0YfloP4Nv8goi3S0k4yrPk/\n" +"qw6TIXGYJpvrdR1Qe7+MEl2K1Okqsy5amtOU400lYRA=\n" +"-----END SIGNATURE-----\n" + ; + +static void +test_dir_parse_no_onion_keyrouter_list(void *arg) +{ + (void) arg; + + routerinfo_t *ri = + router_parse_entry_from_string(ROUTERDESC_NO_ONION_KEY, NULL, + 0, 1, 0, NULL); + + tt_assert(ri); + tt_assert(ri->tap_onion_pkey == NULL); + + done: + routerinfo_free(ri); +} + static download_status_t dls_minimal; static download_status_t dls_maximal; static download_status_t dls_bad_fingerprint; @@ -4079,7 +4147,7 @@ gen_routerstatus_for_umbw(int idx, time_t now) if (vrs) { vrs->microdesc = tor_malloc_zero(sizeof(vote_microdesc_hash_t)); tor_asprintf(&vrs->microdesc->microdesc_hash_line, - "m 25,26,27,28 " + "m 32,33 " "sha256=xyzajkldsdsajdadlsdjaslsdksdjlsdjsdaskdaaa%d\n", idx); } @@ -4103,9 +4171,8 @@ vote_tweaks_for_umbw(networkstatus_t *v, int voter, time_t now) tt_assert(v->supported_methods); SMARTLIST_FOREACH(v->supported_methods, char *, c, tor_free(c)); smartlist_clear(v->supported_methods); - /* Method 17 is MIN_METHOD_TO_CLIP_UNMEASURED_BW_KB */ smartlist_split_string(v->supported_methods, - "25 26 27 28", + "32 33", NULL, 0, -1); /* If we're using a non-default clip bandwidth, add it to net_params */ if (alternate_clip_bw > 0) { @@ -7228,6 +7295,7 @@ struct testcase_t dir_tests[] = { DIR(routerinfo_parsing, 0), DIR(extrainfo_parsing, 0), DIR(parse_router_list, TT_FORK), + DIR(parse_no_onion_keyrouter_list, TT_FORK), DIR(load_routers, TT_FORK), DIR(load_extrainfo, TT_FORK), DIR(getinfo_extra, 0), diff --git a/src/test/test_dirvote.c b/src/test/test_dirvote.c index 2b53955107..bb7e6fdf10 100644 --- a/src/test/test_dirvote.c +++ b/src/test/test_dirvote.c @@ -656,30 +656,6 @@ done: ROUTER_FREE(pppp); } -static void -test_dirvote_parse_param_buggy(void *arg) -{ - (void)arg; - - /* Tests for behavior with bug emulation to migrate away from bug 19011. */ - tt_i64_op(extract_param_buggy("blah blah", "bwweightscale", 10000), - OP_EQ, 10000); - tt_i64_op(extract_param_buggy("bwweightscale=7", "bwweightscale", 10000), - OP_EQ, 7); - tt_i64_op(extract_param_buggy("bwweightscale=7 foo=9", - "bwweightscale", 10000), - OP_EQ, 10000); - tt_i64_op(extract_param_buggy("foo=7 bwweightscale=777 bar=9", - "bwweightscale", 10000), - OP_EQ, 10000); - tt_i64_op(extract_param_buggy("foo=7 bwweightscale=1234", - "bwweightscale", 10000), - OP_EQ, 1234); - - done: - ; -} - #define NODE(name, flags) \ { \ #name, test_dirvote_##name, (flags), NULL, NULL \ @@ -692,5 +668,4 @@ struct testcase_t dirvote_tests[] = { NODE(get_sybil_by_ip_version_ipv4, TT_FORK), NODE(get_sybil_by_ip_version_ipv6, TT_FORK), NODE(get_all_possible_sybil, TT_FORK), - NODE(parse_param_buggy, 0), END_OF_TESTCASES}; diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index 118b66dfa7..7184e49c8c 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -1942,8 +1942,10 @@ test_entry_guard_select_for_circuit_no_confirmed(void *arg) tt_ptr_op(g2, OP_EQ, g); /* But if we impose a restriction, we don't get the same guard */ + get_options_mutable()->EnforceDistinctSubnets = 0; rst = guard_create_exit_restriction((uint8_t*)g->identity); g2 = select_entry_guard_for_circuit(gs, GUARD_USAGE_TRAFFIC, rst, &state); + tt_assert(g2); tt_ptr_op(g2, OP_NE, g); done: diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c index a02dca1b60..ac6f940cc7 100644 --- a/src/test/test_hs_client.c +++ b/src/test/test_hs_client.c @@ -1192,7 +1192,7 @@ test_socks_hs_errors(void *arg) ocirc->build_state = tor_malloc_zero(sizeof(cpath_build_state_t)); /* Code path will log this exit so build it. */ ocirc->build_state->chosen_exit = extend_info_new("TestNickname", digest, - NULL, NULL, NULL, &addr, + NULL, NULL, &addr, 4242, NULL, false); /* Attach socks connection to this rendezvous circuit. */ ocirc->p_streams = ENTRY_TO_EDGE_CONN(socks_conn); @@ -1287,7 +1287,7 @@ test_close_intro_circuit_failure(void *arg) ocirc->build_state = tor_malloc_zero(sizeof(cpath_build_state_t)); /* Code path will log this exit so build it. */ ocirc->build_state->chosen_exit = extend_info_new("TestNickname", digest, - NULL, NULL, NULL, &addr, + NULL, NULL, &addr, 4242, NULL, false); ed25519_pubkey_copy(ô->hs_ident->intro_auth_pk, &intro_kp.pubkey); @@ -1314,7 +1314,7 @@ test_close_intro_circuit_failure(void *arg) ocirc->build_state = tor_malloc_zero(sizeof(cpath_build_state_t)); /* Code path will log this exit so build it. */ ocirc->build_state->chosen_exit = extend_info_new("TestNickname", digest, - NULL, NULL, NULL, &addr, + NULL, NULL, &addr, 4242, NULL, false); ed25519_pubkey_copy(ô->hs_ident->intro_auth_pk, &intro_kp.pubkey); @@ -1337,7 +1337,7 @@ test_close_intro_circuit_failure(void *arg) ocirc->build_state = tor_malloc_zero(sizeof(cpath_build_state_t)); /* Code path will log this exit so build it. */ ocirc->build_state->chosen_exit = extend_info_new("TestNickname", digest, - NULL, NULL, NULL, &addr, + NULL, NULL, &addr, 4242, NULL, false); ed25519_pubkey_copy(ô->hs_ident->intro_auth_pk, &intro_kp.pubkey); diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c index dc60c7ca29..6f254f16e8 100644 --- a/src/test/test_hs_service.c +++ b/src/test/test_hs_service.c @@ -1605,7 +1605,6 @@ test_build_update_descriptors(void *arg) tt_int_op(ret, OP_EQ, 0); ri.onion_curve25519_pkey = tor_malloc_zero(sizeof(curve25519_public_key_t)); - ri.onion_pkey = tor_malloc_zero(140); curve25519_public_key_generate(ri.onion_curve25519_pkey, &curve25519_secret_key); memset(ri.cache_info.identity_digest, 'A', DIGEST_LEN); @@ -1631,7 +1630,6 @@ test_build_update_descriptors(void *arg) update_all_descriptors_intro_points(now); tor_free(node->ri->onion_curve25519_pkey); /* Avoid memleak. */ tor_free(node->ri->cache_info.signing_key_cert); - tor_free(node->ri->onion_pkey); expect_log_msg_containing("just picked 1 intro points and wanted 3 for next " "descriptor. It currently has 0 intro points. " "Launching ESTABLISH_INTRO circuit shortly."); diff --git a/src/test/test_microdesc.c b/src/test/test_microdesc.c index c564805ecf..1209811fb9 100644 --- a/src/test/test_microdesc.c +++ b/src/test/test_microdesc.c @@ -366,37 +366,14 @@ static const char test_ri[] = "iFJkKxxDx7ksxX0zdl7aPT4ORFEuRhCYS6el7YJmoyg=\n" "-----END SIGNATURE-----\n"; -static const char test_md2_25[] = +static const char test_md2_withfamily_33[] = "onion-key\n" "-----BEGIN RSA PUBLIC KEY-----\n" "MIGJAoGBAMvEJ/JVNK7I38PPWhQMuCgkET/ki4WIas4tj5Kmqfb9kHqxMR+EunRD\n" "83k4pel1yB7QdV+iTd/4SZOI8RpZP+BO1KnOTWfpztAU1lDGr19/PwdwcHaILpBD\n" "nNzm6otk4/bKUQ0vqpOfJljtg0DfAm4uMAQ6BMFy6uEAF7+JupuPAgMBAAE=\n" "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key FChIfm77vrWB7JsxQ+jMbN6VSSp1P0DYbw/2aqey4iA=\n" - "p accept 1-65535\n" - "id ed25519 J5lkRqyL6qW+CpN3E4RIlgJZeLgwjtmOOrjZvVhuwLQ\n"; - -static const char test_md2_withfamily_28[] = - "onion-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMvEJ/JVNK7I38PPWhQMuCgkET/ki4WIas4tj5Kmqfb9kHqxMR+EunRD\n" - "83k4pel1yB7QdV+iTd/4SZOI8RpZP+BO1KnOTWfpztAU1lDGr19/PwdwcHaILpBD\n" - "nNzm6otk4/bKUQ0vqpOfJljtg0DfAm4uMAQ6BMFy6uEAF7+JupuPAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key FChIfm77vrWB7JsxQ+jMbN6VSSp1P0DYbw/2aqey4iA=\n" - "family OtherNode !Strange\n" - "p accept 1-65535\n" - "id ed25519 J5lkRqyL6qW+CpN3E4RIlgJZeLgwjtmOOrjZvVhuwLQ\n"; - -static const char test_md2_withfamily_29[] = - "onion-key\n" - "-----BEGIN RSA PUBLIC KEY-----\n" - "MIGJAoGBAMvEJ/JVNK7I38PPWhQMuCgkET/ki4WIas4tj5Kmqfb9kHqxMR+EunRD\n" - "83k4pel1yB7QdV+iTd/4SZOI8RpZP+BO1KnOTWfpztAU1lDGr19/PwdwcHaILpBD\n" - "nNzm6otk4/bKUQ0vqpOfJljtg0DfAm4uMAQ6BMFy6uEAF7+JupuPAgMBAAE=\n" - "-----END RSA PUBLIC KEY-----\n" - "ntor-onion-key FChIfm77vrWB7JsxQ+jMbN6VSSp1P0DYbw/2aqey4iA=\n" + "ntor-onion-key FChIfm77vrWB7JsxQ+jMbN6VSSp1P0DYbw/2aqey4iA\n" "family !Strange $D219590AC9513BCDEBBA9AB721007A4CC01BBAE3 othernode\n" "p accept 1-65535\n" "id ed25519 J5lkRqyL6qW+CpN3E4RIlgJZeLgwjtmOOrjZvVhuwLQ\n"; @@ -411,21 +388,12 @@ test_md_generate(void *arg) ri = router_parse_entry_from_string(test_ri, NULL, 0, 0, NULL, NULL); tt_assert(ri); - md = dirvote_create_microdescriptor(ri, 25); - tt_str_op(md->body, OP_EQ, test_md2_25); - tt_assert(ed25519_pubkey_eq(md->ed25519_identity_pkey, - &ri->cache_info.signing_key_cert->signing_key)); - // Try family encoding. microdesc_free(md); ri->declared_family = smartlist_new(); smartlist_add_strdup(ri->declared_family, "OtherNode !Strange"); - md = dirvote_create_microdescriptor(ri, 28); - tt_str_op(md->body, OP_EQ, test_md2_withfamily_28); - - microdesc_free(md); - md = dirvote_create_microdescriptor(ri, 29); - tt_str_op(md->body, OP_EQ, test_md2_withfamily_29); + md = dirvote_create_microdescriptor(ri, 33); + tt_str_op(md->body, OP_EQ, test_md2_withfamily_33); done: microdesc_free(md); @@ -792,6 +760,35 @@ test_md_parse_id_ed25519(void *arg) teardown_capture_of_logs(); } +static void +test_md_parse_no_onion_key(void *arg) +{ + (void)arg; + + /* A correct MD with no onion key. */ + const char GOOD_MD[] = + "onion-key\n" + "ntor-onion-key AppBt6CSeb1kKid/36ototmFA24ddfW5JpjWPLuoJgs=\n" + "id ed25519 VGhpcyBpc24ndCBhY3R1YWxseSBhIHB1YmxpYyBrZXk\n"; + + smartlist_t *mds = NULL; + + mds = microdescs_parse_from_string(GOOD_MD, + NULL, 1, SAVED_NOWHERE, NULL); + tt_assert(mds); + tt_int_op(smartlist_len(mds), OP_EQ, 1); + const microdesc_t *md = smartlist_get(mds, 0); + tt_mem_op(md->ed25519_identity_pkey, OP_EQ, + "This isn't actually a public key", ED25519_PUBKEY_LEN); + + done: + if (mds) { + SMARTLIST_FOREACH(mds, microdesc_t *, m, microdesc_free(m)); + smartlist_free(mds); + } + teardown_capture_of_logs(); +} + static int mock_rgsbd_called = 0; static routerstatus_t *mock_rgsbd_val_a = NULL; static routerstatus_t *mock_rgsbd_val_b = NULL; @@ -926,6 +923,7 @@ struct testcase_t microdesc_tests[] = { { "generate", test_md_generate, 0, NULL, NULL }, { "parse", test_md_parse, 0, NULL, NULL }, { "parse_id_ed25519", test_md_parse_id_ed25519, 0, NULL, NULL }, + { "parse_no_onion_key", test_md_parse_no_onion_key, 0, NULL, NULL }, { "reject_cache", test_md_reject_cache, TT_FORK, NULL, NULL }, { "corrupt_desc", test_md_corrupt_desc, TT_FORK, NULL, NULL }, END_OF_TESTCASES diff --git a/src/test/test_protover.c b/src/test/test_protover.c index 9d14fd678a..9a10cf649f 100644 --- a/src/test/test_protover.c +++ b/src/test/test_protover.c @@ -329,7 +329,7 @@ test_protover_supports_version(void *arg) * headers. */ #define PROTOVER_LINKAUTH_V1 1 #define PROTOVER_LINKAUTH_V2 2 -#define PROTOVER_RELAY_V1 1 +#define PROTOVER_RELAY_V2 2 /* Deprecated HSIntro versions */ #define PROTOVER_HS_INTRO_DEPRECATED_1 1 @@ -397,7 +397,7 @@ test_protover_supported_protocols(void *arg) /* Relay protovers do not appear anywhere in the code. */ tt_assert(protocol_list_supports_protocol(supported_protocols, PRT_RELAY, - PROTOVER_RELAY_V1)); + PROTOVER_RELAY_V2)); tt_assert(protocol_list_supports_protocol(supported_protocols, PRT_RELAY, PROTOVER_RELAY_EXTEND2)); diff --git a/src/test/test_router.c b/src/test/test_router.c index 47084bba01..64efedfa46 100644 --- a/src/test/test_router.c +++ b/src/test/test_router.c @@ -60,8 +60,8 @@ rtr_tests_gen_routerinfo(crypto_pk_t *ident_key, crypto_pk_t *tap_key) mock_routerinfo->identity_pkey = crypto_pk_dup_key(ident_key); mock_routerinfo->protocol_list = tor_strdup("Cons=1-2 Desc=1-2 DirCache=1-2"); - router_set_rsa_onion_pkey(tap_key, &mock_routerinfo->onion_pkey, - &mock_routerinfo->onion_pkey_len); + router_set_rsa_onion_pkey(tap_key, &mock_routerinfo->tap_onion_pkey, + &mock_routerinfo->tap_onion_pkey_len); mock_routerinfo->bandwidthrate = 9001; mock_routerinfo->bandwidthburst = 9002; diff --git a/src/test/test_sandbox.c b/src/test/test_sandbox.c index 64182ecc91..edb5c0c232 100644 --- a/src/test/test_sandbox.c +++ b/src/test/test_sandbox.c @@ -364,22 +364,32 @@ test_sandbox_crypto_equix(void *arg) struct testcase_t sandbox_tests[] = { SANDBOX_TEST(is_active, TT_FORK), -/* When Tor is built with fragile compiler-hardening the sandbox is unable to - * filter requests to open files or directories (on systems where glibc uses - * the "open" system call to provide this functionality), as doing so would +/* When Tor is built with fragile compiler-hardening the sandbox is usually + * unable to filter requests to open files or directories, as doing so would * interfere with the address sanitizer as it retrieves information about the * running process via the filesystem. Skip these tests in that case as the * corresponding functions are likely to have no effect and this will cause the * tests to fail. */ #ifdef ENABLE_FRAGILE_HARDENING SANDBOX_TEST_SKIPPED(open_filename), + SANDBOX_TEST_SKIPPED(openat_filename), SANDBOX_TEST_SKIPPED(opendir_dirname), #else SANDBOX_TEST_IN_SANDBOX(open_filename), - SANDBOX_TEST_IN_SANDBOX(opendir_dirname), + SANDBOX_TEST_IN_SANDBOX(openat_filename), #endif /* defined(ENABLE_FRAGILE_HARDENING) */ - SANDBOX_TEST_IN_SANDBOX(openat_filename), + /* Ok why... Quick answer is #40918. This has been failing on Debian SID + * making us unable to have nightly packages which is a problem as we have + * several relay operators using them and actively reporting us issues with + * them. This test fails due to the sandbox denying it. + * + * We are deprecating C-tor slowly and honestly, the Sandbox feature has + * always been a source of pain and unhappiness. Disable this as finding why, + * fixing it and hoping it doesn't come back will mostly be a waste of our + * time at this point. */ + SANDBOX_TEST_SKIPPED(opendir_dirname), + SANDBOX_TEST_IN_SANDBOX(chmod_filename), SANDBOX_TEST_IN_SANDBOX(chown_filename), SANDBOX_TEST_IN_SANDBOX(rename_filename), diff --git a/src/test/test_socks.c b/src/test/test_socks.c index 94c772419b..b642d24a8b 100644 --- a/src/test/test_socks.c +++ b/src/test/test_socks.c @@ -596,6 +596,70 @@ test_socks_5_authenticate_with_data(void *ptr) ; } +/** Perform SOCKS 5 authentication and send data all in one go */ +static void +test_socks_5_authenticate_with_rpc_objectid(void *ptr) +{ + SOCKS_TEST_INIT(); + + /* SOCKS 5 Negotiate username/password authentication */ + ADD_DATA(buf, "\x05\x01\x02"); + tt_assert(!fetch_from_buf_socks(buf, socks, + get_options()->TestSocks, + get_options()->SafeSocks)); + /* SOCKS 5 Send username/password as a RPC ObjectID (see prop351). This + * should be invalid as in only the objectID prefix without a version. */ + ADD_DATA(buf, "\x01\x08<torS0X>\x08password"); + tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, + get_options()->SafeSocks), OP_EQ, -1); + + buf_clear(buf); + socks_request_clear(socks); + + /* SOCKS 5 Negotiate username/password authentication */ + ADD_DATA(buf, "\x05\x01\x02"); + tt_assert(!fetch_from_buf_socks(buf, socks, + get_options()->TestSocks, + get_options()->SafeSocks)); + /* SOCKS 5 Send username/password as a RPC ObjectID (see prop351). This + * should be valid because it is exactly the prefix and version without an + * object ID. */ + ADD_DATA(buf, "\x01\x09<torS0X>0\x08password"); + tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, + get_options()->SafeSocks), OP_EQ, 0); + + buf_clear(buf); + socks_request_clear(socks); + + /* SOCKS 5 Negotiate username/password authentication */ + ADD_DATA(buf, "\x05\x01\x02"); + tt_assert(!fetch_from_buf_socks(buf, socks, + get_options()->TestSocks, + get_options()->SafeSocks)); + /* SOCKS 5 Send username/password as a RPC ObjectID (see prop351). This + * should be invalid as an unknown version per prop351. */ + ADD_DATA(buf, "\x01\x09<torS0X>1\x08password"); + tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, + get_options()->SafeSocks), OP_EQ, -1); + + buf_clear(buf); + socks_request_clear(socks); + + /* SOCKS 5 Negotiate username/password authentication */ + ADD_DATA(buf, "\x05\x01\x02"); + tt_assert(!fetch_from_buf_socks(buf, socks, + get_options()->TestSocks, + get_options()->SafeSocks)); + /* SOCKS 5 Send username/password as a RPC ObjectID (see prop351). This + * should be invalid because there is an objectID after the prefix. */ + ADD_DATA(buf, "\x01\x0C<torS0X>0abc\x08password"); + tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, + get_options()->SafeSocks), OP_EQ, -1); + + done: + ; +} + /** Try to negotiate an unsupported authentication type */ static void test_socks_5_auth_unsupported_type(void *ptr) @@ -1112,6 +1176,7 @@ struct testcase_t socks_tests[] = { SOCKSENT(5_authenticate), SOCKSENT(5_authenticate_empty_user_pass), SOCKSENT(5_authenticate_with_data), + SOCKSENT(5_authenticate_with_rpc_objectid), SOCKSENT(5_malformed_commands), SOCKSENT(5_bad_arguments), diff --git a/src/test/test_status.c b/src/test/test_status.c index 1d371645ae..4ceb81f3a5 100644 --- a/src/test/test_status.c +++ b/src/test/test_status.c @@ -333,10 +333,12 @@ test_status_hb_not_in_consensus(void *arg) status_hb_not_in_consensus_server_mode); log_global_min_severity_ = LOG_DEBUG; - onion_handshakes_requested[ONION_HANDSHAKE_TYPE_TAP] = 1; onion_handshakes_assigned[ONION_HANDSHAKE_TYPE_TAP] = 1; - onion_handshakes_requested[ONION_HANDSHAKE_TYPE_NTOR] = 1; - onion_handshakes_assigned[ONION_HANDSHAKE_TYPE_NTOR] = 1; + onion_handshakes_requested[ONION_HANDSHAKE_TYPE_TAP] = 2; + onion_handshakes_assigned[ONION_HANDSHAKE_TYPE_NTOR] = 3; + onion_handshakes_requested[ONION_HANDSHAKE_TYPE_NTOR] = 4; + onion_handshakes_assigned[ONION_HANDSHAKE_TYPE_NTOR_V3] = 5; + onion_handshakes_requested[ONION_HANDSHAKE_TYPE_NTOR_V3] = 6; expected = 0; setup_capture_of_logs(LOG_INFO); @@ -352,8 +354,8 @@ test_status_hb_not_in_consensus(void *arg) "I've made 0 connections with IPv4 and 0 with IPv6.\n"); expect_log_msg("Average packaged cell fullness: 100.000%. " "TLS write overhead: 0%\n"); - expect_log_msg("Circuit handshake stats since last time: 1/1 TAP, " - "1/1 NTor.\n"); + expect_log_msg("Circuit handshake stats since last time: 1/2 TAP, " + "3/4 NTor, 5/6 NTor (v3).\n"); expect_log_msg("Since startup we initiated 0 and received 0 v1 " "connections; initiated 0 and received 0 v2 connections; " "initiated 0 and received 0 v3 connections; " @@ -363,6 +365,7 @@ test_status_hb_not_in_consensus(void *arg) "with too many cells, [DoSCircuitCreationEnabled disabled], " "[DoSConnectionEnabled disabled], " "[DoSRefuseSingleHopClientRendezvous disabled], " + "[DoSStreamCreationEnabled disabled], " "0 INTRODUCE2 rejected.\n"); tt_int_op(mock_saved_log_n_entries(), OP_EQ, 6); |