1 /* Copyright (c) 2007-2019, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
6 * \brief Unit tests for hidden service.
9 #define CONTROL_PRIVATE
10 #define CIRCUITBUILD_PRIVATE
11 #define RENDCOMMON_PRIVATE
12 #define RENDSERVICE_PRIVATE
13 #define HS_SERVICE_PRIVATE
15 #include "core/or/or.h"
16 #include "test/test.h"
17 #include "feature/control/control.h"
18 #include "app/config/config.h"
19 #include "feature/hs/hs_common.h"
20 #include "feature/rend/rendcommon.h"
21 #include "feature/rend/rendservice.h"
22 #include "feature/nodelist/routerlist.h"
23 #include "feature/nodelist/routerset.h"
24 #include "core/or/circuitbuild.h"
26 #include "feature/nodelist/node_st.h"
27 #include "feature/rend/rend_encoded_v2_service_descriptor_st.h"
28 #include "feature/rend/rend_intro_point_st.h"
29 #include "feature/nodelist/routerinfo_st.h"
31 #include "test/test_helpers.h"
37 /* mock ID digest and longname for node that's in nodelist */
38 #define HSDIR_EXIST_ID "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" \
39 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
40 #define STR_HSDIR_EXIST_LONGNAME \
41 "$AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=TestDir"
42 /* mock ID digest and longname for node that's not in nodelist */
43 #define HSDIR_NONE_EXIST_ID "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB" \
44 "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB"
45 #define STR_HSDIR_NONE_EXIST_LONGNAME \
46 "$BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
48 /* DuckDuckGo descriptor as an example. This one has extra "\r" at the end so
49 * the control port is happy. */
50 static const char *hs_desc_content_control
= "\
51 rendezvous-service-descriptor g5ojobzupf275beh5ra72uyhb3dkpxwg\r\n\
54 -----BEGIN RSA PUBLIC KEY-----\r\n\
55 MIGJAoGBAJ/SzzgrXPxTlFrKVhXh3buCWv2QfcNgncUpDpKouLn3AtPH5Ocys0jE\r\n\
56 aZSKdvaiQ62md2gOwj4x61cFNdi05tdQjS+2thHKEm/KsB9BGLSLBNJYY356bupg\r\n\
57 I5gQozM65ENelfxYlysBjJ52xSDBd8C4f/p9umdzaaaCmzXG/nhzAgMBAAE=\r\n\
58 -----END RSA PUBLIC KEY-----\r\n\
59 secret-id-part anmjoxxwiupreyajjt5yasimfmwcnxlf\r\n\
60 publication-time 2015-03-11 19:00:00\r\n\
61 protocol-versions 2,3\r\n\
62 introduction-points\r\n\
63 -----BEGIN MESSAGE-----\r\n\
64 aW50cm9kdWN0aW9uLXBvaW50IDd1bnd4cmg2dG5kNGh6eWt1Z3EzaGZzdHduc2ll\r\n\
65 cmhyCmlwLWFkZHJlc3MgMTg4LjEzOC4xMjEuMTE4Cm9uaW9uLXBvcnQgOTAwMQpv\r\n\
66 bmlvbi1rZXkKLS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JR0pBb0dC\r\n\
67 QUxGRVVyeVpDbk9ROEhURmV5cDVjMTRObWVqL1BhekFLTTBxRENTNElKUWh0Y3g1\r\n\
68 NXpRSFdOVWIKQ2hHZ0JqR1RjV3ZGRnA0N3FkdGF6WUZhVXE2c0lQKzVqeWZ5b0Q4\r\n\
69 UmJ1bzBwQmFWclJjMmNhYUptWWM0RDh6Vgpuby9sZnhzOVVaQnZ1cWY4eHIrMDB2\r\n\
70 S0JJNmFSMlA2OE1WeDhrMExqcUpUU2RKOE9idm9yQWdNQkFBRT0KLS0tLS1FTkQg\r\n\
71 UlNBIFBVQkxJQyBLRVktLS0tLQpzZXJ2aWNlLWtleQotLS0tLUJFR0lOIFJTQSBQ\r\n\
72 VUJMSUMgS0VZLS0tLS0KTUlHSkFvR0JBTnJHb0ozeTlHNXQzN2F2ekI1cTlwN1hG\r\n\
73 VUplRUVYMUNOaExnWmJXWGJhVk5OcXpoZFhyL0xTUQppM1Z6dW5OaUs3cndUVnE2\r\n\
74 K2QyZ1lRckhMMmIvMXBBY3ZKWjJiNSs0bTRRc0NibFpjRENXTktRbHJnRWN5WXRJ\r\n\
75 CkdscXJTbFFEaXA0ZnNrUFMvNDVkWTI0QmJsQ3NGU1k3RzVLVkxJck4zZFpGbmJr\r\n\
76 NEZIS1hBZ01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0tLS0tCmludHJv\r\n\
77 ZHVjdGlvbi1wb2ludCBiNGM3enlxNXNheGZzN2prNXFibG1wN3I1b3pwdHRvagpp\r\n\
78 cC1hZGRyZXNzIDEwOS4xNjkuNDUuMjI2Cm9uaW9uLXBvcnQgOTAwMQpvbmlvbi1r\r\n\
79 ZXkKLS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JR0pBb0dCQU8xSXpw\r\n\
80 WFFUTUY3RXZUb1NEUXpzVnZiRVFRQUQrcGZ6NzczMVRXZzVaUEJZY1EyUkRaeVp4\r\n\
81 OEQKNUVQSU1FeUE1RE83cGd0ak5LaXJvYXJGMC8yempjMkRXTUlSaXZyU29YUWVZ\r\n\
82 ZXlMM1pzKzFIajJhMDlCdkYxZAp6MEswblRFdVhoNVR5V3lyMHdsbGI1SFBnTlI0\r\n\
83 MS9oYkprZzkwZitPVCtIeGhKL1duUml2QWdNQkFBRT0KLS0tLS1FTkQgUlNBIFBV\r\n\
84 QkxJQyBLRVktLS0tLQpzZXJ2aWNlLWtleQotLS0tLUJFR0lOIFJTQSBQVUJMSUMg\r\n\
85 S0VZLS0tLS0KTUlHSkFvR0JBSzNWZEJ2ajFtQllLL3JrcHNwcm9Ub0llNUtHVmth\r\n\
86 QkxvMW1tK1I2YUVJek1VZFE1SjkwNGtyRwpCd3k5NC8rV0lGNFpGYXh5Z2phejl1\r\n\
87 N2pKY1k3ZGJhd1pFeG1hYXFCRlRwL2h2ZG9rcHQ4a1ByRVk4OTJPRHJ1CmJORUox\r\n\
88 N1FPSmVMTVZZZk5Kcjl4TWZCQ3JQai8zOGh2RUdrbWVRNmRVWElvbVFNaUJGOVRB\r\n\
89 Z01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0tLS0tCmludHJvZHVjdGlv\r\n\
90 bi1wb2ludCBhdjVtcWl0Y2Q3cjJkandsYmN0c2Jlc2R3eGt0ZWtvegppcC1hZGRy\r\n\
91 ZXNzIDE0NC43Ni44LjczCm9uaW9uLXBvcnQgNDQzCm9uaW9uLWtleQotLS0tLUJF\r\n\
92 R0lOIFJTQSBQVUJMSUMgS0VZLS0tLS0KTUlHSkFvR0JBTzVweVZzQmpZQmNmMXBE\r\n\
93 dklHUlpmWXUzQ05nNldka0ZLMGlvdTBXTGZtejZRVDN0NWhzd3cyVwpjejlHMXhx\r\n\
94 MmN0Nkd6VWkrNnVkTDlITTRVOUdHTi9BbW8wRG9GV1hKWHpBQkFXd2YyMVdsd1lW\r\n\
95 eFJQMHRydi9WCkN6UDkzcHc5OG5vSmdGUGRUZ05iMjdKYmVUZENLVFBrTEtscXFt\r\n\
96 b3NveUN2RitRa25vUS9BZ01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0t\r\n\
97 LS0tCnNlcnZpY2Uta2V5Ci0tLS0tQkVHSU4gUlNBIFBVQkxJQyBLRVktLS0tLQpN\r\n\
98 SUdKQW9HQkFMVjNKSmtWN3lTNU9jc1lHMHNFYzFQOTVRclFRR3ZzbGJ6Wi9zRGxl\r\n\
99 RlpKYXFSOUYvYjRUVERNClNGcFMxcU1GbldkZDgxVmRGMEdYRmN2WVpLamRJdHU2\r\n\
100 SndBaTRJeEhxeXZtdTRKdUxrcXNaTEFLaXRLVkx4eGsKeERlMjlDNzRWMmJrOTRJ\r\n\
101 MEgybTNKS2tzTHVwc3VxWWRVUmhOVXN0SElKZmgyZmNIalF0bEFnTUJBQUU9Ci0t\r\n\
102 LS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0KCg==\r\n\
103 -----END MESSAGE-----\r\n\
105 -----BEGIN SIGNATURE-----\r\n\
106 d4OuCE5OLAOnRB6cQN6WyMEmg/BHem144Vec+eYgeWoKwx3MxXFplUjFxgnMlmwN\r\n\
107 PcftsZf2ztN0sbNCtPgDL3d0PqvxY3iHTQAI8EbaGq/IAJUZ8U4y963dD5+Bn6JQ\r\n\
108 myE3ctmh0vy5+QxSiRjmQBkuEpCyks7LvWvHYrhnmcg=\r\n\
109 -----END SIGNATURE-----";
111 /* DuckDuckGo descriptor as an example. */
112 static const char *hs_desc_content
= "\
113 rendezvous-service-descriptor g5ojobzupf275beh5ra72uyhb3dkpxwg\n\
116 -----BEGIN RSA PUBLIC KEY-----\n\
117 MIGJAoGBAJ/SzzgrXPxTlFrKVhXh3buCWv2QfcNgncUpDpKouLn3AtPH5Ocys0jE\n\
118 aZSKdvaiQ62md2gOwj4x61cFNdi05tdQjS+2thHKEm/KsB9BGLSLBNJYY356bupg\n\
119 I5gQozM65ENelfxYlysBjJ52xSDBd8C4f/p9umdzaaaCmzXG/nhzAgMBAAE=\n\
120 -----END RSA PUBLIC KEY-----\n\
121 secret-id-part anmjoxxwiupreyajjt5yasimfmwcnxlf\n\
122 publication-time 2015-03-11 19:00:00\n\
123 protocol-versions 2,3\n\
124 introduction-points\n\
125 -----BEGIN MESSAGE-----\n\
126 aW50cm9kdWN0aW9uLXBvaW50IDd1bnd4cmg2dG5kNGh6eWt1Z3EzaGZzdHduc2ll\n\
127 cmhyCmlwLWFkZHJlc3MgMTg4LjEzOC4xMjEuMTE4Cm9uaW9uLXBvcnQgOTAwMQpv\n\
128 bmlvbi1rZXkKLS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JR0pBb0dC\n\
129 QUxGRVVyeVpDbk9ROEhURmV5cDVjMTRObWVqL1BhekFLTTBxRENTNElKUWh0Y3g1\n\
130 NXpRSFdOVWIKQ2hHZ0JqR1RjV3ZGRnA0N3FkdGF6WUZhVXE2c0lQKzVqeWZ5b0Q4\n\
131 UmJ1bzBwQmFWclJjMmNhYUptWWM0RDh6Vgpuby9sZnhzOVVaQnZ1cWY4eHIrMDB2\n\
132 S0JJNmFSMlA2OE1WeDhrMExqcUpUU2RKOE9idm9yQWdNQkFBRT0KLS0tLS1FTkQg\n\
133 UlNBIFBVQkxJQyBLRVktLS0tLQpzZXJ2aWNlLWtleQotLS0tLUJFR0lOIFJTQSBQ\n\
134 VUJMSUMgS0VZLS0tLS0KTUlHSkFvR0JBTnJHb0ozeTlHNXQzN2F2ekI1cTlwN1hG\n\
135 VUplRUVYMUNOaExnWmJXWGJhVk5OcXpoZFhyL0xTUQppM1Z6dW5OaUs3cndUVnE2\n\
136 K2QyZ1lRckhMMmIvMXBBY3ZKWjJiNSs0bTRRc0NibFpjRENXTktRbHJnRWN5WXRJ\n\
137 CkdscXJTbFFEaXA0ZnNrUFMvNDVkWTI0QmJsQ3NGU1k3RzVLVkxJck4zZFpGbmJr\n\
138 NEZIS1hBZ01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0tLS0tCmludHJv\n\
139 ZHVjdGlvbi1wb2ludCBiNGM3enlxNXNheGZzN2prNXFibG1wN3I1b3pwdHRvagpp\n\
140 cC1hZGRyZXNzIDEwOS4xNjkuNDUuMjI2Cm9uaW9uLXBvcnQgOTAwMQpvbmlvbi1r\n\
141 ZXkKLS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JR0pBb0dCQU8xSXpw\n\
142 WFFUTUY3RXZUb1NEUXpzVnZiRVFRQUQrcGZ6NzczMVRXZzVaUEJZY1EyUkRaeVp4\n\
143 OEQKNUVQSU1FeUE1RE83cGd0ak5LaXJvYXJGMC8yempjMkRXTUlSaXZyU29YUWVZ\n\
144 ZXlMM1pzKzFIajJhMDlCdkYxZAp6MEswblRFdVhoNVR5V3lyMHdsbGI1SFBnTlI0\n\
145 MS9oYkprZzkwZitPVCtIeGhKL1duUml2QWdNQkFBRT0KLS0tLS1FTkQgUlNBIFBV\n\
146 QkxJQyBLRVktLS0tLQpzZXJ2aWNlLWtleQotLS0tLUJFR0lOIFJTQSBQVUJMSUMg\n\
147 S0VZLS0tLS0KTUlHSkFvR0JBSzNWZEJ2ajFtQllLL3JrcHNwcm9Ub0llNUtHVmth\n\
148 QkxvMW1tK1I2YUVJek1VZFE1SjkwNGtyRwpCd3k5NC8rV0lGNFpGYXh5Z2phejl1\n\
149 N2pKY1k3ZGJhd1pFeG1hYXFCRlRwL2h2ZG9rcHQ4a1ByRVk4OTJPRHJ1CmJORUox\n\
150 N1FPSmVMTVZZZk5Kcjl4TWZCQ3JQai8zOGh2RUdrbWVRNmRVWElvbVFNaUJGOVRB\n\
151 Z01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0tLS0tCmludHJvZHVjdGlv\n\
152 bi1wb2ludCBhdjVtcWl0Y2Q3cjJkandsYmN0c2Jlc2R3eGt0ZWtvegppcC1hZGRy\n\
153 ZXNzIDE0NC43Ni44LjczCm9uaW9uLXBvcnQgNDQzCm9uaW9uLWtleQotLS0tLUJF\n\
154 R0lOIFJTQSBQVUJMSUMgS0VZLS0tLS0KTUlHSkFvR0JBTzVweVZzQmpZQmNmMXBE\n\
155 dklHUlpmWXUzQ05nNldka0ZLMGlvdTBXTGZtejZRVDN0NWhzd3cyVwpjejlHMXhx\n\
156 MmN0Nkd6VWkrNnVkTDlITTRVOUdHTi9BbW8wRG9GV1hKWHpBQkFXd2YyMVdsd1lW\n\
157 eFJQMHRydi9WCkN6UDkzcHc5OG5vSmdGUGRUZ05iMjdKYmVUZENLVFBrTEtscXFt\n\
158 b3NveUN2RitRa25vUS9BZ01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0t\n\
159 LS0tCnNlcnZpY2Uta2V5Ci0tLS0tQkVHSU4gUlNBIFBVQkxJQyBLRVktLS0tLQpN\n\
160 SUdKQW9HQkFMVjNKSmtWN3lTNU9jc1lHMHNFYzFQOTVRclFRR3ZzbGJ6Wi9zRGxl\n\
161 RlpKYXFSOUYvYjRUVERNClNGcFMxcU1GbldkZDgxVmRGMEdYRmN2WVpLamRJdHU2\n\
162 SndBaTRJeEhxeXZtdTRKdUxrcXNaTEFLaXRLVkx4eGsKeERlMjlDNzRWMmJrOTRJ\n\
163 MEgybTNKS2tzTHVwc3VxWWRVUmhOVXN0SElKZmgyZmNIalF0bEFnTUJBQUU9Ci0t\n\
164 LS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0KCg==\n\
165 -----END MESSAGE-----\n\
167 -----BEGIN SIGNATURE-----\n\
168 d4OuCE5OLAOnRB6cQN6WyMEmg/BHem144Vec+eYgeWoKwx3MxXFplUjFxgnMlmwN\n\
169 PcftsZf2ztN0sbNCtPgDL3d0PqvxY3iHTQAI8EbaGq/IAJUZ8U4y963dD5+Bn6JQ\n\
170 myE3ctmh0vy5+QxSiRjmQBkuEpCyks7LvWvHYrhnmcg=\n\
171 -----END SIGNATURE-----";
173 /* Helper global variable for hidden service descriptor event test.
174 * It's used as a pointer to dynamically created message buffer in
175 * send_control_event_string_replacement function, which mocks
176 * send_control_event_string function.
178 * Always free it after use! */
179 static char *received_msg
= NULL
;
181 /** Mock function for send_control_event_string
184 queue_control_event_string_replacement(uint16_t event
, char *msg
)
187 tor_free(received_msg
);
191 /** Mock function for node_describe_longname_by_id, it returns either
192 * STR_HSDIR_EXIST_LONGNAME or STR_HSDIR_NONE_EXIST_LONGNAME
195 node_describe_longname_by_id_replacement(const char *id_digest
)
197 if (!strcmp(id_digest
, HSDIR_EXIST_ID
)) {
198 return STR_HSDIR_EXIST_LONGNAME
;
200 return STR_HSDIR_NONE_EXIST_LONGNAME
;
204 /** Test that we can parse a hardcoded v2 HS desc. */
206 test_hs_parse_static_v2_desc(void *arg
)
209 rend_encoded_v2_service_descriptor_t desc
;
213 /* Test an obviously not parseable string */
214 desc
.desc_str
= tor_strdup("ceci n'est pas un HS descriptor");
215 ret
= rend_desc_v2_is_parsable(&desc
);
216 tor_free(desc
.desc_str
);
217 tt_int_op(ret
, OP_EQ
, 0);
219 /* Test an actual descriptor */
220 desc
.desc_str
= tor_strdup(hs_desc_content
);
221 ret
= rend_desc_v2_is_parsable(&desc
);
222 tor_free(desc
.desc_str
);
223 tt_int_op(ret
, OP_EQ
, 1);
228 /** Make sure each hidden service descriptor async event generation
230 * function generates the message in expected format.
233 test_hs_desc_event(void *arg
)
235 #define STR_HS_ADDR "ajhb7kljbiru65qo"
236 #define STR_HS_CONTENT_DESC_ID "g5ojobzupf275beh5ra72uyhb3dkpxwg"
237 #define STR_DESC_ID_BASE32 "hba3gmcgpfivzfhx5rtfqkfdhv65yrj3"
240 rend_data_v2_t rend_query
;
241 const char *expected_msg
;
242 char desc_id_base32
[REND_DESC_ID_V2_LEN_BASE32
+ 1];
245 MOCK(queue_control_event_string
,
246 queue_control_event_string_replacement
);
247 MOCK(node_describe_longname_by_id
,
248 node_describe_longname_by_id_replacement
);
250 /* setup rend_query struct */
251 memset(&rend_query
, 0, sizeof(rend_query
));
252 rend_query
.base_
.version
= 2;
253 strncpy(rend_query
.onion_address
, STR_HS_ADDR
,
254 REND_SERVICE_ID_LEN_BASE32
+1);
255 rend_query
.auth_type
= REND_NO_AUTH
;
256 rend_query
.base_
.hsdirs_fp
= smartlist_new();
257 smartlist_add(rend_query
.base_
.hsdirs_fp
, tor_memdup(HSDIR_EXIST_ID
,
260 /* Compute descriptor ID for replica 0, should be STR_DESC_ID_BASE32. */
261 ret
= rend_compute_v2_desc_id(rend_query
.descriptor_id
[0],
262 rend_query
.onion_address
,
264 tt_int_op(ret
, OP_EQ
, 0);
265 base32_encode(desc_id_base32
, sizeof(desc_id_base32
),
266 rend_query
.descriptor_id
[0], DIGEST_LEN
);
267 /* Make sure rend_compute_v2_desc_id works properly. */
268 tt_mem_op(desc_id_base32
, OP_EQ
, STR_DESC_ID_BASE32
,
269 sizeof(desc_id_base32
));
271 /* test request event */
272 control_event_hs_descriptor_requested(rend_query
.onion_address
,
273 rend_query
.auth_type
, HSDIR_EXIST_ID
,
274 STR_DESC_ID_BASE32
, NULL
);
275 expected_msg
= "650 HS_DESC REQUESTED "STR_HS_ADDR
" NO_AUTH "\
276 STR_HSDIR_EXIST_LONGNAME
" " STR_DESC_ID_BASE32
"\r\n";
277 tt_assert(received_msg
);
278 tt_str_op(received_msg
,OP_EQ
, expected_msg
);
279 tor_free(received_msg
);
281 /* test received event */
282 rend_query
.auth_type
= REND_BASIC_AUTH
;
283 control_event_hsv2_descriptor_received(rend_query
.onion_address
,
284 &rend_query
.base_
, HSDIR_EXIST_ID
);
285 expected_msg
= "650 HS_DESC RECEIVED "STR_HS_ADDR
" BASIC_AUTH "\
286 STR_HSDIR_EXIST_LONGNAME
" " STR_DESC_ID_BASE32
"\r\n";
287 tt_assert(received_msg
);
288 tt_str_op(received_msg
,OP_EQ
, expected_msg
);
289 tor_free(received_msg
);
291 /* test failed event */
292 rend_query
.auth_type
= REND_STEALTH_AUTH
;
293 control_event_hsv2_descriptor_failed(&rend_query
.base_
,
296 expected_msg
= "650 HS_DESC FAILED "STR_HS_ADDR
" STEALTH_AUTH "\
297 STR_HSDIR_NONE_EXIST_LONGNAME
" REASON=QUERY_REJECTED\r\n";
298 tt_assert(received_msg
);
299 tt_str_op(received_msg
,OP_EQ
, expected_msg
);
300 tor_free(received_msg
);
302 /* test invalid auth type */
303 rend_query
.auth_type
= 999;
304 control_event_hsv2_descriptor_failed(&rend_query
.base_
,
307 expected_msg
= "650 HS_DESC FAILED "STR_HS_ADDR
" UNKNOWN "\
308 STR_HSDIR_EXIST_LONGNAME
" " STR_DESC_ID_BASE32\
309 " REASON=QUERY_REJECTED\r\n";
310 tt_assert(received_msg
);
311 tt_str_op(received_msg
,OP_EQ
, expected_msg
);
312 tor_free(received_msg
);
314 /* test no HSDir fingerprint type */
315 rend_query
.auth_type
= REND_NO_AUTH
;
316 control_event_hsv2_descriptor_failed(&rend_query
.base_
, NULL
,
318 expected_msg
= "650 HS_DESC FAILED "STR_HS_ADDR
" NO_AUTH " \
319 "UNKNOWN REASON=QUERY_NO_HSDIR\r\n";
320 tt_assert(received_msg
);
321 tt_str_op(received_msg
,OP_EQ
, expected_msg
);
322 tor_free(received_msg
);
324 /* Test invalid content with no HSDir fingerprint. */
326 control_event_hs_descriptor_content(rend_query
.onion_address
,
327 STR_HS_CONTENT_DESC_ID
, NULL
, NULL
);
328 tor_asprintf(&exp_msg
, "650+HS_DESC_CONTENT " STR_HS_ADDR
" "\
329 STR_HS_CONTENT_DESC_ID
" UNKNOWN" \
330 "\r\n\r\n.\r\n650 OK\r\n");
331 tt_assert(received_msg
);
332 tt_str_op(received_msg
, OP_EQ
, exp_msg
);
333 tor_free(received_msg
);
336 /* test valid content. */
337 control_event_hs_descriptor_content(rend_query
.onion_address
,
338 STR_HS_CONTENT_DESC_ID
, HSDIR_EXIST_ID
,
339 hs_desc_content_control
);
340 tor_asprintf(&exp_msg
, "650+HS_DESC_CONTENT " STR_HS_ADDR
" "\
341 STR_HS_CONTENT_DESC_ID
" " STR_HSDIR_EXIST_LONGNAME\
342 "\r\n%s\r\n.\r\n650 OK\r\n", hs_desc_content_control
);
344 tt_assert(received_msg
);
345 tt_str_op(received_msg
, OP_EQ
, exp_msg
);
346 tor_free(received_msg
);
348 SMARTLIST_FOREACH(rend_query
.base_
.hsdirs_fp
, char *, d
, tor_free(d
));
349 smartlist_free(rend_query
.base_
.hsdirs_fp
);
352 UNMOCK(queue_control_event_string
);
353 UNMOCK(node_describe_longname_by_id
);
354 tor_free(received_msg
);
357 /* Make sure rend_data_t is valid at creation, destruction and when
360 test_hs_rend_data(void *arg
)
363 rend_data_t
*client
= NULL
, *client_dup
= NULL
;
364 /* Binary format of a descriptor ID. */
365 char desc_id
[DIGEST_LEN
];
366 char client_cookie
[REND_DESC_COOKIE_LEN
];
367 time_t now
= time(NULL
);
368 rend_data_t
*service_dup
= NULL
;
369 rend_data_t
*service
= NULL
;
373 base32_decode(desc_id
, sizeof(desc_id
), STR_DESC_ID_BASE32
,
374 REND_DESC_ID_V2_LEN_BASE32
);
375 memset(client_cookie
, 'e', sizeof(client_cookie
));
377 client
= rend_data_client_create(STR_HS_ADDR
, desc_id
, client_cookie
,
380 rend_data_v2_t
*client_v2
= TO_REND_DATA_V2(client
);
381 tt_int_op(client_v2
->auth_type
, OP_EQ
, REND_NO_AUTH
);
382 tt_str_op(client_v2
->onion_address
, OP_EQ
, STR_HS_ADDR
);
383 tt_mem_op(client_v2
->desc_id_fetch
, OP_EQ
, desc_id
, sizeof(desc_id
));
384 tt_mem_op(client_v2
->descriptor_cookie
, OP_EQ
, client_cookie
,
385 sizeof(client_cookie
));
386 tt_assert(client
->hsdirs_fp
);
387 tt_int_op(smartlist_len(client
->hsdirs_fp
), OP_EQ
, 0);
388 for (rep
= 0; rep
< REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
; rep
++) {
389 int ret
= rend_compute_v2_desc_id(desc_id
, client_v2
->onion_address
,
390 client_v2
->descriptor_cookie
, now
, rep
);
391 /* That shouldn't never fail. */
392 tt_int_op(ret
, OP_EQ
, 0);
393 tt_mem_op(client_v2
->descriptor_id
[rep
], OP_EQ
, desc_id
,
396 /* The rest should be zeroed because this is a client request. */
397 tt_int_op(tor_digest_is_zero(client_v2
->rend_pk_digest
), OP_EQ
, 1);
398 tt_int_op(tor_digest_is_zero(client
->rend_cookie
), OP_EQ
, 1);
401 client_dup
= rend_data_dup(client
);
402 tt_assert(client_dup
);
403 rend_data_v2_t
*client_dup_v2
= TO_REND_DATA_V2(client_dup
);
404 tt_int_op(client_dup_v2
->auth_type
, OP_EQ
, client_v2
->auth_type
);
405 tt_str_op(client_dup_v2
->onion_address
, OP_EQ
, client_v2
->onion_address
);
406 tt_mem_op(client_dup_v2
->desc_id_fetch
, OP_EQ
, client_v2
->desc_id_fetch
,
407 sizeof(client_dup_v2
->desc_id_fetch
));
408 tt_mem_op(client_dup_v2
->descriptor_cookie
, OP_EQ
,
409 client_v2
->descriptor_cookie
,
410 sizeof(client_dup_v2
->descriptor_cookie
));
412 tt_assert(client_dup
->hsdirs_fp
);
413 tt_int_op(smartlist_len(client_dup
->hsdirs_fp
), OP_EQ
, 0);
414 for (rep
= 0; rep
< REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
; rep
++) {
415 tt_mem_op(client_dup_v2
->descriptor_id
[rep
], OP_EQ
,
416 client_v2
->descriptor_id
[rep
], DIGEST_LEN
);
418 /* The rest should be zeroed because this is a client request. */
419 tt_int_op(tor_digest_is_zero(client_dup_v2
->rend_pk_digest
), OP_EQ
, 1);
420 tt_int_op(tor_digest_is_zero(client_dup
->rend_cookie
), OP_EQ
, 1);
421 rend_data_free(client
);
423 rend_data_free(client_dup
);
427 base32_decode(desc_id
, sizeof(desc_id
), STR_DESC_ID_BASE32
,
428 REND_DESC_ID_V2_LEN_BASE32
);
429 memset(client_cookie
, 'e', sizeof(client_cookie
));
431 /* Try with different parameters here for which some content should be
433 client
= rend_data_client_create(NULL
, desc_id
, NULL
, REND_BASIC_AUTH
);
435 client_v2
= TO_REND_DATA_V2(client
);
436 tt_int_op(client_v2
->auth_type
, OP_EQ
, REND_BASIC_AUTH
);
437 tt_int_op(strlen(client_v2
->onion_address
), OP_EQ
, 0);
438 tt_mem_op(client_v2
->desc_id_fetch
, OP_EQ
, desc_id
, sizeof(desc_id
));
439 tt_int_op(tor_mem_is_zero(client_v2
->descriptor_cookie
,
440 sizeof(client_v2
->descriptor_cookie
)), OP_EQ
, 1);
441 tt_assert(client
->hsdirs_fp
);
442 tt_int_op(smartlist_len(client
->hsdirs_fp
), OP_EQ
, 0);
443 for (rep
= 0; rep
< REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
; rep
++) {
444 tt_int_op(tor_digest_is_zero(client_v2
->descriptor_id
[rep
]), OP_EQ
, 1);
446 /* The rest should be zeroed because this is a client request. */
447 tt_int_op(tor_digest_is_zero(client_v2
->rend_pk_digest
), OP_EQ
, 1);
448 tt_int_op(tor_digest_is_zero(client
->rend_cookie
), OP_EQ
, 1);
449 rend_data_free(client
);
452 /* Let's test the service object now. */
453 char rend_pk_digest
[DIGEST_LEN
];
454 uint8_t rend_cookie
[DIGEST_LEN
];
455 memset(rend_pk_digest
, 'f', sizeof(rend_pk_digest
));
456 memset(rend_cookie
, 'g', sizeof(rend_cookie
));
458 service
= rend_data_service_create(STR_HS_ADDR
, rend_pk_digest
,
459 rend_cookie
, REND_NO_AUTH
);
461 rend_data_v2_t
*service_v2
= TO_REND_DATA_V2(service
);
462 tt_int_op(service_v2
->auth_type
, OP_EQ
, REND_NO_AUTH
);
463 tt_str_op(service_v2
->onion_address
, OP_EQ
, STR_HS_ADDR
);
464 tt_mem_op(service_v2
->rend_pk_digest
, OP_EQ
, rend_pk_digest
,
465 sizeof(rend_pk_digest
));
466 tt_mem_op(service
->rend_cookie
, OP_EQ
, rend_cookie
, sizeof(rend_cookie
));
467 tt_assert(service
->hsdirs_fp
);
468 tt_int_op(smartlist_len(service
->hsdirs_fp
), OP_EQ
, 0);
469 for (rep
= 0; rep
< REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
; rep
++) {
470 tt_int_op(tor_digest_is_zero(service_v2
->descriptor_id
[rep
]), OP_EQ
, 1);
472 /* The rest should be zeroed because this is a service request. */
473 tt_int_op(tor_digest_is_zero(service_v2
->descriptor_cookie
), OP_EQ
, 1);
474 tt_int_op(tor_digest_is_zero(service_v2
->desc_id_fetch
), OP_EQ
, 1);
477 service_dup
= rend_data_dup(service
);
478 rend_data_v2_t
*service_dup_v2
= TO_REND_DATA_V2(service_dup
);
479 tt_assert(service_dup
);
480 tt_int_op(service_dup_v2
->auth_type
, OP_EQ
, service_v2
->auth_type
);
481 tt_str_op(service_dup_v2
->onion_address
, OP_EQ
, service_v2
->onion_address
);
482 tt_mem_op(service_dup_v2
->rend_pk_digest
, OP_EQ
, service_v2
->rend_pk_digest
,
483 sizeof(service_dup_v2
->rend_pk_digest
));
484 tt_mem_op(service_dup
->rend_cookie
, OP_EQ
, service
->rend_cookie
,
485 sizeof(service_dup
->rend_cookie
));
486 tt_assert(service_dup
->hsdirs_fp
);
487 tt_int_op(smartlist_len(service_dup
->hsdirs_fp
), OP_EQ
, 0);
488 for (rep
= 0; rep
< REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS
; rep
++) {
489 tt_assert(tor_digest_is_zero(service_dup_v2
->descriptor_id
[rep
]));
491 /* The rest should be zeroed because this is a service request. */
492 tt_int_op(tor_digest_is_zero(service_dup_v2
->descriptor_cookie
), OP_EQ
, 1);
493 tt_int_op(tor_digest_is_zero(service_dup_v2
->desc_id_fetch
), OP_EQ
, 1);
496 rend_data_free(service
);
497 rend_data_free(service_dup
);
498 rend_data_free(client
);
499 rend_data_free(client_dup
);
502 /* Test encoding and decoding service authorization cookies */
504 test_hs_auth_cookies(void *arg
)
506 #define TEST_COOKIE_RAW ((const uint8_t *) "abcdefghijklmnop")
507 #define TEST_COOKIE_ENCODED "YWJjZGVmZ2hpamtsbW5vcA"
508 #define TEST_COOKIE_ENCODED_STEALTH "YWJjZGVmZ2hpamtsbW5vcB"
509 #define TEST_COOKIE_ENCODED_INVALID "YWJjZGVmZ2hpamtsbW5vcD"
511 char *encoded_cookie
= NULL
;
512 uint8_t raw_cookie
[REND_DESC_COOKIE_LEN
];
513 rend_auth_type_t auth_type
;
514 char *err_msg
= NULL
;
519 /* Test that encoding gives the expected result */
520 encoded_cookie
= rend_auth_encode_cookie(TEST_COOKIE_RAW
, REND_BASIC_AUTH
);
521 tt_str_op(encoded_cookie
, OP_EQ
, TEST_COOKIE_ENCODED
);
522 tor_free(encoded_cookie
);
524 encoded_cookie
= rend_auth_encode_cookie(TEST_COOKIE_RAW
, REND_STEALTH_AUTH
);
525 tt_str_op(encoded_cookie
, OP_EQ
, TEST_COOKIE_ENCODED_STEALTH
);
526 tor_free(encoded_cookie
);
528 /* Decoding should give the original value */
529 re
= rend_auth_decode_cookie(TEST_COOKIE_ENCODED
, raw_cookie
, &auth_type
,
532 tt_ptr_op(err_msg
, OP_EQ
, NULL
);
533 tt_mem_op(raw_cookie
, OP_EQ
, TEST_COOKIE_RAW
, REND_DESC_COOKIE_LEN
);
534 tt_int_op(auth_type
, OP_EQ
, REND_BASIC_AUTH
);
535 memset(raw_cookie
, 0, sizeof(raw_cookie
));
537 re
= rend_auth_decode_cookie(TEST_COOKIE_ENCODED_STEALTH
, raw_cookie
,
538 &auth_type
, &err_msg
);
540 tt_ptr_op(err_msg
, OP_EQ
, NULL
);
541 tt_mem_op(raw_cookie
, OP_EQ
, TEST_COOKIE_RAW
, REND_DESC_COOKIE_LEN
);
542 tt_int_op(auth_type
, OP_EQ
, REND_STEALTH_AUTH
);
543 memset(raw_cookie
, 0, sizeof(raw_cookie
));
545 /* Decoding with padding characters should also work */
546 re
= rend_auth_decode_cookie(TEST_COOKIE_ENCODED
"==", raw_cookie
, NULL
,
549 tt_ptr_op(err_msg
, OP_EQ
, NULL
);
550 tt_mem_op(raw_cookie
, OP_EQ
, TEST_COOKIE_RAW
, REND_DESC_COOKIE_LEN
);
552 /* Decoding with an unknown type should fail */
553 re
= rend_auth_decode_cookie(TEST_COOKIE_ENCODED_INVALID
, raw_cookie
,
554 &auth_type
, &err_msg
);
555 tt_int_op(re
, OP_LT
, 0);
560 tor_free(encoded_cookie
);
566 static int mock_get_options_calls
= 0;
567 static or_options_t
*mock_options
= NULL
;
570 reset_options(or_options_t
*options
, int *get_options_calls
)
572 memset(options
, 0, sizeof(or_options_t
));
573 options
->TestingTorNetwork
= 1;
575 *get_options_calls
= 0;
578 static const or_options_t
*
579 mock_get_options(void)
581 ++mock_get_options_calls
;
582 tor_assert(mock_options
);
586 /* arg can't be 0 (the test fails) or 2 (the test is skipped) */
587 #define CREATE_HS_DIR_NONE ((intptr_t)0x04)
588 #define CREATE_HS_DIR1 ((intptr_t)0x08)
589 #define CREATE_HS_DIR2 ((intptr_t)0x10)
591 /* Test that single onion poisoning works. */
593 test_single_onion_poisoning(void *arg
)
597 reset_options(mock_options
, &mock_get_options_calls
);
598 MOCK(get_options
, mock_get_options
);
601 intptr_t create_dir_mask
= (intptr_t)arg
;
602 /* Get directories with a random suffix so we can repeat the tests */
603 mock_options
->DataDirectory
= tor_strdup(get_fname_rnd("test_data_dir"));
604 rend_service_t
*service_1
= tor_malloc_zero(sizeof(rend_service_t
));
605 char *dir1
= tor_strdup(get_fname_rnd("test_hs_dir1"));
606 rend_service_t
*service_2
= tor_malloc_zero(sizeof(rend_service_t
));
607 char *dir2
= tor_strdup(get_fname_rnd("test_hs_dir2"));
608 smartlist_t
*services
= smartlist_new();
609 char *poison_path
= NULL
;
610 char *err_msg
= NULL
;
612 mock_options
->HiddenServiceSingleHopMode
= 1;
613 mock_options
->HiddenServiceNonAnonymousMode
= 1;
615 /* Create the data directory, and, if the correct bit in arg is set,
616 * create a directory for that service.
617 * The data directory is required for the lockfile, which is used when
619 ret
= check_private_dir(mock_options
->DataDirectory
, CPD_CREATE
, NULL
);
620 tt_int_op(ret
, OP_EQ
, 0);
621 if (create_dir_mask
& CREATE_HS_DIR1
) {
622 ret
= check_private_dir(dir1
, CPD_CREATE
, NULL
);
623 tt_int_op(ret
, OP_EQ
, 0);
625 if (create_dir_mask
& CREATE_HS_DIR2
) {
626 ret
= check_private_dir(dir2
, CPD_CREATE
, NULL
);
627 tt_int_op(ret
, OP_EQ
, 0);
630 service_1
->directory
= dir1
;
631 service_2
->directory
= dir2
;
632 /* The services own the directory pointers now */
634 /* Add port to service 1 */
635 service_1
->ports
= smartlist_new();
636 service_2
->ports
= smartlist_new();
637 rend_service_port_config_t
*port1
= rend_service_parse_port_config("80", " ",
640 tt_ptr_op(err_msg
, OP_EQ
, NULL
);
641 smartlist_add(service_1
->ports
, port1
);
643 rend_service_port_config_t
*port2
= rend_service_parse_port_config("90", " ",
645 /* Add port to service 2 */
647 tt_ptr_op(err_msg
, OP_EQ
, NULL
);
648 smartlist_add(service_2
->ports
, port2
);
650 /* No services, a service to verify, no problem! */
651 mock_options
->HiddenServiceSingleHopMode
= 0;
652 mock_options
->HiddenServiceNonAnonymousMode
= 0;
653 ret
= rend_service_verify_single_onion_poison(service_1
, mock_options
);
654 tt_int_op(ret
, OP_EQ
, 0);
655 ret
= rend_service_verify_single_onion_poison(service_2
, mock_options
);
656 tt_int_op(ret
, OP_EQ
, 0);
658 /* Either way, no problem. */
659 mock_options
->HiddenServiceSingleHopMode
= 1;
660 mock_options
->HiddenServiceNonAnonymousMode
= 1;
661 ret
= rend_service_verify_single_onion_poison(service_1
, mock_options
);
662 tt_int_op(ret
, OP_EQ
, 0);
663 ret
= rend_service_verify_single_onion_poison(service_2
, mock_options
);
664 tt_int_op(ret
, OP_EQ
, 0);
666 /* Add the first service */
667 ret
= hs_check_service_private_dir(mock_options
->User
, service_1
->directory
,
668 service_1
->dir_group_readable
, 1);
669 tt_int_op(ret
, OP_EQ
, 0);
670 smartlist_add(services
, service_1
);
671 /* But don't add the second service yet. */
673 /* Service directories, but no previous keys, no problem! */
674 mock_options
->HiddenServiceSingleHopMode
= 0;
675 mock_options
->HiddenServiceNonAnonymousMode
= 0;
676 ret
= rend_service_verify_single_onion_poison(service_1
, mock_options
);
677 tt_int_op(ret
, OP_EQ
, 0);
678 ret
= rend_service_verify_single_onion_poison(service_2
, mock_options
);
679 tt_int_op(ret
, OP_EQ
, 0);
681 /* Either way, no problem. */
682 mock_options
->HiddenServiceSingleHopMode
= 1;
683 mock_options
->HiddenServiceNonAnonymousMode
= 1;
684 ret
= rend_service_verify_single_onion_poison(service_1
, mock_options
);
685 tt_int_op(ret
, OP_EQ
, 0);
686 ret
= rend_service_verify_single_onion_poison(service_2
, mock_options
);
687 tt_int_op(ret
, OP_EQ
, 0);
689 /* Poison! Poison! Poison!
690 * This can only be done in HiddenServiceSingleHopMode. */
691 mock_options
->HiddenServiceSingleHopMode
= 1;
692 mock_options
->HiddenServiceNonAnonymousMode
= 1;
693 ret
= rend_service_poison_new_single_onion_dir(service_1
, mock_options
);
694 tt_int_op(ret
, OP_EQ
, 0);
695 /* Poisoning twice is a no-op. */
696 ret
= rend_service_poison_new_single_onion_dir(service_1
, mock_options
);
697 tt_int_op(ret
, OP_EQ
, 0);
699 /* Poisoned service directories, but no previous keys, no problem! */
700 mock_options
->HiddenServiceSingleHopMode
= 0;
701 mock_options
->HiddenServiceNonAnonymousMode
= 0;
702 ret
= rend_service_verify_single_onion_poison(service_1
, mock_options
);
703 tt_int_op(ret
, OP_EQ
, 0);
704 ret
= rend_service_verify_single_onion_poison(service_2
, mock_options
);
705 tt_int_op(ret
, OP_EQ
, 0);
707 /* Either way, no problem. */
708 mock_options
->HiddenServiceSingleHopMode
= 1;
709 mock_options
->HiddenServiceNonAnonymousMode
= 1;
710 ret
= rend_service_verify_single_onion_poison(service_1
, mock_options
);
711 tt_int_op(ret
, OP_EQ
, 0);
712 ret
= rend_service_verify_single_onion_poison(service_2
, mock_options
);
713 tt_int_op(ret
, OP_EQ
, 0);
715 /* Now add some keys, and we'll have a problem. */
716 ret
= rend_service_load_all_keys(services
);
717 tt_int_op(ret
, OP_EQ
, 0);
719 /* Poisoned service directories with previous keys are not allowed. */
720 mock_options
->HiddenServiceSingleHopMode
= 0;
721 mock_options
->HiddenServiceNonAnonymousMode
= 0;
722 ret
= rend_service_verify_single_onion_poison(service_1
, mock_options
);
723 tt_int_op(ret
, OP_LT
, 0);
724 ret
= rend_service_verify_single_onion_poison(service_2
, mock_options
);
725 tt_int_op(ret
, OP_EQ
, 0);
727 /* But they are allowed if we're in non-anonymous mode. */
728 mock_options
->HiddenServiceSingleHopMode
= 1;
729 mock_options
->HiddenServiceNonAnonymousMode
= 1;
730 ret
= rend_service_verify_single_onion_poison(service_1
, mock_options
);
731 tt_int_op(ret
, OP_EQ
, 0);
732 ret
= rend_service_verify_single_onion_poison(service_2
, mock_options
);
733 tt_int_op(ret
, OP_EQ
, 0);
735 /* Re-poisoning directories with existing keys is a no-op, because
736 * directories with existing keys are ignored. */
737 mock_options
->HiddenServiceSingleHopMode
= 1;
738 mock_options
->HiddenServiceNonAnonymousMode
= 1;
739 ret
= rend_service_poison_new_single_onion_dir(service_1
, mock_options
);
740 tt_int_op(ret
, OP_EQ
, 0);
741 /* And it keeps the poison. */
742 ret
= rend_service_verify_single_onion_poison(service_1
, mock_options
);
743 tt_int_op(ret
, OP_EQ
, 0);
744 ret
= rend_service_verify_single_onion_poison(service_2
, mock_options
);
745 tt_int_op(ret
, OP_EQ
, 0);
747 /* Now add the second service: it has no key and no poison file */
748 ret
= hs_check_service_private_dir(mock_options
->User
, service_2
->directory
,
749 service_2
->dir_group_readable
, 1);
750 tt_int_op(ret
, OP_EQ
, 0);
751 smartlist_add(services
, service_2
);
753 /* A new service, and an existing poisoned service. Not ok. */
754 mock_options
->HiddenServiceSingleHopMode
= 0;
755 mock_options
->HiddenServiceNonAnonymousMode
= 0;
756 ret
= rend_service_verify_single_onion_poison(service_1
, mock_options
);
757 tt_int_op(ret
, OP_LT
, 0);
758 ret
= rend_service_verify_single_onion_poison(service_2
, mock_options
);
759 tt_int_op(ret
, OP_EQ
, 0);
761 /* But ok to add in non-anonymous mode. */
762 mock_options
->HiddenServiceSingleHopMode
= 1;
763 mock_options
->HiddenServiceNonAnonymousMode
= 1;
764 ret
= rend_service_verify_single_onion_poison(service_1
, mock_options
);
765 tt_int_op(ret
, OP_EQ
, 0);
766 ret
= rend_service_verify_single_onion_poison(service_2
, mock_options
);
767 tt_int_op(ret
, OP_EQ
, 0);
769 /* Now remove the poisoning from the first service, and we have the opposite
771 poison_path
= rend_service_sos_poison_path(service_1
);
772 tt_assert(poison_path
);
773 ret
= unlink(poison_path
);
774 tt_int_op(ret
, OP_EQ
, 0);
776 /* Unpoisoned service directories with previous keys are ok, as are empty
778 mock_options
->HiddenServiceSingleHopMode
= 0;
779 mock_options
->HiddenServiceNonAnonymousMode
= 0;
780 ret
= rend_service_verify_single_onion_poison(service_1
, mock_options
);
781 tt_int_op(ret
, OP_EQ
, 0);
782 ret
= rend_service_verify_single_onion_poison(service_2
, mock_options
);
783 tt_int_op(ret
, OP_EQ
, 0);
785 /* But the existing unpoisoned key is not ok in non-anonymous mode, even if
786 * there is an empty service. */
787 mock_options
->HiddenServiceSingleHopMode
= 1;
788 mock_options
->HiddenServiceNonAnonymousMode
= 1;
789 ret
= rend_service_verify_single_onion_poison(service_1
, mock_options
);
790 tt_int_op(ret
, OP_LT
, 0);
791 ret
= rend_service_verify_single_onion_poison(service_2
, mock_options
);
792 tt_int_op(ret
, OP_EQ
, 0);
794 /* Poisoning directories with existing keys is a no-op, because directories
795 * with existing keys are ignored. But the new directory should poison. */
796 mock_options
->HiddenServiceSingleHopMode
= 1;
797 mock_options
->HiddenServiceNonAnonymousMode
= 1;
798 ret
= rend_service_poison_new_single_onion_dir(service_1
, mock_options
);
799 tt_int_op(ret
, OP_EQ
, 0);
800 ret
= rend_service_poison_new_single_onion_dir(service_2
, mock_options
);
801 tt_int_op(ret
, OP_EQ
, 0);
802 /* And the old directory remains unpoisoned. */
803 ret
= rend_service_verify_single_onion_poison(service_1
, mock_options
);
804 tt_int_op(ret
, OP_LT
, 0);
805 ret
= rend_service_verify_single_onion_poison(service_2
, mock_options
);
806 tt_int_op(ret
, OP_EQ
, 0);
808 /* And the new directory should be ignored, because it has no key. */
809 mock_options
->HiddenServiceSingleHopMode
= 0;
810 mock_options
->HiddenServiceNonAnonymousMode
= 0;
811 ret
= rend_service_verify_single_onion_poison(service_1
, mock_options
);
812 tt_int_op(ret
, OP_EQ
, 0);
813 ret
= rend_service_verify_single_onion_poison(service_2
, mock_options
);
814 tt_int_op(ret
, OP_EQ
, 0);
816 /* Re-poisoning directories without existing keys is a no-op. */
817 mock_options
->HiddenServiceSingleHopMode
= 1;
818 mock_options
->HiddenServiceNonAnonymousMode
= 1;
819 ret
= rend_service_poison_new_single_onion_dir(service_1
, mock_options
);
820 tt_int_op(ret
, OP_EQ
, 0);
821 ret
= rend_service_poison_new_single_onion_dir(service_2
, mock_options
);
822 tt_int_op(ret
, OP_EQ
, 0);
823 /* And the old directory remains unpoisoned. */
824 ret
= rend_service_verify_single_onion_poison(service_1
, mock_options
);
825 tt_int_op(ret
, OP_LT
, 0);
826 ret
= rend_service_verify_single_onion_poison(service_2
, mock_options
);
827 tt_int_op(ret
, OP_EQ
, 0);
830 /* The test harness deletes the directories at exit */
831 tor_free(poison_path
);
834 smartlist_free(services
);
835 rend_service_free(service_1
);
836 rend_service_free(service_2
);
838 tor_free(mock_options
->DataDirectory
);
842 static rend_service_t
*
843 helper_create_rend_service(const char *path
)
845 rend_service_t
*s
= tor_malloc_zero(sizeof(rend_service_t
));
846 s
->ports
= smartlist_new();
847 s
->intro_nodes
= smartlist_new();
848 s
->expiring_nodes
= smartlist_new();
850 s
->directory
= tor_strdup(path
);
856 test_prune_services_on_reload(void *arg
)
858 smartlist_t
*new = smartlist_new(), *old
= smartlist_new();
859 /* Non ephemeral service. */
860 rend_service_t
*s1
= helper_create_rend_service("SomePath");
861 /* Create a non ephemeral service with the _same_ path as so we can test the
862 * transfer of introduction point between the same services on reload. */
863 rend_service_t
*s2
= helper_create_rend_service(s1
->directory
);
864 /* Ephemeral service (directory is NULL). */
865 rend_service_t
*e1
= helper_create_rend_service(NULL
);
866 rend_service_t
*e2
= helper_create_rend_service(NULL
);
871 /* Add both services to the old list. */
872 smartlist_add(old
, s1
);
873 smartlist_add(old
, e1
);
874 /* Only put the non ephemeral in the new list. */
875 smartlist_add(new, s1
);
876 set_rend_service_list(old
);
877 set_rend_rend_service_staging_list(new);
878 rend_service_prune_list_impl_();
879 /* We expect that the ephemeral one is in the new list but removed from
881 tt_int_op(smartlist_len(old
), OP_EQ
, 1);
882 tt_assert(smartlist_get(old
, 0) == s1
);
883 tt_int_op(smartlist_len(new), OP_EQ
, 2);
884 tt_assert(smartlist_get(new, 0) == s1
);
885 tt_assert(smartlist_get(new, 1) == e1
);
886 /* Cleanup for next test. */
887 smartlist_clear(new);
888 smartlist_clear(old
);
892 /* This test will make sure that only the ephemeral service is kept if the
893 * new list is empty. The old list should contain only the non ephemeral
895 smartlist_add(old
, s1
);
896 smartlist_add(old
, e1
);
897 set_rend_service_list(old
);
898 set_rend_rend_service_staging_list(new);
899 rend_service_prune_list_impl_();
900 tt_int_op(smartlist_len(old
), OP_EQ
, 1);
901 tt_assert(smartlist_get(old
, 0) == s1
);
902 tt_int_op(smartlist_len(new), OP_EQ
, 1);
903 tt_assert(smartlist_get(new, 0) == e1
);
904 /* Cleanup for next test. */
905 smartlist_clear(new);
906 smartlist_clear(old
);
910 /* This test makes sure that the new list stays the same even from the old
911 * list being completely different. */
912 smartlist_add(new, s1
);
913 smartlist_add(new, e1
);
914 set_rend_service_list(old
);
915 set_rend_rend_service_staging_list(new);
916 rend_service_prune_list_impl_();
917 tt_int_op(smartlist_len(old
), OP_EQ
, 0);
918 tt_int_op(smartlist_len(new), OP_EQ
, 2);
919 tt_assert(smartlist_get(new, 0) == s1
);
920 tt_assert(smartlist_get(new, 1) == e1
);
921 /* Cleanup for next test. */
922 smartlist_clear(new);
926 rend_intro_point_t ip1
;
927 /* This IP should be found in the s2 service after pruning. */
928 smartlist_add(s1
->intro_nodes
, &ip1
);
929 /* Setup our list. */
930 smartlist_add(old
, s1
);
931 smartlist_add(new, s2
);
932 set_rend_service_list(old
);
933 set_rend_rend_service_staging_list(new);
934 rend_service_prune_list_impl_();
935 tt_int_op(smartlist_len(old
), OP_EQ
, 1);
936 /* Intro nodes have been moved to the s2 in theory so it must be empty. */
937 tt_int_op(smartlist_len(s1
->intro_nodes
), OP_EQ
, 0);
938 tt_int_op(smartlist_len(new), OP_EQ
, 1);
939 rend_service_t
*elem
= smartlist_get(new, 0);
941 tt_assert(elem
== s2
);
942 tt_int_op(smartlist_len(elem
->intro_nodes
), OP_EQ
, 1);
943 tt_assert(smartlist_get(elem
->intro_nodes
, 0) == &ip1
);
944 smartlist_clear(s1
->intro_nodes
);
945 smartlist_clear(s2
->intro_nodes
);
946 /* Cleanup for next test. */
947 smartlist_clear(new);
948 smartlist_clear(old
);
952 /* Test two ephemeral services. */
953 smartlist_add(old
, e1
);
954 smartlist_add(old
, e2
);
955 set_rend_service_list(old
);
956 set_rend_rend_service_staging_list(new);
957 rend_service_prune_list_impl_();
958 /* Check if they've all been transferred. */
959 tt_int_op(smartlist_len(old
), OP_EQ
, 0);
960 tt_int_op(smartlist_len(new), OP_EQ
, 2);
964 rend_service_free(s1
);
965 rend_service_free(s2
);
966 rend_service_free(e1
);
967 rend_service_free(e2
);
972 struct testcase_t hs_tests
[] = {
973 { "hs_rend_data", test_hs_rend_data
, TT_FORK
,
975 { "hs_parse_static_v2_desc", test_hs_parse_static_v2_desc
, TT_FORK
,
977 { "hs_desc_event", test_hs_desc_event
, TT_FORK
,
979 { "hs_auth_cookies", test_hs_auth_cookies
, TT_FORK
,
981 { "single_onion_poisoning_create_dir_none", test_single_onion_poisoning
,
982 TT_FORK
, &passthrough_setup
, (void*)(CREATE_HS_DIR_NONE
) },
983 { "single_onion_poisoning_create_dir1", test_single_onion_poisoning
,
984 TT_FORK
, &passthrough_setup
, (void*)(CREATE_HS_DIR1
) },
985 { "single_onion_poisoning_create_dir2", test_single_onion_poisoning
,
986 TT_FORK
, &passthrough_setup
, (void*)(CREATE_HS_DIR2
) },
987 { "single_onion_poisoning_create_dir_both", test_single_onion_poisoning
,
988 TT_FORK
, &passthrough_setup
, (void*)(CREATE_HS_DIR1
| CREATE_HS_DIR2
) },
989 { "prune_services_on_reload", test_prune_services_on_reload
, TT_FORK
,