static int
extend_cell_from_extend1_cell_body(extend_cell_t *cell_out,
const extend1_cell_body_t *cell)
{
tor_assert(cell_out);
tor_assert(cell);
memset(cell_out, 0, sizeof(*cell_out));
tor_addr_make_unspec(&cell_out->orport_ipv4.addr);
tor_addr_make_unspec(&cell_out->orport_ipv6.addr);
cell_out->cell_type = RELAY_COMMAND_EXTEND;
tor_addr_from_ipv4h(&cell_out->orport_ipv4.addr, cell->ipv4addr);
cell_out->orport_ipv4.port = cell->port;
if (tor_memeq(cell->onionskin, NTOR_CREATE_MAGIC, 16)) {
cell_out->create_cell.cell_type = CELL_CREATE2;
cell_out->create_cell.handshake_type = ONION_HANDSHAKE_TYPE_NTOR;
cell_out->create_cell.handshake_len = NTOR_ONIONSKIN_LEN;
memcpy(cell_out->create_cell.onionskin, cell->onionskin + 16,
NTOR_ONIONSKIN_LEN);
} else {
cell_out->create_cell.cell_type = CELL_CREATE;
cell_out->create_cell.handshake_type = ONION_HANDSHAKE_TYPE_TAP;
cell_out->create_cell.handshake_len = TAP_ONIONSKIN_CHALLENGE_LEN;
memcpy(cell_out->create_cell.onionskin, cell->onionskin,
TAP_ONIONSKIN_CHALLENGE_LEN);
}
memcpy(cell_out->node_id, cell->identity, DIGEST_LEN);
return 0;
}
static int
extend_cell_from_extend2_cell_body(extend_cell_t *cell_out,
const extend2_cell_body_t *cell)
{
tor_assert(cell_out);
tor_assert(cell);
int found_ipv4 = 0, found_ipv6 = 0, found_rsa_id = 0, found_ed_id = 0;
memset(cell_out, 0, sizeof(*cell_out));
tor_addr_make_unspec(&cell_out->orport_ipv4.addr);
tor_addr_make_unspec(&cell_out->orport_ipv6.addr);
cell_out->cell_type = RELAY_COMMAND_EXTEND2;
unsigned i;
for (i = 0; i < cell->n_spec; ++i) {
const link_specifier_t *ls = extend2_cell_body_getconst_ls(cell, i);
switch (ls->ls_type) {
case LS_IPV4:
if (found_ipv4)
continue;
found_ipv4 = 1;
tor_addr_from_ipv4h(&cell_out->orport_ipv4.addr, ls->un_ipv4_addr);
cell_out->orport_ipv4.port = ls->un_ipv4_port;
break;
case LS_IPV6:
if (found_ipv6)
continue;
found_ipv6 = 1;
tor_addr_from_ipv6_bytes(&cell_out->orport_ipv6.addr,
(const char *)ls->un_ipv6_addr);
cell_out->orport_ipv6.port = ls->un_ipv6_port;
break;
case LS_LEGACY_ID:
if (found_rsa_id)
return -1;
found_rsa_id = 1;
memcpy(cell_out->node_id, ls->un_legacy_id, 20);
break;
case LS_ED25519_ID:
if (found_ed_id)
return -1;
found_ed_id = 1;
memcpy(cell_out->ed_pubkey.pubkey, ls->un_ed25519_id, 32);
break;
default:
/* Ignore this, whatever it is. */
break;
}
}
if (!found_rsa_id || !found_ipv4) /* These are mandatory */
return -1;
return create_cell_from_create2_cell_body(&cell_out->create_cell,
cell->create2);
}
static void
test_addr_is_loopback(void *data)
{
static const struct loopback_item {
const char *name;
int is_loopback;
} loopback_items[] = {
{ "::1", 1 },
{ "127.0.0.1", 1 },
{ "127.99.100.101", 1 },
{ "128.99.100.101", 0 },
{ "8.8.8.8", 0 },
{ "0.0.0.0", 0 },
{ "::2", 0 },
{ "::", 0 },
{ "::1.0.0.0", 0 },
{ NULL, 0 }
};
int i;
tor_addr_t addr;
(void)data;
for (i=0; loopback_items[i].name; ++i) {
tt_int_op(tor_addr_parse(&addr, loopback_items[i].name), OP_GE, 0);
tt_int_op(tor_addr_is_loopback(&addr), OP_EQ,
loopback_items[i].is_loopback);
}
tor_addr_make_unspec(&addr);
tt_int_op(tor_addr_is_loopback(&addr), OP_EQ, 0);
done:
;
}
/** Launch a new cpuworker. Return 0 if we're happy, -1 if we failed.
*/
static int
spawn_cpuworker(void)
{
tor_socket_t *fdarray;
tor_socket_t fd;
connection_t *conn;
int err;
fdarray = tor_malloc(sizeof(tor_socket_t)*2);
if ((err = tor_socketpair(AF_UNIX, SOCK_STREAM, 0, fdarray)) < 0) {
log_warn(LD_NET, "Couldn't construct socketpair for cpuworker: %s",
tor_socket_strerror(-err));
tor_free(fdarray);
return -1;
}
tor_assert(SOCKET_OK(fdarray[0]));
tor_assert(SOCKET_OK(fdarray[1]));
fd = fdarray[0];
if (spawn_func(cpuworker_main, (void*)fdarray) < 0) {
tor_close_socket(fdarray[0]);
tor_close_socket(fdarray[1]);
tor_free(fdarray);
return -1;
}
log_debug(LD_OR,"just spawned a cpu worker.");
#ifndef TOR_IS_MULTITHREADED
tor_close_socket(fdarray[1]); /* don't need the worker's side of the pipe */
tor_free(fdarray);
#endif
conn = connection_new(CONN_TYPE_CPUWORKER, AF_UNIX);
/* set up conn so it's got all the data we need to remember */
conn->s = fd;
conn->address = tor_strdup("localhost");
tor_addr_make_unspec(&conn->addr);
if (set_socket_nonblocking(fd) == -1) {
connection_free(conn); /* this closes fd */
return -1;
}
if (connection_add(conn) < 0) { /* no space, forget it */
log_warn(LD_NET,"connection_add for cpuworker failed. Giving up.");
connection_free(conn); /* this closes fd */
return -1;
}
conn->state = CPUWORKER_STATE_IDLE;
connection_start_reading(conn);
return 0; /* success */
}
/** Set the tor_addr_t in <b>a</b> to contain the socket address contained in
* <b>sa</b>. */
int
tor_addr_from_sockaddr(tor_addr_t *a, const struct sockaddr *sa,
uint16_t *port_out)
{
tor_assert(a);
tor_assert(sa);
if (sa->sa_family == AF_INET) {
struct sockaddr_in *sin = (struct sockaddr_in *) sa;
tor_addr_from_ipv4n(a, sin->sin_addr.s_addr);
if (port_out)
*port_out = ntohs(sin->sin_port);
} else if (sa->sa_family == AF_INET6) {
struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) sa;
tor_addr_from_in6(a, &sin6->sin6_addr);
if (port_out)
*port_out = ntohs(sin6->sin6_port);
} else {
tor_addr_make_unspec(a);
return -1;
}
return 0;
}
/** Parse an EXTEND or EXTEND2 cell (according to <b>command</b>) from the
* <b>payload_length</b> bytes of <b>payload</b> into <b>cell_out</b>. Return
* 0 on success, -1 on failure. */
int
extend_cell_parse(extend_cell_t *cell_out, const uint8_t command,
const uint8_t *payload, size_t payload_length)
{
const uint8_t *eop;
memset(cell_out, 0, sizeof(*cell_out));
if (payload_length > RELAY_PAYLOAD_SIZE)
return -1;
eop = payload + payload_length;
switch (command) {
case RELAY_COMMAND_EXTEND:
{
if (payload_length != 6 + TAP_ONIONSKIN_CHALLENGE_LEN + DIGEST_LEN)
return -1;
cell_out->cell_type = RELAY_COMMAND_EXTEND;
tor_addr_from_ipv4n(&cell_out->orport_ipv4.addr, get_uint32(payload));
cell_out->orport_ipv4.port = ntohs(get_uint16(payload+4));
tor_addr_make_unspec(&cell_out->orport_ipv6.addr);
if (tor_memeq(payload + 6, NTOR_CREATE_MAGIC, 16)) {
cell_out->create_cell.cell_type = CELL_CREATE2;
cell_out->create_cell.handshake_type = ONION_HANDSHAKE_TYPE_NTOR;
cell_out->create_cell.handshake_len = NTOR_ONIONSKIN_LEN;
memcpy(cell_out->create_cell.onionskin, payload + 22,
NTOR_ONIONSKIN_LEN);
} else {
cell_out->create_cell.cell_type = CELL_CREATE;
cell_out->create_cell.handshake_type = ONION_HANDSHAKE_TYPE_TAP;
cell_out->create_cell.handshake_len = TAP_ONIONSKIN_CHALLENGE_LEN;
memcpy(cell_out->create_cell.onionskin, payload + 6,
TAP_ONIONSKIN_CHALLENGE_LEN);
}
memcpy(cell_out->node_id, payload + 6 + TAP_ONIONSKIN_CHALLENGE_LEN,
DIGEST_LEN);
break;
}
case RELAY_COMMAND_EXTEND2:
{
uint8_t n_specs, spectype, speclen;
int i;
int found_ipv4 = 0, found_ipv6 = 0, found_id = 0;
tor_addr_make_unspec(&cell_out->orport_ipv4.addr);
tor_addr_make_unspec(&cell_out->orport_ipv6.addr);
if (payload_length == 0)
return -1;
cell_out->cell_type = RELAY_COMMAND_EXTEND2;
n_specs = *payload++;
/* Parse the specifiers. We'll only take the first IPv4 and first IPv6
* address, and the node ID, and ignore everything else */
for (i = 0; i < n_specs; ++i) {
if (eop - payload < 2)
return -1;
spectype = payload[0];
speclen = payload[1];
payload += 2;
if (eop - payload < speclen)
return -1;
switch (spectype) {
case SPECTYPE_IPV4:
if (speclen != 6)
return -1;
if (!found_ipv4) {
tor_addr_from_ipv4n(&cell_out->orport_ipv4.addr,
get_uint32(payload));
cell_out->orport_ipv4.port = ntohs(get_uint16(payload+4));
found_ipv4 = 1;
}
break;
case SPECTYPE_IPV6:
if (speclen != 18)
return -1;
if (!found_ipv6) {
tor_addr_from_ipv6_bytes(&cell_out->orport_ipv6.addr,
(const char*)payload);
cell_out->orport_ipv6.port = ntohs(get_uint16(payload+16));
found_ipv6 = 1;
}
break;
case SPECTYPE_LEGACY_ID:
if (speclen != 20)
return -1;
if (found_id)
return -1;
memcpy(cell_out->node_id, payload, 20);
found_id = 1;
break;
}
payload += speclen;
}
if (!found_id || !found_ipv4)
return -1;
if (parse_create2_payload(&cell_out->create_cell,payload,eop-payload)<0)
return -1;
break;
}
default:
return -1;
}
return check_extend_cell(cell_out);
}
/** Send a resolve request for <b>hostname</b> to the Tor listening on
* <b>sockshost</b>:<b>socksport</b>. Store the resulting IPv4
* address (in host order) into *<b>result_addr</b>.
*/
static int
do_resolve(const char *hostname, uint32_t sockshost, uint16_t socksport,
int reverse, int version,
tor_addr_t *result_addr, char **result_hostname)
{
int s = -1;
struct sockaddr_in socksaddr;
char *req = NULL;
ssize_t len = 0;
tor_assert(hostname);
tor_assert(result_addr);
tor_assert(version == 4 || version == 5);
tor_addr_make_unspec(result_addr);
*result_hostname = NULL;
s = tor_open_socket(PF_INET,SOCK_STREAM,IPPROTO_TCP);
if (s<0) {
log_sock_error("creating_socket", -1);
return -1;
}
memset(&socksaddr, 0, sizeof(socksaddr));
socksaddr.sin_family = AF_INET;
socksaddr.sin_port = htons(socksport);
socksaddr.sin_addr.s_addr = htonl(sockshost);
if (connect(s, (struct sockaddr*)&socksaddr, sizeof(socksaddr))) {
log_sock_error("connecting to SOCKS host", s);
goto err;
}
if (version == 5) {
char method_buf[2];
if (write_all(s, "\x05\x01\x00", 3, 1) != 3) {
log_err(LD_NET, "Error sending SOCKS5 method list.");
goto err;
}
if (read_all(s, method_buf, 2, 1) != 2) {
log_err(LD_NET, "Error reading SOCKS5 methods.");
goto err;
}
if (method_buf[0] != '\x05') {
log_err(LD_NET, "Unrecognized socks version: %u",
(unsigned)method_buf[0]);
goto err;
}
if (method_buf[1] != '\x00') {
log_err(LD_NET, "Unrecognized socks authentication method: %u",
(unsigned)method_buf[1]);
goto err;
}
}
if ((len = build_socks_resolve_request(&req, "", hostname, reverse,
version))<0) {
log_err(LD_BUG,"Error generating SOCKS request");
tor_assert(!req);
goto err;
}
if (write_all(s, req, len, 1) != len) {
log_sock_error("sending SOCKS request", s);
tor_free(req);
goto err;
}
tor_free(req);
if (version == 4) {
char reply_buf[RESPONSE_LEN_4];
if (read_all(s, reply_buf, RESPONSE_LEN_4, 1) != RESPONSE_LEN_4) {
log_err(LD_NET, "Error reading SOCKS4 response.");
goto err;
}
if (parse_socks4a_resolve_response(hostname,
reply_buf, RESPONSE_LEN_4,
result_addr)<0) {
goto err;
}
} else {
char reply_buf[16];
if (read_all(s, reply_buf, 4, 1) != 4) {
log_err(LD_NET, "Error reading SOCKS5 response.");
goto err;
}
if (reply_buf[0] != 5) {
log_err(LD_NET, "Bad SOCKS5 reply version.");
goto err;
}
/* Give a user some useful feedback about SOCKS5 errors */
if (reply_buf[1] != 0) {
log_warn(LD_NET,"Got SOCKS5 status response '%u': %s",
(unsigned)reply_buf[1],
socks5_reason_to_string(reply_buf[1]));
if (reply_buf[1] == 4 && !strcasecmpend(hostname, ".onion")) {
onion_warning(hostname);
}
goto err;
}
if (reply_buf[3] == 1) {
/* IPv4 address */
if (read_all(s, reply_buf, 4, 1) != 4) {
log_err(LD_NET, "Error reading address in socks5 response.");
goto err;
}
tor_addr_from_ipv4n(result_addr, get_uint32(reply_buf));
} else if (reply_buf[3] == 4) {
/* IPv6 address */
if (read_all(s, reply_buf, 16, 1) != 16) {
log_err(LD_NET, "Error reading address in socks5 response.");
goto err;
}
tor_addr_from_ipv6_bytes(result_addr, reply_buf);
} else if (reply_buf[3] == 3) {
/* Domain name */
size_t result_len;
if (read_all(s, reply_buf, 1, 1) != 1) {
log_err(LD_NET, "Error reading address_length in socks5 response.");
goto err;
}
result_len = *(uint8_t*)(reply_buf);
*result_hostname = tor_malloc(result_len+1);
if (read_all(s, *result_hostname, result_len, 1) != (int) result_len) {
log_err(LD_NET, "Error reading hostname in socks5 response.");
goto err;
}
(*result_hostname)[result_len] = '\0';
}
}
tor_close_socket(s);
return 0;
err:
tor_close_socket(s);
return -1;
}
/** Run unit tests for generating summary lines of exit policies */
static void
test_policies_general(void *arg)
{
int i;
smartlist_t *policy = NULL, *policy2 = NULL, *policy3 = NULL,
*policy4 = NULL, *policy5 = NULL, *policy6 = NULL,
*policy7 = NULL;
addr_policy_t *p;
tor_addr_t tar;
config_line_t line;
smartlist_t *sm = NULL;
char *policy_str = NULL;
short_policy_t *short_parsed = NULL;
(void)arg;
policy = smartlist_new();
p = router_parse_addr_policy_item_from_string("reject 192.168.0.0/16:*",-1);
test_assert(p != NULL);
test_eq(ADDR_POLICY_REJECT, p->policy_type);
tor_addr_from_ipv4h(&tar, 0xc0a80000u);
test_eq(0, tor_addr_compare(&p->addr, &tar, CMP_EXACT));
test_eq(16, p->maskbits);
test_eq(1, p->prt_min);
test_eq(65535, p->prt_max);
smartlist_add(policy, p);
tor_addr_from_ipv4h(&tar, 0x01020304u);
test_assert(ADDR_POLICY_ACCEPTED ==
compare_tor_addr_to_addr_policy(&tar, 2, policy));
tor_addr_make_unspec(&tar);
test_assert(ADDR_POLICY_PROBABLY_ACCEPTED ==
compare_tor_addr_to_addr_policy(&tar, 2, policy));
tor_addr_from_ipv4h(&tar, 0xc0a80102);
test_assert(ADDR_POLICY_REJECTED ==
compare_tor_addr_to_addr_policy(&tar, 2, policy));
test_assert(0 == policies_parse_exit_policy(NULL, &policy2, 1, 1, 0, 1));
test_assert(policy2);
policy3 = smartlist_new();
p = router_parse_addr_policy_item_from_string("reject *:*",-1);
test_assert(p != NULL);
smartlist_add(policy3, p);
p = router_parse_addr_policy_item_from_string("accept *:*",-1);
test_assert(p != NULL);
smartlist_add(policy3, p);
policy4 = smartlist_new();
p = router_parse_addr_policy_item_from_string("accept *:443",-1);
test_assert(p != NULL);
smartlist_add(policy4, p);
p = router_parse_addr_policy_item_from_string("accept *:443",-1);
test_assert(p != NULL);
smartlist_add(policy4, p);
policy5 = smartlist_new();
p = router_parse_addr_policy_item_from_string("reject 0.0.0.0/8:*",-1);
test_assert(p != NULL);
smartlist_add(policy5, p);
p = router_parse_addr_policy_item_from_string("reject 169.254.0.0/16:*",-1);
test_assert(p != NULL);
smartlist_add(policy5, p);
p = router_parse_addr_policy_item_from_string("reject 127.0.0.0/8:*",-1);
test_assert(p != NULL);
smartlist_add(policy5, p);
p = router_parse_addr_policy_item_from_string("reject 192.168.0.0/16:*",-1);
test_assert(p != NULL);
smartlist_add(policy5, p);
p = router_parse_addr_policy_item_from_string("reject 10.0.0.0/8:*",-1);
test_assert(p != NULL);
smartlist_add(policy5, p);
p = router_parse_addr_policy_item_from_string("reject 172.16.0.0/12:*",-1);
test_assert(p != NULL);
smartlist_add(policy5, p);
p = router_parse_addr_policy_item_from_string("reject 80.190.250.90:*",-1);
test_assert(p != NULL);
smartlist_add(policy5, p);
p = router_parse_addr_policy_item_from_string("reject *:1-65534",-1);
test_assert(p != NULL);
smartlist_add(policy5, p);
p = router_parse_addr_policy_item_from_string("reject *:65535",-1);
test_assert(p != NULL);
smartlist_add(policy5, p);
p = router_parse_addr_policy_item_from_string("accept *:1-65535",-1);
test_assert(p != NULL);
smartlist_add(policy5, p);
policy6 = smartlist_new();
p = router_parse_addr_policy_item_from_string("accept 43.3.0.0/9:*",-1);
test_assert(p != NULL);
smartlist_add(policy6, p);
policy7 = smartlist_new();
p = router_parse_addr_policy_item_from_string("accept 0.0.0.0/8:*",-1);
test_assert(p != NULL);
smartlist_add(policy7, p);
test_assert(!exit_policy_is_general_exit(policy));
test_assert(exit_policy_is_general_exit(policy2));
test_assert(!exit_policy_is_general_exit(NULL));
test_assert(!exit_policy_is_general_exit(policy3));
test_assert(!exit_policy_is_general_exit(policy4));
test_assert(!exit_policy_is_general_exit(policy5));
test_assert(!exit_policy_is_general_exit(policy6));
test_assert(!exit_policy_is_general_exit(policy7));
test_assert(cmp_addr_policies(policy, policy2));
test_assert(cmp_addr_policies(policy, NULL));
test_assert(!cmp_addr_policies(policy2, policy2));
test_assert(!cmp_addr_policies(NULL, NULL));
test_assert(!policy_is_reject_star(policy2, AF_INET));
test_assert(policy_is_reject_star(policy, AF_INET));
test_assert(policy_is_reject_star(NULL, AF_INET));
addr_policy_list_free(policy);
policy = NULL;
/* make sure compacting logic works. */
policy = NULL;
line.key = (char*)"foo";
line.value = (char*)"accept *:80,reject private:*,reject *:*";
line.next = NULL;
test_assert(0 == policies_parse_exit_policy(&line, &policy, 1, 0, 0, 1));
test_assert(policy);
//test_streq(policy->string, "accept *:80");
//test_streq(policy->next->string, "reject *:*");
test_eq(smartlist_len(policy), 4);
/* test policy summaries */
/* check if we properly ignore private IP addresses */
test_policy_summary_helper("reject 192.168.0.0/16:*,"
"reject 0.0.0.0/8:*,"
"reject 10.0.0.0/8:*,"
"accept *:10-30,"
"accept *:90,"
"reject *:*",
"accept 10-30,90");
/* check all accept policies, and proper counting of rejects */
test_policy_summary_helper("reject 11.0.0.0/9:80,"
"reject 12.0.0.0/9:80,"
"reject 13.0.0.0/9:80,"
"reject 14.0.0.0/9:80,"
"accept *:*", "accept 1-65535");
test_policy_summary_helper("reject 11.0.0.0/9:80,"
"reject 12.0.0.0/9:80,"
"reject 13.0.0.0/9:80,"
"reject 14.0.0.0/9:80,"
"reject 15.0.0.0:81,"
"accept *:*", "accept 1-65535");
test_policy_summary_helper("reject 11.0.0.0/9:80,"
"reject 12.0.0.0/9:80,"
"reject 13.0.0.0/9:80,"
"reject 14.0.0.0/9:80,"
"reject 15.0.0.0:80,"
"accept *:*",
"reject 80");
/* no exits */
test_policy_summary_helper("accept 11.0.0.0/9:80,"
"reject *:*",
"reject 1-65535");
/* port merging */
test_policy_summary_helper("accept *:80,"
"accept *:81,"
"accept *:100-110,"
"accept *:111,"
"reject *:*",
"accept 80-81,100-111");
/* border ports */
test_policy_summary_helper("accept *:1,"
"accept *:3,"
"accept *:65535,"
"reject *:*",
"accept 1,3,65535");
/* holes */
test_policy_summary_helper("accept *:1,"
"accept *:3,"
"accept *:5,"
"accept *:7,"
"reject *:*",
"accept 1,3,5,7");
test_policy_summary_helper("reject *:1,"
"reject *:3,"
"reject *:5,"
"reject *:7,"
"accept *:*",
"reject 1,3,5,7");
/* Short policies with unrecognized formats should get accepted. */
test_short_policy_parse("accept fred,2,3-5", "accept 2,3-5");
test_short_policy_parse("accept 2,fred,3", "accept 2,3");
test_short_policy_parse("accept 2,fred,3,bob", "accept 2,3");
test_short_policy_parse("accept 2,-3,500-600", "accept 2,500-600");
/* Short policies with nil entries are accepted too. */
test_short_policy_parse("accept 1,,3", "accept 1,3");
test_short_policy_parse("accept 100-200,,", "accept 100-200");
test_short_policy_parse("reject ,1-10,,,,30-40", "reject 1-10,30-40");
/* Try parsing various broken short policies */
#define TT_BAD_SHORT_POLICY(s) \
do { \
tt_ptr_op(NULL, ==, (short_parsed = parse_short_policy((s)))); \
} while (0)
TT_BAD_SHORT_POLICY("accept 200-199");
TT_BAD_SHORT_POLICY("");
TT_BAD_SHORT_POLICY("rejekt 1,2,3");
TT_BAD_SHORT_POLICY("reject ");
TT_BAD_SHORT_POLICY("reject");
TT_BAD_SHORT_POLICY("rej");
TT_BAD_SHORT_POLICY("accept 2,3,100000");
TT_BAD_SHORT_POLICY("accept 2,3x,4");
TT_BAD_SHORT_POLICY("accept 2,3x,4");
TT_BAD_SHORT_POLICY("accept 2-");
TT_BAD_SHORT_POLICY("accept 2-x");
TT_BAD_SHORT_POLICY("accept 1-,3");
TT_BAD_SHORT_POLICY("accept 1-,3");
/* Test a too-long policy. */
{
int i;
char *policy = NULL;
smartlist_t *chunks = smartlist_new();
smartlist_add(chunks, tor_strdup("accept "));
for (i=1; i<10000; ++i)
smartlist_add_asprintf(chunks, "%d,", i);
smartlist_add(chunks, tor_strdup("20000"));
policy = smartlist_join_strings(chunks, "", 0, NULL);
SMARTLIST_FOREACH(chunks, char *, ch, tor_free(ch));
smartlist_free(chunks);
short_parsed = parse_short_policy(policy);/* shouldn't be accepted */
tor_free(policy);
tt_ptr_op(NULL, ==, short_parsed);
}
/* truncation ports */
sm = smartlist_new();
for (i=1; i<2000; i+=2) {
char buf[POLICY_BUF_LEN];
tor_snprintf(buf, sizeof(buf), "reject *:%d", i);
smartlist_add(sm, tor_strdup(buf));
}
smartlist_add(sm, tor_strdup("accept *:*"));
policy_str = smartlist_join_strings(sm, ",", 0, NULL);
test_policy_summary_helper( policy_str,
"accept 2,4,6,8,10,12,14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,"
"46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,"
"92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126,128,"
"130,132,134,136,138,140,142,144,146,148,150,152,154,156,158,160,162,164,"
"166,168,170,172,174,176,178,180,182,184,186,188,190,192,194,196,198,200,"
"202,204,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,"
"238,240,242,244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,"
"274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,"
"310,312,314,316,318,320,322,324,326,328,330,332,334,336,338,340,342,344,"
"346,348,350,352,354,356,358,360,362,364,366,368,370,372,374,376,378,380,"
"382,384,386,388,390,392,394,396,398,400,402,404,406,408,410,412,414,416,"
"418,420,422,424,426,428,430,432,434,436,438,440,442,444,446,448,450,452,"
"454,456,458,460,462,464,466,468,470,472,474,476,478,480,482,484,486,488,"
"490,492,494,496,498,500,502,504,506,508,510,512,514,516,518,520,522");
done:
addr_policy_list_free(policy);
addr_policy_list_free(policy2);
addr_policy_list_free(policy3);
addr_policy_list_free(policy4);
addr_policy_list_free(policy5);
addr_policy_list_free(policy6);
addr_policy_list_free(policy7);
tor_free(policy_str);
if (sm) {
SMARTLIST_FOREACH(sm, char *, s, tor_free(s));
smartlist_free(sm);
}
short_policy_free(short_parsed);
}
hs_desc_intro_point_t *
hs_helper_build_intro_point(const ed25519_keypair_t *signing_kp, time_t now,
const char *addr, int legacy)
{
int ret;
ed25519_keypair_t auth_kp;
hs_desc_intro_point_t *intro_point = NULL;
hs_desc_intro_point_t *ip = hs_desc_intro_point_new();
/* For a usable intro point we need at least two link specifiers: One legacy
* keyid and one ipv4 */
{
tor_addr_t a;
tor_addr_make_unspec(&a);
link_specifier_t *ls_legacy = link_specifier_new();
link_specifier_t *ls_ip = link_specifier_new();
link_specifier_set_ls_type(ls_legacy, LS_LEGACY_ID);
memset(link_specifier_getarray_un_legacy_id(ls_legacy), 'C',
link_specifier_getlen_un_legacy_id(ls_legacy));
int family = tor_addr_parse(&a, addr);
switch (family) {
case AF_INET:
link_specifier_set_ls_type(ls_ip, LS_IPV4);
link_specifier_set_un_ipv4_addr(ls_ip, tor_addr_to_ipv4h(&a));
link_specifier_set_un_ipv4_port(ls_ip, 9001);
break;
case AF_INET6:
link_specifier_set_ls_type(ls_ip, LS_IPV6);
memcpy(link_specifier_getarray_un_ipv6_addr(ls_ip),
tor_addr_to_in6_addr8(&a),
link_specifier_getlen_un_ipv6_addr(ls_ip));
link_specifier_set_un_ipv6_port(ls_ip, 9001);
break;
default:
/* Stop the test, not supposed to have an error.
* Compare with -1 to show the actual family.
*/
tt_int_op(family, OP_EQ, -1);
}
smartlist_add(ip->link_specifiers, ls_legacy);
smartlist_add(ip->link_specifiers, ls_ip);
}
ret = ed25519_keypair_generate(&auth_kp, 0);
tt_int_op(ret, ==, 0);
ip->auth_key_cert = tor_cert_create(signing_kp, CERT_TYPE_AUTH_HS_IP_KEY,
&auth_kp.pubkey, now,
HS_DESC_CERT_LIFETIME,
CERT_FLAG_INCLUDE_SIGNING_KEY);
tt_assert(ip->auth_key_cert);
if (legacy) {
ip->legacy.key = crypto_pk_new();
tt_assert(ip->legacy.key);
ret = crypto_pk_generate_key(ip->legacy.key);
tt_int_op(ret, ==, 0);
ssize_t cert_len = tor_make_rsa_ed25519_crosscert(
&signing_kp->pubkey, ip->legacy.key,
now + HS_DESC_CERT_LIFETIME,
&ip->legacy.cert.encoded);
tt_assert(ip->legacy.cert.encoded);
tt_u64_op(cert_len, OP_GT, 0);
ip->legacy.cert.len = cert_len;
}
/* Encryption key. */
{
int signbit;
curve25519_keypair_t curve25519_kp;
ed25519_keypair_t ed25519_kp;
tor_cert_t *cross_cert;
ret = curve25519_keypair_generate(&curve25519_kp, 0);
tt_int_op(ret, ==, 0);
ed25519_keypair_from_curve25519_keypair(&ed25519_kp, &signbit,
&curve25519_kp);
cross_cert = tor_cert_create(signing_kp, CERT_TYPE_CROSS_HS_IP_KEYS,
&ed25519_kp.pubkey, time(NULL),
HS_DESC_CERT_LIFETIME,
CERT_FLAG_INCLUDE_SIGNING_KEY);
tt_assert(cross_cert);
ip->enc_key_cert = cross_cert;
}
intro_point = ip;
done:
if (intro_point == NULL)
tor_free(ip);
return intro_point;
}
static void
test_cfmt_connected_cells(void *arg)
{
relay_header_t rh;
cell_t cell;
tor_addr_t addr;
int ttl, r;
char *mem_op_hex_tmp = NULL;
(void)arg;
/* Let's try an oldschool one with nothing in it. */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED, "", 0);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, 0);
tt_int_op(tor_addr_family(&addr), ==, AF_UNSPEC);
tt_int_op(ttl, ==, -1);
/* A slightly less oldschool one: only an IPv4 address */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED, "\x20\x30\x40\x50", 4);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, 0);
tt_int_op(tor_addr_family(&addr), ==, AF_INET);
tt_str_op(fmt_addr(&addr), ==, "32.48.64.80");
tt_int_op(ttl, ==, -1);
/* Bogus but understandable: truncated TTL */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED, "\x11\x12\x13\x14\x15", 5);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, 0);
tt_int_op(tor_addr_family(&addr), ==, AF_INET);
tt_str_op(fmt_addr(&addr), ==, "17.18.19.20");
tt_int_op(ttl, ==, -1);
/* Regular IPv4 one: address and TTL */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
"\x02\x03\x04\x05\x00\x00\x0e\x10", 8);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, 0);
tt_int_op(tor_addr_family(&addr), ==, AF_INET);
tt_str_op(fmt_addr(&addr), ==, "2.3.4.5");
tt_int_op(ttl, ==, 3600);
/* IPv4 with too-big TTL */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
"\x02\x03\x04\x05\xf0\x00\x00\x00", 8);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, 0);
tt_int_op(tor_addr_family(&addr), ==, AF_INET);
tt_str_op(fmt_addr(&addr), ==, "2.3.4.5");
tt_int_op(ttl, ==, -1);
/* IPv6 (ttl is mandatory) */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
"\x00\x00\x00\x00\x06"
"\x26\x07\xf8\xb0\x40\x0c\x0c\x02"
"\x00\x00\x00\x00\x00\x00\x00\x68"
"\x00\x00\x02\x58", 25);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, 0);
tt_int_op(tor_addr_family(&addr), ==, AF_INET6);
tt_str_op(fmt_addr(&addr), ==, "2607:f8b0:400c:c02::68");
tt_int_op(ttl, ==, 600);
/* IPv6 (ttl too big) */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
"\x00\x00\x00\x00\x06"
"\x26\x07\xf8\xb0\x40\x0c\x0c\x02"
"\x00\x00\x00\x00\x00\x00\x00\x68"
"\x90\x00\x02\x58", 25);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, 0);
tt_int_op(tor_addr_family(&addr), ==, AF_INET6);
tt_str_op(fmt_addr(&addr), ==, "2607:f8b0:400c:c02::68");
tt_int_op(ttl, ==, -1);
/* Bogus size: 3. */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
"\x00\x01\x02", 3);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, -1);
/* Bogus family: 7. */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
"\x00\x00\x00\x00\x07"
"\x26\x07\xf8\xb0\x40\x0c\x0c\x02"
"\x00\x00\x00\x00\x00\x00\x00\x68"
"\x90\x00\x02\x58", 25);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, -1);
/* Truncated IPv6. */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
"\x00\x00\x00\x00\x06"
"\x26\x07\xf8\xb0\x40\x0c\x0c\x02"
"\x00\x00\x00\x00\x00\x00\x00\x68"
"\x00\x00\x02", 24);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, -1);
/* Now make sure we can generate connected cells correctly. */
/* Try an IPv4 address */
memset(&rh, 0, sizeof(rh));
memset(&cell, 0, sizeof(cell));
tor_addr_parse(&addr, "30.40.50.60");
rh.length = connected_cell_format_payload(cell.payload+RELAY_HEADER_SIZE,
&addr, 128);
tt_int_op(rh.length, ==, 8);
test_memeq_hex(cell.payload+RELAY_HEADER_SIZE, "1e28323c" "00000080");
/* Try parsing it. */
tor_addr_make_unspec(&addr);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, 0);
tt_int_op(tor_addr_family(&addr), ==, AF_INET);
tt_str_op(fmt_addr(&addr), ==, "30.40.50.60");
tt_int_op(ttl, ==, 128);
/* Try an IPv6 address */
memset(&rh, 0, sizeof(rh));
memset(&cell, 0, sizeof(cell));
tor_addr_parse(&addr, "2620::6b0:b:1a1a:0:26e5:480e");
rh.length = connected_cell_format_payload(cell.payload+RELAY_HEADER_SIZE,
&addr, 3600);
tt_int_op(rh.length, ==, 25);
test_memeq_hex(cell.payload + RELAY_HEADER_SIZE,
"00000000" "06"
"2620000006b0000b1a1a000026e5480e" "00000e10");
/* Try parsing it. */
tor_addr_make_unspec(&addr);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, 0);
tt_int_op(tor_addr_family(&addr), ==, AF_INET6);
tt_str_op(fmt_addr(&addr), ==, "2620:0:6b0:b:1a1a:0:26e5:480e");
tt_int_op(ttl, ==, 3600);
done:
tor_free(mem_op_hex_tmp);
}
