/** Run unit tests for smartlist-of-digests functions. */
static void
test_container_smartlist_digests(void)
{
smartlist_t *sl = smartlist_new();
/* contains_digest */
smartlist_add(sl, tor_memdup("AAAAAAAAAAAAAAAAAAAA", DIGEST_LEN));
smartlist_add(sl, tor_memdup("\00090AAB2AAAAaasdAAAAA", DIGEST_LEN));
smartlist_add(sl, tor_memdup("\00090AAB2AAAAaasdAAAAA", DIGEST_LEN));
test_eq(0, smartlist_contains_digest(NULL, "AAAAAAAAAAAAAAAAAAAA"));
test_assert(smartlist_contains_digest(sl, "AAAAAAAAAAAAAAAAAAAA"));
test_assert(smartlist_contains_digest(sl, "\00090AAB2AAAAaasdAAAAA"));
test_eq(0, smartlist_contains_digest(sl, "\00090AAB2AAABaasdAAAAA"));
/* sort digests */
smartlist_sort_digests(sl);
test_memeq(smartlist_get(sl, 0), "\00090AAB2AAAAaasdAAAAA", DIGEST_LEN);
test_memeq(smartlist_get(sl, 1), "\00090AAB2AAAAaasdAAAAA", DIGEST_LEN);
test_memeq(smartlist_get(sl, 2), "AAAAAAAAAAAAAAAAAAAA", DIGEST_LEN);
test_eq(3, smartlist_len(sl));
/* uniq_digests */
smartlist_uniq_digests(sl);
test_eq(2, smartlist_len(sl));
test_memeq(smartlist_get(sl, 0), "\00090AAB2AAAAaasdAAAAA", DIGEST_LEN);
test_memeq(smartlist_get(sl, 1), "AAAAAAAAAAAAAAAAAAAA", DIGEST_LEN);
done:
SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
smartlist_free(sl);
}
/** Return a new copy of <b>cert</b> */
tor_cert_t *
tor_cert_dup(const tor_cert_t *cert)
{
tor_cert_t *newcert = tor_memdup(cert, sizeof(tor_cert_t));
if (cert->encoded)
newcert->encoded = tor_memdup(cert->encoded, cert->encoded_len);
return newcert;
}
/* Test connection_or_remove_from_ext_or_id_map and
* connection_or_set_ext_or_identifier */
static void
test_ext_or_id_map(void *arg)
{
or_connection_t *c1 = NULL, *c2 = NULL, *c3 = NULL;
char *idp = NULL, *idp2 = NULL;
(void)arg;
/* pre-initialization */
tt_ptr_op(NULL, OP_EQ,
connection_or_get_by_ext_or_id("xxxxxxxxxxxxxxxxxxxx"));
c1 = or_connection_new(CONN_TYPE_EXT_OR, AF_INET);
c2 = or_connection_new(CONN_TYPE_EXT_OR, AF_INET);
c3 = or_connection_new(CONN_TYPE_OR, AF_INET);
tt_ptr_op(c1->ext_or_conn_id, OP_NE, NULL);
tt_ptr_op(c2->ext_or_conn_id, OP_NE, NULL);
tt_ptr_op(c3->ext_or_conn_id, OP_EQ, NULL);
tt_ptr_op(c1, OP_EQ, connection_or_get_by_ext_or_id(c1->ext_or_conn_id));
tt_ptr_op(c2, OP_EQ, connection_or_get_by_ext_or_id(c2->ext_or_conn_id));
tt_ptr_op(NULL, OP_EQ,
connection_or_get_by_ext_or_id("xxxxxxxxxxxxxxxxxxxx"));
idp = tor_memdup(c2->ext_or_conn_id, EXT_OR_CONN_ID_LEN);
/* Give c2 a new ID. */
connection_or_set_ext_or_identifier(c2);
tt_mem_op(idp, OP_NE, c2->ext_or_conn_id, EXT_OR_CONN_ID_LEN);
idp2 = tor_memdup(c2->ext_or_conn_id, EXT_OR_CONN_ID_LEN);
tt_assert(!tor_digest_is_zero(idp2));
tt_ptr_op(NULL, OP_EQ, connection_or_get_by_ext_or_id(idp));
tt_ptr_op(c2, OP_EQ, connection_or_get_by_ext_or_id(idp2));
/* Now remove it. */
connection_or_remove_from_ext_or_id_map(c2);
tt_ptr_op(NULL, OP_EQ, connection_or_get_by_ext_or_id(idp));
tt_ptr_op(NULL, OP_EQ, connection_or_get_by_ext_or_id(idp2));
done:
if (c1)
connection_free_(TO_CONN(c1));
if (c2)
connection_free_(TO_CONN(c2));
if (c3)
connection_free_(TO_CONN(c3));
tor_free(idp);
tor_free(idp2);
connection_or_clear_ext_or_id_map();
}
/** Construct and return an RSA signature for the TAP onion key to
* cross-certify the RSA and Ed25519 identity keys. Set <b>len_out</b> to its
* length. */
uint8_t *
make_tap_onion_key_crosscert(const crypto_pk_t *onion_key,
const ed25519_public_key_t *master_id_key,
const crypto_pk_t *rsa_id_key,
int *len_out)
{
uint8_t signature[PK_BYTES];
uint8_t signed_data[DIGEST_LEN + ED25519_PUBKEY_LEN];
*len_out = 0;
if (crypto_pk_get_digest(rsa_id_key, (char*)signed_data) < 0) {
return NULL;
}
memcpy(signed_data + DIGEST_LEN, master_id_key->pubkey, ED25519_PUBKEY_LEN);
int r = crypto_pk_private_sign(onion_key,
(char*)signature, sizeof(signature),
(const char*)signed_data, sizeof(signed_data));
if (r < 0)
return NULL;
*len_out = r;
return tor_memdup(signature, r);
}
/* Note the cell digest in the circuit sendme last digests FIFO if applicable.
* It is safe to pass a circuit that isn't meant to track those digests. */
void
sendme_record_cell_digest(circuit_t *circ)
{
const uint8_t *digest;
tor_assert(circ);
/* We only keep the cell digest if we are the Exit on that circuit and if
* this cell is the last one before the client should send a SENDME. */
if (CIRCUIT_IS_ORIGIN(circ)) {
return;
}
/* Is this the last cell before a SENDME? The idea is that if the
* package_window reaches a multiple of the increment, after this cell, we
* should expect a SENDME. */
if (!sendme_circuit_cell_is_next(circ->package_window)) {
return;
}
/* Add the digest to the last seen list in the circuit. */
digest = relay_crypto_get_sendme_digest(&TO_OR_CIRCUIT(circ)->crypto);
if (circ->sendme_last_digests == NULL) {
circ->sendme_last_digests = smartlist_new();
}
smartlist_add(circ->sendme_last_digests, tor_memdup(digest, DIGEST_LEN));
}
/** Decode the hashed, base64'd passwords stored in <b>passwords</b>.
* Return a smartlist of acceptable passwords (unterminated strings of
* length S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN) on success, or NULL on
* failure.
*/
smartlist_t *
decode_hashed_passwords(config_line_t *passwords)
{
char decoded[64];
config_line_t *cl;
smartlist_t *sl = smartlist_new();
tor_assert(passwords);
for (cl = passwords; cl; cl = cl->next) {
const char *hashed = cl->value;
if (!strcmpstart(hashed, "16:")) {
if (base16_decode(decoded, sizeof(decoded), hashed+3, strlen(hashed+3))
!= S2K_RFC2440_SPECIFIER_LEN + DIGEST_LEN
|| strlen(hashed+3) != (S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN)*2) {
goto err;
}
} else {
if (base64_decode(decoded, sizeof(decoded), hashed, strlen(hashed))
!= S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN) {
goto err;
}
}
smartlist_add(sl,
tor_memdup(decoded, S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN));
}
return sl;
err:
SMARTLIST_FOREACH(sl, char*, cp, tor_free(cp));
smartlist_free(sl);
return NULL;
}
int
main(int argc, char **argv)
{
size_t size;
global_init();
/* Disable logging by default to speed up fuzzing. */
int loglevel = LOG_ERR;
for (int i = 1; i < argc; ++i) {
if (!strcmp(argv[i], "--warn")) {
loglevel = LOG_WARN;
} else if (!strcmp(argv[i], "--notice")) {
loglevel = LOG_NOTICE;
} else if (!strcmp(argv[i], "--info")) {
loglevel = LOG_INFO;
} else if (!strcmp(argv[i], "--debug")) {
loglevel = LOG_DEBUG;
}
}
{
log_severity_list_t s;
memset(&s, 0, sizeof(s));
set_log_severity_config(loglevel, LOG_ERR, &s);
/* ALWAYS log bug warnings. */
s.masks[LOG_WARN-LOG_ERR] |= LD_BUG;
add_stream_log(&s, "", fileno(stdout));
}
if (fuzz_init() < 0)
abort();
#ifdef __AFL_HAVE_MANUAL_CONTROL
/* Tell AFL to pause and fork here - ignored if not using AFL */
__AFL_INIT();
#endif
#define MAX_FUZZ_SIZE (128*1024)
char *input = read_file_to_str_until_eof(0, MAX_FUZZ_SIZE, &size);
tor_assert(input);
char *raw = tor_memdup(input, size); /* Because input is nul-terminated */
tor_free(input);
fuzz_main((const uint8_t*)raw, size);
tor_free(raw);
if (fuzz_cleanup() < 0)
abort();
tor_free(mock_options);
UNMOCK(get_options);
return 0;
}
/** Return a new HS token of type <b>type</b> containing <b>token</b>. */
static hs_token_t *
hs_token_new(hs_token_type_t type, size_t token_len,
const uint8_t *token)
{
tor_assert(token);
hs_token_t *hs_token = tor_malloc_zero(sizeof(hs_token_t));
hs_token->type = type;
hs_token->token_len = token_len;
hs_token->token = tor_memdup(token, token_len);
return hs_token;
}
/** Add a log handler named <b>name</b> to send all messages in <b>severity</b>
* to <b>fd</b>. Copies <b>severity</b>. Helper: does no locking. */
static void
add_stream_log_impl(const log_severity_list_t *severity,
const char *name, int fd)
{
logfile_t *lf;
lf = tor_malloc_zero(sizeof(logfile_t));
lf->fd = fd;
lf->filename = tor_strdup(name);
lf->severities = tor_memdup(severity, sizeof(log_severity_list_t));
lf->next = logfiles;
logfiles = lf;
_log_global_min_severity = get_min_log_level();
}
static rend_data_t *
mock_rend_data(const char *onion_address)
{
rend_data_t *rend_query = tor_malloc_zero(sizeof(rend_data_t));
strlcpy(rend_query->onion_address, onion_address,
sizeof(rend_query->onion_address));
rend_query->auth_type = REND_NO_AUTH;
rend_query->hsdirs_fp = smartlist_new();
smartlist_add(rend_query->hsdirs_fp, tor_memdup("aaaaaaaaaaaaaaaaaaaaaaaa",
DIGEST_LEN));
return rend_query;
}
/**
* Helper: implements keypin_check and keypin_check_and_add.
*/
static int
keypin_check_and_add_impl(const uint8_t *rsa_id_digest,
const uint8_t *ed25519_id_key,
const int do_not_add,
const int replace)
{
keypin_ent_t search, *ent;
memset(&search, 0, sizeof(search));
memcpy(search.rsa_id, rsa_id_digest, sizeof(search.rsa_id));
memcpy(search.ed25519_key, ed25519_id_key, sizeof(search.ed25519_key));
/* Search by RSA key digest first */
ent = HT_FIND(rsamap, &the_rsa_map, &search);
if (ent) {
tor_assert(fast_memeq(ent->rsa_id, rsa_id_digest, sizeof(ent->rsa_id)));
if (tor_memeq(ent->ed25519_key, ed25519_id_key,sizeof(ent->ed25519_key))) {
return KEYPIN_FOUND; /* Match on both keys. Great. */
} else {
if (!replace)
return KEYPIN_MISMATCH; /* Found RSA with different Ed key */
}
}
/* See if we know a different RSA key for this ed key */
if (! replace) {
ent = HT_FIND(edmap, &the_ed_map, &search);
if (ent) {
/* If we got here, then the ed key matches and the RSA doesn't */
tor_assert(fast_memeq(ent->ed25519_key, ed25519_id_key,
sizeof(ent->ed25519_key)));
tor_assert(fast_memneq(ent->rsa_id, rsa_id_digest, sizeof(ent->rsa_id)));
return KEYPIN_MISMATCH;
}
}
/* Okay, this one is new to us. */
if (do_not_add)
return KEYPIN_NOT_FOUND;
ent = tor_memdup(&search, sizeof(search));
int r = keypin_add_or_replace_entry_in_map(ent);
if (! replace) {
tor_assert(r == 1);
} else {
tor_assert(r != 0);
}
keypin_journal_append_entry(rsa_id_digest, ed25519_id_key);
return KEYPIN_ADDED;
}
/**
* Add a log handler to send messages in <b>severity</b>
* to the function <b>cb</b>.
*/
int
add_callback_log(const log_severity_list_t *severity, log_callback cb)
{
logfile_t *lf;
lf = tor_malloc_zero(sizeof(logfile_t));
lf->fd = -1;
lf->severities = tor_memdup(severity, sizeof(log_severity_list_t));
lf->filename = tor_strdup("<callback>");
lf->callback = cb;
lf->next = logfiles;
LOCK_LOGS();
logfiles = lf;
_log_global_min_severity = get_min_log_level();
UNLOCK_LOGS();
return 0;
}
/** Parse a certificate encoded with <b>len</b> bytes in <b>encoded</b>. */
tor_cert_t *
tor_cert_parse(const uint8_t *encoded, const size_t len)
{
tor_cert_t *cert = NULL;
ed25519_cert_t *parsed = NULL;
ssize_t got_len = ed25519_cert_parse(&parsed, encoded, len);
if (got_len < 0 || (size_t) got_len != len)
goto err;
cert = tor_malloc_zero(sizeof(tor_cert_t));
cert->encoded = tor_memdup(encoded, len);
cert->encoded_len = len;
memcpy(cert->signed_key.pubkey, parsed->certified_key, 32);
int64_t valid_until_64 = ((int64_t)parsed->exp_field) * 3600;
#if SIZEOF_TIME_T < SIZEOF_INT64_T
if (valid_until_64 > TIME_MAX)
valid_until_64 = TIME_MAX - 1;
#endif
cert->valid_until = (time_t) valid_until_64;
cert->cert_type = parsed->cert_type;
for (unsigned i = 0; i < ed25519_cert_getlen_ext(parsed); ++i) {
ed25519_cert_extension_t *ext = ed25519_cert_get_ext(parsed, i);
if (ext->ext_type == CERTEXT_SIGNED_WITH_KEY) {
if (cert->signing_key_included)
goto err;
cert->signing_key_included = 1;
memcpy(cert->signing_key.pubkey, ext->un_signing_key, 32);
} else if (ext->ext_flags & CERTEXT_FLAG_AFFECTS_VALIDATION) {
/* Unrecognized extension with affects_validation set */
goto err;
}
}
goto done;
err:
tor_cert_free(cert);
cert = NULL;
done:
ed25519_cert_free(parsed);
return cert;
}
/**
* Add a log handler to send messages to they system log facility.
*/
int
add_syslog_log(const log_severity_list_t *severity)
{
logfile_t *lf;
if (syslog_count++ == 0)
/* This is the first syslog. */
openlog("Tor", LOG_PID | LOG_NDELAY, LOGFACILITY);
lf = tor_malloc_zero(sizeof(logfile_t));
lf->fd = -1;
lf->severities = tor_memdup(severity, sizeof(log_severity_list_t));
lf->filename = tor_strdup("<syslog>");
lf->is_syslog = 1;
LOCK_LOGS();
lf->next = logfiles;
logfiles = lf;
_log_global_min_severity = get_min_log_level();
UNLOCK_LOGS();
return 0;
}
/** Run unit tests for digest set code (implemented as a hashtable or as a
* bloom filter) */
static void
test_container_digestset(void *arg)
{
smartlist_t *included = smartlist_new();
char d[DIGEST_LEN];
int i;
int ok = 1;
int false_positives = 0;
digestset_t *set = NULL;
(void)arg;
for (i = 0; i < 1000; ++i) {
crypto_rand(d, DIGEST_LEN);
smartlist_add(included, tor_memdup(d, DIGEST_LEN));
}
set = digestset_new(1000);
SMARTLIST_FOREACH(included, const char *, cp,
if (digestset_contains(set, cp))
ok = 0);
tt_assert(ok);
SMARTLIST_FOREACH(included, const char *, cp,
digestset_add(set, cp));
SMARTLIST_FOREACH(included, const char *, cp,
if (!digestset_contains(set, cp))
ok = 0);
tt_assert(ok);
for (i = 0; i < 1000; ++i) {
crypto_rand(d, DIGEST_LEN);
if (digestset_contains(set, d))
++false_positives;
}
tt_int_op(50, OP_GT, false_positives); /* Should be far lower. */
done:
if (set)
digestset_free(set);
SMARTLIST_FOREACH(included, char *, cp, tor_free(cp));
smartlist_free(included);
}
/** Return a newly allocated pointer to a list of uint16_t * for ports that
* are likely to be asked for in the near future.
*/
smartlist_t *
rep_hist_get_predicted_ports(time_t now)
{
int predicted_circs_relevance_time;
smartlist_t *out = smartlist_new();
tor_assert(predicted_ports_list);
predicted_circs_relevance_time = (int)prediction_timeout;
/* clean out obsolete entries */
SMARTLIST_FOREACH_BEGIN(predicted_ports_list, predicted_port_t *, pp) {
if (pp->time + predicted_circs_relevance_time < now) {
log_debug(LD_CIRC, "Expiring predicted port %d", pp->port);
predicted_ports_total_alloc -= sizeof(predicted_port_t);
tor_free(pp);
SMARTLIST_DEL_CURRENT(predicted_ports_list, pp);
} else {
smartlist_add(out, tor_memdup(&pp->port, sizeof(uint16_t)));
}
} SMARTLIST_FOREACH_END(pp);
return out;
}
static void
test_container_smartlist_ints_eq(void *arg)
{
smartlist_t *sl1 = NULL, *sl2 = NULL;
int x;
(void)arg;
tt_assert(smartlist_ints_eq(NULL, NULL));
sl1 = smartlist_new();
tt_assert(!smartlist_ints_eq(sl1, NULL));
tt_assert(!smartlist_ints_eq(NULL, sl1));
sl2 = smartlist_new();
tt_assert(smartlist_ints_eq(sl1, sl2));
x = 5;
smartlist_add(sl1, tor_memdup(&x, sizeof(int)));
smartlist_add(sl2, tor_memdup(&x, sizeof(int)));
x = 90;
smartlist_add(sl1, tor_memdup(&x, sizeof(int)));
smartlist_add(sl2, tor_memdup(&x, sizeof(int)));
tt_assert(smartlist_ints_eq(sl1, sl2));
x = -50;
smartlist_add(sl1, tor_memdup(&x, sizeof(int)));
tt_assert(! smartlist_ints_eq(sl1, sl2));
tt_assert(! smartlist_ints_eq(sl2, sl1));
smartlist_add(sl2, tor_memdup(&x, sizeof(int)));
tt_assert(smartlist_ints_eq(sl1, sl2));
*(int*)smartlist_get(sl1, 1) = 101010;
tt_assert(! smartlist_ints_eq(sl2, sl1));
*(int*)smartlist_get(sl2, 1) = 101010;
tt_assert(smartlist_ints_eq(sl1, sl2));
done:
if (sl1)
SMARTLIST_FOREACH(sl1, int *, ip, tor_free(ip));
if (sl2)
SMARTLIST_FOREACH(sl2, int *, ip, tor_free(ip));
smartlist_free(sl1);
smartlist_free(sl2);
}
/** Run digestmap_t performance benchmarks. */
static void
bench_dmap(void)
{
smartlist_t *sl = smartlist_new();
smartlist_t *sl2 = smartlist_new();
uint64_t start, end, pt2, pt3, pt4;
int iters = 8192;
const int elts = 4000;
const int fpostests = 100000;
char d[20];
int i,n=0, fp = 0;
digestmap_t *dm = digestmap_new();
digestset_t *ds = digestset_new(elts);
for (i = 0; i < elts; ++i) {
crypto_rand(d, 20);
smartlist_add(sl, tor_memdup(d, 20));
}
for (i = 0; i < elts; ++i) {
crypto_rand(d, 20);
smartlist_add(sl2, tor_memdup(d, 20));
}
printf("nbits=%d\n", ds->mask+1);
reset_perftime();
start = perftime();
for (i = 0; i < iters; ++i) {
SMARTLIST_FOREACH(sl, const char *, cp, digestmap_set(dm, cp, (void*)1));
}
pt2 = perftime();
printf("digestmap_set: %.2f ns per element\n",
NANOCOUNT(start, pt2, iters*elts));
for (i = 0; i < iters; ++i) {
SMARTLIST_FOREACH(sl, const char *, cp, digestmap_get(dm, cp));
SMARTLIST_FOREACH(sl2, const char *, cp, digestmap_get(dm, cp));
}
pt3 = perftime();
printf("digestmap_get: %.2f ns per element\n",
NANOCOUNT(pt2, pt3, iters*elts*2));
for (i = 0; i < iters; ++i) {
SMARTLIST_FOREACH(sl, const char *, cp, digestset_add(ds, cp));
}
pt4 = perftime();
printf("digestset_add: %.2f ns per element\n",
NANOCOUNT(pt3, pt4, iters*elts));
for (i = 0; i < iters; ++i) {
SMARTLIST_FOREACH(sl, const char *, cp, n += digestset_isin(ds, cp));
SMARTLIST_FOREACH(sl2, const char *, cp, n += digestset_isin(ds, cp));
}
end = perftime();
printf("digestset_isin: %.2f ns per element.\n",
NANOCOUNT(pt4, end, iters*elts*2));
/* We need to use this, or else the whole loop gets optimized out. */
printf("Hits == %d\n", n);
for (i = 0; i < fpostests; ++i) {
crypto_rand(d, 20);
if (digestset_isin(ds, d)) ++fp;
}
printf("False positive rate on digestset: %.2f%%\n",
(fp/(double)fpostests)*100);
digestmap_free(dm, NULL);
digestset_free(ds);
SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
SMARTLIST_FOREACH(sl2, char *, cp, tor_free(cp));
smartlist_free(sl);
smartlist_free(sl2);
}
/** Parse and validate the ASCII-encoded v2 descriptor in <b>desc</b>,
* write the parsed descriptor to the newly allocated *<b>parsed_out</b>, the
* binary descriptor ID of length DIGEST_LEN to <b>desc_id_out</b>, the
* encrypted introduction points to the newly allocated
* *<b>intro_points_encrypted_out</b>, their encrypted size to
* *<b>intro_points_encrypted_size_out</b>, the size of the encoded descriptor
* to *<b>encoded_size_out</b>, and a pointer to the possibly next
* descriptor to *<b>next_out</b>; return 0 for success (including validation)
* and -1 for failure.
*
* If <b>as_hsdir</b> is 1, we're parsing this as an HSDir, and we should
* be strict about time formats.
*/
int
rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
char *desc_id_out,
char **intro_points_encrypted_out,
size_t *intro_points_encrypted_size_out,
size_t *encoded_size_out,
const char **next_out, const char *desc,
int as_hsdir)
{
rend_service_descriptor_t *result =
tor_malloc_zero(sizeof(rend_service_descriptor_t));
char desc_hash[DIGEST_LEN];
const char *eos;
smartlist_t *tokens = smartlist_new();
directory_token_t *tok;
char secret_id_part[DIGEST_LEN];
int i, version, num_ok=1;
smartlist_t *versions;
char public_key_hash[DIGEST_LEN];
char test_desc_id[DIGEST_LEN];
memarea_t *area = NULL;
const int strict_time_fmt = as_hsdir;
tor_assert(desc);
/* Check if desc starts correctly. */
if (strcmpstart(desc, "rendezvous-service-descriptor ")) {
log_info(LD_REND, "Descriptor does not start correctly.");
goto err;
}
/* Compute descriptor hash for later validation. */
if (router_get_hash_impl(desc, strlen(desc), desc_hash,
"rendezvous-service-descriptor ",
"\nsignature", '\n', DIGEST_SHA1) < 0) {
log_warn(LD_REND, "Couldn't compute descriptor hash.");
goto err;
}
/* Determine end of string. */
eos = strstr(desc, "\nrendezvous-service-descriptor ");
if (!eos)
eos = desc + strlen(desc);
else
eos = eos + 1;
/* Check length. */
if (eos-desc > REND_DESC_MAX_SIZE) {
/* XXXX+ If we are parsing this descriptor as a server, this
* should be a protocol warning. */
log_warn(LD_REND, "Descriptor length is %d which exceeds "
"maximum rendezvous descriptor size of %d bytes.",
(int)(eos-desc), REND_DESC_MAX_SIZE);
goto err;
}
/* Tokenize descriptor. */
area = memarea_new();
if (tokenize_string(area, desc, eos, tokens, desc_token_table, 0)) {
log_warn(LD_REND, "Error tokenizing descriptor.");
goto err;
}
/* Set next to next descriptor, if available. */
*next_out = eos;
/* Set length of encoded descriptor. */
*encoded_size_out = eos - desc;
/* Check min allowed length of token list. */
if (smartlist_len(tokens) < 7) {
log_warn(LD_REND, "Impossibly short descriptor.");
goto err;
}
/* Parse base32-encoded descriptor ID. */
tok = find_by_keyword(tokens, R_RENDEZVOUS_SERVICE_DESCRIPTOR);
tor_assert(tok == smartlist_get(tokens, 0));
tor_assert(tok->n_args == 1);
if (!rend_valid_descriptor_id(tok->args[0])) {
log_warn(LD_REND, "Invalid descriptor ID: '%s'", tok->args[0]);
goto err;
}
if (base32_decode(desc_id_out, DIGEST_LEN,
tok->args[0], REND_DESC_ID_V2_LEN_BASE32) < 0) {
log_warn(LD_REND, "Descriptor ID contains illegal characters: %s",
tok->args[0]);
goto err;
}
/* Parse descriptor version. */
tok = find_by_keyword(tokens, R_VERSION);
tor_assert(tok->n_args == 1);
result->version =
(int) tor_parse_long(tok->args[0], 10, 0, INT_MAX, &num_ok, NULL);
if (result->version != 2 || !num_ok) {
/* If it's <2, it shouldn't be under this format. If the number
* is greater than 2, we bumped it because we broke backward
* compatibility. See how version numbers in our other formats
* work. */
log_warn(LD_REND, "Unrecognized descriptor version: %s",
escaped(tok->args[0]));
goto err;
}
/* Parse public key. */
tok = find_by_keyword(tokens, R_PERMANENT_KEY);
result->pk = tok->key;
tok->key = NULL; /* Prevent free */
/* Parse secret ID part. */
tok = find_by_keyword(tokens, R_SECRET_ID_PART);
tor_assert(tok->n_args == 1);
if (strlen(tok->args[0]) != REND_SECRET_ID_PART_LEN_BASE32 ||
strspn(tok->args[0], BASE32_CHARS) != REND_SECRET_ID_PART_LEN_BASE32) {
log_warn(LD_REND, "Invalid secret ID part: '%s'", tok->args[0]);
goto err;
}
if (base32_decode(secret_id_part, DIGEST_LEN, tok->args[0], 32) < 0) {
log_warn(LD_REND, "Secret ID part contains illegal characters: %s",
tok->args[0]);
goto err;
}
/* Parse publication time -- up-to-date check is done when storing the
* descriptor. */
tok = find_by_keyword(tokens, R_PUBLICATION_TIME);
tor_assert(tok->n_args == 1);
if (parse_iso_time_(tok->args[0], &result->timestamp,
strict_time_fmt, 0) < 0) {
log_warn(LD_REND, "Invalid publication time: '%s'", tok->args[0]);
goto err;
}
/* Parse protocol versions. */
tok = find_by_keyword(tokens, R_PROTOCOL_VERSIONS);
tor_assert(tok->n_args == 1);
versions = smartlist_new();
smartlist_split_string(versions, tok->args[0], ",",
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
for (i = 0; i < smartlist_len(versions); i++) {
version = (int) tor_parse_long(smartlist_get(versions, i),
10, 0, INT_MAX, &num_ok, NULL);
if (!num_ok) /* It's a string; let's ignore it. */
continue;
if (version >= REND_PROTOCOL_VERSION_BITMASK_WIDTH)
/* Avoid undefined left-shift behaviour. */
continue;
result->protocols |= 1 << version;
}
SMARTLIST_FOREACH(versions, char *, cp, tor_free(cp));
smartlist_free(versions);
/* Parse encrypted introduction points. Don't verify. */
tok = find_opt_by_keyword(tokens, R_INTRODUCTION_POINTS);
if (tok) {
if (strcmp(tok->object_type, "MESSAGE")) {
log_warn(LD_DIR, "Bad object type: introduction points should be of "
"type MESSAGE");
goto err;
}
*intro_points_encrypted_out = tor_memdup(tok->object_body,
tok->object_size);
*intro_points_encrypted_size_out = tok->object_size;
} else {
*intro_points_encrypted_out = NULL;
*intro_points_encrypted_size_out = 0;
}
/* Parse and verify signature. */
tok = find_by_keyword(tokens, R_SIGNATURE);
if (check_signature_token(desc_hash, DIGEST_LEN, tok, result->pk, 0,
"v2 rendezvous service descriptor") < 0)
goto err;
/* Verify that descriptor ID belongs to public key and secret ID part. */
if (crypto_pk_get_digest(result->pk, public_key_hash) < 0) {
log_warn(LD_REND, "Unable to compute rend descriptor public key digest");
goto err;
}
rend_get_descriptor_id_bytes(test_desc_id, public_key_hash,
secret_id_part);
if (tor_memneq(desc_id_out, test_desc_id, DIGEST_LEN)) {
log_warn(LD_REND, "Parsed descriptor ID does not match "
"computed descriptor ID.");
goto err;
}
goto done;
err:
rend_service_descriptor_free(result);
result = NULL;
done:
if (tokens) {
SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
smartlist_free(tokens);
}
if (area)
memarea_drop_all(area);
*parsed_out = result;
if (result)
return 0;
return -1;
}
/** Make sure each hidden service descriptor async event generation
*
* function generates the message in expected format.
*/
static void
test_hs_desc_event(void *arg)
{
#define STR_HS_ADDR "ajhb7kljbiru65qo"
#define STR_HS_CONTENT_DESC_ID "g5ojobzupf275beh5ra72uyhb3dkpxwg"
#define STR_DESC_ID_BASE32 "hba3gmcgpfivzfhx5rtfqkfdhv65yrj3"
int ret;
rend_data_v2_t rend_query;
const char *expected_msg;
char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
(void) arg;
MOCK(queue_control_event_string,
queue_control_event_string_replacement);
MOCK(node_describe_longname_by_id,
node_describe_longname_by_id_replacement);
/* setup rend_query struct */
memset(&rend_query, 0, sizeof(rend_query));
rend_query.base_.version = 2;
strncpy(rend_query.onion_address, STR_HS_ADDR,
REND_SERVICE_ID_LEN_BASE32+1);
rend_query.auth_type = REND_NO_AUTH;
rend_query.base_.hsdirs_fp = smartlist_new();
smartlist_add(rend_query.base_.hsdirs_fp, tor_memdup(HSDIR_EXIST_ID,
DIGEST_LEN));
/* Compute descriptor ID for replica 0, should be STR_DESC_ID_BASE32. */
ret = rend_compute_v2_desc_id(rend_query.descriptor_id[0],
rend_query.onion_address,
NULL, 0, 0);
tt_int_op(ret, OP_EQ, 0);
base32_encode(desc_id_base32, sizeof(desc_id_base32),
rend_query.descriptor_id[0], DIGEST_LEN);
/* Make sure rend_compute_v2_desc_id works properly. */
tt_mem_op(desc_id_base32, OP_EQ, STR_DESC_ID_BASE32,
sizeof(desc_id_base32));
/* test request event */
control_event_hs_descriptor_requested(rend_query.onion_address,
rend_query.auth_type, HSDIR_EXIST_ID,
STR_DESC_ID_BASE32, NULL);
expected_msg = "650 HS_DESC REQUESTED "STR_HS_ADDR" NO_AUTH "\
STR_HSDIR_EXIST_LONGNAME " " STR_DESC_ID_BASE32 "\r\n";
tt_assert(received_msg);
tt_str_op(received_msg,OP_EQ, expected_msg);
tor_free(received_msg);
/* test received event */
rend_query.auth_type = REND_BASIC_AUTH;
control_event_hsv2_descriptor_received(rend_query.onion_address,
&rend_query.base_, HSDIR_EXIST_ID);
expected_msg = "650 HS_DESC RECEIVED "STR_HS_ADDR" BASIC_AUTH "\
STR_HSDIR_EXIST_LONGNAME " " STR_DESC_ID_BASE32"\r\n";
tt_assert(received_msg);
tt_str_op(received_msg,OP_EQ, expected_msg);
tor_free(received_msg);
/* test failed event */
rend_query.auth_type = REND_STEALTH_AUTH;
control_event_hsv2_descriptor_failed(&rend_query.base_,
HSDIR_NONE_EXIST_ID,
"QUERY_REJECTED");
expected_msg = "650 HS_DESC FAILED "STR_HS_ADDR" STEALTH_AUTH "\
STR_HSDIR_NONE_EXIST_LONGNAME" REASON=QUERY_REJECTED\r\n";
tt_assert(received_msg);
tt_str_op(received_msg,OP_EQ, expected_msg);
tor_free(received_msg);
/* test invalid auth type */
rend_query.auth_type = 999;
control_event_hsv2_descriptor_failed(&rend_query.base_,
HSDIR_EXIST_ID,
"QUERY_REJECTED");
expected_msg = "650 HS_DESC FAILED "STR_HS_ADDR" UNKNOWN "\
STR_HSDIR_EXIST_LONGNAME " " STR_DESC_ID_BASE32\
" REASON=QUERY_REJECTED\r\n";
tt_assert(received_msg);
tt_str_op(received_msg,OP_EQ, expected_msg);
tor_free(received_msg);
/* test no HSDir fingerprint type */
rend_query.auth_type = REND_NO_AUTH;
control_event_hsv2_descriptor_failed(&rend_query.base_, NULL,
"QUERY_NO_HSDIR");
expected_msg = "650 HS_DESC FAILED "STR_HS_ADDR" NO_AUTH " \
"UNKNOWN REASON=QUERY_NO_HSDIR\r\n";
tt_assert(received_msg);
tt_str_op(received_msg,OP_EQ, expected_msg);
tor_free(received_msg);
/* Test invalid content with no HSDir fingerprint. */
char *exp_msg;
control_event_hs_descriptor_content(rend_query.onion_address,
STR_HS_CONTENT_DESC_ID, NULL, NULL);
tor_asprintf(&exp_msg, "650+HS_DESC_CONTENT " STR_HS_ADDR " "\
STR_HS_CONTENT_DESC_ID " UNKNOWN" \
"\r\n\r\n.\r\n650 OK\r\n");
tt_assert(received_msg);
tt_str_op(received_msg, OP_EQ, exp_msg);
tor_free(received_msg);
tor_free(exp_msg);
/* test valid content. */
control_event_hs_descriptor_content(rend_query.onion_address,
STR_HS_CONTENT_DESC_ID, HSDIR_EXIST_ID,
hs_desc_content_control);
tor_asprintf(&exp_msg, "650+HS_DESC_CONTENT " STR_HS_ADDR " "\
STR_HS_CONTENT_DESC_ID " " STR_HSDIR_EXIST_LONGNAME\
"\r\n%s\r\n.\r\n650 OK\r\n", hs_desc_content_control);
tt_assert(received_msg);
tt_str_op(received_msg, OP_EQ, exp_msg);
tor_free(received_msg);
tor_free(exp_msg);
SMARTLIST_FOREACH(rend_query.base_.hsdirs_fp, char *, d, tor_free(d));
smartlist_free(rend_query.base_.hsdirs_fp);
done:
UNMOCK(queue_control_event_string);
UNMOCK(node_describe_longname_by_id);
tor_free(received_msg);
}
static void
test_md_cache(void *data)
{
or_options_t *options = NULL;
microdesc_cache_t *mc = NULL ;
smartlist_t *added = NULL, *wanted = NULL;
microdesc_t *md1, *md2, *md3;
char d1[DIGEST256_LEN], d2[DIGEST256_LEN], d3[DIGEST256_LEN];
const char *test_md3_noannotation = strchr(test_md3, '\n')+1;
time_t time1, time2, time3;
char *fn = NULL, *s = NULL;
(void)data;
options = get_options_mutable();
tt_assert(options);
time1 = time(NULL);
time2 = time(NULL) - 2*24*60*60;
time3 = time(NULL) - 15*24*60*60;
/* Possibly, turn this into a test setup/cleanup pair */
tor_free(options->DataDirectory);
options->DataDirectory = tor_strdup(get_fname("md_datadir_test"));
#ifdef _WIN32
tt_int_op(0, ==, mkdir(options->DataDirectory));
#else
tt_int_op(0, ==, mkdir(options->DataDirectory, 0700));
#endif
tt_assert(!strcmpstart(test_md3_noannotation, "onion-key"));
crypto_digest256(d1, test_md1, strlen(test_md1), DIGEST_SHA256);
crypto_digest256(d2, test_md2, strlen(test_md1), DIGEST_SHA256);
crypto_digest256(d3, test_md3_noannotation, strlen(test_md3_noannotation),
DIGEST_SHA256);
mc = get_microdesc_cache();
added = microdescs_add_to_cache(mc, test_md1, NULL, SAVED_NOWHERE, 0,
time1, NULL);
tt_int_op(1, ==, smartlist_len(added));
md1 = smartlist_get(added, 0);
smartlist_free(added);
added = NULL;
wanted = smartlist_new();
added = microdescs_add_to_cache(mc, test_md2, NULL, SAVED_NOWHERE, 0,
time2, wanted);
/* Should fail, since we didn't list test_md2's digest in wanted */
tt_int_op(0, ==, smartlist_len(added));
smartlist_free(added);
added = NULL;
smartlist_add(wanted, tor_memdup(d2, DIGEST256_LEN));
smartlist_add(wanted, tor_memdup(d3, DIGEST256_LEN));
added = microdescs_add_to_cache(mc, test_md2, NULL, SAVED_NOWHERE, 0,
time2, wanted);
/* Now it can work. md2 should have been added */
tt_int_op(1, ==, smartlist_len(added));
md2 = smartlist_get(added, 0);
/* And it should have gotten removed from 'wanted' */
tt_int_op(smartlist_len(wanted), ==, 1);
test_mem_op(smartlist_get(wanted, 0), ==, d3, DIGEST256_LEN);
smartlist_free(added);
added = NULL;
added = microdescs_add_to_cache(mc, test_md3, NULL,
SAVED_NOWHERE, 0, -1, NULL);
/* Must fail, since SAVED_NOWHERE precludes annotations */
tt_int_op(0, ==, smartlist_len(added));
smartlist_free(added);
added = NULL;
added = microdescs_add_to_cache(mc, test_md3_noannotation, NULL,
SAVED_NOWHERE, 0, time3, NULL);
/* Now it can work */
tt_int_op(1, ==, smartlist_len(added));
md3 = smartlist_get(added, 0);
smartlist_free(added);
added = NULL;
/* Okay. We added 1...3. Let's poke them to see how they look, and make
* sure they're really in the journal. */
tt_ptr_op(md1, ==, microdesc_cache_lookup_by_digest256(mc, d1));
tt_ptr_op(md2, ==, microdesc_cache_lookup_by_digest256(mc, d2));
tt_ptr_op(md3, ==, microdesc_cache_lookup_by_digest256(mc, d3));
tt_int_op(md1->last_listed, ==, time1);
tt_int_op(md2->last_listed, ==, time2);
tt_int_op(md3->last_listed, ==, time3);
tt_int_op(md1->saved_location, ==, SAVED_IN_JOURNAL);
tt_int_op(md2->saved_location, ==, SAVED_IN_JOURNAL);
tt_int_op(md3->saved_location, ==, SAVED_IN_JOURNAL);
tt_int_op(md1->bodylen, ==, strlen(test_md1));
tt_int_op(md2->bodylen, ==, strlen(test_md2));
tt_int_op(md3->bodylen, ==, strlen(test_md3_noannotation));
test_mem_op(md1->body, ==, test_md1, strlen(test_md1));
test_mem_op(md2->body, ==, test_md2, strlen(test_md2));
test_mem_op(md3->body, ==, test_md3_noannotation,
strlen(test_md3_noannotation));
tor_asprintf(&fn, "%s"PATH_SEPARATOR"cached-microdescs.new",
options->DataDirectory);
s = read_file_to_str(fn, RFTS_BIN, NULL);
tt_assert(s);
test_mem_op(md1->body, ==, s + md1->off, md1->bodylen);
test_mem_op(md2->body, ==, s + md2->off, md2->bodylen);
test_mem_op(md3->body, ==, s + md3->off, md3->bodylen);
tt_ptr_op(md1->family, ==, NULL);
tt_ptr_op(md3->family, !=, NULL);
tt_int_op(smartlist_len(md3->family), ==, 3);
tt_str_op(smartlist_get(md3->family, 0), ==, "nodeX");
/* Now rebuild the cache! */
tt_int_op(microdesc_cache_rebuild(mc, 1), ==, 0);
tt_int_op(md1->saved_location, ==, SAVED_IN_CACHE);
tt_int_op(md2->saved_location, ==, SAVED_IN_CACHE);
tt_int_op(md3->saved_location, ==, SAVED_IN_CACHE);
/* The journal should be empty now */
tor_free(s);
s = read_file_to_str(fn, RFTS_BIN, NULL);
tt_str_op(s, ==, "");
tor_free(s);
tor_free(fn);
/* read the cache. */
tor_asprintf(&fn, "%s"PATH_SEPARATOR"cached-microdescs",
options->DataDirectory);
s = read_file_to_str(fn, RFTS_BIN, NULL);
test_mem_op(md1->body, ==, s + md1->off, strlen(test_md1));
test_mem_op(md2->body, ==, s + md2->off, strlen(test_md2));
test_mem_op(md3->body, ==, s + md3->off, strlen(test_md3_noannotation));
/* Okay, now we are going to forget about the cache entirely, and reload it
* from the disk. */
microdesc_free_all();
mc = get_microdesc_cache();
md1 = microdesc_cache_lookup_by_digest256(mc, d1);
md2 = microdesc_cache_lookup_by_digest256(mc, d2);
md3 = microdesc_cache_lookup_by_digest256(mc, d3);
test_assert(md1);
test_assert(md2);
test_assert(md3);
test_mem_op(md1->body, ==, s + md1->off, strlen(test_md1));
test_mem_op(md2->body, ==, s + md2->off, strlen(test_md2));
test_mem_op(md3->body, ==, s + md3->off, strlen(test_md3_noannotation));
tt_int_op(md1->last_listed, ==, time1);
tt_int_op(md2->last_listed, ==, time2);
tt_int_op(md3->last_listed, ==, time3);
/* Okay, now we are going to clear out everything older than a week old.
* In practice, that means md3 */
microdesc_cache_clean(mc, time(NULL)-7*24*60*60, 1/*force*/);
tt_ptr_op(md1, ==, microdesc_cache_lookup_by_digest256(mc, d1));
tt_ptr_op(md2, ==, microdesc_cache_lookup_by_digest256(mc, d2));
tt_ptr_op(NULL, ==, microdesc_cache_lookup_by_digest256(mc, d3));
md3 = NULL; /* it's history now! */
/* rebuild again, make sure it stays gone. */
microdesc_cache_rebuild(mc, 1);
tt_ptr_op(md1, ==, microdesc_cache_lookup_by_digest256(mc, d1));
tt_ptr_op(md2, ==, microdesc_cache_lookup_by_digest256(mc, d2));
tt_ptr_op(NULL, ==, microdesc_cache_lookup_by_digest256(mc, d3));
done:
if (options)
tor_free(options->DataDirectory);
microdesc_free_all();
smartlist_free(added);
if (wanted)
SMARTLIST_FOREACH(wanted, char *, cp, tor_free(cp));
smartlist_free(wanted);
tor_free(s);
tor_free(fn);
}