1 /* Copyright (c) 2016-2017, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
5 * \file test_hs_cache.c
6 * \brief Test hidden service caches.
9 #define CONNECTION_PRIVATE
10 #define DIRECTORY_PRIVATE
11 #define HS_CACHE_PRIVATE
13 #include "ed25519_cert.h"
15 #include "rendcache.h"
16 #include "directory.h"
17 #include "networkstatus.h"
18 #include "connection.h"
19 #include "proto_http.h"
21 #include "hs_test_helpers.h"
22 #include "test_helpers.h"
25 /* Static variable used to encoded the HSDir query. */
26 static char query_b64
[256];
28 /* Build an HSDir query using a ed25519 public key. */
30 helper_get_hsdir_query(const hs_descriptor_t
*desc
)
32 ed25519_public_to_base64(query_b64
, &desc
->plaintext_data
.blinded_pubkey
);
39 /* Always needed. Initialize the subsystem. */
41 /* We need the v2 cache since our OOM and cache cleanup does poke at it. */
46 test_directory(void *arg
)
50 char *desc1_str
= NULL
;
52 ed25519_keypair_t signing_kp1
;
53 hs_descriptor_t
*desc1
= NULL
;
58 /* Generate a valid descriptor with normal values. */
59 ret
= ed25519_keypair_generate(&signing_kp1
, 0);
60 tt_int_op(ret
, OP_EQ
, 0);
61 desc1
= hs_helper_build_hs_desc_with_ip(&signing_kp1
);
63 ret
= hs_desc_encode_descriptor(desc1
, &signing_kp1
, &desc1_str
);
64 tt_int_op(ret
, OP_EQ
, 0);
66 /* Very first basic test, should be able to be stored, survive a
67 * clean, found with a lookup and then cleaned by our OOM. */
69 ret
= hs_cache_store_as_dir(desc1_str
);
70 tt_int_op(ret
, OP_EQ
, 0);
71 /* Re-add, it should fail since we already have it. */
72 ret
= hs_cache_store_as_dir(desc1_str
);
73 tt_int_op(ret
, OP_EQ
, -1);
74 /* Try to clean now which should be fine, there is at worst few seconds
75 * between the store and this call. */
76 hs_cache_clean_as_dir(time(NULL
));
77 /* We should find it in our cache. */
78 ret
= hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1
), &desc_out
);
79 tt_int_op(ret
, OP_EQ
, 1);
80 tt_str_op(desc_out
, OP_EQ
, desc1_str
);
81 /* Tell our OOM to run and to at least remove a byte which will result in
82 * removing the descriptor from our cache. */
83 oom_size
= hs_cache_handle_oom(time(NULL
), 1);
84 tt_int_op(oom_size
, OP_GE
, 1);
85 ret
= hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1
), NULL
);
86 tt_int_op(ret
, OP_EQ
, 0);
89 /* Store two descriptors and remove the expiring one only. */
91 ed25519_keypair_t signing_kp_zero
;
92 ret
= ed25519_keypair_generate(&signing_kp_zero
, 0);
93 tt_int_op(ret
, OP_EQ
, 0);
94 hs_descriptor_t
*desc_zero_lifetime
;
95 desc_zero_lifetime
= hs_helper_build_hs_desc_with_ip(&signing_kp_zero
);
96 tt_assert(desc_zero_lifetime
);
97 desc_zero_lifetime
->plaintext_data
.revision_counter
= 1;
98 desc_zero_lifetime
->plaintext_data
.lifetime_sec
= 0;
99 char *desc_zero_lifetime_str
;
100 ret
= hs_desc_encode_descriptor(desc_zero_lifetime
, &signing_kp_zero
,
101 &desc_zero_lifetime_str
);
102 tt_int_op(ret
, OP_EQ
, 0);
104 ret
= hs_cache_store_as_dir(desc1_str
);
105 tt_int_op(ret
, OP_EQ
, 0);
106 ret
= hs_cache_store_as_dir(desc_zero_lifetime_str
);
107 tt_int_op(ret
, OP_EQ
, 0);
108 /* This one should clear out our zero lifetime desc. */
109 hs_cache_clean_as_dir(time(NULL
));
110 /* We should find desc1 in our cache. */
111 ret
= hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1
), &desc_out
);
112 tt_int_op(ret
, OP_EQ
, 1);
113 tt_str_op(desc_out
, OP_EQ
, desc1_str
);
114 /* We should NOT find our zero lifetime desc in our cache. */
115 ret
= hs_cache_lookup_as_dir(3,
116 helper_get_hsdir_query(desc_zero_lifetime
),
118 tt_int_op(ret
, OP_EQ
, 0);
119 /* Cleanup our entire cache. */
120 oom_size
= hs_cache_handle_oom(time(NULL
), 1);
121 tt_int_op(oom_size
, OP_GE
, 1);
122 hs_descriptor_free(desc_zero_lifetime
);
123 tor_free(desc_zero_lifetime_str
);
126 /* Throw junk at it. */
128 ret
= hs_cache_store_as_dir("blah");
129 tt_int_op(ret
, OP_EQ
, -1);
130 /* Poor attempt at tricking the decoding. */
131 ret
= hs_cache_store_as_dir("hs-descriptor 3\nJUNK");
132 tt_int_op(ret
, OP_EQ
, -1);
133 /* Undecodable base64 query. */
134 ret
= hs_cache_lookup_as_dir(3, "blah", NULL
);
135 tt_int_op(ret
, OP_EQ
, -1);
136 /* Decodable base64 query but wrong ed25519 size. */
137 ret
= hs_cache_lookup_as_dir(3, "dW5pY29ybg==", NULL
);
138 tt_int_op(ret
, OP_EQ
, -1);
141 /* Test descriptor replacement with revision counter. */
145 /* Add a descriptor. */
146 ret
= hs_cache_store_as_dir(desc1_str
);
147 tt_int_op(ret
, OP_EQ
, 0);
148 ret
= hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1
), &desc_out
);
149 tt_int_op(ret
, OP_EQ
, 1);
150 /* Bump revision counter. */
151 desc1
->plaintext_data
.revision_counter
++;
152 ret
= hs_desc_encode_descriptor(desc1
, &signing_kp1
, &new_desc_str
);
153 tt_int_op(ret
, OP_EQ
, 0);
154 ret
= hs_cache_store_as_dir(new_desc_str
);
155 tt_int_op(ret
, OP_EQ
, 0);
156 /* Look it up, it should have been replaced. */
157 ret
= hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1
), &desc_out
);
158 tt_int_op(ret
, OP_EQ
, 1);
159 tt_str_op(desc_out
, OP_EQ
, new_desc_str
);
160 tor_free(new_desc_str
);
164 hs_descriptor_free(desc1
);
169 test_clean_as_dir(void *arg
)
172 char *desc1_str
= NULL
;
173 time_t now
= time(NULL
);
174 hs_descriptor_t
*desc1
= NULL
;
175 ed25519_keypair_t signing_kp1
;
181 /* Generate a valid descriptor with values. */
182 ret
= ed25519_keypair_generate(&signing_kp1
, 0);
183 tt_int_op(ret
, OP_EQ
, 0);
184 desc1
= hs_helper_build_hs_desc_with_ip(&signing_kp1
);
186 ret
= hs_desc_encode_descriptor(desc1
, &signing_kp1
, &desc1_str
);
187 tt_int_op(ret
, OP_EQ
, 0);
188 ret
= hs_cache_store_as_dir(desc1_str
);
189 tt_int_op(ret
, OP_EQ
, 0);
191 /* With the lifetime being 3 hours, a cleanup shouldn't remove it. */
192 ret
= cache_clean_v3_as_dir(now
, 0);
193 tt_int_op(ret
, OP_EQ
, 0);
194 /* Should be present after clean up. */
195 ret
= hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1
), NULL
);
196 tt_int_op(ret
, OP_EQ
, 1);
197 /* Set a cutoff 100 seconds in the past. It should not remove the entry
198 * since the entry is still recent enough. */
199 ret
= cache_clean_v3_as_dir(now
, now
- 100);
200 tt_int_op(ret
, OP_EQ
, 0);
201 /* Should be present after clean up. */
202 ret
= hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1
), NULL
);
203 tt_int_op(ret
, OP_EQ
, 1);
204 /* Set a cutoff of 100 seconds in the future. It should remove the entry
205 * that we've just added since it's not too old for the cutoff. */
206 ret
= cache_clean_v3_as_dir(now
, now
+ 100);
207 tt_int_op(ret
, OP_GT
, 0);
208 /* Shouldn't be present after clean up. */
209 ret
= hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1
), NULL
);
210 tt_int_op(ret
, OP_EQ
, 0);
213 hs_descriptor_free(desc1
);
217 /* Test helper: Fetch an HS descriptor from an HSDir (for the hidden service
218 with <b>blinded_key</b>. Return the received descriptor string. */
220 helper_fetch_desc_from_hsdir(const ed25519_public_key_t
*blinded_key
)
224 char *received_desc
= NULL
;
225 char *hsdir_query_str
= NULL
;
227 /* The dir conn we are going to simulate */
228 dir_connection_t
*conn
= NULL
;
230 /* First extract the blinded public key that we are going to use in our
231 query, and then build the actual query string. */
233 char hsdir_cache_key
[ED25519_BASE64_LEN
+1];
235 retval
= ed25519_public_to_base64(hsdir_cache_key
,
237 tt_int_op(retval
, OP_EQ
, 0);
238 tor_asprintf(&hsdir_query_str
, GET("/tor/hs/3/%s"), hsdir_cache_key
);
241 /* Simulate an HTTP GET request to the HSDir */
242 conn
= dir_connection_new(AF_INET
);
243 tor_addr_from_ipv4h(&conn
->base_
.addr
, 0x7f000001);
244 TO_CONN(conn
)->linked
= 1;/* Pretend the conn is encrypted :) */
245 retval
= directory_handle_command_get(conn
, hsdir_query_str
,
247 tt_int_op(retval
, OP_EQ
, 0);
249 /* Read the descriptor that the HSDir just served us */
251 char *headers
= NULL
;
252 size_t body_used
= 0;
254 fetch_from_buf_http(TO_CONN(conn
)->outbuf
, &headers
, MAX_HEADERS_SIZE
,
255 &received_desc
, &body_used
, HS_DESC_MAX_LEN
, 0);
260 tor_free(hsdir_query_str
);
262 connection_free_minimal(TO_CONN(conn
));
264 return received_desc
;
267 /* Publish a descriptor to the HSDir, then fetch it. Check that the received
268 descriptor matches the published one. */
270 test_upload_and_download_hs_desc(void *arg
)
273 hs_descriptor_t
*published_desc
= NULL
;
275 char *published_desc_str
= NULL
;
276 char *received_desc_str
= NULL
;
280 /* Initialize HSDir cache subsystem */
283 /* Test a descriptor not found in the directory cache. */
285 ed25519_public_key_t blinded_key
;
286 memset(&blinded_key
.pubkey
, 'A', sizeof(blinded_key
.pubkey
));
287 received_desc_str
= helper_fetch_desc_from_hsdir(&blinded_key
);
288 tt_int_op(strlen(received_desc_str
), OP_EQ
, 0);
289 tor_free(received_desc_str
);
292 /* Generate a valid descriptor with normal values. */
294 ed25519_keypair_t signing_kp
;
295 retval
= ed25519_keypair_generate(&signing_kp
, 0);
296 tt_int_op(retval
, OP_EQ
, 0);
297 published_desc
= hs_helper_build_hs_desc_with_ip(&signing_kp
);
298 tt_assert(published_desc
);
299 retval
= hs_desc_encode_descriptor(published_desc
, &signing_kp
,
300 &published_desc_str
);
301 tt_int_op(retval
, OP_EQ
, 0);
304 /* Publish descriptor to the HSDir */
306 retval
= handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str
);
307 tt_int_op(retval
, OP_EQ
, 200);
310 /* Simulate a fetch of the previously published descriptor */
312 const ed25519_public_key_t
*blinded_key
;
313 blinded_key
= &published_desc
->plaintext_data
.blinded_pubkey
;
314 received_desc_str
= helper_fetch_desc_from_hsdir(blinded_key
);
317 /* Verify we received the exact same descriptor we published earlier */
318 tt_str_op(received_desc_str
, OP_EQ
, published_desc_str
);
319 tor_free(received_desc_str
);
321 /* With a valid descriptor in the directory cache, try again an invalid. */
323 ed25519_public_key_t blinded_key
;
324 memset(&blinded_key
.pubkey
, 'A', sizeof(blinded_key
.pubkey
));
325 received_desc_str
= helper_fetch_desc_from_hsdir(&blinded_key
);
326 tt_int_op(strlen(received_desc_str
), OP_EQ
, 0);
330 tor_free(received_desc_str
);
331 tor_free(published_desc_str
);
332 hs_descriptor_free(published_desc
);
335 /* Test that HSDirs reject outdated descriptors based on their revision
336 * counter. Also test that HSDirs correctly replace old descriptors with newer
339 test_hsdir_revision_counter_check(void *arg
)
343 ed25519_keypair_t signing_kp
;
345 hs_descriptor_t
*published_desc
= NULL
;
346 char *published_desc_str
= NULL
;
348 uint8_t subcredential
[DIGEST256_LEN
];
349 char *received_desc_str
= NULL
;
350 hs_descriptor_t
*received_desc
= NULL
;
354 /* Initialize HSDir cache subsystem */
357 /* Generate a valid descriptor with normal values. */
359 retval
= ed25519_keypair_generate(&signing_kp
, 0);
360 tt_int_op(retval
, OP_EQ
, 0);
361 published_desc
= hs_helper_build_hs_desc_with_ip(&signing_kp
);
362 tt_assert(published_desc
);
363 retval
= hs_desc_encode_descriptor(published_desc
, &signing_kp
,
364 &published_desc_str
);
365 tt_int_op(retval
, OP_EQ
, 0);
368 /* Publish descriptor to the HSDir */
370 retval
= handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str
);
371 tt_int_op(retval
, OP_EQ
, 200);
374 /* Try publishing again with the same revision counter: Should fail. */
376 retval
= handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str
);
377 tt_int_op(retval
, OP_EQ
, 400);
380 /* Fetch the published descriptor and validate the revision counter. */
382 const ed25519_public_key_t
*blinded_key
;
384 blinded_key
= &published_desc
->plaintext_data
.blinded_pubkey
;
385 hs_get_subcredential(&signing_kp
.pubkey
, blinded_key
, subcredential
);
386 received_desc_str
= helper_fetch_desc_from_hsdir(blinded_key
);
388 retval
= hs_desc_decode_descriptor(received_desc_str
,
389 subcredential
, &received_desc
);
390 tt_int_op(retval
, OP_EQ
, 0);
391 tt_assert(received_desc
);
393 /* Check that the revision counter is correct */
394 tt_u64_op(received_desc
->plaintext_data
.revision_counter
, OP_EQ
, 42);
396 hs_descriptor_free(received_desc
);
397 received_desc
= NULL
;
398 tor_free(received_desc_str
);
401 /* Increment the revision counter and try again. Should work. */
403 published_desc
->plaintext_data
.revision_counter
= 1313;
404 tor_free(published_desc_str
);
405 retval
= hs_desc_encode_descriptor(published_desc
, &signing_kp
,
406 &published_desc_str
);
407 tt_int_op(retval
, OP_EQ
, 0);
409 retval
= handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str
);
410 tt_int_op(retval
, OP_EQ
, 200);
413 /* Again, fetch the published descriptor and perform the revision counter
414 validation. The revision counter must have changed. */
416 const ed25519_public_key_t
*blinded_key
;
418 blinded_key
= &published_desc
->plaintext_data
.blinded_pubkey
;
419 received_desc_str
= helper_fetch_desc_from_hsdir(blinded_key
);
421 retval
= hs_desc_decode_descriptor(received_desc_str
,
422 subcredential
, &received_desc
);
423 tt_int_op(retval
, OP_EQ
, 0);
424 tt_assert(received_desc
);
426 /* Check that the revision counter is the latest */
427 tt_u64_op(received_desc
->plaintext_data
.revision_counter
, OP_EQ
, 1313);
431 hs_descriptor_free(published_desc
);
432 hs_descriptor_free(received_desc
);
433 tor_free(received_desc_str
);
434 tor_free(published_desc_str
);
437 static networkstatus_t mock_ns
;
439 static networkstatus_t
*
440 mock_networkstatus_get_live_consensus(time_t now
)
446 /** Test that we can store HS descriptors in the client HS cache. */
448 test_client_cache(void *arg
)
451 ed25519_keypair_t signing_kp
;
452 hs_descriptor_t
*published_desc
= NULL
;
453 char *published_desc_str
= NULL
;
454 uint8_t wanted_subcredential
[DIGEST256_LEN
];
455 response_handler_args_t
*args
= NULL
;
456 dir_connection_t
*conn
= NULL
;
460 /* Initialize HSDir cache subsystem */
463 MOCK(networkstatus_get_live_consensus
,
464 mock_networkstatus_get_live_consensus
);
466 /* Set consensus time */
467 parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC",
468 &mock_ns
.valid_after
);
469 parse_rfc1123_time("Sat, 26 Oct 1985 14:00:00 UTC",
470 &mock_ns
.fresh_until
);
471 parse_rfc1123_time("Sat, 26 Oct 1985 16:00:00 UTC",
472 &mock_ns
.valid_until
);
474 /* Generate a valid descriptor with normal values. */
476 retval
= ed25519_keypair_generate(&signing_kp
, 0);
477 tt_int_op(retval
, OP_EQ
, 0);
478 published_desc
= hs_helper_build_hs_desc_with_ip(&signing_kp
);
479 tt_assert(published_desc
);
480 retval
= hs_desc_encode_descriptor(published_desc
, &signing_kp
,
481 &published_desc_str
);
482 tt_int_op(retval
, OP_EQ
, 0);
483 memcpy(wanted_subcredential
, published_desc
->subcredential
, DIGEST256_LEN
);
484 tt_assert(!tor_mem_is_zero((char*)wanted_subcredential
, DIGEST256_LEN
));
487 /* Test handle_response_fetch_hsdesc_v3() */
489 args
= tor_malloc_zero(sizeof(response_handler_args_t
));
490 args
->status_code
= 200;
492 args
->body
= published_desc_str
;
493 args
->body_len
= strlen(published_desc_str
);
495 conn
= tor_malloc_zero(sizeof(dir_connection_t
));
496 conn
->hs_ident
= tor_malloc_zero(sizeof(hs_ident_dir_conn_t
));
497 ed25519_pubkey_copy(&conn
->hs_ident
->identity_pk
, &signing_kp
.pubkey
);
500 /* store the descriptor! */
501 retval
= handle_response_fetch_hsdesc_v3(conn
, args
);
502 tt_int_op(retval
, == , 0);
504 /* Progress time a bit and attempt to clean cache: our desc should not be
505 * cleaned since we still in the same TP. */
507 parse_rfc1123_time("Sat, 27 Oct 1985 02:00:00 UTC",
508 &mock_ns
.valid_after
);
509 parse_rfc1123_time("Sat, 27 Oct 1985 03:00:00 UTC",
510 &mock_ns
.fresh_until
);
511 parse_rfc1123_time("Sat, 27 Oct 1985 05:00:00 UTC",
512 &mock_ns
.valid_until
);
514 /* fetch the descriptor and make sure it's there */
515 const hs_descriptor_t
*cached_desc
= NULL
;
516 cached_desc
= hs_cache_lookup_as_client(&signing_kp
.pubkey
);
517 tt_assert(cached_desc
);
518 tt_mem_op(cached_desc
->subcredential
, OP_EQ
, wanted_subcredential
,
522 /* Progress time to next TP and check that desc was cleaned */
524 parse_rfc1123_time("Sat, 27 Oct 1985 12:00:00 UTC",
525 &mock_ns
.valid_after
);
526 parse_rfc1123_time("Sat, 27 Oct 1985 13:00:00 UTC",
527 &mock_ns
.fresh_until
);
528 parse_rfc1123_time("Sat, 27 Oct 1985 15:00:00 UTC",
529 &mock_ns
.valid_until
);
531 const hs_descriptor_t
*cached_desc
= NULL
;
532 cached_desc
= hs_cache_lookup_as_client(&signing_kp
.pubkey
);
533 tt_assert(!cached_desc
);
538 hs_descriptor_free(published_desc
);
539 tor_free(published_desc_str
);
541 tor_free(conn
->hs_ident
);
546 struct testcase_t hs_cache
[] = {
547 /* Encoding tests. */
548 { "directory", test_directory
, TT_FORK
,
550 { "clean_as_dir", test_clean_as_dir
, TT_FORK
,
552 { "hsdir_revision_counter_check", test_hsdir_revision_counter_check
, TT_FORK
,
554 { "upload_and_download_hs_desc", test_upload_and_download_hs_desc
, TT_FORK
,
556 { "client_cache", test_client_cache
, TT_FORK
,