1 /* Copyright (c) 2016-2019, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
4 #define PROTOVER_PRIVATE
9 #include "core/or/protover.h"
11 #include "core/or/or.h"
12 #include "core/or/connection_or.h"
13 #include "lib/tls/tortls.h"
16 test_protover_parse(void *arg
)
20 /** This test is disabled on rust builds, because it only exists to test
21 * internal C functions. */
26 char *re_encoded
= NULL
;
28 const char *orig
= "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,900";
29 smartlist_t
*elts
= parse_protocol_list(orig
);
32 tt_int_op(smartlist_len(elts
), OP_EQ
, 4);
34 const proto_entry_t
*e
;
35 const proto_range_t
*r
;
36 e
= smartlist_get(elts
, 0);
37 tt_str_op(e
->name
, OP_EQ
, "Foo");
38 tt_int_op(smartlist_len(e
->ranges
), OP_EQ
, 2);
40 r
= smartlist_get(e
->ranges
, 0);
41 tt_int_op(r
->low
, OP_EQ
, 1);
42 tt_int_op(r
->high
, OP_EQ
, 1);
44 r
= smartlist_get(e
->ranges
, 1);
45 tt_int_op(r
->low
, OP_EQ
, 3);
46 tt_int_op(r
->high
, OP_EQ
, 3);
49 e
= smartlist_get(elts
, 1);
50 tt_str_op(e
->name
, OP_EQ
, "Bar");
51 tt_int_op(smartlist_len(e
->ranges
), OP_EQ
, 1);
53 r
= smartlist_get(e
->ranges
, 0);
54 tt_int_op(r
->low
, OP_EQ
, 3);
55 tt_int_op(r
->high
, OP_EQ
, 3);
58 e
= smartlist_get(elts
, 2);
59 tt_str_op(e
->name
, OP_EQ
, "Baz");
60 tt_int_op(smartlist_len(e
->ranges
), OP_EQ
, 0);
62 e
= smartlist_get(elts
, 3);
63 tt_str_op(e
->name
, OP_EQ
, "Quux");
64 tt_int_op(smartlist_len(e
->ranges
), OP_EQ
, 4);
66 r
= smartlist_get(e
->ranges
, 0);
67 tt_int_op(r
->low
, OP_EQ
, 9);
68 tt_int_op(r
->high
, OP_EQ
, 12);
70 r
= smartlist_get(e
->ranges
, 1);
71 tt_int_op(r
->low
, OP_EQ
, 14);
72 tt_int_op(r
->high
, OP_EQ
, 14);
74 r
= smartlist_get(e
->ranges
, 2);
75 tt_int_op(r
->low
, OP_EQ
, 15);
76 tt_int_op(r
->high
, OP_EQ
, 16);
78 r
= smartlist_get(e
->ranges
, 3);
79 tt_int_op(r
->low
, OP_EQ
, 900);
80 tt_int_op(r
->high
, OP_EQ
, 900);
83 re_encoded
= encode_protocol_list(elts
);
84 tt_assert(re_encoded
);
85 tt_str_op(re_encoded
, OP_EQ
, orig
);
89 SMARTLIST_FOREACH(elts
, proto_entry_t
*, ent
, proto_entry_free(ent
));
96 test_protover_parse_fail(void *arg
)
100 /** This test is disabled on rust builds, because it only exists to test
101 * internal C functions. */
107 elts
= parse_protocol_list("!!3@*");
108 tt_ptr_op(elts
, OP_EQ
, NULL
);
110 /* Missing equals sign in an entry */
111 elts
= parse_protocol_list("Link=4 Haprauxymatyve Desc=9");
112 tt_ptr_op(elts
, OP_EQ
, NULL
);
115 elts
= parse_protocol_list("Link=4 =3 Desc=9");
116 tt_ptr_op(elts
, OP_EQ
, NULL
);
119 elts
= parse_protocol_list("Link=fred");
120 tt_ptr_op(elts
, OP_EQ
, NULL
);
121 elts
= parse_protocol_list("Link=1,fred");
122 tt_ptr_op(elts
, OP_EQ
, NULL
);
123 elts
= parse_protocol_list("Link=1,fred,3");
124 tt_ptr_op(elts
, OP_EQ
, NULL
);
127 elts
= parse_protocol_list("Link=1,9-8,3");
128 tt_ptr_op(elts
, OP_EQ
, NULL
);
130 /* Protocol name too long */
131 elts
= parse_protocol_list("DoSaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
132 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
133 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
134 tt_ptr_op(elts
, OP_EQ
, NULL
);
142 test_protover_vote(void *arg
)
146 smartlist_t
*lst
= smartlist_new();
147 char *result
= protover_compute_vote(lst
, 1);
149 tt_str_op(result
, OP_EQ
, "");
152 smartlist_add(lst
, (void*) "Foo=1-10,500 Bar=1,3-7,8");
153 result
= protover_compute_vote(lst
, 1);
154 tt_str_op(result
, OP_EQ
, "Bar=1,3-8 Foo=1-10,500");
157 smartlist_add(lst
, (void*) "Quux=123-456,78 Bar=2-6,8 Foo=9");
158 result
= protover_compute_vote(lst
, 1);
159 tt_str_op(result
, OP_EQ
, "Bar=1-8 Foo=1-10,500 Quux=78,123-456");
162 result
= protover_compute_vote(lst
, 2);
163 tt_str_op(result
, OP_EQ
, "Bar=3-6,8 Foo=9");
167 result
= protover_compute_vote(lst
, 3);
168 tt_str_op(result
, OP_EQ
, "");
171 /* Don't count double-voting. */
172 smartlist_clear(lst
);
173 smartlist_add(lst
, (void*) "Foo=1 Foo=1");
174 smartlist_add(lst
, (void*) "Bar=1-2,2-3");
175 result
= protover_compute_vote(lst
, 2);
176 tt_str_op(result
, OP_EQ
, "");
179 /* Bad votes: the result must be empty */
180 smartlist_clear(lst
);
181 smartlist_add(lst
, (void*) "Faux=10-5");
182 result
= protover_compute_vote(lst
, 1);
183 tt_str_op(result
, OP_EQ
, "");
186 /* This fails, since "-0" is not valid. */
187 smartlist_clear(lst
);
188 smartlist_add(lst
, (void*) "Faux=-0");
189 result
= protover_compute_vote(lst
, 1);
190 tt_str_op(result
, OP_EQ
, "");
193 /* Vote large protover lists that are just below the threshold */
195 /* Just below the threshold: Rust */
196 smartlist_clear(lst
);
197 smartlist_add(lst
, (void*) "Sleen=1-500");
198 result
= protover_compute_vote(lst
, 1);
199 tt_str_op(result
, OP_EQ
, "Sleen=1-500");
202 /* Just below the threshold: C */
203 smartlist_clear(lst
);
204 smartlist_add(lst
, (void*) "Sleen=1-65536");
205 result
= protover_compute_vote(lst
, 1);
206 tt_str_op(result
, OP_EQ
, "Sleen=1-65536");
209 /* Large protover lists that exceed the threshold */
211 /* By adding two votes, C allows us to exceed the limit */
212 smartlist_add(lst
, (void*) "Sleen=1-65536");
213 smartlist_add(lst
, (void*) "Sleen=100000");
214 result
= protover_compute_vote(lst
, 1);
215 tt_str_op(result
, OP_EQ
, "Sleen=1-65536,100000");
219 smartlist_clear(lst
);
220 smartlist_add(lst
, (void*) "Sleen=4294967294");
221 result
= protover_compute_vote(lst
, 1);
222 tt_str_op(result
, OP_EQ
, "Sleen=4294967294");
225 /* This parses, but fails at the vote stage */
226 smartlist_clear(lst
);
227 smartlist_add(lst
, (void*) "Sleen=4294967295");
228 result
= protover_compute_vote(lst
, 1);
229 tt_str_op(result
, OP_EQ
, "");
232 smartlist_clear(lst
);
233 smartlist_add(lst
, (void*) "Sleen=4294967296");
234 result
= protover_compute_vote(lst
, 1);
235 tt_str_op(result
, OP_EQ
, "");
238 /* Protocol name too long */
239 smartlist_clear(lst
);
240 smartlist_add(lst
, (void*) "DoSaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
241 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
242 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
243 result
= protover_compute_vote(lst
, 1);
244 tt_str_op(result
, OP_EQ
, "");
253 test_protover_all_supported(void *arg
)
258 tt_assert(protover_all_supported(NULL
, &msg
));
259 tt_ptr_op(msg
, OP_EQ
, NULL
);
261 tt_assert(protover_all_supported("", &msg
));
262 tt_ptr_op(msg
, OP_EQ
, NULL
);
264 // Some things that we do support
265 tt_assert(protover_all_supported("Link=3-4", &msg
));
266 tt_ptr_op(msg
, OP_EQ
, NULL
);
267 tt_assert(protover_all_supported("Link=3-4 Desc=2", &msg
));
268 tt_ptr_op(msg
, OP_EQ
, NULL
);
270 // Some things we don't support
271 tt_assert(! protover_all_supported("Wombat=9", NULL
));
272 tt_assert(! protover_all_supported("Wombat=9", &msg
));
273 tt_str_op(msg
, OP_EQ
, "Wombat=9");
275 tt_assert(! protover_all_supported("Link=999", &msg
));
276 tt_str_op(msg
, OP_EQ
, "Link=999");
279 // Mix of things we support and things we don't
280 tt_assert(! protover_all_supported("Link=3-4 Wombat=9", &msg
));
281 tt_str_op(msg
, OP_EQ
, "Wombat=9");
284 /* Mix of things we support and don't support within a single protocol
285 * which we do support */
286 tt_assert(! protover_all_supported("Link=3-999", &msg
));
287 tt_str_op(msg
, OP_EQ
, "Link=6-999");
289 tt_assert(! protover_all_supported("Link=1-3,345-666", &msg
));
290 tt_str_op(msg
, OP_EQ
, "Link=345-666");
292 tt_assert(! protover_all_supported("Link=1-3,5-12", &msg
));
293 tt_str_op(msg
, OP_EQ
, "Link=6-12");
296 /* Mix of protocols we do support and some we don't, where the protocols
297 * we do support have some versions we don't support. */
298 tt_assert(! protover_all_supported("Link=1-3,5-12 Quokka=9000-9001", &msg
));
299 tt_str_op(msg
, OP_EQ
, "Link=6-12 Quokka=9000-9001");
302 /* We shouldn't be able to DoS ourselves parsing a large range. */
303 tt_assert(! protover_all_supported("Sleen=1-2147483648", &msg
));
304 tt_str_op(msg
, OP_EQ
, "Sleen=1-2147483648");
307 /* This case is allowed. */
308 tt_assert(! protover_all_supported("Sleen=1-4294967294", &msg
));
309 tt_str_op(msg
, OP_EQ
, "Sleen=1-4294967294");
312 /* If we get a (barely) valid (but unsupported list, we say "yes, that's
314 tt_assert(protover_all_supported("Fribble=", &msg
));
315 tt_ptr_op(msg
, OP_EQ
, NULL
);
317 /* If we get a completely unparseable list, protover_all_supported should
318 * hit a fatal assertion for BUG(entries == NULL). */
319 tor_capture_bugs_(1);
320 tt_assert(protover_all_supported("Fribble", &msg
));
321 tor_end_capture_bugs_();
323 /* If we get a completely unparseable list, protover_all_supported should
324 * hit a fatal assertion for BUG(entries == NULL). */
325 tor_capture_bugs_(1);
326 tt_assert(protover_all_supported("Sleen=1-4294967295", &msg
));
327 tor_end_capture_bugs_();
329 /* Protocol name too long */
330 #ifndef HAVE_RUST // XXXXXX ?????
331 tor_capture_bugs_(1);
332 tt_assert(protover_all_supported(
333 "DoSaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
334 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
335 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
336 "aaaaaaaaaaaa=1-65536", &msg
));
337 tor_end_capture_bugs_();
341 tor_end_capture_bugs_();
346 test_protover_list_supports_protocol_returns_true(void *arg
)
350 const char *protocols
= "Link=1";
351 int is_supported
= protocol_list_supports_protocol(protocols
, PRT_LINK
, 1);
352 tt_int_op(is_supported
, OP_EQ
, 1);
359 test_protover_list_supports_protocol_for_unsupported_returns_false(void *arg
)
363 const char *protocols
= "Link=1";
364 int is_supported
= protocol_list_supports_protocol(protocols
, PRT_LINK
, 10);
365 tt_int_op(is_supported
, OP_EQ
, 0);
372 test_protover_supports_version(void *arg
)
376 tt_assert(protocol_list_supports_protocol("Link=3-6", PRT_LINK
, 3));
377 tt_assert(protocol_list_supports_protocol("Link=3-6", PRT_LINK
, 6));
378 tt_assert(!protocol_list_supports_protocol("Link=3-6", PRT_LINK
, 7));
379 tt_assert(!protocol_list_supports_protocol("Link=3-6", PRT_LINKAUTH
, 3));
381 tt_assert(!protocol_list_supports_protocol("Link=4-6 LinkAuth=3",
383 tt_assert(protocol_list_supports_protocol("Link=4-6 LinkAuth=3",
385 tt_assert(!protocol_list_supports_protocol("Link=4-6 LinkAuth=3",
387 tt_assert(!protocol_list_supports_protocol_or_later("Link=4-6 LinkAuth=3",
389 tt_assert(protocol_list_supports_protocol_or_later("Link=4-6 LinkAuth=3",
391 tt_assert(protocol_list_supports_protocol_or_later("Link=4-6 LinkAuth=3",
394 tt_assert(!protocol_list_supports_protocol_or_later("Link=4-6 LinkAuth=3",
400 /* This could be MAX_PROTOCOLS_TO_EXPAND, but that's not exposed by protover */
401 #define MAX_PROTOCOLS_TO_TEST 1024
403 /* LinkAuth and Relay protocol versions.
404 * Hard-coded here, because they are not in the code, or not exposed in the
406 #define PROTOVER_LINKAUTH_V1 1
407 #define PROTOVER_LINKAUTH_V3 3
409 #define PROTOVER_RELAY_V1 1
410 #define PROTOVER_RELAY_V2 2
412 /* Highest supported HSv2 introduce protocol version.
413 * Hard-coded here, because it does not appear anywhere in the code.
414 * It's not clear if we actually support version 2, see #25068. */
415 #define PROTOVER_HSINTRO_V2 3
417 /* HSv2 Rend and HSDir protocol versions.
418 * Hard-coded here, because they do not appear anywhere in the code. */
419 #define PROTOVER_HS_RENDEZVOUS_POINT_V2 1
420 #define PROTOVER_HSDIR_V2 1
422 /* DirCache, Desc, Microdesc, and Cons protocol versions.
423 * Hard-coded here, because they do not appear anywhere in the code. */
424 #define PROTOVER_DIRCACHE_V1 1
425 #define PROTOVER_DIRCACHE_V2 2
427 #define PROTOVER_DESC_V1 1
428 #define PROTOVER_DESC_V2 2
430 #define PROTOVER_MICRODESC_V1 1
431 #define PROTOVER_MICRODESC_V2 2
433 #define PROTOVER_CONS_V1 1
434 #define PROTOVER_CONS_V2 2
436 /* Make sure we haven't forgotten any supported protocols */
438 test_protover_supported_protocols(void *arg
)
442 const char *supported_protocols
= protover_get_supported_protocols();
444 /* Test for new Link in the code, that hasn't been added to supported
446 tt_assert(protocol_list_supports_protocol(supported_protocols
,
449 for (uint16_t i
= 0; i
< MAX_PROTOCOLS_TO_TEST
; i
++) {
450 if (is_or_protocol_version_known(i
)) {
451 tt_assert(protocol_list_supports_protocol(supported_protocols
,
457 #ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS
458 /* Legacy LinkAuth does not appear anywhere in the code. */
459 tt_assert(protocol_list_supports_protocol(supported_protocols
,
461 PROTOVER_LINKAUTH_V1
));
463 /* Latest LinkAuth is not exposed in the headers. */
464 tt_assert(protocol_list_supports_protocol(supported_protocols
,
466 PROTOVER_LINKAUTH_V3
));
467 /* Is there any way to test for new LinkAuth? */
469 /* Relay protovers do not appear anywhere in the code. */
470 tt_assert(protocol_list_supports_protocol(supported_protocols
,
473 tt_assert(protocol_list_supports_protocol(supported_protocols
,
476 /* Is there any way to test for new Relay? */
478 /* We could test legacy HSIntro by calling rend_service_update_descriptor(),
479 * and checking the protocols field. But that's unlikely to change, so
480 * we just use a hard-coded value. */
481 tt_assert(protocol_list_supports_protocol(supported_protocols
,
483 PROTOVER_HSINTRO_V2
));
484 /* Test for HSv3 HSIntro */
485 tt_assert(protocol_list_supports_protocol(supported_protocols
,
487 PROTOVER_HS_INTRO_V3
));
488 /* Is there any way to test for new HSIntro? */
490 /* Legacy HSRend does not appear anywhere in the code. */
491 tt_assert(protocol_list_supports_protocol(supported_protocols
,
493 PROTOVER_HS_RENDEZVOUS_POINT_V2
));
494 /* Test for HSv3 HSRend */
495 tt_assert(protocol_list_supports_protocol(supported_protocols
,
497 PROTOVER_HS_RENDEZVOUS_POINT_V3
));
498 /* Is there any way to test for new HSRend? */
500 /* Legacy HSDir does not appear anywhere in the code. */
501 tt_assert(protocol_list_supports_protocol(supported_protocols
,
504 /* Test for HSv3 HSDir */
505 tt_assert(protocol_list_supports_protocol(supported_protocols
,
508 /* Is there any way to test for new HSDir? */
510 /* No DirCache versions appear anywhere in the code. */
511 tt_assert(protocol_list_supports_protocol(supported_protocols
,
513 PROTOVER_DIRCACHE_V1
));
514 tt_assert(protocol_list_supports_protocol(supported_protocols
,
516 PROTOVER_DIRCACHE_V2
));
517 /* Is there any way to test for new DirCache? */
519 /* No Desc versions appear anywhere in the code. */
520 tt_assert(protocol_list_supports_protocol(supported_protocols
,
523 tt_assert(protocol_list_supports_protocol(supported_protocols
,
526 /* Is there any way to test for new Desc? */
528 /* No Microdesc versions appear anywhere in the code. */
529 tt_assert(protocol_list_supports_protocol(supported_protocols
,
531 PROTOVER_MICRODESC_V1
));
532 tt_assert(protocol_list_supports_protocol(supported_protocols
,
534 PROTOVER_MICRODESC_V2
));
535 /* Is there any way to test for new Microdesc? */
537 /* No Cons versions appear anywhere in the code. */
538 tt_assert(protocol_list_supports_protocol(supported_protocols
,
541 tt_assert(protocol_list_supports_protocol(supported_protocols
,
544 /* Is there any way to test for new Cons? */
551 test_protover_vote_roundtrip(void *args
)
554 static const struct {
556 const char *expected_output
;
558 { "Risqu\u00e9=1", NULL
},
561 { "Foo_Bar=1", NULL
},
562 { "Fkrkljdsf", NULL
},
563 { "Zn=4294967295", NULL
},
564 { "Zn=4294967295-1", NULL
},
565 { "Zn=4294967293-4294967295", NULL
},
566 /* Will fail because of 4294967295. */
567 { "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,900 Zn=1,4294967295",
569 { "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,900 Zn=1,4294967294",
570 "Bar=3 Foo=1,3 Quux=9-12,14-16,900 Zn=1,4294967294" },
571 { "Zu16=1,65536", "Zu16=1,65536" },
572 { "N-1=1,2", "N-1=1-2" },
573 { "-1=4294967295", NULL
},
577 /* Missing equals sign */
578 { "Link=4 Haprauxymatyve Desc=9", NULL
},
579 { "Link=4 Haprauxymatyve=7 Desc=9",
580 "Desc=9 Haprauxymatyve=7 Link=4" },
582 { "X=10-11", "X=10-11" },
583 { "Link=4 =3 Desc=9", NULL
},
584 { "Link=4 Z=3 Desc=9", "Desc=9 Link=4 Z=3" },
585 { "Link=fred", NULL
},
586 { "Link=1,fred", NULL
},
587 { "Link=1,fred,3", NULL
},
588 { "Link=1,9-8,3", NULL
},
590 { "Faux=0--0", NULL
},
592 { "Faux=-1-3", NULL
},
593 { "Faux=1--1", NULL
},
594 { "Link=1-2-", NULL
},
595 { "Link=1-2-3", NULL
},
596 { "Faux=1-2-", NULL
},
597 { "Faux=1-2-3", NULL
},
598 { "Link=\t1,3", NULL
},
599 { "Link=1\n,3", NULL
},
600 { "Faux=1,\r3", NULL
},
601 { "Faux=1,3\f", NULL
},
603 { "Link=4294967296", NULL
},
605 { "Sleen=1-501", "Sleen=1-501" },
606 { "Sleen=1-65537", NULL
},
607 /* Both C/Rust implementations should be able to handle this mild DoS. */
608 { "Sleen=1-2147483648", NULL
},
609 /* Rust tests are built in debug mode, so ints are bounds-checked. */
610 { "Sleen=1-4294967295", NULL
},
613 smartlist_t
*votes
= smartlist_new();
616 for (u
= 0; u
< ARRAY_LENGTH(examples
); ++u
) {
617 const char *input
= examples
[u
].input
;
618 const char *expected_output
= examples
[u
].expected_output
;
620 smartlist_add(votes
, (void*)input
);
621 result
= protover_compute_vote(votes
, 1);
622 if (expected_output
!= NULL
) {
623 tt_str_op(result
, OP_EQ
, expected_output
);
625 tt_str_op(result
, OP_EQ
, "");
628 smartlist_clear(votes
);
633 smartlist_free(votes
);
637 #define PV_TEST(name, flags) \
638 { #name, test_protover_ ##name, (flags), NULL, NULL }
640 struct testcase_t protover_tests
[] = {
642 PV_TEST(parse_fail
, 0),
644 PV_TEST(all_supported
, 0),
645 PV_TEST(list_supports_protocol_for_unsupported_returns_false
, 0),
646 PV_TEST(list_supports_protocol_returns_true
, 0),
647 PV_TEST(supports_version
, 0),
648 PV_TEST(supported_protocols
, 0),
649 PV_TEST(vote_roundtrip
, 0),