| blob | 5e74265550e484ca654bf6240b01b354f67a398d |
1 /* Copyright (c) 2016-2020, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
4 #define PROTOVER_PRIVATE
5 #define DIRVOTE_PRIVATE
22 static void
24 {
26 #ifdef HAVE_RUST
27 /** This test is disabled on rust builds, because it only exists to test
28 * internal C functions. */
30 done:
31 ;
46 {
54 }
59 {
63 }
72 {
88 }
94 done:
100 }
102 static void
104 {
106 #ifdef HAVE_RUST
107 /** This test is disabled on rust builds, because it only exists to test
108 * internal C functions. */
110 #else
113 /* random junk */
117 /* Missing equals sign in an entry */
121 /* Missing word. */
125 /* Broken numbers */
133 /* Broken range */
137 /* Protocol name too long */
139 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
144 done:
145 ;
146 }
148 static void
150 {
173 /* High threshold */
178 /* Don't count double-voting. */
186 /* Bad votes: the result must be empty */
193 /* This fails, since "-0" is not valid. */
200 /* Vote large protover lists that are just below the threshold */
202 /* Just below the threshold: Rust */
209 /* Just below the threshold: C */
216 /* Large protover lists that exceed the threshold */
218 /* By adding two votes, C allows us to exceed the limit */
225 /* Large integers */
232 /* This parses, but fails at the vote stage */
245 /* Protocol name too long */
248 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
254 done:
257 }
259 static void
261 {
271 // Some things that we do support
277 // Some things we don't support
286 // Mix of things we support and things we don't
291 /* Mix of things we support and don't support within a single protocol
292 * which we do support */
303 /* Mix of protocols we do support and some we don't, where the protocols
304 * we do support have some versions we don't support. */
309 /* We shouldn't be able to DoS ourselves parsing a large range. */
314 /* This case is allowed. */
319 /* If we get a (barely) valid (but unsupported list, we say "yes, that's
320 * supported." */
324 #ifndef ALL_BUGS_ARE_FATAL
325 /* If we get a completely unparseable list, protover_all_supported should
326 * hit a fatal assertion for BUG(entries == NULL). */
331 /* If we get a completely unparseable list, protover_all_supported should
332 * hit a fatal assertion for BUG(entries == NULL). */
338 /* Protocol name too long */
339 #if !defined(HAVE_RUST) && !defined(ALL_BUGS_ARE_FATAL)
342 "DoSaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
343 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
344 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
349 done:
352 }
354 static void
356 {
363 done:
364 ;
365 }
367 static void
369 {
376 done:
377 ;
378 }
380 static void
382 {
405 done:
406 ;
407 }
409 /* This could be MAX_PROTOCOLS_TO_EXPAND, but that's not exposed by protover */
410 #define MAX_PROTOCOLS_TO_TEST 1024
412 /* LinkAuth and Relay protocol versions.
413 * Hard-coded here, because they are not in the code, or not exposed in the
414 * headers. */
415 #define PROTOVER_LINKAUTH_V1 1
416 #define PROTOVER_LINKAUTH_V2 2
417 #define PROTOVER_RELAY_V1 1
419 /* Deprecated HSIntro versions */
420 #define PROTOVER_HS_INTRO_DEPRECATED_1 1
421 #define PROTOVER_HS_INTRO_DEPRECATED_2 2
422 /* Highest supported HSv2 introduce protocol version.
423 * It's not clear if we actually support version 2, see #25068. */
424 #define PROTOVER_HS_INTRO_V2 3
426 /* HSv2 Rend and HSDir protocol versions. */
427 #define PROTOVER_HS_RENDEZVOUS_POINT_V2 1
428 #define PROTOVER_HSDIR_V2 1
430 /* DirCache, Desc, Microdesc, and Cons protocol versions. */
431 #define PROTOVER_DIRCACHE_V1 1
432 #define PROTOVER_DIRCACHE_V2 2
434 #define PROTOVER_DESC_V1 1
435 #define PROTOVER_DESC_V2 2
437 #define PROTOVER_MICRODESC_V1 1
438 #define PROTOVER_MICRODESC_V2 2
440 #define PROTOVER_CONS_V1 1
441 #define PROTOVER_CONS_V2 2
443 #define PROTOVER_PADDING_V1 1
445 #define PROTOVER_FLOWCTRL_V1 1
447 /* Make sure we haven't forgotten any supported protocols */
448 static void
450 {
455 /* Test for new Link in the code, that hasn't been added to supported
456 * protocols */
458 PRT_LINK,
459 MAX_LINK_PROTO));
462 PRT_LINK,
463 i),
464 OP_EQ,
466 }
468 /* Legacy LinkAuth is only supported on OpenSSL and similar. */
470 PRT_LINKAUTH,
471 PROTOVER_LINKAUTH_V1),
472 OP_EQ,
474 /* LinkAuth=2 is unused */
476 PRT_LINKAUTH,
477 PROTOVER_LINKAUTH_V2));
480 PRT_LINKAUTH,
481 PROTOVER_LINKAUTH_ED25519_HANDSHAKE));
483 /* Relay protovers do not appear anywhere in the code. */
485 PRT_RELAY,
486 PROTOVER_RELAY_V1));
488 PRT_RELAY,
489 PROTOVER_RELAY_EXTEND2));
491 PRT_RELAY,
492 PROTOVER_RELAY_ACCEPT_IPV6));
494 PRT_RELAY,
495 PROTOVER_RELAY_EXTEND_IPV6));
497 PRT_RELAY,
498 PROTOVER_RELAY_CANONICAL_IPV6));
500 /* These HSIntro versions are deprecated */
502 PRT_HSINTRO,
503 PROTOVER_HS_INTRO_DEPRECATED_1));
505 PRT_HSINTRO,
506 PROTOVER_HS_INTRO_DEPRECATED_2));
507 /* We could test legacy HSIntro by calling rend_service_update_descriptor(),
508 * and checking the protocols field. But that's unlikely to change, so
509 * we just use a hard-coded value. */
511 PRT_HSINTRO,
512 PROTOVER_HS_INTRO_V2));
513 /* Test for HSv3 HSIntro */
515 PRT_HSINTRO,
516 PROTOVER_HS_INTRO_V3));
517 /* Test for HSIntro DoS */
519 PRT_HSINTRO,
520 PROTOVER_HS_INTRO_DOS));
522 /* Legacy HSRend does not appear anywhere in the code. */
524 PRT_HSREND,
525 PROTOVER_HS_RENDEZVOUS_POINT_V2));
526 /* Test for HSv3 HSRend */
528 PRT_HSREND,
529 PROTOVER_HS_RENDEZVOUS_POINT_V3));
531 /* Legacy HSDir does not appear anywhere in the code. */
533 PRT_HSDIR,
534 PROTOVER_HSDIR_V2));
535 /* Test for HSv3 HSDir */
537 PRT_HSDIR,
538 PROTOVER_HSDIR_V3));
540 /* No DirCache versions appear anywhere in the code. */
542 PRT_DIRCACHE,
543 PROTOVER_DIRCACHE_V1));
545 PRT_DIRCACHE,
546 PROTOVER_DIRCACHE_V2));
548 /* No Desc versions appear anywhere in the code. */
550 PRT_DESC,
551 PROTOVER_DESC_V1));
553 PRT_DESC,
554 PROTOVER_DESC_V2));
555 /* Is there any way to test for new Desc? */
557 /* No Microdesc versions appear anywhere in the code. */
559 PRT_MICRODESC,
560 PROTOVER_MICRODESC_V1));
562 PRT_MICRODESC,
563 PROTOVER_MICRODESC_V2));
565 /* No Cons versions appear anywhere in the code. */
567 PRT_CONS,
568 PROTOVER_CONS_V1));
570 PRT_CONS,
571 PROTOVER_CONS_V2));
573 /* Padding=1 is deprecated. */
575 PRT_PADDING,
576 PROTOVER_PADDING_V1));
578 PRT_PADDING,
579 PROTOVER_HS_SETUP_PADDING));
581 /* FlowCtrl */
583 PRT_FLOWCTRL,
584 PROTOVER_FLOWCTRL_V1));
586 done:
587 ;
588 }
590 static void
592 {
606 /* Will fail because of 4294967295. */
608 NULL },
615 /* junk. */
617 /* Missing equals sign */
642 /* Large integers */
644 /* Large range */
647 /* Both C/Rust implementations should be able to handle this mild DoS. */
649 /* Rust tests are built in debug mode, so ints are bounds-checked. */
651 };
666 }
670 }
672 done:
675 }
677 static void
679 {
683 DIRVOTE_RECOMMEND_RELAY_PROTO,
684 DIRVOTE_RECOMMEND_CLIENT_PROTO,
685 DIRVOTE_REQUIRE_RELAY_PROTO,
686 DIRVOTE_REQUIRE_CLIENT_PROTO,
687 };
703 }
707 }
709 done:
712 }
714 /* Stringifies its argument.
715 * 4 -> "4" */
716 #define STR(x) #x
718 #ifdef COCCI
719 #define PROTOVER(proto_string, version_macro)
720 #else
721 /* Generate a protocol version string using proto_string and version_macro.
722 * PROTOVER("HSIntro", PROTOVER_HS_INTRO_DOS) -> "HSIntro" "=" "5"
723 * Uses two levels of macros to turn PROTOVER_HS_INTRO_DOS into "5".
724 */
725 #define PROTOVER(proto_string, version_macro) \
727 #endif
729 #define DEBUG_PROTOVER(flags) \
730 STMT_BEGIN \
731 log_debug(LD_GENERAL, \
745 (flags).protocols_known, \
746 (flags).supports_extend2_cells, \
747 (flags).supports_accepting_ipv6_extends, \
748 (flags).supports_initiating_ipv6_extends, \
749 (flags).supports_canonical_ipv6_conns, \
750 (flags).supports_ed25519_link_handshake_compat, \
751 (flags).supports_ed25519_link_handshake_any, \
752 (flags).supports_ed25519_hs_intro, \
753 (flags).supports_establish_intro_dos_extension, \
754 (flags).supports_v3_hsdir, \
755 (flags).supports_v3_rendezvous_point, \
756 (flags).supports_hs_setup_padding); \
757 STMT_END
759 /* Test that the proto_string version version_macro sets summary_flag. */
760 #define TEST_PROTOVER(proto_string, version_macro, summary_flag) \
761 STMT_BEGIN \
762 memset(&flags, 0, sizeof(flags)); \
763 summarize_protover_flags(&flags, \
764 PROTOVER(proto_string, version_macro), \
765 NULL); \
766 DEBUG_PROTOVER(flags); \
767 tt_int_op(flags.protocols_known, OP_EQ, 1); \
768 tt_int_op(flags.summary_flag, OP_EQ, 1); \
769 flags.protocols_known = 0; \
770 flags.summary_flag = 0; \
771 tt_mem_op(&flags, OP_EQ, &zero_flags, sizeof(flags)); \
772 STMT_END
774 static void
776 {
783 protover_summary_flags_t zero_flags;
785 protover_summary_flags_t flags;
797 /* Now check version exceptions */
799 /* EXTEND2 cell support */
805 /* Now clear those flags, and check the rest are zero */
810 /* disabling HSDir v3 support for buggy versions */
814 NULL);
818 /* Now clear those flags, and check the rest are zero */
829 /* Now clear that flag, and check the rest are zero */
833 /* Now check standard summaries */
835 /* LinkAuth */
839 PROTOVER_LINKAUTH_ED25519_HANDSHAKE),
840 NULL);
845 /* Now clear those flags, and check the rest are zero */
851 /* Test one greater */
860 /* Now clear those flags, and check the rest are zero */
866 /* Test one less */
875 /* Now clear those flags, and check the rest are zero */
881 /* We don't test "one more" and "one less" for each protocol version.
882 * But that could be a useful thing to add. */
884 /* Relay */
886 /* This test relies on these versions being equal */
894 /* Now clear those flags, and check the rest are zero */
901 /* This test relies on these versions being equal */
905 NULL);
911 /* Now clear those flags, and check the rest are zero */
919 supports_ed25519_hs_intro);
921 supports_establish_intro_dos_extension);
924 supports_v3_rendezvous_point);
927 supports_v3_hsdir);
930 supports_hs_setup_padding);
932 done:
933 ;
934 }
936 #define PV_TEST(name, flags) \
937 { #name, test_protover_ ##name, (flags), NULL, NULL }
950 /* fork, because we memoize flags internally */
952 END_OF_TESTCASES
953 };