search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'maint-0.4.5' into release-0.4.5
[tor.git] / src / test / test_hs_cache.c
blobdf96b2c7914c729b51b60dd889a074f35474a419
1 /* Copyright (c) 2016-2020, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3
4 /**
5 * \file test_hs_cache.c
6 * \brief Test hidden service caches.
7 */
8
9 #define CONNECTION_PRIVATE
10 #define DIRCACHE_PRIVATE
11 #define DIRCLIENT_PRIVATE
12 #define HS_CACHE_PRIVATE
13 #define CHANNEL_OBJECT_PRIVATE
14
15 #include "trunnel/ed25519_cert.h"
16 #include "feature/hs/hs_cache.h"
17 #include "feature/rend/rendcache.h"
18 #include "feature/dircache/dircache.h"
19 #include "feature/dirclient/dirclient.h"
20 #include "feature/nodelist/networkstatus.h"
21 #include "core/mainloop/connection.h"
22 #include "core/proto/proto_http.h"
23 #include "core/or/circuitlist.h"
24 #include "core/or/channel.h"
25 #include "lib/crypt_ops/crypto_format.h"
26 #include "lib/crypt_ops/crypto_rand.h"
27
28 #include "core/or/edge_connection_st.h"
29 #include "core/or/or_circuit_st.h"
30 #include "core/or/or_connection_st.h"
31 #include "feature/dircommon/dir_connection_st.h"
32 #include "feature/nodelist/networkstatus_st.h"
33
34 #include "test/hs_test_helpers.h"
35 #include "test/test_helpers.h"
36 #include "test/test.h"
37
38 /* Static variable used to encoded the HSDir query. */
39 static char query_b64[256];
40
41 /* Build an HSDir query using a ed25519 public key. */
42 static const char *
43 helper_get_hsdir_query(const hs_descriptor_t *desc)
44 {
45 ed25519_public_to_base64(query_b64, &desc->plaintext_data.blinded_pubkey);
46 return query_b64;
47 }
48
49 static void
50 init_test(void)
51 {
52 /* Always needed. Initialize the subsystem. */
53 hs_cache_init();
54 /* We need the v2 cache since our OOM and cache cleanup does poke at it. */
55 rend_cache_init();
56 }
57
58 static void
59 test_directory(void *arg)
60 {
61 int ret;
62 size_t oom_size;
63 char *desc1_str = NULL;
64 const char *desc_out;
65 ed25519_keypair_t signing_kp1;
66 hs_descriptor_t *desc1 = NULL;
67
68 (void) arg;
69
70 init_test();
71 /* Generate a valid descriptor with normal values. */
72 ret = ed25519_keypair_generate(&signing_kp1, 0);
73 tt_int_op(ret, OP_EQ, 0);
74 desc1 = hs_helper_build_hs_desc_with_ip(&signing_kp1);
75 tt_assert(desc1);
76 ret = hs_desc_encode_descriptor(desc1, &signing_kp1, NULL, &desc1_str);
77 tt_int_op(ret, OP_EQ, 0);
78
79 /* Very first basic test, should be able to be stored, survive a
80 * clean, found with a lookup and then cleaned by our OOM. */
81 {
82 ret = hs_cache_store_as_dir(desc1_str);
83 tt_int_op(ret, OP_EQ, 0);
84 /* Re-add, it should fail since we already have it. */
85 ret = hs_cache_store_as_dir(desc1_str);
86 tt_int_op(ret, OP_EQ, -1);
87 /* Try to clean now which should be fine, there is at worst few seconds
88 * between the store and this call. */
89 hs_cache_clean_as_dir(time(NULL));
90 /* We should find it in our cache. */
91 ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), &desc_out);
92 tt_int_op(ret, OP_EQ, 1);
93 tt_str_op(desc_out, OP_EQ, desc1_str);
94 /* Tell our OOM to run and to at least remove a byte which will result in
95 * removing the descriptor from our cache. */
96 oom_size = hs_cache_handle_oom(time(NULL), 1);
97 tt_int_op(oom_size, OP_GE, 1);
98 ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), NULL);
99 tt_int_op(ret, OP_EQ, 0);
100 }
101
102 /* Store two descriptors and remove the expiring one only. */
103 {
104 ed25519_keypair_t signing_kp_zero;
105 ret = ed25519_keypair_generate(&signing_kp_zero, 0);
106 tt_int_op(ret, OP_EQ, 0);
107 hs_descriptor_t *desc_zero_lifetime;
108 desc_zero_lifetime = hs_helper_build_hs_desc_with_ip(&signing_kp_zero);
109 tt_assert(desc_zero_lifetime);
110 desc_zero_lifetime->plaintext_data.revision_counter = 1;
111 desc_zero_lifetime->plaintext_data.lifetime_sec = 0;
112 char *desc_zero_lifetime_str;
113 ret = hs_desc_encode_descriptor(desc_zero_lifetime, &signing_kp_zero,
114 NULL, &desc_zero_lifetime_str);
115 tt_int_op(ret, OP_EQ, 0);
116
117 ret = hs_cache_store_as_dir(desc1_str);
118 tt_int_op(ret, OP_EQ, 0);
119 ret = hs_cache_store_as_dir(desc_zero_lifetime_str);
120 tt_int_op(ret, OP_EQ, 0);
121 /* This one should clear out our zero lifetime desc. */
122 hs_cache_clean_as_dir(time(NULL));
123 /* We should find desc1 in our cache. */
124 ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), &desc_out);
125 tt_int_op(ret, OP_EQ, 1);
126 tt_str_op(desc_out, OP_EQ, desc1_str);
127 /* We should NOT find our zero lifetime desc in our cache. */
128 ret = hs_cache_lookup_as_dir(3,
129 helper_get_hsdir_query(desc_zero_lifetime),
130 NULL);
131 tt_int_op(ret, OP_EQ, 0);
132 /* Cleanup our entire cache. */
133 oom_size = hs_cache_handle_oom(time(NULL), 1);
134 tt_int_op(oom_size, OP_GE, 1);
135 hs_descriptor_free(desc_zero_lifetime);
136 tor_free(desc_zero_lifetime_str);
137 }
138
139 /* Throw junk at it. */
140 {
141 ret = hs_cache_store_as_dir("blah");
142 tt_int_op(ret, OP_EQ, -1);
143 /* Poor attempt at tricking the decoding. */
144 ret = hs_cache_store_as_dir("hs-descriptor 3\nJUNK");
145 tt_int_op(ret, OP_EQ, -1);
146 /* Undecodable base64 query. */
147 ret = hs_cache_lookup_as_dir(3, "blah", NULL);
148 tt_int_op(ret, OP_EQ, -1);
149 /* Decodable base64 query but wrong ed25519 size. */
150 ret = hs_cache_lookup_as_dir(3, "dW5pY29ybg==", NULL);
151 tt_int_op(ret, OP_EQ, -1);
152 }
153
154 /* Test descriptor replacement with revision counter. */
155 {
156 char *new_desc_str;
157
158 /* Add a descriptor. */
159 ret = hs_cache_store_as_dir(desc1_str);
160 tt_int_op(ret, OP_EQ, 0);
161 ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), &desc_out);
162 tt_int_op(ret, OP_EQ, 1);
163 /* Bump revision counter. */
164 desc1->plaintext_data.revision_counter++;
165 ret = hs_desc_encode_descriptor(desc1, &signing_kp1, NULL, &new_desc_str);
166 tt_int_op(ret, OP_EQ, 0);
167 ret = hs_cache_store_as_dir(new_desc_str);
168 tt_int_op(ret, OP_EQ, 0);
169 /* Look it up, it should have been replaced. */
170 ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), &desc_out);
171 tt_int_op(ret, OP_EQ, 1);
172 tt_str_op(desc_out, OP_EQ, new_desc_str);
173 tor_free(new_desc_str);
174 }
175
176 done:
177 hs_descriptor_free(desc1);
178 tor_free(desc1_str);
179 }
180
181 static void
182 test_clean_as_dir(void *arg)
183 {
184 size_t ret;
185 char *desc1_str = NULL;
186 time_t now = time(NULL);
187 hs_descriptor_t *desc1 = NULL;
188 ed25519_keypair_t signing_kp1;
189
190 (void) arg;
191
192 init_test();
193
194 /* Generate a valid descriptor with values. */
195 ret = ed25519_keypair_generate(&signing_kp1, 0);
196 tt_int_op(ret, OP_EQ, 0);
197 desc1 = hs_helper_build_hs_desc_with_ip(&signing_kp1);
198 tt_assert(desc1);
199 ret = hs_desc_encode_descriptor(desc1, &signing_kp1, NULL, &desc1_str);
200 tt_int_op(ret, OP_EQ, 0);
201 ret = hs_cache_store_as_dir(desc1_str);
202 tt_int_op(ret, OP_EQ, 0);
203
204 /* With the lifetime being 3 hours, a cleanup shouldn't remove it. */
205 ret = cache_clean_v3_as_dir(now, 0);
206 tt_int_op(ret, OP_EQ, 0);
207 /* Should be present after clean up. */
208 ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), NULL);
209 tt_int_op(ret, OP_EQ, 1);
210 /* Set a cutoff 100 seconds in the past. It should not remove the entry
211 * since the entry is still recent enough. */
212 ret = cache_clean_v3_as_dir(now, now - 100);
213 tt_int_op(ret, OP_EQ, 0);
214 /* Should be present after clean up. */
215 ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), NULL);
216 tt_int_op(ret, OP_EQ, 1);
217 /* Set a cutoff of 100 seconds in the future. It should remove the entry
218 * that we've just added since it's not too old for the cutoff. */
219 ret = cache_clean_v3_as_dir(now, now + 100);
220 tt_int_op(ret, OP_GT, 0);
221 /* Shouldn't be present after clean up. */
222 ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), NULL);
223 tt_int_op(ret, OP_EQ, 0);
224
225 done:
226 hs_descriptor_free(desc1);
227 tor_free(desc1_str);
228 }
229
230 /* Test helper: Fetch an HS descriptor from an HSDir (for the hidden service
231 with <b>blinded_key</b>. Return the received descriptor string. */
232 static char *
233 helper_fetch_desc_from_hsdir(const ed25519_public_key_t *blinded_key)
234 {
235 int retval;
236
237 char *received_desc = NULL;
238 char *hsdir_query_str = NULL;
239
240 /* The dir conn we are going to simulate */
241 dir_connection_t *conn = NULL;
242 edge_connection_t *edge_conn = NULL;
243 or_circuit_t *or_circ = NULL;
244
245 /* First extract the blinded public key that we are going to use in our
246 query, and then build the actual query string. */
247 {
248 char hsdir_cache_key[ED25519_BASE64_LEN+1];
249
250 ed25519_public_to_base64(hsdir_cache_key, blinded_key);
251 tor_asprintf(&hsdir_query_str, GET("/tor/hs/3/%s"), hsdir_cache_key);
252 }
253
254 /* Simulate an HTTP GET request to the HSDir */
255 conn = dir_connection_new(AF_INET);
256 tt_assert(conn);
257 TO_CONN(conn)->linked = 1; /* Signal that it is encrypted. */
258 tor_addr_from_ipv4h(&conn->base_.addr, 0x7f000001);
259
260 /* Pretend this conn is anonymous. */
261 edge_conn = edge_connection_new(CONN_TYPE_EXIT, AF_INET);
262 TO_CONN(conn)->linked_conn = TO_CONN(edge_conn);
263 or_circ = or_circuit_new(0, NULL);
264 or_circ->p_chan = tor_malloc_zero(sizeof(channel_t));
265 edge_conn->on_circuit = TO_CIRCUIT(or_circ);
266
267 retval = directory_handle_command_get(conn, hsdir_query_str,
268 NULL, 0);
269 tt_int_op(retval, OP_EQ, 0);
270
271 /* Read the descriptor that the HSDir just served us */
272 {
273 char *headers = NULL;
274 size_t body_used = 0;
275
276 fetch_from_buf_http(TO_CONN(conn)->outbuf, &headers, MAX_HEADERS_SIZE,
277 &received_desc, &body_used, HS_DESC_MAX_LEN, 0);
278 tor_free(headers);
279 }
280
281 done:
282 tor_free(hsdir_query_str);
283 if (conn) {
284 tor_free(or_circ->p_chan);
285 connection_free_minimal(TO_CONN(conn)->linked_conn);
286 connection_free_minimal(TO_CONN(conn));
287 }
288
289 return received_desc;
290 }
291
292 /* Publish a descriptor to the HSDir, then fetch it. Check that the received
293 descriptor matches the published one. */
294 static void
295 test_upload_and_download_hs_desc(void *arg)
296 {
297 int retval;
298 hs_descriptor_t *published_desc = NULL;
299
300 char *published_desc_str = NULL;
301 char *received_desc_str = NULL;
302
303 (void) arg;
304
305 /* Initialize HSDir cache subsystem */
306 init_test();
307
308 /* Test a descriptor not found in the directory cache. */
309 {
310 ed25519_public_key_t blinded_key;
311 memset(&blinded_key.pubkey, 'A', sizeof(blinded_key.pubkey));
312 received_desc_str = helper_fetch_desc_from_hsdir(&blinded_key);
313 tt_int_op(strlen(received_desc_str), OP_EQ, 0);
314 tor_free(received_desc_str);
315 }
316
317 /* Generate a valid descriptor with normal values. */
318 {
319 ed25519_keypair_t signing_kp;
320 retval = ed25519_keypair_generate(&signing_kp, 0);
321 tt_int_op(retval, OP_EQ, 0);
322 published_desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
323 tt_assert(published_desc);
324 retval = hs_desc_encode_descriptor(published_desc, &signing_kp,
325 NULL, &published_desc_str);
326 tt_int_op(retval, OP_EQ, 0);
327 }
328
329 /* Publish descriptor to the HSDir */
330 {
331 retval = handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str);
332 tt_int_op(retval, OP_EQ, 200);
333 }
334
335 /* Simulate a fetch of the previously published descriptor */
336 {
337 const ed25519_public_key_t *blinded_key;
338 blinded_key = &published_desc->plaintext_data.blinded_pubkey;
339 received_desc_str = helper_fetch_desc_from_hsdir(blinded_key);
340 }
341
342 /* Verify we received the exact same descriptor we published earlier */
343 tt_str_op(received_desc_str, OP_EQ, published_desc_str);
344 tor_free(received_desc_str);
345
346 /* With a valid descriptor in the directory cache, try again an invalid. */
347 {
348 ed25519_public_key_t blinded_key;
349 memset(&blinded_key.pubkey, 'A', sizeof(blinded_key.pubkey));
350 received_desc_str = helper_fetch_desc_from_hsdir(&blinded_key);
351 tt_int_op(strlen(received_desc_str), OP_EQ, 0);
352 }
353
354 done:
355 tor_free(received_desc_str);
356 tor_free(published_desc_str);
357 hs_descriptor_free(published_desc);
358 }
359
360 /* Test that HSDirs reject outdated descriptors based on their revision
361 * counter. Also test that HSDirs correctly replace old descriptors with newer
362 * descriptors. */
363 static void
364 test_hsdir_revision_counter_check(void *arg)
365 {
366 int retval;
367
368 ed25519_keypair_t signing_kp;
369
370 hs_descriptor_t *published_desc = NULL;
371 char *published_desc_str = NULL;
372
373 hs_subcredential_t subcredential;
374 char *received_desc_str = NULL;
375 hs_descriptor_t *received_desc = NULL;
376
377 (void) arg;
378
379 /* Initialize HSDir cache subsystem */
380 init_test();
381
382 /* Generate a valid descriptor with normal values. */
383 {
384 retval = ed25519_keypair_generate(&signing_kp, 0);
385 tt_int_op(retval, OP_EQ, 0);
386 published_desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
387 tt_assert(published_desc);
388 retval = hs_desc_encode_descriptor(published_desc, &signing_kp,
389 NULL, &published_desc_str);
390 tt_int_op(retval, OP_EQ, 0);
391 }
392
393 /* Publish descriptor to the HSDir */
394 {
395 retval = handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str);
396 tt_int_op(retval, OP_EQ, 200);
397 }
398
399 /* Try publishing again with the same revision counter: Should fail. */
400 {
401 retval = handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str);
402 tt_int_op(retval, OP_EQ, 400);
403 }
404
405 /* Fetch the published descriptor and validate the revision counter. */
406 {
407 const ed25519_public_key_t *blinded_key;
408
409 blinded_key = &published_desc->plaintext_data.blinded_pubkey;
410 hs_get_subcredential(&signing_kp.pubkey, blinded_key, &subcredential);
411 received_desc_str = helper_fetch_desc_from_hsdir(blinded_key);
412
413 retval = hs_desc_decode_descriptor(received_desc_str,
414 &subcredential, NULL, &received_desc);
415 tt_int_op(retval, OP_EQ, HS_DESC_DECODE_OK);
416 tt_assert(received_desc);
417
418 /* Check that the revision counter is correct */
419 tt_u64_op(received_desc->plaintext_data.revision_counter, OP_EQ, 42);
420
421 hs_descriptor_free(received_desc);
422 received_desc = NULL;
423 tor_free(received_desc_str);
424 }
425
426 /* Increment the revision counter and try again. Should work. */
427 {
428 published_desc->plaintext_data.revision_counter = 1313;
429 tor_free(published_desc_str);
430 retval = hs_desc_encode_descriptor(published_desc, &signing_kp,
431 NULL, &published_desc_str);
432 tt_int_op(retval, OP_EQ, 0);
433
434 retval = handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str);
435 tt_int_op(retval, OP_EQ, 200);
436 }
437
438 /* Again, fetch the published descriptor and perform the revision counter
439 validation. The revision counter must have changed. */
440 {
441 const ed25519_public_key_t *blinded_key;
442
443 blinded_key = &published_desc->plaintext_data.blinded_pubkey;
444 received_desc_str = helper_fetch_desc_from_hsdir(blinded_key);
445
446 retval = hs_desc_decode_descriptor(received_desc_str,
447 &subcredential, NULL, &received_desc);
448 tt_int_op(retval, OP_EQ, HS_DESC_DECODE_OK);
449 tt_assert(received_desc);
450
451 /* Check that the revision counter is the latest */
452 tt_u64_op(received_desc->plaintext_data.revision_counter, OP_EQ, 1313);
453 }
454
455 done:
456 hs_descriptor_free(published_desc);
457 hs_descriptor_free(received_desc);
458 tor_free(received_desc_str);
459 tor_free(published_desc_str);
460 }
461
462 static networkstatus_t mock_ns;
463
464 static networkstatus_t *
465 mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor)
466 {
467 (void) now;
468 (void) flavor;
469 return &mock_ns;
470 }
471
472 /** Test that we can store HS descriptors in the client HS cache. */
473 static void
474 test_client_cache(void *arg)
475 {
476 int retval;
477 ed25519_keypair_t signing_kp;
478 hs_descriptor_t *published_desc = NULL;
479 char *published_desc_str = NULL;
480 hs_subcredential_t wanted_subcredential;
481 response_handler_args_t *args = NULL;
482 dir_connection_t *conn = NULL;
483
484 (void) arg;
485
486 /* Initialize HSDir cache subsystem */
487 init_test();
488
489 MOCK(networkstatus_get_reasonably_live_consensus,
490 mock_networkstatus_get_reasonably_live_consensus);
491
492 /* Set consensus time */
493 parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC",
494 &mock_ns.valid_after);
495 parse_rfc1123_time("Sat, 26 Oct 1985 14:00:00 UTC",
496 &mock_ns.fresh_until);
497 parse_rfc1123_time("Sat, 26 Oct 1985 16:00:00 UTC",
498 &mock_ns.valid_until);
499
500 /* Generate a valid descriptor with normal values. */
501 {
502 retval = ed25519_keypair_generate(&signing_kp, 0);
503 tt_int_op(retval, OP_EQ, 0);
504 published_desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
505 tt_assert(published_desc);
506 retval = hs_desc_encode_descriptor(published_desc, &signing_kp,
507 NULL, &published_desc_str);
508 tt_int_op(retval, OP_EQ, 0);
509 memcpy(&wanted_subcredential, &published_desc->subcredential,
510 sizeof(hs_subcredential_t));
511 tt_assert(!fast_mem_is_zero((char*)wanted_subcredential.subcred,
512 DIGEST256_LEN));
513 }
514
515 /* Test handle_response_fetch_hsdesc_v3() */
516 {
517 args = tor_malloc_zero(sizeof(response_handler_args_t));
518 args->status_code = 200;
519 args->reason = NULL;
520 args->body = published_desc_str;
521 args->body_len = strlen(published_desc_str);
522
523 conn = tor_malloc_zero(sizeof(dir_connection_t));
524 conn->hs_ident = tor_malloc_zero(sizeof(hs_ident_dir_conn_t));
525 ed25519_pubkey_copy(&conn->hs_ident->identity_pk, &signing_kp.pubkey);
526 }
527
528 /* store the descriptor! */
529 retval = handle_response_fetch_hsdesc_v3(conn, args);
530 tt_int_op(retval, == , 0);
531
532 /* Progress time a bit and attempt to clean cache: our desc should not be
533 * cleaned since we still in the same TP. */
534 {
535 parse_rfc1123_time("Sat, 27 Oct 1985 02:00:00 UTC",
536 &mock_ns.valid_after);
537 parse_rfc1123_time("Sat, 27 Oct 1985 03:00:00 UTC",
538 &mock_ns.fresh_until);
539 parse_rfc1123_time("Sat, 27 Oct 1985 05:00:00 UTC",
540 &mock_ns.valid_until);
541
542 /* fetch the descriptor and make sure it's there */
543 const hs_descriptor_t *cached_desc = NULL;
544 cached_desc = hs_cache_lookup_as_client(&signing_kp.pubkey);
545 tt_assert(cached_desc);
546 tt_mem_op(cached_desc->subcredential.subcred,
547 OP_EQ, wanted_subcredential.subcred,
548 SUBCRED_LEN);
549 }
550
551 /* Progress time to next TP and check that desc was cleaned */
552 {
553 parse_rfc1123_time("Sat, 27 Oct 1985 12:00:00 UTC",
554 &mock_ns.valid_after);
555 parse_rfc1123_time("Sat, 27 Oct 1985 13:00:00 UTC",
556 &mock_ns.fresh_until);
557 parse_rfc1123_time("Sat, 27 Oct 1985 15:00:00 UTC",
558 &mock_ns.valid_until);
559
560 const hs_descriptor_t *cached_desc = NULL;
561 cached_desc = hs_cache_lookup_as_client(&signing_kp.pubkey);
562 tt_assert(!cached_desc);
563 }
564
565 done:
566 tor_free(args);
567 hs_descriptor_free(published_desc);
568 tor_free(published_desc_str);
569 if (conn) {
570 tor_free(conn->hs_ident);
571 tor_free(conn);
572 }
573 }
574
575 /** Test that we can store HS descriptors in the client HS cache. */
576 static void
577 test_client_cache_decrypt(void *arg)
578 {
579 int ret;
580 char *desc_encoded = NULL;
581 uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN];
582 curve25519_keypair_t client_kp;
583 ed25519_keypair_t service_kp;
584 hs_descriptor_t *desc = NULL;
585 const hs_descriptor_t *search_desc;
586 const char *search_desc_encoded;
587
588 (void) arg;
589
590 /* Initialize HSDir cache subsystem */
591 hs_init();
592
593 MOCK(networkstatus_get_reasonably_live_consensus,
594 mock_networkstatus_get_reasonably_live_consensus);
595
596 /* Set consensus time */
597 parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC",
598 &mock_ns.valid_after);
599 parse_rfc1123_time("Sat, 26 Oct 1985 14:00:00 UTC",
600 &mock_ns.fresh_until);
601 parse_rfc1123_time("Sat, 26 Oct 1985 16:00:00 UTC",
602 &mock_ns.valid_until);
603
604 /* Generate a valid descriptor with normal values. */
605 {
606 ret = ed25519_keypair_generate(&service_kp, 0);
607 tt_int_op(ret, OP_EQ, 0);
608 ret = curve25519_keypair_generate(&client_kp, 0);
609 tt_int_op(ret, OP_EQ, 0);
610 crypto_rand((char *) descriptor_cookie, sizeof(descriptor_cookie));
611
612 desc = hs_helper_build_hs_desc_with_client_auth(descriptor_cookie,
613 &client_kp.pubkey,
614 &service_kp);
615 tt_assert(desc);
616 ret = hs_desc_encode_descriptor(desc, &service_kp, descriptor_cookie,
617 &desc_encoded);
618 tt_int_op(ret, OP_EQ, 0);
619 }
620
621 /* Put it in the cache. Should not be decrypted since the client
622 * authorization creds were not added to the global map. */
623 ret = hs_cache_store_as_client(desc_encoded, &service_kp.pubkey);
624 tt_int_op(ret, OP_EQ, HS_DESC_DECODE_NEED_CLIENT_AUTH);
625
626 /* We should not be able to decrypt anything. */
627 ret = hs_cache_client_new_auth_parse(&service_kp.pubkey);
628 tt_int_op(ret, OP_EQ, false);
629
630 /* Add client auth to global map. */
631 hs_helper_add_client_auth(&service_kp.pubkey, &client_kp.seckey);
632
633 /* We should not be able to decrypt anything. */
634 ret = hs_cache_client_new_auth_parse(&service_kp.pubkey);
635 tt_int_op(ret, OP_EQ, true);
636
637 /* Lookup the cache to make sure it is usable and there. */
638 search_desc = hs_cache_lookup_as_client(&service_kp.pubkey);
639 tt_assert(search_desc);
640 search_desc_encoded = hs_cache_lookup_encoded_as_client(&service_kp.pubkey);
641 tt_mem_op(search_desc_encoded, OP_EQ, desc_encoded, strlen(desc_encoded));
642
643 done:
644 hs_descriptor_free(desc);
645 tor_free(desc_encoded);
646
647 hs_free_all();
648
649 UNMOCK(networkstatus_get_reasonably_live_consensus);
650 }
651
652 static void
653 test_client_cache_remove(void *arg)
654 {
655 int ret;
656 ed25519_keypair_t service_kp;
657 hs_descriptor_t *desc1 = NULL;
658
659 (void) arg;
660
661 hs_init();
662
663 MOCK(networkstatus_get_reasonably_live_consensus,
664 mock_networkstatus_get_reasonably_live_consensus);
665
666 /* Set consensus time. Lookup will not return the entry if it has expired
667 * and it is checked against the consensus valid_after time. */
668 parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC",
669 &mock_ns.valid_after);
670 parse_rfc1123_time("Sat, 26 Oct 1985 14:00:00 UTC",
671 &mock_ns.fresh_until);
672 parse_rfc1123_time("Sat, 26 Oct 1985 16:00:00 UTC",
673 &mock_ns.valid_until);
674
675 /* Generate service keypair */
676 tt_int_op(0, OP_EQ, ed25519_keypair_generate(&service_kp, 0));
677
678 /* Build a descriptor and cache it. */
679 {
680 char *encoded;
681 desc1 = hs_helper_build_hs_desc_with_ip(&service_kp);
682 tt_assert(desc1);
683 ret = hs_desc_encode_descriptor(desc1, &service_kp, NULL, &encoded);
684 tt_int_op(ret, OP_EQ, 0);
685 tt_assert(encoded);
686
687 /* Store it */
688 ret = hs_cache_store_as_client(encoded, &service_kp.pubkey);
689 tt_int_op(ret, OP_EQ, HS_DESC_DECODE_OK);
690 tor_free(encoded);
691 tt_assert(hs_cache_lookup_as_client(&service_kp.pubkey));
692 }
693
694 /* Remove the cached entry. */
695 hs_cache_remove_as_client(&service_kp.pubkey);
696 tt_assert(!hs_cache_lookup_as_client(&service_kp.pubkey));
697
698 done:
699 hs_descriptor_free(desc1);
700 hs_free_all();
701
702 UNMOCK(networkstatus_get_reasonably_live_consensus);
703 }
704
705 struct testcase_t hs_cache[] = {
706 /* Encoding tests. */
707 { "directory", test_directory, TT_FORK,
708 NULL, NULL },
709 { "clean_as_dir", test_clean_as_dir, TT_FORK,
710 NULL, NULL },
711 { "hsdir_revision_counter_check", test_hsdir_revision_counter_check, TT_FORK,
712 NULL, NULL },
713 { "upload_and_download_hs_desc", test_upload_and_download_hs_desc, TT_FORK,
714 NULL, NULL },
715 { "client_cache", test_client_cache, TT_FORK,
716 NULL, NULL },
717 { "client_cache_decrypt", test_client_cache_decrypt, TT_FORK,
718 NULL, NULL },
719 { "client_cache_remove", test_client_cache_remove, TT_FORK,
720 NULL, NULL },
721
722 END_OF_TESTCASES
723 };
The Onion Router