search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update copyrights to 2021, using "make update-copyright"
[tor.git] / src / test / test_hs_cache.c
blob25d98fa81927fa247037ef54d41740b558a740ea
1 /* Copyright (c) 2016-2021, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3
4 /**
5 * \file test_hs_cache.c
6 * \brief Test hidden service caches.
7 */
8
9 #define CONNECTION_PRIVATE
10 #define DIRCACHE_PRIVATE
11 #define DIRCLIENT_PRIVATE
12 #define HS_CACHE_PRIVATE
13 #define CHANNEL_OBJECT_PRIVATE
14
15 #include "trunnel/ed25519_cert.h"
16 #include "feature/hs/hs_cache.h"
17 #include "feature/dircache/dircache.h"
18 #include "feature/dirclient/dirclient.h"
19 #include "feature/nodelist/networkstatus.h"
20 #include "core/mainloop/connection.h"
21 #include "core/proto/proto_http.h"
22 #include "core/or/circuitlist.h"
23 #include "core/or/channel.h"
24 #include "lib/crypt_ops/crypto_format.h"
25 #include "lib/crypt_ops/crypto_rand.h"
26
27 #include "core/or/edge_connection_st.h"
28 #include "core/or/or_circuit_st.h"
29 #include "core/or/or_connection_st.h"
30 #include "feature/dircommon/dir_connection_st.h"
31 #include "feature/nodelist/networkstatus_st.h"
32
33 #include "test/hs_test_helpers.h"
34 #include "test/test_helpers.h"
35 #include "test/test.h"
36
37 /* Static variable used to encoded the HSDir query. */
38 static char query_b64[256];
39
40 /* Build an HSDir query using a ed25519 public key. */
41 static const char *
42 helper_get_hsdir_query(const hs_descriptor_t *desc)
43 {
44 ed25519_public_to_base64(query_b64, &desc->plaintext_data.blinded_pubkey);
45 return query_b64;
46 }
47
48 static void
49 init_test(void)
50 {
51 /* Always needed. Initialize the subsystem. */
52 hs_cache_init();
53 }
54
55 static void
56 test_directory(void *arg)
57 {
58 int ret;
59 size_t oom_size;
60 char *desc1_str = NULL;
61 const char *desc_out;
62 ed25519_keypair_t signing_kp1;
63 hs_descriptor_t *desc1 = NULL;
64
65 (void) arg;
66
67 init_test();
68 /* Generate a valid descriptor with normal values. */
69 ret = ed25519_keypair_generate(&signing_kp1, 0);
70 tt_int_op(ret, OP_EQ, 0);
71 desc1 = hs_helper_build_hs_desc_with_ip(&signing_kp1);
72 tt_assert(desc1);
73 ret = hs_desc_encode_descriptor(desc1, &signing_kp1, NULL, &desc1_str);
74 tt_int_op(ret, OP_EQ, 0);
75
76 /* Very first basic test, should be able to be stored, survive a
77 * clean, found with a lookup and then cleaned by our OOM. */
78 {
79 ret = hs_cache_store_as_dir(desc1_str);
80 tt_int_op(ret, OP_EQ, 0);
81 /* Re-add, it should fail since we already have it. */
82 ret = hs_cache_store_as_dir(desc1_str);
83 tt_int_op(ret, OP_EQ, -1);
84 /* Try to clean now which should be fine, there is at worst few seconds
85 * between the store and this call. */
86 hs_cache_clean_as_dir(time(NULL));
87 /* We should find it in our cache. */
88 ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), &desc_out);
89 tt_int_op(ret, OP_EQ, 1);
90 tt_str_op(desc_out, OP_EQ, desc1_str);
91 /* Tell our OOM to run and to at least remove a byte which will result in
92 * removing the descriptor from our cache. */
93 oom_size = hs_cache_handle_oom(time(NULL), 1);
94 tt_int_op(oom_size, OP_GE, 1);
95 ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), NULL);
96 tt_int_op(ret, OP_EQ, 0);
97 }
98
99 /* Store two descriptors and remove the expiring one only. */
100 {
101 ed25519_keypair_t signing_kp_zero;
102 ret = ed25519_keypair_generate(&signing_kp_zero, 0);
103 tt_int_op(ret, OP_EQ, 0);
104 hs_descriptor_t *desc_zero_lifetime;
105 desc_zero_lifetime = hs_helper_build_hs_desc_with_ip(&signing_kp_zero);
106 tt_assert(desc_zero_lifetime);
107 desc_zero_lifetime->plaintext_data.revision_counter = 1;
108 desc_zero_lifetime->plaintext_data.lifetime_sec = 0;
109 char *desc_zero_lifetime_str;
110 ret = hs_desc_encode_descriptor(desc_zero_lifetime, &signing_kp_zero,
111 NULL, &desc_zero_lifetime_str);
112 tt_int_op(ret, OP_EQ, 0);
113
114 ret = hs_cache_store_as_dir(desc1_str);
115 tt_int_op(ret, OP_EQ, 0);
116 ret = hs_cache_store_as_dir(desc_zero_lifetime_str);
117 tt_int_op(ret, OP_EQ, 0);
118 /* This one should clear out our zero lifetime desc. */
119 hs_cache_clean_as_dir(time(NULL));
120 /* We should find desc1 in our cache. */
121 ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), &desc_out);
122 tt_int_op(ret, OP_EQ, 1);
123 tt_str_op(desc_out, OP_EQ, desc1_str);
124 /* We should NOT find our zero lifetime desc in our cache. */
125 ret = hs_cache_lookup_as_dir(3,
126 helper_get_hsdir_query(desc_zero_lifetime),
127 NULL);
128 tt_int_op(ret, OP_EQ, 0);
129 /* Cleanup our entire cache. */
130 oom_size = hs_cache_handle_oom(time(NULL), 1);
131 tt_int_op(oom_size, OP_GE, 1);
132 hs_descriptor_free(desc_zero_lifetime);
133 tor_free(desc_zero_lifetime_str);
134 }
135
136 /* Throw junk at it. */
137 {
138 ret = hs_cache_store_as_dir("blah");
139 tt_int_op(ret, OP_EQ, -1);
140 /* Poor attempt at tricking the decoding. */
141 ret = hs_cache_store_as_dir("hs-descriptor 3\nJUNK");
142 tt_int_op(ret, OP_EQ, -1);
143 /* Undecodable base64 query. */
144 ret = hs_cache_lookup_as_dir(3, "blah", NULL);
145 tt_int_op(ret, OP_EQ, -1);
146 /* Decodable base64 query but wrong ed25519 size. */
147 ret = hs_cache_lookup_as_dir(3, "dW5pY29ybg==", NULL);
148 tt_int_op(ret, OP_EQ, -1);
149 }
150
151 /* Test descriptor replacement with revision counter. */
152 {
153 char *new_desc_str;
154
155 /* Add a descriptor. */
156 ret = hs_cache_store_as_dir(desc1_str);
157 tt_int_op(ret, OP_EQ, 0);
158 ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), &desc_out);
159 tt_int_op(ret, OP_EQ, 1);
160 /* Bump revision counter. */
161 desc1->plaintext_data.revision_counter++;
162 ret = hs_desc_encode_descriptor(desc1, &signing_kp1, NULL, &new_desc_str);
163 tt_int_op(ret, OP_EQ, 0);
164 ret = hs_cache_store_as_dir(new_desc_str);
165 tt_int_op(ret, OP_EQ, 0);
166 /* Look it up, it should have been replaced. */
167 ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), &desc_out);
168 tt_int_op(ret, OP_EQ, 1);
169 tt_str_op(desc_out, OP_EQ, new_desc_str);
170 tor_free(new_desc_str);
171 }
172
173 done:
174 hs_descriptor_free(desc1);
175 tor_free(desc1_str);
176 }
177
178 static void
179 test_clean_as_dir(void *arg)
180 {
181 size_t ret;
182 char *desc1_str = NULL;
183 time_t now = time(NULL);
184 hs_descriptor_t *desc1 = NULL;
185 ed25519_keypair_t signing_kp1;
186
187 (void) arg;
188
189 init_test();
190
191 /* Generate a valid descriptor with values. */
192 ret = ed25519_keypair_generate(&signing_kp1, 0);
193 tt_int_op(ret, OP_EQ, 0);
194 desc1 = hs_helper_build_hs_desc_with_ip(&signing_kp1);
195 tt_assert(desc1);
196 ret = hs_desc_encode_descriptor(desc1, &signing_kp1, NULL, &desc1_str);
197 tt_int_op(ret, OP_EQ, 0);
198 ret = hs_cache_store_as_dir(desc1_str);
199 tt_int_op(ret, OP_EQ, 0);
200
201 /* With the lifetime being 3 hours, a cleanup shouldn't remove it. */
202 ret = cache_clean_v3_as_dir(now, 0);
203 tt_int_op(ret, OP_EQ, 0);
204 /* Should be present after clean up. */
205 ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), NULL);
206 tt_int_op(ret, OP_EQ, 1);
207 /* Set a cutoff 100 seconds in the past. It should not remove the entry
208 * since the entry is still recent enough. */
209 ret = cache_clean_v3_as_dir(now, now - 100);
210 tt_int_op(ret, OP_EQ, 0);
211 /* Should be present after clean up. */
212 ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), NULL);
213 tt_int_op(ret, OP_EQ, 1);
214 /* Set a cutoff of 100 seconds in the future. It should remove the entry
215 * that we've just added since it's not too old for the cutoff. */
216 ret = cache_clean_v3_as_dir(now, now + 100);
217 tt_int_op(ret, OP_GT, 0);
218 /* Shouldn't be present after clean up. */
219 ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), NULL);
220 tt_int_op(ret, OP_EQ, 0);
221
222 done:
223 hs_descriptor_free(desc1);
224 tor_free(desc1_str);
225 }
226
227 /* Test helper: Fetch an HS descriptor from an HSDir (for the hidden service
228 with <b>blinded_key</b>. Return the received descriptor string. */
229 static char *
230 helper_fetch_desc_from_hsdir(const ed25519_public_key_t *blinded_key)
231 {
232 int retval;
233
234 char *received_desc = NULL;
235 char *hsdir_query_str = NULL;
236
237 /* The dir conn we are going to simulate */
238 dir_connection_t *conn = NULL;
239 edge_connection_t *edge_conn = NULL;
240 or_circuit_t *or_circ = NULL;
241
242 /* First extract the blinded public key that we are going to use in our
243 query, and then build the actual query string. */
244 {
245 char hsdir_cache_key[ED25519_BASE64_LEN+1];
246
247 ed25519_public_to_base64(hsdir_cache_key, blinded_key);
248 tor_asprintf(&hsdir_query_str, GET("/tor/hs/3/%s"), hsdir_cache_key);
249 }
250
251 /* Simulate an HTTP GET request to the HSDir */
252 conn = dir_connection_new(AF_INET);
253 tt_assert(conn);
254 TO_CONN(conn)->linked = 1; /* Signal that it is encrypted. */
255 tor_addr_from_ipv4h(&conn->base_.addr, 0x7f000001);
256
257 /* Pretend this conn is anonymous. */
258 edge_conn = edge_connection_new(CONN_TYPE_EXIT, AF_INET);
259 TO_CONN(conn)->linked_conn = TO_CONN(edge_conn);
260 or_circ = or_circuit_new(0, NULL);
261 or_circ->p_chan = tor_malloc_zero(sizeof(channel_t));
262 edge_conn->on_circuit = TO_CIRCUIT(or_circ);
263
264 retval = directory_handle_command_get(conn, hsdir_query_str,
265 NULL, 0);
266 tt_int_op(retval, OP_EQ, 0);
267
268 /* Read the descriptor that the HSDir just served us */
269 {
270 char *headers = NULL;
271 size_t body_used = 0;
272
273 fetch_from_buf_http(TO_CONN(conn)->outbuf, &headers, MAX_HEADERS_SIZE,
274 &received_desc, &body_used, HS_DESC_MAX_LEN, 0);
275 tor_free(headers);
276 }
277
278 done:
279 tor_free(hsdir_query_str);
280 if (conn) {
281 tor_free(or_circ->p_chan);
282 connection_free_minimal(TO_CONN(conn)->linked_conn);
283 connection_free_minimal(TO_CONN(conn));
284 }
285
286 return received_desc;
287 }
288
289 /* Publish a descriptor to the HSDir, then fetch it. Check that the received
290 descriptor matches the published one. */
291 static void
292 test_upload_and_download_hs_desc(void *arg)
293 {
294 int retval;
295 hs_descriptor_t *published_desc = NULL;
296
297 char *published_desc_str = NULL;
298 char *received_desc_str = NULL;
299
300 (void) arg;
301
302 /* Initialize HSDir cache subsystem */
303 init_test();
304
305 /* Test a descriptor not found in the directory cache. */
306 {
307 ed25519_public_key_t blinded_key;
308 memset(&blinded_key.pubkey, 'A', sizeof(blinded_key.pubkey));
309 received_desc_str = helper_fetch_desc_from_hsdir(&blinded_key);
310 tt_int_op(strlen(received_desc_str), OP_EQ, 0);
311 tor_free(received_desc_str);
312 }
313
314 /* Generate a valid descriptor with normal values. */
315 {
316 ed25519_keypair_t signing_kp;
317 retval = ed25519_keypair_generate(&signing_kp, 0);
318 tt_int_op(retval, OP_EQ, 0);
319 published_desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
320 tt_assert(published_desc);
321 retval = hs_desc_encode_descriptor(published_desc, &signing_kp,
322 NULL, &published_desc_str);
323 tt_int_op(retval, OP_EQ, 0);
324 }
325
326 /* Publish descriptor to the HSDir */
327 {
328 retval = handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str);
329 tt_int_op(retval, OP_EQ, 200);
330 }
331
332 /* Simulate a fetch of the previously published descriptor */
333 {
334 const ed25519_public_key_t *blinded_key;
335 blinded_key = &published_desc->plaintext_data.blinded_pubkey;
336 received_desc_str = helper_fetch_desc_from_hsdir(blinded_key);
337 }
338
339 /* Verify we received the exact same descriptor we published earlier */
340 tt_str_op(received_desc_str, OP_EQ, published_desc_str);
341 tor_free(received_desc_str);
342
343 /* With a valid descriptor in the directory cache, try again an invalid. */
344 {
345 ed25519_public_key_t blinded_key;
346 memset(&blinded_key.pubkey, 'A', sizeof(blinded_key.pubkey));
347 received_desc_str = helper_fetch_desc_from_hsdir(&blinded_key);
348 tt_int_op(strlen(received_desc_str), OP_EQ, 0);
349 }
350
351 done:
352 tor_free(received_desc_str);
353 tor_free(published_desc_str);
354 hs_descriptor_free(published_desc);
355 }
356
357 /* Test that HSDirs reject outdated descriptors based on their revision
358 * counter. Also test that HSDirs correctly replace old descriptors with newer
359 * descriptors. */
360 static void
361 test_hsdir_revision_counter_check(void *arg)
362 {
363 int retval;
364
365 ed25519_keypair_t signing_kp;
366
367 hs_descriptor_t *published_desc = NULL;
368 char *published_desc_str = NULL;
369
370 hs_subcredential_t subcredential;
371 char *received_desc_str = NULL;
372 hs_descriptor_t *received_desc = NULL;
373
374 (void) arg;
375
376 /* Initialize HSDir cache subsystem */
377 init_test();
378
379 /* Generate a valid descriptor with normal values. */
380 {
381 retval = ed25519_keypair_generate(&signing_kp, 0);
382 tt_int_op(retval, OP_EQ, 0);
383 published_desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
384 tt_assert(published_desc);
385 retval = hs_desc_encode_descriptor(published_desc, &signing_kp,
386 NULL, &published_desc_str);
387 tt_int_op(retval, OP_EQ, 0);
388 }
389
390 /* Publish descriptor to the HSDir */
391 {
392 retval = handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str);
393 tt_int_op(retval, OP_EQ, 200);
394 }
395
396 /* Try publishing again with the same revision counter: Should fail. */
397 {
398 retval = handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str);
399 tt_int_op(retval, OP_EQ, 400);
400 }
401
402 /* Fetch the published descriptor and validate the revision counter. */
403 {
404 const ed25519_public_key_t *blinded_key;
405
406 blinded_key = &published_desc->plaintext_data.blinded_pubkey;
407 hs_get_subcredential(&signing_kp.pubkey, blinded_key, &subcredential);
408 received_desc_str = helper_fetch_desc_from_hsdir(blinded_key);
409
410 retval = hs_desc_decode_descriptor(received_desc_str,
411 &subcredential, NULL, &received_desc);
412 tt_int_op(retval, OP_EQ, HS_DESC_DECODE_OK);
413 tt_assert(received_desc);
414
415 /* Check that the revision counter is correct */
416 tt_u64_op(received_desc->plaintext_data.revision_counter, OP_EQ, 42);
417
418 hs_descriptor_free(received_desc);
419 received_desc = NULL;
420 tor_free(received_desc_str);
421 }
422
423 /* Increment the revision counter and try again. Should work. */
424 {
425 published_desc->plaintext_data.revision_counter = 1313;
426 tor_free(published_desc_str);
427 retval = hs_desc_encode_descriptor(published_desc, &signing_kp,
428 NULL, &published_desc_str);
429 tt_int_op(retval, OP_EQ, 0);
430
431 retval = handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str);
432 tt_int_op(retval, OP_EQ, 200);
433 }
434
435 /* Again, fetch the published descriptor and perform the revision counter
436 validation. The revision counter must have changed. */
437 {
438 const ed25519_public_key_t *blinded_key;
439
440 blinded_key = &published_desc->plaintext_data.blinded_pubkey;
441 received_desc_str = helper_fetch_desc_from_hsdir(blinded_key);
442
443 retval = hs_desc_decode_descriptor(received_desc_str,
444 &subcredential, NULL, &received_desc);
445 tt_int_op(retval, OP_EQ, HS_DESC_DECODE_OK);
446 tt_assert(received_desc);
447
448 /* Check that the revision counter is the latest */
449 tt_u64_op(received_desc->plaintext_data.revision_counter, OP_EQ, 1313);
450 }
451
452 done:
453 hs_descriptor_free(published_desc);
454 hs_descriptor_free(received_desc);
455 tor_free(received_desc_str);
456 tor_free(published_desc_str);
457 }
458
459 static networkstatus_t mock_ns;
460
461 static networkstatus_t *
462 mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor)
463 {
464 (void) now;
465 (void) flavor;
466 return &mock_ns;
467 }
468
469 /** Test that we can store HS descriptors in the client HS cache. */
470 static void
471 test_client_cache(void *arg)
472 {
473 int retval;
474 ed25519_keypair_t signing_kp;
475 hs_descriptor_t *published_desc = NULL;
476 char *published_desc_str = NULL;
477 hs_subcredential_t wanted_subcredential;
478 response_handler_args_t *args = NULL;
479 dir_connection_t *conn = NULL;
480
481 (void) arg;
482
483 /* Initialize HSDir cache subsystem */
484 init_test();
485
486 MOCK(networkstatus_get_reasonably_live_consensus,
487 mock_networkstatus_get_reasonably_live_consensus);
488
489 /* Set consensus time */
490 parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC",
491 &mock_ns.valid_after);
492 parse_rfc1123_time("Sat, 26 Oct 1985 14:00:00 UTC",
493 &mock_ns.fresh_until);
494 parse_rfc1123_time("Sat, 26 Oct 1985 16:00:00 UTC",
495 &mock_ns.valid_until);
496
497 /* Generate a valid descriptor with normal values. */
498 {
499 retval = ed25519_keypair_generate(&signing_kp, 0);
500 tt_int_op(retval, OP_EQ, 0);
501 published_desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
502 tt_assert(published_desc);
503 retval = hs_desc_encode_descriptor(published_desc, &signing_kp,
504 NULL, &published_desc_str);
505 tt_int_op(retval, OP_EQ, 0);
506 memcpy(&wanted_subcredential, &published_desc->subcredential,
507 sizeof(hs_subcredential_t));
508 tt_assert(!fast_mem_is_zero((char*)wanted_subcredential.subcred,
509 DIGEST256_LEN));
510 }
511
512 /* Test handle_response_fetch_hsdesc_v3() */
513 {
514 args = tor_malloc_zero(sizeof(response_handler_args_t));
515 args->status_code = 200;
516 args->reason = NULL;
517 args->body = published_desc_str;
518 args->body_len = strlen(published_desc_str);
519
520 conn = tor_malloc_zero(sizeof(dir_connection_t));
521 conn->hs_ident = tor_malloc_zero(sizeof(hs_ident_dir_conn_t));
522 ed25519_pubkey_copy(&conn->hs_ident->identity_pk, &signing_kp.pubkey);
523 }
524
525 /* store the descriptor! */
526 retval = handle_response_fetch_hsdesc_v3(conn, args);
527 tt_int_op(retval, == , 0);
528
529 /* Progress time a bit and attempt to clean cache: our desc should not be
530 * cleaned since we still in the same TP. */
531 {
532 parse_rfc1123_time("Sat, 27 Oct 1985 02:00:00 UTC",
533 &mock_ns.valid_after);
534 parse_rfc1123_time("Sat, 27 Oct 1985 03:00:00 UTC",
535 &mock_ns.fresh_until);
536 parse_rfc1123_time("Sat, 27 Oct 1985 05:00:00 UTC",
537 &mock_ns.valid_until);
538
539 /* fetch the descriptor and make sure it's there */
540 const hs_descriptor_t *cached_desc = NULL;
541 cached_desc = hs_cache_lookup_as_client(&signing_kp.pubkey);
542 tt_assert(cached_desc);
543 tt_mem_op(cached_desc->subcredential.subcred,
544 OP_EQ, wanted_subcredential.subcred,
545 SUBCRED_LEN);
546 }
547
548 /* Progress time to next TP and check that desc was cleaned */
549 {
550 parse_rfc1123_time("Sat, 27 Oct 1985 12:00:00 UTC",
551 &mock_ns.valid_after);
552 parse_rfc1123_time("Sat, 27 Oct 1985 13:00:00 UTC",
553 &mock_ns.fresh_until);
554 parse_rfc1123_time("Sat, 27 Oct 1985 15:00:00 UTC",
555 &mock_ns.valid_until);
556
557 const hs_descriptor_t *cached_desc = NULL;
558 cached_desc = hs_cache_lookup_as_client(&signing_kp.pubkey);
559 tt_assert(!cached_desc);
560 }
561
562 done:
563 tor_free(args);
564 hs_descriptor_free(published_desc);
565 tor_free(published_desc_str);
566 if (conn) {
567 tor_free(conn->hs_ident);
568 tor_free(conn);
569 }
570 }
571
572 /** Test that we can store HS descriptors in the client HS cache. */
573 static void
574 test_client_cache_decrypt(void *arg)
575 {
576 int ret;
577 char *desc_encoded = NULL;
578 uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN];
579 curve25519_keypair_t client_kp;
580 ed25519_keypair_t service_kp;
581 hs_descriptor_t *desc = NULL;
582 const hs_descriptor_t *search_desc;
583 const char *search_desc_encoded;
584
585 (void) arg;
586
587 /* Initialize HSDir cache subsystem */
588 hs_init();
589
590 MOCK(networkstatus_get_reasonably_live_consensus,
591 mock_networkstatus_get_reasonably_live_consensus);
592
593 /* Set consensus time */
594 parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC",
595 &mock_ns.valid_after);
596 parse_rfc1123_time("Sat, 26 Oct 1985 14:00:00 UTC",
597 &mock_ns.fresh_until);
598 parse_rfc1123_time("Sat, 26 Oct 1985 16:00:00 UTC",
599 &mock_ns.valid_until);
600
601 /* Generate a valid descriptor with normal values. */
602 {
603 ret = ed25519_keypair_generate(&service_kp, 0);
604 tt_int_op(ret, OP_EQ, 0);
605 ret = curve25519_keypair_generate(&client_kp, 0);
606 tt_int_op(ret, OP_EQ, 0);
607 crypto_rand((char *) descriptor_cookie, sizeof(descriptor_cookie));
608
609 desc = hs_helper_build_hs_desc_with_client_auth(descriptor_cookie,
610 &client_kp.pubkey,
611 &service_kp);
612 tt_assert(desc);
613 ret = hs_desc_encode_descriptor(desc, &service_kp, descriptor_cookie,
614 &desc_encoded);
615 tt_int_op(ret, OP_EQ, 0);
616 }
617
618 /* Put it in the cache. Should not be decrypted since the client
619 * authorization creds were not added to the global map. */
620 ret = hs_cache_store_as_client(desc_encoded, &service_kp.pubkey);
621 tt_int_op(ret, OP_EQ, HS_DESC_DECODE_NEED_CLIENT_AUTH);
622
623 /* We should not be able to decrypt anything. */
624 ret = hs_cache_client_new_auth_parse(&service_kp.pubkey);
625 tt_int_op(ret, OP_EQ, false);
626
627 /* Add client auth to global map. */
628 hs_helper_add_client_auth(&service_kp.pubkey, &client_kp.seckey);
629
630 /* We should not be able to decrypt anything. */
631 ret = hs_cache_client_new_auth_parse(&service_kp.pubkey);
632 tt_int_op(ret, OP_EQ, true);
633
634 /* Lookup the cache to make sure it is usable and there. */
635 search_desc = hs_cache_lookup_as_client(&service_kp.pubkey);
636 tt_assert(search_desc);
637 search_desc_encoded = hs_cache_lookup_encoded_as_client(&service_kp.pubkey);
638 tt_mem_op(search_desc_encoded, OP_EQ, desc_encoded, strlen(desc_encoded));
639
640 done:
641 hs_descriptor_free(desc);
642 tor_free(desc_encoded);
643
644 hs_free_all();
645
646 UNMOCK(networkstatus_get_reasonably_live_consensus);
647 }
648
649 static void
650 test_client_cache_remove(void *arg)
651 {
652 int ret;
653 ed25519_keypair_t service_kp;
654 hs_descriptor_t *desc1 = NULL;
655
656 (void) arg;
657
658 hs_init();
659
660 MOCK(networkstatus_get_reasonably_live_consensus,
661 mock_networkstatus_get_reasonably_live_consensus);
662
663 /* Set consensus time. Lookup will not return the entry if it has expired
664 * and it is checked against the consensus valid_after time. */
665 parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC",
666 &mock_ns.valid_after);
667 parse_rfc1123_time("Sat, 26 Oct 1985 14:00:00 UTC",
668 &mock_ns.fresh_until);
669 parse_rfc1123_time("Sat, 26 Oct 1985 16:00:00 UTC",
670 &mock_ns.valid_until);
671
672 /* Generate service keypair */
673 tt_int_op(0, OP_EQ, ed25519_keypair_generate(&service_kp, 0));
674
675 /* Build a descriptor and cache it. */
676 {
677 char *encoded;
678 desc1 = hs_helper_build_hs_desc_with_ip(&service_kp);
679 tt_assert(desc1);
680 ret = hs_desc_encode_descriptor(desc1, &service_kp, NULL, &encoded);
681 tt_int_op(ret, OP_EQ, 0);
682 tt_assert(encoded);
683
684 /* Store it */
685 ret = hs_cache_store_as_client(encoded, &service_kp.pubkey);
686 tt_int_op(ret, OP_EQ, HS_DESC_DECODE_OK);
687 tor_free(encoded);
688 tt_assert(hs_cache_lookup_as_client(&service_kp.pubkey));
689 }
690
691 /* Remove the cached entry. */
692 hs_cache_remove_as_client(&service_kp.pubkey);
693 tt_assert(!hs_cache_lookup_as_client(&service_kp.pubkey));
694
695 done:
696 hs_descriptor_free(desc1);
697 hs_free_all();
698
699 UNMOCK(networkstatus_get_reasonably_live_consensus);
700 }
701
702 struct testcase_t hs_cache[] = {
703 /* Encoding tests. */
704 { "directory", test_directory, TT_FORK,
705 NULL, NULL },
706 { "clean_as_dir", test_clean_as_dir, TT_FORK,
707 NULL, NULL },
708 { "hsdir_revision_counter_check", test_hsdir_revision_counter_check, TT_FORK,
709 NULL, NULL },
710 { "upload_and_download_hs_desc", test_upload_and_download_hs_desc, TT_FORK,
711 NULL, NULL },
712 { "client_cache", test_client_cache, TT_FORK,
713 NULL, NULL },
714 { "client_cache_decrypt", test_client_cache_decrypt, TT_FORK,
715 NULL, NULL },
716 { "client_cache_remove", test_client_cache_remove, TT_FORK,
717 NULL, NULL },
718
719 END_OF_TESTCASES
720 };
The Onion Router