test_hs_cache.c 17.8 KB
Newer Older
1
/* Copyright (c) 2016-2017, The Tor Project, Inc. */
2
3
4
5
6
7
8
/* See LICENSE for licensing information */

/**
 * \file test_hs_cache.c
 * \brief Test hidden service caches.
 */

9
#define CONNECTION_PRIVATE
10
#define DIRECTORY_PRIVATE
11
12
13
14
15
#define HS_CACHE_PRIVATE

#include "ed25519_cert.h"
#include "hs_cache.h"
#include "rendcache.h"
16
#include "directory.h"
17
#include "networkstatus.h"
18
#include "connection.h"
19
#include "proto_http.h"
20

21
#include "hs_test_helpers.h"
22
#include "test_helpers.h"
23
24
25
26
27
#include "test.h"

/* Static variable used to encoded the HSDir query. */
static char query_b64[256];

28
/* Build an HSDir query using a ed25519 public key. */
29
30
31
static const char *
helper_get_hsdir_query(const hs_descriptor_t *desc)
{
32
  ed25519_public_to_base64(query_b64, &desc->plaintext_data.blinded_pubkey);
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
  return query_b64;
}

static void
init_test(void)
{
  /* Always needed. Initialize the subsystem. */
  hs_cache_init();
  /* We need the v2 cache since our OOM and cache cleanup does poke at it. */
  rend_cache_init();
}

static void
test_directory(void *arg)
{
  int ret;
  size_t oom_size;
50
  char *desc1_str = NULL;
51
  const char *desc_out;
52
53
  ed25519_keypair_t signing_kp1;
  hs_descriptor_t *desc1 = NULL;
54
55
56
57
58

  (void) arg;

  init_test();
  /* Generate a valid descriptor with normal values. */
59
  ret = ed25519_keypair_generate(&signing_kp1, 0);
60
  tt_int_op(ret, OP_EQ, 0);
61
  desc1 = hs_helper_build_hs_desc_with_ip(&signing_kp1);
62
  tt_assert(desc1);
63
  ret = hs_desc_encode_descriptor(desc1, &signing_kp1, &desc1_str);
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
  tt_int_op(ret, OP_EQ, 0);

  /* Very first basic test, should be able to be stored, survive a
   * clean, found with a lookup and then cleaned by our OOM. */
  {
    ret = hs_cache_store_as_dir(desc1_str);
    tt_int_op(ret, OP_EQ, 0);
    /* Re-add, it should fail since we already have it. */
    ret = hs_cache_store_as_dir(desc1_str);
    tt_int_op(ret, OP_EQ, -1);
    /* Try to clean now which should be fine, there is at worst few seconds
     * between the store and this call. */
    hs_cache_clean_as_dir(time(NULL));
    /* We should find it in our cache. */
    ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), &desc_out);
    tt_int_op(ret, OP_EQ, 1);
    tt_str_op(desc_out, OP_EQ, desc1_str);
    /* Tell our OOM to run and to at least remove a byte which will result in
     * removing the descriptor from our cache. */
    oom_size = hs_cache_handle_oom(time(NULL), 1);
84
    tt_int_op(oom_size, OP_GE, 1);
85
86
87
88
89
90
    ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), NULL);
    tt_int_op(ret, OP_EQ, 0);
  }

  /* Store two descriptors and remove the expiring one only. */
  {
91
92
    ed25519_keypair_t signing_kp_zero;
    ret = ed25519_keypair_generate(&signing_kp_zero, 0);
93
    tt_int_op(ret, OP_EQ, 0);
94
    hs_descriptor_t *desc_zero_lifetime;
95
    desc_zero_lifetime = hs_helper_build_hs_desc_with_ip(&signing_kp_zero);
96
    tt_assert(desc_zero_lifetime);
97
98
    desc_zero_lifetime->plaintext_data.revision_counter = 1;
    desc_zero_lifetime->plaintext_data.lifetime_sec = 0;
99
    char *desc_zero_lifetime_str;
100
    ret = hs_desc_encode_descriptor(desc_zero_lifetime, &signing_kp_zero,
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
                                    &desc_zero_lifetime_str);
    tt_int_op(ret, OP_EQ, 0);

    ret = hs_cache_store_as_dir(desc1_str);
    tt_int_op(ret, OP_EQ, 0);
    ret = hs_cache_store_as_dir(desc_zero_lifetime_str);
    tt_int_op(ret, OP_EQ, 0);
    /* This one should clear out our zero lifetime desc. */
    hs_cache_clean_as_dir(time(NULL));
    /* We should find desc1 in our cache. */
    ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), &desc_out);
    tt_int_op(ret, OP_EQ, 1);
    tt_str_op(desc_out, OP_EQ, desc1_str);
    /* We should NOT find our zero lifetime desc in our cache. */
    ret = hs_cache_lookup_as_dir(3,
                                 helper_get_hsdir_query(desc_zero_lifetime),
                                 NULL);
    tt_int_op(ret, OP_EQ, 0);
    /* Cleanup our entire cache. */
    oom_size = hs_cache_handle_oom(time(NULL), 1);
121
    tt_int_op(oom_size, OP_GE, 1);
122
123
    hs_descriptor_free(desc_zero_lifetime);
    tor_free(desc_zero_lifetime_str);
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
  }

  /* Throw junk at it. */
  {
    ret = hs_cache_store_as_dir("blah");
    tt_int_op(ret, OP_EQ, -1);
    /* Poor attempt at tricking the decoding. */
    ret = hs_cache_store_as_dir("hs-descriptor 3\nJUNK");
    tt_int_op(ret, OP_EQ, -1);
    /* Undecodable base64 query. */
    ret = hs_cache_lookup_as_dir(3, "blah", NULL);
    tt_int_op(ret, OP_EQ, -1);
    /* Decodable base64 query but wrong ed25519 size. */
    ret = hs_cache_lookup_as_dir(3, "dW5pY29ybg==", NULL);
    tt_int_op(ret, OP_EQ, -1);
  }

  /* Test descriptor replacement with revision counter. */
  {
    char *new_desc_str;

    /* Add a descriptor. */
    ret = hs_cache_store_as_dir(desc1_str);
    tt_int_op(ret, OP_EQ, 0);
    ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), &desc_out);
    tt_int_op(ret, OP_EQ, 1);
    /* Bump revision counter. */
    desc1->plaintext_data.revision_counter++;
152
    ret = hs_desc_encode_descriptor(desc1, &signing_kp1, &new_desc_str);
153
154
155
156
157
158
159
160
161
162
163
    tt_int_op(ret, OP_EQ, 0);
    ret = hs_cache_store_as_dir(new_desc_str);
    tt_int_op(ret, OP_EQ, 0);
    /* Look it up, it should have been replaced. */
    ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), &desc_out);
    tt_int_op(ret, OP_EQ, 1);
    tt_str_op(desc_out, OP_EQ, new_desc_str);
    tor_free(new_desc_str);
  }

 done:
Nick Mathewson's avatar
Nick Mathewson committed
164
  hs_descriptor_free(desc1);
165
  tor_free(desc1_str);
166
167
168
169
170
171
172
173
174
}

static void
test_clean_as_dir(void *arg)
{
  size_t ret;
  char *desc1_str = NULL;
  time_t now = time(NULL);
  hs_descriptor_t *desc1 = NULL;
175
  ed25519_keypair_t signing_kp1;
176
177
178
179
180
181

  (void) arg;

  init_test();

  /* Generate a valid descriptor with values. */
182
  ret = ed25519_keypair_generate(&signing_kp1, 0);
183
  tt_int_op(ret, OP_EQ, 0);
184
  desc1 = hs_helper_build_hs_desc_with_ip(&signing_kp1);
185
  tt_assert(desc1);
186
  ret = hs_desc_encode_descriptor(desc1, &signing_kp1, &desc1_str);
187
  tt_int_op(ret, OP_EQ, 0);
George Kadianakis's avatar
George Kadianakis committed
188
189
  ret = hs_cache_store_as_dir(desc1_str);
  tt_int_op(ret, OP_EQ, 0);
190
191
192

  /* With the lifetime being 3 hours, a cleanup shouldn't remove it. */
  ret = cache_clean_v3_as_dir(now, 0);
193
  tt_int_op(ret, OP_EQ, 0);
194
195
196
197
198
199
  /* Should be present after clean up. */
  ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), NULL);
  tt_int_op(ret, OP_EQ, 1);
  /* Set a cutoff 100 seconds in the past. It should not remove the entry
   * since the entry is still recent enough. */
  ret = cache_clean_v3_as_dir(now, now - 100);
200
  tt_int_op(ret, OP_EQ, 0);
201
202
203
204
205
206
  /* Should be present after clean up. */
  ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), NULL);
  tt_int_op(ret, OP_EQ, 1);
  /* Set a cutoff of 100 seconds in the future. It should remove the entry
   * that we've just added since it's not too old for the cutoff. */
  ret = cache_clean_v3_as_dir(now, now + 100);
207
  tt_int_op(ret, OP_GT, 0);
208
209
210
211
212
213
214
215
216
  /* Shouldn't be present after clean up. */
  ret = hs_cache_lookup_as_dir(3, helper_get_hsdir_query(desc1), NULL);
  tt_int_op(ret, OP_EQ, 0);

 done:
  hs_descriptor_free(desc1);
  tor_free(desc1_str);
}

217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
/* Test helper: Fetch an HS descriptor from an HSDir (for the hidden service
   with <b>blinded_key</b>. Return the received descriptor string. */
static char *
helper_fetch_desc_from_hsdir(const ed25519_public_key_t *blinded_key)
{
  int retval;

  char *received_desc = NULL;
  char *hsdir_query_str = NULL;

  /* The dir conn we are going to simulate */
  dir_connection_t *conn = NULL;

  /* First extract the blinded public key that we are going to use in our
     query, and then build the actual query string. */
  {
    char hsdir_cache_key[ED25519_BASE64_LEN+1];

    retval = ed25519_public_to_base64(hsdir_cache_key,
                                      blinded_key);
237
    tt_int_op(retval, OP_EQ, 0);
238
239
240
241
    tor_asprintf(&hsdir_query_str, GET("/tor/hs/3/%s"), hsdir_cache_key);
  }

  /* Simulate an HTTP GET request to the HSDir */
242
243
  conn = dir_connection_new(AF_INET);
  tor_addr_from_ipv4h(&conn->base_.addr, 0x7f000001);
244
245
246
247
248
249
250
251
252
253
254
  TO_CONN(conn)->linked = 1;/* Pretend the conn is encrypted :) */
  retval = directory_handle_command_get(conn, hsdir_query_str,
                                        NULL, 0);
  tt_int_op(retval, OP_EQ, 0);

  /* Read the descriptor that the HSDir just served us */
  {
    char *headers = NULL;
    size_t body_used = 0;

    fetch_from_buf_http(TO_CONN(conn)->outbuf, &headers, MAX_HEADERS_SIZE,
255
                        &received_desc, &body_used, HS_DESC_MAX_LEN, 0);
256
    tor_free(headers);
257
258
259
260
  }

 done:
  tor_free(hsdir_query_str);
261
  if (conn)
262
    connection_free_minimal(TO_CONN(conn));
263
264
265
266
267
268
269
270
271
272

  return received_desc;
}

/* Publish a descriptor to the HSDir, then fetch it. Check that the received
   descriptor matches the published one. */
static void
test_upload_and_download_hs_desc(void *arg)
{
  int retval;
273
  hs_descriptor_t *published_desc = NULL;
274
275
276
277
278
279
280
281
282

  char *published_desc_str = NULL;
  char *received_desc_str = NULL;

  (void) arg;

  /* Initialize HSDir cache subsystem */
  init_test();

283
284
285
286
287
288
289
290
291
  /* Test a descriptor not found in the directory cache. */
  {
    ed25519_public_key_t blinded_key;
    memset(&blinded_key.pubkey, 'A', sizeof(blinded_key.pubkey));
    received_desc_str = helper_fetch_desc_from_hsdir(&blinded_key);
    tt_int_op(strlen(received_desc_str), OP_EQ, 0);
    tor_free(received_desc_str);
  }

292
293
  /* Generate a valid descriptor with normal values. */
  {
294
295
    ed25519_keypair_t signing_kp;
    retval = ed25519_keypair_generate(&signing_kp, 0);
296
    tt_int_op(retval, OP_EQ, 0);
297
    published_desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
298
    tt_assert(published_desc);
299
300
    retval = hs_desc_encode_descriptor(published_desc, &signing_kp,
                                       &published_desc_str);
301
302
303
304
305
306
    tt_int_op(retval, OP_EQ, 0);
  }

  /* Publish descriptor to the HSDir */
  {
    retval = handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str);
307
    tt_int_op(retval, OP_EQ, 200);
308
309
310
311
312
  }

  /* Simulate a fetch of the previously published descriptor */
  {
    const ed25519_public_key_t *blinded_key;
313
    blinded_key = &published_desc->plaintext_data.blinded_pubkey;
314
315
316
317
318
    received_desc_str = helper_fetch_desc_from_hsdir(blinded_key);
  }

  /* Verify we received the exact same descriptor we published earlier */
  tt_str_op(received_desc_str, OP_EQ, published_desc_str);
319
320
321
322
323
324
325
326
327
  tor_free(received_desc_str);

  /* With a valid descriptor in the directory cache, try again an invalid. */
  {
    ed25519_public_key_t blinded_key;
    memset(&blinded_key.pubkey, 'A', sizeof(blinded_key.pubkey));
    received_desc_str = helper_fetch_desc_from_hsdir(&blinded_key);
    tt_int_op(strlen(received_desc_str), OP_EQ, 0);
  }
328
329
330
331

 done:
  tor_free(received_desc_str);
  tor_free(published_desc_str);
332
  hs_descriptor_free(published_desc);
333
334
335
336
337
338
339
340
341
342
}

/* Test that HSDirs reject outdated descriptors based on their revision
 * counter. Also test that HSDirs correctly replace old descriptors with newer
 * descriptors. */
static void
test_hsdir_revision_counter_check(void *arg)
{
  int retval;

343
344
345
  ed25519_keypair_t signing_kp;

  hs_descriptor_t *published_desc = NULL;
346
347
  char *published_desc_str = NULL;

348
  uint8_t subcredential[DIGEST256_LEN];
349
350
351
352
353
354
355
356
357
358
  char *received_desc_str = NULL;
  hs_descriptor_t *received_desc = NULL;

  (void) arg;

  /* Initialize HSDir cache subsystem */
  init_test();

  /* Generate a valid descriptor with normal values. */
  {
359
    retval = ed25519_keypair_generate(&signing_kp, 0);
360
    tt_int_op(retval, OP_EQ, 0);
361
    published_desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
362
    tt_assert(published_desc);
363
364
    retval = hs_desc_encode_descriptor(published_desc, &signing_kp,
                                       &published_desc_str);
365
366
367
368
369
370
    tt_int_op(retval, OP_EQ, 0);
  }

  /* Publish descriptor to the HSDir */
  {
    retval = handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str);
371
    tt_int_op(retval, OP_EQ, 200);
372
373
374
375
376
  }

  /* Try publishing again with the same revision counter: Should fail. */
  {
    retval = handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str);
377
    tt_int_op(retval, OP_EQ, 400);
378
379
380
381
382
383
  }

  /* Fetch the published descriptor and validate the revision counter. */
  {
    const ed25519_public_key_t *blinded_key;

384
    blinded_key = &published_desc->plaintext_data.blinded_pubkey;
385
    hs_get_subcredential(&signing_kp.pubkey, blinded_key, subcredential);
386
387
    received_desc_str = helper_fetch_desc_from_hsdir(blinded_key);

388
389
    retval = hs_desc_decode_descriptor(received_desc_str,
                                       subcredential, &received_desc);
390
    tt_int_op(retval, OP_EQ, 0);
391
392
393
    tt_assert(received_desc);

    /* Check that the revision counter is correct */
394
    tt_u64_op(received_desc->plaintext_data.revision_counter, OP_EQ, 42);
Nick Mathewson's avatar
Nick Mathewson committed
395
396
397
398

    hs_descriptor_free(received_desc);
    received_desc = NULL;
    tor_free(received_desc_str);
399
400
401
402
403
404
  }

  /* Increment the revision counter and try again. Should work. */
  {
    published_desc->plaintext_data.revision_counter = 1313;
    tor_free(published_desc_str);
405
406
    retval = hs_desc_encode_descriptor(published_desc, &signing_kp,
                                       &published_desc_str);
407
408
409
    tt_int_op(retval, OP_EQ, 0);

    retval = handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str);
410
    tt_int_op(retval, OP_EQ, 200);
411
412
413
414
415
416
417
  }

  /* Again, fetch the published descriptor and perform the revision counter
     validation. The revision counter must have changed. */
  {
    const ed25519_public_key_t *blinded_key;

418
    blinded_key = &published_desc->plaintext_data.blinded_pubkey;
419
420
    received_desc_str = helper_fetch_desc_from_hsdir(blinded_key);

421
422
    retval = hs_desc_decode_descriptor(received_desc_str,
                                       subcredential, &received_desc);
423
    tt_int_op(retval, OP_EQ, 0);
424
425
426
    tt_assert(received_desc);

    /* Check that the revision counter is the latest */
427
    tt_u64_op(received_desc->plaintext_data.revision_counter, OP_EQ, 1313);
428
429
430
431
432
433
434
435
436
  }

 done:
  hs_descriptor_free(published_desc);
  hs_descriptor_free(received_desc);
  tor_free(received_desc_str);
  tor_free(published_desc_str);
}

437
438
439
440
441
442
443
444
445
static networkstatus_t mock_ns;

static networkstatus_t *
mock_networkstatus_get_live_consensus(time_t now)
{
  (void) now;
  return &mock_ns;
}

446
447
448
449
450
451
452
453
/** Test that we can store HS descriptors in the client HS cache. */
static void
test_client_cache(void *arg)
{
  int retval;
  ed25519_keypair_t signing_kp;
  hs_descriptor_t *published_desc = NULL;
  char *published_desc_str = NULL;
454
  uint8_t wanted_subcredential[DIGEST256_LEN];
455
456
457
458
459
460
461
462
  response_handler_args_t *args = NULL;
  dir_connection_t *conn = NULL;

  (void) arg;

  /* Initialize HSDir cache subsystem */
  init_test();

463
464
465
466
467
468
469
470
471
472
473
  MOCK(networkstatus_get_live_consensus,
       mock_networkstatus_get_live_consensus);

  /* Set consensus time */
  parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC",
                           &mock_ns.valid_after);
  parse_rfc1123_time("Sat, 26 Oct 1985 14:00:00 UTC",
                           &mock_ns.fresh_until);
  parse_rfc1123_time("Sat, 26 Oct 1985 16:00:00 UTC",
                           &mock_ns.valid_until);

474
475
476
  /* Generate a valid descriptor with normal values. */
  {
    retval = ed25519_keypair_generate(&signing_kp, 0);
477
    tt_int_op(retval, OP_EQ, 0);
478
479
480
481
482
    published_desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
    tt_assert(published_desc);
    retval = hs_desc_encode_descriptor(published_desc, &signing_kp,
                                       &published_desc_str);
    tt_int_op(retval, OP_EQ, 0);
483
484
    memcpy(wanted_subcredential, published_desc->subcredential, DIGEST256_LEN);
    tt_assert(!tor_mem_is_zero((char*)wanted_subcredential, DIGEST256_LEN));
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
  }

  /* Test handle_response_fetch_hsdesc_v3() */
  {
    args = tor_malloc_zero(sizeof(response_handler_args_t));
    args->status_code = 200;
    args->reason = NULL;
    args->body = published_desc_str;
    args->body_len = strlen(published_desc_str);

    conn = tor_malloc_zero(sizeof(dir_connection_t));
    conn->hs_ident = tor_malloc_zero(sizeof(hs_ident_dir_conn_t));
    ed25519_pubkey_copy(&conn->hs_ident->identity_pk, &signing_kp.pubkey);
  }

  /* store the descriptor! */
  retval = handle_response_fetch_hsdesc_v3(conn, args);
  tt_int_op(retval, == , 0);

504
505
  /* Progress time a bit and attempt to clean cache: our desc should not be
   * cleaned since we still in the same TP. */
506
  {
507
508
509
510
511
512
513
514
515
516
    parse_rfc1123_time("Sat, 27 Oct 1985 02:00:00 UTC",
                       &mock_ns.valid_after);
    parse_rfc1123_time("Sat, 27 Oct 1985 03:00:00 UTC",
                       &mock_ns.fresh_until);
    parse_rfc1123_time("Sat, 27 Oct 1985 05:00:00 UTC",
                       &mock_ns.valid_until);

    /* fetch the descriptor and make sure it's there */
    const hs_descriptor_t *cached_desc = NULL;
    cached_desc = hs_cache_lookup_as_client(&signing_kp.pubkey);
517
    tt_assert(cached_desc);
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
    tt_mem_op(cached_desc->subcredential, OP_EQ, wanted_subcredential,
              DIGEST256_LEN);
  }

  /* Progress time to next TP and check that desc was cleaned */
  {
    parse_rfc1123_time("Sat, 27 Oct 1985 12:00:00 UTC",
                       &mock_ns.valid_after);
    parse_rfc1123_time("Sat, 27 Oct 1985 13:00:00 UTC",
                       &mock_ns.fresh_until);
    parse_rfc1123_time("Sat, 27 Oct 1985 15:00:00 UTC",
                       &mock_ns.valid_until);

    const hs_descriptor_t *cached_desc = NULL;
    cached_desc = hs_cache_lookup_as_client(&signing_kp.pubkey);
    tt_assert(!cached_desc);
534
535
536
537
538
539
540
541
542
543
544
545
  }

 done:
  tor_free(args);
  hs_descriptor_free(published_desc);
  tor_free(published_desc_str);
  if (conn) {
    tor_free(conn->hs_ident);
    tor_free(conn);
  }
}

546
547
548
549
550
551
struct testcase_t hs_cache[] = {
  /* Encoding tests. */
  { "directory", test_directory, TT_FORK,
    NULL, NULL },
  { "clean_as_dir", test_clean_as_dir, TT_FORK,
    NULL, NULL },
552
553
554
555
  { "hsdir_revision_counter_check", test_hsdir_revision_counter_check, TT_FORK,
    NULL, NULL },
  { "upload_and_download_hs_desc", test_upload_and_download_hs_desc, TT_FORK,
    NULL, NULL },
556
557
  { "client_cache", test_client_cache, TT_FORK,
    NULL, NULL },
558
559
560

  END_OF_TESTCASES
};
561