Loading src/or/hs_descriptor.c +2 −0 Original line number Diff line number Diff line Loading @@ -1439,6 +1439,7 @@ superencrypted_auth_data_is_valid(smartlist_t *tokens) tok = find_by_keyword(tokens, R3_DESC_AUTH_TYPE); tor_assert(tok->n_args >= 1); if (strcmp(tok->args[0], "x25519")) { log_warn(LD_DIR, "Unrecognized desc auth type"); return 0; } } Loading Loading @@ -1485,6 +1486,7 @@ decode_superencrypted(const char *message, size_t message_len, /* Do some rudimentary validation of the authentication data */ if (!superencrypted_auth_data_is_valid(tokens)) { log_warn(LD_REND, "Invalid auth data"); goto err; } Loading src/test/test_hs_descriptor.c +103 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,9 @@ #include "test.h" #include "torcert.h" #include "test_helpers.h" #include "log_test_helpers.h" static hs_desc_intro_point_t * helper_build_intro_point(const ed25519_keypair_t *blinded_kp, time_t now, const char *addr, int legacy) Loading Loading @@ -1001,6 +1004,103 @@ test_desc_signature(void *arg) tor_free(data); } /* bad desc auth type */ const char bad_superencrypted_text1[] = "desc-auth-type scoobysnack\n" "desc-auth-ephemeral-key A/O8DVtnUheb3r1JqoB8uJB7wxXL1XJX3eny4yB+eFA=\n" "auth-client oiNrQB8WwKo S5D02W7vKgiWIMygrBl8RQ FB//SfOBmLEx1kViEWWL1g\n" "encrypted\n" "-----BEGIN MESSAGE-----\n" "YmVpbmcgb24gbW91bnRhaW5zLCB0aGlua2luZyBhYm91dCBjb21wdXRlcnMsIGlzIG5vdC" "BiYWQgYXQgYWxs\n" "-----END MESSAGE-----\n"; /* bad ephemeral key */ const char bad_superencrypted_text2[] = "desc-auth-type x25519\n" "desc-auth-ephemeral-key differentalphabet\n" "auth-client oiNrQB8WwKo S5D02W7vKgiWIMygrBl8RQ FB//SfOBmLEx1kViEWWL1g\n" "encrypted\n" "-----BEGIN MESSAGE-----\n" "YmVpbmcgb24gbW91bnRhaW5zLCB0aGlua2luZyBhYm91dCBjb21wdXRlcnMsIGlzIG5vdC" "BiYWQgYXQgYWxs\n" "-----END MESSAGE-----\n"; /* bad encrypted msg */ const char bad_superencrypted_text3[] = "desc-auth-type x25519\n" "desc-auth-ephemeral-key A/O8DVtnUheb3r1JqoB8uJB7wxXL1XJX3eny4yB+eFA=\n" "auth-client oiNrQB8WwKo S5D02W7vKgiWIMygrBl8RQ FB//SfOBmLEx1kViEWWL1g\n" "encrypted\n" "-----BEGIN MESSAGE-----\n" "SO SMALL NOT GOOD\n" "-----END MESSAGE-----\n"; const char correct_superencrypted_text[] = "desc-auth-type x25519\n" "desc-auth-ephemeral-key A/O8DVtnUheb3r1JqoB8uJB7wxXL1XJX3eny4yB+eFA=\n" "auth-client oiNrQB8WwKo S5D02W7vKgiWIMygrBl8RQ FB//SfOBmLEx1kViEWWL1g\n" "auth-client Od09Qu636Qo /PKLzqewAdS/+0+vZC+MvQ dpw4NFo13zDnuPz45rxrOg\n" "auth-client JRr840iGYN0 8s8cxYqF7Lx23+NducC4Qg zAafl4wPLURkuEjJreZq1g\n" "encrypted\n" "-----BEGIN MESSAGE-----\n" "YmVpbmcgb24gbW91bnRhaW5zLCB0aGlua2luZyBhYm91dCBjb21wdXRlcnMsIGlzIG5vdC" "BiYWQgYXQgYWxs\n" "-----END MESSAGE-----\n"; const char correct_encrypted_plaintext[] = "being on mountains, " "thinking about computers, is not bad at all"; static void test_parse_hs_desc_superencrypted(void *arg) { (void) arg; int retval; uint8_t *encrypted_out = NULL; { setup_full_capture_of_logs(LOG_WARN); retval = decode_superencrypted(bad_superencrypted_text1, strlen(bad_superencrypted_text1), &encrypted_out); tt_int_op(retval, ==, 0); tt_assert(!encrypted_out); expect_log_msg_containing("Unrecognized desc auth type"); teardown_capture_of_logs(); } { setup_full_capture_of_logs(LOG_WARN); retval = decode_superencrypted(bad_superencrypted_text2, strlen(bad_superencrypted_text2), &encrypted_out); tt_int_op(retval, ==, 0); tt_assert(!encrypted_out); expect_log_msg_containing("Bogus desc auth key in HS desc"); teardown_capture_of_logs(); } { setup_full_capture_of_logs(LOG_WARN); retval = decode_superencrypted(bad_superencrypted_text3, strlen(bad_superencrypted_text3), &encrypted_out); tt_int_op(retval, ==, 0); tt_assert(!encrypted_out); expect_log_msg_containing("Length of descriptor\'s encrypted data " "is too small."); teardown_capture_of_logs(); } /* Now finally the good one */ retval = decode_superencrypted(correct_superencrypted_text, strlen(correct_superencrypted_text), &encrypted_out); tt_int_op(retval, ==, strlen(correct_encrypted_plaintext)); tt_mem_op(encrypted_out, OP_EQ, correct_encrypted_plaintext, strlen(correct_encrypted_plaintext)); done: tor_free(encrypted_out); } struct testcase_t hs_descriptor[] = { /* Encoding tests. */ { "cert_encoding", test_cert_encoding, TT_FORK, Loading Loading @@ -1030,6 +1130,9 @@ struct testcase_t hs_descriptor[] = { { "desc_signature", test_desc_signature, TT_FORK, NULL, NULL }, { "parse_hs_desc_superencrypted", test_parse_hs_desc_superencrypted, TT_FORK, NULL, NULL }, END_OF_TESTCASES }; Loading
src/or/hs_descriptor.c +2 −0 Original line number Diff line number Diff line Loading @@ -1439,6 +1439,7 @@ superencrypted_auth_data_is_valid(smartlist_t *tokens) tok = find_by_keyword(tokens, R3_DESC_AUTH_TYPE); tor_assert(tok->n_args >= 1); if (strcmp(tok->args[0], "x25519")) { log_warn(LD_DIR, "Unrecognized desc auth type"); return 0; } } Loading Loading @@ -1485,6 +1486,7 @@ decode_superencrypted(const char *message, size_t message_len, /* Do some rudimentary validation of the authentication data */ if (!superencrypted_auth_data_is_valid(tokens)) { log_warn(LD_REND, "Invalid auth data"); goto err; } Loading
src/test/test_hs_descriptor.c +103 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,9 @@ #include "test.h" #include "torcert.h" #include "test_helpers.h" #include "log_test_helpers.h" static hs_desc_intro_point_t * helper_build_intro_point(const ed25519_keypair_t *blinded_kp, time_t now, const char *addr, int legacy) Loading Loading @@ -1001,6 +1004,103 @@ test_desc_signature(void *arg) tor_free(data); } /* bad desc auth type */ const char bad_superencrypted_text1[] = "desc-auth-type scoobysnack\n" "desc-auth-ephemeral-key A/O8DVtnUheb3r1JqoB8uJB7wxXL1XJX3eny4yB+eFA=\n" "auth-client oiNrQB8WwKo S5D02W7vKgiWIMygrBl8RQ FB//SfOBmLEx1kViEWWL1g\n" "encrypted\n" "-----BEGIN MESSAGE-----\n" "YmVpbmcgb24gbW91bnRhaW5zLCB0aGlua2luZyBhYm91dCBjb21wdXRlcnMsIGlzIG5vdC" "BiYWQgYXQgYWxs\n" "-----END MESSAGE-----\n"; /* bad ephemeral key */ const char bad_superencrypted_text2[] = "desc-auth-type x25519\n" "desc-auth-ephemeral-key differentalphabet\n" "auth-client oiNrQB8WwKo S5D02W7vKgiWIMygrBl8RQ FB//SfOBmLEx1kViEWWL1g\n" "encrypted\n" "-----BEGIN MESSAGE-----\n" "YmVpbmcgb24gbW91bnRhaW5zLCB0aGlua2luZyBhYm91dCBjb21wdXRlcnMsIGlzIG5vdC" "BiYWQgYXQgYWxs\n" "-----END MESSAGE-----\n"; /* bad encrypted msg */ const char bad_superencrypted_text3[] = "desc-auth-type x25519\n" "desc-auth-ephemeral-key A/O8DVtnUheb3r1JqoB8uJB7wxXL1XJX3eny4yB+eFA=\n" "auth-client oiNrQB8WwKo S5D02W7vKgiWIMygrBl8RQ FB//SfOBmLEx1kViEWWL1g\n" "encrypted\n" "-----BEGIN MESSAGE-----\n" "SO SMALL NOT GOOD\n" "-----END MESSAGE-----\n"; const char correct_superencrypted_text[] = "desc-auth-type x25519\n" "desc-auth-ephemeral-key A/O8DVtnUheb3r1JqoB8uJB7wxXL1XJX3eny4yB+eFA=\n" "auth-client oiNrQB8WwKo S5D02W7vKgiWIMygrBl8RQ FB//SfOBmLEx1kViEWWL1g\n" "auth-client Od09Qu636Qo /PKLzqewAdS/+0+vZC+MvQ dpw4NFo13zDnuPz45rxrOg\n" "auth-client JRr840iGYN0 8s8cxYqF7Lx23+NducC4Qg zAafl4wPLURkuEjJreZq1g\n" "encrypted\n" "-----BEGIN MESSAGE-----\n" "YmVpbmcgb24gbW91bnRhaW5zLCB0aGlua2luZyBhYm91dCBjb21wdXRlcnMsIGlzIG5vdC" "BiYWQgYXQgYWxs\n" "-----END MESSAGE-----\n"; const char correct_encrypted_plaintext[] = "being on mountains, " "thinking about computers, is not bad at all"; static void test_parse_hs_desc_superencrypted(void *arg) { (void) arg; int retval; uint8_t *encrypted_out = NULL; { setup_full_capture_of_logs(LOG_WARN); retval = decode_superencrypted(bad_superencrypted_text1, strlen(bad_superencrypted_text1), &encrypted_out); tt_int_op(retval, ==, 0); tt_assert(!encrypted_out); expect_log_msg_containing("Unrecognized desc auth type"); teardown_capture_of_logs(); } { setup_full_capture_of_logs(LOG_WARN); retval = decode_superencrypted(bad_superencrypted_text2, strlen(bad_superencrypted_text2), &encrypted_out); tt_int_op(retval, ==, 0); tt_assert(!encrypted_out); expect_log_msg_containing("Bogus desc auth key in HS desc"); teardown_capture_of_logs(); } { setup_full_capture_of_logs(LOG_WARN); retval = decode_superencrypted(bad_superencrypted_text3, strlen(bad_superencrypted_text3), &encrypted_out); tt_int_op(retval, ==, 0); tt_assert(!encrypted_out); expect_log_msg_containing("Length of descriptor\'s encrypted data " "is too small."); teardown_capture_of_logs(); } /* Now finally the good one */ retval = decode_superencrypted(correct_superencrypted_text, strlen(correct_superencrypted_text), &encrypted_out); tt_int_op(retval, ==, strlen(correct_encrypted_plaintext)); tt_mem_op(encrypted_out, OP_EQ, correct_encrypted_plaintext, strlen(correct_encrypted_plaintext)); done: tor_free(encrypted_out); } struct testcase_t hs_descriptor[] = { /* Encoding tests. */ { "cert_encoding", test_cert_encoding, TT_FORK, Loading Loading @@ -1030,6 +1130,9 @@ struct testcase_t hs_descriptor[] = { { "desc_signature", test_desc_signature, TT_FORK, NULL, NULL }, { "parse_hs_desc_superencrypted", test_parse_hs_desc_superencrypted, TT_FORK, NULL, NULL }, END_OF_TESTCASES };