Verified Commit 67a96f37 authored by Silvio Rhatto's avatar Silvio Rhatto
Browse files

Feat: add test-keys script to validate Onion Service keys candidates (Fixes #2)

parent 727788c9
......@@ -38,6 +38,9 @@ ENV_LOCAL="$POOL/local.conf"
# The libpcre2-dev package is used for regex support
DEPENDENCIES="gcc libsodium-dev make autoconf libpcre2-dev"
# Tor daemon, to test the generated keys
DEPENDENCIES="$DEPENDENCIES tor netcat"
# For HARICA's onion-csr
DEPENDENCIES="$DEPENDENCIES ruby-dev build-essential"
......
#!/usr/bin/env bash
#
# Test Onion Service keys.
#
# Copyright (C) 2022 Silvio Rhatto <rhatto@torproject.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
# by the Free Software Foundation, either version 3 of the License,
# or any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Parameters
BASENAME="`basename $0`"
DIRNAME="`dirname $0`"
source $DIRNAME/params
# Additional parameters
CANDIDATE="$2"
NOUNCE="$(echo $RANDOM | sha512sum | awk '{ print $1 }')"
PORT="${3:-8080}"
WAIT="60"
# Teardown procedure
function teardown() {
# Teardown
for pid in $PIDS; do
#echo "Stopping process $pid..."
kill $pid
done
if [ ! -z "$TMPFILE" ] && [ -e "$TMPFILE" ]; then
rm -f "$TMPFILE"
fi
exit $1
}
function usage() {
echo "usage: $BASENAME <pool> <candidate> <port>"
echo ""
echo "Test an Onion Service keypair candidate mined in a pool"
echo ""
echo " pool: the mining pool to operate on"
echo " candidate: which candidate in the pool to test"
echo " port: TCP port to bind the test web server, defaults to $PORT"
}
# Check for a config
if [ -z "$CONFIG" ]; then
usage
echo ""
echo "Available pools:"
echo ""
ls -1 $POOLS | sed -e 's/^/ /'
echo ""
exit 1
fi
# Check for a candidate
if [ -z "$CANDIDATE" ]; then
usage
echo ""
echo "Available candidates in pool $CONFIG: "
echo ""
ls -1 $CANDIDATES | sed -e 's/^/ /'
echo ""
exit 1
fi
# Check for Tor
if ! which tor &> /dev/null; then
echo "$BASENAME: cannot find the 'tor' executable; is it installed?"
exit 1
fi
# Create a folder where the daemon will run
mkdir -p $POOL/daemon
cd $POOL/daemon
# Launch Tor
echo "Launching the Tor daemon with $CANDIDATE Onion Service..."
tor --SocksPort 0 --RunAsDaemon 0 --HiddenServiceDir $CANDIDATES/$CANDIDATE \
--HiddenServicePort "$PORT 127.0.0.1:$PORT" & # --Log "info-err stdout"
# Waiting
echo "Sleeping $WAIT seconds while the Onion Service is bootstrapped..."
sleep $WAIT
PIDS="$!"
#echo "Background tasks: $PIDS"
# Launch a one-time minimal web server
echo "Launching a minimal web server..."
TMPFILE="`mktemp`"
echo -e "HTTP/1.1 200 OK\n\n$NOUNCE" > $TMPFILE
cat $TMPFILE | nc -l -q 1 -p $PORT &
# Try to get the secret
echo "Trying to fetch the secret random value $NOUNCE from the Onion Service..."
NOUNCE_OFFERED="`torify curl --no-progress-meter --connect-timeout $WAIT http://$CANDIDATE:$PORT`"
STATUS="$?"
# Check curl exit status
if [ "$STATUS" != "0" ]; then
echo "Cannot check secrets: curl exited with status $STATUS"
teardown 1
fi
# Check if secrets match
if [ "$NOUNCE_OFFERED" == "$NOUNCE" ]; then
echo "Secret sharing matched, Onion Service candidate $CANDIDATE validated!"
teardown 0
else
echo "Cannot check secrets; expected: $NOUNCE, offered: $NOUNCE_OFFERED"
teardown 1
fi
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment