Feat: add test-keys script to validate Onion Service keys candidates (Fixes #2)

bin/params

@@ -38,6 +38,9 @@ ENV_LOCAL="$POOL/local.conf"
 # The libpcre2-dev package is used for regex support
 DEPENDENCIES="gcc libsodium-dev make autoconf libpcre2-dev"
 
+# Tor daemon, to test the generated keys
+DEPENDENCIES="$DEPENDENCIES tor netcat"
+
 # For HARICA's onion-csr
 DEPENDENCIES="$DEPENDENCIES ruby-dev build-essential"
 

bin/test-keys

+#!/usr/bin/env bash
+#
+# Test Onion Service keys.
+#
+# Copyright (C) 2022 Silvio Rhatto <rhatto@torproject.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+BASENAME="`basename $0`"
+DIRNAME="`dirname $0`"
+source $DIRNAME/params
+
+# Additional parameters
+CANDIDATE="$2"
+NOUNCE="$(echo $RANDOM | sha512sum | awk '{ print $1 }')"
+PORT="${3:-8080}"
+WAIT="60"
+
+# Teardown procedure
+function teardown() {
+  # Teardown
+  for pid in $PIDS; do
+    #echo "Stopping process $pid..."
+    kill $pid
+  done
+
+  if [ ! -z "$TMPFILE" ] && [ -e "$TMPFILE" ]; then
+    rm -f "$TMPFILE"
+  fi
+
+  exit $1
+}
+
+function usage() {
+  echo "usage: $BASENAME <pool> <candidate> <port>"
+  echo ""
+  echo "Test an Onion Service keypair candidate mined in a pool"
+  echo ""
+  echo "    pool:      the mining pool to operate on"
+  echo "    candidate: which candidate in the pool to test"
+  echo "    port:      TCP port to bind the test web server, defaults to $PORT"
+}
+
+# Check for a config
+if [ -z "$CONFIG" ]; then
+  usage
+  echo ""
+  echo "Available pools:"
+  echo ""
+  ls -1 $POOLS | sed -e 's/^/    /'
+  echo ""
+  exit 1
+fi
+
+# Check for a candidate
+if [ -z "$CANDIDATE" ]; then
+  usage
+  echo ""
+  echo "Available candidates in pool $CONFIG: "
+  echo ""
+  ls -1 $CANDIDATES | sed -e 's/^/    /'
+  echo ""
+  exit 1
+fi
+
+# Check for Tor
+if ! which tor &> /dev/null; then
+  echo "$BASENAME: cannot find the 'tor' executable; is it installed?"
+  exit 1
+fi
+
+# Create a folder where the daemon will run
+mkdir -p $POOL/daemon
+cd $POOL/daemon
+
+# Launch Tor
+echo "Launching the Tor daemon with $CANDIDATE Onion Service..."
+tor --SocksPort 0 --RunAsDaemon 0 --HiddenServiceDir $CANDIDATES/$CANDIDATE \
+                                  --HiddenServicePort "$PORT 127.0.0.1:$PORT" & # --Log "info-err stdout"
+
+# Waiting
+echo "Sleeping $WAIT seconds while the Onion Service is bootstrapped..."
+sleep $WAIT
+PIDS="$!"
+#echo "Background tasks: $PIDS"
+
+# Launch a one-time minimal web server
+echo "Launching a minimal web server..."
+TMPFILE="`mktemp`"
+echo -e "HTTP/1.1 200 OK\n\n$NOUNCE" > $TMPFILE
+cat $TMPFILE | nc -l -q 1 -p $PORT &
+
+# Try to get the secret
+echo "Trying to fetch the secret random value $NOUNCE from the Onion Service..."
+NOUNCE_OFFERED="`torify curl --no-progress-meter --connect-timeout $WAIT http://$CANDIDATE:$PORT`"
+STATUS="$?"
+
+# Check curl exit status
+if [ "$STATUS" != "0" ]; then
+  echo "Cannot check secrets: curl exited with status $STATUS"
+  teardown 1
+fi
+
+# Check if secrets match
+if [ "$NOUNCE_OFFERED" == "$NOUNCE" ]; then
+  echo "Secret sharing matched, Onion Service candidate $CANDIDATE validated!"
+  teardown 0
+else
+  echo "Cannot check secrets; expected: $NOUNCE, offered: $NOUNCE_OFFERED"
+  teardown 1
+fi