tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE

zero_length_keys.sh (4262B)

      1 #!/bin/sh
      2 # Check that tor regenerates keys when key files are zero-length
      3 # Test for bug #13111 - Tor fails to start if onion keys are zero length
      4 #
      5 # Usage:
      6 #  ./zero_length_keys.sh PATH_TO_TOR
      7 #    Run all the tests below
      8 #  ./zero_length_keys.sh PATH_TO_TOR -z
      9 #    Check tor will launch and regenerate zero-length keys
     10 #  ./zero_length_keys.sh PATH_TO_TOR -d
     11 #    Check tor regenerates deleted keys (existing behaviour)
     12 #  ./zero_length_keys.sh PATH_TO_TOR -e
     13 #    Check tor does not overwrite existing keys (existing behaviour)
     14 #
     15 # Exit Statuses:
     16 #   0: test succeeded - tor regenerated/kept the files
     17 #   1: test failed - tor did not regenerate/keep the files
     18 #   2: test failed - tor did not generate the key files on first run
     19 #   3: a command failed - the test could not be completed
     20 #
     21 
     22 if [ $# -eq 0 ] || [ ! -f "${1}" ] || [ ! -x "${1}" ]; then
     23  echo "Usage: ${0} PATH_TO_TOR [-z|-d|-e]"
     24  exit 1
     25 elif [ $# -eq 1 ]; then
     26  echo "Testing that tor correctly handles zero-length keys"
     27  "$0" "${1}" -z && "$0" "${1}" -d && "$0" "${1}" -e
     28  exit $?
     29 else #[$# -gt 1 ]; then
     30  TOR_BINARY="${1}"
     31  shift
     32 fi
     33 
     34 DATA_DIR=$(mktemp -d -t tor_zero_length_keys.XXXXXX)
     35 if [ -z "$DATA_DIR" ]; then
     36  echo "Failure: mktemp invocation returned empty string" >&2
     37  exit 3
     38 fi
     39 if [ ! -d "$DATA_DIR" ]; then
     40  echo "Failure: mktemp invocation result doesn't point to directory" >&2
     41  exit 3
     42 fi
     43 trap 'rm -rf "$DATA_DIR"' 0
     44 
     45 touch "$DATA_DIR"/empty_torrc
     46 touch "$DATA_DIR"/empty_defaults_torrc
     47 
     48 # DisableNetwork means that the ORPort won't actually be opened.
     49 # 'ExitRelay 0' suppresses a warning.
     50 TOR="${TOR_BINARY} --hush --DisableNetwork 1 --ShutdownWaitLength 0 --ORPort 12345 --ExitRelay 0 -f $DATA_DIR/empty_torrc --defaults-torrc $DATA_DIR/empty_defaults_torrc"
     51 
     52 if [ -s "$DATA_DIR"/keys/secret_id_key ] && [ -s "$DATA_DIR"/keys/secret_onion_key ] &&
     53   [ -s "$DATA_DIR"/keys/secret_onion_key_ntor ]; then
     54  echo "Failure: Previous tor keys present in tor data directory" >&2
     55  exit 3
     56 else
     57  echo "Generating initial tor keys"
     58  $TOR --DataDirectory "$DATA_DIR"  --list-fingerprint
     59 
     60  # tor must successfully generate non-zero-length key files
     61  if [ -s "$DATA_DIR"/keys/secret_id_key ] && [ -s "$DATA_DIR"/keys/secret_onion_key ] &&
     62     [ -s "$DATA_DIR"/keys/secret_onion_key_ntor ]; then
     63    true #echo "tor generated the initial key files"
     64  else
     65    echo "Failure: tor failed to generate the initial key files"
     66    exit 2
     67  fi
     68 fi
     69 
     70 #ls -lh  "$DATA_DIR"/keys/ || exit 3
     71 
     72 # backup and keep/delete/create zero-length files for the keys
     73 
     74 FILE_DESC="keeps existing"
     75 # make a backup
     76 cp -r "$DATA_DIR"/keys "$DATA_DIR"/keys.old
     77 
     78 # delete keys for -d or -z
     79 if [ "$1" != "-e" ]; then
     80  FILE_DESC="regenerates deleted"
     81  rm "$DATA_DIR"/keys/secret_id_key || exit 3
     82  rm "$DATA_DIR"/keys/secret_onion_key || exit 3
     83  rm "$DATA_DIR"/keys/secret_onion_key_ntor || exit 3
     84 fi
     85 
     86 # create empty files for -z
     87 if [ "$1" = "-z" ]; then
     88  FILE_DESC="regenerates zero-length"
     89  touch "$DATA_DIR"/keys/secret_id_key || exit 3
     90  touch "$DATA_DIR"/keys/secret_onion_key || exit 3
     91  touch "$DATA_DIR"/keys/secret_onion_key_ntor || exit 3
     92 fi
     93 
     94 echo "Running tor again to check if it $FILE_DESC keys"
     95 $TOR --DataDirectory "$DATA_DIR" --list-fingerprint
     96 
     97 #ls -lh "$DATA_DIR"/keys/ || exit 3
     98 
     99 # tor must always have non-zero-length key files
    100 if [ -s "$DATA_DIR"/keys/secret_id_key ] && [ -s "$DATA_DIR"/keys/secret_onion_key ] &&
    101   [ -s "$DATA_DIR"/keys/secret_onion_key_ntor ]; then
    102  # check if the keys are different to the old ones
    103  diff -q -r "$DATA_DIR"/keys "$DATA_DIR"/keys.old > /dev/null
    104  SAME_KEYS=$?
    105  # if we're not testing existing keys,
    106  # the current keys should be different to the old ones
    107  if [ "$1" != "-e" ]; then
    108    if [ $SAME_KEYS -ne 0 ]; then
    109      echo "Success: test that tor $FILE_DESC key files: different keys"
    110      exit 0
    111    else
    112      echo "Failure: test that tor $FILE_DESC key files: same keys"
    113      exit 1
    114    fi
    115  else #[ "$1" == "-e" ]; then
    116    if [ $SAME_KEYS -eq 0 ]; then
    117      echo "Success: test that tor $FILE_DESC key files: same keys"
    118      exit 0
    119    else
    120      echo "Failure: test that tor $FILE_DESC key files: different keys"
    121      exit 1
    122    fi
    123  fi
    124 else
    125  echo "Failure: test that tor $FILE_DESC key files: no key files"
    126  exit 1
    127 fi