func TestGenerateKey(t *testing.T) {

	_, err := vexillary.GenerateKey()
	if err != nil {
		log.Fatalln("Generate key error:", err)
	}
}
func TestGenerateFlag(t *testing.T) {

	priv, _ := vexillary.GenerateKey()

	_, err := vexillary.GenerateFlag(priv)
	if err != nil {
		log.Fatalln("Generate flag error:", err)
	}
}
func TestValidFlag(t *testing.T) {

	priv, _ := vexillary.GenerateKey()
	flag, _ := vexillary.GenerateFlag(priv)

	// Check validation of valid flag
	valid, err := vexillary.ValidFlag(flag, priv.PublicKey)
	if !valid {
		log.Fatalln("Valid flag is invalid:", err)
	}

	// Check validation of invalid flag
	invalid_flag := "aaaaaaa6a0993562af00d027aff63e9502754018="
	valid, err = vexillary.ValidFlag(invalid_flag, priv.PublicKey)
	if valid {
		log.Fatalln("Invalid flag is valid:", err)
	}
}
Beispiel #4
0
func main() {

	fmt.Println(buildInfo())

	kingpin.Parse()

	if *configPath == "" {
		log.Println("Use default config path")
		*configPath = "/etc/tinfoilhat/tinfoilhat.toml"
	}

	config, err := config.ReadConfig(*configPath)
	if err != nil {
		log.Fatalln("Cannot open config:", err)
	}

	logFile, err := os.OpenFile(config.LogFile,
		os.O_RDWR|os.O_CREATE|os.O_APPEND, 0666)
	if err != nil {
		log.Fatalln("Cannot open file:", err)
	}
	defer logFile.Close()
	log.SetOutput(logFile)

	log.Println(buildInfo())

	var rlim syscall.Rlimit
	err = syscall.Getrlimit(syscall.RLIMIT_NOFILE, &rlim)
	if err != nil {
		log.Fatalln("Getrlimit fail:", err)
	}

	log.Println("RLIMIT_NOFILE CUR:", rlim.Cur, "MAX:", rlim.Max)

	db, err := steward.OpenDatabase(config.Database.Connection)
	if err != nil {
		log.Fatalln("Open database fail:", err)
	}

	defer db.Close()

	db.SetMaxOpenConns(config.Database.MaxConnections)

	if *dbReinit {
		reinitDatabase(db, config)
	}

	checker.SetTimeout(config.CheckerTimeout.Duration)

	if config.AdvisoryReceiver.Disabled {
		scoreboard.DisableAdvisory()
	}

	priv, err := vexillary.GenerateKey()
	if err != nil {
		log.Fatalln("Generate key fail:", err)
	}

	attackFlow := make(chan scoreboard.Attack, config.API.AttackBuffer)

	go receiver.FlagReceiver(db, priv, config.FlagReceiver.Addr,
		config.FlagReceiver.ReceiveTimeout.Duration,
		config.FlagReceiver.SocketTimeout.Duration,
		attackFlow)

	go receiver.AdvisoryReceiver(db, config.AdvisoryReceiver.Addr,
		config.AdvisoryReceiver.ReceiveTimeout.Duration,
		config.AdvisoryReceiver.SocketTimeout.Duration)

	go scoreboard.Scoreboard(db, attackFlow,
		config.Scoreboard.WwwPath,
		config.Scoreboard.Addr,
		config.Scoreboard.UpdateTimeout.Duration,
		config.Pulse.Start.Time,
		config.Pulse.Half.Duration,
		config.Pulse.Lunch.Duration,
		config.Pulse.DarkestTime.Duration)

	err = pulse.Pulse(db, priv,
		config.Pulse.Start.Time,
		config.Pulse.Half.Duration,
		config.Pulse.Lunch.Duration,
		config.Pulse.RoundLen.Duration,
		config.Pulse.CheckTimeout.Duration)
	if err != nil {
		log.Fatalln("Game error:", err)
	}

	log.Println("It's now safe to turn off you computer")
	for {
		time.Sleep(time.Hour)
	}
}
Beispiel #5
0
func TestGame(*testing.T) {

	db, err := openDB()
	if err != nil {
		log.Fatalln("Open database fail:", err)
	}

	min_port_num := 1024
	max_port_num := 65535

	rand.Seed(time.Now().UnixNano())

	port := min_port_num + rand.Intn(max_port_num-min_port_num)

	log.Println("Use port", port)

	service_path := "../checker/python-api/dummy_service.py"

	svc := newDummyService(service_path, port)
	svc.Stop() // kill
	svc.Start()

	time.Sleep(time.Second) // wait for service init

	defer svc.Stop()

	priv, err := vexillary.GenerateKey()
	if err != nil {
		log.Fatalln("Generate key fail:", err)
	}

	for index, team := range []string{"FooTeam", "BarTeam", "BazTeam"} {

		// just trick for bypass UNIQUE team subnet
		subnet := fmt.Sprintf("127.%d.0.1/24", index)

		vulnbox := fmt.Sprintf("127.0.%d.3", index)

		t := steward.Team{ID: -1, Name: team, Subnet: subnet,
			Vulnbox: vulnbox}

		_, err = steward.AddTeam(db.db, t)
		if err != nil {
			log.Fatalln("Add team failed:", err)
		}
	}

	checker_path := "../checker/python-api/dummy_checker.py"

	for _, service := range []string{"Foo", "Bar", "Baz"} {

		err = steward.AddService(db.db,
			steward.Service{ID: -1, Name: service, Port: port,
				CheckerPath: checker_path, UDP: false})
		if err != nil {
			log.Fatalln("Add service failed:", err)
		}
	}

	round_len := 30 * time.Second
	timeout_between_check := 10 * time.Second

	game, err := pulse.NewGame(db.db, priv, round_len, timeout_between_check)

	defer game.Over()

	end_time := time.Now().Add(time.Minute + 10*time.Second)

	err = game.Run(end_time)

	if err != nil {
		log.Fatalln("Game error:", err)
	}

	for round := 1; round <= 2; round++ {

		for team_id := 1; team_id <= 3; team_id++ {

			res, err := steward.GetRoundResult(db.db, team_id, round)
			if err != nil {
				log.Fatalf("Get round %d result fail: %s",
					round, err)
			}

			if res.DefenceScore != float64(round*2) {
				log.Fatalln("Invalid defence score")
			}

			if res.AttackScore != 0 {
				log.Fatalln("Invalid attack score")
			}
		}
	}
}
Beispiel #6
0
func TestCountRound(*testing.T) {

	db, err := openDB()
	if err != nil {
		log.Fatalln("Open database failed:", err)
	}

	defer db.Close()

	fillTestTeams(db.db)

	fillTestServices(db.db)

	priv, err := vexillary.GenerateKey()
	if err != nil {
		log.Fatalln("Generate key failed:", err)
	}

	round, err := steward.NewRound(db.db, time.Minute)
	if err != nil {
		log.Fatalln("Create new round failed:", err)
	}

	teams, err := steward.GetTeams(db.db)
	if err != nil {
		log.Fatalln("Get teams failed:", err)
	}

	services, err := steward.GetServices(db.db)
	if err != nil {
		log.Fatalln("Get services failed:", err)
	}

	flags := make([]string, 0)

	for _, team := range teams {
		for _, svc := range services {

			flag, err := vexillary.GenerateFlag(priv)
			if err != nil {
				log.Fatalln("Generate flag failed:", err)
			}

			flags = append(flags, flag)

			flg := steward.Flag{ID: -1, Flag: flag, Round: round,
				TeamID: team.ID, ServiceID: svc.ID, Cred: ""}

			err = steward.AddFlag(db.db, flg)
			if err != nil {
				log.Fatalln("Add flag to database failed:", err)
			}

			err = steward.PutStatus(db.db, steward.Status{
				Round: round, TeamID: team.ID,
				ServiceID: svc.ID, State: steward.StatusUP})
			if err != nil {
				log.Fatalln("Put status to database failed:", err)
			}
		}
	}

	flag1, err := steward.GetFlagInfo(db.db, flags[2])
	if err != nil {
		log.Fatalln("Get flag info failed:", err)
	}

	err = steward.CaptureFlag(db.db, flag1.ID, teams[2].ID)
	if err != nil {
		log.Fatalln("Capture flag failed:", err)
	}

	flag2, err := steward.GetFlagInfo(db.db, flags[7])
	if err != nil {
		log.Fatalln("Get flag info failed:", err)
	}

	err = steward.CaptureFlag(db.db, flag2.ID, teams[3].ID)
	if err != nil {
		log.Fatalln("Capture flag failed:", err)
	}

	err = counter.CountRound(db.db, round, teams, services)
	if err != nil {
		log.Fatalln("Count round failed:", err)
	}

	res, err := steward.GetRoundResult(db.db, teams[0].ID, round)
	if err != nil || res.AttackScore != 0.0 || res.DefenceScore != 1.75 {
		log.Fatalln("Invalid result:", res)
	}

	res, err = steward.GetRoundResult(db.db, teams[1].ID, round)
	if err != nil || res.AttackScore != 0.0 || res.DefenceScore != 1.75 {
		log.Fatalln("Invalid result:", res)
	}

	res, err = steward.GetRoundResult(db.db, teams[2].ID, round)
	if err != nil || res.AttackScore != 0.25 || res.DefenceScore != 2.0 {
		log.Fatalln("Invalid result:", res)
	}

	res, err = steward.GetRoundResult(db.db, teams[3].ID, round)
	if err != nil || res.AttackScore != 0.25 || res.DefenceScore != 2.0 {
		log.Fatalln("Invalid result:", res)
	}

}
Beispiel #7
0
func TestFlagsWork(t *testing.T) {

	db, err := openDB()
	if err != nil {
		log.Fatalln("Open database failed:", err)
	}

	defer db.Close()

	min_port_num := 1024
	max_port_num := 65535

	rand.Seed(time.Now().UnixNano())

	port := min_port_num + rand.Intn(max_port_num-min_port_num)

	log.Println("Use port", port)

	service := newDummyService("python-api/dummy_service.py", port)
	service.Stop() // if already run

	priv, err := vexillary.GenerateKey()
	if err != nil {
		log.Fatalln("Generate key failed:", err)
	}

	fillTestTeams(db.db)

	checker_path := "python-api/dummy_checker.py"

	for _, service := range []string{"Foo", "Bar", "Baz"} {

		err = steward.AddService(db.db,
			steward.Service{ID: -1, Name: service, Port: port,
				CheckerPath: checker_path, UDP: false})
		if err != nil {
			log.Fatalln("Add service failed:", err)
		}
	}

	round, err := steward.NewRound(db.db, time.Minute)
	if err != nil {
		log.Fatalln("Create new round failed:", err)
	}

	teams, err := steward.GetTeams(db.db)
	if err != nil {
		log.Fatalln("Get teams failed:", err)
	}

	services, err := steward.GetServices(db.db)
	if err != nil {
		log.Fatalln("Get services failed:", err)
	}

	err = checker.PutFlags(db.db, priv, round, teams, services)
	if err != nil {
		log.Fatalln("Put flags failed:", err)
	}

	// No services -> all down
	checkServicesStatus(db.db, round, teams, services, steward.StatusDown)

	// Start service
	service.Start()

	time.Sleep(time.Second)

	service.BrokeLogic()

	err = checker.PutFlags(db.db, priv, round, teams, services)
	if err != nil {
		log.Fatalln("Put flags failed:", err)
	}

	checkServicesStatus(db.db, round, teams, services, steward.StatusMumble)

	service.RestoreLogic()

	time.Sleep(time.Second)

	round, err = steward.NewRound(db.db, time.Minute)
	if err != nil {
		log.Fatalln("Create new round failed:", err)
	}

	log.Println("Put flags to correct service...")

	err = checker.PutFlags(db.db, priv, round, teams, services)
	if err != nil {
		log.Fatalln("Put flags failed:", err)
	}

	checkServicesStatus(db.db, round, teams, services, steward.StatusUP)

	log.Println("Check flags of correct service...")

	err = checker.CheckFlags(db.db, round, teams, services)
	if err != nil {
		log.Fatalln("Check flags failed:", err)
	}

	checkServicesStatus(db.db, round, teams, services, steward.StatusUP)

	service.ClearFlags()

	log.Println("Check flags of service with removed flags...")

	err = checker.CheckFlags(db.db, round, teams, services)
	if err != nil {
		log.Fatalln("Check flags failed:", err)
	}

	checkServicesStatus(db.db, round, teams, services, steward.StatusCorrupt)

	log.Println("Stop service...")
	service.Stop()

	log.Println("Check flags of stopped service...")

	err = checker.CheckFlags(db.db, round, teams, services)
	if err != nil {
		log.Fatalln("Check flags failed:", err)
	}

	checkServicesStatus(db.db, round, teams, services, steward.StatusDown)
}
Beispiel #8
0
func TestReceiver(*testing.T) {

	db, err := openDB()
	if err != nil {
		log.Fatalln("Open database failed:", err)
	}

	defer db.Close()

	priv, err := vexillary.GenerateKey()
	if err != nil {
		log.Fatalln("Generate key failed:", err)
	}

	addr := "127.0.0.1:65000"

	flag, err := vexillary.GenerateFlag(priv)
	if err != nil {
		log.Fatalln("Generate flag failed:", err)
	}

	err = steward.AddFlag(db.db, steward.Flag{-1, flag, 1, 8, 1, ""})
	if err != nil {
		log.Fatalln("Add flag failed:", err)
	}

	firstRound, err := steward.NewRound(db.db, time.Minute*2)
	if err != nil {
		log.Fatalln("New round failed:", err)
	}

	attackFlow := make(chan scoreboard.Attack)

	go FlagReceiver(db.db, priv, addr, time.Nanosecond, time.Minute, attackFlow)

	time.Sleep(time.Second) // wait for init listener

	// The attacker must appear to be a team (e.g. jury cannot attack)
	testFlag(addr, flag, invalidTeamMsg)

	t := steward.Team{ID: -1, Name: "TestTeam", Subnet: "127.0.0.1/24",
		Vulnbox: "1"}

	// Correct flag must be captured
	teamID, err := steward.AddTeam(db.db, t)
	if err != nil {
		log.Fatalln("Add team failed:", err)
	}

	serviceID := 1

	// Flag must be captured only if service status ok
	steward.PutStatus(db.db, steward.Status{firstRound, teamID, serviceID,
		steward.StatusUP})

	testFlag(addr, flag, capturedMsg)

	// Correct flag must be captured only one
	testFlag(addr, flag, alreadyCapturedMsg)

	// Incorrect (non-signed or signed on other key) flag must be invalid
	testFlag(addr, "1e7b642f2282886377d1655af6097dd6101eac5b=",
		invalidFlagMsg)

	// Correct flag that does not exist in database must not be captured
	newFlag, err := vexillary.GenerateFlag(priv)
	if err != nil {
		log.Fatalln("Generate flag failed:", err)
	}

	testFlag(addr, newFlag, flagDoesNotExistMsg)

	// Submitted flag does not belongs to the attacking team
	flag4, err := vexillary.GenerateFlag(priv)
	if err != nil {
		log.Fatalln("Generate flag failed:", err)
	}

	err = steward.AddFlag(db.db, steward.Flag{-1, flag4, 1, teamID, 1, ""})
	if err != nil {
		log.Fatalln("Add flag failed:", err)
	}

	testFlag(addr, flag4, flagYoursMsg)

	// Correct flag from another round must not be captured
	flag2, err := vexillary.GenerateFlag(priv)
	if err != nil {
		log.Fatalln("Generate flag failed:", err)
	}

	curRound, err := steward.CurrentRound(db.db)

	err = steward.AddFlag(db.db, steward.Flag{-1, flag2, curRound.ID, 8, 1, ""})
	if err != nil {
		log.Fatalln("Add flag failed:", err)
	}

	_, err = steward.NewRound(db.db, time.Minute*2)
	if err != nil {
		log.Fatalln("New round failed:", err)
	}

	testFlag(addr, flag2, flagExpiredMsg)

	// Correct flag from expired round must not be captured
	roundLen := time.Second
	roundID, err := steward.NewRound(db.db, roundLen)
	if err != nil {
		log.Fatalln("New round failed:", err)
	}

	flag3, err := vexillary.GenerateFlag(priv)
	if err != nil {
		log.Fatalln("Generate flag failed:", err)
	}

	err = steward.AddFlag(db.db, steward.Flag{-1, flag3, roundID, 8, 1, ""})
	if err != nil {
		log.Fatalln("Add flag failed:", err)
	}

	time.Sleep(roundLen) // wait end of round

	testFlag(addr, flag3, flagExpiredMsg)

	// If service status down flag must not be captured
	roundID, err = steward.NewRound(db.db, time.Minute)
	if err != nil {
		log.Fatalln("New round failed:", err)
	}

	flag5, err := vexillary.GenerateFlag(priv)
	if err != nil {
		log.Fatalln("Generate flag failed:", err)
	}

	err = steward.AddFlag(db.db, steward.Flag{-1, flag5, roundID, 8,
		serviceID, ""})
	if err != nil {
		log.Fatalln("Add flag failed:", err)
	}

	steward.PutStatus(db.db, steward.Status{roundID, teamID, serviceID,
		steward.StatusDown})

	testFlag(addr, flag5, serviceNotUpMsg)

	steward.PutStatus(db.db, steward.Status{roundID, teamID, serviceID,
		steward.StatusUP})

	// If attempts limit exceeded flag must not be captured
	newAddr := "127.0.0.1:64000"

	// Start new receiver for test timeouts
	go FlagReceiver(db.db, priv, newAddr, time.Second, time.Minute, attackFlow)

	time.Sleep(time.Second) // wait for init listener

	// Just for take timeout
	testFlag(newAddr, flag3, flagExpiredMsg)

	// Can't use testFlag, if attempts limit exceeded server does not send
	// greeting message, and client has not able to send flag
	conn, err := net.DialTimeout("tcp", newAddr, time.Second)
	if err != nil {
		log.Fatalln("Connect to receiver failed:", err)
	}

	msg, err := bufio.NewReader(conn).ReadString('\n')
	if err != nil {
		log.Fatalln("Invalid response:", err)
	}

	response := attemptsLimitMsg

	if msg != response {
		log.Fatalf("Invalid message [%v] instead [%v]",
			strings.Trim(msg, "\n"),
			strings.Trim(response, "\n"))
	}
}