Line data Source code
1 : /* Copyright (c) 2014-2021, The Tor Project, Inc. */
2 : /* See LICENSE for licensing information */
3 :
4 : #include "orconfig.h"
5 :
6 : #define CHANNELTLS_PRIVATE
7 : #define CONNECTION_PRIVATE
8 : #define CHANNEL_OBJECT_PRIVATE
9 : #define TORTLS_PRIVATE
10 :
11 : #include "core/or/or.h"
12 : #include "app/config/config.h"
13 : #include "core/mainloop/connection.h"
14 : #include "core/or/connection_or.h"
15 : #include "core/or/channeltls.h"
16 : #include "trunnel/link_handshake.h"
17 : #include "feature/relay/router.h"
18 : #include "feature/relay/routerkeys.h"
19 : #include "core/or/scheduler.h"
20 : #include "feature/nodelist/torcert.h"
21 : #include "feature/relay/relay_handshake.h"
22 :
23 : #include "core/or/or_connection_st.h"
24 : #include "core/or/or_handshake_certs_st.h"
25 : #include "core/or/or_handshake_state_st.h"
26 : #include "core/or/var_cell_st.h"
27 :
28 : #define TOR_X509_PRIVATE
29 : #include "lib/tls/tortls.h"
30 : #include "lib/tls/x509.h"
31 :
32 : #include "test/test.h"
33 : #include "test/log_test_helpers.h"
34 :
35 : static var_cell_t *mock_got_var_cell = NULL;
36 :
37 : static void
38 26 : mock_write_var_cell(const var_cell_t *vc, or_connection_t *conn)
39 : {
40 26 : (void)conn;
41 :
42 26 : var_cell_t *newcell = var_cell_new(vc->payload_len);
43 26 : memcpy(newcell, vc, sizeof(var_cell_t));
44 26 : memcpy(newcell->payload, vc->payload, vc->payload_len);
45 :
46 26 : mock_got_var_cell = newcell;
47 26 : }
48 : static int
49 6 : mock_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert)
50 : {
51 6 : (void) tls;
52 6 : (void) cert; // XXXX look at this.
53 6 : return 1;
54 : }
55 : static tor_tls_t *mock_peer_cert_expect_tortls = NULL;
56 : static tor_x509_cert_t *mock_peer_cert = NULL;
57 : static tor_x509_cert_t *
58 33 : mock_get_peer_cert(tor_tls_t *tls)
59 : {
60 33 : if (mock_peer_cert_expect_tortls &&
61 : mock_peer_cert_expect_tortls != tls)
62 : return NULL;
63 33 : return tor_x509_cert_dup(mock_peer_cert);
64 : }
65 :
66 : static int mock_send_netinfo_called = 0;
67 : static int
68 8 : mock_send_netinfo(or_connection_t *conn)
69 : {
70 8 : (void) conn;
71 8 : ++mock_send_netinfo_called;// XXX check_this
72 8 : return 0;
73 : }
74 :
75 : static int mock_close_called = 0;
76 : static void
77 65 : mock_close_for_err(or_connection_t *orconn, int flush)
78 : {
79 65 : (void)orconn;
80 65 : (void)flush;
81 65 : ++mock_close_called;
82 65 : }
83 :
84 : static int mock_send_authenticate_called = 0;
85 : static int mock_send_authenticate_called_with_type = 0;
86 : static int
87 2 : mock_send_authenticate(or_connection_t *conn, int type)
88 : {
89 2 : (void) conn;
90 2 : mock_send_authenticate_called_with_type = type;
91 2 : ++mock_send_authenticate_called;// XXX check_this
92 2 : return 0;
93 : }
94 : static int
95 7 : mock_export_key_material(tor_tls_t *tls, uint8_t *secrets_out,
96 : const uint8_t *context,
97 : size_t context_len,
98 : const char *label)
99 : {
100 7 : (void) tls;
101 7 : (void)secrets_out;
102 7 : (void)context;
103 7 : (void)context_len;
104 7 : (void)label;
105 7 : memcpy(secrets_out, "int getRandomNumber(){return 4;}", 32);
106 7 : return 0;
107 : }
108 :
109 : static tor_x509_cert_t *mock_own_cert = NULL;
110 : static tor_x509_cert_t *
111 9 : mock_get_own_cert(tor_tls_t *tls)
112 : {
113 9 : (void)tls;
114 9 : return tor_x509_cert_dup(mock_own_cert);
115 : }
116 :
117 : /* Test good certs cells */
118 : static void
119 2 : test_link_handshake_certs_ok(void *arg)
120 : {
121 2 : or_connection_t *c1 = or_connection_new(CONN_TYPE_OR, AF_INET);
122 2 : or_connection_t *c2 = or_connection_new(CONN_TYPE_OR, AF_INET);
123 2 : var_cell_t *cell1 = NULL, *cell2 = NULL;
124 2 : certs_cell_t *cc1 = NULL, *cc2 = NULL;
125 2 : channel_tls_t *chan1 = NULL, *chan2 = NULL;
126 2 : crypto_pk_t *key1 = NULL, *key2 = NULL;
127 2 : const int with_ed = !strcmp((const char *)arg, "Ed25519");
128 :
129 2 : tor_addr_from_ipv4h(&c1->base_.addr, 0x7f000001);
130 2 : tor_addr_from_ipv4h(&c2->base_.addr, 0x7f000001);
131 :
132 2 : scheduler_init();
133 :
134 2 : MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
135 2 : MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
136 2 : MOCK(connection_or_send_netinfo, mock_send_netinfo);
137 2 : MOCK(tor_tls_get_peer_cert, mock_get_peer_cert);
138 2 : MOCK(tor_tls_get_own_cert, mock_get_own_cert);
139 :
140 2 : key1 = pk_generate(2);
141 2 : key2 = pk_generate(3);
142 :
143 : /* We need to make sure that our TLS certificates are set up before we can
144 : * actually generate a CERTS cell.
145 : */
146 2 : tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
147 : key1, key2, 86400), OP_EQ, 0);
148 :
149 2 : if (with_ed) {
150 : /* If we're making a CERTS cell for an ed handshake, let's make sure we
151 : * have some Ed25519 certificates and keys. */
152 1 : init_mock_ed_keys(key2);
153 : } else {
154 1 : certs_cell_ed25519_disabled_for_testing = 1;
155 : }
156 :
157 : /* c1 has started_here == 1 */
158 : {
159 2 : const tor_x509_cert_t *link_cert = NULL;
160 2 : tt_assert(!tor_tls_get_my_certs(1, &link_cert, NULL));
161 2 : mock_own_cert = tor_x509_cert_dup(link_cert);
162 : }
163 :
164 2 : c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
165 2 : c1->link_proto = 3;
166 2 : tt_int_op(connection_init_or_handshake_state(c1, 1), OP_EQ, 0);
167 :
168 : /* c2 has started_here == 0 */
169 2 : c2->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
170 2 : c2->link_proto = 3;
171 2 : tt_int_op(connection_init_or_handshake_state(c2, 0), OP_EQ, 0);
172 :
173 2 : tt_int_op(0, OP_EQ, connection_or_send_certs_cell(c1));
174 2 : tt_assert(mock_got_var_cell);
175 2 : cell1 = mock_got_var_cell;
176 :
177 2 : tt_int_op(0, OP_EQ, connection_or_send_certs_cell(c2));
178 2 : tt_assert(mock_got_var_cell);
179 2 : cell2 = mock_got_var_cell;
180 :
181 2 : tt_int_op(cell1->command, OP_EQ, CELL_CERTS);
182 2 : tt_int_op(cell1->payload_len, OP_GT, 1);
183 :
184 2 : tt_int_op(cell2->command, OP_EQ, CELL_CERTS);
185 2 : tt_int_op(cell2->payload_len, OP_GT, 1);
186 :
187 2 : tt_int_op(cell1->payload_len, OP_EQ,
188 : certs_cell_parse(&cc1, cell1->payload, cell1->payload_len));
189 2 : tt_int_op(cell2->payload_len, OP_EQ,
190 : certs_cell_parse(&cc2, cell2->payload, cell2->payload_len));
191 :
192 2 : if (with_ed) {
193 1 : tt_int_op(5, OP_EQ, cc1->n_certs);
194 1 : tt_int_op(5, OP_EQ, cc2->n_certs);
195 : } else {
196 1 : tt_int_op(2, OP_EQ, cc1->n_certs);
197 1 : tt_int_op(2, OP_EQ, cc2->n_certs);
198 : }
199 :
200 2 : tt_int_op(certs_cell_get_certs(cc1, 0)->cert_type, OP_EQ,
201 : CERTTYPE_RSA1024_ID_AUTH);
202 2 : tt_int_op(certs_cell_get_certs(cc1, 1)->cert_type, OP_EQ,
203 : CERTTYPE_RSA1024_ID_ID);
204 :
205 2 : tt_int_op(certs_cell_get_certs(cc2, 0)->cert_type, OP_EQ,
206 : CERTTYPE_RSA1024_ID_LINK);
207 2 : tt_int_op(certs_cell_get_certs(cc2, 1)->cert_type, OP_EQ,
208 : CERTTYPE_RSA1024_ID_ID);
209 :
210 2 : if (with_ed) {
211 1 : tt_int_op(certs_cell_get_certs(cc1, 2)->cert_type, OP_EQ,
212 : CERTTYPE_ED_ID_SIGN);
213 1 : tt_int_op(certs_cell_get_certs(cc1, 3)->cert_type, OP_EQ,
214 : CERTTYPE_ED_SIGN_AUTH);
215 1 : tt_int_op(certs_cell_get_certs(cc1, 4)->cert_type, OP_EQ,
216 : CERTTYPE_RSA1024_ID_EDID);
217 :
218 1 : tt_int_op(certs_cell_get_certs(cc2, 2)->cert_type, OP_EQ,
219 : CERTTYPE_ED_ID_SIGN);
220 1 : tt_int_op(certs_cell_get_certs(cc2, 3)->cert_type, OP_EQ,
221 : CERTTYPE_ED_SIGN_LINK);
222 1 : tt_int_op(certs_cell_get_certs(cc2, 4)->cert_type, OP_EQ,
223 : CERTTYPE_RSA1024_ID_EDID);
224 : }
225 :
226 2 : chan1 = tor_malloc_zero(sizeof(*chan1));
227 2 : channel_tls_common_init(chan1);
228 2 : c1->chan = chan1;
229 2 : chan1->conn = c1;
230 2 : c1->base_.address = tor_strdup("C1");
231 2 : c1->tls = tor_tls_new(-1, 0);
232 2 : c1->link_proto = 4;
233 2 : c1->base_.conn_array_index = -1;
234 2 : crypto_pk_get_digest(key2, c1->identity_digest);
235 :
236 2 : if (with_ed) {
237 1 : const tor_x509_cert_t *linkc, *idc;
238 1 : tor_tls_get_my_certs(1, &linkc, &idc);
239 1 : mock_peer_cert_expect_tortls = c1->tls; /* We should see this tls... */
240 1 : mock_peer_cert = tor_x509_cert_dup(linkc); /* and when we do, the peer's
241 : * cert is this... */
242 : }
243 2 : channel_tls_process_certs_cell(cell2, chan1);
244 2 : mock_peer_cert_expect_tortls = NULL;
245 2 : tor_x509_cert_free(mock_peer_cert);
246 2 : mock_peer_cert = NULL;
247 :
248 2 : tor_assert(c1->handshake_state->authenticated);
249 :
250 2 : tt_assert(c1->handshake_state->received_certs_cell);
251 2 : tt_ptr_op(c1->handshake_state->certs->auth_cert, OP_EQ, NULL);
252 2 : tt_ptr_op(c1->handshake_state->certs->ed_sign_auth, OP_EQ, NULL);
253 2 : tt_assert(c1->handshake_state->certs->id_cert);
254 2 : if (with_ed) {
255 1 : tt_assert(c1->handshake_state->certs->ed_sign_link);
256 1 : tt_assert(c1->handshake_state->certs->ed_rsa_crosscert);
257 1 : tt_assert(c1->handshake_state->certs->ed_id_sign);
258 1 : tt_assert(c1->handshake_state->authenticated_rsa);
259 1 : tt_assert(c1->handshake_state->authenticated_ed25519);
260 : } else {
261 1 : tt_ptr_op(c1->handshake_state->certs->ed_sign_link, OP_EQ, NULL);
262 1 : tt_ptr_op(c1->handshake_state->certs->ed_rsa_crosscert, OP_EQ, NULL);
263 1 : tt_ptr_op(c1->handshake_state->certs->ed_id_sign, OP_EQ, NULL);
264 1 : tt_assert(c1->handshake_state->authenticated_rsa);
265 1 : tt_assert(! c1->handshake_state->authenticated_ed25519);
266 : }
267 2 : tt_assert(! fast_mem_is_zero(
268 : (char*)c1->handshake_state->authenticated_rsa_peer_id, 20));
269 :
270 2 : chan2 = tor_malloc_zero(sizeof(*chan2));
271 2 : channel_tls_common_init(chan2);
272 2 : c2->chan = chan2;
273 2 : chan2->conn = c2;
274 2 : c2->base_.address = tor_strdup("C2");
275 2 : c2->tls = tor_tls_new(-1, 1);
276 2 : c2->link_proto = 4;
277 2 : c2->base_.conn_array_index = -1;
278 2 : crypto_pk_get_digest(key1, c2->identity_digest);
279 :
280 2 : channel_tls_process_certs_cell(cell1, chan2);
281 :
282 2 : tt_assert(c2->handshake_state->received_certs_cell);
283 2 : if (with_ed) {
284 1 : tt_assert(c2->handshake_state->certs->ed_sign_auth);
285 1 : tt_assert(c2->handshake_state->certs->ed_rsa_crosscert);
286 1 : tt_assert(c2->handshake_state->certs->ed_id_sign);
287 : } else {
288 1 : tt_assert(c2->handshake_state->certs->auth_cert);
289 1 : tt_ptr_op(c2->handshake_state->certs->ed_sign_auth, OP_EQ, NULL);
290 1 : tt_ptr_op(c2->handshake_state->certs->ed_rsa_crosscert, OP_EQ, NULL);
291 1 : tt_ptr_op(c2->handshake_state->certs->ed_id_sign, OP_EQ, NULL);
292 : }
293 2 : tt_assert(c2->handshake_state->certs->id_cert);
294 2 : tt_assert(fast_mem_is_zero(
295 : (char*)c2->handshake_state->authenticated_rsa_peer_id, 20));
296 : /* no authentication has happened yet, since we haen't gotten an AUTH cell.
297 : */
298 2 : tt_assert(! c2->handshake_state->authenticated);
299 2 : tt_assert(! c2->handshake_state->authenticated_rsa);
300 2 : tt_assert(! c2->handshake_state->authenticated_ed25519);
301 :
302 2 : done:
303 2 : UNMOCK(tor_tls_cert_matches_key);
304 2 : UNMOCK(connection_or_write_var_cell_to_buf);
305 2 : UNMOCK(connection_or_send_netinfo);
306 2 : UNMOCK(tor_tls_get_peer_cert);
307 2 : UNMOCK(tor_tls_get_own_cert);
308 2 : tor_x509_cert_free(mock_own_cert);
309 2 : tor_x509_cert_free(mock_peer_cert);
310 2 : mock_own_cert = mock_peer_cert = NULL;
311 2 : memset(c1->identity_digest, 0, sizeof(c1->identity_digest));
312 2 : memset(c2->identity_digest, 0, sizeof(c2->identity_digest));
313 2 : connection_free_minimal(TO_CONN(c1));
314 2 : connection_free_minimal(TO_CONN(c2));
315 2 : tor_free(cell1);
316 2 : tor_free(cell2);
317 2 : certs_cell_free(cc1);
318 2 : certs_cell_free(cc2);
319 2 : if (chan1)
320 2 : circuitmux_free(chan1->base_.cmux);
321 2 : tor_free(chan1);
322 2 : if (chan2)
323 2 : circuitmux_free(chan2->base_.cmux);
324 2 : tor_free(chan2);
325 2 : crypto_pk_free(key1);
326 2 : crypto_pk_free(key2);
327 2 : }
328 :
329 : typedef struct certs_data_t {
330 : int is_ed;
331 : int is_link_cert;
332 : or_connection_t *c;
333 : channel_tls_t *chan;
334 : certs_cell_t *ccell;
335 : var_cell_t *cell;
336 : crypto_pk_t *key1, *key2;
337 : } certs_data_t;
338 :
339 : static int
340 44 : recv_certs_cleanup(const struct testcase_t *test, void *obj)
341 : {
342 44 : (void)test;
343 44 : certs_data_t *d = obj;
344 44 : UNMOCK(tor_tls_cert_matches_key);
345 44 : UNMOCK(connection_or_send_netinfo);
346 44 : UNMOCK(connection_or_close_for_error);
347 44 : UNMOCK(tor_tls_get_peer_cert);
348 44 : UNMOCK(tor_tls_get_own_cert);
349 :
350 44 : if (d) {
351 44 : tor_free(d->cell);
352 44 : certs_cell_free(d->ccell);
353 44 : connection_or_clear_identity(d->c);
354 44 : connection_free_minimal(TO_CONN(d->c));
355 44 : circuitmux_free(d->chan->base_.cmux);
356 44 : tor_free(d->chan);
357 44 : crypto_pk_free(d->key1);
358 44 : crypto_pk_free(d->key2);
359 44 : tor_free(d);
360 : }
361 44 : routerkeys_free_all();
362 44 : return 1;
363 : }
364 :
365 : static void *
366 44 : recv_certs_setup(const struct testcase_t *test)
367 : {
368 44 : (void)test;
369 44 : certs_data_t *d = tor_malloc_zero(sizeof(*d));
370 44 : certs_cell_cert_t *ccc1 = NULL;
371 44 : certs_cell_cert_t *ccc2 = NULL;
372 44 : ssize_t n;
373 44 : int is_ed = d->is_ed = !strcmpstart(test->setup_data, "Ed25519");
374 44 : int is_rsa = !strcmpstart(test->setup_data, "RSA");
375 44 : int is_link = d->is_link_cert = !strcmpend(test->setup_data, "-Link");
376 44 : int is_auth = !strcmpend(test->setup_data, "-Auth");
377 44 : tor_assert(is_ed != is_rsa);
378 44 : tor_assert(is_link != is_auth);
379 :
380 44 : d->c = or_connection_new(CONN_TYPE_OR, AF_INET);
381 44 : d->chan = tor_malloc_zero(sizeof(*d->chan));
382 44 : d->c->chan = d->chan;
383 44 : d->c->base_.address = tor_strdup("HaveAnAddress");
384 44 : tor_addr_from_ipv4h(&d->c->base_.addr, 0x801f0127);
385 44 : d->c->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
386 44 : d->chan->conn = d->c;
387 44 : tt_int_op(connection_init_or_handshake_state(d->c, 1), OP_EQ, 0);
388 44 : d->c->link_proto = 4;
389 :
390 44 : d->key1 = pk_generate(2);
391 44 : d->key2 = pk_generate(3);
392 :
393 44 : tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
394 : d->key1, d->key2, 86400), OP_EQ, 0);
395 44 : if (is_ed) {
396 23 : init_mock_ed_keys(d->key2);
397 : } else {
398 21 : routerkeys_free_all();
399 : }
400 :
401 44 : d->ccell = certs_cell_new();
402 44 : ccc1 = certs_cell_cert_new();
403 44 : certs_cell_add_certs(d->ccell, ccc1);
404 44 : ccc2 = certs_cell_cert_new();
405 44 : certs_cell_add_certs(d->ccell, ccc2);
406 44 : d->ccell->n_certs = 2;
407 44 : ccc1->cert_type = is_link ? 1 : 3;
408 44 : ccc2->cert_type = 2;
409 :
410 44 : const tor_x509_cert_t *a,*b;
411 44 : const uint8_t *enca, *encb;
412 44 : size_t lena, lenb;
413 44 : tor_tls_get_my_certs(is_link ? 1 : 0, &a, &b);
414 44 : tor_x509_cert_get_der(a, &enca, &lena);
415 44 : tor_x509_cert_get_der(b, &encb, &lenb);
416 44 : certs_cell_cert_setlen_body(ccc1, lena);
417 44 : ccc1->cert_len = lena;
418 44 : certs_cell_cert_setlen_body(ccc2, lenb);
419 44 : ccc2->cert_len = lenb;
420 :
421 44 : memcpy(certs_cell_cert_getarray_body(ccc1), enca, lena);
422 44 : memcpy(certs_cell_cert_getarray_body(ccc2), encb, lenb);
423 :
424 44 : if (is_ed) {
425 23 : certs_cell_cert_t *ccc3 = NULL; /* Id->Sign */
426 23 : certs_cell_cert_t *ccc4 = NULL; /* Sign->Link or Sign->Auth. */
427 23 : certs_cell_cert_t *ccc5 = NULL; /* RSAId->Ed Id. */
428 23 : const tor_cert_t *id_sign = get_master_signing_key_cert();
429 23 : const tor_cert_t *secondary =
430 23 : is_link ? get_current_link_cert_cert() : get_current_auth_key_cert();
431 23 : const uint8_t *cc = NULL;
432 23 : size_t cc_sz;
433 23 : get_master_rsa_crosscert(&cc, &cc_sz);
434 :
435 23 : ccc3 = certs_cell_cert_new();
436 23 : ccc4 = certs_cell_cert_new();
437 23 : ccc5 = certs_cell_cert_new();
438 23 : certs_cell_add_certs(d->ccell, ccc3);
439 23 : certs_cell_add_certs(d->ccell, ccc4);
440 23 : certs_cell_add_certs(d->ccell, ccc5);
441 23 : ccc3->cert_len = id_sign->encoded_len;
442 23 : ccc4->cert_len = secondary->encoded_len;
443 23 : ccc5->cert_len = cc_sz;
444 23 : certs_cell_cert_setlen_body(ccc3, ccc3->cert_len);
445 23 : certs_cell_cert_setlen_body(ccc4, ccc4->cert_len);
446 23 : certs_cell_cert_setlen_body(ccc5, ccc5->cert_len);
447 23 : memcpy(certs_cell_cert_getarray_body(ccc3), id_sign->encoded,
448 23 : ccc3->cert_len);
449 23 : memcpy(certs_cell_cert_getarray_body(ccc4), secondary->encoded,
450 23 : ccc4->cert_len);
451 23 : memcpy(certs_cell_cert_getarray_body(ccc5), cc, ccc5->cert_len);
452 23 : ccc3->cert_type = 4;
453 23 : ccc4->cert_type = is_link ? 5 : 6;
454 23 : ccc5->cert_type = 7;
455 :
456 23 : d->ccell->n_certs = 5;
457 : }
458 :
459 44 : d->cell = var_cell_new(4096);
460 44 : d->cell->command = CELL_CERTS;
461 :
462 44 : n = certs_cell_encode(d->cell->payload, 4096, d->ccell);
463 44 : tt_int_op(n, OP_GT, 0);
464 44 : d->cell->payload_len = n;
465 :
466 44 : MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
467 44 : MOCK(connection_or_send_netinfo, mock_send_netinfo);
468 44 : MOCK(connection_or_close_for_error, mock_close_for_err);
469 44 : MOCK(tor_tls_get_peer_cert, mock_get_peer_cert);
470 :
471 44 : if (is_link) {
472 : /* Say that this is the peer's certificate */
473 41 : mock_peer_cert = tor_x509_cert_dup(a);
474 : }
475 :
476 44 : tt_int_op(0, OP_EQ, d->c->handshake_state->received_certs_cell);
477 44 : tt_int_op(0, OP_EQ, mock_send_authenticate_called);
478 44 : tt_int_op(0, OP_EQ, mock_send_netinfo_called);
479 :
480 : return d;
481 0 : done:
482 0 : recv_certs_cleanup(test, d);
483 0 : return NULL;
484 : }
485 :
486 : static struct testcase_setup_t setup_recv_certs = {
487 : .setup_fn = recv_certs_setup,
488 : .cleanup_fn = recv_certs_cleanup
489 : };
490 :
491 : static void
492 2 : test_link_handshake_recv_certs_ok(void *arg)
493 : {
494 2 : certs_data_t *d = arg;
495 2 : channel_tls_process_certs_cell(d->cell, d->chan);
496 2 : tt_int_op(0, OP_EQ, mock_close_called);
497 2 : tt_int_op(d->c->handshake_state->authenticated, OP_EQ, 1);
498 2 : tt_int_op(d->c->handshake_state->authenticated_rsa, OP_EQ, 1);
499 2 : tt_int_op(d->c->handshake_state->received_certs_cell, OP_EQ, 1);
500 2 : tt_ptr_op(d->c->handshake_state->certs->id_cert, OP_NE, NULL);
501 2 : tt_ptr_op(d->c->handshake_state->certs->auth_cert, OP_EQ, NULL);
502 :
503 2 : if (d->is_ed) {
504 1 : tt_ptr_op(d->c->handshake_state->certs->ed_id_sign, OP_NE, NULL);
505 1 : tt_ptr_op(d->c->handshake_state->certs->ed_sign_link, OP_NE, NULL);
506 1 : tt_ptr_op(d->c->handshake_state->certs->ed_sign_auth, OP_EQ, NULL);
507 1 : tt_ptr_op(d->c->handshake_state->certs->ed_rsa_crosscert, OP_NE, NULL);
508 1 : tt_int_op(d->c->handshake_state->authenticated_ed25519, OP_EQ, 1);
509 : } else {
510 1 : tt_ptr_op(d->c->handshake_state->certs->ed_id_sign, OP_EQ, NULL);
511 1 : tt_ptr_op(d->c->handshake_state->certs->ed_sign_link, OP_EQ, NULL);
512 1 : tt_ptr_op(d->c->handshake_state->certs->ed_sign_auth, OP_EQ, NULL);
513 1 : tt_ptr_op(d->c->handshake_state->certs->ed_rsa_crosscert, OP_EQ, NULL);
514 1 : tt_int_op(d->c->handshake_state->authenticated_ed25519, OP_EQ, 0);
515 : }
516 :
517 1 : done:
518 2 : ;
519 2 : }
520 :
521 : static void
522 2 : test_link_handshake_recv_certs_ok_server(void *arg)
523 : {
524 2 : certs_data_t *d = arg;
525 2 : d->c->handshake_state->started_here = 0;
526 2 : d->c->handshake_state->certs->started_here = 0;
527 2 : channel_tls_process_certs_cell(d->cell, d->chan);
528 2 : tt_int_op(0, OP_EQ, mock_close_called);
529 2 : tt_int_op(d->c->handshake_state->authenticated, OP_EQ, 0);
530 2 : tt_int_op(d->c->handshake_state->received_certs_cell, OP_EQ, 1);
531 2 : tt_ptr_op(d->c->handshake_state->certs->id_cert, OP_NE, NULL);
532 2 : tt_ptr_op(d->c->handshake_state->certs->link_cert, OP_EQ, NULL);
533 2 : if (d->is_ed) {
534 1 : tt_ptr_op(d->c->handshake_state->certs->ed_sign_auth, OP_NE, NULL);
535 1 : tt_ptr_op(d->c->handshake_state->certs->auth_cert, OP_EQ, NULL);
536 : } else {
537 1 : tt_ptr_op(d->c->handshake_state->certs->ed_sign_auth, OP_EQ, NULL);
538 1 : tt_ptr_op(d->c->handshake_state->certs->auth_cert, OP_NE, NULL);
539 : }
540 :
541 1 : done:
542 2 : ;
543 2 : }
544 :
545 : #define CERTS_FAIL(name, code) \
546 : static void \
547 : test_link_handshake_recv_certs_ ## name(void *arg) \
548 : { \
549 : certs_data_t *d = arg; \
550 : const char *require_failure_message = NULL; \
551 : setup_capture_of_logs(LOG_INFO); \
552 : { code ; } \
553 : channel_tls_process_certs_cell(d->cell, d->chan); \
554 : tt_int_op(1, OP_EQ, mock_close_called); \
555 : tt_int_op(0, OP_EQ, mock_send_authenticate_called); \
556 : tt_int_op(0, OP_EQ, mock_send_netinfo_called); \
557 : tt_int_op(0, OP_EQ, d->c->handshake_state->authenticated_rsa); \
558 : tt_int_op(0, OP_EQ, d->c->handshake_state->authenticated_ed25519); \
559 : if (require_failure_message) { \
560 : expect_log_msg_containing(require_failure_message); \
561 : } \
562 : done: \
563 : teardown_capture_of_logs(); \
564 : }
565 :
566 1 : CERTS_FAIL(badstate,
567 : require_failure_message = "We're not doing a v3 handshake!";
568 : d->c->base_.state = OR_CONN_STATE_CONNECTING;)
569 1 : CERTS_FAIL(badproto,
570 : require_failure_message = "not using link protocol >= 3";
571 : d->c->link_proto = 2)
572 1 : CERTS_FAIL(duplicate,
573 : require_failure_message = "We already got one";
574 : d->c->handshake_state->received_certs_cell = 1)
575 1 : CERTS_FAIL(already_authenticated,
576 : require_failure_message = "We're already authenticated!";
577 : d->c->handshake_state->authenticated = 1)
578 1 : CERTS_FAIL(empty,
579 : require_failure_message = "It had no body";
580 : d->cell->payload_len = 0)
581 1 : CERTS_FAIL(bad_circid,
582 : require_failure_message = "It had a nonzero circuit ID";
583 : d->cell->circ_id = 1)
584 1 : CERTS_FAIL(truncated_1,
585 : require_failure_message = "It couldn't be parsed";
586 : d->cell->payload[0] = 5)
587 1 : CERTS_FAIL(truncated_2,
588 : {
589 : require_failure_message = "It couldn't be parsed";
590 : d->cell->payload_len = 4;
591 : memcpy(d->cell->payload, "\x01\x01\x00\x05", 4);
592 : })
593 1 : CERTS_FAIL(truncated_3,
594 : {
595 : require_failure_message = "It couldn't be parsed";
596 : d->cell->payload_len = 7;
597 : memcpy(d->cell->payload, "\x01\x01\x00\x05""abc", 7);
598 : })
599 1 : CERTS_FAIL(truncated_4, /* ed25519 */
600 : {
601 : require_failure_message = "It couldn't be parsed";
602 : d->cell->payload_len -= 10;
603 : })
604 1 : CERTS_FAIL(truncated_5, /* ed25519 */
605 : {
606 : require_failure_message = "It couldn't be parsed";
607 : d->cell->payload_len -= 100;
608 : })
609 :
610 : #define REENCODE() do { \
611 : const char *msg = certs_cell_check(d->ccell); \
612 : if (msg) puts(msg); \
613 : ssize_t n = certs_cell_encode(d->cell->payload, 4096, d->ccell); \
614 : tt_int_op(n, OP_GT, 0); \
615 : d->cell->payload_len = n; \
616 : } while (0)
617 :
618 1 : CERTS_FAIL(truncated_6, /* ed25519 */
619 : {
620 : /* truncate the link certificate */
621 : require_failure_message = "undecodable Ed certificate";
622 : certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 3), 7);
623 : certs_cell_get_certs(d->ccell, 3)->cert_len = 7;
624 : REENCODE();
625 : })
626 1 : CERTS_FAIL(truncated_7, /* ed25519 */
627 : {
628 : /* truncate the crosscert */
629 : require_failure_message = "Unparseable or overlong crosscert";
630 : certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 4), 7);
631 : certs_cell_get_certs(d->ccell, 4)->cert_len = 7;
632 : REENCODE();
633 : })
634 1 : CERTS_FAIL(not_x509,
635 : {
636 : require_failure_message = "Received undecodable certificate";
637 : certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 0), 3);
638 : certs_cell_get_certs(d->ccell, 0)->cert_len = 3;
639 : REENCODE();
640 : })
641 1 : CERTS_FAIL(both_link,
642 : {
643 : require_failure_message = "Duplicate x509 certificate";
644 : certs_cell_get_certs(d->ccell, 0)->cert_type = 1;
645 : certs_cell_get_certs(d->ccell, 1)->cert_type = 1;
646 : REENCODE();
647 : })
648 1 : CERTS_FAIL(both_id_rsa,
649 : {
650 : require_failure_message = "Duplicate x509 certificate";
651 : certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
652 : certs_cell_get_certs(d->ccell, 1)->cert_type = 2;
653 : REENCODE();
654 : })
655 1 : CERTS_FAIL(both_auth,
656 : {
657 : require_failure_message = "Duplicate x509 certificate";
658 : certs_cell_get_certs(d->ccell, 0)->cert_type = 3;
659 : certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
660 : REENCODE();
661 : })
662 1 : CERTS_FAIL(duplicate_id, /* ed25519 */
663 : {
664 : require_failure_message = "Duplicate Ed25519 certificate";
665 : certs_cell_get_certs(d->ccell, 2)->cert_type = 4;
666 : certs_cell_get_certs(d->ccell, 3)->cert_type = 4;
667 : REENCODE();
668 : })
669 1 : CERTS_FAIL(duplicate_link, /* ed25519 */
670 : {
671 : require_failure_message = "Duplicate Ed25519 certificate";
672 : certs_cell_get_certs(d->ccell, 2)->cert_type = 5;
673 : certs_cell_get_certs(d->ccell, 3)->cert_type = 5;
674 : REENCODE();
675 : })
676 1 : CERTS_FAIL(duplicate_crosscert, /* ed25519 */
677 : {
678 : require_failure_message = "Duplicate RSA->Ed25519 crosscert";
679 : certs_cell_get_certs(d->ccell, 2)->cert_type = 7;
680 : certs_cell_get_certs(d->ccell, 3)->cert_type = 7;
681 : REENCODE();
682 : })
683 : static void
684 1 : test_link_handshake_recv_certs_missing_id(void *arg) /* ed25519 */
685 : {
686 1 : certs_data_t *d = arg;
687 1 : tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
688 1 : certs_cell_set_certs(d->ccell, 2, certs_cell_get_certs(d->ccell, 4));
689 1 : certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */
690 1 : certs_cell_setlen_certs(d->ccell, 4);
691 1 : d->ccell->n_certs = 4;
692 1 : REENCODE();
693 :
694 : /* This handshake succeeds, but since we have no ID cert, we will
695 : * just do the RSA handshake. */
696 1 : channel_tls_process_certs_cell(d->cell, d->chan);
697 1 : tt_int_op(0, OP_EQ, mock_close_called);
698 1 : tt_int_op(0, OP_EQ, d->c->handshake_state->authenticated_ed25519);
699 1 : tt_int_op(1, OP_EQ, d->c->handshake_state->authenticated_rsa);
700 1 : done:
701 1 : ;
702 1 : }
703 1 : CERTS_FAIL(missing_signing_key, /* ed25519 */
704 : {
705 : require_failure_message = "No Ed25519 signing key";
706 : tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
707 : certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 2);
708 : tt_int_op(cert->cert_type, OP_EQ, CERTTYPE_ED_ID_SIGN);
709 : /* replace this with a valid master->signing cert, but with no
710 : * signing key. */
711 : const ed25519_keypair_t *mk = get_master_identity_keypair();
712 : const ed25519_keypair_t *sk = get_master_signing_keypair();
713 : tor_cert_t *bad_cert = tor_cert_create_ed25519(mk, CERT_TYPE_ID_SIGNING,
714 : &sk->pubkey, time(NULL), 86400,
715 : 0 /* don't include signer */);
716 : certs_cell_cert_setlen_body(cert, bad_cert->encoded_len);
717 : memcpy(certs_cell_cert_getarray_body(cert),
718 : bad_cert->encoded, bad_cert->encoded_len);
719 : cert->cert_len = bad_cert->encoded_len;
720 : tor_cert_free(bad_cert);
721 : REENCODE();
722 : })
723 1 : CERTS_FAIL(missing_link, /* ed25519 */
724 : {
725 : require_failure_message = "No Ed25519 link key";
726 : tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
727 : certs_cell_set_certs(d->ccell, 3, certs_cell_get_certs(d->ccell, 4));
728 : certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */
729 : certs_cell_setlen_certs(d->ccell, 4);
730 : d->ccell->n_certs = 4;
731 : REENCODE();
732 : })
733 1 : CERTS_FAIL(missing_auth, /* ed25519 */
734 : {
735 : d->c->handshake_state->started_here = 0;
736 : d->c->handshake_state->certs->started_here = 0;
737 : require_failure_message = "No Ed25519 link authentication key";
738 : tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
739 : certs_cell_set_certs(d->ccell, 3, certs_cell_get_certs(d->ccell, 4));
740 : certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */
741 : certs_cell_setlen_certs(d->ccell, 4);
742 : d->ccell->n_certs = 4;
743 : REENCODE();
744 : })
745 1 : CERTS_FAIL(missing_crosscert, /* ed25519 */
746 : {
747 : require_failure_message = "Missing RSA->Ed25519 crosscert";
748 : tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
749 : certs_cell_setlen_certs(d->ccell, 4);
750 : d->ccell->n_certs = 4;
751 : REENCODE();
752 : })
753 1 : CERTS_FAIL(missing_rsa_id, /* ed25519 */
754 : {
755 : require_failure_message = "Missing legacy RSA ID cert";
756 : tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
757 : certs_cell_set_certs(d->ccell, 1, certs_cell_get_certs(d->ccell, 4));
758 : certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */
759 : certs_cell_setlen_certs(d->ccell, 4);
760 : d->ccell->n_certs = 4;
761 : REENCODE();
762 : })
763 1 : CERTS_FAIL(link_mismatch, /* ed25519 */
764 : {
765 : require_failure_message = "Link certificate does not match "
766 : "TLS certificate";
767 : const tor_x509_cert_t *idc;
768 : tor_tls_get_my_certs(1, NULL, &idc);
769 : tor_x509_cert_free(mock_peer_cert);
770 : /* Pretend that the peer cert was something else. */
771 : mock_peer_cert = tor_x509_cert_dup(idc);
772 : /* No reencode needed. */
773 : })
774 1 : CERTS_FAIL(bad_ed_sig, /* ed25519 */
775 : {
776 : require_failure_message = "At least one Ed25519 certificate was "
777 : "badly signed";
778 : certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 3);
779 : uint8_t *body = certs_cell_cert_getarray_body(cert);
780 : ssize_t body_len = certs_cell_cert_getlen_body(cert);
781 : /* Frob a byte in the signature */
782 : body[body_len - 13] ^= 7;
783 : REENCODE();
784 : })
785 1 : CERTS_FAIL(bad_crosscert, /*ed25519*/
786 : {
787 : require_failure_message = "Invalid RSA->Ed25519 crosscert";
788 : certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 4);
789 : uint8_t *body = certs_cell_cert_getarray_body(cert);
790 : ssize_t body_len = certs_cell_cert_getlen_body(cert);
791 : /* Frob a byte in the signature */
792 : body[body_len - 13] ^= 7;
793 : REENCODE();
794 : })
795 1 : CERTS_FAIL(bad_rsa_id_cert, /*ed25519*/
796 : {
797 : require_failure_message = "legacy RSA ID certificate was not valid";
798 : certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 1);
799 : uint8_t *body;
800 : /* Frob a byte in the signature, after making a new cert. (NSS won't let
801 : * us just frob the old cert, since it will see that the issuer & serial
802 : * number are the same, which will make it fail at an earlier stage than
803 : * signature verification.) */
804 : const tor_x509_cert_t *idc;
805 : tor_x509_cert_t *newc;
806 : tor_tls_get_my_certs(1, NULL, &idc);
807 : time_t new_end = time(NULL) + 86400 * 10;
808 : newc = tor_x509_cert_replace_expiration(idc, new_end, d->key2);
809 : const uint8_t *encoded;
810 : size_t encoded_len;
811 : tor_x509_cert_get_der(newc, &encoded, &encoded_len);
812 : certs_cell_cert_setlen_body(cert, encoded_len);
813 : certs_cell_cert_set_cert_len(cert, encoded_len);
814 : body = certs_cell_cert_getarray_body(cert);
815 : memcpy(body, encoded, encoded_len);
816 : body[encoded_len - 13] ^= 7;
817 : REENCODE();
818 : tor_x509_cert_free(newc);
819 : })
820 2 : CERTS_FAIL(expired_rsa_id, /* both */
821 : {
822 : require_failure_message = "Certificate already expired";
823 : /* we're going to replace the identity cert with an expired one. */
824 : certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 1);
825 : const tor_x509_cert_t *idc;
826 : tor_tls_get_my_certs(1, NULL, &idc);
827 : tor_x509_cert_t *newc;
828 : time_t new_end = time(NULL) - 86400 * 10;
829 : newc = tor_x509_cert_replace_expiration(idc, new_end, d->key2);
830 : const uint8_t *encoded;
831 : size_t encoded_len;
832 : tor_x509_cert_get_der(newc, &encoded, &encoded_len);
833 : certs_cell_cert_setlen_body(cert, encoded_len);
834 : certs_cell_cert_set_cert_len(cert, encoded_len);
835 : memcpy(certs_cell_cert_getarray_body(cert), encoded, encoded_len);
836 : REENCODE();
837 : tor_x509_cert_free(newc);
838 : })
839 1 : CERTS_FAIL(expired_ed_id, /* ed25519 */
840 : {
841 : /* we're going to replace the Ed Id->sign cert with an expired one. */
842 : require_failure_message = "At least one certificate expired";
843 : /* We don't need to re-sign, since we check for expiration first. */
844 : certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 2);
845 : uint8_t *body = certs_cell_cert_getarray_body(cert);
846 : /* The expiration field is bytes [2..5]. It is in HOURS since the
847 : * epoch. */
848 : set_uint32(body+2, htonl(24)); /* Back to jan 2, 1970. */
849 : REENCODE();
850 : })
851 1 : CERTS_FAIL(expired_ed_link, /* ed25519 */
852 : {
853 : /* we're going to replace the Ed Sign->link cert with an expired one. */
854 : require_failure_message = "At least one certificate expired";
855 : /* We don't need to re-sign, since we check for expiration first. */
856 : certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 3);
857 : uint8_t *body = certs_cell_cert_getarray_body(cert);
858 : /* The expiration field is bytes [2..5]. It is in HOURS since the
859 : * epoch. */
860 : set_uint32(body+2, htonl(24)); /* Back to jan 2, 1970. */
861 : REENCODE();
862 : })
863 1 : CERTS_FAIL(expired_crosscert, /* ed25519 */
864 : {
865 : /* we're going to replace the Ed Sign->link cert with an expired one. */
866 : require_failure_message = "Crosscert is expired";
867 : /* We don't need to re-sign, since we check for expiration first. */
868 : certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 4);
869 : uint8_t *body = certs_cell_cert_getarray_body(cert);
870 : /* The expiration field is bytes [32..35]. once again, HOURS. */
871 : set_uint32(body+32, htonl(24)); /* Back to jan 2, 1970. */
872 : REENCODE();
873 : })
874 :
875 1 : CERTS_FAIL(wrong_labels_1,
876 : {
877 : require_failure_message = "The link certificate was not valid";
878 : certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
879 : certs_cell_get_certs(d->ccell, 1)->cert_type = 1;
880 : REENCODE();
881 : })
882 1 : CERTS_FAIL(wrong_labels_2,
883 : {
884 : const tor_x509_cert_t *a;
885 : const tor_x509_cert_t *b;
886 : const uint8_t *enca;
887 : size_t lena;
888 : require_failure_message = "The link certificate was not valid";
889 : tor_tls_get_my_certs(1, &a, &b);
890 : tor_x509_cert_get_der(a, &enca, &lena);
891 : certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 1), lena);
892 : memcpy(certs_cell_cert_getarray_body(certs_cell_get_certs(d->ccell, 1)),
893 : enca, lena);
894 : certs_cell_get_certs(d->ccell, 1)->cert_len = lena;
895 : REENCODE();
896 : })
897 1 : CERTS_FAIL(wrong_labels_3,
898 : {
899 : require_failure_message =
900 : "The certs we wanted (ID, Link) were missing";
901 : certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
902 : certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
903 : REENCODE();
904 : })
905 1 : CERTS_FAIL(server_missing_certs,
906 : {
907 : require_failure_message =
908 : "The certs we wanted (ID, Auth) were missing";
909 : d->c->handshake_state->started_here = 0;
910 : d->c->handshake_state->certs->started_here = 0;
911 :
912 : })
913 1 : CERTS_FAIL(server_wrong_labels_1,
914 : {
915 : require_failure_message =
916 : "The authentication certificate was not valid";
917 : d->c->handshake_state->started_here = 0;
918 : d->c->handshake_state->certs->started_here = 0;
919 : certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
920 : certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
921 : REENCODE();
922 : })
923 :
924 : static void
925 1 : test_link_handshake_send_authchallenge(void *arg)
926 : {
927 1 : (void)arg;
928 :
929 1 : or_connection_t *c1 = or_connection_new(CONN_TYPE_OR, AF_INET);
930 1 : var_cell_t *cell1=NULL, *cell2=NULL;
931 :
932 1 : crypto_pk_t *rsa0 = pk_generate(0), *rsa1 = pk_generate(1);
933 1 : tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
934 : rsa0, rsa1, 86400), OP_EQ, 0);
935 1 : init_mock_ed_keys(rsa0);
936 :
937 1 : MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
938 :
939 1 : tt_int_op(connection_init_or_handshake_state(c1, 0), OP_EQ, 0);
940 1 : c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
941 1 : tt_ptr_op(mock_got_var_cell, OP_EQ, NULL);
942 1 : tt_int_op(0, OP_EQ, connection_or_send_auth_challenge_cell(c1));
943 1 : cell1 = mock_got_var_cell;
944 1 : tt_int_op(0, OP_EQ, connection_or_send_auth_challenge_cell(c1));
945 1 : cell2 = mock_got_var_cell;
946 : #ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS
947 1 : tt_int_op(38, OP_EQ, cell1->payload_len);
948 1 : tt_int_op(38, OP_EQ, cell2->payload_len);
949 : #else
950 : tt_int_op(36, OP_EQ, cell1->payload_len);
951 : tt_int_op(36, OP_EQ, cell2->payload_len);
952 : #endif /* defined(HAVE_WORKING_TOR_TLS_GET_TLSSECRETS) */
953 1 : tt_int_op(0, OP_EQ, cell1->circ_id);
954 1 : tt_int_op(0, OP_EQ, cell2->circ_id);
955 1 : tt_int_op(CELL_AUTH_CHALLENGE, OP_EQ, cell1->command);
956 1 : tt_int_op(CELL_AUTH_CHALLENGE, OP_EQ, cell2->command);
957 :
958 : #ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS
959 1 : tt_mem_op("\x00\x02\x00\x01\x00\x03", OP_EQ, cell1->payload + 32, 6);
960 1 : tt_mem_op("\x00\x02\x00\x01\x00\x03", OP_EQ, cell2->payload + 32, 6);
961 : #else
962 : tt_mem_op("\x00\x01\x00\x03", OP_EQ, cell1->payload + 32, 4);
963 : tt_mem_op("\x00\x01\x00\x03", OP_EQ, cell2->payload + 32, 4);
964 : #endif /* defined(HAVE_WORKING_TOR_TLS_GET_TLSSECRETS) */
965 1 : tt_mem_op(cell1->payload, OP_NE, cell2->payload, 32);
966 :
967 1 : done:
968 1 : UNMOCK(connection_or_write_var_cell_to_buf);
969 1 : connection_free_minimal(TO_CONN(c1));
970 1 : tor_free(cell1);
971 1 : tor_free(cell2);
972 1 : crypto_pk_free(rsa0);
973 1 : crypto_pk_free(rsa1);
974 1 : }
975 :
976 : typedef struct authchallenge_data_t {
977 : or_connection_t *c;
978 : channel_tls_t *chan;
979 : var_cell_t *cell;
980 : } authchallenge_data_t;
981 :
982 : static int
983 12 : recv_authchallenge_cleanup(const struct testcase_t *test, void *obj)
984 : {
985 12 : (void)test;
986 12 : authchallenge_data_t *d = obj;
987 :
988 12 : UNMOCK(connection_or_send_netinfo);
989 12 : UNMOCK(connection_or_close_for_error);
990 12 : UNMOCK(connection_or_send_authenticate_cell);
991 :
992 12 : if (d) {
993 12 : tor_free(d->cell);
994 12 : connection_free_minimal(TO_CONN(d->c));
995 12 : circuitmux_free(d->chan->base_.cmux);
996 12 : tor_free(d->chan);
997 12 : tor_free(d);
998 : }
999 12 : return 1;
1000 : }
1001 :
1002 : static void *
1003 12 : recv_authchallenge_setup(const struct testcase_t *test)
1004 : {
1005 12 : (void)test;
1006 :
1007 12 : testing__connection_or_pretend_TLSSECRET_is_supported = 1;
1008 12 : authchallenge_data_t *d = tor_malloc_zero(sizeof(*d));
1009 12 : d->c = or_connection_new(CONN_TYPE_OR, AF_INET);
1010 12 : d->chan = tor_malloc_zero(sizeof(*d->chan));
1011 12 : d->c->chan = d->chan;
1012 12 : d->c->base_.address = tor_strdup("HaveAnAddress");
1013 12 : d->c->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
1014 12 : d->chan->conn = d->c;
1015 12 : tt_int_op(connection_init_or_handshake_state(d->c, 1), OP_EQ, 0);
1016 12 : d->c->link_proto = 4;
1017 12 : d->c->handshake_state->received_certs_cell = 1;
1018 12 : d->cell = var_cell_new(128);
1019 12 : d->cell->payload_len = 38;
1020 12 : d->cell->payload[33] = 2; /* 2 methods */
1021 12 : d->cell->payload[35] = 7; /* This one isn't real */
1022 12 : d->cell->payload[37] = 1; /* This is the old RSA one. */
1023 12 : d->cell->command = CELL_AUTH_CHALLENGE;
1024 :
1025 12 : get_options_mutable()->ORPort_set = 1;
1026 :
1027 12 : MOCK(connection_or_close_for_error, mock_close_for_err);
1028 12 : MOCK(connection_or_send_netinfo, mock_send_netinfo);
1029 12 : MOCK(connection_or_send_authenticate_cell, mock_send_authenticate);
1030 12 : tt_int_op(0, OP_EQ, d->c->handshake_state->received_auth_challenge);
1031 12 : tt_int_op(0, OP_EQ, mock_send_authenticate_called);
1032 12 : tt_int_op(0, OP_EQ, mock_send_netinfo_called);
1033 :
1034 : return d;
1035 0 : done:
1036 0 : recv_authchallenge_cleanup(test, d);
1037 0 : return NULL;
1038 : }
1039 :
1040 : static struct testcase_setup_t setup_recv_authchallenge = {
1041 : .setup_fn = recv_authchallenge_setup,
1042 : .cleanup_fn = recv_authchallenge_cleanup
1043 : };
1044 :
1045 : static void
1046 1 : test_link_handshake_recv_authchallenge_ok(void *arg)
1047 : {
1048 1 : authchallenge_data_t *d = arg;
1049 :
1050 1 : channel_tls_process_auth_challenge_cell(d->cell, d->chan);
1051 1 : tt_int_op(0, OP_EQ, mock_close_called);
1052 1 : tt_int_op(1, OP_EQ, d->c->handshake_state->received_auth_challenge);
1053 1 : tt_int_op(1, OP_EQ, mock_send_authenticate_called);
1054 1 : tt_int_op(1, OP_EQ, mock_send_netinfo_called);
1055 1 : tt_int_op(1, OP_EQ, mock_send_authenticate_called_with_type); /* RSA */
1056 1 : done:
1057 1 : ;
1058 1 : }
1059 :
1060 : static void
1061 1 : test_link_handshake_recv_authchallenge_ok_ed25519(void *arg)
1062 : {
1063 1 : authchallenge_data_t *d = arg;
1064 :
1065 : /* Add the ed25519 authentication mechanism here. */
1066 1 : d->cell->payload[33] = 3; /* 3 types are supported now. */
1067 1 : d->cell->payload[39] = 3;
1068 1 : d->cell->payload_len += 2;
1069 1 : channel_tls_process_auth_challenge_cell(d->cell, d->chan);
1070 1 : tt_int_op(0, OP_EQ, mock_close_called);
1071 1 : tt_int_op(1, OP_EQ, d->c->handshake_state->received_auth_challenge);
1072 1 : tt_int_op(1, OP_EQ, mock_send_authenticate_called);
1073 1 : tt_int_op(1, OP_EQ, mock_send_netinfo_called);
1074 1 : tt_int_op(3, OP_EQ, mock_send_authenticate_called_with_type); /* Ed25519 */
1075 1 : done:
1076 1 : ;
1077 1 : }
1078 :
1079 : static void
1080 1 : test_link_handshake_recv_authchallenge_ok_noserver(void *arg)
1081 : {
1082 1 : authchallenge_data_t *d = arg;
1083 1 : get_options_mutable()->ORPort_set = 0;
1084 :
1085 1 : channel_tls_process_auth_challenge_cell(d->cell, d->chan);
1086 1 : tt_int_op(0, OP_EQ, mock_close_called);
1087 1 : tt_int_op(1, OP_EQ, d->c->handshake_state->received_auth_challenge);
1088 1 : tt_int_op(0, OP_EQ, mock_send_authenticate_called);
1089 1 : tt_int_op(0, OP_EQ, mock_send_netinfo_called);
1090 1 : done:
1091 1 : ;
1092 1 : }
1093 :
1094 : static void
1095 1 : test_link_handshake_recv_authchallenge_ok_unrecognized(void *arg)
1096 : {
1097 1 : authchallenge_data_t *d = arg;
1098 1 : d->cell->payload[37] = 99;
1099 :
1100 1 : channel_tls_process_auth_challenge_cell(d->cell, d->chan);
1101 1 : tt_int_op(0, OP_EQ, mock_close_called);
1102 1 : tt_int_op(1, OP_EQ, d->c->handshake_state->received_auth_challenge);
1103 1 : tt_int_op(0, OP_EQ, mock_send_authenticate_called);
1104 1 : tt_int_op(1, OP_EQ, mock_send_netinfo_called);
1105 1 : done:
1106 1 : ;
1107 1 : }
1108 :
1109 : #define AUTHCHALLENGE_FAIL(name, code) \
1110 : static void \
1111 : test_link_handshake_recv_authchallenge_ ## name(void *arg) \
1112 : { \
1113 : authchallenge_data_t *d = arg; \
1114 : const char *require_failure_message = NULL; \
1115 : setup_capture_of_logs(LOG_INFO); \
1116 : { code ; } \
1117 : channel_tls_process_auth_challenge_cell(d->cell, d->chan); \
1118 : tt_int_op(1, OP_EQ, mock_close_called); \
1119 : tt_int_op(0, OP_EQ, mock_send_authenticate_called); \
1120 : tt_int_op(0, OP_EQ, mock_send_netinfo_called); \
1121 : if (require_failure_message) { \
1122 : expect_log_msg_containing(require_failure_message); \
1123 : } \
1124 : done: \
1125 : teardown_capture_of_logs(); \
1126 : }
1127 :
1128 1 : AUTHCHALLENGE_FAIL(badstate,
1129 : require_failure_message = "We're not currently doing a "
1130 : "v3 handshake";
1131 : d->c->base_.state = OR_CONN_STATE_CONNECTING)
1132 1 : AUTHCHALLENGE_FAIL(badproto,
1133 : require_failure_message = "not using link protocol >= 3";
1134 : d->c->link_proto = 2)
1135 1 : AUTHCHALLENGE_FAIL(as_server,
1136 : require_failure_message = "We didn't originate this "
1137 : "connection";
1138 : d->c->handshake_state->started_here = 0;
1139 : d->c->handshake_state->certs->started_here = 0;)
1140 1 : AUTHCHALLENGE_FAIL(duplicate,
1141 : require_failure_message = "We already received one";
1142 : d->c->handshake_state->received_auth_challenge = 1)
1143 1 : AUTHCHALLENGE_FAIL(nocerts,
1144 : require_failure_message = "We haven't gotten a CERTS "
1145 : "cell yet";
1146 : d->c->handshake_state->received_certs_cell = 0)
1147 1 : AUTHCHALLENGE_FAIL(tooshort,
1148 : require_failure_message = "It was not well-formed";
1149 : d->cell->payload_len = 33)
1150 1 : AUTHCHALLENGE_FAIL(truncated,
1151 : require_failure_message = "It was not well-formed";
1152 : d->cell->payload_len = 34)
1153 1 : AUTHCHALLENGE_FAIL(nonzero_circid,
1154 : require_failure_message = "It had a nonzero circuit ID";
1155 : d->cell->circ_id = 1337)
1156 :
1157 : static int
1158 20 : mock_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out)
1159 : {
1160 20 : (void)tls;
1161 20 : memcpy(secrets_out, "int getRandomNumber(){return 4;}", 32);
1162 20 : return 0;
1163 : }
1164 :
1165 : static void
1166 2 : mock_set_circid_type(channel_t *chan,
1167 : crypto_pk_t *identity_rcvd,
1168 : int consider_identity)
1169 : {
1170 2 : (void) chan;
1171 2 : (void) identity_rcvd;
1172 2 : (void) consider_identity;
1173 2 : }
1174 :
1175 : typedef struct authenticate_data_t {
1176 : int is_ed;
1177 : or_connection_t *c1, *c2;
1178 : channel_tls_t *chan2;
1179 : var_cell_t *cell;
1180 : crypto_pk_t *key1, *key2;
1181 : } authenticate_data_t;
1182 :
1183 : static int
1184 20 : authenticate_data_cleanup(const struct testcase_t *test, void *arg)
1185 : {
1186 20 : (void) test;
1187 20 : UNMOCK(connection_or_write_var_cell_to_buf);
1188 20 : UNMOCK(tor_tls_get_peer_cert);
1189 20 : UNMOCK(tor_tls_get_own_cert);
1190 20 : UNMOCK(tor_tls_get_tlssecrets);
1191 20 : UNMOCK(connection_or_close_for_error);
1192 20 : UNMOCK(channel_set_circid_type);
1193 20 : UNMOCK(tor_tls_export_key_material);
1194 20 : authenticate_data_t *d = arg;
1195 20 : if (d) {
1196 20 : tor_free(d->cell);
1197 20 : connection_or_clear_identity(d->c1);
1198 20 : connection_or_clear_identity(d->c2);
1199 20 : connection_free_minimal(TO_CONN(d->c1));
1200 20 : connection_free_minimal(TO_CONN(d->c2));
1201 20 : circuitmux_free(d->chan2->base_.cmux);
1202 20 : tor_free(d->chan2);
1203 20 : crypto_pk_free(d->key1);
1204 20 : crypto_pk_free(d->key2);
1205 20 : tor_free(d);
1206 : }
1207 20 : tor_x509_cert_free(mock_peer_cert);
1208 20 : tor_x509_cert_free(mock_own_cert);
1209 20 : mock_peer_cert = NULL;
1210 20 : mock_own_cert = NULL;
1211 :
1212 20 : return 1;
1213 : }
1214 :
1215 : static void *
1216 20 : authenticate_data_setup(const struct testcase_t *test)
1217 : {
1218 20 : authenticate_data_t *d = tor_malloc_zero(sizeof(*d));
1219 20 : int is_ed = d->is_ed = (test->setup_data == (void*)3);
1220 :
1221 20 : testing__connection_or_pretend_TLSSECRET_is_supported = 1;
1222 :
1223 20 : scheduler_init();
1224 :
1225 20 : MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
1226 20 : MOCK(tor_tls_get_peer_cert, mock_get_peer_cert);
1227 20 : MOCK(tor_tls_get_own_cert, mock_get_own_cert);
1228 20 : MOCK(tor_tls_get_tlssecrets, mock_get_tlssecrets);
1229 20 : MOCK(connection_or_close_for_error, mock_close_for_err);
1230 20 : MOCK(channel_set_circid_type, mock_set_circid_type);
1231 20 : MOCK(tor_tls_export_key_material, mock_export_key_material);
1232 20 : d->c1 = or_connection_new(CONN_TYPE_OR, AF_INET);
1233 20 : d->c2 = or_connection_new(CONN_TYPE_OR, AF_INET);
1234 20 : tor_addr_from_ipv4h(&d->c1->base_.addr, 0x01020304);
1235 20 : tor_addr_from_ipv4h(&d->c2->base_.addr, 0x05060708);
1236 :
1237 20 : d->key1 = pk_generate(2);
1238 20 : d->key2 = pk_generate(3);
1239 20 : tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
1240 : d->key1, d->key2, 86400), OP_EQ, 0);
1241 :
1242 20 : init_mock_ed_keys(d->key2);
1243 :
1244 20 : d->c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
1245 20 : d->c1->link_proto = 3;
1246 20 : tt_int_op(connection_init_or_handshake_state(d->c1, 1), OP_EQ, 0);
1247 :
1248 20 : d->c2->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
1249 20 : d->c2->link_proto = 3;
1250 20 : tt_int_op(connection_init_or_handshake_state(d->c2, 0), OP_EQ, 0);
1251 20 : var_cell_t *cell = var_cell_new(16);
1252 20 : cell->command = CELL_CERTS;
1253 20 : or_handshake_state_record_var_cell(d->c1, d->c1->handshake_state, cell, 1);
1254 20 : or_handshake_state_record_var_cell(d->c2, d->c2->handshake_state, cell, 0);
1255 20 : memset(cell->payload, 0xf0, 16);
1256 20 : or_handshake_state_record_var_cell(d->c1, d->c1->handshake_state, cell, 0);
1257 20 : or_handshake_state_record_var_cell(d->c2, d->c2->handshake_state, cell, 1);
1258 20 : tor_free(cell);
1259 :
1260 20 : d->chan2 = tor_malloc_zero(sizeof(*d->chan2));
1261 20 : channel_tls_common_init(d->chan2);
1262 20 : d->c2->chan = d->chan2;
1263 20 : d->chan2->conn = d->c2;
1264 20 : d->c2->base_.address = tor_strdup("C2");
1265 20 : d->c2->tls = tor_tls_new(-1, 1);
1266 20 : d->c2->handshake_state->received_certs_cell = 1;
1267 :
1268 20 : const tor_x509_cert_t *id_cert=NULL, *link_cert=NULL, *auth_cert=NULL;
1269 20 : tt_assert(! tor_tls_get_my_certs(1, &link_cert, &id_cert));
1270 :
1271 20 : const uint8_t *der;
1272 20 : size_t sz;
1273 20 : tor_x509_cert_get_der(id_cert, &der, &sz);
1274 20 : d->c1->handshake_state->certs->id_cert = tor_x509_cert_decode(der, sz);
1275 20 : d->c2->handshake_state->certs->id_cert = tor_x509_cert_decode(der, sz);
1276 :
1277 20 : if (is_ed) {
1278 12 : d->c1->handshake_state->certs->ed_id_sign =
1279 4 : tor_cert_dup(get_master_signing_key_cert());
1280 12 : d->c2->handshake_state->certs->ed_id_sign =
1281 4 : tor_cert_dup(get_master_signing_key_cert());
1282 4 : d->c2->handshake_state->certs->ed_sign_auth =
1283 4 : tor_cert_dup(get_current_auth_key_cert());
1284 : } else {
1285 16 : tt_assert(! tor_tls_get_my_certs(0, &auth_cert, &id_cert));
1286 16 : tor_x509_cert_get_der(auth_cert, &der, &sz);
1287 16 : d->c2->handshake_state->certs->auth_cert = tor_x509_cert_decode(der, sz);
1288 : }
1289 :
1290 20 : tor_x509_cert_get_der(link_cert, &der, &sz);
1291 20 : mock_peer_cert = tor_x509_cert_decode(der, sz);
1292 20 : tt_assert(mock_peer_cert);
1293 :
1294 20 : mock_own_cert = tor_x509_cert_decode(der, sz);
1295 20 : tt_assert(mock_own_cert);
1296 :
1297 : /* Make an authenticate cell ... */
1298 20 : int authtype;
1299 20 : if (is_ed)
1300 : authtype = AUTHTYPE_ED25519_SHA256_RFC5705;
1301 : else
1302 16 : authtype = AUTHTYPE_RSA_SHA256_TLSSECRET;
1303 20 : tt_int_op(0, OP_EQ, connection_or_send_authenticate_cell(d->c1, authtype));
1304 :
1305 20 : tt_assert(mock_got_var_cell);
1306 20 : d->cell = mock_got_var_cell;
1307 20 : mock_got_var_cell = NULL;
1308 :
1309 20 : return d;
1310 0 : done:
1311 0 : authenticate_data_cleanup(test, d);
1312 0 : return NULL;
1313 : }
1314 :
1315 : static struct testcase_setup_t setup_authenticate = {
1316 : .setup_fn = authenticate_data_setup,
1317 : .cleanup_fn = authenticate_data_cleanup
1318 : };
1319 :
1320 : static void
1321 2 : test_link_handshake_auth_cell(void *arg)
1322 : {
1323 2 : authenticate_data_t *d = arg;
1324 2 : auth1_t *auth1 = NULL;
1325 2 : crypto_pk_t *auth_pubkey = NULL;
1326 :
1327 : /* Is the cell well-formed on the outer layer? */
1328 2 : tt_int_op(d->cell->command, OP_EQ, CELL_AUTHENTICATE);
1329 2 : tt_int_op(d->cell->payload[0], OP_EQ, 0);
1330 2 : if (d->is_ed)
1331 1 : tt_int_op(d->cell->payload[1], OP_EQ, 3);
1332 : else
1333 1 : tt_int_op(d->cell->payload[1], OP_EQ, 1);
1334 2 : tt_int_op(ntohs(get_uint16(d->cell->payload + 2)), OP_EQ,
1335 : d->cell->payload_len - 4);
1336 :
1337 : /* Check it out for plausibility... */
1338 2 : auth_ctx_t ctx;
1339 2 : ctx.is_ed = d->is_ed;
1340 2 : tt_int_op(d->cell->payload_len-4, OP_EQ, auth1_parse(&auth1,
1341 : d->cell->payload+4,
1342 : d->cell->payload_len - 4, &ctx));
1343 2 : tt_assert(auth1);
1344 :
1345 2 : if (d->is_ed) {
1346 1 : tt_mem_op(auth1->type, OP_EQ, "AUTH0003", 8);
1347 : } else {
1348 1 : tt_mem_op(auth1->type, OP_EQ, "AUTH0001", 8);
1349 : }
1350 2 : tt_mem_op(auth1->tlssecrets, OP_EQ, "int getRandomNumber(){return 4;}", 32);
1351 :
1352 : /* Is the signature okay? */
1353 2 : const uint8_t *start = d->cell->payload+4, *end = auth1->end_of_signed;
1354 2 : if (d->is_ed) {
1355 1 : ed25519_signature_t sig;
1356 1 : tt_int_op(auth1_getlen_sig(auth1), OP_EQ, ED25519_SIG_LEN);
1357 1 : memcpy(&sig.sig, auth1_getarray_sig(auth1), ED25519_SIG_LEN);
1358 1 : tt_assert(!ed25519_checksig(&sig, start, end-start,
1359 : &get_current_auth_keypair()->pubkey));
1360 : } else {
1361 1 : uint8_t sig[128];
1362 1 : uint8_t digest[32];
1363 1 : tt_int_op(auth1_getlen_sig(auth1), OP_GT, 120);
1364 2 : auth_pubkey = tor_tls_cert_get_key(
1365 1 : d->c2->handshake_state->certs->auth_cert);
1366 2 : int n = crypto_pk_public_checksig(
1367 : auth_pubkey,
1368 1 : (char*)sig, sizeof(sig), (char*)auth1_getarray_sig(auth1),
1369 : auth1_getlen_sig(auth1));
1370 1 : tt_int_op(n, OP_EQ, 32);
1371 1 : crypto_digest256((char*)digest,
1372 1 : (const char*)start, end-start, DIGEST_SHA256);
1373 1 : tt_mem_op(sig, OP_EQ, digest, 32);
1374 : }
1375 :
1376 : /* Then feed it to c2. */
1377 2 : tt_int_op(d->c2->handshake_state->authenticated, OP_EQ, 0);
1378 2 : channel_tls_process_authenticate_cell(d->cell, d->chan2);
1379 2 : tt_int_op(mock_close_called, OP_EQ, 0);
1380 2 : tt_int_op(d->c2->handshake_state->authenticated, OP_EQ, 1);
1381 2 : if (d->is_ed) {
1382 1 : tt_int_op(d->c2->handshake_state->authenticated_ed25519, OP_EQ, 1);
1383 1 : tt_int_op(d->c2->handshake_state->authenticated_rsa, OP_EQ, 1);
1384 : } else {
1385 1 : tt_int_op(d->c2->handshake_state->authenticated_ed25519, OP_EQ, 0);
1386 1 : tt_int_op(d->c2->handshake_state->authenticated_rsa, OP_EQ, 1);
1387 : }
1388 :
1389 1 : done:
1390 2 : auth1_free(auth1);
1391 2 : crypto_pk_free(auth_pubkey);
1392 2 : }
1393 :
1394 : #define AUTHENTICATE_FAIL(name, code) \
1395 : static void \
1396 : test_link_handshake_auth_ ## name(void *arg) \
1397 : { \
1398 : authenticate_data_t *d = arg; \
1399 : const char *require_failure_message = NULL; \
1400 : setup_capture_of_logs(LOG_INFO); \
1401 : { code ; } \
1402 : tt_int_op(d->c2->handshake_state->authenticated, OP_EQ, 0); \
1403 : channel_tls_process_authenticate_cell(d->cell, d->chan2); \
1404 : tt_int_op(mock_close_called, OP_EQ, 1); \
1405 : tt_int_op(d->c2->handshake_state->authenticated, OP_EQ, 0); \
1406 : if (require_failure_message) { \
1407 : expect_log_msg_containing(require_failure_message); \
1408 : } \
1409 : done: \
1410 : teardown_capture_of_logs(); \
1411 : }
1412 :
1413 1 : AUTHENTICATE_FAIL(badstate,
1414 : require_failure_message = "We're not doing a v3 handshake";
1415 : d->c2->base_.state = OR_CONN_STATE_CONNECTING)
1416 1 : AUTHENTICATE_FAIL(badproto,
1417 : require_failure_message = "not using link protocol >= 3";
1418 : d->c2->link_proto = 2)
1419 1 : AUTHENTICATE_FAIL(atclient,
1420 : require_failure_message = "We originated this connection";
1421 : d->c2->handshake_state->started_here = 1;
1422 : d->c2->handshake_state->certs->started_here = 1;)
1423 1 : AUTHENTICATE_FAIL(duplicate,
1424 : require_failure_message = "We already got one";
1425 : d->c2->handshake_state->received_authenticate = 1)
1426 : static void
1427 1 : test_link_handshake_auth_already_authenticated(void *arg)
1428 : {
1429 1 : authenticate_data_t *d = arg;
1430 1 : setup_capture_of_logs(LOG_INFO);
1431 1 : d->c2->handshake_state->authenticated = 1;
1432 1 : channel_tls_process_authenticate_cell(d->cell, d->chan2);
1433 1 : tt_int_op(mock_close_called, OP_EQ, 1);
1434 1 : tt_int_op(d->c2->handshake_state->authenticated, OP_EQ, 1);
1435 1 : expect_log_msg_containing("The peer is already authenticated");
1436 1 : done:
1437 1 : teardown_capture_of_logs();
1438 1 : }
1439 :
1440 1 : AUTHENTICATE_FAIL(nocerts,
1441 : require_failure_message = "We never got a certs cell";
1442 : d->c2->handshake_state->received_certs_cell = 0)
1443 1 : AUTHENTICATE_FAIL(noidcert,
1444 : require_failure_message = "We never got an identity "
1445 : "certificate";
1446 : tor_x509_cert_free(d->c2->handshake_state->certs->id_cert);
1447 : d->c2->handshake_state->certs->id_cert = NULL)
1448 1 : AUTHENTICATE_FAIL(noauthcert,
1449 : require_failure_message = "We never got an RSA "
1450 : "authentication certificate";
1451 : tor_x509_cert_free(d->c2->handshake_state->certs->auth_cert);
1452 : d->c2->handshake_state->certs->auth_cert = NULL)
1453 1 : AUTHENTICATE_FAIL(tooshort,
1454 : require_failure_message = "Cell was way too short";
1455 : d->cell->payload_len = 3)
1456 1 : AUTHENTICATE_FAIL(badtype,
1457 : require_failure_message = "Authenticator type was not "
1458 : "recognized";
1459 : d->cell->payload[0] = 0xff)
1460 1 : AUTHENTICATE_FAIL(truncated_1,
1461 : require_failure_message = "Authenticator was truncated";
1462 : d->cell->payload[2]++)
1463 1 : AUTHENTICATE_FAIL(truncated_2,
1464 : require_failure_message = "Authenticator was truncated";
1465 : d->cell->payload[3]++)
1466 1 : AUTHENTICATE_FAIL(tooshort_1,
1467 : require_failure_message = "Authenticator was too short";
1468 : tt_int_op(d->cell->payload_len, OP_GE, 260);
1469 : d->cell->payload[2] -= 1;
1470 : d->cell->payload_len -= 256;)
1471 1 : AUTHENTICATE_FAIL(badcontent,
1472 : require_failure_message = "Some field in the AUTHENTICATE "
1473 : "cell body was not as expected";
1474 : d->cell->payload[10] ^= 0xff)
1475 2 : AUTHENTICATE_FAIL(badsig_1,
1476 : if (d->is_ed)
1477 : require_failure_message = "Ed25519 signature wasn't valid";
1478 : else
1479 : require_failure_message = "RSA signature wasn't valid";
1480 : d->cell->payload[d->cell->payload_len - 5] ^= 0xff)
1481 1 : AUTHENTICATE_FAIL(missing_ed_id,
1482 : {
1483 : tor_cert_free(d->c2->handshake_state->certs->ed_id_sign);
1484 : d->c2->handshake_state->certs->ed_id_sign = NULL;
1485 : require_failure_message = "Ed authenticate without Ed ID "
1486 : "cert from peer";
1487 : })
1488 1 : AUTHENTICATE_FAIL(missing_ed_auth,
1489 : {
1490 : tor_cert_free(d->c2->handshake_state->certs->ed_sign_auth);
1491 : d->c2->handshake_state->certs->ed_sign_auth = NULL;
1492 : require_failure_message = "We never got an Ed25519 "
1493 : "authentication certificate";
1494 : })
1495 :
1496 : #ifndef COCCI
1497 : #define TEST_RSA(name, flags) \
1498 : { #name , test_link_handshake_ ## name, (flags), \
1499 : &passthrough_setup, (void*)"RSA" }
1500 :
1501 : #define TEST_ED(name, flags) \
1502 : { #name "_ed25519" , test_link_handshake_ ## name, (flags), \
1503 : &passthrough_setup, (void*)"Ed25519" }
1504 :
1505 : #define TEST_RCV_AUTHCHALLENGE(name) \
1506 : { "recv_authchallenge/" #name , \
1507 : test_link_handshake_recv_authchallenge_ ## name, TT_FORK, \
1508 : &setup_recv_authchallenge, NULL }
1509 :
1510 : #define TEST_RCV_CERTS(name) \
1511 : { "recv_certs/" #name , \
1512 : test_link_handshake_recv_certs_ ## name, TT_FORK, \
1513 : &setup_recv_certs, (void*)"RSA-Link" }
1514 :
1515 : #define TEST_RCV_CERTS_RSA(name,type) \
1516 : { "recv_certs/" #name , \
1517 : test_link_handshake_recv_certs_ ## name, TT_FORK, \
1518 : &setup_recv_certs, (void*)type }
1519 :
1520 : #define TEST_RCV_CERTS_ED(name, type) \
1521 : { "recv_certs/" #name "_ed25519", \
1522 : test_link_handshake_recv_certs_ ## name, TT_FORK, \
1523 : &setup_recv_certs, (void*)type }
1524 :
1525 : #define TEST_AUTHENTICATE(name) \
1526 : { "authenticate/" #name , test_link_handshake_auth_ ## name, TT_FORK, \
1527 : &setup_authenticate, NULL }
1528 :
1529 : #define TEST_AUTHENTICATE_ED(name) \
1530 : { "authenticate/" #name "_ed25519" , test_link_handshake_auth_ ## name, \
1531 : TT_FORK, &setup_authenticate, (void*)3 }
1532 : #endif /* !defined(COCCI) */
1533 :
1534 : struct testcase_t link_handshake_tests[] = {
1535 : TEST_RSA(certs_ok, TT_FORK),
1536 : TEST_ED(certs_ok, TT_FORK),
1537 :
1538 : TEST_RCV_CERTS(ok),
1539 : TEST_RCV_CERTS_ED(ok, "Ed25519-Link"),
1540 : TEST_RCV_CERTS_RSA(ok_server, "RSA-Auth"),
1541 : TEST_RCV_CERTS_ED(ok_server, "Ed25519-Auth"),
1542 : TEST_RCV_CERTS(badstate),
1543 : TEST_RCV_CERTS(badproto),
1544 : TEST_RCV_CERTS(duplicate),
1545 : TEST_RCV_CERTS(already_authenticated),
1546 : TEST_RCV_CERTS(empty),
1547 : TEST_RCV_CERTS(bad_circid),
1548 : TEST_RCV_CERTS(truncated_1),
1549 : TEST_RCV_CERTS(truncated_2),
1550 : TEST_RCV_CERTS(truncated_3),
1551 : TEST_RCV_CERTS_ED(truncated_4, "Ed25519-Link"),
1552 : TEST_RCV_CERTS_ED(truncated_5, "Ed25519-Link"),
1553 : TEST_RCV_CERTS_ED(truncated_6, "Ed25519-Link"),
1554 : TEST_RCV_CERTS_ED(truncated_7, "Ed25519-Link"),
1555 : TEST_RCV_CERTS(not_x509),
1556 : TEST_RCV_CERTS(both_link),
1557 : TEST_RCV_CERTS(both_id_rsa),
1558 : TEST_RCV_CERTS(both_auth),
1559 : TEST_RCV_CERTS_ED(duplicate_id, "Ed25519-Link"),
1560 : TEST_RCV_CERTS_ED(duplicate_link, "Ed25519-Link"),
1561 : TEST_RCV_CERTS_ED(duplicate_crosscert, "Ed25519-Link"),
1562 : TEST_RCV_CERTS_ED(missing_crosscert, "Ed25519-Link"),
1563 : TEST_RCV_CERTS_ED(missing_id, "Ed25519-Link"),
1564 : TEST_RCV_CERTS_ED(missing_signing_key, "Ed25519-Link"),
1565 : TEST_RCV_CERTS_ED(missing_link, "Ed25519-Link"),
1566 : TEST_RCV_CERTS_ED(missing_auth, "Ed25519-Auth"),
1567 : TEST_RCV_CERTS_ED(missing_rsa_id, "Ed25519-Link"),
1568 : TEST_RCV_CERTS_ED(link_mismatch, "Ed25519-Link"),
1569 : TEST_RCV_CERTS_ED(bad_ed_sig, "Ed25519-Link"),
1570 : TEST_RCV_CERTS_ED(bad_rsa_id_cert, "Ed25519-Link"),
1571 : TEST_RCV_CERTS_ED(bad_crosscert, "Ed25519-Link"),
1572 : TEST_RCV_CERTS_RSA(expired_rsa_id, "RSA-Link"),
1573 : TEST_RCV_CERTS_ED(expired_rsa_id, "Ed25519-Link"),
1574 : TEST_RCV_CERTS_ED(expired_ed_id, "Ed25519-Link"),
1575 : TEST_RCV_CERTS_ED(expired_ed_link, "Ed25519-Link"),
1576 : TEST_RCV_CERTS_ED(expired_crosscert, "Ed25519-Link"),
1577 : TEST_RCV_CERTS(wrong_labels_1),
1578 : TEST_RCV_CERTS(wrong_labels_2),
1579 : TEST_RCV_CERTS(wrong_labels_3),
1580 : TEST_RCV_CERTS(server_missing_certs),
1581 : TEST_RCV_CERTS(server_wrong_labels_1),
1582 :
1583 : TEST_RSA(send_authchallenge, TT_FORK),
1584 : TEST_RCV_AUTHCHALLENGE(ok),
1585 : TEST_RCV_AUTHCHALLENGE(ok_ed25519),
1586 : TEST_RCV_AUTHCHALLENGE(ok_noserver),
1587 : TEST_RCV_AUTHCHALLENGE(ok_unrecognized),
1588 : TEST_RCV_AUTHCHALLENGE(badstate),
1589 : TEST_RCV_AUTHCHALLENGE(badproto),
1590 : TEST_RCV_AUTHCHALLENGE(as_server),
1591 : TEST_RCV_AUTHCHALLENGE(duplicate),
1592 : TEST_RCV_AUTHCHALLENGE(nocerts),
1593 : TEST_RCV_AUTHCHALLENGE(tooshort),
1594 : TEST_RCV_AUTHCHALLENGE(truncated),
1595 : TEST_RCV_AUTHCHALLENGE(nonzero_circid),
1596 :
1597 : TEST_AUTHENTICATE(cell),
1598 : TEST_AUTHENTICATE_ED(cell),
1599 : TEST_AUTHENTICATE(badstate),
1600 : TEST_AUTHENTICATE(badproto),
1601 : TEST_AUTHENTICATE(atclient),
1602 : TEST_AUTHENTICATE(duplicate),
1603 : TEST_AUTHENTICATE(already_authenticated),
1604 : TEST_AUTHENTICATE(nocerts),
1605 : TEST_AUTHENTICATE(noidcert),
1606 : TEST_AUTHENTICATE(noauthcert),
1607 : TEST_AUTHENTICATE(tooshort),
1608 : TEST_AUTHENTICATE(badtype),
1609 : TEST_AUTHENTICATE(truncated_1),
1610 : TEST_AUTHENTICATE(truncated_2),
1611 : TEST_AUTHENTICATE(tooshort_1),
1612 : TEST_AUTHENTICATE(badcontent),
1613 : TEST_AUTHENTICATE(badsig_1),
1614 : TEST_AUTHENTICATE_ED(badsig_1),
1615 : TEST_AUTHENTICATE_ED(missing_ed_id),
1616 : TEST_AUTHENTICATE_ED(missing_ed_auth),
1617 : //TEST_AUTHENTICATE(),
1618 :
1619 : END_OF_TESTCASES
1620 : };
|
