Line data Source code
1 : /* Copyright (c) 2001-2004, Roger Dingledine.
2 : * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 : * Copyright (c) 2007-2021, The Tor Project, Inc. */
4 : /* See LICENSE for licensing information */
5 :
6 : #include "orconfig.h"
7 : #define ROUTER_PRIVATE
8 : #include "core/or/or.h"
9 : #include "app/config/config.h"
10 : #include "feature/relay/router.h"
11 : #include "feature/relay/routerkeys.h"
12 : #include "lib/crypt_ops/crypto_cipher.h"
13 : #include "lib/crypt_ops/crypto_format.h"
14 : #include "feature/keymgt/loadkey.h"
15 : #include "feature/nodelist/torcert.h"
16 : #include "test/test.h"
17 :
18 : #ifdef _WIN32
19 : /* For mkdir() */
20 : #include <direct.h>
21 : #endif
22 :
23 : #ifdef HAVE_UNISTD_H
24 : #include <unistd.h>
25 : #endif
26 : #ifdef HAVE_SYS_STAT_H
27 : #include <sys/stat.h>
28 : #endif
29 :
30 : static void
31 1 : test_routerkeys_write_fingerprint(void *arg)
32 : {
33 1 : crypto_pk_t *key = pk_generate(2);
34 1 : or_options_t *options = get_options_mutable();
35 1 : const char *ddir = get_fname("write_fingerprint");
36 1 : char *cp = NULL, *cp2 = NULL;
37 1 : char fp[FINGERPRINT_LEN+1];
38 :
39 1 : (void)arg;
40 :
41 1 : tt_assert(key);
42 :
43 1 : options->ORPort_set = 1; /* So that we can get the server ID key */
44 1 : tor_free(options->DataDirectory);
45 1 : options->DataDirectory = tor_strdup(ddir);
46 1 : options->Nickname = tor_strdup("haflinger");
47 1 : set_server_identity_key(key);
48 1 : set_client_identity_key(crypto_pk_dup_key(key));
49 :
50 1 : tt_int_op(0, OP_EQ, check_private_dir(ddir, CPD_CREATE, NULL));
51 1 : tt_int_op(crypto_pk_cmp_keys(get_server_identity_key(),key),OP_EQ,0);
52 :
53 : /* Write fingerprint file */
54 1 : tt_int_op(0, OP_EQ, router_write_fingerprint(0, 0));
55 1 : cp = read_file_to_str(get_fname("write_fingerprint/fingerprint"),
56 : 0, NULL);
57 1 : crypto_pk_get_fingerprint(key, fp, 0);
58 1 : tor_asprintf(&cp2, "haflinger %s\n", fp);
59 1 : tt_str_op(cp, OP_EQ, cp2);
60 1 : tor_free(cp);
61 1 : tor_free(cp2);
62 :
63 : /* Write hashed-fingerprint file */
64 1 : tt_int_op(0, OP_EQ, router_write_fingerprint(1, 0));
65 1 : cp = read_file_to_str(get_fname("write_fingerprint/hashed-fingerprint"),
66 : 0, NULL);
67 1 : crypto_pk_get_hashed_fingerprint(key, fp);
68 1 : tor_asprintf(&cp2, "haflinger %s\n", fp);
69 1 : tt_str_op(cp, OP_EQ, cp2);
70 1 : tor_free(cp);
71 1 : tor_free(cp2);
72 :
73 : /* Replace outdated file */
74 1 : write_str_to_file(get_fname("write_fingerprint/hashed-fingerprint"),
75 : "junk goes here", 0);
76 1 : tt_int_op(0, OP_EQ, router_write_fingerprint(1, 0));
77 1 : cp = read_file_to_str(get_fname("write_fingerprint/hashed-fingerprint"),
78 : 0, NULL);
79 1 : crypto_pk_get_hashed_fingerprint(key, fp);
80 1 : tor_asprintf(&cp2, "haflinger %s\n", fp);
81 1 : tt_str_op(cp, OP_EQ, cp2);
82 1 : tor_free(cp);
83 1 : tor_free(cp2);
84 :
85 1 : done:
86 1 : crypto_pk_free(key);
87 1 : set_client_identity_key(NULL);
88 1 : tor_free(cp);
89 1 : tor_free(cp2);
90 1 : }
91 :
92 : static void
93 1 : test_routerkeys_write_ed25519_identity(void *arg)
94 : {
95 1 : crypto_pk_t *key = pk_generate(2);
96 1 : or_options_t *options = get_options_mutable();
97 1 : time_t now = time(NULL);
98 1 : const char *ddir = get_fname("write_fingerprint");
99 1 : char *cp = NULL, *cp2 = NULL;
100 1 : char ed25519_id[BASE64_DIGEST256_LEN + 1];
101 :
102 1 : (void) arg;
103 :
104 1 : tt_assert(key);
105 :
106 1 : options->ORPort_set = 1; /* So that we can get the server ID key */
107 1 : tor_free(options->DataDirectory);
108 1 : options->DataDirectory = tor_strdup(ddir);
109 1 : options->Nickname = tor_strdup("haflinger");
110 1 : set_server_identity_key(key);
111 1 : set_client_identity_key(crypto_pk_dup_key(key));
112 :
113 1 : load_ed_keys(options, now);
114 1 : tt_assert(get_master_identity_key());
115 :
116 1 : tt_int_op(0, OP_EQ, check_private_dir(ddir, CPD_CREATE, NULL));
117 :
118 : /* Write fingerprint file */
119 1 : tt_int_op(0, OP_EQ, router_write_fingerprint(0, 1));
120 1 : cp = read_file_to_str(get_fname("write_fingerprint/fingerprint-ed25519"),
121 : 0, NULL);
122 2 : digest256_to_base64(ed25519_id,
123 1 : (const char *) get_master_identity_key()->pubkey);
124 1 : tor_asprintf(&cp2, "haflinger %s\n", ed25519_id);
125 1 : tt_str_op(cp, OP_EQ, cp2);
126 1 : tor_free(cp);
127 1 : tor_free(cp2);
128 :
129 1 : done:
130 1 : crypto_pk_free(key);
131 1 : set_client_identity_key(NULL);
132 1 : tor_free(cp);
133 1 : tor_free(cp2);
134 1 : routerkeys_free_all();
135 1 : }
136 :
137 : static void
138 1 : test_routerkeys_ed_certs(void *args)
139 : {
140 1 : (void)args;
141 1 : ed25519_keypair_t kp1, kp2;
142 1 : tor_cert_t *cert[2] = {NULL, NULL}, *nocert = NULL;
143 1 : tor_cert_t *parsed_cert[2] = {NULL, NULL};
144 1 : time_t now = 1412094534;
145 1 : uint8_t *junk = NULL;
146 1 : char *base64 = NULL;
147 :
148 1 : tt_int_op(0,OP_EQ,ed25519_keypair_generate(&kp1, 0));
149 1 : tt_int_op(0,OP_EQ,ed25519_keypair_generate(&kp2, 0));
150 :
151 3 : for (int i = 0; i <= 1; ++i) {
152 2 : uint32_t flags = i ? CERT_FLAG_INCLUDE_SIGNING_KEY : 0;
153 :
154 2 : cert[i] = tor_cert_create_ed25519(&kp1, 5, &kp2.pubkey, now, 10000, flags);
155 2 : tt_assert(cert[i]);
156 :
157 2 : tt_uint_op(cert[i]->sig_bad, OP_EQ, 0);
158 2 : tt_uint_op(cert[i]->sig_ok, OP_EQ, 1);
159 2 : tt_uint_op(cert[i]->cert_expired, OP_EQ, 0);
160 2 : tt_uint_op(cert[i]->cert_valid, OP_EQ, 1);
161 2 : tt_int_op(cert[i]->cert_type, OP_EQ, 5);
162 2 : tt_mem_op(cert[i]->signed_key.pubkey, OP_EQ, &kp2.pubkey.pubkey, 32);
163 2 : tt_mem_op(cert[i]->signing_key.pubkey, OP_EQ, &kp1.pubkey.pubkey, 32);
164 2 : tt_int_op(cert[i]->signing_key_included, OP_EQ, i);
165 :
166 2 : tt_assert(cert[i]->encoded);
167 2 : tt_int_op(cert[i]->encoded_len, OP_EQ, 104 + 36 * i);
168 2 : tt_int_op(cert[i]->encoded[0], OP_EQ, 1);
169 2 : tt_int_op(cert[i]->encoded[1], OP_EQ, 5);
170 :
171 2 : parsed_cert[i] = tor_cert_parse(cert[i]->encoded, cert[i]->encoded_len);
172 2 : tt_assert(parsed_cert[i]);
173 2 : tt_int_op(cert[i]->encoded_len, OP_EQ, parsed_cert[i]->encoded_len);
174 2 : tt_mem_op(cert[i]->encoded, OP_EQ, parsed_cert[i]->encoded,
175 2 : cert[i]->encoded_len);
176 2 : tt_uint_op(parsed_cert[i]->sig_bad, OP_EQ, 0);
177 2 : tt_uint_op(parsed_cert[i]->sig_ok, OP_EQ, 0);
178 2 : tt_uint_op(parsed_cert[i]->cert_expired, OP_EQ, 0);
179 2 : tt_uint_op(parsed_cert[i]->cert_valid, OP_EQ, 0);
180 :
181 : /* Expired */
182 2 : tt_int_op(tor_cert_checksig(parsed_cert[i], &kp1.pubkey, now + 30000),
183 : OP_LT, 0);
184 2 : tt_uint_op(parsed_cert[i]->cert_expired, OP_EQ, 1);
185 2 : parsed_cert[i]->cert_expired = 0;
186 :
187 : /* Wrong key */
188 2 : tt_int_op(tor_cert_checksig(parsed_cert[i], &kp2.pubkey, now), OP_LT, 0);
189 2 : tt_uint_op(parsed_cert[i]->sig_bad, OP_EQ, 1);
190 2 : parsed_cert[i]->sig_bad = 0;
191 :
192 : /* Missing key */
193 2 : int ok = tor_cert_checksig(parsed_cert[i], NULL, now);
194 2 : tt_int_op(ok < 0, OP_EQ, i == 0);
195 2 : tt_uint_op(parsed_cert[i]->sig_bad, OP_EQ, 0);
196 2 : tt_assert(parsed_cert[i]->sig_ok == (i != 0));
197 2 : tt_assert(parsed_cert[i]->cert_valid == (i != 0));
198 2 : parsed_cert[i]->sig_bad = 0;
199 2 : parsed_cert[i]->sig_ok = 0;
200 2 : parsed_cert[i]->cert_valid = 0;
201 :
202 : /* Right key */
203 2 : tt_int_op(tor_cert_checksig(parsed_cert[i], &kp1.pubkey, now), OP_EQ, 0);
204 2 : tt_uint_op(parsed_cert[i]->sig_bad, OP_EQ, 0);
205 2 : tt_uint_op(parsed_cert[i]->sig_ok, OP_EQ, 1);
206 2 : tt_uint_op(parsed_cert[i]->cert_expired, OP_EQ, 0);
207 2 : tt_uint_op(parsed_cert[i]->cert_valid, OP_EQ, 1);
208 : }
209 :
210 : /* Now try some junky certs. */
211 : /* - Truncated */
212 1 : nocert = tor_cert_parse(cert[0]->encoded, cert[0]->encoded_len-1);
213 1 : tt_ptr_op(NULL, OP_EQ, nocert);
214 :
215 : /* - First byte modified */
216 1 : cert[0]->encoded[0] = 99;
217 1 : nocert = tor_cert_parse(cert[0]->encoded, cert[0]->encoded_len);
218 1 : tt_ptr_op(NULL, OP_EQ, nocert);
219 1 : cert[0]->encoded[0] = 1;
220 :
221 : /* - Extra byte at the end*/
222 1 : junk = tor_malloc_zero(cert[0]->encoded_len + 1);
223 1 : memcpy(junk, cert[0]->encoded, cert[0]->encoded_len);
224 1 : nocert = tor_cert_parse(junk, cert[0]->encoded_len+1);
225 1 : tt_ptr_op(NULL, OP_EQ, nocert);
226 :
227 : /* - Multiple signing key instances */
228 1 : tor_free(junk);
229 1 : junk = tor_malloc_zero(104 + 36 * 2);
230 1 : junk[0] = 1; /* version */
231 1 : junk[1] = 5; /* cert type */
232 1 : junk[6] = 1; /* key type */
233 1 : junk[39] = 2; /* n_extensions */
234 1 : junk[41] = 32; /* extlen */
235 1 : junk[42] = 4; /* exttype */
236 1 : junk[77] = 32; /* extlen */
237 1 : junk[78] = 4; /* exttype */
238 1 : nocert = tor_cert_parse(junk, 104 + 36 * 2);
239 1 : tt_ptr_op(NULL, OP_EQ, nocert);
240 :
241 1 : done:
242 1 : tor_cert_free(cert[0]);
243 1 : tor_cert_free(cert[1]);
244 1 : tor_cert_free(parsed_cert[0]);
245 1 : tor_cert_free(parsed_cert[1]);
246 1 : tor_cert_free(nocert);
247 1 : tor_free(junk);
248 1 : tor_free(base64);
249 1 : }
250 :
251 : static void
252 1 : test_routerkeys_ed_key_create(void *arg)
253 : {
254 1 : (void)arg;
255 1 : tor_cert_t *cert = NULL;
256 1 : ed25519_keypair_t *kp1 = NULL, *kp2 = NULL;
257 1 : time_t now = time(NULL);
258 :
259 : /* This is a simple alias for 'make a new keypair' */
260 1 : kp1 = ed_key_new(NULL, 0, 0, 0, 0, &cert);
261 1 : tt_assert(kp1);
262 :
263 : /* Create a new certificate signed by kp1. */
264 1 : kp2 = ed_key_new(kp1, INIT_ED_KEY_NEEDCERT, now, 3600, 4, &cert);
265 1 : tt_assert(kp2);
266 1 : tt_assert(cert);
267 1 : tt_mem_op(&cert->signed_key, OP_EQ, &kp2->pubkey,
268 1 : sizeof(ed25519_public_key_t));
269 1 : tt_assert(! cert->signing_key_included);
270 :
271 1 : tt_int_op(cert->valid_until, OP_GE, now);
272 1 : tt_int_op(cert->valid_until, OP_LE, now+7200);
273 :
274 : /* Create a new key-including certificate signed by kp1 */
275 1 : ed25519_keypair_free(kp2);
276 1 : tor_cert_free(cert);
277 1 : cert = NULL; kp2 = NULL;
278 1 : kp2 = ed_key_new(kp1, (INIT_ED_KEY_NEEDCERT|
279 : INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT),
280 : now, 3600, 4, &cert);
281 1 : tt_assert(kp2);
282 1 : tt_assert(cert);
283 1 : tt_assert(cert->signing_key_included);
284 1 : tt_mem_op(&cert->signed_key, OP_EQ, &kp2->pubkey,
285 1 : sizeof(ed25519_public_key_t));
286 1 : tt_mem_op(&cert->signing_key, OP_EQ, &kp1->pubkey,
287 1 : sizeof(ed25519_public_key_t));
288 :
289 1 : done:
290 1 : ed25519_keypair_free(kp1);
291 1 : ed25519_keypair_free(kp2);
292 1 : tor_cert_free(cert);
293 1 : }
294 :
295 : static void
296 1 : test_routerkeys_ed_key_init_basic(void *arg)
297 : {
298 1 : (void) arg;
299 :
300 1 : tor_cert_t *cert = NULL, *cert2 = NULL;
301 1 : ed25519_keypair_t *kp1 = NULL, *kp2 = NULL, *kp3 = NULL;
302 1 : time_t now = time(NULL);
303 1 : char *fname1 = tor_strdup(get_fname("test_ed_key_1"));
304 1 : char *fname2 = tor_strdup(get_fname("test_ed_key_2"));
305 1 : struct stat st;
306 :
307 1 : unlink(fname1);
308 1 : unlink(fname2);
309 :
310 : /* Fail to load a key that isn't there. */
311 1 : kp1 = ed_key_init_from_file(fname1, 0, LOG_INFO, NULL, now, 0, 7, &cert,
312 : NULL);
313 1 : tt_assert(kp1 == NULL);
314 1 : tt_assert(cert == NULL);
315 :
316 : /* Create the key if requested to do so. */
317 1 : kp1 = ed_key_init_from_file(fname1, INIT_ED_KEY_CREATE, LOG_INFO,
318 : NULL, now, 0, 7, &cert, NULL);
319 1 : tt_assert(kp1 != NULL);
320 1 : tt_assert(cert == NULL);
321 1 : tt_int_op(stat(get_fname("test_ed_key_1_cert"), &st), OP_LT, 0);
322 1 : tt_int_op(stat(get_fname("test_ed_key_1_secret_key"), &st), OP_EQ, 0);
323 :
324 : /* Fail to load if we say we need a cert */
325 1 : kp2 = ed_key_init_from_file(fname1, INIT_ED_KEY_NEEDCERT, LOG_INFO,
326 : NULL, now, 0, 7, &cert, NULL);
327 1 : tt_assert(kp2 == NULL);
328 :
329 : /* Fail to load if we say the wrong key type */
330 1 : kp2 = ed_key_init_from_file(fname1, 0, LOG_INFO,
331 : NULL, now, 0, 6, &cert, NULL);
332 1 : tt_assert(kp2 == NULL);
333 :
334 : /* Load successfully if we're not picky, whether we say "create" or not. */
335 1 : kp2 = ed_key_init_from_file(fname1, INIT_ED_KEY_CREATE, LOG_INFO,
336 : NULL, now, 0, 7, &cert, NULL);
337 1 : tt_assert(kp2 != NULL);
338 1 : tt_assert(cert == NULL);
339 1 : tt_mem_op(kp1, OP_EQ, kp2, sizeof(*kp1));
340 1 : ed25519_keypair_free(kp2); kp2 = NULL;
341 :
342 1 : kp2 = ed_key_init_from_file(fname1, 0, LOG_INFO,
343 : NULL, now, 0, 7, &cert, NULL);
344 1 : tt_assert(kp2 != NULL);
345 1 : tt_assert(cert == NULL);
346 1 : tt_mem_op(kp1, OP_EQ, kp2, sizeof(*kp1));
347 1 : ed25519_keypair_free(kp2); kp2 = NULL;
348 :
349 : /* Now create a key with a cert. */
350 1 : kp2 = ed_key_init_from_file(fname2, (INIT_ED_KEY_CREATE|
351 : INIT_ED_KEY_NEEDCERT),
352 : LOG_INFO, kp1, now, 7200, 7, &cert, NULL);
353 1 : tt_assert(kp2 != NULL);
354 1 : tt_assert(cert != NULL);
355 1 : tt_mem_op(kp1, OP_NE, kp2, sizeof(*kp1));
356 1 : tt_int_op(stat(get_fname("test_ed_key_2_cert"), &st), OP_EQ, 0);
357 1 : tt_int_op(stat(get_fname("test_ed_key_2_secret_key"), &st), OP_EQ, 0);
358 :
359 1 : tt_assert(cert->cert_valid == 1);
360 1 : tt_mem_op(&cert->signed_key, OP_EQ, &kp2->pubkey, 32);
361 :
362 : /* Now verify we can load the cert... */
363 1 : kp3 = ed_key_init_from_file(fname2, (INIT_ED_KEY_CREATE|
364 : INIT_ED_KEY_NEEDCERT),
365 : LOG_INFO, kp1, now, 7200, 7, &cert2, NULL);
366 1 : tt_mem_op(kp2, OP_EQ, kp3, sizeof(*kp2));
367 1 : tt_mem_op(cert2->encoded, OP_EQ, cert->encoded, cert->encoded_len);
368 1 : ed25519_keypair_free(kp3); kp3 = NULL;
369 1 : tor_cert_free(cert2); cert2 = NULL;
370 :
371 : /* ... even without create... */
372 1 : kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
373 : LOG_INFO, kp1, now, 7200, 7, &cert2, NULL);
374 1 : tt_mem_op(kp2, OP_EQ, kp3, sizeof(*kp2));
375 1 : tt_mem_op(cert2->encoded, OP_EQ, cert->encoded, cert->encoded_len);
376 1 : ed25519_keypair_free(kp3); kp3 = NULL;
377 1 : tor_cert_free(cert2); cert2 = NULL;
378 :
379 : /* ... but that we don't crash or anything if we say we don't want it. */
380 1 : kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
381 : LOG_INFO, kp1, now, 7200, 7, NULL, NULL);
382 1 : tt_mem_op(kp2, OP_EQ, kp3, sizeof(*kp2));
383 1 : ed25519_keypair_free(kp3); kp3 = NULL;
384 :
385 : /* Fail if we're told the wrong signing key */
386 1 : kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
387 : LOG_INFO, kp2, now, 7200, 7, &cert2, NULL);
388 1 : tt_assert(kp3 == NULL);
389 1 : tt_assert(cert2 == NULL);
390 :
391 1 : done:
392 1 : ed25519_keypair_free(kp1);
393 1 : ed25519_keypair_free(kp2);
394 1 : ed25519_keypair_free(kp3);
395 1 : tor_cert_free(cert);
396 1 : tor_cert_free(cert2);
397 1 : tor_free(fname1);
398 1 : tor_free(fname2);
399 1 : }
400 :
401 : static void
402 1 : test_routerkeys_ed_key_init_split(void *arg)
403 : {
404 1 : (void) arg;
405 :
406 1 : tor_cert_t *cert = NULL;
407 1 : ed25519_keypair_t *kp1 = NULL, *kp2 = NULL;
408 1 : time_t now = time(NULL);
409 1 : char *fname1 = tor_strdup(get_fname("test_ed_key_3"));
410 1 : char *fname2 = tor_strdup(get_fname("test_ed_key_4"));
411 1 : struct stat st;
412 1 : const uint32_t flags = INIT_ED_KEY_SPLIT|INIT_ED_KEY_MISSING_SECRET_OK;
413 :
414 1 : unlink(fname1);
415 1 : unlink(fname2);
416 :
417 : /* Can't load key that isn't there. */
418 1 : kp1 = ed_key_init_from_file(fname1, flags, LOG_INFO, NULL, now, 0, 7, &cert,
419 : NULL);
420 1 : tt_assert(kp1 == NULL);
421 1 : tt_assert(cert == NULL);
422 :
423 : /* Create a split key */
424 1 : kp1 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
425 : LOG_INFO, NULL, now, 0, 7, &cert, NULL);
426 1 : tt_assert(kp1 != NULL);
427 1 : tt_assert(cert == NULL);
428 1 : tt_int_op(stat(get_fname("test_ed_key_3_cert"), &st), OP_LT, 0);
429 1 : tt_int_op(stat(get_fname("test_ed_key_3_secret_key"), &st), OP_EQ, 0);
430 1 : tt_int_op(stat(get_fname("test_ed_key_3_public_key"), &st), OP_EQ, 0);
431 :
432 : /* Load it. */
433 1 : kp2 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
434 : LOG_INFO, NULL, now, 0, 7, &cert, NULL);
435 1 : tt_assert(kp2 != NULL);
436 1 : tt_assert(cert == NULL);
437 1 : tt_mem_op(kp1, OP_EQ, kp2, sizeof(*kp2));
438 1 : ed25519_keypair_free(kp2); kp2 = NULL;
439 :
440 : /* Okay, try killing the secret key and loading it. */
441 1 : unlink(get_fname("test_ed_key_3_secret_key"));
442 1 : kp2 = ed_key_init_from_file(fname1, flags,
443 : LOG_INFO, NULL, now, 0, 7, &cert, NULL);
444 1 : tt_assert(kp2 != NULL);
445 1 : tt_assert(cert == NULL);
446 1 : tt_mem_op(&kp1->pubkey, OP_EQ, &kp2->pubkey, sizeof(kp2->pubkey));
447 1 : tt_assert(fast_mem_is_zero((char*)kp2->seckey.seckey,
448 : sizeof(kp2->seckey.seckey)));
449 1 : ed25519_keypair_free(kp2); kp2 = NULL;
450 :
451 : /* Even when we're told to "create", don't create if there's a public key */
452 1 : kp2 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
453 : LOG_INFO, NULL, now, 0, 7, &cert, NULL);
454 1 : tt_assert(kp2 != NULL);
455 1 : tt_assert(cert == NULL);
456 1 : tt_mem_op(&kp1->pubkey, OP_EQ, &kp2->pubkey, sizeof(kp2->pubkey));
457 1 : tt_assert(fast_mem_is_zero((char*)kp2->seckey.seckey,
458 : sizeof(kp2->seckey.seckey)));
459 1 : ed25519_keypair_free(kp2); kp2 = NULL;
460 :
461 : /* Make sure we fail on a tag mismatch, though */
462 1 : kp2 = ed_key_init_from_file(fname1, flags,
463 : LOG_INFO, NULL, now, 0, 99, &cert, NULL);
464 1 : tt_assert(kp2 == NULL);
465 :
466 1 : done:
467 1 : ed25519_keypair_free(kp1);
468 1 : ed25519_keypair_free(kp2);
469 1 : tor_cert_free(cert);
470 1 : tor_free(fname1);
471 1 : tor_free(fname2);
472 1 : }
473 :
474 : static void
475 1 : test_routerkeys_ed_keys_init_all(void *arg)
476 : {
477 1 : (void)arg;
478 1 : char *dir = tor_strdup(get_fname("test_ed_keys_init_all"));
479 1 : char *keydir = tor_strdup(get_fname("test_ed_keys_init_all/KEYS"));
480 1 : or_options_t *options = tor_malloc_zero(sizeof(or_options_t));
481 1 : time_t now = time(NULL);
482 1 : ed25519_public_key_t id;
483 1 : ed25519_keypair_t sign, auth;
484 1 : tor_cert_t *link_cert = NULL;
485 :
486 1 : get_options_mutable()->ORPort_set = 1;
487 :
488 1 : crypto_pk_t *rsa = pk_generate(0);
489 :
490 1 : set_server_identity_key(rsa);
491 1 : set_client_identity_key(rsa);
492 :
493 1 : router_initialize_tls_context();
494 :
495 1 : options->SigningKeyLifetime = 30*86400;
496 1 : options->TestingAuthKeyLifetime = 2*86400;
497 1 : options->TestingLinkCertLifetime = 2*86400;
498 1 : options->TestingSigningKeySlop = 2*86400;
499 1 : options->TestingAuthKeySlop = 2*3600;
500 1 : options->TestingLinkKeySlop = 2*3600;
501 :
502 : #ifdef _WIN32
503 : tt_int_op(0, OP_EQ, mkdir(dir));
504 : tt_int_op(0, OP_EQ, mkdir(keydir));
505 : #else
506 1 : tt_int_op(0, OP_EQ, mkdir(dir, 0700));
507 1 : tt_int_op(0, OP_EQ, mkdir(keydir, 0700));
508 : #endif /* defined(_WIN32) */
509 :
510 1 : options->DataDirectory = dir;
511 1 : options->KeyDirectory = keydir;
512 :
513 1 : tt_int_op(1, OP_EQ, load_ed_keys(options, now));
514 1 : tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0));
515 1 : tt_assert(get_master_identity_key());
516 1 : tt_assert(get_master_identity_key());
517 1 : tt_assert(get_master_signing_keypair());
518 1 : tt_assert(get_current_auth_keypair());
519 1 : tt_assert(get_master_signing_key_cert());
520 1 : tt_assert(get_current_link_cert_cert());
521 1 : tt_assert(get_current_auth_key_cert());
522 1 : memcpy(&id, get_master_identity_key(), sizeof(id));
523 1 : memcpy(&sign, get_master_signing_keypair(), sizeof(sign));
524 1 : memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
525 1 : link_cert = tor_cert_dup(get_current_link_cert_cert());
526 :
527 : /* Call load_ed_keys again, but nothing has changed. */
528 1 : tt_int_op(0, OP_EQ, load_ed_keys(options, now));
529 1 : tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0));
530 1 : tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
531 1 : tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign));
532 1 : tt_mem_op(&auth, OP_EQ, get_current_auth_keypair(), sizeof(auth));
533 1 : tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert()));
534 :
535 : /* Force a reload: we make new link/auth keys. */
536 1 : routerkeys_free_all();
537 1 : tt_int_op(1, OP_EQ, load_ed_keys(options, now));
538 1 : tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0));
539 1 : tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
540 1 : tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign));
541 1 : tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert()));
542 1 : tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth));
543 1 : tt_assert(get_master_signing_key_cert());
544 1 : tt_assert(get_current_link_cert_cert());
545 1 : tt_assert(get_current_auth_key_cert());
546 1 : tor_cert_free(link_cert);
547 1 : link_cert = tor_cert_dup(get_current_link_cert_cert());
548 1 : memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
549 :
550 : /* Force a link/auth-key regeneration by advancing time. */
551 1 : tt_int_op(0, OP_EQ, load_ed_keys(options, now+3*86400));
552 1 : tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now+3*86400, 0));
553 1 : tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
554 1 : tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign));
555 1 : tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
556 1 : tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth));
557 1 : tt_assert(get_master_signing_key_cert());
558 1 : tt_assert(get_current_link_cert_cert());
559 1 : tt_assert(get_current_auth_key_cert());
560 1 : tor_cert_free(link_cert);
561 1 : link_cert = tor_cert_dup(get_current_link_cert_cert());
562 1 : memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
563 :
564 : /* Force a signing-key regeneration by advancing time. */
565 1 : tt_int_op(1, OP_EQ, load_ed_keys(options, now+100*86400));
566 1 : tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now+100*86400, 0));
567 1 : tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
568 1 : tt_mem_op(&sign, OP_NE, get_master_signing_keypair(), sizeof(sign));
569 1 : tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
570 1 : tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth));
571 1 : tt_assert(get_master_signing_key_cert());
572 1 : tt_assert(get_current_link_cert_cert());
573 1 : tt_assert(get_current_auth_key_cert());
574 1 : memcpy(&sign, get_master_signing_keypair(), sizeof(sign));
575 1 : tor_cert_free(link_cert);
576 1 : link_cert = tor_cert_dup(get_current_link_cert_cert());
577 1 : memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
578 :
579 : /* Demonstrate that we can start up with no secret identity key */
580 1 : routerkeys_free_all();
581 1 : unlink(get_fname("test_ed_keys_init_all/KEYS/"
582 : "ed25519_master_id_secret_key"));
583 1 : tt_int_op(1, OP_EQ, load_ed_keys(options, now));
584 1 : tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0));
585 1 : tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
586 1 : tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign));
587 1 : tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
588 1 : tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth));
589 1 : tt_assert(get_master_signing_key_cert());
590 1 : tt_assert(get_current_link_cert_cert());
591 1 : tt_assert(get_current_auth_key_cert());
592 :
593 : /* But we're in trouble if we have no id key and our signing key has
594 : expired. */
595 1 : log_global_min_severity_ = LOG_ERR; /* Suppress warnings.
596 : * XXX (better way to do this)? */
597 1 : routerkeys_free_all();
598 1 : tt_int_op(-1, OP_EQ, load_ed_keys(options, now+200*86400));
599 :
600 1 : done:
601 1 : tor_free(dir);
602 1 : tor_free(keydir);
603 1 : tor_free(options);
604 1 : tor_cert_free(link_cert);
605 1 : routerkeys_free_all();
606 1 : }
607 :
608 : static void
609 1 : test_routerkeys_cross_certify_ntor(void *args)
610 : {
611 1 : (void) args;
612 :
613 1 : tor_cert_t *cert = NULL;
614 1 : curve25519_keypair_t onion_keys;
615 1 : ed25519_public_key_t master_key;
616 1 : ed25519_public_key_t onion_check_key;
617 1 : time_t now = time(NULL);
618 1 : int sign;
619 :
620 1 : tt_int_op(0, OP_EQ, ed25519_public_from_base64(&master_key,
621 : "IamwritingthesetestsOnARainyAfternoonin2014"));
622 1 : tt_int_op(0, OP_EQ, curve25519_keypair_generate(&onion_keys, 0));
623 1 : cert = make_ntor_onion_key_crosscert(&onion_keys,
624 : &master_key,
625 : now, 10000,
626 : &sign);
627 1 : tt_assert(cert);
628 1 : tt_assert(sign == 0 || sign == 1);
629 1 : tt_int_op(cert->cert_type, OP_EQ, CERT_TYPE_ONION_ID);
630 1 : tt_int_op(1, OP_EQ, ed25519_pubkey_eq(&cert->signed_key, &master_key));
631 1 : tt_int_op(0, OP_EQ, ed25519_public_key_from_curve25519_public_key(
632 : &onion_check_key, &onion_keys.pubkey, sign));
633 1 : tt_int_op(0, OP_EQ, tor_cert_checksig(cert, &onion_check_key, now));
634 :
635 1 : done:
636 1 : tor_cert_free(cert);
637 1 : }
638 :
639 : static void
640 1 : test_routerkeys_cross_certify_tap(void *args)
641 : {
642 1 : (void)args;
643 1 : uint8_t *cc = NULL;
644 1 : int cc_len;
645 1 : ed25519_public_key_t master_key;
646 1 : crypto_pk_t *onion_key = pk_generate(2), *id_key = pk_generate(1);
647 1 : char digest[20];
648 1 : char buf[128];
649 1 : int n;
650 :
651 1 : tt_int_op(0, OP_EQ, ed25519_public_from_base64(&master_key,
652 : "IAlreadyWroteTestsForRouterdescsUsingTheseX"));
653 :
654 1 : cc = make_tap_onion_key_crosscert(onion_key,
655 : &master_key,
656 : id_key, &cc_len);
657 1 : tt_assert(cc);
658 1 : tt_assert(cc_len);
659 :
660 1 : n = crypto_pk_public_checksig(onion_key, buf, sizeof(buf),
661 : (char*)cc, cc_len);
662 1 : tt_int_op(n,OP_GT,0);
663 1 : tt_int_op(n,OP_EQ,52);
664 :
665 1 : crypto_pk_get_digest(id_key, digest);
666 1 : tt_mem_op(buf,OP_EQ,digest,20);
667 1 : tt_mem_op(buf+20,OP_EQ,master_key.pubkey,32);
668 :
669 1 : tt_int_op(0, OP_EQ, check_tap_onion_key_crosscert(cc, cc_len,
670 : onion_key, &master_key, (uint8_t*)digest));
671 :
672 1 : done:
673 1 : tor_free(cc);
674 1 : crypto_pk_free(id_key);
675 1 : crypto_pk_free(onion_key);
676 1 : }
677 :
678 : static void
679 1 : test_routerkeys_rsa_ed_crosscert(void *arg)
680 : {
681 1 : (void)arg;
682 1 : ed25519_public_key_t ed;
683 1 : crypto_pk_t *rsa = pk_generate(2);
684 :
685 1 : uint8_t *cc = NULL;
686 1 : ssize_t cc_len;
687 1 : time_t expires_in = 1470846177;
688 :
689 1 : tt_int_op(0, OP_EQ, ed25519_public_from_base64(&ed,
690 : "ThisStringCanContainAnythingSoNoKeyHereNowX"));
691 1 : cc_len = tor_make_rsa_ed25519_crosscert(&ed, rsa, expires_in, &cc);
692 :
693 1 : tt_int_op(cc_len, OP_GT, 0);
694 1 : tt_int_op(cc_len, OP_GT, 37); /* key, expires, siglen */
695 1 : tt_mem_op(cc, OP_EQ, ed.pubkey, 32);
696 1 : time_t expires_out = 3600 * ntohl(get_uint32(cc+32));
697 1 : tt_int_op(expires_out, OP_GE, expires_in);
698 1 : tt_int_op(expires_out, OP_LE, expires_in + 3600);
699 :
700 1 : tt_int_op(cc_len, OP_EQ, 37 + get_uint8(cc+36));
701 :
702 1 : tt_int_op(0, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
703 : expires_in - 10));
704 :
705 : /* Now try after it has expired */
706 1 : tt_int_op(-4, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
707 : expires_out + 1));
708 :
709 : /* Truncated object */
710 1 : tt_int_op(-2, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len - 2, rsa, &ed,
711 : expires_in - 10));
712 :
713 : /* Key not as expected */
714 1 : cc[0] ^= 3;
715 1 : tt_int_op(-3, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
716 : expires_in - 10));
717 1 : cc[0] ^= 3;
718 :
719 : /* Bad signature */
720 1 : cc[40] ^= 3;
721 1 : tt_int_op(-5, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
722 : expires_in - 10));
723 1 : cc[40] ^= 3;
724 :
725 : /* Signature of wrong data */
726 1 : cc[0] ^= 3;
727 1 : ed.pubkey[0] ^= 3;
728 1 : tt_int_op(-6, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
729 : expires_in - 10));
730 1 : cc[0] ^= 3;
731 1 : ed.pubkey[0] ^= 3;
732 :
733 1 : done:
734 1 : crypto_pk_free(rsa);
735 1 : tor_free(cc);
736 1 : }
737 :
738 : #define TEST(name, flags) \
739 : { #name , test_routerkeys_ ## name, (flags), NULL, NULL }
740 :
741 : struct testcase_t routerkeys_tests[] = {
742 : TEST(write_fingerprint, TT_FORK),
743 : TEST(write_ed25519_identity, TT_FORK),
744 : TEST(ed_certs, TT_FORK),
745 : TEST(ed_key_create, TT_FORK),
746 : TEST(ed_key_init_basic, TT_FORK),
747 : TEST(ed_key_init_split, TT_FORK),
748 : TEST(ed_keys_init_all, TT_FORK),
749 : TEST(cross_certify_ntor, 0),
750 : TEST(cross_certify_tap, 0),
751 : TEST(rsa_ed_crosscert, 0),
752 : END_OF_TESTCASES
753 : };
|
