test_introduce.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540
  1. /* Copyright (c) 2012-2015, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. #include "orconfig.h"
  4. #include "crypto.h"
  5. #include "or.h"
  6. #include "test.h"
  7. #define RENDSERVICE_PRIVATE
  8. #include "rendservice.h"
  9. extern const char AUTHORITY_SIGNKEY_1[];
  10. static uint8_t v0_test_plaintext[] =
  11. /* 20 bytes of rendezvous point nickname */
  12. { 0x4e, 0x69, 0x63, 0x6b, 0x6e, 0x61, 0x6d, 0x65,
  13. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  14. 0x00, 0x00, 0x00, 0x00,
  15. /* 20 bytes dummy rendezvous cookie */
  16. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  17. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  18. 0x10, 0x11, 0x12, 0x13,
  19. /* 128 bytes dummy DH handshake data */
  20. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  21. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  22. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  23. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  24. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  25. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  26. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  27. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  28. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  29. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  30. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  31. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  32. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  33. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  34. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  35. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
  36. static uint8_t v1_test_plaintext[] =
  37. /* Version byte */
  38. { 0x01,
  39. /* 42 bytes of dummy rendezvous point hex digest */
  40. 0x24, 0x30, 0x30, 0x30, 0x31, 0x30, 0x32, 0x30,
  41. 0x33, 0x30, 0x34, 0x30, 0x35, 0x30, 0x36, 0x30,
  42. 0x37, 0x30, 0x38, 0x30, 0x39, 0x30, 0x41, 0x30,
  43. 0x42, 0x30, 0x43, 0x30, 0x44, 0x30, 0x45, 0x30,
  44. 0x46, 0x31, 0x30, 0x31, 0x31, 0x31, 0x32, 0x31,
  45. 0x33, 0x00,
  46. /* 20 bytes dummy rendezvous cookie */
  47. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  48. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  49. 0x10, 0x11, 0x12, 0x13,
  50. /* 128 bytes dummy DH handshake data */
  51. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  52. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  53. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  54. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  55. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  56. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  57. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  58. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  59. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  60. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  61. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  62. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  63. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  64. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  65. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  66. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
  67. static uint8_t v2_test_plaintext[] =
  68. /* Version byte */
  69. { 0x02,
  70. /* 4 bytes rendezvous point's IP address */
  71. 0xc0, 0xa8, 0x00, 0x01,
  72. /* 2 bytes rendezvous point's OR port */
  73. 0x23, 0x5a,
  74. /* 20 bytes dummy rendezvous point's identity digest */
  75. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  76. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  77. 0x10, 0x11, 0x12, 0x13,
  78. /* 2 bytes length of onion key */
  79. 0x00, 0x8c,
  80. /* Onion key (140 bytes taken from live test) */
  81. 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xb1,
  82. 0xcd, 0x46, 0xa9, 0x18, 0xd2, 0x0f, 0x01, 0xf8,
  83. 0xb2, 0xad, 0xa4, 0x79, 0xb4, 0xbb, 0x4b, 0xf4,
  84. 0x54, 0x1e, 0x3f, 0x03, 0x54, 0xcf, 0x7c, 0xb6,
  85. 0xb5, 0xf0, 0xfe, 0xed, 0x4b, 0x7d, 0xd7, 0x61,
  86. 0xdb, 0x6d, 0xd9, 0x19, 0xe2, 0x72, 0x04, 0xaa,
  87. 0x3e, 0x89, 0x26, 0x14, 0x62, 0x9a, 0x6c, 0x11,
  88. 0x0b, 0x35, 0x99, 0x2c, 0x9f, 0x2c, 0x64, 0xa1,
  89. 0xd9, 0xe2, 0x88, 0xce, 0xf6, 0x54, 0xfe, 0x1d,
  90. 0x37, 0x5e, 0x6d, 0x73, 0x95, 0x54, 0x90, 0xf0,
  91. 0x7b, 0xfa, 0xd4, 0x44, 0xac, 0xb2, 0x23, 0x9f,
  92. 0x75, 0x36, 0xe2, 0x78, 0x62, 0x82, 0x80, 0xa4,
  93. 0x23, 0x22, 0xc9, 0xbf, 0xc4, 0x36, 0xd1, 0x31,
  94. 0x33, 0x8e, 0x64, 0xb4, 0xa9, 0x74, 0xa1, 0xcb,
  95. 0x42, 0x8d, 0x60, 0xc7, 0xbb, 0x8e, 0x6e, 0x0f,
  96. 0x36, 0x74, 0x8e, 0xf4, 0x08, 0x99, 0x06, 0x92,
  97. 0xb1, 0x3f, 0xb3, 0xdd, 0xed, 0xf7, 0xc9, 0x02,
  98. 0x03, 0x01, 0x00, 0x01,
  99. /* 20 bytes dummy rendezvous cookie */
  100. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  101. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  102. 0x10, 0x11, 0x12, 0x13,
  103. /* 128 bytes dummy DH handshake data */
  104. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  105. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  106. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  107. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  108. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  109. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  110. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  111. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  112. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  113. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  114. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  115. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  116. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  117. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  118. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  119. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
  120. static uint8_t v3_no_auth_test_plaintext[] =
  121. /* Version byte */
  122. { 0x03,
  123. /* Auth type (0 for no auth len/auth data) */
  124. 0x00,
  125. /* Timestamp */
  126. 0x50, 0x0b, 0xb5, 0xaa,
  127. /* 4 bytes rendezvous point's IP address */
  128. 0xc0, 0xa8, 0x00, 0x01,
  129. /* 2 bytes rendezvous point's OR port */
  130. 0x23, 0x5a,
  131. /* 20 bytes dummy rendezvous point's identity digest */
  132. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  133. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  134. 0x10, 0x11, 0x12, 0x13,
  135. /* 2 bytes length of onion key */
  136. 0x00, 0x8c,
  137. /* Onion key (140 bytes taken from live test) */
  138. 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xb1,
  139. 0xcd, 0x46, 0xa9, 0x18, 0xd2, 0x0f, 0x01, 0xf8,
  140. 0xb2, 0xad, 0xa4, 0x79, 0xb4, 0xbb, 0x4b, 0xf4,
  141. 0x54, 0x1e, 0x3f, 0x03, 0x54, 0xcf, 0x7c, 0xb6,
  142. 0xb5, 0xf0, 0xfe, 0xed, 0x4b, 0x7d, 0xd7, 0x61,
  143. 0xdb, 0x6d, 0xd9, 0x19, 0xe2, 0x72, 0x04, 0xaa,
  144. 0x3e, 0x89, 0x26, 0x14, 0x62, 0x9a, 0x6c, 0x11,
  145. 0x0b, 0x35, 0x99, 0x2c, 0x9f, 0x2c, 0x64, 0xa1,
  146. 0xd9, 0xe2, 0x88, 0xce, 0xf6, 0x54, 0xfe, 0x1d,
  147. 0x37, 0x5e, 0x6d, 0x73, 0x95, 0x54, 0x90, 0xf0,
  148. 0x7b, 0xfa, 0xd4, 0x44, 0xac, 0xb2, 0x23, 0x9f,
  149. 0x75, 0x36, 0xe2, 0x78, 0x62, 0x82, 0x80, 0xa4,
  150. 0x23, 0x22, 0xc9, 0xbf, 0xc4, 0x36, 0xd1, 0x31,
  151. 0x33, 0x8e, 0x64, 0xb4, 0xa9, 0x74, 0xa1, 0xcb,
  152. 0x42, 0x8d, 0x60, 0xc7, 0xbb, 0x8e, 0x6e, 0x0f,
  153. 0x36, 0x74, 0x8e, 0xf4, 0x08, 0x99, 0x06, 0x92,
  154. 0xb1, 0x3f, 0xb3, 0xdd, 0xed, 0xf7, 0xc9, 0x02,
  155. 0x03, 0x01, 0x00, 0x01,
  156. /* 20 bytes dummy rendezvous cookie */
  157. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  158. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  159. 0x10, 0x11, 0x12, 0x13,
  160. /* 128 bytes dummy DH handshake data */
  161. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  162. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  163. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  164. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  165. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  166. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  167. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  168. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  169. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  170. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  171. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  172. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  173. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  174. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  175. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  176. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
  177. static uint8_t v3_basic_auth_test_plaintext[] =
  178. /* Version byte */
  179. { 0x03,
  180. /* Auth type (1 for REND_BASIC_AUTH) */
  181. 0x01,
  182. /* Auth len (must be 16 bytes for REND_BASIC_AUTH) */
  183. 0x00, 0x10,
  184. /* Auth data (a 16-byte dummy descriptor cookie) */
  185. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  186. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  187. /* Timestamp */
  188. 0x50, 0x0b, 0xb5, 0xaa,
  189. /* 4 bytes rendezvous point's IP address */
  190. 0xc0, 0xa8, 0x00, 0x01,
  191. /* 2 bytes rendezvous point's OR port */
  192. 0x23, 0x5a,
  193. /* 20 bytes dummy rendezvous point's identity digest */
  194. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  195. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  196. 0x10, 0x11, 0x12, 0x13,
  197. /* 2 bytes length of onion key */
  198. 0x00, 0x8c,
  199. /* Onion key (140 bytes taken from live test) */
  200. 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xb1,
  201. 0xcd, 0x46, 0xa9, 0x18, 0xd2, 0x0f, 0x01, 0xf8,
  202. 0xb2, 0xad, 0xa4, 0x79, 0xb4, 0xbb, 0x4b, 0xf4,
  203. 0x54, 0x1e, 0x3f, 0x03, 0x54, 0xcf, 0x7c, 0xb6,
  204. 0xb5, 0xf0, 0xfe, 0xed, 0x4b, 0x7d, 0xd7, 0x61,
  205. 0xdb, 0x6d, 0xd9, 0x19, 0xe2, 0x72, 0x04, 0xaa,
  206. 0x3e, 0x89, 0x26, 0x14, 0x62, 0x9a, 0x6c, 0x11,
  207. 0x0b, 0x35, 0x99, 0x2c, 0x9f, 0x2c, 0x64, 0xa1,
  208. 0xd9, 0xe2, 0x88, 0xce, 0xf6, 0x54, 0xfe, 0x1d,
  209. 0x37, 0x5e, 0x6d, 0x73, 0x95, 0x54, 0x90, 0xf0,
  210. 0x7b, 0xfa, 0xd4, 0x44, 0xac, 0xb2, 0x23, 0x9f,
  211. 0x75, 0x36, 0xe2, 0x78, 0x62, 0x82, 0x80, 0xa4,
  212. 0x23, 0x22, 0xc9, 0xbf, 0xc4, 0x36, 0xd1, 0x31,
  213. 0x33, 0x8e, 0x64, 0xb4, 0xa9, 0x74, 0xa1, 0xcb,
  214. 0x42, 0x8d, 0x60, 0xc7, 0xbb, 0x8e, 0x6e, 0x0f,
  215. 0x36, 0x74, 0x8e, 0xf4, 0x08, 0x99, 0x06, 0x92,
  216. 0xb1, 0x3f, 0xb3, 0xdd, 0xed, 0xf7, 0xc9, 0x02,
  217. 0x03, 0x01, 0x00, 0x01,
  218. /* 20 bytes dummy rendezvous cookie */
  219. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  220. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  221. 0x10, 0x11, 0x12, 0x13,
  222. /* 128 bytes dummy DH handshake data */
  223. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  224. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  225. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  226. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  227. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  228. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  229. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  230. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  231. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  232. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  233. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  234. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  235. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  236. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  237. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  238. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
  239. static void do_decrypt_test(uint8_t *plaintext, size_t plaintext_len);
  240. static void do_early_parse_test(uint8_t *plaintext, size_t plaintext_len);
  241. static void do_late_parse_test(uint8_t *plaintext, size_t plaintext_len);
  242. static void do_parse_test(uint8_t *plaintext, size_t plaintext_len, int phase);
  243. static ssize_t make_intro_from_plaintext(
  244. void *buf, size_t len, crypto_pk_t *key, void **cell_out);
  245. #define EARLY_PARSE_ONLY 1
  246. #define DECRYPT_ONLY 2
  247. #define ALL_PARSING 3
  248. static void
  249. do_early_parse_test(uint8_t *plaintext, size_t plaintext_len)
  250. {
  251. do_parse_test(plaintext, plaintext_len, EARLY_PARSE_ONLY);
  252. }
  253. static void
  254. do_decrypt_test(uint8_t *plaintext, size_t plaintext_len)
  255. {
  256. do_parse_test(plaintext, plaintext_len, DECRYPT_ONLY);
  257. }
  258. static void
  259. do_late_parse_test(uint8_t *plaintext, size_t plaintext_len)
  260. {
  261. do_parse_test(plaintext, plaintext_len, ALL_PARSING);
  262. }
  263. /** Test utility function: checks that the <b>plaintext_len</b>-byte string at
  264. * <b>plaintext</b> is at least superficially parseable.
  265. */
  266. static void
  267. do_parse_test(uint8_t *plaintext, size_t plaintext_len, int phase)
  268. {
  269. crypto_pk_t *k = NULL;
  270. ssize_t r;
  271. uint8_t *cell = NULL;
  272. size_t cell_len;
  273. rend_intro_cell_t *parsed_req = NULL;
  274. char *err_msg = NULL;
  275. char digest[DIGEST_LEN];
  276. /* Get a key */
  277. k = crypto_pk_new();
  278. tt_assert(k);
  279. r = crypto_pk_read_private_key_from_string(k, AUTHORITY_SIGNKEY_1, -1);
  280. tt_assert(!r);
  281. /* Get digest for future comparison */
  282. r = crypto_pk_get_digest(k, digest);
  283. tt_assert(r >= 0);
  284. /* Make a cell out of it */
  285. r = make_intro_from_plaintext(
  286. plaintext, plaintext_len,
  287. k, (void **)(&cell));
  288. tt_assert(r > 0);
  289. tt_assert(cell);
  290. cell_len = r;
  291. /* Do early parsing */
  292. parsed_req = rend_service_begin_parse_intro(cell, cell_len, 2, &err_msg);
  293. tt_assert(parsed_req);
  294. tt_assert(!err_msg);
  295. tt_mem_op(parsed_req->pk,OP_EQ, digest, DIGEST_LEN);
  296. tt_assert(parsed_req->ciphertext);
  297. tt_assert(parsed_req->ciphertext_len > 0);
  298. if (phase == EARLY_PARSE_ONLY)
  299. goto done;
  300. /* Do decryption */
  301. r = rend_service_decrypt_intro(parsed_req, k, &err_msg);
  302. tt_assert(!r);
  303. tt_assert(!err_msg);
  304. tt_assert(parsed_req->plaintext);
  305. tt_assert(parsed_req->plaintext_len > 0);
  306. if (phase == DECRYPT_ONLY)
  307. goto done;
  308. /* Do late parsing */
  309. r = rend_service_parse_intro_plaintext(parsed_req, &err_msg);
  310. tt_assert(!r);
  311. tt_assert(!err_msg);
  312. tt_assert(parsed_req->parsed);
  313. done:
  314. tor_free(cell);
  315. crypto_pk_free(k);
  316. rend_service_free_intro(parsed_req);
  317. tor_free(err_msg);
  318. }
  319. /** Given the plaintext of the encrypted part of an INTRODUCE1/2 and a key,
  320. * construct the encrypted cell for testing.
  321. */
  322. static ssize_t
  323. make_intro_from_plaintext(
  324. void *buf, size_t len, crypto_pk_t *key, void **cell_out)
  325. {
  326. char *cell = NULL;
  327. ssize_t cell_len = -1, r;
  328. /* Assemble key digest and ciphertext, then construct the cell */
  329. ssize_t ciphertext_size;
  330. if (!(buf && key && len > 0 && cell_out)) goto done;
  331. /*
  332. * Figure out an upper bound on how big the ciphertext will be
  333. * (see crypto_pk_public_hybrid_encrypt())
  334. */
  335. ciphertext_size = PKCS1_OAEP_PADDING_OVERHEAD;
  336. ciphertext_size += crypto_pk_keysize(key);
  337. ciphertext_size += CIPHER_KEY_LEN;
  338. ciphertext_size += len;
  339. /*
  340. * Allocate space for the cell
  341. */
  342. cell = tor_malloc(DIGEST_LEN + ciphertext_size);
  343. /* Compute key digest (will be first DIGEST_LEN octets of cell) */
  344. r = crypto_pk_get_digest(key, cell);
  345. tt_assert(r >= 0);
  346. /* Do encryption */
  347. r = crypto_pk_public_hybrid_encrypt(
  348. key, cell + DIGEST_LEN, ciphertext_size,
  349. buf, len,
  350. PK_PKCS1_OAEP_PADDING, 0);
  351. tt_assert(r >= 0);
  352. /* Figure out cell length */
  353. cell_len = DIGEST_LEN + r;
  354. /* Output the cell */
  355. *cell_out = cell;
  356. done:
  357. return cell_len;
  358. }
  359. /** Test v0 INTRODUCE2 parsing through decryption only
  360. */
  361. static void
  362. test_introduce_decrypt_v0(void *arg)
  363. {
  364. (void)arg;
  365. do_decrypt_test(v0_test_plaintext, sizeof(v0_test_plaintext));
  366. }
  367. /** Test v1 INTRODUCE2 parsing through decryption only
  368. */
  369. static void
  370. test_introduce_decrypt_v1(void *arg)
  371. {
  372. (void)arg;
  373. do_decrypt_test(v1_test_plaintext, sizeof(v1_test_plaintext));
  374. }
  375. /** Test v2 INTRODUCE2 parsing through decryption only
  376. */
  377. static void
  378. test_introduce_decrypt_v2(void *arg)
  379. {
  380. (void)arg;
  381. do_decrypt_test(v2_test_plaintext, sizeof(v2_test_plaintext));
  382. }
  383. /** Test v3 INTRODUCE2 parsing through decryption only
  384. */
  385. static void
  386. test_introduce_decrypt_v3(void *arg)
  387. {
  388. (void)arg;
  389. do_decrypt_test(
  390. v3_no_auth_test_plaintext, sizeof(v3_no_auth_test_plaintext));
  391. do_decrypt_test(
  392. v3_basic_auth_test_plaintext, sizeof(v3_basic_auth_test_plaintext));
  393. }
  394. /** Test v0 INTRODUCE2 parsing through early parsing only
  395. */
  396. static void
  397. test_introduce_early_parse_v0(void *arg)
  398. {
  399. (void)arg;
  400. do_early_parse_test(v0_test_plaintext, sizeof(v0_test_plaintext));
  401. }
  402. /** Test v1 INTRODUCE2 parsing through early parsing only
  403. */
  404. static void
  405. test_introduce_early_parse_v1(void *arg)
  406. {
  407. (void)arg;
  408. do_early_parse_test(v1_test_plaintext, sizeof(v1_test_plaintext));
  409. }
  410. /** Test v2 INTRODUCE2 parsing through early parsing only
  411. */
  412. static void
  413. test_introduce_early_parse_v2(void *arg)
  414. {
  415. (void)arg;
  416. do_early_parse_test(v2_test_plaintext, sizeof(v2_test_plaintext));
  417. }
  418. /** Test v3 INTRODUCE2 parsing through early parsing only
  419. */
  420. static void
  421. test_introduce_early_parse_v3(void *arg)
  422. {
  423. (void)arg;
  424. do_early_parse_test(
  425. v3_no_auth_test_plaintext, sizeof(v3_no_auth_test_plaintext));
  426. do_early_parse_test(
  427. v3_basic_auth_test_plaintext, sizeof(v3_basic_auth_test_plaintext));
  428. }
  429. /** Test v0 INTRODUCE2 parsing
  430. */
  431. static void
  432. test_introduce_late_parse_v0(void *arg)
  433. {
  434. (void)arg;
  435. do_late_parse_test(v0_test_plaintext, sizeof(v0_test_plaintext));
  436. }
  437. /** Test v1 INTRODUCE2 parsing
  438. */
  439. static void
  440. test_introduce_late_parse_v1(void *arg)
  441. {
  442. (void)arg;
  443. do_late_parse_test(v1_test_plaintext, sizeof(v1_test_plaintext));
  444. }
  445. /** Test v2 INTRODUCE2 parsing
  446. */
  447. static void
  448. test_introduce_late_parse_v2(void *arg)
  449. {
  450. (void)arg;
  451. do_late_parse_test(v2_test_plaintext, sizeof(v2_test_plaintext));
  452. }
  453. /** Test v3 INTRODUCE2 parsing
  454. */
  455. static void
  456. test_introduce_late_parse_v3(void *arg)
  457. {
  458. (void)arg;
  459. do_late_parse_test(
  460. v3_no_auth_test_plaintext, sizeof(v3_no_auth_test_plaintext));
  461. do_late_parse_test(
  462. v3_basic_auth_test_plaintext, sizeof(v3_basic_auth_test_plaintext));
  463. }
  464. #define INTRODUCE_LEGACY(name) \
  465. { #name, test_introduce_ ## name , 0, NULL, NULL }
  466. struct testcase_t introduce_tests[] = {
  467. INTRODUCE_LEGACY(early_parse_v0),
  468. INTRODUCE_LEGACY(early_parse_v1),
  469. INTRODUCE_LEGACY(early_parse_v2),
  470. INTRODUCE_LEGACY(early_parse_v3),
  471. INTRODUCE_LEGACY(decrypt_v0),
  472. INTRODUCE_LEGACY(decrypt_v1),
  473. INTRODUCE_LEGACY(decrypt_v2),
  474. INTRODUCE_LEGACY(decrypt_v3),
  475. INTRODUCE_LEGACY(late_parse_v0),
  476. INTRODUCE_LEGACY(late_parse_v1),
  477. INTRODUCE_LEGACY(late_parse_v2),
  478. INTRODUCE_LEGACY(late_parse_v3),
  479. END_OF_TESTCASES
  480. };