test_introduce.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538
  1. /* Copyright (c) 2012-2017, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. #include "orconfig.h"
  4. #include "crypto.h"
  5. #include "or.h"
  6. #include "test.h"
  7. #define RENDSERVICE_PRIVATE
  8. #include "rendservice.h"
  9. static uint8_t v0_test_plaintext[] =
  10. /* 20 bytes of rendezvous point nickname */
  11. { 0x4e, 0x69, 0x63, 0x6b, 0x6e, 0x61, 0x6d, 0x65,
  12. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  13. 0x00, 0x00, 0x00, 0x00,
  14. /* 20 bytes dummy rendezvous cookie */
  15. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  16. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  17. 0x10, 0x11, 0x12, 0x13,
  18. /* 128 bytes dummy DH handshake data */
  19. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  20. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  21. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  22. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  23. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  24. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  25. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  26. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  27. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  28. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  29. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  30. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  31. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  32. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  33. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  34. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
  35. static uint8_t v1_test_plaintext[] =
  36. /* Version byte */
  37. { 0x01,
  38. /* 42 bytes of dummy rendezvous point hex digest */
  39. 0x24, 0x30, 0x30, 0x30, 0x31, 0x30, 0x32, 0x30,
  40. 0x33, 0x30, 0x34, 0x30, 0x35, 0x30, 0x36, 0x30,
  41. 0x37, 0x30, 0x38, 0x30, 0x39, 0x30, 0x41, 0x30,
  42. 0x42, 0x30, 0x43, 0x30, 0x44, 0x30, 0x45, 0x30,
  43. 0x46, 0x31, 0x30, 0x31, 0x31, 0x31, 0x32, 0x31,
  44. 0x33, 0x00,
  45. /* 20 bytes dummy rendezvous cookie */
  46. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  47. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  48. 0x10, 0x11, 0x12, 0x13,
  49. /* 128 bytes dummy DH handshake data */
  50. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  51. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  52. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  53. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  54. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  55. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  56. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  57. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  58. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  59. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  60. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  61. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  62. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  63. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  64. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  65. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
  66. static uint8_t v2_test_plaintext[] =
  67. /* Version byte */
  68. { 0x02,
  69. /* 4 bytes rendezvous point's IP address */
  70. 0xc0, 0xa8, 0x00, 0x01,
  71. /* 2 bytes rendezvous point's OR port */
  72. 0x23, 0x5a,
  73. /* 20 bytes dummy rendezvous point's identity digest */
  74. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  75. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  76. 0x10, 0x11, 0x12, 0x13,
  77. /* 2 bytes length of onion key */
  78. 0x00, 0x8c,
  79. /* Onion key (140 bytes taken from live test) */
  80. 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xb1,
  81. 0xcd, 0x46, 0xa9, 0x18, 0xd2, 0x0f, 0x01, 0xf8,
  82. 0xb2, 0xad, 0xa4, 0x79, 0xb4, 0xbb, 0x4b, 0xf4,
  83. 0x54, 0x1e, 0x3f, 0x03, 0x54, 0xcf, 0x7c, 0xb6,
  84. 0xb5, 0xf0, 0xfe, 0xed, 0x4b, 0x7d, 0xd7, 0x61,
  85. 0xdb, 0x6d, 0xd9, 0x19, 0xe2, 0x72, 0x04, 0xaa,
  86. 0x3e, 0x89, 0x26, 0x14, 0x62, 0x9a, 0x6c, 0x11,
  87. 0x0b, 0x35, 0x99, 0x2c, 0x9f, 0x2c, 0x64, 0xa1,
  88. 0xd9, 0xe2, 0x88, 0xce, 0xf6, 0x54, 0xfe, 0x1d,
  89. 0x37, 0x5e, 0x6d, 0x73, 0x95, 0x54, 0x90, 0xf0,
  90. 0x7b, 0xfa, 0xd4, 0x44, 0xac, 0xb2, 0x23, 0x9f,
  91. 0x75, 0x36, 0xe2, 0x78, 0x62, 0x82, 0x80, 0xa4,
  92. 0x23, 0x22, 0xc9, 0xbf, 0xc4, 0x36, 0xd1, 0x31,
  93. 0x33, 0x8e, 0x64, 0xb4, 0xa9, 0x74, 0xa1, 0xcb,
  94. 0x42, 0x8d, 0x60, 0xc7, 0xbb, 0x8e, 0x6e, 0x0f,
  95. 0x36, 0x74, 0x8e, 0xf4, 0x08, 0x99, 0x06, 0x92,
  96. 0xb1, 0x3f, 0xb3, 0xdd, 0xed, 0xf7, 0xc9, 0x02,
  97. 0x03, 0x01, 0x00, 0x01,
  98. /* 20 bytes dummy rendezvous cookie */
  99. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  100. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  101. 0x10, 0x11, 0x12, 0x13,
  102. /* 128 bytes dummy DH handshake data */
  103. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  104. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  105. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  106. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  107. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  108. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  109. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  110. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  111. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  112. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  113. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  114. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  115. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  116. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  117. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  118. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
  119. static uint8_t v3_no_auth_test_plaintext[] =
  120. /* Version byte */
  121. { 0x03,
  122. /* Auth type (0 for no auth len/auth data) */
  123. 0x00,
  124. /* Timestamp */
  125. 0x50, 0x0b, 0xb5, 0xaa,
  126. /* 4 bytes rendezvous point's IP address */
  127. 0xc0, 0xa8, 0x00, 0x01,
  128. /* 2 bytes rendezvous point's OR port */
  129. 0x23, 0x5a,
  130. /* 20 bytes dummy rendezvous point's identity digest */
  131. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  132. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  133. 0x10, 0x11, 0x12, 0x13,
  134. /* 2 bytes length of onion key */
  135. 0x00, 0x8c,
  136. /* Onion key (140 bytes taken from live test) */
  137. 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xb1,
  138. 0xcd, 0x46, 0xa9, 0x18, 0xd2, 0x0f, 0x01, 0xf8,
  139. 0xb2, 0xad, 0xa4, 0x79, 0xb4, 0xbb, 0x4b, 0xf4,
  140. 0x54, 0x1e, 0x3f, 0x03, 0x54, 0xcf, 0x7c, 0xb6,
  141. 0xb5, 0xf0, 0xfe, 0xed, 0x4b, 0x7d, 0xd7, 0x61,
  142. 0xdb, 0x6d, 0xd9, 0x19, 0xe2, 0x72, 0x04, 0xaa,
  143. 0x3e, 0x89, 0x26, 0x14, 0x62, 0x9a, 0x6c, 0x11,
  144. 0x0b, 0x35, 0x99, 0x2c, 0x9f, 0x2c, 0x64, 0xa1,
  145. 0xd9, 0xe2, 0x88, 0xce, 0xf6, 0x54, 0xfe, 0x1d,
  146. 0x37, 0x5e, 0x6d, 0x73, 0x95, 0x54, 0x90, 0xf0,
  147. 0x7b, 0xfa, 0xd4, 0x44, 0xac, 0xb2, 0x23, 0x9f,
  148. 0x75, 0x36, 0xe2, 0x78, 0x62, 0x82, 0x80, 0xa4,
  149. 0x23, 0x22, 0xc9, 0xbf, 0xc4, 0x36, 0xd1, 0x31,
  150. 0x33, 0x8e, 0x64, 0xb4, 0xa9, 0x74, 0xa1, 0xcb,
  151. 0x42, 0x8d, 0x60, 0xc7, 0xbb, 0x8e, 0x6e, 0x0f,
  152. 0x36, 0x74, 0x8e, 0xf4, 0x08, 0x99, 0x06, 0x92,
  153. 0xb1, 0x3f, 0xb3, 0xdd, 0xed, 0xf7, 0xc9, 0x02,
  154. 0x03, 0x01, 0x00, 0x01,
  155. /* 20 bytes dummy rendezvous cookie */
  156. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  157. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  158. 0x10, 0x11, 0x12, 0x13,
  159. /* 128 bytes dummy DH handshake data */
  160. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  161. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  162. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  163. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  164. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  165. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  166. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  167. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  168. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  169. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  170. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  171. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  172. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  173. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  174. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  175. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
  176. static uint8_t v3_basic_auth_test_plaintext[] =
  177. /* Version byte */
  178. { 0x03,
  179. /* Auth type (1 for REND_BASIC_AUTH) */
  180. 0x01,
  181. /* Auth len (must be 16 bytes for REND_BASIC_AUTH) */
  182. 0x00, 0x10,
  183. /* Auth data (a 16-byte dummy descriptor cookie) */
  184. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  185. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  186. /* Timestamp */
  187. 0x50, 0x0b, 0xb5, 0xaa,
  188. /* 4 bytes rendezvous point's IP address */
  189. 0xc0, 0xa8, 0x00, 0x01,
  190. /* 2 bytes rendezvous point's OR port */
  191. 0x23, 0x5a,
  192. /* 20 bytes dummy rendezvous point's identity digest */
  193. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  194. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  195. 0x10, 0x11, 0x12, 0x13,
  196. /* 2 bytes length of onion key */
  197. 0x00, 0x8c,
  198. /* Onion key (140 bytes taken from live test) */
  199. 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xb1,
  200. 0xcd, 0x46, 0xa9, 0x18, 0xd2, 0x0f, 0x01, 0xf8,
  201. 0xb2, 0xad, 0xa4, 0x79, 0xb4, 0xbb, 0x4b, 0xf4,
  202. 0x54, 0x1e, 0x3f, 0x03, 0x54, 0xcf, 0x7c, 0xb6,
  203. 0xb5, 0xf0, 0xfe, 0xed, 0x4b, 0x7d, 0xd7, 0x61,
  204. 0xdb, 0x6d, 0xd9, 0x19, 0xe2, 0x72, 0x04, 0xaa,
  205. 0x3e, 0x89, 0x26, 0x14, 0x62, 0x9a, 0x6c, 0x11,
  206. 0x0b, 0x35, 0x99, 0x2c, 0x9f, 0x2c, 0x64, 0xa1,
  207. 0xd9, 0xe2, 0x88, 0xce, 0xf6, 0x54, 0xfe, 0x1d,
  208. 0x37, 0x5e, 0x6d, 0x73, 0x95, 0x54, 0x90, 0xf0,
  209. 0x7b, 0xfa, 0xd4, 0x44, 0xac, 0xb2, 0x23, 0x9f,
  210. 0x75, 0x36, 0xe2, 0x78, 0x62, 0x82, 0x80, 0xa4,
  211. 0x23, 0x22, 0xc9, 0xbf, 0xc4, 0x36, 0xd1, 0x31,
  212. 0x33, 0x8e, 0x64, 0xb4, 0xa9, 0x74, 0xa1, 0xcb,
  213. 0x42, 0x8d, 0x60, 0xc7, 0xbb, 0x8e, 0x6e, 0x0f,
  214. 0x36, 0x74, 0x8e, 0xf4, 0x08, 0x99, 0x06, 0x92,
  215. 0xb1, 0x3f, 0xb3, 0xdd, 0xed, 0xf7, 0xc9, 0x02,
  216. 0x03, 0x01, 0x00, 0x01,
  217. /* 20 bytes dummy rendezvous cookie */
  218. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  219. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  220. 0x10, 0x11, 0x12, 0x13,
  221. /* 128 bytes dummy DH handshake data */
  222. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  223. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  224. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  225. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  226. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  227. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  228. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  229. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  230. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  231. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  232. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  233. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
  234. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  235. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  236. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  237. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
  238. static void do_decrypt_test(uint8_t *plaintext, size_t plaintext_len);
  239. static void do_early_parse_test(uint8_t *plaintext, size_t plaintext_len);
  240. static void do_late_parse_test(uint8_t *plaintext, size_t plaintext_len);
  241. static void do_parse_test(uint8_t *plaintext, size_t plaintext_len, int phase);
  242. static ssize_t make_intro_from_plaintext(
  243. void *buf, size_t len, crypto_pk_t *key, void **cell_out);
  244. #define EARLY_PARSE_ONLY 1
  245. #define DECRYPT_ONLY 2
  246. #define ALL_PARSING 3
  247. static void
  248. do_early_parse_test(uint8_t *plaintext, size_t plaintext_len)
  249. {
  250. do_parse_test(plaintext, plaintext_len, EARLY_PARSE_ONLY);
  251. }
  252. static void
  253. do_decrypt_test(uint8_t *plaintext, size_t plaintext_len)
  254. {
  255. do_parse_test(plaintext, plaintext_len, DECRYPT_ONLY);
  256. }
  257. static void
  258. do_late_parse_test(uint8_t *plaintext, size_t plaintext_len)
  259. {
  260. do_parse_test(plaintext, plaintext_len, ALL_PARSING);
  261. }
  262. /** Test utility function: checks that the <b>plaintext_len</b>-byte string at
  263. * <b>plaintext</b> is at least superficially parseable.
  264. */
  265. static void
  266. do_parse_test(uint8_t *plaintext, size_t plaintext_len, int phase)
  267. {
  268. crypto_pk_t *k = NULL;
  269. ssize_t r;
  270. uint8_t *cell = NULL;
  271. size_t cell_len;
  272. rend_intro_cell_t *parsed_req = NULL;
  273. char *err_msg = NULL;
  274. char digest[DIGEST_LEN];
  275. /* Get a key */
  276. k = crypto_pk_new();
  277. tt_assert(k);
  278. r = crypto_pk_read_private_key_from_string(k, AUTHORITY_SIGNKEY_1, -1);
  279. tt_assert(!r);
  280. /* Get digest for future comparison */
  281. r = crypto_pk_get_digest(k, digest);
  282. tt_assert(r >= 0);
  283. /* Make a cell out of it */
  284. r = make_intro_from_plaintext(
  285. plaintext, plaintext_len,
  286. k, (void **)(&cell));
  287. tt_assert(r > 0);
  288. tt_assert(cell);
  289. cell_len = r;
  290. /* Do early parsing */
  291. parsed_req = rend_service_begin_parse_intro(cell, cell_len, 2, &err_msg);
  292. tt_assert(parsed_req);
  293. tt_assert(!err_msg);
  294. tt_mem_op(parsed_req->pk,OP_EQ, digest, DIGEST_LEN);
  295. tt_assert(parsed_req->ciphertext);
  296. tt_assert(parsed_req->ciphertext_len > 0);
  297. if (phase == EARLY_PARSE_ONLY)
  298. goto done;
  299. /* Do decryption */
  300. r = rend_service_decrypt_intro(parsed_req, k, &err_msg);
  301. tt_assert(!r);
  302. tt_assert(!err_msg);
  303. tt_assert(parsed_req->plaintext);
  304. tt_assert(parsed_req->plaintext_len > 0);
  305. if (phase == DECRYPT_ONLY)
  306. goto done;
  307. /* Do late parsing */
  308. r = rend_service_parse_intro_plaintext(parsed_req, &err_msg);
  309. tt_assert(!r);
  310. tt_assert(!err_msg);
  311. tt_assert(parsed_req->parsed);
  312. done:
  313. tor_free(cell);
  314. crypto_pk_free(k);
  315. rend_service_free_intro(parsed_req);
  316. tor_free(err_msg);
  317. }
  318. /** Given the plaintext of the encrypted part of an INTRODUCE1/2 and a key,
  319. * construct the encrypted cell for testing.
  320. */
  321. static ssize_t
  322. make_intro_from_plaintext(
  323. void *buf, size_t len, crypto_pk_t *key, void **cell_out)
  324. {
  325. char *cell = NULL;
  326. ssize_t cell_len = -1, r;
  327. /* Assemble key digest and ciphertext, then construct the cell */
  328. ssize_t ciphertext_size;
  329. if (!(buf && key && len > 0 && cell_out)) goto done;
  330. /*
  331. * Figure out an upper bound on how big the ciphertext will be
  332. * (see crypto_pk_public_hybrid_encrypt())
  333. */
  334. ciphertext_size = PKCS1_OAEP_PADDING_OVERHEAD;
  335. ciphertext_size += crypto_pk_keysize(key);
  336. ciphertext_size += CIPHER_KEY_LEN;
  337. ciphertext_size += len;
  338. /*
  339. * Allocate space for the cell
  340. */
  341. cell = tor_malloc(DIGEST_LEN + ciphertext_size);
  342. /* Compute key digest (will be first DIGEST_LEN octets of cell) */
  343. r = crypto_pk_get_digest(key, cell);
  344. tt_assert(r >= 0);
  345. /* Do encryption */
  346. r = crypto_pk_public_hybrid_encrypt(
  347. key, cell + DIGEST_LEN, ciphertext_size,
  348. buf, len,
  349. PK_PKCS1_OAEP_PADDING, 0);
  350. tt_assert(r >= 0);
  351. /* Figure out cell length */
  352. cell_len = DIGEST_LEN + r;
  353. /* Output the cell */
  354. *cell_out = cell;
  355. done:
  356. return cell_len;
  357. }
  358. /** Test v0 INTRODUCE2 parsing through decryption only
  359. */
  360. static void
  361. test_introduce_decrypt_v0(void *arg)
  362. {
  363. (void)arg;
  364. do_decrypt_test(v0_test_plaintext, sizeof(v0_test_plaintext));
  365. }
  366. /** Test v1 INTRODUCE2 parsing through decryption only
  367. */
  368. static void
  369. test_introduce_decrypt_v1(void *arg)
  370. {
  371. (void)arg;
  372. do_decrypt_test(v1_test_plaintext, sizeof(v1_test_plaintext));
  373. }
  374. /** Test v2 INTRODUCE2 parsing through decryption only
  375. */
  376. static void
  377. test_introduce_decrypt_v2(void *arg)
  378. {
  379. (void)arg;
  380. do_decrypt_test(v2_test_plaintext, sizeof(v2_test_plaintext));
  381. }
  382. /** Test v3 INTRODUCE2 parsing through decryption only
  383. */
  384. static void
  385. test_introduce_decrypt_v3(void *arg)
  386. {
  387. (void)arg;
  388. do_decrypt_test(
  389. v3_no_auth_test_plaintext, sizeof(v3_no_auth_test_plaintext));
  390. do_decrypt_test(
  391. v3_basic_auth_test_plaintext, sizeof(v3_basic_auth_test_plaintext));
  392. }
  393. /** Test v0 INTRODUCE2 parsing through early parsing only
  394. */
  395. static void
  396. test_introduce_early_parse_v0(void *arg)
  397. {
  398. (void)arg;
  399. do_early_parse_test(v0_test_plaintext, sizeof(v0_test_plaintext));
  400. }
  401. /** Test v1 INTRODUCE2 parsing through early parsing only
  402. */
  403. static void
  404. test_introduce_early_parse_v1(void *arg)
  405. {
  406. (void)arg;
  407. do_early_parse_test(v1_test_plaintext, sizeof(v1_test_plaintext));
  408. }
  409. /** Test v2 INTRODUCE2 parsing through early parsing only
  410. */
  411. static void
  412. test_introduce_early_parse_v2(void *arg)
  413. {
  414. (void)arg;
  415. do_early_parse_test(v2_test_plaintext, sizeof(v2_test_plaintext));
  416. }
  417. /** Test v3 INTRODUCE2 parsing through early parsing only
  418. */
  419. static void
  420. test_introduce_early_parse_v3(void *arg)
  421. {
  422. (void)arg;
  423. do_early_parse_test(
  424. v3_no_auth_test_plaintext, sizeof(v3_no_auth_test_plaintext));
  425. do_early_parse_test(
  426. v3_basic_auth_test_plaintext, sizeof(v3_basic_auth_test_plaintext));
  427. }
  428. /** Test v0 INTRODUCE2 parsing
  429. */
  430. static void
  431. test_introduce_late_parse_v0(void *arg)
  432. {
  433. (void)arg;
  434. do_late_parse_test(v0_test_plaintext, sizeof(v0_test_plaintext));
  435. }
  436. /** Test v1 INTRODUCE2 parsing
  437. */
  438. static void
  439. test_introduce_late_parse_v1(void *arg)
  440. {
  441. (void)arg;
  442. do_late_parse_test(v1_test_plaintext, sizeof(v1_test_plaintext));
  443. }
  444. /** Test v2 INTRODUCE2 parsing
  445. */
  446. static void
  447. test_introduce_late_parse_v2(void *arg)
  448. {
  449. (void)arg;
  450. do_late_parse_test(v2_test_plaintext, sizeof(v2_test_plaintext));
  451. }
  452. /** Test v3 INTRODUCE2 parsing
  453. */
  454. static void
  455. test_introduce_late_parse_v3(void *arg)
  456. {
  457. (void)arg;
  458. do_late_parse_test(
  459. v3_no_auth_test_plaintext, sizeof(v3_no_auth_test_plaintext));
  460. do_late_parse_test(
  461. v3_basic_auth_test_plaintext, sizeof(v3_basic_auth_test_plaintext));
  462. }
  463. #define INTRODUCE_LEGACY(name) \
  464. { #name, test_introduce_ ## name , 0, NULL, NULL }
  465. struct testcase_t introduce_tests[] = {
  466. INTRODUCE_LEGACY(early_parse_v0),
  467. INTRODUCE_LEGACY(early_parse_v1),
  468. INTRODUCE_LEGACY(early_parse_v2),
  469. INTRODUCE_LEGACY(early_parse_v3),
  470. INTRODUCE_LEGACY(decrypt_v0),
  471. INTRODUCE_LEGACY(decrypt_v1),
  472. INTRODUCE_LEGACY(decrypt_v2),
  473. INTRODUCE_LEGACY(decrypt_v3),
  474. INTRODUCE_LEGACY(late_parse_v0),
  475. INTRODUCE_LEGACY(late_parse_v1),
  476. INTRODUCE_LEGACY(late_parse_v2),
  477. INTRODUCE_LEGACY(late_parse_v3),
  478. END_OF_TESTCASES
  479. };