|
@@ -8,11 +8,17 @@
|
|
|
#include "or.h"
|
|
|
#include "config.h"
|
|
|
#include "router.h"
|
|
|
+#include "routerkeys.h"
|
|
|
#include "util.h"
|
|
|
#include "crypto.h"
|
|
|
-
|
|
|
+#include "torcert.h"
|
|
|
#include "test.h"
|
|
|
|
|
|
+#ifdef _WIN32
|
|
|
+/* For mkdir() */
|
|
|
+#include <direct.h>
|
|
|
+#endif
|
|
|
+
|
|
|
static void
|
|
|
test_routerkeys_write_fingerprint(void *arg)
|
|
|
{
|
|
@@ -75,11 +81,447 @@ test_routerkeys_write_fingerprint(void *arg)
|
|
|
tor_free(cp2);
|
|
|
}
|
|
|
|
|
|
+static void
|
|
|
+test_routerkeys_ed_certs(void *args)
|
|
|
+{
|
|
|
+ (void)args;
|
|
|
+ ed25519_keypair_t kp1, kp2;
|
|
|
+ tor_cert_t *cert[2] = {NULL, NULL};
|
|
|
+ tor_cert_t *parsed_cert[2] = {NULL, NULL};
|
|
|
+ time_t now = 1412094534;
|
|
|
+ uint8_t *junk = NULL;
|
|
|
+
|
|
|
+ tt_int_op(0,==,ed25519_keypair_generate(&kp1, 0));
|
|
|
+ tt_int_op(0,==,ed25519_keypair_generate(&kp2, 0));
|
|
|
+
|
|
|
+ for (int i = 0; i <= 1; ++i) {
|
|
|
+ uint32_t flags = i ? CERT_FLAG_INCLUDE_SIGNING_KEY : 0;
|
|
|
+
|
|
|
+ cert[i] = tor_cert_create(&kp1, 5, &kp2.pubkey, now, 10000, flags);
|
|
|
+ tt_assert(cert[i]);
|
|
|
+
|
|
|
+ tt_assert(cert[i]->sig_bad == 0);
|
|
|
+ tt_assert(cert[i]->sig_ok == 1);
|
|
|
+ tt_assert(cert[i]->cert_expired == 0);
|
|
|
+ tt_assert(cert[i]->cert_valid == 1);
|
|
|
+ tt_int_op(cert[i]->cert_type, ==, 5);
|
|
|
+ tt_mem_op(cert[i]->signed_key.pubkey, ==, &kp2.pubkey.pubkey, 32);
|
|
|
+ tt_mem_op(cert[i]->signing_key.pubkey, ==, &kp1.pubkey.pubkey, 32);
|
|
|
+ tt_int_op(cert[i]->signing_key_included, ==, i);
|
|
|
+
|
|
|
+ tt_assert(cert[i]->encoded);
|
|
|
+ tt_int_op(cert[i]->encoded_len, ==, 104 + 36 * i);
|
|
|
+ tt_int_op(cert[i]->encoded[0], ==, 1);
|
|
|
+ tt_int_op(cert[i]->encoded[1], ==, 5);
|
|
|
+
|
|
|
+ parsed_cert[i] = tor_cert_parse(cert[i]->encoded, cert[i]->encoded_len);
|
|
|
+ tt_assert(parsed_cert[i]);
|
|
|
+ tt_int_op(cert[i]->encoded_len, ==, parsed_cert[i]->encoded_len);
|
|
|
+ tt_mem_op(cert[i]->encoded, ==, parsed_cert[i]->encoded,
|
|
|
+ cert[i]->encoded_len);
|
|
|
+ tt_assert(parsed_cert[i]->sig_bad == 0);
|
|
|
+ tt_assert(parsed_cert[i]->sig_ok == 0);
|
|
|
+ tt_assert(parsed_cert[i]->cert_expired == 0);
|
|
|
+ tt_assert(parsed_cert[i]->cert_valid == 0);
|
|
|
+
|
|
|
+ /* Expired */
|
|
|
+ tt_int_op(tor_cert_checksig(parsed_cert[i], &kp1.pubkey, now + 30000),
|
|
|
+ <, 0);
|
|
|
+ tt_assert(parsed_cert[i]->cert_expired == 1);
|
|
|
+ parsed_cert[i]->cert_expired = 0;
|
|
|
+
|
|
|
+ /* Wrong key */
|
|
|
+ tt_int_op(tor_cert_checksig(parsed_cert[i], &kp2.pubkey, now), <, 0);
|
|
|
+ tt_assert(parsed_cert[i]->sig_bad== 1);
|
|
|
+ parsed_cert[i]->sig_bad = 0;
|
|
|
+
|
|
|
+ /* Missing key */
|
|
|
+ int ok = tor_cert_checksig(parsed_cert[i], NULL, now);
|
|
|
+ tt_int_op(ok < 0, ==, i == 0);
|
|
|
+ tt_assert(parsed_cert[i]->sig_bad == 0);
|
|
|
+ tt_assert(parsed_cert[i]->sig_ok == (i != 0));
|
|
|
+ tt_assert(parsed_cert[i]->cert_valid == (i != 0));
|
|
|
+ parsed_cert[i]->sig_bad = 0;
|
|
|
+ parsed_cert[i]->sig_ok = 0;
|
|
|
+ parsed_cert[i]->cert_valid = 0;
|
|
|
+
|
|
|
+ /* Right key */
|
|
|
+ tt_int_op(tor_cert_checksig(parsed_cert[i], &kp1.pubkey, now), ==, 0);
|
|
|
+ tt_assert(parsed_cert[i]->sig_bad == 0);
|
|
|
+ tt_assert(parsed_cert[i]->sig_ok == 1);
|
|
|
+ tt_assert(parsed_cert[i]->cert_expired == 0);
|
|
|
+ tt_assert(parsed_cert[i]->cert_valid == 1);
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Now try some junky certs. */
|
|
|
+ /* - Truncated */
|
|
|
+ tt_ptr_op(NULL, ==,tor_cert_parse(cert[0]->encoded, cert[0]->encoded_len-1));
|
|
|
+
|
|
|
+ /* - First byte modified */
|
|
|
+ cert[0]->encoded[0] = 99;
|
|
|
+ tt_ptr_op(NULL, ==,tor_cert_parse(cert[0]->encoded, cert[0]->encoded_len));
|
|
|
+ cert[0]->encoded[0] = 1;
|
|
|
+
|
|
|
+ /* - Extra byte at the end*/
|
|
|
+ junk = tor_malloc_zero(cert[0]->encoded_len + 1);
|
|
|
+ memcpy(junk, cert[0]->encoded, cert[0]->encoded_len);
|
|
|
+ tt_ptr_op(NULL, ==, tor_cert_parse(junk, cert[0]->encoded_len+1));
|
|
|
+
|
|
|
+ /* - Multiple signing key instances */
|
|
|
+ tor_free(junk);
|
|
|
+ junk = tor_malloc_zero(104 + 36 * 2);
|
|
|
+ junk[0] = 1; /* version */
|
|
|
+ junk[1] = 5; /* cert type */
|
|
|
+ junk[6] = 1; /* key type */
|
|
|
+ junk[39] = 2; /* n_extensions */
|
|
|
+ junk[41] = 32; /* extlen */
|
|
|
+ junk[42] = 4; /* exttype */
|
|
|
+ junk[77] = 32; /* extlen */
|
|
|
+ junk[78] = 4; /* exttype */
|
|
|
+ tt_ptr_op(NULL, ==, tor_cert_parse(junk, 104 + 36 * 2));
|
|
|
+
|
|
|
+ done:
|
|
|
+ tor_cert_free(cert[0]);
|
|
|
+ tor_cert_free(cert[1]);
|
|
|
+ tor_cert_free(parsed_cert[0]);
|
|
|
+ tor_cert_free(parsed_cert[1]);
|
|
|
+ tor_free(junk);
|
|
|
+}
|
|
|
+
|
|
|
+static void
|
|
|
+test_routerkeys_ed_key_create(void *arg)
|
|
|
+{
|
|
|
+ (void)arg;
|
|
|
+ tor_cert_t *cert = NULL;
|
|
|
+ ed25519_keypair_t *kp1 = NULL, *kp2 = NULL;
|
|
|
+ time_t now = time(NULL);
|
|
|
+
|
|
|
+ /* This is a simple alias for 'make a new keypair' */
|
|
|
+ kp1 = ed_key_new(NULL, 0, 0, 0, 0, &cert);
|
|
|
+ tt_assert(kp1);
|
|
|
+
|
|
|
+ /* Create a new certificate signed by kp1. */
|
|
|
+ kp2 = ed_key_new(kp1, INIT_ED_KEY_NEEDCERT, now, 3600, 4, &cert);
|
|
|
+ tt_assert(kp2);
|
|
|
+ tt_assert(cert);
|
|
|
+ tt_mem_op(&cert->signed_key, ==, &kp2->pubkey, sizeof(ed25519_public_key_t));
|
|
|
+ tt_assert(! cert->signing_key_included);
|
|
|
+
|
|
|
+ tt_int_op(cert->valid_until, >=, now);
|
|
|
+ tt_int_op(cert->valid_until, <=, now+7200);
|
|
|
+
|
|
|
+ /* Create a new key-including certificate signed by kp1 */
|
|
|
+ ed25519_keypair_free(kp2);
|
|
|
+ tor_cert_free(cert);
|
|
|
+ cert = NULL; kp2 = NULL;
|
|
|
+ kp2 = ed_key_new(kp1, (INIT_ED_KEY_NEEDCERT|
|
|
|
+ INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT),
|
|
|
+ now, 3600, 4, &cert);
|
|
|
+ tt_assert(kp2);
|
|
|
+ tt_assert(cert);
|
|
|
+ tt_assert(cert->signing_key_included);
|
|
|
+ tt_mem_op(&cert->signed_key, ==, &kp2->pubkey, sizeof(ed25519_public_key_t));
|
|
|
+ tt_mem_op(&cert->signing_key, ==, &kp1->pubkey,sizeof(ed25519_public_key_t));
|
|
|
+
|
|
|
+ done:
|
|
|
+ ed25519_keypair_free(kp1);
|
|
|
+ ed25519_keypair_free(kp2);
|
|
|
+ tor_cert_free(cert);
|
|
|
+}
|
|
|
+
|
|
|
+static void
|
|
|
+test_routerkeys_ed_key_init_basic(void *arg)
|
|
|
+{
|
|
|
+ (void) arg;
|
|
|
+
|
|
|
+ tor_cert_t *cert = NULL, *cert2 = NULL;
|
|
|
+ ed25519_keypair_t *kp1 = NULL, *kp2 = NULL, *kp3 = NULL;
|
|
|
+ time_t now = time(NULL);
|
|
|
+ char *fname1 = tor_strdup(get_fname("test_ed_key_1"));
|
|
|
+ char *fname2 = tor_strdup(get_fname("test_ed_key_2"));
|
|
|
+ struct stat st;
|
|
|
+
|
|
|
+ unlink(fname1);
|
|
|
+ unlink(fname2);
|
|
|
+
|
|
|
+ /* Fail to load a key that isn't there. */
|
|
|
+ kp1 = ed_key_init_from_file(fname1, 0, LOG_INFO, NULL, now, 0, 7, &cert);
|
|
|
+ tt_assert(kp1 == NULL);
|
|
|
+ tt_assert(cert == NULL);
|
|
|
+
|
|
|
+ /* Create the key if requested to do so. */
|
|
|
+ kp1 = ed_key_init_from_file(fname1, INIT_ED_KEY_CREATE, LOG_INFO,
|
|
|
+ NULL, now, 0, 7, &cert);
|
|
|
+ tt_assert(kp1 != NULL);
|
|
|
+ tt_assert(cert == NULL);
|
|
|
+ tt_int_op(stat(get_fname("test_ed_key_1_cert"), &st), <, 0);
|
|
|
+ tt_int_op(stat(get_fname("test_ed_key_1_secret_key"), &st), ==, 0);
|
|
|
+
|
|
|
+ /* Fail to load if we say we need a cert */
|
|
|
+ kp2 = ed_key_init_from_file(fname1, INIT_ED_KEY_NEEDCERT, LOG_INFO,
|
|
|
+ NULL, now, 0, 7, &cert);
|
|
|
+ tt_assert(kp2 == NULL);
|
|
|
+
|
|
|
+ /* Fail to load if we say the wrong key type */
|
|
|
+ kp2 = ed_key_init_from_file(fname1, 0, LOG_INFO,
|
|
|
+ NULL, now, 0, 6, &cert);
|
|
|
+ tt_assert(kp2 == NULL);
|
|
|
+
|
|
|
+ /* Load successfully if we're not picky, whether we say "create" or not. */
|
|
|
+ kp2 = ed_key_init_from_file(fname1, INIT_ED_KEY_CREATE, LOG_INFO,
|
|
|
+ NULL, now, 0, 7, &cert);
|
|
|
+ tt_assert(kp2 != NULL);
|
|
|
+ tt_assert(cert == NULL);
|
|
|
+ tt_mem_op(kp1, ==, kp2, sizeof(*kp1));
|
|
|
+ ed25519_keypair_free(kp2); kp2 = NULL;
|
|
|
+
|
|
|
+ kp2 = ed_key_init_from_file(fname1, 0, LOG_INFO,
|
|
|
+ NULL, now, 0, 7, &cert);
|
|
|
+ tt_assert(kp2 != NULL);
|
|
|
+ tt_assert(cert == NULL);
|
|
|
+ tt_mem_op(kp1, ==, kp2, sizeof(*kp1));
|
|
|
+ ed25519_keypair_free(kp2); kp2 = NULL;
|
|
|
+
|
|
|
+ /* Now create a key with a cert. */
|
|
|
+ kp2 = ed_key_init_from_file(fname2, (INIT_ED_KEY_CREATE|
|
|
|
+ INIT_ED_KEY_NEEDCERT),
|
|
|
+ LOG_INFO, kp1, now, 7200, 7, &cert);
|
|
|
+ tt_assert(kp2 != NULL);
|
|
|
+ tt_assert(cert != NULL);
|
|
|
+ tt_mem_op(kp1, !=, kp2, sizeof(*kp1));
|
|
|
+ tt_int_op(stat(get_fname("test_ed_key_2_cert"), &st), ==, 0);
|
|
|
+ tt_int_op(stat(get_fname("test_ed_key_2_secret_key"), &st), ==, 0);
|
|
|
+
|
|
|
+ tt_assert(cert->cert_valid == 1);
|
|
|
+ tt_mem_op(&cert->signed_key, ==, &kp2->pubkey, 32);
|
|
|
+
|
|
|
+ /* Now verify we can load the cert... */
|
|
|
+ kp3 = ed_key_init_from_file(fname2, (INIT_ED_KEY_CREATE|
|
|
|
+ INIT_ED_KEY_NEEDCERT),
|
|
|
+ LOG_INFO, kp1, now, 7200, 7, &cert2);
|
|
|
+ tt_mem_op(kp2, ==, kp3, sizeof(*kp2));
|
|
|
+ tt_mem_op(cert2->encoded, ==, cert->encoded, cert->encoded_len);
|
|
|
+ ed25519_keypair_free(kp3); kp3 = NULL;
|
|
|
+ tor_cert_free(cert2); cert2 = NULL;
|
|
|
+
|
|
|
+ /* ... even without create... */
|
|
|
+ kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
|
|
|
+ LOG_INFO, kp1, now, 7200, 7, &cert2);
|
|
|
+ tt_mem_op(kp2, ==, kp3, sizeof(*kp2));
|
|
|
+ tt_mem_op(cert2->encoded, ==, cert->encoded, cert->encoded_len);
|
|
|
+ ed25519_keypair_free(kp3); kp3 = NULL;
|
|
|
+ tor_cert_free(cert2); cert2 = NULL;
|
|
|
+
|
|
|
+ /* ... but that we don't crash or anything if we say we don't want it. */
|
|
|
+ kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
|
|
|
+ LOG_INFO, kp1, now, 7200, 7, NULL);
|
|
|
+ tt_mem_op(kp2, ==, kp3, sizeof(*kp2));
|
|
|
+ ed25519_keypair_free(kp3); kp3 = NULL;
|
|
|
+
|
|
|
+ /* Fail if we're told the wrong signing key */
|
|
|
+ kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
|
|
|
+ LOG_INFO, kp2, now, 7200, 7, &cert2);
|
|
|
+ tt_assert(kp3 == NULL);
|
|
|
+ tt_assert(cert2 == NULL);
|
|
|
+
|
|
|
+ done:
|
|
|
+ ed25519_keypair_free(kp1);
|
|
|
+ ed25519_keypair_free(kp2);
|
|
|
+ ed25519_keypair_free(kp3);
|
|
|
+ tor_cert_free(cert);
|
|
|
+ tor_cert_free(cert2);
|
|
|
+ tor_free(fname1);
|
|
|
+ tor_free(fname2);
|
|
|
+}
|
|
|
+
|
|
|
+static void
|
|
|
+test_routerkeys_ed_key_init_split(void *arg)
|
|
|
+{
|
|
|
+ (void) arg;
|
|
|
+
|
|
|
+ tor_cert_t *cert = NULL;
|
|
|
+ ed25519_keypair_t *kp1 = NULL, *kp2 = NULL;
|
|
|
+ time_t now = time(NULL);
|
|
|
+ char *fname1 = tor_strdup(get_fname("test_ed_key_3"));
|
|
|
+ char *fname2 = tor_strdup(get_fname("test_ed_key_4"));
|
|
|
+ struct stat st;
|
|
|
+ const uint32_t flags = INIT_ED_KEY_SPLIT|INIT_ED_KEY_MISSING_SECRET_OK;
|
|
|
+
|
|
|
+ unlink(fname1);
|
|
|
+ unlink(fname2);
|
|
|
+
|
|
|
+ /* Can't load key that isn't there. */
|
|
|
+ kp1 = ed_key_init_from_file(fname1, flags, LOG_INFO, NULL, now, 0, 7, &cert);
|
|
|
+ tt_assert(kp1 == NULL);
|
|
|
+ tt_assert(cert == NULL);
|
|
|
+
|
|
|
+ /* Create a split key */
|
|
|
+ kp1 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
|
|
|
+ LOG_INFO, NULL, now, 0, 7, &cert);
|
|
|
+ tt_assert(kp1 != NULL);
|
|
|
+ tt_assert(cert == NULL);
|
|
|
+ tt_int_op(stat(get_fname("test_ed_key_3_cert"), &st), <, 0);
|
|
|
+ tt_int_op(stat(get_fname("test_ed_key_3_secret_key"), &st), ==, 0);
|
|
|
+ tt_int_op(stat(get_fname("test_ed_key_3_public_key"), &st), ==, 0);
|
|
|
+
|
|
|
+ /* Load it. */
|
|
|
+ kp2 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
|
|
|
+ LOG_INFO, NULL, now, 0, 7, &cert);
|
|
|
+ tt_assert(kp2 != NULL);
|
|
|
+ tt_assert(cert == NULL);
|
|
|
+ tt_mem_op(kp1, ==, kp2, sizeof(*kp2));
|
|
|
+ ed25519_keypair_free(kp2); kp2 = NULL;
|
|
|
+
|
|
|
+ /* Okay, try killing the secret key and loading it. */
|
|
|
+ unlink(get_fname("test_ed_key_3_secret_key"));
|
|
|
+ kp2 = ed_key_init_from_file(fname1, flags,
|
|
|
+ LOG_INFO, NULL, now, 0, 7, &cert);
|
|
|
+ tt_assert(kp2 != NULL);
|
|
|
+ tt_assert(cert == NULL);
|
|
|
+ tt_mem_op(&kp1->pubkey, ==, &kp2->pubkey, sizeof(kp2->pubkey));
|
|
|
+ tt_assert(tor_mem_is_zero((char*)kp2->seckey.seckey,
|
|
|
+ sizeof(kp2->seckey.seckey)));
|
|
|
+ ed25519_keypair_free(kp2); kp2 = NULL;
|
|
|
+
|
|
|
+ /* Even when we're told to "create", don't create if there's a public key */
|
|
|
+ kp2 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
|
|
|
+ LOG_INFO, NULL, now, 0, 7, &cert);
|
|
|
+ tt_assert(kp2 != NULL);
|
|
|
+ tt_assert(cert == NULL);
|
|
|
+ tt_mem_op(&kp1->pubkey, ==, &kp2->pubkey, sizeof(kp2->pubkey));
|
|
|
+ tt_assert(tor_mem_is_zero((char*)kp2->seckey.seckey,
|
|
|
+ sizeof(kp2->seckey.seckey)));
|
|
|
+ ed25519_keypair_free(kp2); kp2 = NULL;
|
|
|
+
|
|
|
+ /* Make sure we fail on a tag mismatch, though */
|
|
|
+ kp2 = ed_key_init_from_file(fname1, flags,
|
|
|
+ LOG_INFO, NULL, now, 0, 99, &cert);
|
|
|
+ tt_assert(kp2 == NULL);
|
|
|
+
|
|
|
+ done:
|
|
|
+ ed25519_keypair_free(kp1);
|
|
|
+ ed25519_keypair_free(kp2);
|
|
|
+ tor_cert_free(cert);
|
|
|
+ tor_free(fname1);
|
|
|
+ tor_free(fname2);
|
|
|
+}
|
|
|
+
|
|
|
+static void
|
|
|
+test_routerkeys_ed_keys_init_all(void *arg)
|
|
|
+{
|
|
|
+ (void)arg;
|
|
|
+ char *dir = tor_strdup(get_fname("test_ed_keys_init_all"));
|
|
|
+ or_options_t *options = tor_malloc_zero(sizeof(or_options_t));
|
|
|
+ time_t now = time(NULL);
|
|
|
+ ed25519_public_key_t id;
|
|
|
+ ed25519_keypair_t sign, link, auth;
|
|
|
+ // tor_cert_t *cert_is, *cert_sl, *cert_auth;
|
|
|
+
|
|
|
+#ifdef _WIN32
|
|
|
+ mkdir(dir);
|
|
|
+ mkdir(get_fname("test_ed_keys_init_all/keys"));
|
|
|
+#else
|
|
|
+ mkdir(dir, 0700);
|
|
|
+ mkdir(get_fname("test_ed_keys_init_all/keys"), 0700);
|
|
|
+#endif
|
|
|
+
|
|
|
+ options->DataDirectory = dir;
|
|
|
+
|
|
|
+ tt_int_op(0, ==, load_ed_keys(options, now));
|
|
|
+ tt_assert(get_master_identity_key());
|
|
|
+ tt_assert(get_master_identity_key());
|
|
|
+ tt_assert(get_master_signing_keypair());
|
|
|
+ tt_assert(get_current_link_keypair());
|
|
|
+ tt_assert(get_current_auth_keypair());
|
|
|
+ tt_assert(get_master_signing_key_cert());
|
|
|
+ tt_assert(get_current_link_key_cert());
|
|
|
+ tt_assert(get_current_auth_key_cert());
|
|
|
+ memcpy(&id, get_master_identity_key(), sizeof(id));
|
|
|
+ memcpy(&sign, get_master_signing_keypair(), sizeof(sign));
|
|
|
+ memcpy(&link, get_current_link_keypair(), sizeof(link));
|
|
|
+ memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
|
|
|
+
|
|
|
+ /* Call load_ed_keys again, but nothing has changed. */
|
|
|
+ tt_int_op(0, ==, load_ed_keys(options, now));
|
|
|
+ tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
|
|
|
+ tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
|
|
|
+ tt_mem_op(&link, ==, get_current_link_keypair(), sizeof(link));
|
|
|
+ tt_mem_op(&auth, ==, get_current_auth_keypair(), sizeof(auth));
|
|
|
+
|
|
|
+ /* Force a reload: we make new link/auth keys. */
|
|
|
+ routerkeys_free_all();
|
|
|
+ tt_int_op(0, ==, load_ed_keys(options, now));
|
|
|
+ tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
|
|
|
+ tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
|
|
|
+ tt_mem_op(&link, !=, get_current_link_keypair(), sizeof(link));
|
|
|
+ tt_mem_op(&auth, !=, get_current_auth_keypair(), sizeof(auth));
|
|
|
+ tt_assert(get_master_signing_key_cert());
|
|
|
+ tt_assert(get_current_link_key_cert());
|
|
|
+ tt_assert(get_current_auth_key_cert());
|
|
|
+ memcpy(&link, get_current_link_keypair(), sizeof(link));
|
|
|
+ memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
|
|
|
+
|
|
|
+ /* Force a link/auth-key regeneration by advancing time. */
|
|
|
+ tt_int_op(0, ==, load_ed_keys(options, now+3*86400));
|
|
|
+ tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
|
|
|
+ tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
|
|
|
+ tt_mem_op(&link, !=, get_current_link_keypair(), sizeof(link));
|
|
|
+ tt_mem_op(&auth, !=, get_current_auth_keypair(), sizeof(auth));
|
|
|
+ tt_assert(get_master_signing_key_cert());
|
|
|
+ tt_assert(get_current_link_key_cert());
|
|
|
+ tt_assert(get_current_auth_key_cert());
|
|
|
+ memcpy(&link, get_current_link_keypair(), sizeof(link));
|
|
|
+ memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
|
|
|
+
|
|
|
+ /* Force a signing-key regeneration by advancing time. */
|
|
|
+ tt_int_op(0, ==, load_ed_keys(options, now+100*86400));
|
|
|
+ tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
|
|
|
+ tt_mem_op(&sign, !=, get_master_signing_keypair(), sizeof(sign));
|
|
|
+ tt_mem_op(&link, !=, get_current_link_keypair(), sizeof(link));
|
|
|
+ tt_mem_op(&auth, !=, get_current_auth_keypair(), sizeof(auth));
|
|
|
+ tt_assert(get_master_signing_key_cert());
|
|
|
+ tt_assert(get_current_link_key_cert());
|
|
|
+ tt_assert(get_current_auth_key_cert());
|
|
|
+ memcpy(&sign, get_master_signing_keypair(), sizeof(sign));
|
|
|
+ memcpy(&link, get_current_link_keypair(), sizeof(link));
|
|
|
+ memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
|
|
|
+
|
|
|
+ /* Demonstrate that we can start up with no secret identity key */
|
|
|
+ routerkeys_free_all();
|
|
|
+ unlink(get_fname("test_ed_keys_init_all/keys/"
|
|
|
+ "ed25519_master_id_secret_key"));
|
|
|
+ tt_int_op(0, ==, load_ed_keys(options, now));
|
|
|
+ tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
|
|
|
+ tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
|
|
|
+ tt_mem_op(&link, !=, get_current_link_keypair(), sizeof(link));
|
|
|
+ tt_mem_op(&auth, !=, get_current_auth_keypair(), sizeof(auth));
|
|
|
+ tt_assert(get_master_signing_key_cert());
|
|
|
+ tt_assert(get_current_link_key_cert());
|
|
|
+ tt_assert(get_current_auth_key_cert());
|
|
|
+
|
|
|
+ /* But we're in trouble if we have no id key and our signing key has
|
|
|
+ expired. */
|
|
|
+ log_global_min_severity_ = LOG_ERR; /* Suppress warnings.
|
|
|
+ * XXX (better way to do this)? */
|
|
|
+ routerkeys_free_all();
|
|
|
+ tt_int_op(-1, ==, load_ed_keys(options, now+200*86400));
|
|
|
+
|
|
|
+ done:
|
|
|
+ tor_free(dir);
|
|
|
+ tor_free(options);
|
|
|
+ routerkeys_free_all();
|
|
|
+}
|
|
|
+
|
|
|
#define TEST(name, flags) \
|
|
|
{ #name , test_routerkeys_ ## name, (flags), NULL, NULL }
|
|
|
|
|
|
struct testcase_t routerkeys_tests[] = {
|
|
|
TEST(write_fingerprint, TT_FORK),
|
|
|
+ TEST(ed_certs, TT_FORK),
|
|
|
+ TEST(ed_key_create, TT_FORK),
|
|
|
+ TEST(ed_key_init_basic, TT_FORK),
|
|
|
+ TEST(ed_key_init_split, TT_FORK),
|
|
|
+ TEST(ed_keys_init_all, TT_FORK),
|
|
|
END_OF_TESTCASES
|
|
|
};
|
|
|
|