test_routerkeys.c 24 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707
  1. /* Copyright (c) 2001-2004, Roger Dingledine.
  2. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  3. * Copyright (c) 2007-2019, The Tor Project, Inc. */
  4. /* See LICENSE for licensing information */
  5. #include "orconfig.h"
  6. #define ROUTER_PRIVATE
  7. #include "core/or/or.h"
  8. #include "app/config/config.h"
  9. #include "feature/relay/router.h"
  10. #include "feature/relay/routerkeys.h"
  11. #include "lib/crypt_ops/crypto_cipher.h"
  12. #include "lib/crypt_ops/crypto_format.h"
  13. #include "feature/keymgt/loadkey.h"
  14. #include "feature/nodelist/torcert.h"
  15. #include "test/test.h"
  16. #ifdef _WIN32
  17. /* For mkdir() */
  18. #include <direct.h>
  19. #endif
  20. #ifdef HAVE_UNISTD_H
  21. #include <unistd.h>
  22. #endif
  23. #ifdef HAVE_SYS_STAT_H
  24. #include <sys/stat.h>
  25. #endif
  26. static void
  27. test_routerkeys_write_fingerprint(void *arg)
  28. {
  29. crypto_pk_t *key = pk_generate(2);
  30. or_options_t *options = get_options_mutable();
  31. const char *ddir = get_fname("write_fingerprint");
  32. char *cp = NULL, *cp2 = NULL;
  33. char fp[FINGERPRINT_LEN+1];
  34. (void)arg;
  35. tt_assert(key);
  36. options->ORPort_set = 1; /* So that we can get the server ID key */
  37. tor_free(options->DataDirectory);
  38. options->DataDirectory = tor_strdup(ddir);
  39. options->Nickname = tor_strdup("haflinger");
  40. set_server_identity_key(key);
  41. set_client_identity_key(crypto_pk_dup_key(key));
  42. tt_int_op(0, OP_EQ, check_private_dir(ddir, CPD_CREATE, NULL));
  43. tt_int_op(crypto_pk_cmp_keys(get_server_identity_key(),key),OP_EQ,0);
  44. /* Write fingerprint file */
  45. tt_int_op(0, OP_EQ, router_write_fingerprint(0));
  46. cp = read_file_to_str(get_fname("write_fingerprint/fingerprint"),
  47. 0, NULL);
  48. crypto_pk_get_fingerprint(key, fp, 0);
  49. tor_asprintf(&cp2, "haflinger %s\n", fp);
  50. tt_str_op(cp, OP_EQ, cp2);
  51. tor_free(cp);
  52. tor_free(cp2);
  53. /* Write hashed-fingerprint file */
  54. tt_int_op(0, OP_EQ, router_write_fingerprint(1));
  55. cp = read_file_to_str(get_fname("write_fingerprint/hashed-fingerprint"),
  56. 0, NULL);
  57. crypto_pk_get_hashed_fingerprint(key, fp);
  58. tor_asprintf(&cp2, "haflinger %s\n", fp);
  59. tt_str_op(cp, OP_EQ, cp2);
  60. tor_free(cp);
  61. tor_free(cp2);
  62. /* Replace outdated file */
  63. write_str_to_file(get_fname("write_fingerprint/hashed-fingerprint"),
  64. "junk goes here", 0);
  65. tt_int_op(0, OP_EQ, router_write_fingerprint(1));
  66. cp = read_file_to_str(get_fname("write_fingerprint/hashed-fingerprint"),
  67. 0, NULL);
  68. crypto_pk_get_hashed_fingerprint(key, fp);
  69. tor_asprintf(&cp2, "haflinger %s\n", fp);
  70. tt_str_op(cp, OP_EQ, cp2);
  71. tor_free(cp);
  72. tor_free(cp2);
  73. done:
  74. crypto_pk_free(key);
  75. set_client_identity_key(NULL);
  76. tor_free(cp);
  77. tor_free(cp2);
  78. }
  79. static void
  80. test_routerkeys_ed_certs(void *args)
  81. {
  82. (void)args;
  83. ed25519_keypair_t kp1, kp2;
  84. tor_cert_t *cert[2] = {NULL, NULL}, *nocert = NULL;
  85. tor_cert_t *parsed_cert[2] = {NULL, NULL};
  86. time_t now = 1412094534;
  87. uint8_t *junk = NULL;
  88. char *base64 = NULL;
  89. tt_int_op(0,OP_EQ,ed25519_keypair_generate(&kp1, 0));
  90. tt_int_op(0,OP_EQ,ed25519_keypair_generate(&kp2, 0));
  91. for (int i = 0; i <= 1; ++i) {
  92. uint32_t flags = i ? CERT_FLAG_INCLUDE_SIGNING_KEY : 0;
  93. cert[i] = tor_cert_create(&kp1, 5, &kp2.pubkey, now, 10000, flags);
  94. tt_assert(cert[i]);
  95. tt_uint_op(cert[i]->sig_bad, OP_EQ, 0);
  96. tt_uint_op(cert[i]->sig_ok, OP_EQ, 1);
  97. tt_uint_op(cert[i]->cert_expired, OP_EQ, 0);
  98. tt_uint_op(cert[i]->cert_valid, OP_EQ, 1);
  99. tt_int_op(cert[i]->cert_type, OP_EQ, 5);
  100. tt_mem_op(cert[i]->signed_key.pubkey, OP_EQ, &kp2.pubkey.pubkey, 32);
  101. tt_mem_op(cert[i]->signing_key.pubkey, OP_EQ, &kp1.pubkey.pubkey, 32);
  102. tt_int_op(cert[i]->signing_key_included, OP_EQ, i);
  103. tt_assert(cert[i]->encoded);
  104. tt_int_op(cert[i]->encoded_len, OP_EQ, 104 + 36 * i);
  105. tt_int_op(cert[i]->encoded[0], OP_EQ, 1);
  106. tt_int_op(cert[i]->encoded[1], OP_EQ, 5);
  107. parsed_cert[i] = tor_cert_parse(cert[i]->encoded, cert[i]->encoded_len);
  108. tt_assert(parsed_cert[i]);
  109. tt_int_op(cert[i]->encoded_len, OP_EQ, parsed_cert[i]->encoded_len);
  110. tt_mem_op(cert[i]->encoded, OP_EQ, parsed_cert[i]->encoded,
  111. cert[i]->encoded_len);
  112. tt_uint_op(parsed_cert[i]->sig_bad, OP_EQ, 0);
  113. tt_uint_op(parsed_cert[i]->sig_ok, OP_EQ, 0);
  114. tt_uint_op(parsed_cert[i]->cert_expired, OP_EQ, 0);
  115. tt_uint_op(parsed_cert[i]->cert_valid, OP_EQ, 0);
  116. /* Expired */
  117. tt_int_op(tor_cert_checksig(parsed_cert[i], &kp1.pubkey, now + 30000),
  118. OP_LT, 0);
  119. tt_uint_op(parsed_cert[i]->cert_expired, OP_EQ, 1);
  120. parsed_cert[i]->cert_expired = 0;
  121. /* Wrong key */
  122. tt_int_op(tor_cert_checksig(parsed_cert[i], &kp2.pubkey, now), OP_LT, 0);
  123. tt_uint_op(parsed_cert[i]->sig_bad, OP_EQ, 1);
  124. parsed_cert[i]->sig_bad = 0;
  125. /* Missing key */
  126. int ok = tor_cert_checksig(parsed_cert[i], NULL, now);
  127. tt_int_op(ok < 0, OP_EQ, i == 0);
  128. tt_uint_op(parsed_cert[i]->sig_bad, OP_EQ, 0);
  129. tt_assert(parsed_cert[i]->sig_ok == (i != 0));
  130. tt_assert(parsed_cert[i]->cert_valid == (i != 0));
  131. parsed_cert[i]->sig_bad = 0;
  132. parsed_cert[i]->sig_ok = 0;
  133. parsed_cert[i]->cert_valid = 0;
  134. /* Right key */
  135. tt_int_op(tor_cert_checksig(parsed_cert[i], &kp1.pubkey, now), OP_EQ, 0);
  136. tt_uint_op(parsed_cert[i]->sig_bad, OP_EQ, 0);
  137. tt_uint_op(parsed_cert[i]->sig_ok, OP_EQ, 1);
  138. tt_uint_op(parsed_cert[i]->cert_expired, OP_EQ, 0);
  139. tt_uint_op(parsed_cert[i]->cert_valid, OP_EQ, 1);
  140. }
  141. /* Now try some junky certs. */
  142. /* - Truncated */
  143. nocert = tor_cert_parse(cert[0]->encoded, cert[0]->encoded_len-1);
  144. tt_ptr_op(NULL, OP_EQ, nocert);
  145. /* - First byte modified */
  146. cert[0]->encoded[0] = 99;
  147. nocert = tor_cert_parse(cert[0]->encoded, cert[0]->encoded_len);
  148. tt_ptr_op(NULL, OP_EQ, nocert);
  149. cert[0]->encoded[0] = 1;
  150. /* - Extra byte at the end*/
  151. junk = tor_malloc_zero(cert[0]->encoded_len + 1);
  152. memcpy(junk, cert[0]->encoded, cert[0]->encoded_len);
  153. nocert = tor_cert_parse(junk, cert[0]->encoded_len+1);
  154. tt_ptr_op(NULL, OP_EQ, nocert);
  155. /* - Multiple signing key instances */
  156. tor_free(junk);
  157. junk = tor_malloc_zero(104 + 36 * 2);
  158. junk[0] = 1; /* version */
  159. junk[1] = 5; /* cert type */
  160. junk[6] = 1; /* key type */
  161. junk[39] = 2; /* n_extensions */
  162. junk[41] = 32; /* extlen */
  163. junk[42] = 4; /* exttype */
  164. junk[77] = 32; /* extlen */
  165. junk[78] = 4; /* exttype */
  166. nocert = tor_cert_parse(junk, 104 + 36 * 2);
  167. tt_ptr_op(NULL, OP_EQ, nocert);
  168. done:
  169. tor_cert_free(cert[0]);
  170. tor_cert_free(cert[1]);
  171. tor_cert_free(parsed_cert[0]);
  172. tor_cert_free(parsed_cert[1]);
  173. tor_cert_free(nocert);
  174. tor_free(junk);
  175. tor_free(base64);
  176. }
  177. static void
  178. test_routerkeys_ed_key_create(void *arg)
  179. {
  180. (void)arg;
  181. tor_cert_t *cert = NULL;
  182. ed25519_keypair_t *kp1 = NULL, *kp2 = NULL;
  183. time_t now = time(NULL);
  184. /* This is a simple alias for 'make a new keypair' */
  185. kp1 = ed_key_new(NULL, 0, 0, 0, 0, &cert);
  186. tt_assert(kp1);
  187. /* Create a new certificate signed by kp1. */
  188. kp2 = ed_key_new(kp1, INIT_ED_KEY_NEEDCERT, now, 3600, 4, &cert);
  189. tt_assert(kp2);
  190. tt_assert(cert);
  191. tt_mem_op(&cert->signed_key, OP_EQ, &kp2->pubkey,
  192. sizeof(ed25519_public_key_t));
  193. tt_assert(! cert->signing_key_included);
  194. tt_int_op(cert->valid_until, OP_GE, now);
  195. tt_int_op(cert->valid_until, OP_LE, now+7200);
  196. /* Create a new key-including certificate signed by kp1 */
  197. ed25519_keypair_free(kp2);
  198. tor_cert_free(cert);
  199. cert = NULL; kp2 = NULL;
  200. kp2 = ed_key_new(kp1, (INIT_ED_KEY_NEEDCERT|
  201. INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT),
  202. now, 3600, 4, &cert);
  203. tt_assert(kp2);
  204. tt_assert(cert);
  205. tt_assert(cert->signing_key_included);
  206. tt_mem_op(&cert->signed_key, OP_EQ, &kp2->pubkey,
  207. sizeof(ed25519_public_key_t));
  208. tt_mem_op(&cert->signing_key, OP_EQ, &kp1->pubkey,
  209. sizeof(ed25519_public_key_t));
  210. done:
  211. ed25519_keypair_free(kp1);
  212. ed25519_keypair_free(kp2);
  213. tor_cert_free(cert);
  214. }
  215. static void
  216. test_routerkeys_ed_key_init_basic(void *arg)
  217. {
  218. (void) arg;
  219. tor_cert_t *cert = NULL, *cert2 = NULL;
  220. ed25519_keypair_t *kp1 = NULL, *kp2 = NULL, *kp3 = NULL;
  221. time_t now = time(NULL);
  222. char *fname1 = tor_strdup(get_fname("test_ed_key_1"));
  223. char *fname2 = tor_strdup(get_fname("test_ed_key_2"));
  224. struct stat st;
  225. unlink(fname1);
  226. unlink(fname2);
  227. /* Fail to load a key that isn't there. */
  228. kp1 = ed_key_init_from_file(fname1, 0, LOG_INFO, NULL, now, 0, 7, &cert,
  229. NULL);
  230. tt_assert(kp1 == NULL);
  231. tt_assert(cert == NULL);
  232. /* Create the key if requested to do so. */
  233. kp1 = ed_key_init_from_file(fname1, INIT_ED_KEY_CREATE, LOG_INFO,
  234. NULL, now, 0, 7, &cert, NULL);
  235. tt_assert(kp1 != NULL);
  236. tt_assert(cert == NULL);
  237. tt_int_op(stat(get_fname("test_ed_key_1_cert"), &st), OP_LT, 0);
  238. tt_int_op(stat(get_fname("test_ed_key_1_secret_key"), &st), OP_EQ, 0);
  239. /* Fail to load if we say we need a cert */
  240. kp2 = ed_key_init_from_file(fname1, INIT_ED_KEY_NEEDCERT, LOG_INFO,
  241. NULL, now, 0, 7, &cert, NULL);
  242. tt_assert(kp2 == NULL);
  243. /* Fail to load if we say the wrong key type */
  244. kp2 = ed_key_init_from_file(fname1, 0, LOG_INFO,
  245. NULL, now, 0, 6, &cert, NULL);
  246. tt_assert(kp2 == NULL);
  247. /* Load successfully if we're not picky, whether we say "create" or not. */
  248. kp2 = ed_key_init_from_file(fname1, INIT_ED_KEY_CREATE, LOG_INFO,
  249. NULL, now, 0, 7, &cert, NULL);
  250. tt_assert(kp2 != NULL);
  251. tt_assert(cert == NULL);
  252. tt_mem_op(kp1, OP_EQ, kp2, sizeof(*kp1));
  253. ed25519_keypair_free(kp2); kp2 = NULL;
  254. kp2 = ed_key_init_from_file(fname1, 0, LOG_INFO,
  255. NULL, now, 0, 7, &cert, NULL);
  256. tt_assert(kp2 != NULL);
  257. tt_assert(cert == NULL);
  258. tt_mem_op(kp1, OP_EQ, kp2, sizeof(*kp1));
  259. ed25519_keypair_free(kp2); kp2 = NULL;
  260. /* Now create a key with a cert. */
  261. kp2 = ed_key_init_from_file(fname2, (INIT_ED_KEY_CREATE|
  262. INIT_ED_KEY_NEEDCERT),
  263. LOG_INFO, kp1, now, 7200, 7, &cert, NULL);
  264. tt_assert(kp2 != NULL);
  265. tt_assert(cert != NULL);
  266. tt_mem_op(kp1, OP_NE, kp2, sizeof(*kp1));
  267. tt_int_op(stat(get_fname("test_ed_key_2_cert"), &st), OP_EQ, 0);
  268. tt_int_op(stat(get_fname("test_ed_key_2_secret_key"), &st), OP_EQ, 0);
  269. tt_assert(cert->cert_valid == 1);
  270. tt_mem_op(&cert->signed_key, OP_EQ, &kp2->pubkey, 32);
  271. /* Now verify we can load the cert... */
  272. kp3 = ed_key_init_from_file(fname2, (INIT_ED_KEY_CREATE|
  273. INIT_ED_KEY_NEEDCERT),
  274. LOG_INFO, kp1, now, 7200, 7, &cert2, NULL);
  275. tt_mem_op(kp2, OP_EQ, kp3, sizeof(*kp2));
  276. tt_mem_op(cert2->encoded, OP_EQ, cert->encoded, cert->encoded_len);
  277. ed25519_keypair_free(kp3); kp3 = NULL;
  278. tor_cert_free(cert2); cert2 = NULL;
  279. /* ... even without create... */
  280. kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
  281. LOG_INFO, kp1, now, 7200, 7, &cert2, NULL);
  282. tt_mem_op(kp2, OP_EQ, kp3, sizeof(*kp2));
  283. tt_mem_op(cert2->encoded, OP_EQ, cert->encoded, cert->encoded_len);
  284. ed25519_keypair_free(kp3); kp3 = NULL;
  285. tor_cert_free(cert2); cert2 = NULL;
  286. /* ... but that we don't crash or anything if we say we don't want it. */
  287. kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
  288. LOG_INFO, kp1, now, 7200, 7, NULL, NULL);
  289. tt_mem_op(kp2, OP_EQ, kp3, sizeof(*kp2));
  290. ed25519_keypair_free(kp3); kp3 = NULL;
  291. /* Fail if we're told the wrong signing key */
  292. kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
  293. LOG_INFO, kp2, now, 7200, 7, &cert2, NULL);
  294. tt_assert(kp3 == NULL);
  295. tt_assert(cert2 == NULL);
  296. done:
  297. ed25519_keypair_free(kp1);
  298. ed25519_keypair_free(kp2);
  299. ed25519_keypair_free(kp3);
  300. tor_cert_free(cert);
  301. tor_cert_free(cert2);
  302. tor_free(fname1);
  303. tor_free(fname2);
  304. }
  305. static void
  306. test_routerkeys_ed_key_init_split(void *arg)
  307. {
  308. (void) arg;
  309. tor_cert_t *cert = NULL;
  310. ed25519_keypair_t *kp1 = NULL, *kp2 = NULL;
  311. time_t now = time(NULL);
  312. char *fname1 = tor_strdup(get_fname("test_ed_key_3"));
  313. char *fname2 = tor_strdup(get_fname("test_ed_key_4"));
  314. struct stat st;
  315. const uint32_t flags = INIT_ED_KEY_SPLIT|INIT_ED_KEY_MISSING_SECRET_OK;
  316. unlink(fname1);
  317. unlink(fname2);
  318. /* Can't load key that isn't there. */
  319. kp1 = ed_key_init_from_file(fname1, flags, LOG_INFO, NULL, now, 0, 7, &cert,
  320. NULL);
  321. tt_assert(kp1 == NULL);
  322. tt_assert(cert == NULL);
  323. /* Create a split key */
  324. kp1 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
  325. LOG_INFO, NULL, now, 0, 7, &cert, NULL);
  326. tt_assert(kp1 != NULL);
  327. tt_assert(cert == NULL);
  328. tt_int_op(stat(get_fname("test_ed_key_3_cert"), &st), OP_LT, 0);
  329. tt_int_op(stat(get_fname("test_ed_key_3_secret_key"), &st), OP_EQ, 0);
  330. tt_int_op(stat(get_fname("test_ed_key_3_public_key"), &st), OP_EQ, 0);
  331. /* Load it. */
  332. kp2 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
  333. LOG_INFO, NULL, now, 0, 7, &cert, NULL);
  334. tt_assert(kp2 != NULL);
  335. tt_assert(cert == NULL);
  336. tt_mem_op(kp1, OP_EQ, kp2, sizeof(*kp2));
  337. ed25519_keypair_free(kp2); kp2 = NULL;
  338. /* Okay, try killing the secret key and loading it. */
  339. unlink(get_fname("test_ed_key_3_secret_key"));
  340. kp2 = ed_key_init_from_file(fname1, flags,
  341. LOG_INFO, NULL, now, 0, 7, &cert, NULL);
  342. tt_assert(kp2 != NULL);
  343. tt_assert(cert == NULL);
  344. tt_mem_op(&kp1->pubkey, OP_EQ, &kp2->pubkey, sizeof(kp2->pubkey));
  345. tt_assert(tor_mem_is_zero((char*)kp2->seckey.seckey,
  346. sizeof(kp2->seckey.seckey)));
  347. ed25519_keypair_free(kp2); kp2 = NULL;
  348. /* Even when we're told to "create", don't create if there's a public key */
  349. kp2 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
  350. LOG_INFO, NULL, now, 0, 7, &cert, NULL);
  351. tt_assert(kp2 != NULL);
  352. tt_assert(cert == NULL);
  353. tt_mem_op(&kp1->pubkey, OP_EQ, &kp2->pubkey, sizeof(kp2->pubkey));
  354. tt_assert(tor_mem_is_zero((char*)kp2->seckey.seckey,
  355. sizeof(kp2->seckey.seckey)));
  356. ed25519_keypair_free(kp2); kp2 = NULL;
  357. /* Make sure we fail on a tag mismatch, though */
  358. kp2 = ed_key_init_from_file(fname1, flags,
  359. LOG_INFO, NULL, now, 0, 99, &cert, NULL);
  360. tt_assert(kp2 == NULL);
  361. done:
  362. ed25519_keypair_free(kp1);
  363. ed25519_keypair_free(kp2);
  364. tor_cert_free(cert);
  365. tor_free(fname1);
  366. tor_free(fname2);
  367. }
  368. static void
  369. test_routerkeys_ed_keys_init_all(void *arg)
  370. {
  371. (void)arg;
  372. char *dir = tor_strdup(get_fname("test_ed_keys_init_all"));
  373. char *keydir = tor_strdup(get_fname("test_ed_keys_init_all/KEYS"));
  374. or_options_t *options = tor_malloc_zero(sizeof(or_options_t));
  375. time_t now = time(NULL);
  376. ed25519_public_key_t id;
  377. ed25519_keypair_t sign, auth;
  378. tor_cert_t *link_cert = NULL;
  379. get_options_mutable()->ORPort_set = 1;
  380. crypto_pk_t *rsa = pk_generate(0);
  381. set_server_identity_key(rsa);
  382. set_client_identity_key(rsa);
  383. router_initialize_tls_context();
  384. options->SigningKeyLifetime = 30*86400;
  385. options->TestingAuthKeyLifetime = 2*86400;
  386. options->TestingLinkCertLifetime = 2*86400;
  387. options->TestingSigningKeySlop = 2*86400;
  388. options->TestingAuthKeySlop = 2*3600;
  389. options->TestingLinkKeySlop = 2*3600;
  390. #ifdef _WIN32
  391. mkdir(dir);
  392. mkdir(keydir);
  393. #else
  394. mkdir(dir, 0700);
  395. mkdir(keydir, 0700);
  396. #endif /* defined(_WIN32) */
  397. options->DataDirectory = dir;
  398. options->KeyDirectory = keydir;
  399. tt_int_op(1, OP_EQ, load_ed_keys(options, now));
  400. tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0));
  401. tt_assert(get_master_identity_key());
  402. tt_assert(get_master_identity_key());
  403. tt_assert(get_master_signing_keypair());
  404. tt_assert(get_current_auth_keypair());
  405. tt_assert(get_master_signing_key_cert());
  406. tt_assert(get_current_link_cert_cert());
  407. tt_assert(get_current_auth_key_cert());
  408. memcpy(&id, get_master_identity_key(), sizeof(id));
  409. memcpy(&sign, get_master_signing_keypair(), sizeof(sign));
  410. memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
  411. link_cert = tor_cert_dup(get_current_link_cert_cert());
  412. /* Call load_ed_keys again, but nothing has changed. */
  413. tt_int_op(0, OP_EQ, load_ed_keys(options, now));
  414. tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0));
  415. tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
  416. tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign));
  417. tt_mem_op(&auth, OP_EQ, get_current_auth_keypair(), sizeof(auth));
  418. tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert()));
  419. /* Force a reload: we make new link/auth keys. */
  420. routerkeys_free_all();
  421. tt_int_op(1, OP_EQ, load_ed_keys(options, now));
  422. tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0));
  423. tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
  424. tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign));
  425. tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert()));
  426. tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth));
  427. tt_assert(get_master_signing_key_cert());
  428. tt_assert(get_current_link_cert_cert());
  429. tt_assert(get_current_auth_key_cert());
  430. tor_cert_free(link_cert);
  431. link_cert = tor_cert_dup(get_current_link_cert_cert());
  432. memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
  433. /* Force a link/auth-key regeneration by advancing time. */
  434. tt_int_op(0, OP_EQ, load_ed_keys(options, now+3*86400));
  435. tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now+3*86400, 0));
  436. tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
  437. tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign));
  438. tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
  439. tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth));
  440. tt_assert(get_master_signing_key_cert());
  441. tt_assert(get_current_link_cert_cert());
  442. tt_assert(get_current_auth_key_cert());
  443. tor_cert_free(link_cert);
  444. link_cert = tor_cert_dup(get_current_link_cert_cert());
  445. memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
  446. /* Force a signing-key regeneration by advancing time. */
  447. tt_int_op(1, OP_EQ, load_ed_keys(options, now+100*86400));
  448. tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now+100*86400, 0));
  449. tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
  450. tt_mem_op(&sign, OP_NE, get_master_signing_keypair(), sizeof(sign));
  451. tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
  452. tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth));
  453. tt_assert(get_master_signing_key_cert());
  454. tt_assert(get_current_link_cert_cert());
  455. tt_assert(get_current_auth_key_cert());
  456. memcpy(&sign, get_master_signing_keypair(), sizeof(sign));
  457. tor_cert_free(link_cert);
  458. link_cert = tor_cert_dup(get_current_link_cert_cert());
  459. memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
  460. /* Demonstrate that we can start up with no secret identity key */
  461. routerkeys_free_all();
  462. unlink(get_fname("test_ed_keys_init_all/KEYS/"
  463. "ed25519_master_id_secret_key"));
  464. tt_int_op(1, OP_EQ, load_ed_keys(options, now));
  465. tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0));
  466. tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
  467. tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign));
  468. tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
  469. tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth));
  470. tt_assert(get_master_signing_key_cert());
  471. tt_assert(get_current_link_cert_cert());
  472. tt_assert(get_current_auth_key_cert());
  473. /* But we're in trouble if we have no id key and our signing key has
  474. expired. */
  475. log_global_min_severity_ = LOG_ERR; /* Suppress warnings.
  476. * XXX (better way to do this)? */
  477. routerkeys_free_all();
  478. tt_int_op(-1, OP_EQ, load_ed_keys(options, now+200*86400));
  479. done:
  480. tor_free(dir);
  481. tor_free(keydir);
  482. tor_free(options);
  483. tor_cert_free(link_cert);
  484. routerkeys_free_all();
  485. }
  486. static void
  487. test_routerkeys_cross_certify_ntor(void *args)
  488. {
  489. (void) args;
  490. tor_cert_t *cert = NULL;
  491. curve25519_keypair_t onion_keys;
  492. ed25519_public_key_t master_key;
  493. ed25519_public_key_t onion_check_key;
  494. time_t now = time(NULL);
  495. int sign;
  496. tt_int_op(0, OP_EQ, ed25519_public_from_base64(&master_key,
  497. "IamwritingthesetestsOnARainyAfternoonin2014"));
  498. tt_int_op(0, OP_EQ, curve25519_keypair_generate(&onion_keys, 0));
  499. cert = make_ntor_onion_key_crosscert(&onion_keys,
  500. &master_key,
  501. now, 10000,
  502. &sign);
  503. tt_assert(cert);
  504. tt_assert(sign == 0 || sign == 1);
  505. tt_int_op(cert->cert_type, OP_EQ, CERT_TYPE_ONION_ID);
  506. tt_int_op(1, OP_EQ, ed25519_pubkey_eq(&cert->signed_key, &master_key));
  507. tt_int_op(0, OP_EQ, ed25519_public_key_from_curve25519_public_key(
  508. &onion_check_key, &onion_keys.pubkey, sign));
  509. tt_int_op(0, OP_EQ, tor_cert_checksig(cert, &onion_check_key, now));
  510. done:
  511. tor_cert_free(cert);
  512. }
  513. static void
  514. test_routerkeys_cross_certify_tap(void *args)
  515. {
  516. (void)args;
  517. uint8_t *cc = NULL;
  518. int cc_len;
  519. ed25519_public_key_t master_key;
  520. crypto_pk_t *onion_key = pk_generate(2), *id_key = pk_generate(1);
  521. char digest[20];
  522. char buf[128];
  523. int n;
  524. tt_int_op(0, OP_EQ, ed25519_public_from_base64(&master_key,
  525. "IAlreadyWroteTestsForRouterdescsUsingTheseX"));
  526. cc = make_tap_onion_key_crosscert(onion_key,
  527. &master_key,
  528. id_key, &cc_len);
  529. tt_assert(cc);
  530. tt_assert(cc_len);
  531. n = crypto_pk_public_checksig(onion_key, buf, sizeof(buf),
  532. (char*)cc, cc_len);
  533. tt_int_op(n,OP_GT,0);
  534. tt_int_op(n,OP_EQ,52);
  535. crypto_pk_get_digest(id_key, digest);
  536. tt_mem_op(buf,OP_EQ,digest,20);
  537. tt_mem_op(buf+20,OP_EQ,master_key.pubkey,32);
  538. tt_int_op(0, OP_EQ, check_tap_onion_key_crosscert(cc, cc_len,
  539. onion_key, &master_key, (uint8_t*)digest));
  540. done:
  541. tor_free(cc);
  542. crypto_pk_free(id_key);
  543. crypto_pk_free(onion_key);
  544. }
  545. static void
  546. test_routerkeys_rsa_ed_crosscert(void *arg)
  547. {
  548. (void)arg;
  549. ed25519_public_key_t ed;
  550. crypto_pk_t *rsa = pk_generate(2);
  551. uint8_t *cc = NULL;
  552. ssize_t cc_len;
  553. time_t expires_in = 1470846177;
  554. tt_int_op(0, OP_EQ, ed25519_public_from_base64(&ed,
  555. "ThisStringCanContainAnythingSoNoKeyHereNowX"));
  556. cc_len = tor_make_rsa_ed25519_crosscert(&ed, rsa, expires_in, &cc);
  557. tt_int_op(cc_len, OP_GT, 0);
  558. tt_int_op(cc_len, OP_GT, 37); /* key, expires, siglen */
  559. tt_mem_op(cc, OP_EQ, ed.pubkey, 32);
  560. time_t expires_out = 3600 * ntohl(get_uint32(cc+32));
  561. tt_int_op(expires_out, OP_GE, expires_in);
  562. tt_int_op(expires_out, OP_LE, expires_in + 3600);
  563. tt_int_op(cc_len, OP_EQ, 37 + get_uint8(cc+36));
  564. tt_int_op(0, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
  565. expires_in - 10));
  566. /* Now try after it has expired */
  567. tt_int_op(-4, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
  568. expires_out + 1));
  569. /* Truncated object */
  570. tt_int_op(-2, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len - 2, rsa, &ed,
  571. expires_in - 10));
  572. /* Key not as expected */
  573. cc[0] ^= 3;
  574. tt_int_op(-3, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
  575. expires_in - 10));
  576. cc[0] ^= 3;
  577. /* Bad signature */
  578. cc[40] ^= 3;
  579. tt_int_op(-5, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
  580. expires_in - 10));
  581. cc[40] ^= 3;
  582. /* Signature of wrong data */
  583. cc[0] ^= 3;
  584. ed.pubkey[0] ^= 3;
  585. tt_int_op(-6, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
  586. expires_in - 10));
  587. cc[0] ^= 3;
  588. ed.pubkey[0] ^= 3;
  589. done:
  590. crypto_pk_free(rsa);
  591. tor_free(cc);
  592. }
  593. #define TEST(name, flags) \
  594. { #name , test_routerkeys_ ## name, (flags), NULL, NULL }
  595. struct testcase_t routerkeys_tests[] = {
  596. TEST(write_fingerprint, TT_FORK),
  597. TEST(ed_certs, TT_FORK),
  598. TEST(ed_key_create, TT_FORK),
  599. TEST(ed_key_init_basic, TT_FORK),
  600. TEST(ed_key_init_split, TT_FORK),
  601. TEST(ed_keys_init_all, TT_FORK),
  602. TEST(cross_certify_ntor, 0),
  603. TEST(cross_certify_tap, 0),
  604. TEST(rsa_ed_crosscert, 0),
  605. END_OF_TESTCASES
  606. };