1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2021, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5
6 #include "orconfig.h"
7 #define ROUTER_PRIVATE
8 #include "core/or/or.h"
9 #include "app/config/config.h"
10 #include "feature/relay/router.h"
11 #include "feature/relay/routerkeys.h"
12 #include "lib/crypt_ops/crypto_cipher.h"
13 #include "lib/crypt_ops/crypto_format.h"
14 #include "feature/keymgt/loadkey.h"
15 #include "feature/nodelist/torcert.h"
16 #include "test/test.h"
17
18 #ifdef _WIN32
19 /* For mkdir() */
20 #include <direct.h>
21 #endif
22
23 #ifdef HAVE_UNISTD_H
24 #include <unistd.h>
25 #endif
26 #ifdef HAVE_SYS_STAT_H
27 #include <sys/stat.h>
28 #endif
29
30 static void
test_routerkeys_write_fingerprint(void * arg)31 test_routerkeys_write_fingerprint(void *arg)
32 {
33 crypto_pk_t *key = pk_generate(2);
34 or_options_t *options = get_options_mutable();
35 const char *ddir = get_fname("write_fingerprint");
36 char *cp = NULL, *cp2 = NULL;
37 char fp[FINGERPRINT_LEN+1];
38
39 (void)arg;
40
41 tt_assert(key);
42
43 options->ORPort_set = 1; /* So that we can get the server ID key */
44 tor_free(options->DataDirectory);
45 options->DataDirectory = tor_strdup(ddir);
46 options->Nickname = tor_strdup("haflinger");
47 set_server_identity_key(key);
48 set_client_identity_key(crypto_pk_dup_key(key));
49
50 tt_int_op(0, OP_EQ, check_private_dir(ddir, CPD_CREATE, NULL));
51 tt_int_op(crypto_pk_cmp_keys(get_server_identity_key(),key),OP_EQ,0);
52
53 /* Write fingerprint file */
54 tt_int_op(0, OP_EQ, router_write_fingerprint(0, 0));
55 cp = read_file_to_str(get_fname("write_fingerprint/fingerprint"),
56 0, NULL);
57 crypto_pk_get_fingerprint(key, fp, 0);
58 tor_asprintf(&cp2, "haflinger %s\n", fp);
59 tt_str_op(cp, OP_EQ, cp2);
60 tor_free(cp);
61 tor_free(cp2);
62
63 /* Write hashed-fingerprint file */
64 tt_int_op(0, OP_EQ, router_write_fingerprint(1, 0));
65 cp = read_file_to_str(get_fname("write_fingerprint/hashed-fingerprint"),
66 0, NULL);
67 crypto_pk_get_hashed_fingerprint(key, fp);
68 tor_asprintf(&cp2, "haflinger %s\n", fp);
69 tt_str_op(cp, OP_EQ, cp2);
70 tor_free(cp);
71 tor_free(cp2);
72
73 /* Replace outdated file */
74 write_str_to_file(get_fname("write_fingerprint/hashed-fingerprint"),
75 "junk goes here", 0);
76 tt_int_op(0, OP_EQ, router_write_fingerprint(1, 0));
77 cp = read_file_to_str(get_fname("write_fingerprint/hashed-fingerprint"),
78 0, NULL);
79 crypto_pk_get_hashed_fingerprint(key, fp);
80 tor_asprintf(&cp2, "haflinger %s\n", fp);
81 tt_str_op(cp, OP_EQ, cp2);
82 tor_free(cp);
83 tor_free(cp2);
84
85 done:
86 crypto_pk_free(key);
87 set_client_identity_key(NULL);
88 tor_free(cp);
89 tor_free(cp2);
90 }
91
92 static void
test_routerkeys_write_ed25519_identity(void * arg)93 test_routerkeys_write_ed25519_identity(void *arg)
94 {
95 crypto_pk_t *key = pk_generate(2);
96 or_options_t *options = get_options_mutable();
97 time_t now = time(NULL);
98 const char *ddir = get_fname("write_fingerprint");
99 char *cp = NULL, *cp2 = NULL;
100 char ed25519_id[BASE64_DIGEST256_LEN + 1];
101
102 (void) arg;
103
104 tt_assert(key);
105
106 options->ORPort_set = 1; /* So that we can get the server ID key */
107 tor_free(options->DataDirectory);
108 options->DataDirectory = tor_strdup(ddir);
109 options->Nickname = tor_strdup("haflinger");
110 set_server_identity_key(key);
111 set_client_identity_key(crypto_pk_dup_key(key));
112
113 load_ed_keys(options, now);
114 tt_assert(get_master_identity_key());
115
116 tt_int_op(0, OP_EQ, check_private_dir(ddir, CPD_CREATE, NULL));
117
118 /* Write fingerprint file */
119 tt_int_op(0, OP_EQ, router_write_fingerprint(0, 1));
120 cp = read_file_to_str(get_fname("write_fingerprint/fingerprint-ed25519"),
121 0, NULL);
122 digest256_to_base64(ed25519_id,
123 (const char *) get_master_identity_key()->pubkey);
124 tor_asprintf(&cp2, "haflinger %s\n", ed25519_id);
125 tt_str_op(cp, OP_EQ, cp2);
126 tor_free(cp);
127 tor_free(cp2);
128
129 done:
130 crypto_pk_free(key);
131 set_client_identity_key(NULL);
132 tor_free(cp);
133 tor_free(cp2);
134 routerkeys_free_all();
135 }
136
137 static void
test_routerkeys_ed_certs(void * args)138 test_routerkeys_ed_certs(void *args)
139 {
140 (void)args;
141 ed25519_keypair_t kp1, kp2;
142 tor_cert_t *cert[2] = {NULL, NULL}, *nocert = NULL;
143 tor_cert_t *parsed_cert[2] = {NULL, NULL};
144 time_t now = 1412094534;
145 uint8_t *junk = NULL;
146 char *base64 = NULL;
147
148 tt_int_op(0,OP_EQ,ed25519_keypair_generate(&kp1, 0));
149 tt_int_op(0,OP_EQ,ed25519_keypair_generate(&kp2, 0));
150
151 for (int i = 0; i <= 1; ++i) {
152 uint32_t flags = i ? CERT_FLAG_INCLUDE_SIGNING_KEY : 0;
153
154 cert[i] = tor_cert_create_ed25519(&kp1, 5, &kp2.pubkey, now, 10000, flags);
155 tt_assert(cert[i]);
156
157 tt_uint_op(cert[i]->sig_bad, OP_EQ, 0);
158 tt_uint_op(cert[i]->sig_ok, OP_EQ, 1);
159 tt_uint_op(cert[i]->cert_expired, OP_EQ, 0);
160 tt_uint_op(cert[i]->cert_valid, OP_EQ, 1);
161 tt_int_op(cert[i]->cert_type, OP_EQ, 5);
162 tt_mem_op(cert[i]->signed_key.pubkey, OP_EQ, &kp2.pubkey.pubkey, 32);
163 tt_mem_op(cert[i]->signing_key.pubkey, OP_EQ, &kp1.pubkey.pubkey, 32);
164 tt_int_op(cert[i]->signing_key_included, OP_EQ, i);
165
166 tt_assert(cert[i]->encoded);
167 tt_int_op(cert[i]->encoded_len, OP_EQ, 104 + 36 * i);
168 tt_int_op(cert[i]->encoded[0], OP_EQ, 1);
169 tt_int_op(cert[i]->encoded[1], OP_EQ, 5);
170
171 parsed_cert[i] = tor_cert_parse(cert[i]->encoded, cert[i]->encoded_len);
172 tt_assert(parsed_cert[i]);
173 tt_int_op(cert[i]->encoded_len, OP_EQ, parsed_cert[i]->encoded_len);
174 tt_mem_op(cert[i]->encoded, OP_EQ, parsed_cert[i]->encoded,
175 cert[i]->encoded_len);
176 tt_uint_op(parsed_cert[i]->sig_bad, OP_EQ, 0);
177 tt_uint_op(parsed_cert[i]->sig_ok, OP_EQ, 0);
178 tt_uint_op(parsed_cert[i]->cert_expired, OP_EQ, 0);
179 tt_uint_op(parsed_cert[i]->cert_valid, OP_EQ, 0);
180
181 /* Expired */
182 tt_int_op(tor_cert_checksig(parsed_cert[i], &kp1.pubkey, now + 30000),
183 OP_LT, 0);
184 tt_uint_op(parsed_cert[i]->cert_expired, OP_EQ, 1);
185 parsed_cert[i]->cert_expired = 0;
186
187 /* Wrong key */
188 tt_int_op(tor_cert_checksig(parsed_cert[i], &kp2.pubkey, now), OP_LT, 0);
189 tt_uint_op(parsed_cert[i]->sig_bad, OP_EQ, 1);
190 parsed_cert[i]->sig_bad = 0;
191
192 /* Missing key */
193 int ok = tor_cert_checksig(parsed_cert[i], NULL, now);
194 tt_int_op(ok < 0, OP_EQ, i == 0);
195 tt_uint_op(parsed_cert[i]->sig_bad, OP_EQ, 0);
196 tt_assert(parsed_cert[i]->sig_ok == (i != 0));
197 tt_assert(parsed_cert[i]->cert_valid == (i != 0));
198 parsed_cert[i]->sig_bad = 0;
199 parsed_cert[i]->sig_ok = 0;
200 parsed_cert[i]->cert_valid = 0;
201
202 /* Right key */
203 tt_int_op(tor_cert_checksig(parsed_cert[i], &kp1.pubkey, now), OP_EQ, 0);
204 tt_uint_op(parsed_cert[i]->sig_bad, OP_EQ, 0);
205 tt_uint_op(parsed_cert[i]->sig_ok, OP_EQ, 1);
206 tt_uint_op(parsed_cert[i]->cert_expired, OP_EQ, 0);
207 tt_uint_op(parsed_cert[i]->cert_valid, OP_EQ, 1);
208 }
209
210 /* Now try some junky certs. */
211 /* - Truncated */
212 nocert = tor_cert_parse(cert[0]->encoded, cert[0]->encoded_len-1);
213 tt_ptr_op(NULL, OP_EQ, nocert);
214
215 /* - First byte modified */
216 cert[0]->encoded[0] = 99;
217 nocert = tor_cert_parse(cert[0]->encoded, cert[0]->encoded_len);
218 tt_ptr_op(NULL, OP_EQ, nocert);
219 cert[0]->encoded[0] = 1;
220
221 /* - Extra byte at the end*/
222 junk = tor_malloc_zero(cert[0]->encoded_len + 1);
223 memcpy(junk, cert[0]->encoded, cert[0]->encoded_len);
224 nocert = tor_cert_parse(junk, cert[0]->encoded_len+1);
225 tt_ptr_op(NULL, OP_EQ, nocert);
226
227 /* - Multiple signing key instances */
228 tor_free(junk);
229 junk = tor_malloc_zero(104 + 36 * 2);
230 junk[0] = 1; /* version */
231 junk[1] = 5; /* cert type */
232 junk[6] = 1; /* key type */
233 junk[39] = 2; /* n_extensions */
234 junk[41] = 32; /* extlen */
235 junk[42] = 4; /* exttype */
236 junk[77] = 32; /* extlen */
237 junk[78] = 4; /* exttype */
238 nocert = tor_cert_parse(junk, 104 + 36 * 2);
239 tt_ptr_op(NULL, OP_EQ, nocert);
240
241 done:
242 tor_cert_free(cert[0]);
243 tor_cert_free(cert[1]);
244 tor_cert_free(parsed_cert[0]);
245 tor_cert_free(parsed_cert[1]);
246 tor_cert_free(nocert);
247 tor_free(junk);
248 tor_free(base64);
249 }
250
251 static void
test_routerkeys_ed_key_create(void * arg)252 test_routerkeys_ed_key_create(void *arg)
253 {
254 (void)arg;
255 tor_cert_t *cert = NULL;
256 ed25519_keypair_t *kp1 = NULL, *kp2 = NULL;
257 time_t now = time(NULL);
258
259 /* This is a simple alias for 'make a new keypair' */
260 kp1 = ed_key_new(NULL, 0, 0, 0, 0, &cert);
261 tt_assert(kp1);
262
263 /* Create a new certificate signed by kp1. */
264 kp2 = ed_key_new(kp1, INIT_ED_KEY_NEEDCERT, now, 3600, 4, &cert);
265 tt_assert(kp2);
266 tt_assert(cert);
267 tt_mem_op(&cert->signed_key, OP_EQ, &kp2->pubkey,
268 sizeof(ed25519_public_key_t));
269 tt_assert(! cert->signing_key_included);
270
271 tt_int_op(cert->valid_until, OP_GE, now);
272 tt_int_op(cert->valid_until, OP_LE, now+7200);
273
274 /* Create a new key-including certificate signed by kp1 */
275 ed25519_keypair_free(kp2);
276 tor_cert_free(cert);
277 cert = NULL; kp2 = NULL;
278 kp2 = ed_key_new(kp1, (INIT_ED_KEY_NEEDCERT|
279 INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT),
280 now, 3600, 4, &cert);
281 tt_assert(kp2);
282 tt_assert(cert);
283 tt_assert(cert->signing_key_included);
284 tt_mem_op(&cert->signed_key, OP_EQ, &kp2->pubkey,
285 sizeof(ed25519_public_key_t));
286 tt_mem_op(&cert->signing_key, OP_EQ, &kp1->pubkey,
287 sizeof(ed25519_public_key_t));
288
289 done:
290 ed25519_keypair_free(kp1);
291 ed25519_keypair_free(kp2);
292 tor_cert_free(cert);
293 }
294
295 static void
test_routerkeys_ed_key_init_basic(void * arg)296 test_routerkeys_ed_key_init_basic(void *arg)
297 {
298 (void) arg;
299
300 tor_cert_t *cert = NULL, *cert2 = NULL;
301 ed25519_keypair_t *kp1 = NULL, *kp2 = NULL, *kp3 = NULL;
302 time_t now = time(NULL);
303 char *fname1 = tor_strdup(get_fname("test_ed_key_1"));
304 char *fname2 = tor_strdup(get_fname("test_ed_key_2"));
305 struct stat st;
306
307 unlink(fname1);
308 unlink(fname2);
309
310 /* Fail to load a key that isn't there. */
311 kp1 = ed_key_init_from_file(fname1, 0, LOG_INFO, NULL, now, 0, 7, &cert,
312 NULL);
313 tt_assert(kp1 == NULL);
314 tt_assert(cert == NULL);
315
316 /* Create the key if requested to do so. */
317 kp1 = ed_key_init_from_file(fname1, INIT_ED_KEY_CREATE, LOG_INFO,
318 NULL, now, 0, 7, &cert, NULL);
319 tt_assert(kp1 != NULL);
320 tt_assert(cert == NULL);
321 tt_int_op(stat(get_fname("test_ed_key_1_cert"), &st), OP_LT, 0);
322 tt_int_op(stat(get_fname("test_ed_key_1_secret_key"), &st), OP_EQ, 0);
323
324 /* Fail to load if we say we need a cert */
325 kp2 = ed_key_init_from_file(fname1, INIT_ED_KEY_NEEDCERT, LOG_INFO,
326 NULL, now, 0, 7, &cert, NULL);
327 tt_assert(kp2 == NULL);
328
329 /* Fail to load if we say the wrong key type */
330 kp2 = ed_key_init_from_file(fname1, 0, LOG_INFO,
331 NULL, now, 0, 6, &cert, NULL);
332 tt_assert(kp2 == NULL);
333
334 /* Load successfully if we're not picky, whether we say "create" or not. */
335 kp2 = ed_key_init_from_file(fname1, INIT_ED_KEY_CREATE, LOG_INFO,
336 NULL, now, 0, 7, &cert, NULL);
337 tt_assert(kp2 != NULL);
338 tt_assert(cert == NULL);
339 tt_mem_op(kp1, OP_EQ, kp2, sizeof(*kp1));
340 ed25519_keypair_free(kp2); kp2 = NULL;
341
342 kp2 = ed_key_init_from_file(fname1, 0, LOG_INFO,
343 NULL, now, 0, 7, &cert, NULL);
344 tt_assert(kp2 != NULL);
345 tt_assert(cert == NULL);
346 tt_mem_op(kp1, OP_EQ, kp2, sizeof(*kp1));
347 ed25519_keypair_free(kp2); kp2 = NULL;
348
349 /* Now create a key with a cert. */
350 kp2 = ed_key_init_from_file(fname2, (INIT_ED_KEY_CREATE|
351 INIT_ED_KEY_NEEDCERT),
352 LOG_INFO, kp1, now, 7200, 7, &cert, NULL);
353 tt_assert(kp2 != NULL);
354 tt_assert(cert != NULL);
355 tt_mem_op(kp1, OP_NE, kp2, sizeof(*kp1));
356 tt_int_op(stat(get_fname("test_ed_key_2_cert"), &st), OP_EQ, 0);
357 tt_int_op(stat(get_fname("test_ed_key_2_secret_key"), &st), OP_EQ, 0);
358
359 tt_assert(cert->cert_valid == 1);
360 tt_mem_op(&cert->signed_key, OP_EQ, &kp2->pubkey, 32);
361
362 /* Now verify we can load the cert... */
363 kp3 = ed_key_init_from_file(fname2, (INIT_ED_KEY_CREATE|
364 INIT_ED_KEY_NEEDCERT),
365 LOG_INFO, kp1, now, 7200, 7, &cert2, NULL);
366 tt_mem_op(kp2, OP_EQ, kp3, sizeof(*kp2));
367 tt_mem_op(cert2->encoded, OP_EQ, cert->encoded, cert->encoded_len);
368 ed25519_keypair_free(kp3); kp3 = NULL;
369 tor_cert_free(cert2); cert2 = NULL;
370
371 /* ... even without create... */
372 kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
373 LOG_INFO, kp1, now, 7200, 7, &cert2, NULL);
374 tt_mem_op(kp2, OP_EQ, kp3, sizeof(*kp2));
375 tt_mem_op(cert2->encoded, OP_EQ, cert->encoded, cert->encoded_len);
376 ed25519_keypair_free(kp3); kp3 = NULL;
377 tor_cert_free(cert2); cert2 = NULL;
378
379 /* ... but that we don't crash or anything if we say we don't want it. */
380 kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
381 LOG_INFO, kp1, now, 7200, 7, NULL, NULL);
382 tt_mem_op(kp2, OP_EQ, kp3, sizeof(*kp2));
383 ed25519_keypair_free(kp3); kp3 = NULL;
384
385 /* Fail if we're told the wrong signing key */
386 kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
387 LOG_INFO, kp2, now, 7200, 7, &cert2, NULL);
388 tt_assert(kp3 == NULL);
389 tt_assert(cert2 == NULL);
390
391 done:
392 ed25519_keypair_free(kp1);
393 ed25519_keypair_free(kp2);
394 ed25519_keypair_free(kp3);
395 tor_cert_free(cert);
396 tor_cert_free(cert2);
397 tor_free(fname1);
398 tor_free(fname2);
399 }
400
401 static void
test_routerkeys_ed_key_init_split(void * arg)402 test_routerkeys_ed_key_init_split(void *arg)
403 {
404 (void) arg;
405
406 tor_cert_t *cert = NULL;
407 ed25519_keypair_t *kp1 = NULL, *kp2 = NULL;
408 time_t now = time(NULL);
409 char *fname1 = tor_strdup(get_fname("test_ed_key_3"));
410 char *fname2 = tor_strdup(get_fname("test_ed_key_4"));
411 struct stat st;
412 const uint32_t flags = INIT_ED_KEY_SPLIT|INIT_ED_KEY_MISSING_SECRET_OK;
413
414 unlink(fname1);
415 unlink(fname2);
416
417 /* Can't load key that isn't there. */
418 kp1 = ed_key_init_from_file(fname1, flags, LOG_INFO, NULL, now, 0, 7, &cert,
419 NULL);
420 tt_assert(kp1 == NULL);
421 tt_assert(cert == NULL);
422
423 /* Create a split key */
424 kp1 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
425 LOG_INFO, NULL, now, 0, 7, &cert, NULL);
426 tt_assert(kp1 != NULL);
427 tt_assert(cert == NULL);
428 tt_int_op(stat(get_fname("test_ed_key_3_cert"), &st), OP_LT, 0);
429 tt_int_op(stat(get_fname("test_ed_key_3_secret_key"), &st), OP_EQ, 0);
430 tt_int_op(stat(get_fname("test_ed_key_3_public_key"), &st), OP_EQ, 0);
431
432 /* Load it. */
433 kp2 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
434 LOG_INFO, NULL, now, 0, 7, &cert, NULL);
435 tt_assert(kp2 != NULL);
436 tt_assert(cert == NULL);
437 tt_mem_op(kp1, OP_EQ, kp2, sizeof(*kp2));
438 ed25519_keypair_free(kp2); kp2 = NULL;
439
440 /* Okay, try killing the secret key and loading it. */
441 unlink(get_fname("test_ed_key_3_secret_key"));
442 kp2 = ed_key_init_from_file(fname1, flags,
443 LOG_INFO, NULL, now, 0, 7, &cert, NULL);
444 tt_assert(kp2 != NULL);
445 tt_assert(cert == NULL);
446 tt_mem_op(&kp1->pubkey, OP_EQ, &kp2->pubkey, sizeof(kp2->pubkey));
447 tt_assert(fast_mem_is_zero((char*)kp2->seckey.seckey,
448 sizeof(kp2->seckey.seckey)));
449 ed25519_keypair_free(kp2); kp2 = NULL;
450
451 /* Even when we're told to "create", don't create if there's a public key */
452 kp2 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
453 LOG_INFO, NULL, now, 0, 7, &cert, NULL);
454 tt_assert(kp2 != NULL);
455 tt_assert(cert == NULL);
456 tt_mem_op(&kp1->pubkey, OP_EQ, &kp2->pubkey, sizeof(kp2->pubkey));
457 tt_assert(fast_mem_is_zero((char*)kp2->seckey.seckey,
458 sizeof(kp2->seckey.seckey)));
459 ed25519_keypair_free(kp2); kp2 = NULL;
460
461 /* Make sure we fail on a tag mismatch, though */
462 kp2 = ed_key_init_from_file(fname1, flags,
463 LOG_INFO, NULL, now, 0, 99, &cert, NULL);
464 tt_assert(kp2 == NULL);
465
466 done:
467 ed25519_keypair_free(kp1);
468 ed25519_keypair_free(kp2);
469 tor_cert_free(cert);
470 tor_free(fname1);
471 tor_free(fname2);
472 }
473
474 static void
test_routerkeys_ed_keys_init_all(void * arg)475 test_routerkeys_ed_keys_init_all(void *arg)
476 {
477 (void)arg;
478 char *dir = tor_strdup(get_fname("test_ed_keys_init_all"));
479 char *keydir = tor_strdup(get_fname("test_ed_keys_init_all/KEYS"));
480 or_options_t *options = tor_malloc_zero(sizeof(or_options_t));
481 time_t now = time(NULL);
482 ed25519_public_key_t id;
483 ed25519_keypair_t sign, auth;
484 tor_cert_t *link_cert = NULL;
485
486 get_options_mutable()->ORPort_set = 1;
487
488 crypto_pk_t *rsa = pk_generate(0);
489
490 set_server_identity_key(rsa);
491 set_client_identity_key(rsa);
492
493 router_initialize_tls_context();
494
495 options->SigningKeyLifetime = 30*86400;
496 options->TestingAuthKeyLifetime = 2*86400;
497 options->TestingLinkCertLifetime = 2*86400;
498 options->TestingSigningKeySlop = 2*86400;
499 options->TestingAuthKeySlop = 2*3600;
500 options->TestingLinkKeySlop = 2*3600;
501
502 #ifdef _WIN32
503 tt_int_op(0, OP_EQ, mkdir(dir));
504 tt_int_op(0, OP_EQ, mkdir(keydir));
505 #else
506 tt_int_op(0, OP_EQ, mkdir(dir, 0700));
507 tt_int_op(0, OP_EQ, mkdir(keydir, 0700));
508 #endif /* defined(_WIN32) */
509
510 options->DataDirectory = dir;
511 options->KeyDirectory = keydir;
512
513 tt_int_op(1, OP_EQ, load_ed_keys(options, now));
514 tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0));
515 tt_assert(get_master_identity_key());
516 tt_assert(get_master_identity_key());
517 tt_assert(get_master_signing_keypair());
518 tt_assert(get_current_auth_keypair());
519 tt_assert(get_master_signing_key_cert());
520 tt_assert(get_current_link_cert_cert());
521 tt_assert(get_current_auth_key_cert());
522 memcpy(&id, get_master_identity_key(), sizeof(id));
523 memcpy(&sign, get_master_signing_keypair(), sizeof(sign));
524 memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
525 link_cert = tor_cert_dup(get_current_link_cert_cert());
526
527 /* Call load_ed_keys again, but nothing has changed. */
528 tt_int_op(0, OP_EQ, load_ed_keys(options, now));
529 tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0));
530 tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
531 tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign));
532 tt_mem_op(&auth, OP_EQ, get_current_auth_keypair(), sizeof(auth));
533 tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert()));
534
535 /* Force a reload: we make new link/auth keys. */
536 routerkeys_free_all();
537 tt_int_op(1, OP_EQ, load_ed_keys(options, now));
538 tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0));
539 tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
540 tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign));
541 tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert()));
542 tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth));
543 tt_assert(get_master_signing_key_cert());
544 tt_assert(get_current_link_cert_cert());
545 tt_assert(get_current_auth_key_cert());
546 tor_cert_free(link_cert);
547 link_cert = tor_cert_dup(get_current_link_cert_cert());
548 memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
549
550 /* Force a link/auth-key regeneration by advancing time. */
551 tt_int_op(0, OP_EQ, load_ed_keys(options, now+3*86400));
552 tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now+3*86400, 0));
553 tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
554 tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign));
555 tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
556 tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth));
557 tt_assert(get_master_signing_key_cert());
558 tt_assert(get_current_link_cert_cert());
559 tt_assert(get_current_auth_key_cert());
560 tor_cert_free(link_cert);
561 link_cert = tor_cert_dup(get_current_link_cert_cert());
562 memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
563
564 /* Force a signing-key regeneration by advancing time. */
565 tt_int_op(1, OP_EQ, load_ed_keys(options, now+100*86400));
566 tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now+100*86400, 0));
567 tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
568 tt_mem_op(&sign, OP_NE, get_master_signing_keypair(), sizeof(sign));
569 tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
570 tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth));
571 tt_assert(get_master_signing_key_cert());
572 tt_assert(get_current_link_cert_cert());
573 tt_assert(get_current_auth_key_cert());
574 memcpy(&sign, get_master_signing_keypair(), sizeof(sign));
575 tor_cert_free(link_cert);
576 link_cert = tor_cert_dup(get_current_link_cert_cert());
577 memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
578
579 /* Demonstrate that we can start up with no secret identity key */
580 routerkeys_free_all();
581 unlink(get_fname("test_ed_keys_init_all/KEYS/"
582 "ed25519_master_id_secret_key"));
583 tt_int_op(1, OP_EQ, load_ed_keys(options, now));
584 tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0));
585 tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id));
586 tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign));
587 tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
588 tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth));
589 tt_assert(get_master_signing_key_cert());
590 tt_assert(get_current_link_cert_cert());
591 tt_assert(get_current_auth_key_cert());
592
593 /* But we're in trouble if we have no id key and our signing key has
594 expired. */
595 log_global_min_severity_ = LOG_ERR; /* Suppress warnings.
596 * XXX (better way to do this)? */
597 routerkeys_free_all();
598 tt_int_op(-1, OP_EQ, load_ed_keys(options, now+200*86400));
599
600 done:
601 tor_free(dir);
602 tor_free(keydir);
603 tor_free(options);
604 tor_cert_free(link_cert);
605 routerkeys_free_all();
606 }
607
608 static void
test_routerkeys_cross_certify_ntor(void * args)609 test_routerkeys_cross_certify_ntor(void *args)
610 {
611 (void) args;
612
613 tor_cert_t *cert = NULL;
614 curve25519_keypair_t onion_keys;
615 ed25519_public_key_t master_key;
616 ed25519_public_key_t onion_check_key;
617 time_t now = time(NULL);
618 int sign;
619
620 tt_int_op(0, OP_EQ, ed25519_public_from_base64(&master_key,
621 "IamwritingthesetestsOnARainyAfternoonin2014"));
622 tt_int_op(0, OP_EQ, curve25519_keypair_generate(&onion_keys, 0));
623 cert = make_ntor_onion_key_crosscert(&onion_keys,
624 &master_key,
625 now, 10000,
626 &sign);
627 tt_assert(cert);
628 tt_assert(sign == 0 || sign == 1);
629 tt_int_op(cert->cert_type, OP_EQ, CERT_TYPE_ONION_ID);
630 tt_int_op(1, OP_EQ, ed25519_pubkey_eq(&cert->signed_key, &master_key));
631 tt_int_op(0, OP_EQ, ed25519_public_key_from_curve25519_public_key(
632 &onion_check_key, &onion_keys.pubkey, sign));
633 tt_int_op(0, OP_EQ, tor_cert_checksig(cert, &onion_check_key, now));
634
635 done:
636 tor_cert_free(cert);
637 }
638
639 static void
test_routerkeys_cross_certify_tap(void * args)640 test_routerkeys_cross_certify_tap(void *args)
641 {
642 (void)args;
643 uint8_t *cc = NULL;
644 int cc_len;
645 ed25519_public_key_t master_key;
646 crypto_pk_t *onion_key = pk_generate(2), *id_key = pk_generate(1);
647 char digest[20];
648 char buf[128];
649 int n;
650
651 tt_int_op(0, OP_EQ, ed25519_public_from_base64(&master_key,
652 "IAlreadyWroteTestsForRouterdescsUsingTheseX"));
653
654 cc = make_tap_onion_key_crosscert(onion_key,
655 &master_key,
656 id_key, &cc_len);
657 tt_assert(cc);
658 tt_assert(cc_len);
659
660 n = crypto_pk_public_checksig(onion_key, buf, sizeof(buf),
661 (char*)cc, cc_len);
662 tt_int_op(n,OP_GT,0);
663 tt_int_op(n,OP_EQ,52);
664
665 crypto_pk_get_digest(id_key, digest);
666 tt_mem_op(buf,OP_EQ,digest,20);
667 tt_mem_op(buf+20,OP_EQ,master_key.pubkey,32);
668
669 tt_int_op(0, OP_EQ, check_tap_onion_key_crosscert(cc, cc_len,
670 onion_key, &master_key, (uint8_t*)digest));
671
672 done:
673 tor_free(cc);
674 crypto_pk_free(id_key);
675 crypto_pk_free(onion_key);
676 }
677
678 static void
test_routerkeys_rsa_ed_crosscert(void * arg)679 test_routerkeys_rsa_ed_crosscert(void *arg)
680 {
681 (void)arg;
682 ed25519_public_key_t ed;
683 crypto_pk_t *rsa = pk_generate(2);
684
685 uint8_t *cc = NULL;
686 ssize_t cc_len;
687 time_t expires_in = 1470846177;
688
689 tt_int_op(0, OP_EQ, ed25519_public_from_base64(&ed,
690 "ThisStringCanContainAnythingSoNoKeyHereNowX"));
691 cc_len = tor_make_rsa_ed25519_crosscert(&ed, rsa, expires_in, &cc);
692
693 tt_int_op(cc_len, OP_GT, 0);
694 tt_int_op(cc_len, OP_GT, 37); /* key, expires, siglen */
695 tt_mem_op(cc, OP_EQ, ed.pubkey, 32);
696 time_t expires_out = 3600 * ntohl(get_uint32(cc+32));
697 tt_int_op(expires_out, OP_GE, expires_in);
698 tt_int_op(expires_out, OP_LE, expires_in + 3600);
699
700 tt_int_op(cc_len, OP_EQ, 37 + get_uint8(cc+36));
701
702 tt_int_op(0, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
703 expires_in - 10));
704
705 /* Now try after it has expired */
706 tt_int_op(-4, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
707 expires_out + 1));
708
709 /* Truncated object */
710 tt_int_op(-2, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len - 2, rsa, &ed,
711 expires_in - 10));
712
713 /* Key not as expected */
714 cc[0] ^= 3;
715 tt_int_op(-3, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
716 expires_in - 10));
717 cc[0] ^= 3;
718
719 /* Bad signature */
720 cc[40] ^= 3;
721 tt_int_op(-5, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
722 expires_in - 10));
723 cc[40] ^= 3;
724
725 /* Signature of wrong data */
726 cc[0] ^= 3;
727 ed.pubkey[0] ^= 3;
728 tt_int_op(-6, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
729 expires_in - 10));
730 cc[0] ^= 3;
731 ed.pubkey[0] ^= 3;
732
733 done:
734 crypto_pk_free(rsa);
735 tor_free(cc);
736 }
737
738 #define TEST(name, flags) \
739 { #name , test_routerkeys_ ## name, (flags), NULL, NULL }
740
741 struct testcase_t routerkeys_tests[] = {
742 TEST(write_fingerprint, TT_FORK),
743 TEST(write_ed25519_identity, TT_FORK),
744 TEST(ed_certs, TT_FORK),
745 TEST(ed_key_create, TT_FORK),
746 TEST(ed_key_init_basic, TT_FORK),
747 TEST(ed_key_init_split, TT_FORK),
748 TEST(ed_keys_init_all, TT_FORK),
749 TEST(cross_certify_ntor, 0),
750 TEST(cross_certify_tap, 0),
751 TEST(rsa_ed_crosscert, 0),
752 END_OF_TESTCASES
753 };
754