test_link_handshake.c (57179B)
1 /* Copyright (c) 2014-2021, The Tor Project, Inc. */ 2 /* See LICENSE for licensing information */ 3 4 #include "orconfig.h" 5 6 #define CHANNELTLS_PRIVATE 7 #define CONNECTION_PRIVATE 8 #define CHANNEL_OBJECT_PRIVATE 9 #define TORTLS_PRIVATE 10 11 #include "core/or/or.h" 12 #include "app/config/config.h" 13 #include "core/mainloop/connection.h" 14 #include "core/or/connection_or.h" 15 #include "core/or/channeltls.h" 16 #include "trunnel/link_handshake.h" 17 #include "feature/relay/router.h" 18 #include "feature/relay/routerkeys.h" 19 #include "core/or/scheduler.h" 20 #include "feature/nodelist/torcert.h" 21 #include "feature/relay/relay_handshake.h" 22 23 #include "core/or/or_connection_st.h" 24 #include "core/or/or_handshake_certs_st.h" 25 #include "core/or/or_handshake_state_st.h" 26 #include "core/or/var_cell_st.h" 27 28 #define TOR_X509_PRIVATE 29 #include "lib/tls/tortls.h" 30 #include "lib/tls/x509.h" 31 32 #include "test/test.h" 33 #include "test/log_test_helpers.h" 34 35 static var_cell_t *mock_got_var_cell = NULL; 36 37 static void 38 mock_write_var_cell(const var_cell_t *vc, or_connection_t *conn) 39 { 40 (void)conn; 41 42 var_cell_t *newcell = var_cell_new(vc->payload_len); 43 memcpy(newcell, vc, sizeof(var_cell_t)); 44 memcpy(newcell->payload, vc->payload, vc->payload_len); 45 46 mock_got_var_cell = newcell; 47 } 48 static int 49 mock_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert) 50 { 51 (void) tls; 52 (void) cert; // XXXX look at this. 53 return 1; 54 } 55 static tor_tls_t *mock_peer_cert_expect_tortls = NULL; 56 static tor_x509_cert_t *mock_peer_cert = NULL; 57 static tor_x509_cert_t * 58 mock_get_peer_cert(tor_tls_t *tls) 59 { 60 if (mock_peer_cert_expect_tortls && 61 mock_peer_cert_expect_tortls != tls) 62 return NULL; 63 return tor_x509_cert_dup(mock_peer_cert); 64 } 65 66 static int mock_send_netinfo_called = 0; 67 static int 68 mock_send_netinfo(or_connection_t *conn) 69 { 70 (void) conn; 71 ++mock_send_netinfo_called;// XXX check_this 72 return 0; 73 } 74 75 static int mock_close_called = 0; 76 static void 77 mock_close_for_err(or_connection_t *orconn, int flush) 78 { 79 (void)orconn; 80 (void)flush; 81 ++mock_close_called; 82 } 83 84 static int mock_send_authenticate_called = 0; 85 static int mock_send_authenticate_called_with_type = 0; 86 static int 87 mock_send_authenticate(or_connection_t *conn, int type) 88 { 89 (void) conn; 90 mock_send_authenticate_called_with_type = type; 91 ++mock_send_authenticate_called;// XXX check_this 92 return 0; 93 } 94 static int 95 mock_export_key_material(tor_tls_t *tls, uint8_t *secrets_out, 96 const uint8_t *context, 97 size_t context_len, 98 const char *label) 99 { 100 (void) tls; 101 (void)secrets_out; 102 (void)context; 103 (void)context_len; 104 (void)label; 105 memcpy(secrets_out, "int getRandomNumber(){return 4;}", 32); 106 return 0; 107 } 108 109 static tor_x509_cert_t *mock_own_cert = NULL; 110 static tor_x509_cert_t * 111 mock_get_own_cert(tor_tls_t *tls) 112 { 113 (void)tls; 114 return tor_x509_cert_dup(mock_own_cert); 115 } 116 117 /* Test good certs cells */ 118 static void 119 test_link_handshake_certs_ok(void *arg) 120 { 121 or_connection_t *c1 = or_connection_new(CONN_TYPE_OR, AF_INET); 122 or_connection_t *c2 = or_connection_new(CONN_TYPE_OR, AF_INET); 123 var_cell_t *cell1 = NULL, *cell2 = NULL; 124 certs_cell_t *cc1 = NULL, *cc2 = NULL; 125 channel_tls_t *chan1 = NULL, *chan2 = NULL; 126 crypto_pk_t *key1 = NULL, *key2 = NULL; 127 const int with_ed = !strcmp((const char *)arg, "Ed25519"); 128 129 tor_addr_from_ipv4h(&c1->base_.addr, 0x7f000001); 130 tor_addr_from_ipv4h(&c2->base_.addr, 0x7f000001); 131 132 scheduler_init(); 133 134 MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key); 135 MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell); 136 MOCK(connection_or_send_netinfo, mock_send_netinfo); 137 MOCK(tor_tls_get_peer_cert, mock_get_peer_cert); 138 MOCK(tor_tls_get_own_cert, mock_get_own_cert); 139 140 key1 = pk_generate(2); 141 key2 = pk_generate(3); 142 143 /* We need to make sure that our TLS certificates are set up before we can 144 * actually generate a CERTS cell. 145 */ 146 tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER, 147 key1, key2, 86400), OP_EQ, 0); 148 149 if (with_ed) { 150 /* If we're making a CERTS cell for an ed handshake, let's make sure we 151 * have some Ed25519 certificates and keys. */ 152 init_mock_ed_keys(key2); 153 } else { 154 certs_cell_ed25519_disabled_for_testing = 1; 155 } 156 157 /* c1 has started_here == 1 */ 158 { 159 const tor_x509_cert_t *link_cert = NULL; 160 tt_assert(!tor_tls_get_my_certs(1, &link_cert, NULL)); 161 mock_own_cert = tor_x509_cert_dup(link_cert); 162 } 163 164 c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3; 165 c1->link_proto = 3; 166 tt_int_op(connection_init_or_handshake_state(c1, 1), OP_EQ, 0); 167 168 /* c2 has started_here == 0 */ 169 c2->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3; 170 c2->link_proto = 3; 171 tt_int_op(connection_init_or_handshake_state(c2, 0), OP_EQ, 0); 172 173 tt_int_op(0, OP_EQ, connection_or_send_certs_cell(c1)); 174 tt_assert(mock_got_var_cell); 175 cell1 = mock_got_var_cell; 176 177 tt_int_op(0, OP_EQ, connection_or_send_certs_cell(c2)); 178 tt_assert(mock_got_var_cell); 179 cell2 = mock_got_var_cell; 180 181 tt_int_op(cell1->command, OP_EQ, CELL_CERTS); 182 tt_int_op(cell1->payload_len, OP_GT, 1); 183 184 tt_int_op(cell2->command, OP_EQ, CELL_CERTS); 185 tt_int_op(cell2->payload_len, OP_GT, 1); 186 187 tt_int_op(cell1->payload_len, OP_EQ, 188 certs_cell_parse(&cc1, cell1->payload, cell1->payload_len)); 189 tt_int_op(cell2->payload_len, OP_EQ, 190 certs_cell_parse(&cc2, cell2->payload, cell2->payload_len)); 191 192 if (with_ed) { 193 tt_int_op(5, OP_EQ, cc1->n_certs); 194 tt_int_op(5, OP_EQ, cc2->n_certs); 195 } else { 196 tt_int_op(2, OP_EQ, cc1->n_certs); 197 tt_int_op(2, OP_EQ, cc2->n_certs); 198 } 199 200 tt_int_op(certs_cell_get_certs(cc1, 0)->cert_type, OP_EQ, 201 CERTTYPE_RSA1024_ID_AUTH); 202 tt_int_op(certs_cell_get_certs(cc1, 1)->cert_type, OP_EQ, 203 CERTTYPE_RSA1024_ID_ID); 204 205 tt_int_op(certs_cell_get_certs(cc2, 0)->cert_type, OP_EQ, 206 CERTTYPE_RSA1024_ID_LINK); 207 tt_int_op(certs_cell_get_certs(cc2, 1)->cert_type, OP_EQ, 208 CERTTYPE_RSA1024_ID_ID); 209 210 if (with_ed) { 211 tt_int_op(certs_cell_get_certs(cc1, 2)->cert_type, OP_EQ, 212 CERTTYPE_ED_ID_SIGN); 213 tt_int_op(certs_cell_get_certs(cc1, 3)->cert_type, OP_EQ, 214 CERTTYPE_ED_SIGN_AUTH); 215 tt_int_op(certs_cell_get_certs(cc1, 4)->cert_type, OP_EQ, 216 CERTTYPE_RSA1024_ID_EDID); 217 218 tt_int_op(certs_cell_get_certs(cc2, 2)->cert_type, OP_EQ, 219 CERTTYPE_ED_ID_SIGN); 220 tt_int_op(certs_cell_get_certs(cc2, 3)->cert_type, OP_EQ, 221 CERTTYPE_ED_SIGN_LINK); 222 tt_int_op(certs_cell_get_certs(cc2, 4)->cert_type, OP_EQ, 223 CERTTYPE_RSA1024_ID_EDID); 224 } 225 226 chan1 = tor_malloc_zero(sizeof(*chan1)); 227 channel_tls_common_init(chan1); 228 c1->chan = chan1; 229 chan1->conn = c1; 230 c1->base_.address = tor_strdup("C1"); 231 c1->tls = tor_tls_new(-1, 0); 232 c1->link_proto = 4; 233 c1->base_.conn_array_index = -1; 234 crypto_pk_get_digest(key2, c1->identity_digest); 235 236 if (with_ed) { 237 const tor_x509_cert_t *linkc, *idc; 238 tor_tls_get_my_certs(1, &linkc, &idc); 239 mock_peer_cert_expect_tortls = c1->tls; /* We should see this tls... */ 240 mock_peer_cert = tor_x509_cert_dup(linkc); /* and when we do, the peer's 241 * cert is this... */ 242 } 243 channel_tls_process_certs_cell(cell2, chan1); 244 mock_peer_cert_expect_tortls = NULL; 245 tor_x509_cert_free(mock_peer_cert); 246 mock_peer_cert = NULL; 247 248 tor_assert(c1->handshake_state->authenticated); 249 250 tt_assert(c1->handshake_state->received_certs_cell); 251 tt_ptr_op(c1->handshake_state->certs->auth_cert, OP_EQ, NULL); 252 tt_ptr_op(c1->handshake_state->certs->ed_sign_auth, OP_EQ, NULL); 253 tt_assert(c1->handshake_state->certs->id_cert); 254 if (with_ed) { 255 tt_assert(c1->handshake_state->certs->ed_sign_link); 256 tt_assert(c1->handshake_state->certs->ed_rsa_crosscert); 257 tt_assert(c1->handshake_state->certs->ed_id_sign); 258 tt_assert(c1->handshake_state->authenticated_rsa); 259 tt_assert(c1->handshake_state->authenticated_ed25519); 260 } else { 261 tt_ptr_op(c1->handshake_state->certs->ed_sign_link, OP_EQ, NULL); 262 tt_ptr_op(c1->handshake_state->certs->ed_rsa_crosscert, OP_EQ, NULL); 263 tt_ptr_op(c1->handshake_state->certs->ed_id_sign, OP_EQ, NULL); 264 tt_assert(c1->handshake_state->authenticated_rsa); 265 tt_assert(! c1->handshake_state->authenticated_ed25519); 266 } 267 tt_assert(! fast_mem_is_zero( 268 (char*)c1->handshake_state->authenticated_rsa_peer_id, 20)); 269 270 chan2 = tor_malloc_zero(sizeof(*chan2)); 271 channel_tls_common_init(chan2); 272 c2->chan = chan2; 273 chan2->conn = c2; 274 c2->base_.address = tor_strdup("C2"); 275 c2->tls = tor_tls_new(-1, 1); 276 c2->link_proto = 4; 277 c2->base_.conn_array_index = -1; 278 crypto_pk_get_digest(key1, c2->identity_digest); 279 280 channel_tls_process_certs_cell(cell1, chan2); 281 282 tt_assert(c2->handshake_state->received_certs_cell); 283 if (with_ed) { 284 tt_assert(c2->handshake_state->certs->ed_sign_auth); 285 tt_assert(c2->handshake_state->certs->ed_rsa_crosscert); 286 tt_assert(c2->handshake_state->certs->ed_id_sign); 287 } else { 288 tt_assert(c2->handshake_state->certs->auth_cert); 289 tt_ptr_op(c2->handshake_state->certs->ed_sign_auth, OP_EQ, NULL); 290 tt_ptr_op(c2->handshake_state->certs->ed_rsa_crosscert, OP_EQ, NULL); 291 tt_ptr_op(c2->handshake_state->certs->ed_id_sign, OP_EQ, NULL); 292 } 293 tt_assert(c2->handshake_state->certs->id_cert); 294 tt_assert(fast_mem_is_zero( 295 (char*)c2->handshake_state->authenticated_rsa_peer_id, 20)); 296 /* no authentication has happened yet, since we haen't gotten an AUTH cell. 297 */ 298 tt_assert(! c2->handshake_state->authenticated); 299 tt_assert(! c2->handshake_state->authenticated_rsa); 300 tt_assert(! c2->handshake_state->authenticated_ed25519); 301 302 done: 303 UNMOCK(tor_tls_cert_matches_key); 304 UNMOCK(connection_or_write_var_cell_to_buf); 305 UNMOCK(connection_or_send_netinfo); 306 UNMOCK(tor_tls_get_peer_cert); 307 UNMOCK(tor_tls_get_own_cert); 308 tor_x509_cert_free(mock_own_cert); 309 tor_x509_cert_free(mock_peer_cert); 310 mock_own_cert = mock_peer_cert = NULL; 311 memset(c1->identity_digest, 0, sizeof(c1->identity_digest)); 312 memset(c2->identity_digest, 0, sizeof(c2->identity_digest)); 313 connection_free_minimal(TO_CONN(c1)); 314 connection_free_minimal(TO_CONN(c2)); 315 tor_free(cell1); 316 tor_free(cell2); 317 certs_cell_free(cc1); 318 certs_cell_free(cc2); 319 if (chan1) 320 circuitmux_free(chan1->base_.cmux); 321 tor_free(chan1); 322 if (chan2) 323 circuitmux_free(chan2->base_.cmux); 324 tor_free(chan2); 325 crypto_pk_free(key1); 326 crypto_pk_free(key2); 327 } 328 329 typedef struct certs_data_t { 330 int is_ed; 331 int is_link_cert; 332 or_connection_t *c; 333 channel_tls_t *chan; 334 certs_cell_t *ccell; 335 var_cell_t *cell; 336 crypto_pk_t *key1, *key2; 337 } certs_data_t; 338 339 static int 340 recv_certs_cleanup(const struct testcase_t *test, void *obj) 341 { 342 (void)test; 343 certs_data_t *d = obj; 344 UNMOCK(tor_tls_cert_matches_key); 345 UNMOCK(connection_or_send_netinfo); 346 UNMOCK(connection_or_close_for_error); 347 UNMOCK(tor_tls_get_peer_cert); 348 UNMOCK(tor_tls_get_own_cert); 349 350 if (d) { 351 tor_free(d->cell); 352 certs_cell_free(d->ccell); 353 connection_or_clear_identity(d->c); 354 connection_free_minimal(TO_CONN(d->c)); 355 circuitmux_free(d->chan->base_.cmux); 356 tor_free(d->chan); 357 crypto_pk_free(d->key1); 358 crypto_pk_free(d->key2); 359 tor_free(d); 360 } 361 routerkeys_free_all(); 362 return 1; 363 } 364 365 static void * 366 recv_certs_setup(const struct testcase_t *test) 367 { 368 (void)test; 369 certs_data_t *d = tor_malloc_zero(sizeof(*d)); 370 certs_cell_cert_t *ccc1 = NULL; 371 certs_cell_cert_t *ccc2 = NULL; 372 ssize_t n; 373 int is_ed = d->is_ed = !strcmpstart(test->setup_data, "Ed25519"); 374 int is_rsa = !strcmpstart(test->setup_data, "RSA"); 375 int is_link = d->is_link_cert = !strcmpend(test->setup_data, "-Link"); 376 int is_auth = !strcmpend(test->setup_data, "-Auth"); 377 tor_assert(is_ed != is_rsa); 378 tor_assert(is_link != is_auth); 379 380 d->c = or_connection_new(CONN_TYPE_OR, AF_INET); 381 d->chan = tor_malloc_zero(sizeof(*d->chan)); 382 d->c->chan = d->chan; 383 d->c->base_.address = tor_strdup("HaveAnAddress"); 384 tor_addr_from_ipv4h(&d->c->base_.addr, 0x801f0127); 385 d->c->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3; 386 d->chan->conn = d->c; 387 tt_int_op(connection_init_or_handshake_state(d->c, 1), OP_EQ, 0); 388 d->c->link_proto = 4; 389 390 d->key1 = pk_generate(2); 391 d->key2 = pk_generate(3); 392 393 tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER, 394 d->key1, d->key2, 86400), OP_EQ, 0); 395 if (is_ed) { 396 init_mock_ed_keys(d->key2); 397 } else { 398 routerkeys_free_all(); 399 } 400 401 d->ccell = certs_cell_new(); 402 ccc1 = certs_cell_cert_new(); 403 certs_cell_add_certs(d->ccell, ccc1); 404 ccc2 = certs_cell_cert_new(); 405 certs_cell_add_certs(d->ccell, ccc2); 406 d->ccell->n_certs = 2; 407 ccc1->cert_type = is_link ? 1 : 3; 408 ccc2->cert_type = 2; 409 410 const tor_x509_cert_t *a,*b; 411 const uint8_t *enca, *encb; 412 size_t lena, lenb; 413 tor_tls_get_my_certs(is_link ? 1 : 0, &a, &b); 414 tor_x509_cert_get_der(a, &enca, &lena); 415 tor_x509_cert_get_der(b, &encb, &lenb); 416 certs_cell_cert_setlen_body(ccc1, lena); 417 ccc1->cert_len = lena; 418 certs_cell_cert_setlen_body(ccc2, lenb); 419 ccc2->cert_len = lenb; 420 421 memcpy(certs_cell_cert_getarray_body(ccc1), enca, lena); 422 memcpy(certs_cell_cert_getarray_body(ccc2), encb, lenb); 423 424 if (is_ed) { 425 certs_cell_cert_t *ccc3 = NULL; /* Id->Sign */ 426 certs_cell_cert_t *ccc4 = NULL; /* Sign->Link or Sign->Auth. */ 427 certs_cell_cert_t *ccc5 = NULL; /* RSAId->Ed Id. */ 428 const tor_cert_t *id_sign = get_master_signing_key_cert(); 429 const tor_cert_t *secondary = 430 is_link ? get_current_link_cert_cert() : get_current_auth_key_cert(); 431 const uint8_t *cc = NULL; 432 size_t cc_sz; 433 get_master_rsa_crosscert(&cc, &cc_sz); 434 435 ccc3 = certs_cell_cert_new(); 436 ccc4 = certs_cell_cert_new(); 437 ccc5 = certs_cell_cert_new(); 438 certs_cell_add_certs(d->ccell, ccc3); 439 certs_cell_add_certs(d->ccell, ccc4); 440 certs_cell_add_certs(d->ccell, ccc5); 441 ccc3->cert_len = id_sign->encoded_len; 442 ccc4->cert_len = secondary->encoded_len; 443 ccc5->cert_len = cc_sz; 444 certs_cell_cert_setlen_body(ccc3, ccc3->cert_len); 445 certs_cell_cert_setlen_body(ccc4, ccc4->cert_len); 446 certs_cell_cert_setlen_body(ccc5, ccc5->cert_len); 447 memcpy(certs_cell_cert_getarray_body(ccc3), id_sign->encoded, 448 ccc3->cert_len); 449 memcpy(certs_cell_cert_getarray_body(ccc4), secondary->encoded, 450 ccc4->cert_len); 451 memcpy(certs_cell_cert_getarray_body(ccc5), cc, ccc5->cert_len); 452 ccc3->cert_type = 4; 453 ccc4->cert_type = is_link ? 5 : 6; 454 ccc5->cert_type = 7; 455 456 d->ccell->n_certs = 5; 457 } 458 459 d->cell = var_cell_new(4096); 460 d->cell->command = CELL_CERTS; 461 462 n = certs_cell_encode(d->cell->payload, 4096, d->ccell); 463 tt_int_op(n, OP_GT, 0); 464 d->cell->payload_len = n; 465 466 MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key); 467 MOCK(connection_or_send_netinfo, mock_send_netinfo); 468 MOCK(connection_or_close_for_error, mock_close_for_err); 469 MOCK(tor_tls_get_peer_cert, mock_get_peer_cert); 470 471 if (is_link) { 472 /* Say that this is the peer's certificate */ 473 mock_peer_cert = tor_x509_cert_dup(a); 474 } 475 476 tt_int_op(0, OP_EQ, d->c->handshake_state->received_certs_cell); 477 tt_int_op(0, OP_EQ, mock_send_authenticate_called); 478 tt_int_op(0, OP_EQ, mock_send_netinfo_called); 479 480 return d; 481 done: 482 recv_certs_cleanup(test, d); 483 return NULL; 484 } 485 486 static struct testcase_setup_t setup_recv_certs = { 487 .setup_fn = recv_certs_setup, 488 .cleanup_fn = recv_certs_cleanup 489 }; 490 491 static void 492 test_link_handshake_recv_certs_ok(void *arg) 493 { 494 certs_data_t *d = arg; 495 channel_tls_process_certs_cell(d->cell, d->chan); 496 tt_int_op(0, OP_EQ, mock_close_called); 497 tt_int_op(d->c->handshake_state->authenticated, OP_EQ, 1); 498 tt_int_op(d->c->handshake_state->authenticated_rsa, OP_EQ, 1); 499 tt_int_op(d->c->handshake_state->received_certs_cell, OP_EQ, 1); 500 tt_ptr_op(d->c->handshake_state->certs->id_cert, OP_NE, NULL); 501 tt_ptr_op(d->c->handshake_state->certs->auth_cert, OP_EQ, NULL); 502 503 if (d->is_ed) { 504 tt_ptr_op(d->c->handshake_state->certs->ed_id_sign, OP_NE, NULL); 505 tt_ptr_op(d->c->handshake_state->certs->ed_sign_link, OP_NE, NULL); 506 tt_ptr_op(d->c->handshake_state->certs->ed_sign_auth, OP_EQ, NULL); 507 tt_ptr_op(d->c->handshake_state->certs->ed_rsa_crosscert, OP_NE, NULL); 508 tt_int_op(d->c->handshake_state->authenticated_ed25519, OP_EQ, 1); 509 } else { 510 tt_ptr_op(d->c->handshake_state->certs->ed_id_sign, OP_EQ, NULL); 511 tt_ptr_op(d->c->handshake_state->certs->ed_sign_link, OP_EQ, NULL); 512 tt_ptr_op(d->c->handshake_state->certs->ed_sign_auth, OP_EQ, NULL); 513 tt_ptr_op(d->c->handshake_state->certs->ed_rsa_crosscert, OP_EQ, NULL); 514 tt_int_op(d->c->handshake_state->authenticated_ed25519, OP_EQ, 0); 515 } 516 517 done: 518 ; 519 } 520 521 static void 522 test_link_handshake_recv_certs_ok_server(void *arg) 523 { 524 certs_data_t *d = arg; 525 d->c->handshake_state->started_here = 0; 526 d->c->handshake_state->certs->started_here = 0; 527 channel_tls_process_certs_cell(d->cell, d->chan); 528 tt_int_op(0, OP_EQ, mock_close_called); 529 tt_int_op(d->c->handshake_state->authenticated, OP_EQ, 0); 530 tt_int_op(d->c->handshake_state->received_certs_cell, OP_EQ, 1); 531 tt_ptr_op(d->c->handshake_state->certs->id_cert, OP_NE, NULL); 532 tt_ptr_op(d->c->handshake_state->certs->link_cert, OP_EQ, NULL); 533 if (d->is_ed) { 534 tt_ptr_op(d->c->handshake_state->certs->ed_sign_auth, OP_NE, NULL); 535 tt_ptr_op(d->c->handshake_state->certs->auth_cert, OP_EQ, NULL); 536 } else { 537 tt_ptr_op(d->c->handshake_state->certs->ed_sign_auth, OP_EQ, NULL); 538 tt_ptr_op(d->c->handshake_state->certs->auth_cert, OP_NE, NULL); 539 } 540 541 done: 542 ; 543 } 544 545 #define CERTS_FAIL(name, code) \ 546 static void \ 547 test_link_handshake_recv_certs_ ## name(void *arg) \ 548 { \ 549 certs_data_t *d = arg; \ 550 const char *require_failure_message = NULL; \ 551 setup_capture_of_logs(LOG_INFO); \ 552 { code ; } \ 553 channel_tls_process_certs_cell(d->cell, d->chan); \ 554 tt_int_op(1, OP_EQ, mock_close_called); \ 555 tt_int_op(0, OP_EQ, mock_send_authenticate_called); \ 556 tt_int_op(0, OP_EQ, mock_send_netinfo_called); \ 557 tt_int_op(0, OP_EQ, d->c->handshake_state->authenticated_rsa); \ 558 tt_int_op(0, OP_EQ, d->c->handshake_state->authenticated_ed25519); \ 559 if (require_failure_message) { \ 560 expect_log_msg_containing(require_failure_message); \ 561 } \ 562 done: \ 563 teardown_capture_of_logs(); \ 564 } 565 566 CERTS_FAIL(badstate, 567 require_failure_message = "We're not doing a v3 handshake!"; 568 d->c->base_.state = OR_CONN_STATE_CONNECTING;) 569 CERTS_FAIL(badproto, 570 require_failure_message = "not using link protocol >= 3"; 571 d->c->link_proto = 2) 572 CERTS_FAIL(duplicate, 573 require_failure_message = "We already got one"; 574 d->c->handshake_state->received_certs_cell = 1) 575 CERTS_FAIL(already_authenticated, 576 require_failure_message = "We're already authenticated!"; 577 d->c->handshake_state->authenticated = 1) 578 CERTS_FAIL(empty, 579 require_failure_message = "It had no body"; 580 d->cell->payload_len = 0) 581 CERTS_FAIL(bad_circid, 582 require_failure_message = "It had a nonzero circuit ID"; 583 d->cell->circ_id = 1) 584 CERTS_FAIL(truncated_1, 585 require_failure_message = "It couldn't be parsed"; 586 d->cell->payload[0] = 5) 587 CERTS_FAIL(truncated_2, 588 { 589 require_failure_message = "It couldn't be parsed"; 590 d->cell->payload_len = 4; 591 memcpy(d->cell->payload, "\x01\x01\x00\x05", 4); 592 }) 593 CERTS_FAIL(truncated_3, 594 { 595 require_failure_message = "It couldn't be parsed"; 596 d->cell->payload_len = 7; 597 memcpy(d->cell->payload, "\x01\x01\x00\x05""abc", 7); 598 }) 599 CERTS_FAIL(truncated_4, /* ed25519 */ 600 { 601 require_failure_message = "It couldn't be parsed"; 602 d->cell->payload_len -= 10; 603 }) 604 CERTS_FAIL(truncated_5, /* ed25519 */ 605 { 606 require_failure_message = "It couldn't be parsed"; 607 d->cell->payload_len -= 100; 608 }) 609 610 #define REENCODE() do { \ 611 const char *msg = certs_cell_check(d->ccell); \ 612 if (msg) puts(msg); \ 613 ssize_t n = certs_cell_encode(d->cell->payload, 4096, d->ccell); \ 614 tt_int_op(n, OP_GT, 0); \ 615 d->cell->payload_len = n; \ 616 } while (0) 617 618 CERTS_FAIL(truncated_6, /* ed25519 */ 619 { 620 /* truncate the link certificate */ 621 require_failure_message = "undecodable Ed certificate"; 622 certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 3), 7); 623 certs_cell_get_certs(d->ccell, 3)->cert_len = 7; 624 REENCODE(); 625 }) 626 CERTS_FAIL(truncated_7, /* ed25519 */ 627 { 628 /* truncate the crosscert */ 629 require_failure_message = "Unparseable or overlong crosscert"; 630 certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 4), 7); 631 certs_cell_get_certs(d->ccell, 4)->cert_len = 7; 632 REENCODE(); 633 }) 634 CERTS_FAIL(not_x509, 635 { 636 require_failure_message = "Received undecodable certificate"; 637 certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 0), 3); 638 certs_cell_get_certs(d->ccell, 0)->cert_len = 3; 639 REENCODE(); 640 }) 641 CERTS_FAIL(both_link, 642 { 643 require_failure_message = "Duplicate x509 certificate"; 644 certs_cell_get_certs(d->ccell, 0)->cert_type = 1; 645 certs_cell_get_certs(d->ccell, 1)->cert_type = 1; 646 REENCODE(); 647 }) 648 CERTS_FAIL(both_id_rsa, 649 { 650 require_failure_message = "Duplicate x509 certificate"; 651 certs_cell_get_certs(d->ccell, 0)->cert_type = 2; 652 certs_cell_get_certs(d->ccell, 1)->cert_type = 2; 653 REENCODE(); 654 }) 655 CERTS_FAIL(both_auth, 656 { 657 require_failure_message = "Duplicate x509 certificate"; 658 certs_cell_get_certs(d->ccell, 0)->cert_type = 3; 659 certs_cell_get_certs(d->ccell, 1)->cert_type = 3; 660 REENCODE(); 661 }) 662 CERTS_FAIL(duplicate_id, /* ed25519 */ 663 { 664 require_failure_message = "Duplicate Ed25519 certificate"; 665 certs_cell_get_certs(d->ccell, 2)->cert_type = 4; 666 certs_cell_get_certs(d->ccell, 3)->cert_type = 4; 667 REENCODE(); 668 }) 669 CERTS_FAIL(duplicate_link, /* ed25519 */ 670 { 671 require_failure_message = "Duplicate Ed25519 certificate"; 672 certs_cell_get_certs(d->ccell, 2)->cert_type = 5; 673 certs_cell_get_certs(d->ccell, 3)->cert_type = 5; 674 REENCODE(); 675 }) 676 CERTS_FAIL(duplicate_crosscert, /* ed25519 */ 677 { 678 require_failure_message = "Duplicate RSA->Ed25519 crosscert"; 679 certs_cell_get_certs(d->ccell, 2)->cert_type = 7; 680 certs_cell_get_certs(d->ccell, 3)->cert_type = 7; 681 REENCODE(); 682 }) 683 static void 684 test_link_handshake_recv_certs_missing_id(void *arg) /* ed25519 */ 685 { 686 certs_data_t *d = arg; 687 tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5); 688 certs_cell_set_certs(d->ccell, 2, certs_cell_get_certs(d->ccell, 4)); 689 certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */ 690 certs_cell_setlen_certs(d->ccell, 4); 691 d->ccell->n_certs = 4; 692 REENCODE(); 693 694 /* This handshake succeeds, but since we have no ID cert, we will 695 * just do the RSA handshake. */ 696 channel_tls_process_certs_cell(d->cell, d->chan); 697 tt_int_op(0, OP_EQ, mock_close_called); 698 tt_int_op(0, OP_EQ, d->c->handshake_state->authenticated_ed25519); 699 tt_int_op(1, OP_EQ, d->c->handshake_state->authenticated_rsa); 700 done: 701 ; 702 } 703 CERTS_FAIL(missing_signing_key, /* ed25519 */ 704 { 705 require_failure_message = "No Ed25519 signing key"; 706 tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5); 707 certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 2); 708 tt_int_op(cert->cert_type, OP_EQ, CERTTYPE_ED_ID_SIGN); 709 /* replace this with a valid master->signing cert, but with no 710 * signing key. */ 711 const ed25519_keypair_t *mk = get_master_identity_keypair(); 712 const ed25519_keypair_t *sk = get_master_signing_keypair(); 713 tor_cert_t *bad_cert = tor_cert_create_ed25519(mk, CERT_TYPE_ID_SIGNING, 714 &sk->pubkey, time(NULL), 86400, 715 0 /* don't include signer */); 716 certs_cell_cert_setlen_body(cert, bad_cert->encoded_len); 717 memcpy(certs_cell_cert_getarray_body(cert), 718 bad_cert->encoded, bad_cert->encoded_len); 719 cert->cert_len = bad_cert->encoded_len; 720 tor_cert_free(bad_cert); 721 REENCODE(); 722 }) 723 CERTS_FAIL(missing_link, /* ed25519 */ 724 { 725 require_failure_message = "No Ed25519 link key"; 726 tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5); 727 certs_cell_set_certs(d->ccell, 3, certs_cell_get_certs(d->ccell, 4)); 728 certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */ 729 certs_cell_setlen_certs(d->ccell, 4); 730 d->ccell->n_certs = 4; 731 REENCODE(); 732 }) 733 CERTS_FAIL(missing_auth, /* ed25519 */ 734 { 735 d->c->handshake_state->started_here = 0; 736 d->c->handshake_state->certs->started_here = 0; 737 require_failure_message = "No Ed25519 link authentication key"; 738 tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5); 739 certs_cell_set_certs(d->ccell, 3, certs_cell_get_certs(d->ccell, 4)); 740 certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */ 741 certs_cell_setlen_certs(d->ccell, 4); 742 d->ccell->n_certs = 4; 743 REENCODE(); 744 }) 745 CERTS_FAIL(missing_crosscert, /* ed25519 */ 746 { 747 require_failure_message = "Missing RSA->Ed25519 crosscert"; 748 tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5); 749 certs_cell_setlen_certs(d->ccell, 4); 750 d->ccell->n_certs = 4; 751 REENCODE(); 752 }) 753 CERTS_FAIL(missing_rsa_id, /* ed25519 */ 754 { 755 require_failure_message = "Missing legacy RSA ID cert"; 756 tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5); 757 certs_cell_set_certs(d->ccell, 1, certs_cell_get_certs(d->ccell, 4)); 758 certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */ 759 certs_cell_setlen_certs(d->ccell, 4); 760 d->ccell->n_certs = 4; 761 REENCODE(); 762 }) 763 CERTS_FAIL(link_mismatch, /* ed25519 */ 764 { 765 require_failure_message = "Link certificate does not match " 766 "TLS certificate"; 767 const tor_x509_cert_t *idc; 768 tor_tls_get_my_certs(1, NULL, &idc); 769 tor_x509_cert_free(mock_peer_cert); 770 /* Pretend that the peer cert was something else. */ 771 mock_peer_cert = tor_x509_cert_dup(idc); 772 /* No reencode needed. */ 773 }) 774 CERTS_FAIL(bad_ed_sig, /* ed25519 */ 775 { 776 require_failure_message = "At least one Ed25519 certificate was " 777 "badly signed"; 778 certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 3); 779 uint8_t *body = certs_cell_cert_getarray_body(cert); 780 ssize_t body_len = certs_cell_cert_getlen_body(cert); 781 /* Frob a byte in the signature */ 782 body[body_len - 13] ^= 7; 783 REENCODE(); 784 }) 785 CERTS_FAIL(bad_crosscert, /*ed25519*/ 786 { 787 require_failure_message = "Invalid RSA->Ed25519 crosscert"; 788 certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 4); 789 uint8_t *body = certs_cell_cert_getarray_body(cert); 790 ssize_t body_len = certs_cell_cert_getlen_body(cert); 791 /* Frob a byte in the signature */ 792 body[body_len - 13] ^= 7; 793 REENCODE(); 794 }) 795 CERTS_FAIL(bad_rsa_id_cert, /*ed25519*/ 796 { 797 require_failure_message = "legacy RSA ID certificate was not valid"; 798 certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 1); 799 uint8_t *body; 800 /* Frob a byte in the signature, after making a new cert. (NSS won't let 801 * us just frob the old cert, since it will see that the issuer & serial 802 * number are the same, which will make it fail at an earlier stage than 803 * signature verification.) */ 804 const tor_x509_cert_t *idc; 805 tor_x509_cert_t *newc; 806 tor_tls_get_my_certs(1, NULL, &idc); 807 time_t new_end = time(NULL) + 86400 * 10; 808 newc = tor_x509_cert_replace_expiration(idc, new_end, d->key2); 809 const uint8_t *encoded; 810 size_t encoded_len; 811 tor_x509_cert_get_der(newc, &encoded, &encoded_len); 812 certs_cell_cert_setlen_body(cert, encoded_len); 813 certs_cell_cert_set_cert_len(cert, encoded_len); 814 body = certs_cell_cert_getarray_body(cert); 815 memcpy(body, encoded, encoded_len); 816 body[encoded_len - 13] ^= 7; 817 REENCODE(); 818 tor_x509_cert_free(newc); 819 }) 820 CERTS_FAIL(expired_rsa_id, /* both */ 821 { 822 require_failure_message = "Certificate already expired"; 823 /* we're going to replace the identity cert with an expired one. */ 824 certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 1); 825 const tor_x509_cert_t *idc; 826 tor_tls_get_my_certs(1, NULL, &idc); 827 tor_x509_cert_t *newc; 828 time_t new_end = time(NULL) - 86400 * 10; 829 newc = tor_x509_cert_replace_expiration(idc, new_end, d->key2); 830 const uint8_t *encoded; 831 size_t encoded_len; 832 tor_x509_cert_get_der(newc, &encoded, &encoded_len); 833 certs_cell_cert_setlen_body(cert, encoded_len); 834 certs_cell_cert_set_cert_len(cert, encoded_len); 835 memcpy(certs_cell_cert_getarray_body(cert), encoded, encoded_len); 836 REENCODE(); 837 tor_x509_cert_free(newc); 838 }) 839 CERTS_FAIL(expired_ed_id, /* ed25519 */ 840 { 841 /* we're going to replace the Ed Id->sign cert with an expired one. */ 842 require_failure_message = "At least one certificate expired"; 843 /* We don't need to re-sign, since we check for expiration first. */ 844 certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 2); 845 uint8_t *body = certs_cell_cert_getarray_body(cert); 846 /* The expiration field is bytes [2..5]. It is in HOURS since the 847 * epoch. */ 848 set_uint32(body+2, htonl(24)); /* Back to jan 2, 1970. */ 849 REENCODE(); 850 }) 851 CERTS_FAIL(expired_ed_link, /* ed25519 */ 852 { 853 /* we're going to replace the Ed Sign->link cert with an expired one. */ 854 require_failure_message = "At least one certificate expired"; 855 /* We don't need to re-sign, since we check for expiration first. */ 856 certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 3); 857 uint8_t *body = certs_cell_cert_getarray_body(cert); 858 /* The expiration field is bytes [2..5]. It is in HOURS since the 859 * epoch. */ 860 set_uint32(body+2, htonl(24)); /* Back to jan 2, 1970. */ 861 REENCODE(); 862 }) 863 CERTS_FAIL(expired_crosscert, /* ed25519 */ 864 { 865 /* we're going to replace the Ed Sign->link cert with an expired one. */ 866 require_failure_message = "Crosscert is expired"; 867 /* We don't need to re-sign, since we check for expiration first. */ 868 certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 4); 869 uint8_t *body = certs_cell_cert_getarray_body(cert); 870 /* The expiration field is bytes [32..35]. once again, HOURS. */ 871 set_uint32(body+32, htonl(24)); /* Back to jan 2, 1970. */ 872 REENCODE(); 873 }) 874 875 CERTS_FAIL(wrong_labels_1, 876 { 877 require_failure_message = "The link certificate was not valid"; 878 certs_cell_get_certs(d->ccell, 0)->cert_type = 2; 879 certs_cell_get_certs(d->ccell, 1)->cert_type = 1; 880 REENCODE(); 881 }) 882 CERTS_FAIL(wrong_labels_2, 883 { 884 const tor_x509_cert_t *a; 885 const tor_x509_cert_t *b; 886 const uint8_t *enca; 887 size_t lena; 888 require_failure_message = "The link certificate was not valid"; 889 tor_tls_get_my_certs(1, &a, &b); 890 tor_x509_cert_get_der(a, &enca, &lena); 891 certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 1), lena); 892 memcpy(certs_cell_cert_getarray_body(certs_cell_get_certs(d->ccell, 1)), 893 enca, lena); 894 certs_cell_get_certs(d->ccell, 1)->cert_len = lena; 895 REENCODE(); 896 }) 897 CERTS_FAIL(wrong_labels_3, 898 { 899 require_failure_message = 900 "The certs we wanted (ID, Link) were missing"; 901 certs_cell_get_certs(d->ccell, 0)->cert_type = 2; 902 certs_cell_get_certs(d->ccell, 1)->cert_type = 3; 903 REENCODE(); 904 }) 905 CERTS_FAIL(server_missing_certs, 906 { 907 require_failure_message = 908 "The certs we wanted (ID, Auth) were missing"; 909 d->c->handshake_state->started_here = 0; 910 d->c->handshake_state->certs->started_here = 0; 911 912 }) 913 CERTS_FAIL(server_wrong_labels_1, 914 { 915 require_failure_message = 916 "The authentication certificate was not valid"; 917 d->c->handshake_state->started_here = 0; 918 d->c->handshake_state->certs->started_here = 0; 919 certs_cell_get_certs(d->ccell, 0)->cert_type = 2; 920 certs_cell_get_certs(d->ccell, 1)->cert_type = 3; 921 REENCODE(); 922 }) 923 924 static void 925 test_link_handshake_send_authchallenge(void *arg) 926 { 927 (void)arg; 928 929 or_connection_t *c1 = or_connection_new(CONN_TYPE_OR, AF_INET); 930 var_cell_t *cell1=NULL, *cell2=NULL; 931 932 crypto_pk_t *rsa0 = pk_generate(0), *rsa1 = pk_generate(1); 933 tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER, 934 rsa0, rsa1, 86400), OP_EQ, 0); 935 init_mock_ed_keys(rsa0); 936 937 MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell); 938 939 tt_int_op(connection_init_or_handshake_state(c1, 0), OP_EQ, 0); 940 c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3; 941 tt_ptr_op(mock_got_var_cell, OP_EQ, NULL); 942 tt_int_op(0, OP_EQ, connection_or_send_auth_challenge_cell(c1)); 943 cell1 = mock_got_var_cell; 944 tt_int_op(0, OP_EQ, connection_or_send_auth_challenge_cell(c1)); 945 cell2 = mock_got_var_cell; 946 tt_int_op(36, OP_EQ, cell1->payload_len); 947 tt_int_op(36, OP_EQ, cell2->payload_len); 948 tt_int_op(0, OP_EQ, cell1->circ_id); 949 tt_int_op(0, OP_EQ, cell2->circ_id); 950 tt_int_op(CELL_AUTH_CHALLENGE, OP_EQ, cell1->command); 951 tt_int_op(CELL_AUTH_CHALLENGE, OP_EQ, cell2->command); 952 953 tt_mem_op("\x00\x01\x00\x03", OP_EQ, cell1->payload + 32, 4); 954 tt_mem_op("\x00\x01\x00\x03", OP_EQ, cell2->payload + 32, 4); 955 tt_mem_op(cell1->payload, OP_NE, cell2->payload, 32); 956 957 done: 958 UNMOCK(connection_or_write_var_cell_to_buf); 959 connection_free_minimal(TO_CONN(c1)); 960 tor_free(cell1); 961 tor_free(cell2); 962 crypto_pk_free(rsa0); 963 crypto_pk_free(rsa1); 964 } 965 966 typedef struct authchallenge_data_t { 967 or_connection_t *c; 968 channel_tls_t *chan; 969 var_cell_t *cell; 970 } authchallenge_data_t; 971 972 static int 973 recv_authchallenge_cleanup(const struct testcase_t *test, void *obj) 974 { 975 (void)test; 976 authchallenge_data_t *d = obj; 977 978 UNMOCK(connection_or_send_netinfo); 979 UNMOCK(connection_or_close_for_error); 980 UNMOCK(connection_or_send_authenticate_cell); 981 982 if (d) { 983 tor_free(d->cell); 984 connection_free_minimal(TO_CONN(d->c)); 985 circuitmux_free(d->chan->base_.cmux); 986 tor_free(d->chan); 987 tor_free(d); 988 } 989 return 1; 990 } 991 992 static void * 993 recv_authchallenge_setup(const struct testcase_t *test) 994 { 995 (void)test; 996 997 authchallenge_data_t *d = tor_malloc_zero(sizeof(*d)); 998 d->c = or_connection_new(CONN_TYPE_OR, AF_INET); 999 d->chan = tor_malloc_zero(sizeof(*d->chan)); 1000 d->c->chan = d->chan; 1001 d->c->base_.address = tor_strdup("HaveAnAddress"); 1002 d->c->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3; 1003 d->chan->conn = d->c; 1004 tt_int_op(connection_init_or_handshake_state(d->c, 1), OP_EQ, 0); 1005 d->c->link_proto = 4; 1006 d->c->handshake_state->received_certs_cell = 1; 1007 d->cell = var_cell_new(128); 1008 d->cell->payload_len = 38; 1009 d->cell->payload[33] = 2; /* 2 methods */ 1010 d->cell->payload[35] = 7; /* This one isn't real */ 1011 d->cell->payload[37] = 3; /* This is the currently supported Ed25519 one. */ 1012 d->cell->command = CELL_AUTH_CHALLENGE; 1013 1014 get_options_mutable()->ORPort_set = 1; 1015 1016 MOCK(connection_or_close_for_error, mock_close_for_err); 1017 MOCK(connection_or_send_netinfo, mock_send_netinfo); 1018 MOCK(connection_or_send_authenticate_cell, mock_send_authenticate); 1019 tt_int_op(0, OP_EQ, d->c->handshake_state->received_auth_challenge); 1020 tt_int_op(0, OP_EQ, mock_send_authenticate_called); 1021 tt_int_op(0, OP_EQ, mock_send_netinfo_called); 1022 1023 return d; 1024 done: 1025 recv_authchallenge_cleanup(test, d); 1026 return NULL; 1027 } 1028 1029 static struct testcase_setup_t setup_recv_authchallenge = { 1030 .setup_fn = recv_authchallenge_setup, 1031 .cleanup_fn = recv_authchallenge_cleanup 1032 }; 1033 1034 static void 1035 test_link_handshake_recv_authchallenge_no_ed25519(void *arg) 1036 { 1037 authchallenge_data_t *d = arg; 1038 1039 d->cell->payload[33] = 1; /* only 1 type supported. */ 1040 d->cell->payload_len -= 2; 1041 1042 setup_capture_of_logs(LOG_INFO); 1043 channel_tls_process_auth_challenge_cell(d->cell, d->chan); 1044 expect_log_msg_containing("we don't know any of its authentication types"); 1045 1046 done: 1047 teardown_capture_of_logs(); 1048 } 1049 1050 static void 1051 test_link_handshake_recv_authchallenge_ok_ed25519(void *arg) 1052 { 1053 authchallenge_data_t *d = arg; 1054 1055 /* Add the ed25519 authentication mechanism here. */ 1056 d->cell->payload[33] = 3; /* 3 types are supported now. */ 1057 d->cell->payload[39] = 3; 1058 d->cell->payload_len += 2; 1059 channel_tls_process_auth_challenge_cell(d->cell, d->chan); 1060 tt_int_op(0, OP_EQ, mock_close_called); 1061 tt_int_op(1, OP_EQ, d->c->handshake_state->received_auth_challenge); 1062 tt_int_op(1, OP_EQ, mock_send_authenticate_called); 1063 tt_int_op(1, OP_EQ, mock_send_netinfo_called); 1064 tt_int_op(3, OP_EQ, mock_send_authenticate_called_with_type); /* Ed25519 */ 1065 done: 1066 ; 1067 } 1068 1069 static void 1070 test_link_handshake_recv_authchallenge_ok_noserver(void *arg) 1071 { 1072 authchallenge_data_t *d = arg; 1073 get_options_mutable()->ORPort_set = 0; 1074 1075 channel_tls_process_auth_challenge_cell(d->cell, d->chan); 1076 tt_int_op(0, OP_EQ, mock_close_called); 1077 tt_int_op(1, OP_EQ, d->c->handshake_state->received_auth_challenge); 1078 tt_int_op(0, OP_EQ, mock_send_authenticate_called); 1079 tt_int_op(0, OP_EQ, mock_send_netinfo_called); 1080 done: 1081 ; 1082 } 1083 1084 static void 1085 test_link_handshake_recv_authchallenge_ok_unrecognized(void *arg) 1086 { 1087 authchallenge_data_t *d = arg; 1088 d->cell->payload[37] = 99; 1089 1090 channel_tls_process_auth_challenge_cell(d->cell, d->chan); 1091 tt_int_op(0, OP_EQ, mock_close_called); 1092 tt_int_op(1, OP_EQ, d->c->handshake_state->received_auth_challenge); 1093 tt_int_op(0, OP_EQ, mock_send_authenticate_called); 1094 tt_int_op(1, OP_EQ, mock_send_netinfo_called); 1095 done: 1096 ; 1097 } 1098 1099 #define AUTHCHALLENGE_FAIL(name, code) \ 1100 static void \ 1101 test_link_handshake_recv_authchallenge_ ## name(void *arg) \ 1102 { \ 1103 authchallenge_data_t *d = arg; \ 1104 const char *require_failure_message = NULL; \ 1105 setup_capture_of_logs(LOG_INFO); \ 1106 { code ; } \ 1107 channel_tls_process_auth_challenge_cell(d->cell, d->chan); \ 1108 tt_int_op(1, OP_EQ, mock_close_called); \ 1109 tt_int_op(0, OP_EQ, mock_send_authenticate_called); \ 1110 tt_int_op(0, OP_EQ, mock_send_netinfo_called); \ 1111 if (require_failure_message) { \ 1112 expect_log_msg_containing(require_failure_message); \ 1113 } \ 1114 done: \ 1115 teardown_capture_of_logs(); \ 1116 } 1117 1118 AUTHCHALLENGE_FAIL(badstate, 1119 require_failure_message = "We're not currently doing a " 1120 "v3 handshake"; 1121 d->c->base_.state = OR_CONN_STATE_CONNECTING) 1122 AUTHCHALLENGE_FAIL(badproto, 1123 require_failure_message = "not using link protocol >= 3"; 1124 d->c->link_proto = 2) 1125 AUTHCHALLENGE_FAIL(as_server, 1126 require_failure_message = "We didn't originate this " 1127 "connection"; 1128 d->c->handshake_state->started_here = 0; 1129 d->c->handshake_state->certs->started_here = 0;) 1130 AUTHCHALLENGE_FAIL(duplicate, 1131 require_failure_message = "We already received one"; 1132 d->c->handshake_state->received_auth_challenge = 1) 1133 AUTHCHALLENGE_FAIL(nocerts, 1134 require_failure_message = "We haven't gotten a CERTS " 1135 "cell yet"; 1136 d->c->handshake_state->received_certs_cell = 0) 1137 AUTHCHALLENGE_FAIL(tooshort, 1138 require_failure_message = "It was not well-formed"; 1139 d->cell->payload_len = 33) 1140 AUTHCHALLENGE_FAIL(truncated, 1141 require_failure_message = "It was not well-formed"; 1142 d->cell->payload_len = 34) 1143 AUTHCHALLENGE_FAIL(nonzero_circid, 1144 require_failure_message = "It had a nonzero circuit ID"; 1145 d->cell->circ_id = 1337) 1146 1147 static void 1148 mock_set_circid_type(channel_t *chan, 1149 crypto_pk_t *identity_rcvd, 1150 int consider_identity) 1151 { 1152 (void) chan; 1153 (void) identity_rcvd; 1154 (void) consider_identity; 1155 } 1156 1157 typedef struct authenticate_data_t { 1158 or_connection_t *c1, *c2; 1159 channel_tls_t *chan2; 1160 var_cell_t *cell; 1161 crypto_pk_t *key1, *key2; 1162 } authenticate_data_t; 1163 1164 static int 1165 authenticate_data_cleanup(const struct testcase_t *test, void *arg) 1166 { 1167 (void) test; 1168 UNMOCK(connection_or_write_var_cell_to_buf); 1169 UNMOCK(tor_tls_get_peer_cert); 1170 UNMOCK(tor_tls_get_own_cert); 1171 UNMOCK(connection_or_close_for_error); 1172 UNMOCK(channel_set_circid_type); 1173 UNMOCK(tor_tls_export_key_material); 1174 authenticate_data_t *d = arg; 1175 if (d) { 1176 tor_free(d->cell); 1177 connection_or_clear_identity(d->c1); 1178 connection_or_clear_identity(d->c2); 1179 connection_free_minimal(TO_CONN(d->c1)); 1180 connection_free_minimal(TO_CONN(d->c2)); 1181 circuitmux_free(d->chan2->base_.cmux); 1182 tor_free(d->chan2); 1183 crypto_pk_free(d->key1); 1184 crypto_pk_free(d->key2); 1185 tor_free(d); 1186 } 1187 tor_x509_cert_free(mock_peer_cert); 1188 tor_x509_cert_free(mock_own_cert); 1189 mock_peer_cert = NULL; 1190 mock_own_cert = NULL; 1191 1192 return 1; 1193 } 1194 1195 static void * 1196 authenticate_data_setup(const struct testcase_t *test) 1197 { 1198 authenticate_data_t *d = tor_malloc_zero(sizeof(*d)); 1199 1200 scheduler_init(); 1201 1202 MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell); 1203 MOCK(tor_tls_get_peer_cert, mock_get_peer_cert); 1204 MOCK(tor_tls_get_own_cert, mock_get_own_cert); 1205 MOCK(connection_or_close_for_error, mock_close_for_err); 1206 MOCK(channel_set_circid_type, mock_set_circid_type); 1207 MOCK(tor_tls_export_key_material, mock_export_key_material); 1208 d->c1 = or_connection_new(CONN_TYPE_OR, AF_INET); 1209 d->c2 = or_connection_new(CONN_TYPE_OR, AF_INET); 1210 tor_addr_from_ipv4h(&d->c1->base_.addr, 0x01020304); 1211 tor_addr_from_ipv4h(&d->c2->base_.addr, 0x05060708); 1212 1213 d->key1 = pk_generate(2); 1214 d->key2 = pk_generate(3); 1215 tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER, 1216 d->key1, d->key2, 86400), OP_EQ, 0); 1217 1218 init_mock_ed_keys(d->key2); 1219 1220 d->c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3; 1221 d->c1->link_proto = 3; 1222 tt_int_op(connection_init_or_handshake_state(d->c1, 1), OP_EQ, 0); 1223 1224 d->c2->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3; 1225 d->c2->link_proto = 3; 1226 tt_int_op(connection_init_or_handshake_state(d->c2, 0), OP_EQ, 0); 1227 var_cell_t *cell = var_cell_new(16); 1228 cell->command = CELL_CERTS; 1229 or_handshake_state_record_var_cell(d->c1, d->c1->handshake_state, cell, 1); 1230 or_handshake_state_record_var_cell(d->c2, d->c2->handshake_state, cell, 0); 1231 memset(cell->payload, 0xf0, 16); 1232 or_handshake_state_record_var_cell(d->c1, d->c1->handshake_state, cell, 0); 1233 or_handshake_state_record_var_cell(d->c2, d->c2->handshake_state, cell, 1); 1234 tor_free(cell); 1235 1236 d->chan2 = tor_malloc_zero(sizeof(*d->chan2)); 1237 channel_tls_common_init(d->chan2); 1238 d->c2->chan = d->chan2; 1239 d->chan2->conn = d->c2; 1240 d->c2->base_.address = tor_strdup("C2"); 1241 d->c2->tls = tor_tls_new(-1, 1); 1242 d->c2->handshake_state->received_certs_cell = 1; 1243 1244 const tor_x509_cert_t *id_cert=NULL, *link_cert=NULL; 1245 tt_assert(! tor_tls_get_my_certs(1, &link_cert, &id_cert)); 1246 1247 const uint8_t *der; 1248 size_t sz; 1249 tor_x509_cert_get_der(id_cert, &der, &sz); 1250 d->c1->handshake_state->certs->id_cert = tor_x509_cert_decode(der, sz); 1251 d->c2->handshake_state->certs->id_cert = tor_x509_cert_decode(der, sz); 1252 1253 { 1254 d->c1->handshake_state->certs->ed_id_sign = 1255 tor_cert_dup(get_master_signing_key_cert()); 1256 d->c2->handshake_state->certs->ed_id_sign = 1257 tor_cert_dup(get_master_signing_key_cert()); 1258 d->c2->handshake_state->certs->ed_sign_auth = 1259 tor_cert_dup(get_current_auth_key_cert()); 1260 } 1261 1262 tor_x509_cert_get_der(link_cert, &der, &sz); 1263 mock_peer_cert = tor_x509_cert_decode(der, sz); 1264 tt_assert(mock_peer_cert); 1265 1266 mock_own_cert = tor_x509_cert_decode(der, sz); 1267 tt_assert(mock_own_cert); 1268 1269 /* Make an authenticate cell ... */ 1270 int authtype = AUTHTYPE_ED25519_SHA256_RFC5705; 1271 1272 tt_int_op(0, OP_EQ, connection_or_send_authenticate_cell(d->c1, authtype)); 1273 1274 tt_assert(mock_got_var_cell); 1275 d->cell = mock_got_var_cell; 1276 mock_got_var_cell = NULL; 1277 1278 return d; 1279 done: 1280 authenticate_data_cleanup(test, d); 1281 return NULL; 1282 } 1283 1284 static struct testcase_setup_t setup_authenticate = { 1285 .setup_fn = authenticate_data_setup, 1286 .cleanup_fn = authenticate_data_cleanup 1287 }; 1288 1289 static void 1290 test_link_handshake_auth_cell(void *arg) 1291 { 1292 authenticate_data_t *d = arg; 1293 auth1_t *auth1 = NULL; 1294 crypto_pk_t *auth_pubkey = NULL; 1295 1296 /* Is the cell well-formed on the outer layer? */ 1297 tt_int_op(d->cell->command, OP_EQ, CELL_AUTHENTICATE); 1298 tt_int_op(d->cell->payload[0], OP_EQ, 0); 1299 tt_int_op(d->cell->payload[1], OP_EQ, 3); 1300 tt_int_op(ntohs(get_uint16(d->cell->payload + 2)), OP_EQ, 1301 d->cell->payload_len - 4); 1302 1303 /* Check it out for plausibility... */ 1304 tt_int_op(d->cell->payload_len-4, OP_EQ, auth1_parse(&auth1, 1305 d->cell->payload+4, 1306 d->cell->payload_len - 4)); 1307 tt_assert(auth1); 1308 1309 tt_mem_op(auth1->type, OP_EQ, "AUTH0003", 8); 1310 tt_mem_op(auth1->tlssecrets, OP_EQ, "int getRandomNumber(){return 4;}", 32); 1311 1312 /* Is the signature okay? */ 1313 const uint8_t *start = d->cell->payload+4, *end = auth1->end_of_signed; 1314 { 1315 ed25519_signature_t sig; 1316 tt_int_op(auth1_getlen_sig(auth1), OP_EQ, ED25519_SIG_LEN); 1317 memcpy(&sig.sig, auth1_getarray_sig(auth1), ED25519_SIG_LEN); 1318 tt_assert(!ed25519_checksig(&sig, start, end-start, 1319 &get_current_auth_keypair()->pubkey)); 1320 } 1321 1322 /* Then feed it to c2. */ 1323 tt_int_op(d->c2->handshake_state->authenticated, OP_EQ, 0); 1324 channel_tls_process_authenticate_cell(d->cell, d->chan2); 1325 tt_int_op(mock_close_called, OP_EQ, 0); 1326 tt_int_op(d->c2->handshake_state->authenticated, OP_EQ, 1); 1327 { 1328 tt_int_op(d->c2->handshake_state->authenticated_ed25519, OP_EQ, 1); 1329 tt_int_op(d->c2->handshake_state->authenticated_rsa, OP_EQ, 1); 1330 } 1331 1332 done: 1333 auth1_free(auth1); 1334 crypto_pk_free(auth_pubkey); 1335 } 1336 1337 #define AUTHENTICATE_FAIL(name, code) \ 1338 static void \ 1339 test_link_handshake_auth_ ## name(void *arg) \ 1340 { \ 1341 authenticate_data_t *d = arg; \ 1342 const char *require_failure_message = NULL; \ 1343 setup_capture_of_logs(LOG_INFO); \ 1344 { code ; } \ 1345 tt_int_op(d->c2->handshake_state->authenticated, OP_EQ, 0); \ 1346 channel_tls_process_authenticate_cell(d->cell, d->chan2); \ 1347 tt_int_op(mock_close_called, OP_EQ, 1); \ 1348 tt_int_op(d->c2->handshake_state->authenticated, OP_EQ, 0); \ 1349 if (require_failure_message) { \ 1350 expect_log_msg_containing(require_failure_message); \ 1351 } \ 1352 done: \ 1353 teardown_capture_of_logs(); \ 1354 } 1355 1356 AUTHENTICATE_FAIL(badstate, 1357 require_failure_message = "We're not doing a v3 handshake"; 1358 d->c2->base_.state = OR_CONN_STATE_CONNECTING) 1359 AUTHENTICATE_FAIL(badproto, 1360 require_failure_message = "not using link protocol >= 3"; 1361 d->c2->link_proto = 2) 1362 AUTHENTICATE_FAIL(atclient, 1363 require_failure_message = "We originated this connection"; 1364 d->c2->handshake_state->started_here = 1; 1365 d->c2->handshake_state->certs->started_here = 1;) 1366 AUTHENTICATE_FAIL(duplicate, 1367 require_failure_message = "We already got one"; 1368 d->c2->handshake_state->received_authenticate = 1) 1369 static void 1370 test_link_handshake_auth_already_authenticated(void *arg) 1371 { 1372 authenticate_data_t *d = arg; 1373 setup_capture_of_logs(LOG_INFO); 1374 d->c2->handshake_state->authenticated = 1; 1375 channel_tls_process_authenticate_cell(d->cell, d->chan2); 1376 tt_int_op(mock_close_called, OP_EQ, 1); 1377 tt_int_op(d->c2->handshake_state->authenticated, OP_EQ, 1); 1378 expect_log_msg_containing("The peer is already authenticated"); 1379 done: 1380 teardown_capture_of_logs(); 1381 } 1382 1383 AUTHENTICATE_FAIL(nocerts, 1384 require_failure_message = "We never got a certs cell"; 1385 d->c2->handshake_state->received_certs_cell = 0) 1386 AUTHENTICATE_FAIL(noidcert, 1387 require_failure_message = "We never got an identity " 1388 "certificate"; 1389 tor_x509_cert_free(d->c2->handshake_state->certs->id_cert); 1390 d->c2->handshake_state->certs->id_cert = NULL) 1391 AUTHENTICATE_FAIL(tooshort, 1392 require_failure_message = "Cell was way too short"; 1393 d->cell->payload_len = 3) 1394 AUTHENTICATE_FAIL(badtype, 1395 require_failure_message = "Authenticator type was not " 1396 "recognized"; 1397 d->cell->payload[0] = 0xff) 1398 AUTHENTICATE_FAIL(truncated_1, 1399 require_failure_message = "Authenticator was truncated"; 1400 d->cell->payload[2]++) 1401 AUTHENTICATE_FAIL(truncated_2, 1402 require_failure_message = "Authenticator was truncated"; 1403 d->cell->payload[3]++) 1404 AUTHENTICATE_FAIL(tooshort_1, 1405 require_failure_message = "Authenticator was too short"; 1406 tt_int_op(d->cell->payload_len, OP_GE, 260); 1407 d->cell->payload[2] -= 1; 1408 d->cell->payload_len -= 256;) 1409 AUTHENTICATE_FAIL(badcontent, 1410 require_failure_message = "Some field in the AUTHENTICATE " 1411 "cell body was not as expected"; 1412 d->cell->payload[10] ^= 0xff) 1413 AUTHENTICATE_FAIL(badsig_1, 1414 require_failure_message = "Ed25519 signature wasn't valid"; 1415 d->cell->payload[d->cell->payload_len - 5] ^= 0xff) 1416 AUTHENTICATE_FAIL(missing_ed_id, 1417 { 1418 tor_cert_free(d->c2->handshake_state->certs->ed_id_sign); 1419 d->c2->handshake_state->certs->ed_id_sign = NULL; 1420 require_failure_message = "Ed authenticate without Ed ID " 1421 "cert from peer"; 1422 }) 1423 AUTHENTICATE_FAIL(missing_ed_auth, 1424 { 1425 tor_cert_free(d->c2->handshake_state->certs->ed_sign_auth); 1426 d->c2->handshake_state->certs->ed_sign_auth = NULL; 1427 require_failure_message = "We never got an Ed25519 " 1428 "authentication certificate"; 1429 }) 1430 1431 #ifndef COCCI 1432 #define TEST_RSA(name, flags) \ 1433 { #name , test_link_handshake_ ## name, (flags), \ 1434 &passthrough_setup, (void*)"RSA" } 1435 1436 #define TEST_ED(name, flags) \ 1437 { #name "_ed25519" , test_link_handshake_ ## name, (flags), \ 1438 &passthrough_setup, (void*)"Ed25519" } 1439 1440 #define TEST_RCV_AUTHCHALLENGE(name) \ 1441 { "recv_authchallenge/" #name , \ 1442 test_link_handshake_recv_authchallenge_ ## name, TT_FORK, \ 1443 &setup_recv_authchallenge, NULL } 1444 1445 #define TEST_RCV_CERTS(name) \ 1446 { "recv_certs/" #name , \ 1447 test_link_handshake_recv_certs_ ## name, TT_FORK, \ 1448 &setup_recv_certs, (void*)"RSA-Link" } 1449 1450 #define TEST_RCV_CERTS_RSA(name,type) \ 1451 { "recv_certs/" #name , \ 1452 test_link_handshake_recv_certs_ ## name, TT_FORK, \ 1453 &setup_recv_certs, (void*)type } 1454 1455 #define TEST_RCV_CERTS_ED(name, type) \ 1456 { "recv_certs/" #name "_ed25519", \ 1457 test_link_handshake_recv_certs_ ## name, TT_FORK, \ 1458 &setup_recv_certs, (void*)type } 1459 1460 /* These two used to have different behavior, but since we've 1461 disabled RSA-SHAS256-TLSSecret authentication, we no longer 1462 have any need to distinguish. 1463 */ 1464 #define TEST_AUTHENTICATE(name) \ 1465 { "authenticate/" #name , test_link_handshake_auth_ ## name, TT_FORK, \ 1466 &setup_authenticate, NULL } 1467 #define TEST_AUTHENTICATE_ED(name) \ 1468 { "authenticate/" #name "_ed25519" , test_link_handshake_auth_ ## name, \ 1469 TT_FORK, &setup_authenticate, (void*)3 } 1470 #endif /* !defined(COCCI) */ 1471 1472 struct testcase_t link_handshake_tests[] = { 1473 TEST_RSA(certs_ok, TT_FORK), 1474 TEST_ED(certs_ok, TT_FORK), 1475 1476 TEST_RCV_CERTS(ok), 1477 TEST_RCV_CERTS_ED(ok, "Ed25519-Link"), 1478 TEST_RCV_CERTS_RSA(ok_server, "RSA-Auth"), 1479 TEST_RCV_CERTS_ED(ok_server, "Ed25519-Auth"), 1480 TEST_RCV_CERTS(badstate), 1481 TEST_RCV_CERTS(badproto), 1482 TEST_RCV_CERTS(duplicate), 1483 TEST_RCV_CERTS(already_authenticated), 1484 TEST_RCV_CERTS(empty), 1485 TEST_RCV_CERTS(bad_circid), 1486 TEST_RCV_CERTS(truncated_1), 1487 TEST_RCV_CERTS(truncated_2), 1488 TEST_RCV_CERTS(truncated_3), 1489 TEST_RCV_CERTS_ED(truncated_4, "Ed25519-Link"), 1490 TEST_RCV_CERTS_ED(truncated_5, "Ed25519-Link"), 1491 TEST_RCV_CERTS_ED(truncated_6, "Ed25519-Link"), 1492 TEST_RCV_CERTS_ED(truncated_7, "Ed25519-Link"), 1493 TEST_RCV_CERTS(not_x509), 1494 TEST_RCV_CERTS(both_link), 1495 TEST_RCV_CERTS(both_id_rsa), 1496 TEST_RCV_CERTS(both_auth), 1497 TEST_RCV_CERTS_ED(duplicate_id, "Ed25519-Link"), 1498 TEST_RCV_CERTS_ED(duplicate_link, "Ed25519-Link"), 1499 TEST_RCV_CERTS_ED(duplicate_crosscert, "Ed25519-Link"), 1500 TEST_RCV_CERTS_ED(missing_crosscert, "Ed25519-Link"), 1501 TEST_RCV_CERTS_ED(missing_id, "Ed25519-Link"), 1502 TEST_RCV_CERTS_ED(missing_signing_key, "Ed25519-Link"), 1503 TEST_RCV_CERTS_ED(missing_link, "Ed25519-Link"), 1504 TEST_RCV_CERTS_ED(missing_auth, "Ed25519-Auth"), 1505 TEST_RCV_CERTS_ED(missing_rsa_id, "Ed25519-Link"), 1506 TEST_RCV_CERTS_ED(link_mismatch, "Ed25519-Link"), 1507 TEST_RCV_CERTS_ED(bad_ed_sig, "Ed25519-Link"), 1508 TEST_RCV_CERTS_ED(bad_rsa_id_cert, "Ed25519-Link"), 1509 TEST_RCV_CERTS_ED(bad_crosscert, "Ed25519-Link"), 1510 TEST_RCV_CERTS_RSA(expired_rsa_id, "RSA-Link"), 1511 TEST_RCV_CERTS_ED(expired_rsa_id, "Ed25519-Link"), 1512 TEST_RCV_CERTS_ED(expired_ed_id, "Ed25519-Link"), 1513 TEST_RCV_CERTS_ED(expired_ed_link, "Ed25519-Link"), 1514 TEST_RCV_CERTS_ED(expired_crosscert, "Ed25519-Link"), 1515 TEST_RCV_CERTS(wrong_labels_1), 1516 TEST_RCV_CERTS(wrong_labels_2), 1517 TEST_RCV_CERTS(wrong_labels_3), 1518 TEST_RCV_CERTS(server_missing_certs), 1519 TEST_RCV_CERTS(server_wrong_labels_1), 1520 1521 TEST_RSA(send_authchallenge, TT_FORK), 1522 TEST_RCV_AUTHCHALLENGE(no_ed25519), 1523 TEST_RCV_AUTHCHALLENGE(ok_ed25519), 1524 TEST_RCV_AUTHCHALLENGE(ok_noserver), 1525 TEST_RCV_AUTHCHALLENGE(ok_unrecognized), 1526 TEST_RCV_AUTHCHALLENGE(badstate), 1527 TEST_RCV_AUTHCHALLENGE(badproto), 1528 TEST_RCV_AUTHCHALLENGE(as_server), 1529 TEST_RCV_AUTHCHALLENGE(duplicate), 1530 TEST_RCV_AUTHCHALLENGE(nocerts), 1531 TEST_RCV_AUTHCHALLENGE(tooshort), 1532 TEST_RCV_AUTHCHALLENGE(truncated), 1533 TEST_RCV_AUTHCHALLENGE(nonzero_circid), 1534 1535 TEST_AUTHENTICATE(cell), 1536 TEST_AUTHENTICATE_ED(cell), 1537 TEST_AUTHENTICATE(badstate), 1538 TEST_AUTHENTICATE(badproto), 1539 TEST_AUTHENTICATE(atclient), 1540 TEST_AUTHENTICATE(duplicate), 1541 TEST_AUTHENTICATE(already_authenticated), 1542 TEST_AUTHENTICATE(nocerts), 1543 TEST_AUTHENTICATE(noidcert), 1544 TEST_AUTHENTICATE(tooshort), 1545 TEST_AUTHENTICATE(badtype), 1546 TEST_AUTHENTICATE(truncated_1), 1547 TEST_AUTHENTICATE(truncated_2), 1548 TEST_AUTHENTICATE(tooshort_1), 1549 TEST_AUTHENTICATE(badcontent), 1550 TEST_AUTHENTICATE(badsig_1), 1551 TEST_AUTHENTICATE_ED(badsig_1), 1552 TEST_AUTHENTICATE_ED(missing_ed_id), 1553 TEST_AUTHENTICATE_ED(missing_ed_auth), 1554 //TEST_AUTHENTICATE(), 1555 1556 END_OF_TESTCASES 1557 };