test_routerkeys.c (28975B)
1 /* Copyright (c) 2001-2004, Roger Dingledine. 2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. 3 * Copyright (c) 2007-2021, The Tor Project, Inc. */ 4 /* See LICENSE for licensing information */ 5 6 #include "orconfig.h" 7 #define ROUTER_PRIVATE 8 #define ROUTERKEYS_PRIVATE 9 #include "core/or/or.h" 10 #include "app/config/config.h" 11 #include "feature/relay/router.h" 12 #include "feature/relay/routerkeys.h" 13 #include "lib/crypt_ops/crypto_cipher.h" 14 #include "lib/crypt_ops/crypto_format.h" 15 #include "feature/keymgt/loadkey.h" 16 #include "feature/nodelist/torcert.h" 17 #include "test/test.h" 18 19 #ifdef _WIN32 20 /* For mkdir() */ 21 #include <direct.h> 22 #endif 23 24 #ifdef HAVE_UNISTD_H 25 #include <unistd.h> 26 #endif 27 #ifdef HAVE_SYS_STAT_H 28 #include <sys/stat.h> 29 #endif 30 31 static void 32 test_routerkeys_write_fingerprint(void *arg) 33 { 34 crypto_pk_t *key = pk_generate(2); 35 or_options_t *options = get_options_mutable(); 36 const char *ddir = get_fname("write_fingerprint"); 37 char *cp = NULL, *cp2 = NULL; 38 char fp[FINGERPRINT_LEN+1]; 39 40 (void)arg; 41 42 tt_assert(key); 43 44 options->ORPort_set = 1; /* So that we can get the server ID key */ 45 tor_free(options->DataDirectory); 46 options->DataDirectory = tor_strdup(ddir); 47 options->Nickname = tor_strdup("haflinger"); 48 set_server_identity_key(key); 49 set_client_identity_key(crypto_pk_dup_key(key)); 50 51 tt_int_op(0, OP_EQ, check_private_dir(ddir, CPD_CREATE, NULL)); 52 tt_int_op(crypto_pk_cmp_keys(get_server_identity_key(),key),OP_EQ,0); 53 54 /* Write fingerprint file */ 55 tt_int_op(0, OP_EQ, router_write_fingerprint(0, 0)); 56 cp = read_file_to_str(get_fname("write_fingerprint/fingerprint"), 57 0, NULL); 58 crypto_pk_get_fingerprint(key, fp, 0); 59 tor_asprintf(&cp2, "haflinger %s\n", fp); 60 tt_str_op(cp, OP_EQ, cp2); 61 tor_free(cp); 62 tor_free(cp2); 63 64 /* Write hashed-fingerprint file */ 65 tt_int_op(0, OP_EQ, router_write_fingerprint(1, 0)); 66 cp = read_file_to_str(get_fname("write_fingerprint/hashed-fingerprint"), 67 0, NULL); 68 crypto_pk_get_hashed_fingerprint(key, fp); 69 tor_asprintf(&cp2, "haflinger %s\n", fp); 70 tt_str_op(cp, OP_EQ, cp2); 71 tor_free(cp); 72 tor_free(cp2); 73 74 /* Replace outdated file */ 75 write_str_to_file(get_fname("write_fingerprint/hashed-fingerprint"), 76 "junk goes here", 0); 77 tt_int_op(0, OP_EQ, router_write_fingerprint(1, 0)); 78 cp = read_file_to_str(get_fname("write_fingerprint/hashed-fingerprint"), 79 0, NULL); 80 crypto_pk_get_hashed_fingerprint(key, fp); 81 tor_asprintf(&cp2, "haflinger %s\n", fp); 82 tt_str_op(cp, OP_EQ, cp2); 83 tor_free(cp); 84 tor_free(cp2); 85 86 done: 87 crypto_pk_free(key); 88 set_client_identity_key(NULL); 89 tor_free(cp); 90 tor_free(cp2); 91 } 92 93 static void 94 test_routerkeys_write_ed25519_identity(void *arg) 95 { 96 crypto_pk_t *key = pk_generate(2); 97 or_options_t *options = get_options_mutable(); 98 time_t now = time(NULL); 99 const char *ddir = get_fname("write_fingerprint"); 100 char *cp = NULL, *cp2 = NULL; 101 char ed25519_id[BASE64_DIGEST256_LEN + 1]; 102 103 (void) arg; 104 105 tt_assert(key); 106 107 options->ORPort_set = 1; /* So that we can get the server ID key */ 108 tor_free(options->DataDirectory); 109 options->DataDirectory = tor_strdup(ddir); 110 options->Nickname = tor_strdup("haflinger"); 111 set_server_identity_key(key); 112 set_client_identity_key(crypto_pk_dup_key(key)); 113 114 load_ed_keys(options, now); 115 tt_assert(get_master_identity_key()); 116 117 tt_int_op(0, OP_EQ, check_private_dir(ddir, CPD_CREATE, NULL)); 118 119 /* Write fingerprint file */ 120 tt_int_op(0, OP_EQ, router_write_fingerprint(0, 1)); 121 cp = read_file_to_str(get_fname("write_fingerprint/fingerprint-ed25519"), 122 0, NULL); 123 digest256_to_base64(ed25519_id, 124 (const char *) get_master_identity_key()->pubkey); 125 tor_asprintf(&cp2, "haflinger %s\n", ed25519_id); 126 tt_str_op(cp, OP_EQ, cp2); 127 tor_free(cp); 128 tor_free(cp2); 129 130 done: 131 crypto_pk_free(key); 132 set_client_identity_key(NULL); 133 tor_free(cp); 134 tor_free(cp2); 135 routerkeys_free_all(); 136 } 137 138 static void 139 test_routerkeys_ed_certs(void *args) 140 { 141 (void)args; 142 ed25519_keypair_t kp1, kp2; 143 tor_cert_t *cert[2] = {NULL, NULL}, *nocert = NULL; 144 tor_cert_t *parsed_cert[2] = {NULL, NULL}; 145 time_t now = 1412094534; 146 uint8_t *junk = NULL; 147 char *base64 = NULL; 148 149 tt_int_op(0,OP_EQ,ed25519_keypair_generate(&kp1, 0)); 150 tt_int_op(0,OP_EQ,ed25519_keypair_generate(&kp2, 0)); 151 152 for (int i = 0; i <= 1; ++i) { 153 uint32_t flags = i ? CERT_FLAG_INCLUDE_SIGNING_KEY : 0; 154 155 cert[i] = tor_cert_create_ed25519(&kp1, 5, &kp2.pubkey, now, 10000, flags); 156 tt_assert(cert[i]); 157 158 tt_uint_op(cert[i]->sig_bad, OP_EQ, 0); 159 tt_uint_op(cert[i]->sig_ok, OP_EQ, 1); 160 tt_uint_op(cert[i]->cert_expired, OP_EQ, 0); 161 tt_uint_op(cert[i]->cert_valid, OP_EQ, 1); 162 tt_int_op(cert[i]->cert_type, OP_EQ, 5); 163 tt_mem_op(cert[i]->signed_key.pubkey, OP_EQ, &kp2.pubkey.pubkey, 32); 164 tt_mem_op(cert[i]->signing_key.pubkey, OP_EQ, &kp1.pubkey.pubkey, 32); 165 tt_int_op(cert[i]->signing_key_included, OP_EQ, i); 166 167 tt_assert(cert[i]->encoded); 168 tt_int_op(cert[i]->encoded_len, OP_EQ, 104 + 36 * i); 169 tt_int_op(cert[i]->encoded[0], OP_EQ, 1); 170 tt_int_op(cert[i]->encoded[1], OP_EQ, 5); 171 172 parsed_cert[i] = tor_cert_parse(cert[i]->encoded, cert[i]->encoded_len); 173 tt_assert(parsed_cert[i]); 174 tt_int_op(cert[i]->encoded_len, OP_EQ, parsed_cert[i]->encoded_len); 175 tt_mem_op(cert[i]->encoded, OP_EQ, parsed_cert[i]->encoded, 176 cert[i]->encoded_len); 177 tt_uint_op(parsed_cert[i]->sig_bad, OP_EQ, 0); 178 tt_uint_op(parsed_cert[i]->sig_ok, OP_EQ, 0); 179 tt_uint_op(parsed_cert[i]->cert_expired, OP_EQ, 0); 180 tt_uint_op(parsed_cert[i]->cert_valid, OP_EQ, 0); 181 182 /* Expired */ 183 tt_int_op(tor_cert_checksig(parsed_cert[i], &kp1.pubkey, now + 30000), 184 OP_LT, 0); 185 tt_uint_op(parsed_cert[i]->cert_expired, OP_EQ, 1); 186 parsed_cert[i]->cert_expired = 0; 187 188 /* Wrong key */ 189 tt_int_op(tor_cert_checksig(parsed_cert[i], &kp2.pubkey, now), OP_LT, 0); 190 tt_uint_op(parsed_cert[i]->sig_bad, OP_EQ, 1); 191 parsed_cert[i]->sig_bad = 0; 192 193 /* Missing key */ 194 int ok = tor_cert_checksig(parsed_cert[i], NULL, now); 195 tt_int_op(ok < 0, OP_EQ, i == 0); 196 tt_uint_op(parsed_cert[i]->sig_bad, OP_EQ, 0); 197 tt_assert(parsed_cert[i]->sig_ok == (i != 0)); 198 tt_assert(parsed_cert[i]->cert_valid == (i != 0)); 199 parsed_cert[i]->sig_bad = 0; 200 parsed_cert[i]->sig_ok = 0; 201 parsed_cert[i]->cert_valid = 0; 202 203 /* Right key */ 204 tt_int_op(tor_cert_checksig(parsed_cert[i], &kp1.pubkey, now), OP_EQ, 0); 205 tt_uint_op(parsed_cert[i]->sig_bad, OP_EQ, 0); 206 tt_uint_op(parsed_cert[i]->sig_ok, OP_EQ, 1); 207 tt_uint_op(parsed_cert[i]->cert_expired, OP_EQ, 0); 208 tt_uint_op(parsed_cert[i]->cert_valid, OP_EQ, 1); 209 } 210 211 /* Now try some junky certs. */ 212 /* - Truncated */ 213 nocert = tor_cert_parse(cert[0]->encoded, cert[0]->encoded_len-1); 214 tt_ptr_op(NULL, OP_EQ, nocert); 215 216 /* - First byte modified */ 217 cert[0]->encoded[0] = 99; 218 nocert = tor_cert_parse(cert[0]->encoded, cert[0]->encoded_len); 219 tt_ptr_op(NULL, OP_EQ, nocert); 220 cert[0]->encoded[0] = 1; 221 222 /* - Extra byte at the end*/ 223 junk = tor_malloc_zero(cert[0]->encoded_len + 1); 224 memcpy(junk, cert[0]->encoded, cert[0]->encoded_len); 225 nocert = tor_cert_parse(junk, cert[0]->encoded_len+1); 226 tt_ptr_op(NULL, OP_EQ, nocert); 227 228 /* - Multiple signing key instances */ 229 tor_free(junk); 230 junk = tor_malloc_zero(104 + 36 * 2); 231 junk[0] = 1; /* version */ 232 junk[1] = 5; /* cert type */ 233 junk[6] = 1; /* key type */ 234 junk[39] = 2; /* n_extensions */ 235 junk[41] = 32; /* extlen */ 236 junk[42] = 4; /* exttype */ 237 junk[77] = 32; /* extlen */ 238 junk[78] = 4; /* exttype */ 239 nocert = tor_cert_parse(junk, 104 + 36 * 2); 240 tt_ptr_op(NULL, OP_EQ, nocert); 241 242 done: 243 tor_cert_free(cert[0]); 244 tor_cert_free(cert[1]); 245 tor_cert_free(parsed_cert[0]); 246 tor_cert_free(parsed_cert[1]); 247 tor_cert_free(nocert); 248 tor_free(junk); 249 tor_free(base64); 250 } 251 252 static void 253 test_routerkeys_ed_key_create(void *arg) 254 { 255 (void)arg; 256 tor_cert_t *cert = NULL; 257 ed25519_keypair_t *kp1 = NULL, *kp2 = NULL; 258 time_t now = time(NULL); 259 260 /* This is a simple alias for 'make a new keypair' */ 261 kp1 = ed_key_new(NULL, 0, 0, 0, 0, &cert); 262 tt_assert(kp1); 263 264 /* Create a new certificate signed by kp1. */ 265 kp2 = ed_key_new(kp1, INIT_ED_KEY_NEEDCERT, now, 3600, 4, &cert); 266 tt_assert(kp2); 267 tt_assert(cert); 268 tt_mem_op(&cert->signed_key, OP_EQ, &kp2->pubkey, 269 sizeof(ed25519_public_key_t)); 270 tt_assert(! cert->signing_key_included); 271 272 tt_int_op(cert->valid_until, OP_GE, now); 273 tt_int_op(cert->valid_until, OP_LE, now+7200); 274 275 /* Create a new key-including certificate signed by kp1 */ 276 ed25519_keypair_free(kp2); 277 tor_cert_free(cert); 278 cert = NULL; kp2 = NULL; 279 kp2 = ed_key_new(kp1, (INIT_ED_KEY_NEEDCERT| 280 INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT), 281 now, 3600, 4, &cert); 282 tt_assert(kp2); 283 tt_assert(cert); 284 tt_assert(cert->signing_key_included); 285 tt_mem_op(&cert->signed_key, OP_EQ, &kp2->pubkey, 286 sizeof(ed25519_public_key_t)); 287 tt_mem_op(&cert->signing_key, OP_EQ, &kp1->pubkey, 288 sizeof(ed25519_public_key_t)); 289 290 done: 291 ed25519_keypair_free(kp1); 292 ed25519_keypair_free(kp2); 293 tor_cert_free(cert); 294 } 295 296 static void 297 test_routerkeys_ed_key_init_basic(void *arg) 298 { 299 (void) arg; 300 301 tor_cert_t *cert = NULL, *cert2 = NULL; 302 ed25519_keypair_t *kp1 = NULL, *kp2 = NULL, *kp3 = NULL; 303 time_t now = time(NULL); 304 char *fname1 = tor_strdup(get_fname("test_ed_key_1")); 305 char *fname2 = tor_strdup(get_fname("test_ed_key_2")); 306 struct stat st; 307 308 unlink(fname1); 309 unlink(fname2); 310 311 /* Fail to load a key that isn't there. */ 312 kp1 = ed_key_init_from_file(fname1, 0, LOG_INFO, NULL, now, 0, 7, &cert, 313 NULL); 314 tt_assert(kp1 == NULL); 315 tt_assert(cert == NULL); 316 317 /* Create the key if requested to do so. */ 318 kp1 = ed_key_init_from_file(fname1, INIT_ED_KEY_CREATE, LOG_INFO, 319 NULL, now, 0, 7, &cert, NULL); 320 tt_assert(kp1 != NULL); 321 tt_assert(cert == NULL); 322 tt_int_op(stat(get_fname("test_ed_key_1_cert"), &st), OP_LT, 0); 323 tt_int_op(stat(get_fname("test_ed_key_1_secret_key"), &st), OP_EQ, 0); 324 325 /* Fail to load if we say we need a cert */ 326 kp2 = ed_key_init_from_file(fname1, INIT_ED_KEY_NEEDCERT, LOG_INFO, 327 NULL, now, 0, 7, &cert, NULL); 328 tt_assert(kp2 == NULL); 329 330 /* Fail to load if we say the wrong key type */ 331 kp2 = ed_key_init_from_file(fname1, 0, LOG_INFO, 332 NULL, now, 0, 6, &cert, NULL); 333 tt_assert(kp2 == NULL); 334 335 /* Load successfully if we're not picky, whether we say "create" or not. */ 336 kp2 = ed_key_init_from_file(fname1, INIT_ED_KEY_CREATE, LOG_INFO, 337 NULL, now, 0, 7, &cert, NULL); 338 tt_assert(kp2 != NULL); 339 tt_assert(cert == NULL); 340 tt_mem_op(kp1, OP_EQ, kp2, sizeof(*kp1)); 341 ed25519_keypair_free(kp2); kp2 = NULL; 342 343 kp2 = ed_key_init_from_file(fname1, 0, LOG_INFO, 344 NULL, now, 0, 7, &cert, NULL); 345 tt_assert(kp2 != NULL); 346 tt_assert(cert == NULL); 347 tt_mem_op(kp1, OP_EQ, kp2, sizeof(*kp1)); 348 ed25519_keypair_free(kp2); kp2 = NULL; 349 350 /* Now create a key with a cert. */ 351 kp2 = ed_key_init_from_file(fname2, (INIT_ED_KEY_CREATE| 352 INIT_ED_KEY_NEEDCERT), 353 LOG_INFO, kp1, now, 7200, 7, &cert, NULL); 354 tt_assert(kp2 != NULL); 355 tt_assert(cert != NULL); 356 tt_mem_op(kp1, OP_NE, kp2, sizeof(*kp1)); 357 tt_int_op(stat(get_fname("test_ed_key_2_cert"), &st), OP_EQ, 0); 358 tt_int_op(stat(get_fname("test_ed_key_2_secret_key"), &st), OP_EQ, 0); 359 360 tt_assert(cert->cert_valid == 1); 361 tt_mem_op(&cert->signed_key, OP_EQ, &kp2->pubkey, 32); 362 363 /* Now verify we can load the cert... */ 364 kp3 = ed_key_init_from_file(fname2, (INIT_ED_KEY_CREATE| 365 INIT_ED_KEY_NEEDCERT), 366 LOG_INFO, kp1, now, 7200, 7, &cert2, NULL); 367 tt_mem_op(kp2, OP_EQ, kp3, sizeof(*kp2)); 368 tt_mem_op(cert2->encoded, OP_EQ, cert->encoded, cert->encoded_len); 369 ed25519_keypair_free(kp3); kp3 = NULL; 370 tor_cert_free(cert2); cert2 = NULL; 371 372 /* ... even without create... */ 373 kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT, 374 LOG_INFO, kp1, now, 7200, 7, &cert2, NULL); 375 tt_mem_op(kp2, OP_EQ, kp3, sizeof(*kp2)); 376 tt_mem_op(cert2->encoded, OP_EQ, cert->encoded, cert->encoded_len); 377 ed25519_keypair_free(kp3); kp3 = NULL; 378 tor_cert_free(cert2); cert2 = NULL; 379 380 /* ... but that we don't crash or anything if we say we don't want it. */ 381 kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT, 382 LOG_INFO, kp1, now, 7200, 7, NULL, NULL); 383 tt_mem_op(kp2, OP_EQ, kp3, sizeof(*kp2)); 384 ed25519_keypair_free(kp3); kp3 = NULL; 385 386 /* Fail if we're told the wrong signing key */ 387 kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT, 388 LOG_INFO, kp2, now, 7200, 7, &cert2, NULL); 389 tt_assert(kp3 == NULL); 390 tt_assert(cert2 == NULL); 391 392 done: 393 ed25519_keypair_free(kp1); 394 ed25519_keypair_free(kp2); 395 ed25519_keypair_free(kp3); 396 tor_cert_free(cert); 397 tor_cert_free(cert2); 398 tor_free(fname1); 399 tor_free(fname2); 400 } 401 402 static void 403 test_routerkeys_ed_key_init_split(void *arg) 404 { 405 (void) arg; 406 407 tor_cert_t *cert = NULL; 408 ed25519_keypair_t *kp1 = NULL, *kp2 = NULL; 409 time_t now = time(NULL); 410 char *fname1 = tor_strdup(get_fname("test_ed_key_3")); 411 char *fname2 = tor_strdup(get_fname("test_ed_key_4")); 412 struct stat st; 413 const uint32_t flags = INIT_ED_KEY_SPLIT|INIT_ED_KEY_MISSING_SECRET_OK; 414 415 unlink(fname1); 416 unlink(fname2); 417 418 /* Can't load key that isn't there. */ 419 kp1 = ed_key_init_from_file(fname1, flags, LOG_INFO, NULL, now, 0, 7, &cert, 420 NULL); 421 tt_assert(kp1 == NULL); 422 tt_assert(cert == NULL); 423 424 /* Create a split key */ 425 kp1 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE, 426 LOG_INFO, NULL, now, 0, 7, &cert, NULL); 427 tt_assert(kp1 != NULL); 428 tt_assert(cert == NULL); 429 tt_int_op(stat(get_fname("test_ed_key_3_cert"), &st), OP_LT, 0); 430 tt_int_op(stat(get_fname("test_ed_key_3_secret_key"), &st), OP_EQ, 0); 431 tt_int_op(stat(get_fname("test_ed_key_3_public_key"), &st), OP_EQ, 0); 432 433 /* Load it. */ 434 kp2 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE, 435 LOG_INFO, NULL, now, 0, 7, &cert, NULL); 436 tt_assert(kp2 != NULL); 437 tt_assert(cert == NULL); 438 tt_mem_op(kp1, OP_EQ, kp2, sizeof(*kp2)); 439 ed25519_keypair_free(kp2); kp2 = NULL; 440 441 /* Okay, try killing the secret key and loading it. */ 442 unlink(get_fname("test_ed_key_3_secret_key")); 443 kp2 = ed_key_init_from_file(fname1, flags, 444 LOG_INFO, NULL, now, 0, 7, &cert, NULL); 445 tt_assert(kp2 != NULL); 446 tt_assert(cert == NULL); 447 tt_mem_op(&kp1->pubkey, OP_EQ, &kp2->pubkey, sizeof(kp2->pubkey)); 448 tt_assert(fast_mem_is_zero((char*)kp2->seckey.seckey, 449 sizeof(kp2->seckey.seckey))); 450 ed25519_keypair_free(kp2); kp2 = NULL; 451 452 /* Even when we're told to "create", don't create if there's a public key */ 453 kp2 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE, 454 LOG_INFO, NULL, now, 0, 7, &cert, NULL); 455 tt_assert(kp2 != NULL); 456 tt_assert(cert == NULL); 457 tt_mem_op(&kp1->pubkey, OP_EQ, &kp2->pubkey, sizeof(kp2->pubkey)); 458 tt_assert(fast_mem_is_zero((char*)kp2->seckey.seckey, 459 sizeof(kp2->seckey.seckey))); 460 ed25519_keypair_free(kp2); kp2 = NULL; 461 462 /* Make sure we fail on a tag mismatch, though */ 463 kp2 = ed_key_init_from_file(fname1, flags, 464 LOG_INFO, NULL, now, 0, 99, &cert, NULL); 465 tt_assert(kp2 == NULL); 466 467 done: 468 ed25519_keypair_free(kp1); 469 ed25519_keypair_free(kp2); 470 tor_cert_free(cert); 471 tor_free(fname1); 472 tor_free(fname2); 473 } 474 475 static void 476 test_routerkeys_ed_keys_init_all(void *arg) 477 { 478 (void)arg; 479 char *dir = tor_strdup(get_fname("test_ed_keys_init_all")); 480 char *keydir = tor_strdup(get_fname("test_ed_keys_init_all/KEYS")); 481 or_options_t *options = tor_malloc_zero(sizeof(or_options_t)); 482 time_t now = time(NULL); 483 ed25519_public_key_t id; 484 ed25519_keypair_t sign, auth; 485 tor_cert_t *link_cert = NULL; 486 487 get_options_mutable()->ORPort_set = 1; 488 489 crypto_pk_t *rsa = pk_generate(0); 490 491 set_server_identity_key(rsa); 492 set_client_identity_key(rsa); 493 494 router_initialize_tls_context(); 495 496 options->SigningKeyLifetime = 30*86400; 497 options->TestingAuthKeyLifetime = 2*86400; 498 options->TestingLinkCertLifetime = 2*86400; 499 options->TestingSigningKeySlop = 2*86400; 500 options->TestingAuthKeySlop = 2*3600; 501 options->TestingLinkKeySlop = 2*3600; 502 503 #ifdef _WIN32 504 tt_int_op(0, OP_EQ, mkdir(dir)); 505 tt_int_op(0, OP_EQ, mkdir(keydir)); 506 #else 507 tt_int_op(0, OP_EQ, mkdir(dir, 0700)); 508 tt_int_op(0, OP_EQ, mkdir(keydir, 0700)); 509 #endif /* defined(_WIN32) */ 510 511 options->DataDirectory = dir; 512 options->KeyDirectory = keydir; 513 514 tt_int_op(1, OP_EQ, load_ed_keys(options, now)); 515 tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0)); 516 tt_assert(get_master_identity_key()); 517 tt_assert(get_master_identity_key()); 518 tt_assert(get_master_signing_keypair()); 519 tt_assert(get_current_auth_keypair()); 520 tt_assert(get_master_signing_key_cert()); 521 tt_assert(get_current_link_cert_cert()); 522 tt_assert(get_current_auth_key_cert()); 523 memcpy(&id, get_master_identity_key(), sizeof(id)); 524 memcpy(&sign, get_master_signing_keypair(), sizeof(sign)); 525 memcpy(&auth, get_current_auth_keypair(), sizeof(auth)); 526 link_cert = tor_cert_dup(get_current_link_cert_cert()); 527 528 /* Call load_ed_keys again, but nothing has changed. */ 529 tt_int_op(0, OP_EQ, load_ed_keys(options, now)); 530 tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0)); 531 tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id)); 532 tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign)); 533 tt_mem_op(&auth, OP_EQ, get_current_auth_keypair(), sizeof(auth)); 534 tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert())); 535 536 /* Force a reload: we make new link/auth keys. */ 537 routerkeys_free_all(); 538 tt_int_op(1, OP_EQ, load_ed_keys(options, now)); 539 tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0)); 540 tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id)); 541 tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign)); 542 tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert())); 543 tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth)); 544 tt_assert(get_master_signing_key_cert()); 545 tt_assert(get_current_link_cert_cert()); 546 tt_assert(get_current_auth_key_cert()); 547 tor_cert_free(link_cert); 548 link_cert = tor_cert_dup(get_current_link_cert_cert()); 549 memcpy(&auth, get_current_auth_keypair(), sizeof(auth)); 550 551 /* Force a link/auth-key regeneration by advancing time. */ 552 tt_int_op(0, OP_EQ, load_ed_keys(options, now+3*86400)); 553 tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now+3*86400, 0)); 554 tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id)); 555 tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign)); 556 tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert())); 557 tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth)); 558 tt_assert(get_master_signing_key_cert()); 559 tt_assert(get_current_link_cert_cert()); 560 tt_assert(get_current_auth_key_cert()); 561 tor_cert_free(link_cert); 562 link_cert = tor_cert_dup(get_current_link_cert_cert()); 563 memcpy(&auth, get_current_auth_keypair(), sizeof(auth)); 564 565 /* Force a signing-key regeneration by advancing time. */ 566 tt_int_op(1, OP_EQ, load_ed_keys(options, now+100*86400)); 567 tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now+100*86400, 0)); 568 tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id)); 569 tt_mem_op(&sign, OP_NE, get_master_signing_keypair(), sizeof(sign)); 570 tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert())); 571 tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth)); 572 tt_assert(get_master_signing_key_cert()); 573 tt_assert(get_current_link_cert_cert()); 574 tt_assert(get_current_auth_key_cert()); 575 memcpy(&sign, get_master_signing_keypair(), sizeof(sign)); 576 tor_cert_free(link_cert); 577 link_cert = tor_cert_dup(get_current_link_cert_cert()); 578 memcpy(&auth, get_current_auth_keypair(), sizeof(auth)); 579 580 /* Demonstrate that we can start up with no secret identity key */ 581 routerkeys_free_all(); 582 unlink(get_fname("test_ed_keys_init_all/KEYS/" 583 "ed25519_master_id_secret_key")); 584 tt_int_op(1, OP_EQ, load_ed_keys(options, now)); 585 tt_int_op(0, OP_EQ, generate_ed_link_cert(options, now, 0)); 586 tt_mem_op(&id, OP_EQ, get_master_identity_key(), sizeof(id)); 587 tt_mem_op(&sign, OP_EQ, get_master_signing_keypair(), sizeof(sign)); 588 tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert())); 589 tt_mem_op(&auth, OP_NE, get_current_auth_keypair(), sizeof(auth)); 590 tt_assert(get_master_signing_key_cert()); 591 tt_assert(get_current_link_cert_cert()); 592 tt_assert(get_current_auth_key_cert()); 593 594 /* But we're in trouble if we have no id key and our signing key has 595 expired. */ 596 log_global_min_severity_ = LOG_ERR; /* Suppress warnings. 597 * XXX (better way to do this)? */ 598 routerkeys_free_all(); 599 tt_int_op(-1, OP_EQ, load_ed_keys(options, now+200*86400)); 600 601 done: 602 tor_free(dir); 603 tor_free(keydir); 604 tor_free(options); 605 tor_cert_free(link_cert); 606 routerkeys_free_all(); 607 } 608 609 static void 610 test_routerkeys_cross_certify_ntor(void *args) 611 { 612 (void) args; 613 614 tor_cert_t *cert = NULL; 615 curve25519_keypair_t onion_keys; 616 ed25519_public_key_t master_key; 617 ed25519_public_key_t onion_check_key; 618 time_t now = time(NULL); 619 int sign; 620 621 tt_int_op(0, OP_EQ, ed25519_public_from_base64(&master_key, 622 "IamwritingthesetestsOnARainyAfternoonin2014")); 623 tt_int_op(0, OP_EQ, curve25519_keypair_generate(&onion_keys, 0)); 624 cert = make_ntor_onion_key_crosscert(&onion_keys, 625 &master_key, 626 now, 10000, 627 &sign); 628 tt_assert(cert); 629 tt_assert(sign == 0 || sign == 1); 630 tt_int_op(cert->cert_type, OP_EQ, CERT_TYPE_ONION_ID); 631 tt_int_op(1, OP_EQ, ed25519_pubkey_eq(&cert->signed_key, &master_key)); 632 tt_int_op(0, OP_EQ, ed25519_public_key_from_curve25519_public_key( 633 &onion_check_key, &onion_keys.pubkey, sign)); 634 tt_int_op(0, OP_EQ, tor_cert_checksig(cert, &onion_check_key, now)); 635 636 done: 637 tor_cert_free(cert); 638 } 639 640 static void 641 test_routerkeys_cross_certify_tap(void *args) 642 { 643 (void)args; 644 uint8_t *cc = NULL; 645 int cc_len; 646 ed25519_public_key_t master_key; 647 crypto_pk_t *onion_key = pk_generate(2), *id_key = pk_generate(1); 648 char digest[20]; 649 char buf[128]; 650 int n; 651 652 tt_int_op(0, OP_EQ, ed25519_public_from_base64(&master_key, 653 "IAlreadyWroteTestsForRouterdescsUsingTheseX")); 654 655 cc = make_tap_onion_key_crosscert(onion_key, 656 &master_key, 657 id_key, &cc_len); 658 tt_assert(cc); 659 tt_assert(cc_len); 660 661 n = crypto_pk_public_checksig(onion_key, buf, sizeof(buf), 662 (char*)cc, cc_len); 663 tt_int_op(n,OP_GT,0); 664 tt_int_op(n,OP_EQ,52); 665 666 crypto_pk_get_digest(id_key, digest); 667 tt_mem_op(buf,OP_EQ,digest,20); 668 tt_mem_op(buf+20,OP_EQ,master_key.pubkey,32); 669 670 tt_int_op(0, OP_EQ, check_tap_onion_key_crosscert(cc, cc_len, 671 onion_key, &master_key, (uint8_t*)digest)); 672 673 done: 674 tor_free(cc); 675 crypto_pk_free(id_key); 676 crypto_pk_free(onion_key); 677 } 678 679 static void 680 test_routerkeys_rsa_ed_crosscert(void *arg) 681 { 682 (void)arg; 683 ed25519_public_key_t ed; 684 crypto_pk_t *rsa = pk_generate(2); 685 686 uint8_t *cc = NULL; 687 ssize_t cc_len; 688 time_t expires_in = 1470846177; 689 690 tt_int_op(0, OP_EQ, ed25519_public_from_base64(&ed, 691 "ThisStringCanContainAnythingSoNoKeyHereNowX")); 692 cc_len = tor_make_rsa_ed25519_crosscert(&ed, rsa, expires_in, &cc); 693 694 tt_int_op(cc_len, OP_GT, 0); 695 tt_int_op(cc_len, OP_GT, 37); /* key, expires, siglen */ 696 tt_mem_op(cc, OP_EQ, ed.pubkey, 32); 697 time_t expires_out = 3600 * ntohl(get_uint32(cc+32)); 698 tt_int_op(expires_out, OP_GE, expires_in); 699 tt_int_op(expires_out, OP_LE, expires_in + 3600); 700 701 tt_int_op(cc_len, OP_EQ, 37 + get_uint8(cc+36)); 702 703 tt_int_op(0, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed, 704 expires_in - 10)); 705 706 /* Now try after it has expired */ 707 tt_int_op(-4, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed, 708 expires_out + 1)); 709 710 /* Truncated object */ 711 tt_int_op(-2, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len - 2, rsa, &ed, 712 expires_in - 10)); 713 714 /* Key not as expected */ 715 cc[0] ^= 3; 716 tt_int_op(-3, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed, 717 expires_in - 10)); 718 cc[0] ^= 3; 719 720 /* Bad signature */ 721 cc[40] ^= 3; 722 tt_int_op(-5, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed, 723 expires_in - 10)); 724 cc[40] ^= 3; 725 726 /* Signature of wrong data */ 727 cc[0] ^= 3; 728 ed.pubkey[0] ^= 3; 729 tt_int_op(-6, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed, 730 expires_in - 10)); 731 cc[0] ^= 3; 732 ed.pubkey[0] ^= 3; 733 734 done: 735 crypto_pk_free(rsa); 736 tor_free(cc); 737 } 738 739 static void 740 test_routerkeys_family_key_fname(void *arg) 741 { 742 (void)arg; 743 744 tt_assert(is_family_key_fname("hello.secret_family_key")); 745 tt_assert(is_family_key_fname("xyzzy.secret_family_key")); 746 tt_assert(is_family_key_fname("909.secret_family_key")); 747 tt_assert(! is_family_key_fname("zzz.secret_family_key~")); 748 tt_assert(! is_family_key_fname("secret_family_key")); 749 750 done: 751 ; 752 } 753 754 static void 755 test_routerkeys_load_family_keys(void *arg) 756 { 757 (void) arg; 758 char *dname = tor_strdup(get_fname_rnd("fkeys")); 759 char *fname = NULL; 760 or_options_t *options = get_options_mutable(); 761 ed25519_public_key_t pubkey; 762 763 #ifdef _WIN32 764 tt_assert(0==mkdir(dname)); 765 #else 766 tt_assert(0==mkdir(dname,0700)); 767 #endif 768 769 options->FamilyIds = smartlist_new(); 770 771 // Not a family key, will be ignored 772 tor_asprintf(&fname, "%s"PATH_SEPARATOR"junk.1", dname); 773 write_str_to_file(fname, "hello world", 0); 774 tor_free(fname); 775 776 tt_int_op(0, OP_EQ, load_family_id_keys_impl(options, dname)); 777 tt_int_op(0, OP_EQ, smartlist_len(get_current_family_id_keys())); 778 779 // Create a family key; make sure we can load it. 780 tor_asprintf(&fname, "%s"PATH_SEPARATOR"cg.secret_family_key", dname); 781 tt_int_op(0, OP_EQ, create_family_id_key(fname, &pubkey)); 782 tor_free(fname); 783 smartlist_add(options->FamilyIds, tor_memdup(&pubkey, sizeof(pubkey))); 784 785 tt_int_op(0, OP_EQ, load_family_id_keys_impl(options, dname)); 786 tt_int_op(1, OP_EQ, smartlist_len(get_current_family_id_keys())); 787 788 //Try a second key. 789 tor_asprintf(&fname, "%s"PATH_SEPARATOR"eb.secret_family_key", dname); 790 tt_int_op(0, OP_EQ, create_family_id_key(fname, &pubkey)); 791 smartlist_add(options->FamilyIds, tor_memdup(&pubkey, sizeof(pubkey))); 792 tor_free(fname); 793 794 tt_int_op(0, OP_EQ, load_family_id_keys_impl(options, dname)); 795 tt_int_op(2, OP_EQ, smartlist_len(get_current_family_id_keys())); 796 797 // Try an unlisted key, make sure it isn't loaded. 798 tor_asprintf(&fname, "%s"PATH_SEPARATOR"gt.secret_family_key", dname); 799 tt_int_op(0, OP_EQ, create_family_id_key(fname, &pubkey)); 800 // Do not add to FamilyIDs here; we're leaving it unlisted. 801 tor_free(fname); 802 803 tt_int_op(0, OP_EQ, load_family_id_keys_impl(options, dname)); 804 tt_int_op(2, OP_EQ, smartlist_len(get_current_family_id_keys())); 805 806 // Make a junk key, make sure it causes an error. 807 tor_asprintf(&fname, "%s"PATH_SEPARATOR"xyz.secret_family_key", dname); 808 write_str_to_file(fname, "hello world", 0); 809 tor_free(fname); 810 811 tt_int_op(-1, OP_EQ, load_family_id_keys_impl(options, dname)); 812 // keys unchanged 813 tt_int_op(2, OP_EQ, smartlist_len(get_current_family_id_keys())); 814 815 done: 816 tor_free(dname); 817 tor_free(fname); 818 } 819 820 #define TEST(name, flags) \ 821 { #name , test_routerkeys_ ## name, (flags), NULL, NULL } 822 823 struct testcase_t routerkeys_tests[] = { 824 TEST(write_fingerprint, TT_FORK), 825 TEST(write_ed25519_identity, TT_FORK), 826 TEST(ed_certs, TT_FORK), 827 TEST(ed_key_create, TT_FORK), 828 TEST(ed_key_init_basic, TT_FORK), 829 TEST(ed_key_init_split, TT_FORK), 830 TEST(ed_keys_init_all, TT_FORK), 831 TEST(cross_certify_ntor, 0), 832 TEST(cross_certify_tap, 0), 833 TEST(rsa_ed_crosscert, 0), 834 TEST(family_key_fname, 0), 835 TEST(load_family_keys, TT_FORK), 836 END_OF_TESTCASES 837 };