summaryrefslogtreecommitdiff
path: root/src/test/hs_test_helpers.c
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2017-02-10 14:24:54 -0500
committerNick Mathewson <nickm@torproject.org>2017-05-11 08:33:26 -0400
commitae1d4cfdadb32f145f842e0ee943042eac428c93 (patch)
treea1fece9cf4bdb54c4ce7a437431704b0ec1e474a /src/test/hs_test_helpers.c
parent0958e3b208badb8f24c382e320e2a40d4ab5de86 (diff)
downloadtor-ae1d4cfdadb32f145f842e0ee943042eac428c93.tar.gz
tor-ae1d4cfdadb32f145f842e0ee943042eac428c93.zip
prop224: Change encryption keys descriptor encoding
A descriptor only contains the curve25519 public key in the enc-key field so the private key should not be in that data structure. The service data structures will have access to the full keypair (#20657). Furthermore, ticket #21871 has highlighted an issue in the proposal 224 about the encryption key and legacy key being mutually exclusive. This is very wrong and this commit fixes the code to follow the change to the proposal of that ticket. Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/test/hs_test_helpers.c')
-rw-r--r--src/test/hs_test_helpers.c53
1 files changed, 33 insertions, 20 deletions
diff --git a/src/test/hs_test_helpers.c b/src/test/hs_test_helpers.c
index a17bf0f0a2..3f0d6a9413 100644
--- a/src/test/hs_test_helpers.c
+++ b/src/test/hs_test_helpers.c
@@ -51,15 +51,36 @@ hs_helper_build_intro_point(const ed25519_keypair_t *signing_kp, time_t now,
tt_assert(ip->auth_key_cert);
if (legacy) {
- ip->enc_key.legacy = crypto_pk_new();
- ip->enc_key_type = HS_DESC_KEY_TYPE_LEGACY;
- tt_assert(ip->enc_key.legacy);
- ret = crypto_pk_generate_key(ip->enc_key.legacy);
+ ip->legacy.key = crypto_pk_new();
+ tt_assert(ip->legacy.key);
+ ret = crypto_pk_generate_key(ip->legacy.key);
tt_int_op(ret, ==, 0);
- } else {
- ret = curve25519_keypair_generate(&ip->enc_key.curve25519, 0);
+ ssize_t cert_len = tor_make_rsa_ed25519_crosscert(
+ &signing_kp->pubkey, ip->legacy.key,
+ now + HS_DESC_CERT_LIFETIME,
+ &ip->legacy.cert.encoded);
+ tt_assert(ip->legacy.cert.encoded);
+ tt_u64_op(cert_len, OP_GT, 0);
+ ip->legacy.cert.len = cert_len;
+ }
+
+ /* Encryption key. */
+ {
+ int signbit;
+ curve25519_keypair_t curve25519_kp;
+ ed25519_keypair_t ed25519_kp;
+ tor_cert_t *cross_cert;
+
+ ret = curve25519_keypair_generate(&curve25519_kp, 0);
tt_int_op(ret, ==, 0);
- ip->enc_key_type = HS_DESC_KEY_TYPE_CURVE25519;
+ ed25519_keypair_from_curve25519_keypair(&ed25519_kp, &signbit,
+ &curve25519_kp);
+ cross_cert = tor_cert_create(signing_kp, CERT_TYPE_CROSS_HS_IP_KEYS,
+ &ed25519_kp.pubkey, time(NULL),
+ HS_DESC_CERT_LIFETIME,
+ CERT_FLAG_INCLUDE_SIGNING_KEY);
+ tt_assert(cross_cert);
+ ip->enc_key_cert = cross_cert;
}
intro_point = ip;
@@ -192,19 +213,11 @@ hs_helper_desc_equal(const hs_descriptor_t *desc1,
*ip2 = smartlist_get(desc2->encrypted_data
.intro_points, i);
tt_assert(tor_cert_eq(ip1->auth_key_cert, ip2->auth_key_cert));
- tt_int_op(ip1->enc_key_type, OP_EQ, ip2->enc_key_type);
- tt_assert(ip1->enc_key_type == HS_DESC_KEY_TYPE_LEGACY ||
- ip1->enc_key_type == HS_DESC_KEY_TYPE_CURVE25519);
- switch (ip1->enc_key_type) {
- case HS_DESC_KEY_TYPE_LEGACY:
- tt_int_op(crypto_pk_cmp_keys(ip1->enc_key.legacy,
- ip2->enc_key.legacy), OP_EQ, 0);
- break;
- case HS_DESC_KEY_TYPE_CURVE25519:
- tt_mem_op(ip1->enc_key.curve25519.pubkey.public_key, OP_EQ,
- ip2->enc_key.curve25519.pubkey.public_key,
- CURVE25519_PUBKEY_LEN);
- break;
+ if (ip1->legacy.key) {
+ tt_int_op(crypto_pk_cmp_keys(ip1->legacy.key, ip2->legacy.key),
+ OP_EQ, 0);
+ } else {
+ tt_mem_op(&ip1->enc_key, OP_EQ, &ip2->enc_key, CURVE25519_PUBKEY_LEN);
}
tt_int_op(smartlist_len(ip1->link_specifiers), ==,