diff options
author | Nick Mathewson <nickm@torproject.org> | 2015-05-28 10:47:42 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2015-05-28 10:47:47 -0400 |
commit | 3bee74c6d115131f4850a07a5c12db21ae6f3193 (patch) | |
tree | dd261f2ef2007364c54043af54bd6aea9c300adb /src/test | |
parent | 32f59d73372f5843ceb305a9d58387573d90f4f6 (diff) | |
download | tor-3bee74c6d115131f4850a07a5c12db21ae6f3193.tar.gz tor-3bee74c6d115131f4850a07a5c12db21ae6f3193.zip |
Generate weird certificates correctly
(Our link protocol assumes that the link cert certifies the TLS key,
and there is an RSA->Ed25519 crosscert)
Diffstat (limited to 'src/test')
-rw-r--r-- | src/test/test_routerkeys.c | 47 |
1 files changed, 29 insertions, 18 deletions
diff --git a/src/test/test_routerkeys.c b/src/test/test_routerkeys.c index 49174243ca..06fc4ee217 100644 --- a/src/test/test_routerkeys.c +++ b/src/test/test_routerkeys.c @@ -416,12 +416,21 @@ test_routerkeys_ed_keys_init_all(void *arg) or_options_t *options = tor_malloc_zero(sizeof(or_options_t)); time_t now = time(NULL); ed25519_public_key_t id; - ed25519_keypair_t sign, link, auth; - // tor_cert_t *cert_is, *cert_sl, *cert_auth; + ed25519_keypair_t sign, auth; + tor_cert_t *link_cert = NULL; + + get_options_mutable()->ORPort_set = 1; + + crypto_pk_t *rsa = pk_generate(0); + + set_server_identity_key(rsa); + set_client_identity_key(rsa); + + router_initialize_tls_context(); options->SigningKeyLifetime = 30*86400; options->TestingAuthKeyLifetime = 2*86400; - options->TestingLinkKeyLifetime = 2*86400; + options->TestingLinkCertLifetime = 2*86400; options->TestingSigningKeySlop = 2*86400; options->TestingAuthKeySlop = 2*3600; options->TestingLinkKeySlop = 2*3600; @@ -440,59 +449,61 @@ test_routerkeys_ed_keys_init_all(void *arg) tt_assert(get_master_identity_key()); tt_assert(get_master_identity_key()); tt_assert(get_master_signing_keypair()); - tt_assert(get_current_link_keypair()); tt_assert(get_current_auth_keypair()); tt_assert(get_master_signing_key_cert()); - tt_assert(get_current_link_key_cert()); + tt_assert(get_current_link_cert_cert()); tt_assert(get_current_auth_key_cert()); memcpy(&id, get_master_identity_key(), sizeof(id)); memcpy(&sign, get_master_signing_keypair(), sizeof(sign)); - memcpy(&link, get_current_link_keypair(), sizeof(link)); memcpy(&auth, get_current_auth_keypair(), sizeof(auth)); + link_cert = tor_cert_dup(get_current_link_cert_cert()); /* Call load_ed_keys again, but nothing has changed. */ tt_int_op(0, ==, load_ed_keys(options, now)); tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id)); tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign)); - tt_mem_op(&link, ==, get_current_link_keypair(), sizeof(link)); tt_mem_op(&auth, ==, get_current_auth_keypair(), sizeof(auth)); + tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert())); /* Force a reload: we make new link/auth keys. */ routerkeys_free_all(); tt_int_op(0, ==, load_ed_keys(options, now)); tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id)); tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign)); - tt_mem_op(&link, !=, get_current_link_keypair(), sizeof(link)); + tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert())); tt_mem_op(&auth, !=, get_current_auth_keypair(), sizeof(auth)); tt_assert(get_master_signing_key_cert()); - tt_assert(get_current_link_key_cert()); + tt_assert(get_current_link_cert_cert()); tt_assert(get_current_auth_key_cert()); - memcpy(&link, get_current_link_keypair(), sizeof(link)); + tor_cert_free(link_cert); + link_cert = tor_cert_dup(get_current_link_cert_cert()); memcpy(&auth, get_current_auth_keypair(), sizeof(auth)); /* Force a link/auth-key regeneration by advancing time. */ tt_int_op(0, ==, load_ed_keys(options, now+3*86400)); tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id)); tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign)); - tt_mem_op(&link, !=, get_current_link_keypair(), sizeof(link)); + tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert())); tt_mem_op(&auth, !=, get_current_auth_keypair(), sizeof(auth)); tt_assert(get_master_signing_key_cert()); - tt_assert(get_current_link_key_cert()); + tt_assert(get_current_link_cert_cert()); tt_assert(get_current_auth_key_cert()); - memcpy(&link, get_current_link_keypair(), sizeof(link)); + tor_cert_free(link_cert); + link_cert = tor_cert_dup(get_current_link_cert_cert()); memcpy(&auth, get_current_auth_keypair(), sizeof(auth)); /* Force a signing-key regeneration by advancing time. */ tt_int_op(0, ==, load_ed_keys(options, now+100*86400)); tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id)); tt_mem_op(&sign, !=, get_master_signing_keypair(), sizeof(sign)); - tt_mem_op(&link, !=, get_current_link_keypair(), sizeof(link)); + tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert())); tt_mem_op(&auth, !=, get_current_auth_keypair(), sizeof(auth)); tt_assert(get_master_signing_key_cert()); - tt_assert(get_current_link_key_cert()); + tt_assert(get_current_link_cert_cert()); tt_assert(get_current_auth_key_cert()); memcpy(&sign, get_master_signing_keypair(), sizeof(sign)); - memcpy(&link, get_current_link_keypair(), sizeof(link)); + tor_cert_free(link_cert); + link_cert = tor_cert_dup(get_current_link_cert_cert()); memcpy(&auth, get_current_auth_keypair(), sizeof(auth)); /* Demonstrate that we can start up with no secret identity key */ @@ -502,10 +513,10 @@ test_routerkeys_ed_keys_init_all(void *arg) tt_int_op(0, ==, load_ed_keys(options, now)); tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id)); tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign)); - tt_mem_op(&link, !=, get_current_link_keypair(), sizeof(link)); + tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert())); tt_mem_op(&auth, !=, get_current_auth_keypair(), sizeof(auth)); tt_assert(get_master_signing_key_cert()); - tt_assert(get_current_link_key_cert()); + tt_assert(get_current_link_cert_cert()); tt_assert(get_current_auth_key_cert()); /* But we're in trouble if we have no id key and our signing key has |