Merge branch 'maint-0.3.0'

author: Nick Mathewson <nickm@torproject.org> 2017-06-05 15:52:06 -0400
committer: Nick Mathewson <nickm@torproject.org> 2017-06-05 15:52:06 -0400
commit: e3b1573be6aefc91946fa4649591ed1690d77ee8 (patch)
tree: 449e6a0f317b7ce73a18b3c34477f474247f074f /src/test
parent: dd573f72b2f20b9aec310ee298ac4e9b737f835d (diff)
parent: 91f49bc0f0759d0e0a794fbfe8cce5a9bb07e607 (diff)
download: tor-e3b1573be6aefc91946fa4649591ed1690d77ee8.tar.gz
tor-e3b1573be6aefc91946fa4649591ed1690d77ee8.zip
3 files changed, 50 insertions, 13 deletions
diff --git a/src/test/test_link_handshake.c b/src/test/test_link_handshake.c
index 217088ee37..6e5f4430d5 100644
--- a/src/test/test_link_handshake.c
+++ b/src/test/test_link_handshake.c
@@ -52,7 +52,7 @@ mock_get_peer_cert(tor_tls_t *tls)
   if (mock_peer_cert_expect_tortls &&
       mock_peer_cert_expect_tortls != tls)
     return NULL;
-  return mock_peer_cert;
+  return tor_x509_cert_dup(mock_peer_cert);
 }
 
 static int mock_send_netinfo_called = 0;
@@ -98,6 +98,14 @@ mock_export_key_material(tor_tls_t *tls, uint8_t *secrets_out,
   return 0;
 }
 
+static tor_x509_cert_t *mock_own_cert = NULL;
+static tor_x509_cert_t *
+mock_get_own_cert(tor_tls_t *tls)
+{
+  (void)tls;
+  return tor_x509_cert_dup(mock_own_cert);
+}
+
 /* Test good certs cells */
 static void
 test_link_handshake_certs_ok(void *arg)
@@ -119,6 +127,7 @@ test_link_handshake_certs_ok(void *arg)
   MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
   MOCK(connection_or_send_netinfo, mock_send_netinfo);
   MOCK(tor_tls_get_peer_cert, mock_get_peer_cert);
+  MOCK(tor_tls_get_own_cert, mock_get_own_cert);
 
   key1 = pk_generate(2);
   key2 = pk_generate(3);
@@ -133,9 +142,17 @@ test_link_handshake_certs_ok(void *arg)
     /* If we're making a CERTS cell for an ed handshake, let's make sure we
      * have some Ed25519 certificates and keys. */
     init_mock_ed_keys(key2);
+  } else {
+    certs_cell_ed25519_disabled_for_testing = 1;
   }
 
   /* c1 has started_here == 1 */
+  {
+    const tor_x509_cert_t *link = NULL;
+    tt_assert(!tor_tls_get_my_certs(1, &link, NULL));
+    mock_own_cert = tor_x509_cert_dup(link);
+  }
+
   c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
   c1->link_proto = 3;
   tt_int_op(connection_init_or_handshake_state(c1, 1), ==, 0);
@@ -278,6 +295,9 @@ test_link_handshake_certs_ok(void *arg)
   UNMOCK(connection_or_write_var_cell_to_buf);
   UNMOCK(connection_or_send_netinfo);
   UNMOCK(tor_tls_get_peer_cert);
+  UNMOCK(tor_tls_get_own_cert);
+  tor_x509_cert_free(mock_own_cert);
+  mock_own_cert = NULL;
   memset(c1->identity_digest, 0, sizeof(c1->identity_digest));
   memset(c2->identity_digest, 0, sizeof(c2->identity_digest));
   connection_free_(TO_CONN(c1));
@@ -315,6 +335,7 @@ recv_certs_cleanup(const struct testcase_t *test, void *obj)
   UNMOCK(connection_or_send_netinfo);
   UNMOCK(connection_or_close_for_error);
   UNMOCK(tor_tls_get_peer_cert);
+  UNMOCK(tor_tls_get_own_cert);
 
   if (d) {
     tor_free(d->cell);
@@ -880,6 +901,11 @@ test_link_handshake_send_authchallenge(void *arg)
   or_connection_t *c1 = or_connection_new(CONN_TYPE_OR, AF_INET);
   var_cell_t *cell1=NULL, *cell2=NULL;
 
+  crypto_pk_t *rsa0 = pk_generate(0), *rsa1 = pk_generate(1);
+  tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
+                                 rsa0, rsa1, 86400), ==, 0);
+  init_mock_ed_keys(rsa0);
+
   MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
 
   tt_int_op(connection_init_or_handshake_state(c1, 0), ==, 0);
@@ -905,6 +931,8 @@ test_link_handshake_send_authchallenge(void *arg)
   connection_free_(TO_CONN(c1));
   tor_free(cell1);
   tor_free(cell2);
+  crypto_pk_free(rsa0);
+  crypto_pk_free(rsa1);
 }
 
 typedef struct authchallenge_data_s {
@@ -1118,6 +1146,7 @@ authenticate_data_cleanup(const struct testcase_t *test, void *arg)
   (void) test;
   UNMOCK(connection_or_write_var_cell_to_buf);
   UNMOCK(tor_tls_get_peer_cert);
+  UNMOCK(tor_tls_get_own_cert);
   UNMOCK(tor_tls_get_tlssecrets);
   UNMOCK(connection_or_close_for_error);
   UNMOCK(channel_set_circid_type);
@@ -1135,7 +1164,11 @@ authenticate_data_cleanup(const struct testcase_t *test, void *arg)
     crypto_pk_free(d->key2);
     tor_free(d);
   }
+  tor_x509_cert_free(mock_peer_cert);
+  tor_x509_cert_free(mock_own_cert);
   mock_peer_cert = NULL;
+  mock_own_cert = NULL;
+
   return 1;
 }
 
@@ -1149,6 +1182,7 @@ authenticate_data_setup(const struct testcase_t *test)
 
   MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
   MOCK(tor_tls_get_peer_cert, mock_get_peer_cert);
+  MOCK(tor_tls_get_own_cert, mock_get_own_cert);
   MOCK(tor_tls_get_tlssecrets, mock_get_tlssecrets);
   MOCK(connection_or_close_for_error, mock_close_for_err);
   MOCK(channel_set_circid_type, mock_set_circid_type);
@@ -1215,6 +1249,9 @@ authenticate_data_setup(const struct testcase_t *test)
   mock_peer_cert = tor_x509_cert_decode(der, sz);
   tt_assert(mock_peer_cert);
 
+  mock_own_cert = tor_x509_cert_decode(der, sz);
+  tt_assert(mock_own_cert);
+
   /* Make an authenticate cell ... */
   int authtype;
   if (is_ed)
diff --git a/src/test/test_routerkeys.c b/src/test/test_routerkeys.c
index 263923f50f..db6b9b3872 100644
--- a/src/test/test_routerkeys.c
+++ b/src/test/test_routerkeys.c
@@ -450,8 +450,8 @@ test_routerkeys_ed_keys_init_all(void *arg)
 
   options->DataDirectory = dir;
 
-  tt_int_op(0, ==, load_ed_keys(options, now));
-  tt_int_op(0, ==, generate_ed_link_cert(options, now));
+  tt_int_op(1, ==, load_ed_keys(options, now));
+  tt_int_op(0, ==, generate_ed_link_cert(options, now, 0));
   tt_assert(get_master_identity_key());
   tt_assert(get_master_identity_key());
   tt_assert(get_master_signing_keypair());
@@ -466,7 +466,7 @@ test_routerkeys_ed_keys_init_all(void *arg)
 
   /* Call load_ed_keys again, but nothing has changed. */
   tt_int_op(0, ==, load_ed_keys(options, now));
-  tt_int_op(0, ==, generate_ed_link_cert(options, now));
+  tt_int_op(0, ==, generate_ed_link_cert(options, now, 0));
   tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
   tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
   tt_mem_op(&auth, ==, get_current_auth_keypair(), sizeof(auth));
@@ -474,8 +474,8 @@ test_routerkeys_ed_keys_init_all(void *arg)
 
   /* Force a reload: we make new link/auth keys. */
   routerkeys_free_all();
-  tt_int_op(0, ==, load_ed_keys(options, now));
-  tt_int_op(0, ==, generate_ed_link_cert(options, now));
+  tt_int_op(1, ==, load_ed_keys(options, now));
+  tt_int_op(0, ==, generate_ed_link_cert(options, now, 0));
   tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
   tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
   tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert()));
@@ -489,7 +489,7 @@ test_routerkeys_ed_keys_init_all(void *arg)
 
   /* Force a link/auth-key regeneration by advancing time. */
   tt_int_op(0, ==, load_ed_keys(options, now+3*86400));
-  tt_int_op(0, ==, generate_ed_link_cert(options, now+3*86400));
+  tt_int_op(0, ==, generate_ed_link_cert(options, now+3*86400, 0));
   tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
   tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
   tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
@@ -502,8 +502,8 @@ test_routerkeys_ed_keys_init_all(void *arg)
   memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
 
   /* Force a signing-key regeneration by advancing time. */
-  tt_int_op(0, ==, load_ed_keys(options, now+100*86400));
-  tt_int_op(0, ==, generate_ed_link_cert(options, now+100*86400));
+  tt_int_op(1, ==, load_ed_keys(options, now+100*86400));
+  tt_int_op(0, ==, generate_ed_link_cert(options, now+100*86400, 0));
   tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
   tt_mem_op(&sign, !=, get_master_signing_keypair(), sizeof(sign));
   tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
@@ -520,8 +520,8 @@ test_routerkeys_ed_keys_init_all(void *arg)
   routerkeys_free_all();
   unlink(get_fname("test_ed_keys_init_all/keys/"
                    "ed25519_master_id_secret_key"));
-  tt_int_op(0, ==, load_ed_keys(options, now));
-  tt_int_op(0, ==, generate_ed_link_cert(options, now));
+  tt_int_op(1, ==, load_ed_keys(options, now));
+  tt_int_op(0, ==, generate_ed_link_cert(options, now, 0));
   tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
   tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
   tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c
index d511f163e3..026a0f3825 100644
--- a/src/test/test_shared_random.c
+++ b/src/test/test_shared_random.c
@@ -48,7 +48,7 @@ init_authority_state(void)
   mock_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
   tt_assert(mock_cert);
   options->AuthoritativeDir = 1;
-  tt_int_op(0, ==, load_ed_keys(options, time(NULL)));
+  tt_int_op(load_ed_keys(options, time(NULL)), OP_GE, 0);
   sr_state_init(0, 0);
   /* It's possible a commit has been generated in our state depending on
    * the phase we are currently in which uses "now" as the starting
@@ -286,7 +286,7 @@ test_sr_commit(void *arg)
     tt_assert(auth_cert);
 
     options->AuthoritativeDir = 1;
-    tt_int_op(0, ==, load_ed_keys(options, now));
+    tt_int_op(load_ed_keys(options, time(NULL)), OP_GE, 0);
   }
 
   /* Generate our commit object and validate it has the appropriate field
author	Nick Mathewson <nickm@torproject.org>	2017-06-05 15:52:06 -0400
committer	Nick Mathewson <nickm@torproject.org>	2017-06-05 15:52:06 -0400
commit	e3b1573be6aefc91946fa4649591ed1690d77ee8 (patch)
tree	449e6a0f317b7ce73a18b3c34477f474247f074f /src/test
parent	dd573f72b2f20b9aec310ee298ac4e9b737f835d (diff)
parent	91f49bc0f0759d0e0a794fbfe8cce5a9bb07e607 (diff)
download	tor-e3b1573be6aefc91946fa4649591ed1690d77ee8.tar.gz tor-e3b1573be6aefc91946fa4649591ed1690d77ee8.zip