summaryrefslogtreecommitdiff
path: root/src/test
diff options
context:
space:
mode:
Diffstat (limited to 'src/test')
-rw-r--r--src/test/bench.c74
-rwxr-xr-xsrc/test/bt_test.py2
-rw-r--r--src/test/ed25519_exts_ref.py2
-rw-r--r--src/test/fakechans.h2
-rw-r--r--src/test/fuzz/dict/http2
-rw-r--r--src/test/fuzz/fuzz_consensus.c13
-rw-r--r--src/test/fuzz/fuzz_descriptor.c12
-rw-r--r--src/test/fuzz/fuzz_diff.c8
-rw-r--r--src/test/fuzz/fuzz_diff_apply.c8
-rw-r--r--src/test/fuzz/fuzz_extrainfo.c12
-rw-r--r--src/test/fuzz/fuzz_hsdescv2.c12
-rw-r--r--src/test/fuzz/fuzz_hsdescv3.c19
-rw-r--r--src/test/fuzz/fuzz_http.c20
-rw-r--r--src/test/fuzz/fuzz_http_connect.c23
-rw-r--r--src/test/fuzz/fuzz_iptsv2.c15
-rw-r--r--src/test/fuzz/fuzz_microdesc.c13
-rw-r--r--src/test/fuzz/fuzz_socks.c50
-rw-r--r--src/test/fuzz/fuzz_vrs.c20
-rw-r--r--src/test/fuzz/fuzzing.h2
-rw-r--r--src/test/fuzz/fuzzing_common.c29
-rw-r--r--src/test/fuzz/include.am54
-rwxr-xr-xsrc/test/fuzz_static_testcases.sh2
-rw-r--r--src/test/hs_ntor_ref.py2
-rw-r--r--src/test/hs_test_helpers.c57
-rw-r--r--src/test/hs_test_helpers.h6
-rw-r--r--src/test/include.am126
-rw-r--r--src/test/log_test_helpers.c26
-rw-r--r--src/test/log_test_helpers.h44
-rwxr-xr-xsrc/test/ntor_ref.py2
-rw-r--r--src/test/ope_ref.py40
-rw-r--r--src/test/rend_test_helpers.c16
-rw-r--r--src/test/rend_test_helpers.h4
-rw-r--r--src/test/test-child.c2
-rw-r--r--src/test/test-memwipe.c12
-rwxr-xr-xsrc/test/test-network.sh4
-rw-r--r--src/test/test-timers.c23
-rw-r--r--src/test/test.c80
-rw-r--r--src/test/test.h31
-rw-r--r--src/test/test_accounting.c15
-rw-r--r--src/test/test_addr.c79
-rw-r--r--src/test/test_address.c42
-rw-r--r--src/test/test_address_set.c27
-rw-r--r--src/test/test_bridges.c110
-rw-r--r--src/test/test_bt_cl.c14
-rw-r--r--src/test/test_buffers.c19
-rw-r--r--src/test/test_bwmgt.c43
-rw-r--r--src/test/test_cell_formats.c32
-rw-r--r--src/test/test_cell_queue.c15
-rw-r--r--src/test/test_channel.c36
-rw-r--r--src/test/test_channelpadding.c112
-rw-r--r--src/test/test_channeltls.c28
-rw-r--r--src/test/test_checkdir.c14
-rw-r--r--src/test/test_circuitbuild.c18
-rw-r--r--src/test/test_circuitlist.c24
-rw-r--r--src/test/test_circuitmux.c20
-rw-r--r--src/test/test_circuitstats.c27
-rw-r--r--src/test/test_circuituse.c21
-rw-r--r--src/test/test_compat_libevent.c10
-rw-r--r--src/test/test_config.c211
-rw-r--r--src/test/test_connection.c42
-rw-r--r--src/test/test_connection.h2
-rw-r--r--src/test/test_conscache.c12
-rw-r--r--src/test/test_consdiff.c12
-rw-r--r--src/test/test_consdiffmgr.c31
-rw-r--r--src/test/test_containers.c21
-rw-r--r--src/test/test_controller.c115
-rw-r--r--src/test/test_controller_events.c87
-rw-r--r--src/test/test_crypto.c270
-rw-r--r--src/test/test_crypto_ope.c154
-rw-r--r--src/test/test_crypto_openssl.c15
-rw-r--r--src/test/test_crypto_slow.c17
-rw-r--r--src/test/test_data.c4
-rw-r--r--src/test/test_dir.c471
-rw-r--r--src/test/test_dir_common.c24
-rw-r--r--src/test/test_dir_common.h8
-rw-r--r--src/test/test_dir_handle_get.c59
-rw-r--r--src/test/test_dns.c17
-rw-r--r--src/test/test_dos.c29
-rw-r--r--src/test/test_entryconn.c28
-rw-r--r--src/test/test_entrynodes.c60
-rw-r--r--src/test/test_extorport.c30
-rw-r--r--src/test/test_geoip.c9
-rw-r--r--src/test/test_guardfraction.c28
-rw-r--r--src/test/test_handles.c11
-rw-r--r--src/test/test_helpers.c43
-rw-r--r--src/test/test_helpers.h4
-rw-r--r--src/test/test_hs.c109
-rw-r--r--src/test/test_hs_cache.c47
-rw-r--r--src/test/test_hs_cell.c20
-rw-r--r--src/test/test_hs_client.c243
-rw-r--r--src/test/test_hs_common.c70
-rw-r--r--src/test/test_hs_config.c32
-rw-r--r--src/test/test_hs_control.c34
-rw-r--r--src/test/test_hs_descriptor.c290
-rw-r--r--src/test/test_hs_intropoint.c36
-rw-r--r--src/test/test_hs_ntor.c13
-rw-r--r--src/test/test_hs_ntor_cl.c22
-rw-r--r--src/test/test_hs_service.c617
-rw-r--r--src/test/test_introduce.c10
-rw-r--r--src/test/test_keypin.c9
-rw-r--r--src/test/test_link_handshake.c86
-rw-r--r--src/test/test_logging.c20
-rw-r--r--src/test/test_mainloop.c12
-rw-r--r--src/test/test_microdesc.c32
-rw-r--r--src/test/test_nodelist.c21
-rw-r--r--src/test/test_ntor_cl.c18
-rw-r--r--src/test/test_oom.c27
-rw-r--r--src/test/test_oos.c19
-rw-r--r--src/test/test_options.c120
-rw-r--r--src/test/test_pem.c122
-rw-r--r--src/test/test_periodic_event.c24
-rw-r--r--src/test/test_policy.c24
-rw-r--r--src/test/test_procmon.c10
-rw-r--r--src/test/test_proto_http.c12
-rw-r--r--src/test/test_proto_misc.c20
-rw-r--r--src/test/test_protover.c51
-rw-r--r--src/test/test_pt.c26
-rw-r--r--src/test/test_pubsub.c85
-rw-r--r--src/test/test_rebind.py89
-rwxr-xr-xsrc/test/test_rebind.sh19
-rw-r--r--src/test/test_relay.c19
-rw-r--r--src/test/test_relaycell.c33
-rw-r--r--src/test/test_relaycrypt.c19
-rw-r--r--src/test/test_rendcache.c27
-rw-r--r--src/test/test_replay.c8
-rw-r--r--src/test/test_router.c153
-rw-r--r--src/test/test_routerkeys.c62
-rw-r--r--src/test/test_routerlist.c59
-rw-r--r--src/test/test_routerset.c24
-rwxr-xr-xsrc/test/test_rust.sh5
-rw-r--r--src/test/test_scheduler.c22
-rw-r--r--src/test/test_shared_random.c96
-rw-r--r--src/test/test_slow.c6
-rw-r--r--src/test/test_socks.c29
-rw-r--r--src/test/test_status.c37
-rw-r--r--src/test/test_storagedir.c12
-rw-r--r--src/test/test_switch_id.c9
-rw-r--r--src/test/test_threads.c8
-rw-r--r--src/test/test_tortls.c2764
-rw-r--r--src/test/test_tortls.h13
-rw-r--r--src/test/test_tortls_openssl.c2316
-rw-r--r--src/test/test_util.c313
-rw-r--r--src/test/test_util_format.c14
-rw-r--r--src/test/test_util_process.c10
-rw-r--r--src/test/test_util_slow.c19
-rw-r--r--src/test/test_voting_schedule.c6
-rw-r--r--src/test/test_workqueue.c20
-rw-r--r--src/test/test_x509.c205
-rwxr-xr-xsrc/test/test_zero_length_keys.sh6
-rw-r--r--src/test/testing_common.c69
-rw-r--r--src/test/testing_rsakeys.c11
151 files changed, 7437 insertions, 4735 deletions
diff --git a/src/test/bench.c b/src/test/bench.c
index 9ab23c9921..959d4374b1 100644
--- a/src/test/bench.c
+++ b/src/test/bench.c
@@ -1,6 +1,6 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -10,21 +10,33 @@
#include "orconfig.h"
-#include "or.h"
-#include "onion_tap.h"
-#include "relay_crypto.h"
+#include "core/or/or.h"
+#include "core/crypto/onion_tap.h"
+#include "core/crypto/relay_crypto.h"
+
+#ifdef ENABLE_OPENSSL
#include <openssl/opensslv.h>
#include <openssl/evp.h>
#include <openssl/ec.h>
#include <openssl/ecdh.h>
#include <openssl/obj_mac.h>
+#endif
+
+#include "core/or/circuitlist.h"
+#include "app/config/config.h"
+#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_dh.h"
+#include "core/crypto/onion_ntor.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "feature/dircommon/consdiff.h"
+#include "lib/compress/compress.h"
+
+#include "core/or/cell_st.h"
+#include "core/or/or_circuit_st.h"
-#include "config.h"
-#include "crypto_curve25519.h"
-#include "onion_ntor.h"
-#include "crypto_ed25519.h"
-#include "crypto_rand.h"
-#include "consdiff.h"
+#include "lib/crypt_ops/digestset.h"
+#include "lib/crypt_ops/crypto_init.h"
#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_PROCESS_CPUTIME_ID)
static uint64_t nanostart;
@@ -371,7 +383,7 @@ bench_dmap(void)
crypto_rand(d, 20);
smartlist_add(sl2, tor_memdup(d, 20));
}
- printf("nbits=%d\n", ds->mask+1);
+ //printf("nbits=%d\n", ds->mask+1);
reset_perftime();
@@ -399,18 +411,20 @@ bench_dmap(void)
NANOCOUNT(pt3, pt4, iters*elts));
for (i = 0; i < iters; ++i) {
- SMARTLIST_FOREACH(sl, const char *, cp, n += digestset_contains(ds, cp));
- SMARTLIST_FOREACH(sl2, const char *, cp, n += digestset_contains(ds, cp));
+ SMARTLIST_FOREACH(sl, const char *, cp,
+ n += digestset_probably_contains(ds, cp));
+ SMARTLIST_FOREACH(sl2, const char *, cp,
+ n += digestset_probably_contains(ds, cp));
}
end = perftime();
- printf("digestset_contains: %.2f ns per element.\n",
+ printf("digestset_probably_contains: %.2f ns per element.\n",
NANOCOUNT(pt4, end, iters*elts*2));
/* We need to use this, or else the whole loop gets optimized out. */
printf("Hits == %d\n", n);
for (i = 0; i < fpostests; ++i) {
crypto_rand(d, 20);
- if (digestset_contains(ds, d)) ++fp;
+ if (digestset_probably_contains(ds, d)) ++fp;
}
printf("False positive rate on digestset: %.2f%%\n",
(fp/(double)fpostests)*100);
@@ -459,18 +473,19 @@ bench_digest(void)
for (int i = 0; lens[i] > 0; ++i) {
reset_perftime();
start = perftime();
+ int failures = 0;
for (int j = 0; j < N; ++j) {
switch (alg) {
case DIGEST_SHA1:
- crypto_digest(out, buf, lens[i]);
+ failures += crypto_digest(out, buf, lens[i]) < 0;
break;
case DIGEST_SHA256:
case DIGEST_SHA3_256:
- crypto_digest256(out, buf, lens[i], alg);
+ failures += crypto_digest256(out, buf, lens[i], alg) < 0;
break;
case DIGEST_SHA512:
case DIGEST_SHA3_512:
- crypto_digest512(out, buf, lens[i], alg);
+ failures += crypto_digest512(out, buf, lens[i], alg) < 0;
break;
default:
tor_assert(0);
@@ -480,6 +495,8 @@ bench_digest(void)
printf("%s(%d): %.2f ns per call\n",
crypto_digest_algorithm_get_name(alg),
lens[i], NANOCOUNT(start,end,N));
+ if (failures)
+ printf("ERROR: crypto_digest failed %d times.\n", failures);
}
}
}
@@ -544,8 +561,8 @@ bench_dh(void)
reset_perftime();
start = perftime();
for (i = 0; i < iters; ++i) {
- char dh_pubkey_a[DH_BYTES], dh_pubkey_b[DH_BYTES];
- char secret_a[DH_BYTES], secret_b[DH_BYTES];
+ char dh_pubkey_a[DH1024_KEY_LEN], dh_pubkey_b[DH1024_KEY_LEN];
+ char secret_a[DH1024_KEY_LEN], secret_b[DH1024_KEY_LEN];
ssize_t slen_a, slen_b;
crypto_dh_t *dh_a = crypto_dh_new(DH_TYPE_TLS);
crypto_dh_t *dh_b = crypto_dh_new(DH_TYPE_TLS);
@@ -569,6 +586,7 @@ bench_dh(void)
" %f millisec each.\n", NANOCOUNT(start, end, iters)/1e6);
}
+#ifdef ENABLE_OPENSSL
static void
bench_ecdh_impl(int nid, const char *name)
{
@@ -579,7 +597,7 @@ bench_ecdh_impl(int nid, const char *name)
reset_perftime();
start = perftime();
for (i = 0; i < iters; ++i) {
- char secret_a[DH_BYTES], secret_b[DH_BYTES];
+ char secret_a[DH1024_KEY_LEN], secret_b[DH1024_KEY_LEN];
ssize_t slen_a, slen_b;
EC_KEY *dh_a = EC_KEY_new_by_curve_name(nid);
EC_KEY *dh_b = EC_KEY_new_by_curve_name(nid);
@@ -590,10 +608,10 @@ bench_ecdh_impl(int nid, const char *name)
EC_KEY_generate_key(dh_a);
EC_KEY_generate_key(dh_b);
- slen_a = ECDH_compute_key(secret_a, DH_BYTES,
+ slen_a = ECDH_compute_key(secret_a, DH1024_KEY_LEN,
EC_KEY_get0_public_key(dh_b), dh_a,
NULL);
- slen_b = ECDH_compute_key(secret_b, DH_BYTES,
+ slen_b = ECDH_compute_key(secret_b, DH1024_KEY_LEN,
EC_KEY_get0_public_key(dh_a), dh_b,
NULL);
@@ -618,6 +636,7 @@ bench_ecdh_p224(void)
{
bench_ecdh_impl(NID_secp224r1, "P-224");
}
+#endif
typedef void (*bench_fn)(void);
@@ -641,8 +660,11 @@ static struct benchmark_t benchmarks[] = {
ENT(cell_aes),
ENT(cell_ops),
ENT(dh),
+
+#ifdef ENABLE_OPENSSL
ENT(ecdh_p256),
ENT(ecdh_p224),
+#endif
{NULL,NULL,0}
};
@@ -670,9 +692,9 @@ main(int argc, const char **argv)
tor_threads_init();
tor_compress_init();
+ init_logging(1);
if (argc == 4 && !strcmp(argv[1], "diff")) {
- init_logging(1);
const int N = 200;
char *f1 = read_file_to_str(argv[2], RFTS_BIN, NULL);
char *f2 = read_file_to_str(argv[3], RFTS_BIN, NULL);
@@ -708,13 +730,12 @@ main(int argc, const char **argv)
reset_perftime();
- if (crypto_seed_rng() < 0) {
+ if (crypto_global_init(0, NULL, NULL) < 0) {
printf("Couldn't seed RNG; exiting.\n");
return 1;
}
init_protocol_warning_severity_level();
- crypto_init_siphash_key();
options = options_new();
init_logging(1);
options->command = CMD_RUN_UNITTESTS;
@@ -738,4 +759,3 @@ main(int argc, const char **argv)
return 0;
}
-
diff --git a/src/test/bt_test.py b/src/test/bt_test.py
index 4cb3326042..0eeb58c16c 100755
--- a/src/test/bt_test.py
+++ b/src/test/bt_test.py
@@ -1,4 +1,4 @@
-# Copyright 2013-2017, The Tor Project, Inc
+# Copyright 2013-2018, The Tor Project, Inc
# See LICENSE for licensing information
"""
diff --git a/src/test/ed25519_exts_ref.py b/src/test/ed25519_exts_ref.py
index f84d3002d3..a9090c9ed2 100644
--- a/src/test/ed25519_exts_ref.py
+++ b/src/test/ed25519_exts_ref.py
@@ -1,5 +1,5 @@
#!/usr/bin/python
-# Copyright 2014-2017, The Tor Project, Inc
+# Copyright 2014-2018, The Tor Project, Inc
# See LICENSE for licensing information
"""
diff --git a/src/test/fakechans.h b/src/test/fakechans.h
index ab5d8461b6..0770be8e04 100644
--- a/src/test/fakechans.h
+++ b/src/test/fakechans.h
@@ -1,4 +1,4 @@
- /* Copyright (c) 2014-2017, The Tor Project, Inc. */
+ /* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TOR_FAKECHANS_H
diff --git a/src/test/fuzz/dict/http b/src/test/fuzz/dict/http
index 3b0531579d..63627ac380 100644
--- a/src/test/fuzz/dict/http
+++ b/src/test/fuzz/dict/http
@@ -4,7 +4,7 @@
#
# Extracted from directory_handle_command() in the tor source code
#
-# Copyright (c) 2016-2017, The Tor Project, Inc.
+# Copyright (c) 2016-2018, The Tor Project, Inc.
# See LICENSE for licensing information
#
# Usage:
diff --git a/src/test/fuzz/fuzz_consensus.c b/src/test/fuzz/fuzz_consensus.c
index 6610ade7ad..b170fd33d8 100644
--- a/src/test/fuzz/fuzz_consensus.c
+++ b/src/test/fuzz/fuzz_consensus.c
@@ -1,10 +1,12 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define ROUTERPARSE_PRIVATE
-#include "or.h"
-#include "routerparse.h"
-#include "networkstatus.h"
-#include "fuzzing.h"
+#include "core/or/or.h"
+#include "feature/nodelist/routerparse.h"
+#include "feature/nodelist/networkstatus.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+#include "feature/nodelist/networkstatus_st.h"
+#include "test/fuzz/fuzzing.h"
static void
mock_dump_desc__nodump(const char *desc, const char *type)
@@ -75,4 +77,3 @@ fuzz_main(const uint8_t *data, size_t sz)
tor_free(str);
return 0;
}
-
diff --git a/src/test/fuzz/fuzz_descriptor.c b/src/test/fuzz/fuzz_descriptor.c
index 1a50beae17..5a56f4081a 100644
--- a/src/test/fuzz/fuzz_descriptor.c
+++ b/src/test/fuzz/fuzz_descriptor.c
@@ -1,11 +1,11 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define ROUTERPARSE_PRIVATE
-#include "or.h"
-#include "routerparse.h"
-#include "routerlist.h"
-#include "routerkeys.h"
-#include "fuzzing.h"
+#include "core/or/or.h"
+#include "feature/nodelist/routerparse.h"
+#include "feature/nodelist/routerlist.h"
+#include "feature/relay/routerkeys.h"
+#include "test/fuzz/fuzzing.h"
static int
mock_check_tap_onion_key_crosscert__nocheck(const uint8_t *crosscert,
diff --git a/src/test/fuzz/fuzz_diff.c b/src/test/fuzz/fuzz_diff.c
index 642380b512..1079856fdb 100644
--- a/src/test/fuzz/fuzz_diff.c
+++ b/src/test/fuzz/fuzz_diff.c
@@ -1,13 +1,13 @@
-/* Copyright (c) 2016, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define CONSDIFF_PRIVATE
#include "orconfig.h"
-#include "or.h"
-#include "consdiff.h"
+#include "core/or/or.h"
+#include "feature/dircommon/consdiff.h"
-#include "fuzzing.h"
+#include "test/fuzz/fuzzing.h"
static int
mock_consensus_compute_digest_(const char *c, consensus_digest_t *d)
diff --git a/src/test/fuzz/fuzz_diff_apply.c b/src/test/fuzz/fuzz_diff_apply.c
index 8d7bf751bf..165d0e6126 100644
--- a/src/test/fuzz/fuzz_diff_apply.c
+++ b/src/test/fuzz/fuzz_diff_apply.c
@@ -1,13 +1,13 @@
-/* Copyright (c) 2016, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define CONSDIFF_PRIVATE
#include "orconfig.h"
-#include "or.h"
-#include "consdiff.h"
+#include "core/or/or.h"
+#include "feature/dircommon/consdiff.h"
-#include "fuzzing.h"
+#include "test/fuzz/fuzzing.h"
static int
mock_consensus_compute_digest_(const char *c, consensus_digest_t *d)
diff --git a/src/test/fuzz/fuzz_extrainfo.c b/src/test/fuzz/fuzz_extrainfo.c
index 2a3de7ecf7..6c88f80122 100644
--- a/src/test/fuzz/fuzz_extrainfo.c
+++ b/src/test/fuzz/fuzz_extrainfo.c
@@ -1,11 +1,11 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define ROUTERPARSE_PRIVATE
-#include "or.h"
-#include "routerparse.h"
-#include "routerlist.h"
-#include "routerkeys.h"
-#include "fuzzing.h"
+#include "core/or/or.h"
+#include "feature/nodelist/routerparse.h"
+#include "feature/nodelist/routerlist.h"
+#include "feature/relay/routerkeys.h"
+#include "test/fuzz/fuzzing.h"
static void
mock_dump_desc__nodump(const char *desc, const char *type)
diff --git a/src/test/fuzz/fuzz_hsdescv2.c b/src/test/fuzz/fuzz_hsdescv2.c
index 19db265716..fd5da41635 100644
--- a/src/test/fuzz/fuzz_hsdescv2.c
+++ b/src/test/fuzz/fuzz_hsdescv2.c
@@ -1,10 +1,11 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define ROUTERPARSE_PRIVATE
-#include "or.h"
-#include "routerparse.h"
-#include "rendcommon.h"
-#include "fuzzing.h"
+#include "core/or/or.h"
+#include "feature/nodelist/routerparse.h"
+#include "feature/rend/rendcommon.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+#include "test/fuzz/fuzzing.h"
static void
mock_dump_desc__nodump(const char *desc, const char *type)
@@ -49,4 +50,3 @@ fuzz_main(const uint8_t *data, size_t sz)
tor_free(str);
return 0;
}
-
diff --git a/src/test/fuzz/fuzz_hsdescv3.c b/src/test/fuzz/fuzz_hsdescv3.c
index 428774e330..b332973b39 100644
--- a/src/test/fuzz/fuzz_hsdescv3.c
+++ b/src/test/fuzz/fuzz_hsdescv3.c
@@ -1,17 +1,16 @@
-/* Copyright (c) 2017, The Tor Project, Inc. */
+/* Copyright (c) 2017-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define ROUTERPARSE_PRIVATE
#define HS_DESCRIPTOR_PRIVATE
-#include "or.h"
-#include "ed25519_cert.h" /* Trunnel interface. */
-#include "crypto_ed25519.h"
-#include "hs_descriptor.h"
-#include "routerparse.h"
-#include "util.h"
+#include "core/or/or.h"
+#include "trunnel/ed25519_cert.h" /* Trunnel interface. */
+#include "lib/crypt_ops/crypto_ed25519.h"
+#include "feature/hs/hs_descriptor.h"
+#include "feature/nodelist/routerparse.h"
-#include "fuzzing.h"
+#include "test/fuzz/fuzzing.h"
static void
mock_dump_desc__nodump(const char *desc, const char *type)
@@ -39,11 +38,13 @@ static size_t
mock_decrypt_desc_layer(const hs_descriptor_t *desc,
const uint8_t *encrypted_blob,
size_t encrypted_blob_size,
+ const uint8_t *descriptor_cookie,
int is_superencrypted_layer,
char **decrypted_out)
{
(void)is_superencrypted_layer;
(void)desc;
+ (void)descriptor_cookie;
const size_t overhead = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN;
if (encrypted_blob_size < overhead)
return 0;
@@ -85,7 +86,7 @@ fuzz_main(const uint8_t *data, size_t sz)
char *fuzzing_data = tor_memdup_nulterm(data, sz);
memset(subcredential, 'A', sizeof(subcredential));
- hs_desc_decode_descriptor(fuzzing_data, subcredential, &desc);
+ hs_desc_decode_descriptor(fuzzing_data, subcredential, NULL, &desc);
if (desc) {
log_debug(LD_GENERAL, "Decoding okay");
hs_descriptor_free(desc);
diff --git a/src/test/fuzz/fuzz_http.c b/src/test/fuzz/fuzz_http.c
index 2ffeb60244..2fbb275614 100644
--- a/src/test/fuzz/fuzz_http.c
+++ b/src/test/fuzz/fuzz_http.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
@@ -6,15 +6,17 @@
#define BUFFERS_PRIVATE
#define DIRECTORY_PRIVATE
-#include "or.h"
-#include "backtrace.h"
-#include "buffers.h"
-#include "config.h"
-#include "connection.h"
-#include "directory.h"
-#include "torlog.h"
+#include "core/or/or.h"
+#include "lib/err/backtrace.h"
+#include "lib/container/buffers.h"
+#include "app/config/config.h"
+#include "core/mainloop/connection.h"
+#include "feature/dircache/directory.h"
+#include "lib/log/log.h"
-#include "fuzzing.h"
+#include "feature/dircommon/dir_connection_st.h"
+
+#include "test/fuzz/fuzzing.h"
static void
mock_connection_write_to_buf_impl_(const char *string, size_t len,
diff --git a/src/test/fuzz/fuzz_http_connect.c b/src/test/fuzz/fuzz_http_connect.c
index dc674070b2..ca007a2c7f 100644
--- a/src/test/fuzz/fuzz_http_connect.c
+++ b/src/test/fuzz/fuzz_http_connect.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
@@ -6,16 +6,19 @@
#define BUFFERS_PRIVATE
#define CONNECTION_EDGE_PRIVATE
-#include "or.h"
-#include "backtrace.h"
-#include "buffers.h"
-#include "config.h"
-#include "connection.h"
-#include "connection_edge.h"
-#include "proto_socks.h"
-#include "torlog.h"
+#include "core/or/or.h"
+#include "lib/err/backtrace.h"
+#include "lib/container/buffers.h"
+#include "app/config/config.h"
+#include "core/mainloop/connection.h"
+#include "core/or/connection_edge.h"
+#include "core/proto/proto_socks.h"
+#include "lib/log/log.h"
-#include "fuzzing.h"
+#include "core/or/entry_connection_st.h"
+#include "core/or/socks_request_st.h"
+
+#include "test/fuzz/fuzzing.h"
static void
mock_connection_write_to_buf_impl_(const char *string, size_t len,
diff --git a/src/test/fuzz/fuzz_iptsv2.c b/src/test/fuzz/fuzz_iptsv2.c
index 4abde0c16d..a3082f4d0e 100644
--- a/src/test/fuzz/fuzz_iptsv2.c
+++ b/src/test/fuzz/fuzz_iptsv2.c
@@ -1,10 +1,14 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define ROUTERPARSE_PRIVATE
-#include "or.h"
-#include "routerparse.h"
-#include "rendcommon.h"
-#include "fuzzing.h"
+#include "core/or/or.h"
+#include "feature/nodelist/routerparse.h"
+#include "feature/rend/rendcommon.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+
+#include "feature/rend/rend_service_descriptor_st.h"
+
+#include "test/fuzz/fuzzing.h"
static void
mock_dump_desc__nodump(const char *desc, const char *type)
@@ -43,4 +47,3 @@ fuzz_main(const uint8_t *data, size_t sz)
rend_service_descriptor_free(desc);
return 0;
}
-
diff --git a/src/test/fuzz/fuzz_microdesc.c b/src/test/fuzz/fuzz_microdesc.c
index 396115026e..fa9676372d 100644
--- a/src/test/fuzz/fuzz_microdesc.c
+++ b/src/test/fuzz/fuzz_microdesc.c
@@ -1,10 +1,12 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define ROUTERPARSE_PRIVATE
-#include "or.h"
-#include "routerparse.h"
-#include "microdesc.h"
-#include "fuzzing.h"
+#include "core/or/or.h"
+#include "feature/nodelist/routerparse.h"
+#include "feature/nodelist/microdesc.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+
+#include "test/fuzz/fuzzing.h"
static void
mock_dump_desc__nodump(const char *desc, const char *type)
@@ -44,4 +46,3 @@ fuzz_main(const uint8_t *data, size_t sz)
}
return 0;
}
-
diff --git a/src/test/fuzz/fuzz_socks.c b/src/test/fuzz/fuzz_socks.c
new file mode 100644
index 0000000000..14c25304b1
--- /dev/null
+++ b/src/test/fuzz/fuzz_socks.c
@@ -0,0 +1,50 @@
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+
+#define BUFFERS_PRIVATE
+#include "core/or/or.h"
+
+#include "lib/container/buffers.h"
+#include "lib/err/backtrace.h"
+#include "lib/log/log.h"
+#include "core/proto/proto_socks.h"
+#include "feature/client/addressmap.h"
+
+#include "test/fuzz/fuzzing.h"
+
+int
+fuzz_init(void)
+{
+ addressmap_init();
+ return 0;
+}
+
+int
+fuzz_cleanup(void)
+{
+ addressmap_free_all();
+ return 0;
+}
+
+int
+fuzz_main(const uint8_t *stdin_buf, size_t data_size)
+{
+ buf_t *buffer = buf_new_with_data((char*)stdin_buf, data_size);
+ if (!buffer) {
+ tor_assert(data_size==0);
+ buffer = buf_new();
+ }
+
+ socks_request_t *request = socks_request_new();
+
+ int r = fetch_from_buf_socks(buffer, request, 0, 0);
+ log_info(LD_GENERAL, "Socks request status: %d", r);
+
+ /* Reset. */
+ buf_free(buffer);
+ socks_request_free(request);
+
+ return 0;
+}
diff --git a/src/test/fuzz/fuzz_vrs.c b/src/test/fuzz/fuzz_vrs.c
index baf0610a0b..8c96851b1f 100644
--- a/src/test/fuzz/fuzz_vrs.c
+++ b/src/test/fuzz/fuzz_vrs.c
@@ -1,13 +1,18 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define ROUTERPARSE_PRIVATE
#define NETWORKSTATUS_PRIVATE
-#include "or.h"
-#include "routerparse.h"
-#include "memarea.h"
-#include "microdesc.h"
-#include "networkstatus.h"
-#include "fuzzing.h"
+#include "core/or/or.h"
+#include "feature/nodelist/routerparse.h"
+#include "lib/memarea/memarea.h"
+#include "feature/nodelist/microdesc.h"
+#include "feature/nodelist/networkstatus.h"
+
+#include "feature/nodelist/networkstatus_st.h"
+#include "feature/nodelist/vote_routerstatus_st.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+
+#include "test/fuzz/fuzzing.h"
static void
mock_dump_desc__nodump(const char *desc, const char *type)
@@ -79,4 +84,3 @@ fuzz_main(const uint8_t *data, size_t sz)
tor_free(str);
return 0;
}
-
diff --git a/src/test/fuzz/fuzzing.h b/src/test/fuzz/fuzzing.h
index aecdbb4e52..e90e5d58e0 100644
--- a/src/test/fuzz/fuzzing.h
+++ b/src/test/fuzz/fuzzing.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef FUZZING_H
#define FUZZING_H
diff --git a/src/test/fuzz/fuzzing_common.c b/src/test/fuzz/fuzzing_common.c
index a96552f0fc..1401e4c28d 100644
--- a/src/test/fuzz/fuzzing_common.c
+++ b/src/test/fuzz/fuzzing_common.c
@@ -1,13 +1,14 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define CRYPTO_ED25519_PRIVATE
#include "orconfig.h"
-#include "or.h"
-#include "backtrace.h"
-#include "config.h"
-#include "fuzzing.h"
-#include "crypto.h"
-#include "crypto_ed25519.h"
+#include "core/or/or.h"
+#include "lib/err/backtrace.h"
+#include "app/config/config.h"
+#include "test/fuzz/fuzzing.h"
+#include "lib/compress/compress.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_init.h"
static or_options_t *mock_options = NULL;
static const or_options_t *
@@ -95,15 +96,20 @@ global_init(void)
{
tor_threads_init();
tor_compress_init();
- {
- struct sipkey sipkey = { 1337, 7331 };
- siphash_set_global_key(&sipkey);
- }
/* Initialise logging first */
init_logging(1);
configure_backtrace_handler(get_version());
+ if (crypto_global_init(0, NULL, NULL) < 0)
+ abort();
+
+ {
+ struct sipkey sipkey = { 1337, 7331 };
+ siphash_unset_global_key();
+ siphash_set_global_key(&sipkey);
+ }
+
/* set up the options. */
mock_options = tor_malloc_zero(sizeof(or_options_t));
MOCK(get_options, mock_get_options);
@@ -189,4 +195,3 @@ main(int argc, char **argv)
}
#endif
-
diff --git a/src/test/fuzz/include.am b/src/test/fuzz/include.am
index 39d6d3c17b..27eeced8c5 100644
--- a/src/test/fuzz/include.am
+++ b/src/test/fuzz/include.am
@@ -5,34 +5,19 @@ FUZZING_CPPFLAGS = \
FUZZING_CFLAGS = \
$(AM_CFLAGS) $(TEST_CFLAGS)
FUZZING_LDFLAG = \
- @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ @TOR_LDFLAGS_libevent@
+ @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB) @TOR_LDFLAGS_libevent@
FUZZING_LIBS = \
- src/or/libtor-testing.a \
- src/common/libor-crypto-testing.a \
- $(LIBKECCAK_TINY) \
- $(LIBDONNA) \
- src/common/libor-testing.a \
- src/common/libor-ctime-testing.a \
- src/common/libor-event-testing.a \
- src/trunnel/libor-trunnel-testing.a \
+ $(TOR_INTERNAL_TESTING_LIBS) \
$(rust_ldadd) \
@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ \
- @TOR_LIBEVENT_LIBS@ \
- @TOR_OPENSSL_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \
- @CURVE25519_LIBS@ \
+ @TOR_LIBEVENT_LIBS@ $(TOR_LIBS_CRYPTLIB) \
+ @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ @CURVE25519_LIBS@ \
@TOR_SYSTEMD_LIBS@ \
@TOR_LZMA_LIBS@ \
@TOR_ZSTD_LIBS@
oss-fuzz-prereqs: \
- src/or/libtor-testing.a \
- src/common/libor-crypto-testing.a \
- $(LIBKECCAK_TINY) \
- $(LIBDONNA) \
- src/common/libor-testing.a \
- src/common/libor-ctime-testing.a \
- src/common/libor-event-testing.a \
- src/trunnel/libor-trunnel-testing.a
+ $(TOR_INTERNAL_TESTING_LIBS)
noinst_HEADERS += \
src/test/fuzz/fuzzing.h
@@ -158,6 +143,16 @@ src_test_fuzz_fuzz_microdesc_LDADD = $(FUZZING_LIBS)
endif
if UNITTESTS_ENABLED
+src_test_fuzz_fuzz_socks_SOURCES = \
+ src/test/fuzz/fuzzing_common.c \
+ src/test/fuzz/fuzz_socks.c
+src_test_fuzz_fuzz_socks_CPPFLAGS = $(FUZZING_CPPFLAGS)
+src_test_fuzz_fuzz_socks_CFLAGS = $(FUZZING_CFLAGS)
+src_test_fuzz_fuzz_socks_LDFLAGS = $(FUZZING_LDFLAG)
+src_test_fuzz_fuzz_socks_LDADD = $(FUZZING_LIBS)
+endif
+
+if UNITTESTS_ENABLED
src_test_fuzz_fuzz_vrs_SOURCES = \
src/test/fuzz/fuzzing_common.c \
src/test/fuzz/fuzz_vrs.c
@@ -180,6 +175,7 @@ FUZZERS = \
src/test/fuzz/fuzz-http-connect \
src/test/fuzz/fuzz-iptsv2 \
src/test/fuzz/fuzz-microdesc \
+ src/test/fuzz/fuzz-socks \
src/test/fuzz/fuzz-vrs
endif
@@ -286,6 +282,15 @@ src_test_fuzz_lf_fuzz_microdesc_LDADD = $(LIBFUZZER_LIBS)
endif
if UNITTESTS_ENABLED
+src_test_fuzz_lf_fuzz_socks_SOURCES = \
+ $(src_test_fuzz_fuzz_socks_SOURCES)
+src_test_fuzz_lf_fuzz_socks_CPPFLAGS = $(LIBFUZZER_CPPFLAGS)
+src_test_fuzz_lf_fuzz_socks_CFLAGS = $(LIBFUZZER_CFLAGS)
+src_test_fuzz_lf_fuzz_socks_LDFLAGS = $(LIBFUZZER_LDFLAG)
+src_test_fuzz_lf_fuzz_socks_LDADD = $(LIBFUZZER_LIBS)
+endif
+
+if UNITTESTS_ENABLED
src_test_fuzz_lf_fuzz_vrs_SOURCES = \
$(src_test_fuzz_fuzz_vrs_SOURCES)
src_test_fuzz_lf_fuzz_vrs_CPPFLAGS = $(LIBFUZZER_CPPFLAGS)
@@ -306,6 +311,7 @@ LIBFUZZER_FUZZERS = \
src/test/fuzz/lf-fuzz-http-connect \
src/test/fuzz/lf-fuzz-iptsv2 \
src/test/fuzz/lf-fuzz-microdesc \
+ src/test/fuzz/lf-fuzz-socks \
src/test/fuzz/lf-fuzz-vrs
else
@@ -393,6 +399,13 @@ src_test_fuzz_liboss_fuzz_microdesc_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)
endif
if UNITTESTS_ENABLED
+src_test_fuzz_liboss_fuzz_socks_a_SOURCES = \
+ $(src_test_fuzz_fuzz_socks_SOURCES)
+src_test_fuzz_liboss_fuzz_socks_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
+src_test_fuzz_liboss_fuzz_socks_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)
+endif
+
+if UNITTESTS_ENABLED
src_test_fuzz_liboss_fuzz_vrs_a_SOURCES = \
$(src_test_fuzz_fuzz_vrs_SOURCES)
src_test_fuzz_liboss_fuzz_vrs_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
@@ -411,6 +424,7 @@ OSS_FUZZ_FUZZERS = \
src/test/fuzz/liboss-fuzz-http-connect.a \
src/test/fuzz/liboss-fuzz-iptsv2.a \
src/test/fuzz/liboss-fuzz-microdesc.a \
+ src/test/fuzz/liboss-fuzz-socks.a \
src/test/fuzz/liboss-fuzz-vrs.a
else
diff --git a/src/test/fuzz_static_testcases.sh b/src/test/fuzz_static_testcases.sh
index 3cb45ad5e6..138f85b106 100755
--- a/src/test/fuzz_static_testcases.sh
+++ b/src/test/fuzz_static_testcases.sh
@@ -1,6 +1,6 @@
#!/bin/sh
-# Copyright (c) 2016-2017, The Tor Project, Inc.
+# Copyright (c) 2016-2018, The Tor Project, Inc.
# See LICENSE for licensing information
set -e
diff --git a/src/test/hs_ntor_ref.py b/src/test/hs_ntor_ref.py
index 542b02d2e0..0c5756ad73 100644
--- a/src/test/hs_ntor_ref.py
+++ b/src/test/hs_ntor_ref.py
@@ -1,5 +1,5 @@
#!/usr/bin/python
-# Copyright 2017, The Tor Project, Inc
+# Copyright 2017-2018, The Tor Project, Inc
# See LICENSE for licensing information
"""
diff --git a/src/test/hs_test_helpers.c b/src/test/hs_test_helpers.c
index 5c1b9123d8..dcec1b9d48 100644
--- a/src/test/hs_test_helpers.c
+++ b/src/test/hs_test_helpers.c
@@ -1,13 +1,13 @@
-/* Copyright (c) 2017, The Tor Project, Inc. */
+/* Copyright (c) 2017-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
-#include "or.h"
-#include "crypto_ed25519.h"
-#include "test.h"
-#include "torcert.h"
+#include "core/or/or.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+#include "test/test.h"
+#include "feature/nodelist/torcert.h"
-#include "hs_common.h"
-#include "hs_test_helpers.h"
+#include "feature/hs/hs_common.h"
+#include "test/hs_test_helpers.h"
hs_desc_intro_point_t *
hs_helper_build_intro_point(const ed25519_keypair_t *signing_kp, time_t now,
@@ -98,8 +98,11 @@ static hs_descriptor_t *
hs_helper_build_hs_desc_impl(unsigned int no_ip,
const ed25519_keypair_t *signing_kp)
{
+ int ret;
+ int i;
time_t now = approx_time();
ed25519_keypair_t blinded_kp;
+ curve25519_keypair_t auth_ephemeral_kp;
hs_descriptor_t *descp = NULL, *desc = tor_malloc_zero(sizeof(*desc));
desc->plaintext_data.version = HS_DESC_SUPPORTED_FORMAT_VERSION_MAX;
@@ -126,6 +129,20 @@ hs_helper_build_hs_desc_impl(unsigned int no_ip,
hs_get_subcredential(&signing_kp->pubkey, &blinded_kp.pubkey,
desc->subcredential);
+ /* Setup superencrypted data section. */
+ ret = curve25519_keypair_generate(&auth_ephemeral_kp, 0);
+ tt_int_op(ret, ==, 0);
+ memcpy(&desc->superencrypted_data.auth_ephemeral_pubkey,
+ &auth_ephemeral_kp.pubkey,
+ sizeof(curve25519_public_key_t));
+
+ desc->superencrypted_data.clients = smartlist_new();
+ for (i = 0; i < HS_DESC_AUTH_CLIENT_MULTIPLE; i++) {
+ hs_desc_authorized_client_t *desc_client =
+ hs_desc_build_fake_authorized_client();
+ smartlist_add(desc->superencrypted_data.clients, desc_client);
+ }
+
/* Setup encrypted data section. */
desc->encrypted_data.create2_ntor = 1;
desc->encrypted_data.intro_auth_types = smartlist_new();
@@ -207,6 +224,32 @@ hs_helper_desc_equal(const hs_descriptor_t *desc1,
* encrypted blob. As contrast to the decoding process where we populate a
* descriptor object. */
+ /* Superencrypted data section. */
+ tt_mem_op(desc1->superencrypted_data.auth_ephemeral_pubkey.public_key, OP_EQ,
+ desc2->superencrypted_data.auth_ephemeral_pubkey.public_key,
+ CURVE25519_PUBKEY_LEN);
+
+ /* Auth clients. */
+ {
+ tt_assert(desc1->superencrypted_data.clients);
+ tt_assert(desc2->superencrypted_data.clients);
+ tt_int_op(smartlist_len(desc1->superencrypted_data.clients), ==,
+ smartlist_len(desc2->superencrypted_data.clients));
+ for (int i=0;
+ i < smartlist_len(desc1->superencrypted_data.clients);
+ i++) {
+ hs_desc_authorized_client_t
+ *client1 = smartlist_get(desc1->superencrypted_data.clients, i),
+ *client2 = smartlist_get(desc2->superencrypted_data.clients, i);
+ tt_mem_op(client1->client_id, OP_EQ, client2->client_id,
+ sizeof(client1->client_id));
+ tt_mem_op(client1->iv, OP_EQ, client2->iv,
+ sizeof(client1->iv));
+ tt_mem_op(client1->encrypted_cookie, OP_EQ, client2->encrypted_cookie,
+ sizeof(client1->encrypted_cookie));
+ }
+ }
+
/* Encrypted data section. */
tt_uint_op(desc1->encrypted_data.create2_ntor, ==,
desc2->encrypted_data.create2_ntor);
diff --git a/src/test/hs_test_helpers.h b/src/test/hs_test_helpers.h
index b1b0490f05..b7c2714769 100644
--- a/src/test/hs_test_helpers.h
+++ b/src/test/hs_test_helpers.h
@@ -1,11 +1,11 @@
-/* Copyright (c) 2017, The Tor Project, Inc. */
+/* Copyright (c) 2017-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TOR_HS_TEST_HELPERS_H
#define TOR_HS_TEST_HELPERS_H
-#include "ed25519_cert.h"
-#include "hs_descriptor.h"
+#include "trunnel/ed25519_cert.h"
+#include "feature/hs/hs_descriptor.h"
/* Set of functions to help build and test descriptors. */
hs_desc_intro_point_t *hs_helper_build_intro_point(
diff --git a/src/test/include.am b/src/test/include.am
index 2c4da6ac42..1055cd0a81 100644
--- a/src/test/include.am
+++ b/src/test/include.am
@@ -11,9 +11,9 @@ TESTS_ENVIRONMENT = \
export CARGO="$(CARGO)"; \
export EXTRA_CARGO_OPTIONS="$(EXTRA_CARGO_OPTIONS)"; \
export CARGO_ONLINE="$(CARGO_ONLINE)"; \
- export CCLD="$(CCLD)"; \
- chmod +x "$(abs_top_builddir)/link_rust.sh"; \
- export RUSTFLAGS="-C linker=$(abs_top_builddir)/link_rust.sh";
+ export CCLD="$(CCLD)"; \
+ chmod +x "$(abs_top_builddir)/link_rust.sh"; \
+ export RUSTFLAGS="-C linker=$(abs_top_builddir)/link_rust.sh";
TESTSCRIPTS = \
src/test/fuzz_static_testcases.sh \
@@ -33,6 +33,7 @@ endif
if USEPYTHON
TESTSCRIPTS += src/test/test_ntor.sh src/test/test_hs_ntor.sh src/test/test_bt.sh
+TESTSCRIPTS += src/test/test_rebind.sh
endif
TESTS += src/test/test src/test/test-slow src/test/test-memwipe \
@@ -51,7 +52,7 @@ TEST_CHUTNEY_FLAVORS = basic-min bridges-min hs-v2-min hs-v3-min \
TEST_CHUTNEY_FLAVORS_IPV6 = bridges+ipv6-min ipv6-exit-min hs-v23-ipv6-md \
single-onion-ipv6-md
# only run if we can find a stable (or simply another) version of tor
-TEST_CHUTNEY_FLAVORS_MIXED = mixed+hs-v23
+TEST_CHUTNEY_FLAVORS_MIXED = mixed+hs-v2
### This is a lovely feature, but it requires automake >= 1.12, and Tor
### doesn't require that yet.
@@ -72,12 +73,10 @@ noinst_PROGRAMS+= \
endif
src_test_AM_CPPFLAGS = -DSHARE_DATADIR="\"$(datadir)\"" \
- -DLOCALSTATEDIR="\"$(localstatedir)\"" \
- -DBINDIR="\"$(bindir)\"" \
- -I"$(top_srcdir)/src/or" -I"$(top_srcdir)/src/ext" \
- -I"$(top_srcdir)/src/trunnel" \
- -I"$(top_srcdir)/src/ext/trunnel" \
- -DTOR_UNIT_TESTS
+ -DLOCALSTATEDIR="\"$(localstatedir)\"" \
+ -DBINDIR="\"$(bindir)\"" \
+ -DTOR_UNIT_TESTS \
+ $(AM_CPPFLAGS)
# -L flags need to go in LDFLAGS. -l flags need to go in LDADD.
# This seems to matter nowhere but on Windows, but I assure you that it
@@ -119,7 +118,7 @@ src_test_test_SOURCES += \
src/test/test_controller.c \
src/test/test_controller_events.c \
src/test/test_crypto.c \
- src/test/test_crypto_openssl.c \
+ src/test/test_crypto_ope.c \
src/test/test_data.c \
src/test/test_dir.c \
src/test/test_dir_common.c \
@@ -152,6 +151,7 @@ src_test_test_SOURCES += \
src/test/test_oom.c \
src/test/test_oos.c \
src/test/test_options.c \
+ src/test/test_pem.c \
src/test/test_periodic_event.c \
src/test/test_policy.c \
src/test/test_procmon.c \
@@ -159,7 +159,6 @@ src_test_test_SOURCES += \
src/test/test_proto_misc.c \
src/test/test_protover.c \
src/test/test_pt.c \
- src/test/test_pubsub.c \
src/test/test_relay.c \
src/test/test_relaycell.c \
src/test/test_relaycrypt.c \
@@ -180,11 +179,21 @@ src_test_test_SOURCES += \
src/test/test_util_format.c \
src/test/test_util_process.c \
src/test/test_voting_schedule.c \
+ src/test/test_x509.c \
src/test/test_helpers.c \
src/test/test_dns.c \
src/test/testing_common.c \
src/test/testing_rsakeys.c \
src/ext/tinytest.c
+
+if USE_NSS
+# ...
+else
+src_test_test_SOURCES += \
+ src/test/test_crypto_openssl.c \
+ src/test/test_tortls_openssl.c
+endif
+
endif
src_test_test_slow_SOURCES =
@@ -222,27 +231,19 @@ src_test_test_switch_id_CPPFLAGS= $(src_test_AM_CPPFLAGS)
src_test_test_switch_id_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
src_test_test_switch_id_LDFLAGS = @TOR_LDFLAGS_zlib@
src_test_test_switch_id_LDADD = \
- src/common/libor-testing.a \
- src/common/libor-ctime-testing.a \
+ $(TOR_UTIL_TESTING_LIBS) \
$(rust_ldadd) \
@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ \
- @TOR_LIB_WS32@ @TOR_LIB_USERENV@ \
+ @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_USERENV@ \
@TOR_LZMA_LIBS@ @TOR_ZSTD_LIBS@
-src_test_test_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ \
- @TOR_LDFLAGS_libevent@
-src_test_test_LDADD = src/or/libtor-testing.a \
- src/common/libor-crypto-testing.a \
- $(LIBKECCAK_TINY) \
- $(LIBDONNA) \
- src/common/libor-testing.a \
- src/common/libor-ctime-testing.a \
- src/common/libor-event-testing.a \
- src/trunnel/libor-trunnel-testing.a \
- src/trace/libor-trace.a \
+src_test_test_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB) \
+ @TOR_LDFLAGS_libevent@
+src_test_test_LDADD = \
+ $(TOR_INTERNAL_TESTING_LIBS) \
$(rust_ldadd) \
@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ \
- @TOR_OPENSSL_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \
+ $(TOR_LIBS_CRYPTLIB) @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \
@CURVE25519_LIBS@ \
@TOR_SYSTEMD_LIBS@ @TOR_LZMA_LIBS@ @TOR_ZSTD_LIBS@
@@ -259,43 +260,35 @@ src_test_test_memwipe_LDADD = $(src_test_test_LDADD)
# successfully with the libraries built with them.
src_test_test_memwipe_LDFLAGS = $(src_test_test_LDFLAGS) @CFLAGS_BUGTRAP@
-src_test_bench_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ \
- @TOR_LDFLAGS_libevent@
-src_test_bench_LDADD = src/or/libtor.a src/common/libor.a \
- src/common/libor-ctime.a \
- src/common/libor-crypto.a $(LIBKECCAK_TINY) $(LIBDONNA) \
- src/common/libor-event.a src/trunnel/libor-trunnel.a \
- src/trace/libor-trace.a \
+src_test_bench_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB) \
+ @TOR_LDFLAGS_libevent@
+src_test_bench_LDADD = \
+ $(TOR_INTERNAL_LIBS) \
$(rust_ldadd) \
@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ \
- @TOR_OPENSSL_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \
+ $(TOR_LIBS_CRYPTLIB) @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \
@CURVE25519_LIBS@ \
@TOR_SYSTEMD_LIBS@ @TOR_LZMA_LIBS@ @TOR_ZSTD_LIBS@
-src_test_test_workqueue_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ \
- @TOR_LDFLAGS_libevent@
-src_test_test_workqueue_LDADD = src/or/libtor-testing.a \
- src/common/libor-testing.a \
- src/common/libor-ctime-testing.a \
- src/common/libor-crypto-testing.a $(LIBKECCAK_TINY) $(LIBDONNA) \
- src/common/libor-event-testing.a \
- src/trace/libor-trace.a \
+src_test_test_workqueue_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB) \
+ @TOR_LDFLAGS_libevent@
+src_test_test_workqueue_LDADD = \
+ $(TOR_INTERNAL_TESTING_LIBS) \
$(rust_ldadd) \
@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ \
- @TOR_OPENSSL_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \
+ $(TOR_LIBS_CRYPTLIB) @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \
@CURVE25519_LIBS@ \
@TOR_LZMA_LIBS@ @TOR_ZSTD_LIBS@
src_test_test_timers_CPPFLAGS = $(src_test_test_CPPFLAGS)
src_test_test_timers_CFLAGS = $(src_test_test_CFLAGS)
src_test_test_timers_LDADD = \
- src/common/libor-testing.a \
- src/common/libor-ctime-testing.a \
- src/common/libor-event-testing.a \
- src/common/libor-crypto-testing.a $(LIBKECCAK_TINY) $(LIBDONNA) \
+ src/lib/libtor-evloop-testing.a \
+ $(TOR_CRYPTO_TESTING_LIBS) \
+ $(TOR_UTIL_TESTING_LIBS) \
$(rust_ldadd) \
@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ \
- @TOR_OPENSSL_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \
+ $(TOR_LIBS_CRYPTLIB) @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \
@CURVE25519_LIBS@ \
@TOR_LZMA_LIBS@
src_test_test_timers_LDFLAGS = $(src_test_test_LDFLAGS)
@@ -309,6 +302,7 @@ noinst_HEADERS+= \
src/test/test_helpers.h \
src/test/test_dir_common.h \
src/test/test_connection.h \
+ src/test/test_tortls.h \
src/test/test_descriptors.inc \
src/test/example_extrainfo.inc \
src/test/failing_routerdescs.inc \
@@ -320,38 +314,34 @@ noinst_HEADERS+= \
noinst_PROGRAMS+= src/test/test-ntor-cl
noinst_PROGRAMS+= src/test/test-hs-ntor-cl
src_test_test_ntor_cl_SOURCES = src/test/test_ntor_cl.c
-src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
-src_test_test_ntor_cl_LDADD = src/or/libtor.a src/common/libor.a \
- src/common/libor-ctime.a \
- src/common/libor-crypto.a $(LIBKECCAK_TINY) $(LIBDONNA) \
- src/trace/libor-trace.a \
+src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
+src_test_test_ntor_cl_LDADD = \
+ $(TOR_INTERNAL_LIBS) \
$(rust_ldadd) \
@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ \
- @TOR_OPENSSL_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \
+ $(TOR_LIBS_CRYPTLIB) @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \
@CURVE25519_LIBS@ @TOR_LZMA_LIBS@
src_test_test_ntor_cl_AM_CPPFLAGS = \
- -I"$(top_srcdir)/src/or"
+ $(AM_CPPFLAGS)
src_test_test_hs_ntor_cl_SOURCES = src/test/test_hs_ntor_cl.c
-src_test_test_hs_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
-src_test_test_hs_ntor_cl_LDADD = src/or/libtor.a src/common/libor.a \
- src/common/libor-ctime.a \
- src/common/libor-crypto.a $(LIBKECCAK_TINY) $(LIBDONNA) \
+src_test_test_hs_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
+src_test_test_hs_ntor_cl_LDADD = \
+ $(TOR_INTERNAL_LIBS) \
@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ \
- @TOR_OPENSSL_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@
+ $(TOR_LIBS_CRYPTLIB) @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_GDI@ @CURVE25519_LIBS@
src_test_test_hs_ntor_cl_AM_CPPFLAGS = \
- -I"$(top_srcdir)/src/or"
+ $(AM_CPPFLAGS)
if UNITTESTS_ENABLED
noinst_PROGRAMS += src/test/test-bt-cl
src_test_test_bt_cl_SOURCES = src/test/test_bt_cl.c
-src_test_test_bt_cl_LDADD = src/common/libor-testing.a \
- src/common/libor-ctime-testing.a \
- src/trace/libor-trace.a \
+src_test_test_bt_cl_LDADD = \
+ $(TOR_UTIL_TESTING_LIBS) \
$(rust_ldadd) \
@TOR_LIB_MATH@ \
- @TOR_LIB_WS32@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@
+ @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@
src_test_test_bt_cl_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
src_test_test_bt_cl_CPPFLAGS= $(src_test_AM_CPPFLAGS) $(TEST_CPPFLAGS)
endif
@@ -364,8 +354,10 @@ EXTRA_DIST += \
src/test/hs_indexes.py \
src/test/fuzz_static_testcases.sh \
src/test/slownacl_curve25519.py \
+ src/test/test_rebind.sh \
+ src/test/test_rebind.py \
src/test/zero_length_keys.sh \
- src/test/rust_supp.txt \
+ src/test/rust_supp.txt \
src/test/test_keygen.sh \
src/test/test_key_expiration.sh \
src/test/test_zero_length_keys.sh \
diff --git a/src/test/log_test_helpers.c b/src/test/log_test_helpers.c
index d5a39cfeee..2e91b1ecdc 100644
--- a/src/test/log_test_helpers.c
+++ b/src/test/log_test_helpers.c
@@ -1,8 +1,8 @@
-/* Copyright (c) 2015-2017, The Tor Project, Inc. */
+/* Copyright (c) 2015-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define LOG_PRIVATE
-#include "torlog.h"
-#include "log_test_helpers.h"
+#include "lib/log/log.h"
+#include "test/log_test_helpers.h"
/**
* \file log_test_helpers.c
@@ -158,6 +158,26 @@ mock_saved_log_has_message_containing(const char *msg)
return 0;
}
+/**
+ * Return true iff there is not a message recorded by log capture
+ * that contains <b>msg</b> as a substring.
+ */
+int
+mock_saved_log_has_message_not_containing(const char *msg)
+{
+ if (saved_logs) {
+ SMARTLIST_FOREACH(
+ saved_logs, mock_saved_log_entry_t *, m,
+ {
+ if (msg && m->generated_msg && strstr(m->generated_msg, msg))
+ return 0;
+ }
+ );
+ }
+
+ return 1;
+}
+
/** Return true iff the saved logs have any messages with <b>severity</b> */
int
mock_saved_log_has_severity(int severity)
diff --git a/src/test/log_test_helpers.h b/src/test/log_test_helpers.h
index f5bbfcf3ff..6a774cdfc7 100644
--- a/src/test/log_test_helpers.h
+++ b/src/test/log_test_helpers.h
@@ -1,7 +1,7 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
-#include "or.h"
+#include "core/or/or.h"
#ifndef TOR_LOG_TEST_HELPERS_H
#define TOR_LOG_TEST_HELPERS_H
@@ -24,6 +24,7 @@ void teardown_capture_of_logs(void);
int mock_saved_log_has_message(const char *msg);
int mock_saved_log_has_message_containing(const char *msg);
+int mock_saved_log_has_message_not_containing(const char *msg);
int mock_saved_log_has_severity(int severity);
int mock_saved_log_has_entry(void);
int mock_saved_log_n_entries(void);
@@ -32,7 +33,7 @@ void mock_dump_saved_logs(void);
#define assert_log_predicate(predicate, failure_msg) \
do { \
if (!(predicate)) { \
- tt_fail_msg((failure_msg)); \
+ TT_FAIL(failure_msg); \
mock_dump_saved_logs(); \
TT_EXIT_TEST_FUNCTION; \
} \
@@ -40,70 +41,75 @@ void mock_dump_saved_logs(void);
#define expect_log_msg(str) \
assert_log_predicate(mock_saved_log_has_message(str), \
- "expected log to contain " # str);
+ ("expected log to contain \"%s\"", str));
#define expect_log_msg_containing(str) \
assert_log_predicate(mock_saved_log_has_message_containing(str), \
- "expected log to contain " # str);
+ ("expected log to contain \"%s\"", str));
+
+#define expect_log_msg_not_containing(str) \
+ assert_log_predicate(mock_saved_log_has_message_not_containing(str), \
+ ("expected log to not contain \"%s\"", str));
#define expect_log_msg_containing_either(str1, str2) \
assert_log_predicate(mock_saved_log_has_message_containing(str1) || \
mock_saved_log_has_message_containing(str2), \
- "expected log to contain " # str1 " or " # str2);
+ ("expected log to contain \"%s\" or \"%s\"", str1, str2));
#define expect_log_msg_containing_either3(str1, str2, str3) \
assert_log_predicate(mock_saved_log_has_message_containing(str1) || \
mock_saved_log_has_message_containing(str2) || \
mock_saved_log_has_message_containing(str3), \
- "expected log to contain " # str1 " or " # str2 \
- " or " # str3);
+ ("expected log to contain \"%s\" or \"%s\" or \"%s\"", \
+ str1, str2, str3))
#define expect_log_msg_containing_either4(str1, str2, str3, str4) \
assert_log_predicate(mock_saved_log_has_message_containing(str1) || \
mock_saved_log_has_message_containing(str2) || \
mock_saved_log_has_message_containing(str3) || \
mock_saved_log_has_message_containing(str4), \
- "expected log to contain " # str1 " or " # str2 \
- " or " # str3 " or " # str4);
+ ("expected log to contain \"%s\" or \"%s\" or \"%s\" or \"%s\"", \
+ str1, str2, str3, str4))
#define expect_single_log_msg(str) \
do { \
\
assert_log_predicate(mock_saved_log_has_message_containing(str) && \
mock_saved_log_n_entries() == 1, \
- "expected log to contain exactly 1 message " # str); \
+ ("expected log to contain exactly 1 message \"%s\"", \
+ str)); \
} while (0);
#define expect_single_log_msg_containing(str) \
do { \
assert_log_predicate(mock_saved_log_has_message_containing(str)&& \
mock_saved_log_n_entries() == 1 , \
- "expected log to contain 1 message, containing " # str); \
+ ("expected log to contain 1 message, containing \"%s\"",\
+ str)); \
} while (0);
#define expect_no_log_msg(str) \
assert_log_predicate(!mock_saved_log_has_message(str), \
- "expected log to not contain " # str);
+ ("expected log to not contain \"%s\"",str));
#define expect_no_log_msg_containing(str) \
assert_log_predicate(!mock_saved_log_has_message_containing(str), \
- "expected log to not contain " # str);
+ ("expected log to not contain \"%s\"", str));
#define expect_log_severity(severity) \
assert_log_predicate(mock_saved_log_has_severity(severity), \
- "expected log to contain severity " # severity);
+ ("expected log to contain severity " # severity));
#define expect_no_log_severity(severity) \
assert_log_predicate(!mock_saved_log_has_severity(severity), \
- "expected log to not contain severity " # severity);
+ ("expected log to not contain severity " # severity));
#define expect_log_entry() \
assert_log_predicate(mock_saved_log_has_entry(), \
- "expected log to contain entries");
+ ("expected log to contain entries"));
#define expect_no_log_entry() \
assert_log_predicate(!mock_saved_log_has_entry(), \
- "expected log to not contain entries");
+ ("expected log to not contain entries"));
#endif /* !defined(TOR_LOG_TEST_HELPERS_H) */
-
diff --git a/src/test/ntor_ref.py b/src/test/ntor_ref.py
index 51f218f512..56e97ece36 100755
--- a/src/test/ntor_ref.py
+++ b/src/test/ntor_ref.py
@@ -1,5 +1,5 @@
#!/usr/bin/python
-# Copyright 2012-2017, The Tor Project, Inc
+# Copyright 2012-2018, The Tor Project, Inc
# See LICENSE for licensing information
"""
diff --git a/src/test/ope_ref.py b/src/test/ope_ref.py
new file mode 100644
index 0000000000..3677e57a61
--- /dev/null
+++ b/src/test/ope_ref.py
@@ -0,0 +1,40 @@
+#!/usr/bin/python3
+# Copyright 2018, The Tor Project, Inc. See LICENSE for licensing info.
+
+# Reference implementation for our rudimentary OPE code, used to
+# generate test vectors. See crypto_ope.c for more details.
+
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+from cryptography.hazmat.primitives.ciphers.algorithms import AES
+from cryptography.hazmat.backends import default_backend
+
+from binascii import a2b_hex
+
+#randomly generated and values.
+KEY = a2b_hex(
+ "19e05891d55232c08c2cad91d612fdb9cbd6691949a0742434a76c80bc6992fe")
+PTS = [ 121132, 82283, 72661, 72941, 123122, 12154, 121574, 11391, 65845,
+ 86301, 61284, 70505, 30438, 60150, 114800, 109403, 21893, 123569,
+ 95617, 48561, 53334, 92746, 7110, 9612, 106958, 46889, 87790, 68878,
+ 47917, 121128, 108602, 28217, 69498, 63870, 57542, 122148, 46254,
+ 42850, 92661, 57720]
+
+IV = b'\x00' * 16
+
+backend = default_backend()
+
+def words():
+ cipher = Cipher(algorithms.AES(KEY), modes.CTR(IV), backend=backend)
+ e = cipher.encryptor()
+ while True:
+ v = e.update(b'\x00\x00')
+ yield v[0] + 256 * v[1] + 1
+
+def encrypt(n):
+ return sum(w for w, _ in zip(words(), range(n)))
+
+def example(n):
+ return ' {{ {}, UINT64_C({}) }},'.format(n, encrypt(n))
+
+for v in PTS:
+ print(example(v))
diff --git a/src/test/rend_test_helpers.c b/src/test/rend_test_helpers.c
index 9ac3894b0b..85a679a967 100644
--- a/src/test/rend_test_helpers.c
+++ b/src/test/rend_test_helpers.c
@@ -1,11 +1,15 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
-#include "or.h"
-#include "crypto_rand.h"
-#include "test.h"
-#include "rendcommon.h"
-#include "rend_test_helpers.h"
+#include "core/or/or.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "test/test.h"
+#include "feature/rend/rendcommon.h"
+#include "test/rend_test_helpers.h"
+
+#include "core/or/extend_info_st.h"
+#include "feature/rend/rend_intro_point_st.h"
+#include "feature/rend/rend_service_descriptor_st.h"
void
generate_desc(int time_diff, rend_encoded_v2_service_descriptor_t **desc,
diff --git a/src/test/rend_test_helpers.h b/src/test/rend_test_helpers.h
index abf4324988..103e143ec6 100644
--- a/src/test/rend_test_helpers.h
+++ b/src/test/rend_test_helpers.h
@@ -1,7 +1,7 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
-#include "or.h"
+#include "core/or/or.h"
#ifndef TOR_REND_TEST_HELPERS_H
#define TOR_REND_TEST_HELPERS_H
diff --git a/src/test/test-child.c b/src/test/test-child.c
index f78a829107..14df1a9b76 100644
--- a/src/test/test-child.c
+++ b/src/test/test-child.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2011-2017, The Tor Project, Inc. */
+/* Copyright (c) 2011-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
diff --git a/src/test/test-memwipe.c b/src/test/test-memwipe.c
index aaaf2e7f68..c879013ed6 100644
--- a/src/test/test-memwipe.c
+++ b/src/test/test-memwipe.c
@@ -1,16 +1,17 @@
-/* Copyright (c) 2015-2017, The Tor Project, Inc. */
+/* Copyright (c) 2015-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
+#include "lib/crypt_ops/crypto_util.h"
+
+#include "lib/intmath/cmp.h"
+#include "lib/malloc/malloc.h"
+
#include <string.h>
#include <stdio.h>
#include <sys/types.h>
#include <stdlib.h>
-#include "crypto_util.h"
-#include "compat.h"
-#include "util.h"
-
static unsigned fill_a_buffer_memset(void) __attribute__((noinline));
static unsigned fill_a_buffer_memwipe(void) __attribute__((noinline));
static unsigned fill_a_buffer_nothing(void) __attribute__((noinline));
@@ -215,4 +216,3 @@ main(int argc, char **argv)
return 0;
}
}
-
diff --git a/src/test/test-network.sh b/src/test/test-network.sh
index 6e0f286573..b7a9f1b3c0 100755
--- a/src/test/test-network.sh
+++ b/src/test/test-network.sh
@@ -52,12 +52,12 @@ done
# - if $PWD looks like a tor build directory, set it to $PWD, or
# - unset $TOR_DIR, and let chutney fall back to finding tor binaries in $PATH
if [ ! -d "$TOR_DIR" ]; then
- if [ -d "$BUILDDIR/src/or" -a -d "$BUILDDIR/src/tools" ]; then
+ if [ -d "$BUILDDIR/src/core/or" -a -d "$BUILDDIR/src/tools" ]; then
# Choose the build directory
# But only if it looks like one
$ECHO "$myname: \$TOR_DIR not set, trying \$BUILDDIR"
TOR_DIR="$BUILDDIR"
- elif [ -d "$PWD/src/or" -a -d "$PWD/src/tools" ]; then
+ elif [ -d "$PWD/src/core/or" -a -d "$PWD/src/tools" ]; then
# Guess the tor directory is the current directory
# But only if it looks like one
$ECHO "$myname: \$TOR_DIR not set, trying \$PWD"
diff --git a/src/test/test-timers.c b/src/test/test-timers.c
index f20f29578b..923f51ecce 100644
--- a/src/test/test-timers.c
+++ b/src/test/test-timers.c
@@ -1,4 +1,4 @@
-/* Copyright 2016-2017, The Tor Project, Inc. */
+/* Copyright 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
@@ -7,11 +7,13 @@
#include <stdio.h>
#include <string.h>
-#include "compat.h"
-#include "compat_libevent.h"
-#include "crypto_rand.h"
-#include "timers.h"
-#include "util.h"
+#include "lib/evloop/compat_libevent.h"
+#include "lib/evloop/timers.h"
+#include "lib/crypt_ops/crypto_init.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "lib/log/util_bug.h"
+#include "lib/time/compat_time.h"
+#include "lib/wallclock/timeval.h"
#define N_TIMERS 1000
#define MAX_DURATION 30
@@ -61,6 +63,10 @@ main(int argc, char **argv)
memset(&cfg, 0, sizeof(cfg));
tor_libevent_initialize(&cfg);
timers_initialize();
+ init_logging(1);
+
+ if (crypto_global_init(0, NULL, NULL) < 0)
+ return 1;
int i;
int ret;
@@ -105,8 +111,8 @@ main(int argc, char **argv)
total_square_difference += diff*diff;
}
const int64_t mean_diff = total_difference / n_active_timers;
- printf("mean difference: "I64_FORMAT" usec\n",
- I64_PRINTF_ARG(mean_diff));
+ printf("mean difference: %"PRId64" usec\n",
+ (mean_diff));
const double mean_sq = ((double)total_square_difference)/ n_active_timers;
const double sq_mean = mean_diff * mean_diff;
@@ -139,4 +145,3 @@ main(int argc, char **argv)
timers_shutdown();
return ret;
}
-
diff --git a/src/test/test.c b/src/test/test.c
index f0e8b9b728..dc8e3bede3 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -1,6 +1,6 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -9,7 +9,10 @@
**/
#include "orconfig.h"
-#include "crypto_rand.h"
+#include "lib/crypt_ops/crypto_dh.h"
+#include "lib/crypt_ops/crypto_rand.h"
+
+#include "app/config/or_state_st.h"
#include <stdio.h>
#ifdef HAVE_FCNTL_H
@@ -23,6 +26,8 @@
#include <dirent.h>
#endif /* defined(_WIN32) */
+#include <math.h>
+
/* These macros pull in declarations for some functions and structures that
* are typically file-private. */
#define ROUTER_PRIVATE
@@ -31,36 +36,34 @@
#define MAIN_PRIVATE
#define STATEFILE_PRIVATE
-/*
- * Linux doesn't provide lround in math.h by default, but mac os does...
- * It's best just to leave math.h out of the picture entirely.
- */
-//#include <math.h>
-long int lround(double x);
-double fabs(double x);
-
-#include "or.h"
-#include "backtrace.h"
-#include "buffers.h"
-#include "circuitlist.h"
-#include "circuitstats.h"
-#include "compress.h"
-#include "config.h"
-#include "connection_edge.h"
-#include "rendcommon.h"
-#include "rendcache.h"
-#include "test.h"
-#include "main.h"
-#include "memarea.h"
-#include "onion.h"
-#include "onion_ntor.h"
-#include "onion_fast.h"
-#include "onion_tap.h"
-#include "policies.h"
-#include "rephist.h"
-#include "routerparse.h"
-#include "statefile.h"
-#include "crypto_curve25519.h"
+#include "core/or/or.h"
+#include "lib/err/backtrace.h"
+#include "lib/container/buffers.h"
+#include "core/or/circuitlist.h"
+#include "core/or/circuitstats.h"
+#include "lib/compress/compress.h"
+#include "app/config/config.h"
+#include "core/or/connection_edge.h"
+#include "feature/rend/rendcommon.h"
+#include "feature/rend/rendcache.h"
+#include "test/test.h"
+#include "core/mainloop/main.h"
+#include "lib/memarea/memarea.h"
+#include "core/crypto/onion.h"
+#include "core/crypto/onion_ntor.h"
+#include "core/crypto/onion_fast.h"
+#include "core/crypto/onion_tap.h"
+#include "core/or/policies.h"
+#include "feature/stats/rephist.h"
+#include "feature/nodelist/routerparse.h"
+#include "app/config/statefile.h"
+#include "lib/crypt_ops/crypto_curve25519.h"
+
+#include "core/or/extend_info_st.h"
+#include "core/or/or_circuit_st.h"
+#include "feature/rend/rend_encoded_v2_service_descriptor_st.h"
+#include "feature/rend/rend_intro_point_st.h"
+#include "feature/rend/rend_service_descriptor_st.h"
/** Run unit tests for the onion handshake code. */
static void
@@ -142,7 +145,8 @@ test_bad_onion_handshake(void *arg)
memset(junk_buf, 0, sizeof(junk_buf));
crypto_pk_obsolete_public_hybrid_encrypt(pk,
junk_buf2, TAP_ONIONSKIN_CHALLENGE_LEN,
- junk_buf, DH_KEY_LEN, PK_PKCS1_OAEP_PADDING, 1);
+ junk_buf, DH1024_KEY_LEN,
+ PK_PKCS1_OAEP_PADDING, 1);
tt_int_op(-1, OP_EQ,
onion_skin_TAP_server_handshake(junk_buf2, pk, NULL,
s_buf, s_keys, 40));
@@ -855,7 +859,11 @@ struct testgroup_t testgroups[] = {
{ "control/", controller_tests },
{ "control/event/", controller_event_tests },
{ "crypto/", crypto_tests },
+ { "crypto/ope/", crypto_ope_tests },
+#ifdef ENABLE_OPENSSL
{ "crypto/openssl/", crypto_openssl_tests },
+#endif
+ { "crypto/pem/", pem_tests },
{ "dir/", dir_tests },
{ "dir_handle_get/", dir_handle_get_tests },
{ "dir/md/", microdesc_tests },
@@ -907,14 +915,16 @@ struct testgroup_t testgroups[] = {
{ "status/" , status_tests },
{ "storagedir/", storagedir_tests },
{ "tortls/", tortls_tests },
+#ifndef ENABLE_NSS
+ { "tortls/openssl/", tortls_openssl_tests },
+#endif
+ { "tortls/x509/", x509_tests },
{ "util/", util_tests },
{ "util/format/", util_format_tests },
{ "util/logging/", logging_tests },
{ "util/process/", util_process_tests },
- { "util/pubsub/", pubsub_tests },
{ "util/thread/", thread_tests },
{ "util/handle/", handle_tests },
{ "dns/", dns_tests },
END_OF_GROUPS
};
-
diff --git a/src/test/test.h b/src/test/test.h
index 63b2b30746..a46fedf3e0 100644
--- a/src/test/test.h
+++ b/src/test/test.h
@@ -1,6 +1,6 @@
/* Copyright (c) 2001-2003, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TOR_TEST_H
@@ -13,7 +13,6 @@
#define DEBUG_SMARTLIST 1
-#include "compat.h"
#include "tinytest.h"
#define TT_EXIT_TEST_FUNCTION STMT_BEGIN goto done; STMT_END
#include "tinytest_macros.h"
@@ -51,28 +50,20 @@
tt_double_op((a), OP_LE, (b)); \
STMT_END
-#ifdef _MSC_VER
-#define U64_PRINTF_TYPE uint64_t
-#define I64_PRINTF_TYPE int64_t
-#else
-#define U64_PRINTF_TYPE unsigned long long
-#define I64_PRINTF_TYPE long long
-#endif /* defined(_MSC_VER) */
-
#define tt_size_op(a,op,b) \
tt_assert_test_fmt_type(a,b,#a" "#op" "#b,size_t,(val1_ op val2_), \
- U64_PRINTF_TYPE, U64_FORMAT, \
- {print_ = (U64_PRINTF_TYPE) value_;}, {}, TT_EXIT_TEST_FUNCTION)
+ size_t, "%"TOR_PRIuSZ, \
+ {print_ = (size_t) value_;}, {}, TT_EXIT_TEST_FUNCTION)
#define tt_u64_op(a,op,b) \
tt_assert_test_fmt_type(a,b,#a" "#op" "#b,uint64_t,(val1_ op val2_), \
- U64_PRINTF_TYPE, U64_FORMAT, \
- {print_ = (U64_PRINTF_TYPE) value_;}, {}, TT_EXIT_TEST_FUNCTION)
+ uint64_t, "%"PRIu64, \
+ {print_ = (uint64_t) value_;}, {}, TT_EXIT_TEST_FUNCTION)
#define tt_i64_op(a,op,b) \
- tt_assert_test_fmt_type(a,b,#a" "#op" "#b,int64_t,(val1_ op val2_), \
- I64_PRINTF_TYPE, I64_FORMAT, \
- {print_ = (I64_PRINTF_TYPE) value_;}, {}, TT_EXIT_TEST_FUNCTION)
+ tt_assert_test_fmt_type(a,b,#a" "#op" "#b,int64_t,(val1_ op val2_), \
+ int64_t, "%"PRId64, \
+ {print_ = (int64_t) value_;}, {}, TT_EXIT_TEST_FUNCTION)
/**
* Declare that the test is done, even though no tt___op() calls were made.
@@ -212,6 +203,7 @@ extern struct testcase_t container_tests[];
extern struct testcase_t controller_tests[];
extern struct testcase_t controller_event_tests[];
extern struct testcase_t crypto_tests[];
+extern struct testcase_t crypto_ope_tests[];
extern struct testcase_t crypto_openssl_tests[];
extern struct testcase_t dir_tests[];
extern struct testcase_t dir_handle_get_tests[];
@@ -242,13 +234,13 @@ extern struct testcase_t nodelist_tests[];
extern struct testcase_t oom_tests[];
extern struct testcase_t oos_tests[];
extern struct testcase_t options_tests[];
+extern struct testcase_t pem_tests[];
extern struct testcase_t periodic_event_tests[];
extern struct testcase_t policy_tests[];
extern struct testcase_t procmon_tests[];
extern struct testcase_t proto_http_tests[];
extern struct testcase_t proto_misc_tests[];
extern struct testcase_t protover_tests[];
-extern struct testcase_t pubsub_tests[];
extern struct testcase_t pt_tests[];
extern struct testcase_t relay_tests[];
extern struct testcase_t relaycell_tests[];
@@ -265,6 +257,7 @@ extern struct testcase_t socks_tests[];
extern struct testcase_t status_tests[];
extern struct testcase_t thread_tests[];
extern struct testcase_t tortls_tests[];
+extern struct testcase_t tortls_openssl_tests[];
extern struct testcase_t util_tests[];
extern struct testcase_t util_format_tests[];
extern struct testcase_t util_process_tests[];
@@ -272,6 +265,7 @@ extern struct testcase_t voting_schedule_tests[];
extern struct testcase_t dns_tests[];
extern struct testcase_t handle_tests[];
extern struct testcase_t sr_tests[];
+extern struct testcase_t x509_tests[];
extern struct testcase_t slow_crypto_tests[];
extern struct testcase_t slow_util_tests[];
@@ -292,4 +286,3 @@ extern const char AUTHORITY_SIGNKEY_C_DIGEST[];
extern const char AUTHORITY_SIGNKEY_C_DIGEST256[];
#endif /* !defined(TOR_TEST_H) */
-
diff --git a/src/test/test_accounting.c b/src/test/test_accounting.c
index b0d37b2989..7721a9eb99 100644
--- a/src/test/test_accounting.c
+++ b/src/test/test_accounting.c
@@ -1,13 +1,15 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
-#include "or.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "test/test.h"
#define HIBERNATE_PRIVATE
-#include "hibernate.h"
-#include "config.h"
+#include "feature/hibernate/hibernate.h"
+#include "app/config/config.h"
#define STATEFILE_PRIVATE
-#include "statefile.h"
+#include "app/config/statefile.h"
+
+#include "app/config/or_state_st.h"
#define NS_MODULE accounting
@@ -102,4 +104,3 @@ struct testcase_t accounting_tests[] = {
{ "bwlimits", test_accounting_limits, TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_addr.c b/src/test/test_addr.c
index 40db31320f..a9004048a5 100644
--- a/src/test/test_addr.c
+++ b/src/test/test_addr.c
@@ -1,76 +1,25 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define ADDRESSMAP_PRIVATE
#include "orconfig.h"
-#include "or.h"
-#include "crypto_rand.h"
-#include "test.h"
-#include "addressmap.h"
-#include "log_test_helpers.h"
-
-/** Mocking replacement: only handles localhost. */
-static int
-mock_tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr_out)
-{
- if (!strcmp(name, "localhost")) {
- if (family == AF_INET || family == AF_UNSPEC) {
- tor_addr_from_ipv4h(addr_out, 0x7f000001);
- return 0;
- } else if (family == AF_INET6) {
- char bytes[16] = { 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 1 };
- tor_addr_from_ipv6_bytes(addr_out, bytes);
- return 0;
- }
- }
- return -1;
-}
+#include "core/or/or.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "test/test.h"
+#include "feature/client/addressmap.h"
+#include "test/log_test_helpers.h"
+#include "lib/net/resolve.h"
+
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h>
+#endif
static void
test_addr_basic(void *arg)
{
- uint32_t u32;
- uint16_t u16;
- char *cp;
-
- /* Test addr_port_lookup */
- (void)arg;
- cp = NULL; u32 = 3; u16 = 3;
- tt_assert(!addr_port_lookup(LOG_WARN, "1.2.3.4", &cp, &u32, &u16));
- tt_str_op(cp,OP_EQ, "1.2.3.4");
- tt_int_op(u32,OP_EQ, 0x01020304u);
- tt_int_op(u16,OP_EQ, 0);
- tor_free(cp);
- tt_assert(!addr_port_lookup(LOG_WARN, "4.3.2.1:99", &cp, &u32, &u16));
- tt_str_op(cp,OP_EQ, "4.3.2.1");
- tt_int_op(u32,OP_EQ, 0x04030201u);
- tt_int_op(u16,OP_EQ, 99);
- tor_free(cp);
-
- MOCK(tor_addr_lookup, mock_tor_addr_lookup);
-
- tt_assert(!addr_port_lookup(LOG_WARN, "nonexistent.address:4040",
- &cp, NULL, &u16));
- tt_str_op(cp,OP_EQ, "nonexistent.address");
- tt_int_op(u16,OP_EQ, 4040);
- tor_free(cp);
- tt_assert(!addr_port_lookup(LOG_WARN, "localhost:9999", &cp, &u32, &u16));
- tt_str_op(cp,OP_EQ, "localhost");
- tt_int_op(u16,OP_EQ, 9999);
- tt_int_op(u32,OP_EQ, 0x7f000001u);
- tor_free(cp);
- u32 = 3;
- tt_assert(!addr_port_lookup(LOG_WARN, "localhost", NULL, &u32, &u16));
- tt_ptr_op(cp,OP_EQ, NULL);
- tt_int_op(u32,OP_EQ, 0x7f000001u);
- tt_int_op(u16,OP_EQ, 0);
- tor_free(cp);
-
- tt_assert(addr_port_lookup(LOG_WARN, "localhost:3", &cp, &u32, NULL));
- tor_free(cp);
+ (void) arg;
tt_int_op(0,OP_EQ, addr_mask_get_bits(0x0u));
tt_int_op(32,OP_EQ, addr_mask_get_bits(0xFFFFFFFFu));
@@ -98,8 +47,7 @@ test_addr_basic(void *arg)
}
done:
- UNMOCK(tor_addr_lookup);
- tor_free(cp);
+ ;
}
#define test_op_ip6_(a,op,b,e1,e2) \
@@ -1257,4 +1205,3 @@ struct testcase_t addr_tests[] = {
{ "make_null", test_addr_make_null, 0, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_address.c b/src/test/test_address.c
index 9c88d37a41..e99220f838 100644
--- a/src/test/test_address.c
+++ b/src/test/test_address.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define ADDRESS_PRIVATE
@@ -23,10 +23,11 @@
#include <net/if.h>
#endif /* defined(HAVE_IFCONF_TO_SMARTLIST) */
-#include "or.h"
-#include "address.h"
-#include "test.h"
-#include "log_test_helpers.h"
+#include "core/or/or.h"
+#include "feature/nodelist/nodelist.h"
+#include "lib/net/address.h"
+#include "test/test.h"
+#include "test/log_test_helpers.h"
/** Return 1 iff <b>sockaddr1</b> and <b>sockaddr2</b> represent
* the same IP address and port combination. Otherwise, return 0.
@@ -1139,6 +1140,36 @@ test_address_tor_addr_eq_ipv4h(void *ignored)
tor_free(a);
}
+static void
+test_address_tor_addr_in_same_network_family(void *ignored)
+{
+ (void)ignored;
+ tor_addr_t a, b;
+
+ tor_addr_parse(&a, "8.8.8.8");
+ tor_addr_parse(&b, "8.8.4.4");
+ tt_int_op(addrs_in_same_network_family(&a, &b), OP_EQ, 1);
+
+ tor_addr_parse(&a, "8.8.8.8");
+ tor_addr_parse(&b, "1.1.1.1");
+ tt_int_op(addrs_in_same_network_family(&a, &b), OP_EQ, 0);
+
+ tor_addr_parse(&a, "8.8.8.8");
+ tor_addr_parse(&b, "2001:4860:4860::8844");
+ tt_int_op(addrs_in_same_network_family(&a, &b), OP_EQ, 0);
+
+ tor_addr_parse(&a, "2001:4860:4860::8888");
+ tor_addr_parse(&b, "2001:4860:4860::8844");
+ tt_int_op(addrs_in_same_network_family(&a, &b), OP_EQ, 1);
+
+ tor_addr_parse(&a, "2001:4860:4860::8888");
+ tor_addr_parse(&b, "2001:470:20::2");
+ tt_int_op(addrs_in_same_network_family(&a, &b), OP_EQ, 0);
+
+ done:
+ return;
+}
+
#define ADDRESS_TEST(name, flags) \
{ #name, test_address_ ## name, flags, NULL, NULL }
@@ -1170,6 +1201,7 @@ struct testcase_t address_tests[] = {
ADDRESS_TEST(tor_addr_to_ipv4n, 0),
ADDRESS_TEST(tor_addr_to_mapped_ipv4h, 0),
ADDRESS_TEST(tor_addr_eq_ipv4h, 0),
+ ADDRESS_TEST(tor_addr_in_same_network_family, 0),
END_OF_TESTCASES
};
diff --git a/src/test/test_address_set.c b/src/test/test_address_set.c
index f7441a6491..f231740011 100644
--- a/src/test/test_address_set.c
+++ b/src/test/test_address_set.c
@@ -1,16 +1,21 @@
-/* Copyright (c) 2017, The Tor Project, Inc. */
+/* Copyright (c) 2017-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
-#include "or.h"
-#include "crypto_rand.h"
-#include "address_set.h"
-#include "microdesc.h"
-#include "networkstatus.h"
-#include "nodelist.h"
-#include "routerlist.h"
-#include "torcert.h"
-
-#include "test.h"
+#include "core/or/or.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "core/or/address_set.h"
+#include "feature/nodelist/microdesc.h"
+#include "feature/nodelist/networkstatus.h"
+#include "feature/nodelist/nodelist.h"
+#include "feature/nodelist/routerlist.h"
+#include "feature/nodelist/torcert.h"
+
+#include "feature/nodelist/microdesc_st.h"
+#include "feature/nodelist/networkstatus_st.h"
+#include "feature/nodelist/routerinfo_st.h"
+#include "feature/nodelist/routerstatus_st.h"
+
+#include "test/test.h"
static networkstatus_t *dummy_ns = NULL;
static networkstatus_t *
diff --git a/src/test/test_bridges.c b/src/test/test_bridges.c
index c44f791e0d..1cad5445f4 100644
--- a/src/test/test_bridges.c
+++ b/src/test/test_bridges.c
@@ -3,7 +3,7 @@
/**
* \file test_bridges.c
- * \brief Unittests for code in src/or/bridges.c
+ * \brief Unittests for code in bridges.c
**/
#define TOR_BRIDGES_PRIVATE
@@ -11,16 +11,18 @@
#include <stdbool.h>
-#include "or.h"
-#include "address.h"
-#include "bridges.h"
-#include "config.h"
-#include "container.h"
-#include "transports.h"
-#include "util.h"
+#include "core/or/or.h"
+#include "lib/net/address.h"
+#include "feature/client/bridges.h"
+#include "app/config/config.h"
+#include "feature/client/transports.h"
+#include "feature/nodelist/node_st.h"
+#include "feature/nodelist/routerinfo_st.h"
+#include "feature/nodelist/routerstatus_st.h"
+#include "feature/nodelist/microdesc_st.h"
/* Test suite stuff */
-#include "test.h"
+#include "test/test.h"
/**
* A mocked transport_t, constructed via mock_transport_get_by_name().
@@ -77,6 +79,7 @@ helper_add_bridges_to_bridgelist(void *arg)
char *bridge5 = tor_strdup("apple 4.4.4.4:4444 "
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA "
"foo=abcdefghijklmnopqrstuvwxyz");
+ char *bridge6 = tor_strdup("[2001:0db8:85a3:0000:0000:8a2e:0370:7334]:6666");
mark_bridge_list();
@@ -95,6 +98,7 @@ helper_add_bridges_to_bridgelist(void *arg)
ADD_BRIDGE(bridge3);
ADD_BRIDGE(bridge4);
ADD_BRIDGE(bridge5);
+ ADD_BRIDGE(bridge6);
#undef ADD_BRIDGES
sweep_bridge_list();
@@ -587,6 +591,92 @@ test_bridges_get_transport_by_bridge_addrport(void *arg)
sweep_bridge_list();
}
+static void
+test_bridges_node_is_a_configured_bridge(void *arg)
+{
+ routerinfo_t ri_ipv4 = { .addr = 0x06060606, .or_port = 6666 };
+ routerstatus_t rs_ipv4 = { .addr = 0x06060606, .or_port = 6666 };
+
+ routerinfo_t ri_ipv6 = { .ipv6_orport = 6666 };
+ tor_addr_parse(&(ri_ipv6.ipv6_addr),
+ "2001:0db8:85a3:0000:0000:8a2e:0370:7334");
+
+ routerstatus_t rs_ipv6 = { .ipv6_orport = 6666 };
+ tor_addr_parse(&(rs_ipv6.ipv6_addr),
+ "2001:0db8:85a3:0000:0000:8a2e:0370:7334");
+
+ microdesc_t md_ipv6 = { .ipv6_orport = 6666 };
+ tor_addr_parse(&(md_ipv6.ipv6_addr),
+ "2001:0db8:85a3:0000:0000:8a2e:0370:7334");
+
+ helper_add_bridges_to_bridgelist(arg);
+
+ node_t node_with_digest;
+ memset(&node_with_digest, 0, sizeof(node_with_digest));
+
+ const char fingerprint[HEX_DIGEST_LEN] =
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
+
+ const char fingerprint2[HEX_DIGEST_LEN] =
+ "ffffffffffffffffffffffffffffffffffffffff";
+
+ base16_decode(node_with_digest.identity, DIGEST_LEN,
+ fingerprint, HEX_DIGEST_LEN);
+
+ node_t node_ri_ipv4 = { .ri = &ri_ipv4 };
+ base16_decode(node_ri_ipv4.identity, DIGEST_LEN,
+ fingerprint2, HEX_DIGEST_LEN);
+ tt_assert(node_is_a_configured_bridge(&node_ri_ipv4));
+
+ /* This will still match bridge0, since bridge0 has no digest set. */
+ memset(node_ri_ipv4.identity, 0x3f, DIGEST_LEN);
+ tt_assert(node_is_a_configured_bridge(&node_ri_ipv4));
+
+ /* It won't match bridge1, though, since bridge1 has a digest, and this
+ isn't it! */
+ node_ri_ipv4.ri->addr = 0x06060607;
+ node_ri_ipv4.ri->or_port = 6667;
+ tt_assert(! node_is_a_configured_bridge(&node_ri_ipv4));
+ /* If we set the fingerprint right, though, it will match. */
+ base16_decode(node_ri_ipv4.identity, DIGEST_LEN,
+ "A10C4F666D27364036B562823E5830BC448E046A", HEX_DIGEST_LEN);
+ tt_assert(node_is_a_configured_bridge(&node_ri_ipv4));
+
+ node_t node_rs_ipv4 = { .rs = &rs_ipv4 };
+ base16_decode(node_rs_ipv4.identity, DIGEST_LEN,
+ fingerprint2, HEX_DIGEST_LEN);
+ tt_assert(node_is_a_configured_bridge(&node_rs_ipv4));
+
+ node_t node_ri_ipv6 = { .ri = &ri_ipv6 };
+ base16_decode(node_ri_ipv6.identity, DIGEST_LEN,
+ fingerprint2, HEX_DIGEST_LEN);
+ tt_assert(node_is_a_configured_bridge(&node_ri_ipv6));
+
+ node_t node_rs_ipv6 = { .rs = &rs_ipv6 };
+ base16_decode(node_rs_ipv6.identity, DIGEST_LEN,
+ fingerprint2, HEX_DIGEST_LEN);
+ tt_assert(node_is_a_configured_bridge(&node_rs_ipv6));
+
+ node_t node_md_ipv6 = { .md = &md_ipv6 };
+ base16_decode(node_md_ipv6.identity, DIGEST_LEN,
+ fingerprint2, HEX_DIGEST_LEN);
+ tt_assert(node_is_a_configured_bridge(&node_md_ipv6));
+
+ mark_bridge_list();
+ sweep_bridge_list();
+
+ tt_assert(!node_is_a_configured_bridge(&node_with_digest));
+ tt_assert(!node_is_a_configured_bridge(&node_ri_ipv4));
+ tt_assert(!node_is_a_configured_bridge(&node_ri_ipv6));
+ tt_assert(!node_is_a_configured_bridge(&node_rs_ipv4));
+ tt_assert(!node_is_a_configured_bridge(&node_rs_ipv6));
+ tt_assert(!node_is_a_configured_bridge(&node_md_ipv6));
+
+ done:
+ mark_bridge_list();
+ sweep_bridge_list();
+}
+
#undef PT_PRIVATE /* defined(PT_PRIVATE) */
#define B_TEST(name, flags) \
@@ -609,6 +699,6 @@ struct testcase_t bridges_tests[] = {
B_TEST(get_transport_by_bridge_addrport_no_ptlist, 0),
B_TEST(get_transport_by_bridge_addrport, 0),
B_TEST(transport_is_needed, 0),
+ B_TEST(node_is_a_configured_bridge, 0),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_bt_cl.c b/src/test/test_bt_cl.c
index b5c8d7cf9e..89cbca2066 100644
--- a/src/test/test_bt_cl.c
+++ b/src/test/test_bt_cl.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2012-2017, The Tor Project, Inc. */
+/* Copyright (c) 2012-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
@@ -7,10 +7,13 @@
/* To prevent 'assert' from going away. */
#undef TOR_COVERAGE
-#include "or.h"
-#include "util.h"
-#include "backtrace.h"
-#include "torlog.h"
+#include "core/or/or.h"
+#include "lib/err/backtrace.h"
+#include "lib/log/log.h"
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
/* -1: no crash.
* 0: crash with a segmentation fault.
@@ -118,4 +121,3 @@ main(int argc, char **argv)
return 0;
}
-
diff --git a/src/test/test_buffers.c b/src/test/test_buffers.c
index 868f6a8ba4..477066f699 100644
--- a/src/test/test_buffers.c
+++ b/src/test/test_buffers.c
@@ -1,17 +1,19 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define BUFFERS_PRIVATE
#define PROTO_HTTP_PRIVATE
-#include "or.h"
-#include "buffers.h"
-#include "buffers_tls.h"
-#include "crypto_rand.h"
-#include "proto_http.h"
-#include "proto_socks.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "lib/container/buffers.h"
+#include "lib/tls/buffers_tls.h"
+#include "lib/tls/tortls.h"
+#include "lib/compress/compress.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "core/proto/proto_http.h"
+#include "core/proto/proto_socks.h"
+#include "test/test.h"
/** Run unit tests for buffers.c */
static void
@@ -819,4 +821,3 @@ struct testcase_t buffer_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_bwmgt.c b/src/test/test_bwmgt.c
index 268917005e..7a1782c2c9 100644
--- a/src/test/test_bwmgt.c
+++ b/src/test/test_bwmgt.c
@@ -8,15 +8,15 @@
#define TOKEN_BUCKET_PRIVATE
-#include "or.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "test/test.h"
-#include "token_bucket.h"
+#include "lib/evloop/token_bucket.h"
// an imaginary time, in timestamp units. Chosen so it will roll over.
static const uint32_t START_TS = UINT32_MAX-10;
static const int32_t KB = 1024;
-static const uint32_t GB = (U64_LITERAL(1) << 30);
+static const uint32_t GB = (UINT64_C(1) << 30);
static void
test_bwmgt_token_buf_init(void *arg)
@@ -124,46 +124,52 @@ test_bwmgt_token_buf_refill(void *arg)
{
(void)arg;
token_bucket_rw_t b;
- const uint32_t SEC =
+ const uint32_t BW_SEC =
(uint32_t)monotime_msec_to_approx_coarse_stamp_units(1000);
token_bucket_rw_init(&b, 16*KB, 64*KB, START_TS);
/* Make the buffer much emptier, then let one second elapse. */
token_bucket_rw_dec_read(&b, 48*KB);
tt_int_op(b.read_bucket.bucket, OP_EQ, 16*KB);
- tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b, START_TS + SEC));
+ tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b, START_TS + BW_SEC));
tt_int_op(b.read_bucket.bucket, OP_GT, 32*KB - 300);
tt_int_op(b.read_bucket.bucket, OP_LT, 32*KB + 300);
/* Another half second. */
- tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b, START_TS + SEC*3/2));
+ tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b, START_TS + BW_SEC*3/2));
tt_int_op(b.read_bucket.bucket, OP_GT, 40*KB - 400);
tt_int_op(b.read_bucket.bucket, OP_LT, 40*KB + 400);
- tt_uint_op(b.last_refilled_at_timestamp, OP_EQ, START_TS + SEC*3/2);
+ tt_uint_op(b.last_refilled_at_timestamp, OP_EQ, START_TS + BW_SEC*3/2);
/* No time: nothing happens. */
{
const uint32_t bucket_orig = b.read_bucket.bucket;
- tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b, START_TS + SEC*3/2));
+ tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b, START_TS + BW_SEC*3/2));
tt_int_op(b.read_bucket.bucket, OP_EQ, bucket_orig);
}
/* Another 30 seconds: fill the bucket. */
- tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b, START_TS + SEC*3/2 + SEC*30));
+ tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b,
+ START_TS + BW_SEC*3/2 + BW_SEC*30));
tt_int_op(b.read_bucket.bucket, OP_EQ, b.cfg.burst);
- tt_uint_op(b.last_refilled_at_timestamp, OP_EQ, START_TS + SEC*3/2 + SEC*30);
+ tt_uint_op(b.last_refilled_at_timestamp, OP_EQ,
+ START_TS + BW_SEC*3/2 + BW_SEC*30);
/* Another 30 seconds: nothing happens. */
- tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b, START_TS + SEC*3/2 + SEC*60));
+ tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b,
+ START_TS + BW_SEC*3/2 + BW_SEC*60));
tt_int_op(b.read_bucket.bucket, OP_EQ, b.cfg.burst);
- tt_uint_op(b.last_refilled_at_timestamp, OP_EQ, START_TS + SEC*3/2 + SEC*60);
+ tt_uint_op(b.last_refilled_at_timestamp, OP_EQ,
+ START_TS + BW_SEC*3/2 + BW_SEC*60);
/* Empty the bucket, let two seconds pass, and make sure that a refill is
* noticed. */
tt_int_op(1, OP_EQ, token_bucket_rw_dec_read(&b, b.cfg.burst));
tt_int_op(0, OP_EQ, b.read_bucket.bucket);
- tt_int_op(1, OP_EQ, token_bucket_rw_refill(&b, START_TS + SEC*3/2 + SEC*61));
- tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b, START_TS + SEC*3/2 + SEC*62));
+ tt_int_op(1, OP_EQ, token_bucket_rw_refill(&b,
+ START_TS + BW_SEC*3/2 + BW_SEC*61));
+ tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b,
+ START_TS + BW_SEC*3/2 + BW_SEC*62));
tt_int_op(b.read_bucket.bucket, OP_GT, 32*KB-400);
tt_int_op(b.read_bucket.bucket, OP_LT, 32*KB+400);
@@ -172,16 +178,16 @@ test_bwmgt_token_buf_refill(void *arg)
token_bucket_rw_dec_read(&b, b.read_bucket.bucket+16*KB));
tt_int_op(-16*KB, OP_EQ, b.read_bucket.bucket);
// half a second passes...
- tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b, START_TS + SEC*64));
+ tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b, START_TS + BW_SEC*64));
tt_int_op(b.read_bucket.bucket, OP_GT, -8*KB-300);
tt_int_op(b.read_bucket.bucket, OP_LT, -8*KB+300);
// a second passes
- tt_int_op(1, OP_EQ, token_bucket_rw_refill(&b, START_TS + SEC*65));
+ tt_int_op(1, OP_EQ, token_bucket_rw_refill(&b, START_TS + BW_SEC*65));
tt_int_op(b.read_bucket.bucket, OP_GT, 8*KB-400);
tt_int_op(b.read_bucket.bucket, OP_LT, 8*KB+400);
// We step a second backwards, and nothing happens.
- tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b, START_TS + SEC*64));
+ tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b, START_TS + BW_SEC*64));
tt_int_op(b.read_bucket.bucket, OP_GT, 8*KB-400);
tt_int_op(b.read_bucket.bucket, OP_LT, 8*KB+400);
@@ -225,4 +231,3 @@ struct testcase_t bwmgt_tests[] = {
BWMGT(token_buf_helpers),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_cell_formats.c b/src/test/test_cell_formats.c
index 54d9716780..2753c42191 100644
--- a/src/test/test_cell_formats.c
+++ b/src/test/test_cell_formats.c
@@ -1,24 +1,29 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
#define CONNECTION_EDGE_PRIVATE
#define RELAY_PRIVATE
-#include "or.h"
-#include "channel.h"
-#include "connection_edge.h"
-#include "connection_or.h"
-#include "config.h"
-#include "crypto_rand.h"
-#include "onion.h"
-#include "onion_tap.h"
-#include "onion_fast.h"
-#include "onion_ntor.h"
-#include "relay.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "core/or/channel.h"
+#include "core/or/connection_edge.h"
+#include "core/or/connection_or.h"
+#include "app/config/config.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "core/crypto/onion.h"
+#include "core/crypto/onion_tap.h"
+#include "core/crypto/onion_fast.h"
+#include "core/crypto/onion_ntor.h"
+#include "core/or/relay.h"
+
+#include "core/or/cell_st.h"
+#include "core/or/cell_queue_st.h"
+#include "core/or/var_cell_st.h"
+
+#include "test/test.h"
#include <stdlib.h>
#include <string.h>
@@ -1297,4 +1302,3 @@ struct testcase_t cell_format_tests[] = {
TEST(is_destroy, 0),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_cell_queue.c b/src/test/test_cell_queue.c
index df987f82ce..d74bb9c622 100644
--- a/src/test/test_cell_queue.c
+++ b/src/test/test_cell_queue.c
@@ -1,12 +1,17 @@
-/* Copyright (c) 2013-2017, The Tor Project, Inc. */
+/* Copyright (c) 2013-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define CIRCUITLIST_PRIVATE
#define RELAY_PRIVATE
-#include "or.h"
-#include "circuitlist.h"
-#include "relay.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "core/or/circuitlist.h"
+#include "core/or/relay.h"
+#include "test/test.h"
+
+#include "core/or/cell_st.h"
+#include "core/or/cell_queue_st.h"
+#include "core/or/or_circuit_st.h"
+#include "core/or/origin_circuit_st.h"
static void
test_cq_manip(void *arg)
diff --git a/src/test/test_channel.c b/src/test/test_channel.c
index 76124a6e75..26af8de917 100644
--- a/src/test/test_channel.c
+++ b/src/test/test_channel.c
@@ -1,29 +1,35 @@
-/* Copyright (c) 2013-2017, The Tor Project, Inc. */
+/* Copyright (c) 2013-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define TOR_CHANNEL_INTERNAL_
#define CHANNEL_PRIVATE_
-#include "or.h"
-#include "channel.h"
+#include "core/or/or.h"
+#include "core/or/channel.h"
/* For channel_note_destroy_not_pending */
#define CIRCUITLIST_PRIVATE
-#include "circuitlist.h"
-#include "circuitmux.h"
-#include "circuitmux_ewma.h"
+#include "core/or/circuitlist.h"
+#include "core/or/circuitmux.h"
+#include "core/or/circuitmux_ewma.h"
/* For var_cell_free */
-#include "connection_or.h"
-#include "crypto_rand.h"
+#include "core/or/connection_or.h"
+#include "lib/crypt_ops/crypto_rand.h"
/* For packed_cell stuff */
#define RELAY_PRIVATE
-#include "relay.h"
+#include "core/or/relay.h"
/* For init/free stuff */
-#include "scheduler.h"
-#include "networkstatus.h"
+#include "core/or/scheduler.h"
+#include "feature/nodelist/networkstatus.h"
+
+#include "core/or/cell_st.h"
+#include "feature/nodelist/networkstatus_st.h"
+#include "core/or/origin_circuit_st.h"
+#include "feature/nodelist/routerstatus_st.h"
+#include "core/or/var_cell_st.h"
/* Test suite stuff */
-#include "log_test_helpers.h"
-#include "test.h"
-#include "fakechans.h"
+#include "test/log_test_helpers.h"
+#include "test/test.h"
+#include "test/fakechans.h"
static int test_chan_accept_cells = 0;
static int test_chan_fixed_cells_recved = 0;
@@ -548,7 +554,7 @@ test_channel_outbound_cell(void *arg)
/* Set the test time to be mocked, since this test assumes that no
* time will pass, ewma values will not need to be re-scaled, and so on */
monotime_enable_test_mocking();
- monotime_set_mock_time_nsec(U64_LITERAL(1000000000) * 12345);
+ monotime_set_mock_time_nsec(UINT64_C(1000000000) * 12345);
cmux_ewma_set_options(NULL,NULL);
diff --git a/src/test/test_channelpadding.c b/src/test/test_channelpadding.c
index 4261bc1b67..de673de543 100644
--- a/src/test/test_channelpadding.c
+++ b/src/test/test_channelpadding.c
@@ -1,24 +1,32 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define TOR_CHANNEL_INTERNAL_
#define MAIN_PRIVATE
#define NETWORKSTATUS_PRIVATE
#define TOR_TIMERS_PRIVATE
-#include "or.h"
-#include "test.h"
-#include "testsupport.h"
-#include "connection.h"
-#include "connection_or.h"
-#include "channel.h"
-#include "channeltls.h"
-#include "channelpadding.h"
-#include "compat_libevent.h"
-#include "config.h"
-#include "compat_time.h"
-#include "main.h"
-#include "networkstatus.h"
-#include "log_test_helpers.h"
+#include "core/or/or.h"
+#include "test/test.h"
+#include "lib/testsupport/testsupport.h"
+#include "core/mainloop/connection.h"
+#include "core/or/connection_or.h"
+#include "core/or/channel.h"
+#include "core/or/channeltls.h"
+#include "core/or/channelpadding.h"
+#include "lib/evloop/compat_libevent.h"
+#include "app/config/config.h"
+#include "lib/time/compat_time.h"
+#include "core/mainloop/main.h"
+#include "feature/nodelist/networkstatus.h"
+#include "test/log_test_helpers.h"
+#include "lib/tls/tortls.h"
+#include "lib/evloop/timers.h"
+#include "lib/container/buffers.h"
+
+#include "core/or/cell_st.h"
+#include "feature/nodelist/networkstatus_st.h"
+#include "core/or/or_connection_st.h"
+#include "feature/nodelist/routerstatus_st.h"
int channelpadding_get_netflow_inactive_timeout_ms(channel_t *chan);
int64_t channelpadding_compute_time_until_pad_for_netflow(channel_t *chan);
@@ -398,81 +406,12 @@ test_channelpadding_killonehop(void *arg)
setup_mock_consensus();
setup_mock_network();
- /* Do we disable padding if tor2webmode or rsos are enabled, and
- * the consensus says don't pad? */
-
- /* Ensure we can kill tor2web and rsos padding if we want. */
- // First, test that padding works if either is enabled
- smartlist_clear(current_md_consensus->net_params);
- channelpadding_new_consensus_params(current_md_consensus);
+ /* Do we disable padding if rsos is enabled, and the consensus says don't
+ * pad? */
monotime_coarse_t now;
monotime_coarse_get(&now);
- tried_to_write_cell = 0;
- get_options_mutable()->Tor2webMode = 1;
- monotime_coarse_add_msec(&client_relay3->next_padding_time, &now, 100);
- decision = channelpadding_decide_to_pad_channel(client_relay3);
- tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED);
- tt_assert(client_relay3->pending_padding_callback);
- tt_int_op(tried_to_write_cell, OP_EQ, 0);
-
- decision = channelpadding_decide_to_pad_channel(client_relay3);
- tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_ALREADY_SCHEDULED);
-
- // Wait for the timer
- new_time += 101*NSEC_PER_MSEC;
- monotime_coarse_set_mock_time_nsec(new_time);
- monotime_set_mock_time_nsec(new_time);
- monotime_coarse_get(&now);
- timers_run_pending();
- tt_int_op(tried_to_write_cell, OP_EQ, 1);
- tt_assert(!client_relay3->pending_padding_callback);
-
- // Then test disabling each via consensus param
- smartlist_add(current_md_consensus->net_params,
- (void*)"nf_pad_tor2web=0");
- channelpadding_new_consensus_params(current_md_consensus);
-
- // Before the client tries to pad, the relay will still pad:
- tried_to_write_cell = 0;
- monotime_coarse_add_msec(&relay3_client->next_padding_time, &now, 100);
- get_options_mutable()->ORPort_set = 1;
- get_options_mutable()->Tor2webMode = 0;
- decision = channelpadding_decide_to_pad_channel(relay3_client);
- tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED);
- tt_assert(relay3_client->pending_padding_callback);
-
- // Wait for the timer
- new_time += 101*NSEC_PER_MSEC;
- monotime_coarse_set_mock_time_nsec(new_time);
- monotime_set_mock_time_nsec(new_time);
- monotime_coarse_get(&now);
- timers_run_pending();
- tt_int_op(tried_to_write_cell, OP_EQ, 1);
- tt_assert(!client_relay3->pending_padding_callback);
-
- // Test client side (it should stop immediately, but send a negotiate)
- tried_to_write_cell = 0;
- tt_assert(relay3_client->padding_enabled);
- tt_assert(client_relay3->padding_enabled);
- get_options_mutable()->Tor2webMode = 1;
- /* For the relay to receive the negotiate: */
- get_options_mutable()->ORPort_set = 1;
- decision = channelpadding_decide_to_pad_channel(client_relay3);
- tt_int_op(decision, OP_EQ, CHANNELPADDING_WONTPAD);
- tt_int_op(tried_to_write_cell, OP_EQ, 1);
- tt_assert(!client_relay3->pending_padding_callback);
- tt_assert(!relay3_client->padding_enabled);
-
- // Test relay side (it should have gotten the negotiation to disable)
- get_options_mutable()->ORPort_set = 1;
- get_options_mutable()->Tor2webMode = 0;
- tt_int_op(channelpadding_decide_to_pad_channel(relay3_client), OP_EQ,
- CHANNELPADDING_WONTPAD);
- tt_assert(!relay3_client->padding_enabled);
-
- /* Repeat for SOS */
// First, test that padding works if either is enabled
smartlist_clear(current_md_consensus->net_params);
channelpadding_new_consensus_params(current_md_consensus);
@@ -1163,4 +1102,3 @@ struct testcase_t channelpadding_tests[] = {
TEST_CHANNELPADDING(channelpadding_timers, TT_FORK),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_channeltls.c b/src/test/test_channeltls.c
index 94f1893cae..787a30a85d 100644
--- a/src/test/test_channeltls.c
+++ b/src/test/test_channeltls.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
@@ -6,20 +6,23 @@
#include <math.h>
#define TOR_CHANNEL_INTERNAL_
-#include "or.h"
-#include "address.h"
-#include "buffers.h"
-#include "channel.h"
-#include "channeltls.h"
-#include "connection_or.h"
-#include "config.h"
+#include "core/or/or.h"
+#include "lib/net/address.h"
+#include "lib/container/buffers.h"
+#include "core/or/channel.h"
+#include "core/or/channeltls.h"
+#include "core/mainloop/connection.h"
+#include "core/or/connection_or.h"
+#include "app/config/config.h"
/* For init/free stuff */
-#include "scheduler.h"
-#include "tortls.h"
+#include "core/or/scheduler.h"
+#include "lib/tls/tortls.h"
+
+#include "core/or/or_connection_st.h"
/* Test suite stuff */
-#include "test.h"
-#include "fakechans.h"
+#include "test/test.h"
+#include "test/fakechans.h"
/* The channeltls unit tests */
static void test_channeltls_create(void *arg);
@@ -334,4 +337,3 @@ struct testcase_t channeltls_tests[] = {
TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_checkdir.c b/src/test/test_checkdir.c
index bf6a8376b3..652e308ed8 100644
--- a/src/test/test_checkdir.c
+++ b/src/test/test_checkdir.c
@@ -1,8 +1,8 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
-#include "or.h"
+#include "core/or/or.h"
#ifdef _WIN32
#include <direct.h>
@@ -10,9 +10,12 @@
#include <dirent.h>
#endif
-#include "config.h"
-#include "test.h"
-#include "util.h"
+#include "app/config/config.h"
+#include "test/test.h"
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
#ifdef _WIN32
#define mkdir(a,b) mkdir(a)
@@ -146,4 +149,3 @@ struct testcase_t checkdir_tests[] = {
CHECKDIR(perms, TT_FORK),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_circuitbuild.c b/src/test/test_circuitbuild.c
index a5282df69d..02eadecd98 100644
--- a/src/test/test_circuitbuild.c
+++ b/src/test/test_circuitbuild.c
@@ -1,16 +1,19 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2016, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define CIRCUITBUILD_PRIVATE
-#include "or.h"
-#include "test.h"
-#include "test_helpers.h"
-#include "log_test_helpers.h"
-#include "config.h"
-#include "circuitbuild.h"
+#include "core/or/or.h"
+#include "test/test.h"
+#include "test/test_helpers.h"
+#include "test/log_test_helpers.h"
+#include "app/config/config.h"
+#include "core/or/circuitbuild.h"
+#include "core/or/circuitlist.h"
+
+#include "core/or/extend_info_st.h"
/* Dummy nodes smartlist for testing */
static smartlist_t dummy_nodes;
@@ -130,4 +133,3 @@ struct testcase_t circuitbuild_tests[] = {
{ "unhandled_exit", test_new_route_len_unhandled_exit, 0, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_circuitlist.c b/src/test/test_circuitlist.c
index 3794ffc2c6..8dd7f5f5a9 100644
--- a/src/test/test_circuitlist.c
+++ b/src/test/test_circuitlist.c
@@ -1,18 +1,23 @@
-/* Copyright (c) 2013-2017, The Tor Project, Inc. */
+/* Copyright (c) 2013-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define TOR_CHANNEL_INTERNAL_
#define CIRCUITBUILD_PRIVATE
#define CIRCUITLIST_PRIVATE
#define HS_CIRCUITMAP_PRIVATE
-#include "or.h"
-#include "channel.h"
-#include "circuitbuild.h"
-#include "circuitlist.h"
-#include "circuitmux_ewma.h"
-#include "hs_circuitmap.h"
-#include "test.h"
-#include "log_test_helpers.h"
+#include "core/or/or.h"
+#include "core/or/channel.h"
+#include "core/or/circuitbuild.h"
+#include "core/or/circuitlist.h"
+#include "core/or/circuitmux_ewma.h"
+#include "feature/hs/hs_circuitmap.h"
+#include "test/test.h"
+#include "test/log_test_helpers.h"
+
+#include "core/or/or_circuit_st.h"
+#include "core/or/origin_circuit_st.h"
+
+#include "lib/container/bitarray.h"
static channel_t *
new_fake_channel(void)
@@ -467,4 +472,3 @@ struct testcase_t circuitlist_tests[] = {
TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_circuitmux.c b/src/test/test_circuitmux.c
index 14c7598703..1d46f8de0d 100644
--- a/src/test/test_circuitmux.c
+++ b/src/test/test_circuitmux.c
@@ -1,17 +1,19 @@
-/* Copyright (c) 2013-2017, The Tor Project, Inc. */
+/* Copyright (c) 2013-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define TOR_CHANNEL_INTERNAL_
#define CIRCUITMUX_PRIVATE
#define CIRCUITMUX_EWMA_PRIVATE
#define RELAY_PRIVATE
-#include "or.h"
-#include "channel.h"
-#include "circuitmux.h"
-#include "circuitmux_ewma.h"
-#include "relay.h"
-#include "scheduler.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "core/or/channel.h"
+#include "core/or/circuitmux.h"
+#include "core/or/circuitmux_ewma.h"
+#include "core/or/relay.h"
+#include "core/or/scheduler.h"
+#include "test/test.h"
+
+#include "core/or/destroy_cell_queue_st.h"
/* XXXX duplicated function from test_circuitlist.c */
static channel_t *
@@ -84,7 +86,7 @@ static void
test_cmux_compute_ticks(void *arg)
{
const int64_t NS_PER_S = 1000 * 1000 * 1000;
- const int64_t START_NS = U64_LITERAL(1217709000)*NS_PER_S;
+ const int64_t START_NS = UINT64_C(1217709000)*NS_PER_S;
int64_t now;
double rem;
unsigned tick;
diff --git a/src/test/test_circuitstats.c b/src/test/test_circuitstats.c
index 8ebef659ca..c3cfad88da 100644
--- a/src/test/test_circuitstats.c
+++ b/src/test/test_circuitstats.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2017, The Tor Project, Inc. */
+/* Copyright (c) 2017-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define CIRCUITBUILD_PRIVATE
@@ -6,16 +6,21 @@
#define CIRCUITLIST_PRIVATE
#define CHANNEL_PRIVATE_
-#include "or.h"
-#include "test.h"
-#include "test_helpers.h"
-#include "log_test_helpers.h"
-#include "config.h"
-#include "circuitlist.h"
-#include "circuitbuild.h"
-#include "circuitstats.h"
-#include "circuituse.h"
-#include "channel.h"
+#include "core/or/or.h"
+#include "test/test.h"
+#include "test/test_helpers.h"
+#include "test/log_test_helpers.h"
+#include "app/config/config.h"
+#include "core/or/circuitlist.h"
+#include "core/or/circuitbuild.h"
+#include "core/or/circuitstats.h"
+#include "core/or/circuituse.h"
+#include "core/or/channel.h"
+
+#include "core/or/cpath_build_state_st.h"
+#include "core/or/crypt_path_st.h"
+#include "core/or/extend_info_st.h"
+#include "core/or/origin_circuit_st.h"
void test_circuitstats_timeout(void *arg);
void test_circuitstats_hoplen(void *arg);
diff --git a/src/test/test_circuituse.c b/src/test/test_circuituse.c
index df1b43807f..720adeac84 100644
--- a/src/test/test_circuituse.c
+++ b/src/test/test_circuituse.c
@@ -1,18 +1,21 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define CIRCUITLIST_PRIVATE
-#include "or.h"
-#include "test.h"
-#include "test_helpers.h"
-#include "config.h"
-#include "circuitlist.h"
-#include "circuituse.h"
-#include "circuitbuild.h"
-#include "nodelist.h"
+#include "core/or/or.h"
+#include "test/test.h"
+#include "test/test_helpers.h"
+#include "app/config/config.h"
+#include "core/or/circuitlist.h"
+#include "core/or/circuituse.h"
+#include "core/or/circuitbuild.h"
+#include "feature/nodelist/nodelist.h"
+
+#include "core/or/cpath_build_state_st.h"
+#include "core/or/origin_circuit_st.h"
static void
test_circuit_is_available_for_use_ret_false_when_marked_for_close(void *arg)
diff --git a/src/test/test_compat_libevent.c b/src/test/test_compat_libevent.c
index 85f69bd626..3f505d013b 100644
--- a/src/test/test_compat_libevent.c
+++ b/src/test/test_compat_libevent.c
@@ -1,17 +1,17 @@
-/* Copyright (c) 2010-2017, The Tor Project, Inc. */
+/* Copyright (c) 2010-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define COMPAT_LIBEVENT_PRIVATE
#include "orconfig.h"
-#include "or.h"
+#include "core/or/or.h"
-#include "test.h"
+#include "test/test.h"
-#include "compat_libevent.h"
+#include "lib/evloop/compat_libevent.h"
#include <event2/event.h>
-#include "log_test_helpers.h"
+#include "test/log_test_helpers.h"
#define NS_MODULE compat_libevent
diff --git a/src/test/test_config.c b/src/test/test_config.c
index 8662b832b8..bf21a8d512 100644
--- a/src/test/test_config.c
+++ b/src/test/test_config.c
@@ -1,6 +1,6 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
@@ -8,41 +8,57 @@
#define CONFIG_PRIVATE
#define PT_PRIVATE
#define ROUTERSET_PRIVATE
-#include "or.h"
-#include "address.h"
-#include "addressmap.h"
-#include "bridges.h"
-#include "circuitmux_ewma.h"
-#include "circuitbuild.h"
-#include "config.h"
-#include "confparse.h"
-#include "connection.h"
-#include "connection_edge.h"
-#include "test.h"
-#include "util.h"
-#include "connection_or.h"
-#include "control.h"
-#include "cpuworker.h"
-#include "dirserv.h"
-#include "dirauth/dirvote.h"
-#include "dns.h"
-#include "entrynodes.h"
-#include "transports.h"
-#include "ext_orport.h"
-#include "geoip.h"
-#include "hibernate.h"
-#include "main.h"
-#include "networkstatus.h"
-#include "nodelist.h"
-#include "policies.h"
-#include "rendclient.h"
-#include "rendservice.h"
-#include "router.h"
-#include "routerlist.h"
-#include "routerset.h"
-#include "statefile.h"
-
-#include "test_helpers.h"
+#include "core/or/or.h"
+#include "lib/net/address.h"
+#include "lib/net/resolve.h"
+#include "feature/client/addressmap.h"
+#include "feature/client/bridges.h"
+#include "core/or/circuitmux_ewma.h"
+#include "core/or/circuitbuild.h"
+#include "app/config/config.h"
+#include "app/config/confparse.h"
+#include "core/mainloop/connection.h"
+#include "core/or/connection_edge.h"
+#include "test/test.h"
+#include "core/or/connection_or.h"
+#include "feature/control/control.h"
+#include "core/mainloop/cpuworker.h"
+#include "feature/dircache/dirserv.h"
+#include "feature/dirauth/dirvote.h"
+#include "feature/relay/dns.h"
+#include "feature/client/entrynodes.h"
+#include "feature/client/transports.h"
+#include "feature/relay/ext_orport.h"
+#include "feature/stats/geoip.h"
+#include "feature/hibernate/hibernate.h"
+#include "core/mainloop/main.h"
+#include "feature/nodelist/networkstatus.h"
+#include "feature/nodelist/nodelist.h"
+#include "core/or/policies.h"
+#include "feature/rend/rendclient.h"
+#include "feature/rend/rendservice.h"
+#include "feature/relay/router.h"
+#include "feature/nodelist/routerlist.h"
+#include "feature/nodelist/routerset.h"
+#include "app/config/statefile.h"
+
+#include "test/test_helpers.h"
+
+#include "feature/dirclient/dir_server_st.h"
+#include "core/or/port_cfg_st.h"
+#include "feature/nodelist/routerinfo_st.h"
+
+#include "lib/fs/conffile.h"
+#include "lib/meminfo/meminfo.h"
+#include "lib/net/gethostname.h"
+#include "lib/encoding/confline.h"
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
static void
test_config_addressmap(void *arg)
@@ -1619,6 +1635,40 @@ test_config_parsing_trusted_dir_server(void *arg)
#undef TEST_DIR_AUTH_LINE_END
#undef TEST_DIR_AUTH_IPV6_FLAG
+#define TEST_DIR_AUTH_LINE_START \
+ "foobar orport=12345 " \
+ "v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
+#define TEST_DIR_AUTH_LINE_END_BAD_IP \
+ "0.256.3.4:54321 " \
+ "FDB2 FBD2 AAA5 25FA 2999 E617 5091 5A32 C777 3B17"
+#define TEST_DIR_AUTH_LINE_END_WITH_DNS_ADDR \
+ "torproject.org:54321 " \
+ "FDB2 FBD2 AAA5 25FA 2999 E617 5091 5A32 C777 3B17"
+
+static void
+test_config_parsing_invalid_dir_address(void *arg)
+{
+ (void)arg;
+ int rv;
+
+ rv = parse_dir_authority_line(TEST_DIR_AUTH_LINE_START
+ TEST_DIR_AUTH_LINE_END_BAD_IP,
+ V3_DIRINFO, 1);
+ tt_int_op(rv, OP_EQ, -1);
+
+ rv = parse_dir_authority_line(TEST_DIR_AUTH_LINE_START
+ TEST_DIR_AUTH_LINE_END_WITH_DNS_ADDR,
+ V3_DIRINFO, 1);
+ tt_int_op(rv, OP_EQ, -1);
+
+ done:
+ return;
+}
+
+#undef TEST_DIR_AUTH_LINE_START
+#undef TEST_DIR_AUTH_LINE_END_BAD_IP
+#undef TEST_DIR_AUTH_LINE_END_WITH_DNS_ADDR
+
/* No secrets here:
* id is `echo "syn-propanethial-S-oxide" | shasum | cut -d" " -f1`
*/
@@ -3724,7 +3774,7 @@ static void
test_config_default_fallback_dirs(void *arg)
{
const char *fallback[] = {
-#include "../or/fallback_dirs.inc"
+#include "app/config/fallback_dirs.inc"
NULL
};
@@ -4587,6 +4637,20 @@ test_config_parse_port_config__ports__ports_given(void *data)
tor_addr_parse(&addr, "127.0.0.46");
tt_assert(tor_addr_eq(&port_cfg->addr, &addr))
+ // Test success with a port of auto in mixed case
+ config_free_lines(config_port_valid); config_port_valid = NULL;
+ SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+ smartlist_clear(slout);
+ config_port_valid = mock_config_line("DNSPort", "AuTo");
+ ret = parse_port_config(slout, config_port_valid, "DNS", 0,
+ "127.0.0.46", 0, 0);
+ tt_int_op(ret, OP_EQ, 0);
+ tt_int_op(smartlist_len(slout), OP_EQ, 1);
+ port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+ tt_int_op(port_cfg->port, OP_EQ, CFG_AUTO_PORT);
+ tor_addr_parse(&addr, "127.0.0.46");
+ tt_assert(tor_addr_eq(&port_cfg->addr, &addr))
+
// Test success with parsing both an address and an auto port
config_free_lines(config_port_valid); config_port_valid = NULL;
SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
@@ -5616,8 +5680,8 @@ test_config_include_opened_file_list(void *data)
static void
test_config_compute_max_mem_in_queues(void *data)
{
-#define GIGABYTE(x) (U64_LITERAL(x) << 30)
-#define MEGABYTE(x) (U64_LITERAL(x) << 20)
+#define GIGABYTE(x) (UINT64_C(x) << 30)
+#define MEGABYTE(x) (UINT64_C(x) << 20)
(void)data;
MOCK(get_total_system_memory, get_total_system_memory_mock);
@@ -5681,6 +5745,72 @@ test_config_compute_max_mem_in_queues(void *data)
#undef MEGABYTE
}
+static void
+test_config_extended_fmt(void *arg)
+{
+ (void)arg;
+ config_line_t *lines = NULL, *lp;
+ const char string1[] =
+ "thing1 is here\n"
+ "+thing2 is over here\n"
+ "/thing3\n"
+ "/thing4 is back here\n";
+
+ /* Try with the "extended" flag disabled. */
+ int r = config_get_lines(string1, &lines, 0);
+ tt_int_op(r, OP_EQ, 0);
+ lp = lines;
+ tt_ptr_op(lp, OP_NE, NULL);
+ tt_str_op(lp->key, OP_EQ, "thing1");
+ tt_str_op(lp->value, OP_EQ, "is here");
+ tt_int_op(lp->command, OP_EQ, CONFIG_LINE_NORMAL);
+ lp = lp->next;
+ tt_ptr_op(lp, OP_NE, NULL);
+ tt_str_op(lp->key, OP_EQ, "+thing2");
+ tt_str_op(lp->value, OP_EQ, "is over here");
+ tt_int_op(lp->command, OP_EQ, CONFIG_LINE_NORMAL);
+ lp = lp->next;
+ tt_ptr_op(lp, OP_NE, NULL);
+ tt_str_op(lp->key, OP_EQ, "/thing3");
+ tt_str_op(lp->value, OP_EQ, "");
+ tt_int_op(lp->command, OP_EQ, CONFIG_LINE_NORMAL);
+ lp = lp->next;
+ tt_ptr_op(lp, OP_NE, NULL);
+ tt_str_op(lp->key, OP_EQ, "/thing4");
+ tt_str_op(lp->value, OP_EQ, "is back here");
+ tt_int_op(lp->command, OP_EQ, CONFIG_LINE_NORMAL);
+ lp = lp->next;
+ config_free_lines(lines);
+
+ /* Try with the "extended" flag enabled. */
+ r = config_get_lines(string1, &lines, 1);
+ tt_int_op(r, OP_EQ, 0);
+ lp = lines;
+ tt_ptr_op(lp, OP_NE, NULL);
+ tt_str_op(lp->key, OP_EQ, "thing1");
+ tt_str_op(lp->value, OP_EQ, "is here");
+ tt_int_op(lp->command, OP_EQ, CONFIG_LINE_NORMAL);
+ lp = lp->next;
+ tt_ptr_op(lp, OP_NE, NULL);
+ tt_str_op(lp->key, OP_EQ, "thing2");
+ tt_str_op(lp->value, OP_EQ, "is over here");
+ tt_int_op(lp->command, OP_EQ, CONFIG_LINE_APPEND);
+ lp = lp->next;
+ tt_ptr_op(lp, OP_NE, NULL);
+ tt_str_op(lp->key, OP_EQ, "thing3");
+ tt_str_op(lp->value, OP_EQ, "");
+ tt_int_op(lp->command, OP_EQ, CONFIG_LINE_CLEAR);
+ lp = lp->next;
+ tt_ptr_op(lp, OP_NE, NULL);
+ tt_str_op(lp->key, OP_EQ, "thing4");
+ tt_str_op(lp->value, OP_EQ, "");
+ tt_int_op(lp->command, OP_EQ, CONFIG_LINE_CLEAR);
+ lp = lp->next;
+
+ done:
+ config_free_lines(lines);
+}
+
#define CONFIG_TEST(name, flags) \
{ #name, test_config_ ## name, flags, NULL, NULL }
@@ -5688,6 +5818,7 @@ struct testcase_t config_tests[] = {
CONFIG_TEST(adding_trusted_dir_server, TT_FORK),
CONFIG_TEST(adding_fallback_dir_server, TT_FORK),
CONFIG_TEST(parsing_trusted_dir_server, 0),
+ CONFIG_TEST(parsing_invalid_dir_address, 0),
CONFIG_TEST(parsing_fallback_dir_server, 0),
CONFIG_TEST(adding_default_trusted_dir_servers, TT_FORK),
CONFIG_TEST(adding_dir_servers, TT_FORK),
@@ -5730,6 +5861,6 @@ struct testcase_t config_tests[] = {
CONFIG_TEST(check_bridge_distribution_setting_unrecognised, 0),
CONFIG_TEST(include_opened_file_list, 0),
CONFIG_TEST(compute_max_mem_in_queues, 0),
+ CONFIG_TEST(extended_fmt, 0),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_connection.c b/src/test/test_connection.c
index dc0f6860d9..e716c83fe1 100644
--- a/src/test/test_connection.c
+++ b/src/test/test_connection.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2015-2017, The Tor Project, Inc. */
+/* Copyright (c) 2015-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
@@ -7,21 +7,30 @@
#define MAIN_PRIVATE
#define CONNECTION_OR_PRIVATE
-#include "or.h"
-#include "test.h"
-
-#include "connection.h"
-#include "hs_common.h"
-#include "main.h"
-#include "microdesc.h"
-#include "nodelist.h"
-#include "networkstatus.h"
-#include "rendcache.h"
-#include "directory.h"
-#include "connection_or.h"
-
-#include "test_connection.h"
-#include "test_helpers.h"
+#include "core/or/or.h"
+#include "test/test.h"
+
+#include "core/mainloop/connection.h"
+#include "core/or/connection_edge.h"
+#include "feature/hs/hs_common.h"
+#include "core/mainloop/main.h"
+#include "feature/nodelist/microdesc.h"
+#include "feature/nodelist/nodelist.h"
+#include "feature/nodelist/networkstatus.h"
+#include "feature/rend/rendcache.h"
+#include "feature/dircache/directory.h"
+#include "core/or/connection_or.h"
+#include "lib/net/resolve.h"
+
+#include "test/test_connection.h"
+#include "test/test_helpers.h"
+
+#include "feature/dircommon/dir_connection_st.h"
+#include "core/or/entry_connection_st.h"
+#include "feature/nodelist/node_st.h"
+#include "core/or/or_connection_st.h"
+#include "feature/nodelist/routerinfo_st.h"
+#include "core/or/socks_request_st.h"
static void * test_conn_get_basic_setup(const struct testcase_t *tc);
static int test_conn_get_basic_teardown(const struct testcase_t *tc,
@@ -891,4 +900,3 @@ struct testcase_t connection_tests[] = {
{ "failed_orconn_tracker", test_failed_orconn_tracker, TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_connection.h b/src/test/test_connection.h
index 392783b53b..27c296504a 100644
--- a/src/test/test_connection.h
+++ b/src/test/test_connection.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/** Some constants used by test_connection and helpers */
diff --git a/src/test/test_conscache.c b/src/test/test_conscache.c
index ffec3149b0..b5cbd72515 100644
--- a/src/test/test_conscache.c
+++ b/src/test/test_conscache.c
@@ -1,10 +1,11 @@
-/* Copyright (c) 2017, The Tor Project, Inc. */
+/* Copyright (c) 2017-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
-#include "or.h"
-#include "config.h"
-#include "conscache.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "app/config/config.h"
+#include "feature/dircache/conscache.h"
+#include "lib/encoding/confline.h"
+#include "test/test.h"
#ifdef HAVE_UTIME_H
#include <utime.h>
@@ -337,4 +338,3 @@ struct testcase_t conscache_tests[] = {
ENT(filter),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_consdiff.c b/src/test/test_consdiff.c
index fda3a7f186..b836befd22 100644
--- a/src/test/test_consdiff.c
+++ b/src/test/test_consdiff.c
@@ -1,15 +1,15 @@
/* Copyright (c) 2014, Daniel Martí
- * Copyright (c) 2014, The Tor Project, Inc. */
+ * Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define CONSDIFF_PRIVATE
-#include "or.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "test/test.h"
-#include "consdiff.h"
-#include "memarea.h"
-#include "log_test_helpers.h"
+#include "feature/dircommon/consdiff.h"
+#include "lib/memarea/memarea.h"
+#include "test/log_test_helpers.h"
#define tt_str_eq_line(a,b) \
tt_assert(line_str_eq((b),(a)))
diff --git a/src/test/test_consdiffmgr.c b/src/test/test_consdiffmgr.c
index 3b91baca39..6c0601b504 100644
--- a/src/test/test_consdiffmgr.c
+++ b/src/test/test_consdiffmgr.c
@@ -1,21 +1,25 @@
-/* Copyright (c) 2017, The Tor Project, Inc. */
+/* Copyright (c) 2017-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define CONSDIFFMGR_PRIVATE
-#include "or.h"
-#include "config.h"
-#include "conscache.h"
-#include "consdiff.h"
-#include "consdiffmgr.h"
-#include "cpuworker.h"
-#include "crypto_rand.h"
-#include "networkstatus.h"
-#include "routerparse.h"
-#include "workqueue.h"
+#include "core/or/or.h"
+#include "app/config/config.h"
+#include "feature/dircache/conscache.h"
+#include "feature/dircommon/consdiff.h"
+#include "feature/dircache/consdiffmgr.h"
+#include "core/mainloop/cpuworker.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "feature/nodelist/networkstatus.h"
+#include "feature/nodelist/routerparse.h"
+#include "lib/evloop/workqueue.h"
+#include "lib/compress/compress.h"
+#include "lib/encoding/confline.h"
-#include "test.h"
-#include "log_test_helpers.h"
+#include "feature/nodelist/networkstatus_st.h"
+
+#include "test/test.h"
+#include "test/log_test_helpers.h"
// ============================== Setup/teardown the consdiffmgr
// These functions get run before/after each test in this module
@@ -894,4 +898,3 @@ struct testcase_t consdiffmgr_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_containers.c b/src/test/test_containers.c
index 3fc3523af4..717eb0892a 100644
--- a/src/test/test_containers.c
+++ b/src/test/test_containers.c
@@ -1,13 +1,17 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
-#include "or.h"
-#include "crypto_rand.h"
-#include "fp_pair.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "feature/dircommon/fp_pair.h"
+#include "test/test.h"
+
+#include "lib/container/bitarray.h"
+#include "lib/container/order.h"
+#include "lib/crypt_ops/digestset.h"
/** Helper: return a tristate based on comparing the strings in *<b>a</b> and
* *<b>b</b>. */
@@ -640,18 +644,18 @@ test_container_digestset(void *arg)
}
set = digestset_new(1000);
SMARTLIST_FOREACH(included, const char *, cp,
- if (digestset_contains(set, cp))
+ if (digestset_probably_contains(set, cp))
ok = 0);
tt_assert(ok);
SMARTLIST_FOREACH(included, const char *, cp,
digestset_add(set, cp));
SMARTLIST_FOREACH(included, const char *, cp,
- if (!digestset_contains(set, cp))
+ if (!digestset_probably_contains(set, cp))
ok = 0);
tt_assert(ok);
for (i = 0; i < 1000; ++i) {
crypto_rand(d, DIGEST_LEN);
- if (digestset_contains(set, d))
+ if (digestset_probably_contains(set, d))
++false_positives;
}
tt_int_op(50, OP_GT, false_positives); /* Should be far lower. */
@@ -1295,4 +1299,3 @@ struct testcase_t container_tests[] = {
CONTAINER(smartlist_strings_eq, 0),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_controller.c b/src/test/test_controller.c
index 1a350f66c0..0428ac6fce 100644
--- a/src/test/test_controller.c
+++ b/src/test/test_controller.c
@@ -1,17 +1,25 @@
-/* Copyright (c) 2015-2017, The Tor Project, Inc. */
+/* Copyright (c) 2015-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define CONTROL_PRIVATE
-#include "or.h"
-#include "bridges.h"
-#include "control.h"
-#include "entrynodes.h"
-#include "hs_common.h"
-#include "networkstatus.h"
-#include "rendservice.h"
-#include "routerlist.h"
-#include "test.h"
-#include "test_helpers.h"
+#include "core/or/or.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+#include "feature/client/bridges.h"
+#include "feature/control/control.h"
+#include "feature/client/entrynodes.h"
+#include "feature/hs/hs_common.h"
+#include "feature/nodelist/networkstatus.h"
+#include "feature/rend/rendservice.h"
+#include "feature/nodelist/routerlist.h"
+#include "feature/nodelist/nodelist.h"
+#include "test/test.h"
+#include "test/test_helpers.h"
+#include "lib/net/resolve.h"
+
+#include "feature/control/control_connection_st.h"
+#include "feature/dirclient/download_status_st.h"
+#include "feature/nodelist/microdesc_st.h"
+#include "feature/nodelist/node_st.h"
static void
test_add_onion_helper_keyarg_v3(void *arg)
@@ -153,7 +161,7 @@ test_add_onion_helper_keyarg_v2(void *arg)
/* Test loading a RSA1024 key. */
tor_free(err_msg);
pk1 = pk_generate(0);
- tt_int_op(0, OP_EQ, crypto_pk_base64_encode(pk1, &encoded));
+ tt_int_op(0, OP_EQ, crypto_pk_base64_encode_private(pk1, &encoded));
tor_asprintf(&arg_str, "RSA1024:%s", encoded);
ret = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob,
&pk, &hs_version, &err_msg);
@@ -338,6 +346,13 @@ test_rend_service_parse_port_config(void *arg)
"in hidden service port configuration.");
tor_free(err_msg);
+ /* Wrong target address and port separation */
+ cfg = rend_service_parse_port_config("80,127.0.0.1 1234", sep,
+ &err_msg);
+ tt_ptr_op(cfg, OP_EQ, NULL);
+ tt_assert(err_msg);
+ tor_free(err_msg);
+
done:
rend_service_port_config_free(cfg);
tor_free(err_msg);
@@ -1525,6 +1540,80 @@ test_current_time(void *arg)
return;
}
+static size_t n_nodelist_get_list = 0;
+static smartlist_t *nodes = NULL;
+
+static smartlist_t *
+mock_nodelist_get_list(void)
+{
+ n_nodelist_get_list++;
+ tor_assert(nodes);
+
+ return nodes;
+}
+
+static void
+test_getinfo_md_all(void *arg)
+{
+ char *answer = NULL;
+ const char *errmsg = NULL;
+ int retval = 0;
+
+ (void)arg;
+
+ node_t *node1 = tor_malloc(sizeof(node_t));
+ memset(node1, 0, sizeof(node_t));
+ node1->md = tor_malloc(sizeof(microdesc_t));
+ memset(node1->md, 0, sizeof(microdesc_t));
+ node1->md->body = tor_strdup("md1\n");
+ node1->md->bodylen = 4;
+
+ node_t *node2 = tor_malloc(sizeof(node_t));
+ memset(node2, 0, sizeof(node_t));
+ node2->md = tor_malloc(sizeof(microdesc_t));
+ memset(node2->md, 0, sizeof(microdesc_t));
+ node2->md->body = tor_strdup("md2\n");
+ node2->md->bodylen = 4;
+
+ MOCK(nodelist_get_list, mock_nodelist_get_list);
+
+ nodes = smartlist_new();
+
+ retval = getinfo_helper_dir(NULL, "md/all", &answer, &errmsg);
+
+ tt_int_op(n_nodelist_get_list, OP_EQ, 1);
+ tt_int_op(retval, OP_EQ, 0);
+ tt_assert(answer != NULL);
+ tt_assert(errmsg == NULL);
+ tt_str_op(answer, OP_EQ, "");
+
+ tor_free(answer);
+
+ smartlist_add(nodes, node1);
+ smartlist_add(nodes, node2);
+
+ retval = getinfo_helper_dir(NULL, "md/all", &answer, &errmsg);
+
+ tt_int_op(n_nodelist_get_list, OP_EQ, 2);
+ tt_int_op(retval, OP_EQ, 0);
+ tt_assert(answer != NULL);
+ tt_assert(errmsg == NULL);
+
+ tt_str_op(answer, OP_EQ, "md1\nmd2\n");
+
+ done:
+ UNMOCK(nodelist_get_list);
+ tor_free(node1->md->body);
+ tor_free(node1->md);
+ tor_free(node1);
+ tor_free(node2->md->body);
+ tor_free(node2->md);
+ tor_free(node2);
+ tor_free(answer);
+ smartlist_free(nodes);
+ return;
+}
+
struct testcase_t controller_tests[] = {
{ "add_onion_helper_keyarg_v2", test_add_onion_helper_keyarg_v2, 0,
NULL, NULL },
@@ -1542,6 +1631,6 @@ struct testcase_t controller_tests[] = {
{ "download_status_desc", test_download_status_desc, 0, NULL, NULL },
{ "download_status_bridge", test_download_status_bridge, 0, NULL, NULL },
{ "current_time", test_current_time, 0, NULL, NULL },
+ { "getinfo_md_all", test_getinfo_md_all, 0, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_controller_events.c b/src/test/test_controller_events.c
index e81aea8d66..4c404876b0 100644
--- a/src/test/test_controller_events.c
+++ b/src/test/test_controller_events.c
@@ -1,15 +1,19 @@
-/* Copyright (c) 2013-2017, The Tor Project, Inc. */
+/* Copyright (c) 2013-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define CONNECTION_PRIVATE
#define TOR_CHANNEL_INTERNAL_
#define CONTROL_PRIVATE
-#include "or.h"
-#include "channel.h"
-#include "channeltls.h"
-#include "connection.h"
-#include "control.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "core/or/channel.h"
+#include "core/or/channeltls.h"
+#include "core/or/circuitlist.h"
+#include "core/mainloop/connection.h"
+#include "feature/control/control.h"
+#include "test/test.h"
+
+#include "core/or/or_circuit_st.h"
+#include "core/or/origin_circuit_st.h"
static void
add_testing_cell_stats_entry(circuit_t *circ, uint8_t command,
@@ -318,6 +322,72 @@ test_cntev_event_mask(void *arg)
;
}
+static char *saved_event_str = NULL;
+
+static void
+mock_queue_control_event_string(uint16_t event, char *msg)
+{
+ (void)event;
+
+ tor_free(saved_event_str);
+ saved_event_str = msg;
+}
+
+/* Helper macro for checking bootstrap control event strings */
+#define assert_bootmsg(s) \
+ tt_ptr_op(strstr(saved_event_str, "650 STATUS_CLIENT NOTICE " \
+ "BOOTSTRAP PROGRESS=" s), OP_EQ, saved_event_str)
+
+/* Test deferral of directory bootstrap messages (requesting_descriptors) */
+static void
+test_cntev_dirboot_defer_desc(void *arg)
+{
+ (void)arg;
+
+ MOCK(queue_control_event_string, mock_queue_control_event_string);
+ control_testing_set_global_event_mask(EVENT_MASK_(EVENT_STATUS_CLIENT));
+ control_event_bootstrap(BOOTSTRAP_STATUS_STARTING, 0);
+ assert_bootmsg("0 TAG=starting");
+ /* This event should get deferred */
+ control_event_boot_dir(BOOTSTRAP_STATUS_REQUESTING_DESCRIPTORS, 0);
+ assert_bootmsg("0 TAG=starting");
+ control_event_bootstrap(BOOTSTRAP_STATUS_CONN_DIR, 0);
+ assert_bootmsg("5 TAG=conn_dir");
+ control_event_bootstrap(BOOTSTRAP_STATUS_HANDSHAKE, 0);
+ assert_bootmsg("10 TAG=handshake_dir");
+ /* The deferred event should appear */
+ control_event_boot_first_orconn();
+ assert_bootmsg("45 TAG=requesting_descriptors");
+ done:
+ tor_free(saved_event_str);
+ UNMOCK(queue_control_event_string);
+}
+
+/* Test deferral of directory bootstrap messages (conn_or) */
+static void
+test_cntev_dirboot_defer_orconn(void *arg)
+{
+ (void)arg;
+
+ MOCK(queue_control_event_string, mock_queue_control_event_string);
+ control_testing_set_global_event_mask(EVENT_MASK_(EVENT_STATUS_CLIENT));
+ control_event_bootstrap(BOOTSTRAP_STATUS_STARTING, 0);
+ assert_bootmsg("0 TAG=starting");
+ /* This event should get deferred */
+ control_event_boot_dir(BOOTSTRAP_STATUS_CONN_OR, 0);
+ assert_bootmsg("0 TAG=starting");
+ control_event_bootstrap(BOOTSTRAP_STATUS_CONN_DIR, 0);
+ assert_bootmsg("5 TAG=conn_dir");
+ control_event_bootstrap(BOOTSTRAP_STATUS_HANDSHAKE, 0);
+ assert_bootmsg("10 TAG=handshake_dir");
+ /* The deferred event should appear */
+ control_event_boot_first_orconn();
+ assert_bootmsg("80 TAG=conn_or");
+ done:
+ tor_free(saved_event_str);
+ UNMOCK(queue_control_event_string);
+}
+
#define TEST(name, flags) \
{ #name, test_cntev_ ## name, flags, 0, NULL }
@@ -326,6 +396,7 @@ struct testcase_t controller_event_tests[] = {
TEST(append_cell_stats, TT_FORK),
TEST(format_cell_stats, TT_FORK),
TEST(event_mask, TT_FORK),
+ TEST(dirboot_defer_desc, TT_FORK),
+ TEST(dirboot_defer_orconn, TT_FORK),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c
index bb2e340dd2..81d2fa6f33 100644
--- a/src/test/test_crypto.c
+++ b/src/test/test_crypto.c
@@ -1,20 +1,38 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
#define CRYPTO_CURVE25519_PRIVATE
#define CRYPTO_RAND_PRIVATE
-#include "or.h"
-#include "test.h"
-#include "aes.h"
-#include "util.h"
+#include "core/or/or.h"
+#include "test/test.h"
+#include "lib/crypt_ops/aes.h"
#include "siphash.h"
-#include "crypto_curve25519.h"
-#include "crypto_ed25519.h"
-#include "crypto_rand.h"
+#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_dh.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_format.h"
+#include "lib/crypt_ops/crypto_hkdf.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "lib/crypt_ops/crypto_init.h"
#include "ed25519_vectors.inc"
+#include "test/log_test_helpers.h"
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#if defined(ENABLE_OPENSSL)
+#include "lib/crypt_ops/compat_openssl.h"
+DISABLE_GCC_WARNING(redundant-decls)
+#include <openssl/dh.h>
+ENABLE_GCC_WARNING(redundant-decls)
+#endif
/** Run unit tests for Diffie-Hellman functionality. */
static void
@@ -23,38 +41,45 @@ test_crypto_dh(void *arg)
crypto_dh_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT);
crypto_dh_t *dh1_dup = NULL;
crypto_dh_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT);
- char p1[DH_BYTES];
- char p2[DH_BYTES];
- char s1[DH_BYTES];
- char s2[DH_BYTES];
+ char p1[DH1024_KEY_LEN];
+ char p2[DH1024_KEY_LEN];
+ char s1[DH1024_KEY_LEN];
+ char s2[DH1024_KEY_LEN];
ssize_t s1len, s2len;
+#ifdef ENABLE_OPENSSL
+ crypto_dh_t *dh3 = NULL;
+ DH *dh4 = NULL;
+ BIGNUM *pubkey_tmp = NULL;
+#endif
(void)arg;
- tt_int_op(crypto_dh_get_bytes(dh1),OP_EQ, DH_BYTES);
- tt_int_op(crypto_dh_get_bytes(dh2),OP_EQ, DH_BYTES);
+ tt_int_op(crypto_dh_get_bytes(dh1),OP_EQ, DH1024_KEY_LEN);
+ tt_int_op(crypto_dh_get_bytes(dh2),OP_EQ, DH1024_KEY_LEN);
- memset(p1, 0, DH_BYTES);
- memset(p2, 0, DH_BYTES);
- tt_mem_op(p1,OP_EQ, p2, DH_BYTES);
+ memset(p1, 0, DH1024_KEY_LEN);
+ memset(p2, 0, DH1024_KEY_LEN);
+ tt_mem_op(p1,OP_EQ, p2, DH1024_KEY_LEN);
tt_int_op(-1, OP_EQ, crypto_dh_get_public(dh1, p1, 6)); /* too short */
- tt_assert(! crypto_dh_get_public(dh1, p1, DH_BYTES));
- tt_mem_op(p1,OP_NE, p2, DH_BYTES);
- tt_assert(! crypto_dh_get_public(dh2, p2, DH_BYTES));
- tt_mem_op(p1,OP_NE, p2, DH_BYTES);
+ tt_assert(! crypto_dh_get_public(dh1, p1, DH1024_KEY_LEN));
+ tt_mem_op(p1,OP_NE, p2, DH1024_KEY_LEN);
+ tt_assert(! crypto_dh_get_public(dh2, p2, DH1024_KEY_LEN));
+ tt_mem_op(p1,OP_NE, p2, DH1024_KEY_LEN);
- memset(s1, 0, DH_BYTES);
- memset(s2, 0xFF, DH_BYTES);
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p2, DH_BYTES, s1, 50);
- s2len = crypto_dh_compute_secret(LOG_WARN, dh2, p1, DH_BYTES, s2, 50);
+ memset(s1, 0, DH1024_KEY_LEN);
+ memset(s2, 0xFF, DH1024_KEY_LEN);
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p2, DH1024_KEY_LEN, s1, 50);
+ s2len = crypto_dh_compute_secret(LOG_WARN, dh2, p1, DH1024_KEY_LEN, s2, 50);
tt_assert(s1len > 0);
tt_int_op(s1len,OP_EQ, s2len);
tt_mem_op(s1,OP_EQ, s2, s1len);
/* test dh_dup; make sure it works the same. */
dh1_dup = crypto_dh_dup(dh1);
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1_dup, p2, DH_BYTES, s1, 50);
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1_dup, p2, DH1024_KEY_LEN,
+ s1, 50);
+ tt_i64_op(s1len, OP_GE, 0);
tt_mem_op(s1,OP_EQ, s2, s1len);
{
@@ -67,18 +92,24 @@ test_crypto_dh(void *arg)
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, "\x00", 1, s1, 50);
tt_int_op(-1, OP_EQ, s1len);
- memset(p1, 0, DH_BYTES); /* 0 with padding. */
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+ memset(p1, 0, DH1024_KEY_LEN); /* 0 with padding. */
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+ s1, 50);
tt_int_op(-1, OP_EQ, s1len);
- p1[DH_BYTES-1] = 1; /* 1 with padding*/
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+ p1[DH1024_KEY_LEN-1] = 1; /* 1 with padding*/
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+ s1, 50);
tt_int_op(-1, OP_EQ, s1len);
/* 2 is okay, though weird. */
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, "\x02", 1, s1, 50);
tt_int_op(50, OP_EQ, s1len);
+ /* 2 a second time is still okay, though weird. */
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, "\x02", 1, s1, 50);
+ tt_int_op(50, OP_EQ, s1len);
+
const char P[] =
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
"8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
@@ -89,15 +120,18 @@ test_crypto_dh(void *arg)
/* p-1, p, and so on are not okay. */
base16_decode(p1, sizeof(p1), P, strlen(P));
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+ s1, 50);
tt_int_op(-1, OP_EQ, s1len);
- p1[DH_BYTES-1] = 0xFE; /* p-1 */
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+ p1[DH1024_KEY_LEN-1] = 0xFE; /* p-1 */
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+ s1, 50);
tt_int_op(-1, OP_EQ, s1len);
- p1[DH_BYTES-1] = 0xFD; /* p-2 works fine */
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+ p1[DH1024_KEY_LEN-1] = 0xFD; /* p-2 works fine */
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+ s1, 50);
tt_int_op(50, OP_EQ, s1len);
const char P_plus_one[] =
@@ -109,51 +143,103 @@ test_crypto_dh(void *arg)
base16_decode(p1, sizeof(p1), P_plus_one, strlen(P_plus_one));
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+ s1, 50);
tt_int_op(-1, OP_EQ, s1len);
- p1[DH_BYTES-1] = 0x01; /* p+2 */
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+ p1[DH1024_KEY_LEN-1] = 0x01; /* p+2 */
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+ s1, 50);
tt_int_op(-1, OP_EQ, s1len);
- p1[DH_BYTES-1] = 0xff; /* p+256 */
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+ p1[DH1024_KEY_LEN-1] = 0xff; /* p+256 */
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+ s1, 50);
tt_int_op(-1, OP_EQ, s1len);
- memset(p1, 0xff, DH_BYTES), /* 2^1024-1 */
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+ memset(p1, 0xff, DH1024_KEY_LEN), /* 2^1024-1 */
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+ s1, 50);
tt_int_op(-1, OP_EQ, s1len);
}
{
/* provoke an error in the openssl DH_compute_key function; make sure we
* survive. */
- tt_assert(! crypto_dh_get_public(dh1, p1, DH_BYTES));
+ tt_assert(! crypto_dh_get_public(dh1, p1, DH1024_KEY_LEN));
crypto_dh_free(dh2);
dh2= crypto_dh_new(DH_TYPE_CIRCUIT); /* no private key set */
s1len = crypto_dh_compute_secret(LOG_WARN, dh2,
- p1, DH_BYTES,
+ p1, DH1024_KEY_LEN,
s1, 50);
tt_int_op(s1len, OP_EQ, -1);
}
+#if defined(ENABLE_OPENSSL)
+ {
+ /* Make sure that our crypto library can handshake with openssl. */
+ dh3 = crypto_dh_new(DH_TYPE_TLS);
+ tt_assert(!crypto_dh_get_public(dh3, p1, DH1024_KEY_LEN));
+
+ dh4 = crypto_dh_new_openssl_tls();
+ tt_assert(DH_generate_key(dh4));
+ const BIGNUM *pk=NULL;
+#ifdef OPENSSL_1_1_API
+ const BIGNUM *sk=NULL;
+ DH_get0_key(dh4, &pk, &sk);
+#else
+ pk = dh4->pub_key;
+#endif
+ tt_assert(pk);
+ tt_int_op(BN_num_bytes(pk), OP_LE, DH1024_KEY_LEN);
+ tt_int_op(BN_num_bytes(pk), OP_GT, 0);
+ memset(p2, 0, sizeof(p2));
+ /* right-pad. */
+ BN_bn2bin(pk, (unsigned char *)(p2+DH1024_KEY_LEN-BN_num_bytes(pk)));
+
+ s1len = crypto_dh_handshake(LOG_WARN, dh3, p2, DH1024_KEY_LEN,
+ (unsigned char *)s1, sizeof(s1));
+ pubkey_tmp = BN_bin2bn((unsigned char *)p1, DH1024_KEY_LEN, NULL);
+ s2len = DH_compute_key((unsigned char *)s2, pubkey_tmp, dh4);
+
+ tt_int_op(s1len, OP_EQ, s2len);
+ tt_int_op(s1len, OP_GT, 0);
+ tt_mem_op(s1, OP_EQ, s2, s1len);
+ }
+#endif
+
done:
crypto_dh_free(dh1);
crypto_dh_free(dh2);
crypto_dh_free(dh1_dup);
+#ifdef ENABLE_OPENSSL
+ crypto_dh_free(dh3);
+ if (dh4)
+ DH_free(dh4);
+ if (pubkey_tmp)
+ BN_free(pubkey_tmp);
+#endif
}
static void
test_crypto_openssl_version(void *arg)
{
(void)arg;
+#ifdef ENABLE_NSS
+ tt_skip();
+#else
const char *version = crypto_openssl_get_version_str();
const char *h_version = crypto_openssl_get_header_version_str();
tt_assert(version);
tt_assert(h_version);
- tt_assert(!strcmpstart(version, h_version)); /* "-fips" suffix, etc */
- tt_assert(!strstr(version, "OpenSSL"));
+ if (strcmpstart(version, h_version)) { /* "-fips" suffix, etc */
+ TT_DIE(("OpenSSL library version %s did not begin with header version %s.",
+ version, h_version));
+ }
+ if (strstr(version, "OpenSSL")) {
+ TT_DIE(("assertion failed: !strstr(\"%s\", \"OpenSSL\")", version));
+ }
int a=-1,b=-1,c=-1;
if (!strcmpstart(version, "LibreSSL") || !strcmpstart(version, "BoringSSL"))
return;
@@ -162,6 +248,7 @@ test_crypto_openssl_version(void *arg)
tt_int_op(a, OP_GE, 0);
tt_int_op(b, OP_GE, 0);
tt_int_op(c, OP_GE, 0);
+#endif
done:
;
@@ -190,10 +277,10 @@ test_crypto_rng(void *arg)
j = crypto_rand_int(100);
if (j < 0 || j >= 100)
allok = 0;
- big = crypto_rand_uint64(U64_LITERAL(1)<<40);
- if (big >= (U64_LITERAL(1)<<40))
+ big = crypto_rand_uint64(UINT64_C(1)<<40);
+ if (big >= (UINT64_C(1)<<40))
allok = 0;
- big = crypto_rand_uint64(U64_LITERAL(5));
+ big = crypto_rand_uint64(UINT64_C(5));
if (big >= 5)
allok = 0;
d = crypto_rand_double();
@@ -1339,22 +1426,22 @@ test_crypto_pk_base64(void *arg)
/* Test Base64 encoding a key. */
pk1 = pk_generate(0);
tt_assert(pk1);
- tt_int_op(0, OP_EQ, crypto_pk_base64_encode(pk1, &encoded));
+ tt_int_op(0, OP_EQ, crypto_pk_base64_encode_private(pk1, &encoded));
tt_assert(encoded);
/* Test decoding a valid key. */
- pk2 = crypto_pk_base64_decode(encoded, strlen(encoded));
+ pk2 = crypto_pk_base64_decode_private(encoded, strlen(encoded));
tt_assert(pk2);
tt_int_op(crypto_pk_cmp_keys(pk1, pk2), OP_EQ, 0);
crypto_pk_free(pk2);
/* Test decoding a invalid key (not Base64). */
static const char *invalid_b64 = "The key is in another castle!";
- pk2 = crypto_pk_base64_decode(invalid_b64, strlen(invalid_b64));
+ pk2 = crypto_pk_base64_decode_private(invalid_b64, strlen(invalid_b64));
tt_ptr_op(pk2, OP_EQ, NULL);
/* Test decoding a truncated Base64 blob. */
- pk2 = crypto_pk_base64_decode(encoded, strlen(encoded)/2);
+ pk2 = crypto_pk_base64_decode_private(encoded, strlen(encoded)/2);
tt_ptr_op(pk2, OP_EQ, NULL);
done:
@@ -1403,6 +1490,58 @@ test_crypto_pk_pem_encrypted(void *arg)
done:
crypto_pk_free(pk);
}
+
+static void
+test_crypto_pk_invalid_private_key(void *arg)
+{
+ (void)arg;
+ /* Here is a simple invalid private key: it was produced by making
+ * a regular private key, and then adding 2 to the modulus. */
+ const char pem[] =
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIIEpQIBAAKCAQEAskRyZrs+YAukvBmZlgo6/rCxyKF2xyUk073ap+2CgRUnSfGG\n"
+ "mflHlzqVq7tpH50DafpS+fFAbaEaNV/ac20QG0rUZi38HTB4qURWOu6n0Bws6E4l\n"
+ "UX/AkvDlWnuYH0pHHi2c3DGNFjwoJpjKuUTk+cRffVR8X3Kjr62SUDUaBNW0Kecz\n"
+ "3SYLbmgmZI16dFZ+g9sNM3znXZbhvb33WwPqpZSSPs37cPgF7eS6mAw/gUMx6zfE\n"
+ "HRmUnOQSzUdS05rvc/hsiCLhiIZ8hgfkD07XnTT1Ds8DwE55k7BUWY2wvwWCNLsH\n"
+ "qtqAxTr615XdkMxVkYgImpqPybarpfNYhFqkOwIDAQABAoIBACPC3VxEdbfYvhxJ\n"
+ "2mih9sG++nswAN7kUaX0cRe86rAwaShJPmJHApiQ1ROVTfpciiHJaLnhLraPWe2Z\n"
+ "I/6Bw3hmI4O399p3Lc1u+wlpdNqnvE6B1rSptx0DHE9xecvVH70rE0uM2Su7t6Y+\n"
+ "gnR2IKUGQs2mlCilm7aTUEWs0WJkkl4CG1dyxItuOSdNBjOEzXimJyiB10jEBFsp\n"
+ "SZeCF2FZ7AJbck5CVC42+oTsiDbZrHTHOn7v26rFGdONeHD1wOI1v7JwHFpCB923\n"
+ "aEHBzsPbMeq7DWG1rjzCYpcXHhTDBDBWSia4SEhyr2Nl7m7qxWWWwR+x4dqAj3rD\n"
+ "HeTmos0CgYEA6uf1CLpjPpOs5IaW1DQI8dJA/xFEAC/6GVgq4nFOGHZrm8G3L5o+\n"
+ "qvtQNMpDs2naWuZpqROFqv24o01DykHygR72GlPIY6uvmmf5tvJLoGnbFUay33L4\n"
+ "7b9dkNhuEIBNPzVDie0pgS77WgaPbYkVv5fnDwgPuVnkqfakEt7Pz2MCgYEAwkZ5\n"
+ "R1wLuTQEA2Poo6Gf4L8Bg6yNYI46LHDqDIs818iYLjtcnEEvbPfaoKNpOn7s7s4O\n"
+ "Pc+4HnT1aIQs0IKVLRTp+5a/9wfOkPZnobWOUHZk9UzBL3Hc1uy/qhp93iE3tSzx\n"
+ "v0O1pvR+hr3guTCZx8wZnDvaMgG3hlyPnVlHdrMCgYEAzQQxGbMC1ySv6quEjCP2\n"
+ "AogMbhE1lixJTUFj/EoDbNo9xKznIkauly/Lqqc1OysRhfA/G2+MY9YZBX1zwtyX\n"
+ "uBW7mPKynDrFgi9pBECnvJNmwET57Ic9ttIj6Tzbos83nAjyrzgr1zGX8dRz7ZeN\n"
+ "QbBj2vygLJbGOYinXkjUeh0CgYEAhN5aF9n2EqZmkEMGWtMxWy6HRJ0A3Cap1rcq\n"
+ "+4VHCXWhzwy+XAeg/e/N0MuyLlWcif7XcqLcE8h+BwtO8xQ8HmcNWApUJAls12wO\n"
+ "mGRpftJaXgIupdpD5aJpu1b++qrRRNIGTH9sf1D8L/8w8LcylZkbcuTkaAsQj45C\n"
+ "kqT64U0CgYEAq47IKS6xc3CDc17BqExR6t+1yRe+4ml+z1zcVbfUKony4pGvl1yo\n"
+ "rk0IYDN5Vd8h5xtXrkPdX9h+ywmohnelDKsayEuE+opyqEpSU4/96Bb22RZUoucb\n"
+ "LWkV5gZx5hFnDFtEd4vadMIiY4jVv/3JqiZDKwMVBJKlHRXJEEmIEBk=\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+ crypto_pk_t *pk = NULL;
+
+ pk = crypto_pk_new();
+ setup_capture_of_logs(LOG_WARN);
+ tt_int_op(-1, OP_EQ,
+ crypto_pk_read_private_key_from_string(pk, pem, strlen(pem)));
+#ifdef ENABLE_NSS
+ expect_single_log_msg_containing("received bad data");
+#else
+ expect_single_log_msg_containing("while checking RSA key");
+#endif
+ done:
+ teardown_capture_of_logs();
+ crypto_pk_free(pk);
+}
+
#ifdef HAVE_TRUNCATE
#define do_truncate truncate
#else
@@ -1438,7 +1577,8 @@ test_crypto_digests(void *arg)
(void)arg;
k = crypto_pk_new();
tt_assert(k);
- r = crypto_pk_read_private_key_from_string(k, AUTHORITY_SIGNKEY_3, -1);
+ r = crypto_pk_read_private_key_from_string(k, AUTHORITY_SIGNKEY_3,
+ strlen(AUTHORITY_SIGNKEY_3));
tt_assert(!r);
r = crypto_pk_get_digest(k, digest);
@@ -1817,15 +1957,6 @@ test_crypto_hkdf_sha256(void *arg)
key_material, 100)
/* Test vectors generated with ntor_ref.py */
- memset(key_material, 0, sizeof(key_material));
- EXPAND("");
- tt_int_op(r, OP_EQ, 0);
- test_memeq_hex(key_material,
- "d3490ed48b12a48f9547861583573fe3f19aafe3f81dc7fc75"
- "eeed96d741b3290f941576c1f9f0b2d463d1ec7ab2c6bf71cd"
- "d7f826c6298c00dbfe6711635d7005f0269493edf6046cc7e7"
- "dcf6abe0d20c77cf363e8ffe358927817a3d3e73712cee28d8");
-
EXPAND("Tor");
tt_int_op(r, OP_EQ, 0);
test_memeq_hex(key_material,
@@ -2810,8 +2941,8 @@ test_crypto_siphash(void *arg)
{ 0x72, 0x45, 0x06, 0xeb, 0x4c, 0x32, 0x8a, 0x95, }
};
- const struct sipkey K = { U64_LITERAL(0x0706050403020100),
- U64_LITERAL(0x0f0e0d0c0b0a0908) };
+ const struct sipkey K = { UINT64_C(0x0706050403020100),
+ UINT64_C(0x0f0e0d0c0b0a0908) };
uint8_t input[64];
int i, j;
@@ -2866,12 +2997,12 @@ crypto_rand_check_failure_mode_identical(void)
{
/* just in case the buffer size isn't a multiple of sizeof(int64_t) */
#define FAILURE_MODE_BUFFER_SIZE_I64 \
- (FAILURE_MODE_BUFFER_SIZE/SIZEOF_INT64_T)
+ (FAILURE_MODE_BUFFER_SIZE/8)
#define FAILURE_MODE_BUFFER_SIZE_I64_BYTES \
- (FAILURE_MODE_BUFFER_SIZE_I64*SIZEOF_INT64_T)
+ (FAILURE_MODE_BUFFER_SIZE_I64*8)
#if FAILURE_MODE_BUFFER_SIZE_I64 < 2
-#error FAILURE_MODE_BUFFER_SIZE needs to be at least 2*SIZEOF_INT64_T
+#error FAILURE_MODE_BUFFER_SIZE needs to be at least 2*8
#endif
int64_t buf[FAILURE_MODE_BUFFER_SIZE_I64];
@@ -3032,6 +3163,8 @@ struct testcase_t crypto_tests[] = {
{ "pk_fingerprints", test_crypto_pk_fingerprints, TT_FORK, NULL, NULL },
{ "pk_base64", test_crypto_pk_base64, TT_FORK, NULL, NULL },
{ "pk_pem_encrypted", test_crypto_pk_pem_encrypted, TT_FORK, NULL, NULL },
+ { "pk_invalid_private_key", test_crypto_pk_invalid_private_key, 0,
+ NULL, NULL },
CRYPTO_LEGACY(digests),
{ "digest_names", test_crypto_digest_names, 0, NULL, NULL },
{ "sha3", test_crypto_sha3, TT_FORK, NULL, NULL},
@@ -3067,4 +3200,3 @@ struct testcase_t crypto_tests[] = {
{ "failure_modes", test_crypto_failure_modes, TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_crypto_ope.c b/src/test/test_crypto_ope.c
new file mode 100644
index 0000000000..4e7b952327
--- /dev/null
+++ b/src/test/test_crypto_ope.c
@@ -0,0 +1,154 @@
+/* Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2017, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+
+#define CRYPTO_OPE_PRIVATE
+
+#include "lib/cc/compat_compiler.h"
+#include "lib/crypt_ops/crypto_ope.h"
+#include "lib/crypt_ops/crypto_cipher.h"
+#include "lib/encoding/binascii.h"
+#include "lib/malloc/malloc.h"
+#include "test/test.h"
+#include "tinytest.h"
+
+#include <stddef.h>
+#include <string.h>
+
+static void
+test_crypto_ope_consistency(void *arg)
+{
+ (void)arg;
+
+ crypto_ope_t *ope = NULL;
+ crypto_cipher_t *aes = NULL;
+ const int TEST_VALS[] = { 5, 500, 1023, 1024, 1025, 2046, 2047, 2048, 2049,
+ 10000, OPE_INPUT_MAX };
+ unsigned i;
+ const uint8_t key[32] = "A fixed key, chosen arbitrarily.";
+
+ ope = crypto_ope_new(key);
+ tt_assert(ope);
+
+ uint64_t last_val = 0;
+ for (i = 0; i < ARRAY_LENGTH(TEST_VALS); ++i) {
+ aes = ope_get_cipher(ope, 0);
+ int val = TEST_VALS[i];
+ uint64_t v1 = crypto_ope_encrypt(ope, val);
+ uint64_t v2 = sum_values_from_cipher(aes, val);
+ tt_u64_op(v1, OP_EQ, v2);
+ tt_u64_op(v2, OP_GT, last_val);
+ last_val = v2;
+ crypto_cipher_free(aes);
+ }
+
+ done:
+ crypto_cipher_free(aes);
+ crypto_ope_free(ope);
+}
+
+static void
+test_crypto_ope_oob(void *arg)
+{
+ (void)arg;
+
+ crypto_ope_t *ope = NULL;
+ const uint8_t key[32] = "A fixed key, chosen arbitrarily.";
+ ope = crypto_ope_new(key);
+
+ tt_u64_op(UINT64_MAX, OP_EQ, crypto_ope_encrypt(ope,INT_MIN));
+ tt_u64_op(UINT64_MAX, OP_EQ, crypto_ope_encrypt(ope,-100));
+ tt_u64_op(UINT64_MAX, OP_EQ, crypto_ope_encrypt(ope,0));
+ tt_u64_op(UINT64_MAX, OP_NE, crypto_ope_encrypt(ope,1));
+ tt_u64_op(UINT64_MAX, OP_NE, crypto_ope_encrypt(ope,7000));
+ tt_u64_op(UINT64_MAX, OP_NE, crypto_ope_encrypt(ope,OPE_INPUT_MAX));
+ tt_u64_op(UINT64_MAX, OP_EQ, crypto_ope_encrypt(ope,OPE_INPUT_MAX+1));
+ tt_u64_op(UINT64_MAX, OP_EQ, crypto_ope_encrypt(ope,INT_MAX));
+ done:
+ crypto_ope_free(ope);
+}
+
+static const char OPE_TEST_KEY[] =
+ "19e05891d55232c08c2cad91d612fdb9cbd6691949a0742434a76c80bc6992fe";
+
+/* generated by a separate python implementation. */
+static const struct {
+ int v;
+ uint64_t r;
+} OPE_TEST_VECTORS[] = {
+ { 121132, UINT64_C(3971694514) },
+ { 82283, UINT64_C(2695743564) },
+ { 72661, UINT64_C(2381548866) },
+ { 72941, UINT64_C(2390408421) },
+ { 123122, UINT64_C(4036781069) },
+ { 12154, UINT64_C(402067100) },
+ { 121574, UINT64_C(3986197593) },
+ { 11391, UINT64_C(376696838) },
+ { 65845, UINT64_C(2161801517) },
+ { 86301, UINT64_C(2828270975) },
+ { 61284, UINT64_C(2013616892) },
+ { 70505, UINT64_C(2313368870) },
+ { 30438, UINT64_C(1001394664) },
+ { 60150, UINT64_C(1977329668) },
+ { 114800, UINT64_C(3764946628) },
+ { 109403, UINT64_C(3585352477) },
+ { 21893, UINT64_C(721388468) },
+ { 123569, UINT64_C(4051780471) },
+ { 95617, UINT64_C(3134921876) },
+ { 48561, UINT64_C(1597596985) },
+ { 53334, UINT64_C(1753691710) },
+ { 92746, UINT64_C(3040874493) },
+ { 7110, UINT64_C(234966492) },
+ { 9612, UINT64_C(318326551) },
+ { 106958, UINT64_C(3506124249) },
+ { 46889, UINT64_C(1542219146) },
+ { 87790, UINT64_C(2877361609) },
+ { 68878, UINT64_C(2260369112) },
+ { 47917, UINT64_C(1576681737) },
+ { 121128, UINT64_C(3971553290) },
+ { 108602, UINT64_C(3559176081) },
+ { 28217, UINT64_C(929692460) },
+ { 69498, UINT64_C(2280554161) },
+ { 63870, UINT64_C(2098322675) },
+ { 57542, UINT64_C(1891698992) },
+ { 122148, UINT64_C(4004515805) },
+ { 46254, UINT64_C(1521227949) },
+ { 42850, UINT64_C(1408996941) },
+ { 92661, UINT64_C(3037901517) },
+ { 57720, UINT64_C(1897369989) },
+};
+
+static void
+test_crypto_ope_vectors(void *arg)
+{
+ (void)arg;
+ uint8_t key[32];
+ crypto_ope_t *ope = NULL, *ope2 = NULL;
+
+ base16_decode((char*)key, 32, OPE_TEST_KEY, strlen(OPE_TEST_KEY));
+
+ ope = crypto_ope_new(key);
+ key[8] += 1;
+ ope2 = crypto_ope_new(key);
+ unsigned i;
+ for (i = 0; i < ARRAY_LENGTH(OPE_TEST_VECTORS); ++i) {
+ int val = OPE_TEST_VECTORS[i].v;
+ uint64_t res = OPE_TEST_VECTORS[i].r;
+
+ tt_u64_op(crypto_ope_encrypt(ope, val), OP_EQ, res);
+ tt_u64_op(crypto_ope_encrypt(ope2, val), OP_NE, res);
+ }
+ done:
+ crypto_ope_free(ope);
+ crypto_ope_free(ope2);
+}
+
+struct testcase_t crypto_ope_tests[] = {
+ { "consistency", test_crypto_ope_consistency, 0, NULL, NULL },
+ { "oob", test_crypto_ope_oob, 0, NULL, NULL },
+ { "vectors", test_crypto_ope_vectors, 0, NULL, NULL },
+ END_OF_TESTCASES
+};
diff --git a/src/test/test_crypto_openssl.c b/src/test/test_crypto_openssl.c
index a016277508..92f9cbab2f 100644
--- a/src/test/test_crypto_openssl.c
+++ b/src/test/test_crypto_openssl.c
@@ -1,21 +1,21 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
#define CRYPTO_RAND_PRIVATE
-#include "crypto_rand.h"
-#include "util.h"
-#include "util_format.h"
-#include "compat.h"
-#include "test.h"
+#include "lib/crypt_ops/compat_openssl.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "lib/encoding/binascii.h"
+#include "lib/malloc/malloc.h"
+#include "test/test.h"
#include <openssl/evp.h>
#include <openssl/rand.h>
-#include "compat_openssl.h"
+#include <string.h>
/* Test for rectifying openssl RAND engine. */
static void
@@ -104,4 +104,3 @@ struct testcase_t crypto_openssl_tests[] = {
TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_crypto_slow.c b/src/test/test_crypto_slow.c
index 0e1f5bd227..ca6b7b8d4d 100644
--- a/src/test/test_crypto_slow.c
+++ b/src/test/test_crypto_slow.c
@@ -1,22 +1,26 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
#define CRYPTO_S2K_PRIVATE
-#include "or.h"
-#include "test.h"
-#include "crypto_s2k.h"
-#include "crypto_pwbox.h"
-#include "crypto_rand.h"
+#include "core/or/or.h"
+#include "test/test.h"
+#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_s2k.h"
+#include "lib/crypt_ops/crypto_pwbox.h"
+#include "lib/crypt_ops/crypto_rand.h"
#if defined(HAVE_LIBSCRYPT_H) && defined(HAVE_LIBSCRYPT_SCRYPT)
#define HAVE_LIBSCRYPT
#include <libscrypt.h>
#endif
+#ifdef ENABLE_OPENSSL
#include <openssl/evp.h>
+#endif
/** Run unit tests for our secret-to-key passphrase hashing functionality. */
static void
@@ -615,4 +619,3 @@ struct testcase_t slow_crypto_tests[] = {
ED25519_TEST(fuzz_donna, TT_FORK),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_data.c b/src/test/test_data.c
index ce6c3394f6..be8153258b 100644
--- a/src/test/test_data.c
+++ b/src/test/test_data.c
@@ -1,9 +1,9 @@
/* Copyright 2001-2004 Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
-#include "test.h"
+#include "test/test.h"
/* Our unit test expect that the AUTHORITY_CERT_* public keys will sort
* in this order. */
diff --git a/src/test/test_dir.c b/src/test/test_dir.c
index 37b015b72d..723799ee8a 100644
--- a/src/test/test_dir.c
+++ b/src/test/test_dir.c
@@ -1,6 +1,6 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
@@ -17,32 +17,56 @@
#define NETWORKSTATUS_PRIVATE
#define RELAY_PRIVATE
-#include "or.h"
-#include "bridges.h"
-#include "confparse.h"
-#include "config.h"
-#include "control.h"
-#include "crypto_ed25519.h"
-#include "crypto_rand.h"
-#include "directory.h"
-#include "dirserv.h"
-#include "dirauth/dirvote.h"
-#include "entrynodes.h"
-#include "hibernate.h"
-#include "memarea.h"
-#include "networkstatus.h"
-#include "router.h"
-#include "routerkeys.h"
-#include "routerlist.h"
-#include "routerparse.h"
-#include "routerset.h"
-#include "dirauth/shared_random_state.h"
-#include "test.h"
-#include "test_dir_common.h"
-#include "torcert.h"
-#include "relay.h"
-#include "log_test_helpers.h"
-#include "voting_schedule.h"
+#include "core/or/or.h"
+#include "feature/client/bridges.h"
+#include "core/mainloop/connection.h"
+#include "app/config/confparse.h"
+#include "app/config/config.h"
+#include "feature/control/control.h"
+#include "lib/encoding/confline.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_format.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "feature/dircache/directory.h"
+#include "feature/dircache/dirserv.h"
+#include "feature/dirauth/dirvote.h"
+#include "feature/client/entrynodes.h"
+#include "feature/dircommon/fp_pair.h"
+#include "feature/hibernate/hibernate.h"
+#include "lib/memarea/memarea.h"
+#include "lib/osinfo/uname.h"
+#include "feature/nodelist/networkstatus.h"
+#include "feature/relay/router.h"
+#include "feature/relay/routerkeys.h"
+#include "feature/nodelist/routerlist.h"
+#include "feature/nodelist/routerparse.h"
+#include "feature/nodelist/routerset.h"
+#include "feature/dirauth/shared_random_state.h"
+#include "test/test.h"
+#include "test/test_dir_common.h"
+#include "feature/nodelist/torcert.h"
+#include "core/or/relay.h"
+#include "test/log_test_helpers.h"
+#include "feature/dircommon/voting_schedule.h"
+#include "lib/compress/compress.h"
+
+#include "core/or/addr_policy_st.h"
+#include "feature/nodelist/authority_cert_st.h"
+#include "feature/nodelist/document_signature_st.h"
+#include "feature/nodelist/extrainfo_st.h"
+#include "feature/nodelist/networkstatus_st.h"
+#include "feature/nodelist/networkstatus_voter_info_st.h"
+#include "feature/dirauth/ns_detached_signatures_st.h"
+#include "core/or/port_cfg_st.h"
+#include "feature/nodelist/routerinfo_st.h"
+#include "feature/nodelist/routerlist_st.h"
+#include "core/or/tor_version_st.h"
+#include "feature/dirauth/vote_microdesc_hash_st.h"
+#include "feature/nodelist/vote_routerstatus_st.h"
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
#define NS_MODULE dir
@@ -142,7 +166,7 @@ test_dir_formats(void *arg)
r1->supports_tunnelled_dir_requests = 1;
tor_addr_parse(&r1->ipv6_addr, "1:2:3:4::");
r1->ipv6_orport = 9999;
- r1->onion_pkey = crypto_pk_dup_key(pk1);
+ router_set_rsa_onion_pkey(pk1, &r1->onion_pkey, &r1->onion_pkey_len);
/* Fake just enough of an ntor key to get by */
curve25519_keypair_t r1_onion_keypair;
curve25519_keypair_generate(&r1_onion_keypair, 0);
@@ -185,7 +209,7 @@ test_dir_formats(void *arg)
r2->or_port = 9005;
r2->dir_port = 0;
r2->supports_tunnelled_dir_requests = 1;
- r2->onion_pkey = crypto_pk_dup_key(pk2);
+ router_set_rsa_onion_pkey(pk2, &r2->onion_pkey, &r2->onion_pkey_len);
curve25519_keypair_t r2_onion_keypair;
curve25519_keypair_generate(&r2_onion_keypair, 0);
r2->onion_curve25519_pkey = tor_memdup(&r2_onion_keypair.pubkey,
@@ -278,7 +302,10 @@ test_dir_formats(void *arg)
tt_int_op(rp1->bandwidthrate,OP_EQ, r1->bandwidthrate);
tt_int_op(rp1->bandwidthburst,OP_EQ, r1->bandwidthburst);
tt_int_op(rp1->bandwidthcapacity,OP_EQ, r1->bandwidthcapacity);
- tt_int_op(crypto_pk_cmp_keys(rp1->onion_pkey, pk1), OP_EQ, 0);
+ crypto_pk_t *onion_pkey = router_get_rsa_onion_pkey(rp1->onion_pkey,
+ rp1->onion_pkey_len);
+ tt_int_op(crypto_pk_cmp_keys(onion_pkey, pk1), OP_EQ, 0);
+ crypto_pk_free(onion_pkey);
tt_int_op(crypto_pk_cmp_keys(rp1->identity_pkey, pk2), OP_EQ, 0);
tt_assert(rp1->supports_tunnelled_dir_requests);
//tt_assert(rp1->exit_policy == NULL);
@@ -395,7 +422,10 @@ test_dir_formats(void *arg)
tt_mem_op(rp2->onion_curve25519_pkey->public_key,OP_EQ,
r2->onion_curve25519_pkey->public_key,
CURVE25519_PUBKEY_LEN);
- tt_int_op(crypto_pk_cmp_keys(rp2->onion_pkey, pk2), OP_EQ, 0);
+ onion_pkey = router_get_rsa_onion_pkey(rp2->onion_pkey,
+ rp2->onion_pkey_len);
+ tt_int_op(crypto_pk_cmp_keys(onion_pkey, pk2), OP_EQ, 0);
+ crypto_pk_free(onion_pkey);
tt_int_op(crypto_pk_cmp_keys(rp2->identity_pkey, pk1), OP_EQ, 0);
tt_assert(rp2->supports_tunnelled_dir_requests);
@@ -1568,25 +1598,6 @@ test_dir_measured_bw_kb(void *arg)
return;
}
-/* Test dirserv_read_measured_bandwidths */
-static void
-test_dir_dirserv_read_measured_bandwidths_empty(void *arg)
-{
- char *fname=NULL;
- (void)arg;
-
- fname = tor_strdup(get_fname("V3BandwidthsFile"));
- /* Test an empty file */
- write_str_to_file(fname, "", 0);
- setup_capture_of_logs(LOG_WARN);
- tt_int_op(-1, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL));
- expect_log_msg("Empty bandwidth file\n");
-
- done:
- tor_free(fname);
- teardown_capture_of_logs();
-}
-
/* Unit tests for measured_bw_line_parse using line_is_after_headers flag.
* When the end of the header is detected (a first complete bw line is parsed),
* incomplete lines fail and give warnings, but do not give warnings if
@@ -1630,7 +1641,7 @@ test_dir_measured_bw_kb_line_is_after_headers(void *arg)
teardown_capture_of_logs();
}
-/* Test dirserv_read_measured_bandwidths with whole files. */
+/* Test dirserv_read_measured_bandwidths with headers and complete files. */
static void
test_dir_dirserv_read_measured_bandwidths(void *arg)
{
@@ -1638,76 +1649,321 @@ test_dir_dirserv_read_measured_bandwidths(void *arg)
char *content = NULL;
time_t timestamp = time(NULL);
char *fname = tor_strdup(get_fname("V3BandwidthsFile"));
-
- /* Test Torflow file only with timestamp*/
- tor_asprintf(&content, "%ld", (long)timestamp);
- write_str_to_file(fname, content, 0);
- tor_free(content);
- tt_int_op(-1, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL));
-
- /* Test Torflow file with timestamp followed by '\n' */
- tor_asprintf(&content, "%ld\n", (long)timestamp);
- write_str_to_file(fname, content, 0);
- tor_free(content);
- tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL));
-
- /* Test Torflow complete file*/
- const char *torflow_relay_lines=
+ smartlist_t *bw_file_headers = smartlist_new();
+ /* bw file strings in vote */
+ char *bw_file_headers_str = NULL;
+ char *bw_file_headers_str_v100 = NULL;
+ char *bw_file_headers_str_v110 = NULL;
+ char *bw_file_headers_str_bad = NULL;
+ char *bw_file_headers_str_extra = NULL;
+ char bw_file_headers_str_long[MAX_BW_FILE_HEADER_COUNT_IN_VOTE * 8 + 1] = "";
+ /* string header lines in bw file */
+ char *header_lines_v100 = NULL;
+ char *header_lines_v110_no_terminator = NULL;
+ char *header_lines_v110 = NULL;
+ char header_lines_long[MAX_BW_FILE_HEADER_COUNT_IN_VOTE * 8 + 1] = "";
+ int i;
+ const char *header_lines_v110_no_terminator_no_timestamp =
+ "version=1.1.0\n"
+ "software=sbws\n"
+ "software_version=0.1.0\n"
+ "earliest_bandwidth=2018-05-08T16:13:26\n"
+ "file_created=2018-04-16T21:49:18\n"
+ "generator_started=2018-05-08T16:13:25\n"
+ "latest_bandwidth=2018-04-16T20:49:18\n";
+ const char *bw_file_headers_str_v110_no_timestamp =
+ "version=1.1.0 software=sbws "
+ "software_version=0.1.0 "
+ "earliest_bandwidth=2018-05-08T16:13:26 "
+ "file_created=2018-04-16T21:49:18 "
+ "generator_started=2018-05-08T16:13:25 "
+ "latest_bandwidth=2018-04-16T20:49:18";
+ const char *relay_lines_v100 =
"node_id=$557365204145532d32353620696e73746561642e bw=1024 "
"nick=Test measured_at=1523911725 updated_at=1523911725 "
"pid_error=4.11374090719 pid_error_sum=4.11374090719 "
"pid_bw=57136645 pid_delta=2.12168374577 circ_fail=0.2 "
"scanner=/filepath\n";
-
- tor_asprintf(&content, "%ld\n%s", (long)timestamp, torflow_relay_lines);
+ const char *relay_lines_v110 =
+ "node_id=$68A483E05A2ABDCA6DA5A3EF8DB5177638A27F80 "
+ "master_key_ed25519=YaqV4vbvPYKucElk297eVdNArDz9HtIwUoIeo0+cVIpQ "
+ "bw=760 nick=Test rtt=380 time=2018-05-08T16:13:26\n";
+ const char *relay_lines_bad =
+ "node_id=$68A483E05A2ABDCA6DA5A3EF8DB5177638A\n";
+
+ tor_asprintf(&header_lines_v100, "%ld\n", (long)timestamp);
+ tor_asprintf(&header_lines_v110_no_terminator, "%ld\n%s", (long)timestamp,
+ header_lines_v110_no_terminator_no_timestamp);
+ tor_asprintf(&header_lines_v110, "%s%s",
+ header_lines_v110_no_terminator, BW_FILE_HEADERS_TERMINATOR);
+
+ tor_asprintf(&bw_file_headers_str_v100, "timestamp=%ld",(long)timestamp);
+ tor_asprintf(&bw_file_headers_str_v110, "timestamp=%ld %s",
+ (long)timestamp, bw_file_headers_str_v110_no_timestamp);
+ tor_asprintf(&bw_file_headers_str_bad, "%s "
+ "node_id=$68A483E05A2ABDCA6DA5A3EF8DB5177638A",
+ bw_file_headers_str_v110);
+
+ for (i=0; i<MAX_BW_FILE_HEADER_COUNT_IN_VOTE; i++) {
+ strlcat(header_lines_long, "foo=bar\n",
+ sizeof(header_lines_long));
+ }
+ /* 8 is the number of v110 lines in header_lines_v110 */
+ for (i=0; i<MAX_BW_FILE_HEADER_COUNT_IN_VOTE - 8 - 1; i++) {
+ strlcat(bw_file_headers_str_long, "foo=bar ",
+ sizeof(bw_file_headers_str_long));
+ }
+ strlcat(bw_file_headers_str_long, "foo=bar",
+ sizeof(bw_file_headers_str_long));
+ tor_asprintf(&bw_file_headers_str_extra,
+ "%s %s",
+ bw_file_headers_str_v110,
+ bw_file_headers_str_long);
+
+ /* Test an empty bandwidth file. bw_file_headers will be empty string */
+ write_str_to_file(fname, "", 0);
+ setup_capture_of_logs(LOG_WARN);
+ tt_int_op(-1, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
+ bw_file_headers));
+ expect_log_msg("Empty bandwidth file\n");
+ teardown_capture_of_logs();
+ bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
+ tt_str_op("", OP_EQ, bw_file_headers_str);
+ SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
+ smartlist_free(bw_file_headers);
+ tor_free(bw_file_headers_str);
+
+ /* Test bandwidth file with only timestamp.
+ * bw_file_headers will be empty string */
+ bw_file_headers = smartlist_new();
+ tor_asprintf(&content, "%ld", (long)timestamp);
write_str_to_file(fname, content, 0);
tor_free(content);
- tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL));
-
- /* Test Torflow complete file including v1.1.0 headers */
- const char *v110_header_lines=
- "version=1.1.0\n"
- "software=sbws\n"
- "software_version=0.1.0\n"
- "generator_started=2018-05-08T16:13:25\n"
- "earliest_bandwidth=2018-05-08T16:13:26\n"
- "====\n";
-
- tor_asprintf(&content, "%ld\n%s%s", (long)timestamp, v110_header_lines,
- torflow_relay_lines);
+ tt_int_op(-1, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
+ bw_file_headers));
+ bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
+ tt_str_op("", OP_EQ, bw_file_headers_str);
+ SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
+ smartlist_free(bw_file_headers);
+ tor_free(bw_file_headers_str);
+
+ /* Test v1.0.0 bandwidth file headers */
+ write_str_to_file(fname, header_lines_v100, 0);
+ bw_file_headers = smartlist_new();
+ tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
+ bw_file_headers));
+ bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
+ tt_str_op(bw_file_headers_str_v100, OP_EQ, bw_file_headers_str);
+ SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
+ smartlist_free(bw_file_headers);
+ tor_free(bw_file_headers_str);
+
+ /* Test v1.0.0 complete bandwidth file */
+ bw_file_headers = smartlist_new();
+ tor_asprintf(&content, "%s%s", header_lines_v100, relay_lines_v100);
write_str_to_file(fname, content, 0);
tor_free(content);
- tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL));
-
- /* Test Torflow with additional headers afer a correct bw line */
- tor_asprintf(&content, "%ld\n%s%s", (long)timestamp, torflow_relay_lines,
- v110_header_lines);
+ tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
+ bw_file_headers));
+ bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
+ tt_str_op(bw_file_headers_str_v100, OP_EQ, bw_file_headers_str);
+ SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
+ smartlist_free(bw_file_headers);
+ tor_free(bw_file_headers_str);
+
+ /* Test v1.0.0 complete bandwidth file with NULL bw_file_headers. */
+ tor_asprintf(&content, "%s%s", header_lines_v100, relay_lines_v100);
write_str_to_file(fname, content, 0);
tor_free(content);
- tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL));
+ tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL, NULL));
- /* Test Torflow with additional headers afer a correct bw line and more
- * bw lines after the headers. */
- tor_asprintf(&content, "%ld\n%s%s%s", (long)timestamp, torflow_relay_lines,
- v110_header_lines, torflow_relay_lines);
+ /* Test bandwidth file including v1.1.0 bandwidth headers and
+ * v1.0.0 relay lines. bw_file_headers will contain the v1.1.0 headers. */
+ bw_file_headers = smartlist_new();
+ tor_asprintf(&content, "%s%s%s", header_lines_v100, header_lines_v110,
+ relay_lines_v100);
write_str_to_file(fname, content, 0);
tor_free(content);
- tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL));
-
- /* Test sbws file */
- const char *sbws_relay_lines=
- "node_id=$68A483E05A2ABDCA6DA5A3EF8DB5177638A27F80 "
- "master_key_ed25519=YaqV4vbvPYKucElk297eVdNArDz9HtIwUoIeo0+cVIpQ "
- "bw=760 nick=Test rtt=380 time=2018-05-08T16:13:26\n";
-
- tor_asprintf(&content, "%ld\n%s%s", (long)timestamp, v110_header_lines,
- sbws_relay_lines);
+ tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
+ bw_file_headers));
+ bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
+ tt_str_op(bw_file_headers_str_v110, OP_EQ, bw_file_headers_str);
+ SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
+ smartlist_free(bw_file_headers);
+ tor_free(bw_file_headers_str);
+
+ /* Test v1.0.0 complete bandwidth file with v1.1.0 headers at the end.
+ * bw_file_headers will contain only v1.0.0 headers and the additional
+ * headers will be interpreted as malformed relay lines. */
+ bw_file_headers = smartlist_new();
+ tor_asprintf(&content, "%s%s%s", header_lines_v100, relay_lines_v100,
+ header_lines_v110);
+ write_str_to_file(fname, content, 0);
+ tor_free(content);
+ tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
+ bw_file_headers));
+ bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
+ tt_str_op(bw_file_headers_str_v100, OP_EQ, bw_file_headers_str);
+ SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
+ smartlist_free(bw_file_headers);
+ tor_free(bw_file_headers_str);
+
+ /* Test v1.0.0 complete bandwidth file, the v1.1.0 headers and more relay
+ * lines. bw_file_headers will contain only v1.0.0 headers, the additional
+ * headers will be interpreted as malformed relay lines and the last relay
+ * lines will be correctly interpreted as relay lines. */
+ bw_file_headers = smartlist_new();
+ tor_asprintf(&content, "%s%s%s%s", header_lines_v100, relay_lines_v100,
+ header_lines_v110, relay_lines_v100);
+ write_str_to_file(fname, content, 0);
+ tor_free(content);
+ tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
+ bw_file_headers));
+ bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
+ tt_str_op(bw_file_headers_str_v100, OP_EQ, bw_file_headers_str);
+ SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
+ smartlist_free(bw_file_headers);
+ tor_free(bw_file_headers_str);
+
+ /* Test v1.1.0 bandwidth headers without terminator */
+ bw_file_headers = smartlist_new();
+ write_str_to_file(fname, header_lines_v110_no_terminator, 0);
+ tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
+ bw_file_headers));
+ bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
+ tt_str_op(bw_file_headers_str_v110, OP_EQ, bw_file_headers_str);
+ SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
+ smartlist_free(bw_file_headers);
+ tor_free(bw_file_headers_str);
+
+ /* Test v1.1.0 bandwidth headers with terminator */
+ bw_file_headers = smartlist_new();
+ write_str_to_file(fname, header_lines_v110, 0);
+ tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
+ bw_file_headers));
+ bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
+ tt_str_op(bw_file_headers_str_v110, OP_EQ, bw_file_headers_str);
+ SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
+ smartlist_free(bw_file_headers);
+ tor_free(bw_file_headers_str);
+
+ /* Test v1.1.0 bandwidth file without terminator, then relay lines.
+ * bw_file_headers will contain the v1.1.0 headers. */
+ bw_file_headers = smartlist_new();
+ tor_asprintf(&content, "%s%s",
+ header_lines_v110_no_terminator, relay_lines_v110);
+ write_str_to_file(fname, content, 0);
+ tor_free(content);
+ tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
+ bw_file_headers));
+ bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
+ tt_str_op(bw_file_headers_str_v110, OP_EQ, bw_file_headers_str);
+ SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
+ smartlist_free(bw_file_headers);
+ tor_free(bw_file_headers_str);
+
+ /* Test v1.1.0 bandwidth headers with terminator, then relay lines
+ * bw_file_headers will contain the v1.1.0 headers. */
+ bw_file_headers = smartlist_new();
+ tor_asprintf(&content, "%s%s",
+ header_lines_v110, relay_lines_v110);
+ write_str_to_file(fname, content, 0);
+ tor_free(content);
+ tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
+ bw_file_headers));
+ bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
+ tt_str_op(bw_file_headers_str_v110, OP_EQ, bw_file_headers_str);
+ SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
+ smartlist_free(bw_file_headers);
+ tor_free(bw_file_headers_str);
+
+ /* Test v1.1.0 bandwidth headers with terminator, then bad relay lines,
+ * then terminator, then relay_lines_bad.
+ * bw_file_headers will contain the v1.1.0 headers. */
+ bw_file_headers = smartlist_new();
+ tor_asprintf(&content, "%s%s%s%s", header_lines_v110, relay_lines_bad,
+ BW_FILE_HEADERS_TERMINATOR, relay_lines_bad);
+ write_str_to_file(fname, content, 0);
+ tor_free(content);
+ tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
+ bw_file_headers));
+ bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
+ tt_str_op(bw_file_headers_str_v110, OP_EQ, bw_file_headers_str);
+ SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
+ smartlist_free(bw_file_headers);
+ tor_free(bw_file_headers_str);
+
+ /* Test v1.1.0 bandwidth headers without terminator, then bad relay lines,
+ * then relay lines. bw_file_headers will contain the v1.1.0 headers and
+ * the bad relay lines. */
+ bw_file_headers = smartlist_new();
+ tor_asprintf(&content, "%s%s%s",
+ header_lines_v110_no_terminator, relay_lines_bad,
+ relay_lines_v110);
+ write_str_to_file(fname, content, 0);
+ tor_free(content);
+ tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
+ bw_file_headers));
+ bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
+ tt_str_op(bw_file_headers_str_bad, OP_EQ, bw_file_headers_str);
+ SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
+ smartlist_free(bw_file_headers);
+ tor_free(bw_file_headers_str);
+
+ /* Test v1.1.0 bandwidth headers without terminator,
+ * then many bad relay lines, then relay lines.
+ * bw_file_headers will contain the v1.1.0 headers and the bad relay lines
+ * to a maximum of MAX_BW_FILE_HEADER_COUNT_IN_VOTE header lines. */
+ bw_file_headers = smartlist_new();
+ tor_asprintf(&content, "%s%s%s",
+ header_lines_v110_no_terminator, header_lines_long,
+ relay_lines_v110);
+ write_str_to_file(fname, content, 0);
+ tor_free(content);
+ tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
+ bw_file_headers));
+ tt_int_op(MAX_BW_FILE_HEADER_COUNT_IN_VOTE, OP_EQ,
+ smartlist_len(bw_file_headers));
+ bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
+ tt_str_op(bw_file_headers_str_extra, OP_EQ, bw_file_headers_str);
+ SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
+ smartlist_free(bw_file_headers);
+ tor_free(bw_file_headers_str);
+
+ /* Test v1.1.0 bandwidth headers without terminator,
+ * then many bad relay lines, then relay lines.
+ * bw_file_headers will contain the v1.1.0 headers and the bad relay lines.
+ * Force bw_file_headers to have more than MAX_BW_FILE_HEADER_COUNT_IN_VOTE
+ * This test is needed while there is not dirvote test. */
+ bw_file_headers = smartlist_new();
+ tor_asprintf(&content, "%s%s%s",
+ header_lines_v110_no_terminator, header_lines_long,
+ relay_lines_v110);
write_str_to_file(fname, content, 0);
tor_free(content);
- tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL));
+ tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
+ bw_file_headers));
+ tt_int_op(MAX_BW_FILE_HEADER_COUNT_IN_VOTE, OP_EQ,
+ smartlist_len(bw_file_headers));
+ /* force bw_file_headers to be bigger than
+ * MAX_BW_FILE_HEADER_COUNT_IN_VOTE */
+ char line[8] = "foo=bar\0";
+ smartlist_add_strdup(bw_file_headers, line);
+ tt_int_op(MAX_BW_FILE_HEADER_COUNT_IN_VOTE, OP_LT,
+ smartlist_len(bw_file_headers));
+ SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
+ smartlist_free(bw_file_headers);
+ tor_free(bw_file_headers_str);
done:
tor_free(fname);
+ tor_free(header_lines_v100);
+ tor_free(header_lines_v110_no_terminator);
+ tor_free(header_lines_v110);
+ tor_free(bw_file_headers_str_v100);
+ tor_free(bw_file_headers_str_v110);
+ tor_free(bw_file_headers_str_bad);
+ tor_free(bw_file_headers_str_extra);
}
#define MBWC_INIT_TIME 1000
@@ -2087,7 +2343,7 @@ test_vrs_for_v3ns(vote_routerstatus_t *vrs, int voter, time_t now)
tt_int_op(rs->or_port,OP_EQ, 443);
tt_int_op(rs->dir_port,OP_EQ, 8000);
/* no flags except "running" (16) and "v2dir" (64) and "valid" (128) */
- tt_u64_op(vrs->flags, OP_EQ, U64_LITERAL(0xd0));
+ tt_u64_op(vrs->flags, OP_EQ, UINT64_C(0xd0));
} else if (tor_memeq(rs->identity_digest,
"\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5"
"\x5\x5\x5\x5",
@@ -2113,10 +2369,10 @@ test_vrs_for_v3ns(vote_routerstatus_t *vrs, int voter, time_t now)
tt_int_op(rs->ipv6_orport,OP_EQ, 4711);
if (voter == 1) {
/* all except "authority" (1) */
- tt_u64_op(vrs->flags, OP_EQ, U64_LITERAL(254));
+ tt_u64_op(vrs->flags, OP_EQ, UINT64_C(254));
} else {
/* 1023 - authority(1) - madeofcheese(16) - madeoftin(32) */
- tt_u64_op(vrs->flags, OP_EQ, U64_LITERAL(974));
+ tt_u64_op(vrs->flags, OP_EQ, UINT64_C(974));
}
} else if (tor_memeq(rs->identity_digest,
"\x33\x33\x33\x33\x33\x33\x33\x33\x33\x33"
@@ -2926,8 +3182,8 @@ test_dir_scale_bw(void *testdata)
for (i=0; i<8; ++i) {
total += vals_u64[i];
}
- tt_assert(total >= (U64_LITERAL(1)<<60));
- tt_assert(total <= (U64_LITERAL(1)<<62));
+ tt_assert(total >= (UINT64_C(1)<<60));
+ tt_assert(total <= (UINT64_C(1)<<62));
for (i=0; i<8; ++i) {
/* vals[2].u64 is the scaled value of 1.0 */
@@ -6029,7 +6285,6 @@ struct testcase_t dir_tests[] = {
DIR_LEGACY(versions),
DIR_LEGACY(fp_pairs),
DIR(split_fps, 0),
- DIR_LEGACY(dirserv_read_measured_bandwidths_empty),
DIR_LEGACY(measured_bw_kb),
DIR_LEGACY(measured_bw_kb_line_is_after_headers),
DIR_LEGACY(measured_bw_kb_cache),
diff --git a/src/test/test_dir_common.c b/src/test/test_dir_common.c
index 230410f7fa..e65e2b0111 100644
--- a/src/test/test_dir_common.c
+++ b/src/test/test_dir_common.c
@@ -1,18 +1,24 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
#define DIRVOTE_PRIVATE
-#include "test.h"
-#include "container.h"
-#include "or.h"
-#include "dirauth/dirvote.h"
-#include "nodelist.h"
-#include "routerlist.h"
-#include "test_dir_common.h"
-#include "voting_schedule.h"
+#include "test/test.h"
+#include "core/or/or.h"
+#include "feature/dirauth/dirvote.h"
+#include "feature/nodelist/nodelist.h"
+#include "feature/nodelist/routerlist.h"
+#include "test/test_dir_common.h"
+#include "feature/dircommon/voting_schedule.h"
+
+#include "feature/nodelist/authority_cert_st.h"
+#include "feature/nodelist/networkstatus_st.h"
+#include "feature/nodelist/networkstatus_voter_info_st.h"
+#include "feature/nodelist/routerinfo_st.h"
+#include "feature/dirauth/vote_microdesc_hash_st.h"
+#include "feature/nodelist/vote_routerstatus_st.h"
void dir_common_setup_vote(networkstatus_t **vote, time_t now);
networkstatus_t * dir_common_add_rs_and_parse(networkstatus_t *vote,
diff --git a/src/test/test_dir_common.h b/src/test/test_dir_common.h
index 65b9cf6436..1e90228edb 100644
--- a/src/test/test_dir_common.h
+++ b/src/test/test_dir_common.h
@@ -1,11 +1,11 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
-#include "or.h"
-#include "networkstatus.h"
-#include "routerparse.h"
+#include "core/or/or.h"
+#include "feature/nodelist/networkstatus.h"
+#include "feature/nodelist/routerparse.h"
#define TEST_DIR_ROUTER_ID_1 3
#define TEST_DIR_ROUTER_ID_2 5
diff --git a/src/test/test_dir_handle_get.c b/src/test/test_dir_handle_get.c
index 688d26bdc1..09799a0e5f 100644
--- a/src/test/test_dir_handle_get.c
+++ b/src/test/test_dir_handle_get.c
@@ -1,6 +1,6 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define RENDCOMMON_PRIVATE
@@ -9,30 +9,37 @@
#define CONFIG_PRIVATE
#define RENDCACHE_PRIVATE
-#include "or.h"
-#include "config.h"
-#include "connection.h"
-#include "consdiffmgr.h"
-#include "directory.h"
-#include "test.h"
-#include "compress.h"
-#include "rendcommon.h"
-#include "rendcache.h"
-#include "router.h"
-#include "routerlist.h"
-#include "rend_test_helpers.h"
-#include "microdesc.h"
-#include "test_helpers.h"
-#include "nodelist.h"
-#include "entrynodes.h"
-#include "routerparse.h"
-#include "networkstatus.h"
-#include "proto_http.h"
-#include "geoip.h"
-#include "dirserv.h"
-#include "dirauth/dirvote.h"
-#include "log_test_helpers.h"
-#include "voting_schedule.h"
+#include "core/or/or.h"
+#include "app/config/config.h"
+#include "core/mainloop/connection.h"
+#include "feature/dircache/consdiffmgr.h"
+#include "feature/dircache/directory.h"
+#include "test/test.h"
+#include "lib/compress/compress.h"
+#include "feature/rend/rendcommon.h"
+#include "feature/rend/rendcache.h"
+#include "feature/relay/router.h"
+#include "feature/nodelist/routerlist.h"
+#include "test/rend_test_helpers.h"
+#include "feature/nodelist/microdesc.h"
+#include "test/test_helpers.h"
+#include "feature/nodelist/nodelist.h"
+#include "feature/client/entrynodes.h"
+#include "feature/nodelist/routerparse.h"
+#include "feature/nodelist/networkstatus.h"
+#include "core/proto/proto_http.h"
+#include "feature/stats/geoip.h"
+#include "feature/dircache/dirserv.h"
+#include "feature/dirauth/dirvote.h"
+#include "test/log_test_helpers.h"
+#include "feature/dircommon/voting_schedule.h"
+
+#include "feature/dircommon/dir_connection_st.h"
+#include "feature/dirclient/dir_server_st.h"
+#include "feature/nodelist/networkstatus_st.h"
+#include "feature/rend/rend_encoded_v2_service_descriptor_st.h"
+#include "feature/nodelist/routerinfo_st.h"
+#include "feature/nodelist/routerlist_st.h"
#ifdef _WIN32
/* For mkdir() */
@@ -2095,6 +2102,7 @@ test_dir_handle_get_status_vote_d(void* data)
clear_dir_servers();
dirvote_free_all();
+ routerlist_free_all();
}
static void
@@ -2631,4 +2639,3 @@ struct testcase_t dir_handle_get_tests[] = {
DIR_HANDLE_CMD(parse_accept_encoding, 0),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_dns.c b/src/test/test_dns.c
index 1fee01d2c0..8369f844f6 100644
--- a/src/test/test_dns.c
+++ b/src/test/test_dns.c
@@ -1,14 +1,18 @@
-/* Copyright (c) 2015-2017, The Tor Project, Inc. */
+/* Copyright (c) 2015-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
-#include "or.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "test/test.h"
#define DNS_PRIVATE
-#include "dns.h"
-#include "connection.h"
-#include "router.h"
+#include "feature/relay/dns.h"
+#include "core/mainloop/connection.h"
+#include "core/or/connection_edge.h"
+#include "feature/relay/router.h"
+
+#include "core/or/edge_connection_st.h"
+#include "core/or/or_circuit_st.h"
#define NS_MODULE dns
@@ -745,4 +749,3 @@ struct testcase_t dns_tests[] = {
};
#undef NS_MODULE
-
diff --git a/src/test/test_dos.c b/src/test/test_dos.c
index 8ae967f3ae..b411e7b38a 100644
--- a/src/test/test_dos.c
+++ b/src/test/test_dos.c
@@ -5,18 +5,23 @@
#define TOR_CHANNEL_INTERNAL_
#define CIRCUITLIST_PRIVATE
-#include "or.h"
-#include "dos.h"
-#include "circuitlist.h"
-#include "crypto_rand.h"
-#include "geoip.h"
-#include "channel.h"
-#include "microdesc.h"
-#include "networkstatus.h"
-#include "nodelist.h"
-#include "routerlist.h"
-#include "test.h"
-#include "log_test_helpers.h"
+#include "core/or/or.h"
+#include "core/or/dos.h"
+#include "core/or/circuitlist.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "feature/stats/geoip.h"
+#include "core/or/channel.h"
+#include "feature/nodelist/microdesc.h"
+#include "feature/nodelist/networkstatus.h"
+#include "feature/nodelist/nodelist.h"
+#include "feature/nodelist/routerlist.h"
+
+#include "feature/nodelist/networkstatus_st.h"
+#include "core/or/or_connection_st.h"
+#include "feature/nodelist/routerstatus_st.h"
+
+#include "test/test.h"
+#include "test/log_test_helpers.h"
static networkstatus_t *dummy_ns = NULL;
static networkstatus_t *
diff --git a/src/test/test_entryconn.c b/src/test/test_entryconn.c
index 9d8a072c77..bec70090e6 100644
--- a/src/test/test_entryconn.c
+++ b/src/test/test_entryconn.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
@@ -6,18 +6,23 @@
#define CONNECTION_PRIVATE
#define CONNECTION_EDGE_PRIVATE
-#include "or.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "test/test.h"
-#include "addressmap.h"
-#include "config.h"
-#include "confparse.h"
-#include "connection.h"
-#include "connection_edge.h"
-#include "nodelist.h"
+#include "feature/client/addressmap.h"
+#include "app/config/config.h"
+#include "app/config/confparse.h"
+#include "core/mainloop/connection.h"
+#include "core/or/connection_edge.h"
+#include "feature/nodelist/nodelist.h"
-#include "hs_cache.h"
-#include "rendcache.h"
+#include "feature/hs/hs_cache.h"
+#include "feature/rend/rendcache.h"
+
+#include "core/or/entry_connection_st.h"
+#include "core/or/socks_request_st.h"
+
+#include "lib/encoding/confline.h"
static void *
entryconn_rewrite_setup(const struct testcase_t *tc)
@@ -830,4 +835,3 @@ struct testcase_t entryconn_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c
index d8bd8e328b..cb694106c4 100644
--- a/src/test/test_entrynodes.c
+++ b/src/test/test_entrynodes.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
@@ -10,28 +10,41 @@
#define ROUTERLIST_PRIVATE
#define DIRECTORY_PRIVATE
-#include "or.h"
-#include "test.h"
-
-#include "bridges.h"
-#include "circuitlist.h"
-#include "circuitbuild.h"
-#include "config.h"
-#include "confparse.h"
-#include "crypto_rand.h"
-#include "directory.h"
-#include "entrynodes.h"
-#include "nodelist.h"
-#include "networkstatus.h"
-#include "policies.h"
-#include "routerlist.h"
-#include "routerparse.h"
-#include "routerset.h"
-#include "statefile.h"
-#include "util.h"
-
-#include "test_helpers.h"
-#include "log_test_helpers.h"
+#include "core/or/or.h"
+#include "test/test.h"
+
+#include "feature/client/bridges.h"
+#include "core/or/circuitlist.h"
+#include "core/or/circuitbuild.h"
+#include "app/config/config.h"
+#include "app/config/confparse.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "feature/dircache/directory.h"
+#include "feature/client/entrynodes.h"
+#include "feature/nodelist/nodelist.h"
+#include "feature/nodelist/networkstatus.h"
+#include "core/or/policies.h"
+#include "feature/nodelist/routerlist.h"
+#include "feature/nodelist/routerparse.h"
+#include "feature/nodelist/routerset.h"
+#include "app/config/statefile.h"
+
+#include "core/or/cpath_build_state_st.h"
+#include "core/or/crypt_path_st.h"
+#include "feature/dircommon/dir_connection_st.h"
+#include "feature/nodelist/microdesc_st.h"
+#include "feature/nodelist/networkstatus_st.h"
+#include "feature/nodelist/node_st.h"
+#include "core/or/origin_circuit_st.h"
+#include "app/config/or_state_st.h"
+#include "feature/nodelist/routerinfo_st.h"
+#include "feature/nodelist/routerstatus_st.h"
+
+#include "test/test_helpers.h"
+#include "test/log_test_helpers.h"
+
+#include "lib/container/bloomfilt.h"
+#include "lib/encoding/confline.h"
/* TODO:
* choose_random_entry() test with state set.
@@ -3070,4 +3083,3 @@ struct testcase_t entrynodes_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_extorport.c b/src/test/test_extorport.c
index e05342cb8a..ff987563c6 100644
--- a/src/test/test_extorport.c
+++ b/src/test/test_extorport.c
@@ -1,19 +1,26 @@
-/* Copyright (c) 2013-2017, The Tor Project, Inc. */
+/* Copyright (c) 2013-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define CONNECTION_PRIVATE
#define EXT_ORPORT_PRIVATE
#define MAIN_PRIVATE
-#include "or.h"
-#include "buffers.h"
-#include "connection.h"
-#include "connection_or.h"
-#include "config.h"
-#include "control.h"
-#include "crypto_rand.h"
-#include "ext_orport.h"
-#include "main.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "lib/container/buffers.h"
+#include "core/mainloop/connection.h"
+#include "core/or/connection_or.h"
+#include "app/config/config.h"
+#include "feature/control/control.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "feature/relay/ext_orport.h"
+#include "core/mainloop/main.h"
+
+#include "core/or/or_connection_st.h"
+
+#include "test/test.h"
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
/* Test connection_or_remove_from_ext_or_id_map and
* connection_or_set_ext_or_identifier */
@@ -607,4 +614,3 @@ struct testcase_t extorport_tests[] = {
{ "handshake", test_ext_or_handshake, TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_geoip.c b/src/test/test_geoip.c
index 6f849f436b..9df8ea7988 100644
--- a/src/test/test_geoip.c
+++ b/src/test/test_geoip.c
@@ -8,10 +8,10 @@
/* These macros pull in declarations for some functions and structures that
* are typically file-private. */
#define GEOIP_PRIVATE
-#include "or.h"
-#include "config.h"
-#include "geoip.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "app/config/config.h"
+#include "feature/stats/geoip.h"
+#include "test/test.h"
/* Record odd numbered fake-IPs using ipv6, even numbered fake-IPs
* using ipv4. Since our fake geoip database is the same between
@@ -575,4 +575,3 @@ struct testcase_t geoip_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_guardfraction.c b/src/test/test_guardfraction.c
index 51ca8f08ec..f45a723295 100644
--- a/src/test/test_guardfraction.c
+++ b/src/test/test_guardfraction.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define DIRSERV_PRIVATE
@@ -6,18 +6,20 @@
#define NETWORKSTATUS_PRIVATE
#include "orconfig.h"
-#include "or.h"
-#include "config.h"
-#include "dirserv.h"
-#include "container.h"
-#include "entrynodes.h"
-#include "util.h"
-#include "routerparse.h"
-#include "networkstatus.h"
-
-#include "test.h"
-#include "test_helpers.h"
-#include "log_test_helpers.h"
+#include "core/or/or.h"
+#include "app/config/config.h"
+#include "feature/dircache/dirserv.h"
+#include "feature/client/entrynodes.h"
+#include "feature/nodelist/routerparse.h"
+#include "feature/nodelist/networkstatus.h"
+
+#include "feature/nodelist/networkstatus_st.h"
+#include "feature/dirauth/vote_microdesc_hash_st.h"
+#include "feature/nodelist/vote_routerstatus_st.h"
+
+#include "test/test.h"
+#include "test/test_helpers.h"
+#include "test/log_test_helpers.h"
/** Generate a vote_routerstatus_t for a router with identity digest
* <b>digest_in_hex</b>. */
diff --git a/src/test/test_handles.c b/src/test/test_handles.c
index eb1e1f1bbe..2910d7e18f 100644
--- a/src/test/test_handles.c
+++ b/src/test/test_handles.c
@@ -1,11 +1,13 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
-#include "test.h"
+#include "test/test.h"
-#include "util.h"
-#include "handles.h"
+#include "lib/container/handles.h"
+#include "lib/log/util_bug.h"
+
+#include <stdio.h>
typedef struct demo_t {
HANDLE_ENTRY(demo, demo_t);
@@ -94,4 +96,3 @@ struct testcase_t handle_tests[] = {
HANDLE_TEST(basic, 0),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_helpers.c b/src/test/test_helpers.c
index 1db5e9064f..c9138611d8 100644
--- a/src/test/test_helpers.c
+++ b/src/test/test_helpers.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -12,21 +12,29 @@
#define MAIN_PRIVATE
#include "orconfig.h"
-#include "or.h"
-
-#include "buffers.h"
-#include "config.h"
-#include "confparse.h"
-#include "connection.h"
-#include "crypto_rand.h"
-#include "main.h"
-#include "nodelist.h"
-#include "relay.h"
-#include "routerlist.h"
-
-#include "test.h"
-#include "test_helpers.h"
-#include "test_connection.h"
+#include "core/or/or.h"
+
+#include "lib/container/buffers.h"
+#include "app/config/config.h"
+#include "app/config/confparse.h"
+#include "core/mainloop/connection.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "core/mainloop/main.h"
+#include "feature/nodelist/nodelist.h"
+#include "core/or/relay.h"
+#include "feature/nodelist/routerlist.h"
+#include "lib/encoding/confline.h"
+#include "lib/net/resolve.h"
+
+#include "core/or/cell_st.h"
+#include "core/or/connection_st.h"
+#include "feature/nodelist/node_st.h"
+#include "core/or/origin_circuit_st.h"
+#include "feature/nodelist/routerlist_st.h"
+
+#include "test/test.h"
+#include "test/test_helpers.h"
+#include "test/test_connection.h"
#ifdef HAVE_CFLAG_WOVERLENGTH_STRINGS
DISABLE_GCC_WARNING(overlength-strings)
@@ -34,7 +42,7 @@ DISABLE_GCC_WARNING(overlength-strings)
* at large. */
#endif
#include "test_descriptors.inc"
-#include "circuitlist.h"
+#include "core/or/circuitlist.h"
#ifdef HAVE_CFLAG_WOVERLENGTH_STRINGS
ENABLE_GCC_WARNING(overlength-strings)
#endif
@@ -276,4 +284,3 @@ helper_parse_options(const char *conf)
}
return opt;
}
-
diff --git a/src/test/test_helpers.h b/src/test/test_helpers.h
index 9bc8553257..3196c93e6b 100644
--- a/src/test/test_helpers.h
+++ b/src/test/test_helpers.h
@@ -1,10 +1,10 @@
-/* Copyright (c) 2017, The Tor Project, Inc. */
+/* Copyright (c) 2017-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TOR_TEST_HELPERS_H
#define TOR_TEST_HELPERS_H
-#include "or.h"
+#include "core/or/or.h"
const char *get_yesterday_date_str(void);
diff --git a/src/test/test_hs.c b/src/test/test_hs.c
index 07daebc164..e3599d5720 100644
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2007-2017, The Tor Project, Inc. */
+/* Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -12,16 +12,27 @@
#define RENDSERVICE_PRIVATE
#define HS_SERVICE_PRIVATE
-#include "or.h"
-#include "test.h"
-#include "control.h"
-#include "config.h"
-#include "hs_common.h"
-#include "rendcommon.h"
-#include "rendservice.h"
-#include "routerset.h"
-#include "circuitbuild.h"
-#include "test_helpers.h"
+#include "core/or/or.h"
+#include "test/test.h"
+#include "feature/control/control.h"
+#include "app/config/config.h"
+#include "feature/hs/hs_common.h"
+#include "feature/rend/rendcommon.h"
+#include "feature/rend/rendservice.h"
+#include "feature/nodelist/routerlist.h"
+#include "feature/nodelist/routerset.h"
+#include "core/or/circuitbuild.h"
+
+#include "feature/nodelist/node_st.h"
+#include "feature/rend/rend_encoded_v2_service_descriptor_st.h"
+#include "feature/rend/rend_intro_point_st.h"
+#include "feature/nodelist/routerinfo_st.h"
+
+#include "test/test_helpers.h"
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
/* mock ID digest and longname for node that's in nodelist */
#define HSDIR_EXIST_ID "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" \
@@ -343,76 +354,6 @@ test_hs_desc_event(void *arg)
tor_free(received_msg);
}
-/* Make sure we always pick the right RP, given a well formatted
- * Tor2webRendezvousPoints value. */
-static void
-test_pick_tor2web_rendezvous_node(void *arg)
-{
- or_options_t *options = get_options_mutable();
- const node_t *chosen_rp = NULL;
- router_crn_flags_t flags = CRN_NEED_DESC;
- int retval, i;
- const char *tor2web_rendezvous_str = "test003r";
-
- (void) arg;
-
- /* Setup fake routerlist. */
- helper_setup_fake_routerlist();
-
- /* Parse Tor2webRendezvousPoints as a routerset. */
- options->Tor2webRendezvousPoints = routerset_new();
- options->UseMicrodescriptors = 0;
- retval = routerset_parse(options->Tor2webRendezvousPoints,
- tor2web_rendezvous_str,
- "test_tor2web_rp");
- tt_int_op(retval, OP_GE, 0);
-
- /* Pick rendezvous point. Make sure the correct one is
- picked. Repeat many times to make sure it works properly. */
- for (i = 0; i < 50 ; i++) {
- chosen_rp = pick_tor2web_rendezvous_node(flags, options);
- tt_assert(chosen_rp);
- tt_str_op(chosen_rp->ri->nickname, OP_EQ, tor2web_rendezvous_str);
- }
-
- done:
- routerset_free(options->Tor2webRendezvousPoints);
-}
-
-/* Make sure we never pick an RP if Tor2webRendezvousPoints doesn't
- * correspond to an actual node. */
-static void
-test_pick_bad_tor2web_rendezvous_node(void *arg)
-{
- or_options_t *options = get_options_mutable();
- const node_t *chosen_rp = NULL;
- router_crn_flags_t flags = CRN_NEED_DESC;
- int retval, i;
- const char *tor2web_rendezvous_str = "dummy";
-
- (void) arg;
-
- /* Setup fake routerlist. */
- helper_setup_fake_routerlist();
-
- /* Parse Tor2webRendezvousPoints as a routerset. */
- options->Tor2webRendezvousPoints = routerset_new();
- retval = routerset_parse(options->Tor2webRendezvousPoints,
- tor2web_rendezvous_str,
- "test_tor2web_rp");
- tt_int_op(retval, OP_GE, 0);
-
- /* Pick rendezvous point. Since Tor2webRendezvousPoints was set to a
- dummy value, we shouldn't find any eligible RPs. */
- for (i = 0; i < 50 ; i++) {
- chosen_rp = pick_tor2web_rendezvous_node(flags, options);
- tt_ptr_op(chosen_rp, OP_EQ, NULL);
- }
-
- done:
- routerset_free(options->Tor2webRendezvousPoints);
-}
-
/* Make sure rend_data_t is valid at creation, destruction and when
* duplicated. */
static void
@@ -1035,11 +976,6 @@ struct testcase_t hs_tests[] = {
NULL, NULL },
{ "hs_desc_event", test_hs_desc_event, TT_FORK,
NULL, NULL },
- { "pick_tor2web_rendezvous_node", test_pick_tor2web_rendezvous_node, TT_FORK,
- NULL, NULL },
- { "pick_bad_tor2web_rendezvous_node",
- test_pick_bad_tor2web_rendezvous_node, TT_FORK,
- NULL, NULL },
{ "hs_auth_cookies", test_hs_auth_cookies, TT_FORK,
NULL, NULL },
{ "single_onion_poisoning_create_dir_none", test_single_onion_poisoning,
@@ -1055,4 +991,3 @@ struct testcase_t hs_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_hs_cache.c b/src/test/test_hs_cache.c
index 458ce1a92e..728bb4a2f5 100644
--- a/src/test/test_hs_cache.c
+++ b/src/test/test_hs_cache.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -10,17 +10,21 @@
#define DIRECTORY_PRIVATE
#define HS_CACHE_PRIVATE
-#include "ed25519_cert.h"
-#include "hs_cache.h"
-#include "rendcache.h"
-#include "directory.h"
-#include "networkstatus.h"
-#include "connection.h"
-#include "proto_http.h"
+#include "trunnel/ed25519_cert.h"
+#include "feature/hs/hs_cache.h"
+#include "feature/rend/rendcache.h"
+#include "feature/dircache/directory.h"
+#include "feature/nodelist/networkstatus.h"
+#include "core/mainloop/connection.h"
+#include "core/proto/proto_http.h"
+#include "lib/crypt_ops/crypto_format.h"
-#include "hs_test_helpers.h"
-#include "test_helpers.h"
-#include "test.h"
+#include "feature/dircommon/dir_connection_st.h"
+#include "feature/nodelist/networkstatus_st.h"
+
+#include "test/hs_test_helpers.h"
+#include "test/test_helpers.h"
+#include "test/test.h"
/* Static variable used to encoded the HSDir query. */
static char query_b64[256];
@@ -60,7 +64,7 @@ test_directory(void *arg)
tt_int_op(ret, OP_EQ, 0);
desc1 = hs_helper_build_hs_desc_with_ip(&signing_kp1);
tt_assert(desc1);
- ret = hs_desc_encode_descriptor(desc1, &signing_kp1, &desc1_str);
+ ret = hs_desc_encode_descriptor(desc1, &signing_kp1, NULL, &desc1_str);
tt_int_op(ret, OP_EQ, 0);
/* Very first basic test, should be able to be stored, survive a
@@ -98,7 +102,7 @@ test_directory(void *arg)
desc_zero_lifetime->plaintext_data.lifetime_sec = 0;
char *desc_zero_lifetime_str;
ret = hs_desc_encode_descriptor(desc_zero_lifetime, &signing_kp_zero,
- &desc_zero_lifetime_str);
+ NULL, &desc_zero_lifetime_str);
tt_int_op(ret, OP_EQ, 0);
ret = hs_cache_store_as_dir(desc1_str);
@@ -149,7 +153,7 @@ test_directory(void *arg)
tt_int_op(ret, OP_EQ, 1);
/* Bump revision counter. */
desc1->plaintext_data.revision_counter++;
- ret = hs_desc_encode_descriptor(desc1, &signing_kp1, &new_desc_str);
+ ret = hs_desc_encode_descriptor(desc1, &signing_kp1, NULL, &new_desc_str);
tt_int_op(ret, OP_EQ, 0);
ret = hs_cache_store_as_dir(new_desc_str);
tt_int_op(ret, OP_EQ, 0);
@@ -183,7 +187,7 @@ test_clean_as_dir(void *arg)
tt_int_op(ret, OP_EQ, 0);
desc1 = hs_helper_build_hs_desc_with_ip(&signing_kp1);
tt_assert(desc1);
- ret = hs_desc_encode_descriptor(desc1, &signing_kp1, &desc1_str);
+ ret = hs_desc_encode_descriptor(desc1, &signing_kp1, NULL, &desc1_str);
tt_int_op(ret, OP_EQ, 0);
ret = hs_cache_store_as_dir(desc1_str);
tt_int_op(ret, OP_EQ, 0);
@@ -297,7 +301,7 @@ test_upload_and_download_hs_desc(void *arg)
published_desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
tt_assert(published_desc);
retval = hs_desc_encode_descriptor(published_desc, &signing_kp,
- &published_desc_str);
+ NULL, &published_desc_str);
tt_int_op(retval, OP_EQ, 0);
}
@@ -361,7 +365,7 @@ test_hsdir_revision_counter_check(void *arg)
published_desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
tt_assert(published_desc);
retval = hs_desc_encode_descriptor(published_desc, &signing_kp,
- &published_desc_str);
+ NULL, &published_desc_str);
tt_int_op(retval, OP_EQ, 0);
}
@@ -386,7 +390,7 @@ test_hsdir_revision_counter_check(void *arg)
received_desc_str = helper_fetch_desc_from_hsdir(blinded_key);
retval = hs_desc_decode_descriptor(received_desc_str,
- subcredential, &received_desc);
+ subcredential, NULL, &received_desc);
tt_int_op(retval, OP_EQ, 0);
tt_assert(received_desc);
@@ -403,7 +407,7 @@ test_hsdir_revision_counter_check(void *arg)
published_desc->plaintext_data.revision_counter = 1313;
tor_free(published_desc_str);
retval = hs_desc_encode_descriptor(published_desc, &signing_kp,
- &published_desc_str);
+ NULL, &published_desc_str);
tt_int_op(retval, OP_EQ, 0);
retval = handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str);
@@ -419,7 +423,7 @@ test_hsdir_revision_counter_check(void *arg)
received_desc_str = helper_fetch_desc_from_hsdir(blinded_key);
retval = hs_desc_decode_descriptor(received_desc_str,
- subcredential, &received_desc);
+ subcredential, NULL, &received_desc);
tt_int_op(retval, OP_EQ, 0);
tt_assert(received_desc);
@@ -478,7 +482,7 @@ test_client_cache(void *arg)
published_desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
tt_assert(published_desc);
retval = hs_desc_encode_descriptor(published_desc, &signing_kp,
- &published_desc_str);
+ NULL, &published_desc_str);
tt_int_op(retval, OP_EQ, 0);
memcpy(wanted_subcredential, published_desc->subcredential, DIGEST256_LEN);
tt_assert(!tor_mem_is_zero((char*)wanted_subcredential, DIGEST256_LEN));
@@ -558,4 +562,3 @@ struct testcase_t hs_cache[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_hs_cell.c b/src/test/test_hs_cell.c
index 8e15184c2a..5b48dd3785 100644
--- a/src/test/test_hs_cell.c
+++ b/src/test/test_hs_cell.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2017, The Tor Project, Inc. */
+/* Copyright (c) 2017-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -9,18 +9,18 @@
#define HS_INTROPOINT_PRIVATE
#define HS_SERVICE_PRIVATE
-#include "test.h"
-#include "test_helpers.h"
-#include "log_test_helpers.h"
+#include "test/test.h"
+#include "test/test_helpers.h"
+#include "test/log_test_helpers.h"
-#include "crypto_ed25519.h"
-#include "crypto_rand.h"
-#include "hs_cell.h"
-#include "hs_intropoint.h"
-#include "hs_service.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "feature/hs/hs_cell.h"
+#include "feature/hs/hs_intropoint.h"
+#include "feature/hs/hs_service.h"
/* Trunnel. */
-#include "hs/cell_establish_intro.h"
+#include "trunnel/hs/cell_establish_intro.h"
/** We simulate the creation of an outgoing ESTABLISH_INTRO cell, and then we
* parse it from the receiver side. */
diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c
index 50dca588ed..c91e82ed4a 100644
--- a/src/test/test_hs_client.c
+++ b/src/test/test_hs_client.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -6,6 +6,7 @@
* \brief Test prop224 HS client functionality.
*/
+#define CONFIG_PRIVATE
#define CRYPTO_PRIVATE
#define MAIN_PRIVATE
#define HS_CLIENT_PRIVATE
@@ -14,28 +15,41 @@
#define CIRCUITLIST_PRIVATE
#define CONNECTION_PRIVATE
-#include "test.h"
-#include "test_helpers.h"
-#include "log_test_helpers.h"
-#include "rend_test_helpers.h"
-#include "hs_test_helpers.h"
-
-#include "config.h"
-#include "crypto.h"
-#include "channeltls.h"
-#include "main.h"
-#include "nodelist.h"
-#include "routerset.h"
-
-#include "hs_circuit.h"
-#include "hs_client.h"
-#include "hs_ident.h"
-#include "hs_cache.h"
-#include "circuitlist.h"
-#include "circuitbuild.h"
-#include "connection.h"
-#include "connection_edge.h"
-#include "networkstatus.h"
+#include "test/test.h"
+#include "test/test_helpers.h"
+#include "test/log_test_helpers.h"
+#include "test/rend_test_helpers.h"
+#include "test/hs_test_helpers.h"
+
+#include "app/config/config.h"
+#include "lib/crypt_ops/crypto_cipher.h"
+#include "lib/crypt_ops/crypto_dh.h"
+#include "core/or/channeltls.h"
+#include "feature/dircache/directory.h"
+#include "core/mainloop/main.h"
+#include "feature/nodelist/nodelist.h"
+#include "feature/nodelist/routerset.h"
+
+#include "feature/hs/hs_circuit.h"
+#include "feature/hs/hs_circuitmap.h"
+#include "feature/hs/hs_client.h"
+#include "feature/hs/hs_config.h"
+#include "feature/hs/hs_ident.h"
+#include "feature/hs/hs_cache.h"
+#include "core/or/circuitlist.h"
+#include "core/or/circuitbuild.h"
+#include "core/mainloop/connection.h"
+#include "core/or/connection_edge.h"
+#include "feature/nodelist/networkstatus.h"
+
+#include "core/or/cpath_build_state_st.h"
+#include "core/or/crypt_path_st.h"
+#include "feature/dircommon/dir_connection_st.h"
+#include "core/or/entry_connection_st.h"
+#include "core/or/extend_info_st.h"
+#include "feature/nodelist/networkstatus_st.h"
+#include "core/or/origin_circuit_st.h"
+#include "core/or/socks_request_st.h"
static int
mock_connection_ap_handshake_send_begin(entry_connection_t *ap_conn)
@@ -61,6 +75,20 @@ mock_networkstatus_get_live_consensus(time_t now)
return &mock_ns;
}
+static int
+helper_config_client(const char *conf, int validate_only)
+{
+ int ret = 0;
+ or_options_t *options = NULL;
+ tt_assert(conf);
+ options = helper_parse_options(conf);
+ tt_assert(options);
+ ret = hs_config_client_auth_all(options, validate_only);
+ done:
+ or_options_free(options);
+ return ret;
+}
+
/* Test helper function: Setup a circuit and a stream with the same hidden
* service destination, and put them in <b>circ_out</b> and
* <b>conn_out</b>. Make the stream wait for circuits to be established to the
@@ -188,17 +216,17 @@ test_e2e_rend_circuit_setup_legacy(void *arg)
/* Make a good RENDEZVOUS1 cell body because it needs to pass key exchange
* digest verification... */
- uint8_t rend_cell_body[DH_KEY_LEN+DIGEST_LEN] = {2};
+ uint8_t rend_cell_body[DH1024_KEY_LEN+DIGEST_LEN] = {2};
{
char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
crypto_dh_t *dh_state =
or_circ->build_state->pending_final_cpath->rend_dh_handshake_state;
/* compute and overwrite digest of cell body with the right value */
retval = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh_state,
- (char*)rend_cell_body, DH_KEY_LEN,
+ (char*)rend_cell_body, DH1024_KEY_LEN,
keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN);
tt_int_op(retval, OP_GT, 0);
- memcpy(rend_cell_body+DH_KEY_LEN, keys, DIGEST_LEN);
+ memcpy(rend_cell_body+DH1024_KEY_LEN, keys, DIGEST_LEN);
}
/* Setup the circuit */
@@ -354,7 +382,7 @@ test_client_pick_intro(void *arg)
{
char *encoded = NULL;
desc = hs_helper_build_hs_desc_with_ip(&service_kp);
- ret = hs_desc_encode_descriptor(desc, &service_kp, &encoded);
+ ret = hs_desc_encode_descriptor(desc, &service_kp, NULL, &encoded);
tt_int_op(ret, OP_EQ, 0);
tt_assert(encoded);
@@ -589,6 +617,160 @@ test_descriptor_fetch(void *arg)
hs_free_all();
}
+static void
+test_auth_key_filename_is_valid(void *arg)
+{
+ (void) arg;
+
+ /* Valid file name. */
+ tt_assert(auth_key_filename_is_valid("a.auth_private"));
+ /* Valid file name with special character. */
+ tt_assert(auth_key_filename_is_valid("a-.auth_private"));
+ /* Invalid extension. */
+ tt_assert(!auth_key_filename_is_valid("a.ath_private"));
+ /* Nothing before the extension. */
+ tt_assert(!auth_key_filename_is_valid(".auth_private"));
+
+ done:
+ ;
+}
+
+static void
+test_parse_auth_file_content(void *arg)
+{
+ hs_client_service_authorization_t *auth = NULL;
+
+ (void) arg;
+
+ /* Valid authorized client. */
+ auth = parse_auth_file_content(
+ "4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad:descriptor:"
+ "x25519:zdsyvn2jq534ugyiuzgjy4267jbtzcjbsgedhshzx5mforyxtryq");
+ tt_assert(auth);
+
+ /* Wrong number of fields. */
+ tt_assert(!parse_auth_file_content("a:b"));
+ /* Wrong auth type. */
+ tt_assert(!parse_auth_file_content(
+ "4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad:x:"
+ "x25519:zdsyvn2jq534ugyiuzgjy4267jbtzcjbsgedhshzx5mforyxtryq"));
+ /* Wrong key type. */
+ tt_assert(!parse_auth_file_content(
+ "4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad:descriptor:"
+ "x:zdsyvn2jq534ugyiuzgjy4267jbtzcjbsgedhshzx5mforyxtryq"));
+ /* Some malformed string. */
+ tt_assert(!parse_auth_file_content("xx:descriptor:x25519:aa=="));
+ /* Bigger key than it should be */
+ tt_assert(!parse_auth_file_content("xx:descriptor:x25519:"
+ "vjqea4jbhwwc4hto7ekyvqfbeodghbaq6nxi45hz4wr3qvhqv3yqa"));
+ done:
+ tor_free(auth);
+}
+
+static char *
+mock_read_file_to_str(const char *filename, int flags, struct stat *stat_out)
+{
+ char *ret = NULL;
+
+ (void) flags;
+ (void) stat_out;
+
+ if (!strcmp(filename, get_fname("auth_keys" PATH_SEPARATOR
+ "client1.auth_private"))) {
+ ret = tor_strdup(
+ "4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad:descriptor:"
+ "x25519:zdsyvn2jq534ugyiuzgjy4267jbtzcjbsgedhshzx5mforyxtryq");
+ goto done;
+ }
+
+ if (!strcmp(filename, get_fname("auth_keys" PATH_SEPARATOR "dummy.xxx"))) {
+ ret = tor_strdup(
+ "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:descriptor:"
+ "x25519:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
+ goto done;
+ }
+
+ if (!strcmp(filename, get_fname("auth_keys" PATH_SEPARATOR
+ "client2.auth_private"))) {
+ ret = tor_strdup(
+ "25njqamcweflpvkl73j4szahhihoc4xt3ktcgjnpaingr5yhkenl5sid:descriptor:"
+ "x25519:fdreqzjqso7d2ac7qscrxfl5qfpamdvgy5d6cxejcgzc3hvhurmq");
+ goto done;
+ }
+
+ done:
+ return ret;
+}
+
+static int
+mock_check_private_dir(const char *dirname, cpd_check_t check,
+ const char *effective_user)
+{
+ (void) dirname;
+ (void) check;
+ (void) effective_user;
+
+ return 0;
+}
+
+static smartlist_t *
+mock_tor_listdir(const char *dirname)
+{
+ smartlist_t *file_list = smartlist_new();
+
+ (void) dirname;
+
+ smartlist_add(file_list, tor_strdup("client1.auth_private"));
+ smartlist_add(file_list, tor_strdup("dummy.xxx"));
+ smartlist_add(file_list, tor_strdup("client2.auth_private"));
+
+ return file_list;
+}
+
+static void
+test_config_client_authorization(void *arg)
+{
+ int ret;
+ char *conf = NULL;
+ ed25519_public_key_t pk1, pk2;
+ digest256map_t *global_map = NULL;
+ char *key_dir = tor_strdup(get_fname("auth_keys"));
+
+ (void) arg;
+
+ MOCK(read_file_to_str, mock_read_file_to_str);
+ MOCK(tor_listdir, mock_tor_listdir);
+ MOCK(check_private_dir, mock_check_private_dir);
+
+#define conf_fmt \
+ "ClientOnionAuthDir %s\n"
+
+ tor_asprintf(&conf, conf_fmt, key_dir);
+ ret = helper_config_client(conf, 0);
+ tor_free(conf);
+ tt_int_op(ret, OP_EQ, 0);
+
+#undef conf_fmt
+
+ global_map = get_hs_client_auths_map();
+ tt_int_op(digest256map_size(global_map), OP_EQ, 2);
+
+ hs_parse_address("4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad",
+ &pk1, NULL, NULL);
+ hs_parse_address("25njqamcweflpvkl73j4szahhihoc4xt3ktcgjnpaingr5yhkenl5sid",
+ &pk2, NULL, NULL);
+
+ tt_assert(digest256map_get(global_map, pk1.pubkey));
+ tt_assert(digest256map_get(global_map, pk2.pubkey));
+
+ done:
+ tor_free(key_dir);
+ hs_free_all();
+ UNMOCK(read_file_to_str);
+ UNMOCK(tor_listdir);
+ UNMOCK(check_private_dir);
+}
+
struct testcase_t hs_client_tests[] = {
{ "e2e_rend_circuit_setup_legacy", test_e2e_rend_circuit_setup_legacy,
TT_FORK, NULL, NULL },
@@ -598,6 +780,11 @@ struct testcase_t hs_client_tests[] = {
TT_FORK, NULL, NULL },
{ "descriptor_fetch", test_descriptor_fetch,
TT_FORK, NULL, NULL },
+ { "auth_key_filename_is_valid", test_auth_key_filename_is_valid, TT_FORK,
+ NULL, NULL },
+ { "parse_auth_file_content", test_parse_auth_file_content, TT_FORK,
+ NULL, NULL },
+ { "config_client_authorization", test_config_client_authorization,
+ TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_hs_common.c b/src/test/test_hs_common.c
index 7348eb746c..c60d6e2640 100644
--- a/src/test/test_hs_common.c
+++ b/src/test/test_hs_common.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2017, The Tor Project, Inc. */
+/* Copyright (c) 2017-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -11,27 +11,34 @@
#define HS_SERVICE_PRIVATE
#define NODELIST_PRIVATE
-#include "test.h"
-#include "test_helpers.h"
-#include "log_test_helpers.h"
-#include "hs_test_helpers.h"
-
-#include "connection_edge.h"
-#include "crypto_rand.h"
-#include "hs_common.h"
-#include "hs_client.h"
-#include "hs_service.h"
-#include "config.h"
-#include "networkstatus.h"
-#include "directory.h"
-#include "dirauth/dirvote.h"
-#include "nodelist.h"
-#include "routerlist.h"
-#include "statefile.h"
-#include "circuitlist.h"
-#include "dirauth/shared_random.h"
-#include "util.h"
-#include "voting_schedule.h"
+#include "test/test.h"
+#include "test/test_helpers.h"
+#include "test/log_test_helpers.h"
+#include "test/hs_test_helpers.h"
+
+#include "core/or/connection_edge.h"
+#include "lib/crypt_ops/crypto_format.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "feature/hs/hs_common.h"
+#include "feature/hs/hs_client.h"
+#include "feature/hs/hs_service.h"
+#include "app/config/config.h"
+#include "feature/nodelist/networkstatus.h"
+#include "feature/dircache/directory.h"
+#include "feature/dirauth/dirvote.h"
+#include "feature/nodelist/nodelist.h"
+#include "feature/nodelist/routerlist.h"
+#include "app/config/statefile.h"
+#include "core/or/circuitlist.h"
+#include "feature/dirauth/shared_random.h"
+#include "feature/dircommon/voting_schedule.h"
+
+#include "feature/nodelist/microdesc_st.h"
+#include "feature/nodelist/networkstatus_st.h"
+#include "feature/nodelist/node_st.h"
+#include "app/config/or_state_st.h"
+#include "feature/nodelist/routerinfo_st.h"
+#include "feature/nodelist/routerstatus_st.h"
/** Test the validation of HS v3 addresses */
static void
@@ -421,11 +428,13 @@ mock_directory_initiate_request(directory_request_t *req)
static int
mock_hs_desc_encode_descriptor(const hs_descriptor_t *desc,
- const ed25519_keypair_t *signing_kp,
- char **encoded_out)
+ const ed25519_keypair_t *signing_kp,
+ const uint8_t *descriptor_cookie,
+ char **encoded_out)
{
(void)desc;
(void)signing_kp;
+ (void)descriptor_cookie;
tor_asprintf(encoded_out, "lulu");
return 0;
@@ -1337,6 +1346,10 @@ run_reachability_scenario(const reachability_cfg_t *cfg, int num_scenario)
&mock_service_ns->fresh_until);
voting_schedule_recalculate_timing(get_options(),
mock_service_ns->valid_after);
+ /* Check that service is in the right time period point */
+ tt_int_op(hs_in_period_between_tp_and_srv(mock_service_ns, 0), OP_EQ,
+ cfg->service_in_new_tp);
+
/* Set client consensus time. */
set_consensus_times(cfg->client_valid_after,
&mock_client_ns->valid_after);
@@ -1346,10 +1359,7 @@ run_reachability_scenario(const reachability_cfg_t *cfg, int num_scenario)
&mock_client_ns->fresh_until);
voting_schedule_recalculate_timing(get_options(),
mock_client_ns->valid_after);
-
- /* New time period checks for this scenario. */
- tt_int_op(hs_in_period_between_tp_and_srv(mock_service_ns, 0), OP_EQ,
- cfg->service_in_new_tp);
+ /* Check that client is in the right time period point */
tt_int_op(hs_in_period_between_tp_and_srv(mock_client_ns, 0), OP_EQ,
cfg->client_in_new_tp);
@@ -1360,7 +1370,8 @@ run_reachability_scenario(const reachability_cfg_t *cfg, int num_scenario)
mock_service_ns->sr_info.previous_srv = cfg->service_previous_srv;
/* Initialize a service to get keys. */
- service = helper_init_service(time(NULL));
+ update_approx_time(mock_service_ns->valid_after);
+ service = helper_init_service(mock_service_ns->valid_after+1);
/*
* === Client setup ===
@@ -1826,4 +1837,3 @@ struct testcase_t hs_common_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_hs_config.c b/src/test/test_hs_config.c
index a76be301d3..553b96758a 100644
--- a/src/test/test_hs_config.c
+++ b/src/test/test_hs_config.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2016, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -9,15 +9,15 @@
#define CONFIG_PRIVATE
#define HS_SERVICE_PRIVATE
-#include "test.h"
-#include "test_helpers.h"
-#include "log_test_helpers.h"
+#include "test/test.h"
+#include "test/test_helpers.h"
+#include "test/log_test_helpers.h"
-#include "config.h"
-#include "hs_common.h"
-#include "hs_config.h"
-#include "hs_service.h"
-#include "rendservice.h"
+#include "app/config/config.h"
+#include "feature/hs/hs_common.h"
+#include "feature/hs/hs_config.h"
+#include "feature/hs/hs_service.h"
+#include "feature/rend/rendservice.h"
static int
helper_config_service(const char *conf, int validate_only)
@@ -139,6 +139,20 @@ test_invalid_service(void *arg)
teardown_capture_of_logs();
}
+ /* Bad target addr:port separation. */
+ {
+ const char *conf =
+ "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
+ "HiddenServiceVersion 2\n"
+ "HiddenServicePort 80 127.0.0.1 8000\n";
+ setup_full_capture_of_logs(LOG_WARN);
+ ret = helper_config_service(conf, 1);
+ tt_int_op(ret, OP_EQ, -1);
+ expect_log_msg_containing("HiddenServicePort parse error: "
+ "invalid port mapping");
+ teardown_capture_of_logs();
+ }
+
/* Out of order directives. */
{
const char *conf =
diff --git a/src/test/test_hs_control.c b/src/test/test_hs_control.c
index 308843e9b8..48402030bf 100644
--- a/src/test/test_hs_control.c
+++ b/src/test/test_hs_control.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2017, The Tor Project, Inc. */
+/* Copyright (c) 2017-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -7,23 +7,20 @@
**/
#define CONTROL_PRIVATE
-#define CIRCUITBUILD_PRIVATE
-#define RENDCOMMON_PRIVATE
-#define RENDSERVICE_PRIVATE
-#define HS_SERVICE_PRIVATE
-
-#include "or.h"
-#include "test.h"
-#include "control.h"
-#include "config.h"
-#include "hs_common.h"
-#include "hs_control.h"
-#include "nodelist.h"
-//#include "rendcommon.h"
-//#include "rendservice.h"
-//#include "routerset.h"
-//#include "circuitbuild.h"
-#include "test_helpers.h"
+
+#include "core/or/or.h"
+#include "test/test.h"
+#include "feature/control/control.h"
+#include "app/config/config.h"
+#include "feature/hs/hs_common.h"
+#include "feature/hs/hs_control.h"
+#include "feature/nodelist/nodelist.h"
+
+#include "feature/nodelist/node_st.h"
+#include "feature/nodelist/routerstatus_st.h"
+#include "lib/crypt_ops/crypto_format.h"
+
+#include "test/test_helpers.h"
/* mock ID digest and longname for node that's in nodelist */
#define HSDIR_EXIST_ID \
@@ -195,4 +192,3 @@ struct testcase_t hs_control_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_hs_descriptor.c b/src/test/test_hs_descriptor.c
index 14f1a664e7..90f2be2906 100644
--- a/src/test/test_hs_descriptor.c
+++ b/src/test/test_hs_descriptor.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -8,18 +8,19 @@
#define HS_DESCRIPTOR_PRIVATE
-#include "crypto_ed25519.h"
-#include "crypto_digest.h"
-#include "crypto_rand.h"
-#include "ed25519_cert.h"
-#include "or.h"
-#include "hs_descriptor.h"
-#include "test.h"
-#include "torcert.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_format.h"
+#include "lib/crypt_ops/crypto_digest.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "trunnel/ed25519_cert.h"
+#include "core/or/or.h"
+#include "feature/hs/hs_descriptor.h"
+#include "test/test.h"
+#include "feature/nodelist/torcert.h"
-#include "hs_test_helpers.h"
-#include "test_helpers.h"
-#include "log_test_helpers.h"
+#include "test/hs_test_helpers.h"
+#include "test/test_helpers.h"
+#include "test/log_test_helpers.h"
#ifdef HAVE_CFLAG_WOVERLENGTH_STRINGS
DISABLE_GCC_WARNING(overlength-strings)
@@ -29,6 +30,13 @@ DISABLE_GCC_WARNING(overlength-strings)
#include "test_hs_descriptor.inc"
ENABLE_GCC_WARNING(overlength-strings)
+/* Mock function to fill all bytes with 1 */
+static void
+mock_crypto_strongest_rand(uint8_t *out, size_t out_len)
+{
+ memset(out, 1, out_len);
+}
+
/* Test certificate encoding put in a descriptor. */
static void
test_cert_encoding(void *arg)
@@ -283,7 +291,6 @@ static void
test_encode_descriptor(void *arg)
{
int ret;
- char *encoded = NULL;
ed25519_keypair_t signing_kp;
hs_descriptor_t *desc = NULL;
@@ -292,19 +299,38 @@ test_encode_descriptor(void *arg)
ret = ed25519_keypair_generate(&signing_kp, 0);
tt_int_op(ret, OP_EQ, 0);
desc = hs_helper_build_hs_desc_with_ip(&signing_kp);
- ret = hs_desc_encode_descriptor(desc, &signing_kp, &encoded);
- tt_int_op(ret, OP_EQ, 0);
- tt_assert(encoded);
+ {
+ char *encoded = NULL;
+ ret = hs_desc_encode_descriptor(desc, &signing_kp, NULL, &encoded);
+ tt_int_op(ret, OP_EQ, 0);
+ tt_assert(encoded);
+
+ tor_free(encoded);
+ }
+
+ {
+ char *encoded = NULL;
+ uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN];
+
+ crypto_strongest_rand(descriptor_cookie, sizeof(descriptor_cookie));
+
+ ret = hs_desc_encode_descriptor(desc, &signing_kp,
+ descriptor_cookie, &encoded);
+ tt_int_op(ret, OP_EQ, 0);
+ tt_assert(encoded);
+
+ tor_free(encoded);
+ }
done:
hs_descriptor_free(desc);
- tor_free(encoded);
}
static void
test_decode_descriptor(void *arg)
{
int ret;
+ int i;
char *encoded = NULL;
ed25519_keypair_t signing_kp;
hs_descriptor_t *desc = NULL;
@@ -322,14 +348,15 @@ test_decode_descriptor(void *arg)
subcredential);
/* Give some bad stuff to the decoding function. */
- ret = hs_desc_decode_descriptor("hladfjlkjadf", subcredential, &decoded);
+ ret = hs_desc_decode_descriptor("hladfjlkjadf", subcredential,
+ NULL, &decoded);
tt_int_op(ret, OP_EQ, -1);
- ret = hs_desc_encode_descriptor(desc, &signing_kp, &encoded);
+ ret = hs_desc_encode_descriptor(desc, &signing_kp, NULL, &encoded);
tt_int_op(ret, OP_EQ, 0);
tt_assert(encoded);
- ret = hs_desc_decode_descriptor(encoded, subcredential, &decoded);
+ ret = hs_desc_decode_descriptor(encoded, subcredential, NULL, &decoded);
tt_int_op(ret, OP_EQ, 0);
tt_assert(decoded);
@@ -345,13 +372,84 @@ test_decode_descriptor(void *arg)
desc_no_ip = hs_helper_build_hs_desc_no_ip(&signing_kp_no_ip);
tt_assert(desc_no_ip);
tor_free(encoded);
- ret = hs_desc_encode_descriptor(desc_no_ip, &signing_kp_no_ip, &encoded);
+ ret = hs_desc_encode_descriptor(desc_no_ip, &signing_kp_no_ip,
+ NULL, &encoded);
+ tt_int_op(ret, OP_EQ, 0);
+ tt_assert(encoded);
+ hs_descriptor_free(decoded);
+ ret = hs_desc_decode_descriptor(encoded, subcredential, NULL, &decoded);
+ tt_int_op(ret, OP_EQ, 0);
+ tt_assert(decoded);
+ }
+
+ /* Decode a descriptor with auth clients. */
+ {
+ uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN];
+ curve25519_keypair_t auth_ephemeral_kp;
+ curve25519_keypair_t client_kp, invalid_client_kp;
+ smartlist_t *clients;
+ hs_desc_authorized_client_t *client, *fake_client;
+ client = tor_malloc_zero(sizeof(hs_desc_authorized_client_t));
+
+ /* Prepare all the keys needed to build the auth client. */
+ curve25519_keypair_generate(&auth_ephemeral_kp, 0);
+ curve25519_keypair_generate(&client_kp, 0);
+ curve25519_keypair_generate(&invalid_client_kp, 0);
+ crypto_strongest_rand(descriptor_cookie, HS_DESC_DESCRIPTOR_COOKIE_LEN);
+
+ memcpy(&desc->superencrypted_data.auth_ephemeral_pubkey,
+ &auth_ephemeral_kp.pubkey, CURVE25519_PUBKEY_LEN);
+
+ hs_helper_get_subcred_from_identity_keypair(&signing_kp,
+ subcredential);
+
+ /* Build and add the auth client to the descriptor. */
+ clients = desc->superencrypted_data.clients;
+ if (!clients) {
+ clients = smartlist_new();
+ }
+ hs_desc_build_authorized_client(subcredential,
+ &client_kp.pubkey,
+ &auth_ephemeral_kp.seckey,
+ descriptor_cookie, client);
+ smartlist_add(clients, client);
+
+ /* We need to add fake auth clients here. */
+ for (i=0; i < 15; ++i) {
+ fake_client = hs_desc_build_fake_authorized_client();
+ smartlist_add(clients, fake_client);
+ }
+ desc->superencrypted_data.clients = clients;
+
+ /* Test the encoding/decoding in the following lines. */
+ tor_free(encoded);
+ ret = hs_desc_encode_descriptor(desc, &signing_kp,
+ descriptor_cookie, &encoded);
tt_int_op(ret, OP_EQ, 0);
tt_assert(encoded);
+
+ /* If we do not have the client secret key, the decoding must fail. */
+ hs_descriptor_free(decoded);
+ ret = hs_desc_decode_descriptor(encoded, subcredential,
+ NULL, &decoded);
+ tt_int_op(ret, OP_LT, 0);
+ tt_assert(!decoded);
+
+ /* If we have an invalid client secret key, the decoding must fail. */
hs_descriptor_free(decoded);
- ret = hs_desc_decode_descriptor(encoded, subcredential, &decoded);
+ ret = hs_desc_decode_descriptor(encoded, subcredential,
+ &invalid_client_kp.seckey, &decoded);
+ tt_int_op(ret, OP_LT, 0);
+ tt_assert(!decoded);
+
+ /* If we have the client secret key, the decoding must succeed and the
+ * decoded descriptor must be correct. */
+ ret = hs_desc_decode_descriptor(encoded, subcredential,
+ &client_kp.seckey, &decoded);
tt_int_op(ret, OP_EQ, 0);
tt_assert(decoded);
+
+ hs_helper_desc_equal(desc, decoded);
}
done:
@@ -577,6 +675,8 @@ test_decode_bad_signature(void *arg)
(void) arg;
+ memset(&desc_plaintext, 0, sizeof(desc_plaintext));
+
/* Update approx time to dodge cert expiration */
update_approx_time(1502661599);
@@ -587,7 +687,7 @@ test_decode_bad_signature(void *arg)
teardown_capture_of_logs();
done:
- desc_plaintext_data_free_contents(&desc_plaintext);
+ hs_desc_plaintext_data_free_contents(&desc_plaintext);
}
static void
@@ -763,101 +863,69 @@ test_desc_signature(void *arg)
tor_free(data);
}
-/* bad desc auth type */
-static const char bad_superencrypted_text1[] = "desc-auth-type scoobysnack\n"
- "desc-auth-ephemeral-key A/O8DVtnUheb3r1JqoB8uJB7wxXL1XJX3eny4yB+eFA=\n"
- "auth-client oiNrQB8WwKo S5D02W7vKgiWIMygrBl8RQ FB//SfOBmLEx1kViEWWL1g\n"
- "encrypted\n"
- "-----BEGIN MESSAGE-----\n"
- "YmVpbmcgb24gbW91bnRhaW5zLCB0aGlua2luZyBhYm91dCBjb21wdXRlcnMsIGlzIG5vdC"
- "BiYWQgYXQgYWxs\n"
- "-----END MESSAGE-----\n";
-
-/* bad ephemeral key */
-static const char bad_superencrypted_text2[] = "desc-auth-type x25519\n"
- "desc-auth-ephemeral-key differentalphabet\n"
- "auth-client oiNrQB8WwKo S5D02W7vKgiWIMygrBl8RQ FB//SfOBmLEx1kViEWWL1g\n"
- "encrypted\n"
- "-----BEGIN MESSAGE-----\n"
- "YmVpbmcgb24gbW91bnRhaW5zLCB0aGlua2luZyBhYm91dCBjb21wdXRlcnMsIGlzIG5vdC"
- "BiYWQgYXQgYWxs\n"
- "-----END MESSAGE-----\n";
-
-/* bad encrypted msg */
-static const char bad_superencrypted_text3[] = "desc-auth-type x25519\n"
- "desc-auth-ephemeral-key A/O8DVtnUheb3r1JqoB8uJB7wxXL1XJX3eny4yB+eFA=\n"
- "auth-client oiNrQB8WwKo S5D02W7vKgiWIMygrBl8RQ FB//SfOBmLEx1kViEWWL1g\n"
- "encrypted\n"
- "-----BEGIN MESSAGE-----\n"
- "SO SMALL NOT GOOD\n"
- "-----END MESSAGE-----\n";
-
-static const char correct_superencrypted_text[] = "desc-auth-type x25519\n"
- "desc-auth-ephemeral-key A/O8DVtnUheb3r1JqoB8uJB7wxXL1XJX3eny4yB+eFA=\n"
- "auth-client oiNrQB8WwKo S5D02W7vKgiWIMygrBl8RQ FB//SfOBmLEx1kViEWWL1g\n"
- "auth-client Od09Qu636Qo /PKLzqewAdS/+0+vZC+MvQ dpw4NFo13zDnuPz45rxrOg\n"
- "auth-client JRr840iGYN0 8s8cxYqF7Lx23+NducC4Qg zAafl4wPLURkuEjJreZq1g\n"
- "encrypted\n"
- "-----BEGIN MESSAGE-----\n"
- "YmVpbmcgb24gbW91bnRhaW5zLCB0aGlua2luZyBhYm91dCBjb21wdXRlcnMsIGlzIG5vdC"
- "BiYWQgYXQgYWxs\n"
- "-----END MESSAGE-----\n";
-
-static const char correct_encrypted_plaintext[] = "being on mountains, "
- "thinking about computers, is not bad at all";
-
static void
-test_parse_hs_desc_superencrypted(void *arg)
+test_build_authorized_client(void *arg)
{
+ int ret;
+ hs_desc_authorized_client_t *desc_client = NULL;
+ uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN];
+ curve25519_secret_key_t auth_ephemeral_sk;
+ curve25519_secret_key_t client_auth_sk;
+ curve25519_public_key_t client_auth_pk;
+ const char ephemeral_sk_b16[] =
+ "d023b674d993a5c8446bd2ca97e9961149b3c0e88c7dc14e8777744dd3468d6a";
+ const char descriptor_cookie_b16[] =
+ "07d087f1d8c68393721f6e70316d3b29";
+ const char client_pubkey_b16[] =
+ "8c1298fa6050e372f8598f6deca32e27b0ad457741422c2629ebb132cf7fae37";
+ uint8_t subcredential[DIGEST256_LEN];
+ char *mem_op_hex_tmp=NULL;
+
(void) arg;
- size_t retval;
- uint8_t *encrypted_out = NULL;
- {
- setup_full_capture_of_logs(LOG_WARN);
- retval = decode_superencrypted(bad_superencrypted_text1,
- strlen(bad_superencrypted_text1),
- &encrypted_out);
- tt_u64_op(retval, OP_EQ, 0);
- tt_ptr_op(encrypted_out, OP_EQ, NULL);
- expect_log_msg_containing("Unrecognized desc auth type");
- teardown_capture_of_logs();
- }
+ ret = curve25519_secret_key_generate(&auth_ephemeral_sk, 0);
+ tt_int_op(ret, OP_EQ, 0);
- {
- setup_full_capture_of_logs(LOG_WARN);
- retval = decode_superencrypted(bad_superencrypted_text2,
- strlen(bad_superencrypted_text2),
- &encrypted_out);
- tt_u64_op(retval, OP_EQ, 0);
- tt_ptr_op(encrypted_out, OP_EQ, NULL);
- expect_log_msg_containing("Bogus desc auth key in HS desc");
- teardown_capture_of_logs();
- }
+ ret = curve25519_secret_key_generate(&client_auth_sk, 0);
+ tt_int_op(ret, OP_EQ, 0);
+ curve25519_public_key_generate(&client_auth_pk, &client_auth_sk);
- {
- setup_full_capture_of_logs(LOG_WARN);
- retval = decode_superencrypted(bad_superencrypted_text3,
- strlen(bad_superencrypted_text3),
- &encrypted_out);
- tt_u64_op(retval, OP_EQ, 0);
- tt_ptr_op(encrypted_out, OP_EQ, NULL);
- expect_log_msg_containing("Length of descriptor\'s encrypted data "
- "is too small.");
- teardown_capture_of_logs();
- }
+ memset(subcredential, 42, sizeof(subcredential));
+
+ desc_client = tor_malloc_zero(sizeof(hs_desc_authorized_client_t));
- /* Now finally the good one */
- retval = decode_superencrypted(correct_superencrypted_text,
- strlen(correct_superencrypted_text),
- &encrypted_out);
+ base16_decode((char *) &auth_ephemeral_sk,
+ sizeof(auth_ephemeral_sk),
+ ephemeral_sk_b16,
+ strlen(ephemeral_sk_b16));
- tt_u64_op(retval, OP_EQ, strlen(correct_encrypted_plaintext));
- tt_mem_op(encrypted_out, OP_EQ, correct_encrypted_plaintext,
- strlen(correct_encrypted_plaintext));
+ base16_decode((char *) descriptor_cookie,
+ sizeof(descriptor_cookie),
+ descriptor_cookie_b16,
+ strlen(descriptor_cookie_b16));
+
+ base16_decode((char *) &client_auth_pk,
+ sizeof(client_auth_pk),
+ client_pubkey_b16,
+ strlen(client_pubkey_b16));
+
+ MOCK(crypto_strongest_rand, mock_crypto_strongest_rand);
+
+ hs_desc_build_authorized_client(subcredential,
+ &client_auth_pk, &auth_ephemeral_sk,
+ descriptor_cookie, desc_client);
+
+ test_memeq_hex((char *) desc_client->client_id,
+ "EC19B7FF4D2DDA13");
+ test_memeq_hex((char *) desc_client->iv,
+ "01010101010101010101010101010101");
+ test_memeq_hex((char *) desc_client->encrypted_cookie,
+ "B21222BE13F385F355BD07B2381F9F29");
done:
- tor_free(encrypted_out);
+ tor_free(desc_client);
+ tor_free(mem_op_hex_tmp);
+ UNMOCK(crypto_strongest_rand);
}
struct testcase_t hs_descriptor[] = {
@@ -890,10 +958,8 @@ struct testcase_t hs_descriptor[] = {
NULL, NULL },
{ "desc_signature", test_desc_signature, TT_FORK,
NULL, NULL },
-
- { "parse_hs_desc_superencrypted", test_parse_hs_desc_superencrypted,
- TT_FORK, NULL, NULL },
+ { "build_authorized_client", test_build_authorized_client, TT_FORK,
+ NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_hs_intropoint.c b/src/test/test_hs_intropoint.c
index faa14d9015..628d99bfde 100644
--- a/src/test/test_hs_intropoint.c
+++ b/src/test/test_hs_intropoint.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -11,27 +11,29 @@
#define RENDSERVICE_PRIVATE
#define CIRCUITLIST_PRIVATE
-#include "test.h"
-#include "log_test_helpers.h"
-#include "crypto_rand.h"
+#include "test/test.h"
+#include "test/log_test_helpers.h"
+#include "lib/crypt_ops/crypto_rand.h"
-#include "or.h"
-#include "circuitlist.h"
-#include "circuituse.h"
+#include "core/or/or.h"
+#include "core/or/circuitlist.h"
+#include "core/or/circuituse.h"
#include "ht.h"
-#include "relay.h"
-#include "rendservice.h"
+#include "core/or/relay.h"
+#include "feature/rend/rendservice.h"
-#include "hs_cell.h"
-#include "hs_circuitmap.h"
-#include "hs_common.h"
-#include "hs_intropoint.h"
-#include "hs_service.h"
+#include "feature/hs/hs_cell.h"
+#include "feature/hs/hs_circuitmap.h"
+#include "feature/hs/hs_common.h"
+#include "feature/hs/hs_intropoint.h"
+#include "feature/hs/hs_service.h"
+
+#include "core/or/or_circuit_st.h"
/* Trunnel. */
-#include "hs/cell_establish_intro.h"
-#include "hs/cell_introduce1.h"
-#include "hs/cell_common.h"
+#include "trunnel/hs/cell_establish_intro.h"
+#include "trunnel/hs/cell_introduce1.h"
+#include "trunnel/hs/cell_common.h"
static size_t
new_establish_intro_cell(const char *circ_nonce,
diff --git a/src/test/test_hs_ntor.c b/src/test/test_hs_ntor.c
index 8eee54d4b4..eeb0491657 100644
--- a/src/test/test_hs_ntor.c
+++ b/src/test/test_hs_ntor.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2017, The Tor Project, Inc. */
+/* Copyright (c) 2017-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -6,11 +6,13 @@
* \brief Test hidden service ntor functionality.
*/
-#include "test.h"
-#include "test_helpers.h"
-#include "log_test_helpers.h"
+#include "test/test.h"
+#include "test/test_helpers.h"
+#include "test/log_test_helpers.h"
+#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
-#include "hs_ntor.h"
+#include "core/crypto/hs_ntor.h"
/* Test the HS ntor handshake. Simulate the sending of an encrypted INTRODUCE1
* cell, and verify the proper derivation of decryption keys on the other end.
@@ -111,4 +113,3 @@ struct testcase_t hs_ntor_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_hs_ntor_cl.c b/src/test/test_hs_ntor_cl.c
index ed1eda58ea..a4915c4f8a 100644
--- a/src/test/test_hs_ntor_cl.c
+++ b/src/test/test_hs_ntor_cl.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2017, The Tor Project, Inc. */
+/* Copyright (c) 2017-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/** This is a wrapper over the little-t-tor HS ntor functions. The wrapper is
@@ -13,13 +13,14 @@
#include <stdlib.h>
#define ONION_NTOR_PRIVATE
-#include "or.h"
-#include "util.h"
-#include "compat.h"
-#include "crypto.h"
-#include "crypto_curve25519.h"
-#include "hs_ntor.h"
-#include "onion_ntor.h"
+#include "core/or/or.h"
+#include "lib/crypt_ops/crypto_cipher.h"
+#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_format.h"
+#include "lib/crypt_ops/crypto_init.h"
+#include "core/crypto/hs_ntor.h"
+#include "core/crypto/onion_ntor.h"
#define N_ARGS(n) STMT_BEGIN { \
if (argc < (n)) { \
@@ -240,7 +241,11 @@ main(int argc, char **argv)
return 1;
}
+ init_logging(1);
curve25519_init();
+ if (crypto_global_init(0, NULL, NULL) < 0)
+ return 1;
+
if (!strcmp(argv[1], "client1")) {
return client1(argc, argv);
} else if (!strcmp(argv[1], "server1")) {
@@ -252,4 +257,3 @@ main(int argc, char **argv)
return 1;
}
}
-
diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c
index d715f90d97..bceeafd149 100644
--- a/src/test/test_hs_service.c
+++ b/src/test/test_hs_service.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -22,39 +22,56 @@
#define HS_CLIENT_PRIVATE
#define ROUTERPARSE_PRIVATE
-#include "test.h"
-#include "test_helpers.h"
-#include "log_test_helpers.h"
-#include "rend_test_helpers.h"
-#include "hs_test_helpers.h"
-
-#include "or.h"
-#include "config.h"
-#include "circuitbuild.h"
-#include "circuitlist.h"
-#include "circuituse.h"
-#include "crypto_rand.h"
-#include "dirauth/dirvote.h"
-#include "networkstatus.h"
-#include "nodelist.h"
-#include "relay.h"
-#include "routerparse.h"
-#include "hs_common.h"
-#include "hs_config.h"
-#include "hs_ident.h"
-#include "hs_intropoint.h"
-#include "hs_ntor.h"
-#include "hs_circuit.h"
-#include "hs_service.h"
-#include "hs_client.h"
-#include "main.h"
-#include "rendservice.h"
-#include "statefile.h"
-#include "dirauth/shared_random_state.h"
-#include "voting_schedule.h"
+#include "test/test.h"
+#include "test/test_helpers.h"
+#include "test/log_test_helpers.h"
+#include "test/rend_test_helpers.h"
+#include "test/hs_test_helpers.h"
+
+#include "core/or/or.h"
+#include "app/config/config.h"
+#include "core/or/circuitbuild.h"
+#include "core/or/circuitlist.h"
+#include "core/or/circuituse.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "lib/fs/dir.h"
+#include "feature/dirauth/dirvote.h"
+#include "feature/nodelist/networkstatus.h"
+#include "feature/nodelist/nodelist.h"
+#include "core/or/relay.h"
+#include "feature/nodelist/routerparse.h"
+#include "feature/hs/hs_common.h"
+#include "feature/hs/hs_config.h"
+#include "feature/hs/hs_ident.h"
+#include "feature/hs/hs_intropoint.h"
+#include "core/crypto/hs_ntor.h"
+#include "feature/hs/hs_circuit.h"
+#include "feature/hs/hs_circuitmap.h"
+#include "feature/hs/hs_service.h"
+#include "feature/hs/hs_client.h"
+#include "core/mainloop/main.h"
+#include "feature/rend/rendservice.h"
+#include "app/config/statefile.h"
+#include "feature/dirauth/shared_random_state.h"
+#include "feature/dircommon/voting_schedule.h"
+
+#include "core/or/cpath_build_state_st.h"
+#include "core/or/crypt_path_st.h"
+#include "feature/nodelist/networkstatus_st.h"
+#include "feature/nodelist/node_st.h"
+#include "core/or/origin_circuit_st.h"
+#include "app/config/or_state_st.h"
+#include "feature/nodelist/routerinfo_st.h"
/* Trunnel */
-#include "hs/cell_establish_intro.h"
+#include "trunnel/hs/cell_establish_intro.h"
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
static networkstatus_t mock_ns;
@@ -211,6 +228,40 @@ helper_create_origin_circuit(int purpose, int flags)
return circ;
}
+/* Helper: Return a newly allocated authorized client object with
+ * and a newly generated public key. */
+static hs_service_authorized_client_t *
+helper_create_authorized_client(void)
+{
+ int ret;
+ hs_service_authorized_client_t *client;
+ curve25519_secret_key_t seckey;
+ client = tor_malloc_zero(sizeof(hs_service_authorized_client_t));
+
+ ret = curve25519_secret_key_generate(&seckey, 0);
+ tt_int_op(ret, OP_EQ, 0);
+ curve25519_public_key_generate(&client->client_pk, &seckey);
+
+ done:
+ return client;
+}
+
+/* Helper: Return a newly allocated authorized client object with the
+ * same client name and the same public key as the given client. */
+static hs_service_authorized_client_t *
+helper_clone_authorized_client(const hs_service_authorized_client_t *client)
+{
+ hs_service_authorized_client_t *client_out;
+
+ tor_assert(client);
+
+ client_out = tor_malloc_zero(sizeof(hs_service_authorized_client_t));
+ memcpy(client_out->client_pk.public_key,
+ client->client_pk.public_key, CURVE25519_PUBKEY_LEN);
+
+ return client_out;
+}
+
/* Helper: Return a newly allocated service object with the identity keypair
* sets and the current descriptor. Then register it to the global map.
* Caller should us hs_free_all() to free this service or remove it from the
@@ -235,6 +286,26 @@ helper_create_service(void)
return service;
}
+/* Helper: Return a newly allocated service object with clients. */
+static hs_service_t *
+helper_create_service_with_clients(int num_clients)
+{
+ int i;
+ hs_service_t *service = helper_create_service();
+ tt_assert(service);
+ service->config.is_client_auth_enabled = 1;
+ service->config.clients = smartlist_new();
+
+ for (i = 0; i < num_clients; i++) {
+ hs_service_authorized_client_t *client;
+ client = helper_create_authorized_client();
+ smartlist_add(service->config.clients, client);
+ }
+
+ done:
+ return service;
+}
+
/* Helper: Return a newly allocated service intro point with two link
* specifiers, one IPv4 and one legacy ID set to As. */
static hs_service_intro_point_t *
@@ -294,6 +365,8 @@ test_load_keys(void *arg)
/* It's in staging? */
tt_int_op(get_hs_service_staging_list_size(), OP_EQ, 1);
+#undef conf_fmt
+
/* Load the keys for these. After that, the v3 service should be registered
* in the global map. */
hs_service_load_all_keys();
@@ -313,6 +386,9 @@ test_load_keys(void *arg)
tt_int_op(hs_address_is_valid(addr), OP_EQ, 1);
tt_str_op(addr, OP_EQ, s->onion_address);
+ /* Check that the is_client_auth_enabled is not set. */
+ tt_assert(!s->config.is_client_auth_enabled);
+
done:
tor_free(hsdir_v2);
tor_free(hsdir_v3);
@@ -320,6 +396,182 @@ test_load_keys(void *arg)
}
static void
+test_client_filename_is_valid(void *arg)
+{
+ (void) arg;
+
+ /* Valid file name. */
+ tt_assert(client_filename_is_valid("a.auth"));
+ /* Valid file name with special character. */
+ tt_assert(client_filename_is_valid("a-.auth"));
+ /* Invalid extension. */
+ tt_assert(!client_filename_is_valid("a.ath"));
+ /* Nothing before the extension. */
+ tt_assert(!client_filename_is_valid(".auth"));
+
+ done:
+ ;
+}
+
+static void
+test_parse_authorized_client(void *arg)
+{
+ hs_service_authorized_client_t *client = NULL;
+
+ (void) arg;
+
+ /* Valid authorized client. */
+ client = parse_authorized_client(
+ "descriptor:x25519:dz4q5xqlb4ldnbs72iarrml4ephk3du4i7o2cgiva5lwr6wkquja");
+ tt_assert(client);
+
+ /* Wrong number of fields. */
+ tt_assert(!parse_authorized_client("a:b:c:d:e"));
+ /* Wrong auth type. */
+ tt_assert(!parse_authorized_client(
+ "x:x25519:dz4q5xqlb4ldnbs72iarrml4ephk3du4i7o2cgiva5lwr6wkquja"));
+ /* Wrong key type. */
+ tt_assert(!parse_authorized_client(
+ "descriptor:x:dz4q5xqlb4ldnbs72iarrml4ephk3du4i7o2cgiva5lwr6wkquja"));
+ /* Some malformed string. */
+ tt_assert(!parse_authorized_client("descriptor:x25519:aa=="));
+ tt_assert(!parse_authorized_client("descriptor:"));
+ tt_assert(!parse_authorized_client("descriptor:x25519"));
+ tt_assert(!parse_authorized_client("descriptor:x25519:"));
+ tt_assert(!parse_authorized_client(""));
+
+ done:
+ service_authorized_client_free(client);
+}
+
+static char *
+mock_read_file_to_str(const char *filename, int flags, struct stat *stat_out)
+{
+ char *ret = NULL;
+
+ (void) flags;
+ (void) stat_out;
+
+ if (!strcmp(filename, get_fname("hs3" PATH_SEPARATOR
+ "authorized_clients" PATH_SEPARATOR
+ "client1.auth"))) {
+ ret = tor_strdup("descriptor:x25519:"
+ "dz4q5xqlb4ldnbs72iarrml4ephk3du4i7o2cgiva5lwr6wkquja");
+ goto done;
+ }
+
+ if (!strcmp(filename, get_fname("hs3" PATH_SEPARATOR
+ "authorized_clients" PATH_SEPARATOR
+ "dummy.xxx"))) {
+ ret = tor_strdup("descriptor:x25519:"
+ "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
+ goto done;
+ }
+
+ if (!strcmp(filename, get_fname("hs3" PATH_SEPARATOR
+ "authorized_clients" PATH_SEPARATOR
+ "client2.auth"))) {
+ ret = tor_strdup("descriptor:x25519:"
+ "okoi2gml3wd6x7jganlk5d66xxyjgg24sxw4y7javx4giqr66zta");
+ goto done;
+ }
+
+ done:
+ return ret;
+}
+
+static smartlist_t *
+mock_tor_listdir(const char *dirname)
+{
+ smartlist_t *file_list = smartlist_new();
+
+ (void) dirname;
+
+ smartlist_add(file_list, tor_strdup("client1.auth"));
+ smartlist_add(file_list, tor_strdup("dummy.xxx"));
+ smartlist_add(file_list, tor_strdup("client2.auth"));
+
+ return file_list;
+}
+
+static void
+test_load_keys_with_client_auth(void *arg)
+{
+ int ret;
+ char *conf = NULL;
+ smartlist_t *pubkey_b32_list = smartlist_new();
+ char *hsdir_v3 = tor_strdup(get_fname("hs3"));
+ hs_service_t *service;
+
+ (void) arg;
+
+ hs_init();
+ smartlist_add(pubkey_b32_list, tor_strdup(
+ "dz4q5xqlb4ldnbs72iarrml4ephk3du4i7o2cgiva5lwr6wkquja"));
+ smartlist_add(pubkey_b32_list, tor_strdup(
+ "okoi2gml3wd6x7jganlk5d66xxyjgg24sxw4y7javx4giqr66zta"));
+
+#define conf_fmt \
+ "HiddenServiceDir %s\n" \
+ "HiddenServiceVersion %d\n" \
+ "HiddenServicePort 65534\n"
+
+ tor_asprintf(&conf, conf_fmt, hsdir_v3, HS_VERSION_THREE);
+ ret = helper_config_service(conf);
+ tor_free(conf);
+ tt_int_op(ret, OP_EQ, 0);
+ /* It's in staging? */
+ tt_int_op(get_hs_service_staging_list_size(), OP_EQ, 1);
+
+#undef conf_fmt
+
+ MOCK(read_file_to_str, mock_read_file_to_str);
+ MOCK(tor_listdir, mock_tor_listdir);
+
+ /* Load the keys for these. After that, the v3 service should be registered
+ * in the global map. */
+ hs_service_load_all_keys();
+ tt_int_op(get_hs_service_map_size(), OP_EQ, 1);
+
+ service = get_first_service();
+ tt_assert(service->config.clients);
+ tt_int_op(smartlist_len(service->config.clients), OP_EQ,
+ smartlist_len(pubkey_b32_list));
+
+ /* Test that the is_client_auth_enabled flag is set. */
+ tt_assert(service->config.is_client_auth_enabled);
+
+ /* Test that the keys in clients are correct. */
+ SMARTLIST_FOREACH_BEGIN(pubkey_b32_list, char *, pubkey_b32) {
+
+ curve25519_public_key_t pubkey;
+ /* This flag will be set if the key is found in clients. */
+ int is_found = 0;
+ base32_decode((char *) pubkey.public_key, sizeof(pubkey.public_key),
+ pubkey_b32, strlen(pubkey_b32));
+
+ SMARTLIST_FOREACH_BEGIN(service->config.clients,
+ hs_service_authorized_client_t *, client) {
+ if (tor_memeq(&pubkey, &client->client_pk, sizeof(pubkey))) {
+ is_found = 1;
+ break;
+ }
+ } SMARTLIST_FOREACH_END(client);
+
+ tt_assert(is_found);
+
+ } SMARTLIST_FOREACH_END(pubkey_b32);
+
+ done:
+ SMARTLIST_FOREACH(pubkey_b32_list, char *, s, tor_free(s));
+ smartlist_free(pubkey_b32_list);
+ tor_free(hsdir_v3);
+ hs_free_all();
+ UNMOCK(read_file_to_str);
+ UNMOCK(tor_listdir);
+}
+
+static void
test_access_service(void *arg)
{
int ret;
@@ -1035,7 +1287,7 @@ static void
test_rotate_descriptors(void *arg)
{
int ret;
- time_t next_rotation_time, now = time(NULL);
+ time_t next_rotation_time, now;
hs_service_t *service;
hs_service_descriptor_t *desc_next;
@@ -1059,6 +1311,9 @@ test_rotate_descriptors(void *arg)
tt_int_op(ret, OP_EQ, 0);
voting_schedule_recalculate_timing(get_options(), mock_ns.valid_after);
+ update_approx_time(mock_ns.valid_after+1);
+ now = mock_ns.valid_after+1;
+
/* Create a service with a default descriptor and state. It's added to the
* global map. */
service = helper_create_service();
@@ -1097,6 +1352,9 @@ test_rotate_descriptors(void *arg)
tt_int_op(ret, OP_EQ, 0);
voting_schedule_recalculate_timing(get_options(), mock_ns.valid_after);
+ update_approx_time(mock_ns.valid_after+1);
+ now = mock_ns.valid_after+1;
+
/* Note down what to expect for the next rotation time which is 01:00 + 23h
* meaning 00:00:00. */
next_rotation_time = mock_ns.valid_after + (23 * 60 * 60);
@@ -1159,6 +1417,9 @@ test_build_update_descriptors(void *arg)
tt_int_op(ret, OP_EQ, 0);
voting_schedule_recalculate_timing(get_options(), mock_ns.valid_after);
+ update_approx_time(mock_ns.valid_after+1);
+ now = mock_ns.valid_after+1;
+
/* Create a service without a current descriptor to trigger a build. */
service = helper_create_service();
tt_assert(service);
@@ -1220,7 +1481,7 @@ test_build_update_descriptors(void *arg)
tt_int_op(ret, OP_EQ, 0);
ri.onion_curve25519_pkey =
tor_malloc_zero(sizeof(curve25519_public_key_t));
- ri.onion_pkey = crypto_pk_new();
+ ri.onion_pkey = tor_malloc_zero(140);
curve25519_public_key_generate(ri.onion_curve25519_pkey,
&curve25519_secret_key);
memset(ri.cache_info.identity_digest, 'A', DIGEST_LEN);
@@ -1246,7 +1507,7 @@ test_build_update_descriptors(void *arg)
update_all_descriptors(now);
tor_free(node->ri->onion_curve25519_pkey); /* Avoid memleak. */
tor_free(node->ri->cache_info.signing_key_cert);
- crypto_pk_free(node->ri->onion_pkey);
+ tor_free(node->ri->onion_pkey);
expect_log_msg_containing("just picked 1 intro points and wanted 3 for next "
"descriptor. It currently has 0 intro points. "
"Launching ESTABLISH_INTRO circuit shortly.");
@@ -1300,6 +1561,9 @@ test_build_update_descriptors(void *arg)
&mock_ns.fresh_until);
tt_int_op(ret, OP_EQ, 0);
+ update_approx_time(mock_ns.valid_after+1);
+ now = mock_ns.valid_after+1;
+
/* Create a service without a current descriptor to trigger a build. */
service = helper_create_service();
tt_assert(service);
@@ -1350,11 +1614,95 @@ test_build_update_descriptors(void *arg)
nodelist_free_all();
}
+/** Test building descriptors. We use this separate function instead of
+ * using test_build_update_descriptors because that function is too complex
+ * and also too interactive. */
static void
-test_upload_descriptors(void *arg)
+test_build_descriptors(void *arg)
{
int ret;
time_t now = time(NULL);
+
+ (void) arg;
+
+ hs_init();
+
+ MOCK(get_or_state,
+ get_or_state_replacement);
+ MOCK(networkstatus_get_live_consensus,
+ mock_networkstatus_get_live_consensus);
+
+ dummy_state = tor_malloc_zero(sizeof(or_state_t));
+
+ ret = parse_rfc1123_time("Sat, 26 Oct 1985 03:00:00 UTC",
+ &mock_ns.valid_after);
+ tt_int_op(ret, OP_EQ, 0);
+ ret = parse_rfc1123_time("Sat, 26 Oct 1985 04:00:00 UTC",
+ &mock_ns.fresh_until);
+ tt_int_op(ret, OP_EQ, 0);
+ voting_schedule_recalculate_timing(get_options(), mock_ns.valid_after);
+
+ /* Generate a valid number of fake auth clients when a client authorization
+ * is disabled. */
+ {
+ hs_service_t *service = helper_create_service();
+ service_descriptor_free(service->desc_current);
+ service->desc_current = NULL;
+
+ build_all_descriptors(now);
+ hs_desc_superencrypted_data_t *superencrypted;
+ superencrypted = &service->desc_current->desc->superencrypted_data;
+ tt_int_op(smartlist_len(superencrypted->clients), OP_EQ, 16);
+ }
+
+ /* Generate a valid number of fake auth clients when the number of
+ * clients is zero. */
+ {
+ hs_service_t *service = helper_create_service_with_clients(0);
+ service_descriptor_free(service->desc_current);
+ service->desc_current = NULL;
+
+ build_all_descriptors(now);
+ hs_desc_superencrypted_data_t *superencrypted;
+ superencrypted = &service->desc_current->desc->superencrypted_data;
+ tt_int_op(smartlist_len(superencrypted->clients), OP_EQ, 16);
+ }
+
+ /* Generate a valid number of fake auth clients when the number of
+ * clients is not a multiple of 16. */
+ {
+ hs_service_t *service = helper_create_service_with_clients(20);
+ service_descriptor_free(service->desc_current);
+ service->desc_current = NULL;
+
+ build_all_descriptors(now);
+ hs_desc_superencrypted_data_t *superencrypted;
+ superencrypted = &service->desc_current->desc->superencrypted_data;
+ tt_int_op(smartlist_len(superencrypted->clients), OP_EQ, 32);
+ }
+
+ /* Do not generate any fake desc client when the number of clients is
+ * a multiple of 16 but not zero. */
+ {
+ hs_service_t *service = helper_create_service_with_clients(32);
+ service_descriptor_free(service->desc_current);
+ service->desc_current = NULL;
+
+ build_all_descriptors(now);
+ hs_desc_superencrypted_data_t *superencrypted;
+ superencrypted = &service->desc_current->desc->superencrypted_data;
+ tt_int_op(smartlist_len(superencrypted->clients), OP_EQ, 32);
+ }
+
+ done:
+ hs_free_all();
+}
+
+static void
+test_upload_descriptors(void *arg)
+{
+ int ret;
+ time_t now;
hs_service_t *service;
(void) arg;
@@ -1373,6 +1721,10 @@ test_upload_descriptors(void *arg)
ret = parse_rfc1123_time("Sat, 26 Oct 1985 14:00:00 UTC",
&mock_ns.fresh_until);
tt_int_op(ret, OP_EQ, 0);
+ voting_schedule_recalculate_timing(get_options(), mock_ns.valid_after);
+
+ update_approx_time(mock_ns.valid_after+1);
+ now = mock_ns.valid_after+1;
/* Create a service with no descriptor. It's added to the global map. */
service = hs_service_new(get_options());
@@ -1407,66 +1759,6 @@ test_upload_descriptors(void *arg)
UNMOCK(get_or_state);
}
-/** Test the functions that save and load HS revision counters to state. */
-static void
-test_revision_counter_state(void *arg)
-{
- char *state_line_one = NULL;
- char *state_line_two = NULL;
-
- hs_service_descriptor_t *desc_one = service_descriptor_new();
- hs_service_descriptor_t *desc_two = service_descriptor_new();
-
- (void) arg;
-
- /* Prepare both descriptors */
- desc_one->desc->plaintext_data.revision_counter = 42;
- desc_two->desc->plaintext_data.revision_counter = 240;
- memset(&desc_one->blinded_kp.pubkey.pubkey, 66,
- sizeof(desc_one->blinded_kp.pubkey.pubkey));
- memset(&desc_two->blinded_kp.pubkey.pubkey, 240,
- sizeof(desc_one->blinded_kp.pubkey.pubkey));
-
- /* Turn the descriptor rev counters into state lines */
- state_line_one = encode_desc_rev_counter_for_state(desc_one);
- tt_str_op(state_line_one, OP_EQ,
- "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkI 42");
-
- state_line_two = encode_desc_rev_counter_for_state(desc_two);
- tt_str_op(state_line_two, OP_EQ,
- "8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PA 240");
-
- /* Now let's test our state parsing function: */
- int service_found;
- uint64_t cached_rev_counter;
-
- /* First's try with wrong pubkey and check that no service was found */
- cached_rev_counter =check_state_line_for_service_rev_counter(state_line_one,
- &desc_two->blinded_kp.pubkey,
- &service_found);
- tt_int_op(service_found, OP_EQ, 0);
- tt_u64_op(cached_rev_counter, OP_EQ, 0);
-
- /* Now let's try with the right pubkeys */
- cached_rev_counter =check_state_line_for_service_rev_counter(state_line_one,
- &desc_one->blinded_kp.pubkey,
- &service_found);
- tt_int_op(service_found, OP_EQ, 1);
- tt_u64_op(cached_rev_counter, OP_EQ, 42);
-
- cached_rev_counter =check_state_line_for_service_rev_counter(state_line_two,
- &desc_two->blinded_kp.pubkey,
- &service_found);
- tt_int_op(service_found, OP_EQ, 1);
- tt_u64_op(cached_rev_counter, OP_EQ, 240);
-
- done:
- tor_free(state_line_one);
- tor_free(state_line_two);
- service_descriptor_free(desc_one);
- service_descriptor_free(desc_two);
-}
-
/** Global vars used by test_rendezvous1_parsing() */
static char rend1_payload[RELAY_PAYLOAD_SIZE];
static size_t rend1_payload_len = 0;
@@ -1591,11 +1883,137 @@ test_rendezvous1_parsing(void *arg)
UNMOCK(relay_send_command_from_edge_);
}
+static void
+test_authorized_client_config_equal(void *arg)
+{
+ int ret;
+ hs_service_config_t *config1, *config2;
+
+ (void) arg;
+
+ config1 = tor_malloc_zero(sizeof(*config1));
+ config2 = tor_malloc_zero(sizeof(*config2));
+
+ /* Both configs are empty. */
+ {
+ config1->clients = smartlist_new();
+ config2->clients = smartlist_new();
+
+ ret = service_authorized_client_config_equal(config1, config2);
+ tt_int_op(ret, OP_EQ, 1);
+
+ service_clear_config(config1);
+ service_clear_config(config2);
+ }
+
+ /* Both configs have exactly the same client config. */
+ {
+ config1->clients = smartlist_new();
+ config2->clients = smartlist_new();
+
+ hs_service_authorized_client_t *client1, *client2;
+ client1 = helper_create_authorized_client();
+ client2 = helper_create_authorized_client();
+
+ smartlist_add(config1->clients, client1);
+ smartlist_add(config1->clients, client2);
+
+ /* We should swap the order of clients here to test that the order
+ * does not matter. */
+ smartlist_add(config2->clients, helper_clone_authorized_client(client2));
+ smartlist_add(config2->clients, helper_clone_authorized_client(client1));
+
+ ret = service_authorized_client_config_equal(config1, config2);
+ tt_int_op(ret, OP_EQ, 1);
+
+ service_clear_config(config1);
+ service_clear_config(config2);
+ }
+
+ /* The numbers of clients in both configs are not equal. */
+ {
+ config1->clients = smartlist_new();
+ config2->clients = smartlist_new();
+
+ hs_service_authorized_client_t *client1, *client2;
+ client1 = helper_create_authorized_client();
+ client2 = helper_create_authorized_client();
+
+ smartlist_add(config1->clients, client1);
+ smartlist_add(config1->clients, client2);
+
+ smartlist_add(config2->clients, helper_clone_authorized_client(client1));
+
+ ret = service_authorized_client_config_equal(config1, config2);
+ tt_int_op(ret, OP_EQ, 0);
+
+ service_clear_config(config1);
+ service_clear_config(config2);
+ }
+
+ /* The first config has two distinct clients while the second config
+ * has two clients but they are duplicate. */
+ {
+ config1->clients = smartlist_new();
+ config2->clients = smartlist_new();
+
+ hs_service_authorized_client_t *client1, *client2;
+ client1 = helper_create_authorized_client();
+ client2 = helper_create_authorized_client();
+
+ smartlist_add(config1->clients, client1);
+ smartlist_add(config1->clients, client2);
+
+ smartlist_add(config2->clients, helper_clone_authorized_client(client1));
+ smartlist_add(config2->clients, helper_clone_authorized_client(client1));
+
+ ret = service_authorized_client_config_equal(config1, config2);
+ tt_int_op(ret, OP_EQ, 0);
+
+ service_clear_config(config1);
+ service_clear_config(config2);
+ }
+
+ /* Both configs have totally distinct clients. */
+ {
+ config1->clients = smartlist_new();
+ config2->clients = smartlist_new();
+
+ hs_service_authorized_client_t *client1, *client2, *client3, *client4;
+ client1 = helper_create_authorized_client();
+ client2 = helper_create_authorized_client();
+ client3 = helper_create_authorized_client();
+ client4 = helper_create_authorized_client();
+
+ smartlist_add(config1->clients, client1);
+ smartlist_add(config1->clients, client2);
+
+ smartlist_add(config2->clients, client3);
+ smartlist_add(config2->clients, client4);
+
+ ret = service_authorized_client_config_equal(config1, config2);
+ tt_int_op(ret, OP_EQ, 0);
+
+ service_clear_config(config1);
+ service_clear_config(config2);
+ }
+
+ done:
+ tor_free(config1);
+ tor_free(config2);
+}
+
struct testcase_t hs_service_tests[] = {
{ "e2e_rend_circuit_setup", test_e2e_rend_circuit_setup, TT_FORK,
NULL, NULL },
{ "load_keys", test_load_keys, TT_FORK,
NULL, NULL },
+ { "client_filename_is_valid", test_client_filename_is_valid, TT_FORK,
+ NULL, NULL },
+ { "parse_authorized_client", test_parse_authorized_client, TT_FORK,
+ NULL, NULL },
+ { "load_keys_with_client_auth", test_load_keys_with_client_auth, TT_FORK,
+ NULL, NULL },
{ "access_service", test_access_service, TT_FORK,
NULL, NULL },
{ "service_intro_point", test_service_intro_point, TT_FORK,
@@ -1618,13 +2036,14 @@ struct testcase_t hs_service_tests[] = {
NULL, NULL },
{ "build_update_descriptors", test_build_update_descriptors, TT_FORK,
NULL, NULL },
- { "upload_descriptors", test_upload_descriptors, TT_FORK,
+ { "build_descriptors", test_build_descriptors, TT_FORK,
NULL, NULL },
- { "revision_counter_state", test_revision_counter_state, TT_FORK,
+ { "upload_descriptors", test_upload_descriptors, TT_FORK,
NULL, NULL },
{ "rendezvous1_parsing", test_rendezvous1_parsing, TT_FORK,
NULL, NULL },
+ { "authorized_client_config_equal", test_authorized_client_config_equal,
+ TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_introduce.c b/src/test/test_introduce.c
index d502bdddb1..4d2d909945 100644
--- a/src/test/test_introduce.c
+++ b/src/test/test_introduce.c
@@ -1,13 +1,13 @@
-/* Copyright (c) 2012-2017, The Tor Project, Inc. */
+/* Copyright (c) 2012-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
-#include "crypto.h"
-#include "or.h"
-#include "test.h"
+#include "lib/crypt_ops/crypto_cipher.h"
+#include "core/or/or.h"
+#include "test/test.h"
#define RENDSERVICE_PRIVATE
-#include "rendservice.h"
+#include "feature/rend/rendservice.h"
static uint8_t v0_test_plaintext[] =
/* 20 bytes of rendezvous point nickname */
diff --git a/src/test/test_keypin.c b/src/test/test_keypin.c
index 79d7bac902..9af12ff548 100644
--- a/src/test/test_keypin.c
+++ b/src/test/test_keypin.c
@@ -1,13 +1,12 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
#define KEYPIN_PRIVATE
-#include "or.h"
-#include "keypin.h"
-#include "util.h"
+#include "core/or/or.h"
+#include "feature/dirauth/keypin.h"
-#include "test.h"
+#include "test/test.h"
static void
test_keypin_parse_line(void *arg)
diff --git a/src/test/test_link_handshake.c b/src/test/test_link_handshake.c
index 6840072d76..82a91a9ae2 100644
--- a/src/test/test_link_handshake.c
+++ b/src/test/test_link_handshake.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
@@ -8,21 +8,28 @@
#define TOR_CHANNEL_INTERNAL_
#define TORTLS_PRIVATE
-#include "compat.h"
-
-#include "or.h"
-#include "config.h"
-#include "connection.h"
-#include "connection_or.h"
-#include "channeltls.h"
-#include "link_handshake.h"
-#include "router.h"
-#include "routerkeys.h"
-#include "scheduler.h"
-#include "torcert.h"
-
-#include "test.h"
-#include "log_test_helpers.h"
+#include "core/or/or.h"
+#include "app/config/config.h"
+#include "core/mainloop/connection.h"
+#include "core/or/connection_or.h"
+#include "core/or/channeltls.h"
+#include "trunnel/link_handshake.h"
+#include "feature/relay/router.h"
+#include "feature/relay/routerkeys.h"
+#include "core/or/scheduler.h"
+#include "feature/nodelist/torcert.h"
+
+#include "core/or/or_connection_st.h"
+#include "core/or/or_handshake_certs_st.h"
+#include "core/or/or_handshake_state_st.h"
+#include "core/or/var_cell_st.h"
+
+#define TOR_X509_PRIVATE
+#include "lib/tls/tortls.h"
+#include "lib/tls/x509.h"
+
+#include "test/test.h"
+#include "test/log_test_helpers.h"
static var_cell_t *mock_got_var_cell = NULL;
@@ -788,11 +795,26 @@ CERTS_FAIL(bad_rsa_id_cert, /*ed25519*/
{
require_failure_message = "legacy RSA ID certificate was not valid";
certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 1);
- uint8_t *body = certs_cell_cert_getarray_body(cert);
- ssize_t body_len = certs_cell_cert_getlen_body(cert);
- /* Frob a byte in the signature */
- body[body_len - 13] ^= 7;
+ uint8_t *body;
+ /* Frob a byte in the signature, after making a new cert. (NSS won't let
+ * us just frob the old cert, since it will see that the issuer & serial
+ * number are the same, which will make it fail at an earlier stage than
+ * signature verification.) */
+ const tor_x509_cert_t *idc;
+ tor_x509_cert_t *newc;
+ tor_tls_get_my_certs(1, NULL, &idc);
+ time_t new_end = time(NULL) + 86400 * 10;
+ newc = tor_x509_cert_replace_expiration(idc, new_end, d->key2);
+ const uint8_t *encoded;
+ size_t encoded_len;
+ tor_x509_cert_get_der(newc, &encoded, &encoded_len);
+ certs_cell_cert_setlen_body(cert, encoded_len);
+ certs_cell_cert_set_cert_len(cert, encoded_len);
+ body = certs_cell_cert_getarray_body(cert);
+ memcpy(body, encoded, encoded_len);
+ body[encoded_len - 13] ^= 7;
REENCODE();
+ tor_x509_cert_free(newc);
})
CERTS_FAIL(expired_rsa_id, /* both */
{
@@ -804,9 +826,12 @@ CERTS_FAIL(expired_rsa_id, /* both */
tor_x509_cert_t *newc;
time_t new_end = time(NULL) - 86400 * 10;
newc = tor_x509_cert_replace_expiration(idc, new_end, d->key2);
- certs_cell_cert_setlen_body(cert, newc->encoded_len);
- memcpy(certs_cell_cert_getarray_body(cert),
- newc->encoded, newc->encoded_len);
+ const uint8_t *encoded;
+ size_t encoded_len;
+ tor_x509_cert_get_der(newc, &encoded, &encoded_len);
+ certs_cell_cert_setlen_body(cert, encoded_len);
+ certs_cell_cert_set_cert_len(cert, encoded_len);
+ memcpy(certs_cell_cert_getarray_body(cert), encoded, encoded_len);
REENCODE();
tor_x509_cert_free(newc);
})
@@ -917,15 +942,25 @@ test_link_handshake_send_authchallenge(void *arg)
cell1 = mock_got_var_cell;
tt_int_op(0, OP_EQ, connection_or_send_auth_challenge_cell(c1));
cell2 = mock_got_var_cell;
+#ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS
tt_int_op(38, OP_EQ, cell1->payload_len);
tt_int_op(38, OP_EQ, cell2->payload_len);
+#else
+ tt_int_op(36, OP_EQ, cell1->payload_len);
+ tt_int_op(36, OP_EQ, cell2->payload_len);
+#endif
tt_int_op(0, OP_EQ, cell1->circ_id);
tt_int_op(0, OP_EQ, cell2->circ_id);
tt_int_op(CELL_AUTH_CHALLENGE, OP_EQ, cell1->command);
tt_int_op(CELL_AUTH_CHALLENGE, OP_EQ, cell2->command);
+#ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS
tt_mem_op("\x00\x02\x00\x01\x00\x03", OP_EQ, cell1->payload + 32, 6);
tt_mem_op("\x00\x02\x00\x01\x00\x03", OP_EQ, cell2->payload + 32, 6);
+#else
+ tt_mem_op("\x00\x01\x00\x03", OP_EQ, cell1->payload + 32, 4);
+ tt_mem_op("\x00\x01\x00\x03", OP_EQ, cell2->payload + 32, 4);
+#endif
tt_mem_op(cell1->payload, OP_NE, cell2->payload, 32);
done:
@@ -967,6 +1002,8 @@ static void *
recv_authchallenge_setup(const struct testcase_t *test)
{
(void)test;
+
+ testing__connection_or_pretend_TLSSECRET_is_supported = 1;
authchallenge_data_t *d = tor_malloc_zero(sizeof(*d));
d->c = or_connection_new(CONN_TYPE_OR, AF_INET);
d->chan = tor_malloc_zero(sizeof(*d->chan));
@@ -1180,6 +1217,8 @@ authenticate_data_setup(const struct testcase_t *test)
authenticate_data_t *d = tor_malloc_zero(sizeof(*d));
int is_ed = d->is_ed = (test->setup_data == (void*)3);
+ testing__connection_or_pretend_TLSSECRET_is_supported = 1;
+
scheduler_init();
MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
@@ -1576,4 +1615,3 @@ struct testcase_t link_handshake_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_logging.c b/src/test/test_logging.c
index e373158e34..cd685a4af7 100644
--- a/src/test/test_logging.c
+++ b/src/test/test_logging.c
@@ -1,10 +1,19 @@
-/* Copyright (c) 2013-2017, The Tor Project, Inc. */
+/* Copyright (c) 2013-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
+#define CONFIG_PRIVATE
+
#include "orconfig.h"
-#include "or.h"
-#include "torlog.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "app/config/config.h"
+#include "lib/err/torerr.h"
+#include "lib/log/log.h"
+#include "test/test.h"
+#include "lib/process/subprocess.h"
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
static void
dummy_cb_fn(int severity, uint32_t domain, const char *msg)
@@ -89,7 +98,7 @@ test_sigsafe_err(void *arg)
init_logging(1);
mark_logs_temp();
- add_file_log(&include_bug, fn, 0);
+ open_and_add_file_log(&include_bug, fn, 0);
tor_log_update_sigsafe_err_fds();
close_temp_logs();
@@ -170,4 +179,3 @@ struct testcase_t logging_tests[] = {
{ "ratelim", test_ratelim, 0, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_mainloop.c b/src/test/test_mainloop.c
index 9da8a039dd..f85c224ae9 100644
--- a/src/test/test_mainloop.c
+++ b/src/test/test_mainloop.c
@@ -6,11 +6,11 @@
* \brief Tests for functions closely related to the Tor main loop
*/
-#include "test.h"
-#include "log_test_helpers.h"
+#include "test/test.h"
+#include "test/log_test_helpers.h"
-#include "or.h"
-#include "main.h"
+#include "core/or/or.h"
+#include "core/mainloop/main.h"
static const uint64_t BILLION = 1000000000;
@@ -21,7 +21,7 @@ test_mainloop_update_time_normal(void *arg)
monotime_enable_test_mocking();
/* This is arbitrary */
- uint64_t mt_now = U64_LITERAL(7493289274986);
+ uint64_t mt_now = UINT64_C(7493289274986);
/* This time is in the past as of when this test was written. */
time_t now = 1525272090;
monotime_coarse_set_mock_time_nsec(mt_now);
@@ -63,7 +63,7 @@ test_mainloop_update_time_jumps(void *arg)
monotime_enable_test_mocking();
/* This is arbitrary */
- uint64_t mt_now = U64_LITERAL(7493289274986);
+ uint64_t mt_now = UINT64_C(7493289274986);
/* This time is in the past as of when this test was written. */
time_t now = 220897152;
monotime_coarse_set_mock_time_nsec(mt_now);
diff --git a/src/test/test_microdesc.c b/src/test/test_microdesc.c
index 4b168f49ed..ec4779ead1 100644
--- a/src/test/test_microdesc.c
+++ b/src/test/test_microdesc.c
@@ -1,19 +1,28 @@
-/* Copyright (c) 2010-2017, The Tor Project, Inc. */
+/* Copyright (c) 2010-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
-#include "or.h"
+#include "core/or/or.h"
-#include "config.h"
+#include "app/config/config.h"
#define DIRVOTE_PRIVATE
-#include "dirauth/dirvote.h"
-#include "microdesc.h"
-#include "networkstatus.h"
-#include "routerlist.h"
-#include "routerparse.h"
-#include "torcert.h"
-
-#include "test.h"
+#include "feature/dirauth/dirvote.h"
+#include "feature/nodelist/microdesc.h"
+#include "feature/nodelist/networkstatus.h"
+#include "feature/nodelist/routerlist.h"
+#include "feature/nodelist/routerparse.h"
+#include "feature/nodelist/torcert.h"
+
+#include "feature/nodelist/microdesc_st.h"
+#include "feature/nodelist/networkstatus_st.h"
+#include "feature/nodelist/routerinfo_st.h"
+#include "feature/nodelist/routerstatus_st.h"
+
+#include "test/test.h"
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
#ifdef _WIN32
/* For mkdir() */
@@ -810,4 +819,3 @@ struct testcase_t microdesc_tests[] = {
{ "corrupt_desc", test_md_corrupt_desc, TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_nodelist.c b/src/test/test_nodelist.c
index 9499fd0380..cdd5e95cf0 100644
--- a/src/test/test_nodelist.c
+++ b/src/test/test_nodelist.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2007-2017, The Tor Project, Inc. */
+/* Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -6,12 +6,19 @@
* \brief Unit tests for nodelist related functions.
**/
-#include "or.h"
-#include "crypto_rand.h"
-#include "networkstatus.h"
-#include "nodelist.h"
-#include "torcert.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "feature/nodelist/networkstatus.h"
+#include "feature/nodelist/nodelist.h"
+#include "feature/nodelist/torcert.h"
+
+#include "feature/nodelist/microdesc_st.h"
+#include "feature/nodelist/networkstatus_st.h"
+#include "feature/nodelist/node_st.h"
+#include "feature/nodelist/routerinfo_st.h"
+#include "feature/nodelist/routerstatus_st.h"
+
+#include "test/test.h"
/** Test the case when node_get_by_id() returns NULL,
* node_get_verbose_nickname_by_id should return the base 16 encoding
diff --git a/src/test/test_ntor_cl.c b/src/test/test_ntor_cl.c
index d0eea85d6f..3f914523a3 100644
--- a/src/test/test_ntor_cl.c
+++ b/src/test/test_ntor_cl.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2012-2017, The Tor Project, Inc. */
+/* Copyright (c) 2012-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
@@ -6,12 +6,11 @@
#include <stdlib.h>
#define ONION_NTOR_PRIVATE
-#include "or.h"
-#include "util.h"
-#include "compat.h"
-#include "crypto.h"
-#include "crypto_curve25519.h"
-#include "onion_ntor.h"
+#include "core/or/or.h"
+#include "lib/crypt_ops/crypto_cipher.h"
+#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_init.h"
+#include "core/crypto/onion_ntor.h"
#define N_ARGS(n) STMT_BEGIN { \
if (argc < (n)) { \
@@ -155,7 +154,11 @@ main(int argc, char **argv)
return 1;
}
+ init_logging(1);
curve25519_init();
+ if (crypto_global_init(0, NULL, NULL) < 0)
+ return 1;
+
if (!strcmp(argv[1], "client1")) {
return client1(argc, argv);
} else if (!strcmp(argv[1], "server1")) {
@@ -167,4 +170,3 @@ main(int argc, char **argv)
return 1;
}
}
-
diff --git a/src/test/test_oom.c b/src/test/test_oom.c
index abf8896452..313a6b3114 100644
--- a/src/test/test_oom.c
+++ b/src/test/test_oom.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/* Unit tests for OOM handling logic */
@@ -7,16 +7,21 @@
#define BUFFERS_PRIVATE
#define CIRCUITLIST_PRIVATE
#define CONNECTION_PRIVATE
-#include "or.h"
-#include "buffers.h"
-#include "circuitlist.h"
-#include "compat_libevent.h"
-#include "connection.h"
-#include "config.h"
-#include "crypto_rand.h"
-#include "relay.h"
-#include "test.h"
-#include "test_helpers.h"
+#include "core/or/or.h"
+#include "lib/container/buffers.h"
+#include "core/or/circuitlist.h"
+#include "lib/evloop/compat_libevent.h"
+#include "core/mainloop/connection.h"
+#include "app/config/config.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "core/or/relay.h"
+#include "test/test.h"
+#include "test/test_helpers.h"
+
+#include "core/or/cell_st.h"
+#include "core/or/entry_connection_st.h"
+#include "core/or/or_circuit_st.h"
+#include "core/or/origin_circuit_st.h"
/* small replacement mock for circuit_mark_for_close_ to avoid doing all
* the other bookkeeping that comes with marking circuits. */
diff --git a/src/test/test_oos.c b/src/test/test_oos.c
index e72fcf5de9..5f9942d8ae 100644
--- a/src/test/test_oos.c
+++ b/src/test/test_oos.c
@@ -1,16 +1,20 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/* Unit tests for OOS handler */
#define CONNECTION_PRIVATE
-#include "or.h"
-#include "config.h"
-#include "connection.h"
-#include "connection_or.h"
-#include "main.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "app/config/config.h"
+#include "core/mainloop/connection.h"
+#include "core/or/connection_or.h"
+#include "feature/dircache/directory.h"
+#include "core/mainloop/main.h"
+#include "test/test.h"
+
+#include "feature/dircommon/dir_connection_st.h"
+#include "core/or/or_connection_st.h"
static or_options_t mock_options;
@@ -453,4 +457,3 @@ struct testcase_t oos_tests[] = {
{ "pick_oos_victims", test_oos_pick_oos_victims, TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_options.c b/src/test/test_options.c
index 65564f324c..56b7f3cf0f 100644
--- a/src/test/test_options.c
+++ b/src/test/test_options.c
@@ -1,24 +1,27 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define CONFIG_PRIVATE
-#include "or.h"
-#include "confparse.h"
-#include "config.h"
-#include "test.h"
-#include "geoip.h"
+#include "core/or/or.h"
+#include "app/config/confparse.h"
+#include "app/config/config.h"
+#include "test/test.h"
+#include "feature/stats/geoip.h"
#define ROUTERSET_PRIVATE
-#include "routerset.h"
-#include "main.h"
-#include "log_test_helpers.h"
-
-#include "sandbox.h"
-#include "memarea.h"
-#include "policies.h"
-#include "test_helpers.h"
+#include "feature/nodelist/routerset.h"
+#include "core/mainloop/main.h"
+#include "test/log_test_helpers.h"
+
+#include "lib/sandbox/sandbox.h"
+#include "lib/memarea/memarea.h"
+#include "lib/osinfo/uname.h"
+#include "lib/encoding/confline.h"
+#include "core/or/policies.h"
+#include "test/test_helpers.h"
+#include "lib/net/resolve.h"
#define NS_MODULE test_options
@@ -274,7 +277,7 @@ test_options_validate(void *arg)
return;
}
-#define MEGABYTEIFY(mb) (U64_LITERAL(mb) << 20)
+#define MEGABYTEIFY(mb) (UINT64_C(mb) << 20)
static void
test_have_enough_mem_for_dircache(void *arg)
{
@@ -470,6 +473,13 @@ test_options_validate__uname_for_server(void *ignored)
{
(void)ignored;
char *msg;
+
+#ifndef _WIN32
+ int unset_home_env = 0;
+ if (setenv("HOME", "/home/john", 0) == 0)
+ unset_home_env = 1;
+#endif
+
options_test_data_t *tdata = get_options_test_data(
"ORPort 127.0.0.1:5555");
setup_capture_of_logs(LOG_WARN);
@@ -509,6 +519,10 @@ test_options_validate__uname_for_server(void *ignored)
free_options_test_data(tdata);
tor_free(msg);
teardown_capture_of_logs();
+#ifndef _WIN32
+ if (unset_home_env)
+ unsetenv("HOME");
+#endif
}
static void
@@ -1410,6 +1424,13 @@ test_options_validate__paths_needed(void *ignored)
(void)ignored;
int ret;
char *msg;
+
+#ifndef _WIN32
+ int unset_home_env = 0;
+ if (setenv("HOME", "/home/john", 0) == 0)
+ unset_home_env = 1;
+#endif
+
setup_capture_of_logs(LOG_WARN);
options_test_data_t *tdata = get_options_test_data(
"PathsNeededToBuildCircuits 0.1\n"
@@ -1452,6 +1473,10 @@ test_options_validate__paths_needed(void *ignored)
teardown_capture_of_logs();
free_options_test_data(tdata);
tor_free(msg);
+#ifndef _WIN32
+ if (unset_home_env)
+ unsetenv("HOME");
+#endif
}
static void
@@ -1631,6 +1656,18 @@ test_options_validate__reachable_addresses(void *ignored)
tt_str_op(tdata->opt->ReachableAddresses->value, OP_EQ, "*:82");
tor_free(msg);
+ free_options_test_data(tdata);
+ mock_clean_saved_logs();
+ tdata = get_options_test_data("FascistFirewall 1\n"
+ "ReachableAddresses *:82\n"
+ "MaxClientCircuitsPending 1\n"
+ "ConnLimit 1\n");
+
+ ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+ tt_int_op(ret, OP_EQ, -1);
+ tt_ptr_op(tdata->opt->ReachableAddresses->next, OP_EQ, NULL);
+ tor_free(msg);
+
#define SERVERS_REACHABLE_MSG "Servers must be able to freely connect to" \
" the rest of the Internet, so they must not set Reachable*Addresses or" \
" FascistFirewall or FirewallPorts or ClientUseIPv4 0."
@@ -2422,36 +2459,6 @@ test_options_validate__circuits(void *ignored)
}
static void
-test_options_validate__tor2web(void *ignored)
-{
- (void)ignored;
- int ret;
- char *msg;
- options_test_data_t *tdata = NULL;
-
- free_options_test_data(tdata);
- tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
- "Tor2webRendezvousPoints 1\n");
- ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
- tt_int_op(ret, OP_EQ, -1);
- tt_str_op(msg, OP_EQ,
- "Tor2webRendezvousPoints cannot be set without Tor2webMode.");
- tor_free(msg);
-
- free_options_test_data(tdata);
- tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
- "Tor2webRendezvousPoints 1\nTor2webMode 1\n");
- ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
- tt_int_op(ret, OP_EQ, 0);
- tor_free(msg);
-
- done:
- policies_free_all();
- free_options_test_data(tdata);
- tor_free(msg);
-}
-
-static void
test_options_validate__rend(void *ignored)
{
(void)ignored;
@@ -2564,13 +2571,11 @@ test_options_validate__single_onion(void *ignored)
tt_ptr_op(msg, OP_EQ, NULL);
free_options_test_data(tdata);
- /* Test that SOCKSPort must come with Tor2webMode if
- * HiddenServiceSingleHopMode is 1 */
+ /* Test that SOCKSPort if HiddenServiceSingleHopMode is 1 */
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
"SOCKSPort 5000\n"
"HiddenServiceSingleHopMode 1\n"
"HiddenServiceNonAnonymousMode 1\n"
- "Tor2webMode 0\n"
);
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
tt_int_op(ret, OP_EQ, -1);
@@ -2585,7 +2590,6 @@ test_options_validate__single_onion(void *ignored)
"SOCKSPort 0\n"
"HiddenServiceSingleHopMode 1\n"
"HiddenServiceNonAnonymousMode 1\n"
- "Tor2webMode 0\n"
);
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
tt_int_op(ret, OP_EQ, 0);
@@ -2595,27 +2599,13 @@ test_options_validate__single_onion(void *ignored)
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
"SOCKSPort 5000\n"
"HiddenServiceSingleHopMode 0\n"
- "Tor2webMode 0\n"
);
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
tt_int_op(ret, OP_EQ, 0);
tt_ptr_op(msg, OP_EQ, NULL);
free_options_test_data(tdata);
- tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
- "SOCKSPort 5000\n"
- "HiddenServiceSingleHopMode 1\n"
- "HiddenServiceNonAnonymousMode 1\n"
- "Tor2webMode 1\n"
- );
- ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
- tt_int_op(ret, OP_EQ, 0);
- tt_ptr_op(msg, OP_EQ, NULL);
- free_options_test_data(tdata);
-
- /* Test that a hidden service can't be run with Tor2web
- * Use HiddenServiceNonAnonymousMode instead of Tor2webMode, because
- * Tor2webMode requires a compilation #define */
+ /* Test that a hidden service can't be run in non anonymous mode. */
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
"HiddenServiceNonAnonymousMode 1\n"
"HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
@@ -4220,7 +4210,6 @@ struct testcase_t options_tests[] = {
LOCAL_VALIDATE_TEST(path_bias),
LOCAL_VALIDATE_TEST(bandwidth),
LOCAL_VALIDATE_TEST(circuits),
- LOCAL_VALIDATE_TEST(tor2web),
LOCAL_VALIDATE_TEST(rend),
LOCAL_VALIDATE_TEST(single_onion),
LOCAL_VALIDATE_TEST(accounting),
@@ -4237,4 +4226,3 @@ struct testcase_t options_tests[] = {
LOCAL_VALIDATE_TEST(accel),
END_OF_TESTCASES /* */
};
-
diff --git a/src/test/test_pem.c b/src/test/test_pem.c
new file mode 100644
index 0000000000..2bae286e25
--- /dev/null
+++ b/src/test/test_pem.c
@@ -0,0 +1,122 @@
+/* Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+
+#include "lib/encoding/pem.h"
+#include "lib/cc/compat_compiler.h"
+#include "lib/malloc/malloc.h"
+
+#include "test/test.h"
+
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+static const char example_pre[] =
+ "Lest you get the wrong impression, we wombats "
+ "are not in the habit of tunneling madly about, without any supplies "
+ "or even a map."; /* -- Ursula Vernon, _Digger_ */
+static const char expected[] =
+ "-----BEGIN WOMBAT QUOTE-----\n"
+ "TGVzdCB5b3UgZ2V0IHRoZSB3cm9uZyBpbXByZXNzaW9uLCB3ZSB3b21iYXRzIGFy\n"
+ "ZSBub3QgaW4gdGhlIGhhYml0IG9mIHR1bm5lbGluZyBtYWRseSBhYm91dCwgd2l0\n"
+ "aG91dCBhbnkgc3VwcGxpZXMgb3IgZXZlbiBhIG1hcC4=\n"
+ "-----END WOMBAT QUOTE-----\n";
+
+static void
+test_crypto_pem_encode(void *arg)
+{
+ (void)arg;
+
+ char buf[4096];
+
+ int n = (int) pem_encoded_size(strlen(example_pre), "WOMBAT QUOTE");
+
+ int n2 = pem_encode(buf, sizeof(buf),
+ (const unsigned char *)example_pre, strlen(example_pre),
+ "WOMBAT QUOTE");
+ tt_int_op(strlen(buf)+1, OP_EQ, n);
+ tt_int_op(n2, OP_EQ, 0);
+ tt_str_op(buf, OP_EQ, expected);
+
+ /* Now make sure it succeeds if the buffer is exactly the length we want. */
+ memset(buf, 0, sizeof(buf));
+ n2 = pem_encode(buf, n, (const unsigned char *)example_pre,
+ strlen(example_pre), "WOMBAT QUOTE");
+ tt_int_op(n2, OP_EQ, 0);
+ tt_str_op(buf, OP_EQ, expected);
+
+ /* Make sure it fails if the buffer is too short. */
+ memset(buf, 0, sizeof(buf));
+ n2 = pem_encode(buf, n - 1, (const unsigned char *)example_pre,
+ strlen(example_pre), "WOMBAT QUOTE");
+ tt_int_op(n2, OP_EQ, -1);
+
+ done:
+ ;
+}
+
+static void
+test_crypto_pem_decode(void *arg)
+{
+ (void)arg;
+
+ unsigned char buf[4096];
+
+ /* Try a straightforward decoding. */
+ int n = pem_decode(buf, sizeof(buf),
+ expected, strlen(expected),
+ "WOMBAT QUOTE");
+ tt_int_op(n, OP_EQ, strlen(example_pre));
+ tt_mem_op(buf, OP_EQ, example_pre, n);
+
+ /* Succeed if the buffer is exactly the right size. */
+ memset(buf, 0xff, sizeof(buf));
+ n = pem_decode(buf, strlen(example_pre),
+ expected, strlen(expected),
+ "WOMBAT QUOTE");
+ tt_int_op(n, OP_EQ, strlen(example_pre));
+ tt_mem_op(buf, OP_EQ, example_pre, n);
+ tt_int_op(buf[n], OP_EQ, 0xff);
+
+ /* Verify that it fails if the buffer is too small. */
+ memset(buf, 0xff, sizeof(buf));
+ n = pem_decode(buf, strlen(example_pre) - 1,
+ expected, strlen(expected),
+ "WOMBAT QUOTE");
+ tt_int_op(n, OP_EQ, -1);
+
+ /* Verify that it fails with an incorrect tag. */
+ memset(buf, 0xff, sizeof(buf));
+ n = pem_decode(buf, sizeof(buf),
+ expected, strlen(expected),
+ "QUOKKA VOTE");
+ tt_int_op(n, OP_EQ, -1);
+
+ /* Try truncated buffers of different sizes. */
+ size_t i;
+ for (i = 0; i <= strlen(expected); ++i) {
+ char *truncated = tor_memdup(expected, i);
+ n = pem_decode(buf, sizeof(buf),
+ truncated, i,
+ "WOMBAT QUOTE");
+ tor_free(truncated);
+ if (i < strlen(expected) - 1) {
+ tt_int_op(n, OP_EQ, -1);
+ } else {
+ tt_int_op(n, OP_EQ, strlen(example_pre));
+ }
+ }
+
+ done:
+ ;
+}
+
+struct testcase_t pem_tests[] = {
+ { "encode", test_crypto_pem_encode, 0, NULL, NULL },
+ { "decode", test_crypto_pem_decode, 0, NULL, NULL },
+ END_OF_TESTCASES
+};
diff --git a/src/test/test_periodic_event.c b/src/test/test_periodic_event.c
index 34689b64f4..b447ae8888 100644
--- a/src/test/test_periodic_event.c
+++ b/src/test/test_periodic_event.c
@@ -11,15 +11,15 @@
#define HS_SERVICE_PRIVATE
#define MAIN_PRIVATE
-#include "test.h"
-#include "test_helpers.h"
+#include "test/test.h"
+#include "test/test_helpers.h"
-#include "or.h"
-#include "config.h"
-#include "hibernate.h"
-#include "hs_service.h"
-#include "main.h"
-#include "periodic.h"
+#include "core/or/or.h"
+#include "app/config/config.h"
+#include "feature/hibernate/hibernate.h"
+#include "feature/hs/hs_service.h"
+#include "core/mainloop/main.h"
+#include "core/mainloop/periodic.h"
/** Helper function: This is replaced in some tests for the event callbacks so
* we don't actually go into the code path of those callbacks. */
@@ -106,11 +106,11 @@ test_pe_launch(void *arg)
periodic_event_item_t *item = &periodic_events[i];
if (item->roles & PERIODIC_EVENT_ROLE_CLIENT) {
tt_int_op(periodic_event_is_enabled(item), OP_EQ, 1);
- tt_u64_op(item->last_action_time, OP_NE, 0);
} else {
tt_int_op(periodic_event_is_enabled(item), OP_EQ, 0);
- tt_u64_op(item->last_action_time, OP_EQ, 0);
}
+ // enabled or not, the event has not yet been run.
+ tt_u64_op(item->last_action_time, OP_EQ, 0);
}
/* Remove Client but become a Relay. */
@@ -127,12 +127,9 @@ test_pe_launch(void *arg)
/* Only Client role should be disabled. */
if (item->roles == PERIODIC_EVENT_ROLE_CLIENT) {
tt_int_op(periodic_event_is_enabled(item), OP_EQ, 0);
- /* Was previously enabled so they should never be to 0. */
- tt_u64_op(item->last_action_time, OP_NE, 0);
}
if (item->roles & PERIODIC_EVENT_ROLE_RELAY) {
tt_int_op(periodic_event_is_enabled(item), OP_EQ, 1);
- tt_u64_op(item->last_action_time, OP_NE, 0);
}
/* Non Relay role should be disabled, except for Dirserver. */
if (!(item->roles & roles)) {
@@ -330,4 +327,3 @@ struct testcase_t periodic_event_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_policy.c b/src/test/test_policy.c
index e89d49aaf5..6a07e5b1f8 100644
--- a/src/test/test_policy.c
+++ b/src/test/test_policy.c
@@ -1,14 +1,21 @@
-/* Copyright (c) 2013-2017, The Tor Project, Inc. */
+/* Copyright (c) 2013-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
-#include "or.h"
+#include "core/or/or.h"
#define CONFIG_PRIVATE
-#include "config.h"
-#include "router.h"
-#include "routerparse.h"
+#include "app/config/config.h"
+#include "feature/relay/router.h"
+#include "feature/nodelist/routerparse.h"
#define POLICIES_PRIVATE
-#include "policies.h"
-#include "test.h"
+#include "core/or/policies.h"
+#include "lib/encoding/confline.h"
+#include "test/test.h"
+
+#include "core/or/addr_policy_st.h"
+#include "feature/nodelist/node_st.h"
+#include "core/or/port_cfg_st.h"
+#include "feature/nodelist/routerinfo_st.h"
+#include "feature/nodelist/routerstatus_st.h"
/* Helper: assert that short_policy parses and writes back out as itself,
or as <b>expected</b> if that's provided. */
@@ -1699,7 +1706,7 @@ test_policies_getinfo_helper_policies(void *arg)
rv = getinfo_helper_policies(NULL, "exit-policy/full", &answer,
&errmsg);
- tt_int_op(rv, OP_EQ, 0);
+ tt_int_op(rv, OP_EQ, -1);
tt_ptr_op(answer, OP_EQ, NULL);
tt_ptr_op(errmsg, OP_NE, NULL);
tt_str_op(errmsg, OP_EQ, "Key digest failed");
@@ -2445,4 +2452,3 @@ struct testcase_t policy_tests[] = {
test_policies_fascist_firewall_choose_address, 0, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_procmon.c b/src/test/test_procmon.c
index 5c52af8693..2c7918f580 100644
--- a/src/test/test_procmon.c
+++ b/src/test/test_procmon.c
@@ -1,14 +1,14 @@
-/* Copyright (c) 2010-2017, The Tor Project, Inc. */
+/* Copyright (c) 2010-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define PROCMON_PRIVATE
#include "orconfig.h"
-#include "or.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "test/test.h"
-#include "procmon.h"
+#include "lib/evloop/procmon.h"
-#include "log_test_helpers.h"
+#include "test/log_test_helpers.h"
#define NS_MODULE procmon
diff --git a/src/test/test_proto_http.c b/src/test/test_proto_http.c
index 2f36fbccd7..1cfa0a752c 100644
--- a/src/test/test_proto_http.c
+++ b/src/test/test_proto_http.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2017, The Tor Project, Inc. */
+/* Copyright (c) 2017-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -6,11 +6,11 @@
* \brief Tests for our HTTP protocol parser code
*/
-#include "or.h"
-#include "test.h"
-#include "buffers.h"
-#include "proto_http.h"
-#include "log_test_helpers.h"
+#include "core/or/or.h"
+#include "test/test.h"
+#include "lib/container/buffers.h"
+#include "core/proto/proto_http.h"
+#include "test/log_test_helpers.h"
#define S(str) str, sizeof(str)-1
diff --git a/src/test/test_proto_misc.c b/src/test/test_proto_misc.c
index 263ca47447..1fcb763421 100644
--- a/src/test/test_proto_misc.c
+++ b/src/test/test_proto_misc.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2017, The Tor Project, Inc. */
+/* Copyright (c) 2017-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -6,14 +6,16 @@
* \brief Test our smaller buffer-based protocol functions
*/
-#include "or.h"
-#include "test.h"
-#include "buffers.h"
-#include "connection_or.h"
-#include "ext_orport.h"
-#include "proto_cell.h"
-#include "proto_control0.h"
-#include "proto_ext_or.h"
+#include "core/or/or.h"
+#include "test/test.h"
+#include "lib/container/buffers.h"
+#include "core/or/connection_or.h"
+#include "feature/relay/ext_orport.h"
+#include "core/proto/proto_cell.h"
+#include "core/proto/proto_control0.h"
+#include "core/proto/proto_ext_or.h"
+
+#include "core/or/var_cell_st.h"
static void
test_proto_var_cell(void *arg)
diff --git a/src/test/test_protover.c b/src/test/test_protover.c
index 70b7c9a85f..8da1e9d8a0 100644
--- a/src/test/test_protover.c
+++ b/src/test/test_protover.c
@@ -1,15 +1,15 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define PROTOVER_PRIVATE
#include "orconfig.h"
-#include "test.h"
+#include "test/test.h"
-#include "protover.h"
+#include "core/or/protover.h"
-#include "or.h"
-#include "connection_or.h"
+#include "core/or/or.h"
+#include "core/or/connection_or.h"
static void
test_protover_parse(void *arg)
@@ -167,6 +167,14 @@ test_protover_vote(void *arg)
tt_str_op(result, OP_EQ, "");
tor_free(result);
+ /* Don't count double-voting. */
+ smartlist_clear(lst);
+ smartlist_add(lst, (void*) "Foo=1 Foo=1");
+ smartlist_add(lst, (void*) "Bar=1-2,2-3");
+ result = protover_compute_vote(lst, 2);
+ tt_str_op(result, OP_EQ, "");
+ tor_free(result);
+
/* Bad votes: the result must be empty */
smartlist_clear(lst);
smartlist_add(lst, (void*) "Faux=10-5");
@@ -290,13 +298,13 @@ test_protover_all_supported(void *arg)
tor_free(msg);
/* We shouldn't be able to DoS ourselves parsing a large range. */
- tt_assert(! protover_all_supported("Sleen=0-2147483648", &msg));
- tt_str_op(msg, OP_EQ, "Sleen=0-2147483648");
+ tt_assert(! protover_all_supported("Sleen=1-2147483648", &msg));
+ tt_str_op(msg, OP_EQ, "Sleen=1-2147483648");
tor_free(msg);
/* This case is allowed. */
- tt_assert(! protover_all_supported("Sleen=0-4294967294", &msg));
- tt_str_op(msg, OP_EQ, "Sleen=0-4294967294");
+ tt_assert(! protover_all_supported("Sleen=1-4294967294", &msg));
+ tt_str_op(msg, OP_EQ, "Sleen=1-4294967294");
tor_free(msg);
/* If we get a (barely) valid (but unsupported list, we say "yes, that's
@@ -313,7 +321,7 @@ test_protover_all_supported(void *arg)
/* If we get a completely unparseable list, protover_all_supported should
* hit a fatal assertion for BUG(entries == NULL). */
tor_capture_bugs_(1);
- tt_assert(protover_all_supported("Sleen=0-4294967295", &msg));
+ tt_assert(protover_all_supported("Sleen=1-4294967295", &msg));
tor_end_capture_bugs_();
/* Protocol name too long */
@@ -444,10 +452,12 @@ test_protover_supported_protocols(void *arg)
}
}
+#ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS
/* Legacy LinkAuth does not appear anywhere in the code. */
tt_assert(protocol_list_supports_protocol(supported_protocols,
PRT_LINKAUTH,
PROTOVER_LINKAUTH_V1));
+#endif
/* Latest LinkAuth is not exposed in the headers. */
tt_assert(protocol_list_supports_protocol(supported_protocols,
PRT_LINKAUTH,
@@ -548,11 +558,11 @@ test_protover_vote_roundtrip(void *args)
{ "Zn=4294967295-1", NULL },
{ "Zn=4294967293-4294967295", NULL },
/* Will fail because of 4294967295. */
- { "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,900 Zn=0,4294967295",
+ { "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,900 Zn=1,4294967295",
NULL },
- { "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,900 Zn=0,4294967294",
- "Bar=3 Foo=1,3 Quux=9-12,14-16,900 Zn=0,4294967294" },
- { "Zu16=0,65536", "Zu16=0,65536" },
+ { "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,900 Zn=1,4294967294",
+ "Bar=3 Foo=1,3 Quux=9-12,14-16,900 Zn=1,4294967294" },
+ { "Zu16=1,65536", "Zu16=1,65536" },
{ "N-1=1,2", "N-1=1-2" },
{ "-1=4294967295", NULL },
{ "-1=3", "-1=3" },
@@ -575,15 +585,23 @@ test_protover_vote_roundtrip(void *args)
{ "Faux=-1", NULL },
{ "Faux=-1-3", NULL },
{ "Faux=1--1", NULL },
+ { "Link=1-2-", NULL },
+ { "Link=1-2-3", NULL },
+ { "Faux=1-2-", NULL },
+ { "Faux=1-2-3", NULL },
+ { "Link=\t1,3", NULL },
+ { "Link=1\n,3", NULL },
+ { "Faux=1,\r3", NULL },
+ { "Faux=1,3\f", NULL },
/* Large integers */
{ "Link=4294967296", NULL },
/* Large range */
{ "Sleen=1-501", "Sleen=1-501" },
{ "Sleen=1-65537", NULL },
/* Both C/Rust implementations should be able to handle this mild DoS. */
- { "Sleen=0-2147483648", NULL },
+ { "Sleen=1-2147483648", NULL },
/* Rust tests are built in debug mode, so ints are bounds-checked. */
- { "Sleen=0-4294967295", NULL },
+ { "Sleen=1-4294967295", NULL },
};
unsigned u;
smartlist_t *votes = smartlist_new();
@@ -625,4 +643,3 @@ struct testcase_t protover_tests[] = {
PV_TEST(vote_roundtrip, 0),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_pt.c b/src/test/test_pt.c
index 07b6712ff9..d0160d1148 100644
--- a/src/test/test_pt.c
+++ b/src/test/test_pt.c
@@ -1,6 +1,6 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
@@ -8,15 +8,20 @@
#define UTIL_PRIVATE
#define STATEFILE_PRIVATE
#define CONTROL_PRIVATE
-#include "or.h"
-#include "config.h"
-#include "confparse.h"
-#include "control.h"
-#include "transports.h"
-#include "circuitbuild.h"
-#include "util.h"
-#include "statefile.h"
-#include "test.h"
+#define SUBPROCESS_PRIVATE
+#include "core/or/or.h"
+#include "app/config/config.h"
+#include "app/config/confparse.h"
+#include "feature/control/control.h"
+#include "feature/client/transports.h"
+#include "core/or/circuitbuild.h"
+#include "app/config/statefile.h"
+#include "test/test.h"
+#include "lib/process/subprocess.h"
+#include "lib/encoding/confline.h"
+#include "lib/net/resolve.h"
+
+#include "app/config/or_state_st.h"
static void
reset_mp(managed_proxy_t *mp)
@@ -544,4 +549,3 @@ struct testcase_t pt_tests[] = {
NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_pubsub.c b/src/test/test_pubsub.c
deleted file mode 100644
index 2f047d9f2c..0000000000
--- a/src/test/test_pubsub.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
- * \file test_pubsub.c
- * \brief Unit tests for publish-subscribe abstraction.
- **/
-
-#include "or.h"
-#include "test.h"
-#include "pubsub.h"
-
-DECLARE_PUBSUB_STRUCT_TYPES(foobar)
-DECLARE_PUBSUB_TOPIC(foobar)
-DECLARE_NOTIFY_PUBSUB_TOPIC(static, foobar)
-IMPLEMENT_PUBSUB_TOPIC(static, foobar)
-
-struct foobar_event_data_t {
- unsigned u;
- const char *s;
-};
-
-struct foobar_subscriber_data_t {
- const char *name;
- long l;
-};
-
-static int
-foobar_sub1(foobar_event_data_t *ev, foobar_subscriber_data_t *mine)
-{
- ev->u += 10;
- mine->l += 100;
- return 0;
-}
-
-static int
-foobar_sub2(foobar_event_data_t *ev, foobar_subscriber_data_t *mine)
-{
- ev->u += 5;
- mine->l += 50;
- return 0;
-}
-
-static void
-test_pubsub_basic(void *arg)
-{
- (void)arg;
- foobar_subscriber_data_t subdata1 = { "hi", 0 };
- foobar_subscriber_data_t subdata2 = { "wow", 0 };
- const foobar_subscriber_t *sub1;
- const foobar_subscriber_t *sub2;
- foobar_event_data_t ed = { 0, "x" };
- foobar_event_data_t ed2 = { 0, "y" };
- sub1 = foobar_subscribe(foobar_sub1, &subdata1, SUBSCRIBE_ATSTART, 100);
- tt_assert(sub1);
-
- foobar_notify(&ed, 0);
- tt_int_op(subdata1.l, OP_EQ, 100);
- tt_int_op(subdata2.l, OP_EQ, 0);
- tt_int_op(ed.u, OP_EQ, 10);
-
- sub2 = foobar_subscribe(foobar_sub2, &subdata2, 0, 5);
- tt_assert(sub2);
-
- foobar_notify(&ed2, 0);
- tt_int_op(subdata1.l, OP_EQ, 200);
- tt_int_op(subdata2.l, OP_EQ, 50);
- tt_int_op(ed2.u, OP_EQ, 15);
-
- foobar_unsubscribe(sub1);
-
- foobar_notify(&ed, 0);
- tt_int_op(subdata1.l, OP_EQ, 200);
- tt_int_op(subdata2.l, OP_EQ, 100);
- tt_int_op(ed.u, OP_EQ, 15);
-
- done:
- foobar_clear();
-}
-
-struct testcase_t pubsub_tests[] = {
- { "pubsub_basic", test_pubsub_basic, TT_FORK, NULL, NULL },
- END_OF_TESTCASES
-};
-
diff --git a/src/test/test_rebind.py b/src/test/test_rebind.py
new file mode 100644
index 0000000000..f02cb79b78
--- /dev/null
+++ b/src/test/test_rebind.py
@@ -0,0 +1,89 @@
+#!/usr/bin/python3
+
+from __future__ import print_function
+
+import sys
+import subprocess
+import socket
+import os
+import time
+import random
+
+def try_connecting_to_socksport():
+ socks_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ if socks_socket.connect_ex(('127.0.0.1', socks_port)):
+ tor_process.terminate()
+ print('FAIL')
+ sys.exit('Cannot connect to SOCKSPort')
+ socks_socket.close()
+
+def wait_for_log(s):
+ while True:
+ l = tor_process.stdout.readline()
+ if s in l.decode('utf8'):
+ return
+
+def pick_random_port():
+ port = 0
+ random.seed()
+
+ for i in range(8):
+ port = random.randint(10000, 60000)
+ s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ if s.connect_ex(('127.0.0.1', port)) == 0:
+ s.close()
+ else:
+ break
+
+ return port
+
+control_port = pick_random_port()
+socks_port = pick_random_port()
+
+assert control_port != 0
+assert socks_port != 0
+
+if not os.path.exists(sys.argv[1]):
+ sys.exit('ERROR: cannot find tor at %s' % sys.argv[1])
+
+tor_path = sys.argv[1]
+
+tor_process = subprocess.Popen([tor_path,
+ '-ControlPort', '127.0.0.1:{}'.format(control_port),
+ '-SOCKSPort', '127.0.0.1:{}'.format(socks_port),
+ '-FetchServerDescriptors', '0'],
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE)
+
+if tor_process == None:
+ sys.exit('ERROR: running tor failed')
+
+if len(sys.argv) < 2:
+ sys.exit('Usage: %s <path-to-tor>' % sys.argv[0])
+
+wait_for_log('Opened Control listener on')
+
+try_connecting_to_socksport()
+
+control_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+if control_socket.connect_ex(('127.0.0.1', control_port)):
+ tor_process.terminate()
+ print('FAIL')
+ sys.exit('Cannot connect to ControlPort')
+
+control_socket.sendall('AUTHENTICATE \r\n'.encode('utf8'))
+control_socket.sendall('SETCONF SOCKSPort=0.0.0.0:{}\r\n'.format(socks_port).encode('utf8'))
+wait_for_log('Opened Socks listener')
+
+try_connecting_to_socksport()
+
+control_socket.sendall('SETCONF SOCKSPort=127.0.0.1:{}\r\n'.format(socks_port).encode('utf8'))
+wait_for_log('Opened Socks listener')
+
+try_connecting_to_socksport()
+
+control_socket.sendall('SIGNAL HALT\r\n'.encode('utf8'))
+
+time.sleep(0.1)
+print('OK')
+tor_process.terminate()
diff --git a/src/test/test_rebind.sh b/src/test/test_rebind.sh
new file mode 100755
index 0000000000..76eb9f2e4d
--- /dev/null
+++ b/src/test/test_rebind.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -x
+
+UNAME_OS=$(uname -s | cut -d_ -f1)
+if test "$UNAME_OS" = 'CYGWIN' || \
+ test "$UNAME_OS" = 'MSYS' || \
+ test "$UNAME_OS" = 'MINGW'; then
+ if test "$APPVEYOR" = 'True'; then
+ echo "This test is disabled on Windows CI, as it requires firewall examptions. Skipping." >&2
+ exit 77
+ fi
+fi
+
+exitcode=0
+
+"${PYTHON:-python}" "${abs_top_srcdir:-.}/src/test/test_rebind.py" "${TESTING_TOR_BINARY}" || exitcode=1
+
+exit ${exitcode}
diff --git a/src/test/test_relay.c b/src/test/test_relay.c
index 73c0ed5586..25084fab37 100644
--- a/src/test/test_relay.c
+++ b/src/test/test_relay.c
@@ -1,17 +1,21 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
-#include "or.h"
+#include "core/or/or.h"
#define CIRCUITBUILD_PRIVATE
-#include "circuitbuild.h"
+#include "core/or/circuitbuild.h"
+#include "core/or/circuitlist.h"
#define RELAY_PRIVATE
-#include "relay.h"
+#include "core/or/relay.h"
/* For init/free stuff */
-#include "scheduler.h"
+#include "core/or/scheduler.h"
+
+#include "core/or/cell_st.h"
+#include "core/or/or_circuit_st.h"
/* Test suite stuff */
-#include "test.h"
-#include "fakechans.h"
+#include "test/test.h"
+#include "test/fakechans.h"
static or_circuit_t * new_fake_orcirc(channel_t *nchan, channel_t *pchan);
@@ -127,4 +131,3 @@ struct testcase_t relay_tests[] = {
TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_relaycell.c b/src/test/test_relaycell.c
index ee495cadac..2d020ec472 100644
--- a/src/test/test_relaycell.c
+++ b/src/test/test_relaycell.c
@@ -1,22 +1,29 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/* Unit tests for handling different kinds of relay cell */
#define RELAY_PRIVATE
#define CIRCUITLIST_PRIVATE
-#include "or.h"
-#include "main.h"
-#include "config.h"
-#include "connection.h"
-#include "crypto.h"
-#include "crypto_rand.h"
-#include "circuitbuild.h"
-#include "circuitlist.h"
-#include "connection_edge.h"
-#include "log_test_helpers.h"
-#include "relay.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "core/mainloop/main.h"
+#include "app/config/config.h"
+#include "core/mainloop/connection.h"
+#include "lib/crypt_ops/crypto_cipher.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "core/or/circuitbuild.h"
+#include "core/or/circuitlist.h"
+#include "core/or/connection_edge.h"
+#include "core/or/relay.h"
+#include "test/test.h"
+#include "test/log_test_helpers.h"
+
+#include "core/or/cell_st.h"
+#include "core/or/crypt_path_st.h"
+#include "core/or/entry_connection_st.h"
+#include "core/or/origin_circuit_st.h"
+#include "core/or/socks_request_st.h"
+#include "core/or/half_edge_st.h"
static int srm_ncalls;
static entry_connection_t *srm_conn;
diff --git a/src/test/test_relaycrypt.c b/src/test/test_relaycrypt.c
index 60bd479719..c3cfb7d10b 100644
--- a/src/test/test_relaycrypt.c
+++ b/src/test/test_relaycrypt.c
@@ -3,14 +3,19 @@
* Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
-#include "or.h"
-#include "circuitbuild.h"
+#include "core/or/or.h"
+#include "core/or/circuitbuild.h"
#define CIRCUITLIST_PRIVATE
-#include "circuitlist.h"
-#include "crypto_rand.h"
-#include "relay.h"
-#include "relay_crypto.h"
-#include "test.h"
+#include "core/or/circuitlist.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "core/or/relay.h"
+#include "core/crypto/relay_crypto.h"
+
+#include "core/or/cell_st.h"
+#include "core/or/or_circuit_st.h"
+#include "core/or/origin_circuit_st.h"
+
+#include "test/test.h"
static const char KEY_MATERIAL[3][CPATH_KEY_MATERIAL_LEN] = {
" 'My public key is in this signed x509 object', said Tom assertively.",
diff --git a/src/test/test_rendcache.c b/src/test/test_rendcache.c
index 9f6cfc4a22..394e28d785 100644
--- a/src/test/test_rendcache.c
+++ b/src/test/test_rendcache.c
@@ -1,18 +1,25 @@
-/* Copyright (c) 2010-2017, The Tor Project, Inc. */
+/* Copyright (c) 2010-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
-#include "or.h"
+#include "core/or/or.h"
-#include "test.h"
+#include "test/test.h"
#define RENDCACHE_PRIVATE
-#include "rendcache.h"
-#include "router.h"
-#include "routerlist.h"
-#include "config.h"
-#include "hs_common.h"
-#include "rend_test_helpers.h"
-#include "log_test_helpers.h"
+#include "feature/rend/rendcache.h"
+#include "feature/relay/router.h"
+#include "feature/nodelist/routerlist.h"
+#include "app/config/config.h"
+#include "feature/hs/hs_common.h"
+
+#include "core/or/extend_info_st.h"
+#include "feature/rend/rend_encoded_v2_service_descriptor_st.h"
+#include "feature/rend/rend_intro_point_st.h"
+#include "feature/rend/rend_service_descriptor_st.h"
+#include "feature/nodelist/routerinfo_st.h"
+
+#include "test/rend_test_helpers.h"
+#include "test/log_test_helpers.h"
#define NS_MODULE rend_cache
diff --git a/src/test/test_replay.c b/src/test/test_replay.c
index d8dcc7370c..bca3a6660a 100644
--- a/src/test/test_replay.c
+++ b/src/test/test_replay.c
@@ -1,12 +1,12 @@
-/* Copyright (c) 2012-2017, The Tor Project, Inc. */
+/* Copyright (c) 2012-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define REPLAYCACHE_PRIVATE
#include "orconfig.h"
-#include "or.h"
-#include "replaycache.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "feature/hs_common/replaycache.h"
+#include "test/test.h"
static const char *test_buffer =
"Lorem ipsum dolor sit amet, consectetur adipisici elit, sed do eiusmod"
diff --git a/src/test/test_router.c b/src/test/test_router.c
index 4e96e24534..533135669f 100644
--- a/src/test/test_router.c
+++ b/src/test/test_router.c
@@ -1,21 +1,26 @@
-/* Copyright (c) 2017, The Tor Project, Inc. */
+/* Copyright (c) 2017-2018, The Tor Project, Inc. */
/* Copyright (c) 2017, isis agora lovecruft */
/* See LICENSE for licensing information */
/**
* \file test_router.c
- * \brief Unittests for code in src/or/router.c
+ * \brief Unittests for code in router.c
**/
-#include "or.h"
-#include "config.h"
-#include "crypto_curve25519.h"
-#include "crypto_ed25519.h"
-#include "router.h"
-#include "routerlist.h"
+#include "core/or/or.h"
+#include "app/config/config.h"
+#include "core/mainloop/main.h"
+#include "feature/hibernate/hibernate.h"
+#include "feature/nodelist/routerinfo_st.h"
+#include "feature/nodelist/routerlist.h"
+#include "feature/relay/router.h"
+#include "feature/stats/rephist.h"
+#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
/* Test suite stuff */
-#include "test.h"
+#include "test/test.h"
+#include "test/log_test_helpers.h"
NS_DECL(const routerinfo_t *, router_get_my_routerinfo, (void));
@@ -47,9 +52,12 @@ NS(router_get_my_routerinfo)(void)
mock_routerinfo->platform = tor_strdup("unittest");
mock_routerinfo->cache_info.published_on = now;
mock_routerinfo->identity_pkey = crypto_pk_dup_key(ident_key);
- mock_routerinfo->onion_pkey = crypto_pk_dup_key(tap_key);
+ router_set_rsa_onion_pkey(tap_key, &mock_routerinfo->onion_pkey,
+ &mock_routerinfo->onion_pkey_len);
mock_routerinfo->bandwidthrate = 9001;
mock_routerinfo->bandwidthburst = 9002;
+ crypto_pk_free(ident_key);
+ crypto_pk_free(tap_key);
}
return mock_routerinfo;
@@ -87,11 +95,14 @@ test_router_dump_router_to_string_no_bridge_distribution_method(void *arg)
/* Generate our server descriptor and ensure that the substring
* "bridge-distribution-request any" occurs somewhere within it. */
+ crypto_pk_t *onion_pkey = router_get_rsa_onion_pkey(router->onion_pkey,
+ router->onion_pkey_len);
desc = router_dump_router_to_string(router,
router->identity_pkey,
- router->onion_pkey,
+ onion_pkey,
&ntor_keypair,
&signing_keypair);
+ crypto_pk_free(onion_pkey);
tt_ptr_op(desc, !=, NULL);
found = strstr(desc, needle);
tt_ptr_op(found, !=, NULL);
@@ -102,11 +113,129 @@ test_router_dump_router_to_string_no_bridge_distribution_method(void *arg)
tor_free(desc);
}
+static routerinfo_t *mock_router_get_my_routerinfo_result = NULL;
+
+static const routerinfo_t *
+mock_router_get_my_routerinfo(void)
+{
+ return mock_router_get_my_routerinfo_result;
+}
+
+static long
+mock_get_uptime_3h(void)
+{
+ return 3*60*60;
+}
+
+static long
+mock_get_uptime_1d(void)
+{
+ return 24*60*60;
+}
+
+static int
+mock_rep_hist_bandwidth_assess(void)
+{
+ return 20001;
+}
+
+static int
+mock_we_are_not_hibernating(void)
+{
+ return 0;
+}
+
+static int
+mock_we_are_hibernating(void)
+{
+ return 0;
+}
+
+static void
+test_router_check_descriptor_bandwidth_changed(void *arg)
+{
+ (void)arg;
+ routerinfo_t routerinfo;
+ memset(&routerinfo, 0, sizeof(routerinfo));
+ mock_router_get_my_routerinfo_result = NULL;
+
+ MOCK(we_are_hibernating, mock_we_are_not_hibernating);
+ MOCK(router_get_my_routerinfo, mock_router_get_my_routerinfo);
+ mock_router_get_my_routerinfo_result = &routerinfo;
+
+ /* When uptime is less than 24h, no previous bandwidth, no last_changed
+ * Uptime: 10800, last_changed: 0, Previous bw: 0, Current bw: 0 */
+ routerinfo.bandwidthcapacity = 0;
+ MOCK(get_uptime, mock_get_uptime_3h);
+ setup_full_capture_of_logs(LOG_INFO);
+ check_descriptor_bandwidth_changed(time(NULL));
+ expect_log_msg_not_containing(
+ "Measured bandwidth has changed; rebuilding descriptor.");
+ teardown_capture_of_logs();
+
+ /* When uptime is less than 24h, previous bandwidth,
+ * last_changed more than 3h ago
+ * Uptime: 10800, last_changed: 0, Previous bw: 10000, Current bw: 0 */
+ routerinfo.bandwidthcapacity = 10000;
+ setup_full_capture_of_logs(LOG_INFO);
+ check_descriptor_bandwidth_changed(time(NULL));
+ expect_log_msg_containing(
+ "Measured bandwidth has changed; rebuilding descriptor.");
+ teardown_capture_of_logs();
+
+ /* When uptime is less than 24h, previous bandwidth,
+ * last_changed more than 3h ago, and hibernating
+ * Uptime: 10800, last_changed: 0, Previous bw: 10000, Current bw: 0 */
+
+ UNMOCK(we_are_hibernating);
+ MOCK(we_are_hibernating, mock_we_are_hibernating);
+ routerinfo.bandwidthcapacity = 10000;
+ setup_full_capture_of_logs(LOG_INFO);
+ check_descriptor_bandwidth_changed(time(NULL));
+ expect_log_msg_not_containing(
+ "Measured bandwidth has changed; rebuilding descriptor.");
+ teardown_capture_of_logs();
+ UNMOCK(we_are_hibernating);
+ MOCK(we_are_hibernating, mock_we_are_not_hibernating);
+
+ /* When uptime is less than 24h, last_changed is not more than 3h ago
+ * Uptime: 10800, last_changed: x, Previous bw: 10000, Current bw: 0 */
+ setup_full_capture_of_logs(LOG_INFO);
+ check_descriptor_bandwidth_changed(time(NULL));
+ expect_log_msg_not_containing(
+ "Measured bandwidth has changed; rebuilding descriptor.");
+ teardown_capture_of_logs();
+
+ /* When uptime is less than 24h and bandwidthcapacity does not change
+ * Uptime: 10800, last_changed: x, Previous bw: 10000, Current bw: 20001 */
+ MOCK(rep_hist_bandwidth_assess, mock_rep_hist_bandwidth_assess);
+ setup_full_capture_of_logs(LOG_INFO);
+ check_descriptor_bandwidth_changed(time(NULL) + 6*60*60 + 1);
+ expect_log_msg_containing(
+ "Measured bandwidth has changed; rebuilding descriptor.");
+ UNMOCK(get_uptime);
+ UNMOCK(rep_hist_bandwidth_assess);
+ teardown_capture_of_logs();
+
+ /* When uptime is more than 24h */
+ MOCK(get_uptime, mock_get_uptime_1d);
+ setup_full_capture_of_logs(LOG_INFO);
+ check_descriptor_bandwidth_changed(time(NULL));
+ expect_log_msg_not_containing(
+ "Measured bandwidth has changed; rebuilding descriptor.");
+ teardown_capture_of_logs();
+
+ done:
+ UNMOCK(get_uptime);
+ UNMOCK(router_get_my_routerinfo);
+ UNMOCK(we_are_hibernating);
+}
+
#define ROUTER_TEST(name, flags) \
{ #name, test_router_ ## name, flags, NULL, NULL }
struct testcase_t router_tests[] = {
+ ROUTER_TEST(check_descriptor_bandwidth_changed, TT_FORK),
ROUTER_TEST(dump_router_to_string_no_bridge_distribution_method, TT_FORK),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_routerkeys.c b/src/test/test_routerkeys.c
index e4abcdb92d..b62aea113e 100644
--- a/src/test/test_routerkeys.c
+++ b/src/test/test_routerkeys.c
@@ -1,24 +1,31 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
#define ROUTER_PRIVATE
-#include "or.h"
-#include "config.h"
-#include "router.h"
-#include "routerkeys.h"
-#include "util.h"
-#include "crypto.h"
-#include "torcert.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "app/config/config.h"
+#include "feature/relay/router.h"
+#include "feature/relay/routerkeys.h"
+#include "lib/crypt_ops/crypto_cipher.h"
+#include "lib/crypt_ops/crypto_format.h"
+#include "feature/nodelist/torcert.h"
+#include "test/test.h"
#ifdef _WIN32
/* For mkdir() */
#include <direct.h>
#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
static void
test_routerkeys_write_fingerprint(void *arg)
{
@@ -255,13 +262,14 @@ test_routerkeys_ed_key_init_basic(void *arg)
unlink(fname2);
/* Fail to load a key that isn't there. */
- kp1 = ed_key_init_from_file(fname1, 0, LOG_INFO, NULL, now, 0, 7, &cert);
+ kp1 = ed_key_init_from_file(fname1, 0, LOG_INFO, NULL, now, 0, 7, &cert,
+ NULL);
tt_assert(kp1 == NULL);
tt_assert(cert == NULL);
/* Create the key if requested to do so. */
kp1 = ed_key_init_from_file(fname1, INIT_ED_KEY_CREATE, LOG_INFO,
- NULL, now, 0, 7, &cert);
+ NULL, now, 0, 7, &cert, NULL);
tt_assert(kp1 != NULL);
tt_assert(cert == NULL);
tt_int_op(stat(get_fname("test_ed_key_1_cert"), &st), OP_LT, 0);
@@ -269,24 +277,24 @@ test_routerkeys_ed_key_init_basic(void *arg)
/* Fail to load if we say we need a cert */
kp2 = ed_key_init_from_file(fname1, INIT_ED_KEY_NEEDCERT, LOG_INFO,
- NULL, now, 0, 7, &cert);
+ NULL, now, 0, 7, &cert, NULL);
tt_assert(kp2 == NULL);
/* Fail to load if we say the wrong key type */
kp2 = ed_key_init_from_file(fname1, 0, LOG_INFO,
- NULL, now, 0, 6, &cert);
+ NULL, now, 0, 6, &cert, NULL);
tt_assert(kp2 == NULL);
/* Load successfully if we're not picky, whether we say "create" or not. */
kp2 = ed_key_init_from_file(fname1, INIT_ED_KEY_CREATE, LOG_INFO,
- NULL, now, 0, 7, &cert);
+ NULL, now, 0, 7, &cert, NULL);
tt_assert(kp2 != NULL);
tt_assert(cert == NULL);
tt_mem_op(kp1, OP_EQ, kp2, sizeof(*kp1));
ed25519_keypair_free(kp2); kp2 = NULL;
kp2 = ed_key_init_from_file(fname1, 0, LOG_INFO,
- NULL, now, 0, 7, &cert);
+ NULL, now, 0, 7, &cert, NULL);
tt_assert(kp2 != NULL);
tt_assert(cert == NULL);
tt_mem_op(kp1, OP_EQ, kp2, sizeof(*kp1));
@@ -295,7 +303,7 @@ test_routerkeys_ed_key_init_basic(void *arg)
/* Now create a key with a cert. */
kp2 = ed_key_init_from_file(fname2, (INIT_ED_KEY_CREATE|
INIT_ED_KEY_NEEDCERT),
- LOG_INFO, kp1, now, 7200, 7, &cert);
+ LOG_INFO, kp1, now, 7200, 7, &cert, NULL);
tt_assert(kp2 != NULL);
tt_assert(cert != NULL);
tt_mem_op(kp1, OP_NE, kp2, sizeof(*kp1));
@@ -308,7 +316,7 @@ test_routerkeys_ed_key_init_basic(void *arg)
/* Now verify we can load the cert... */
kp3 = ed_key_init_from_file(fname2, (INIT_ED_KEY_CREATE|
INIT_ED_KEY_NEEDCERT),
- LOG_INFO, kp1, now, 7200, 7, &cert2);
+ LOG_INFO, kp1, now, 7200, 7, &cert2, NULL);
tt_mem_op(kp2, OP_EQ, kp3, sizeof(*kp2));
tt_mem_op(cert2->encoded, OP_EQ, cert->encoded, cert->encoded_len);
ed25519_keypair_free(kp3); kp3 = NULL;
@@ -316,7 +324,7 @@ test_routerkeys_ed_key_init_basic(void *arg)
/* ... even without create... */
kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
- LOG_INFO, kp1, now, 7200, 7, &cert2);
+ LOG_INFO, kp1, now, 7200, 7, &cert2, NULL);
tt_mem_op(kp2, OP_EQ, kp3, sizeof(*kp2));
tt_mem_op(cert2->encoded, OP_EQ, cert->encoded, cert->encoded_len);
ed25519_keypair_free(kp3); kp3 = NULL;
@@ -324,13 +332,13 @@ test_routerkeys_ed_key_init_basic(void *arg)
/* ... but that we don't crash or anything if we say we don't want it. */
kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
- LOG_INFO, kp1, now, 7200, 7, NULL);
+ LOG_INFO, kp1, now, 7200, 7, NULL, NULL);
tt_mem_op(kp2, OP_EQ, kp3, sizeof(*kp2));
ed25519_keypair_free(kp3); kp3 = NULL;
/* Fail if we're told the wrong signing key */
kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
- LOG_INFO, kp2, now, 7200, 7, &cert2);
+ LOG_INFO, kp2, now, 7200, 7, &cert2, NULL);
tt_assert(kp3 == NULL);
tt_assert(cert2 == NULL);
@@ -361,13 +369,14 @@ test_routerkeys_ed_key_init_split(void *arg)
unlink(fname2);
/* Can't load key that isn't there. */
- kp1 = ed_key_init_from_file(fname1, flags, LOG_INFO, NULL, now, 0, 7, &cert);
+ kp1 = ed_key_init_from_file(fname1, flags, LOG_INFO, NULL, now, 0, 7, &cert,
+ NULL);
tt_assert(kp1 == NULL);
tt_assert(cert == NULL);
/* Create a split key */
kp1 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
- LOG_INFO, NULL, now, 0, 7, &cert);
+ LOG_INFO, NULL, now, 0, 7, &cert, NULL);
tt_assert(kp1 != NULL);
tt_assert(cert == NULL);
tt_int_op(stat(get_fname("test_ed_key_3_cert"), &st), OP_LT, 0);
@@ -376,7 +385,7 @@ test_routerkeys_ed_key_init_split(void *arg)
/* Load it. */
kp2 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
- LOG_INFO, NULL, now, 0, 7, &cert);
+ LOG_INFO, NULL, now, 0, 7, &cert, NULL);
tt_assert(kp2 != NULL);
tt_assert(cert == NULL);
tt_mem_op(kp1, OP_EQ, kp2, sizeof(*kp2));
@@ -385,7 +394,7 @@ test_routerkeys_ed_key_init_split(void *arg)
/* Okay, try killing the secret key and loading it. */
unlink(get_fname("test_ed_key_3_secret_key"));
kp2 = ed_key_init_from_file(fname1, flags,
- LOG_INFO, NULL, now, 0, 7, &cert);
+ LOG_INFO, NULL, now, 0, 7, &cert, NULL);
tt_assert(kp2 != NULL);
tt_assert(cert == NULL);
tt_mem_op(&kp1->pubkey, OP_EQ, &kp2->pubkey, sizeof(kp2->pubkey));
@@ -395,7 +404,7 @@ test_routerkeys_ed_key_init_split(void *arg)
/* Even when we're told to "create", don't create if there's a public key */
kp2 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
- LOG_INFO, NULL, now, 0, 7, &cert);
+ LOG_INFO, NULL, now, 0, 7, &cert, NULL);
tt_assert(kp2 != NULL);
tt_assert(cert == NULL);
tt_mem_op(&kp1->pubkey, OP_EQ, &kp2->pubkey, sizeof(kp2->pubkey));
@@ -405,7 +414,7 @@ test_routerkeys_ed_key_init_split(void *arg)
/* Make sure we fail on a tag mismatch, though */
kp2 = ed_key_init_from_file(fname1, flags,
- LOG_INFO, NULL, now, 0, 99, &cert);
+ LOG_INFO, NULL, now, 0, 99, &cert, NULL);
tt_assert(kp2 == NULL);
done:
@@ -695,4 +704,3 @@ struct testcase_t routerkeys_tests[] = {
TEST(rsa_ed_crosscert, 0),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_routerlist.c b/src/test/test_routerlist.c
index 701227c1c7..89d1f4f90f 100644
--- a/src/test/test_routerlist.c
+++ b/src/test/test_routerlist.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
@@ -13,29 +13,39 @@
#define NETWORKSTATUS_PRIVATE
#define ROUTERLIST_PRIVATE
#define TOR_UNIT_TESTING
-#include "or.h"
-#include "config.h"
-#include "connection.h"
-#include "container.h"
-#include "control.h"
-#include "crypto_rand.h"
-#include "directory.h"
-#include "dirauth/dirvote.h"
-#include "entrynodes.h"
-#include "hibernate.h"
-#include "microdesc.h"
-#include "networkstatus.h"
-#include "nodelist.h"
-#include "policies.h"
-#include "router.h"
-#include "routerlist.h"
-#include "routerset.h"
-#include "routerparse.h"
-#include "dirauth/shared_random.h"
-#include "statefile.h"
-#include "test.h"
-#include "test_dir_common.h"
-#include "log_test_helpers.h"
+#include "core/or/or.h"
+#include "app/config/config.h"
+#include "core/mainloop/connection.h"
+#include "feature/control/control.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "feature/dircache/directory.h"
+#include "feature/dirauth/dirvote.h"
+#include "feature/client/entrynodes.h"
+#include "feature/hibernate/hibernate.h"
+#include "feature/nodelist/microdesc.h"
+#include "feature/nodelist/networkstatus.h"
+#include "feature/nodelist/nodelist.h"
+#include "core/or/policies.h"
+#include "feature/relay/router.h"
+#include "feature/nodelist/routerlist.h"
+#include "feature/nodelist/routerset.h"
+#include "feature/nodelist/routerparse.h"
+#include "feature/dirauth/shared_random.h"
+#include "app/config/statefile.h"
+
+#include "feature/nodelist/authority_cert_st.h"
+#include "feature/dircommon/dir_connection_st.h"
+#include "feature/nodelist/networkstatus_st.h"
+#include "feature/nodelist/node_st.h"
+#include "app/config/or_state_st.h"
+#include "feature/nodelist/routerstatus_st.h"
+
+#include "lib/encoding/confline.h"
+#include "lib/container/buffers.h"
+
+#include "test/test.h"
+#include "test/test_dir_common.h"
+#include "test/log_test_helpers.h"
void construct_consensus(char **consensus_text_md, time_t now);
@@ -776,4 +786,3 @@ struct testcase_t routerlist_tests[] = {
{ "warn_early_consensus", test_warn_early_consensus, 0, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_routerset.c b/src/test/test_routerset.c
index c541324674..2017ef0050 100644
--- a/src/test/test_routerset.c
+++ b/src/test/test_routerset.c
@@ -1,15 +1,22 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define ROUTERSET_PRIVATE
-#include "or.h"
-#include "geoip.h"
-#include "routerset.h"
-#include "routerparse.h"
-#include "policies.h"
-#include "nodelist.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "feature/stats/geoip.h"
+#include "feature/nodelist/routerset.h"
+#include "feature/nodelist/routerparse.h"
+#include "core/or/policies.h"
+#include "feature/nodelist/nodelist.h"
+
+#include "core/or/addr_policy_st.h"
+#include "core/or/extend_info_st.h"
+#include "feature/nodelist/node_st.h"
+#include "feature/nodelist/routerinfo_st.h"
+#include "feature/nodelist/routerstatus_st.h"
+
+#include "test/test.h"
#define NS_MODULE routerset
@@ -2221,4 +2228,3 @@ struct testcase_t routerset_tests[] = {
TEST_CASE(routerset_free),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_rust.sh b/src/test/test_rust.sh
index 4ecca7834d..4afc84285f 100755
--- a/src/test/test_rust.sh
+++ b/src/test/test_rust.sh
@@ -3,13 +3,12 @@
set -e
-export LSAN_OPTIONS=suppressions=${abs_top_srcdir}/src/test/rust_supp.txt
+export LSAN_OPTIONS=suppressions=${abs_top_srcdir:-../../..}/src/test/rust_supp.txt
for cargo_toml_dir in "${abs_top_srcdir:-../../..}"/src/rust/*; do
if [ -e "${cargo_toml_dir}/Cargo.toml" ]; then
- cd "${cargo_toml_dir}" && \
+ cd "${abs_top_builddir:-../../..}/src/rust" && \
CARGO_TARGET_DIR="${abs_top_builddir:-../../..}/src/rust/target" \
- CARGO_HOME="${abs_top_builddir:-../../..}/src/rust/.cargo" \
"${CARGO:-cargo}" test ${CARGO_ONLINE-"--frozen"} \
${EXTRA_CARGO_OPTIONS} \
--manifest-path "${cargo_toml_dir}/Cargo.toml" || exitcode=1
diff --git a/src/test/test_scheduler.c b/src/test/test_scheduler.c
index 841fc69456..2d562299ab 100644
--- a/src/test/test_scheduler.c
+++ b/src/test/test_scheduler.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
@@ -8,19 +8,19 @@
#define SCHEDULER_KIST_PRIVATE
#define TOR_CHANNEL_INTERNAL_
#define CHANNEL_PRIVATE_
-#include "or.h"
-#include "config.h"
-#include "compat_libevent.h"
-#include "channel.h"
-#include "channeltls.h"
-#include "connection.h"
-#include "networkstatus.h"
+#include "core/or/or.h"
+#include "app/config/config.h"
+#include "lib/evloop/compat_libevent.h"
+#include "core/or/channel.h"
+#include "core/or/channeltls.h"
+#include "core/mainloop/connection.h"
+#include "feature/nodelist/networkstatus.h"
#define SCHEDULER_PRIVATE_
-#include "scheduler.h"
+#include "core/or/scheduler.h"
/* Test suite stuff */
-#include "test.h"
-#include "fakechans.h"
+#include "test/test.h"
+#include "test/fakechans.h"
/* Shamelessly stolen from compat_libevent.c */
#define V(major, minor, patch) \
diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c
index 2b3c8c93be..70adf580ab 100644
--- a/src/test/test_shared_random.c
+++ b/src/test/test_shared_random.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2016-2017, The Tor Project, Inc. */
+/* Copyright (c) 2016-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define SHARED_RANDOM_PRIVATE
@@ -6,21 +6,34 @@
#define CONFIG_PRIVATE
#define DIRVOTE_PRIVATE
-#include "or.h"
-#include "test.h"
-#include "config.h"
-#include "crypto_rand.h"
-#include "dirauth/dirvote.h"
-#include "dirauth/shared_random.h"
-#include "dirauth/shared_random_state.h"
-#include "log_test_helpers.h"
-#include "networkstatus.h"
-#include "router.h"
-#include "routerkeys.h"
-#include "routerlist.h"
-#include "routerparse.h"
-#include "shared_random_client.h"
-#include "voting_schedule.h"
+#include "core/or/or.h"
+#include "test/test.h"
+#include "app/config/config.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "feature/dirauth/dirvote.h"
+#include "feature/dirauth/shared_random.h"
+#include "feature/dirauth/shared_random_state.h"
+#include "test/log_test_helpers.h"
+#include "feature/nodelist/networkstatus.h"
+#include "feature/relay/router.h"
+#include "feature/relay/routerkeys.h"
+#include "feature/nodelist/routerlist.h"
+#include "feature/nodelist/routerparse.h"
+#include "feature/hs_common/shared_random_client.h"
+#include "feature/dircommon/voting_schedule.h"
+
+#include "feature/dirclient/dir_server_st.h"
+#include "feature/nodelist/networkstatus_st.h"
+#include "app/config/or_state_st.h"
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#ifdef _WIN32
+/* For mkdir */
+#include <direct.h>
+#endif
static authority_cert_t *mock_cert;
@@ -246,8 +259,7 @@ test_get_start_time_of_current_run(void *arg)
&current_time);
tt_int_op(retval, OP_EQ, 0);
voting_schedule_recalculate_timing(get_options(), current_time);
- run_start_time =
- sr_state_get_start_time_of_current_protocol_run(current_time);
+ run_start_time = sr_state_get_start_time_of_current_protocol_run();
/* Compare it with the correct result */
format_iso_time(tbuf, run_start_time);
@@ -259,8 +271,7 @@ test_get_start_time_of_current_run(void *arg)
&current_time);
tt_int_op(retval, OP_EQ, 0);
voting_schedule_recalculate_timing(get_options(), current_time);
- run_start_time =
- sr_state_get_start_time_of_current_protocol_run(current_time);
+ run_start_time = sr_state_get_start_time_of_current_protocol_run();
/* Compare it with the correct result */
format_iso_time(tbuf, run_start_time);
@@ -272,14 +283,47 @@ test_get_start_time_of_current_run(void *arg)
&current_time);
tt_int_op(retval, OP_EQ, 0);
voting_schedule_recalculate_timing(get_options(), current_time);
- run_start_time =
- sr_state_get_start_time_of_current_protocol_run(current_time);
+ run_start_time = sr_state_get_start_time_of_current_protocol_run();
/* Compare it with the correct result */
format_iso_time(tbuf, run_start_time);
tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf);
}
+ {
+ /* We want the local time to be past midnight, but the current consensus to
+ * have valid-after 23:00 (e.g. this can happen if we fetch a new consensus
+ * at 00:08 before dircaches have a chance to get the midnight consensus).
+ *
+ * Basically, we want to cause a desynch between ns->valid_after (23:00)
+ * and the voting_schedule.interval_starts (01:00), to make sure that
+ * sr_state_get_start_time_of_current_protocol_run() handles it gracefully:
+ * It should actually follow the local consensus time and not the voting
+ * schedule (which is designed for authority voting purposes). */
+ retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
+ &mock_consensus.fresh_until);
+ tt_int_op(retval, OP_EQ, 0);
+
+ retval = parse_rfc1123_time("Mon, 19 Apr 2015 23:00:00 UTC",
+ &mock_consensus.valid_after);
+
+ retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:08:00 UTC",
+ &current_time);
+ tt_int_op(retval, OP_EQ, 0);
+ update_approx_time(current_time);
+ voting_schedule_recalculate_timing(get_options(), current_time);
+
+ run_start_time = sr_state_get_start_time_of_current_protocol_run();
+
+ /* Compare it with the correct result */
+ format_iso_time(tbuf, run_start_time);
+ tt_str_op("2015-04-19 00:00:00", OP_EQ, tbuf);
+ /* Check that voting_schedule.interval_starts is at 01:00 (see above) */
+ time_t interval_starts = voting_schedule_get_next_valid_after_time();
+ format_iso_time(tbuf, interval_starts);
+ tt_str_op("2015-04-20 01:00:00", OP_EQ, tbuf);
+ }
+
/* Next test is testing it without a consensus to use the testing voting
* interval . */
UNMOCK(networkstatus_get_live_consensus);
@@ -295,8 +339,7 @@ test_get_start_time_of_current_run(void *arg)
&current_time);
tt_int_op(retval, OP_EQ, 0);
voting_schedule_recalculate_timing(get_options(), current_time);
- run_start_time =
- sr_state_get_start_time_of_current_protocol_run(current_time);
+ run_start_time = sr_state_get_start_time_of_current_protocol_run();
/* Compare it with the correct result */
format_iso_time(tbuf, run_start_time);
@@ -329,7 +372,7 @@ test_get_start_time_functions(void *arg)
voting_schedule_recalculate_timing(get_options(), now);
time_t start_time_of_protocol_run =
- sr_state_get_start_time_of_current_protocol_run(now);
+ sr_state_get_start_time_of_current_protocol_run();
tt_assert(start_time_of_protocol_run);
/* Check that the round start time of the beginning of the run, is itself */
@@ -1275,7 +1318,7 @@ test_keep_commit(void *arg)
expect_log_msg_containing("doesn't match the commit value.");
expect_log_msg_containing("has an invalid reveal value.");
assert_log_predicate(mock_saved_log_n_entries() == 2,
- "expected 2 log entries");
+ ("expected 2 log entries"));
teardown_capture_of_logs();
memcpy(commit->hashed_reveal, place_holder.hashed_reveal,
sizeof(commit->hashed_reveal));
@@ -1390,4 +1433,3 @@ struct testcase_t sr_tests[] = {
NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_slow.c b/src/test/test_slow.c
index e640702499..0b665363ab 100644
--- a/src/test/test_slow.c
+++ b/src/test/test_slow.c
@@ -1,6 +1,6 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -15,8 +15,8 @@
#include <fcntl.h>
#endif
-#include "or.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "test/test.h"
struct testgroup_t testgroups[] = {
{ "slow/crypto/", slow_crypto_tests },
diff --git a/src/test/test_socks.c b/src/test/test_socks.c
index 8da7191e82..7f6d8a48f1 100644
--- a/src/test/test_socks.c
+++ b/src/test/test_socks.c
@@ -1,14 +1,17 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
-#include "or.h"
-#include "buffers.h"
-#include "config.h"
-#include "proto_socks.h"
-#include "test.h"
-#include "log_test_helpers.h"
+#include "core/or/or.h"
+#include "lib/container/buffers.h"
+#include "app/config/config.h"
+#include "core/mainloop/connection.h"
+#include "core/proto/proto_socks.h"
+#include "test/test.h"
+#include "test/log_test_helpers.h"
+#include "core/or/socks_request_st.h"
+#include "lib/net/socks5_status.h"
typedef struct socks_test_data_t {
socks_request_t *req;
@@ -81,7 +84,7 @@ test_socks_4_supported_commands(void *ptr)
tt_int_op(0,OP_EQ, buf_datalen(buf));
- /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4370 */
+ /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.3:4370 */
ADD_DATA(buf, "\x04\x01\x11\x12\x02\x02\x02\x03\x00");
tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
get_options()->SafeSocks),
@@ -97,7 +100,7 @@ test_socks_4_supported_commands(void *ptr)
tt_int_op(0,OP_EQ, buf_datalen(buf));
socks_request_clear(socks);
- /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4369 with userid*/
+ /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.4:4369 with userid*/
ADD_DATA(buf, "\x04\x01\x11\x12\x02\x02\x02\x04me\x00");
tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0),
OP_EQ, 1);
@@ -163,7 +166,7 @@ test_socks_4_bad_arguments(void *ptr)
tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0),
OP_EQ, -1);
buf_clear(buf);
- expect_log_msg_containing("user name too long; rejecting.");
+ expect_log_msg_containing("socks4: parsing failed - invalid request.");
mock_clean_saved_logs();
/* Try with 2000-byte hostname */
@@ -191,7 +194,7 @@ test_socks_4_bad_arguments(void *ptr)
tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0),
OP_EQ, -1);
buf_clear(buf);
- expect_log_msg_containing("Destaddr too long.");
+ expect_log_msg_containing("parsing failed - invalid request.");
mock_clean_saved_logs();
/* Socks4, bogus hostname */
@@ -645,7 +648,8 @@ test_socks_5_malformed_commands(void *ptr)
tt_int_op(5,OP_EQ,socks->socks_version);
tt_int_op(10,OP_EQ,socks->replylen);
tt_int_op(5,OP_EQ,socks->reply[0]);
- tt_int_op(SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED,OP_EQ,socks->reply[1]);
+ /* trunnel parsing will fail with -1 */
+ tt_int_op(SOCKS5_GENERAL_ERROR,OP_EQ,socks->reply[1]);
tt_int_op(1,OP_EQ,socks->reply[3]);
done:
@@ -1046,4 +1050,3 @@ struct testcase_t socks_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_status.c b/src/test/test_status.c
index b4ca17891b..15c406d2ff 100644
--- a/src/test/test_status.c
+++ b/src/test/test_status.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define STATUS_PRIVATE
@@ -11,20 +11,26 @@
#include <float.h>
#include <math.h>
-#include "or.h"
-#include "torlog.h"
+#include "core/or/or.h"
+#include "lib/log/log.h"
#include "tor_queue.h"
-#include "status.h"
-#include "circuitlist.h"
-#include "config.h"
-#include "hibernate.h"
-#include "rephist.h"
-#include "relay.h"
-#include "router.h"
-#include "main.h"
-#include "nodelist.h"
-#include "statefile.h"
-#include "test.h"
+#include "core/or/status.h"
+#include "core/or/circuitlist.h"
+#include "app/config/config.h"
+#include "feature/hibernate/hibernate.h"
+#include "feature/stats/rephist.h"
+#include "core/or/relay.h"
+#include "feature/relay/router.h"
+#include "core/mainloop/main.h"
+#include "feature/nodelist/nodelist.h"
+#include "app/config/statefile.h"
+#include "lib/tls/tortls.h"
+
+#include "core/or/origin_circuit_st.h"
+#include "app/config/or_state_st.h"
+#include "feature/nodelist/routerinfo_st.h"
+
+#include "test/test.h"
#define NS_MODULE status
@@ -226,7 +232,7 @@ NS(test_main)(void *arg)
tor_free(actual);
expected = "10.00 GB";
- actual = bytes_to_usage((U64_LITERAL(1) << 30) * 10L);
+ actual = bytes_to_usage((UINT64_C(1) << 30) * 10L);
tt_str_op(actual, OP_EQ, expected);
tor_free(actual);
@@ -1093,4 +1099,3 @@ struct testcase_t status_tests[] = {
TEST_CASE_ASPECT(log_heartbeat, tls_write_overhead),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_storagedir.c b/src/test/test_storagedir.c
index 26606f9b6e..68cee418ad 100644
--- a/src/test/test_storagedir.c
+++ b/src/test/test_storagedir.c
@@ -1,10 +1,11 @@
-/* Copyright (c) 2017, The Tor Project, Inc. */
+/* Copyright (c) 2017-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
-#include "or.h"
-#include "crypto_rand.h"
-#include "storagedir.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "lib/fs/storagedir.h"
+#include "lib/encoding/confline.h"
+#include "test/test.h"
#ifdef HAVE_UTIME_H
#include <utime.h>
@@ -373,4 +374,3 @@ struct testcase_t storagedir_tests[] = {
ENT(read_labeled),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_switch_id.c b/src/test/test_switch_id.c
index fe36d8c6e6..d8a1d15e4e 100644
--- a/src/test/test_switch_id.c
+++ b/src/test/test_switch_id.c
@@ -1,11 +1,15 @@
-/* Copyright (c) 2015-2017, The Tor Project, Inc. */
+/* Copyright (c) 2015-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
-#include "or.h"
+#include "core/or/or.h"
+#include "lib/process/setuid.h"
#ifdef HAVE_SYS_CAPABILITY_H
#include <sys/capability.h>
#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
#define TEST_BUILT_WITH_CAPS 0
#define TEST_HAVE_CAPS 1
@@ -189,4 +193,3 @@ main(int argc, char **argv)
return (okay ? 0 : 1);
#endif /* defined(_WIN32) */
}
-
diff --git a/src/test/test_threads.c b/src/test/test_threads.c
index ed6d8f04aa..f0a4dd2057 100644
--- a/src/test/test_threads.c
+++ b/src/test/test_threads.c
@@ -1,12 +1,12 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
-#include "or.h"
-#include "compat_threads.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "lib/thread/threads.h"
+#include "test/test.h"
/** mutex for thread test to stop the threads hitting data at the same time. */
static tor_mutex_t *thread_test_mutex_ = NULL;
diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c
index 388f6df325..f4315364a2 100644
--- a/src/test/test_tortls.c
+++ b/src/test/test_tortls.c
@@ -1,8 +1,8 @@
-/* Copyright (c) 2010-2017, The Tor Project, Inc. */
+/* Copyright (c) 2010-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define TORTLS_PRIVATE
-#define TORTLS_OPENSSL_PRIVATE
+#define TOR_X509_PRIVATE
#define LOG_PRIVATE
#include "orconfig.h"
@@ -10,60 +10,138 @@
#include <winsock2.h>
#endif
#include <math.h>
+#include <stddef.h>
-#include "compat.h"
+#include "lib/cc/compat_compiler.h"
-/* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in
- * srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */
-DISABLE_GCC_WARNING(redundant-decls)
+#include "core/or/or.h"
+#include "lib/log/log.h"
+#include "app/config/config.h"
+#include "lib/crypt_ops/compat_openssl.h"
+#include "lib/tls/x509.h"
+#include "lib/tls/x509_internal.h"
+#include "lib/tls/tortls.h"
+#include "lib/tls/tortls_st.h"
+#include "lib/tls/tortls_internal.h"
+#include "lib/encoding/pem.h"
+#include "app/config/or_state_st.h"
-#include <openssl/opensslv.h>
+#include "test/test.h"
+#include "test/log_test_helpers.h"
+#include "test/test_tortls.h"
-#include <openssl/ssl.h>
-#include <openssl/ssl3.h>
-#include <openssl/err.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
+#include "tinytest.h"
-ENABLE_GCC_WARNING(redundant-decls)
-
-#include "or.h"
-#include "torlog.h"
-#include "config.h"
-#include "tortls.h"
-
-#include "test.h"
-#include "log_test_helpers.h"
-#define NS_MODULE tortls
+const char* notCompletelyValidCertString =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAb8CAg37MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG\n"
+ "A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE\n"
+ "MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl\n"
+ "YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw\n"
+ "ODIyMDUyNzIzWhcNMTcwODIxMDUyNzIzWjBKMQswCQYDVQQGEwJKUDEOMAwGA1UE\n"
+ "CAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBs\n"
+ "ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYBBrx5PlP0WNI/ZdzD\n"
+ "+6Pktmurn+F2kQYbtc7XQh8/LTBvCo+P6iZoLEmUA9e7EXLRxgU1CVqeAi7QcAn9\n"
+ "MwBlc8ksFJHB0rtf9pmf8Oza9E0Bynlq/4/Kb1x+d+AyhL7oK9tQwB24uHOueHi1\n"
+ "C/iVv8CSWKiYe6hzN1txYe8rAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAASPdjigJ\n"
+ "kXCqKWpnZ/Oc75EUcMi6HztaW8abUMlYXPIgkV2F7YanHOB7K4f7OOLjiz8DTPFf\n"
+ "jC9UeuErhaA/zzWi8ewMTFZW/WshOrm3fNvcMrMLKtH534JKvcdMg6qIdjTFINIr\n"
+ "evnAhf0cwULaebn+lMs8Pdl7y37+sfluVok=\n"
+ "-----END CERTIFICATE-----\n";
-#ifndef HAVE_SSL_STATE
-#define OPENSSL_OPAQUE
-#endif
+const char* validCertString = "-----BEGIN CERTIFICATE-----\n"
+ "MIIDpTCCAY0CAg3+MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVTMREwDwYD\n"
+ "VQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzEUMBIGA1UECgwLVG9yIFRl\n"
+ "c3RpbmcxFDASBgNVBAMMC1RvciBUZXN0aW5nMB4XDTE1MDkwNjEzMzk1OVoXDTQz\n"
+ "MDEyMjEzMzk1OVowVjELMAkGA1UEBhMCVVMxEDAOBgNVBAcMB0NoaWNhZ28xFDAS\n"
+ "BgNVBAoMC1RvciBUZXN0aW5nMR8wHQYDVQQDDBZ0ZXN0aW5nLnRvcnByb2plY3Qu\n"
+ "b3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoT6uyVVhWyOF3wkHjjYbd\n"
+ "nKaykyRv4JVtKQdZ4OpEErmX1zw4MmyzpQNV6iR4bQnWiyLfzyVJMZDIC/WILBfX\n"
+ "w2Pza/yuLgUvDc3twMuhOACzOQVO8PrEF/aVv2+hbCCy2udXvKhnYn+CCXl3ozc8\n"
+ "XcKYvujTXDyvGWY3xwAjlQIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQCUvnhzQWuQ\n"
+ "MrN+pERkE+zcTI/9dGS90rUMMLgu8VDNqTa0TUQh8uO0EQ6uDvI8Js6e8tgwS0BR\n"
+ "UBahqb7ZHv+rejGCBr5OudqD+x4STiiuPNJVs86JTLN8SpM9CHjIBH5WCCN2KOy3\n"
+ "mevNoRcRRyYJzSFULCunIK6FGulszigMYGscrO4oiTkZiHPh9KvWT40IMiHfL+Lw\n"
+ "EtEWiLex6064LcA2YQ1AMuSZyCexks63lcfaFmQbkYOKqXa1oLkIRuDsOaSVjTfe\n"
+ "vec+X6jvf12cFTKS5WIeqkKF2Irt+dJoiHEGTe5RscUMN/f+gqHPzfFz5dR23sxo\n"
+ "g+HC6MZHlFkLAOx3wW6epPS8A/m1mw3zMPoTnb2U2YYt8T0dJMMlUn/7Y1sEAa+a\n"
+ "dSTMaeUf6VnJ//11m454EZl1to9Z7oJOgqmFffSrdD4BGIWe8f7hhW6L1Enmqe/J\n"
+ "BKL3wbzZh80O1W0bndAwhnEEhlzneFY84cbBo9pmVxpODHkUcStpr5Z7pBDrcL21\n"
+ "Ss/aB/1YrsVXhdvJdOGxl3Mnl9dUY57CympLGlT8f0pPS6GAKOelECOhFMHmJd8L\n"
+ "dj3XQSmKtYHevZ6IvuMXSlB/fJvSjSlkCuLo5+kJoaqPuRu+i/S1qxeRy3CBwmnE\n"
+ "LdSNdcX4N79GQJ996PA8+mUCQG7YRtK+WA==\n"
+ "-----END CERTIFICATE-----\n";
-#if defined(OPENSSL_OPAQUE) && !defined(LIBRESSL_VERSION_NUMBER)
-#define SSL_STATE_STR "before SSL initialization"
-#else
-#define SSL_STATE_STR "before/accept initialization"
-#endif
+const char* caCertString = "-----BEGIN CERTIFICATE-----\n"
+ "MIIFjzCCA3egAwIBAgIJAKd5WgyfPMYRMA0GCSqGSIb3DQEBCwUAMF4xCzAJBgNV\n"
+ "BAYTAlVTMREwDwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzEUMBIG\n"
+ "A1UECgwLVG9yIFRlc3RpbmcxFDASBgNVBAMMC1RvciBUZXN0aW5nMB4XDTE1MDkw\n"
+ "NjEzMzc0MVoXDTQzMDEyMjEzMzc0MVowXjELMAkGA1UEBhMCVVMxETAPBgNVBAgM\n"
+ "CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRQwEgYDVQQKDAtUb3IgVGVzdGlu\n"
+ "ZzEUMBIGA1UEAwwLVG9yIFRlc3RpbmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\n"
+ "ggIKAoICAQCpLMUEiLW5leUgBZoEJms2V7lZRhIAjnJBhVMHD0e3UubNknmaQoxf\n"
+ "ARz3rvqOaRd0JlV+qM9qE0DjiYcCVP1cAfqAo9d83uS1vwY3YMVJzADlaIiHfyVW\n"
+ "uEgBy0vvkeUBqaua24dYlcwsemOiXYLu41yM1wkcGHW1AhBNHppY6cznb8TyLgNM\n"
+ "2x3SGUdzc5XMyAFx51faKGBA3wjs+Hg1PLY7d30nmCgEOBavpm5I1disM/0k+Mcy\n"
+ "YmAKEo/iHJX/rQzO4b9znP69juLlR8PDBUJEVIG/CYb6+uw8MjjUyiWXYoqfVmN2\n"
+ "hm/lH8b6rXw1a2Aa3VTeD0DxaWeacMYHY/i01fd5n7hCoDTRNdSw5KJ0L3Z0SKTu\n"
+ "0lzffKzDaIfyZGlpW5qdouACkWYzsaitQOePVE01PIdO30vUfzNTFDfy42ccx3Di\n"
+ "59UCu+IXB+eMtrBfsok0Qc63vtF1linJgjHW1z/8ujk8F7/qkOfODhk4l7wngc2A\n"
+ "EmwWFIFoGaiTEZHB9qteXr4unbXZ0AHpM02uGGwZEGohjFyebEb73M+J57WKKAFb\n"
+ "PqbLcGUksL1SHNBNAJcVLttX55sO4nbidOS/kA3m+F1R04MBTyQF9qA6YDDHqdI3\n"
+ "h/3pw0Z4fxVouTYT4/NfRnX4JTP4u+7Mpcoof28VME0qWqD1LnRhFQIDAQABo1Aw\n"
+ "TjAdBgNVHQ4EFgQUMoAgIXH7pZ3QMRwTjT+DM9Yo/v0wHwYDVR0jBBgwFoAUMoAg\n"
+ "IXH7pZ3QMRwTjT+DM9Yo/v0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC\n"
+ "AgEAUJxacjXR9sT+Xs6ISFiUsyd0T6WVKMnV46xrYJHirGfx+krWHrjxMY+ZtxYD\n"
+ "DBDGlo11Qc4v6QrclNf5QUBfIiGQsP9Cm6hHcQ+Tpg9HHCgSqG1YNPwCPReCR4br\n"
+ "BLvLfrfkcBL2IWM0PdQdCze+59DBfipsULD2mEn9fjYRXQEwb2QWtQ9qRc20Yb/x\n"
+ "Q4b/+CvUodLkaq7B8MHz0BV8HHcBoph6DYaRmO/N+hPauIuSp6XyaGYcEefGKVKj\n"
+ "G2+fcsdyXsoijNdL8vNKwm4j2gVwCBnw16J00yfFoV46YcbfqEdJB2je0XSvwXqt\n"
+ "14AOTngxso2h9k9HLtrfpO1ZG/B5AcCMs1lzbZ2fp5DPHtjvvmvA2RJqgo3yjw4W\n"
+ "4DHAuTglYFlC3mDHNfNtcGP20JvepcQNzNP2UzwcpOc94hfKikOFw+gf9Vf1qd0y\n"
+ "h/Sk6OZHn2+JVUPiWHIQV98Vtoh4RmUZDJD+b55ia3fQGTGzt4z1XFzQYSva5sfs\n"
+ "wocS/papthqWldQU7x+3wofNd5CNU1x6WKXG/yw30IT/4F8ADJD6GeygNT8QJYvt\n"
+ "u/8lAkbOy6B9xGmSvr0Kk1oq9P2NshA6kalxp1Oz/DTNDdL4AeBXV3JmM6WWCjGn\n"
+ "Yy1RT69d0rwYc5u/vnqODz1IjvT90smsrkBumGt791FAFeg=\n"
+ "-----END CERTIFICATE-----\n";
-#ifndef OPENSSL_OPAQUE
-static SSL_METHOD *
-give_me_a_test_method(void)
+tor_x509_cert_impl_t *
+read_cert_from(const char *str)
{
- SSL_METHOD *method = tor_malloc_zero(sizeof(SSL_METHOD));
- memcpy(method, TLSv1_method(), sizeof(SSL_METHOD));
- return method;
+ size_t len = strlen(str);
+ uint8_t *raw_cert = tor_malloc(len);
+ ssize_t true_len = pem_decode(raw_cert, len, str, len, "CERTIFICATE");
+ if (true_len < 0) {
+ tor_free(raw_cert);
+ return NULL;
+ }
+ tor_x509_cert_t *cert = tor_x509_cert_decode(raw_cert, true_len);
+ tor_free(raw_cert);
+ if (! cert) {
+ return NULL;
+ }
+ tor_x509_cert_impl_t *res = tor_x509_cert_impl_dup_(cert->cert);
+ tor_x509_cert_free(cert);
+ return res;
}
-static int
-fake_num_ciphers(void)
+static tor_x509_cert_impl_t *
+ fixed_try_to_extract_certs_from_tls_cert_out_result = NULL;
+static tor_x509_cert_impl_t *
+ fixed_try_to_extract_certs_from_tls_id_cert_out_result = NULL;
+
+static void
+fixed_try_to_extract_certs_from_tls(int severity, tor_tls_t *tls,
+ tor_x509_cert_impl_t **cert_out,
+ tor_x509_cert_impl_t **id_cert_out)
{
- return 0;
+ (void) severity;
+ (void) tls;
+ *cert_out = tor_x509_cert_impl_dup_(
+ fixed_try_to_extract_certs_from_tls_cert_out_result);
+ *id_cert_out = tor_x509_cert_impl_dup_(
+ fixed_try_to_extract_certs_from_tls_id_cert_out_result);
}
-#endif /* !defined(OPENSSL_OPAQUE) */
static void
test_tortls_errno_to_tls_error(void *data)
@@ -107,6 +185,7 @@ test_tortls_err_to_string(void *data)
(void)1;
}
+#ifdef ENABLE_OPENSSL
static int
mock_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert)
{
@@ -116,66 +195,6 @@ mock_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert)
}
static void
-test_tortls_tor_tls_new(void *data)
-{
- (void) data;
- MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
- crypto_pk_t *key1 = NULL, *key2 = NULL;
- SSL_METHOD *method = NULL;
-
- key1 = pk_generate(2);
- key2 = pk_generate(3);
-
- tor_tls_t *tls = NULL;
- tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
- key1, key2, 86400), OP_EQ, 0);
- tls = tor_tls_new(-1, 0);
- tt_want(tls);
- tor_tls_free(tls); tls = NULL;
-
- SSL_CTX_free(client_tls_context->ctx);
- client_tls_context->ctx = NULL;
- tls = tor_tls_new(-1, 0);
- tt_ptr_op(tls, OP_EQ, NULL);
-
-#ifndef OPENSSL_OPAQUE
- method = give_me_a_test_method();
- SSL_CTX *ctx = SSL_CTX_new(method);
- method->num_ciphers = fake_num_ciphers;
- client_tls_context->ctx = ctx;
- tls = tor_tls_new(-1, 0);
- tt_ptr_op(tls, OP_EQ, NULL);
-#endif /* !defined(OPENSSL_OPAQUE) */
-
- done:
- UNMOCK(tor_tls_cert_matches_key);
- crypto_pk_free(key1);
- crypto_pk_free(key2);
- tor_tls_free(tls);
- tor_free(method);
- tor_tls_free_all();
-}
-
-#define NS_MODULE tortls
-NS_DECL(void, logv, (int severity, log_domain_mask_t domain,
- const char *funcname, const char *suffix,
- const char *format, va_list ap));
-
-static void
-NS(logv)(int severity, log_domain_mask_t domain,
- const char *funcname, const char *suffix, const char *format,
- va_list ap)
-{
- (void) severity;
- (void) domain;
- (void) funcname;
- (void) suffix;
- (void) format;
- (void) ap; // XXXX look at this.
- CALLED(logv)++;
-}
-
-static void
test_tortls_tor_tls_get_error(void *data)
{
(void) data;
@@ -188,11 +207,10 @@ test_tortls_tor_tls_get_error(void *data)
tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
key1, key2, 86400), OP_EQ, 0);
tls = tor_tls_new(-1, 0);
- NS_MOCK(logv);
- tt_int_op(CALLED(logv), OP_EQ, 0);
+ setup_capture_of_logs(LOG_WARN);
tor_tls_get_error(tls, 0, 0,
- (const char *)"test", 0, 0);
- tt_int_op(CALLED(logv), OP_EQ, 1);
+ (const char *)"in unit test", LOG_WARN, LD_GENERAL);
+ expect_single_log_msg_containing("unexpected close while in unit test");
done:
UNMOCK(tor_tls_cert_matches_key);
@@ -201,332 +219,7 @@ test_tortls_tor_tls_get_error(void *data)
crypto_pk_free(key2);
tor_tls_free(tls);
}
-
-static void
-library_init(void)
-{
-#ifdef OPENSSL_1_1_API
- OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
-#else
- SSL_library_init();
- SSL_load_error_strings();
#endif
-}
-
-static void
-test_tortls_get_state_description(void *ignored)
-{
- (void)ignored;
- tor_tls_t *tls;
- char *buf;
- SSL_CTX *ctx;
-
- library_init();
- ctx = SSL_CTX_new(SSLv23_method());
-
- buf = tor_malloc_zero(1000);
- tls = tor_malloc_zero(sizeof(tor_tls_t));
-
- tor_tls_get_state_description(NULL, buf, 20);
- tt_str_op(buf, OP_EQ, "(No SSL object)");
-
- SSL_free(tls->ssl);
- tls->ssl = NULL;
- tor_tls_get_state_description(tls, buf, 20);
- tt_str_op(buf, OP_EQ, "(No SSL object)");
-
- tls->ssl = SSL_new(ctx);
- tor_tls_get_state_description(tls, buf, 200);
- tt_str_op(buf, OP_EQ, SSL_STATE_STR " in HANDSHAKE");
-
- tls->state = TOR_TLS_ST_OPEN;
- tor_tls_get_state_description(tls, buf, 200);
- tt_str_op(buf, OP_EQ, SSL_STATE_STR " in OPEN");
-
- tls->state = TOR_TLS_ST_GOTCLOSE;
- tor_tls_get_state_description(tls, buf, 200);
- tt_str_op(buf, OP_EQ, SSL_STATE_STR " in GOTCLOSE");
-
- tls->state = TOR_TLS_ST_SENTCLOSE;
- tor_tls_get_state_description(tls, buf, 200);
- tt_str_op(buf, OP_EQ, SSL_STATE_STR " in SENTCLOSE");
-
- tls->state = TOR_TLS_ST_CLOSED;
- tor_tls_get_state_description(tls, buf, 200);
- tt_str_op(buf, OP_EQ, SSL_STATE_STR " in CLOSED");
-
- tls->state = TOR_TLS_ST_RENEGOTIATE;
- tor_tls_get_state_description(tls, buf, 200);
- tt_str_op(buf, OP_EQ, SSL_STATE_STR " in RENEGOTIATE");
-
- tls->state = TOR_TLS_ST_BUFFEREVENT;
- tor_tls_get_state_description(tls, buf, 200);
- tt_str_op(buf, OP_EQ, SSL_STATE_STR);
-
- tls->state = 7;
- tor_tls_get_state_description(tls, buf, 200);
- tt_str_op(buf, OP_EQ, SSL_STATE_STR " in unknown TLS state");
-
- done:
- SSL_CTX_free(ctx);
- SSL_free(tls->ssl);
- tor_free(buf);
- tor_free(tls);
-}
-
-static void
-test_tortls_get_by_ssl(void *ignored)
-{
- (void)ignored;
- tor_tls_t *tls;
- tor_tls_t *res;
- SSL_CTX *ctx;
- SSL *ssl;
-
- library_init();
- tor_tls_allocate_tor_tls_object_ex_data_index();
-
- ctx = SSL_CTX_new(SSLv23_method());
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->magic = TOR_TLS_MAGIC;
-
- ssl = SSL_new(ctx);
-
- res = tor_tls_get_by_ssl(ssl);
- tt_assert(!res);
-
- SSL_set_ex_data(ssl, tor_tls_object_ex_data_index, tls);
-
- res = tor_tls_get_by_ssl(ssl);
- tt_assert(res == tls);
-
- done:
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- tor_free(tls);
-}
-
-static void
-test_tortls_allocate_tor_tls_object_ex_data_index(void *ignored)
-{
- (void)ignored;
- int first;
-
- tor_tls_allocate_tor_tls_object_ex_data_index();
-
- first = tor_tls_object_ex_data_index;
- tor_tls_allocate_tor_tls_object_ex_data_index();
- tt_int_op(first, OP_EQ, tor_tls_object_ex_data_index);
-
- done:
- (void)0;
-}
-
-static void
-test_tortls_log_one_error(void *ignored)
-{
- (void)ignored;
- tor_tls_t *tls;
- SSL_CTX *ctx;
- SSL *ssl = NULL;
-
- library_init();
-
- ctx = SSL_CTX_new(SSLv23_method());
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- setup_capture_of_logs(LOG_INFO);
-
- tor_tls_log_one_error(NULL, 0, LOG_WARN, 0, "something");
- expect_log_msg("TLS error while something: "
- "(null) (in (null):(null):---)\n");
-
- mock_clean_saved_logs();
- tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
- expect_log_msg("TLS error: (null) "
- "(in (null):(null):---)\n");
-
- mock_clean_saved_logs();
- tls->address = tor_strdup("127.hello");
- tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
- expect_log_msg("TLS error with 127.hello: "
- "(null) (in (null):(null):---)\n");
- tor_free(tls->address);
-
- mock_clean_saved_logs();
- tls->address = tor_strdup("127.hello");
- tor_tls_log_one_error(tls, 0, LOG_WARN, 0, "blarg");
- expect_log_msg("TLS error while blarg with "
- "127.hello: (null) (in (null):(null):---)\n");
-
- mock_clean_saved_logs();
- tor_tls_log_one_error(tls, ERR_PACK(1, 2, 3), LOG_WARN, 0, NULL);
- expect_log_msg("TLS error with 127.hello: "
- "BN lib (in unknown library:(null):---)\n");
-
- mock_clean_saved_logs();
- tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST),
- LOG_WARN, 0, NULL);
- expect_log_severity(LOG_INFO);
-
- mock_clean_saved_logs();
- tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTPS_PROXY_REQUEST),
- LOG_WARN, 0, NULL);
- expect_log_severity(LOG_INFO);
-
- mock_clean_saved_logs();
- tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_LENGTH_MISMATCH),
- LOG_WARN, 0, NULL);
- expect_log_severity(LOG_INFO);
-
-#ifndef OPENSSL_1_1_API
- mock_clean_saved_logs();
- tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_TOO_LARGE),
- LOG_WARN, 0, NULL);
- expect_log_severity(LOG_INFO);
-#endif /* !defined(OPENSSL_1_1_API) */
-
- mock_clean_saved_logs();
- tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNKNOWN_PROTOCOL),
- LOG_WARN, 0, NULL);
- expect_log_severity(LOG_INFO);
-
- mock_clean_saved_logs();
- tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNSUPPORTED_PROTOCOL),
- LOG_WARN, 0, NULL);
- expect_log_severity(LOG_INFO);
-
- tls->ssl = SSL_new(ctx);
-
- mock_clean_saved_logs();
- tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
- expect_log_msg("TLS error with 127.hello: (null)"
- " (in (null):(null):" SSL_STATE_STR ")\n");
-
- done:
- teardown_capture_of_logs();
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- if (tls && tls->ssl)
- SSL_free(tls->ssl);
- if (tls)
- tor_free(tls->address);
- tor_free(tls);
-}
-
-#ifndef OPENSSL_OPAQUE
-static void
-test_tortls_get_error(void *ignored)
-{
- (void)ignored;
- tor_tls_t *tls;
- int ret;
- SSL_CTX *ctx;
-
- library_init();
-
- ctx = SSL_CTX_new(SSLv23_method());
- setup_capture_of_logs(LOG_INFO);
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->ssl = SSL_new(ctx);
- SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL);
-
- ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
- tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_IO);
- expect_log_msg("TLS error: unexpected close while"
- " something (before/accept initialization)\n");
-
- mock_clean_saved_logs();
- ret = tor_tls_get_error(tls, 2, 0, "something", LOG_WARN, 0);
- tt_int_op(ret, OP_EQ, 0);
- expect_no_log_entry();
-
- mock_clean_saved_logs();
- ret = tor_tls_get_error(tls, 0, 1, "something", LOG_WARN, 0);
- tt_int_op(ret, OP_EQ, -11);
- expect_no_log_entry();
-
- mock_clean_saved_logs();
- ERR_clear_error();
- ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99);
- ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
- tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
- expect_log_msg("TLS error while something: (null)"
- " (in bignum routines:(null):before/accept initialization)\n");
-
- mock_clean_saved_logs();
- ERR_clear_error();
- tls->ssl->rwstate = SSL_READING;
- SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_READ;
- ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
- tt_int_op(ret, OP_EQ, TOR_TLS_WANTREAD);
- expect_no_log_entry();
-
- mock_clean_saved_logs();
- ERR_clear_error();
- tls->ssl->rwstate = SSL_READING;
- SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_WRITE;
- ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
- tt_int_op(ret, OP_EQ, TOR_TLS_WANTWRITE);
- expect_no_log_entry();
-
- mock_clean_saved_logs();
- ERR_clear_error();
- tls->ssl->rwstate = 0;
- tls->ssl->shutdown = SSL_RECEIVED_SHUTDOWN;
- tls->ssl->s3->warn_alert =SSL_AD_CLOSE_NOTIFY;
- ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
- tt_int_op(ret, OP_EQ, TOR_TLS_CLOSE);
- expect_log_entry();
-
- mock_clean_saved_logs();
- ret = tor_tls_get_error(tls, 0, 2, "something", LOG_WARN, 0);
- tt_int_op(ret, OP_EQ, -10);
- expect_no_log_entry();
-
- mock_clean_saved_logs();
- ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99);
- ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
- tt_int_op(ret, OP_EQ, -9);
- expect_log_msg("TLS error while something: (null) (in system library:"
- "connect:before/accept initialization)\n");
-
- done:
- teardown_capture_of_logs();
- SSL_free(tls->ssl);
- tor_free(tls);
- SSL_CTX_free(ctx);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-static void
-test_tortls_always_accept_verify_cb(void *ignored)
-{
- (void)ignored;
- int ret;
-
- ret = always_accept_verify_cb(0, NULL);
- tt_int_op(ret, OP_EQ, 1);
-
- done:
- (void)0;
-}
-
-#ifndef OPENSSL_OPAQUE
-static void
-test_tortls_x509_cert_free(void *ignored)
-{
- (void)ignored;
- tor_x509_cert_t *cert;
-
- cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
- tor_x509_cert_free(cert);
-
- cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
- cert->cert = X509_new();
- cert->encoded = tor_malloc_zero(1);
- tor_x509_cert_free(cert);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
static void
test_tortls_x509_cert_get_id_digests(void *ignored)
@@ -552,160 +245,6 @@ test_tortls_x509_cert_get_id_digests(void *ignored)
tor_free(d);
}
-#ifndef OPENSSL_OPAQUE
-static int
-fixed_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
-{
- (void) a; (void) b;
- return 1;
-}
-
-/*
- * Use only for the matching fake_x509_free() call
- */
-static X509 *
-fake_x509_malloc(void)
-{
- return tor_malloc_zero(sizeof(X509));
-}
-
-static void
-fake_x509_free(X509 *cert)
-{
- if (cert) {
- if (cert->cert_info) {
- if (cert->cert_info->key) {
- if (cert->cert_info->key->pkey) {
- tor_free(cert->cert_info->key->pkey);
- }
- tor_free(cert->cert_info->key);
- }
- tor_free(cert->cert_info);
- }
- tor_free(cert);
- }
-}
-
-static void
-test_tortls_cert_matches_key(void *ignored)
-{
- (void)ignored;
- int res;
- tor_tls_t *tls;
- tor_x509_cert_t *cert;
- X509 *one = NULL, *two = NULL;
- EVP_PKEY_ASN1_METHOD *meth = EVP_PKEY_asn1_new(999, 0, NULL, NULL);
- EVP_PKEY_asn1_set_public(meth, NULL, NULL, fixed_pub_cmp, NULL, NULL, NULL);
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
- one = fake_x509_malloc();
- one->references = 1;
- two = fake_x509_malloc();
- two->references = 1;
-
- res = tor_tls_cert_matches_key(tls, cert);
- tt_int_op(res, OP_EQ, 0);
-
- tls->ssl = tor_malloc_zero(sizeof(SSL));
- tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
- tls->ssl->session->peer = one;
- res = tor_tls_cert_matches_key(tls, cert);
- tt_int_op(res, OP_EQ, 0);
-
- cert->cert = two;
- res = tor_tls_cert_matches_key(tls, cert);
- tt_int_op(res, OP_EQ, 0);
-
- one->cert_info = tor_malloc_zero(sizeof(X509_CINF));
- one->cert_info->key = tor_malloc_zero(sizeof(X509_PUBKEY));
- one->cert_info->key->pkey = tor_malloc_zero(sizeof(EVP_PKEY));
- one->cert_info->key->pkey->references = 1;
- one->cert_info->key->pkey->ameth = meth;
- one->cert_info->key->pkey->type = 1;
-
- two->cert_info = tor_malloc_zero(sizeof(X509_CINF));
- two->cert_info->key = tor_malloc_zero(sizeof(X509_PUBKEY));
- two->cert_info->key->pkey = tor_malloc_zero(sizeof(EVP_PKEY));
- two->cert_info->key->pkey->references = 1;
- two->cert_info->key->pkey->ameth = meth;
- two->cert_info->key->pkey->type = 2;
-
- res = tor_tls_cert_matches_key(tls, cert);
- tt_int_op(res, OP_EQ, 0);
-
- one->cert_info->key->pkey->type = 1;
- two->cert_info->key->pkey->type = 1;
- res = tor_tls_cert_matches_key(tls, cert);
- tt_int_op(res, OP_EQ, 1);
-
- done:
- EVP_PKEY_asn1_free(meth);
- tor_free(tls->ssl->session);
- tor_free(tls->ssl);
- tor_free(tls);
- tor_free(cert);
- fake_x509_free(one);
- fake_x509_free(two);
-}
-
-static void
-test_tortls_cert_get_key(void *ignored)
-{
- (void)ignored;
- tor_x509_cert_t *cert = NULL;
- crypto_pk_t *res = NULL;
- cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
- X509 *key = NULL;
- key = fake_x509_malloc();
- key->references = 1;
-
- res = tor_tls_cert_get_key(cert);
- tt_assert(!res);
-
- cert->cert = key;
- key->cert_info = tor_malloc_zero(sizeof(X509_CINF));
- key->cert_info->key = tor_malloc_zero(sizeof(X509_PUBKEY));
- key->cert_info->key->pkey = tor_malloc_zero(sizeof(EVP_PKEY));
- key->cert_info->key->pkey->references = 1;
- key->cert_info->key->pkey->type = 2;
- res = tor_tls_cert_get_key(cert);
- tt_assert(!res);
-
- done:
- fake_x509_free(key);
- tor_free(cert);
- crypto_pk_free(res);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-static void
-test_tortls_get_my_client_auth_key(void *ignored)
-{
- (void)ignored;
- crypto_pk_t *ret;
- crypto_pk_t *expected;
- tor_tls_context_t *ctx;
- RSA *k = RSA_new();
-
- ctx = tor_malloc_zero(sizeof(tor_tls_context_t));
- expected = crypto_new_pk_from_rsa_(k);
- ctx->auth_key = expected;
-
- client_tls_context = NULL;
- ret = tor_tls_get_my_client_auth_key();
- tt_assert(!ret);
-
- client_tls_context = ctx;
- ret = tor_tls_get_my_client_auth_key();
- tt_assert(ret == expected);
-
- done:
- RSA_free(k);
- tor_free(expected);
- tor_free(ctx);
-}
-
static void
test_tortls_get_my_certs(void *ignored)
{
@@ -741,437 +280,7 @@ test_tortls_get_my_certs(void *ignored)
(void)1;
}
-#ifndef HAVE_SSL_GET_CLIENT_CIPHERS
-static SSL_CIPHER *
-get_cipher_by_name(const char *name)
-{
- int i;
- const SSL_METHOD *method = SSLv23_method();
- int num = method->num_ciphers();
-
- for (i = 0; i < num; ++i) {
- const SSL_CIPHER *cipher = method->get_cipher(i);
- const char *ciphername = SSL_CIPHER_get_name(cipher);
- if (!strcmp(ciphername, name)) {
- return (SSL_CIPHER *)cipher;
- }
- }
-
- return NULL;
-}
-#endif /* !defined(HAVE_SSL_GET_CLIENT_CIPHERS) */
-
-#ifndef OPENSSL_OPAQUE
-static void
-test_tortls_get_ciphersuite_name(void *ignored)
-{
- (void)ignored;
- const char *ret;
- tor_tls_t *ctx;
- ctx = tor_malloc_zero(sizeof(tor_tls_t));
- ctx->ssl = tor_malloc_zero(sizeof(SSL));
-
- ret = tor_tls_get_ciphersuite_name(ctx);
- tt_str_op(ret, OP_EQ, "(NONE)");
-
- done:
- tor_free(ctx->ssl);
- tor_free(ctx);
-}
-
-static SSL_CIPHER *
-get_cipher_by_id(uint16_t id)
-{
- int i;
- const SSL_METHOD *method = SSLv23_method();
- int num = method->num_ciphers();
- for (i = 0; i < num; ++i) {
- const SSL_CIPHER *cipher = method->get_cipher(i);
- if (id == (SSL_CIPHER_get_id(cipher) & 0xffff)) {
- return (SSL_CIPHER *)cipher;
- }
- }
-
- return NULL;
-}
-
-static void
-test_tortls_classify_client_ciphers(void *ignored)
-{
- (void)ignored;
- int i;
- int ret;
- SSL_CTX *ctx;
- SSL *ssl;
- tor_tls_t *tls;
- STACK_OF(SSL_CIPHER) *ciphers;
- SSL_CIPHER *tmp_cipher;
-
- library_init();
-
- tor_tls_allocate_tor_tls_object_ex_data_index();
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->magic = TOR_TLS_MAGIC;
-
- ctx = SSL_CTX_new(TLSv1_method());
- ssl = SSL_new(ctx);
- tls->ssl = ssl;
-
- ciphers = sk_SSL_CIPHER_new_null();
-
- ret = tor_tls_classify_client_ciphers(ssl, NULL);
- tt_int_op(ret, OP_EQ, -1);
-
- SSL_set_ex_data(ssl, tor_tls_object_ex_data_index, tls);
- tls->client_cipher_list_type = 42;
-
- ret = tor_tls_classify_client_ciphers(ssl, NULL);
- tt_int_op(ret, OP_EQ, 42);
-
- tls->client_cipher_list_type = 0;
- ret = tor_tls_classify_client_ciphers(ssl, ciphers);
- tt_int_op(ret, OP_EQ, 1);
- tt_int_op(tls->client_cipher_list_type, OP_EQ, 1);
-
- tls->client_cipher_list_type = 0;
- ret = tor_tls_classify_client_ciphers(ssl, SSL_get_ciphers(ssl));
- tt_int_op(ret, OP_EQ, 3);
- tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
-
- SSL_CIPHER *one = get_cipher_by_name(TLS1_TXT_DHE_RSA_WITH_AES_128_SHA),
- *two = get_cipher_by_name(TLS1_TXT_DHE_RSA_WITH_AES_256_SHA),
- *three = get_cipher_by_name(SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA),
- *four = NULL;
- sk_SSL_CIPHER_push(ciphers, one);
- sk_SSL_CIPHER_push(ciphers, two);
- sk_SSL_CIPHER_push(ciphers, three);
- sk_SSL_CIPHER_push(ciphers, four);
-
- tls->client_cipher_list_type = 0;
- ret = tor_tls_classify_client_ciphers(ssl, ciphers);
- tt_int_op(ret, OP_EQ, 1);
- tt_int_op(tls->client_cipher_list_type, OP_EQ, 1);
-
- sk_SSL_CIPHER_zero(ciphers);
-
- one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
- tt_assert(one);
- one->id = 0x00ff;
- two = get_cipher_by_name("ECDHE-RSA-AES128-GCM-SHA256");
- tt_assert(two);
- two->id = 0x0000;
- sk_SSL_CIPHER_push(ciphers, one);
- tls->client_cipher_list_type = 0;
- ret = tor_tls_classify_client_ciphers(ssl, ciphers);
- tt_int_op(ret, OP_EQ, 3);
- tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
-
- sk_SSL_CIPHER_push(ciphers, two);
- tls->client_cipher_list_type = 0;
- ret = tor_tls_classify_client_ciphers(ssl, ciphers);
- tt_int_op(ret, OP_EQ, 3);
- tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
-
- one->id = 0xC00A;
- tls->client_cipher_list_type = 0;
- ret = tor_tls_classify_client_ciphers(ssl, ciphers);
- tt_int_op(ret, OP_EQ, 3);
- tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
-
- sk_SSL_CIPHER_zero(ciphers);
- for (i=0; v2_cipher_list[i]; i++) {
- tmp_cipher = get_cipher_by_id(v2_cipher_list[i]);
- tt_assert(tmp_cipher);
- sk_SSL_CIPHER_push(ciphers, tmp_cipher);
- }
- tls->client_cipher_list_type = 0;
- ret = tor_tls_classify_client_ciphers(ssl, ciphers);
- tt_int_op(ret, OP_EQ, 2);
- tt_int_op(tls->client_cipher_list_type, OP_EQ, 2);
-
- done:
- sk_SSL_CIPHER_free(ciphers);
- SSL_free(tls->ssl);
- tor_free(tls);
- SSL_CTX_free(ctx);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-static void
-test_tortls_client_is_using_v2_ciphers(void *ignored)
-{
- (void)ignored;
-
-#ifdef HAVE_SSL_GET_CLIENT_CIPHERS
- tt_skip();
- done:
- (void)1;
-#else
- int ret;
- SSL_CTX *ctx;
- SSL *ssl;
- SSL_SESSION *sess;
- STACK_OF(SSL_CIPHER) *ciphers;
-
- library_init();
-
- ctx = SSL_CTX_new(TLSv1_method());
- ssl = SSL_new(ctx);
- sess = SSL_SESSION_new();
-
- ret = tor_tls_client_is_using_v2_ciphers(ssl);
- tt_int_op(ret, OP_EQ, -1);
-
- ssl->session = sess;
- ret = tor_tls_client_is_using_v2_ciphers(ssl);
- tt_int_op(ret, OP_EQ, 0);
-
- ciphers = sk_SSL_CIPHER_new_null();
- SSL_CIPHER *one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
- tt_assert(one);
- one->id = 0x00ff;
- sk_SSL_CIPHER_push(ciphers, one);
- sess->ciphers = ciphers;
- ret = tor_tls_client_is_using_v2_ciphers(ssl);
- tt_int_op(ret, OP_EQ, 1);
- done:
- SSL_free(ssl);
- SSL_CTX_free(ctx);
-#endif /* defined(HAVE_SSL_GET_CLIENT_CIPHERS) */
-}
-
-#ifndef OPENSSL_OPAQUE
-static X509 *fixed_try_to_extract_certs_from_tls_cert_out_result = NULL;
-static X509 *fixed_try_to_extract_certs_from_tls_id_cert_out_result = NULL;
-
-static void
-fixed_try_to_extract_certs_from_tls(int severity, tor_tls_t *tls,
- X509 **cert_out, X509 **id_cert_out)
-{
- (void) severity;
- (void) tls;
- *cert_out = fixed_try_to_extract_certs_from_tls_cert_out_result;
- *id_cert_out = fixed_try_to_extract_certs_from_tls_id_cert_out_result;
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
-static const char* notCompletelyValidCertString =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAb8CAg37MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG\n"
- "A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE\n"
- "MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl\n"
- "YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw\n"
- "ODIyMDUyNzIzWhcNMTcwODIxMDUyNzIzWjBKMQswCQYDVQQGEwJKUDEOMAwGA1UE\n"
- "CAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBs\n"
- "ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYBBrx5PlP0WNI/ZdzD\n"
- "+6Pktmurn+F2kQYbtc7XQh8/LTBvCo+P6iZoLEmUA9e7EXLRxgU1CVqeAi7QcAn9\n"
- "MwBlc8ksFJHB0rtf9pmf8Oza9E0Bynlq/4/Kb1x+d+AyhL7oK9tQwB24uHOueHi1\n"
- "C/iVv8CSWKiYe6hzN1txYe8rAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAASPdjigJ\n"
- "kXCqKWpnZ/Oc75EUcMi6HztaW8abUMlYXPIgkV2F7YanHOB7K4f7OOLjiz8DTPFf\n"
- "jC9UeuErhaA/zzWi8ewMTFZW/WshOrm3fNvcMrMLKtH534JKvcdMg6qIdjTFINIr\n"
- "evnAhf0cwULaebn+lMs8Pdl7y37+sfluVok=\n"
- "-----END CERTIFICATE-----\n";
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-static const char* validCertString = "-----BEGIN CERTIFICATE-----\n"
- "MIIDpTCCAY0CAg3+MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVTMREwDwYD\n"
- "VQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzEUMBIGA1UECgwLVG9yIFRl\n"
- "c3RpbmcxFDASBgNVBAMMC1RvciBUZXN0aW5nMB4XDTE1MDkwNjEzMzk1OVoXDTQz\n"
- "MDEyMjEzMzk1OVowVjELMAkGA1UEBhMCVVMxEDAOBgNVBAcMB0NoaWNhZ28xFDAS\n"
- "BgNVBAoMC1RvciBUZXN0aW5nMR8wHQYDVQQDDBZ0ZXN0aW5nLnRvcnByb2plY3Qu\n"
- "b3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoT6uyVVhWyOF3wkHjjYbd\n"
- "nKaykyRv4JVtKQdZ4OpEErmX1zw4MmyzpQNV6iR4bQnWiyLfzyVJMZDIC/WILBfX\n"
- "w2Pza/yuLgUvDc3twMuhOACzOQVO8PrEF/aVv2+hbCCy2udXvKhnYn+CCXl3ozc8\n"
- "XcKYvujTXDyvGWY3xwAjlQIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQCUvnhzQWuQ\n"
- "MrN+pERkE+zcTI/9dGS90rUMMLgu8VDNqTa0TUQh8uO0EQ6uDvI8Js6e8tgwS0BR\n"
- "UBahqb7ZHv+rejGCBr5OudqD+x4STiiuPNJVs86JTLN8SpM9CHjIBH5WCCN2KOy3\n"
- "mevNoRcRRyYJzSFULCunIK6FGulszigMYGscrO4oiTkZiHPh9KvWT40IMiHfL+Lw\n"
- "EtEWiLex6064LcA2YQ1AMuSZyCexks63lcfaFmQbkYOKqXa1oLkIRuDsOaSVjTfe\n"
- "vec+X6jvf12cFTKS5WIeqkKF2Irt+dJoiHEGTe5RscUMN/f+gqHPzfFz5dR23sxo\n"
- "g+HC6MZHlFkLAOx3wW6epPS8A/m1mw3zMPoTnb2U2YYt8T0dJMMlUn/7Y1sEAa+a\n"
- "dSTMaeUf6VnJ//11m454EZl1to9Z7oJOgqmFffSrdD4BGIWe8f7hhW6L1Enmqe/J\n"
- "BKL3wbzZh80O1W0bndAwhnEEhlzneFY84cbBo9pmVxpODHkUcStpr5Z7pBDrcL21\n"
- "Ss/aB/1YrsVXhdvJdOGxl3Mnl9dUY57CympLGlT8f0pPS6GAKOelECOhFMHmJd8L\n"
- "dj3XQSmKtYHevZ6IvuMXSlB/fJvSjSlkCuLo5+kJoaqPuRu+i/S1qxeRy3CBwmnE\n"
- "LdSNdcX4N79GQJ996PA8+mUCQG7YRtK+WA==\n"
- "-----END CERTIFICATE-----\n";
-
-static const char* caCertString = "-----BEGIN CERTIFICATE-----\n"
- "MIIFjzCCA3egAwIBAgIJAKd5WgyfPMYRMA0GCSqGSIb3DQEBCwUAMF4xCzAJBgNV\n"
- "BAYTAlVTMREwDwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzEUMBIG\n"
- "A1UECgwLVG9yIFRlc3RpbmcxFDASBgNVBAMMC1RvciBUZXN0aW5nMB4XDTE1MDkw\n"
- "NjEzMzc0MVoXDTQzMDEyMjEzMzc0MVowXjELMAkGA1UEBhMCVVMxETAPBgNVBAgM\n"
- "CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRQwEgYDVQQKDAtUb3IgVGVzdGlu\n"
- "ZzEUMBIGA1UEAwwLVG9yIFRlc3RpbmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\n"
- "ggIKAoICAQCpLMUEiLW5leUgBZoEJms2V7lZRhIAjnJBhVMHD0e3UubNknmaQoxf\n"
- "ARz3rvqOaRd0JlV+qM9qE0DjiYcCVP1cAfqAo9d83uS1vwY3YMVJzADlaIiHfyVW\n"
- "uEgBy0vvkeUBqaua24dYlcwsemOiXYLu41yM1wkcGHW1AhBNHppY6cznb8TyLgNM\n"
- "2x3SGUdzc5XMyAFx51faKGBA3wjs+Hg1PLY7d30nmCgEOBavpm5I1disM/0k+Mcy\n"
- "YmAKEo/iHJX/rQzO4b9znP69juLlR8PDBUJEVIG/CYb6+uw8MjjUyiWXYoqfVmN2\n"
- "hm/lH8b6rXw1a2Aa3VTeD0DxaWeacMYHY/i01fd5n7hCoDTRNdSw5KJ0L3Z0SKTu\n"
- "0lzffKzDaIfyZGlpW5qdouACkWYzsaitQOePVE01PIdO30vUfzNTFDfy42ccx3Di\n"
- "59UCu+IXB+eMtrBfsok0Qc63vtF1linJgjHW1z/8ujk8F7/qkOfODhk4l7wngc2A\n"
- "EmwWFIFoGaiTEZHB9qteXr4unbXZ0AHpM02uGGwZEGohjFyebEb73M+J57WKKAFb\n"
- "PqbLcGUksL1SHNBNAJcVLttX55sO4nbidOS/kA3m+F1R04MBTyQF9qA6YDDHqdI3\n"
- "h/3pw0Z4fxVouTYT4/NfRnX4JTP4u+7Mpcoof28VME0qWqD1LnRhFQIDAQABo1Aw\n"
- "TjAdBgNVHQ4EFgQUMoAgIXH7pZ3QMRwTjT+DM9Yo/v0wHwYDVR0jBBgwFoAUMoAg\n"
- "IXH7pZ3QMRwTjT+DM9Yo/v0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC\n"
- "AgEAUJxacjXR9sT+Xs6ISFiUsyd0T6WVKMnV46xrYJHirGfx+krWHrjxMY+ZtxYD\n"
- "DBDGlo11Qc4v6QrclNf5QUBfIiGQsP9Cm6hHcQ+Tpg9HHCgSqG1YNPwCPReCR4br\n"
- "BLvLfrfkcBL2IWM0PdQdCze+59DBfipsULD2mEn9fjYRXQEwb2QWtQ9qRc20Yb/x\n"
- "Q4b/+CvUodLkaq7B8MHz0BV8HHcBoph6DYaRmO/N+hPauIuSp6XyaGYcEefGKVKj\n"
- "G2+fcsdyXsoijNdL8vNKwm4j2gVwCBnw16J00yfFoV46YcbfqEdJB2je0XSvwXqt\n"
- "14AOTngxso2h9k9HLtrfpO1ZG/B5AcCMs1lzbZ2fp5DPHtjvvmvA2RJqgo3yjw4W\n"
- "4DHAuTglYFlC3mDHNfNtcGP20JvepcQNzNP2UzwcpOc94hfKikOFw+gf9Vf1qd0y\n"
- "h/Sk6OZHn2+JVUPiWHIQV98Vtoh4RmUZDJD+b55ia3fQGTGzt4z1XFzQYSva5sfs\n"
- "wocS/papthqWldQU7x+3wofNd5CNU1x6WKXG/yw30IT/4F8ADJD6GeygNT8QJYvt\n"
- "u/8lAkbOy6B9xGmSvr0Kk1oq9P2NshA6kalxp1Oz/DTNDdL4AeBXV3JmM6WWCjGn\n"
- "Yy1RT69d0rwYc5u/vnqODz1IjvT90smsrkBumGt791FAFeg=\n"
- "-----END CERTIFICATE-----\n";
-
-static X509 *
-read_cert_from(const char *str)
-{
- BIO *bio = BIO_new(BIO_s_mem());
- BIO_write(bio, str, (int) strlen(str));
- X509 *res = PEM_read_bio_X509(bio, NULL, NULL, NULL);
- BIO_free(bio);
- return res;
-}
-
-#ifndef OPENSSL_OPAQUE
-static void
-test_tortls_verify(void *ignored)
-{
- (void)ignored;
- int ret;
- tor_tls_t *tls;
- crypto_pk_t *k = NULL;
- X509 *cert1 = NULL, *cert2 = NULL, *invalidCert = NULL,
- *validCert = NULL, *caCert = NULL;
-
- cert1 = tor_malloc_zero(sizeof(X509));
- cert1->references = 10;
-
- cert2 = tor_malloc_zero(sizeof(X509));
- cert2->references = 10;
-
- validCert = read_cert_from(validCertString);
- caCert = read_cert_from(caCertString);
- invalidCert = read_cert_from(notCompletelyValidCertString);
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- ret = tor_tls_verify(LOG_WARN, tls, &k);
- tt_int_op(ret, OP_EQ, -1);
-
- MOCK(try_to_extract_certs_from_tls, fixed_try_to_extract_certs_from_tls);
-
- fixed_try_to_extract_certs_from_tls_cert_out_result = cert1;
- ret = tor_tls_verify(LOG_WARN, tls, &k);
- tt_int_op(ret, OP_EQ, -1);
-
- fixed_try_to_extract_certs_from_tls_id_cert_out_result = cert2;
- ret = tor_tls_verify(LOG_WARN, tls, &k);
- tt_int_op(ret, OP_EQ, -1);
-
- fixed_try_to_extract_certs_from_tls_cert_out_result = invalidCert;
- fixed_try_to_extract_certs_from_tls_id_cert_out_result = invalidCert;
-
- ret = tor_tls_verify(LOG_WARN, tls, &k);
- tt_int_op(ret, OP_EQ, -1);
-
- fixed_try_to_extract_certs_from_tls_cert_out_result = validCert;
- fixed_try_to_extract_certs_from_tls_id_cert_out_result = caCert;
-
- ret = tor_tls_verify(LOG_WARN, tls, &k);
- tt_int_op(ret, OP_EQ, 0);
- tt_assert(k);
-
- done:
- UNMOCK(try_to_extract_certs_from_tls);
- tor_free(cert1);
- tor_free(cert2);
- tor_free(tls);
- tor_free(k);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
-static void
-test_tortls_check_lifetime(void *ignored)
-{
- (void)ignored;
- int ret;
- tor_tls_t *tls;
- X509 *validCert = read_cert_from(validCertString);
- time_t now = time(NULL);
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- ret = tor_tls_check_lifetime(LOG_WARN, tls, time(NULL), 0, 0);
- tt_int_op(ret, OP_EQ, -1);
-
- tls->ssl = tor_malloc_zero(sizeof(SSL));
- tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
- tls->ssl->session->peer = validCert;
- ret = tor_tls_check_lifetime(LOG_WARN, tls, time(NULL), 0, 0);
- tt_int_op(ret, OP_EQ, 0);
-
- ASN1_STRING_free(validCert->cert_info->validity->notBefore);
- validCert->cert_info->validity->notBefore = ASN1_TIME_set(NULL, now-10);
- ASN1_STRING_free(validCert->cert_info->validity->notAfter);
- validCert->cert_info->validity->notAfter = ASN1_TIME_set(NULL, now+60);
-
- ret = tor_tls_check_lifetime(LOG_WARN, tls, time(NULL), 0, -1000);
- tt_int_op(ret, OP_EQ, -1);
-
- ret = tor_tls_check_lifetime(LOG_WARN, tls, time(NULL), -1000, 0);
- tt_int_op(ret, OP_EQ, -1);
-
- done:
- tor_free(tls->ssl->session);
- tor_free(tls->ssl);
- tor_free(tls);
- X509_free(validCert);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
-static int fixed_ssl_pending_result = 0;
-
-static int
-fixed_ssl_pending(const SSL *ignored)
-{
- (void)ignored;
- return fixed_ssl_pending_result;
-}
-
-static void
-test_tortls_get_pending_bytes(void *ignored)
-{
- (void)ignored;
- int ret;
- tor_tls_t *tls;
- SSL_METHOD *method;
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->ssl = tor_malloc_zero(sizeof(SSL));
- method = tor_malloc_zero(sizeof(SSL_METHOD));
- method->ssl_pending = fixed_ssl_pending;
- tls->ssl->method = method;
-
- fixed_ssl_pending_result = 42;
- ret = tor_tls_get_pending_bytes(tls);
- tt_int_op(ret, OP_EQ, 42);
-
- done:
- tor_free(method);
- tor_free(tls->ssl);
- tor_free(tls);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
+#ifdef ENABLE_OPENSSL
static void
test_tortls_get_forced_write_size(void *ignored)
{
@@ -1190,30 +299,6 @@ test_tortls_get_forced_write_size(void *ignored)
}
static void
-test_tortls_get_write_overhead_ratio(void *ignored)
-{
- (void)ignored;
- double ret;
-
- total_bytes_written_over_tls = 0;
- ret = tls_get_write_overhead_ratio();
- tt_double_op(fabs(ret - 1.0), OP_LT, 1E-12);
-
- total_bytes_written_by_tls = 10;
- total_bytes_written_over_tls = 1;
- ret = tls_get_write_overhead_ratio();
- tt_double_op(fabs(ret - 10.0), OP_LT, 1E-12);
-
- total_bytes_written_by_tls = 10;
- total_bytes_written_over_tls = 2;
- ret = tls_get_write_overhead_ratio();
- tt_double_op(fabs(ret - 5.0), OP_LT, 1E-12);
-
- done:
- (void)0;
-}
-
-static void
test_tortls_used_v1_handshake(void *ignored)
{
(void)ignored;
@@ -1235,23 +320,6 @@ test_tortls_used_v1_handshake(void *ignored)
}
static void
-test_tortls_get_num_server_handshakes(void *ignored)
-{
- (void)ignored;
- int ret;
- tor_tls_t *tls;
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
-
- tls->server_handshake_count = 3;
- ret = tor_tls_get_num_server_handshakes(tls);
- tt_int_op(ret, OP_EQ, 3);
-
- done:
- tor_free(tls);
-}
-
-static void
test_tortls_server_got_renegotiate(void *ignored)
{
(void)ignored;
@@ -1267,116 +335,7 @@ test_tortls_server_got_renegotiate(void *ignored)
done:
tor_free(tls);
}
-
-#ifndef OPENSSL_OPAQUE
-static void
-test_tortls_SSL_SESSION_get_master_key(void *ignored)
-{
- (void)ignored;
- size_t ret;
- tor_tls_t *tls;
- uint8_t *out;
- out = tor_malloc_zero(1);
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->ssl = tor_malloc_zero(sizeof(SSL));
- tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
- tls->ssl->session->master_key_length = 1;
-
-#ifndef HAVE_SSL_SESSION_GET_MASTER_KEY
- tls->ssl->session->master_key[0] = 43;
- ret = SSL_SESSION_get_master_key(tls->ssl->session, out, 0);
- tt_int_op(ret, OP_EQ, 1);
- tt_int_op(out[0], OP_EQ, 0);
-
- ret = SSL_SESSION_get_master_key(tls->ssl->session, out, 1);
- tt_int_op(ret, OP_EQ, 1);
- tt_int_op(out[0], OP_EQ, 43);
-
- done:
-#endif /* !defined(HAVE_SSL_SESSION_GET_MASTER_KEY) */
- tor_free(tls->ssl->session);
- tor_free(tls->ssl);
- tor_free(tls);
- tor_free(out);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
-static void
-test_tortls_get_tlssecrets(void *ignored)
-{
- (void)ignored;
- int ret;
- uint8_t *secret_out = tor_malloc_zero(DIGEST256_LEN);
- tor_tls_t *tls;
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->ssl = tor_malloc_zero(sizeof(SSL));
- tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
- tls->ssl->session->master_key_length = 1;
- tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
-
- ret = tor_tls_get_tlssecrets(tls, secret_out);
- tt_int_op(ret, OP_EQ, 0);
-
- done:
- tor_free(secret_out);
- tor_free(tls->ssl->s3);
- tor_free(tls->ssl->session);
- tor_free(tls->ssl);
- tor_free(tls);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
-static void
-test_tortls_get_buffer_sizes(void *ignored)
-{
- (void)ignored;
- int ret;
- tor_tls_t *tls;
- size_t rbuf_c=-1, rbuf_b=-1, wbuf_c=-1, wbuf_b=-1;
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->ssl = tor_malloc_zero(sizeof(SSL));
- tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
-
- tls->ssl->s3->rbuf.buf = NULL;
- tls->ssl->s3->rbuf.len = 1;
- tls->ssl->s3->rbuf.offset = 0;
- tls->ssl->s3->rbuf.left = 42;
-
- tls->ssl->s3->wbuf.buf = NULL;
- tls->ssl->s3->wbuf.len = 2;
- tls->ssl->s3->wbuf.offset = 0;
- tls->ssl->s3->wbuf.left = 43;
-
- ret = tor_tls_get_buffer_sizes(tls, &rbuf_c, &rbuf_b, &wbuf_c, &wbuf_b);
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
- tt_int_op(ret, OP_EQ, -1);
-#else
- tt_int_op(ret, OP_EQ, 0);
- tt_int_op(rbuf_c, OP_EQ, 0);
- tt_int_op(wbuf_c, OP_EQ, 0);
- tt_int_op(rbuf_b, OP_EQ, 42);
- tt_int_op(wbuf_b, OP_EQ, 43);
-
- tls->ssl->s3->rbuf.buf = tor_malloc_zero(1);
- tls->ssl->s3->wbuf.buf = tor_malloc_zero(1);
- ret = tor_tls_get_buffer_sizes(tls, &rbuf_c, &rbuf_b, &wbuf_c, &wbuf_b);
- tt_int_op(ret, OP_EQ, 0);
- tt_int_op(rbuf_c, OP_EQ, 1);
- tt_int_op(wbuf_c, OP_EQ, 2);
-
-#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) */
-
- done:
- tor_free(tls->ssl->s3->rbuf.buf);
- tor_free(tls->ssl->s3->wbuf.buf);
- tor_free(tls->ssl->s3);
- tor_free(tls->ssl);
- tor_free(tls);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
+#endif
static void
test_tortls_evaluate_ecgroup_for_tls(void *ignored)
@@ -1401,1442 +360,177 @@ test_tortls_evaluate_ecgroup_for_tls(void *ignored)
(void)0;
}
-#ifndef OPENSSL_OPAQUE
-typedef struct cert_pkey_st_local
-{
- X509 *x509;
- EVP_PKEY *privatekey;
- const EVP_MD *digest;
-} CERT_PKEY_local;
-
-typedef struct sess_cert_st_local
-{
- STACK_OF(X509) *cert_chain;
- int peer_cert_type;
- CERT_PKEY_local *peer_key;
- CERT_PKEY_local peer_pkeys[8];
- int references;
-} SESS_CERT_local;
-
-static void
-test_tortls_try_to_extract_certs_from_tls(void *ignored)
-{
- (void)ignored;
- tor_tls_t *tls;
- X509 *cert = NULL, *id_cert = NULL, *c1 = NULL, *c2 = NULL;
- SESS_CERT_local *sess = NULL;
-
- c1 = read_cert_from(validCertString);
- c2 = read_cert_from(caCertString);
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->ssl = tor_malloc_zero(sizeof(SSL));
- tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
- sess = tor_malloc_zero(sizeof(SESS_CERT_local));
- tls->ssl->session->sess_cert = (void *)sess;
-
- try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
- tt_assert(!cert);
- tt_assert(!id_cert);
-
- tls->ssl->session->peer = c1;
- try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
- tt_assert(cert == c1);
- tt_assert(!id_cert);
- X509_free(cert); /* decrease refcnt */
-
- sess->cert_chain = sk_X509_new_null();
- try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
- tt_assert(cert == c1);
- tt_assert(!id_cert);
- X509_free(cert); /* decrease refcnt */
-
- sk_X509_push(sess->cert_chain, c1);
- sk_X509_push(sess->cert_chain, c2);
-
- try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
- tt_assert(cert == c1);
- tt_assert(id_cert);
- X509_free(cert); /* decrease refcnt */
-
- done:
- sk_X509_free(sess->cert_chain);
- tor_free(sess);
- tor_free(tls->ssl->session);
- tor_free(tls->ssl);
- tor_free(tls);
- X509_free(c1);
- X509_free(c2);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
-static void
-test_tortls_get_peer_cert(void *ignored)
-{
- (void)ignored;
- tor_x509_cert_t *ret;
- tor_tls_t *tls;
- X509 *cert = NULL;
-
- cert = read_cert_from(validCertString);
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->ssl = tor_malloc_zero(sizeof(SSL));
- tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
-
- ret = tor_tls_get_peer_cert(tls);
- tt_assert(!ret);
-
- tls->ssl->session->peer = cert;
- ret = tor_tls_get_peer_cert(tls);
- tt_assert(ret);
- tt_assert(ret->cert == cert);
-
- done:
- tor_x509_cert_free(ret);
- tor_free(tls->ssl->session);
- tor_free(tls->ssl);
- tor_free(tls);
- X509_free(cert);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
static void
-test_tortls_peer_has_cert(void *ignored)
+test_tortls_double_init(void *arg)
{
- (void)ignored;
- int ret;
- tor_tls_t *tls;
- X509 *cert = NULL;
-
- cert = read_cert_from(validCertString);
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->ssl = tor_malloc_zero(sizeof(SSL));
- tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
-
- ret = tor_tls_peer_has_cert(tls);
- tt_assert(!ret);
-
- tls->ssl->session->peer = cert;
- ret = tor_tls_peer_has_cert(tls);
- tt_assert(ret);
+ (void) arg;
+ /* If we call tor_tls_context_init() a second time, nothing should go
+ * wrong.
+ */
+ crypto_pk_t *pk1 = NULL, *pk2 = NULL;
+ pk1 = pk_generate(2);
+ pk2 = pk_generate(0);
- done:
- tor_free(tls->ssl->session);
- tor_free(tls->ssl);
- tor_free(tls);
- X509_free(cert);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-static void
-test_tortls_is_server(void *ignored)
-{
- (void)ignored;
- tor_tls_t *tls;
- int ret;
+ int r = tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
+ pk1, pk2, 86400);
+ tt_int_op(r, OP_EQ, 0);
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->isServer = 1;
- ret = tor_tls_is_server(tls);
- tt_int_op(ret, OP_EQ, 1);
+ r = tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
+ pk2, pk1, 86400);
+ tt_int_op(r, OP_EQ, 0);
+ /* For a public server context, these are the same */
+ tt_ptr_op(tor_tls_context_get(0), OP_EQ, tor_tls_context_get(1));
done:
- tor_free(tls);
-}
-
-#ifndef OPENSSL_OPAQUE
-static void
-test_tortls_session_secret_cb(void *ignored)
-{
- (void)ignored;
- tor_tls_t *tls;
- SSL_CTX *ctx;
- STACK_OF(SSL_CIPHER) *ciphers = NULL;
- SSL_CIPHER *one;
-
- library_init();
-
- tor_tls_allocate_tor_tls_object_ex_data_index();
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
-
- tls->magic = TOR_TLS_MAGIC;
-
- ctx = SSL_CTX_new(TLSv1_method());
- tls->ssl = SSL_new(ctx);
- SSL_set_ex_data(tls->ssl, tor_tls_object_ex_data_index, tls);
-
- SSL_set_session_secret_cb(tls->ssl, tor_tls_session_secret_cb, NULL);
-
- tor_tls_session_secret_cb(tls->ssl, NULL, NULL, NULL, NULL, NULL);
- tt_assert(!tls->ssl->tls_session_secret_cb);
-
- one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
- one->id = 0x00ff;
- ciphers = sk_SSL_CIPHER_new_null();
- sk_SSL_CIPHER_push(ciphers, one);
-
- tls->client_cipher_list_type = 0;
- tor_tls_session_secret_cb(tls->ssl, NULL, NULL, ciphers, NULL, NULL);
- tt_assert(!tls->ssl->tls_session_secret_cb);
-
- done:
- sk_SSL_CIPHER_free(ciphers);
- SSL_free(tls->ssl);
- SSL_CTX_free(ctx);
- tor_free(tls);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
-/* TODO: It seems block_renegotiation and unblock_renegotiation and
- * using different blags. This might not be correct */
-static void
-test_tortls_block_renegotiation(void *ignored)
-{
- (void)ignored;
- tor_tls_t *tls;
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->ssl = tor_malloc_zero(sizeof(SSL));
- tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
-#ifndef SUPPORT_UNSAFE_RENEGOTIATION_FLAG
-#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0
-#endif
-
- tls->ssl->s3->flags = SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
-
- tor_tls_block_renegotiation(tls);
-
-#ifndef OPENSSL_1_1_API
- tt_assert(!(tls->ssl->s3->flags &
- SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
-#endif
-
- done:
- tor_free(tls->ssl->s3);
- tor_free(tls->ssl);
- tor_free(tls);
-}
-
-static void
-test_tortls_unblock_renegotiation(void *ignored)
-{
- (void)ignored;
- tor_tls_t *tls;
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->ssl = tor_malloc_zero(sizeof(SSL));
- tor_tls_unblock_renegotiation(tls);
-
- tt_uint_op(SSL_get_options(tls->ssl) &
- SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, OP_EQ,
- SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
-
- done:
- tor_free(tls->ssl);
- tor_free(tls);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
-static void
-test_tortls_assert_renegotiation_unblocked(void *ignored)
-{
- (void)ignored;
- tor_tls_t *tls;
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->ssl = tor_malloc_zero(sizeof(SSL));
- tor_tls_unblock_renegotiation(tls);
- tor_tls_assert_renegotiation_unblocked(tls);
- /* No assertion here - this test will fail if tor_assert is turned on
- * and things are bad. */
-
- tor_free(tls->ssl);
- tor_free(tls);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-static void
-test_tortls_set_logged_address(void *ignored)
-{
- (void)ignored;
- tor_tls_t *tls;
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
-
- tor_tls_set_logged_address(tls, "foo bar");
-
- tt_str_op(tls->address, OP_EQ, "foo bar");
-
- tor_tls_set_logged_address(tls, "foo bar 2");
- tt_str_op(tls->address, OP_EQ, "foo bar 2");
-
- done:
- tor_free(tls->address);
- tor_free(tls);
+ crypto_pk_free(pk1);
+ crypto_pk_free(pk2);
}
-#ifndef OPENSSL_OPAQUE
static void
-example_cb(tor_tls_t *t, void *arg)
+test_tortls_bridge_init(void *arg)
{
- (void)t;
(void)arg;
-}
-
-static void
-test_tortls_set_renegotiate_callback(void *ignored)
-{
- (void)ignored;
- tor_tls_t *tls;
- const char *arg = "hello";
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->ssl = tor_malloc_zero(sizeof(SSL));
-
- tor_tls_set_renegotiate_callback(tls, example_cb, (void*)arg);
- tt_assert(tls->negotiated_callback == example_cb);
- tt_assert(tls->callback_arg == arg);
- tt_assert(!tls->got_renegotiate);
-
- /* Assumes V2_HANDSHAKE_SERVER */
- tt_assert(tls->ssl->info_callback == tor_tls_server_info_callback);
-
- tor_tls_set_renegotiate_callback(tls, NULL, (void*)arg);
- tt_assert(tls->ssl->info_callback == tor_tls_debug_state_callback);
-
- done:
- tor_free(tls->ssl);
- tor_free(tls);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
-static SSL_CIPHER *fixed_cipher1 = NULL;
-static SSL_CIPHER *fixed_cipher2 = NULL;
-static const SSL_CIPHER *
-fake_get_cipher(unsigned ncipher)
-{
-
- switch (ncipher) {
- case 1:
- return fixed_cipher1;
- case 2:
- return fixed_cipher2;
- default:
- return NULL;
- }
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
-static void
-test_tortls_find_cipher_by_id(void *ignored)
-{
- (void)ignored;
- int ret;
- SSL *ssl;
- SSL_CTX *ctx;
- const SSL_METHOD *m = TLSv1_method();
- SSL_METHOD *empty_method = tor_malloc_zero(sizeof(SSL_METHOD));
-
- fixed_cipher1 = tor_malloc_zero(sizeof(SSL_CIPHER));
- fixed_cipher2 = tor_malloc_zero(sizeof(SSL_CIPHER));
- fixed_cipher2->id = 0xC00A;
-
- library_init();
-
- ctx = SSL_CTX_new(m);
- ssl = SSL_new(ctx);
-
- ret = find_cipher_by_id(ssl, NULL, 0xC00A);
- tt_int_op(ret, OP_EQ, 1);
-
- ret = find_cipher_by_id(ssl, m, 0xC00A);
- tt_int_op(ret, OP_EQ, 1);
-
- ret = find_cipher_by_id(ssl, m, 0xFFFF);
- tt_int_op(ret, OP_EQ, 0);
+ crypto_pk_t *pk1 = NULL, *pk2 = NULL;
+ pk1 = pk_generate(2);
+ pk2 = pk_generate(0);
- ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
- tt_int_op(ret, OP_EQ, 1);
-
- ret = find_cipher_by_id(ssl, empty_method, 0xFFFF);
-#ifdef HAVE_SSL_CIPHER_FIND
- tt_int_op(ret, OP_EQ, 0);
-#else
- tt_int_op(ret, OP_EQ, 1);
-#endif
-
- empty_method->get_cipher = fake_get_cipher;
- ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
- tt_int_op(ret, OP_EQ, 1);
-
- empty_method->get_cipher = m->get_cipher;
- empty_method->num_ciphers = m->num_ciphers;
- ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
- tt_int_op(ret, OP_EQ, 1);
-
- empty_method->get_cipher = fake_get_cipher;
- empty_method->num_ciphers = m->num_ciphers;
- ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
- tt_int_op(ret, OP_EQ, 1);
-
- empty_method->num_ciphers = fake_num_ciphers;
- ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
-#ifdef HAVE_SSL_CIPHER_FIND
- tt_int_op(ret, OP_EQ, 1);
-#else
- tt_int_op(ret, OP_EQ, 0);
-#endif
-
- done:
- tor_free(empty_method);
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- tor_free(fixed_cipher1);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
-static void
-test_tortls_debug_state_callback(void *ignored)
-{
- (void)ignored;
- SSL *ssl;
- char *buf = tor_malloc_zero(1000);
- int n;
-
- setup_capture_of_logs(LOG_DEBUG);
-
- ssl = tor_malloc_zero(sizeof(SSL));
-
- tor_tls_debug_state_callback(ssl, 32, 45);
-
- n = tor_snprintf(buf, 1000, "SSL %p is now in state unknown"
- " state [type=32,val=45].\n", ssl);
- /* tor's snprintf returns -1 on error */
- tt_int_op(n, OP_NE, -1);
- expect_log_msg(buf);
+ /* If we pass in a server identity key but not the
+ TOR_TLS_CTX_IS_PUBLIC_SERVER flag, we should get a bridge-style
+ configuration, with two distinct contexts. */
+ int r = tor_tls_context_init(0 /* flags */, pk1, pk2, 86400);
+ tt_int_op(r, OP_EQ, 0);
+ tt_ptr_op(tor_tls_context_get(0), OP_NE, tor_tls_context_get(1));
done:
- teardown_capture_of_logs();
- tor_free(buf);
- tor_free(ssl);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
-static void
-test_tortls_server_info_callback(void *ignored)
-{
- (void)ignored;
- tor_tls_t *tls;
- SSL_CTX *ctx;
- SSL *ssl;
-
- library_init();
-
- ctx = SSL_CTX_new(TLSv1_method());
- ssl = SSL_new(ctx);
-
- tor_tls_allocate_tor_tls_object_ex_data_index();
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->magic = TOR_TLS_MAGIC;
- tls->ssl = ssl;
-
- setup_full_capture_of_logs(LOG_WARN);
- SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_A);
- mock_clean_saved_logs();
- tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
- expect_single_log_msg("Couldn't look up the tls for an SSL*. How odd!\n");
-
- SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_B);
- mock_clean_saved_logs();
- tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
- expect_single_log_msg("Couldn't look up the tls for an SSL*. How odd!\n");
-
- SSL_set_state(ssl, 99);
- mock_clean_saved_logs();
- tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
- expect_no_log_entry();
- teardown_capture_of_logs();
-
- SSL_set_ex_data(tls->ssl, tor_tls_object_ex_data_index, tls);
- SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_B);
- tls->negotiated_callback = 0;
- tls->server_handshake_count = 120;
- tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
- tt_int_op(tls->server_handshake_count, OP_EQ, 121);
-
- tls->server_handshake_count = 127;
- tls->negotiated_callback = (void *)1;
- tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
- tt_int_op(tls->server_handshake_count, OP_EQ, 127);
- tt_int_op(tls->got_renegotiate, OP_EQ, 1);
-
- tls->ssl->session = SSL_SESSION_new();
- tls->wasV2Handshake = 0;
- tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
- tt_int_op(tls->wasV2Handshake, OP_EQ, 0);
-
- done:
- teardown_capture_of_logs();
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- tor_free(tls);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
-static int fixed_ssl_read_result_index;
-static int fixed_ssl_read_result[5];
-static int fixed_ssl_shutdown_result;
-
-static int
-fixed_ssl_read(SSL *s, void *buf, int len)
-{
- (void)s;
- (void)buf;
- (void)len;
- return fixed_ssl_read_result[fixed_ssl_read_result_index++];
-}
-
-static int
-fixed_ssl_shutdown(SSL *s)
-{
- (void)s;
- return fixed_ssl_shutdown_result;
-}
-
-#ifndef LIBRESSL_VERSION_NUMBER
-static int fixed_ssl_state_to_set;
-static tor_tls_t *fixed_tls;
-
-static int
-setting_version_ssl_shutdown(SSL *s)
-{
- s->version = SSL2_VERSION;
- return fixed_ssl_shutdown_result;
-}
-
-static int
-setting_version_and_state_ssl_shutdown(SSL *s)
-{
- fixed_tls->state = fixed_ssl_state_to_set;
- s->version = SSL2_VERSION;
- return fixed_ssl_shutdown_result;
-}
-#endif /* !defined(LIBRESSL_VERSION_NUMBER) */
-
-static int
-dummy_handshake_func(SSL *s)
-{
- (void)s;
- return 1;
-}
-
-static void
-test_tortls_shutdown(void *ignored)
-{
- (void)ignored;
- int ret;
- tor_tls_t *tls;
- SSL_METHOD *method = give_me_a_test_method();
- setup_capture_of_logs(LOG_WARN);
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->ssl = tor_malloc_zero(sizeof(SSL));
- tls->ssl->method = method;
- method->ssl_read = fixed_ssl_read;
- method->ssl_shutdown = fixed_ssl_shutdown;
-
- ret = tor_tls_shutdown(tls);
- tt_int_op(ret, OP_EQ, -9);
-
- tls->state = TOR_TLS_ST_SENTCLOSE;
- fixed_ssl_read_result_index = 0;
- fixed_ssl_read_result[0] = 10;
- fixed_ssl_read_result[1] = -1;
- ret = tor_tls_shutdown(tls);
- tt_int_op(ret, OP_EQ, -9);
-
-#ifndef LIBRESSL_VERSION_NUMBER
- tls->ssl->handshake_func = dummy_handshake_func;
-
- fixed_ssl_read_result_index = 0;
- fixed_ssl_read_result[0] = 10;
- fixed_ssl_read_result[1] = 42;
- fixed_ssl_read_result[2] = 0;
- fixed_ssl_shutdown_result = 1;
- ERR_clear_error();
- tls->ssl->version = SSL2_VERSION;
- ret = tor_tls_shutdown(tls);
- tt_int_op(ret, OP_EQ, TOR_TLS_DONE);
- tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_CLOSED);
-
- fixed_ssl_read_result_index = 0;
- fixed_ssl_read_result[0] = 10;
- fixed_ssl_read_result[1] = 42;
- fixed_ssl_read_result[2] = 0;
- fixed_ssl_shutdown_result = 0;
- ERR_clear_error();
- tls->ssl->version = 0;
- ret = tor_tls_shutdown(tls);
- tt_int_op(ret, OP_EQ, TOR_TLS_DONE);
- tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_CLOSED);
-
- fixed_ssl_read_result_index = 0;
- fixed_ssl_read_result[0] = 10;
- fixed_ssl_read_result[1] = 42;
- fixed_ssl_read_result[2] = 0;
- fixed_ssl_shutdown_result = 0;
- ERR_clear_error();
- tls->ssl->version = 0;
- method->ssl_shutdown = setting_version_ssl_shutdown;
- ret = tor_tls_shutdown(tls);
- tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
-
- fixed_ssl_read_result_index = 0;
- fixed_ssl_read_result[0] = 10;
- fixed_ssl_read_result[1] = 42;
- fixed_ssl_read_result[2] = 0;
- fixed_ssl_shutdown_result = 0;
- fixed_tls = tls;
- fixed_ssl_state_to_set = TOR_TLS_ST_GOTCLOSE;
- ERR_clear_error();
- tls->ssl->version = 0;
- method->ssl_shutdown = setting_version_and_state_ssl_shutdown;
- ret = tor_tls_shutdown(tls);
- tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
-
- fixed_ssl_read_result_index = 0;
- fixed_ssl_read_result[0] = 10;
- fixed_ssl_read_result[1] = 42;
- fixed_ssl_read_result[2] = 0;
- fixed_ssl_read_result[3] = -1;
- fixed_ssl_shutdown_result = 0;
- fixed_tls = tls;
- fixed_ssl_state_to_set = 0;
- ERR_clear_error();
- tls->ssl->version = 0;
- method->ssl_shutdown = setting_version_and_state_ssl_shutdown;
- ret = tor_tls_shutdown(tls);
- tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
-#endif /* !defined(LIBRESSL_VERSION_NUMBER) */
-
- done:
- teardown_capture_of_logs();
- tor_free(method);
- tor_free(tls->ssl);
- tor_free(tls);
+ crypto_pk_free(pk1);
+ crypto_pk_free(pk2);
}
-static int negotiated_callback_called;
-
static void
-negotiated_callback_setter(tor_tls_t *t, void *arg)
+test_tortls_address(void *arg)
{
- (void)t;
(void)arg;
- negotiated_callback_called++;
-}
-
-static void
-test_tortls_read(void *ignored)
-{
- (void)ignored;
- int ret;
- tor_tls_t *tls;
- char buf[100];
- SSL_METHOD *method = give_me_a_test_method();
- setup_capture_of_logs(LOG_WARN);
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->ssl = tor_malloc_zero(sizeof(SSL));
- tls->state = TOR_TLS_ST_OPEN;
-
- ret = tor_tls_read(tls, buf, 10);
- tt_int_op(ret, OP_EQ, -9);
-
- /* These tests assume that V2_HANDSHAKE_SERVER is set */
- tls->ssl->handshake_func = dummy_handshake_func;
- tls->ssl->method = method;
- method->ssl_read = fixed_ssl_read;
- fixed_ssl_read_result_index = 0;
- fixed_ssl_read_result[0] = 42;
- tls->state = TOR_TLS_ST_OPEN;
- ERR_clear_error();
- ret = tor_tls_read(tls, buf, 10);
- tt_int_op(ret, OP_EQ, 42);
-
- tls->state = TOR_TLS_ST_OPEN;
- tls->got_renegotiate = 1;
- fixed_ssl_read_result_index = 0;
- ERR_clear_error();
- ret = tor_tls_read(tls, buf, 10);
- tt_int_op(tls->got_renegotiate, OP_EQ, 0);
-
- tls->state = TOR_TLS_ST_OPEN;
- tls->got_renegotiate = 1;
- negotiated_callback_called = 0;
- tls->negotiated_callback = negotiated_callback_setter;
- fixed_ssl_read_result_index = 0;
- ERR_clear_error();
- ret = tor_tls_read(tls, buf, 10);
- tt_int_op(negotiated_callback_called, OP_EQ, 1);
-
-#ifndef LIBRESSL_VERSION_NUMBER
- fixed_ssl_read_result_index = 0;
- fixed_ssl_read_result[0] = 0;
- tls->ssl->version = SSL2_VERSION;
- ERR_clear_error();
- ret = tor_tls_read(tls, buf, 10);
- tt_int_op(ret, OP_EQ, TOR_TLS_CLOSE);
- tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_CLOSED);
-#endif /* !defined(LIBRESSL_VERSION_NUMBER) */
- // TODO: fill up
-
- done:
- teardown_capture_of_logs();
- tor_free(tls->ssl);
- tor_free(tls);
- tor_free(method);
-}
-
-static int fixed_ssl_write_result;
-
-static int
-fixed_ssl_write(SSL *s, const void *buf, int len)
-{
- (void)s;
- (void)buf;
- (void)len;
- return fixed_ssl_write_result;
-}
+ tor_tls_t *tls = NULL;
+ crypto_pk_t *pk1=NULL, *pk2=NULL;
+ pk1 = pk_generate(2);
+ pk2 = pk_generate(0);
-static void
-test_tortls_write(void *ignored)
-{
- (void)ignored;
- int ret;
- tor_tls_t *tls;
- SSL_METHOD *method = give_me_a_test_method();
- char buf[100];
- setup_capture_of_logs(LOG_WARN);
+ int r = tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
+ pk1, pk2, 86400);
+ tt_int_op(r, OP_EQ, 0);
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->ssl = tor_malloc_zero(sizeof(SSL));
+ tls = tor_tls_new(-1, 0);
tls->state = TOR_TLS_ST_OPEN;
+ tor_tls_set_logged_address(tls, "zombo.com");
- ret = tor_tls_write(tls, buf, 0);
- tt_int_op(ret, OP_EQ, 0);
-
- ret = tor_tls_write(tls, buf, 10);
- tt_int_op(ret, OP_EQ, -9);
-
- tls->ssl->method = method;
- tls->wantwrite_n = 1;
- ret = tor_tls_write(tls, buf, 10);
- tt_int_op(tls->wantwrite_n, OP_EQ, 0);
-
- method->ssl_write = fixed_ssl_write;
- tls->ssl->handshake_func = dummy_handshake_func;
- fixed_ssl_write_result = 1;
- ERR_clear_error();
- ret = tor_tls_write(tls, buf, 10);
- tt_int_op(ret, OP_EQ, 1);
-
- fixed_ssl_write_result = -1;
- ERR_clear_error();
- tls->ssl->rwstate = SSL_READING;
- SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL);
- SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_READ;
- ret = tor_tls_write(tls, buf, 10);
- tt_int_op(ret, OP_EQ, TOR_TLS_WANTREAD);
-
- ERR_clear_error();
- tls->ssl->rwstate = SSL_READING;
- SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL);
- SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_WRITE;
- ret = tor_tls_write(tls, buf, 10);
- tt_int_op(ret, OP_EQ, TOR_TLS_WANTWRITE);
-
- done:
- teardown_capture_of_logs();
- BIO_free(tls->ssl->rbio);
- tor_free(tls->ssl);
- tor_free(tls);
- tor_free(method);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
-static int fixed_ssl_accept_result;
-static int fixed_ssl_connect_result;
-
-static int
-setting_error_ssl_accept(SSL *ssl)
-{
- (void)ssl;
- ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99);
- ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99);
- return fixed_ssl_accept_result;
-}
-
-static int
-setting_error_ssl_connect(SSL *ssl)
-{
- (void)ssl;
- ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99);
- ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99);
- return fixed_ssl_connect_result;
-}
-
-static int
-fixed_ssl_accept(SSL *ssl)
-{
- (void) ssl;
- return fixed_ssl_accept_result;
-}
-
-static void
-test_tortls_handshake(void *ignored)
-{
- (void)ignored;
- int ret;
- tor_tls_t *tls;
- SSL_CTX *ctx;
- SSL_METHOD *method = give_me_a_test_method();
+ /* This write should fail, since the fd is -1. */
setup_capture_of_logs(LOG_INFO);
-
- SSL_library_init();
- SSL_load_error_strings();
-
- ctx = SSL_CTX_new(TLSv1_method());
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->ssl = SSL_new(ctx);
- tls->state = TOR_TLS_ST_HANDSHAKE;
-
- ret = tor_tls_handshake(tls);
- tt_int_op(ret, OP_EQ, -9);
-
- tls->isServer = 1;
- tls->state = TOR_TLS_ST_HANDSHAKE;
- ret = tor_tls_handshake(tls);
- tt_int_op(ret, OP_EQ, -9);
-
- tls->ssl->method = method;
- method->ssl_accept = fixed_ssl_accept;
- fixed_ssl_accept_result = 2;
- ERR_clear_error();
- tls->state = TOR_TLS_ST_HANDSHAKE;
- ret = tor_tls_handshake(tls);
- tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_OPEN);
-
- method->ssl_accept = setting_error_ssl_accept;
- fixed_ssl_accept_result = 1;
- ERR_clear_error();
- mock_clean_saved_logs();
- tls->state = TOR_TLS_ST_HANDSHAKE;
- ret = tor_tls_handshake(tls);
- tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
- expect_log_entry();
- /* This fails on jessie. Investigate why! */
-#if 0
- expect_log_msg("TLS error while handshaking: (null) (in bignum routines:"
- "(null):SSLv3 write client hello B)\n");
- expect_log_msg("TLS error while handshaking: (null) (in system library:"
- "connect:SSLv3 write client hello B)\n");
-#endif /* 0 */
- expect_log_severity(LOG_INFO);
-
- tls->isServer = 0;
- method->ssl_connect = setting_error_ssl_connect;
- fixed_ssl_connect_result = 1;
- ERR_clear_error();
- mock_clean_saved_logs();
- tls->state = TOR_TLS_ST_HANDSHAKE;
- ret = tor_tls_handshake(tls);
- tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
- expect_log_entry();
-#if 0
- /* See above */
- expect_log_msg("TLS error while handshaking: "
- "(null) (in bignum routines:(null):SSLv3 write client hello B)\n");
- expect_log_msg("TLS error while handshaking: "
- "(null) (in system library:connect:SSLv3 write client hello B)\n");
-#endif /* 0 */
- expect_log_severity(LOG_WARN);
+ int n = tor_tls_write(tls, "welcome", 7);
+ tt_int_op(n, OP_LT, 0);
+ expect_log_msg_containing("with zombo.com");
done:
teardown_capture_of_logs();
- SSL_free(tls->ssl);
- SSL_CTX_free(ctx);
- tor_free(tls);
- tor_free(method);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
-static void
-test_tortls_finish_handshake(void *ignored)
-{
- (void)ignored;
- int ret;
- tor_tls_t *tls;
- SSL_CTX *ctx;
- SSL_METHOD *method = give_me_a_test_method();
- SSL_library_init();
- SSL_load_error_strings();
-
- X509 *c1 = read_cert_from(validCertString);
- SESS_CERT_local *sess = NULL;
-
- ctx = SSL_CTX_new(method);
-
- tls = tor_malloc_zero(sizeof(tor_tls_t));
- tls->ssl = SSL_new(ctx);
- tls->state = TOR_TLS_ST_OPEN;
-
- ret = tor_tls_finish_handshake(tls);
- tt_int_op(ret, OP_EQ, 0);
-
- tls->isServer = 1;
- tls->wasV2Handshake = 0;
- setup_full_capture_of_logs(LOG_WARN);
- ret = tor_tls_finish_handshake(tls);
- tt_int_op(ret, OP_EQ, 0);
- tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
- expect_single_log_msg_containing("For some reason, wasV2Handshake didn't "
- "get set.");
- teardown_capture_of_logs();
-
- tls->wasV2Handshake = 1;
- ret = tor_tls_finish_handshake(tls);
- tt_int_op(ret, OP_EQ, 0);
- tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
-
- tls->wasV2Handshake = 1;
- tls->ssl->session = SSL_SESSION_new();
- ret = tor_tls_finish_handshake(tls);
- tt_int_op(ret, OP_EQ, 0);
- tt_int_op(tls->wasV2Handshake, OP_EQ, 0);
-
- tls->isServer = 0;
-
- sess = tor_malloc_zero(sizeof(SESS_CERT_local));
- tls->ssl->session->sess_cert = (void *)sess;
- sess->cert_chain = sk_X509_new_null();
- sk_X509_push(sess->cert_chain, c1);
- tls->ssl->session->peer = c1;
- tls->wasV2Handshake = 0;
- ret = tor_tls_finish_handshake(tls);
- tt_int_op(ret, OP_EQ, 0);
- tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
-
- method->num_ciphers = fake_num_ciphers;
- ret = tor_tls_finish_handshake(tls);
- tt_int_op(ret, OP_EQ, -9);
-
- done:
- if (sess)
- sk_X509_free(sess->cert_chain);
- if (tls->ssl && tls->ssl->session) {
- tor_free(tls->ssl->session->sess_cert);
- }
- SSL_free(tls->ssl);
- tor_free(tls);
- SSL_CTX_free(ctx);
- tor_free(method);
- teardown_capture_of_logs();
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-static int fixed_crypto_pk_new_result_index;
-static crypto_pk_t *fixed_crypto_pk_new_result[5];
-
-static crypto_pk_t *
-fixed_crypto_pk_new(void)
-{
- return fixed_crypto_pk_new_result[fixed_crypto_pk_new_result_index++];
-}
-
-#ifndef OPENSSL_OPAQUE
-static int fixed_crypto_pk_generate_key_with_bits_result_index;
-static int fixed_crypto_pk_generate_key_with_bits_result[5];
-static int fixed_tor_tls_create_certificate_result_index;
-static X509 *fixed_tor_tls_create_certificate_result[5];
-static int fixed_tor_x509_cert_new_result_index;
-static tor_x509_cert_t *fixed_tor_x509_cert_new_result[5];
-
-static int
-fixed_crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
-{
- (void)env;
- (void)bits;
- return fixed_crypto_pk_generate_key_with_bits_result[
- fixed_crypto_pk_generate_key_with_bits_result_index++];
-}
-
-static X509 *
-fixed_tor_tls_create_certificate(crypto_pk_t *rsa,
- crypto_pk_t *rsa_sign,
- const char *cname,
- const char *cname_sign,
- unsigned int cert_lifetime)
-{
- (void)rsa;
- (void)rsa_sign;
- (void)cname;
- (void)cname_sign;
- (void)cert_lifetime;
- return fixed_tor_tls_create_certificate_result[
- fixed_tor_tls_create_certificate_result_index++];
-}
-
-static tor_x509_cert_t *
-fixed_tor_x509_cert_new(X509 *x509_cert)
-{
- (void) x509_cert;
- return fixed_tor_x509_cert_new_result[
- fixed_tor_x509_cert_new_result_index++];
+ tor_tls_free(tls);
+ crypto_pk_free(pk1);
+ crypto_pk_free(pk2);
}
static void
-test_tortls_context_new(void *ignored)
+test_tortls_is_server(void *arg)
{
- (void)ignored;
- tor_tls_context_t *ret;
- crypto_pk_t *pk1, *pk2, *pk3, *pk4, *pk5, *pk6, *pk7, *pk8, *pk9, *pk10,
- *pk11, *pk12, *pk13, *pk14, *pk15, *pk16, *pk17, *pk18;
-
- pk1 = crypto_pk_new();
- pk2 = crypto_pk_new();
- pk3 = crypto_pk_new();
- pk4 = crypto_pk_new();
- pk5 = crypto_pk_new();
- pk6 = crypto_pk_new();
- pk7 = crypto_pk_new();
- pk8 = crypto_pk_new();
- pk9 = crypto_pk_new();
- pk10 = crypto_pk_new();
- pk11 = crypto_pk_new();
- pk12 = crypto_pk_new();
- pk13 = crypto_pk_new();
- pk14 = crypto_pk_new();
- pk15 = crypto_pk_new();
- pk16 = crypto_pk_new();
- pk17 = crypto_pk_new();
- pk18 = crypto_pk_new();
-
- fixed_crypto_pk_new_result_index = 0;
- fixed_crypto_pk_new_result[0] = NULL;
- MOCK(crypto_pk_new, fixed_crypto_pk_new);
- ret = tor_tls_context_new(NULL, 0, 0, 0);
- tt_assert(!ret);
-
- /* note: we already override this in testing_common.c, so we
- * run this unit test in a subprocess. */
- MOCK(crypto_pk_generate_key_with_bits,
- fixed_crypto_pk_generate_key_with_bits);
- fixed_crypto_pk_new_result_index = 0;
- fixed_crypto_pk_new_result[0] = pk1;
- fixed_crypto_pk_new_result[1] = NULL;
- fixed_crypto_pk_generate_key_with_bits_result[0] = -1;
- fixed_crypto_pk_generate_key_with_bits_result_index = 0;
- ret = tor_tls_context_new(NULL, 0, 0, 0);
- tt_assert(!ret);
-
- fixed_crypto_pk_new_result_index = 0;
- fixed_crypto_pk_new_result[0] = pk2;
- fixed_crypto_pk_new_result[1] = NULL;
- fixed_crypto_pk_generate_key_with_bits_result[0] = 0;
- fixed_crypto_pk_generate_key_with_bits_result_index = 0;
- ret = tor_tls_context_new(NULL, 0, 0, 0);
- tt_assert(!ret);
-
- fixed_crypto_pk_new_result_index = 0;
- fixed_crypto_pk_new_result[0] = pk3;
- fixed_crypto_pk_new_result[1] = pk4;
- fixed_crypto_pk_new_result[2] = NULL;
- fixed_crypto_pk_generate_key_with_bits_result[0] = 0;
- fixed_crypto_pk_generate_key_with_bits_result[1] = -1;
- fixed_crypto_pk_generate_key_with_bits_result_index = 0;
- ret = tor_tls_context_new(NULL, 0, 0, 0);
- tt_assert(!ret);
-
- MOCK(tor_tls_create_certificate, fixed_tor_tls_create_certificate);
-
- fixed_crypto_pk_new_result_index = 0;
- fixed_crypto_pk_new_result[0] = pk5;
- fixed_crypto_pk_new_result[1] = pk6;
- fixed_crypto_pk_new_result[2] = NULL;
- fixed_crypto_pk_generate_key_with_bits_result_index = 0;
- fixed_crypto_pk_generate_key_with_bits_result[1] = 0;
- fixed_tor_tls_create_certificate_result_index = 0;
- fixed_tor_tls_create_certificate_result[0] = NULL;
- fixed_tor_tls_create_certificate_result[1] = X509_new();
- fixed_tor_tls_create_certificate_result[2] = X509_new();
- ret = tor_tls_context_new(NULL, 0, 0, 0);
- tt_assert(!ret);
-
- fixed_crypto_pk_new_result_index = 0;
- fixed_crypto_pk_new_result[0] = pk7;
- fixed_crypto_pk_new_result[1] = pk8;
- fixed_crypto_pk_new_result[2] = NULL;
- fixed_crypto_pk_generate_key_with_bits_result_index = 0;
- fixed_tor_tls_create_certificate_result_index = 0;
- fixed_tor_tls_create_certificate_result[0] = X509_new();
- fixed_tor_tls_create_certificate_result[1] = NULL;
- fixed_tor_tls_create_certificate_result[2] = X509_new();
- ret = tor_tls_context_new(NULL, 0, 0, 0);
- tt_assert(!ret);
-
- fixed_crypto_pk_new_result_index = 0;
- fixed_crypto_pk_new_result[0] = pk9;
- fixed_crypto_pk_new_result[1] = pk10;
- fixed_crypto_pk_new_result[2] = NULL;
- fixed_crypto_pk_generate_key_with_bits_result_index = 0;
- fixed_tor_tls_create_certificate_result_index = 0;
- fixed_tor_tls_create_certificate_result[0] = X509_new();
- fixed_tor_tls_create_certificate_result[1] = X509_new();
- fixed_tor_tls_create_certificate_result[2] = NULL;
- ret = tor_tls_context_new(NULL, 0, 0, 0);
- tt_assert(!ret);
-
- MOCK(tor_x509_cert_new, fixed_tor_x509_cert_new);
- fixed_crypto_pk_new_result_index = 0;
- fixed_crypto_pk_new_result[0] = pk11;
- fixed_crypto_pk_new_result[1] = pk12;
- fixed_crypto_pk_new_result[2] = NULL;
- fixed_crypto_pk_generate_key_with_bits_result_index = 0;
- fixed_tor_tls_create_certificate_result_index = 0;
- fixed_tor_tls_create_certificate_result[0] = X509_new();
- fixed_tor_tls_create_certificate_result[1] = X509_new();
- fixed_tor_tls_create_certificate_result[2] = X509_new();
- fixed_tor_x509_cert_new_result_index = 0;
- fixed_tor_x509_cert_new_result[0] = NULL;
- fixed_tor_x509_cert_new_result[1] = NULL;
- fixed_tor_x509_cert_new_result[2] = NULL;
- ret = tor_tls_context_new(NULL, 0, 0, 0);
- tt_assert(!ret);
-
- fixed_crypto_pk_new_result_index = 0;
- fixed_crypto_pk_new_result[0] = pk13;
- fixed_crypto_pk_new_result[1] = pk14;
- fixed_crypto_pk_new_result[2] = NULL;
- fixed_crypto_pk_generate_key_with_bits_result_index = 0;
- fixed_tor_tls_create_certificate_result_index = 0;
- fixed_tor_tls_create_certificate_result[0] = X509_new();
- fixed_tor_tls_create_certificate_result[1] = X509_new();
- fixed_tor_tls_create_certificate_result[2] = X509_new();
- fixed_tor_x509_cert_new_result_index = 0;
- fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t));
- fixed_tor_x509_cert_new_result[1] = NULL;
- fixed_tor_x509_cert_new_result[2] = NULL;
- ret = tor_tls_context_new(NULL, 0, 0, 0);
- tt_assert(!ret);
-
- fixed_crypto_pk_new_result_index = 0;
- fixed_crypto_pk_new_result[0] = pk15;
- fixed_crypto_pk_new_result[1] = pk16;
- fixed_crypto_pk_new_result[2] = NULL;
- fixed_crypto_pk_generate_key_with_bits_result_index = 0;
- fixed_tor_tls_create_certificate_result_index = 0;
- fixed_tor_tls_create_certificate_result[0] = X509_new();
- fixed_tor_tls_create_certificate_result[1] = X509_new();
- fixed_tor_tls_create_certificate_result[2] = X509_new();
- fixed_tor_x509_cert_new_result_index = 0;
- fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t));
- fixed_tor_x509_cert_new_result[1] = tor_malloc_zero(sizeof(tor_x509_cert_t));
- fixed_tor_x509_cert_new_result[2] = NULL;
- ret = tor_tls_context_new(NULL, 0, 0, 0);
- tt_assert(!ret);
-
- fixed_crypto_pk_new_result_index = 0;
- fixed_crypto_pk_new_result[0] = pk17;
- fixed_crypto_pk_new_result[1] = pk18;
- fixed_crypto_pk_new_result[2] = NULL;
- fixed_crypto_pk_generate_key_with_bits_result_index = 0;
- fixed_tor_tls_create_certificate_result_index = 0;
- fixed_tor_tls_create_certificate_result[0] = X509_new();
- fixed_tor_tls_create_certificate_result[1] = X509_new();
- fixed_tor_tls_create_certificate_result[2] = X509_new();
- fixed_tor_x509_cert_new_result_index = 0;
- fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t));
- fixed_tor_x509_cert_new_result[1] = tor_malloc_zero(sizeof(tor_x509_cert_t));
- fixed_tor_x509_cert_new_result[2] = tor_malloc_zero(sizeof(tor_x509_cert_t));
- ret = tor_tls_context_new(NULL, 0, 0, 0);
- tt_assert(!ret);
-
- done:
- UNMOCK(tor_x509_cert_new);
- UNMOCK(tor_tls_create_certificate);
- UNMOCK(crypto_pk_generate_key_with_bits);
- UNMOCK(crypto_pk_new);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-static int fixed_crypto_pk_get_evp_pkey_result_index = 0;
-static EVP_PKEY *fixed_crypto_pk_get_evp_pkey_result[5];
+ (void)arg;
+ crypto_pk_t *pk1=NULL, *pk2=NULL;
+ tor_tls_t *tls1=NULL, *tls2=NULL;
+ pk1 = pk_generate(2);
+ pk2 = pk_generate(0);
-static EVP_PKEY *
-fixed_crypto_pk_get_evp_pkey_(crypto_pk_t *env, int private)
-{
- (void) env;
- (void) private;
- return fixed_crypto_pk_get_evp_pkey_result[
- fixed_crypto_pk_get_evp_pkey_result_index++];
-}
+ int r = tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
+ pk1, pk2, 86400);
+ tt_int_op(r, OP_EQ, 0);
+ tls1 = tor_tls_new(-1, 0);
+ tls2 = tor_tls_new(-1, 1);
-static void
-test_tortls_create_certificate(void *ignored)
-{
- (void)ignored;
- X509 *ret;
- crypto_pk_t *pk1, *pk2;
-
- pk1 = crypto_pk_new();
- pk2 = crypto_pk_new();
-
- MOCK(crypto_pk_get_evp_pkey_, fixed_crypto_pk_get_evp_pkey_);
- fixed_crypto_pk_get_evp_pkey_result_index = 0;
- fixed_crypto_pk_get_evp_pkey_result[0] = NULL;
- ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
- tt_assert(!ret);
-
- fixed_crypto_pk_get_evp_pkey_result_index = 0;
- fixed_crypto_pk_get_evp_pkey_result[0] = EVP_PKEY_new();
- fixed_crypto_pk_get_evp_pkey_result[1] = NULL;
- ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
- tt_assert(!ret);
-
- fixed_crypto_pk_get_evp_pkey_result_index = 0;
- fixed_crypto_pk_get_evp_pkey_result[0] = EVP_PKEY_new();
- fixed_crypto_pk_get_evp_pkey_result[1] = EVP_PKEY_new();
- ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
- tt_assert(!ret);
+ tt_assert(! tor_tls_is_server(tls1));
+ tt_assert(tor_tls_is_server(tls2));
done:
- UNMOCK(crypto_pk_get_evp_pkey_);
+ tor_tls_free(tls1);
+ tor_tls_free(tls2);
crypto_pk_free(pk1);
crypto_pk_free(pk2);
}
static void
-test_tortls_cert_new(void *ignored)
-{
- (void)ignored;
- tor_x509_cert_t *ret;
- X509 *cert = read_cert_from(validCertString);
-
- ret = tor_x509_cert_new(NULL);
- tt_assert(!ret);
-
- ret = tor_x509_cert_new(cert);
- tt_assert(ret);
- tor_x509_cert_free(ret);
- ret = NULL;
-
-#if 0
- cert = read_cert_from(validCertString);
- /* XXX this doesn't do what you think: it alters a copy of the pubkey. */
- X509_get_pubkey(cert)->type = EVP_PKEY_DSA;
- ret = tor_x509_cert_new(cert);
- tt_assert(ret);
-#endif /* 0 */
-
-#ifndef OPENSSL_OPAQUE
- cert = read_cert_from(validCertString);
- X509_CINF_free(cert->cert_info);
- cert->cert_info = NULL;
- ret = tor_x509_cert_new(cert);
- tt_assert(ret);
-#endif /* !defined(OPENSSL_OPAQUE) */
-
- done:
- tor_x509_cert_free(ret);
-}
-
-static void
-test_tortls_cert_is_valid(void *ignored)
+test_tortls_verify(void *ignored)
{
(void)ignored;
int ret;
- tor_x509_cert_t *cert = NULL, *scert = NULL;
+ tor_tls_t *tls;
+ crypto_pk_t *k = NULL;
+ tor_x509_cert_impl_t *cert1 = NULL, *cert2 = NULL, *invalidCert = NULL,
+ *validCert = NULL, *caCert = NULL;
- scert = tor_malloc_zero(sizeof(tor_x509_cert_t));
- ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
- tt_int_op(ret, OP_EQ, 0);
+ validCert = read_cert_from(validCertString);
+ caCert = read_cert_from(caCertString);
+ invalidCert = read_cert_from(notCompletelyValidCertString);
- cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
- ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
- tt_int_op(ret, OP_EQ, 0);
- tor_free(scert);
- tor_free(cert);
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
- cert = tor_x509_cert_new(read_cert_from(validCertString));
- scert = tor_x509_cert_new(read_cert_from(caCertString));
- ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
- tt_int_op(ret, OP_EQ, 1);
+ MOCK(try_to_extract_certs_from_tls, fixed_try_to_extract_certs_from_tls);
-#ifndef OPENSSL_OPAQUE
- tor_x509_cert_free(cert);
- tor_x509_cert_free(scert);
- cert = tor_x509_cert_new(read_cert_from(validCertString));
- scert = tor_x509_cert_new(read_cert_from(caCertString));
- ASN1_TIME_free(cert->cert->cert_info->validity->notAfter);
- cert->cert->cert_info->validity->notAfter =
- ASN1_TIME_set(NULL, time(NULL)-1000000);
- ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
- tt_int_op(ret, OP_EQ, 0);
+ fixed_try_to_extract_certs_from_tls_cert_out_result = cert1;
+ ret = tor_tls_verify(LOG_WARN, tls, &k);
+ tt_int_op(ret, OP_EQ, -1);
- tor_x509_cert_free(cert);
- tor_x509_cert_free(scert);
- cert = tor_x509_cert_new(read_cert_from(validCertString));
- scert = tor_x509_cert_new(read_cert_from(caCertString));
- X509_PUBKEY_free(cert->cert->cert_info->key);
- cert->cert->cert_info->key = NULL;
- ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 1);
- tt_int_op(ret, OP_EQ, 0);
-#endif /* !defined(OPENSSL_OPAQUE) */
+ fixed_try_to_extract_certs_from_tls_id_cert_out_result = cert2;
+ ret = tor_tls_verify(LOG_WARN, tls, &k);
+ tt_int_op(ret, OP_EQ, -1);
-#if 0
- tor_x509_cert_free(cert);
- tor_x509_cert_free(scert);
- cert = tor_x509_cert_new(read_cert_from(validCertString));
- scert = tor_x509_cert_new(read_cert_from(caCertString));
- /* This doesn't actually change the key in the cert. XXXXXX */
- BN_one(EVP_PKEY_get1_RSA(X509_get_pubkey(cert->cert))->n);
- ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 1);
- tt_int_op(ret, OP_EQ, 0);
+ fixed_try_to_extract_certs_from_tls_cert_out_result = invalidCert;
+ fixed_try_to_extract_certs_from_tls_id_cert_out_result = invalidCert;
- tor_x509_cert_free(cert);
- tor_x509_cert_free(scert);
- cert = tor_x509_cert_new(read_cert_from(validCertString));
- scert = tor_x509_cert_new(read_cert_from(caCertString));
- /* This doesn't actually change the key in the cert. XXXXXX */
- X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
- ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 1);
- tt_int_op(ret, OP_EQ, 0);
+ ret = tor_tls_verify(LOG_WARN, tls, &k);
+ tt_int_op(ret, OP_EQ, -1);
- tor_x509_cert_free(cert);
- tor_x509_cert_free(scert);
- cert = tor_x509_cert_new(read_cert_from(validCertString));
- scert = tor_x509_cert_new(read_cert_from(caCertString));
- /* This doesn't actually change the key in the cert. XXXXXX */
- X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
- ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
- tt_int_op(ret, OP_EQ, 1);
+ fixed_try_to_extract_certs_from_tls_cert_out_result = validCert;
+ fixed_try_to_extract_certs_from_tls_id_cert_out_result = caCert;
- tor_x509_cert_free(cert);
- tor_x509_cert_free(scert);
- cert = tor_x509_cert_new(read_cert_from(validCertString));
- scert = tor_x509_cert_new(read_cert_from(caCertString));
- /* This doesn't actually change the key in the cert. XXXXXX */
- X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
- X509_get_pubkey(cert->cert)->ameth = NULL;
- ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
+ ret = tor_tls_verify(LOG_WARN, tls, &k);
tt_int_op(ret, OP_EQ, 0);
-#endif /* 0 */
+ tt_assert(k);
done:
- tor_x509_cert_free(cert);
- tor_x509_cert_free(scert);
-}
-
-static void
-test_tortls_context_init_one(void *ignored)
-{
- (void)ignored;
- int ret;
- tor_tls_context_t *old = NULL;
-
- MOCK(crypto_pk_new, fixed_crypto_pk_new);
-
- fixed_crypto_pk_new_result_index = 0;
- fixed_crypto_pk_new_result[0] = NULL;
- ret = tor_tls_context_init_one(&old, NULL, 0, 0, 0);
- tt_int_op(ret, OP_EQ, -1);
+ UNMOCK(try_to_extract_certs_from_tls);
+ tor_x509_cert_impl_free(cert1);
+ tor_x509_cert_impl_free(cert2);
+ tor_x509_cert_impl_free(validCert);
+ tor_x509_cert_impl_free(invalidCert);
+ tor_x509_cert_impl_free(caCert);
- done:
- UNMOCK(crypto_pk_new);
+ tor_free(tls);
+ crypto_pk_free(k);
}
-#define LOCAL_TEST_CASE(name, flags) \
+#define LOCAL_TEST_CASE(name, flags) \
{ #name, test_tortls_##name, (flags|TT_FORK), NULL, NULL }
-#ifdef OPENSSL_OPAQUE
-#define INTRUSIVE_TEST_CASE(name, flags) \
- { #name, NULL, TT_SKIP, NULL, NULL }
-#else
-#define INTRUSIVE_TEST_CASE(name, flags) LOCAL_TEST_CASE(name, flags)
-#endif /* defined(OPENSSL_OPAQUE) */
-
struct testcase_t tortls_tests[] = {
LOCAL_TEST_CASE(errno_to_tls_error, 0),
LOCAL_TEST_CASE(err_to_string, 0),
- LOCAL_TEST_CASE(tor_tls_new, TT_FORK),
- LOCAL_TEST_CASE(tor_tls_get_error, 0),
- LOCAL_TEST_CASE(get_state_description, TT_FORK),
- LOCAL_TEST_CASE(get_by_ssl, TT_FORK),
- LOCAL_TEST_CASE(allocate_tor_tls_object_ex_data_index, TT_FORK),
- LOCAL_TEST_CASE(log_one_error, TT_FORK),
- INTRUSIVE_TEST_CASE(get_error, TT_FORK),
- LOCAL_TEST_CASE(always_accept_verify_cb, 0),
- INTRUSIVE_TEST_CASE(x509_cert_free, 0),
LOCAL_TEST_CASE(x509_cert_get_id_digests, 0),
- INTRUSIVE_TEST_CASE(cert_matches_key, 0),
- INTRUSIVE_TEST_CASE(cert_get_key, 0),
- LOCAL_TEST_CASE(get_my_client_auth_key, TT_FORK),
LOCAL_TEST_CASE(get_my_certs, TT_FORK),
- INTRUSIVE_TEST_CASE(get_ciphersuite_name, 0),
- INTRUSIVE_TEST_CASE(classify_client_ciphers, 0),
- LOCAL_TEST_CASE(client_is_using_v2_ciphers, 0),
- INTRUSIVE_TEST_CASE(verify, 0),
- INTRUSIVE_TEST_CASE(check_lifetime, 0),
- INTRUSIVE_TEST_CASE(get_pending_bytes, 0),
+#ifdef ENABLE_OPENSSL
+ LOCAL_TEST_CASE(tor_tls_get_error, 0),
LOCAL_TEST_CASE(get_forced_write_size, 0),
- LOCAL_TEST_CASE(get_write_overhead_ratio, TT_FORK),
LOCAL_TEST_CASE(used_v1_handshake, TT_FORK),
- LOCAL_TEST_CASE(get_num_server_handshakes, 0),
LOCAL_TEST_CASE(server_got_renegotiate, 0),
- INTRUSIVE_TEST_CASE(SSL_SESSION_get_master_key, 0),
- INTRUSIVE_TEST_CASE(get_tlssecrets, 0),
- INTRUSIVE_TEST_CASE(get_buffer_sizes, 0),
+#endif
LOCAL_TEST_CASE(evaluate_ecgroup_for_tls, 0),
- INTRUSIVE_TEST_CASE(try_to_extract_certs_from_tls, 0),
- INTRUSIVE_TEST_CASE(get_peer_cert, 0),
- INTRUSIVE_TEST_CASE(peer_has_cert, 0),
- INTRUSIVE_TEST_CASE(shutdown, 0),
- INTRUSIVE_TEST_CASE(finish_handshake, 0),
- INTRUSIVE_TEST_CASE(handshake, 0),
- INTRUSIVE_TEST_CASE(write, 0),
- INTRUSIVE_TEST_CASE(read, 0),
- INTRUSIVE_TEST_CASE(server_info_callback, 0),
+ LOCAL_TEST_CASE(double_init, TT_FORK),
+ LOCAL_TEST_CASE(address, TT_FORK),
LOCAL_TEST_CASE(is_server, 0),
- INTRUSIVE_TEST_CASE(assert_renegotiation_unblocked, 0),
- INTRUSIVE_TEST_CASE(block_renegotiation, 0),
- INTRUSIVE_TEST_CASE(unblock_renegotiation, 0),
- INTRUSIVE_TEST_CASE(set_renegotiate_callback, 0),
- LOCAL_TEST_CASE(set_logged_address, 0),
- INTRUSIVE_TEST_CASE(find_cipher_by_id, 0),
- INTRUSIVE_TEST_CASE(session_secret_cb, 0),
- INTRUSIVE_TEST_CASE(debug_state_callback, 0),
- INTRUSIVE_TEST_CASE(context_new, TT_FORK /* redundant */),
- LOCAL_TEST_CASE(create_certificate, 0),
- LOCAL_TEST_CASE(cert_new, 0),
- LOCAL_TEST_CASE(cert_is_valid, 0),
- LOCAL_TEST_CASE(context_init_one, 0),
+ LOCAL_TEST_CASE(bridge_init, TT_FORK),
+ LOCAL_TEST_CASE(verify, TT_FORK),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_tortls.h b/src/test/test_tortls.h
new file mode 100644
index 0000000000..c997934ebc
--- /dev/null
+++ b/src/test/test_tortls.h
@@ -0,0 +1,13 @@
+/* Copyright (c) 2010-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TEST_TORTLS_H
+#define TEST_TORTLS_H
+
+tor_x509_cert_impl_t *read_cert_from(const char *str);
+
+extern const char *notCompletelyValidCertString;
+extern const char *validCertString;
+extern const char *caCertString;
+
+#endif
diff --git a/src/test/test_tortls_openssl.c b/src/test/test_tortls_openssl.c
new file mode 100644
index 0000000000..abe1fb7889
--- /dev/null
+++ b/src/test/test_tortls_openssl.c
@@ -0,0 +1,2316 @@
+/* Copyright (c) 2010-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#define TORTLS_PRIVATE
+#define TORTLS_OPENSSL_PRIVATE
+#define TOR_X509_PRIVATE
+#define LOG_PRIVATE
+#include "orconfig.h"
+
+#ifdef _WIN32
+#include <winsock2.h>
+#endif
+#include <math.h>
+
+#include "lib/cc/compat_compiler.h"
+
+/* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in
+ * srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */
+DISABLE_GCC_WARNING(redundant-decls)
+
+#include <openssl/opensslv.h>
+
+#include <openssl/ssl.h>
+#include <openssl/ssl3.h>
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+
+ENABLE_GCC_WARNING(redundant-decls)
+
+#include "core/or/or.h"
+#include "lib/log/log.h"
+#include "app/config/config.h"
+#include "lib/crypt_ops/compat_openssl.h"
+#include "lib/tls/x509.h"
+#include "lib/tls/x509_internal.h"
+#include "lib/tls/tortls.h"
+#include "lib/tls/tortls_st.h"
+#include "lib/tls/tortls_internal.h"
+#include "app/config/or_state_st.h"
+
+#include "test/test.h"
+#include "test/log_test_helpers.h"
+#include "test/test_tortls.h"
+
+#define NS_MODULE tortls
+
+#ifndef HAVE_SSL_STATE
+#define OPENSSL_OPAQUE
+#endif
+
+#if defined(OPENSSL_OPAQUE) && !defined(LIBRESSL_VERSION_NUMBER)
+#define SSL_STATE_STR "before SSL initialization"
+#else
+#define SSL_STATE_STR "before/accept initialization"
+#endif
+
+#ifndef OPENSSL_OPAQUE
+static SSL_METHOD *
+give_me_a_test_method(void)
+{
+ SSL_METHOD *method = tor_malloc_zero(sizeof(SSL_METHOD));
+ memcpy(method, TLSv1_method(), sizeof(SSL_METHOD));
+ return method;
+}
+
+static int
+fake_num_ciphers(void)
+{
+ return 0;
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+static int
+mock_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert)
+{
+ (void) tls;
+ (void) cert; // XXXX look at this.
+ return 1;
+}
+
+static void
+test_tortls_tor_tls_new(void *data)
+{
+ (void) data;
+ MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
+ crypto_pk_t *key1 = NULL, *key2 = NULL;
+ SSL_METHOD *method = NULL;
+
+ key1 = pk_generate(2);
+ key2 = pk_generate(3);
+
+ tor_tls_t *tls = NULL;
+ tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
+ key1, key2, 86400), OP_EQ, 0);
+ tls = tor_tls_new(-1, 0);
+ tt_want(tls);
+ tor_tls_free(tls); tls = NULL;
+
+ SSL_CTX_free(client_tls_context->ctx);
+ client_tls_context->ctx = NULL;
+ tls = tor_tls_new(-1, 0);
+ tt_ptr_op(tls, OP_EQ, NULL);
+
+#ifndef OPENSSL_OPAQUE
+ method = give_me_a_test_method();
+ SSL_CTX *ctx = SSL_CTX_new(method);
+ method->num_ciphers = fake_num_ciphers;
+ client_tls_context->ctx = ctx;
+ tls = tor_tls_new(-1, 0);
+ tt_ptr_op(tls, OP_EQ, NULL);
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+ done:
+ UNMOCK(tor_tls_cert_matches_key);
+ crypto_pk_free(key1);
+ crypto_pk_free(key2);
+ tor_tls_free(tls);
+ tor_free(method);
+ tor_tls_free_all();
+}
+
+#define NS_MODULE tortls
+
+static void
+library_init(void)
+{
+#ifdef OPENSSL_1_1_API
+ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+#else
+ SSL_library_init();
+ SSL_load_error_strings();
+#endif
+}
+
+static void
+test_tortls_get_state_description(void *ignored)
+{
+ (void)ignored;
+ tor_tls_t *tls;
+ char *buf;
+ SSL_CTX *ctx;
+
+ library_init();
+ ctx = SSL_CTX_new(SSLv23_method());
+
+ buf = tor_malloc_zero(1000);
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+
+ tor_tls_get_state_description(NULL, buf, 20);
+ tt_str_op(buf, OP_EQ, "(No SSL object)");
+
+ SSL_free(tls->ssl);
+ tls->ssl = NULL;
+ tor_tls_get_state_description(tls, buf, 20);
+ tt_str_op(buf, OP_EQ, "(No SSL object)");
+
+ tls->ssl = SSL_new(ctx);
+ tor_tls_get_state_description(tls, buf, 200);
+ tt_str_op(buf, OP_EQ, SSL_STATE_STR " in HANDSHAKE");
+
+ tls->state = TOR_TLS_ST_OPEN;
+ tor_tls_get_state_description(tls, buf, 200);
+ tt_str_op(buf, OP_EQ, SSL_STATE_STR " in OPEN");
+
+ tls->state = TOR_TLS_ST_GOTCLOSE;
+ tor_tls_get_state_description(tls, buf, 200);
+ tt_str_op(buf, OP_EQ, SSL_STATE_STR " in GOTCLOSE");
+
+ tls->state = TOR_TLS_ST_SENTCLOSE;
+ tor_tls_get_state_description(tls, buf, 200);
+ tt_str_op(buf, OP_EQ, SSL_STATE_STR " in SENTCLOSE");
+
+ tls->state = TOR_TLS_ST_CLOSED;
+ tor_tls_get_state_description(tls, buf, 200);
+ tt_str_op(buf, OP_EQ, SSL_STATE_STR " in CLOSED");
+
+ tls->state = TOR_TLS_ST_RENEGOTIATE;
+ tor_tls_get_state_description(tls, buf, 200);
+ tt_str_op(buf, OP_EQ, SSL_STATE_STR " in RENEGOTIATE");
+
+ tls->state = TOR_TLS_ST_BUFFEREVENT;
+ tor_tls_get_state_description(tls, buf, 200);
+ tt_str_op(buf, OP_EQ, SSL_STATE_STR);
+
+ tls->state = 7;
+ tor_tls_get_state_description(tls, buf, 200);
+ tt_str_op(buf, OP_EQ, SSL_STATE_STR " in unknown TLS state");
+
+ done:
+ SSL_CTX_free(ctx);
+ SSL_free(tls->ssl);
+ tor_free(buf);
+ tor_free(tls);
+}
+
+static void
+test_tortls_get_by_ssl(void *ignored)
+{
+ (void)ignored;
+ tor_tls_t *tls;
+ tor_tls_t *res;
+ SSL_CTX *ctx;
+ SSL *ssl;
+
+ library_init();
+ tor_tls_allocate_tor_tls_object_ex_data_index();
+
+ ctx = SSL_CTX_new(SSLv23_method());
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->magic = TOR_TLS_MAGIC;
+
+ ssl = SSL_new(ctx);
+
+ res = tor_tls_get_by_ssl(ssl);
+ tt_assert(!res);
+
+ SSL_set_ex_data(ssl, tor_tls_object_ex_data_index, tls);
+
+ res = tor_tls_get_by_ssl(ssl);
+ tt_assert(res == tls);
+
+ done:
+ SSL_free(ssl);
+ SSL_CTX_free(ctx);
+ tor_free(tls);
+}
+
+static void
+test_tortls_allocate_tor_tls_object_ex_data_index(void *ignored)
+{
+ (void)ignored;
+ int first;
+
+ tor_tls_allocate_tor_tls_object_ex_data_index();
+
+ first = tor_tls_object_ex_data_index;
+ tor_tls_allocate_tor_tls_object_ex_data_index();
+ tt_int_op(first, OP_EQ, tor_tls_object_ex_data_index);
+
+ done:
+ (void)0;
+}
+
+static void
+test_tortls_log_one_error(void *ignored)
+{
+ (void)ignored;
+ tor_tls_t *tls;
+ SSL_CTX *ctx;
+ SSL *ssl = NULL;
+
+ library_init();
+
+ ctx = SSL_CTX_new(SSLv23_method());
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ setup_capture_of_logs(LOG_INFO);
+
+ tor_tls_log_one_error(NULL, 0, LOG_WARN, 0, "something");
+ expect_log_msg("TLS error while something: "
+ "(null) (in (null):(null):---)\n");
+
+ mock_clean_saved_logs();
+ tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
+ expect_log_msg("TLS error: (null) "
+ "(in (null):(null):---)\n");
+
+ mock_clean_saved_logs();
+ tls->address = tor_strdup("127.hello");
+ tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
+ expect_log_msg("TLS error with 127.hello: "
+ "(null) (in (null):(null):---)\n");
+ tor_free(tls->address);
+
+ mock_clean_saved_logs();
+ tls->address = tor_strdup("127.hello");
+ tor_tls_log_one_error(tls, 0, LOG_WARN, 0, "blarg");
+ expect_log_msg("TLS error while blarg with "
+ "127.hello: (null) (in (null):(null):---)\n");
+
+ mock_clean_saved_logs();
+ tor_tls_log_one_error(tls, ERR_PACK(1, 2, 3), LOG_WARN, 0, NULL);
+ expect_log_msg("TLS error with 127.hello: "
+ "BN lib (in unknown library:(null):---)\n");
+
+ mock_clean_saved_logs();
+ tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST),
+ LOG_WARN, 0, NULL);
+ expect_log_severity(LOG_INFO);
+
+ mock_clean_saved_logs();
+ tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTPS_PROXY_REQUEST),
+ LOG_WARN, 0, NULL);
+ expect_log_severity(LOG_INFO);
+
+ mock_clean_saved_logs();
+ tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_LENGTH_MISMATCH),
+ LOG_WARN, 0, NULL);
+ expect_log_severity(LOG_INFO);
+
+#ifndef OPENSSL_1_1_API
+ mock_clean_saved_logs();
+ tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_TOO_LARGE),
+ LOG_WARN, 0, NULL);
+ expect_log_severity(LOG_INFO);
+#endif /* !defined(OPENSSL_1_1_API) */
+
+ mock_clean_saved_logs();
+ tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNKNOWN_PROTOCOL),
+ LOG_WARN, 0, NULL);
+ expect_log_severity(LOG_INFO);
+
+ mock_clean_saved_logs();
+ tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNSUPPORTED_PROTOCOL),
+ LOG_WARN, 0, NULL);
+ expect_log_severity(LOG_INFO);
+
+ tls->ssl = SSL_new(ctx);
+
+ mock_clean_saved_logs();
+ tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
+ expect_log_msg("TLS error with 127.hello: (null)"
+ " (in (null):(null):" SSL_STATE_STR ")\n");
+
+ done:
+ teardown_capture_of_logs();
+ SSL_free(ssl);
+ SSL_CTX_free(ctx);
+ if (tls && tls->ssl)
+ SSL_free(tls->ssl);
+ if (tls)
+ tor_free(tls->address);
+ tor_free(tls);
+}
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_get_error(void *ignored)
+{
+ (void)ignored;
+ tor_tls_t *tls;
+ int ret;
+ SSL_CTX *ctx;
+
+ library_init();
+
+ ctx = SSL_CTX_new(SSLv23_method());
+ setup_capture_of_logs(LOG_INFO);
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->ssl = SSL_new(ctx);
+ SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL);
+
+ ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
+ tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_IO);
+ expect_log_msg("TLS error: unexpected close while"
+ " something (before/accept initialization)\n");
+
+ mock_clean_saved_logs();
+ ret = tor_tls_get_error(tls, 2, 0, "something", LOG_WARN, 0);
+ tt_int_op(ret, OP_EQ, 0);
+ expect_no_log_entry();
+
+ mock_clean_saved_logs();
+ ret = tor_tls_get_error(tls, 0, 1, "something", LOG_WARN, 0);
+ tt_int_op(ret, OP_EQ, -11);
+ expect_no_log_entry();
+
+ mock_clean_saved_logs();
+ ERR_clear_error();
+ ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99);
+ ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
+ tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
+ expect_log_msg("TLS error while something: (null)"
+ " (in bignum routines:(null):before/accept initialization)\n");
+
+ mock_clean_saved_logs();
+ ERR_clear_error();
+ tls->ssl->rwstate = SSL_READING;
+ SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_READ;
+ ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
+ tt_int_op(ret, OP_EQ, TOR_TLS_WANTREAD);
+ expect_no_log_entry();
+
+ mock_clean_saved_logs();
+ ERR_clear_error();
+ tls->ssl->rwstate = SSL_READING;
+ SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_WRITE;
+ ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
+ tt_int_op(ret, OP_EQ, TOR_TLS_WANTWRITE);
+ expect_no_log_entry();
+
+ mock_clean_saved_logs();
+ ERR_clear_error();
+ tls->ssl->rwstate = 0;
+ tls->ssl->shutdown = SSL_RECEIVED_SHUTDOWN;
+ tls->ssl->s3->warn_alert =SSL_AD_CLOSE_NOTIFY;
+ ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
+ tt_int_op(ret, OP_EQ, TOR_TLS_CLOSE);
+ expect_log_entry();
+
+ mock_clean_saved_logs();
+ ret = tor_tls_get_error(tls, 0, 2, "something", LOG_WARN, 0);
+ tt_int_op(ret, OP_EQ, -10);
+ expect_no_log_entry();
+
+ mock_clean_saved_logs();
+ ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99);
+ ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
+ tt_int_op(ret, OP_EQ, -9);
+ expect_log_msg("TLS error while something: (null) (in system library:"
+ "connect:before/accept initialization)\n");
+
+ done:
+ teardown_capture_of_logs();
+ SSL_free(tls->ssl);
+ tor_free(tls);
+ SSL_CTX_free(ctx);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+static void
+test_tortls_always_accept_verify_cb(void *ignored)
+{
+ (void)ignored;
+ int ret;
+
+ ret = always_accept_verify_cb(0, NULL);
+ tt_int_op(ret, OP_EQ, 1);
+
+ done:
+ (void)0;
+}
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_x509_cert_free(void *ignored)
+{
+ (void)ignored;
+ tor_x509_cert_t *cert;
+
+ cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
+ tor_x509_cert_free(cert);
+
+ cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
+ cert->cert = X509_new();
+ cert->encoded = tor_malloc_zero(1);
+ tor_x509_cert_free(cert);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+#ifndef OPENSSL_OPAQUE
+/*
+ * Use only for the matching fake_x509_free() call
+ */
+static X509 *
+fake_x509_malloc(void)
+{
+ return tor_malloc_zero(sizeof(X509));
+}
+
+static void
+fake_x509_free(X509 *cert)
+{
+ if (cert) {
+ if (cert->cert_info) {
+ if (cert->cert_info->key) {
+ if (cert->cert_info->key->pkey) {
+ tor_free(cert->cert_info->key->pkey);
+ }
+ tor_free(cert->cert_info->key);
+ }
+ tor_free(cert->cert_info);
+ }
+ tor_free(cert);
+ }
+}
+#endif
+
+static tor_x509_cert_t *fixed_x509_cert = NULL;
+static tor_x509_cert_t *
+get_peer_cert_mock_return_fixed(tor_tls_t *tls)
+{
+ (void)tls;
+ if (fixed_x509_cert)
+ return tor_x509_cert_dup(fixed_x509_cert);
+ else
+ return NULL;
+}
+
+static void
+test_tortls_cert_matches_key(void *ignored)
+{
+ (void)ignored;
+
+ X509 *cert1 = NULL, *cert2 = NULL, *cert3 = NULL, *cert4 = NULL;
+ tor_x509_cert_t *c1 = NULL, *c2 = NULL, *c3 = NULL, *c4 = NULL;
+ crypto_pk_t *k1 = NULL, *k2 = NULL, *k3 = NULL;
+
+ k1 = pk_generate(1);
+ k2 = pk_generate(2);
+ k3 = pk_generate(3);
+
+ cert1 = tor_tls_create_certificate(k1, k2, "A", "B", 1000);
+ cert2 = tor_tls_create_certificate(k1, k3, "C", "D", 1000);
+ cert3 = tor_tls_create_certificate(k2, k3, "C", "D", 1000);
+ cert4 = tor_tls_create_certificate(k3, k2, "E", "F", 1000);
+
+ tt_assert(cert1 && cert2 && cert3 && cert4);
+
+ c1 = tor_x509_cert_new(cert1); cert1 = NULL;
+ c2 = tor_x509_cert_new(cert2); cert2 = NULL;
+ c3 = tor_x509_cert_new(cert3); cert3 = NULL;
+ c4 = tor_x509_cert_new(cert4); cert4 = NULL;
+
+ tt_assert(c1 && c2 && c3 && c4);
+
+ MOCK(tor_tls_get_peer_cert, get_peer_cert_mock_return_fixed);
+
+ fixed_x509_cert = NULL;
+ /* If the peer has no certificate, it shouldn't match anything. */
+ tt_assert(! tor_tls_cert_matches_key(NULL, c1));
+ tt_assert(! tor_tls_cert_matches_key(NULL, c2));
+ tt_assert(! tor_tls_cert_matches_key(NULL, c3));
+ tt_assert(! tor_tls_cert_matches_key(NULL, c4));
+ fixed_x509_cert = c1;
+ /* If the peer has a certificate, it should match every cert with the same
+ * subject key. */
+ tt_assert(tor_tls_cert_matches_key(NULL, c1));
+ tt_assert(tor_tls_cert_matches_key(NULL, c2));
+ tt_assert(! tor_tls_cert_matches_key(NULL, c3));
+ tt_assert(! tor_tls_cert_matches_key(NULL, c4));
+
+ done:
+ tor_x509_cert_free(c1);
+ tor_x509_cert_free(c2);
+ tor_x509_cert_free(c3);
+ tor_x509_cert_free(c4);
+ if (cert1) X509_free(cert1);
+ if (cert2) X509_free(cert2);
+ if (cert3) X509_free(cert3);
+ if (cert4) X509_free(cert4);
+ crypto_pk_free(k1);
+ crypto_pk_free(k2);
+ crypto_pk_free(k3);
+ UNMOCK(tor_tls_get_peer_cert);
+}
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_cert_get_key(void *ignored)
+{
+ (void)ignored;
+ tor_x509_cert_t *cert = NULL;
+ crypto_pk_t *res = NULL;
+ cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
+ X509 *key = NULL;
+ key = fake_x509_malloc();
+ key->references = 1;
+
+ res = tor_tls_cert_get_key(cert);
+ tt_assert(!res);
+
+ cert->cert = key;
+ key->cert_info = tor_malloc_zero(sizeof(X509_CINF));
+ key->cert_info->key = tor_malloc_zero(sizeof(X509_PUBKEY));
+ key->cert_info->key->pkey = tor_malloc_zero(sizeof(EVP_PKEY));
+ key->cert_info->key->pkey->references = 1;
+ key->cert_info->key->pkey->type = 2;
+ res = tor_tls_cert_get_key(cert);
+ tt_assert(!res);
+
+ done:
+ fake_x509_free(key);
+ tor_free(cert);
+ crypto_pk_free(res);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+static void
+test_tortls_get_my_client_auth_key(void *ignored)
+{
+ (void)ignored;
+ crypto_pk_t *ret;
+ crypto_pk_t *expected;
+ tor_tls_context_t *ctx;
+ RSA *k = RSA_new();
+
+ ctx = tor_malloc_zero(sizeof(tor_tls_context_t));
+ expected = crypto_new_pk_from_openssl_rsa_(k);
+ ctx->auth_key = expected;
+
+ client_tls_context = NULL;
+ ret = tor_tls_get_my_client_auth_key();
+ tt_assert(!ret);
+
+ client_tls_context = ctx;
+ ret = tor_tls_get_my_client_auth_key();
+ tt_assert(ret == expected);
+
+ done:
+ crypto_pk_free(expected);
+ tor_free(ctx);
+}
+
+#ifndef HAVE_SSL_GET_CLIENT_CIPHERS
+static SSL_CIPHER *
+get_cipher_by_name(const char *name)
+{
+ int i;
+ const SSL_METHOD *method = SSLv23_method();
+ int num = method->num_ciphers();
+
+ for (i = 0; i < num; ++i) {
+ const SSL_CIPHER *cipher = method->get_cipher(i);
+ const char *ciphername = SSL_CIPHER_get_name(cipher);
+ if (!strcmp(ciphername, name)) {
+ return (SSL_CIPHER *)cipher;
+ }
+ }
+
+ return NULL;
+}
+#endif /* !defined(HAVE_SSL_GET_CLIENT_CIPHERS) */
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_get_ciphersuite_name(void *ignored)
+{
+ (void)ignored;
+ const char *ret;
+ tor_tls_t *ctx;
+ ctx = tor_malloc_zero(sizeof(tor_tls_t));
+ ctx->ssl = tor_malloc_zero(sizeof(SSL));
+
+ ret = tor_tls_get_ciphersuite_name(ctx);
+ tt_str_op(ret, OP_EQ, "(NONE)");
+
+ done:
+ tor_free(ctx->ssl);
+ tor_free(ctx);
+}
+
+static SSL_CIPHER *
+get_cipher_by_id(uint16_t id)
+{
+ int i;
+ const SSL_METHOD *method = SSLv23_method();
+ int num = method->num_ciphers();
+ for (i = 0; i < num; ++i) {
+ const SSL_CIPHER *cipher = method->get_cipher(i);
+ if (id == (SSL_CIPHER_get_id(cipher) & 0xffff)) {
+ return (SSL_CIPHER *)cipher;
+ }
+ }
+
+ return NULL;
+}
+
+static void
+test_tortls_classify_client_ciphers(void *ignored)
+{
+ (void)ignored;
+ int i;
+ int ret;
+ SSL_CTX *ctx;
+ SSL *ssl;
+ tor_tls_t *tls;
+ STACK_OF(SSL_CIPHER) *ciphers;
+ SSL_CIPHER *tmp_cipher;
+
+ library_init();
+
+ tor_tls_allocate_tor_tls_object_ex_data_index();
+
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->magic = TOR_TLS_MAGIC;
+
+ ctx = SSL_CTX_new(TLSv1_method());
+ ssl = SSL_new(ctx);
+ tls->ssl = ssl;
+
+ ciphers = sk_SSL_CIPHER_new_null();
+
+ ret = tor_tls_classify_client_ciphers(ssl, NULL);
+ tt_int_op(ret, OP_EQ, -1);
+
+ SSL_set_ex_data(ssl, tor_tls_object_ex_data_index, tls);
+ tls->client_cipher_list_type = 42;
+
+ ret = tor_tls_classify_client_ciphers(ssl, NULL);
+ tt_int_op(ret, OP_EQ, 42);
+
+ tls->client_cipher_list_type = 0;
+ ret = tor_tls_classify_client_ciphers(ssl, ciphers);
+ tt_int_op(ret, OP_EQ, 1);
+ tt_int_op(tls->client_cipher_list_type, OP_EQ, 1);
+
+ tls->client_cipher_list_type = 0;
+ ret = tor_tls_classify_client_ciphers(ssl, SSL_get_ciphers(ssl));
+ tt_int_op(ret, OP_EQ, 3);
+ tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
+
+ SSL_CIPHER *one = get_cipher_by_name(TLS1_TXT_DHE_RSA_WITH_AES_128_SHA),
+ *two = get_cipher_by_name(TLS1_TXT_DHE_RSA_WITH_AES_256_SHA),
+ *three = get_cipher_by_name(SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA),
+ *four = NULL;
+ sk_SSL_CIPHER_push(ciphers, one);
+ sk_SSL_CIPHER_push(ciphers, two);
+ sk_SSL_CIPHER_push(ciphers, three);
+ sk_SSL_CIPHER_push(ciphers, four);
+
+ tls->client_cipher_list_type = 0;
+ ret = tor_tls_classify_client_ciphers(ssl, ciphers);
+ tt_int_op(ret, OP_EQ, 1);
+ tt_int_op(tls->client_cipher_list_type, OP_EQ, 1);
+
+ sk_SSL_CIPHER_zero(ciphers);
+
+ one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
+ tt_assert(one);
+ one->id = 0x00ff;
+ two = get_cipher_by_name("ECDHE-RSA-AES128-GCM-SHA256");
+ tt_assert(two);
+ two->id = 0x0000;
+ sk_SSL_CIPHER_push(ciphers, one);
+ tls->client_cipher_list_type = 0;
+ ret = tor_tls_classify_client_ciphers(ssl, ciphers);
+ tt_int_op(ret, OP_EQ, 3);
+ tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
+
+ sk_SSL_CIPHER_push(ciphers, two);
+ tls->client_cipher_list_type = 0;
+ ret = tor_tls_classify_client_ciphers(ssl, ciphers);
+ tt_int_op(ret, OP_EQ, 3);
+ tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
+
+ one->id = 0xC00A;
+ tls->client_cipher_list_type = 0;
+ ret = tor_tls_classify_client_ciphers(ssl, ciphers);
+ tt_int_op(ret, OP_EQ, 3);
+ tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
+
+ sk_SSL_CIPHER_zero(ciphers);
+ for (i=0; v2_cipher_list[i]; i++) {
+ tmp_cipher = get_cipher_by_id(v2_cipher_list[i]);
+ tt_assert(tmp_cipher);
+ sk_SSL_CIPHER_push(ciphers, tmp_cipher);
+ }
+ tls->client_cipher_list_type = 0;
+ ret = tor_tls_classify_client_ciphers(ssl, ciphers);
+ tt_int_op(ret, OP_EQ, 2);
+ tt_int_op(tls->client_cipher_list_type, OP_EQ, 2);
+
+ done:
+ sk_SSL_CIPHER_free(ciphers);
+ SSL_free(tls->ssl);
+ tor_free(tls);
+ SSL_CTX_free(ctx);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+static void
+test_tortls_client_is_using_v2_ciphers(void *ignored)
+{
+ (void)ignored;
+
+#ifdef HAVE_SSL_GET_CLIENT_CIPHERS
+ tt_skip();
+ done:
+ (void)1;
+#else
+ int ret;
+ SSL_CTX *ctx;
+ SSL *ssl;
+ SSL_SESSION *sess;
+ STACK_OF(SSL_CIPHER) *ciphers;
+
+ library_init();
+
+ ctx = SSL_CTX_new(TLSv1_method());
+ ssl = SSL_new(ctx);
+ sess = SSL_SESSION_new();
+
+ ret = tor_tls_client_is_using_v2_ciphers(ssl);
+ tt_int_op(ret, OP_EQ, -1);
+
+ ssl->session = sess;
+ ret = tor_tls_client_is_using_v2_ciphers(ssl);
+ tt_int_op(ret, OP_EQ, 0);
+
+ ciphers = sk_SSL_CIPHER_new_null();
+ SSL_CIPHER *one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
+ tt_assert(one);
+ one->id = 0x00ff;
+ sk_SSL_CIPHER_push(ciphers, one);
+ sess->ciphers = ciphers;
+ ret = tor_tls_client_is_using_v2_ciphers(ssl);
+ tt_int_op(ret, OP_EQ, 1);
+ done:
+ SSL_free(ssl);
+ SSL_CTX_free(ctx);
+#endif /* defined(HAVE_SSL_GET_CLIENT_CIPHERS) */
+}
+
+#ifndef OPENSSL_OPAQUE
+static int fixed_ssl_pending_result = 0;
+
+static int
+fixed_ssl_pending(const SSL *ignored)
+{
+ (void)ignored;
+ return fixed_ssl_pending_result;
+}
+
+static void
+test_tortls_get_pending_bytes(void *ignored)
+{
+ (void)ignored;
+ int ret;
+ tor_tls_t *tls;
+ SSL_METHOD *method;
+
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->ssl = tor_malloc_zero(sizeof(SSL));
+ method = tor_malloc_zero(sizeof(SSL_METHOD));
+ method->ssl_pending = fixed_ssl_pending;
+ tls->ssl->method = method;
+
+ fixed_ssl_pending_result = 42;
+ ret = tor_tls_get_pending_bytes(tls);
+ tt_int_op(ret, OP_EQ, 42);
+
+ done:
+ tor_free(method);
+ tor_free(tls->ssl);
+ tor_free(tls);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_SSL_SESSION_get_master_key(void *ignored)
+{
+ (void)ignored;
+ size_t ret;
+ tor_tls_t *tls;
+ uint8_t *out;
+ out = tor_malloc_zero(1);
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->ssl = tor_malloc_zero(sizeof(SSL));
+ tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
+ tls->ssl->session->master_key_length = 1;
+
+#ifndef HAVE_SSL_SESSION_GET_MASTER_KEY
+ tls->ssl->session->master_key[0] = 43;
+ ret = SSL_SESSION_get_master_key(tls->ssl->session, out, 0);
+ tt_int_op(ret, OP_EQ, 1);
+ tt_int_op(out[0], OP_EQ, 0);
+
+ ret = SSL_SESSION_get_master_key(tls->ssl->session, out, 1);
+ tt_int_op(ret, OP_EQ, 1);
+ tt_int_op(out[0], OP_EQ, 43);
+
+ done:
+#endif /* !defined(HAVE_SSL_SESSION_GET_MASTER_KEY) */
+ tor_free(tls->ssl->session);
+ tor_free(tls->ssl);
+ tor_free(tls);
+ tor_free(out);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_get_tlssecrets(void *ignored)
+{
+ (void)ignored;
+ int ret;
+ uint8_t *secret_out = tor_malloc_zero(DIGEST256_LEN);
+ tor_tls_t *tls;
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->ssl = tor_malloc_zero(sizeof(SSL));
+ tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
+ tls->ssl->session->master_key_length = 1;
+ tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
+
+ ret = tor_tls_get_tlssecrets(tls, secret_out);
+ tt_int_op(ret, OP_EQ, 0);
+
+ done:
+ tor_free(secret_out);
+ tor_free(tls->ssl->s3);
+ tor_free(tls->ssl->session);
+ tor_free(tls->ssl);
+ tor_free(tls);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_get_buffer_sizes(void *ignored)
+{
+ (void)ignored;
+ int ret;
+ tor_tls_t *tls;
+ size_t rbuf_c=-1, rbuf_b=-1, wbuf_c=-1, wbuf_b=-1;
+
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->ssl = tor_malloc_zero(sizeof(SSL));
+ tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
+
+ tls->ssl->s3->rbuf.buf = NULL;
+ tls->ssl->s3->rbuf.len = 1;
+ tls->ssl->s3->rbuf.offset = 0;
+ tls->ssl->s3->rbuf.left = 42;
+
+ tls->ssl->s3->wbuf.buf = NULL;
+ tls->ssl->s3->wbuf.len = 2;
+ tls->ssl->s3->wbuf.offset = 0;
+ tls->ssl->s3->wbuf.left = 43;
+
+ ret = tor_tls_get_buffer_sizes(tls, &rbuf_c, &rbuf_b, &wbuf_c, &wbuf_b);
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+ tt_int_op(ret, OP_EQ, -1);
+#else
+ tt_int_op(ret, OP_EQ, 0);
+ tt_int_op(rbuf_c, OP_EQ, 0);
+ tt_int_op(wbuf_c, OP_EQ, 0);
+ tt_int_op(rbuf_b, OP_EQ, 42);
+ tt_int_op(wbuf_b, OP_EQ, 43);
+
+ tls->ssl->s3->rbuf.buf = tor_malloc_zero(1);
+ tls->ssl->s3->wbuf.buf = tor_malloc_zero(1);
+ ret = tor_tls_get_buffer_sizes(tls, &rbuf_c, &rbuf_b, &wbuf_c, &wbuf_b);
+ tt_int_op(ret, OP_EQ, 0);
+ tt_int_op(rbuf_c, OP_EQ, 1);
+ tt_int_op(wbuf_c, OP_EQ, 2);
+
+#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) */
+
+ done:
+ tor_free(tls->ssl->s3->rbuf.buf);
+ tor_free(tls->ssl->s3->wbuf.buf);
+ tor_free(tls->ssl->s3);
+ tor_free(tls->ssl);
+ tor_free(tls);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+#ifndef OPENSSL_OPAQUE
+typedef struct cert_pkey_st_local
+{
+ X509 *x509;
+ EVP_PKEY *privatekey;
+ const EVP_MD *digest;
+} CERT_PKEY_local;
+
+typedef struct sess_cert_st_local
+{
+ STACK_OF(X509) *cert_chain;
+ int peer_cert_type;
+ CERT_PKEY_local *peer_key;
+ CERT_PKEY_local peer_pkeys[8];
+ int references;
+} SESS_CERT_local;
+
+static void
+test_tortls_try_to_extract_certs_from_tls(void *ignored)
+{
+ (void)ignored;
+ tor_tls_t *tls;
+ X509 *cert = NULL, *id_cert = NULL, *c1 = NULL, *c2 = NULL;
+ SESS_CERT_local *sess = NULL;
+
+ c1 = read_cert_from(validCertString);
+ c2 = read_cert_from(caCertString);
+
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->ssl = tor_malloc_zero(sizeof(SSL));
+ tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
+ sess = tor_malloc_zero(sizeof(SESS_CERT_local));
+ tls->ssl->session->sess_cert = (void *)sess;
+
+ try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
+ tt_assert(!cert);
+ tt_assert(!id_cert);
+
+ tls->ssl->session->peer = c1;
+ try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
+ tt_assert(cert == c1);
+ tt_assert(!id_cert);
+ X509_free(cert); /* decrease refcnt */
+
+ sess->cert_chain = sk_X509_new_null();
+ try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
+ tt_assert(cert == c1);
+ tt_assert(!id_cert);
+ X509_free(cert); /* decrease refcnt */
+
+ sk_X509_push(sess->cert_chain, c1);
+ sk_X509_push(sess->cert_chain, c2);
+
+ try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
+ tt_assert(cert == c1);
+ tt_assert(id_cert);
+ X509_free(cert); /* decrease refcnt */
+ X509_free(id_cert); /* decrease refcnt */
+
+ done:
+ sk_X509_free(sess->cert_chain);
+ tor_free(sess);
+ tor_free(tls->ssl->session);
+ tor_free(tls->ssl);
+ tor_free(tls);
+ X509_free(c1);
+ X509_free(c2);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_get_peer_cert(void *ignored)
+{
+ (void)ignored;
+ tor_x509_cert_t *ret;
+ tor_tls_t *tls;
+ X509 *cert = NULL;
+
+ cert = read_cert_from(validCertString);
+
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->ssl = tor_malloc_zero(sizeof(SSL));
+ tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
+
+ ret = tor_tls_get_peer_cert(tls);
+ tt_assert(!ret);
+
+ tls->ssl->session->peer = cert;
+ ret = tor_tls_get_peer_cert(tls);
+ tt_assert(ret);
+ tt_assert(ret->cert == cert);
+
+ done:
+ tor_x509_cert_free(ret);
+ tor_free(tls->ssl->session);
+ tor_free(tls->ssl);
+ tor_free(tls);
+ X509_free(cert);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_peer_has_cert(void *ignored)
+{
+ (void)ignored;
+ int ret;
+ tor_tls_t *tls;
+ X509 *cert = NULL;
+
+ cert = read_cert_from(validCertString);
+
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->ssl = tor_malloc_zero(sizeof(SSL));
+ tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
+
+ ret = tor_tls_peer_has_cert(tls);
+ tt_assert(!ret);
+
+ tls->ssl->session->peer = cert;
+ ret = tor_tls_peer_has_cert(tls);
+ tt_assert(ret);
+
+ done:
+ tor_free(tls->ssl->session);
+ tor_free(tls->ssl);
+ tor_free(tls);
+ X509_free(cert);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+static void
+test_tortls_get_write_overhead_ratio(void *ignored)
+{
+ (void)ignored;
+ double ret;
+
+ total_bytes_written_over_tls = 0;
+ ret = tls_get_write_overhead_ratio();
+ tt_double_op(fabs(ret - 1.0), OP_LT, 1E-12);
+
+ total_bytes_written_by_tls = 10;
+ total_bytes_written_over_tls = 1;
+ ret = tls_get_write_overhead_ratio();
+ tt_double_op(fabs(ret - 10.0), OP_LT, 1E-12);
+
+ total_bytes_written_by_tls = 10;
+ total_bytes_written_over_tls = 2;
+ ret = tls_get_write_overhead_ratio();
+ tt_double_op(fabs(ret - 5.0), OP_LT, 1E-12);
+
+ done:
+ (void)0;
+}
+
+static void
+test_tortls_is_server(void *ignored)
+{
+ (void)ignored;
+ tor_tls_t *tls;
+ int ret;
+
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->isServer = 1;
+ ret = tor_tls_is_server(tls);
+ tt_int_op(ret, OP_EQ, 1);
+
+ done:
+ tor_free(tls);
+}
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_session_secret_cb(void *ignored)
+{
+ (void)ignored;
+ tor_tls_t *tls;
+ SSL_CTX *ctx;
+ STACK_OF(SSL_CIPHER) *ciphers = NULL;
+ SSL_CIPHER *one;
+
+ library_init();
+
+ tor_tls_allocate_tor_tls_object_ex_data_index();
+
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+
+ tls->magic = TOR_TLS_MAGIC;
+
+ ctx = SSL_CTX_new(TLSv1_method());
+ tls->ssl = SSL_new(ctx);
+ SSL_set_ex_data(tls->ssl, tor_tls_object_ex_data_index, tls);
+
+ SSL_set_session_secret_cb(tls->ssl, tor_tls_session_secret_cb, NULL);
+
+ tor_tls_session_secret_cb(tls->ssl, NULL, NULL, NULL, NULL, NULL);
+ tt_assert(!tls->ssl->tls_session_secret_cb);
+
+ one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
+ one->id = 0x00ff;
+ ciphers = sk_SSL_CIPHER_new_null();
+ sk_SSL_CIPHER_push(ciphers, one);
+
+ tls->client_cipher_list_type = 0;
+ tor_tls_session_secret_cb(tls->ssl, NULL, NULL, ciphers, NULL, NULL);
+ tt_assert(!tls->ssl->tls_session_secret_cb);
+
+ done:
+ sk_SSL_CIPHER_free(ciphers);
+ SSL_free(tls->ssl);
+ SSL_CTX_free(ctx);
+ tor_free(tls);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+#ifndef OPENSSL_OPAQUE
+/* TODO: It seems block_renegotiation and unblock_renegotiation and
+ * using different blags. This might not be correct */
+static void
+test_tortls_block_renegotiation(void *ignored)
+{
+ (void)ignored;
+ tor_tls_t *tls;
+
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->ssl = tor_malloc_zero(sizeof(SSL));
+ tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
+#ifndef SUPPORT_UNSAFE_RENEGOTIATION_FLAG
+#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0
+#endif
+
+ tls->ssl->s3->flags = SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+
+ tor_tls_block_renegotiation(tls);
+
+#ifndef OPENSSL_1_1_API
+ tt_assert(!(tls->ssl->s3->flags &
+ SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
+#endif
+
+ done:
+ tor_free(tls->ssl->s3);
+ tor_free(tls->ssl);
+ tor_free(tls);
+}
+
+static void
+test_tortls_unblock_renegotiation(void *ignored)
+{
+ (void)ignored;
+ tor_tls_t *tls;
+
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->ssl = tor_malloc_zero(sizeof(SSL));
+ tor_tls_unblock_renegotiation(tls);
+
+ tt_uint_op(SSL_get_options(tls->ssl) &
+ SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, OP_EQ,
+ SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
+
+ done:
+ tor_free(tls->ssl);
+ tor_free(tls);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_assert_renegotiation_unblocked(void *ignored)
+{
+ (void)ignored;
+ tor_tls_t *tls;
+
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->ssl = tor_malloc_zero(sizeof(SSL));
+ tor_tls_unblock_renegotiation(tls);
+ tor_tls_assert_renegotiation_unblocked(tls);
+ /* No assertion here - this test will fail if tor_assert is turned on
+ * and things are bad. */
+
+ tor_free(tls->ssl);
+ tor_free(tls);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+static void
+test_tortls_set_logged_address(void *ignored)
+{
+ (void)ignored;
+ tor_tls_t *tls;
+
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+
+ tor_tls_set_logged_address(tls, "foo bar");
+
+ tt_str_op(tls->address, OP_EQ, "foo bar");
+
+ tor_tls_set_logged_address(tls, "foo bar 2");
+ tt_str_op(tls->address, OP_EQ, "foo bar 2");
+
+ done:
+ tor_free(tls->address);
+ tor_free(tls);
+}
+
+#ifndef OPENSSL_OPAQUE
+static void
+example_cb(tor_tls_t *t, void *arg)
+{
+ (void)t;
+ (void)arg;
+}
+
+static void
+test_tortls_set_renegotiate_callback(void *ignored)
+{
+ (void)ignored;
+ tor_tls_t *tls;
+ const char *arg = "hello";
+
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->ssl = tor_malloc_zero(sizeof(SSL));
+
+ tor_tls_set_renegotiate_callback(tls, example_cb, (void*)arg);
+ tt_assert(tls->negotiated_callback == example_cb);
+ tt_assert(tls->callback_arg == arg);
+ tt_assert(!tls->got_renegotiate);
+
+ /* Assumes V2_HANDSHAKE_SERVER */
+ tt_assert(tls->ssl->info_callback == tor_tls_server_info_callback);
+
+ tor_tls_set_renegotiate_callback(tls, NULL, (void*)arg);
+ tt_assert(tls->ssl->info_callback == tor_tls_debug_state_callback);
+
+ done:
+ tor_free(tls->ssl);
+ tor_free(tls);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+#ifndef OPENSSL_OPAQUE
+static SSL_CIPHER *fixed_cipher1 = NULL;
+static SSL_CIPHER *fixed_cipher2 = NULL;
+static const SSL_CIPHER *
+fake_get_cipher(unsigned ncipher)
+{
+
+ switch (ncipher) {
+ case 1:
+ return fixed_cipher1;
+ case 2:
+ return fixed_cipher2;
+ default:
+ return NULL;
+ }
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_find_cipher_by_id(void *ignored)
+{
+ (void)ignored;
+ int ret;
+ SSL *ssl;
+ SSL_CTX *ctx;
+ const SSL_METHOD *m = TLSv1_method();
+ SSL_METHOD *empty_method = tor_malloc_zero(sizeof(SSL_METHOD));
+
+ fixed_cipher1 = tor_malloc_zero(sizeof(SSL_CIPHER));
+ fixed_cipher2 = tor_malloc_zero(sizeof(SSL_CIPHER));
+ fixed_cipher2->id = 0xC00A;
+
+ library_init();
+
+ ctx = SSL_CTX_new(m);
+ ssl = SSL_new(ctx);
+
+ ret = find_cipher_by_id(ssl, NULL, 0xC00A);
+ tt_int_op(ret, OP_EQ, 1);
+
+ ret = find_cipher_by_id(ssl, m, 0xC00A);
+ tt_int_op(ret, OP_EQ, 1);
+
+ ret = find_cipher_by_id(ssl, m, 0xFFFF);
+ tt_int_op(ret, OP_EQ, 0);
+
+ ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
+ tt_int_op(ret, OP_EQ, 1);
+
+ ret = find_cipher_by_id(ssl, empty_method, 0xFFFF);
+#ifdef HAVE_SSL_CIPHER_FIND
+ tt_int_op(ret, OP_EQ, 0);
+#else
+ tt_int_op(ret, OP_EQ, 1);
+#endif
+
+ empty_method->get_cipher = fake_get_cipher;
+ ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
+ tt_int_op(ret, OP_EQ, 1);
+
+ empty_method->get_cipher = m->get_cipher;
+ empty_method->num_ciphers = m->num_ciphers;
+ ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
+ tt_int_op(ret, OP_EQ, 1);
+
+ empty_method->get_cipher = fake_get_cipher;
+ empty_method->num_ciphers = m->num_ciphers;
+ ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
+ tt_int_op(ret, OP_EQ, 1);
+
+ empty_method->num_ciphers = fake_num_ciphers;
+ ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
+#ifdef HAVE_SSL_CIPHER_FIND
+ tt_int_op(ret, OP_EQ, 1);
+#else
+ tt_int_op(ret, OP_EQ, 0);
+#endif
+
+ done:
+ tor_free(empty_method);
+ SSL_free(ssl);
+ SSL_CTX_free(ctx);
+ tor_free(fixed_cipher1);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_debug_state_callback(void *ignored)
+{
+ (void)ignored;
+ SSL *ssl;
+ char *buf = tor_malloc_zero(1000);
+ int n;
+
+ setup_capture_of_logs(LOG_DEBUG);
+
+ ssl = tor_malloc_zero(sizeof(SSL));
+
+ tor_tls_debug_state_callback(ssl, 32, 45);
+
+ n = tor_snprintf(buf, 1000, "SSL %p is now in state unknown"
+ " state [type=32,val=45].\n", ssl);
+ /* tor's snprintf returns -1 on error */
+ tt_int_op(n, OP_NE, -1);
+ expect_log_msg(buf);
+
+ done:
+ teardown_capture_of_logs();
+ tor_free(buf);
+ tor_free(ssl);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_server_info_callback(void *ignored)
+{
+ (void)ignored;
+ tor_tls_t *tls;
+ SSL_CTX *ctx;
+ SSL *ssl;
+
+ library_init();
+
+ ctx = SSL_CTX_new(TLSv1_method());
+ ssl = SSL_new(ctx);
+
+ tor_tls_allocate_tor_tls_object_ex_data_index();
+
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->magic = TOR_TLS_MAGIC;
+ tls->ssl = ssl;
+
+ setup_full_capture_of_logs(LOG_WARN);
+ SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_A);
+ mock_clean_saved_logs();
+ tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
+ expect_single_log_msg("Couldn't look up the tls for an SSL*. How odd!\n");
+
+ SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_B);
+ mock_clean_saved_logs();
+ tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
+ expect_single_log_msg("Couldn't look up the tls for an SSL*. How odd!\n");
+
+ SSL_set_state(ssl, 99);
+ mock_clean_saved_logs();
+ tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
+ expect_no_log_entry();
+ teardown_capture_of_logs();
+
+ SSL_set_ex_data(tls->ssl, tor_tls_object_ex_data_index, tls);
+ SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_B);
+ tls->negotiated_callback = 0;
+ //tls->server_handshake_count = 120;
+ tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
+ //tt_int_op(tls->server_handshake_count, OP_EQ, 121);
+
+ //tls->server_handshake_count = 127;
+ tls->negotiated_callback = (void *)1;
+ tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
+ //tt_int_op(tls->server_handshake_count, OP_EQ, 127);
+ tt_int_op(tls->got_renegotiate, OP_EQ, 1);
+
+ tls->ssl->session = SSL_SESSION_new();
+ tls->wasV2Handshake = 0;
+ tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
+ tt_int_op(tls->wasV2Handshake, OP_EQ, 0);
+
+ done:
+ teardown_capture_of_logs();
+ SSL_free(ssl);
+ SSL_CTX_free(ctx);
+ tor_free(tls);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+#ifndef OPENSSL_OPAQUE
+static int fixed_ssl_read_result_index;
+static int fixed_ssl_read_result[5];
+
+static int
+fixed_ssl_read(SSL *s, void *buf, int len)
+{
+ (void)s;
+ (void)buf;
+ (void)len;
+ return fixed_ssl_read_result[fixed_ssl_read_result_index++];
+}
+
+static int
+dummy_handshake_func(SSL *s)
+{
+ (void)s;
+ return 1;
+}
+
+static int negotiated_callback_called;
+
+static void
+negotiated_callback_setter(tor_tls_t *t, void *arg)
+{
+ (void)t;
+ (void)arg;
+ negotiated_callback_called++;
+}
+
+static void
+test_tortls_read(void *ignored)
+{
+ (void)ignored;
+ int ret;
+ tor_tls_t *tls;
+ char buf[100];
+ SSL_METHOD *method = give_me_a_test_method();
+ setup_capture_of_logs(LOG_WARN);
+
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->ssl = tor_malloc_zero(sizeof(SSL));
+ tls->state = TOR_TLS_ST_OPEN;
+
+ ret = tor_tls_read(tls, buf, 10);
+ tt_int_op(ret, OP_EQ, -9);
+
+ /* These tests assume that V2_HANDSHAKE_SERVER is set */
+ tls->ssl->handshake_func = dummy_handshake_func;
+ tls->ssl->method = method;
+ method->ssl_read = fixed_ssl_read;
+ fixed_ssl_read_result_index = 0;
+ fixed_ssl_read_result[0] = 42;
+ tls->state = TOR_TLS_ST_OPEN;
+ ERR_clear_error();
+ ret = tor_tls_read(tls, buf, 10);
+ tt_int_op(ret, OP_EQ, 42);
+
+ tls->state = TOR_TLS_ST_OPEN;
+ tls->got_renegotiate = 1;
+ fixed_ssl_read_result_index = 0;
+ ERR_clear_error();
+ ret = tor_tls_read(tls, buf, 10);
+ tt_int_op(tls->got_renegotiate, OP_EQ, 0);
+
+ tls->state = TOR_TLS_ST_OPEN;
+ tls->got_renegotiate = 1;
+ negotiated_callback_called = 0;
+ tls->negotiated_callback = negotiated_callback_setter;
+ fixed_ssl_read_result_index = 0;
+ ERR_clear_error();
+ ret = tor_tls_read(tls, buf, 10);
+ tt_int_op(negotiated_callback_called, OP_EQ, 1);
+
+#ifndef LIBRESSL_VERSION_NUMBER
+ fixed_ssl_read_result_index = 0;
+ fixed_ssl_read_result[0] = 0;
+ tls->ssl->version = SSL2_VERSION;
+ ERR_clear_error();
+ ret = tor_tls_read(tls, buf, 10);
+ tt_int_op(ret, OP_EQ, TOR_TLS_CLOSE);
+ tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_CLOSED);
+#endif /* !defined(LIBRESSL_VERSION_NUMBER) */
+ // TODO: fill up
+
+ done:
+ teardown_capture_of_logs();
+ tor_free(tls->ssl);
+ tor_free(tls);
+ tor_free(method);
+}
+
+static int fixed_ssl_write_result;
+
+static int
+fixed_ssl_write(SSL *s, const void *buf, int len)
+{
+ (void)s;
+ (void)buf;
+ (void)len;
+ return fixed_ssl_write_result;
+}
+
+static void
+test_tortls_write(void *ignored)
+{
+ (void)ignored;
+ int ret;
+ tor_tls_t *tls;
+ SSL_METHOD *method = give_me_a_test_method();
+ char buf[100];
+ setup_capture_of_logs(LOG_WARN);
+
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->ssl = tor_malloc_zero(sizeof(SSL));
+ tls->state = TOR_TLS_ST_OPEN;
+
+ ret = tor_tls_write(tls, buf, 0);
+ tt_int_op(ret, OP_EQ, 0);
+
+ ret = tor_tls_write(tls, buf, 10);
+ tt_int_op(ret, OP_EQ, -9);
+
+ tls->ssl->method = method;
+ tls->wantwrite_n = 1;
+ ret = tor_tls_write(tls, buf, 10);
+ tt_int_op(tls->wantwrite_n, OP_EQ, 0);
+
+ method->ssl_write = fixed_ssl_write;
+ tls->ssl->handshake_func = dummy_handshake_func;
+ fixed_ssl_write_result = 1;
+ ERR_clear_error();
+ ret = tor_tls_write(tls, buf, 10);
+ tt_int_op(ret, OP_EQ, 1);
+
+ fixed_ssl_write_result = -1;
+ ERR_clear_error();
+ tls->ssl->rwstate = SSL_READING;
+ SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL);
+ SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_READ;
+ ret = tor_tls_write(tls, buf, 10);
+ tt_int_op(ret, OP_EQ, TOR_TLS_WANTREAD);
+
+ ERR_clear_error();
+ tls->ssl->rwstate = SSL_READING;
+ SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL);
+ SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_WRITE;
+ ret = tor_tls_write(tls, buf, 10);
+ tt_int_op(ret, OP_EQ, TOR_TLS_WANTWRITE);
+
+ done:
+ teardown_capture_of_logs();
+ BIO_free(tls->ssl->rbio);
+ tor_free(tls->ssl);
+ tor_free(tls);
+ tor_free(method);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+#ifndef OPENSSL_OPAQUE
+static int fixed_ssl_accept_result;
+static int fixed_ssl_connect_result;
+
+static int
+setting_error_ssl_accept(SSL *ssl)
+{
+ (void)ssl;
+ ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99);
+ ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99);
+ return fixed_ssl_accept_result;
+}
+
+static int
+setting_error_ssl_connect(SSL *ssl)
+{
+ (void)ssl;
+ ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99);
+ ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99);
+ return fixed_ssl_connect_result;
+}
+
+static int
+fixed_ssl_accept(SSL *ssl)
+{
+ (void) ssl;
+ return fixed_ssl_accept_result;
+}
+
+static void
+test_tortls_handshake(void *ignored)
+{
+ (void)ignored;
+ int ret;
+ tor_tls_t *tls;
+ SSL_CTX *ctx;
+ SSL_METHOD *method = give_me_a_test_method();
+ setup_capture_of_logs(LOG_INFO);
+
+ SSL_library_init();
+ SSL_load_error_strings();
+
+ ctx = SSL_CTX_new(TLSv1_method());
+
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->ssl = SSL_new(ctx);
+ tls->state = TOR_TLS_ST_HANDSHAKE;
+
+ ret = tor_tls_handshake(tls);
+ tt_int_op(ret, OP_EQ, -9);
+
+ tls->isServer = 1;
+ tls->state = TOR_TLS_ST_HANDSHAKE;
+ ret = tor_tls_handshake(tls);
+ tt_int_op(ret, OP_EQ, -9);
+
+ tls->ssl->method = method;
+ method->ssl_accept = fixed_ssl_accept;
+ fixed_ssl_accept_result = 2;
+ ERR_clear_error();
+ tls->state = TOR_TLS_ST_HANDSHAKE;
+ ret = tor_tls_handshake(tls);
+ tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_OPEN);
+
+ method->ssl_accept = setting_error_ssl_accept;
+ fixed_ssl_accept_result = 1;
+ ERR_clear_error();
+ mock_clean_saved_logs();
+ tls->state = TOR_TLS_ST_HANDSHAKE;
+ ret = tor_tls_handshake(tls);
+ tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
+ expect_log_entry();
+ /* This fails on jessie. Investigate why! */
+#if 0
+ expect_log_msg("TLS error while handshaking: (null) (in bignum routines:"
+ "(null):SSLv3 write client hello B)\n");
+ expect_log_msg("TLS error while handshaking: (null) (in system library:"
+ "connect:SSLv3 write client hello B)\n");
+#endif /* 0 */
+ expect_log_severity(LOG_INFO);
+
+ tls->isServer = 0;
+ method->ssl_connect = setting_error_ssl_connect;
+ fixed_ssl_connect_result = 1;
+ ERR_clear_error();
+ mock_clean_saved_logs();
+ tls->state = TOR_TLS_ST_HANDSHAKE;
+ ret = tor_tls_handshake(tls);
+ tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
+ expect_log_entry();
+#if 0
+ /* See above */
+ expect_log_msg("TLS error while handshaking: "
+ "(null) (in bignum routines:(null):SSLv3 write client hello B)\n");
+ expect_log_msg("TLS error while handshaking: "
+ "(null) (in system library:connect:SSLv3 write client hello B)\n");
+#endif /* 0 */
+ expect_log_severity(LOG_WARN);
+
+ done:
+ teardown_capture_of_logs();
+ SSL_free(tls->ssl);
+ SSL_CTX_free(ctx);
+ tor_free(tls);
+ tor_free(method);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_finish_handshake(void *ignored)
+{
+ (void)ignored;
+ int ret;
+ tor_tls_t *tls;
+ SSL_CTX *ctx;
+ SSL_METHOD *method = give_me_a_test_method();
+ SSL_library_init();
+ SSL_load_error_strings();
+
+ X509 *c1 = read_cert_from(validCertString);
+ SESS_CERT_local *sess = NULL;
+
+ ctx = SSL_CTX_new(method);
+
+ tls = tor_malloc_zero(sizeof(tor_tls_t));
+ tls->ssl = SSL_new(ctx);
+ tls->state = TOR_TLS_ST_OPEN;
+
+ ret = tor_tls_finish_handshake(tls);
+ tt_int_op(ret, OP_EQ, 0);
+
+ tls->isServer = 1;
+ tls->wasV2Handshake = 0;
+ setup_full_capture_of_logs(LOG_WARN);
+ ret = tor_tls_finish_handshake(tls);
+ tt_int_op(ret, OP_EQ, 0);
+ tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
+ expect_single_log_msg_containing("For some reason, wasV2Handshake didn't "
+ "get set.");
+ teardown_capture_of_logs();
+
+ tls->wasV2Handshake = 1;
+ ret = tor_tls_finish_handshake(tls);
+ tt_int_op(ret, OP_EQ, 0);
+ tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
+
+ tls->wasV2Handshake = 1;
+ tls->ssl->session = SSL_SESSION_new();
+ ret = tor_tls_finish_handshake(tls);
+ tt_int_op(ret, OP_EQ, 0);
+ tt_int_op(tls->wasV2Handshake, OP_EQ, 0);
+
+ tls->isServer = 0;
+
+ sess = tor_malloc_zero(sizeof(SESS_CERT_local));
+ tls->ssl->session->sess_cert = (void *)sess;
+ sess->cert_chain = sk_X509_new_null();
+ sk_X509_push(sess->cert_chain, c1);
+ tls->ssl->session->peer = c1;
+ tls->wasV2Handshake = 0;
+ ret = tor_tls_finish_handshake(tls);
+ tt_int_op(ret, OP_EQ, 0);
+ tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
+
+ method->num_ciphers = fake_num_ciphers;
+ ret = tor_tls_finish_handshake(tls);
+ tt_int_op(ret, OP_EQ, -9);
+
+ done:
+ if (sess)
+ sk_X509_free(sess->cert_chain);
+ if (tls->ssl && tls->ssl->session) {
+ tor_free(tls->ssl->session->sess_cert);
+ }
+ SSL_free(tls->ssl);
+ tor_free(tls);
+ SSL_CTX_free(ctx);
+ tor_free(method);
+ teardown_capture_of_logs();
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+static int fixed_crypto_pk_new_result_index;
+static crypto_pk_t *fixed_crypto_pk_new_result[5];
+
+static crypto_pk_t *
+fixed_crypto_pk_new(void)
+{
+ return fixed_crypto_pk_new_result[fixed_crypto_pk_new_result_index++];
+}
+
+#ifndef OPENSSL_OPAQUE
+static int fixed_crypto_pk_generate_key_with_bits_result_index;
+static int fixed_crypto_pk_generate_key_with_bits_result[5];
+static int fixed_tor_tls_create_certificate_result_index;
+static X509 *fixed_tor_tls_create_certificate_result[5];
+static int fixed_tor_x509_cert_new_result_index;
+static tor_x509_cert_t *fixed_tor_x509_cert_new_result[5];
+
+static int
+fixed_crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
+{
+ (void)env;
+ (void)bits;
+ return fixed_crypto_pk_generate_key_with_bits_result[
+ fixed_crypto_pk_generate_key_with_bits_result_index++];
+}
+
+static X509 *
+fixed_tor_tls_create_certificate(crypto_pk_t *rsa,
+ crypto_pk_t *rsa_sign,
+ const char *cname,
+ const char *cname_sign,
+ unsigned int cert_lifetime)
+{
+ (void)rsa;
+ (void)rsa_sign;
+ (void)cname;
+ (void)cname_sign;
+ (void)cert_lifetime;
+ X509 *result = fixed_tor_tls_create_certificate_result[
+ fixed_tor_tls_create_certificate_result_index++];
+ if (result)
+ return X509_dup(result);
+ else
+ return NULL;
+}
+
+static void
+fixed_tor_tls_create_certificate_results_free(void)
+{
+ unsigned i;
+ for (i = 0; i < ARRAY_LENGTH(fixed_tor_tls_create_certificate_result); ++i) {
+ X509 *cert = fixed_tor_tls_create_certificate_result[i];
+ if (cert)
+ X509_free(cert);
+ fixed_tor_tls_create_certificate_result[i] = NULL;
+ }
+}
+
+static void
+fixed_tor_x509_cert_new_results_free(void)
+{
+ unsigned i;
+ for (i = 0; i < ARRAY_LENGTH(fixed_tor_x509_cert_new_result); ++i) {
+ tor_x509_cert_free(fixed_tor_x509_cert_new_result[i]);
+ }
+}
+
+static tor_x509_cert_t *
+fixed_tor_x509_cert_new(tor_x509_cert_impl_t *x509_cert)
+{
+ (void) x509_cert;
+ tor_x509_cert_t **certp =
+ &fixed_tor_x509_cert_new_result[fixed_tor_x509_cert_new_result_index++];
+ tor_x509_cert_t *cert = *certp;
+ *certp = NULL;
+ return cert;
+}
+
+static void
+test_tortls_context_new(void *ignored)
+{
+ (void)ignored;
+ tor_tls_context_t *ret;
+ crypto_pk_t *pk1, *pk2, *pk3, *pk4, *pk5, *pk6, *pk7, *pk8, *pk9, *pk10,
+ *pk11, *pk12, *pk13, *pk14, *pk15, *pk16, *pk17, *pk18;
+
+ pk1 = crypto_pk_new();
+ pk2 = crypto_pk_new();
+ pk3 = crypto_pk_new();
+ pk4 = crypto_pk_new();
+ pk5 = crypto_pk_new();
+ pk6 = crypto_pk_new();
+ pk7 = crypto_pk_new();
+ pk8 = crypto_pk_new();
+ pk9 = crypto_pk_new();
+ pk10 = crypto_pk_new();
+ pk11 = crypto_pk_new();
+ pk12 = crypto_pk_new();
+ pk13 = crypto_pk_new();
+ pk14 = crypto_pk_new();
+ pk15 = crypto_pk_new();
+ pk16 = crypto_pk_new();
+ pk17 = crypto_pk_new();
+ pk18 = crypto_pk_new();
+
+ fixed_crypto_pk_new_result_index = 0;
+ fixed_crypto_pk_new_result[0] = NULL;
+ MOCK(crypto_pk_new, fixed_crypto_pk_new);
+ ret = tor_tls_context_new(NULL, 0, 0, 0);
+ tt_assert(!ret);
+
+ /* note: we already override this in testing_common.c, so we
+ * run this unit test in a subprocess. */
+ MOCK(crypto_pk_generate_key_with_bits,
+ fixed_crypto_pk_generate_key_with_bits);
+ fixed_crypto_pk_new_result_index = 0;
+ fixed_crypto_pk_new_result[0] = pk1;
+ fixed_crypto_pk_new_result[1] = NULL;
+ fixed_crypto_pk_generate_key_with_bits_result[0] = -1;
+ fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+ ret = tor_tls_context_new(NULL, 0, 0, 0);
+ tt_assert(!ret);
+
+ fixed_crypto_pk_new_result_index = 0;
+ fixed_crypto_pk_new_result[0] = pk2;
+ fixed_crypto_pk_new_result[1] = NULL;
+ fixed_crypto_pk_generate_key_with_bits_result[0] = 0;
+ fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+ ret = tor_tls_context_new(NULL, 0, 0, 0);
+ tt_assert(!ret);
+
+ fixed_crypto_pk_new_result_index = 0;
+ fixed_crypto_pk_new_result[0] = pk3;
+ fixed_crypto_pk_new_result[1] = pk4;
+ fixed_crypto_pk_new_result[2] = NULL;
+ fixed_crypto_pk_generate_key_with_bits_result[0] = 0;
+ fixed_crypto_pk_generate_key_with_bits_result[1] = -1;
+ fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+ ret = tor_tls_context_new(NULL, 0, 0, 0);
+ tt_assert(!ret);
+
+ MOCK(tor_tls_create_certificate, fixed_tor_tls_create_certificate);
+
+ fixed_crypto_pk_new_result_index = 0;
+ fixed_crypto_pk_new_result[0] = pk5;
+ fixed_crypto_pk_new_result[1] = pk6;
+ fixed_crypto_pk_new_result[2] = NULL;
+ fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+ fixed_crypto_pk_generate_key_with_bits_result[1] = 0;
+ fixed_tor_tls_create_certificate_result_index = 0;
+ fixed_tor_tls_create_certificate_result[0] = NULL;
+ fixed_tor_tls_create_certificate_result[1] = X509_new();
+ fixed_tor_tls_create_certificate_result[2] = X509_new();
+ ret = tor_tls_context_new(NULL, 0, 0, 0);
+ tt_assert(!ret);
+ fixed_tor_tls_create_certificate_results_free();
+
+ fixed_crypto_pk_new_result_index = 0;
+ fixed_crypto_pk_new_result[0] = pk7;
+ fixed_crypto_pk_new_result[1] = pk8;
+ fixed_crypto_pk_new_result[2] = NULL;
+ fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+ fixed_tor_tls_create_certificate_result_index = 0;
+ fixed_tor_tls_create_certificate_result[0] = X509_new();
+ fixed_tor_tls_create_certificate_result[1] = NULL;
+ fixed_tor_tls_create_certificate_result[2] = X509_new();
+ ret = tor_tls_context_new(NULL, 0, 0, 0);
+ tt_assert(!ret);
+ fixed_tor_tls_create_certificate_results_free();
+
+ fixed_crypto_pk_new_result_index = 0;
+ fixed_crypto_pk_new_result[0] = pk9;
+ fixed_crypto_pk_new_result[1] = pk10;
+ fixed_crypto_pk_new_result[2] = NULL;
+ fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+ fixed_tor_tls_create_certificate_result_index = 0;
+ fixed_tor_tls_create_certificate_result[0] = X509_new();
+ fixed_tor_tls_create_certificate_result[1] = X509_new();
+ fixed_tor_tls_create_certificate_result[2] = NULL;
+ ret = tor_tls_context_new(NULL, 0, 0, 0);
+ tt_assert(!ret);
+ fixed_tor_tls_create_certificate_results_free();
+
+ MOCK(tor_x509_cert_new, fixed_tor_x509_cert_new);
+ fixed_crypto_pk_new_result_index = 0;
+ fixed_crypto_pk_new_result[0] = pk11;
+ fixed_crypto_pk_new_result[1] = pk12;
+ fixed_crypto_pk_new_result[2] = NULL;
+ fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+ fixed_tor_tls_create_certificate_result_index = 0;
+ fixed_tor_tls_create_certificate_result[0] = X509_new();
+ fixed_tor_tls_create_certificate_result[1] = X509_new();
+ fixed_tor_tls_create_certificate_result[2] = X509_new();
+ fixed_tor_x509_cert_new_result_index = 0;
+ fixed_tor_x509_cert_new_result[0] = NULL;
+ fixed_tor_x509_cert_new_result[1] = NULL;
+ fixed_tor_x509_cert_new_result[2] = NULL;
+ ret = tor_tls_context_new(NULL, 0, 0, 0);
+ tt_assert(!ret);
+ fixed_tor_tls_create_certificate_results_free();
+
+ fixed_crypto_pk_new_result_index = 0;
+ fixed_crypto_pk_new_result[0] = pk13;
+ fixed_crypto_pk_new_result[1] = pk14;
+ fixed_crypto_pk_new_result[2] = NULL;
+ fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+ fixed_tor_tls_create_certificate_result_index = 0;
+ fixed_tor_tls_create_certificate_result[0] = X509_new();
+ fixed_tor_tls_create_certificate_result[1] = X509_new();
+ fixed_tor_tls_create_certificate_result[2] = X509_new();
+ fixed_tor_x509_cert_new_result_index = 0;
+ fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t));
+ fixed_tor_x509_cert_new_result[1] = NULL;
+ fixed_tor_x509_cert_new_result[2] = NULL;
+ ret = tor_tls_context_new(NULL, 0, 0, 0);
+ tt_assert(!ret);
+ fixed_tor_tls_create_certificate_results_free();
+ fixed_tor_x509_cert_new_results_free();
+
+ fixed_crypto_pk_new_result_index = 0;
+ fixed_crypto_pk_new_result[0] = pk15;
+ fixed_crypto_pk_new_result[1] = pk16;
+ fixed_crypto_pk_new_result[2] = NULL;
+ fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+ fixed_tor_tls_create_certificate_result_index = 0;
+ fixed_tor_tls_create_certificate_result[0] = X509_new();
+ fixed_tor_tls_create_certificate_result[1] = X509_new();
+ fixed_tor_tls_create_certificate_result[2] = X509_new();
+ fixed_tor_x509_cert_new_result_index = 0;
+ fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t));
+ fixed_tor_x509_cert_new_result[1] = tor_malloc_zero(sizeof(tor_x509_cert_t));
+ fixed_tor_x509_cert_new_result[2] = NULL;
+ ret = tor_tls_context_new(NULL, 0, 0, 0);
+ tt_assert(!ret);
+ fixed_tor_tls_create_certificate_results_free();
+ fixed_tor_x509_cert_new_results_free();
+
+ fixed_crypto_pk_new_result_index = 0;
+ fixed_crypto_pk_new_result[0] = pk17;
+ fixed_crypto_pk_new_result[1] = pk18;
+ fixed_crypto_pk_new_result[2] = NULL;
+ fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+ fixed_tor_tls_create_certificate_result_index = 0;
+ fixed_tor_tls_create_certificate_result[0] = X509_new();
+ fixed_tor_tls_create_certificate_result[1] = X509_new();
+ fixed_tor_tls_create_certificate_result[2] = X509_new();
+ fixed_tor_x509_cert_new_result_index = 0;
+ fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t));
+ fixed_tor_x509_cert_new_result[1] = tor_malloc_zero(sizeof(tor_x509_cert_t));
+ fixed_tor_x509_cert_new_result[2] = tor_malloc_zero(sizeof(tor_x509_cert_t));
+ ret = tor_tls_context_new(NULL, 0, 0, 0);
+ tt_assert(!ret);
+
+ done:
+ fixed_tor_tls_create_certificate_results_free();
+ fixed_tor_x509_cert_new_results_free();
+ UNMOCK(tor_x509_cert_new);
+ UNMOCK(tor_tls_create_certificate);
+ UNMOCK(crypto_pk_generate_key_with_bits);
+ UNMOCK(crypto_pk_new);
+}
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+static int fixed_crypto_pk_get_evp_pkey_result_index = 0;
+static EVP_PKEY *fixed_crypto_pk_get_evp_pkey_result[5];
+
+static EVP_PKEY *
+fixed_crypto_pk_get_evp_pkey_(crypto_pk_t *env, int private)
+{
+ (void) env;
+ (void) private;
+ return fixed_crypto_pk_get_evp_pkey_result[
+ fixed_crypto_pk_get_evp_pkey_result_index++];
+}
+
+static void
+test_tortls_create_certificate(void *ignored)
+{
+ (void)ignored;
+ X509 *ret;
+ crypto_pk_t *pk1, *pk2;
+
+ pk1 = crypto_pk_new();
+ pk2 = crypto_pk_new();
+
+ MOCK(crypto_pk_get_openssl_evp_pkey_, fixed_crypto_pk_get_evp_pkey_);
+ fixed_crypto_pk_get_evp_pkey_result_index = 0;
+ fixed_crypto_pk_get_evp_pkey_result[0] = NULL;
+ ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
+ tt_assert(!ret);
+
+ fixed_crypto_pk_get_evp_pkey_result_index = 0;
+ fixed_crypto_pk_get_evp_pkey_result[0] = EVP_PKEY_new();
+ fixed_crypto_pk_get_evp_pkey_result[1] = NULL;
+ ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
+ tt_assert(!ret);
+
+ fixed_crypto_pk_get_evp_pkey_result_index = 0;
+ fixed_crypto_pk_get_evp_pkey_result[0] = EVP_PKEY_new();
+ fixed_crypto_pk_get_evp_pkey_result[1] = EVP_PKEY_new();
+ ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
+ tt_assert(!ret);
+
+ done:
+ UNMOCK(crypto_pk_get_openssl_evp_pkey_);
+ crypto_pk_free(pk1);
+ crypto_pk_free(pk2);
+}
+
+static void
+test_tortls_cert_new(void *ignored)
+{
+ (void)ignored;
+ tor_x509_cert_t *ret;
+ X509 *cert = read_cert_from(validCertString);
+
+ ret = tor_x509_cert_new(NULL);
+ tt_assert(!ret);
+
+ ret = tor_x509_cert_new(cert);
+ tt_assert(ret);
+ tor_x509_cert_free(ret);
+ ret = NULL;
+
+#if 0
+ cert = read_cert_from(validCertString);
+ /* XXX this doesn't do what you think: it alters a copy of the pubkey. */
+ X509_get_pubkey(cert)->type = EVP_PKEY_DSA;
+ ret = tor_x509_cert_new(cert);
+ tt_assert(ret);
+#endif /* 0 */
+
+#ifndef OPENSSL_OPAQUE
+ cert = read_cert_from(validCertString);
+ X509_CINF_free(cert->cert_info);
+ cert->cert_info = NULL;
+ ret = tor_x509_cert_new(cert);
+ tt_assert(ret);
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+ done:
+ tor_x509_cert_free(ret);
+}
+
+static void
+test_tortls_cert_is_valid(void *ignored)
+{
+ (void)ignored;
+ int ret;
+ tor_x509_cert_t *cert = NULL, *scert = NULL;
+
+ scert = tor_malloc_zero(sizeof(tor_x509_cert_t));
+ ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
+ tt_int_op(ret, OP_EQ, 0);
+
+ cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
+ ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
+ tt_int_op(ret, OP_EQ, 0);
+ tor_free(scert);
+ tor_free(cert);
+
+ cert = tor_x509_cert_new(read_cert_from(validCertString));
+ scert = tor_x509_cert_new(read_cert_from(caCertString));
+ ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
+ tt_int_op(ret, OP_EQ, 1);
+
+#ifndef OPENSSL_OPAQUE
+ tor_x509_cert_free(cert);
+ tor_x509_cert_free(scert);
+ cert = tor_x509_cert_new(read_cert_from(validCertString));
+ scert = tor_x509_cert_new(read_cert_from(caCertString));
+ ASN1_TIME_free(cert->cert->cert_info->validity->notAfter);
+ cert->cert->cert_info->validity->notAfter =
+ ASN1_TIME_set(NULL, time(NULL)-1000000);
+ ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
+ tt_int_op(ret, OP_EQ, 0);
+
+ tor_x509_cert_free(cert);
+ tor_x509_cert_free(scert);
+ cert = tor_x509_cert_new(read_cert_from(validCertString));
+ scert = tor_x509_cert_new(read_cert_from(caCertString));
+ X509_PUBKEY_free(cert->cert->cert_info->key);
+ cert->cert->cert_info->key = NULL;
+ ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 1);
+ tt_int_op(ret, OP_EQ, 0);
+#endif /* !defined(OPENSSL_OPAQUE) */
+
+#if 0
+ tor_x509_cert_free(cert);
+ tor_x509_cert_free(scert);
+ cert = tor_x509_cert_new(read_cert_from(validCertString));
+ scert = tor_x509_cert_new(read_cert_from(caCertString));
+ /* This doesn't actually change the key in the cert. XXXXXX */
+ BN_one(EVP_PKEY_get1_RSA(X509_get_pubkey(cert->cert))->n);
+ ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 1);
+ tt_int_op(ret, OP_EQ, 0);
+
+ tor_x509_cert_free(cert);
+ tor_x509_cert_free(scert);
+ cert = tor_x509_cert_new(read_cert_from(validCertString));
+ scert = tor_x509_cert_new(read_cert_from(caCertString));
+ /* This doesn't actually change the key in the cert. XXXXXX */
+ X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
+ ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 1);
+ tt_int_op(ret, OP_EQ, 0);
+
+ tor_x509_cert_free(cert);
+ tor_x509_cert_free(scert);
+ cert = tor_x509_cert_new(read_cert_from(validCertString));
+ scert = tor_x509_cert_new(read_cert_from(caCertString));
+ /* This doesn't actually change the key in the cert. XXXXXX */
+ X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
+ ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
+ tt_int_op(ret, OP_EQ, 1);
+
+ tor_x509_cert_free(cert);
+ tor_x509_cert_free(scert);
+ cert = tor_x509_cert_new(read_cert_from(validCertString));
+ scert = tor_x509_cert_new(read_cert_from(caCertString));
+ /* This doesn't actually change the key in the cert. XXXXXX */
+ X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
+ X509_get_pubkey(cert->cert)->ameth = NULL;
+ ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, time(NULL), 0);
+ tt_int_op(ret, OP_EQ, 0);
+#endif /* 0 */
+
+ done:
+ tor_x509_cert_free(cert);
+ tor_x509_cert_free(scert);
+}
+
+static void
+test_tortls_context_init_one(void *ignored)
+{
+ (void)ignored;
+ int ret;
+ tor_tls_context_t *old = NULL;
+
+ MOCK(crypto_pk_new, fixed_crypto_pk_new);
+
+ fixed_crypto_pk_new_result_index = 0;
+ fixed_crypto_pk_new_result[0] = NULL;
+ ret = tor_tls_context_init_one(&old, NULL, 0, 0, 0);
+ tt_int_op(ret, OP_EQ, -1);
+
+ done:
+ UNMOCK(crypto_pk_new);
+}
+
+#define LOCAL_TEST_CASE(name, flags) \
+ { #name, test_tortls_##name, (flags|TT_FORK), NULL, NULL }
+
+#ifdef OPENSSL_OPAQUE
+#define INTRUSIVE_TEST_CASE(name, flags) \
+ { #name, NULL, TT_SKIP, NULL, NULL }
+#else
+#define INTRUSIVE_TEST_CASE(name, flags) LOCAL_TEST_CASE(name, flags)
+#endif /* defined(OPENSSL_OPAQUE) */
+
+struct testcase_t tortls_openssl_tests[] = {
+ LOCAL_TEST_CASE(tor_tls_new, TT_FORK),
+ LOCAL_TEST_CASE(get_state_description, TT_FORK),
+ LOCAL_TEST_CASE(get_by_ssl, TT_FORK),
+ LOCAL_TEST_CASE(allocate_tor_tls_object_ex_data_index, TT_FORK),
+ LOCAL_TEST_CASE(log_one_error, TT_FORK),
+ INTRUSIVE_TEST_CASE(get_error, TT_FORK),
+ LOCAL_TEST_CASE(always_accept_verify_cb, 0),
+ INTRUSIVE_TEST_CASE(x509_cert_free, 0),
+ LOCAL_TEST_CASE(cert_matches_key, 0),
+ INTRUSIVE_TEST_CASE(cert_get_key, 0),
+ LOCAL_TEST_CASE(get_my_client_auth_key, TT_FORK),
+ INTRUSIVE_TEST_CASE(get_ciphersuite_name, 0),
+ INTRUSIVE_TEST_CASE(classify_client_ciphers, 0),
+ LOCAL_TEST_CASE(client_is_using_v2_ciphers, 0),
+ INTRUSIVE_TEST_CASE(get_pending_bytes, 0),
+ INTRUSIVE_TEST_CASE(SSL_SESSION_get_master_key, 0),
+ INTRUSIVE_TEST_CASE(get_tlssecrets, 0),
+ INTRUSIVE_TEST_CASE(get_buffer_sizes, 0),
+ INTRUSIVE_TEST_CASE(try_to_extract_certs_from_tls, 0),
+ INTRUSIVE_TEST_CASE(get_peer_cert, 0),
+ INTRUSIVE_TEST_CASE(peer_has_cert, 0),
+ INTRUSIVE_TEST_CASE(finish_handshake, 0),
+ INTRUSIVE_TEST_CASE(handshake, 0),
+ INTRUSIVE_TEST_CASE(write, 0),
+ INTRUSIVE_TEST_CASE(read, 0),
+ INTRUSIVE_TEST_CASE(server_info_callback, 0),
+ LOCAL_TEST_CASE(get_write_overhead_ratio, TT_FORK),
+ LOCAL_TEST_CASE(is_server, 0),
+ INTRUSIVE_TEST_CASE(assert_renegotiation_unblocked, 0),
+ INTRUSIVE_TEST_CASE(block_renegotiation, 0),
+ INTRUSIVE_TEST_CASE(unblock_renegotiation, 0),
+ INTRUSIVE_TEST_CASE(set_renegotiate_callback, 0),
+ LOCAL_TEST_CASE(set_logged_address, 0),
+ INTRUSIVE_TEST_CASE(find_cipher_by_id, 0),
+ INTRUSIVE_TEST_CASE(session_secret_cb, 0),
+ INTRUSIVE_TEST_CASE(debug_state_callback, 0),
+ INTRUSIVE_TEST_CASE(context_new, TT_FORK /* redundant */),
+ LOCAL_TEST_CASE(create_certificate, 0),
+ LOCAL_TEST_CASE(cert_new, 0),
+ LOCAL_TEST_CASE(cert_is_valid, 0),
+ LOCAL_TEST_CASE(context_init_one, 0),
+ END_OF_TESTCASES
+};
diff --git a/src/test/test_util.c b/src/test/test_util.c
index ec11bfd5f5..7bc1b7921a 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -1,6 +1,6 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
@@ -8,16 +8,37 @@
#define COMPAT_TIME_PRIVATE
#define CONTROL_PRIVATE
#define UTIL_PRIVATE
-#include "or.h"
-#include "buffers.h"
-#include "config.h"
-#include "control.h"
-#include "crypto_rand.h"
-#include "test.h"
-#include "memarea.h"
-#include "util_process.h"
-#include "log_test_helpers.h"
-#include "compress_zstd.h"
+#define UTIL_MALLOC_PRIVATE
+#define SOCKET_PRIVATE
+#define SUBPROCESS_PRIVATE
+#include "lib/testsupport/testsupport.h"
+#include "core/or/or.h"
+#include "lib/container/buffers.h"
+#include "app/config/config.h"
+#include "feature/control/control.h"
+#include "feature/client/transports.h"
+#include "lib/crypt_ops/crypto_format.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "test/test.h"
+#include "lib/memarea/memarea.h"
+#include "lib/process/waitpid.h"
+#include "test/log_test_helpers.h"
+#include "lib/compress/compress.h"
+#include "lib/compress/compress_zstd.h"
+#include "lib/encoding/keyval.h"
+#include "lib/fdio/fdio.h"
+#include "lib/fs/winlib.h"
+#include "lib/process/env.h"
+#include "lib/process/pidfile.h"
+#include "lib/process/subprocess.h"
+#include "lib/intmath/weakrng.h"
+#include "lib/thread/numcpus.h"
+#include "lib/math/fp.h"
+#include "lib/math/laplace.h"
+#include "lib/meminfo/meminfo.h"
+#include "lib/time/tvdiff.h"
+#include "lib/encoding/confline.h"
+#include "lib/net/socketpair.h"
#ifdef HAVE_PWD_H
#include <pwd.h>
@@ -28,6 +49,16 @@
#ifdef HAVE_UTIME_H
#include <utime.h>
#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
#ifdef _WIN32
#include <tchar.h>
#endif
@@ -892,6 +923,32 @@ test_util_time(void *arg)
teardown_capture_of_logs();
}
}
+ {
+ /* As above, but with localtime. */
+ t_res = -9223372036854775LL;
+ tor_localtime_r(&t_res, &b_time);
+ tt_assert(b_time.tm_year == (1970-1900) ||
+ b_time.tm_year == (1-1900));
+
+ /* while unlikely, the system's gmtime(_r) could return
+ * a "correct" retrospective gregorian negative year value,
+ * which I'm pretty sure is:
+ * -1*(2^63)/60/60/24*2000/730485 + 1970 = -292277022657
+ * 730485 is the number of days in two millennia, including leap days
+ * (int64_t)b_time.tm_year == (-292277022657LL-1900LL) without clamping */
+ t_res = INT64_MIN;
+ CAPTURE();
+ tor_localtime_r(&t_res, &b_time);
+ if (! (b_time.tm_year == (1970-1900) ||
+ b_time.tm_year == (1-1900))) {
+ tt_int_op(b_time.tm_year, OP_EQ, 1970-1900);
+ }
+ if (b_time.tm_year != 1970-1900) {
+ CHECK_TIMEGM_WARNING("Rounding up to ");
+ } else {
+ teardown_capture_of_logs();
+ }
+ }
#endif /* SIZEOF_TIME_T == 8 */
/* time_t >= INT_MAX yields a year clamped to 2037 or 9999,
@@ -908,6 +965,17 @@ test_util_time(void *arg)
tt_assert(b_time.tm_year == (2037-1900) ||
b_time.tm_year == (2038-1900));
}
+ {
+ /* as above but with localtime. */
+ t_res = 3*(1 << 29);
+ tor_localtime_r(&t_res, &b_time);
+ tt_assert(b_time.tm_year == (2021-1900));
+
+ t_res = INT32_MAX;
+ tor_localtime_r(&t_res, &b_time);
+ tt_assert(b_time.tm_year == (2037-1900) ||
+ b_time.tm_year == (2038-1900));
+ }
#endif /* SIZEOF_TIME_T == 4 || SIZEOF_TIME_T == 8 */
#if SIZEOF_TIME_T == 8
@@ -933,6 +1001,27 @@ test_util_time(void *arg)
tt_assert(b_time.tm_year == (2037-1900) ||
b_time.tm_year == (9999-1900));
}
+ {
+ /* As above but with localtime. */
+ t_res = 9223372036854775LL;
+ tor_localtime_r(&t_res, &b_time);
+ tt_assert(b_time.tm_year == (2037-1900) ||
+ b_time.tm_year == (9999-1900));
+
+ /* while unlikely, the system's gmtime(_r) could return
+ * a "correct" proleptic gregorian year value,
+ * which I'm pretty sure is:
+ * (2^63-1)/60/60/24*2000/730485 + 1970 = 292277026596
+ * 730485 is the number of days in two millennia, including leap days
+ * (int64_t)b_time.tm_year == (292277026596L-1900L) without clamping */
+ t_res = INT64_MAX;
+ CAPTURE();
+ tor_localtime_r(&t_res, &b_time);
+ CHECK_TIMEGM_WARNING("Rounding down to ");
+
+ tt_assert(b_time.tm_year == (2037-1900) ||
+ b_time.tm_year == (9999-1900));
+ }
#endif /* SIZEOF_TIME_T == 8 */
/* Test {format,parse}_rfc1123_time */
@@ -1901,8 +1990,8 @@ test_util_strmisc(void *arg)
tor_snprintf(buf, 10, "abcdef");
tt_int_op(0,OP_EQ, buf[6]);
/* uint64 */
- tor_snprintf(buf, sizeof(buf), "x!"U64_FORMAT"!x",
- U64_PRINTF_ARG(U64_LITERAL(12345678901)));
+ tor_snprintf(buf, sizeof(buf), "x!%"PRIu64"!x",
+ (UINT64_C(12345678901)));
tt_str_op("x!12345678901!x",OP_EQ, buf);
/* Test str{,case}cmpstart */
@@ -2115,20 +2204,10 @@ test_util_parse_integer(void *arg)
tt_int_op(1,OP_EQ, i);
tt_str_op(cp,OP_EQ, " plus garbage");
/* Illogical min max */
- tor_capture_bugs_(1);
tt_int_op(0L,OP_EQ, tor_parse_long("10",10,50,4,&i,NULL));
tt_int_op(0,OP_EQ, i);
- tt_int_op(1, OP_EQ, smartlist_len(tor_get_captured_bug_log_()));
- tt_str_op("!(max < min)", OP_EQ,
- smartlist_get(tor_get_captured_bug_log_(), 0));
- tor_end_capture_bugs_();
- tor_capture_bugs_(1);
tt_int_op(0L,OP_EQ, tor_parse_long("-50",10,100,-100,&i,NULL));
tt_int_op(0,OP_EQ, i);
- tt_int_op(1, OP_EQ, smartlist_len(tor_get_captured_bug_log_()));
- tt_str_op("!(max < min)", OP_EQ,
- smartlist_get(tor_get_captured_bug_log_(), 0));
- tor_end_capture_bugs_();
/* Out of bounds */
tt_int_op(0L,OP_EQ, tor_parse_long("10",10,50,100,&i,NULL));
tt_int_op(0,OP_EQ, i);
@@ -2139,11 +2218,8 @@ test_util_parse_integer(void *arg)
tt_int_op(0L,OP_EQ, tor_parse_long("2",2,0,100,NULL,NULL));
tt_int_op(68284L,OP_EQ, tor_parse_long("10abc",16,0,70000,NULL,NULL));
tt_int_op(68284L,OP_EQ, tor_parse_long("10ABC",16,0,70000,NULL,NULL));
- tor_capture_bugs_(2);
tt_int_op(0L,OP_EQ, tor_parse_long("10",-2,0,100,NULL,NULL));
tt_int_op(0,OP_EQ, tor_parse_long("10ABC",-1,0,70000,&i,NULL));
- tt_int_op(2, OP_EQ, smartlist_len(tor_get_captured_bug_log_()));
- tor_end_capture_bugs_();
tt_int_op(i,OP_EQ, 0);
/* Test parse_ulong */
@@ -2156,40 +2232,34 @@ test_util_parse_integer(void *arg)
tt_int_op(0UL,OP_EQ, tor_parse_ulong("8",8,0,100,NULL,NULL));
tt_int_op(50UL,OP_EQ, tor_parse_ulong("50",10,50,100,NULL,NULL));
tt_int_op(0UL,OP_EQ, tor_parse_ulong("-50",10,0,100,NULL,NULL));
- tor_capture_bugs_(1);
tt_int_op(0UL,OP_EQ, tor_parse_ulong("50",-1,50,100,&i,NULL));
- tt_int_op(1, OP_EQ, smartlist_len(tor_get_captured_bug_log_()));
- tor_end_capture_bugs_();
tt_int_op(0,OP_EQ, i);
tt_int_op(0UL,OP_EQ, tor_parse_ulong("-50",10,0,100,&i,NULL));
tt_int_op(0,OP_EQ, i);
/* Test parse_uint64 */
- tt_assert(U64_LITERAL(10) == tor_parse_uint64("10 x",10,0,100, &i, &cp));
+ tt_assert(UINT64_C(10) == tor_parse_uint64("10 x",10,0,100, &i, &cp));
tt_int_op(1,OP_EQ, i);
tt_str_op(cp,OP_EQ, " x");
- tt_assert(U64_LITERAL(12345678901) ==
+ tt_assert(UINT64_C(12345678901) ==
tor_parse_uint64("12345678901",10,0,UINT64_MAX, &i, &cp));
tt_int_op(1,OP_EQ, i);
tt_str_op(cp,OP_EQ, "");
- tt_assert(U64_LITERAL(0) ==
+ tt_assert(UINT64_C(0) ==
tor_parse_uint64("12345678901",10,500,INT32_MAX, &i, &cp));
tt_int_op(0,OP_EQ, i);
- tor_capture_bugs_(1);
- tt_assert(U64_LITERAL(0) ==
+ tt_assert(UINT64_C(0) ==
tor_parse_uint64("123",-1,0,INT32_MAX, &i, &cp));
- tt_int_op(1, OP_EQ, smartlist_len(tor_get_captured_bug_log_()));
- tor_end_capture_bugs_();
tt_int_op(0,OP_EQ, i);
{
/* Test parse_double */
double d = tor_parse_double("10", 0, (double)UINT64_MAX,&i,NULL);
tt_int_op(1,OP_EQ, i);
- tt_assert(DBL_TO_U64(d) == 10);
+ tt_assert(((uint64_t)d) == 10);
d = tor_parse_double("0", 0, (double)UINT64_MAX,&i,NULL);
tt_int_op(1,OP_EQ, i);
- tt_assert(DBL_TO_U64(d) == 0);
+ tt_assert(((uint64_t)d) == 0);
d = tor_parse_double(" ", 0, (double)UINT64_MAX,&i,NULL);
tt_double_op(fabs(d), OP_LT, 1e-10);
tt_int_op(0,OP_EQ, i);
@@ -2201,7 +2271,7 @@ test_util_parse_integer(void *arg)
tt_int_op(1,OP_EQ, i);
d = tor_parse_double("-.0", 0, (double)UINT64_MAX,&i,NULL);
tt_int_op(1,OP_EQ, i);
- tt_assert(DBL_TO_U64(d) == 0);
+ tt_assert(((uint64_t)d) == 0);
d = tor_parse_double("-10", -100.0, 100.0,&i,NULL);
tt_int_op(1,OP_EQ, i);
tt_double_op(fabs(d - -10.0),OP_LT, 1E-12);
@@ -2219,12 +2289,12 @@ test_util_parse_integer(void *arg)
tt_int_op(i,OP_EQ, 0);
tt_int_op(0UL,OP_EQ, tor_parse_ulong(TOOBIG, 10, 0, ULONG_MAX, &i, NULL));
tt_int_op(i,OP_EQ, 0);
- tt_u64_op(U64_LITERAL(0), OP_EQ, tor_parse_uint64(TOOBIG, 10,
+ tt_u64_op(UINT64_C(0), OP_EQ, tor_parse_uint64(TOOBIG, 10,
0, UINT64_MAX, &i, NULL));
tt_int_op(i,OP_EQ, 0);
}
done:
- tor_end_capture_bugs_();
+ ;
}
static void
@@ -2242,17 +2312,17 @@ test_util_pow2(void *arg)
tt_int_op(tor_log2(3),OP_EQ, 1);
tt_int_op(tor_log2(4),OP_EQ, 2);
tt_int_op(tor_log2(5),OP_EQ, 2);
- tt_int_op(tor_log2(U64_LITERAL(40000000000000000)),OP_EQ, 55);
+ tt_int_op(tor_log2(UINT64_C(40000000000000000)),OP_EQ, 55);
tt_int_op(tor_log2(UINT64_MAX),OP_EQ, 63);
/* Test round_to_power_of_2 */
tt_u64_op(round_to_power_of_2(120), OP_EQ, 128);
tt_u64_op(round_to_power_of_2(128), OP_EQ, 128);
tt_u64_op(round_to_power_of_2(130), OP_EQ, 128);
- tt_u64_op(round_to_power_of_2(U64_LITERAL(40000000000000000)), OP_EQ,
- U64_LITERAL(1)<<55);
- tt_u64_op(round_to_power_of_2(U64_LITERAL(0xffffffffffffffff)), OP_EQ,
- U64_LITERAL(1)<<63);
+ tt_u64_op(round_to_power_of_2(UINT64_C(40000000000000000)), OP_EQ,
+ UINT64_C(1)<<55);
+ tt_u64_op(round_to_power_of_2(UINT64_C(0xffffffffffffffff)), OP_EQ,
+ UINT64_C(1)<<63);
tt_u64_op(round_to_power_of_2(0), OP_EQ, 1);
tt_u64_op(round_to_power_of_2(1), OP_EQ, 1);
tt_u64_op(round_to_power_of_2(2), OP_EQ, 2);
@@ -3152,6 +3222,21 @@ test_util_sscanf(void *arg)
test_feq(d3, -900123123.2000787);
test_feq(d4, 3.2);
+ /* missing float */
+ r = tor_sscanf("3 ", "%d %lf", &int1, &d1);
+ tt_int_op(r, OP_EQ, 1);
+ tt_int_op(int1, OP_EQ, 3);
+
+ /* not a float */
+ r = tor_sscanf("999 notafloat", "%d %lf", &int1, &d1);
+ tt_int_op(r, OP_EQ, 1);
+ tt_int_op(int1, OP_EQ, 999);
+
+ /* %s but no buffer. */
+ char *nullbuf = NULL;
+ r = tor_sscanf("hello", "%3s", nullbuf);
+ tt_int_op(r, OP_EQ, 0);
+
done:
tor_free(huge);
}
@@ -3928,6 +4013,53 @@ test_util_string_is_C_identifier(void *ptr)
}
static void
+test_util_string_is_utf8(void *ptr)
+{
+ (void)ptr;
+
+ tt_int_op(1, OP_EQ, string_is_utf8(NULL, 0));
+ tt_int_op(1, OP_EQ, string_is_utf8("", 1));
+ tt_int_op(1, OP_EQ, string_is_utf8("\uFEFF", 3));
+ tt_int_op(1, OP_EQ, string_is_utf8("\uFFFE", 3));
+ tt_int_op(1, OP_EQ, string_is_utf8("ascii\x7f\n", 7));
+ tt_int_op(1, OP_EQ, string_is_utf8("Risqu\u00e9=1", 9));
+
+ // Validate exactly 'len' bytes.
+ tt_int_op(0, OP_EQ, string_is_utf8("\0\x80", 2));
+ tt_int_op(0, OP_EQ, string_is_utf8("Risqu\u00e9=1", 6));
+
+ // Reject sequences with missing bytes.
+ tt_int_op(0, OP_EQ, string_is_utf8("\x80", 1));
+ tt_int_op(0, OP_EQ, string_is_utf8("\xc2", 1));
+ tt_int_op(0, OP_EQ, string_is_utf8("\xc2 ", 2));
+ tt_int_op(0, OP_EQ, string_is_utf8("\xe1\x80", 2));
+ tt_int_op(0, OP_EQ, string_is_utf8("\xe1\x80 ", 3));
+ tt_int_op(0, OP_EQ, string_is_utf8("\xf1\x80\x80", 3));
+ tt_int_op(0, OP_EQ, string_is_utf8("\xf1\x80\x80 ", 4));
+
+ // Reject encodings that are overly long.
+ tt_int_op(0, OP_EQ, string_is_utf8("\xc1\xbf", 2));
+ tt_int_op(1, OP_EQ, string_is_utf8("\xc2\x80", 2));
+ tt_int_op(0, OP_EQ, string_is_utf8("\xe0\x9f\xbf", 3));
+ tt_int_op(1, OP_EQ, string_is_utf8("\xe0\xa0\x80", 3));
+ tt_int_op(0, OP_EQ, string_is_utf8("\xf0\x8f\xbf\xbf", 4));
+ tt_int_op(1, OP_EQ, string_is_utf8("\xf0\x90\x80\x80", 4));
+
+ // Reject UTF-16 surrogate halves.
+ tt_int_op(1, OP_EQ, string_is_utf8("\xed\x9f\xbf", 3));
+ tt_int_op(0, OP_EQ, string_is_utf8("\xed\xa0\x80", 3));
+ tt_int_op(0, OP_EQ, string_is_utf8("\xed\xbf\xbf", 3));
+ tt_int_op(1, OP_EQ, string_is_utf8("\xee\x80\x80", 3));
+
+ // The maximum legal codepoint, 10FFFF.
+ tt_int_op(1, OP_EQ, string_is_utf8("\xf4\x8f\xbf\xbf", 4));
+ tt_int_op(0, OP_EQ, string_is_utf8("\xf4\x90\x80\x80", 4));
+
+ done:
+ ;
+}
+
+static void
test_util_asprintf(void *ptr)
{
#define LOREMIPSUM \
@@ -4102,7 +4234,8 @@ test_util_ftruncate(void *ptr)
tt_int_op(fd, OP_GE, 0);
/* Make the file be there. */
- tt_int_op(strlen(message), OP_EQ, write_all(fd, message, strlen(message),0));
+ tt_int_op(strlen(message), OP_EQ,
+ write_all_to_fd(fd, message, strlen(message)));
tt_int_op((int)tor_fd_getpos(fd), OP_EQ, strlen(message));
tt_int_op(0, OP_EQ, fstat(fd, &st));
tt_int_op((int)st.st_size, OP_EQ, strlen(message));
@@ -4115,7 +4248,7 @@ test_util_ftruncate(void *ptr)
/* Replace, and see if it got replaced */
tt_int_op(strlen(message2), OP_EQ,
- write_all(fd, message2, strlen(message2), 0));
+ write_all_to_fd(fd, message2, strlen(message2)));
tt_int_op((int)tor_fd_getpos(fd), OP_EQ, strlen(message2));
tt_int_op(0, OP_EQ, fstat(fd, &st));
tt_int_op((int)st.st_size, OP_EQ, strlen(message2));
@@ -5527,10 +5660,13 @@ test_util_socketpair(void *arg)
tt_assert(SOCKET_OK(fds[0]));
tt_assert(SOCKET_OK(fds[1]));
- tt_int_op(get_n_open_sockets(), OP_EQ, n + 2);
+ if (ersatz)
+ tt_int_op(get_n_open_sockets(), OP_EQ, n);
+ else
+ tt_int_op(get_n_open_sockets(), OP_EQ, n + 2);
#ifdef CAN_CHECK_CLOEXEC
- tt_int_op(fd_is_cloexec(fds[0]), OP_EQ, 1);
- tt_int_op(fd_is_cloexec(fds[1]), OP_EQ, 1);
+ tt_int_op(fd_is_cloexec(fds[0]), OP_EQ, !ersatz);
+ tt_int_op(fd_is_cloexec(fds[1]), OP_EQ, !ersatz);
#endif
#ifdef CAN_CHECK_NONBLOCK
tt_int_op(fd_is_nonblocking(fds[0]), OP_EQ, 0);
@@ -5538,10 +5674,17 @@ test_util_socketpair(void *arg)
#endif
done:
- if (SOCKET_OK(fds[0]))
- tor_close_socket(fds[0]);
- if (SOCKET_OK(fds[1]))
- tor_close_socket(fds[1]);
+ if (ersatz) {
+ if (SOCKET_OK(fds[0]))
+ tor_close_socket_simple(fds[0]);
+ if (SOCKET_OK(fds[1]))
+ tor_close_socket_simple(fds[1]);
+ } else {
+ if (SOCKET_OK(fds[0]))
+ tor_close_socket(fds[0]);
+ if (SOCKET_OK(fds[1]))
+ tor_close_socket(fds[1]);
+ }
}
#undef SOCKET_EPROTO
@@ -5558,15 +5701,15 @@ test_util_max_mem(void *arg)
tt_int_op(r, OP_EQ, r2);
tt_uint_op(memory2, OP_EQ, memory1);
- TT_BLATHER(("System memory: "U64_FORMAT, U64_PRINTF_ARG(memory1)));
+ TT_BLATHER(("System memory: %"TOR_PRIuSZ, (memory1)));
if (r==0) {
/* You have at least a megabyte. */
tt_uint_op(memory1, OP_GT, (1<<20));
} else {
/* You do not have a petabyte. */
-#if SIZEOF_SIZE_T == SIZEOF_UINT64_T
- tt_u64_op(memory1, OP_LT, (U64_LITERAL(1)<<50));
+#if SIZEOF_SIZE_T >= 8
+ tt_u64_op(memory1, OP_LT, (UINT64_C(1)<<50));
#endif
}
@@ -6177,6 +6320,57 @@ test_util_get_unquoted_path(void *arg)
tor_free(r);
}
+static void
+test_util_log_mallinfo(void *arg)
+{
+ (void)arg;
+ char *log1 = NULL, *log2 = NULL, *mem = NULL;
+#ifdef HAVE_MALLINFO
+ setup_capture_of_logs(LOG_INFO);
+ tor_log_mallinfo(LOG_INFO);
+ expect_single_log_msg_containing("mallinfo() said: ");
+ mock_saved_log_entry_t *lg = smartlist_get(mock_saved_logs(), 0);
+ log1 = tor_strdup(lg->generated_msg);
+
+ mock_clean_saved_logs();
+ mem = tor_malloc(8192);
+ tor_log_mallinfo(LOG_INFO);
+ expect_single_log_msg_containing("mallinfo() said: ");
+ lg = smartlist_get(mock_saved_logs(), 0);
+ log2 = tor_strdup(lg->generated_msg);
+
+ /* Make sure that the amount of used memory increased. */
+ const char *used1 = strstr(log1, "uordblks=");
+ const char *used2 = strstr(log2, "uordblks=");
+ tt_assert(used1);
+ tt_assert(used2);
+ used1 += strlen("uordblks=");
+ used2 += strlen("uordblks=");
+
+ int ok1, ok2;
+ char *next1 = NULL, *next2 = NULL;
+ uint64_t mem1 = tor_parse_uint64(used1, 10, 0, UINT64_MAX, &ok1, &next1);
+ uint64_t mem2 = tor_parse_uint64(used2, 10, 0, UINT64_MAX, &ok2, &next2);
+ tt_assert(ok1);
+ tt_assert(ok2);
+ tt_assert(next1);
+ tt_assert(next2);
+ if (mem2 == 0) {
+ /* This is a fake mallinfo that doesn't actually fill in its outputs. */
+ tt_u64_op(mem1, OP_EQ, 0);
+ } else {
+ tt_u64_op(mem1, OP_LT, mem2);
+ }
+#else
+ tt_skip();
+#endif
+ done:
+ teardown_capture_of_logs();
+ tor_free(log1);
+ tor_free(log2);
+ tor_free(mem);
+}
+
#define UTIL_LEGACY(name) \
{ #name, test_util_ ## name , 0, NULL, NULL }
@@ -6262,6 +6456,7 @@ struct testcase_t util_tests[] = {
UTIL_TEST(clamp_double_to_int64, 0),
UTIL_TEST(find_str_at_start_of_line, 0),
UTIL_TEST(string_is_C_identifier, 0),
+ UTIL_TEST(string_is_utf8, 0),
UTIL_TEST(asprintf, 0),
UTIL_TEST(listdir, 0),
UTIL_TEST(parent_dir, 0),
@@ -6314,6 +6509,6 @@ struct testcase_t util_tests[] = {
UTIL_TEST(monotonic_time_add_msec, 0),
UTIL_TEST(htonll, 0),
UTIL_TEST(get_unquoted_path, 0),
+ UTIL_TEST(log_mallinfo, 0),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_util_format.c b/src/test/test_util_format.c
index 10645fe117..85d8a8e62e 100644
--- a/src/test/test_util_format.c
+++ b/src/test/test_util_format.c
@@ -1,14 +1,14 @@
-/* Copyright (c) 2010-2017, The Tor Project, Inc. */
+/* Copyright (c) 2010-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
-#include "or.h"
+#include "core/or/or.h"
-#include "test.h"
+#include "test/test.h"
-#include "crypto_rand.h"
+#include "lib/crypt_ops/crypto_rand.h"
#define UTIL_FORMAT_PRIVATE
-#include "util_format.h"
+#include "lib/encoding/binascii.h"
#define NS_MODULE util_format
@@ -19,7 +19,7 @@ test_util_format_unaligned_accessors(void *ignored)
char buf[9] = "onionsoup"; // 6f6e696f6e736f7570
tt_u64_op(get_uint64(buf+1), OP_EQ,
- tor_htonll(U64_LITERAL(0x6e696f6e736f7570)));
+ tor_htonll(UINT64_C(0x6e696f6e736f7570)));
tt_uint_op(get_uint32(buf+1), OP_EQ, htonl(0x6e696f6e));
tt_uint_op(get_uint16(buf+1), OP_EQ, htons(0x6e69));
tt_uint_op(get_uint8(buf+1), OP_EQ, 0x6e);
@@ -33,7 +33,7 @@ test_util_format_unaligned_accessors(void *ignored)
set_uint32(buf+1, htonl(0x78696465));
tt_mem_op(buf, OP_EQ, "oxidestop", 9);
- set_uint64(buf+1, tor_htonll(U64_LITERAL(0x6266757363617465)));
+ set_uint64(buf+1, tor_htonll(UINT64_C(0x6266757363617465)));
tt_mem_op(buf, OP_EQ, "obfuscate", 9);
done:
;
diff --git a/src/test/test_util_process.c b/src/test/test_util_process.c
index 68ce6cfd40..44c4da9169 100644
--- a/src/test/test_util_process.c
+++ b/src/test/test_util_process.c
@@ -1,15 +1,15 @@
-/* Copyright (c) 2010-2017, The Tor Project, Inc. */
+/* Copyright (c) 2010-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define UTIL_PROCESS_PRIVATE
#include "orconfig.h"
-#include "or.h"
+#include "core/or/or.h"
-#include "test.h"
+#include "test/test.h"
-#include "util_process.h"
+#include "lib/process/waitpid.h"
-#include "log_test_helpers.h"
+#include "test/log_test_helpers.h"
#ifndef _WIN32
#define NS_MODULE util_process
diff --git a/src/test/test_util_slow.c b/src/test/test_util_slow.c
index 2cd68cf118..c7b3e3e2a4 100644
--- a/src/test/test_util_slow.c
+++ b/src/test/test_util_slow.c
@@ -1,15 +1,21 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
#define UTIL_PRIVATE
-#include "util.h"
-#include "util_process.h"
-#include "crypto.h"
-#include "torlog.h"
-#include "test.h"
+#define SUBPROCESS_PRIVATE
+#include "lib/crypt_ops/crypto_cipher.h"
+#include "lib/log/log.h"
+#include "lib/process/subprocess.h"
+#include "lib/process/waitpid.h"
+#include "lib/string/printf.h"
+#include "lib/time/compat_time.h"
+#include "test/test.h"
+
+#include <errno.h>
+#include <string.h>
#ifndef BUILDDIR
#define BUILDDIR "."
@@ -388,4 +394,3 @@ struct testcase_t slow_util_tests[] = {
UTIL_TEST(spawn_background_waitpid_notify, 0),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_voting_schedule.c b/src/test/test_voting_schedule.c
index df6058b74f..c3a581cf21 100644
--- a/src/test/test_voting_schedule.c
+++ b/src/test/test_voting_schedule.c
@@ -3,10 +3,10 @@
#include "orconfig.h"
-#include "or.h"
-#include "voting_schedule.h"
+#include "core/or/or.h"
+#include "feature/dircommon/voting_schedule.h"
-#include "test.h"
+#include "test/test.h"
static void
test_voting_schedule_interval_start(void *arg)
diff --git a/src/test/test_workqueue.c b/src/test/test_workqueue.c
index cc7073850c..9d48d92773 100644
--- a/src/test/test_workqueue.c
+++ b/src/test/test_workqueue.c
@@ -1,15 +1,18 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
-#include "or.h"
-#include "compat_threads.h"
-#include "onion.h"
-#include "workqueue.h"
-#include "crypto_curve25519.h"
-#include "crypto_rand.h"
-#include "compat_libevent.h"
+#include "core/or/or.h"
+#include "lib/thread/threads.h"
+#include "core/crypto/onion.h"
+#include "lib/evloop/workqueue.h"
+#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "lib/net/alertsock.h"
+#include "lib/evloop/compat_libevent.h"
+#include "lib/intmath/weakrng.h"
+#include "lib/crypt_ops/crypto_init.h"
#include <stdio.h>
@@ -450,4 +453,3 @@ main(int argc, char **argv)
return 0;
}
}
-
diff --git a/src/test/test_x509.c b/src/test/test_x509.c
new file mode 100644
index 0000000000..9128958492
--- /dev/null
+++ b/src/test/test_x509.c
@@ -0,0 +1,205 @@
+/* Copyright (c) 2010-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#define TOR_X509_PRIVATE
+#include "orconfig.h"
+
+#ifdef _WIN32
+#include <winsock2.h>
+#endif
+#include <math.h>
+#include <stddef.h>
+
+#include "lib/cc/compat_compiler.h"
+
+#include "core/or/or.h"
+#include "lib/log/log.h"
+#include "app/config/config.h"
+#include "lib/tls/x509.h"
+#include "lib/tls/x509_internal.h"
+#include "app/config/or_state_st.h"
+
+#include "test/test.h"
+#include "test/log_test_helpers.h"
+
+#include "tinytest.h"
+
+/* A mock replacement for crypto_digest that always fails. */
+static int
+mock_failing_digest(char *digest, const char *m, size_t len)
+{
+ (void)digest;
+ (void)m;
+ (void)len;
+ return -1;
+}
+
+static void
+test_x509_cert_new_failing_digest(void *arg)
+{
+ (void)arg;
+ crypto_pk_t *pk1=NULL, *pk2=NULL;
+ tor_x509_cert_impl_t *impl = NULL;
+ tor_x509_cert_t *cert = NULL;
+ pk1 = pk_generate(0);
+ pk2 = pk_generate(1);
+
+ impl = tor_tls_create_certificate(pk1, pk2, "hello", "world", 86400*100);
+ tt_assert(impl);
+ MOCK(crypto_digest, mock_failing_digest);
+
+ setup_full_capture_of_logs(LOG_WARN);
+ cert = tor_x509_cert_new(impl);
+ tt_assert(!cert);
+ expect_log_msg_containing("Couldn't wrap encoded X509 certificate");
+ expect_log_msg_containing("unable to compute digests of certificate key");
+
+ done:
+ crypto_pk_free(pk1);
+ crypto_pk_free(pk2);
+ UNMOCK(crypto_digest);
+ teardown_capture_of_logs();
+}
+
+static tor_x509_cert_t *
+cert_from_der64(const char *der64)
+{
+ size_t der64len = strlen(der64);
+ unsigned char *der = tor_malloc_zero(der64len);
+ int derlen;
+ tor_x509_cert_t *cert = NULL;
+
+ derlen = base64_decode((char*)der, der64len,
+ der64, der64len);
+ if (derlen >= 0)
+ cert = tor_x509_cert_decode(der, derlen);
+ tor_free(der);
+ return cert;
+}
+
+static void
+test_x509_consume_ec_cert(void *arg)
+{
+ (void)arg;
+ /* This is a small self-signed EC certificate. */
+ const char certificate[] =
+ "MIIBEzCBugIJAIdl5svgOZ0OMAoGCCqGSM49BAMCMBIxEDAOBgNVBAMMB1Rlc3Rp\n"
+ "bmcwHhcNMTgwODIzMTcyMzI1WhcNMTkwODIzMTcyMzI1WjASMRAwDgYDVQQDDAdU\n"
+ "ZXN0aW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExMDpnRc0Btic3tIyCKNE\n"
+ "iNY4j4gzcaYzS2sTYRoVK3RAukG29Qg6/c8e8XcnsSquU4fItYxDRbi/3nhYk4CP\n"
+ "GDAKBggqhkjOPQQDAgNIADBFAiA0h1q03C2xlONUgAOonJLrlV1SUtMeKDxNsxsU\n"
+ "+FSPvQIhAM7kY9Tlt0ELmyMnORPp1VJieXn/qhL5VoxGxSedTbny\n";
+ const time_t now = 1535045321; /* when I'm writing this test. */
+ tor_x509_cert_t *cert = cert_from_der64(certificate);
+ crypto_pk_t *key = NULL;
+ tt_assert(cert);
+
+ key = tor_tls_cert_get_key(cert);
+ tt_ptr_op(NULL, OP_EQ, key); // Can't get an RSA key out of an EC cert.
+
+ /* It's a self-signed cert -- make sure it signed itself. */
+ tt_assert(tor_tls_cert_is_valid(LOG_ERR, cert, cert, now, 0));
+
+ /* Make sure we detect its key as non-RSA1024 */
+ setup_capture_of_logs(LOG_INFO);
+ tt_assert(! tor_tls_cert_is_valid(LOG_INFO, cert, cert, now, 1));
+ expect_log_msg_containing("Key is not RSA1024");
+
+ done:
+ tor_x509_cert_free(cert);
+ crypto_pk_free(key);
+ teardown_capture_of_logs();
+}
+
+static void
+test_x509_reject_tiny_keys(void *arg)
+{
+ (void)arg;
+ const char *certificates[] = {
+ /* Self-signed RSA512 */
+ "MIIBXDCCAQYCCQDKikjJYZI5uDANBgkqhkiG9w0BAQsFADA1MRUwEwYDVQQHDAxE\n"
+ "ZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwHhcNMTgw\n"
+ "ODIzMTczNjQ4WhcNMTkwODIzMTczNjQ4WjA1MRUwEwYDVQQHDAxEZWZhdWx0IENp\n"
+ "dHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwXDANBgkqhkiG9w0BAQEF\n"
+ "AANLADBIAkEAqOvVKzrSpmKOTNqDzBG/iZrUdhCrMRsymFXyIScJcdsyn7jB8RMy\n"
+ "fbHqG8EqB8HHLU/eqt/+zhh2w08Lx3+5QwIDAQABMA0GCSqGSIb3DQEBCwUAA0EA\n"
+ "RSCq0sNbD9uWfcBqF0U4MtfFjU5x+RQQCeBVtAzwC9bggSILKZfB9XUvtGh6vqig\n",
+ /* Self-signed secp112r2 */
+ "MIIBLTCB+QIJAI0LtN9uWxy3MAoGCCqGSM49BAMCMEUxCzAJBgNVBAYTAkFVMRMw\n"
+ "EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0\n"
+ "eSBMdGQwHhcNMTgwODIzMTc0MTQ4WhcNMTkwODIzMTc0MTQ4WjBFMQswCQYDVQQG\n"
+ "EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk\n"
+ "Z2l0cyBQdHkgTHRkMDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEf7dFHo7xhCtIcgyo\n"
+ "Px+IDcUUlntZCtar6V4O0zAKBggqhkjOPQQDAgMjADAgAg4yhBJMEmpkNbZU95Zf\n"
+ "uwIOJAan4J1ETxUII1RrGmw=\n"
+ };
+ const time_t now = 1535046182;
+ tor_x509_cert_t *cert = NULL;
+
+ unsigned i;
+ for (i = 0; i < ARRAY_LENGTH(certificates); ++i) {
+ cert = cert_from_der64(certificates[i]);
+ /* It might parse okay, depending on our version of NSS or OpenSSL. */
+ if (cert == NULL)
+ continue;
+ /* But it should not validate. */
+ tt_assert(! tor_tls_cert_is_valid(LOG_INFO, cert, cert, now, 0));
+ tor_x509_cert_free(cert);
+ }
+
+ done:
+ tor_x509_cert_free(cert);
+}
+
+static void
+test_x509_expiration(void *arg)
+{
+ (void)arg;
+ /* a 365-day RSA2048 cert, created between 0 and 60 minutes before "now" */
+ const char certificate[] =
+ "MIICzjCCAbYCCQDxIONWIQ9OGDANBgkqhkiG9w0BAQsFADApMQswCQYDVQQGEwJV\n"
+ "UzEaMBgGA1UEAwwRSW50ZXJlc3RpbmcgdGltZXMwHhcNMTgwODIzMTc1NTE4WhcN\n"
+ "MTkwODIzMTc1NTE4WjApMQswCQYDVQQGEwJVUzEaMBgGA1UEAwwRSW50ZXJlc3Rp\n"
+ "bmcgdGltZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD0Blz1fBii\n"
+ "OffpFlzMrmfPah/vkPcNrwoyx5YiosbHErYUpqdCtfNb7rbBM5xcac1LmF9kjnOQ\n"
+ "uAw1jsCNE82QHwWMlXOqaZCEJsnttNo0Y7yaSR/ChbGJ54XCp+Lx2acyTeH9cBWU\n"
+ "de8/sKAQ4NqpbEP01pBH4+1mPu2MYWjVWVicUxmw0mJ3cfkJCWUzt0nC4ls8+Itk\n"
+ "7XliKb216Z9uQXu/zD/JGkxAljnFs1jXCX4NyWz46xnJFzXbYCeyQnBz0tUbAvgg\n"
+ "uRdryYtHzD46hd8LTXH6oK2gV64ILAhDnRb1aBjnCXxbex24XoW3hjSrKGTdNsXA\n"
+ "RMWU/8QZaoiBAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFIYDBcbit2kOMrHECZK\n"
+ "ctem40A3s+0ZifzZ2KLhW8dTr/2Zb6DnlqVm2iUOV4cG/o1RAn/HzkQQuWEq+oBG\n"
+ "yOPVHudvCyGs+2ZQWudgAv9xq8N7KtZwJhnn42c2YSoreqRXDQgJqGFatyr+XdR7\n"
+ "gdQapLI4BFbZToeXp49Nl+q9330hKaSmIYmWEZ7R/33R64PU2el7X9/apYEcuZQT\n"
+ "+FjEqcO1lJ8/dTwM/2C1BJZqUeFTAu+ac1M+4//qyJRUUc6xSJLhiens8atWaxwL\n"
+ "eBCT8fCY8oPOwA1eImc/yWWmWXpv8bBWVe8OeLCMKM/OZoIdFqQpqSdcyGoh/kIW\n"
+ "Dws=\n";
+ const time_t now = 1535046996;
+
+ tor_x509_cert_t *cert = cert_from_der64(certificate);
+ tt_assert(cert);
+
+ tt_assert(tor_tls_cert_is_valid(LOG_ERR, cert, cert, now, 0));
+
+ tt_assert(tor_tls_cert_is_valid(LOG_ERR, cert, cert,
+ now-TOR_X509_FUTURE_SLOP, 0));
+ tt_assert(tor_tls_cert_is_valid(LOG_ERR, cert, cert,
+ now+365*86400+TOR_X509_PAST_SLOP - 3600, 0));
+
+ tt_assert(! tor_tls_cert_is_valid(LOG_INFO, cert, cert,
+ now-TOR_X509_FUTURE_SLOP - 3600, 0));
+ tt_assert(! tor_tls_cert_is_valid(LOG_INFO, cert, cert,
+ now+365*86400+TOR_X509_FUTURE_SLOP, 0));
+
+ done:
+ tor_x509_cert_free(cert);
+}
+
+#define TEST(name) { #name, test_x509_ ## name, TT_FORK, 0, NULL }
+
+struct testcase_t x509_tests[] = {
+ TEST(cert_new_failing_digest),
+ TEST(consume_ec_cert),
+ TEST(reject_tiny_keys),
+ TEST(expiration),
+ END_OF_TESTCASES
+};
diff --git a/src/test/test_zero_length_keys.sh b/src/test/test_zero_length_keys.sh
index f85edb68db..84ca513b0a 100755
--- a/src/test/test_zero_length_keys.sh
+++ b/src/test/test_zero_length_keys.sh
@@ -3,8 +3,8 @@
exitcode=0
-"${SHELL:-sh}" "${abs_top_srcdir:-.}/src/test/zero_length_keys.sh" "${builddir:-.}/src/or/tor" -z || exitcode=1
-"${SHELL:-sh}" "${abs_top_srcdir:-.}/src/test/zero_length_keys.sh" "${builddir:-.}/src/or/tor" -d || exitcode=1
-"${SHELL:-sh}" "${abs_top_srcdir:-.}/src/test/zero_length_keys.sh" "${builddir:-.}/src/or/tor" -e || exitcode=1
+"${SHELL:-sh}" "${abs_top_srcdir:-.}/src/test/zero_length_keys.sh" "${builddir:-.}/src/app/tor" -z || exitcode=1
+"${SHELL:-sh}" "${abs_top_srcdir:-.}/src/test/zero_length_keys.sh" "${builddir:-.}/src/app/tor" -d || exitcode=1
+"${SHELL:-sh}" "${abs_top_srcdir:-.}/src/test/zero_length_keys.sh" "${builddir:-.}/src/app/tor" -e || exitcode=1
exit ${exitcode}
diff --git a/src/test/testing_common.c b/src/test/testing_common.c
index 4c3fe15960..5d4c2f15af 100644
--- a/src/test/testing_common.c
+++ b/src/test/testing_common.c
@@ -1,6 +1,6 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -10,20 +10,31 @@
#define MAIN_PRIVATE
#include "orconfig.h"
-#include "or.h"
-#include "control.h"
-#include "config.h"
-#include "crypto_rand.h"
-#include "rephist.h"
-#include "backtrace.h"
-#include "test.h"
-#include "channelpadding.h"
-#include "main.h"
+#include "core/or/or.h"
+#include "feature/control/control.h"
+#include "app/config/config.h"
+#include "lib/crypt_ops/crypto_dh.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "feature/stats/rephist.h"
+#include "lib/err/backtrace.h"
+#include "test/test.h"
+#include "core/or/channelpadding.h"
+#include "core/mainloop/main.h"
+#include "lib/compress/compress.h"
+#include "lib/evloop/compat_libevent.h"
+#include "lib/crypt_ops/crypto_init.h"
#include <stdio.h>
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
#ifdef _WIN32
/* For mkdir() */
@@ -32,11 +43,6 @@
#include <dirent.h>
#endif /* defined(_WIN32) */
-#ifdef USE_DMALLOC
-#include <dmalloc.h>
-#include "main.h"
-#endif
-
/** Temporary directory (set up by setup_directory) under which we store all
* our files during testing. */
static char temp_dir[256];
@@ -107,8 +113,8 @@ get_fname_suffix(const char *name, const char *suffix)
setup_directory();
if (!name)
return temp_dir;
- tor_snprintf(buf,sizeof(buf),"%s/%s%s%s",temp_dir,name,suffix ? "_" : "",
- suffix ? suffix : "");
+ tor_snprintf(buf,sizeof(buf),"%s%s%s%s%s", temp_dir, PATH_SEPARATOR, name,
+ suffix ? "_" : "", suffix ? suffix : "");
return buf;
}
@@ -217,6 +223,21 @@ an_assertion_failed(void)
tinytest_set_test_failed_();
}
+void tinytest_prefork(void);
+void tinytest_postfork(void);
+void
+tinytest_prefork(void)
+{
+ free_pregenerated_keys();
+ crypto_prefork();
+}
+void
+tinytest_postfork(void)
+{
+ crypto_postfork();
+ init_pregenerated_keys();
+}
+
/** Main entry point for unit test code: parse the command line, and run
* some unit tests. */
int
@@ -231,13 +252,6 @@ main(int c, const char **v)
/* We must initialise logs before we call tor_assert() */
init_logging(1);
-#ifdef USE_DMALLOC
- {
- int r = crypto_use_tor_alloc_functions();
- tor_assert(r == 0);
- }
-#endif /* defined(USE_DMALLOC) */
-
update_approx_time(time(NULL));
options = options_new();
tor_threads_init();
@@ -286,7 +300,6 @@ main(int c, const char **v)
printf("Can't initialize crypto subsystem; exiting.\n");
return 1;
}
- crypto_set_tls_dh_prime();
if (crypto_seed_rng() < 0) {
printf("Couldn't seed RNG; exiting.\n");
return 1;
@@ -319,10 +332,7 @@ main(int c, const char **v)
int have_failed = (tinytest_main(c, v, testgroups) != 0);
free_pregenerated_keys();
-#ifdef USE_DMALLOC
- tor_free_all(0);
- dmalloc_log_unfreed();
-#endif
+
crypto_global_cleanup();
if (have_failed)
@@ -330,4 +340,3 @@ main(int c, const char **v)
else
return 0;
}
-
diff --git a/src/test/testing_rsakeys.c b/src/test/testing_rsakeys.c
index 94d3db328a..c8062b82d5 100644
--- a/src/test/testing_rsakeys.c
+++ b/src/test/testing_rsakeys.c
@@ -1,12 +1,12 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
-#include "crypto_rand.h"
+#include "lib/crypt_ops/crypto_rand.h"
#include "orconfig.h"
-#include "or.h"
-#include "test.h"
+#include "core/or/or.h"
+#include "test/test.h"
/** Define this if unit tests spend too much time generating public keys.
* This module is meant to save time by using a bunch of pregenerated RSA
@@ -490,7 +490,7 @@ crypto_pk_generate_key_with_bits__get_cached(crypto_pk_t *env, int bits)
{
if (bits == 1024 || bits == 2048) {
crypto_pk_t *newkey = pk_generate_internal(bits);
- crypto_pk_assign_(env, newkey);
+ crypto_pk_assign_private(env, newkey);
crypto_pk_free(newkey);
} else {
return crypto_pk_generate_key_with_bits__real(env, bits);
@@ -544,4 +544,3 @@ init_pregenerated_keys(void)
crypto_pk_generate_key_with_bits__get_cached);
#endif /* defined(USE_PREGENERATED_RSA_KEYS) */
}
-