1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2021, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
8 #include "core/or/or.h"
9 #include "app/config/config.h"
10 #include "feature/relay/router.h"
11 #include "feature/relay/routerkeys.h"
12 #include "lib/crypt_ops/crypto_cipher.h"
13 #include "lib/crypt_ops/crypto_format.h"
14 #include "feature/keymgt/loadkey.h"
15 #include "feature/nodelist/torcert.h"
16 #include "test/test.h"
26 #ifdef HAVE_SYS_STAT_H
31 test_routerkeys_write_fingerprint(void *arg
)
33 crypto_pk_t
*key
= pk_generate(2);
34 or_options_t
*options
= get_options_mutable();
35 const char *ddir
= get_fname("write_fingerprint");
36 char *cp
= NULL
, *cp2
= NULL
;
37 char fp
[FINGERPRINT_LEN
+1];
43 options
->ORPort_set
= 1; /* So that we can get the server ID key */
44 tor_free(options
->DataDirectory
);
45 options
->DataDirectory
= tor_strdup(ddir
);
46 options
->Nickname
= tor_strdup("haflinger");
47 set_server_identity_key(key
);
48 set_client_identity_key(crypto_pk_dup_key(key
));
50 tt_int_op(0, OP_EQ
, check_private_dir(ddir
, CPD_CREATE
, NULL
));
51 tt_int_op(crypto_pk_cmp_keys(get_server_identity_key(),key
),OP_EQ
,0);
53 /* Write fingerprint file */
54 tt_int_op(0, OP_EQ
, router_write_fingerprint(0, 0));
55 cp
= read_file_to_str(get_fname("write_fingerprint/fingerprint"),
57 crypto_pk_get_fingerprint(key
, fp
, 0);
58 tor_asprintf(&cp2
, "haflinger %s\n", fp
);
59 tt_str_op(cp
, OP_EQ
, cp2
);
63 /* Write hashed-fingerprint file */
64 tt_int_op(0, OP_EQ
, router_write_fingerprint(1, 0));
65 cp
= read_file_to_str(get_fname("write_fingerprint/hashed-fingerprint"),
67 crypto_pk_get_hashed_fingerprint(key
, fp
);
68 tor_asprintf(&cp2
, "haflinger %s\n", fp
);
69 tt_str_op(cp
, OP_EQ
, cp2
);
73 /* Replace outdated file */
74 write_str_to_file(get_fname("write_fingerprint/hashed-fingerprint"),
76 tt_int_op(0, OP_EQ
, router_write_fingerprint(1, 0));
77 cp
= read_file_to_str(get_fname("write_fingerprint/hashed-fingerprint"),
79 crypto_pk_get_hashed_fingerprint(key
, fp
);
80 tor_asprintf(&cp2
, "haflinger %s\n", fp
);
81 tt_str_op(cp
, OP_EQ
, cp2
);
87 set_client_identity_key(NULL
);
93 test_routerkeys_write_ed25519_identity(void *arg
)
95 crypto_pk_t
*key
= pk_generate(2);
96 or_options_t
*options
= get_options_mutable();
97 time_t now
= time(NULL
);
98 const char *ddir
= get_fname("write_fingerprint");
99 char *cp
= NULL
, *cp2
= NULL
;
100 char ed25519_id
[BASE64_DIGEST256_LEN
+ 1];
106 options
->ORPort_set
= 1; /* So that we can get the server ID key */
107 tor_free(options
->DataDirectory
);
108 options
->DataDirectory
= tor_strdup(ddir
);
109 options
->Nickname
= tor_strdup("haflinger");
110 set_server_identity_key(key
);
111 set_client_identity_key(crypto_pk_dup_key(key
));
113 load_ed_keys(options
, now
);
114 tt_assert(get_master_identity_key());
116 tt_int_op(0, OP_EQ
, check_private_dir(ddir
, CPD_CREATE
, NULL
));
118 /* Write fingerprint file */
119 tt_int_op(0, OP_EQ
, router_write_fingerprint(0, 1));
120 cp
= read_file_to_str(get_fname("write_fingerprint/fingerprint-ed25519"),
122 digest256_to_base64(ed25519_id
,
123 (const char *) get_master_identity_key()->pubkey
);
124 tor_asprintf(&cp2
, "haflinger %s\n", ed25519_id
);
125 tt_str_op(cp
, OP_EQ
, cp2
);
131 set_client_identity_key(NULL
);
134 routerkeys_free_all();
138 test_routerkeys_ed_certs(void *args
)
141 ed25519_keypair_t kp1
, kp2
;
142 tor_cert_t
*cert
[2] = {NULL
, NULL
}, *nocert
= NULL
;
143 tor_cert_t
*parsed_cert
[2] = {NULL
, NULL
};
144 time_t now
= 1412094534;
145 uint8_t *junk
= NULL
;
148 tt_int_op(0,OP_EQ
,ed25519_keypair_generate(&kp1
, 0));
149 tt_int_op(0,OP_EQ
,ed25519_keypair_generate(&kp2
, 0));
151 for (int i
= 0; i
<= 1; ++i
) {
152 uint32_t flags
= i
? CERT_FLAG_INCLUDE_SIGNING_KEY
: 0;
154 cert
[i
] = tor_cert_create_ed25519(&kp1
, 5, &kp2
.pubkey
, now
, 10000, flags
);
157 tt_uint_op(cert
[i
]->sig_bad
, OP_EQ
, 0);
158 tt_uint_op(cert
[i
]->sig_ok
, OP_EQ
, 1);
159 tt_uint_op(cert
[i
]->cert_expired
, OP_EQ
, 0);
160 tt_uint_op(cert
[i
]->cert_valid
, OP_EQ
, 1);
161 tt_int_op(cert
[i
]->cert_type
, OP_EQ
, 5);
162 tt_mem_op(cert
[i
]->signed_key
.pubkey
, OP_EQ
, &kp2
.pubkey
.pubkey
, 32);
163 tt_mem_op(cert
[i
]->signing_key
.pubkey
, OP_EQ
, &kp1
.pubkey
.pubkey
, 32);
164 tt_int_op(cert
[i
]->signing_key_included
, OP_EQ
, i
);
166 tt_assert(cert
[i
]->encoded
);
167 tt_int_op(cert
[i
]->encoded_len
, OP_EQ
, 104 + 36 * i
);
168 tt_int_op(cert
[i
]->encoded
[0], OP_EQ
, 1);
169 tt_int_op(cert
[i
]->encoded
[1], OP_EQ
, 5);
171 parsed_cert
[i
] = tor_cert_parse(cert
[i
]->encoded
, cert
[i
]->encoded_len
);
172 tt_assert(parsed_cert
[i
]);
173 tt_int_op(cert
[i
]->encoded_len
, OP_EQ
, parsed_cert
[i
]->encoded_len
);
174 tt_mem_op(cert
[i
]->encoded
, OP_EQ
, parsed_cert
[i
]->encoded
,
175 cert
[i
]->encoded_len
);
176 tt_uint_op(parsed_cert
[i
]->sig_bad
, OP_EQ
, 0);
177 tt_uint_op(parsed_cert
[i
]->sig_ok
, OP_EQ
, 0);
178 tt_uint_op(parsed_cert
[i
]->cert_expired
, OP_EQ
, 0);
179 tt_uint_op(parsed_cert
[i
]->cert_valid
, OP_EQ
, 0);
182 tt_int_op(tor_cert_checksig(parsed_cert
[i
], &kp1
.pubkey
, now
+ 30000),
184 tt_uint_op(parsed_cert
[i
]->cert_expired
, OP_EQ
, 1);
185 parsed_cert
[i
]->cert_expired
= 0;
188 tt_int_op(tor_cert_checksig(parsed_cert
[i
], &kp2
.pubkey
, now
), OP_LT
, 0);
189 tt_uint_op(parsed_cert
[i
]->sig_bad
, OP_EQ
, 1);
190 parsed_cert
[i
]->sig_bad
= 0;
193 int ok
= tor_cert_checksig(parsed_cert
[i
], NULL
, now
);
194 tt_int_op(ok
< 0, OP_EQ
, i
== 0);
195 tt_uint_op(parsed_cert
[i
]->sig_bad
, OP_EQ
, 0);
196 tt_assert(parsed_cert
[i
]->sig_ok
== (i
!= 0));
197 tt_assert(parsed_cert
[i
]->cert_valid
== (i
!= 0));
198 parsed_cert
[i
]->sig_bad
= 0;
199 parsed_cert
[i
]->sig_ok
= 0;
200 parsed_cert
[i
]->cert_valid
= 0;
203 tt_int_op(tor_cert_checksig(parsed_cert
[i
], &kp1
.pubkey
, now
), OP_EQ
, 0);
204 tt_uint_op(parsed_cert
[i
]->sig_bad
, OP_EQ
, 0);
205 tt_uint_op(parsed_cert
[i
]->sig_ok
, OP_EQ
, 1);
206 tt_uint_op(parsed_cert
[i
]->cert_expired
, OP_EQ
, 0);
207 tt_uint_op(parsed_cert
[i
]->cert_valid
, OP_EQ
, 1);
210 /* Now try some junky certs. */
212 nocert
= tor_cert_parse(cert
[0]->encoded
, cert
[0]->encoded_len
-1);
213 tt_ptr_op(NULL
, OP_EQ
, nocert
);
215 /* - First byte modified */
216 cert
[0]->encoded
[0] = 99;
217 nocert
= tor_cert_parse(cert
[0]->encoded
, cert
[0]->encoded_len
);
218 tt_ptr_op(NULL
, OP_EQ
, nocert
);
219 cert
[0]->encoded
[0] = 1;
221 /* - Extra byte at the end*/
222 junk
= tor_malloc_zero(cert
[0]->encoded_len
+ 1);
223 memcpy(junk
, cert
[0]->encoded
, cert
[0]->encoded_len
);
224 nocert
= tor_cert_parse(junk
, cert
[0]->encoded_len
+1);
225 tt_ptr_op(NULL
, OP_EQ
, nocert
);
227 /* - Multiple signing key instances */
229 junk
= tor_malloc_zero(104 + 36 * 2);
230 junk
[0] = 1; /* version */
231 junk
[1] = 5; /* cert type */
232 junk
[6] = 1; /* key type */
233 junk
[39] = 2; /* n_extensions */
234 junk
[41] = 32; /* extlen */
235 junk
[42] = 4; /* exttype */
236 junk
[77] = 32; /* extlen */
237 junk
[78] = 4; /* exttype */
238 nocert
= tor_cert_parse(junk
, 104 + 36 * 2);
239 tt_ptr_op(NULL
, OP_EQ
, nocert
);
242 tor_cert_free(cert
[0]);
243 tor_cert_free(cert
[1]);
244 tor_cert_free(parsed_cert
[0]);
245 tor_cert_free(parsed_cert
[1]);
246 tor_cert_free(nocert
);
252 test_routerkeys_ed_key_create(void *arg
)
255 tor_cert_t
*cert
= NULL
;
256 ed25519_keypair_t
*kp1
= NULL
, *kp2
= NULL
;
257 time_t now
= time(NULL
);
259 /* This is a simple alias for 'make a new keypair' */
260 kp1
= ed_key_new(NULL
, 0, 0, 0, 0, &cert
);
263 /* Create a new certificate signed by kp1. */
264 kp2
= ed_key_new(kp1
, INIT_ED_KEY_NEEDCERT
, now
, 3600, 4, &cert
);
267 tt_mem_op(&cert
->signed_key
, OP_EQ
, &kp2
->pubkey
,
268 sizeof(ed25519_public_key_t
));
269 tt_assert(! cert
->signing_key_included
);
271 tt_int_op(cert
->valid_until
, OP_GE
, now
);
272 tt_int_op(cert
->valid_until
, OP_LE
, now
+7200);
274 /* Create a new key-including certificate signed by kp1 */
275 ed25519_keypair_free(kp2
);
277 cert
= NULL
; kp2
= NULL
;
278 kp2
= ed_key_new(kp1
, (INIT_ED_KEY_NEEDCERT
|
279 INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT
),
280 now
, 3600, 4, &cert
);
283 tt_assert(cert
->signing_key_included
);
284 tt_mem_op(&cert
->signed_key
, OP_EQ
, &kp2
->pubkey
,
285 sizeof(ed25519_public_key_t
));
286 tt_mem_op(&cert
->signing_key
, OP_EQ
, &kp1
->pubkey
,
287 sizeof(ed25519_public_key_t
));
290 ed25519_keypair_free(kp1
);
291 ed25519_keypair_free(kp2
);
296 test_routerkeys_ed_key_init_basic(void *arg
)
300 tor_cert_t
*cert
= NULL
, *cert2
= NULL
;
301 ed25519_keypair_t
*kp1
= NULL
, *kp2
= NULL
, *kp3
= NULL
;
302 time_t now
= time(NULL
);
303 char *fname1
= tor_strdup(get_fname("test_ed_key_1"));
304 char *fname2
= tor_strdup(get_fname("test_ed_key_2"));
310 /* Fail to load a key that isn't there. */
311 kp1
= ed_key_init_from_file(fname1
, 0, LOG_INFO
, NULL
, now
, 0, 7, &cert
,
313 tt_assert(kp1
== NULL
);
314 tt_assert(cert
== NULL
);
316 /* Create the key if requested to do so. */
317 kp1
= ed_key_init_from_file(fname1
, INIT_ED_KEY_CREATE
, LOG_INFO
,
318 NULL
, now
, 0, 7, &cert
, NULL
);
319 tt_assert(kp1
!= NULL
);
320 tt_assert(cert
== NULL
);
321 tt_int_op(stat(get_fname("test_ed_key_1_cert"), &st
), OP_LT
, 0);
322 tt_int_op(stat(get_fname("test_ed_key_1_secret_key"), &st
), OP_EQ
, 0);
324 /* Fail to load if we say we need a cert */
325 kp2
= ed_key_init_from_file(fname1
, INIT_ED_KEY_NEEDCERT
, LOG_INFO
,
326 NULL
, now
, 0, 7, &cert
, NULL
);
327 tt_assert(kp2
== NULL
);
329 /* Fail to load if we say the wrong key type */
330 kp2
= ed_key_init_from_file(fname1
, 0, LOG_INFO
,
331 NULL
, now
, 0, 6, &cert
, NULL
);
332 tt_assert(kp2
== NULL
);
334 /* Load successfully if we're not picky, whether we say "create" or not. */
335 kp2
= ed_key_init_from_file(fname1
, INIT_ED_KEY_CREATE
, LOG_INFO
,
336 NULL
, now
, 0, 7, &cert
, NULL
);
337 tt_assert(kp2
!= NULL
);
338 tt_assert(cert
== NULL
);
339 tt_mem_op(kp1
, OP_EQ
, kp2
, sizeof(*kp1
));
340 ed25519_keypair_free(kp2
); kp2
= NULL
;
342 kp2
= ed_key_init_from_file(fname1
, 0, LOG_INFO
,
343 NULL
, now
, 0, 7, &cert
, NULL
);
344 tt_assert(kp2
!= NULL
);
345 tt_assert(cert
== NULL
);
346 tt_mem_op(kp1
, OP_EQ
, kp2
, sizeof(*kp1
));
347 ed25519_keypair_free(kp2
); kp2
= NULL
;
349 /* Now create a key with a cert. */
350 kp2
= ed_key_init_from_file(fname2
, (INIT_ED_KEY_CREATE
|
351 INIT_ED_KEY_NEEDCERT
),
352 LOG_INFO
, kp1
, now
, 7200, 7, &cert
, NULL
);
353 tt_assert(kp2
!= NULL
);
354 tt_assert(cert
!= NULL
);
355 tt_mem_op(kp1
, OP_NE
, kp2
, sizeof(*kp1
));
356 tt_int_op(stat(get_fname("test_ed_key_2_cert"), &st
), OP_EQ
, 0);
357 tt_int_op(stat(get_fname("test_ed_key_2_secret_key"), &st
), OP_EQ
, 0);
359 tt_assert(cert
->cert_valid
== 1);
360 tt_mem_op(&cert
->signed_key
, OP_EQ
, &kp2
->pubkey
, 32);
362 /* Now verify we can load the cert... */
363 kp3
= ed_key_init_from_file(fname2
, (INIT_ED_KEY_CREATE
|
364 INIT_ED_KEY_NEEDCERT
),
365 LOG_INFO
, kp1
, now
, 7200, 7, &cert2
, NULL
);
366 tt_mem_op(kp2
, OP_EQ
, kp3
, sizeof(*kp2
));
367 tt_mem_op(cert2
->encoded
, OP_EQ
, cert
->encoded
, cert
->encoded_len
);
368 ed25519_keypair_free(kp3
); kp3
= NULL
;
369 tor_cert_free(cert2
); cert2
= NULL
;
371 /* ... even without create... */
372 kp3
= ed_key_init_from_file(fname2
, INIT_ED_KEY_NEEDCERT
,
373 LOG_INFO
, kp1
, now
, 7200, 7, &cert2
, NULL
);
374 tt_mem_op(kp2
, OP_EQ
, kp3
, sizeof(*kp2
));
375 tt_mem_op(cert2
->encoded
, OP_EQ
, cert
->encoded
, cert
->encoded_len
);
376 ed25519_keypair_free(kp3
); kp3
= NULL
;
377 tor_cert_free(cert2
); cert2
= NULL
;
379 /* ... but that we don't crash or anything if we say we don't want it. */
380 kp3
= ed_key_init_from_file(fname2
, INIT_ED_KEY_NEEDCERT
,
381 LOG_INFO
, kp1
, now
, 7200, 7, NULL
, NULL
);
382 tt_mem_op(kp2
, OP_EQ
, kp3
, sizeof(*kp2
));
383 ed25519_keypair_free(kp3
); kp3
= NULL
;
385 /* Fail if we're told the wrong signing key */
386 kp3
= ed_key_init_from_file(fname2
, INIT_ED_KEY_NEEDCERT
,
387 LOG_INFO
, kp2
, now
, 7200, 7, &cert2
, NULL
);
388 tt_assert(kp3
== NULL
);
389 tt_assert(cert2
== NULL
);
392 ed25519_keypair_free(kp1
);
393 ed25519_keypair_free(kp2
);
394 ed25519_keypair_free(kp3
);
396 tor_cert_free(cert2
);
402 test_routerkeys_ed_key_init_split(void *arg
)
406 tor_cert_t
*cert
= NULL
;
407 ed25519_keypair_t
*kp1
= NULL
, *kp2
= NULL
;
408 time_t now
= time(NULL
);
409 char *fname1
= tor_strdup(get_fname("test_ed_key_3"));
410 char *fname2
= tor_strdup(get_fname("test_ed_key_4"));
412 const uint32_t flags
= INIT_ED_KEY_SPLIT
|INIT_ED_KEY_MISSING_SECRET_OK
;
417 /* Can't load key that isn't there. */
418 kp1
= ed_key_init_from_file(fname1
, flags
, LOG_INFO
, NULL
, now
, 0, 7, &cert
,
420 tt_assert(kp1
== NULL
);
421 tt_assert(cert
== NULL
);
423 /* Create a split key */
424 kp1
= ed_key_init_from_file(fname1
, flags
|INIT_ED_KEY_CREATE
,
425 LOG_INFO
, NULL
, now
, 0, 7, &cert
, NULL
);
426 tt_assert(kp1
!= NULL
);
427 tt_assert(cert
== NULL
);
428 tt_int_op(stat(get_fname("test_ed_key_3_cert"), &st
), OP_LT
, 0);
429 tt_int_op(stat(get_fname("test_ed_key_3_secret_key"), &st
), OP_EQ
, 0);
430 tt_int_op(stat(get_fname("test_ed_key_3_public_key"), &st
), OP_EQ
, 0);
433 kp2
= ed_key_init_from_file(fname1
, flags
|INIT_ED_KEY_CREATE
,
434 LOG_INFO
, NULL
, now
, 0, 7, &cert
, NULL
);
435 tt_assert(kp2
!= NULL
);
436 tt_assert(cert
== NULL
);
437 tt_mem_op(kp1
, OP_EQ
, kp2
, sizeof(*kp2
));
438 ed25519_keypair_free(kp2
); kp2
= NULL
;
440 /* Okay, try killing the secret key and loading it. */
441 unlink(get_fname("test_ed_key_3_secret_key"));
442 kp2
= ed_key_init_from_file(fname1
, flags
,
443 LOG_INFO
, NULL
, now
, 0, 7, &cert
, NULL
);
444 tt_assert(kp2
!= NULL
);
445 tt_assert(cert
== NULL
);
446 tt_mem_op(&kp1
->pubkey
, OP_EQ
, &kp2
->pubkey
, sizeof(kp2
->pubkey
));
447 tt_assert(fast_mem_is_zero((char*)kp2
->seckey
.seckey
,
448 sizeof(kp2
->seckey
.seckey
)));
449 ed25519_keypair_free(kp2
); kp2
= NULL
;
451 /* Even when we're told to "create", don't create if there's a public key */
452 kp2
= ed_key_init_from_file(fname1
, flags
|INIT_ED_KEY_CREATE
,
453 LOG_INFO
, NULL
, now
, 0, 7, &cert
, NULL
);
454 tt_assert(kp2
!= NULL
);
455 tt_assert(cert
== NULL
);
456 tt_mem_op(&kp1
->pubkey
, OP_EQ
, &kp2
->pubkey
, sizeof(kp2
->pubkey
));
457 tt_assert(fast_mem_is_zero((char*)kp2
->seckey
.seckey
,
458 sizeof(kp2
->seckey
.seckey
)));
459 ed25519_keypair_free(kp2
); kp2
= NULL
;
461 /* Make sure we fail on a tag mismatch, though */
462 kp2
= ed_key_init_from_file(fname1
, flags
,
463 LOG_INFO
, NULL
, now
, 0, 99, &cert
, NULL
);
464 tt_assert(kp2
== NULL
);
467 ed25519_keypair_free(kp1
);
468 ed25519_keypair_free(kp2
);
475 test_routerkeys_ed_keys_init_all(void *arg
)
478 char *dir
= tor_strdup(get_fname("test_ed_keys_init_all"));
479 char *keydir
= tor_strdup(get_fname("test_ed_keys_init_all/KEYS"));
480 or_options_t
*options
= tor_malloc_zero(sizeof(or_options_t
));
481 time_t now
= time(NULL
);
482 ed25519_public_key_t id
;
483 ed25519_keypair_t sign
, auth
;
484 tor_cert_t
*link_cert
= NULL
;
486 get_options_mutable()->ORPort_set
= 1;
488 crypto_pk_t
*rsa
= pk_generate(0);
490 set_server_identity_key(rsa
);
491 set_client_identity_key(rsa
);
493 router_initialize_tls_context();
495 options
->SigningKeyLifetime
= 30*86400;
496 options
->TestingAuthKeyLifetime
= 2*86400;
497 options
->TestingLinkCertLifetime
= 2*86400;
498 options
->TestingSigningKeySlop
= 2*86400;
499 options
->TestingAuthKeySlop
= 2*3600;
500 options
->TestingLinkKeySlop
= 2*3600;
503 tt_int_op(0, OP_EQ
, mkdir(dir
));
504 tt_int_op(0, OP_EQ
, mkdir(keydir
));
506 tt_int_op(0, OP_EQ
, mkdir(dir
, 0700));
507 tt_int_op(0, OP_EQ
, mkdir(keydir
, 0700));
508 #endif /* defined(_WIN32) */
510 options
->DataDirectory
= dir
;
511 options
->KeyDirectory
= keydir
;
513 tt_int_op(1, OP_EQ
, load_ed_keys(options
, now
));
514 tt_int_op(0, OP_EQ
, generate_ed_link_cert(options
, now
, 0));
515 tt_assert(get_master_identity_key());
516 tt_assert(get_master_identity_key());
517 tt_assert(get_master_signing_keypair());
518 tt_assert(get_current_auth_keypair());
519 tt_assert(get_master_signing_key_cert());
520 tt_assert(get_current_link_cert_cert());
521 tt_assert(get_current_auth_key_cert());
522 memcpy(&id
, get_master_identity_key(), sizeof(id
));
523 memcpy(&sign
, get_master_signing_keypair(), sizeof(sign
));
524 memcpy(&auth
, get_current_auth_keypair(), sizeof(auth
));
525 link_cert
= tor_cert_dup(get_current_link_cert_cert());
527 /* Call load_ed_keys again, but nothing has changed. */
528 tt_int_op(0, OP_EQ
, load_ed_keys(options
, now
));
529 tt_int_op(0, OP_EQ
, generate_ed_link_cert(options
, now
, 0));
530 tt_mem_op(&id
, OP_EQ
, get_master_identity_key(), sizeof(id
));
531 tt_mem_op(&sign
, OP_EQ
, get_master_signing_keypair(), sizeof(sign
));
532 tt_mem_op(&auth
, OP_EQ
, get_current_auth_keypair(), sizeof(auth
));
533 tt_assert(tor_cert_eq(link_cert
, get_current_link_cert_cert()));
535 /* Force a reload: we make new link/auth keys. */
536 routerkeys_free_all();
537 tt_int_op(1, OP_EQ
, load_ed_keys(options
, now
));
538 tt_int_op(0, OP_EQ
, generate_ed_link_cert(options
, now
, 0));
539 tt_mem_op(&id
, OP_EQ
, get_master_identity_key(), sizeof(id
));
540 tt_mem_op(&sign
, OP_EQ
, get_master_signing_keypair(), sizeof(sign
));
541 tt_assert(tor_cert_eq(link_cert
, get_current_link_cert_cert()));
542 tt_mem_op(&auth
, OP_NE
, get_current_auth_keypair(), sizeof(auth
));
543 tt_assert(get_master_signing_key_cert());
544 tt_assert(get_current_link_cert_cert());
545 tt_assert(get_current_auth_key_cert());
546 tor_cert_free(link_cert
);
547 link_cert
= tor_cert_dup(get_current_link_cert_cert());
548 memcpy(&auth
, get_current_auth_keypair(), sizeof(auth
));
550 /* Force a link/auth-key regeneration by advancing time. */
551 tt_int_op(0, OP_EQ
, load_ed_keys(options
, now
+3*86400));
552 tt_int_op(0, OP_EQ
, generate_ed_link_cert(options
, now
+3*86400, 0));
553 tt_mem_op(&id
, OP_EQ
, get_master_identity_key(), sizeof(id
));
554 tt_mem_op(&sign
, OP_EQ
, get_master_signing_keypair(), sizeof(sign
));
555 tt_assert(! tor_cert_eq(link_cert
, get_current_link_cert_cert()));
556 tt_mem_op(&auth
, OP_NE
, get_current_auth_keypair(), sizeof(auth
));
557 tt_assert(get_master_signing_key_cert());
558 tt_assert(get_current_link_cert_cert());
559 tt_assert(get_current_auth_key_cert());
560 tor_cert_free(link_cert
);
561 link_cert
= tor_cert_dup(get_current_link_cert_cert());
562 memcpy(&auth
, get_current_auth_keypair(), sizeof(auth
));
564 /* Force a signing-key regeneration by advancing time. */
565 tt_int_op(1, OP_EQ
, load_ed_keys(options
, now
+100*86400));
566 tt_int_op(0, OP_EQ
, generate_ed_link_cert(options
, now
+100*86400, 0));
567 tt_mem_op(&id
, OP_EQ
, get_master_identity_key(), sizeof(id
));
568 tt_mem_op(&sign
, OP_NE
, get_master_signing_keypair(), sizeof(sign
));
569 tt_assert(! tor_cert_eq(link_cert
, get_current_link_cert_cert()));
570 tt_mem_op(&auth
, OP_NE
, get_current_auth_keypair(), sizeof(auth
));
571 tt_assert(get_master_signing_key_cert());
572 tt_assert(get_current_link_cert_cert());
573 tt_assert(get_current_auth_key_cert());
574 memcpy(&sign
, get_master_signing_keypair(), sizeof(sign
));
575 tor_cert_free(link_cert
);
576 link_cert
= tor_cert_dup(get_current_link_cert_cert());
577 memcpy(&auth
, get_current_auth_keypair(), sizeof(auth
));
579 /* Demonstrate that we can start up with no secret identity key */
580 routerkeys_free_all();
581 unlink(get_fname("test_ed_keys_init_all/KEYS/"
582 "ed25519_master_id_secret_key"));
583 tt_int_op(1, OP_EQ
, load_ed_keys(options
, now
));
584 tt_int_op(0, OP_EQ
, generate_ed_link_cert(options
, now
, 0));
585 tt_mem_op(&id
, OP_EQ
, get_master_identity_key(), sizeof(id
));
586 tt_mem_op(&sign
, OP_EQ
, get_master_signing_keypair(), sizeof(sign
));
587 tt_assert(! tor_cert_eq(link_cert
, get_current_link_cert_cert()));
588 tt_mem_op(&auth
, OP_NE
, get_current_auth_keypair(), sizeof(auth
));
589 tt_assert(get_master_signing_key_cert());
590 tt_assert(get_current_link_cert_cert());
591 tt_assert(get_current_auth_key_cert());
593 /* But we're in trouble if we have no id key and our signing key has
595 log_global_min_severity_
= LOG_ERR
; /* Suppress warnings.
596 * XXX (better way to do this)? */
597 routerkeys_free_all();
598 tt_int_op(-1, OP_EQ
, load_ed_keys(options
, now
+200*86400));
604 tor_cert_free(link_cert
);
605 routerkeys_free_all();
609 test_routerkeys_cross_certify_ntor(void *args
)
613 tor_cert_t
*cert
= NULL
;
614 curve25519_keypair_t onion_keys
;
615 ed25519_public_key_t master_key
;
616 ed25519_public_key_t onion_check_key
;
617 time_t now
= time(NULL
);
620 tt_int_op(0, OP_EQ
, ed25519_public_from_base64(&master_key
,
621 "IamwritingthesetestsOnARainyAfternoonin2014"));
622 tt_int_op(0, OP_EQ
, curve25519_keypair_generate(&onion_keys
, 0));
623 cert
= make_ntor_onion_key_crosscert(&onion_keys
,
628 tt_assert(sign
== 0 || sign
== 1);
629 tt_int_op(cert
->cert_type
, OP_EQ
, CERT_TYPE_ONION_ID
);
630 tt_int_op(1, OP_EQ
, ed25519_pubkey_eq(&cert
->signed_key
, &master_key
));
631 tt_int_op(0, OP_EQ
, ed25519_public_key_from_curve25519_public_key(
632 &onion_check_key
, &onion_keys
.pubkey
, sign
));
633 tt_int_op(0, OP_EQ
, tor_cert_checksig(cert
, &onion_check_key
, now
));
640 test_routerkeys_cross_certify_tap(void *args
)
645 ed25519_public_key_t master_key
;
646 crypto_pk_t
*onion_key
= pk_generate(2), *id_key
= pk_generate(1);
651 tt_int_op(0, OP_EQ
, ed25519_public_from_base64(&master_key
,
652 "IAlreadyWroteTestsForRouterdescsUsingTheseX"));
654 cc
= make_tap_onion_key_crosscert(onion_key
,
660 n
= crypto_pk_public_checksig(onion_key
, buf
, sizeof(buf
),
662 tt_int_op(n
,OP_GT
,0);
663 tt_int_op(n
,OP_EQ
,52);
665 crypto_pk_get_digest(id_key
, digest
);
666 tt_mem_op(buf
,OP_EQ
,digest
,20);
667 tt_mem_op(buf
+20,OP_EQ
,master_key
.pubkey
,32);
669 tt_int_op(0, OP_EQ
, check_tap_onion_key_crosscert(cc
, cc_len
,
670 onion_key
, &master_key
, (uint8_t*)digest
));
674 crypto_pk_free(id_key
);
675 crypto_pk_free(onion_key
);
679 test_routerkeys_rsa_ed_crosscert(void *arg
)
682 ed25519_public_key_t ed
;
683 crypto_pk_t
*rsa
= pk_generate(2);
687 time_t expires_in
= 1470846177;
689 tt_int_op(0, OP_EQ
, ed25519_public_from_base64(&ed
,
690 "ThisStringCanContainAnythingSoNoKeyHereNowX"));
691 cc_len
= tor_make_rsa_ed25519_crosscert(&ed
, rsa
, expires_in
, &cc
);
693 tt_int_op(cc_len
, OP_GT
, 0);
694 tt_int_op(cc_len
, OP_GT
, 37); /* key, expires, siglen */
695 tt_mem_op(cc
, OP_EQ
, ed
.pubkey
, 32);
696 time_t expires_out
= 3600 * ntohl(get_uint32(cc
+32));
697 tt_int_op(expires_out
, OP_GE
, expires_in
);
698 tt_int_op(expires_out
, OP_LE
, expires_in
+ 3600);
700 tt_int_op(cc_len
, OP_EQ
, 37 + get_uint8(cc
+36));
702 tt_int_op(0, OP_EQ
, rsa_ed25519_crosscert_check(cc
, cc_len
, rsa
, &ed
,
705 /* Now try after it has expired */
706 tt_int_op(-4, OP_EQ
, rsa_ed25519_crosscert_check(cc
, cc_len
, rsa
, &ed
,
709 /* Truncated object */
710 tt_int_op(-2, OP_EQ
, rsa_ed25519_crosscert_check(cc
, cc_len
- 2, rsa
, &ed
,
713 /* Key not as expected */
715 tt_int_op(-3, OP_EQ
, rsa_ed25519_crosscert_check(cc
, cc_len
, rsa
, &ed
,
721 tt_int_op(-5, OP_EQ
, rsa_ed25519_crosscert_check(cc
, cc_len
, rsa
, &ed
,
725 /* Signature of wrong data */
728 tt_int_op(-6, OP_EQ
, rsa_ed25519_crosscert_check(cc
, cc_len
, rsa
, &ed
,
738 #define TEST(name, flags) \
739 { #name , test_routerkeys_ ## name, (flags), NULL, NULL }
741 struct testcase_t routerkeys_tests
[] = {
742 TEST(write_fingerprint
, TT_FORK
),
743 TEST(write_ed25519_identity
, TT_FORK
),
744 TEST(ed_certs
, TT_FORK
),
745 TEST(ed_key_create
, TT_FORK
),
746 TEST(ed_key_init_basic
, TT_FORK
),
747 TEST(ed_key_init_split
, TT_FORK
),
748 TEST(ed_keys_init_all
, TT_FORK
),
749 TEST(cross_certify_ntor
, 0),
750 TEST(cross_certify_tap
, 0),
751 TEST(rsa_ed_crosscert
, 0),