1 /* Copyright 2001,2002 Roger Dingledine, Matej Pfajfar. */
2 /* See LICENSE for licensing information */
9 #include "../common/test.h"
14 sprintf(buf
, "/tmp/tor_test");
15 if (mkdir(buf
, 0700) && errno
!= EEXIST
)
16 fprintf(stderr
, "Can't create directory %s", buf
);
25 int buflen
, buf_datalen
;
32 if (buf_new(&buf
, &buflen
, &buf_datalen
))
35 test_eq(buflen
, MAX_BUF_SIZE
);
36 test_eq(buf_datalen
, 0);
41 s
= open("/tmp/tor_test/data", O_WRONLY
|O_CREAT
|O_TRUNC
, 0600);
48 s
= open("/tmp/tor_test/data", O_RDONLY
, 0);
50 i
= read_to_buf(s
, 10, &buf
, &buflen
, &buf_datalen
, &eof
);
51 test_eq(buflen
, MAX_BUF_SIZE
);
52 test_eq(buf_datalen
, 10);
55 test_memeq(str
, buf
, 10);
57 /* Test reading 0 bytes. */
58 i
= read_to_buf(s
, 0, &buf
, &buflen
, &buf_datalen
, &eof
);
59 test_eq(buflen
, MAX_BUF_SIZE
);
60 test_eq(buf_datalen
, 10);
64 /* Now test when buffer is filled exactly. */
66 i
= read_to_buf(s
, 6, &buf
, &buflen
, &buf_datalen
, &eof
);
68 test_eq(buf_datalen
, 16);
71 test_memeq(str
, buf
, 16);
73 /* Now test when buffer is filled with more data to read. */
75 i
= read_to_buf(s
, 128, &buf
, &buflen
, &buf_datalen
, &eof
);
77 test_eq(buf_datalen
, 32);
80 test_memeq(str
, buf
, 32);
82 /* Now read to eof. */
83 buflen
= MAX_BUF_SIZE
;
84 test_assert(buflen
> 256);
85 i
= read_to_buf(s
, 1024, &buf
, &buflen
, &buf_datalen
, &eof
);
87 test_eq(buflen
, MAX_BUF_SIZE
);
88 test_eq(buf_datalen
, 256);
89 test_memeq(str
, buf
, 256);
92 i
= read_to_buf(s
, 1024, &buf
, &buflen
, &buf_datalen
, &eof
);
94 test_eq(buflen
, MAX_BUF_SIZE
);
95 test_eq(buf_datalen
, 256);
104 test_eq(((int)'d') + 1, find_on_inbuf("abcd", 4, buf
, buf_datalen
));
105 test_eq(-1, find_on_inbuf("xyzzy", 5, buf
, buf_datalen
));
106 /* Make sure we don't look off the end of the buffef */
109 test_eq(-1, find_on_inbuf("\xff" "A", 2, buf
, buf_datalen
));
110 test_eq(-1, find_on_inbuf("AX", 2, buf
, buf_datalen
));
111 /* Make sure we use the string length */
112 test_eq(((int)'d')+1, find_on_inbuf("abcdX", 4, buf
, buf_datalen
));
117 memset(str2
, 255, 256);
118 test_eq(246, fetch_from_buf(str2
, 10, &buf
, &buflen
, &buf_datalen
));
119 test_memeq(str2
, str
, 10);
120 test_memeq(str
+10,buf
,246);
121 test_eq(buf_datalen
,246);
123 test_eq(-1, fetch_from_buf(str2
, 247, &buf
, &buflen
, &buf_datalen
));
124 test_memeq(str
+10,buf
,246);
125 test_eq(buf_datalen
, 246);
127 test_eq(0, fetch_from_buf(str2
, 246, &buf
, &buflen
, &buf_datalen
));
128 test_memeq(str2
, str
+10, 246);
129 test_eq(buflen
,MAX_BUF_SIZE
);
130 test_eq(buf_datalen
,0);
135 memset(buf
, (int)'-', 256);
136 i
= write_to_buf("Hello world", 11, &buf
, &buflen
, &buf_datalen
);
138 test_eq(buf_datalen
, 11);
139 test_memeq(buf
, "Hello world", 11);
140 i
= write_to_buf("XYZZY", 5, &buf
, &buflen
, &buf_datalen
);
142 test_eq(buf_datalen
, 16);
143 test_memeq(buf
, "Hello worldXYZZY", 16);
144 /* Test when buffer is overfull. */
146 test_eq(-1, write_to_buf("This string will not fit.", 25,
147 &buf
, &buflen
, &buf_datalen
));
148 test_eq(buf_datalen
, 16);
149 test_memeq(buf
, "Hello worldXYZZY--", 18);
150 buflen
= MAX_BUF_SIZE
;
155 /* XXXX Needs tests. */
163 crypto_dh_env_t
*dh1
, *dh2
;
164 char p1
[CRYPTO_DH_SIZE
];
165 char p2
[CRYPTO_DH_SIZE
];
166 char s1
[CRYPTO_DH_SIZE
];
167 char s2
[CRYPTO_DH_SIZE
];
170 dh1
= crypto_dh_new();
171 dh2
= crypto_dh_new();
172 test_eq(crypto_dh_get_bytes(dh1
), CRYPTO_DH_SIZE
);
173 test_eq(crypto_dh_get_bytes(dh2
), CRYPTO_DH_SIZE
);
175 memset(p1
, 0, CRYPTO_DH_SIZE
);
176 memset(p2
, 0, CRYPTO_DH_SIZE
);
177 test_memeq(p1
, p2
, CRYPTO_DH_SIZE
);
178 test_assert(! crypto_dh_get_public(dh1
, p1
, CRYPTO_DH_SIZE
));
179 test_memneq(p1
, p2
, CRYPTO_DH_SIZE
);
180 test_assert(! crypto_dh_get_public(dh2
, p2
, CRYPTO_DH_SIZE
));
181 test_memneq(p1
, p2
, CRYPTO_DH_SIZE
);
183 memset(s1
, 0, CRYPTO_DH_SIZE
);
184 memset(s2
, 0xFF, CRYPTO_DH_SIZE
);
185 s1len
= crypto_dh_compute_secret(dh1
, p2
, CRYPTO_DH_SIZE
, s1
);
186 s2len
= crypto_dh_compute_secret(dh2
, p1
, CRYPTO_DH_SIZE
, s2
);
187 test_assert(s1len
> 0);
188 test_eq(s1len
, s2len
);
189 test_memeq(s1
, s2
, s1len
);
198 crypto_cipher_env_t
*env1
, *env2
;
199 crypto_pk_env_t
*pk1
, *pk2
;
200 char *data1
, *data2
, *data3
, *cp
;
203 int str_ciphers
[] = { CRYPTO_CIPHER_IDENTITY
,
209 data1
= tor_malloc(1024);
210 data2
= tor_malloc(1024);
211 data3
= tor_malloc(1024);
212 test_assert(data1
&& data2
&& data3
);
215 test_assert(! crypto_seed_rng());
216 crypto_rand(100, data1
);
217 crypto_rand(100, data2
);
218 test_memneq(data1
,data2
,100);
220 /* Try out identity ciphers. */
221 env1
= crypto_new_cipher_env(CRYPTO_CIPHER_IDENTITY
);
223 test_eq(crypto_cipher_generate_key(env1
), 0);
224 test_eq(crypto_cipher_set_iv(env1
, ""), 0);
225 test_eq(crypto_cipher_encrypt_init_cipher(env1
), 0);
226 for(i
= 0; i
< 1024; ++i
) {
227 data1
[i
] = (char) i
*73;
229 crypto_cipher_encrypt(env1
, data1
, 1024, data2
);
230 test_memeq(data1
, data2
, 1024);
231 crypto_free_cipher_env(env1
);
233 /* Now, test encryption and decryption with stream ciphers. */
235 for(i
= 1023; i
>0; i
-= 35)
236 strncat(data1
, "Now is the time for all good onions", i
);
237 for(i
=0; str_ciphers
[i
] >= 0; ++i
) {
238 /* For each cipher... */
239 memset(data2
, 0, 1024);
240 memset(data3
, 0, 1024);
241 env1
= crypto_new_cipher_env(str_ciphers
[i
]);
243 env2
= crypto_new_cipher_env(str_ciphers
[i
]);
245 j
= crypto_cipher_generate_key(env1
);
246 if (str_ciphers
[i
] != CRYPTO_CIPHER_IDENTITY
) {
247 crypto_cipher_set_key(env2
, env1
->key
);
249 crypto_cipher_set_iv(env1
, "12345678901234567890");
250 crypto_cipher_set_iv(env2
, "12345678901234567890");
251 crypto_cipher_encrypt_init_cipher(env1
);
252 crypto_cipher_decrypt_init_cipher(env2
);
254 /* Try encrypting 512 chars. */
255 crypto_cipher_encrypt(env1
, data1
, 512, data2
);
256 crypto_cipher_decrypt(env2
, data2
, 512, data3
);
257 test_memeq(data1
, data3
, 512);
258 if (str_ciphers
[i
] == CRYPTO_CIPHER_IDENTITY
) {
259 test_memeq(data1
, data2
, 512);
261 test_memneq(data1
, data2
, 512);
263 /* Now encrypt 1 at a time, and get 1 at a time. */
264 for (j
= 512; j
< 560; ++j
) {
265 crypto_cipher_encrypt(env1
, data1
+j
, 1, data2
+j
);
267 for (j
= 512; j
< 560; ++j
) {
268 crypto_cipher_decrypt(env2
, data2
+j
, 1, data3
+j
);
270 test_memeq(data1
, data3
, 560);
271 /* Now encrypt 3 at a time, and get 5 at a time. */
272 for (j
= 560; j
< 1024; j
+= 3) {
273 crypto_cipher_encrypt(env1
, data1
+j
, 3, data2
+j
);
275 for (j
= 560; j
< 1024; j
+= 5) {
276 crypto_cipher_decrypt(env2
, data2
+j
, 5, data3
+j
);
278 test_memeq(data1
, data3
, 1024-4);
279 /* Now make sure that when we encrypt with different chunk sizes, we get
281 crypto_free_cipher_env(env2
);
283 memset(data3
, 0, 1024);
284 env2
= crypto_new_cipher_env(str_ciphers
[i
]);
286 if (str_ciphers
[i
] != CRYPTO_CIPHER_IDENTITY
) {
287 crypto_cipher_set_key(env2
, env1
->key
);
289 crypto_cipher_set_iv(env2
, "12345678901234567890");
290 crypto_cipher_encrypt_init_cipher(env2
);
291 for (j
= 0; j
< 1024-16; j
+= 17) {
292 crypto_cipher_encrypt(env2
, data1
+j
, 17, data3
+j
);
294 for (j
= 0; j
< 1024-16; ++j
) {
295 if (data2
[j
] != data3
[j
]) {
296 printf("%d: %d\t%d\n", j
, (int) data2
[j
], (int) data3
[j
]);
299 test_memeq(data2
, data3
, 1024-16);
300 crypto_free_cipher_env(env1
);
301 crypto_free_cipher_env(env2
);
304 /* Test vectors for stream ciphers. */
305 /* XXXX Look up some test vectors for the ciphers and make sure we match. */
307 /* Test SHA-1 with a test vector from the specification. */
308 i
= crypto_SHA_digest("abc", 3, data1
);
310 "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78"
311 "\x50\xC2\x6C\x9C\xD0\xD8\x9D", 20);
313 /* Public-key ciphers */
314 pk1
= crypto_new_pk_env(CRYPTO_PK_RSA
);
315 pk2
= crypto_new_pk_env(CRYPTO_PK_RSA
);
316 test_assert(pk1
&& pk2
);
317 test_assert(! crypto_pk_generate_key(pk1
));
318 test_assert(! crypto_pk_write_public_key_to_string(pk1
, &cp
, &i
));
319 test_assert(! crypto_pk_read_public_key_from_string(pk2
, cp
, i
));
320 test_eq(0, crypto_pk_cmp_keys(pk1
, pk2
));
322 test_eq(128, crypto_pk_keysize(pk1
));
323 test_eq(128, crypto_pk_keysize(pk2
));
325 test_eq(128, crypto_pk_public_encrypt(pk2
, "Hello whirled.", 15, data1
,
326 RSA_PKCS1_OAEP_PADDING
));
327 test_eq(128, crypto_pk_public_encrypt(pk1
, "Hello whirled.", 15, data2
,
328 RSA_PKCS1_OAEP_PADDING
));
329 /* oaep padding should make encryption not match */
330 test_memneq(data1
, data2
, 128);
331 test_eq(15, crypto_pk_private_decrypt(pk1
, data1
, 128, data3
,
332 RSA_PKCS1_OAEP_PADDING
));
333 test_streq(data3
, "Hello whirled.");
334 memset(data3
, 0, 1024);
335 test_eq(15, crypto_pk_private_decrypt(pk1
, data2
, 128, data3
,
336 RSA_PKCS1_OAEP_PADDING
));
337 test_streq(data3
, "Hello whirled.");
338 /* Can't decrypt with public key. */
339 test_eq(-1, crypto_pk_private_decrypt(pk2
, data2
, 128, data3
,
340 RSA_PKCS1_OAEP_PADDING
));
341 /* Try again with bad padding */
342 memcpy(data2
+1, "XYZZY", 5); /* This has fails ~ once-in-2^40 */
343 test_eq(-1, crypto_pk_private_decrypt(pk1
, data2
, 128, data3
,
344 RSA_PKCS1_OAEP_PADDING
));
346 /* File operations: save and load private key */
347 f
= fopen("/tmp/tor_test/pkey1", "wb");
348 test_assert(! crypto_pk_write_private_key_to_file(pk1
, f
));
350 f
= fopen("/tmp/tor_test/pkey1", "rb");
351 test_assert(! crypto_pk_read_private_key_from_file(pk2
, f
));
353 test_eq(15, crypto_pk_private_decrypt(pk2
, data1
, 128, data3
,
354 RSA_PKCS1_OAEP_PADDING
));
355 test_assert(! crypto_pk_read_private_key_from_filename(pk2
,
356 "/tmp/tor_test/pkey1"));
357 test_eq(15, crypto_pk_private_decrypt(pk2
, data1
, 128, data3
,
358 RSA_PKCS1_OAEP_PADDING
));
360 /* Now try signing. */
361 strcpy(data1
, "Ossifrage");
362 test_eq(128, crypto_pk_private_sign(pk1
, data1
, 10, data2
));
363 test_eq(10, crypto_pk_public_checksig(pk1
, data2
, 128, data3
));
364 test_streq(data3
, "Ossifrage");
365 /*XXXX test failed signing*/
367 crypto_free_pk_env(pk1
);
368 crypto_free_pk_env(pk2
);
371 strcpy(data1
, "Test string that contains 35 chars.");
372 strcat(data1
, " 2nd string that contains 35 chars.");
374 i
= base64_encode(data2
, 1024, data1
, 71);
375 j
= base64_decode(data3
, 1024, data2
, i
);
376 test_streq(data3
, data1
);
378 test_assert(data2
[i
] == '\0');
389 struct timeval start
, end
;
392 start
.tv_usec
= 5000;
397 test_eq(0L, tv_udiff(&start
, &end
));
401 test_eq(2000L, tv_udiff(&start
, &end
));
405 test_eq(1002000L, tv_udiff(&start
, &end
));
409 test_eq(995000L, tv_udiff(&start
, &end
));
413 test_eq(0L, tv_udiff(&start
, &end
));
418 test_onion_handshake() {
420 crypto_dh_env_t
*c_dh
= NULL
;
421 char c_buf
[DH_ONIONSKIN_LEN
];
425 char s_buf
[DH_KEY_LEN
];
429 crypto_pk_env_t
*pk
= NULL
;
431 pk
= crypto_new_pk_env(CRYPTO_PK_RSA
);
432 test_assert(! crypto_pk_generate_key(pk
));
434 /* client handshake 1. */
435 memset(c_buf
, 0, DH_ONIONSKIN_LEN
);
436 test_assert(! onion_skin_create(pk
, &c_dh
, c_buf
));
438 /* server handshake */
439 memset(s_buf
, 0, DH_KEY_LEN
);
440 memset(s_keys
, 0, 40);
441 test_assert(! onion_skin_server_handshake(c_buf
, pk
, s_buf
, s_keys
, 40));
443 /* client handshake 2 */
444 memset(c_keys
, 0, 40);
445 test_assert(! onion_skin_client_handshake(c_dh
, s_buf
, c_keys
, 40));
447 crypto_dh_free(c_dh
);
449 /* FIXME sometimes (infrequently) the following fails! Why? */
450 if (memcmp(c_keys
, s_keys
, 40)) {
454 test_memeq(c_keys
, s_keys
, 40);
455 memset(s_buf
, 0, 40);
456 test_memneq(c_keys
, s_buf
, 40);
457 crypto_free_pk_env(pk
);
461 int dump_router_to_string(char *s
, int maxlen
, routerinfo_t
*router
);
462 void dump_directory_to_string(char *s
, int maxlen
);
468 char buf
[2048], buf2
[2048];
469 char *pk1_str
= NULL
, *pk2_str
= NULL
, *cp
;
470 int pk1_str_len
, pk2_str_len
;
472 crypto_pk_env_t
*pk1
= NULL
, *pk2
= NULL
;
473 routerinfo_t
*rp1
, *rp2
;
474 struct exit_policy_t ex1
, ex2
;
475 directory_t
*dir1
= NULL
, *dir2
= NULL
;
477 test_assert( (pk1
= crypto_new_pk_env(CRYPTO_PK_RSA
)) );
478 test_assert( (pk2
= crypto_new_pk_env(CRYPTO_PK_RSA
)) );
479 test_assert(! crypto_pk_generate_key(pk1
));
480 test_assert(! crypto_pk_generate_key(pk2
));
482 r1
.address
= "testaddr1.foo.bar";
483 r1
.addr
= 0xc0a80001u
; /* 192.168.0.1 */
489 r1
.signing_pkey
= NULL
;
491 r1
.exit_policy
= NULL
;
493 ex1
.policy_type
= EXIT_POLICY_ACCEPT
;
498 ex2
.policy_type
= EXIT_POLICY_REJECT
;
499 ex2
.address
= "18.*";
502 r2
.address
= "tor.tor.tor";
503 r2
.addr
= 0x0a030201u
; /* 10.3.2.1 */
509 r2
.signing_pkey
= pk1
;
511 r2
.exit_policy
= &ex1
;
513 test_assert(!crypto_pk_write_public_key_to_string(pk1
, &pk1_str
,
515 test_assert(!crypto_pk_write_public_key_to_string(pk2
, &pk2_str
,
517 strcpy(buf2
, "router testaddr1.foo.bar 9000 9001 9002 9003 1000\n");
518 strcat(buf2
, pk1_str
);
521 memset(buf
, 0, 2048);
522 test_assert(dump_router_to_string(buf
, 2048, &r1
)>0);
523 test_streq(buf
, buf2
);
526 rp1
= router_get_entry_from_string(&cp
);
528 test_streq(rp1
->address
, r1
.address
);
529 test_eq(rp1
->or_port
, r1
.or_port
);
530 test_eq(rp1
->op_port
, r1
.op_port
);
531 test_eq(rp1
->ap_port
, r1
.ap_port
);
532 test_eq(rp1
->dir_port
, r1
.dir_port
);
533 test_eq(rp1
->bandwidth
, r1
.bandwidth
);
534 test_assert(crypto_pk_cmp_keys(rp1
->pkey
, pk1
) == 0);
535 test_assert(rp1
->signing_pkey
== NULL
);
536 test_assert(rp1
->exit_policy
== NULL
);
538 strcpy(buf2
, "router tor.tor.tor 9005 0 0 0 3000\n");
539 strcat(buf2
, pk2_str
);
540 strcat(buf2
, "signing-key\n");
541 strcat(buf2
, pk1_str
);
542 strcat(buf2
, "accept *:80\nreject 18.*:24\n\n");
543 test_assert(dump_router_to_string(buf
, 2048, &r2
)>0);
544 test_streq(buf
, buf2
);
547 rp2
= router_get_entry_from_string(&cp
);
549 test_streq(rp2
->address
, r2
.address
);
550 test_eq(rp2
->or_port
, r2
.or_port
);
551 test_eq(rp2
->op_port
, r2
.op_port
);
552 test_eq(rp2
->ap_port
, r2
.ap_port
);
553 test_eq(rp2
->dir_port
, r2
.dir_port
);
554 test_eq(rp2
->bandwidth
, r2
.bandwidth
);
555 test_assert(crypto_pk_cmp_keys(rp2
->pkey
, pk2
) == 0);
556 test_assert(crypto_pk_cmp_keys(rp2
->signing_pkey
, pk1
) == 0);
557 test_eq(rp2
->exit_policy
->policy_type
, EXIT_POLICY_ACCEPT
);
558 test_streq(rp2
->exit_policy
->string
, "accept *:80");
559 test_streq(rp2
->exit_policy
->address
, "*");
560 test_streq(rp2
->exit_policy
->port
, "80");
561 test_eq(rp2
->exit_policy
->next
->policy_type
, EXIT_POLICY_REJECT
);
562 test_streq(rp2
->exit_policy
->next
->string
, "reject 18.*:24");
563 test_streq(rp2
->exit_policy
->next
->address
, "18.*");
564 test_streq(rp2
->exit_policy
->next
->port
, "24");
565 test_assert(rp2
->exit_policy
->next
->next
== NULL
);
567 /* Okay, now for the directories. */
568 dir1
= (directory_t
*) tor_malloc(sizeof(directory_t
));
570 dir1
->routers
= (routerinfo_t
**) tor_malloc(sizeof(routerinfo_t
*)*2);
571 dir1
->routers
[0] = &r1
;
572 dir1
->routers
[1] = &r2
;
573 test_assert(! dump_signed_directory_to_string_impl(buf
, 2048, dir1
, pk1
));
576 test_assert(! router_get_dir_from_string_impl(buf
, &dir2
, pk1
));
577 test_eq(2, dir2
->n_routers
);
579 if (pk1_str
) free(pk1_str
);
580 if (pk2_str
) free(pk2_str
);
581 if (pk1
) crypto_free_pk_env(pk1
);
582 if (pk2
) crypto_free_pk_env(pk2
);
583 if (rp1
) routerinfo_free(rp1
);
584 if (rp2
) routerinfo_free(rp2
);
585 if (dir1
) free(dir1
); /* And more !*/
586 if (dir1
) free(dir2
); /* And more !*/
590 main(int c
, char**v
){
592 or_options_t options
; /* command-line and config-file options */
594 if(getconfig(c
,v
,&options
))
597 log(LOG_ERR
,NULL
); /* make logging quieter */
602 puts("========================== Buffers =========================");
604 puts("\n========================== Crypto ==========================");
607 puts("\n========================= Util ============================");
609 puts("\n========================= Onion Skins =====================");
610 test_onion_handshake();
611 puts("\n========================= Directory Formats ===============");