mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
prop224: Rename cert type to follow naming convention
Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
parent
1517a8a2eb
commit
1263f74a12
@ -314,7 +314,7 @@ encode_enc_key(const ed25519_keypair_t *sig_key,
|
||||
&ip->enc_key.curve25519)) {
|
||||
goto err;
|
||||
}
|
||||
tor_cert_t *cross_cert = tor_cert_create(&curve_kp, CERT_TYPE_HS_IP_ENC,
|
||||
tor_cert_t *cross_cert = tor_cert_create(&curve_kp, CERT_TYPE_CROSS_HS_IP_KEYS,
|
||||
&sig_key->pubkey, now,
|
||||
HS_DESC_CERT_LIFETIME,
|
||||
CERT_FLAG_INCLUDE_SIGNING_KEY);
|
||||
@ -748,7 +748,7 @@ desc_encode_v3(const hs_descriptor_t *desc, char **encoded_out)
|
||||
char *encoded_cert;
|
||||
/* Encode certificate then create the first line of the descriptor. */
|
||||
if (desc->plaintext_data.signing_key_cert->cert_type
|
||||
!= CERT_TYPE_HS_DESC_SIGN) {
|
||||
!= CERT_TYPE_SIGNING_HS_DESC) {
|
||||
log_err(LD_BUG, "HS descriptor signing key has an unexpected cert type "
|
||||
"(%d)", (int) desc->plaintext_data.signing_key_cert->cert_type);
|
||||
goto err;
|
||||
@ -1237,7 +1237,7 @@ decode_introduction_point(const hs_descriptor_t *desc, const char *start)
|
||||
|
||||
/* Parse cert and do some validation. */
|
||||
if (cert_parse_and_validate(&ip->auth_key_cert, tok->object_body,
|
||||
tok->object_size, CERT_TYPE_HS_IP_AUTH,
|
||||
tok->object_size, CERT_TYPE_AUTH_HS_IP_KEY,
|
||||
"introduction point auth-key") < 0) {
|
||||
goto err;
|
||||
}
|
||||
@ -1285,7 +1285,7 @@ decode_introduction_point(const hs_descriptor_t *desc, const char *start)
|
||||
goto err;
|
||||
}
|
||||
if (cert_parse_and_validate(&cross_cert, tok->object_body,
|
||||
tok->object_size, CERT_TYPE_HS_IP_ENC,
|
||||
tok->object_size, CERT_TYPE_CROSS_HS_IP_KEYS,
|
||||
"introduction point enc-key-certification") < 0) {
|
||||
goto err;
|
||||
}
|
||||
@ -1509,7 +1509,7 @@ desc_decode_plaintext_v3(smartlist_t *tokens,
|
||||
goto err;
|
||||
}
|
||||
if (cert_parse_and_validate(&desc->signing_key_cert, tok->object_body,
|
||||
tok->object_size, CERT_TYPE_HS_DESC_SIGN,
|
||||
tok->object_size, CERT_TYPE_SIGNING_HS_DESC,
|
||||
"service descriptor signing key") < 0) {
|
||||
goto err;
|
||||
}
|
||||
|
@ -6,15 +6,15 @@
|
||||
|
||||
#include "crypto_ed25519.h"
|
||||
|
||||
#define SIGNED_KEY_TYPE_ED25519 0x01
|
||||
#define SIGNED_KEY_TYPE_ED25519 0x01
|
||||
|
||||
#define CERT_TYPE_ID_SIGNING 0x04
|
||||
#define CERT_TYPE_SIGNING_LINK 0x05
|
||||
#define CERT_TYPE_SIGNING_AUTH 0x06
|
||||
#define CERT_TYPE_HS_DESC_SIGN 0x08
|
||||
#define CERT_TYPE_HS_IP_AUTH 0x09
|
||||
#define CERT_TYPE_ONION_ID 0x0A
|
||||
#define CERT_TYPE_HS_IP_ENC 0x0B
|
||||
#define CERT_TYPE_ID_SIGNING 0x04
|
||||
#define CERT_TYPE_SIGNING_LINK 0x05
|
||||
#define CERT_TYPE_SIGNING_AUTH 0x06
|
||||
#define CERT_TYPE_SIGNING_HS_DESC 0x08
|
||||
#define CERT_TYPE_AUTH_HS_IP_KEY 0x09
|
||||
#define CERT_TYPE_ONION_ID 0x0A
|
||||
#define CERT_TYPE_CROSS_HS_IP_KEYS 0x0B
|
||||
|
||||
#define CERT_FLAG_INCLUDE_SIGNING_KEY 0x1
|
||||
|
||||
|
@ -48,7 +48,7 @@ helper_build_intro_point(const ed25519_keypair_t *blinded_kp,
|
||||
|
||||
ret = ed25519_keypair_generate(&auth_kp, 0);
|
||||
tt_int_op(ret, ==, 0);
|
||||
ip->auth_key_cert = tor_cert_create(blinded_kp, CERT_TYPE_HS_IP_AUTH,
|
||||
ip->auth_key_cert = tor_cert_create(blinded_kp, CERT_TYPE_AUTH_HS_IP_KEY,
|
||||
&auth_kp.pubkey, time(NULL),
|
||||
HS_DESC_CERT_LIFETIME,
|
||||
CERT_FLAG_INCLUDE_SIGNING_KEY);
|
||||
@ -83,7 +83,7 @@ helper_build_hs_desc(uint64_t revision_counter, uint32_t lifetime,
|
||||
|
||||
desc->plaintext_data.signing_key_cert =
|
||||
tor_cert_create(&desc->plaintext_data.blinded_kp,
|
||||
CERT_TYPE_HS_DESC_SIGN,
|
||||
CERT_TYPE_SIGNING_HS_DESC,
|
||||
&desc->plaintext_data.signing_kp.pubkey, time(NULL),
|
||||
3600, CERT_FLAG_INCLUDE_SIGNING_KEY);
|
||||
tt_assert(desc->plaintext_data.signing_key_cert);
|
||||
|
@ -51,7 +51,7 @@ helper_build_intro_point(const ed25519_keypair_t *blinded_kp, time_t now,
|
||||
|
||||
ret = ed25519_keypair_generate(&auth_kp, 0);
|
||||
tt_int_op(ret, ==, 0);
|
||||
ip->auth_key_cert = tor_cert_create(blinded_kp, CERT_TYPE_HS_IP_AUTH,
|
||||
ip->auth_key_cert = tor_cert_create(blinded_kp, CERT_TYPE_AUTH_HS_IP_KEY,
|
||||
&auth_kp.pubkey, now,
|
||||
HS_DESC_CERT_LIFETIME,
|
||||
CERT_FLAG_INCLUDE_SIGNING_KEY);
|
||||
@ -91,7 +91,7 @@ helper_build_hs_desc(unsigned int no_ip)
|
||||
|
||||
desc->plaintext_data.signing_key_cert =
|
||||
tor_cert_create(&desc->plaintext_data.blinded_kp,
|
||||
CERT_TYPE_HS_DESC_SIGN,
|
||||
CERT_TYPE_SIGNING_HS_DESC,
|
||||
&desc->plaintext_data.signing_kp.pubkey, now,
|
||||
3600,
|
||||
CERT_FLAG_INCLUDE_SIGNING_KEY);
|
||||
@ -1028,31 +1028,31 @@ test_validate_cert(void *arg)
|
||||
ret = ed25519_keypair_generate(&kp, 0);
|
||||
tt_int_op(ret, ==, 0);
|
||||
|
||||
/* Cert of type CERT_TYPE_HS_IP_AUTH. */
|
||||
tor_cert_t *cert = tor_cert_create(&kp, CERT_TYPE_HS_IP_AUTH,
|
||||
/* Cert of type CERT_TYPE_AUTH_HS_IP_KEY. */
|
||||
tor_cert_t *cert = tor_cert_create(&kp, CERT_TYPE_AUTH_HS_IP_KEY,
|
||||
&kp.pubkey, now, 3600,
|
||||
CERT_FLAG_INCLUDE_SIGNING_KEY);
|
||||
tt_assert(cert);
|
||||
/* Test with empty certificate. */
|
||||
ret = cert_is_valid(NULL, CERT_TYPE_HS_IP_AUTH, "unicorn");
|
||||
ret = cert_is_valid(NULL, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
|
||||
tt_int_op(ret, OP_EQ, 0);
|
||||
/* Test with a bad type. */
|
||||
ret = cert_is_valid(cert, CERT_TYPE_HS_DESC_SIGN, "unicorn");
|
||||
ret = cert_is_valid(cert, CERT_TYPE_SIGNING_HS_DESC, "unicorn");
|
||||
tt_int_op(ret, OP_EQ, 0);
|
||||
/* Normal validation. */
|
||||
ret = cert_is_valid(cert, CERT_TYPE_HS_IP_AUTH, "unicorn");
|
||||
ret = cert_is_valid(cert, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
|
||||
tt_int_op(ret, OP_EQ, 1);
|
||||
/* Break signing key so signature verification will fails. */
|
||||
memset(&cert->signing_key, 0, sizeof(cert->signing_key));
|
||||
ret = cert_is_valid(cert, CERT_TYPE_HS_IP_AUTH, "unicorn");
|
||||
ret = cert_is_valid(cert, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
|
||||
tt_int_op(ret, OP_EQ, 0);
|
||||
tor_cert_free(cert);
|
||||
|
||||
/* Try a cert without including the signing key. */
|
||||
cert = tor_cert_create(&kp, CERT_TYPE_HS_IP_AUTH, &kp.pubkey, now, 3600, 0);
|
||||
cert = tor_cert_create(&kp, CERT_TYPE_AUTH_HS_IP_KEY, &kp.pubkey, now, 3600, 0);
|
||||
tt_assert(cert);
|
||||
/* Test with a bad type. */
|
||||
ret = cert_is_valid(cert, CERT_TYPE_HS_IP_AUTH, "unicorn");
|
||||
ret = cert_is_valid(cert, CERT_TYPE_AUTH_HS_IP_KEY, "unicorn");
|
||||
tt_int_op(ret, OP_EQ, 0);
|
||||
|
||||
done:
|
||||
|
Loading…
Reference in New Issue
Block a user