mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
Add test_keygen tests for all log outputs; improve keygen outputs.
This commit is contained in:
Nick Mathewson
parent
a1e543f908
commit
138b28dc35
@ -376,7 +376,8 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
|
||||
tor_log(severity, LD_OR, "Couldn't repair %s", public_fname);
|
||||
goto err;
|
||||
} else {
|
||||
tor_log(severity, LD_OR, "Found secret key but not %s. Regenerating.",
|
||||
tor_log(LOG_NOTICE, LD_OR,
|
||||
"Found secret key but not %s. Regenerating.",
|
||||
public_fname);
|
||||
}
|
||||
}
|
||||
@ -384,12 +385,29 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
|
||||
}
|
||||
|
||||
/* If the secret key is absent and it's not allowed to be, fail. */
|
||||
if (!have_secret && found_public && !(flags & INIT_ED_KEY_MISSING_SECRET_OK))
|
||||
if (!have_secret && found_public &&
|
||||
!(flags & INIT_ED_KEY_MISSING_SECRET_OK)) {
|
||||
if (have_encrypted_secret_file) {
|
||||
tor_log(severity, LD_OR, "We needed to load a secret key from %s, "
|
||||
"but it was encrypted. Try tor --keygen instead.",
|
||||
secret_fname);
|
||||
} else {
|
||||
tor_log(severity, LD_OR, "We needed to load a secret key from %s, "
|
||||
"but couldn't find it.", secret_fname);
|
||||
}
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* If it's absent, and we're not supposed to make a new keypair, fail. */
|
||||
if (!have_secret && !found_public && !(flags & INIT_ED_KEY_CREATE))
|
||||
if (!have_secret && !found_public && !(flags & INIT_ED_KEY_CREATE)) {
|
||||
if (split) {
|
||||
tor_log(severity, LD_OR, "No key found in %s or %s.",
|
||||
secret_fname, public_fname);
|
||||
} else {
|
||||
tor_log(severity, LD_OR, "No key found in %s.", secret_fname);
|
||||
}
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* If the secret key is absent, but the encrypted key would be present,
|
||||
* that's an error */
|
||||
@ -471,8 +489,10 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
|
||||
goto done;
|
||||
|
||||
/* If we didn't get a cert, and we're not supposed to make one, fail. */
|
||||
if (!signing_key || !(flags & INIT_ED_KEY_CREATE))
|
||||
if (!signing_key || !(flags & INIT_ED_KEY_CREATE)) {
|
||||
tor_log(severity, LD_OR, "Without signing key, can't create certificate");
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* We have keys but not a certificate, so make one. */
|
||||
uint32_t cert_flags = 0;
|
||||
@ -483,8 +503,10 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
|
||||
now, lifetime,
|
||||
cert_flags);
|
||||
|
||||
if (! cert)
|
||||
if (! cert) {
|
||||
tor_log(severity, LD_OR, "Couldn't create certificate");
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* Write it to disk. */
|
||||
created_cert = 1;
|
||||
@ -674,7 +696,7 @@ load_ed_keys(const or_options_t *options, time_t now)
|
||||
if (need_new_signing_key) {
|
||||
FAIL("Missing identity key");
|
||||
} else {
|
||||
log_warn(LD_OR, "master public key was absent; inferring from "
|
||||
log_warn(LD_OR, "Master public key was absent; inferring from "
|
||||
"public key in signing certificate");
|
||||
tor_assert(check_signing_cert);
|
||||
id = tor_malloc_zero(sizeof(*id));
|
||||
|
||||
@ -117,9 +117,11 @@ ME="${DATA_DIR}/case2a"
|
||||
SRC="${DATA_DIR}/orig"
|
||||
mkdir -p "${ME}/keys"
|
||||
cp "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/"
|
||||
${TOR} --DataDirectory "${ME}" --list-fingerprint && die "Somehow succeeded when missing secret key, certs" || true
|
||||
${TOR} --DataDirectory "${ME}" --list-fingerprint > "${ME}/stdout" && die "Somehow succeeded when missing secret key, certs" || true
|
||||
check_files_eq "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/ed25519_master_id_public_key"
|
||||
|
||||
grep "We needed to load a secret key.*but couldn't find it" "${ME}/stdout" >/dev/null || die "Tor didn't declare that it was missing a secret key"
|
||||
|
||||
echo "==== Case 2A ok"
|
||||
fi
|
||||
|
||||
@ -133,11 +135,13 @@ SRC="${DATA_DIR}/encrypted"
|
||||
mkdir -p "${ME}/keys"
|
||||
cp "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/"
|
||||
cp "${SRC}/keys/ed25519_master_id_secret_key_encrypted" "${ME}/keys/"
|
||||
${TOR} --DataDirectory "${ME}" --list-fingerprint && dir "Somehow succeeded with encrypted secret key, missing certs"
|
||||
${TOR} --DataDirectory "${ME}" --list-fingerprint > "${ME}/stdout" && dir "Somehow succeeded with encrypted secret key, missing certs"
|
||||
|
||||
check_files_eq "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/ed25519_master_id_public_key"
|
||||
check_files_eq "${SRC}/keys/ed25519_master_id_secret_key_encrypted" "${ME}/keys/ed25519_master_id_secret_key_encrypted"
|
||||
|
||||
grep "We needed to load a secret key.*but it was encrypted.*--keygen" "${ME}/stdout" >/dev/null || die "Tor didn't declare that it was missing a secret key and suggest --keygen."
|
||||
|
||||
echo "==== Case 2B ok"
|
||||
|
||||
fi
|
||||
@ -230,10 +234,12 @@ SRC="${DATA_DIR}/encrypted"
|
||||
|
||||
mkdir -p "${ME}/keys"
|
||||
cp "${SRC}/keys/ed25519_master_id_secret_key_encrypted" "${ME}/keys/"
|
||||
${TOR} --DataDirectory "${ME}" --list-fingerprint && die "Tor started with only encrypted secret key!"
|
||||
${TOR} --DataDirectory "${ME}" --list-fingerprint >"${ME}/stdout" && die "Tor started with only encrypted secret key!"
|
||||
check_no_file "${ME}/keys/ed25519_master_id_public_key"
|
||||
check_no_file "${ME}/keys/ed25519_master_id_public_key"
|
||||
|
||||
grep "but not public key file" "${ME}/stdout" >/dev/null || die "Tor didn't declare it couldn't find a public key."
|
||||
|
||||
echo "==== Case 5 ok"
|
||||
|
||||
fi
|
||||
@ -248,10 +254,12 @@ SRC="${DATA_DIR}/encrypted"
|
||||
mkdir -p "${ME}/keys"
|
||||
cp "${SRC}/keys/ed25519_master_id_secret_key_encrypted" "${ME}/keys/"
|
||||
cp "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/"
|
||||
${TOR} --DataDirectory "${ME}" --list-fingerprint && die "Tor started with encrypted secret key and no certs" || true
|
||||
${TOR} --DataDirectory "${ME}" --list-fingerprint > "${ME}/stdout" && die "Tor started with encrypted secret key and no certs" || true
|
||||
check_no_file "${ME}/keys/ed25519_signing_cert"
|
||||
check_no_file "${ME}/keys/ed25519_signing_secret_key"
|
||||
|
||||
grep "but it was encrypted" "${ME}/stdout" >/dev/null || die "Tor didn't declare that the secret key was encrypted."
|
||||
|
||||
echo "==== Case 6 ok"
|
||||
|
||||
fi
|
||||
@ -335,7 +343,9 @@ mkdir -p "${ME}/keys"
|
||||
cp "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/"
|
||||
cp "${OTHER}/keys/ed25519_master_id_secret_key" "${ME}/keys/"
|
||||
|
||||
${TOR} --DataDirectory "${ME}" --list-fingerprint && die "Successfully started with mismatched keys!?" || true
|
||||
${TOR} --DataDirectory "${ME}" --list-fingerprint >"${ME}/stdout" && die "Successfully started with mismatched keys!?" || true
|
||||
|
||||
grep "public_key does not match.*secret_key" "${ME}/stdout" >/dev/null || die "Tor didn't declare that there was a key mismatch"
|
||||
|
||||
echo "==== Case 10 ok"
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user