mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 14:23:30 +01:00
Unit test for basic ext_or_cookie authentication backend
This commit is contained in:
parent
b64351ed17
commit
4526c3e0b6
@ -105,11 +105,11 @@ connection_ext_or_transition(or_connection_t *conn)
|
|||||||
|
|
||||||
/** If true, we've set ext_or_auth_cookie to a secret code and stored
|
/** If true, we've set ext_or_auth_cookie to a secret code and stored
|
||||||
* it to disk. */
|
* it to disk. */
|
||||||
static int ext_or_auth_cookie_is_set = 0;
|
STATIC int ext_or_auth_cookie_is_set = 0;
|
||||||
/** If ext_or_auth_cookie_is_set, a secret cookie that we've stored to disk
|
/** If ext_or_auth_cookie_is_set, a secret cookie that we've stored to disk
|
||||||
* and which we're using to authenticate controllers. (If the controller can
|
* and which we're using to authenticate controllers. (If the controller can
|
||||||
* read it off disk, it has permission to connect.) */
|
* read it off disk, it has permission to connect.) */
|
||||||
static char ext_or_auth_cookie[EXT_OR_PORT_AUTH_COOKIE_LEN] = {0};
|
STATIC char ext_or_auth_cookie[EXT_OR_PORT_AUTH_COOKIE_LEN] = {0};
|
||||||
|
|
||||||
/** Helper: Return a newly allocated string containing a path to the
|
/** Helper: Return a newly allocated string containing a path to the
|
||||||
* file where we store our authentication cookie. */
|
* file where we store our authentication cookie. */
|
||||||
@ -198,10 +198,10 @@ connection_ext_or_auth_neg_auth_type(connection_t *conn)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** DOCDOC */
|
/** DOCDOC */
|
||||||
static int
|
STATIC int
|
||||||
handle_client_auth_nonce(const char *client_nonce, size_t client_nonce_len,
|
handle_client_auth_nonce(const char *client_nonce, size_t client_nonce_len,
|
||||||
char **client_hash_out,
|
char **client_hash_out,
|
||||||
char**reply_out, size_t *reply_len_out)
|
char **reply_out, size_t *reply_len_out)
|
||||||
{
|
{
|
||||||
char server_hash[EXT_OR_PORT_AUTH_HASH_LEN] = {0};
|
char server_hash[EXT_OR_PORT_AUTH_HASH_LEN] = {0};
|
||||||
char server_nonce[EXT_OR_PORT_AUTH_NONCE_LEN] = {0};
|
char server_nonce[EXT_OR_PORT_AUTH_NONCE_LEN] = {0};
|
||||||
|
@ -27,6 +27,14 @@ STATIC int connection_write_ext_or_command(connection_t *conn,
|
|||||||
uint16_t command,
|
uint16_t command,
|
||||||
const char *body,
|
const char *body,
|
||||||
size_t bodylen);
|
size_t bodylen);
|
||||||
|
STATIC int handle_client_auth_nonce(const char *client_nonce,
|
||||||
|
size_t client_nonce_len,
|
||||||
|
char **client_hash_out,
|
||||||
|
char **reply_out, size_t *reply_len_out);
|
||||||
|
#ifdef TOR_UNIT_TESTS
|
||||||
|
extern char ext_or_auth_cookie[];
|
||||||
|
extern int ext_or_auth_cookie_is_set;
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
@ -144,9 +144,80 @@ test_ext_or_write_command(void *arg)
|
|||||||
UNMOCK(connection_write_to_buf_impl_);
|
UNMOCK(connection_write_to_buf_impl_);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
test_ext_or_cookie_auth(void *arg)
|
||||||
|
{
|
||||||
|
char *reply=NULL, *client_hash=NULL;
|
||||||
|
size_t reply_len=0;
|
||||||
|
char hmac1[32], hmac2[32];
|
||||||
|
|
||||||
|
const char client_nonce[32] =
|
||||||
|
"Who is the third who walks alway";
|
||||||
|
char server_hash_input[] =
|
||||||
|
"ExtORPort authentication server-to-client hash"
|
||||||
|
"Who is the third who walks alway"
|
||||||
|
"................................";
|
||||||
|
char client_hash_input[] =
|
||||||
|
"ExtORPort authentication client-to-server hash"
|
||||||
|
"Who is the third who walks alway"
|
||||||
|
"................................";
|
||||||
|
|
||||||
|
(void)arg;
|
||||||
|
|
||||||
|
tt_int_op(strlen(client_hash_input), ==, 46+32+32);
|
||||||
|
tt_int_op(strlen(server_hash_input), ==, 46+32+32);
|
||||||
|
|
||||||
|
memcpy(ext_or_auth_cookie, "s beside you? When I count, ther", 32);
|
||||||
|
ext_or_auth_cookie_is_set = 1;
|
||||||
|
|
||||||
|
/* For this authentication, the client sends 32 random bytes (ClientNonce)
|
||||||
|
* The server replies with 32 byte ServerHash and 32 byte ServerNonce,
|
||||||
|
* where ServerHash is:
|
||||||
|
* HMAC-SHA256(CookieString,
|
||||||
|
* "ExtORPort authentication server-to-client hash" | ClientNonce |
|
||||||
|
* ServerNonce)"
|
||||||
|
* The client must reply with 32-byte ClientHash, which we compute as:
|
||||||
|
* ClientHash is computed as:
|
||||||
|
* HMAC-SHA256(CookieString,
|
||||||
|
* "ExtORPort authentication client-to-server hash" | ClientNonce |
|
||||||
|
* ServerNonce)
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* Wrong length */
|
||||||
|
tt_int_op(-1, ==,
|
||||||
|
handle_client_auth_nonce(client_nonce, 33, &client_hash, &reply,
|
||||||
|
&reply_len));
|
||||||
|
tt_int_op(-1, ==,
|
||||||
|
handle_client_auth_nonce(client_nonce, 31, &client_hash, &reply,
|
||||||
|
&reply_len));
|
||||||
|
|
||||||
|
/* Now let's try this for real! */
|
||||||
|
tt_int_op(0, ==,
|
||||||
|
handle_client_auth_nonce(client_nonce, 32, &client_hash, &reply,
|
||||||
|
&reply_len));
|
||||||
|
tt_int_op(reply_len, ==, 64);
|
||||||
|
tt_ptr_op(reply, !=, NULL);
|
||||||
|
tt_ptr_op(client_hash, !=, NULL);
|
||||||
|
/* Fill in the server nonce into the hash inputs... */
|
||||||
|
memcpy(server_hash_input+46+32, reply+32, 32);
|
||||||
|
memcpy(client_hash_input+46+32, reply+32, 32);
|
||||||
|
/* Check the HMACs are correct... */
|
||||||
|
crypto_hmac_sha256(hmac1, ext_or_auth_cookie, 32, server_hash_input,
|
||||||
|
46+32+32);
|
||||||
|
crypto_hmac_sha256(hmac2, ext_or_auth_cookie, 32, client_hash_input,
|
||||||
|
46+32+32);
|
||||||
|
test_memeq(hmac1, reply, 32);
|
||||||
|
test_memeq(hmac2, client_hash, 32);
|
||||||
|
|
||||||
|
done:
|
||||||
|
tor_free(reply);
|
||||||
|
tor_free(client_hash);
|
||||||
|
}
|
||||||
|
|
||||||
struct testcase_t extorport_tests[] = {
|
struct testcase_t extorport_tests[] = {
|
||||||
{ "id_map", test_ext_or_id_map, TT_FORK, NULL, NULL },
|
{ "id_map", test_ext_or_id_map, TT_FORK, NULL, NULL },
|
||||||
{ "write_command", test_ext_or_write_command, TT_FORK, NULL, NULL },
|
{ "write_command", test_ext_or_write_command, TT_FORK, NULL, NULL },
|
||||||
|
{ "cookie_auth", test_ext_or_cookie_auth, TT_FORK, NULL, NULL },
|
||||||
END_OF_TESTCASES
|
END_OF_TESTCASES
|
||||||
};
|
};
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user