mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 14:23:30 +01:00
test: Add test_hs_ntor unit tests
Move the ntor test from test_hs_service.c to this file. Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
David Goulet
Nick Mathewson
parent
472835d6e9
commit
6061f5e2bd
@ -116,6 +116,7 @@ src_test_test_SOURCES = \
|
||||
src/test/test_hs.c \
|
||||
src/test/test_hs_config.c \
|
||||
src/test/test_hs_cell.c \
|
||||
src/test/test_hs_ntor.c \
|
||||
src/test/test_hs_service.c \
|
||||
src/test/test_hs_client.c \
|
||||
src/test/test_hs_intropoint.c \
|
||||
|
||||
@ -1217,6 +1217,7 @@ struct testgroup_t testgroups[] = {
|
||||
{ "hs_cell/", hs_cell_tests },
|
||||
{ "hs_config/", hs_config_tests },
|
||||
{ "hs_descriptor/", hs_descriptor },
|
||||
{ "hs_ntor/", hs_ntor_tests },
|
||||
{ "hs_service/", hs_service_tests },
|
||||
{ "hs_client/", hs_client_tests },
|
||||
{ "hs_intropoint/", hs_intropoint_tests },
|
||||
|
||||
@ -210,6 +210,7 @@ extern struct testcase_t hs_cache[];
|
||||
extern struct testcase_t hs_cell_tests[];
|
||||
extern struct testcase_t hs_config_tests[];
|
||||
extern struct testcase_t hs_descriptor[];
|
||||
extern struct testcase_t hs_ntor_tests[];
|
||||
extern struct testcase_t hs_service_tests[];
|
||||
extern struct testcase_t hs_client_tests[];
|
||||
extern struct testcase_t hs_intropoint_tests[];
|
||||
|
||||
114
src/test/test_hs_ntor.c
Normal file
114
src/test/test_hs_ntor.c
Normal file
@ -0,0 +1,114 @@
|
||||
/* Copyright (c) 2017, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
* \file test_hs_ntor.c
|
||||
* \brief Test hidden service ntor functionality.
|
||||
*/
|
||||
|
||||
#include "test.h"
|
||||
#include "test_helpers.h"
|
||||
#include "log_test_helpers.h"
|
||||
|
||||
#include "hs_ntor.h"
|
||||
|
||||
/* Test the HS ntor handshake. Simulate the sending of an encrypted INTRODUCE1
|
||||
* cell, and verify the proper derivation of decryption keys on the other end.
|
||||
* Then simulate the sending of an authenticated RENDEZVOUS1 cell and verify
|
||||
* the proper verification on the other end. */
|
||||
static void
|
||||
test_hs_ntor(void *arg)
|
||||
{
|
||||
int retval;
|
||||
|
||||
uint8_t subcredential[DIGEST256_LEN];
|
||||
|
||||
ed25519_keypair_t service_intro_auth_keypair;
|
||||
curve25519_keypair_t service_intro_enc_keypair;
|
||||
curve25519_keypair_t service_ephemeral_rend_keypair;
|
||||
|
||||
curve25519_keypair_t client_ephemeral_enc_keypair;
|
||||
|
||||
hs_ntor_intro_cell_keys_t client_hs_ntor_intro_cell_keys;
|
||||
hs_ntor_intro_cell_keys_t service_hs_ntor_intro_cell_keys;
|
||||
|
||||
hs_ntor_rend_cell_keys_t service_hs_ntor_rend_cell_keys;
|
||||
hs_ntor_rend_cell_keys_t client_hs_ntor_rend_cell_keys;
|
||||
|
||||
(void) arg;
|
||||
|
||||
/* Generate fake data for this unittest */
|
||||
{
|
||||
/* Generate fake subcredential */
|
||||
memset(subcredential, 'Z', DIGEST256_LEN);
|
||||
|
||||
/* service */
|
||||
curve25519_keypair_generate(&service_intro_enc_keypair, 0);
|
||||
ed25519_keypair_generate(&service_intro_auth_keypair, 0);
|
||||
curve25519_keypair_generate(&service_ephemeral_rend_keypair, 0);
|
||||
/* client */
|
||||
curve25519_keypair_generate(&client_ephemeral_enc_keypair, 0);
|
||||
}
|
||||
|
||||
/* Client: Simulate the sending of an encrypted INTRODUCE1 cell */
|
||||
retval =
|
||||
hs_ntor_client_get_introduce1_keys(&service_intro_auth_keypair.pubkey,
|
||||
&service_intro_enc_keypair.pubkey,
|
||||
&client_ephemeral_enc_keypair,
|
||||
subcredential,
|
||||
&client_hs_ntor_intro_cell_keys);
|
||||
tt_int_op(retval, ==, 0);
|
||||
|
||||
/* Service: Simulate the decryption of the received INTRODUCE1 */
|
||||
retval =
|
||||
hs_ntor_service_get_introduce1_keys(&service_intro_auth_keypair.pubkey,
|
||||
&service_intro_enc_keypair,
|
||||
&client_ephemeral_enc_keypair.pubkey,
|
||||
subcredential,
|
||||
&service_hs_ntor_intro_cell_keys);
|
||||
tt_int_op(retval, ==, 0);
|
||||
|
||||
/* Test that the INTRODUCE1 encryption/mac keys match! */
|
||||
tt_mem_op(client_hs_ntor_intro_cell_keys.enc_key, OP_EQ,
|
||||
service_hs_ntor_intro_cell_keys.enc_key,
|
||||
CIPHER256_KEY_LEN);
|
||||
tt_mem_op(client_hs_ntor_intro_cell_keys.mac_key, OP_EQ,
|
||||
service_hs_ntor_intro_cell_keys.mac_key,
|
||||
DIGEST256_LEN);
|
||||
|
||||
/* Service: Simulate creation of RENDEZVOUS1 key material. */
|
||||
retval =
|
||||
hs_ntor_service_get_rendezvous1_keys(&service_intro_auth_keypair.pubkey,
|
||||
&service_intro_enc_keypair,
|
||||
&service_ephemeral_rend_keypair,
|
||||
&client_ephemeral_enc_keypair.pubkey,
|
||||
&service_hs_ntor_rend_cell_keys);
|
||||
tt_int_op(retval, ==, 0);
|
||||
|
||||
/* Client: Simulate the verification of a received RENDEZVOUS1 cell */
|
||||
retval =
|
||||
hs_ntor_client_get_rendezvous1_keys(&service_intro_auth_keypair.pubkey,
|
||||
&client_ephemeral_enc_keypair,
|
||||
&service_intro_enc_keypair.pubkey,
|
||||
&service_ephemeral_rend_keypair.pubkey,
|
||||
&client_hs_ntor_rend_cell_keys);
|
||||
tt_int_op(retval, ==, 0);
|
||||
|
||||
/* Test that the RENDEZVOUS1 key material match! */
|
||||
tt_mem_op(client_hs_ntor_rend_cell_keys.rend_cell_auth_mac, OP_EQ,
|
||||
service_hs_ntor_rend_cell_keys.rend_cell_auth_mac,
|
||||
DIGEST256_LEN);
|
||||
tt_mem_op(client_hs_ntor_rend_cell_keys.ntor_key_seed, OP_EQ,
|
||||
service_hs_ntor_rend_cell_keys.ntor_key_seed,
|
||||
DIGEST256_LEN);
|
||||
done:
|
||||
;
|
||||
}
|
||||
|
||||
struct testcase_t hs_ntor_tests[] = {
|
||||
{ "hs_ntor", test_hs_ntor, TT_FORK,
|
||||
NULL, NULL },
|
||||
|
||||
END_OF_TESTCASES
|
||||
};
|
||||
|
||||
@ -59,99 +59,6 @@ helper_config_service(const char *conf)
|
||||
return ret;
|
||||
}
|
||||
|
||||
/** Test the HS ntor handshake. Simulate the sending of an encrypted INTRODUCE1
|
||||
* cell, and verify the proper derivation of decryption keys on the other end.
|
||||
* Then simulate the sending of an authenticated RENDEZVOUS1 cell and verify
|
||||
* the proper verification on the other end. */
|
||||
static void
|
||||
test_hs_ntor(void *arg)
|
||||
{
|
||||
int retval;
|
||||
|
||||
uint8_t subcredential[DIGEST256_LEN];
|
||||
|
||||
ed25519_keypair_t service_intro_auth_keypair;
|
||||
curve25519_keypair_t service_intro_enc_keypair;
|
||||
curve25519_keypair_t service_ephemeral_rend_keypair;
|
||||
|
||||
curve25519_keypair_t client_ephemeral_enc_keypair;
|
||||
|
||||
hs_ntor_intro_cell_keys_t client_hs_ntor_intro_cell_keys;
|
||||
hs_ntor_intro_cell_keys_t service_hs_ntor_intro_cell_keys;
|
||||
|
||||
hs_ntor_rend_cell_keys_t service_hs_ntor_rend_cell_keys;
|
||||
hs_ntor_rend_cell_keys_t client_hs_ntor_rend_cell_keys;
|
||||
|
||||
(void) arg;
|
||||
|
||||
/* Generate fake data for this unittest */
|
||||
{
|
||||
/* Generate fake subcredential */
|
||||
memset(subcredential, 'Z', DIGEST256_LEN);
|
||||
|
||||
/* service */
|
||||
curve25519_keypair_generate(&service_intro_enc_keypair, 0);
|
||||
ed25519_keypair_generate(&service_intro_auth_keypair, 0);
|
||||
curve25519_keypair_generate(&service_ephemeral_rend_keypair, 0);
|
||||
/* client */
|
||||
curve25519_keypair_generate(&client_ephemeral_enc_keypair, 0);
|
||||
}
|
||||
|
||||
/* Client: Simulate the sending of an encrypted INTRODUCE1 cell */
|
||||
retval =
|
||||
hs_ntor_client_get_introduce1_keys(&service_intro_auth_keypair.pubkey,
|
||||
&service_intro_enc_keypair.pubkey,
|
||||
&client_ephemeral_enc_keypair,
|
||||
subcredential,
|
||||
&client_hs_ntor_intro_cell_keys);
|
||||
tt_int_op(retval, ==, 0);
|
||||
|
||||
/* Service: Simulate the decryption of the received INTRODUCE1 */
|
||||
retval =
|
||||
hs_ntor_service_get_introduce1_keys(&service_intro_auth_keypair.pubkey,
|
||||
&service_intro_enc_keypair,
|
||||
&client_ephemeral_enc_keypair.pubkey,
|
||||
subcredential,
|
||||
&service_hs_ntor_intro_cell_keys);
|
||||
tt_int_op(retval, ==, 0);
|
||||
|
||||
/* Test that the INTRODUCE1 encryption/mac keys match! */
|
||||
tt_mem_op(client_hs_ntor_intro_cell_keys.enc_key, OP_EQ,
|
||||
service_hs_ntor_intro_cell_keys.enc_key,
|
||||
CIPHER256_KEY_LEN);
|
||||
tt_mem_op(client_hs_ntor_intro_cell_keys.mac_key, OP_EQ,
|
||||
service_hs_ntor_intro_cell_keys.mac_key,
|
||||
DIGEST256_LEN);
|
||||
|
||||
/* Service: Simulate creation of RENDEZVOUS1 key material. */
|
||||
retval =
|
||||
hs_ntor_service_get_rendezvous1_keys(&service_intro_auth_keypair.pubkey,
|
||||
&service_intro_enc_keypair,
|
||||
&service_ephemeral_rend_keypair,
|
||||
&client_ephemeral_enc_keypair.pubkey,
|
||||
&service_hs_ntor_rend_cell_keys);
|
||||
tt_int_op(retval, ==, 0);
|
||||
|
||||
/* Client: Simulate the verification of a received RENDEZVOUS1 cell */
|
||||
retval =
|
||||
hs_ntor_client_get_rendezvous1_keys(&service_intro_auth_keypair.pubkey,
|
||||
&client_ephemeral_enc_keypair,
|
||||
&service_intro_enc_keypair.pubkey,
|
||||
&service_ephemeral_rend_keypair.pubkey,
|
||||
&client_hs_ntor_rend_cell_keys);
|
||||
tt_int_op(retval, ==, 0);
|
||||
|
||||
/* Test that the RENDEZVOUS1 key material match! */
|
||||
tt_mem_op(client_hs_ntor_rend_cell_keys.rend_cell_auth_mac, OP_EQ,
|
||||
service_hs_ntor_rend_cell_keys.rend_cell_auth_mac,
|
||||
DIGEST256_LEN);
|
||||
tt_mem_op(client_hs_ntor_rend_cell_keys.ntor_key_seed, OP_EQ,
|
||||
service_hs_ntor_rend_cell_keys.ntor_key_seed,
|
||||
DIGEST256_LEN);
|
||||
done:
|
||||
;
|
||||
}
|
||||
|
||||
static void
|
||||
test_validate_address(void *arg)
|
||||
{
|
||||
@ -518,10 +425,6 @@ test_desc_overlap_period(void *arg)
|
||||
}
|
||||
|
||||
struct testcase_t hs_service_tests[] = {
|
||||
{ "hs_ntor", test_hs_ntor, TT_FORK,
|
||||
NULL, NULL },
|
||||
{ "time_period", test_time_period, TT_FORK,
|
||||
NULL, NULL },
|
||||
{ "e2e_rend_circuit_setup", test_e2e_rend_circuit_setup, TT_FORK,
|
||||
NULL, NULL },
|
||||
{ "build_address", test_build_address, TT_FORK,
|
||||
@ -534,6 +437,8 @@ struct testcase_t hs_service_tests[] = {
|
||||
NULL, NULL },
|
||||
{ "desc_overlap_period", test_desc_overlap_period, TT_FORK,
|
||||
NULL, NULL },
|
||||
{ "time_period", test_time_period, TT_FORK,
|
||||
NULL, NULL },
|
||||
|
||||
END_OF_TESTCASES
|
||||
};
|
||||
|
||||
Loading…
Reference in New Issue
Block a user