nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-28 14:23:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Require specific messages for remaining link-handshake failure cases

Browse Source
This commit is contained in:
Nick Mathewson 2016-08-31 14:10:15 -04:00
parent 240c58017d
commit d299c043d4
1 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/test/test_link_handshake.c
View File

@ -630,20 +630,31 @@ test_link_handshake_recv_authchallenge_ok_unrecognized(void *arg)
} }
AUTHCHALLENGE_FAIL(badstate, AUTHCHALLENGE_FAIL(badstate,
require_failure_message = "We're not currently doing a "
"v3 handshake";
d->c->base_.state = OR_CONN_STATE_CONNECTING) d->c->base_.state = OR_CONN_STATE_CONNECTING)
AUTHCHALLENGE_FAIL(badproto, AUTHCHALLENGE_FAIL(badproto,
require_failure_message = "not using link protocol >= 3";
d->c->link_proto = 2) d->c->link_proto = 2)
AUTHCHALLENGE_FAIL(as_server, AUTHCHALLENGE_FAIL(as_server,
require_failure_message = "We didn't originate this "
"connection";
d->c->handshake_state->started_here = 0;) d->c->handshake_state->started_here = 0;)
AUTHCHALLENGE_FAIL(duplicate, AUTHCHALLENGE_FAIL(duplicate,
require_failure_message = "We already received one";
d->c->handshake_state->received_auth_challenge = 1) d->c->handshake_state->received_auth_challenge = 1)
AUTHCHALLENGE_FAIL(nocerts, AUTHCHALLENGE_FAIL(nocerts,
require_failure_message = "We haven't gotten a CERTS "
"cell yet";
d->c->handshake_state->received_certs_cell = 0) d->c->handshake_state->received_certs_cell = 0)
AUTHCHALLENGE_FAIL(tooshort, AUTHCHALLENGE_FAIL(tooshort,
require_failure_message = "It was not well-formed";
d->cell->payload_len = 33) d->cell->payload_len = 33)
AUTHCHALLENGE_FAIL(truncated, AUTHCHALLENGE_FAIL(truncated,
require_failure_message = "It was not well-formed";
d->cell->payload_len = 34) d->cell->payload_len = 34)
AUTHCHALLENGE_FAIL(nonzero_circid, AUTHCHALLENGE_FAIL(nonzero_circid,
require_failure_message = "It had a nonzero circuit ID";
d->cell->circ_id = 1337) d->cell->circ_id = 1337)
static tor_x509_cert_t *mock_peer_cert = NULL; static tor_x509_cert_t *mock_peer_cert = NULL;
@ -859,47 +870,68 @@ test_link_handshake_auth_cell(void *arg)
} }
AUTHENTICATE_FAIL(badstate, AUTHENTICATE_FAIL(badstate,
require_failure_message = "We're not doing a v3 handshake";
d->c2->base_.state = OR_CONN_STATE_CONNECTING) d->c2->base_.state = OR_CONN_STATE_CONNECTING)
AUTHENTICATE_FAIL(badproto, AUTHENTICATE_FAIL(badproto,
require_failure_message = "not using link protocol >= 3";
d->c2->link_proto = 2) d->c2->link_proto = 2)
AUTHENTICATE_FAIL(atclient, AUTHENTICATE_FAIL(atclient,
require_failure_message = "We originated this connection";
d->c2->handshake_state->started_here = 1) d->c2->handshake_state->started_here = 1)
AUTHENTICATE_FAIL(duplicate, AUTHENTICATE_FAIL(duplicate,
require_failure_message = "We already got one";
d->c2->handshake_state->received_authenticate = 1) d->c2->handshake_state->received_authenticate = 1)
static void static void
test_link_handshake_auth_already_authenticated(void *arg) test_link_handshake_auth_already_authenticated(void *arg)
{ {
authenticate_data_t *d = arg; authenticate_data_t *d = arg;
const int prev_level = setup_capture_of_logs(LOG_INFO);
d->c2->handshake_state->authenticated = 1; d->c2->handshake_state->authenticated = 1;
channel_tls_process_authenticate_cell(d->cell, d->chan2); channel_tls_process_authenticate_cell(d->cell, d->chan2);
tt_int_op(mock_close_called, ==, 1); tt_int_op(mock_close_called, ==, 1);
tt_int_op(d->c2->handshake_state->authenticated, ==, 1); tt_int_op(d->c2->handshake_state->authenticated, ==, 1);
expect_log_msg_containing("The peer is already authenticated");
done: done:
; teardown_capture_of_logs(prev_level);
} }
AUTHENTICATE_FAIL(nocerts, AUTHENTICATE_FAIL(nocerts,
require_failure_message = "We never got a certs cell";
d->c2->handshake_state->received_certs_cell = 0) d->c2->handshake_state->received_certs_cell = 0)
AUTHENTICATE_FAIL(noidcert, AUTHENTICATE_FAIL(noidcert,
require_failure_message = "We never got an identity "
"certificate";
tor_x509_cert_free(d->c2->handshake_state->id_cert); tor_x509_cert_free(d->c2->handshake_state->id_cert);
d->c2->handshake_state->id_cert = NULL) d->c2->handshake_state->id_cert = NULL)
AUTHENTICATE_FAIL(noauthcert, AUTHENTICATE_FAIL(noauthcert,
require_failure_message = "We never got an authentication "
"certificate";
tor_x509_cert_free(d->c2->handshake_state->auth_cert); tor_x509_cert_free(d->c2->handshake_state->auth_cert);
d->c2->handshake_state->auth_cert = NULL) d->c2->handshake_state->auth_cert = NULL)
AUTHENTICATE_FAIL(tooshort, AUTHENTICATE_FAIL(tooshort,
require_failure_message = "Cell was way too short";
d->cell->payload_len = 3) d->cell->payload_len = 3)
AUTHENTICATE_FAIL(badtype, AUTHENTICATE_FAIL(badtype,
require_failure_message = "Authenticator type was not "
"recognized";
d->cell->payload[0] = 0xff) d->cell->payload[0] = 0xff)
AUTHENTICATE_FAIL(truncated_1, AUTHENTICATE_FAIL(truncated_1,
require_failure_message = "Authenticator was truncated";
d->cell->payload[2]++) d->cell->payload[2]++)
AUTHENTICATE_FAIL(truncated_2, AUTHENTICATE_FAIL(truncated_2,
require_failure_message = "Authenticator was truncated";
d->cell->payload[3]++) d->cell->payload[3]++)
AUTHENTICATE_FAIL(tooshort_1, AUTHENTICATE_FAIL(tooshort_1,
require_failure_message = "Authenticator was too short";
tt_int_op(d->cell->payload_len, >=, 260); tt_int_op(d->cell->payload_len, >=, 260);
d->cell->payload[2] -= 1; d->cell->payload[2] -= 1;
d->cell->payload_len -= 256;) d->cell->payload_len -= 256;)
AUTHENTICATE_FAIL(badcontent, AUTHENTICATE_FAIL(badcontent,
require_failure_message = "Some field in the AUTHENTICATE "
"cell body was not as expected";
d->cell->payload[10] ^= 0xff) d->cell->payload[10] ^= 0xff)
AUTHENTICATE_FAIL(badsig_1, AUTHENTICATE_FAIL(badsig_1,
require_failure_message = "Signature wasn't valid";
d->cell->payload[d->cell->payload_len - 5] ^= 0xff) d->cell->payload[d->cell->payload_len - 5] ^= 0xff)
#define TEST(name, flags) \ #define TEST(name, flags) \