Commit Graph

82 Commits

Author SHA1 Message Date
Nick Mathewson
7322de15dc Split the slow unit tests into their own binary
This can run in parallel with the faster ones and the other tests.
2015-01-23 11:15:53 -05:00
Nick Mathewson
7a63005220 Basic unit test for condition variables. 2015-01-14 11:17:09 -05:00
Nick Mathewson
f54e54b0b4 Bump copyright dates to 2015, in case someday this matters. 2015-01-02 14:27:39 -05:00
Nick Mathewson
4ac5175109 Fix wide lines (from 13172) 2014-11-12 13:42:01 -05:00
Nick Mathewson
a3dafd3f58 Replace operators used as macro arguments with OP_XX macros
Part of fix for 13172
2014-11-12 13:28:07 -05:00
Nick Mathewson
fcdcb377a4 Add another year to our copyright dates.
Because in 95 years, we or our successors will surely care about
enforcing the BSD license terms on this code.  Right?
2014-10-28 15:30:16 -04:00
Sebastian Hahn
909aa51b3f Remove configure option to disable curve25519
By now, support in the network is widespread and it's time to require
more modern crypto on all Tor instances, whether they're clients or
servers. By doing this early in 0.2.6, we can be sure that at some point
all clients will have reasonable support.
2014-10-27 14:41:19 +01:00
Nick Mathewson
b45bfba2ce Whitespace fixes 2014-09-29 08:48:22 -04:00
teor
ffd92e8ef8 Stop test & bench build failures with --disable-curve25519
Ensure test & bench code that references curve25519 is disabled by the
appropriate macros. tor now builds with and without --disable-curve25519.
2014-09-29 12:19:04 +10:00
Nick Mathewson
1c5d680b3d Merge branch 'ed25519_ref10_squashed'
Conflicts:
	src/common/include.am
	src/ext/README
2014-09-25 15:11:34 -04:00
Nick Mathewson
7ca470e13c Add a reference implementation of our ed25519 modifications
Also, use it to generate test vectors, and add those test vectors
to test_crypto.c

This is based on ed25519.py from the ed25519 webpage; the kludgy hacks
are my own.
2014-09-25 15:08:32 -04:00
Nick Mathewson
25b1a32ef8 Draft implementation for ed25519 key blinding, as in prop224
This implementation allows somebody to add a blinding factor to a
secret key, and a corresponding blinding factor to the public key.

Robert Ransom came up with this idea, I believe.  Nick Hopper proved a
scheme like this secure.  The bugs are my own.
2014-09-25 15:08:31 -04:00
Nick Mathewson
4caa6fad4c Add curve25519->ed25519 key conversion per proposal 228
For proposal 228, we need to cross-certify our identity with our
curve25519 key, so that we can prove at descriptor-generation time
that we own that key.  But how can we sign something with a key that
is only for doing Diffie-Hellman?  By converting it to the
corresponding ed25519 point.

See the ALL-CAPS warning in the documentation.  According to djb
(IIUC), it is safe to use these keys in the ways that ntor and prop228
are using them, but it might not be safe if we start providing crazy
oracle access.

(Unit tests included.  What kind of a monster do you take me for?)
2014-09-25 15:08:31 -04:00
Nick Mathewson
c75e275574 Add encode/decode functions for ed25519 public keys 2014-09-25 15:08:31 -04:00
Nick Mathewson
006e6d3b6f Another ed25519 tweak: store secret keys in expanded format
This will be needed/helpful for the key blinding of prop224, I
believe.
2014-09-25 15:08:31 -04:00
Nick Mathewson
87ba033cd5 Add Ed25519 support, wrappers, and tests.
Taken from earlier ed25519 branch based on floodyberry's
ed25519-donna.  Tweaked so that it applies to ref10 instead.
2014-09-25 15:08:20 -04:00
Nick Mathewson
764e008092 Merge branch 'libscrypt_trunnel_squashed'
Conflicts:
	src/test/test_crypto.c
2014-09-25 12:03:41 -04:00
Nick Mathewson
c433736734 Add tests for failing cases of crypto_pwbox 2014-09-25 11:58:14 -04:00
Nick Mathewson
d0f5d2b662 Test a full array of s2k flags with pwbox test.
Suggested by yawning.
2014-09-25 11:58:14 -04:00
Nick Mathewson
05a6439f1f Use preferred key-expansion means for pbkdf2, scrypt.
Use HKDF for RFC2440 s2k only.
2014-09-25 11:58:13 -04:00
Nick Mathewson
8d84f3af7b Test vectors for PBKDF2 from RFC6070 2014-09-25 11:58:13 -04:00
Nick Mathewson
b59d0dae14 Test vectors for scrypt from draft-josefsson-scrypt-kdf-00 2014-09-25 11:58:13 -04:00
Nick Mathewson
8184839a47 Rudimentary-but-sufficient passphrase-encrypted box code.
See crypto_pwbox.c for a description of the file format.

There are tests for successful operation, but it still needs
error-case tests.
2014-09-25 11:58:13 -04:00
Nick Mathewson
e84e1c9745 More generic passphrase hashing code, including scrypt support
Uses libscrypt when found; otherwise, we don't have scrypt and we
only support openpgp rfc2440 s2k hashing, or pbkdf2.

Includes documentation and unit tests; coverage around 95%. Remaining
uncovered code is sanity-checks that shouldn't be reachable fwict.
2014-09-25 11:58:13 -04:00
Nick Mathewson
ea72b4f60a clean up eol whitespace from coccinelle-generated patches 2014-09-16 09:40:38 -04:00
Nick Mathewson
a6627fdb80 Remove the legacy_test_helper and legacy_setup wrappers
These wrappers went into place when the default type for our unit
test functions changed from "void fn(void)" to "void fn(void *arg)".

To generate this patch, I did the same hokey-pokey as before with
replacing all operators used as macro arguments, then I ran a
coccinelle script, then I ran perl script to fix up everything that
used legacy_test_helper, then I manually removed the
legacy_test_helper functions, then I ran a final perl script to put
the operators back how they were.

==============================
 #!/usr/bin/perl -w -i -p

s/==,/_X_EQ_,/g;
s/!=,/_X_NE_,/g;
s/<,/_X_LT_,/g;
s/>,/_X_GT_,/g;
s/>=,/_X_GEQ_,/g;
s/<=,/_X_LEQ_,/g;

--------------------

@@
identifier func =~ "test_.*$";
statement S, S2;
@@
 static void func (
-void
+void *arg
 )
 {
 ... when != S2
+(void) arg;
 S
 ...
 }

--------------------
 #!/usr/bin/perl -w -i -p

s/, *legacy_test_helper, *([^,]+), *\&legacy_setup, *([^\}]+) *}/, $2, $1, NULL, NULL }/g;

--------------------
 #!/usr/bin/perl -w -i -p

s/_X_NEQ_/!=/g;
s/_X_NE_/!=/g;
s/_X_EQ_/==/g;
s/_X_GT_/>/g;
s/_X_LT_/</g;
s/_X_GEQ_/>=/g;
s/_X_LEQ_/<=/g;

--------------------
2014-09-16 09:30:22 -04:00
Nick Mathewson
1146a6a1c5 Replace the remaining test_n?eq_ptr calls 2014-09-15 21:25:27 -04:00
Nick Mathewson
0243895792 Use coccinelle scripts to clean up our unit tests
This should get rid of most of the users of the old test_*
functions.  Some are in macros and will need manual cleanup, though.

This patch is for 13119, and was automatically generated with these
scripts.  The perl scripts are there because coccinelle hates
operators as macro arguments.

------------------------------

s/==,/_X_EQ_,/g;
s/!=,/_X_NE_,/g;
s/<,/_X_LT_,/g;
s/>,/_X_GT_,/g;
s/>=,/_X_GEQ_,/g;
s/<=,/_X_LEQ_,/g;

------------------------------
@@
expression a;
identifier func;
@@
 func (...) {
<...
-test_fail_msg
+TT_DIE
 (
+(
 a
+)
 )
 ...>
 }

@@
identifier func;
@@
 func (...) {
<...
-test_fail()
+TT_DIE(("Assertion failed."))
 ...>
 }

@@
expression a;
identifier func;
@@
 func (...) {
<...
-test_assert
+tt_assert
	(a)
 ...>
 }

@@
expression a, b;
identifier func;
@@
 func (...) {
<...
-test_eq
+tt_int_op
 (a,
+_X_EQ_,
  b)
 ...>
 }

@@
expression a, b;
identifier func;
@@
 func (...) {
<...
-test_neq
+tt_int_op
 (a,
+_X_NEQ_,
  b)
 ...>
 }

@@
expression a, b;
identifier func;
@@
 func (...) {
<...
-test_streq
+tt_str_op
 (a,
+_X_EQ_,
  b)
 ...>
 }

@@
expression a, b;
identifier func;
@@
 func (...) {
<...
-test_strneq
+tt_str_op
 (a,
+_X_NEQ_,
  b)
 ...>
 }

@@
expression a, b;
identifier func;
@@
 func (...) {
<...
-test_eq_ptr
+tt_ptr_op
 (a,
+_X_EQ_,
  b)
 ...>
 }

@@
expression a, b;
identifier func;
@@
 func() {
<...
-test_neq_ptr
+tt_ptr_op
 (a,
+_X_NEQ_,
  b)
 ...>
 }

@@
expression a, b, len;
identifier func;
@@
 func (...) {
<...
-test_memeq
+tt_mem_op
 (a,
+_X_EQ_,
  b, len)
 ...>
 }

@@
expression a, b, len;
identifier func;
@@
 func (...) {
<...
-test_memneq
+tt_mem_op
 (a,
+_X_NEQ_,
  b, len)
 ...>
 }

------------------------------
@@
char a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a == b
+a, _X_EQ_, b
 )
 ...>
}

@@
int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a == b
+a, _X_EQ_, b
 )
 ...>
}

@@
long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a == b
+a, _X_EQ_, b
 )
 ...>
}

@@
unsigned int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a == b
+a, _X_EQ_, b
 )
 ...>
}

@@
unsigned long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a == b
+a, _X_EQ_, b
 )
 ...>
}

@@
char a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a != b
+a, _X_NEQ_, b
 )
 ...>
}

@@
int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a != b
+a, _X_NEQ_, b
 )
 ...>
}

@@
long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a != b
+a, _X_NEQ_, b
 )
 ...>
}

@@
unsigned int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a != b
+a, _X_NEQ_, b
 )
 ...>
}

@@
unsigned long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a != b
+a, _X_NEQ_, b
 )
 ...>
}

@@
char a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a >= b
+a, _X_GEQ_, b
 )
 ...>
}

@@
int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a >= b
+a, _X_GEQ_, b
 )
 ...>
}

@@
long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a >= b
+a, _X_GEQ_, b
 )
 ...>
}

@@
unsigned int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a >= b
+a, _X_GEQ_, b
 )
 ...>
}

@@
unsigned long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a >= b
+a, _X_GEQ_, b
 )
 ...>
}

@@
char a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a <= b
+a, _X_LEQ_, b
 )
 ...>
}

@@
int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a <= b
+a, _X_LEQ_, b
 )
 ...>
}

@@
long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a <= b
+a, _X_LEQ_, b
 )
 ...>
}

@@
unsigned int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a <= b
+a, _X_LEQ_, b
 )
 ...>
}

@@
unsigned long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a <= b
+a, _X_LEQ_, b
 )
 ...>
}

@@
char a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a > b
+a, _X_GT_, b
 )
 ...>
}

@@
int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a > b
+a, _X_GT_, b
 )
 ...>
}

@@
long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a > b
+a, _X_GT_, b
 )
 ...>
}

@@
unsigned int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a > b
+a, _X_GT_, b
 )
 ...>
}

@@
unsigned long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a > b
+a, _X_GT_, b
 )
 ...>
}

@@
char a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a < b
+a, _X_LT_, b
 )
 ...>
}

@@
int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a < b
+a, _X_LT_, b
 )
 ...>
}

@@
long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a < b
+a, _X_LT_, b
 )
 ...>
}

@@
unsigned int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a < b
+a, _X_LT_, b
 )
 ...>
}

@@
unsigned long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a < b
+a, _X_LT_, b
 )
 ...>
}

------------------------------

s/_X_NEQ_/!=/g;
s/_X_NE_/!=/g;
s/_X_EQ_/==/g;
s/_X_GT_/>/g;
s/_X_LT_/</g;
s/_X_GEQ_/>=/g;
s/_X_LEQ_/<=/g;

s/test_mem_op\(/tt_mem_op\(/g;
2014-09-15 21:18:21 -04:00
Nick Mathewson
9b2d8c4e20 Rename secret_to_key to secret_to_key_rfc2440 2014-08-28 11:20:31 -04:00
Nick Mathewson
28538069b2 Fix numerous 64->32 errors in the unit tests
Before the 11825 fix, these were all silently ignored.
2014-05-08 14:01:17 -04:00
Nick Mathewson
0be9e6099b Unit tests for pk fingerprint functions 2014-02-28 08:53:14 -05:00
Nick Mathewson
e1deb01e5f mingw fix: Rename a variable in the unit tests
Apparently, MS C is #defining "IN" on us, so we can't name a
variable IN.  Delightful!
2014-02-16 12:51:35 -05:00
Nick Mathewson
f51df9bb93 Tests for siphash, from reference implementation. 2014-02-12 10:58:03 -05:00
Nick Mathewson
a7410c9199 Add checks to prevent memcmp(.,.,negative) in tests (CID 1064417) 2013-11-22 12:33:25 -05:00
Nick Mathewson
e7165659e0 Fix crypto/digests test 2013-11-18 13:33:29 -05:00
Nick Mathewson
a3e0a87d95 Completely refactor how FILENAME_PRIVATE works
We previously used FILENAME_PRIVATE identifiers mostly for
identifiers exposed only to the unit tests... but also for
identifiers exposed to the benchmarker, and sometimes for
identifiers exposed to a similar module, and occasionally for no
really good reason at all.

Now, we use FILENAME_PRIVATE identifiers for identifiers shared by
Tor and the unit tests.  They should be defined static when we
aren't building the unit test, and globally visible otherwise. (The
STATIC macro will keep us honest here.)

For identifiers used only by the unit tests and never by Tor at all,
on the other hand, we wrap them in #ifdef TOR_UNIT_TESTS.

This is not the motivating use case for the split test/non-test
build system; it's just a test example to see how it works, and to
take a chance to clean up the code a little.
2013-07-10 15:20:10 -04:00
Nick Mathewson
c94f6b228b Fix "make check-spaces" 2013-06-10 13:51:53 -04:00
Marek Majkowski
e4f51682bc Bug #5170 - test crypto_pk_get_all_digests 2013-06-10 15:03:18 +01:00
Arlo Breault
0ab38b9366 Remove PK_PKCS1_PADDING
See #8792
2013-05-17 10:11:33 -04:00
Nick Mathewson
8f21838ee5 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-05-08 13:01:58 -04:00
Nick Mathewson
7d3fd85838 Fix bug 8845: check the right length of memory in aes unit tests
This couldn't actually be a buffer overrun unless AES somehow turned
into memcpy, but still it's good to fix it.
2013-05-08 12:59:43 -04:00
Nick Mathewson
80e9ca411f Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-23 18:51:15 -04:00
Nick Mathewson
8b6a952c94 Avoid clang warnings from implicit off_t->size_t cast 2013-03-23 18:50:21 -04:00
Nick Mathewson
55ce9bff54 Remove unused check_fingerprint_syntax 2013-03-01 22:01:26 -05:00
Nick Mathewson
a05dc378e3 Remove unused HMAC-SHA1 function
(We're not adding any new SHA1 instances in our protocols, so this
should never actually be needed.)
2013-03-01 21:59:12 -05:00
Nick Mathewson
a4e9d67292 Remove some functions which were unused except for their tests 2013-02-23 23:38:43 -05:00
Nick Mathewson
717946089b Resolve memory leaks in the unit tests and benchmarks (found by coverity)
These shouldn't really matter, but it's nice to be leak-free.
2013-02-11 14:57:10 -05:00
Nick Mathewson
ffd6e557cb Speed up the curve25519 unit test by doing fewer iterations
This test was accounting for about 2/3 of our unit tests' runtime,
even on systems with a fast curve25519.  No test should take so long.
2013-02-11 13:55:42 -05:00
Nick Mathewson
522b312a51 whitespace fix 2013-02-07 14:31:51 -05:00
Nick Mathewson
266419d244 Tolerate curve25519 backends where the high bit of the pk isn't ignored
Right now, all our curve25519 backends ignore the high bit of the
public key. But possibly, others could treat the high bit of the
public key as encoding out-of-bounds values, or as something to be
preserved. This could be used to distinguish clients with different
backends, at the cost of killing a circuit.

As a workaround, let's just clear the high bit of each public key
indiscriminately before we use it. Fix for bug 8121, reported by
rransom. Bugfix on 0.2.4.8-alpha.
2013-02-07 14:09:01 -05:00