Nick Mathewson
a90a111a5f
Label a few conditions in link authentication code as bugs.
2016-11-03 08:40:09 -04:00
Nick Mathewson
672fe4bee4
Extend link handshake tests to handle successful Ed25519 handshakes.
...
Success cases only. Failure cases to come.
2016-11-03 08:40:09 -04:00
Nick Mathewson
99af260acc
For testing: function to construct (but not save) Ed keys and certs
2016-11-03 08:40:09 -04:00
Nick Mathewson
67e66898d2
For testing: add a tor_x509_cert_dup().
2016-11-03 08:39:31 -04:00
Nick Mathewson
88c2a6b936
Send and receive AUTHENTICATE cells correctly with ED keys.
...
Includes updated test for authchallenge cells
2016-11-03 08:39:31 -04:00
Nick Mathewson
e64bac6eb4
Increase TLS RSA link key length to 2048 bits
...
Oddly, nothing broke.
Closes ticket 13752.
2016-11-03 08:39:30 -04:00
Nick Mathewson
b4a5c77901
Verify ed25519 link handshake certificates
...
This code stores the ed certs as appropriate, and tries to check
them. The Ed25519 result is not yet used, and (because of its
behavior) this will break RSA authenticate cells. That will get
fixed as we go, however.
This should implement 19157, but it needs tests, and it needs
to get wired in.
2016-11-03 08:39:28 -04:00
Nick Mathewson
99b3e54691
Add "Ed ID" arguments to a bunch of connection-ID-related fns.
...
In particular, these functions are the ones that set the identity of
a given connection or channel, and/or confirm that we have learned
said IDs.
There's a lot of stub code here: we don't actually need to use the
new keys till we start looking up connections/channels by Ed25519
IDs. Still, we want to start passing the Ed25519 IDs in now, so it
makes sense to add these stubs as part of 15055.
2016-11-03 08:37:22 -04:00
Nick Mathewson
0704fa8a63
Handle u32 overflow in ed25519 cert expiration time.
...
The impact here isn't too bad. First, the only affected certs that
expire after 32-bit signed time overflows in Y2038. Second, it could
only make it seem that a non-expired cert is expired: it could never
make it seem that an expired cert was still live.
Fixes bug 20027; bugfix on 0.2.7.2-alpha.
2016-11-03 08:37:22 -04:00
Nick Mathewson
fae7060aea
Fix a misfeature with the Ed cert expiration API
...
The batch-verification helper didn't expose the expiration time,
which made it pretty error-prone.
This closes ticket 15087.
2016-11-03 08:37:22 -04:00
Nick Mathewson
0b4221f98d
Make the current time an argument to x509 cert-checking functions
...
This makes the code a bit cleaner by having more of the functions be
pure functions that don't depend on the current time.
2016-11-03 08:37:22 -04:00
Nick Mathewson
e3c8253721
Add function to check RSA->Ed cross-certifications
...
Also, adjust signing approach to more closely match the signing
scheme in the proposal.
(The format doesn't quite match the format in the proposal, since
RSA signatures aren't fixed-length.)
Closes 19020.
2016-11-03 08:37:22 -04:00
Nick Mathewson
348b90a915
Refactor RSA certificate checking into its own function.
2016-11-03 08:37:22 -04:00
Nick Mathewson
e94f1b4e0d
Free rsa_ed_crosscert at exit.
...
Fixes bug 17779; bugfix on 0.2.7.2-alpha.
2016-11-03 08:37:21 -04:00
Nick Mathewson
e23389841c
Migrate certificates into a sub-structure of or_handshake_state
...
This will help us do cert-checking in the background in the future,
perhaps.
2016-11-03 08:37:21 -04:00
Nick Mathewson
4ef42e7c52
Refactor ...compute_authenticate_cell_body() to return a var_cell_t.
...
This means we don't need to precompute the length.
Helps simplify the implementation of 19156.
2016-11-03 08:37:21 -04:00
Nick Mathewson
2bf6553949
Code to send correct authentication data when we are using AUTHTYPE>2
...
Implements the major part of 19156, except doesn't actually send the
new cell type yet.
2016-11-03 08:37:21 -04:00
Nick Mathewson
b004ff45d7
New authentication types to use RFC5705.
...
See proposal 244. This feature lets us stop looking at the internals
of SSL objects, *and* should let us port better to more SSL libraries,
if they have RFC5705 support.
Preparatory for #19156
2016-11-03 08:37:20 -04:00
Nick Mathewson
fdd8f8df67
Send ed25519 certificates in certs cell, when we have them.
...
Implements 19155 (send CERTS cells correctly for Ed25519)
Also send RSA->Ed crosscert
2016-11-03 08:37:16 -04:00
Nick Mathewson
5205e95275
Refactor connection_or_send_certs_cell() to use trunnel
...
We no longer generate certs cells by pasting the certs together one
by one. Instead we use trunnel to generate them.
Preliminary work for 19155 (send CERTS cell with ed certs)
2016-11-03 08:35:40 -04:00
Nick Mathewson
986695fb74
When parsing certs cells, allow more certs types
...
Implements the parsing part of #19157
2016-11-03 08:35:36 -04:00
Nick Mathewson
77e2be06f6
make check-spaces
2016-09-09 15:38:46 -04:00
Nick Mathewson
75a7997148
Fix a coupole of coverity complaints.
2016-09-09 15:29:57 -04:00
Nick Mathewson
4c55e8a58f
Fix cases where the tests were doing closesocket() on a non-socket
...
These seem to have caused warnings on windows. Hmmm.
2016-09-09 10:28:12 -04:00
Nick Mathewson
2fe7e3d9d2
Oh dear, I was missing an extern.
2016-09-09 10:20:34 -04:00
Nick Mathewson
373bfd9630
Make a couple more tests run faster.
...
The point of diminishing returns has been reached.
2016-09-09 10:08:27 -04:00
Nick Mathewson
7c52109641
Disable a single pbkdf2 test vector
...
The other test vectors are pretty complete, and get full coverage, I
believe.
This one test vector accounted for half the time spent in
test-slow. "Now that's slow!"
2016-09-09 09:57:15 -04:00
Nick Mathewson
5e30e26c6d
Chop another ~93 RSA key generations out of the unit tests
...
We have a mock for our RSA key generation function, so we now wire
it to pk_generate(). This covers all the cases that were not using
pk_generate() before -- all ~93 of them.
2016-09-09 09:45:50 -04:00
Nick Mathewson
05110c9294
Move the donna-fuzzing tests into test_slow.
...
This shaves another 3-4 seconds off the main-path tests for me,
which is again worth it, according to XKCD#1204.
2016-09-09 08:58:42 -04:00
Nick Mathewson
5ec395b27f
Re-enable RSA cacheing in tests, with a better design.
...
This makes tests faster and saves about 6 seconds for me, which
makes it worth it, according to https://xkcd.com/1205 .
2016-09-09 08:58:42 -04:00
Nick Mathewson
63e34e9e49
Reinstate a couple of teardown_capture_of_logs that I missed
...
Patch from rubiate. See #19999
2016-09-08 19:49:21 -04:00
Nick Mathewson
55713f0d79
Placate "make check-spaces"
2016-09-08 15:43:56 -04:00
Nick Mathewson
d860b99dbf
Fix remaining test warnings. (in test_relay.c)
2016-09-08 15:25:56 -04:00
Nick Mathewson
3fcd5d71ad
Fix typo error in bug warning in relay.c
2016-09-08 15:15:57 -04:00
Nick Mathewson
e9fdec2b1d
capture and detect expected BUG messages in shared-random tests
2016-09-08 15:13:53 -04:00
Nick Mathewson
deb294ff53
Simplify log_test_helpers interface
...
Previously, you needed to store the previous log severity in a local
variable, and it wasn't clear if you were allowed to call these
functions more than once.
2016-09-08 15:03:11 -04:00
Nick Mathewson
b0a9e54705
Resolve more BUG warnings in the unit tests
2016-09-08 14:39:20 -04:00
Nick Mathewson
d0fe86f39e
Fix bug warnings in test_circuitlist.
2016-09-08 14:04:55 -04:00
Nick Mathewson
3269307daf
Treat all nonfatal assertion failures as unit test failures.
...
Part of 19999.
2016-09-08 13:27:30 -04:00
Nick Mathewson
6a1454aa46
Tolerate another failure mode of get_if_addres6_list in tests
2016-09-08 11:47:16 -04:00
Nick Mathewson
f9cb9d8990
more consistent use of expect_log_msg_containing
2016-09-08 11:16:09 -04:00
Nick Mathewson
f64f293c48
Suppress a really impressive pile of warnings in conection/.. tests
2016-09-08 10:56:51 -04:00
Nick Mathewson
d626ffe29c
Fix a bug in connection/download_status.. tests
2016-09-08 10:48:22 -04:00
Nick Mathewson
3705ee8fe4
Revise log-testing macros to dump the actual log contents on failure
2016-09-08 10:33:01 -04:00
Nick Mathewson
ae3ea9a7a1
Remove redundant definitions of expect_{no_,}log_msg()
2016-09-08 10:32:59 -04:00
Nick Mathewson
fe9cfeba6e
Fix libevent linking on openbsd.
...
Closes ticket 19902; bugfix on 0.2.9.1-alpha; patch from rubiate
2016-09-08 10:09:34 -04:00
Nick Mathewson
f3cda3272a
Disable -Wthread-safety.
...
See changes file; closes ticket 20110.
2016-09-08 09:37:40 -04:00
Nick Mathewson
8acb951fc8
Unit test fix: windows should be able to handle DNSPort just fine.
2016-09-08 09:23:20 -04:00
Nick Mathewson
08d1ac4f2a
Patch from rubiate: disable openbsd memory protections in test-memwipe
...
Test-memwipe is *supposed* to invoke undefined behavior, alas.
Closes 20066.
2016-09-08 09:00:24 -04:00
Nick Mathewson
bee5f38e39
set the "addr" field in the dir_handle_get tests, to resolve bug warnings.
2016-09-07 14:30:51 -04:00