mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-20 18:22:09 +01:00
Code Issues Projects Releases Wiki Activity

Unit tests for cert-chain-processing, including failed cases

Browse Source 
Check out the coverage!
This commit is contained in:
Nick Mathewson 2016-09-10 11:30:33 -04:00
parent a90a111a5f
commit af2459f09e
5 changed files with 292 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/or/channeltls.c
View File

@ -1954,8 +1954,11 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
ERR("Couldn't compute digests for key in ID cert");
identity_rcvd = tor_tls_cert_get_key(id_cert);
if (!identity_rcvd)
if (!identity_rcvd) {
//LCOV_EXCL_START
ERR("Internal error: Couldn't get RSA key from ID cert.");
//LCOV_EXCL_STOP
}
memcpy(chan->conn->handshake_state->authenticated_rsa_peer_id,
id_digests->d[DIGEST_SHA1], DIGEST_LEN);
channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,

10
src/or/routerkeys.c
View File

@ -1059,6 +1059,16 @@ get_master_identity_key(void)
return &master_identity_key->pubkey;
}
#ifdef TOR_UNIT_TESTS
/* only exists for the unit tests, since otherwise the identity key
* should be used to sign nothing but the signing key. */
const ed25519_keypair_t *
get_master_identity_keypair(void)
{
return master_identity_key;
}
#endif
const ed25519_keypair_t *
get_master_signing_keypair(void)
{

1
src/or/routerkeys.h
View File

@ -74,6 +74,7 @@ int write_encrypted_secret_key(const ed25519_secret_key_t *out,
void routerkeys_free_all(void);
#ifdef TOR_UNIT_TESTS
const ed25519_keypair_t *get_master_identity_keypair(void);
void init_mock_ed_keys(const crypto_pk_t *rsa_identity_key);
#endif

27
src/or/torcert.c
View File

@ -461,7 +461,7 @@ or_handshake_certs_rsa_ok(int severity,
if (certs->started_here) {
if (! (id_cert && link_cert))
ERR("The certs we wanted were missing");
ERR("The certs we wanted (ID, Link) were missing");
if (! tor_tls_cert_matches_key(tls, link_cert))
ERR("The link certificate didn't match the TLS public key");
if (! tor_tls_cert_is_valid(severity, link_cert, id_cert, now, 0))
@ -470,7 +470,7 @@ or_handshake_certs_rsa_ok(int severity,
ERR("The ID certificate was not valid");
} else {
if (! (id_cert && auth_cert))
ERR("The certs we wanted were missing");
ERR("The certs we wanted (ID, Auth) were missing");
/* Remember these certificates so we can check an AUTHENTICATE cell
* XXXX make sure we do that
*/
@ -505,20 +505,20 @@ or_handshake_certs_ed25519_ok(int severity,
ERR("Could not get checkable cert."); \
} while (0)
if (! certs->ed_id_sign || !certs->ed_id_sign->signing_key_included)
ERR("No signing key");
if (! certs->ed_id_sign || !certs->ed_id_sign->signing_key_included) {
ERR("No Ed25519 signing key");
}
ADDCERT(certs->ed_id_sign, NULL);
if (certs->started_here) {
if (! certs->ed_sign_link)
ERR("No link key");
ERR("No Ed25519 link key");
{
/* check for a match with the TLS cert. */
tor_x509_cert_t *peer_cert = tor_tls_get_peer_cert(tls);
/* XXXX Does 'cert' match spec in this case? I hope so; if not, fix
* spec */
if (!peer_cert)
ERR("No x509 peer cert");
if (BUG(!peer_cert)) {
ERR("No x509 peer cert"); // LCOV_EXCL_LINE
}
const common_digests_t *peer_cert_digests =
tor_x509_cert_get_cert_digests(peer_cert);
int okay = tor_memeq(peer_cert_digests->d[DIGEST_SHA256],
@ -526,14 +526,14 @@ or_handshake_certs_ed25519_ok(int severity,
DIGEST256_LEN);
tor_x509_cert_free(peer_cert);
if (!okay)
ERR("link certificate does not match TLS certificate");
ERR("Link certificate does not match TLS certificate");
}
ADDCERT(certs->ed_sign_link, &certs->ed_id_sign->signed_key);
} else {
if (! certs->ed_sign_auth)
ERR("No link authentiction key");
ERR("No Ed25519 link authentication key");
ADDCERT(certs->ed_sign_auth, &certs->ed_id_sign->signed_key);
}
@ -555,6 +555,9 @@ or_handshake_certs_ed25519_ok(int severity,
if (! tor_tls_cert_is_valid(severity, rsa_id_cert, rsa_id_cert, now, 1)) {
ERR("The legacy RSA ID certificate was not valid");
}
if (! certs->ed_rsa_crosscert) {
ERR("Missing RSA->Ed25519 crosscert");
}
crypto_pk_t *rsa_id_key = tor_tls_cert_get_key(rsa_id_cert);
if (rsa_ed25519_crosscert_check(certs->ed_rsa_crosscert,
@ -563,7 +566,7 @@ or_handshake_certs_ed25519_ok(int severity,
&certs->ed_id_sign->signing_key,
now) < 0) {
crypto_pk_free(rsa_id_key);
ERR("Invalid/missing RSA crosscert");
ERR("Invalid RSA->Ed25519 crosscert");
}
crypto_pk_free(rsa_id_key);
rsa_id_key = NULL;

265
src/test/test_link_handshake.c
View File

@ -6,12 +6,16 @@
#define CHANNELTLS_PRIVATE
#define CONNECTION_PRIVATE
#define TOR_CHANNEL_INTERNAL_
#define TORTLS_PRIVATE
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include "or.h"
#include "config.h"
#include "connection.h"
#include "connection_or.h"
#include "channeltls.h"
#include "link_handshake.h"
#include "router.h"
#include "routerkeys.h"
#include "scheduler.h"
#include "torcert.h"
@ -337,7 +341,6 @@ recv_certs_setup(const struct testcase_t *test)
int is_auth = !strcmpend(test->setup_data, "-Auth");
tor_assert(is_ed != is_rsa);
tor_assert(is_link != is_auth);
printf("rsa == %d; is_link == %d\n", is_rsa, is_link);
d->c = or_connection_new(CONN_TYPE_OR, AF_INET);
d->chan = tor_malloc_zero(sizeof(*d->chan));
@ -490,6 +493,7 @@ test_link_handshake_recv_certs_ok_server(void *arg)
tt_int_op(d->c->handshake_state->authenticated, ==, 0);
tt_int_op(d->c->handshake_state->received_certs_cell, ==, 1);
tt_assert(d->c->handshake_state->certs->id_cert != NULL);
tt_assert(d->c->handshake_state->certs->link_cert == NULL);
if (d->is_ed) {
tt_assert(d->c->handshake_state->certs->ed_sign_auth != NULL);
tt_assert(d->c->handshake_state->certs->auth_cert == NULL);
@ -514,6 +518,8 @@ test_link_handshake_recv_certs_ok_server(void *arg)
tt_int_op(1, ==, mock_close_called); \
tt_int_op(0, ==, mock_send_authenticate_called); \
tt_int_op(0, ==, mock_send_netinfo_called); \
tt_int_op(0, ==, d->c->handshake_state->authenticated_rsa); \
tt_int_op(0, ==, d->c->handshake_state->authenticated_ed25519); \
if (require_failure_message) { \
expect_log_msg_containing(require_failure_message); \
} \
@ -554,12 +560,41 @@ CERTS_FAIL(truncated_3,
d->cell->payload_len = 7;
memcpy(d->cell->payload, "\x01\x01\x00\x05""abc", 7);
})
CERTS_FAIL(truncated_4, /* ed25519 */
{
require_failure_message = "It couldn't be parsed";
d->cell->payload_len -= 10;
})
CERTS_FAIL(truncated_5, /* ed25519 */
{
require_failure_message = "It couldn't be parsed";
d->cell->payload_len -= 100;
})
#define REENCODE() do { \
const char *msg = certs_cell_check(d->ccell); \
if (msg) puts(msg); \
ssize_t n = certs_cell_encode(d->cell->payload, 4096, d->ccell); \
tt_int_op(n, >, 0); \
d->cell->payload_len = n; \
} while (0)
CERTS_FAIL(truncated_6, /* ed25519 */
{
/* truncate the link certificate */
require_failure_message = "undecodable Ed certificate";
certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 3), 7);
certs_cell_get_certs(d->ccell, 3)->cert_len = 7;
REENCODE();
})
CERTS_FAIL(truncated_7, /* ed25519 */
{
/* truncate the crosscert */
require_failure_message = "Unparseable or overlong crosscert";
certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 4), 7);
certs_cell_get_certs(d->ccell, 4)->cert_len = 7;
REENCODE();
})
CERTS_FAIL(not_x509,
{
require_failure_message = "Received undecodable certificate";
@ -588,6 +623,206 @@ CERTS_FAIL(both_auth,
certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
REENCODE();
})
CERTS_FAIL(duplicate_id, /* ed25519 */
{
require_failure_message = "Duplicate Ed25519 certificate";
certs_cell_get_certs(d->ccell, 2)->cert_type = 4;
certs_cell_get_certs(d->ccell, 3)->cert_type = 4;
REENCODE();
})
CERTS_FAIL(duplicate_link, /* ed25519 */
{
require_failure_message = "Duplicate Ed25519 certificate";
certs_cell_get_certs(d->ccell, 2)->cert_type = 5;
certs_cell_get_certs(d->ccell, 3)->cert_type = 5;
REENCODE();
})
CERTS_FAIL(duplicate_crosscert, /* ed25519 */
{
require_failure_message = "Duplicate RSA->Ed25519 crosscert";
certs_cell_get_certs(d->ccell, 2)->cert_type = 7;
certs_cell_get_certs(d->ccell, 3)->cert_type = 7;
REENCODE();
})
static void
test_link_handshake_recv_certs_missing_id(void *arg) /* ed25519 */
{
certs_data_t *d = arg;
tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
certs_cell_set_certs(d->ccell, 2, certs_cell_get_certs(d->ccell, 4));
certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */
certs_cell_setlen_certs(d->ccell, 4);
d->ccell->n_certs = 4;
REENCODE();
/* This handshake succeeds, but since we have no ID cert, we will
* just do the RSA handshake. */
channel_tls_process_certs_cell(d->cell, d->chan);
tt_int_op(0, ==, mock_close_called);
tt_int_op(0, ==, d->c->handshake_state->authenticated_ed25519);
tt_int_op(1, ==, d->c->handshake_state->authenticated_rsa);
done:
;
}
CERTS_FAIL(missing_signing_key, /* ed25519 */
{
require_failure_message = "No Ed25519 signing key";
tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 2);
tt_int_op(cert->cert_type, ==, CERTTYPE_ED_ID_SIGN);
/* replace this with a valid master->signing cert, but with no
* signing key. */
const ed25519_keypair_t *mk = get_master_identity_keypair();
const ed25519_keypair_t *sk = get_master_signing_keypair();
tor_cert_t *bad_cert = tor_cert_create(mk, CERT_TYPE_ID_SIGNING,
&sk->pubkey, time(NULL), 86400,
0 /* don't include signer */);
certs_cell_cert_setlen_body(cert, bad_cert->encoded_len);
memcpy(certs_cell_cert_getarray_body(cert),
bad_cert->encoded, bad_cert->encoded_len);
cert->cert_len = bad_cert->encoded_len;
tor_cert_free(bad_cert);
REENCODE();
})
CERTS_FAIL(missing_link, /* ed25519 */
{
require_failure_message = "No Ed25519 link key";
tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
certs_cell_set_certs(d->ccell, 3, certs_cell_get_certs(d->ccell, 4));
certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */
certs_cell_setlen_certs(d->ccell, 4);
d->ccell->n_certs = 4;
REENCODE();
})
CERTS_FAIL(missing_auth, /* ed25519 */
{
d->c->handshake_state->started_here = 0;
d->c->handshake_state->certs->started_here = 0;
require_failure_message = "No Ed25519 link authentication key";
tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
certs_cell_set_certs(d->ccell, 3, certs_cell_get_certs(d->ccell, 4));
certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */
certs_cell_setlen_certs(d->ccell, 4);
d->ccell->n_certs = 4;
REENCODE();
})
CERTS_FAIL(missing_crosscert, /* ed25519 */
{
require_failure_message = "Missing RSA->Ed25519 crosscert";
tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
certs_cell_setlen_certs(d->ccell, 4);
d->ccell->n_certs = 4;
REENCODE();
})
CERTS_FAIL(missing_rsa_id, /* ed25519 */
{
require_failure_message = "Missing legacy RSA ID cert";
tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
certs_cell_set_certs(d->ccell, 1, certs_cell_get_certs(d->ccell, 4));
certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */
certs_cell_setlen_certs(d->ccell, 4);
d->ccell->n_certs = 4;
REENCODE();
})
CERTS_FAIL(link_mismatch, /* ed25519 */
{
require_failure_message = "Link certificate does not match "
"TLS certificate";
const tor_x509_cert_t *idc;
tor_tls_get_my_certs(1, NULL, &idc);
tor_x509_cert_free(mock_peer_cert);
/* Pretend that the peer cert was something else. */
mock_peer_cert = tor_x509_cert_dup(idc);
/* No reencode needed. */
})
CERTS_FAIL(bad_ed_sig, /* ed25519 */
{
require_failure_message = "At least one Ed25519 certificate was "
"badly signed";
certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 3);
uint8_t *body = certs_cell_cert_getarray_body(cert);
ssize_t body_len = certs_cell_cert_getlen_body(cert);
/* Frob a byte in the signature */
body[body_len - 13] ^= 7;
REENCODE();
})
CERTS_FAIL(bad_crosscert, /*ed25519*/
{
require_failure_message = "Invalid RSA->Ed25519 crosscert";
certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 4);
uint8_t *body = certs_cell_cert_getarray_body(cert);
ssize_t body_len = certs_cell_cert_getlen_body(cert);
/* Frob a byte in the signature */
body[body_len - 13] ^= 7;
REENCODE();
})
CERTS_FAIL(bad_rsa_id_cert, /*ed25519*/
{
require_failure_message = "legacy RSA ID certificate was not valid";
certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 1);
uint8_t *body = certs_cell_cert_getarray_body(cert);
ssize_t body_len = certs_cell_cert_getlen_body(cert);
/* Frob a byte in the signature */
body[body_len - 13] ^= 7;
REENCODE();
})
CERTS_FAIL(expired_rsa_id, /* both */
{
require_failure_message = "Certificate already expired";
/* we're going to replace the identity cert with an expired one. */
certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 1);
const tor_x509_cert_t *idc;
tor_tls_get_my_certs(1, NULL, &idc);
X509 *newc = X509_dup(idc->cert);
time_t new_end = time(NULL) - 86400 * 10;
X509_time_adj(X509_get_notAfter(newc), 0, &new_end);
EVP_PKEY *pk = crypto_pk_get_evp_pkey_(d->key2, 1);
tt_assert(X509_sign(newc, pk, EVP_sha1()));
int len = i2d_X509(newc, NULL);
certs_cell_cert_setlen_body(cert, len);
uint8_t *body = certs_cell_cert_getarray_body(cert);
int len2 = i2d_X509(newc, &body);
tt_int_op(len, ==, len2);
REENCODE();
X509_free(newc);
EVP_PKEY_free(pk);
})
CERTS_FAIL(expired_ed_id, /* ed25519 */
{
/* we're going to replace the Ed Id->sign cert with an expired one. */
require_failure_message = "At least one certificate expired";
/* We don't need to re-sign, since we check for expiration first. */
certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 2);
uint8_t *body = certs_cell_cert_getarray_body(cert);
/* The expiration field is bytes [2..5]. It is in HOURS since the
* epoch. */
set_uint32(body+2, htonl(24)); /* Back to jan 2, 1970. */
REENCODE();
})
CERTS_FAIL(expired_ed_link, /* ed25519 */
{
/* we're going to replace the Ed Sign->link cert with an expired one. */
require_failure_message = "At least one certificate expired";
/* We don't need to re-sign, since we check for expiration first. */
certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 3);
uint8_t *body = certs_cell_cert_getarray_body(cert);
/* The expiration field is bytes [2..5]. It is in HOURS since the
* epoch. */
set_uint32(body+2, htonl(24)); /* Back to jan 2, 1970. */
REENCODE();
})
CERTS_FAIL(expired_crosscert, /* ed25519 */
{
/* we're going to replace the Ed Sign->link cert with an expired one. */
require_failure_message = "Crosscert is expired";
/* We don't need to re-sign, since we check for expiration first. */
certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 4);
uint8_t *body = certs_cell_cert_getarray_body(cert);
/* The expiration field is bytes [32..35]. once again, HOURS. */
set_uint32(body+32, htonl(24)); /* Back to jan 2, 1970. */
REENCODE();
})
CERTS_FAIL(wrong_labels_1,
{
require_failure_message = "The link certificate was not valid";
@ -612,14 +847,16 @@ CERTS_FAIL(wrong_labels_2,
})
CERTS_FAIL(wrong_labels_3,
{
require_failure_message = "The certs we wanted were missing";
require_failure_message =
"The certs we wanted (ID, Link) were missing";
certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
REENCODE();
})
CERTS_FAIL(server_missing_certs,
{
require_failure_message = "The certs we wanted were missing";
require_failure_message =
"The certs we wanted (ID, Auth) were missing";
d->c->handshake_state->started_here = 0;
d->c->handshake_state->certs->started_here = 0;
@ -1214,10 +1451,32 @@ struct testcase_t link_handshake_tests[] = {
TEST_RCV_CERTS(truncated_1),
TEST_RCV_CERTS(truncated_2),
TEST_RCV_CERTS(truncated_3),
TEST_RCV_CERTS_ED(truncated_4, "Ed25519-Link"),
TEST_RCV_CERTS_ED(truncated_5, "Ed25519-Link"),
TEST_RCV_CERTS_ED(truncated_6, "Ed25519-Link"),
TEST_RCV_CERTS_ED(truncated_7, "Ed25519-Link"),
TEST_RCV_CERTS(not_x509),
TEST_RCV_CERTS(both_link),
TEST_RCV_CERTS(both_id_rsa),
TEST_RCV_CERTS(both_auth),
TEST_RCV_CERTS_ED(duplicate_id, "Ed25519-Link"),
TEST_RCV_CERTS_ED(duplicate_link, "Ed25519-Link"),
TEST_RCV_CERTS_ED(duplicate_crosscert, "Ed25519-Link"),
TEST_RCV_CERTS_ED(missing_crosscert, "Ed25519-Link"),
TEST_RCV_CERTS_ED(missing_id, "Ed25519-Link"),
TEST_RCV_CERTS_ED(missing_signing_key, "Ed25519-Link"),
TEST_RCV_CERTS_ED(missing_link, "Ed25519-Link"),
TEST_RCV_CERTS_ED(missing_auth, "Ed25519-Auth"),
TEST_RCV_CERTS_ED(missing_rsa_id, "Ed25519-Link"),
TEST_RCV_CERTS_ED(link_mismatch, "Ed25519-Link"),
TEST_RCV_CERTS_ED(bad_ed_sig, "Ed25519-Link"),
TEST_RCV_CERTS_ED(bad_rsa_id_cert, "Ed25519-Link"),
TEST_RCV_CERTS_ED(bad_crosscert, "Ed25519-Link"),
TEST_RCV_CERTS_RSA(expired_rsa_id, "RSA-Link"),
TEST_RCV_CERTS_ED(expired_rsa_id, "Ed25519-Link"),
TEST_RCV_CERTS_ED(expired_ed_id, "Ed25519-Link"),
TEST_RCV_CERTS_ED(expired_ed_link, "Ed25519-Link"),
TEST_RCV_CERTS_ED(expired_crosscert, "Ed25519-Link"),
TEST_RCV_CERTS(wrong_labels_1),
TEST_RCV_CERTS(wrong_labels_2),
TEST_RCV_CERTS(wrong_labels_3),