/* Using the query which is the base64 encoded blinded key of a version 3
* descriptor, lookup in our directory cache the entry. If found, 1 is
* returned and desc_out is populated with a newly allocated string being the
* encoded descriptor. If not found, 0 is returned and desc_out is untouched.
* On error, a negative value is returned and desc_out is untouched. */
static int
cache_lookup_v3_as_dir(const char *query, const char **desc_out)
{
int found = 0;
ed25519_public_key_t blinded_key;
const hs_cache_dir_descriptor_t *entry;
tor_assert(query);
/* Decode blinded key using the given query value. */
if (ed25519_public_from_base64(&blinded_key, query) < 0) {
log_info(LD_REND, "Unable to decode the v3 HSDir query %s.",
safe_str_client(query));
goto err;
}
entry = lookup_v3_desc_as_dir(blinded_key.pubkey);
if (entry != NULL) {
found = 1;
if (desc_out) {
*desc_out = entry->encoded_desc;
}
}
return found;
err:
return -1;
}
static void
test_routerkeys_cross_certify_ntor(void *args)
{
(void) args;
tor_cert_t *cert = NULL;
curve25519_keypair_t onion_keys;
ed25519_public_key_t master_key;
ed25519_public_key_t onion_check_key;
time_t now = time(NULL);
int sign;
tt_int_op(0, OP_EQ, ed25519_public_from_base64(&master_key,
"IamwritingthesetestsOnARainyAfternoonin2014"));
tt_int_op(0, OP_EQ, curve25519_keypair_generate(&onion_keys, 0));
cert = make_ntor_onion_key_crosscert(&onion_keys,
&master_key,
now, 10000,
&sign);
tt_assert(cert);
tt_assert(sign == 0 || sign == 1);
tt_int_op(cert->cert_type, OP_EQ, CERT_TYPE_ONION_ID);
tt_int_op(1, OP_EQ, ed25519_pubkey_eq(&cert->signed_key, &master_key));
tt_int_op(0, OP_EQ, ed25519_public_key_from_curve25519_public_key(
&onion_check_key, &onion_keys.pubkey, sign));
tt_int_op(0, OP_EQ, tor_cert_checksig(cert, &onion_check_key, now));
done:
tor_cert_free(cert);
}
static void
test_routerkeys_rsa_ed_crosscert(void *arg)
{
(void)arg;
ed25519_public_key_t ed;
crypto_pk_t *rsa = pk_generate(2);
uint8_t *cc = NULL;
ssize_t cc_len;
time_t expires_in = 1470846177;
tt_int_op(0, OP_EQ, ed25519_public_from_base64(&ed,
"ThisStringCanContainAnythingSoNoKeyHereNowX"));
cc_len = tor_make_rsa_ed25519_crosscert(&ed, rsa, expires_in, &cc);
tt_int_op(cc_len, OP_GT, 0);
tt_int_op(cc_len, OP_GT, 37); /* key, expires, siglen */
tt_mem_op(cc, OP_EQ, ed.pubkey, 32);
time_t expires_out = 3600 * ntohl(get_uint32(cc+32));
tt_int_op(expires_out, OP_GE, expires_in);
tt_int_op(expires_out, OP_LE, expires_in + 3600);
tt_int_op(cc_len, OP_EQ, 37 + get_uint8(cc+36));
tt_int_op(0, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
expires_in - 10));
/* Now try after it has expired */
tt_int_op(-4, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
expires_out + 1));
/* Truncated object */
tt_int_op(-2, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len - 2, rsa, &ed,
expires_in - 10));
/* Key not as expected */
cc[0] ^= 3;
tt_int_op(-3, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
expires_in - 10));
cc[0] ^= 3;
/* Bad signature */
cc[40] ^= 3;
tt_int_op(-5, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
expires_in - 10));
cc[40] ^= 3;
/* Signature of wrong data */
cc[0] ^= 3;
ed.pubkey[0] ^= 3;
tt_int_op(-6, OP_EQ, rsa_ed25519_crosscert_check(cc, cc_len, rsa, &ed,
expires_in - 10));
cc[0] ^= 3;
ed.pubkey[0] ^= 3;
done:
crypto_pk_free(rsa);
tor_free(cc);
}
static void
test_routerkeys_cross_certify_tap(void *args)
{
(void)args;
uint8_t *cc = NULL;
int cc_len;
ed25519_public_key_t master_key;
crypto_pk_t *onion_key = pk_generate(2), *id_key = pk_generate(1);
char digest[20];
char buf[128];
int n;
tt_int_op(0, OP_EQ, ed25519_public_from_base64(&master_key,
"IAlreadyWroteTestsForRouterdescsUsingTheseX"));
cc = make_tap_onion_key_crosscert(onion_key,
&master_key,
id_key, &cc_len);
tt_assert(cc);
tt_assert(cc_len);
n = crypto_pk_public_checksig(onion_key, buf, sizeof(buf),
(char*)cc, cc_len);
tt_int_op(n,OP_GT,0);
tt_int_op(n,OP_EQ,52);
crypto_pk_get_digest(id_key, digest);
tt_mem_op(buf,OP_EQ,digest,20);
tt_mem_op(buf+20,OP_EQ,master_key.pubkey,32);
tt_int_op(0, OP_EQ, check_tap_onion_key_crosscert(cc, cc_len,
onion_key, &master_key, (uint8_t*)digest));
done:
tor_free(cc);
crypto_pk_free(id_key);
crypto_pk_free(onion_key);
}