static void
test_crypto_pbkdf2_vectors(void *arg)
{
char *mem_op_hex_tmp = NULL;
uint8_t spec[64], out[64];
(void)arg;
/* Test vectors from RFC6070, section 2 */
base16_decode((char*)spec, sizeof(spec),
"73616c74" "00" , 10);
memset(out, 0x00, sizeof(out));
tt_int_op(20, OP_EQ,
secret_to_key_compute_key(out, 20, spec, 5, "password", 8, 1));
test_memeq_hex(out, "0c60c80f961f0e71f3a9b524af6012062fe037a6");
base16_decode((char*)spec, sizeof(spec),
"73616c74" "01" , 10);
memset(out, 0x00, sizeof(out));
tt_int_op(20, OP_EQ,
secret_to_key_compute_key(out, 20, spec, 5, "password", 8, 1));
test_memeq_hex(out, "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957");
base16_decode((char*)spec, sizeof(spec),
"73616c74" "0C" , 10);
memset(out, 0x00, sizeof(out));
tt_int_op(20, OP_EQ,
secret_to_key_compute_key(out, 20, spec, 5, "password", 8, 1));
test_memeq_hex(out, "4b007901b765489abead49d926f721d065a429c1");
/* This is the very slow one here. When enabled, it accounts for roughly
* half the time spent in test-slow. */
/*
base16_decode((char*)spec, sizeof(spec),
"73616c74" "18" , 10);
memset(out, 0x00, sizeof(out));
tt_int_op(20, OP_EQ,
secret_to_key_compute_key(out, 20, spec, 5, "password", 8, 1));
test_memeq_hex(out, "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984");
*/
base16_decode((char*)spec, sizeof(spec),
"73616c7453414c5473616c7453414c5473616c745"
"3414c5473616c7453414c5473616c74" "0C" , 74);
memset(out, 0x00, sizeof(out));
tt_int_op(25, OP_EQ,
secret_to_key_compute_key(out, 25, spec, 37,
"passwordPASSWORDpassword", 24, 1));
test_memeq_hex(out, "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038");
base16_decode((char*)spec, sizeof(spec),
"7361006c74" "0c" , 12);
memset(out, 0x00, sizeof(out));
tt_int_op(16, OP_EQ,
secret_to_key_compute_key(out, 16, spec, 6, "pass\0word", 9, 1));
test_memeq_hex(out, "56fa6aa75548099dcc37d7f03425e0c3");
done:
tor_free(mem_op_hex_tmp);
}
static void
test_crypto_hkdf_sha256(void *arg)
{
uint8_t key_material[100];
const uint8_t salt[] = "ntor-curve25519-sha256-1:key_extract";
const size_t salt_len = strlen((char*)salt);
const uint8_t m_expand[] = "ntor-curve25519-sha256-1:key_expand";
const size_t m_expand_len = strlen((char*)m_expand);
int r;
char *mem_op_hex_tmp = NULL;
(void)arg;
#define EXPAND(s) \
r = crypto_expand_key_material_rfc5869_sha256( \
(const uint8_t*)(s), strlen(s), \
salt, salt_len, \
m_expand, m_expand_len, \
key_material, 100)
/* Test vectors generated with ntor_ref.py */
memset(key_material, 0, sizeof(key_material));
EXPAND("");
tt_int_op(r, ==, 0);
test_memeq_hex(key_material,
"d3490ed48b12a48f9547861583573fe3f19aafe3f81dc7fc75"
"eeed96d741b3290f941576c1f9f0b2d463d1ec7ab2c6bf71cd"
"d7f826c6298c00dbfe6711635d7005f0269493edf6046cc7e7"
"dcf6abe0d20c77cf363e8ffe358927817a3d3e73712cee28d8");
EXPAND("Tor");
tt_int_op(r, ==, 0);
test_memeq_hex(key_material,
"5521492a85139a8d9107a2d5c0d9c91610d0f95989975ebee6"
"c02a4f8d622a6cfdf9b7c7edd3832e2760ded1eac309b76f8d"
"66c4a3c4d6225429b3a016e3c3d45911152fc87bc2de9630c3"
"961be9fdb9f93197ea8e5977180801926d3321fa21513e59ac");
EXPAND("AN ALARMING ITEM TO FIND ON YOUR CREDIT-RATING STATEMENT");
tt_int_op(r, ==, 0);
test_memeq_hex(key_material,
"a2aa9b50da7e481d30463adb8f233ff06e9571a0ca6ab6df0f"
"b206fa34e5bc78d063fc291501beec53b36e5a0e434561200c"
"5f8bd13e0f88b3459600b4dc21d69363e2895321c06184879d"
"94b18f078411be70b767c7fc40679a9440a0c95ea83a23efbf");
done:
tor_free(mem_op_hex_tmp);
#undef EXPAND
}
static void
test_crypto_kdf_TAP(void *arg)
{
uint8_t key_material[100];
int r;
char *mem_op_hex_tmp = NULL;
(void)arg;
#define EXPAND(s) \
r = crypto_expand_key_material_TAP( \
(const uint8_t*)(s), strlen(s), \
key_material, 100)
/* Test vectors generated with a little python script; feel free to write
* your own. */
memset(key_material, 0, sizeof(key_material));
EXPAND("");
tt_int_op(r, ==, 0);
test_memeq_hex(key_material,
"5ba93c9db0cff93f52b521d7420e43f6eda2784fbf8b4530d8"
"d246dd74ac53a13471bba17941dff7c4ea21bb365bbeeaf5f2"
"c654883e56d11e43c44e9842926af7ca0a8cca12604f945414"
"f07b01e13da42c6cf1de3abfdea9b95f34687cbbe92b9a7383");
EXPAND("Tor");
tt_int_op(r, ==, 0);
test_memeq_hex(key_material,
"776c6214fc647aaa5f683c737ee66ec44f03d0372e1cce6922"
"7950f236ddf1e329a7ce7c227903303f525a8c6662426e8034"
"870642a6dabbd41b5d97ec9bf2312ea729992f48f8ea2d0ba8"
"3f45dfda1a80bdc8b80de01b23e3e0ffae099b3e4ccf28dc28");
EXPAND("AN ALARMING ITEM TO FIND ON A MONTHLY AUTO-DEBIT NOTICE");
tt_int_op(r, ==, 0);
test_memeq_hex(key_material,
"a340b5d126086c3ab29c2af4179196dbf95e1c72431419d331"
"4844bf8f6afb6098db952b95581fb6c33625709d6f4400b8e7"
"ace18a70579fad83c0982ef73f89395bcc39493ad53a685854"
"daf2ba9b78733b805d9a6824c907ee1dba5ac27a1e466d4d10");
done:
tor_free(mem_op_hex_tmp);
#undef EXPAND
}
static void
test_ext_or_cookie_auth_testvec(void *arg)
{
char *reply=NULL, *client_hash=NULL;
size_t reply_len;
char *mem_op_hex_tmp=NULL;
const char client_nonce[] = "But when I look ahead up the whi";
(void)arg;
ext_or_auth_cookie = tor_malloc_zero(32);
memcpy(ext_or_auth_cookie, "Gliding wrapt in a brown mantle," , 32);
ext_or_auth_cookie_is_set = 1;
MOCK(crypto_rand, crypto_rand_return_tse_str);
tt_int_op(0, OP_EQ,
handle_client_auth_nonce(client_nonce, 32, &client_hash, &reply,
&reply_len));
tt_ptr_op(reply, OP_NE, NULL );
tt_uint_op(reply_len, OP_EQ, 64);
tt_mem_op(reply+32,OP_EQ, "te road There is always another ", 32);
/* HMACSHA256("Gliding wrapt in a brown mantle,"
* "ExtORPort authentication server-to-client hash"
* "But when I look ahead up the write road There is always another ");
*/
test_memeq_hex(reply,
"ec80ed6e546d3b36fdfc22fe1315416b"
"029f1ade7610d910878b62eeb7403821");
/* HMACSHA256("Gliding wrapt in a brown mantle,"
* "ExtORPort authentication client-to-server hash"
* "But when I look ahead up the write road There is always another ");
* (Both values computed using Python CLI.)
*/
test_memeq_hex(client_hash,
"ab391732dd2ed968cd40c087d1b1f25b"
"33b3cd77ff79bd80c2074bbf438119a2");
done:
UNMOCK(crypto_rand);
tor_free(reply);
tor_free(client_hash);
tor_free(mem_op_hex_tmp);
}
static void
test_crypto_curve25519_impl(void *arg)
{
/* adapted from curve25519_donna, which adapted it from test-curve25519
version 20050915, by D. J. Bernstein, Public domain. */
const int randomize_high_bit = (arg != NULL);
#ifdef SLOW_CURVE25519_TEST
const int loop_max=10000;
const char e1_expected[] = "4faf81190869fd742a33691b0e0824d5"
"7e0329f4dd2819f5f32d130f1296b500";
const char e2k_expected[] = "05aec13f92286f3a781ccae98995a3b9"
"e0544770bc7de853b38f9100489e3e79";
const char e1e2k_expected[] = "cd6e8269104eb5aaee886bd2071fba88"
"bd13861475516bc2cd2b6e005e805064";
#else
const int loop_max=200;
const char e1_expected[] = "bc7112cde03f97ef7008cad1bdc56be3"
"c6a1037d74cceb3712e9206871dcf654";
const char e2k_expected[] = "dd8fa254fb60bdb5142fe05b1f5de44d"
"8e3ee1a63c7d14274ea5d4c67f065467";
const char e1e2k_expected[] = "7ddb98bd89025d2347776b33901b3e7e"
"c0ee98cb2257a4545c0cfb2ca3e1812b";
#endif
unsigned char e1k[32];
unsigned char e2k[32];
unsigned char e1e2k[32];
unsigned char e2e1k[32];
unsigned char e1[32] = {3};
unsigned char e2[32] = {5};
unsigned char k[32] = {9};
int loop, i;
char *mem_op_hex_tmp = NULL;
for (loop = 0; loop < loop_max; ++loop) {
curve25519_impl(e1k,e1,k);
curve25519_impl(e2e1k,e2,e1k);
curve25519_impl(e2k,e2,k);
if (randomize_high_bit) {
/* We require that the high bit of the public key be ignored. So if
* we're doing this variant test, we randomize the high bit of e2k, and
* make sure that the handshake still works out the same as it would
* otherwise. */
uint8_t byte;
crypto_rand((char*)&byte, 1);
e2k[31] |= (byte & 0x80);
}
curve25519_impl(e1e2k,e1,e2k);
test_memeq(e1e2k, e2e1k, 32);
if (loop == loop_max-1) {
break;
}
for (i = 0;i < 32;++i) e1[i] ^= e2k[i];
for (i = 0;i < 32;++i) e2[i] ^= e1k[i];
for (i = 0;i < 32;++i) k[i] ^= e1e2k[i];
}
test_memeq_hex(e1, e1_expected);
test_memeq_hex(e2k, e2k_expected);
test_memeq_hex(e1e2k, e1e2k_expected);
done:
tor_free(mem_op_hex_tmp);
}
/** Run unit tests for our SHA-1 functionality */
static void
test_crypto_sha(void)
{
crypto_digest_t *d1 = NULL, *d2 = NULL;
int i;
char key[160];
char digest[32];
char data[50];
char d_out1[DIGEST_LEN], d_out2[DIGEST256_LEN];
char *mem_op_hex_tmp=NULL;
/* Test SHA-1 with a test vector from the specification. */
i = crypto_digest(data, "abc", 3);
test_memeq_hex(data, "A9993E364706816ABA3E25717850C26C9CD0D89D");
tt_int_op(i, ==, 0);
/* Test SHA-256 with a test vector from the specification. */
i = crypto_digest256(data, "abc", 3, DIGEST_SHA256);
test_memeq_hex(data, "BA7816BF8F01CFEA414140DE5DAE2223B00361A3"
"96177A9CB410FF61F20015AD");
tt_int_op(i, ==, 0);
/* Test HMAC-SHA-1 with test cases from RFC2202. */
/* Case 1. */
memset(key, 0x0b, 20);
crypto_hmac_sha1(digest, key, 20, "Hi There", 8);
test_streq(hex_str(digest, 20),
"B617318655057264E28BC0B6FB378C8EF146BE00");
/* Case 2. */
crypto_hmac_sha1(digest, "Jefe", 4, "what do ya want for nothing?", 28);
test_streq(hex_str(digest, 20),
"EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
/* Case 4. */
base16_decode(key, 25,
"0102030405060708090a0b0c0d0e0f10111213141516171819", 50);
memset(data, 0xcd, 50);
crypto_hmac_sha1(digest, key, 25, data, 50);
test_streq(hex_str(digest, 20),
"4C9007F4026250C6BC8414F9BF50C86C2D7235DA");
/* Case 5. */
memset(key, 0xaa, 80);
crypto_hmac_sha1(digest, key, 80,
"Test Using Larger Than Block-Size Key - Hash Key First",
54);
test_streq(hex_str(digest, 20),
"AA4AE5E15272D00E95705637CE8A3B55ED402112");
/* Test HMAC-SHA256 with test cases from wikipedia and RFC 4231 */
/* Case empty (wikipedia) */
crypto_hmac_sha256(digest, "", 0, "", 0);
test_streq(hex_str(digest, 32),
"B613679A0814D9EC772F95D778C35FC5FF1697C493715653C6C712144292C5AD");
/* Case quick-brown (wikipedia) */
crypto_hmac_sha256(digest, "key", 3,
"The quick brown fox jumps over the lazy dog", 43);
test_streq(hex_str(digest, 32),
"F7BC83F430538424B13298E6AA6FB143EF4D59A14946175997479DBC2D1A3CD8");
/* "Test Case 1" from RFC 4231 */
memset(key, 0x0b, 20);
crypto_hmac_sha256(digest, key, 20, "Hi There", 8);
test_memeq_hex(digest,
"b0344c61d8db38535ca8afceaf0bf12b"
"881dc200c9833da726e9376c2e32cff7");
/* "Test Case 2" from RFC 4231 */
memset(key, 0x0b, 20);
crypto_hmac_sha256(digest, "Jefe", 4, "what do ya want for nothing?", 28);
test_memeq_hex(digest,
"5bdcc146bf60754e6a042426089575c7"
"5a003f089d2739839dec58b964ec3843");
/* "Test case 3" from RFC 4231 */
memset(key, 0xaa, 20);
memset(data, 0xdd, 50);
crypto_hmac_sha256(digest, key, 20, data, 50);
test_memeq_hex(digest,
"773ea91e36800e46854db8ebd09181a7"
"2959098b3ef8c122d9635514ced565fe");
/* "Test case 4" from RFC 4231 */
base16_decode(key, 25,
"0102030405060708090a0b0c0d0e0f10111213141516171819", 50);
memset(data, 0xcd, 50);
crypto_hmac_sha256(digest, key, 25, data, 50);
test_memeq_hex(digest,
"82558a389a443c0ea4cc819899f2083a"
"85f0faa3e578f8077a2e3ff46729665b");
/* "Test case 5" from RFC 4231 */
memset(key, 0x0c, 20);
crypto_hmac_sha256(digest, key, 20, "Test With Truncation", 20);
test_memeq_hex(digest,
"a3b6167473100ee06e0c796c2955552b");
/* "Test case 6" from RFC 4231 */
memset(key, 0xaa, 131);
crypto_hmac_sha256(digest, key, 131,
"Test Using Larger Than Block-Size Key - Hash Key First",
54);
test_memeq_hex(digest,
"60e431591ee0b67f0d8a26aacbf5b77f"
"8e0bc6213728c5140546040f0ee37f54");
/* "Test case 7" from RFC 4231 */
memset(key, 0xaa, 131);
crypto_hmac_sha256(digest, key, 131,
"This is a test using a larger than block-size key and a "
"larger than block-size data. The key needs to be hashed "
"before being used by the HMAC algorithm.", 152);
test_memeq_hex(digest,
"9b09ffa71b942fcb27635fbcd5b0e944"
"bfdc63644f0713938a7f51535c3a35e2");
/* Incremental digest code. */
d1 = crypto_digest_new();
test_assert(d1);
crypto_digest_add_bytes(d1, "abcdef", 6);
d2 = crypto_digest_dup(d1);
test_assert(d2);
crypto_digest_add_bytes(d2, "ghijkl", 6);
crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
crypto_digest(d_out2, "abcdefghijkl", 12);
test_memeq(d_out1, d_out2, DIGEST_LEN);
crypto_digest_assign(d2, d1);
crypto_digest_add_bytes(d2, "mno", 3);
crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
crypto_digest(d_out2, "abcdefmno", 9);
test_memeq(d_out1, d_out2, DIGEST_LEN);
crypto_digest_get_digest(d1, d_out1, sizeof(d_out1));
crypto_digest(d_out2, "abcdef", 6);
test_memeq(d_out1, d_out2, DIGEST_LEN);
crypto_digest_free(d1);
crypto_digest_free(d2);
/* Incremental digest code with sha256 */
d1 = crypto_digest256_new(DIGEST_SHA256);
test_assert(d1);
crypto_digest_add_bytes(d1, "abcdef", 6);
d2 = crypto_digest_dup(d1);
test_assert(d2);
crypto_digest_add_bytes(d2, "ghijkl", 6);
crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
crypto_digest256(d_out2, "abcdefghijkl", 12, DIGEST_SHA256);
test_memeq(d_out1, d_out2, DIGEST_LEN);
crypto_digest_assign(d2, d1);
crypto_digest_add_bytes(d2, "mno", 3);
crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
crypto_digest256(d_out2, "abcdefmno", 9, DIGEST_SHA256);
test_memeq(d_out1, d_out2, DIGEST_LEN);
crypto_digest_get_digest(d1, d_out1, sizeof(d_out1));
crypto_digest256(d_out2, "abcdef", 6, DIGEST_SHA256);
test_memeq(d_out1, d_out2, DIGEST_LEN);
done:
if (d1)
crypto_digest_free(d1);
if (d2)
crypto_digest_free(d2);
tor_free(mem_op_hex_tmp);
}
/** Run unit tests for our AES functionality */
static void
test_crypto_aes(void *arg)
{
char *data1 = NULL, *data2 = NULL, *data3 = NULL;
crypto_cipher_t *env1 = NULL, *env2 = NULL;
int i, j;
char *mem_op_hex_tmp=NULL;
int use_evp = !strcmp(arg,"evp");
evaluate_evp_for_aes(use_evp);
evaluate_ctr_for_aes();
data1 = tor_malloc(1024);
data2 = tor_malloc(1024);
data3 = tor_malloc(1024);
/* Now, test encryption and decryption with stream cipher. */
data1[0]='\0';
for (i = 1023; i>0; i -= 35)
strncat(data1, "Now is the time for all good onions", i);
memset(data2, 0, 1024);
memset(data3, 0, 1024);
env1 = crypto_cipher_new(NULL);
test_neq_ptr(env1, 0);
env2 = crypto_cipher_new(crypto_cipher_get_key(env1));
test_neq_ptr(env2, 0);
/* Try encrypting 512 chars. */
crypto_cipher_encrypt(env1, data2, data1, 512);
crypto_cipher_decrypt(env2, data3, data2, 512);
test_memeq(data1, data3, 512);
test_memneq(data1, data2, 512);
/* Now encrypt 1 at a time, and get 1 at a time. */
for (j = 512; j < 560; ++j) {
crypto_cipher_encrypt(env1, data2+j, data1+j, 1);
}
for (j = 512; j < 560; ++j) {
crypto_cipher_decrypt(env2, data3+j, data2+j, 1);
}
test_memeq(data1, data3, 560);
/* Now encrypt 3 at a time, and get 5 at a time. */
for (j = 560; j < 1024-5; j += 3) {
crypto_cipher_encrypt(env1, data2+j, data1+j, 3);
}
for (j = 560; j < 1024-5; j += 5) {
crypto_cipher_decrypt(env2, data3+j, data2+j, 5);
}
test_memeq(data1, data3, 1024-5);
/* Now make sure that when we encrypt with different chunk sizes, we get
the same results. */
crypto_cipher_free(env2);
env2 = NULL;
memset(data3, 0, 1024);
env2 = crypto_cipher_new(crypto_cipher_get_key(env1));
test_neq_ptr(env2, NULL);
for (j = 0; j < 1024-16; j += 17) {
crypto_cipher_encrypt(env2, data3+j, data1+j, 17);
}
for (j= 0; j < 1024-16; ++j) {
if (data2[j] != data3[j]) {
printf("%d: %d\t%d\n", j, (int) data2[j], (int) data3[j]);
}
}
test_memeq(data2, data3, 1024-16);
crypto_cipher_free(env1);
env1 = NULL;
crypto_cipher_free(env2);
env2 = NULL;
/* NIST test vector for aes. */
/* IV starts at 0 */
env1 = crypto_cipher_new("\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00");
crypto_cipher_encrypt(env1, data1,
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00", 16);
test_memeq_hex(data1, "0EDD33D3C621E546455BD8BA1418BEC8");
/* Now test rollover. All these values are originally from a python
* script. */
crypto_cipher_free(env1);
env1 = crypto_cipher_new_with_iv(
"\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\xff\xff\xff\xff\xff\xff\xff\xff");
memset(data2, 0, 1024);
crypto_cipher_encrypt(env1, data1, data2, 32);
test_memeq_hex(data1, "335fe6da56f843199066c14a00a40231"
"cdd0b917dbc7186908a6bfb5ffd574d3");
crypto_cipher_free(env1);
env1 = crypto_cipher_new_with_iv(
"\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\x00\x00\x00\x00\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff");
memset(data2, 0, 1024);
crypto_cipher_encrypt(env1, data1, data2, 32);
test_memeq_hex(data1, "e627c6423fa2d77832a02b2794094b73"
"3e63c721df790d2c6469cc1953a3ffac");
crypto_cipher_free(env1);
env1 = crypto_cipher_new_with_iv(
"\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff");
memset(data2, 0, 1024);
crypto_cipher_encrypt(env1, data1, data2, 32);
test_memeq_hex(data1, "2aed2bff0de54f9328efd070bf48f70a"
"0EDD33D3C621E546455BD8BA1418BEC8");
/* Now check rollover on inplace cipher. */
crypto_cipher_free(env1);
env1 = crypto_cipher_new_with_iv(
"\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff");
crypto_cipher_crypt_inplace(env1, data2, 64);
test_memeq_hex(data2, "2aed2bff0de54f9328efd070bf48f70a"
"0EDD33D3C621E546455BD8BA1418BEC8"
"93e2c5243d6839eac58503919192f7ae"
"1908e67cafa08d508816659c2e693191");
crypto_cipher_free(env1);
env1 = crypto_cipher_new_with_iv(
"\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff");
crypto_cipher_crypt_inplace(env1, data2, 64);
test_assert(tor_mem_is_zero(data2, 64));
done:
tor_free(mem_op_hex_tmp);
if (env1)
crypto_cipher_free(env1);
if (env2)
crypto_cipher_free(env2);
tor_free(data1);
tor_free(data2);
tor_free(data3);
}
static void
test_crypto_scrypt_vectors(void *arg)
{
char *mem_op_hex_tmp = NULL;
uint8_t spec[64], out[64];
(void)arg;
#ifndef HAVE_LIBSCRYPT_H
if (1)
tt_skip();
#endif
/* Test vectors from
http://tools.ietf.org/html/draft-josefsson-scrypt-kdf-00 section 11.
Note that the names of 'r' and 'N' are switched in that section. Or
possibly in libscrypt.
*/
base16_decode((char*)spec, sizeof(spec),
"0400", 4);
memset(out, 0x00, sizeof(out));
tt_int_op(64, OP_EQ,
secret_to_key_compute_key(out, 64, spec, 2, "", 0, 2));
test_memeq_hex(out,
"77d6576238657b203b19ca42c18a0497"
"f16b4844e3074ae8dfdffa3fede21442"
"fcd0069ded0948f8326a753a0fc81f17"
"e8d3e0fb2e0d3628cf35e20c38d18906");
base16_decode((char*)spec, sizeof(spec),
"4e61436c" "0A34", 12);
memset(out, 0x00, sizeof(out));
tt_int_op(64, OP_EQ,
secret_to_key_compute_key(out, 64, spec, 6, "password", 8, 2));
test_memeq_hex(out,
"fdbabe1c9d3472007856e7190d01e9fe"
"7c6ad7cbc8237830e77376634b373162"
"2eaf30d92e22a3886ff109279d9830da"
"c727afb94a83ee6d8360cbdfa2cc0640");
base16_decode((char*)spec, sizeof(spec),
"536f6469756d43686c6f72696465" "0e30", 32);
memset(out, 0x00, sizeof(out));
tt_int_op(64, OP_EQ,
secret_to_key_compute_key(out, 64, spec, 16,
"pleaseletmein", 13, 2));
test_memeq_hex(out,
"7023bdcb3afd7348461c06cd81fd38eb"
"fda8fbba904f8e3ea9b543f6545da1f2"
"d5432955613f0fcf62d49705242a9af9"
"e61e85dc0d651e40dfcf017b45575887");
base16_decode((char*)spec, sizeof(spec),
"536f6469756d43686c6f72696465" "1430", 32);
memset(out, 0x00, sizeof(out));
tt_int_op(64, OP_EQ,
secret_to_key_compute_key(out, 64, spec, 16,
"pleaseletmein", 13, 2));
test_memeq_hex(out,
"2101cb9b6a511aaeaddbbe09cf70f881"
"ec568d574a2ffd4dabe5ee9820adaa47"
"8e56fd8f4ba5d09ffa1c6d927c40f4c3"
"37304049e8a952fbcbf45c6fa77a41a4");
done:
tor_free(mem_op_hex_tmp);
}
/** More tests for parsing different kinds of microdescriptors, and getting
* invalid digests trackd from them. */
static void
test_md_parse(void *arg)
{
(void) arg;
char *mem_op_hex_tmp = NULL;
smartlist_t *invalid = smartlist_new();
smartlist_t *mds = microdescs_parse_from_string(MD_PARSE_TEST_DATA,
NULL, 1, SAVED_NOWHERE,
invalid);
tt_int_op(smartlist_len(mds), OP_EQ, 11);
tt_int_op(smartlist_len(invalid), OP_EQ, 4);
test_memeq_hex(smartlist_get(invalid,0),
"5d76bf1c6614e885614a1e0ad074e1ab"
"4ea14655ebeefb1736a71b5ed8a15a51");
test_memeq_hex(smartlist_get(invalid,1),
"2fde0ee3343669c2444cd9d53cbd39c6"
"a7d1fc0513513e840ca7f6e68864b36c");
test_memeq_hex(smartlist_get(invalid,2),
"20d1576c5ab11bbcff0dedb1db4a3cfc"
"c8bc8dd839d8cbfef92d00a1a7d7b294");
test_memeq_hex(smartlist_get(invalid,3),
"074770f394c73dbde7b44412e9692add"
"691a478d4727f9804b77646c95420a96");
/* Spot-check the valid ones. */
const microdesc_t *md = smartlist_get(mds, 5);
test_memeq_hex(md->digest,
"54bb6d733ddeb375d2456c79ae103961"
"da0cae29620375ac4cf13d54da4d92b3");
tt_int_op(md->last_listed, OP_EQ, 0);
tt_int_op(md->saved_location, OP_EQ, SAVED_NOWHERE);
tt_int_op(md->no_save, OP_EQ, 0);
tt_uint_op(md->held_in_map, OP_EQ, 0);
tt_uint_op(md->held_by_nodes, OP_EQ, 0);
tt_assert(md->onion_curve25519_pkey);
md = smartlist_get(mds, 6);
test_memeq_hex(md->digest,
"53f740bd222ab37f19f604b1d3759aa6"
"5eff1fbce9ac254bd0fa50d4af9b1bae");
tt_assert(! md->exit_policy);
md = smartlist_get(mds, 8);
test_memeq_hex(md->digest,
"a0a155562d8093d8fd0feb7b93b7226e"
"17f056c2142aab7a4ea8c5867a0376d5");
tt_assert(md->onion_curve25519_pkey);
md = smartlist_get(mds, 10);
test_memeq_hex(md->digest,
"409ebd87d23925a2732bd467a92813c9"
"21ca378fcb9ca193d354c51550b6d5e9");
tt_assert(tor_addr_family(&md->ipv6_addr) == AF_INET6);
tt_int_op(md->ipv6_orport, OP_EQ, 9090);
done:
SMARTLIST_FOREACH(mds, microdesc_t *, mdsc, microdesc_free(mdsc));
smartlist_free(mds);
SMARTLIST_FOREACH(invalid, char *, cp, tor_free(cp));
smartlist_free(invalid);
tor_free(mem_op_hex_tmp);
}
static void
test_cfmt_connected_cells(void *arg)
{
relay_header_t rh;
cell_t cell;
tor_addr_t addr;
int ttl, r;
char *mem_op_hex_tmp = NULL;
(void)arg;
/* Let's try an oldschool one with nothing in it. */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED, "", 0);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, 0);
tt_int_op(tor_addr_family(&addr), ==, AF_UNSPEC);
tt_int_op(ttl, ==, -1);
/* A slightly less oldschool one: only an IPv4 address */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED, "\x20\x30\x40\x50", 4);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, 0);
tt_int_op(tor_addr_family(&addr), ==, AF_INET);
tt_str_op(fmt_addr(&addr), ==, "32.48.64.80");
tt_int_op(ttl, ==, -1);
/* Bogus but understandable: truncated TTL */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED, "\x11\x12\x13\x14\x15", 5);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, 0);
tt_int_op(tor_addr_family(&addr), ==, AF_INET);
tt_str_op(fmt_addr(&addr), ==, "17.18.19.20");
tt_int_op(ttl, ==, -1);
/* Regular IPv4 one: address and TTL */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
"\x02\x03\x04\x05\x00\x00\x0e\x10", 8);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, 0);
tt_int_op(tor_addr_family(&addr), ==, AF_INET);
tt_str_op(fmt_addr(&addr), ==, "2.3.4.5");
tt_int_op(ttl, ==, 3600);
/* IPv4 with too-big TTL */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
"\x02\x03\x04\x05\xf0\x00\x00\x00", 8);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, 0);
tt_int_op(tor_addr_family(&addr), ==, AF_INET);
tt_str_op(fmt_addr(&addr), ==, "2.3.4.5");
tt_int_op(ttl, ==, -1);
/* IPv6 (ttl is mandatory) */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
"\x00\x00\x00\x00\x06"
"\x26\x07\xf8\xb0\x40\x0c\x0c\x02"
"\x00\x00\x00\x00\x00\x00\x00\x68"
"\x00\x00\x02\x58", 25);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, 0);
tt_int_op(tor_addr_family(&addr), ==, AF_INET6);
tt_str_op(fmt_addr(&addr), ==, "2607:f8b0:400c:c02::68");
tt_int_op(ttl, ==, 600);
/* IPv6 (ttl too big) */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
"\x00\x00\x00\x00\x06"
"\x26\x07\xf8\xb0\x40\x0c\x0c\x02"
"\x00\x00\x00\x00\x00\x00\x00\x68"
"\x90\x00\x02\x58", 25);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, 0);
tt_int_op(tor_addr_family(&addr), ==, AF_INET6);
tt_str_op(fmt_addr(&addr), ==, "2607:f8b0:400c:c02::68");
tt_int_op(ttl, ==, -1);
/* Bogus size: 3. */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
"\x00\x01\x02", 3);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, -1);
/* Bogus family: 7. */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
"\x00\x00\x00\x00\x07"
"\x26\x07\xf8\xb0\x40\x0c\x0c\x02"
"\x00\x00\x00\x00\x00\x00\x00\x68"
"\x90\x00\x02\x58", 25);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, -1);
/* Truncated IPv6. */
make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
"\x00\x00\x00\x00\x06"
"\x26\x07\xf8\xb0\x40\x0c\x0c\x02"
"\x00\x00\x00\x00\x00\x00\x00\x68"
"\x00\x00\x02", 24);
relay_header_unpack(&rh, cell.payload);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, -1);
/* Now make sure we can generate connected cells correctly. */
/* Try an IPv4 address */
memset(&rh, 0, sizeof(rh));
memset(&cell, 0, sizeof(cell));
tor_addr_parse(&addr, "30.40.50.60");
rh.length = connected_cell_format_payload(cell.payload+RELAY_HEADER_SIZE,
&addr, 128);
tt_int_op(rh.length, ==, 8);
test_memeq_hex(cell.payload+RELAY_HEADER_SIZE, "1e28323c" "00000080");
/* Try parsing it. */
tor_addr_make_unspec(&addr);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, 0);
tt_int_op(tor_addr_family(&addr), ==, AF_INET);
tt_str_op(fmt_addr(&addr), ==, "30.40.50.60");
tt_int_op(ttl, ==, 128);
/* Try an IPv6 address */
memset(&rh, 0, sizeof(rh));
memset(&cell, 0, sizeof(cell));
tor_addr_parse(&addr, "2620::6b0:b:1a1a:0:26e5:480e");
rh.length = connected_cell_format_payload(cell.payload+RELAY_HEADER_SIZE,
&addr, 3600);
tt_int_op(rh.length, ==, 25);
test_memeq_hex(cell.payload + RELAY_HEADER_SIZE,
"00000000" "06"
"2620000006b0000b1a1a000026e5480e" "00000e10");
/* Try parsing it. */
tor_addr_make_unspec(&addr);
r = connected_cell_parse(&rh, &cell, &addr, &ttl);
tt_int_op(r, ==, 0);
tt_int_op(tor_addr_family(&addr), ==, AF_INET6);
tt_str_op(fmt_addr(&addr), ==, "2620:0:6b0:b:1a1a:0:26e5:480e");
tt_int_op(ttl, ==, 3600);
done:
tor_free(mem_op_hex_tmp);
}