static void
test_link_handshake_recv_certs_ok_server(void *arg)
{
certs_data_t *d = arg;
d->c->handshake_state->started_here = 0;
certs_cell_get_certs(d->ccell, 0)->cert_type = 3;
certs_cell_get_certs(d->ccell, 1)->cert_type = 2;
ssize_t n = certs_cell_encode(d->cell->payload, 2048, d->ccell);
tt_int_op(n, >, 0);
d->cell->payload_len = n;
channel_tls_process_certs_cell(d->cell, d->chan);
tt_int_op(0, ==, mock_close_called);
tt_int_op(d->c->handshake_state->authenticated, ==, 0);
tt_int_op(d->c->handshake_state->received_certs_cell, ==, 1);
tt_assert(d->c->handshake_state->id_cert != NULL);
tt_assert(d->c->handshake_state->auth_cert != NULL);
done:
;
}
/* Test good certs cells */
static void
test_link_handshake_certs_ok(void *arg)
{
(void) arg;
or_connection_t *c1 = or_connection_new(CONN_TYPE_OR, AF_INET);
or_connection_t *c2 = or_connection_new(CONN_TYPE_OR, AF_INET);
var_cell_t *cell1 = NULL, *cell2 = NULL;
certs_cell_t *cc1 = NULL, *cc2 = NULL;
channel_tls_t *chan1 = NULL, *chan2 = NULL;
crypto_pk_t *key1 = NULL, *key2 = NULL;
scheduler_init();
MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
MOCK(connection_or_send_netinfo, mock_send_netinfo);
key1 = pk_generate(2);
key2 = pk_generate(3);
/* We need to make sure that our TLS certificates are set up before we can
* actually generate a CERTS cell.
*/
tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
key1, key2, 86400), ==, 0);
c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
c1->link_proto = 3;
tt_int_op(connection_init_or_handshake_state(c1, 1), ==, 0);
c2->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
c2->link_proto = 3;
tt_int_op(connection_init_or_handshake_state(c2, 0), ==, 0);
tt_int_op(0, ==, connection_or_send_certs_cell(c1));
tt_assert(mock_got_var_cell);
cell1 = mock_got_var_cell;
tt_int_op(0, ==, connection_or_send_certs_cell(c2));
tt_assert(mock_got_var_cell);
cell2 = mock_got_var_cell;
tt_int_op(cell1->command, ==, CELL_CERTS);
tt_int_op(cell1->payload_len, >, 1);
tt_int_op(cell2->command, ==, CELL_CERTS);
tt_int_op(cell2->payload_len, >, 1);
tt_int_op(cell1->payload_len, ==,
certs_cell_parse(&cc1, cell1->payload, cell1->payload_len));
tt_int_op(cell2->payload_len, ==,
certs_cell_parse(&cc2, cell2->payload, cell2->payload_len));
tt_int_op(2, ==, cc1->n_certs);
tt_int_op(2, ==, cc2->n_certs);
tt_int_op(certs_cell_get_certs(cc1, 0)->cert_type, ==,
CERTTYPE_RSA1024_ID_AUTH);
tt_int_op(certs_cell_get_certs(cc1, 1)->cert_type, ==,
CERTTYPE_RSA1024_ID_ID);
tt_int_op(certs_cell_get_certs(cc2, 0)->cert_type, ==,
CERTTYPE_RSA1024_ID_LINK);
tt_int_op(certs_cell_get_certs(cc2, 1)->cert_type, ==,
CERTTYPE_RSA1024_ID_ID);
chan1 = tor_malloc_zero(sizeof(*chan1));
channel_tls_common_init(chan1);
c1->chan = chan1;
chan1->conn = c1;
c1->base_.address = tor_strdup("C1");
c1->tls = tor_tls_new(-1, 0);
c1->link_proto = 4;
c1->base_.conn_array_index = -1;
crypto_pk_get_digest(key2, c1->identity_digest);
channel_tls_process_certs_cell(cell2, chan1);
tt_assert(c1->handshake_state->received_certs_cell);
tt_assert(c1->handshake_state->auth_cert == NULL);
tt_assert(c1->handshake_state->id_cert);
tt_assert(! tor_mem_is_zero(
(char*)c1->handshake_state->authenticated_peer_id, 20));
chan2 = tor_malloc_zero(sizeof(*chan2));
channel_tls_common_init(chan2);
c2->chan = chan2;
chan2->conn = c2;
c2->base_.address = tor_strdup("C2");
c2->tls = tor_tls_new(-1, 1);
c2->link_proto = 4;
c2->base_.conn_array_index = -1;
crypto_pk_get_digest(key1, c2->identity_digest);
channel_tls_process_certs_cell(cell1, chan2);
tt_assert(c2->handshake_state->received_certs_cell);
tt_assert(c2->handshake_state->auth_cert);
tt_assert(c2->handshake_state->id_cert);
tt_assert(tor_mem_is_zero(
(char*)c2->handshake_state->authenticated_peer_id, 20));
done:
UNMOCK(tor_tls_cert_matches_key);
UNMOCK(connection_or_write_var_cell_to_buf);
UNMOCK(connection_or_send_netinfo);
connection_free_(TO_CONN(c1));
connection_free_(TO_CONN(c2));
tor_free(cell1);
tor_free(cell2);
certs_cell_free(cc1);
certs_cell_free(cc2);
if (chan1)
circuitmux_free(chan1->base_.cmux);
tor_free(chan1);
if (chan2)
circuitmux_free(chan2->base_.cmux);
tor_free(chan2);
crypto_pk_free(key1);
crypto_pk_free(key2);
}
const struct certs_cell_cert_st *
certs_cell_getconst_certs(const certs_cell_t *inp, size_t idx)
{
return certs_cell_get_certs((certs_cell_t*)inp, idx);
}
