"Fossies" - the Fresh Open Source Software Archive

Member "tor-0.4.1.6/src/test/test_link_handshake.c" (10 Jun 2019, 59566 Bytes) of package /linux/misc/tor-0.4.1.6.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "test_link_handshake.c": 0.4.0.5_vs_0.4.1.5.

    1 /* Copyright (c) 2014-2019, The Tor Project, Inc. */
    2 /* See LICENSE for licensing information */
    3 
    4 #include "orconfig.h"
    5 
    6 #define CHANNELTLS_PRIVATE
    7 #define CONNECTION_PRIVATE
    8 #define TOR_CHANNEL_INTERNAL_
    9 #define TORTLS_PRIVATE
   10 
   11 #include "core/or/or.h"
   12 #include "app/config/config.h"
   13 #include "core/mainloop/connection.h"
   14 #include "core/or/connection_or.h"
   15 #include "core/or/channeltls.h"
   16 #include "trunnel/link_handshake.h"
   17 #include "feature/relay/router.h"
   18 #include "feature/relay/routerkeys.h"
   19 #include "core/or/scheduler.h"
   20 #include "feature/nodelist/torcert.h"
   21 
   22 #include "core/or/or_connection_st.h"
   23 #include "core/or/or_handshake_certs_st.h"
   24 #include "core/or/or_handshake_state_st.h"
   25 #include "core/or/var_cell_st.h"
   26 
   27 #define TOR_X509_PRIVATE
   28 #include "lib/tls/tortls.h"
   29 #include "lib/tls/x509.h"
   30 
   31 #include "test/test.h"
   32 #include "test/log_test_helpers.h"
   33 
   34 static var_cell_t *mock_got_var_cell = NULL;
   35 
   36 static void
   37 mock_write_var_cell(const var_cell_t *vc, or_connection_t *conn)
   38 {
   39   (void)conn;
   40 
   41   var_cell_t *newcell = var_cell_new(vc->payload_len);
   42   memcpy(newcell, vc, sizeof(var_cell_t));
   43   memcpy(newcell->payload, vc->payload, vc->payload_len);
   44 
   45   mock_got_var_cell = newcell;
   46 }
   47 static int
   48 mock_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert)
   49 {
   50   (void) tls;
   51   (void) cert; // XXXX look at this.
   52   return 1;
   53 }
   54 static tor_tls_t *mock_peer_cert_expect_tortls = NULL;
   55 static tor_x509_cert_t *mock_peer_cert = NULL;
   56 static tor_x509_cert_t *
   57 mock_get_peer_cert(tor_tls_t *tls)
   58 {
   59   if (mock_peer_cert_expect_tortls &&
   60       mock_peer_cert_expect_tortls != tls)
   61     return NULL;
   62   return tor_x509_cert_dup(mock_peer_cert);
   63 }
   64 
   65 static int mock_send_netinfo_called = 0;
   66 static int
   67 mock_send_netinfo(or_connection_t *conn)
   68 {
   69   (void) conn;
   70   ++mock_send_netinfo_called;// XXX check_this
   71   return 0;
   72 }
   73 
   74 static int mock_close_called = 0;
   75 static void
   76 mock_close_for_err(or_connection_t *orconn, int flush)
   77 {
   78   (void)orconn;
   79   (void)flush;
   80   ++mock_close_called;
   81 }
   82 
   83 static int mock_send_authenticate_called = 0;
   84 static int mock_send_authenticate_called_with_type = 0;
   85 static int
   86 mock_send_authenticate(or_connection_t *conn, int type)
   87 {
   88   (void) conn;
   89   mock_send_authenticate_called_with_type = type;
   90   ++mock_send_authenticate_called;// XXX check_this
   91   return 0;
   92 }
   93 static int
   94 mock_export_key_material(tor_tls_t *tls, uint8_t *secrets_out,
   95                          const uint8_t *context,
   96                          size_t context_len,
   97                          const char *label)
   98 {
   99   (void) tls;
  100   (void)secrets_out;
  101   (void)context;
  102   (void)context_len;
  103   (void)label;
  104   memcpy(secrets_out, "int getRandomNumber(){return 4;}", 32);
  105   return 0;
  106 }
  107 
  108 static tor_x509_cert_t *mock_own_cert = NULL;
  109 static tor_x509_cert_t *
  110 mock_get_own_cert(tor_tls_t *tls)
  111 {
  112   (void)tls;
  113   return tor_x509_cert_dup(mock_own_cert);
  114 }
  115 
  116 /* Test good certs cells */
  117 static void
  118 test_link_handshake_certs_ok(void *arg)
  119 {
  120   or_connection_t *c1 = or_connection_new(CONN_TYPE_OR, AF_INET);
  121   or_connection_t *c2 = or_connection_new(CONN_TYPE_OR, AF_INET);
  122   var_cell_t *cell1 = NULL, *cell2 = NULL;
  123   certs_cell_t *cc1 = NULL, *cc2 = NULL;
  124   channel_tls_t *chan1 = NULL, *chan2 = NULL;
  125   crypto_pk_t *key1 = NULL, *key2 = NULL;
  126   const int with_ed = !strcmp((const char *)arg, "Ed25519");
  127 
  128   tor_addr_from_ipv4h(&c1->base_.addr, 0x7f000001);
  129   tor_addr_from_ipv4h(&c2->base_.addr, 0x7f000001);
  130 
  131   scheduler_init();
  132 
  133   MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
  134   MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
  135   MOCK(connection_or_send_netinfo, mock_send_netinfo);
  136   MOCK(tor_tls_get_peer_cert, mock_get_peer_cert);
  137   MOCK(tor_tls_get_own_cert, mock_get_own_cert);
  138 
  139   key1 = pk_generate(2);
  140   key2 = pk_generate(3);
  141 
  142   /* We need to make sure that our TLS certificates are set up before we can
  143    * actually generate a CERTS cell.
  144    */
  145   tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
  146                                  key1, key2, 86400), OP_EQ, 0);
  147 
  148   if (with_ed) {
  149     /* If we're making a CERTS cell for an ed handshake, let's make sure we
  150      * have some Ed25519 certificates and keys. */
  151     init_mock_ed_keys(key2);
  152   } else {
  153     certs_cell_ed25519_disabled_for_testing = 1;
  154   }
  155 
  156   /* c1 has started_here == 1 */
  157   {
  158     const tor_x509_cert_t *link_cert = NULL;
  159     tt_assert(!tor_tls_get_my_certs(1, &link_cert, NULL));
  160     mock_own_cert = tor_x509_cert_dup(link_cert);
  161   }
  162 
  163   c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
  164   c1->link_proto = 3;
  165   tt_int_op(connection_init_or_handshake_state(c1, 1), OP_EQ, 0);
  166 
  167   /* c2 has started_here == 0 */
  168   c2->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
  169   c2->link_proto = 3;
  170   tt_int_op(connection_init_or_handshake_state(c2, 0), OP_EQ, 0);
  171 
  172   tt_int_op(0, OP_EQ, connection_or_send_certs_cell(c1));
  173   tt_assert(mock_got_var_cell);
  174   cell1 = mock_got_var_cell;
  175 
  176   tt_int_op(0, OP_EQ, connection_or_send_certs_cell(c2));
  177   tt_assert(mock_got_var_cell);
  178   cell2 = mock_got_var_cell;
  179 
  180   tt_int_op(cell1->command, OP_EQ, CELL_CERTS);
  181   tt_int_op(cell1->payload_len, OP_GT, 1);
  182 
  183   tt_int_op(cell2->command, OP_EQ, CELL_CERTS);
  184   tt_int_op(cell2->payload_len, OP_GT, 1);
  185 
  186   tt_int_op(cell1->payload_len, OP_EQ,
  187             certs_cell_parse(&cc1, cell1->payload, cell1->payload_len));
  188   tt_int_op(cell2->payload_len, OP_EQ,
  189             certs_cell_parse(&cc2, cell2->payload, cell2->payload_len));
  190 
  191   if (with_ed) {
  192     tt_int_op(5, OP_EQ, cc1->n_certs);
  193     tt_int_op(5, OP_EQ, cc2->n_certs);
  194   } else {
  195     tt_int_op(2, OP_EQ, cc1->n_certs);
  196     tt_int_op(2, OP_EQ, cc2->n_certs);
  197   }
  198 
  199   tt_int_op(certs_cell_get_certs(cc1, 0)->cert_type, OP_EQ,
  200             CERTTYPE_RSA1024_ID_AUTH);
  201   tt_int_op(certs_cell_get_certs(cc1, 1)->cert_type, OP_EQ,
  202             CERTTYPE_RSA1024_ID_ID);
  203 
  204   tt_int_op(certs_cell_get_certs(cc2, 0)->cert_type, OP_EQ,
  205             CERTTYPE_RSA1024_ID_LINK);
  206   tt_int_op(certs_cell_get_certs(cc2, 1)->cert_type, OP_EQ,
  207             CERTTYPE_RSA1024_ID_ID);
  208 
  209   if (with_ed) {
  210     tt_int_op(certs_cell_get_certs(cc1, 2)->cert_type, OP_EQ,
  211               CERTTYPE_ED_ID_SIGN);
  212     tt_int_op(certs_cell_get_certs(cc1, 3)->cert_type, OP_EQ,
  213               CERTTYPE_ED_SIGN_AUTH);
  214     tt_int_op(certs_cell_get_certs(cc1, 4)->cert_type, OP_EQ,
  215               CERTTYPE_RSA1024_ID_EDID);
  216 
  217     tt_int_op(certs_cell_get_certs(cc2, 2)->cert_type, OP_EQ,
  218               CERTTYPE_ED_ID_SIGN);
  219     tt_int_op(certs_cell_get_certs(cc2, 3)->cert_type, OP_EQ,
  220               CERTTYPE_ED_SIGN_LINK);
  221     tt_int_op(certs_cell_get_certs(cc2, 4)->cert_type, OP_EQ,
  222               CERTTYPE_RSA1024_ID_EDID);
  223   }
  224 
  225   chan1 = tor_malloc_zero(sizeof(*chan1));
  226   channel_tls_common_init(chan1);
  227   c1->chan = chan1;
  228   chan1->conn = c1;
  229   c1->base_.address = tor_strdup("C1");
  230   c1->tls = tor_tls_new(-1, 0);
  231   c1->link_proto = 4;
  232   c1->base_.conn_array_index = -1;
  233   crypto_pk_get_digest(key2, c1->identity_digest);
  234 
  235   if (with_ed) {
  236     const tor_x509_cert_t *linkc, *idc;
  237     tor_tls_get_my_certs(1, &linkc, &idc);
  238     mock_peer_cert_expect_tortls = c1->tls; /* We should see this tls... */
  239     mock_peer_cert = tor_x509_cert_dup(linkc); /* and when we do, the peer's
  240                                                 *  cert is this... */
  241   }
  242   channel_tls_process_certs_cell(cell2, chan1);
  243   mock_peer_cert_expect_tortls = NULL;
  244   tor_x509_cert_free(mock_peer_cert);
  245   mock_peer_cert = NULL;
  246 
  247   tor_assert(c1->handshake_state->authenticated);
  248 
  249   tt_assert(c1->handshake_state->received_certs_cell);
  250   tt_ptr_op(c1->handshake_state->certs->auth_cert, OP_EQ, NULL);
  251   tt_ptr_op(c1->handshake_state->certs->ed_sign_auth, OP_EQ, NULL);
  252   tt_assert(c1->handshake_state->certs->id_cert);
  253   if (with_ed) {
  254     tt_assert(c1->handshake_state->certs->ed_sign_link);
  255     tt_assert(c1->handshake_state->certs->ed_rsa_crosscert);
  256     tt_assert(c1->handshake_state->certs->ed_id_sign);
  257     tt_assert(c1->handshake_state->authenticated_rsa);
  258     tt_assert(c1->handshake_state->authenticated_ed25519);
  259   } else {
  260     tt_ptr_op(c1->handshake_state->certs->ed_sign_link, OP_EQ, NULL);
  261     tt_ptr_op(c1->handshake_state->certs->ed_rsa_crosscert, OP_EQ, NULL);
  262     tt_ptr_op(c1->handshake_state->certs->ed_id_sign, OP_EQ, NULL);
  263     tt_assert(c1->handshake_state->authenticated_rsa);
  264     tt_assert(! c1->handshake_state->authenticated_ed25519);
  265   }
  266   tt_assert(! fast_mem_is_zero(
  267                 (char*)c1->handshake_state->authenticated_rsa_peer_id, 20));
  268 
  269   chan2 = tor_malloc_zero(sizeof(*chan2));
  270   channel_tls_common_init(chan2);
  271   c2->chan = chan2;
  272   chan2->conn = c2;
  273   c2->base_.address = tor_strdup("C2");
  274   c2->tls = tor_tls_new(-1, 1);
  275   c2->link_proto = 4;
  276   c2->base_.conn_array_index = -1;
  277   crypto_pk_get_digest(key1, c2->identity_digest);
  278 
  279   channel_tls_process_certs_cell(cell1, chan2);
  280 
  281   tt_assert(c2->handshake_state->received_certs_cell);
  282   if (with_ed) {
  283     tt_assert(c2->handshake_state->certs->ed_sign_auth);
  284     tt_assert(c2->handshake_state->certs->ed_rsa_crosscert);
  285     tt_assert(c2->handshake_state->certs->ed_id_sign);
  286   } else {
  287     tt_assert(c2->handshake_state->certs->auth_cert);
  288     tt_ptr_op(c2->handshake_state->certs->ed_sign_auth, OP_EQ, NULL);
  289     tt_ptr_op(c2->handshake_state->certs->ed_rsa_crosscert, OP_EQ, NULL);
  290     tt_ptr_op(c2->handshake_state->certs->ed_id_sign, OP_EQ, NULL);
  291   }
  292   tt_assert(c2->handshake_state->certs->id_cert);
  293   tt_assert(fast_mem_is_zero(
  294               (char*)c2->handshake_state->authenticated_rsa_peer_id, 20));
  295   /* no authentication has happened yet, since we haen't gotten an AUTH cell.
  296    */
  297   tt_assert(! c2->handshake_state->authenticated);
  298   tt_assert(! c2->handshake_state->authenticated_rsa);
  299   tt_assert(! c2->handshake_state->authenticated_ed25519);
  300 
  301  done:
  302   UNMOCK(tor_tls_cert_matches_key);
  303   UNMOCK(connection_or_write_var_cell_to_buf);
  304   UNMOCK(connection_or_send_netinfo);
  305   UNMOCK(tor_tls_get_peer_cert);
  306   UNMOCK(tor_tls_get_own_cert);
  307   tor_x509_cert_free(mock_own_cert);
  308   tor_x509_cert_free(mock_peer_cert);
  309   mock_own_cert = mock_peer_cert = NULL;
  310   memset(c1->identity_digest, 0, sizeof(c1->identity_digest));
  311   memset(c2->identity_digest, 0, sizeof(c2->identity_digest));
  312   connection_free_minimal(TO_CONN(c1));
  313   connection_free_minimal(TO_CONN(c2));
  314   tor_free(cell1);
  315   tor_free(cell2);
  316   certs_cell_free(cc1);
  317   certs_cell_free(cc2);
  318   if (chan1)
  319     circuitmux_free(chan1->base_.cmux);
  320   tor_free(chan1);
  321   if (chan2)
  322     circuitmux_free(chan2->base_.cmux);
  323   tor_free(chan2);
  324   crypto_pk_free(key1);
  325   crypto_pk_free(key2);
  326 }
  327 
  328 typedef struct certs_data_s {
  329   int is_ed;
  330   int is_link_cert;
  331   or_connection_t *c;
  332   channel_tls_t *chan;
  333   certs_cell_t *ccell;
  334   var_cell_t *cell;
  335   crypto_pk_t *key1, *key2;
  336 } certs_data_t;
  337 
  338 static int
  339 recv_certs_cleanup(const struct testcase_t *test, void *obj)
  340 {
  341   (void)test;
  342   certs_data_t *d = obj;
  343   UNMOCK(tor_tls_cert_matches_key);
  344   UNMOCK(connection_or_send_netinfo);
  345   UNMOCK(connection_or_close_for_error);
  346   UNMOCK(tor_tls_get_peer_cert);
  347   UNMOCK(tor_tls_get_own_cert);
  348 
  349   if (d) {
  350     tor_free(d->cell);
  351     certs_cell_free(d->ccell);
  352     connection_or_clear_identity(d->c);
  353     connection_free_minimal(TO_CONN(d->c));
  354     circuitmux_free(d->chan->base_.cmux);
  355     tor_free(d->chan);
  356     crypto_pk_free(d->key1);
  357     crypto_pk_free(d->key2);
  358     tor_free(d);
  359   }
  360   routerkeys_free_all();
  361   return 1;
  362 }
  363 
  364 static void *
  365 recv_certs_setup(const struct testcase_t *test)
  366 {
  367   (void)test;
  368   certs_data_t *d = tor_malloc_zero(sizeof(*d));
  369   certs_cell_cert_t *ccc1 = NULL;
  370   certs_cell_cert_t *ccc2 = NULL;
  371   ssize_t n;
  372   int is_ed = d->is_ed = !strcmpstart(test->setup_data, "Ed25519");
  373   int is_rsa = !strcmpstart(test->setup_data, "RSA");
  374   int is_link = d->is_link_cert = !strcmpend(test->setup_data, "-Link");
  375   int is_auth = !strcmpend(test->setup_data, "-Auth");
  376   tor_assert(is_ed != is_rsa);
  377   tor_assert(is_link != is_auth);
  378 
  379   d->c = or_connection_new(CONN_TYPE_OR, AF_INET);
  380   d->chan = tor_malloc_zero(sizeof(*d->chan));
  381   d->c->chan = d->chan;
  382   d->c->base_.address = tor_strdup("HaveAnAddress");
  383   tor_addr_from_ipv4h(&d->c->base_.addr, 0x801f0127);
  384   d->c->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
  385   d->chan->conn = d->c;
  386   tt_int_op(connection_init_or_handshake_state(d->c, 1), OP_EQ, 0);
  387   d->c->link_proto = 4;
  388 
  389   d->key1 = pk_generate(2);
  390   d->key2 = pk_generate(3);
  391 
  392   tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
  393                                  d->key1, d->key2, 86400), OP_EQ, 0);
  394   if (is_ed) {
  395     init_mock_ed_keys(d->key2);
  396   } else {
  397     routerkeys_free_all();
  398   }
  399 
  400   d->ccell = certs_cell_new();
  401   ccc1 = certs_cell_cert_new();
  402   certs_cell_add_certs(d->ccell, ccc1);
  403   ccc2 = certs_cell_cert_new();
  404   certs_cell_add_certs(d->ccell, ccc2);
  405   d->ccell->n_certs = 2;
  406   ccc1->cert_type = is_link ? 1 : 3;
  407   ccc2->cert_type = 2;
  408 
  409   const tor_x509_cert_t *a,*b;
  410   const uint8_t *enca, *encb;
  411   size_t lena, lenb;
  412   tor_tls_get_my_certs(is_link ? 1 : 0, &a, &b);
  413   tor_x509_cert_get_der(a, &enca, &lena);
  414   tor_x509_cert_get_der(b, &encb, &lenb);
  415   certs_cell_cert_setlen_body(ccc1, lena);
  416   ccc1->cert_len = lena;
  417   certs_cell_cert_setlen_body(ccc2, lenb);
  418   ccc2->cert_len = lenb;
  419 
  420   memcpy(certs_cell_cert_getarray_body(ccc1), enca, lena);
  421   memcpy(certs_cell_cert_getarray_body(ccc2), encb, lenb);
  422 
  423   if (is_ed) {
  424     certs_cell_cert_t *ccc3 = NULL; /* Id->Sign */
  425     certs_cell_cert_t *ccc4 = NULL; /* Sign->Link or Sign->Auth. */
  426     certs_cell_cert_t *ccc5 = NULL; /* RSAId->Ed Id. */
  427     const tor_cert_t *id_sign = get_master_signing_key_cert();
  428     const tor_cert_t *secondary =
  429       is_link ? get_current_link_cert_cert() : get_current_auth_key_cert();
  430     const uint8_t *cc = NULL;
  431     size_t cc_sz;
  432     get_master_rsa_crosscert(&cc, &cc_sz);
  433 
  434     ccc3 = certs_cell_cert_new();
  435     ccc4 = certs_cell_cert_new();
  436     ccc5 = certs_cell_cert_new();
  437     certs_cell_add_certs(d->ccell, ccc3);
  438     certs_cell_add_certs(d->ccell, ccc4);
  439     certs_cell_add_certs(d->ccell, ccc5);
  440     ccc3->cert_len = id_sign->encoded_len;
  441     ccc4->cert_len = secondary->encoded_len;
  442     ccc5->cert_len = cc_sz;
  443     certs_cell_cert_setlen_body(ccc3, ccc3->cert_len);
  444     certs_cell_cert_setlen_body(ccc4, ccc4->cert_len);
  445     certs_cell_cert_setlen_body(ccc5, ccc5->cert_len);
  446     memcpy(certs_cell_cert_getarray_body(ccc3), id_sign->encoded,
  447            ccc3->cert_len);
  448     memcpy(certs_cell_cert_getarray_body(ccc4), secondary->encoded,
  449            ccc4->cert_len);
  450     memcpy(certs_cell_cert_getarray_body(ccc5), cc, ccc5->cert_len);
  451     ccc3->cert_type = 4;
  452     ccc4->cert_type = is_link ? 5 : 6;
  453     ccc5->cert_type = 7;
  454 
  455     d->ccell->n_certs = 5;
  456   }
  457 
  458   d->cell = var_cell_new(4096);
  459   d->cell->command = CELL_CERTS;
  460 
  461   n = certs_cell_encode(d->cell->payload, 4096, d->ccell);
  462   tt_int_op(n, OP_GT, 0);
  463   d->cell->payload_len = n;
  464 
  465   MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
  466   MOCK(connection_or_send_netinfo, mock_send_netinfo);
  467   MOCK(connection_or_close_for_error, mock_close_for_err);
  468   MOCK(tor_tls_get_peer_cert, mock_get_peer_cert);
  469 
  470   if (is_link) {
  471     /* Say that this is the peer's certificate */
  472     mock_peer_cert = tor_x509_cert_dup(a);
  473   }
  474 
  475   tt_int_op(0, OP_EQ, d->c->handshake_state->received_certs_cell);
  476   tt_int_op(0, OP_EQ, mock_send_authenticate_called);
  477   tt_int_op(0, OP_EQ, mock_send_netinfo_called);
  478 
  479   return d;
  480  done:
  481   recv_certs_cleanup(test, d);
  482   return NULL;
  483 }
  484 
  485 static struct testcase_setup_t setup_recv_certs = {
  486   .setup_fn = recv_certs_setup,
  487   .cleanup_fn = recv_certs_cleanup
  488 };
  489 
  490 static void
  491 test_link_handshake_recv_certs_ok(void *arg)
  492 {
  493   certs_data_t *d = arg;
  494   channel_tls_process_certs_cell(d->cell, d->chan);
  495   tt_int_op(0, OP_EQ, mock_close_called);
  496   tt_int_op(d->c->handshake_state->authenticated, OP_EQ, 1);
  497   tt_int_op(d->c->handshake_state->authenticated_rsa, OP_EQ, 1);
  498   tt_int_op(d->c->handshake_state->received_certs_cell, OP_EQ, 1);
  499   tt_ptr_op(d->c->handshake_state->certs->id_cert, OP_NE, NULL);
  500   tt_ptr_op(d->c->handshake_state->certs->auth_cert, OP_EQ, NULL);
  501 
  502   if (d->is_ed) {
  503     tt_ptr_op(d->c->handshake_state->certs->ed_id_sign, OP_NE, NULL);
  504     tt_ptr_op(d->c->handshake_state->certs->ed_sign_link, OP_NE, NULL);
  505     tt_ptr_op(d->c->handshake_state->certs->ed_sign_auth, OP_EQ, NULL);
  506     tt_ptr_op(d->c->handshake_state->certs->ed_rsa_crosscert, OP_NE, NULL);
  507     tt_int_op(d->c->handshake_state->authenticated_ed25519, OP_EQ, 1);
  508   } else {
  509     tt_ptr_op(d->c->handshake_state->certs->ed_id_sign, OP_EQ, NULL);
  510     tt_ptr_op(d->c->handshake_state->certs->ed_sign_link, OP_EQ, NULL);
  511     tt_ptr_op(d->c->handshake_state->certs->ed_sign_auth, OP_EQ, NULL);
  512     tt_ptr_op(d->c->handshake_state->certs->ed_rsa_crosscert, OP_EQ, NULL);
  513     tt_int_op(d->c->handshake_state->authenticated_ed25519, OP_EQ, 0);
  514   }
  515 
  516  done:
  517   ;
  518 }
  519 
  520 static void
  521 test_link_handshake_recv_certs_ok_server(void *arg)
  522 {
  523   certs_data_t *d = arg;
  524   d->c->handshake_state->started_here = 0;
  525   d->c->handshake_state->certs->started_here = 0;
  526   channel_tls_process_certs_cell(d->cell, d->chan);
  527   tt_int_op(0, OP_EQ, mock_close_called);
  528   tt_int_op(d->c->handshake_state->authenticated, OP_EQ, 0);
  529   tt_int_op(d->c->handshake_state->received_certs_cell, OP_EQ, 1);
  530   tt_ptr_op(d->c->handshake_state->certs->id_cert, OP_NE, NULL);
  531   tt_ptr_op(d->c->handshake_state->certs->link_cert, OP_EQ, NULL);
  532   if (d->is_ed) {
  533     tt_ptr_op(d->c->handshake_state->certs->ed_sign_auth, OP_NE, NULL);
  534     tt_ptr_op(d->c->handshake_state->certs->auth_cert, OP_EQ, NULL);
  535   } else {
  536     tt_ptr_op(d->c->handshake_state->certs->ed_sign_auth, OP_EQ, NULL);
  537     tt_ptr_op(d->c->handshake_state->certs->auth_cert, OP_NE, NULL);
  538   }
  539 
  540  done:
  541   ;
  542 }
  543 
  544 #define CERTS_FAIL(name, code)                          \
  545   static void                                                           \
  546   test_link_handshake_recv_certs_ ## name(void *arg)                    \
  547   {                                                                     \
  548     certs_data_t *d = arg;                                              \
  549     const char *require_failure_message = NULL;                         \
  550     setup_capture_of_logs(LOG_INFO);                                    \
  551     { code ; }                                                          \
  552     channel_tls_process_certs_cell(d->cell, d->chan);                   \
  553     tt_int_op(1, OP_EQ, mock_close_called);                                \
  554     tt_int_op(0, OP_EQ, mock_send_authenticate_called);                    \
  555     tt_int_op(0, OP_EQ, mock_send_netinfo_called);                         \
  556     tt_int_op(0, OP_EQ, d->c->handshake_state->authenticated_rsa);         \
  557     tt_int_op(0, OP_EQ, d->c->handshake_state->authenticated_ed25519);     \
  558     if (require_failure_message) {                                      \
  559       expect_log_msg_containing(require_failure_message);               \
  560     }                                                                   \
  561   done:                                                                 \
  562     teardown_capture_of_logs();                               \
  563   }
  564 
  565 CERTS_FAIL(badstate,
  566            require_failure_message = "We're not doing a v3 handshake!";
  567            d->c->base_.state = OR_CONN_STATE_CONNECTING;)
  568 CERTS_FAIL(badproto,
  569            require_failure_message = "not using link protocol >= 3";
  570            d->c->link_proto = 2)
  571 CERTS_FAIL(duplicate,
  572            require_failure_message = "We already got one";
  573            d->c->handshake_state->received_certs_cell = 1)
  574 CERTS_FAIL(already_authenticated,
  575            require_failure_message = "We're already authenticated!";
  576            d->c->handshake_state->authenticated = 1)
  577 CERTS_FAIL(empty,
  578            require_failure_message = "It had no body";
  579            d->cell->payload_len = 0)
  580 CERTS_FAIL(bad_circid,
  581            require_failure_message = "It had a nonzero circuit ID";
  582            d->cell->circ_id = 1)
  583 CERTS_FAIL(truncated_1,
  584            require_failure_message = "It couldn't be parsed";
  585            d->cell->payload[0] = 5)
  586 CERTS_FAIL(truncated_2,
  587            {
  588              require_failure_message = "It couldn't be parsed";
  589              d->cell->payload_len = 4;
  590              memcpy(d->cell->payload, "\x01\x01\x00\x05", 4);
  591            })
  592 CERTS_FAIL(truncated_3,
  593            {
  594              require_failure_message = "It couldn't be parsed";
  595              d->cell->payload_len = 7;
  596              memcpy(d->cell->payload, "\x01\x01\x00\x05""abc", 7);
  597            })
  598 CERTS_FAIL(truncated_4, /* ed25519 */
  599            {
  600              require_failure_message = "It couldn't be parsed";
  601              d->cell->payload_len -= 10;
  602            })
  603 CERTS_FAIL(truncated_5, /* ed25519 */
  604            {
  605              require_failure_message = "It couldn't be parsed";
  606              d->cell->payload_len -= 100;
  607            })
  608 
  609 #define REENCODE() do {                                                 \
  610     const char *msg = certs_cell_check(d->ccell);                       \
  611     if (msg) puts(msg);                                                 \
  612     ssize_t n = certs_cell_encode(d->cell->payload, 4096, d->ccell);    \
  613     tt_int_op(n, OP_GT, 0);                                                 \
  614     d->cell->payload_len = n;                                           \
  615   } while (0)
  616 
  617 CERTS_FAIL(truncated_6, /* ed25519 */
  618    {
  619      /* truncate the link certificate */
  620      require_failure_message = "undecodable Ed certificate";
  621      certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 3), 7);
  622      certs_cell_get_certs(d->ccell, 3)->cert_len = 7;
  623      REENCODE();
  624    })
  625 CERTS_FAIL(truncated_7, /* ed25519 */
  626    {
  627      /* truncate the crosscert */
  628      require_failure_message = "Unparseable or overlong crosscert";
  629      certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 4), 7);
  630      certs_cell_get_certs(d->ccell, 4)->cert_len = 7;
  631      REENCODE();
  632    })
  633 CERTS_FAIL(not_x509,
  634   {
  635     require_failure_message = "Received undecodable certificate";
  636     certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 0), 3);
  637     certs_cell_get_certs(d->ccell, 0)->cert_len = 3;
  638     REENCODE();
  639   })
  640 CERTS_FAIL(both_link,
  641   {
  642     require_failure_message = "Duplicate x509 certificate";
  643     certs_cell_get_certs(d->ccell, 0)->cert_type = 1;
  644     certs_cell_get_certs(d->ccell, 1)->cert_type = 1;
  645     REENCODE();
  646   })
  647 CERTS_FAIL(both_id_rsa,
  648   {
  649     require_failure_message = "Duplicate x509 certificate";
  650     certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
  651     certs_cell_get_certs(d->ccell, 1)->cert_type = 2;
  652     REENCODE();
  653   })
  654 CERTS_FAIL(both_auth,
  655   {
  656     require_failure_message = "Duplicate x509 certificate";
  657     certs_cell_get_certs(d->ccell, 0)->cert_type = 3;
  658     certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
  659     REENCODE();
  660   })
  661 CERTS_FAIL(duplicate_id, /* ed25519 */
  662   {
  663     require_failure_message = "Duplicate Ed25519 certificate";
  664     certs_cell_get_certs(d->ccell, 2)->cert_type = 4;
  665     certs_cell_get_certs(d->ccell, 3)->cert_type = 4;
  666     REENCODE();
  667   })
  668 CERTS_FAIL(duplicate_link, /* ed25519 */
  669   {
  670     require_failure_message = "Duplicate Ed25519 certificate";
  671     certs_cell_get_certs(d->ccell, 2)->cert_type = 5;
  672     certs_cell_get_certs(d->ccell, 3)->cert_type = 5;
  673     REENCODE();
  674   })
  675 CERTS_FAIL(duplicate_crosscert, /* ed25519 */
  676   {
  677     require_failure_message = "Duplicate RSA->Ed25519 crosscert";
  678     certs_cell_get_certs(d->ccell, 2)->cert_type = 7;
  679     certs_cell_get_certs(d->ccell, 3)->cert_type = 7;
  680     REENCODE();
  681   })
  682 static void
  683 test_link_handshake_recv_certs_missing_id(void *arg) /* ed25519 */
  684 {
  685   certs_data_t *d = arg;
  686   tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
  687   certs_cell_set_certs(d->ccell, 2, certs_cell_get_certs(d->ccell, 4));
  688   certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */
  689   certs_cell_setlen_certs(d->ccell, 4);
  690   d->ccell->n_certs = 4;
  691   REENCODE();
  692 
  693   /* This handshake succeeds, but since we have no ID cert, we will
  694    * just do the RSA handshake. */
  695   channel_tls_process_certs_cell(d->cell, d->chan);
  696   tt_int_op(0, OP_EQ, mock_close_called);
  697   tt_int_op(0, OP_EQ, d->c->handshake_state->authenticated_ed25519);
  698   tt_int_op(1, OP_EQ, d->c->handshake_state->authenticated_rsa);
  699  done:
  700   ;
  701 }
  702 CERTS_FAIL(missing_signing_key, /* ed25519 */
  703   {
  704     require_failure_message = "No Ed25519 signing key";
  705     tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
  706     certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 2);
  707     tt_int_op(cert->cert_type, OP_EQ, CERTTYPE_ED_ID_SIGN);
  708     /* replace this with a valid master->signing cert, but with no
  709      * signing key. */
  710     const ed25519_keypair_t *mk = get_master_identity_keypair();
  711     const ed25519_keypair_t *sk = get_master_signing_keypair();
  712     tor_cert_t *bad_cert = tor_cert_create(mk, CERT_TYPE_ID_SIGNING,
  713                                            &sk->pubkey, time(NULL), 86400,
  714                                            0 /* don't include signer */);
  715     certs_cell_cert_setlen_body(cert, bad_cert->encoded_len);
  716     memcpy(certs_cell_cert_getarray_body(cert),
  717            bad_cert->encoded, bad_cert->encoded_len);
  718     cert->cert_len = bad_cert->encoded_len;
  719     tor_cert_free(bad_cert);
  720     REENCODE();
  721   })
  722 CERTS_FAIL(missing_link, /* ed25519 */
  723   {
  724     require_failure_message = "No Ed25519 link key";
  725     tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
  726     certs_cell_set_certs(d->ccell, 3, certs_cell_get_certs(d->ccell, 4));
  727     certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */
  728     certs_cell_setlen_certs(d->ccell, 4);
  729     d->ccell->n_certs = 4;
  730     REENCODE();
  731   })
  732 CERTS_FAIL(missing_auth, /* ed25519 */
  733   {
  734     d->c->handshake_state->started_here = 0;
  735     d->c->handshake_state->certs->started_here = 0;
  736     require_failure_message = "No Ed25519 link authentication key";
  737     tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
  738     certs_cell_set_certs(d->ccell, 3, certs_cell_get_certs(d->ccell, 4));
  739     certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */
  740     certs_cell_setlen_certs(d->ccell, 4);
  741     d->ccell->n_certs = 4;
  742     REENCODE();
  743   })
  744 CERTS_FAIL(missing_crosscert, /* ed25519 */
  745   {
  746     require_failure_message = "Missing RSA->Ed25519 crosscert";
  747     tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
  748     certs_cell_setlen_certs(d->ccell, 4);
  749     d->ccell->n_certs = 4;
  750     REENCODE();
  751   })
  752 CERTS_FAIL(missing_rsa_id, /* ed25519 */
  753   {
  754     require_failure_message = "Missing legacy RSA ID cert";
  755     tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
  756     certs_cell_set_certs(d->ccell, 1, certs_cell_get_certs(d->ccell, 4));
  757     certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */
  758     certs_cell_setlen_certs(d->ccell, 4);
  759     d->ccell->n_certs = 4;
  760     REENCODE();
  761   })
  762 CERTS_FAIL(link_mismatch, /* ed25519 */
  763   {
  764     require_failure_message = "Link certificate does not match "
  765       "TLS certificate";
  766     const tor_x509_cert_t *idc;
  767     tor_tls_get_my_certs(1, NULL, &idc);
  768     tor_x509_cert_free(mock_peer_cert);
  769     /* Pretend that the peer cert was something else. */
  770     mock_peer_cert = tor_x509_cert_dup(idc);
  771     /* No reencode needed. */
  772   })
  773 CERTS_FAIL(bad_ed_sig, /* ed25519 */
  774   {
  775     require_failure_message = "At least one Ed25519 certificate was "
  776       "badly signed";
  777     certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 3);
  778     uint8_t *body = certs_cell_cert_getarray_body(cert);
  779     ssize_t body_len = certs_cell_cert_getlen_body(cert);
  780     /* Frob a byte in the signature */
  781     body[body_len - 13] ^= 7;
  782     REENCODE();
  783   })
  784 CERTS_FAIL(bad_crosscert, /*ed25519*/
  785   {
  786     require_failure_message = "Invalid RSA->Ed25519 crosscert";
  787     certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 4);
  788     uint8_t *body = certs_cell_cert_getarray_body(cert);
  789     ssize_t body_len = certs_cell_cert_getlen_body(cert);
  790     /* Frob a byte in the signature */
  791     body[body_len - 13] ^= 7;
  792     REENCODE();
  793   })
  794 CERTS_FAIL(bad_rsa_id_cert, /*ed25519*/
  795   {
  796     require_failure_message = "legacy RSA ID certificate was not valid";
  797     certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 1);
  798     uint8_t *body;
  799     /* Frob a byte in the signature, after making a new cert. (NSS won't let
  800      * us just frob the old cert, since it will see that the issuer & serial
  801      * number are the same, which will make it fail at an earlier stage than
  802      * signature verification.) */
  803     const tor_x509_cert_t *idc;
  804     tor_x509_cert_t *newc;
  805     tor_tls_get_my_certs(1, NULL, &idc);
  806     time_t new_end = time(NULL) + 86400 * 10;
  807     newc = tor_x509_cert_replace_expiration(idc, new_end, d->key2);
  808     const uint8_t *encoded;
  809     size_t encoded_len;
  810     tor_x509_cert_get_der(newc, &encoded, &encoded_len);
  811     certs_cell_cert_setlen_body(cert, encoded_len);
  812     certs_cell_cert_set_cert_len(cert, encoded_len);
  813     body = certs_cell_cert_getarray_body(cert);
  814     memcpy(body, encoded, encoded_len);
  815     body[encoded_len - 13] ^= 7;
  816     REENCODE();
  817     tor_x509_cert_free(newc);
  818   })
  819 CERTS_FAIL(expired_rsa_id, /* both */
  820   {
  821     require_failure_message = "Certificate already expired";
  822     /* we're going to replace the identity cert with an expired one. */
  823     certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 1);
  824     const tor_x509_cert_t *idc;
  825     tor_tls_get_my_certs(1, NULL, &idc);
  826     tor_x509_cert_t *newc;
  827     time_t new_end = time(NULL) - 86400 * 10;
  828     newc = tor_x509_cert_replace_expiration(idc, new_end, d->key2);
  829     const uint8_t *encoded;
  830     size_t encoded_len;
  831     tor_x509_cert_get_der(newc, &encoded, &encoded_len);
  832     certs_cell_cert_setlen_body(cert, encoded_len);
  833     certs_cell_cert_set_cert_len(cert, encoded_len);
  834     memcpy(certs_cell_cert_getarray_body(cert), encoded, encoded_len);
  835     REENCODE();
  836     tor_x509_cert_free(newc);
  837   })
  838 CERTS_FAIL(expired_ed_id, /* ed25519 */
  839   {
  840     /* we're going to replace the Ed Id->sign cert with an expired one. */
  841     require_failure_message = "At least one certificate expired";
  842     /* We don't need to re-sign, since we check for expiration first. */
  843     certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 2);
  844     uint8_t *body = certs_cell_cert_getarray_body(cert);
  845     /* The expiration field is bytes [2..5].  It is in HOURS since the
  846      * epoch. */
  847     set_uint32(body+2, htonl(24)); /* Back to jan 2, 1970. */
  848     REENCODE();
  849   })
  850 CERTS_FAIL(expired_ed_link, /* ed25519 */
  851   {
  852     /* we're going to replace the Ed Sign->link cert with an expired one. */
  853     require_failure_message = "At least one certificate expired";
  854     /* We don't need to re-sign, since we check for expiration first. */
  855     certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 3);
  856     uint8_t *body = certs_cell_cert_getarray_body(cert);
  857     /* The expiration field is bytes [2..5].  It is in HOURS since the
  858      * epoch. */
  859     set_uint32(body+2, htonl(24)); /* Back to jan 2, 1970. */
  860     REENCODE();
  861   })
  862 CERTS_FAIL(expired_crosscert, /* ed25519 */
  863   {
  864     /* we're going to replace the Ed Sign->link cert with an expired one. */
  865     require_failure_message = "Crosscert is expired";
  866     /* We don't need to re-sign, since we check for expiration first. */
  867     certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 4);
  868     uint8_t *body = certs_cell_cert_getarray_body(cert);
  869     /* The expiration field is bytes [32..35]. once again, HOURS. */
  870     set_uint32(body+32, htonl(24)); /* Back to jan 2, 1970. */
  871     REENCODE();
  872   })
  873 
  874 CERTS_FAIL(wrong_labels_1,
  875   {
  876     require_failure_message = "The link certificate was not valid";
  877     certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
  878     certs_cell_get_certs(d->ccell, 1)->cert_type = 1;
  879     REENCODE();
  880   })
  881 CERTS_FAIL(wrong_labels_2,
  882   {
  883     const tor_x509_cert_t *a;
  884     const tor_x509_cert_t *b;
  885     const uint8_t *enca;
  886     size_t lena;
  887     require_failure_message = "The link certificate was not valid";
  888     tor_tls_get_my_certs(1, &a, &b);
  889     tor_x509_cert_get_der(a, &enca, &lena);
  890     certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 1), lena);
  891     memcpy(certs_cell_cert_getarray_body(certs_cell_get_certs(d->ccell, 1)),
  892            enca, lena);
  893     certs_cell_get_certs(d->ccell, 1)->cert_len = lena;
  894     REENCODE();
  895   })
  896 CERTS_FAIL(wrong_labels_3,
  897            {
  898              require_failure_message =
  899                "The certs we wanted (ID, Link) were missing";
  900              certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
  901              certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
  902              REENCODE();
  903            })
  904 CERTS_FAIL(server_missing_certs,
  905            {
  906              require_failure_message =
  907                "The certs we wanted (ID, Auth) were missing";
  908              d->c->handshake_state->started_here = 0;
  909              d->c->handshake_state->certs->started_here = 0;
  910 
  911            })
  912 CERTS_FAIL(server_wrong_labels_1,
  913            {
  914              require_failure_message =
  915                "The authentication certificate was not valid";
  916              d->c->handshake_state->started_here = 0;
  917              d->c->handshake_state->certs->started_here = 0;
  918              certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
  919              certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
  920              REENCODE();
  921            })
  922 
  923 static void
  924 test_link_handshake_send_authchallenge(void *arg)
  925 {
  926   (void)arg;
  927 
  928   or_connection_t *c1 = or_connection_new(CONN_TYPE_OR, AF_INET);
  929   var_cell_t *cell1=NULL, *cell2=NULL;
  930 
  931   crypto_pk_t *rsa0 = pk_generate(0), *rsa1 = pk_generate(1);
  932   tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
  933                                  rsa0, rsa1, 86400), OP_EQ, 0);
  934   init_mock_ed_keys(rsa0);
  935 
  936   MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
  937 
  938   tt_int_op(connection_init_or_handshake_state(c1, 0), OP_EQ, 0);
  939   c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
  940   tt_ptr_op(mock_got_var_cell, OP_EQ, NULL);
  941   tt_int_op(0, OP_EQ, connection_or_send_auth_challenge_cell(c1));
  942   cell1 = mock_got_var_cell;
  943   tt_int_op(0, OP_EQ, connection_or_send_auth_challenge_cell(c1));
  944   cell2 = mock_got_var_cell;
  945 #ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS
  946   tt_int_op(38, OP_EQ, cell1->payload_len);
  947   tt_int_op(38, OP_EQ, cell2->payload_len);
  948 #else
  949   tt_int_op(36, OP_EQ, cell1->payload_len);
  950   tt_int_op(36, OP_EQ, cell2->payload_len);
  951 #endif /* defined(HAVE_WORKING_TOR_TLS_GET_TLSSECRETS) */
  952   tt_int_op(0, OP_EQ, cell1->circ_id);
  953   tt_int_op(0, OP_EQ, cell2->circ_id);
  954   tt_int_op(CELL_AUTH_CHALLENGE, OP_EQ, cell1->command);
  955   tt_int_op(CELL_AUTH_CHALLENGE, OP_EQ, cell2->command);
  956 
  957 #ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS
  958   tt_mem_op("\x00\x02\x00\x01\x00\x03", OP_EQ, cell1->payload + 32, 6);
  959   tt_mem_op("\x00\x02\x00\x01\x00\x03", OP_EQ, cell2->payload + 32, 6);
  960 #else
  961   tt_mem_op("\x00\x01\x00\x03", OP_EQ, cell1->payload + 32, 4);
  962   tt_mem_op("\x00\x01\x00\x03", OP_EQ, cell2->payload + 32, 4);
  963 #endif /* defined(HAVE_WORKING_TOR_TLS_GET_TLSSECRETS) */
  964   tt_mem_op(cell1->payload, OP_NE, cell2->payload, 32);
  965 
  966  done:
  967   UNMOCK(connection_or_write_var_cell_to_buf);
  968   connection_free_minimal(TO_CONN(c1));
  969   tor_free(cell1);
  970   tor_free(cell2);
  971   crypto_pk_free(rsa0);
  972   crypto_pk_free(rsa1);
  973 }
  974 
  975 typedef struct authchallenge_data_s {
  976   or_connection_t *c;
  977   channel_tls_t *chan;
  978   var_cell_t *cell;
  979 } authchallenge_data_t;
  980 
  981 static int
  982 recv_authchallenge_cleanup(const struct testcase_t *test, void *obj)
  983 {
  984   (void)test;
  985   authchallenge_data_t *d = obj;
  986 
  987   UNMOCK(connection_or_send_netinfo);
  988   UNMOCK(connection_or_close_for_error);
  989   UNMOCK(connection_or_send_authenticate_cell);
  990 
  991   if (d) {
  992     tor_free(d->cell);
  993     connection_free_minimal(TO_CONN(d->c));
  994     circuitmux_free(d->chan->base_.cmux);
  995     tor_free(d->chan);
  996     tor_free(d);
  997   }
  998   return 1;
  999 }
 1000 
 1001 static void *
 1002 recv_authchallenge_setup(const struct testcase_t *test)
 1003 {
 1004   (void)test;
 1005 
 1006   testing__connection_or_pretend_TLSSECRET_is_supported = 1;
 1007   authchallenge_data_t *d = tor_malloc_zero(sizeof(*d));
 1008   d->c = or_connection_new(CONN_TYPE_OR, AF_INET);
 1009   d->chan = tor_malloc_zero(sizeof(*d->chan));
 1010   d->c->chan = d->chan;
 1011   d->c->base_.address = tor_strdup("HaveAnAddress");
 1012   d->c->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
 1013   d->chan->conn = d->c;
 1014   tt_int_op(connection_init_or_handshake_state(d->c, 1), OP_EQ, 0);
 1015   d->c->link_proto = 4;
 1016   d->c->handshake_state->received_certs_cell = 1;
 1017   d->cell = var_cell_new(128);
 1018   d->cell->payload_len = 38;
 1019   d->cell->payload[33] = 2; /* 2 methods */
 1020   d->cell->payload[35] = 7; /* This one isn't real */
 1021   d->cell->payload[37] = 1; /* This is the old RSA one. */
 1022   d->cell->command = CELL_AUTH_CHALLENGE;
 1023 
 1024   get_options_mutable()->ORPort_set = 1;
 1025 
 1026   MOCK(connection_or_close_for_error, mock_close_for_err);
 1027   MOCK(connection_or_send_netinfo, mock_send_netinfo);
 1028   MOCK(connection_or_send_authenticate_cell, mock_send_authenticate);
 1029   tt_int_op(0, OP_EQ, d->c->handshake_state->received_auth_challenge);
 1030   tt_int_op(0, OP_EQ, mock_send_authenticate_called);
 1031   tt_int_op(0, OP_EQ, mock_send_netinfo_called);
 1032 
 1033   return d;
 1034  done:
 1035   recv_authchallenge_cleanup(test, d);
 1036   return NULL;
 1037 }
 1038 
 1039 static struct testcase_setup_t setup_recv_authchallenge = {
 1040   .setup_fn = recv_authchallenge_setup,
 1041   .cleanup_fn = recv_authchallenge_cleanup
 1042 };
 1043 
 1044 static void
 1045 test_link_handshake_recv_authchallenge_ok(void *arg)
 1046 {
 1047   authchallenge_data_t *d = arg;
 1048 
 1049   channel_tls_process_auth_challenge_cell(d->cell, d->chan);
 1050   tt_int_op(0, OP_EQ, mock_close_called);
 1051   tt_int_op(1, OP_EQ, d->c->handshake_state->received_auth_challenge);
 1052   tt_int_op(1, OP_EQ, mock_send_authenticate_called);
 1053   tt_int_op(1, OP_EQ, mock_send_netinfo_called);
 1054   tt_int_op(1, OP_EQ, mock_send_authenticate_called_with_type); /* RSA */
 1055  done:
 1056   ;
 1057 }
 1058 
 1059 static void
 1060 test_link_handshake_recv_authchallenge_ok_ed25519(void *arg)
 1061 {
 1062   authchallenge_data_t *d = arg;
 1063 
 1064   /* Add the ed25519 authentication mechanism here. */
 1065   d->cell->payload[33] = 3; /* 3 types are supported now. */
 1066   d->cell->payload[39] = 3;
 1067   d->cell->payload_len += 2;
 1068   channel_tls_process_auth_challenge_cell(d->cell, d->chan);
 1069   tt_int_op(0, OP_EQ, mock_close_called);
 1070   tt_int_op(1, OP_EQ, d->c->handshake_state->received_auth_challenge);
 1071   tt_int_op(1, OP_EQ, mock_send_authenticate_called);
 1072   tt_int_op(1, OP_EQ, mock_send_netinfo_called);
 1073   tt_int_op(3, OP_EQ, mock_send_authenticate_called_with_type); /* Ed25519 */
 1074  done:
 1075   ;
 1076 }
 1077 
 1078 static void
 1079 test_link_handshake_recv_authchallenge_ok_noserver(void *arg)
 1080 {
 1081   authchallenge_data_t *d = arg;
 1082   get_options_mutable()->ORPort_set = 0;
 1083 
 1084   channel_tls_process_auth_challenge_cell(d->cell, d->chan);
 1085   tt_int_op(0, OP_EQ, mock_close_called);
 1086   tt_int_op(1, OP_EQ, d->c->handshake_state->received_auth_challenge);
 1087   tt_int_op(0, OP_EQ, mock_send_authenticate_called);
 1088   tt_int_op(0, OP_EQ, mock_send_netinfo_called);
 1089  done:
 1090   ;
 1091 }
 1092 
 1093 static void
 1094 test_link_handshake_recv_authchallenge_ok_unrecognized(void *arg)
 1095 {
 1096   authchallenge_data_t *d = arg;
 1097   d->cell->payload[37] = 99;
 1098 
 1099   channel_tls_process_auth_challenge_cell(d->cell, d->chan);
 1100   tt_int_op(0, OP_EQ, mock_close_called);
 1101   tt_int_op(1, OP_EQ, d->c->handshake_state->received_auth_challenge);
 1102   tt_int_op(0, OP_EQ, mock_send_authenticate_called);
 1103   tt_int_op(1, OP_EQ, mock_send_netinfo_called);
 1104  done:
 1105   ;
 1106 }
 1107 
 1108 #define AUTHCHALLENGE_FAIL(name, code)                          \
 1109   static void                                                           \
 1110   test_link_handshake_recv_authchallenge_ ## name(void *arg)            \
 1111   {                                                                     \
 1112     authchallenge_data_t *d = arg;                                      \
 1113     const char *require_failure_message = NULL;                         \
 1114     setup_capture_of_logs(LOG_INFO);                                    \
 1115     { code ; }                                                          \
 1116     channel_tls_process_auth_challenge_cell(d->cell, d->chan);          \
 1117     tt_int_op(1, OP_EQ, mock_close_called);                                \
 1118     tt_int_op(0, OP_EQ, mock_send_authenticate_called);                    \
 1119     tt_int_op(0, OP_EQ, mock_send_netinfo_called);                         \
 1120     if (require_failure_message) {                                      \
 1121       expect_log_msg_containing(require_failure_message);               \
 1122     }                                                                   \
 1123   done:                                                                 \
 1124     teardown_capture_of_logs();                               \
 1125   }
 1126 
 1127 AUTHCHALLENGE_FAIL(badstate,
 1128                    require_failure_message = "We're not currently doing a "
 1129                      "v3 handshake";
 1130                    d->c->base_.state = OR_CONN_STATE_CONNECTING)
 1131 AUTHCHALLENGE_FAIL(badproto,
 1132                    require_failure_message = "not using link protocol >= 3";
 1133                    d->c->link_proto = 2)
 1134 AUTHCHALLENGE_FAIL(as_server,
 1135                    require_failure_message = "We didn't originate this "
 1136                      "connection";
 1137                    d->c->handshake_state->started_here = 0;
 1138                    d->c->handshake_state->certs->started_here = 0;)
 1139 AUTHCHALLENGE_FAIL(duplicate,
 1140                    require_failure_message = "We already received one";
 1141                    d->c->handshake_state->received_auth_challenge = 1)
 1142 AUTHCHALLENGE_FAIL(nocerts,
 1143                    require_failure_message = "We haven't gotten a CERTS "
 1144                      "cell yet";
 1145                    d->c->handshake_state->received_certs_cell = 0)
 1146 AUTHCHALLENGE_FAIL(tooshort,
 1147                    require_failure_message = "It was not well-formed";
 1148                    d->cell->payload_len = 33)
 1149 AUTHCHALLENGE_FAIL(truncated,
 1150                    require_failure_message = "It was not well-formed";
 1151                    d->cell->payload_len = 34)
 1152 AUTHCHALLENGE_FAIL(nonzero_circid,
 1153                    require_failure_message = "It had a nonzero circuit ID";
 1154                    d->cell->circ_id = 1337)
 1155 
 1156 static int
 1157 mock_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out)
 1158 {
 1159   (void)tls;
 1160   memcpy(secrets_out, "int getRandomNumber(){return 4;}", 32);
 1161   return 0;
 1162 }
 1163 
 1164 static void
 1165 mock_set_circid_type(channel_t *chan,
 1166                      crypto_pk_t *identity_rcvd,
 1167                      int consider_identity)
 1168 {
 1169   (void) chan;
 1170   (void) identity_rcvd;
 1171   (void) consider_identity;
 1172 }
 1173 
 1174 typedef struct authenticate_data_s {
 1175   int is_ed;
 1176   or_connection_t *c1, *c2;
 1177   channel_tls_t *chan2;
 1178   var_cell_t *cell;
 1179   crypto_pk_t *key1, *key2;
 1180 } authenticate_data_t;
 1181 
 1182 static int
 1183 authenticate_data_cleanup(const struct testcase_t *test, void *arg)
 1184 {
 1185   (void) test;
 1186   UNMOCK(connection_or_write_var_cell_to_buf);
 1187   UNMOCK(tor_tls_get_peer_cert);
 1188   UNMOCK(tor_tls_get_own_cert);
 1189   UNMOCK(tor_tls_get_tlssecrets);
 1190   UNMOCK(connection_or_close_for_error);
 1191   UNMOCK(channel_set_circid_type);
 1192   UNMOCK(tor_tls_export_key_material);
 1193   authenticate_data_t *d = arg;
 1194   if (d) {
 1195     tor_free(d->cell);
 1196     connection_or_clear_identity(d->c1);
 1197     connection_or_clear_identity(d->c2);
 1198     connection_free_minimal(TO_CONN(d->c1));
 1199     connection_free_minimal(TO_CONN(d->c2));
 1200     circuitmux_free(d->chan2->base_.cmux);
 1201     tor_free(d->chan2);
 1202     crypto_pk_free(d->key1);
 1203     crypto_pk_free(d->key2);
 1204     tor_free(d);
 1205   }
 1206   tor_x509_cert_free(mock_peer_cert);
 1207   tor_x509_cert_free(mock_own_cert);
 1208   mock_peer_cert = NULL;
 1209   mock_own_cert = NULL;
 1210 
 1211   return 1;
 1212 }
 1213 
 1214 static void *
 1215 authenticate_data_setup(const struct testcase_t *test)
 1216 {
 1217   authenticate_data_t *d = tor_malloc_zero(sizeof(*d));
 1218   int is_ed = d->is_ed = (test->setup_data == (void*)3);
 1219 
 1220   testing__connection_or_pretend_TLSSECRET_is_supported = 1;
 1221 
 1222   scheduler_init();
 1223 
 1224   MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
 1225   MOCK(tor_tls_get_peer_cert, mock_get_peer_cert);
 1226   MOCK(tor_tls_get_own_cert, mock_get_own_cert);
 1227   MOCK(tor_tls_get_tlssecrets, mock_get_tlssecrets);
 1228   MOCK(connection_or_close_for_error, mock_close_for_err);
 1229   MOCK(channel_set_circid_type, mock_set_circid_type);
 1230   MOCK(tor_tls_export_key_material, mock_export_key_material);
 1231   d->c1 = or_connection_new(CONN_TYPE_OR, AF_INET);
 1232   d->c2 = or_connection_new(CONN_TYPE_OR, AF_INET);
 1233   tor_addr_from_ipv4h(&d->c1->base_.addr, 0x01020304);
 1234   tor_addr_from_ipv4h(&d->c2->base_.addr, 0x05060708);
 1235 
 1236   d->key1 = pk_generate(2);
 1237   d->key2 = pk_generate(3);
 1238   tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
 1239                                  d->key1, d->key2, 86400), OP_EQ, 0);
 1240 
 1241   init_mock_ed_keys(d->key2);
 1242 
 1243   d->c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
 1244   d->c1->link_proto = 3;
 1245   tt_int_op(connection_init_or_handshake_state(d->c1, 1), OP_EQ, 0);
 1246 
 1247   d->c2->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
 1248   d->c2->link_proto = 3;
 1249   tt_int_op(connection_init_or_handshake_state(d->c2, 0), OP_EQ, 0);
 1250   var_cell_t *cell = var_cell_new(16);
 1251   cell->command = CELL_CERTS;
 1252   or_handshake_state_record_var_cell(d->c1, d->c1->handshake_state, cell, 1);
 1253   or_handshake_state_record_var_cell(d->c2, d->c2->handshake_state, cell, 0);
 1254   memset(cell->payload, 0xf0, 16);
 1255   or_handshake_state_record_var_cell(d->c1, d->c1->handshake_state, cell, 0);
 1256   or_handshake_state_record_var_cell(d->c2, d->c2->handshake_state, cell, 1);
 1257   tor_free(cell);
 1258 
 1259   d->chan2 = tor_malloc_zero(sizeof(*d->chan2));
 1260   channel_tls_common_init(d->chan2);
 1261   d->c2->chan = d->chan2;
 1262   d->chan2->conn = d->c2;
 1263   d->c2->base_.address = tor_strdup("C2");
 1264   d->c2->tls = tor_tls_new(-1, 1);
 1265   d->c2->handshake_state->received_certs_cell = 1;
 1266 
 1267   const tor_x509_cert_t *id_cert=NULL, *link_cert=NULL, *auth_cert=NULL;
 1268   tt_assert(! tor_tls_get_my_certs(1, &link_cert, &id_cert));
 1269 
 1270   const uint8_t *der;
 1271   size_t sz;
 1272   tor_x509_cert_get_der(id_cert, &der, &sz);
 1273   d->c1->handshake_state->certs->id_cert = tor_x509_cert_decode(der, sz);
 1274   d->c2->handshake_state->certs->id_cert = tor_x509_cert_decode(der, sz);
 1275 
 1276   if (is_ed) {
 1277     d->c1->handshake_state->certs->ed_id_sign =
 1278       tor_cert_dup(get_master_signing_key_cert());
 1279     d->c2->handshake_state->certs->ed_id_sign =
 1280       tor_cert_dup(get_master_signing_key_cert());
 1281     d->c2->handshake_state->certs->ed_sign_auth =
 1282       tor_cert_dup(get_current_auth_key_cert());
 1283   } else {
 1284     tt_assert(! tor_tls_get_my_certs(0, &auth_cert, &id_cert));
 1285     tor_x509_cert_get_der(auth_cert, &der, &sz);
 1286     d->c2->handshake_state->certs->auth_cert = tor_x509_cert_decode(der, sz);
 1287   }
 1288 
 1289   tor_x509_cert_get_der(link_cert, &der, &sz);
 1290   mock_peer_cert = tor_x509_cert_decode(der, sz);
 1291   tt_assert(mock_peer_cert);
 1292 
 1293   mock_own_cert = tor_x509_cert_decode(der, sz);
 1294   tt_assert(mock_own_cert);
 1295 
 1296   /* Make an authenticate cell ... */
 1297   int authtype;
 1298   if (is_ed)
 1299     authtype = AUTHTYPE_ED25519_SHA256_RFC5705;
 1300   else
 1301     authtype = AUTHTYPE_RSA_SHA256_TLSSECRET;
 1302   tt_int_op(0, OP_EQ, connection_or_send_authenticate_cell(d->c1, authtype));
 1303 
 1304   tt_assert(mock_got_var_cell);
 1305   d->cell = mock_got_var_cell;
 1306   mock_got_var_cell = NULL;
 1307 
 1308   return d;
 1309  done:
 1310   authenticate_data_cleanup(test, d);
 1311   return NULL;
 1312 }
 1313 
 1314 static struct testcase_setup_t setup_authenticate = {
 1315   .setup_fn = authenticate_data_setup,
 1316   .cleanup_fn = authenticate_data_cleanup
 1317 };
 1318 
 1319 static void
 1320 test_link_handshake_auth_cell(void *arg)
 1321 {
 1322   authenticate_data_t *d = arg;
 1323   auth1_t *auth1 = NULL;
 1324   crypto_pk_t *auth_pubkey = NULL;
 1325 
 1326   /* Is the cell well-formed on the outer layer? */
 1327   tt_int_op(d->cell->command, OP_EQ, CELL_AUTHENTICATE);
 1328   tt_int_op(d->cell->payload[0], OP_EQ, 0);
 1329   if (d->is_ed)
 1330     tt_int_op(d->cell->payload[1], OP_EQ, 3);
 1331   else
 1332     tt_int_op(d->cell->payload[1], OP_EQ, 1);
 1333   tt_int_op(ntohs(get_uint16(d->cell->payload + 2)), OP_EQ,
 1334             d->cell->payload_len - 4);
 1335 
 1336   /* Check it out for plausibility... */
 1337   auth_ctx_t ctx;
 1338   ctx.is_ed = d->is_ed;
 1339   tt_int_op(d->cell->payload_len-4, OP_EQ, auth1_parse(&auth1,
 1340                                              d->cell->payload+4,
 1341                                              d->cell->payload_len - 4, &ctx));
 1342   tt_assert(auth1);
 1343 
 1344   if (d->is_ed) {
 1345     tt_mem_op(auth1->type, OP_EQ, "AUTH0003", 8);
 1346   } else {
 1347     tt_mem_op(auth1->type, OP_EQ, "AUTH0001", 8);
 1348   }
 1349   tt_mem_op(auth1->tlssecrets, OP_EQ, "int getRandomNumber(){return 4;}", 32);
 1350 
 1351   /* Is the signature okay? */
 1352   const uint8_t *start = d->cell->payload+4, *end = auth1->end_of_signed;
 1353   if (d->is_ed) {
 1354     ed25519_signature_t sig;
 1355     tt_int_op(auth1_getlen_sig(auth1), OP_EQ, ED25519_SIG_LEN);
 1356     memcpy(&sig.sig, auth1_getarray_sig(auth1), ED25519_SIG_LEN);
 1357     tt_assert(!ed25519_checksig(&sig, start, end-start,
 1358                                 &get_current_auth_keypair()->pubkey));
 1359   } else {
 1360     uint8_t sig[128];
 1361     uint8_t digest[32];
 1362     tt_int_op(auth1_getlen_sig(auth1), OP_GT, 120);
 1363     auth_pubkey = tor_tls_cert_get_key(
 1364                                 d->c2->handshake_state->certs->auth_cert);
 1365     int n = crypto_pk_public_checksig(
 1366               auth_pubkey,
 1367               (char*)sig, sizeof(sig), (char*)auth1_getarray_sig(auth1),
 1368               auth1_getlen_sig(auth1));
 1369     tt_int_op(n, OP_EQ, 32);
 1370     crypto_digest256((char*)digest,
 1371                      (const char*)start, end-start, DIGEST_SHA256);
 1372     tt_mem_op(sig, OP_EQ, digest, 32);
 1373   }
 1374 
 1375   /* Then feed it to c2. */
 1376   tt_int_op(d->c2->handshake_state->authenticated, OP_EQ, 0);
 1377   channel_tls_process_authenticate_cell(d->cell, d->chan2);
 1378   tt_int_op(mock_close_called, OP_EQ, 0);
 1379   tt_int_op(d->c2->handshake_state->authenticated, OP_EQ, 1);
 1380   if (d->is_ed) {
 1381     tt_int_op(d->c2->handshake_state->authenticated_ed25519, OP_EQ, 1);
 1382     tt_int_op(d->c2->handshake_state->authenticated_rsa, OP_EQ, 1);
 1383   } else {
 1384     tt_int_op(d->c2->handshake_state->authenticated_ed25519, OP_EQ, 0);
 1385     tt_int_op(d->c2->handshake_state->authenticated_rsa, OP_EQ, 1);
 1386   }
 1387 
 1388  done:
 1389   auth1_free(auth1);
 1390   crypto_pk_free(auth_pubkey);
 1391 }
 1392 
 1393 #define AUTHENTICATE_FAIL(name, code)                           \
 1394   static void                                                   \
 1395   test_link_handshake_auth_ ## name(void *arg)                  \
 1396   {                                                             \
 1397     authenticate_data_t *d = arg;                               \
 1398     const char *require_failure_message = NULL;                 \
 1399     setup_capture_of_logs(LOG_INFO);                            \
 1400     { code ; }                                                  \
 1401     tt_int_op(d->c2->handshake_state->authenticated, OP_EQ, 0);    \
 1402     channel_tls_process_authenticate_cell(d->cell, d->chan2);   \
 1403     tt_int_op(mock_close_called, OP_EQ, 1);                        \
 1404     tt_int_op(d->c2->handshake_state->authenticated, OP_EQ, 0);    \
 1405     if (require_failure_message) {                              \
 1406       expect_log_msg_containing(require_failure_message);       \
 1407     }                                                           \
 1408   done:                                                         \
 1409     teardown_capture_of_logs();                       \
 1410   }
 1411 
 1412 AUTHENTICATE_FAIL(badstate,
 1413                   require_failure_message = "We're not doing a v3 handshake";
 1414                   d->c2->base_.state = OR_CONN_STATE_CONNECTING)
 1415 AUTHENTICATE_FAIL(badproto,
 1416                   require_failure_message = "not using link protocol >= 3";
 1417                   d->c2->link_proto = 2)
 1418 AUTHENTICATE_FAIL(atclient,
 1419                   require_failure_message = "We originated this connection";
 1420                   d->c2->handshake_state->started_here = 1;
 1421                   d->c2->handshake_state->certs->started_here = 1;)
 1422 AUTHENTICATE_FAIL(duplicate,
 1423                   require_failure_message = "We already got one";
 1424                   d->c2->handshake_state->received_authenticate = 1)
 1425 static void
 1426 test_link_handshake_auth_already_authenticated(void *arg)
 1427 {
 1428   authenticate_data_t *d = arg;
 1429   setup_capture_of_logs(LOG_INFO);
 1430   d->c2->handshake_state->authenticated = 1;
 1431   channel_tls_process_authenticate_cell(d->cell, d->chan2);
 1432   tt_int_op(mock_close_called, OP_EQ, 1);
 1433   tt_int_op(d->c2->handshake_state->authenticated, OP_EQ, 1);
 1434   expect_log_msg_containing("The peer is already authenticated");
 1435  done:
 1436   teardown_capture_of_logs();
 1437 }
 1438 
 1439 AUTHENTICATE_FAIL(nocerts,
 1440                   require_failure_message = "We never got a certs cell";
 1441                   d->c2->handshake_state->received_certs_cell = 0)
 1442 AUTHENTICATE_FAIL(noidcert,
 1443                   require_failure_message = "We never got an identity "
 1444                     "certificate";
 1445                   tor_x509_cert_free(d->c2->handshake_state->certs->id_cert);
 1446                   d->c2->handshake_state->certs->id_cert = NULL)
 1447 AUTHENTICATE_FAIL(noauthcert,
 1448                   require_failure_message = "We never got an RSA "
 1449                     "authentication certificate";
 1450                   tor_x509_cert_free(d->c2->handshake_state->certs->auth_cert);
 1451                   d->c2->handshake_state->certs->auth_cert = NULL)
 1452 AUTHENTICATE_FAIL(tooshort,
 1453                   require_failure_message = "Cell was way too short";
 1454                   d->cell->payload_len = 3)
 1455 AUTHENTICATE_FAIL(badtype,
 1456                   require_failure_message = "Authenticator type was not "
 1457                     "recognized";
 1458                   d->cell->payload[0] = 0xff)
 1459 AUTHENTICATE_FAIL(truncated_1,
 1460                   require_failure_message = "Authenticator was truncated";
 1461                   d->cell->payload[2]++)
 1462 AUTHENTICATE_FAIL(truncated_2,
 1463                   require_failure_message = "Authenticator was truncated";
 1464                   d->cell->payload[3]++)
 1465 AUTHENTICATE_FAIL(tooshort_1,
 1466                   require_failure_message = "Authenticator was too short";
 1467                   tt_int_op(d->cell->payload_len, OP_GE, 260);
 1468                   d->cell->payload[2] -= 1;
 1469                   d->cell->payload_len -= 256;)
 1470 AUTHENTICATE_FAIL(badcontent,
 1471                   require_failure_message = "Some field in the AUTHENTICATE "
 1472                     "cell body was not as expected";
 1473                   d->cell->payload[10] ^= 0xff)
 1474 AUTHENTICATE_FAIL(badsig_1,
 1475                   if (d->is_ed)
 1476                     require_failure_message = "Ed25519 signature wasn't valid";
 1477                   else
 1478                     require_failure_message = "RSA signature wasn't valid";
 1479                   d->cell->payload[d->cell->payload_len - 5] ^= 0xff)
 1480 AUTHENTICATE_FAIL(missing_ed_id,
 1481                 {
 1482                   tor_cert_free(d->c2->handshake_state->certs->ed_id_sign);
 1483                   d->c2->handshake_state->certs->ed_id_sign = NULL;
 1484                   require_failure_message = "Ed authenticate without Ed ID "
 1485                     "cert from peer";
 1486                 })
 1487 AUTHENTICATE_FAIL(missing_ed_auth,
 1488                 {
 1489                   tor_cert_free(d->c2->handshake_state->certs->ed_sign_auth);
 1490                   d->c2->handshake_state->certs->ed_sign_auth = NULL;
 1491                   require_failure_message = "We never got an Ed25519 "
 1492                     "authentication certificate";
 1493                 })
 1494 
 1495 #define TEST_RSA(name, flags)                                           \
 1496   { #name , test_link_handshake_ ## name, (flags),                      \
 1497       &passthrough_setup, (void*)"RSA" }
 1498 
 1499 #define TEST_ED(name, flags)                                            \
 1500   { #name "_ed25519" , test_link_handshake_ ## name, (flags),           \
 1501       &passthrough_setup, (void*)"Ed25519" }
 1502 
 1503 #define TEST_RCV_AUTHCHALLENGE(name)                            \
 1504   { "recv_authchallenge/" #name ,                               \
 1505     test_link_handshake_recv_authchallenge_ ## name, TT_FORK,   \
 1506       &setup_recv_authchallenge, NULL }
 1507 
 1508 #define TEST_RCV_CERTS(name)                                    \
 1509   { "recv_certs/" #name ,                                       \
 1510       test_link_handshake_recv_certs_ ## name, TT_FORK,         \
 1511       &setup_recv_certs, (void*)"RSA-Link" }
 1512 
 1513 #define TEST_RCV_CERTS_RSA(name,type)                           \
 1514   { "recv_certs/" #name ,                                       \
 1515       test_link_handshake_recv_certs_ ## name, TT_FORK,         \
 1516       &setup_recv_certs, (void*)type }
 1517 
 1518 #define TEST_RCV_CERTS_ED(name, type)                           \
 1519   { "recv_certs/" #name "_ed25519",                             \
 1520       test_link_handshake_recv_certs_ ## name, TT_FORK,         \
 1521       &setup_recv_certs, (void*)type }
 1522 
 1523 #define TEST_AUTHENTICATE(name)                                         \
 1524   { "authenticate/" #name , test_link_handshake_auth_ ## name, TT_FORK, \
 1525       &setup_authenticate, NULL }
 1526 
 1527 #define TEST_AUTHENTICATE_ED(name)                                      \
 1528   { "authenticate/" #name "_ed25519" , test_link_handshake_auth_ ## name, \
 1529       TT_FORK, &setup_authenticate, (void*)3 }
 1530 
 1531 struct testcase_t link_handshake_tests[] = {
 1532   TEST_RSA(certs_ok, TT_FORK),
 1533   TEST_ED(certs_ok, TT_FORK),
 1534 
 1535   TEST_RCV_CERTS(ok),
 1536   TEST_RCV_CERTS_ED(ok, "Ed25519-Link"),
 1537   TEST_RCV_CERTS_RSA(ok_server, "RSA-Auth"),
 1538   TEST_RCV_CERTS_ED(ok_server, "Ed25519-Auth"),
 1539   TEST_RCV_CERTS(badstate),
 1540   TEST_RCV_CERTS(badproto),
 1541   TEST_RCV_CERTS(duplicate),
 1542   TEST_RCV_CERTS(already_authenticated),
 1543   TEST_RCV_CERTS(empty),
 1544   TEST_RCV_CERTS(bad_circid),
 1545   TEST_RCV_CERTS(truncated_1),
 1546   TEST_RCV_CERTS(truncated_2),
 1547   TEST_RCV_CERTS(truncated_3),
 1548   TEST_RCV_CERTS_ED(truncated_4, "Ed25519-Link"),
 1549   TEST_RCV_CERTS_ED(truncated_5, "Ed25519-Link"),
 1550   TEST_RCV_CERTS_ED(truncated_6, "Ed25519-Link"),
 1551   TEST_RCV_CERTS_ED(truncated_7, "Ed25519-Link"),
 1552   TEST_RCV_CERTS(not_x509),
 1553   TEST_RCV_CERTS(both_link),
 1554   TEST_RCV_CERTS(both_id_rsa),
 1555   TEST_RCV_CERTS(both_auth),
 1556   TEST_RCV_CERTS_ED(duplicate_id, "Ed25519-Link"),
 1557   TEST_RCV_CERTS_ED(duplicate_link, "Ed25519-Link"),
 1558   TEST_RCV_CERTS_ED(duplicate_crosscert, "Ed25519-Link"),
 1559   TEST_RCV_CERTS_ED(missing_crosscert, "Ed25519-Link"),
 1560   TEST_RCV_CERTS_ED(missing_id, "Ed25519-Link"),
 1561   TEST_RCV_CERTS_ED(missing_signing_key, "Ed25519-Link"),
 1562   TEST_RCV_CERTS_ED(missing_link, "Ed25519-Link"),
 1563   TEST_RCV_CERTS_ED(missing_auth, "Ed25519-Auth"),
 1564   TEST_RCV_CERTS_ED(missing_rsa_id, "Ed25519-Link"),
 1565   TEST_RCV_CERTS_ED(link_mismatch, "Ed25519-Link"),
 1566   TEST_RCV_CERTS_ED(bad_ed_sig, "Ed25519-Link"),
 1567   TEST_RCV_CERTS_ED(bad_rsa_id_cert, "Ed25519-Link"),
 1568   TEST_RCV_CERTS_ED(bad_crosscert, "Ed25519-Link"),
 1569   TEST_RCV_CERTS_RSA(expired_rsa_id, "RSA-Link"),
 1570   TEST_RCV_CERTS_ED(expired_rsa_id, "Ed25519-Link"),
 1571   TEST_RCV_CERTS_ED(expired_ed_id, "Ed25519-Link"),
 1572   TEST_RCV_CERTS_ED(expired_ed_link, "Ed25519-Link"),
 1573   TEST_RCV_CERTS_ED(expired_crosscert, "Ed25519-Link"),
 1574   TEST_RCV_CERTS(wrong_labels_1),
 1575   TEST_RCV_CERTS(wrong_labels_2),
 1576   TEST_RCV_CERTS(wrong_labels_3),
 1577   TEST_RCV_CERTS(server_missing_certs),
 1578   TEST_RCV_CERTS(server_wrong_labels_1),
 1579 
 1580   TEST_RSA(send_authchallenge, TT_FORK),
 1581   TEST_RCV_AUTHCHALLENGE(ok),
 1582   TEST_RCV_AUTHCHALLENGE(ok_ed25519),
 1583   TEST_RCV_AUTHCHALLENGE(ok_noserver),
 1584   TEST_RCV_AUTHCHALLENGE(ok_unrecognized),
 1585   TEST_RCV_AUTHCHALLENGE(badstate),
 1586   TEST_RCV_AUTHCHALLENGE(badproto),
 1587   TEST_RCV_AUTHCHALLENGE(as_server),
 1588   TEST_RCV_AUTHCHALLENGE(duplicate),
 1589   TEST_RCV_AUTHCHALLENGE(nocerts),
 1590   TEST_RCV_AUTHCHALLENGE(tooshort),
 1591   TEST_RCV_AUTHCHALLENGE(truncated),
 1592   TEST_RCV_AUTHCHALLENGE(nonzero_circid),
 1593 
 1594   TEST_AUTHENTICATE(cell),
 1595   TEST_AUTHENTICATE_ED(cell),
 1596   TEST_AUTHENTICATE(badstate),
 1597   TEST_AUTHENTICATE(badproto),
 1598   TEST_AUTHENTICATE(atclient),
 1599   TEST_AUTHENTICATE(duplicate),
 1600   TEST_AUTHENTICATE(already_authenticated),
 1601   TEST_AUTHENTICATE(nocerts),
 1602   TEST_AUTHENTICATE(noidcert),
 1603   TEST_AUTHENTICATE(noauthcert),
 1604   TEST_AUTHENTICATE(tooshort),
 1605   TEST_AUTHENTICATE(badtype),
 1606   TEST_AUTHENTICATE(truncated_1),
 1607   TEST_AUTHENTICATE(truncated_2),
 1608   TEST_AUTHENTICATE(tooshort_1),
 1609   TEST_AUTHENTICATE(badcontent),
 1610   TEST_AUTHENTICATE(badsig_1),
 1611   TEST_AUTHENTICATE_ED(badsig_1),
 1612   TEST_AUTHENTICATE_ED(missing_ed_id),
 1613   TEST_AUTHENTICATE_ED(missing_ed_auth),
 1614   //TEST_AUTHENTICATE(),
 1615 
 1616   END_OF_TESTCASES
 1617 };