"Fossies" - the Fresh Open Source Software Archive

Member "tor-0.4.1.6/src/test/test_tortls.c" (10 Jun 2019, 17035 Bytes) of package /linux/misc/tor-0.4.1.6.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "test_tortls.c": 0.4.0.5_vs_0.4.1.5.

    1 /* Copyright (c) 2010-2019, The Tor Project, Inc. */
    2 /* See LICENSE for licensing information */
    3 
    4 #define TORTLS_PRIVATE
    5 #define TOR_X509_PRIVATE
    6 #define LOG_PRIVATE
    7 #include "orconfig.h"
    8 
    9 #ifdef _WIN32
   10 #include <winsock2.h>
   11 #endif
   12 #include <math.h>
   13 #include <stddef.h>
   14 
   15 #include "lib/cc/compat_compiler.h"
   16 
   17 #include "core/or/or.h"
   18 #include "lib/log/log.h"
   19 #include "app/config/config.h"
   20 #include "lib/crypt_ops/compat_openssl.h"
   21 #include "lib/tls/x509.h"
   22 #include "lib/tls/x509_internal.h"
   23 #include "lib/tls/tortls.h"
   24 #include "lib/tls/tortls_st.h"
   25 #include "lib/tls/tortls_internal.h"
   26 #include "lib/encoding/pem.h"
   27 #include "app/config/or_state_st.h"
   28 
   29 #include "test/test.h"
   30 #include "test/log_test_helpers.h"
   31 #include "test/test_tortls.h"
   32 
   33 #include "tinytest.h"
   34 
   35 const char* notCompletelyValidCertString =
   36   "-----BEGIN CERTIFICATE-----\n"
   37   "MIICVjCCAb8CAg37MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG\n"
   38   "A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE\n"
   39   "MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl\n"
   40   "YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw\n"
   41   "ODIyMDUyNzIzWhcNMTcwODIxMDUyNzIzWjBKMQswCQYDVQQGEwJKUDEOMAwGA1UE\n"
   42   "CAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBs\n"
   43   "ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYBBrx5PlP0WNI/ZdzD\n"
   44   "+6Pktmurn+F2kQYbtc7XQh8/LTBvCo+P6iZoLEmUA9e7EXLRxgU1CVqeAi7QcAn9\n"
   45   "MwBlc8ksFJHB0rtf9pmf8Oza9E0Bynlq/4/Kb1x+d+AyhL7oK9tQwB24uHOueHi1\n"
   46   "C/iVv8CSWKiYe6hzN1txYe8rAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAASPdjigJ\n"
   47   "kXCqKWpnZ/Oc75EUcMi6HztaW8abUMlYXPIgkV2F7YanHOB7K4f7OOLjiz8DTPFf\n"
   48   "jC9UeuErhaA/zzWi8ewMTFZW/WshOrm3fNvcMrMLKtH534JKvcdMg6qIdjTFINIr\n"
   49   "evnAhf0cwULaebn+lMs8Pdl7y37+sfluVok=\n"
   50   "-----END CERTIFICATE-----\n";
   51 
   52 const char* validCertString = "-----BEGIN CERTIFICATE-----\n"
   53   "MIIDpTCCAY0CAg3+MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVTMREwDwYD\n"
   54   "VQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzEUMBIGA1UECgwLVG9yIFRl\n"
   55   "c3RpbmcxFDASBgNVBAMMC1RvciBUZXN0aW5nMB4XDTE1MDkwNjEzMzk1OVoXDTQz\n"
   56   "MDEyMjEzMzk1OVowVjELMAkGA1UEBhMCVVMxEDAOBgNVBAcMB0NoaWNhZ28xFDAS\n"
   57   "BgNVBAoMC1RvciBUZXN0aW5nMR8wHQYDVQQDDBZ0ZXN0aW5nLnRvcnByb2plY3Qu\n"
   58   "b3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoT6uyVVhWyOF3wkHjjYbd\n"
   59   "nKaykyRv4JVtKQdZ4OpEErmX1zw4MmyzpQNV6iR4bQnWiyLfzyVJMZDIC/WILBfX\n"
   60   "w2Pza/yuLgUvDc3twMuhOACzOQVO8PrEF/aVv2+hbCCy2udXvKhnYn+CCXl3ozc8\n"
   61   "XcKYvujTXDyvGWY3xwAjlQIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQCUvnhzQWuQ\n"
   62   "MrN+pERkE+zcTI/9dGS90rUMMLgu8VDNqTa0TUQh8uO0EQ6uDvI8Js6e8tgwS0BR\n"
   63   "UBahqb7ZHv+rejGCBr5OudqD+x4STiiuPNJVs86JTLN8SpM9CHjIBH5WCCN2KOy3\n"
   64   "mevNoRcRRyYJzSFULCunIK6FGulszigMYGscrO4oiTkZiHPh9KvWT40IMiHfL+Lw\n"
   65   "EtEWiLex6064LcA2YQ1AMuSZyCexks63lcfaFmQbkYOKqXa1oLkIRuDsOaSVjTfe\n"
   66   "vec+X6jvf12cFTKS5WIeqkKF2Irt+dJoiHEGTe5RscUMN/f+gqHPzfFz5dR23sxo\n"
   67   "g+HC6MZHlFkLAOx3wW6epPS8A/m1mw3zMPoTnb2U2YYt8T0dJMMlUn/7Y1sEAa+a\n"
   68   "dSTMaeUf6VnJ//11m454EZl1to9Z7oJOgqmFffSrdD4BGIWe8f7hhW6L1Enmqe/J\n"
   69   "BKL3wbzZh80O1W0bndAwhnEEhlzneFY84cbBo9pmVxpODHkUcStpr5Z7pBDrcL21\n"
   70   "Ss/aB/1YrsVXhdvJdOGxl3Mnl9dUY57CympLGlT8f0pPS6GAKOelECOhFMHmJd8L\n"
   71   "dj3XQSmKtYHevZ6IvuMXSlB/fJvSjSlkCuLo5+kJoaqPuRu+i/S1qxeRy3CBwmnE\n"
   72   "LdSNdcX4N79GQJ996PA8+mUCQG7YRtK+WA==\n"
   73   "-----END CERTIFICATE-----\n";
   74 
   75 const char* caCertString = "-----BEGIN CERTIFICATE-----\n"
   76   "MIIFjzCCA3egAwIBAgIJAKd5WgyfPMYRMA0GCSqGSIb3DQEBCwUAMF4xCzAJBgNV\n"
   77   "BAYTAlVTMREwDwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzEUMBIG\n"
   78   "A1UECgwLVG9yIFRlc3RpbmcxFDASBgNVBAMMC1RvciBUZXN0aW5nMB4XDTE1MDkw\n"
   79   "NjEzMzc0MVoXDTQzMDEyMjEzMzc0MVowXjELMAkGA1UEBhMCVVMxETAPBgNVBAgM\n"
   80   "CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRQwEgYDVQQKDAtUb3IgVGVzdGlu\n"
   81   "ZzEUMBIGA1UEAwwLVG9yIFRlc3RpbmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\n"
   82   "ggIKAoICAQCpLMUEiLW5leUgBZoEJms2V7lZRhIAjnJBhVMHD0e3UubNknmaQoxf\n"
   83   "ARz3rvqOaRd0JlV+qM9qE0DjiYcCVP1cAfqAo9d83uS1vwY3YMVJzADlaIiHfyVW\n"
   84   "uEgBy0vvkeUBqaua24dYlcwsemOiXYLu41yM1wkcGHW1AhBNHppY6cznb8TyLgNM\n"
   85   "2x3SGUdzc5XMyAFx51faKGBA3wjs+Hg1PLY7d30nmCgEOBavpm5I1disM/0k+Mcy\n"
   86   "YmAKEo/iHJX/rQzO4b9znP69juLlR8PDBUJEVIG/CYb6+uw8MjjUyiWXYoqfVmN2\n"
   87   "hm/lH8b6rXw1a2Aa3VTeD0DxaWeacMYHY/i01fd5n7hCoDTRNdSw5KJ0L3Z0SKTu\n"
   88   "0lzffKzDaIfyZGlpW5qdouACkWYzsaitQOePVE01PIdO30vUfzNTFDfy42ccx3Di\n"
   89   "59UCu+IXB+eMtrBfsok0Qc63vtF1linJgjHW1z/8ujk8F7/qkOfODhk4l7wngc2A\n"
   90   "EmwWFIFoGaiTEZHB9qteXr4unbXZ0AHpM02uGGwZEGohjFyebEb73M+J57WKKAFb\n"
   91   "PqbLcGUksL1SHNBNAJcVLttX55sO4nbidOS/kA3m+F1R04MBTyQF9qA6YDDHqdI3\n"
   92   "h/3pw0Z4fxVouTYT4/NfRnX4JTP4u+7Mpcoof28VME0qWqD1LnRhFQIDAQABo1Aw\n"
   93   "TjAdBgNVHQ4EFgQUMoAgIXH7pZ3QMRwTjT+DM9Yo/v0wHwYDVR0jBBgwFoAUMoAg\n"
   94   "IXH7pZ3QMRwTjT+DM9Yo/v0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC\n"
   95   "AgEAUJxacjXR9sT+Xs6ISFiUsyd0T6WVKMnV46xrYJHirGfx+krWHrjxMY+ZtxYD\n"
   96   "DBDGlo11Qc4v6QrclNf5QUBfIiGQsP9Cm6hHcQ+Tpg9HHCgSqG1YNPwCPReCR4br\n"
   97   "BLvLfrfkcBL2IWM0PdQdCze+59DBfipsULD2mEn9fjYRXQEwb2QWtQ9qRc20Yb/x\n"
   98   "Q4b/+CvUodLkaq7B8MHz0BV8HHcBoph6DYaRmO/N+hPauIuSp6XyaGYcEefGKVKj\n"
   99   "G2+fcsdyXsoijNdL8vNKwm4j2gVwCBnw16J00yfFoV46YcbfqEdJB2je0XSvwXqt\n"
  100   "14AOTngxso2h9k9HLtrfpO1ZG/B5AcCMs1lzbZ2fp5DPHtjvvmvA2RJqgo3yjw4W\n"
  101   "4DHAuTglYFlC3mDHNfNtcGP20JvepcQNzNP2UzwcpOc94hfKikOFw+gf9Vf1qd0y\n"
  102   "h/Sk6OZHn2+JVUPiWHIQV98Vtoh4RmUZDJD+b55ia3fQGTGzt4z1XFzQYSva5sfs\n"
  103   "wocS/papthqWldQU7x+3wofNd5CNU1x6WKXG/yw30IT/4F8ADJD6GeygNT8QJYvt\n"
  104   "u/8lAkbOy6B9xGmSvr0Kk1oq9P2NshA6kalxp1Oz/DTNDdL4AeBXV3JmM6WWCjGn\n"
  105   "Yy1RT69d0rwYc5u/vnqODz1IjvT90smsrkBumGt791FAFeg=\n"
  106   "-----END CERTIFICATE-----\n";
  107 
  108 tor_x509_cert_impl_t *
  109 read_cert_from(const char *str)
  110 {
  111   size_t len = strlen(str);
  112   uint8_t *raw_cert = tor_malloc(len);
  113   ssize_t true_len = pem_decode(raw_cert, len, str, len, "CERTIFICATE");
  114   if (true_len < 0) {
  115     tor_free(raw_cert);
  116     return NULL;
  117   }
  118   tor_x509_cert_t *cert = tor_x509_cert_decode(raw_cert, true_len);
  119   tor_free(raw_cert);
  120   if (! cert) {
  121     return NULL;
  122   }
  123   tor_x509_cert_impl_t *res = tor_x509_cert_impl_dup_(cert->cert);
  124   tor_x509_cert_free(cert);
  125   return res;
  126 }
  127 
  128 static tor_x509_cert_impl_t *
  129   fixed_try_to_extract_certs_from_tls_cert_out_result = NULL;
  130 static tor_x509_cert_impl_t *
  131   fixed_try_to_extract_certs_from_tls_id_cert_out_result = NULL;
  132 
  133 static void
  134 fixed_try_to_extract_certs_from_tls(int severity, tor_tls_t *tls,
  135                                     tor_x509_cert_impl_t **cert_out,
  136                                     tor_x509_cert_impl_t **id_cert_out)
  137 {
  138   (void) severity;
  139   (void) tls;
  140   *cert_out = tor_x509_cert_impl_dup_(
  141                       fixed_try_to_extract_certs_from_tls_cert_out_result);
  142   *id_cert_out =  tor_x509_cert_impl_dup_(
  143                       fixed_try_to_extract_certs_from_tls_id_cert_out_result);
  144 }
  145 
  146 static void
  147 test_tortls_errno_to_tls_error(void *data)
  148 {
  149   (void) data;
  150   tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNRESET)),OP_EQ,
  151             TOR_TLS_ERROR_CONNRESET);
  152   tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ETIMEDOUT)),OP_EQ,
  153             TOR_TLS_ERROR_TIMEOUT);
  154   tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(EHOSTUNREACH)),OP_EQ,
  155             TOR_TLS_ERROR_NO_ROUTE);
  156   tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ENETUNREACH)),OP_EQ,
  157             TOR_TLS_ERROR_NO_ROUTE);
  158   tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNREFUSED)),OP_EQ,
  159             TOR_TLS_ERROR_CONNREFUSED);
  160   tt_int_op(tor_errno_to_tls_error(0),OP_EQ,TOR_TLS_ERROR_MISC);
  161  done:
  162   (void)1;
  163 }
  164 
  165 static void
  166 test_tortls_err_to_string(void *data)
  167 {
  168   (void) data;
  169   tt_str_op(tor_tls_err_to_string(1),OP_EQ,"[Not an error.]");
  170   tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_MISC),OP_EQ,"misc error");
  171   tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_IO),OP_EQ,"unexpected close");
  172   tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNREFUSED),OP_EQ,
  173             "connection refused");
  174   tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNRESET),OP_EQ,
  175             "connection reset");
  176   tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_NO_ROUTE),OP_EQ,
  177             "host unreachable");
  178   tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_TIMEOUT),OP_EQ,
  179             "connection timed out");
  180   tt_str_op(tor_tls_err_to_string(TOR_TLS_CLOSE),OP_EQ,"closed");
  181   tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTREAD),OP_EQ,"want to read");
  182   tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTWRITE),OP_EQ,"want to write");
  183   tt_str_op(tor_tls_err_to_string(-100),OP_EQ,"(unknown error code)");
  184  done:
  185   (void)1;
  186 }
  187 
  188 #ifdef ENABLE_OPENSSL
  189 static int
  190 mock_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert)
  191 {
  192   (void) tls;
  193   (void) cert; // XXXX look at this.
  194   return 1;
  195 }
  196 
  197 static void
  198 test_tortls_tor_tls_get_error(void *data)
  199 {
  200   (void) data;
  201   MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
  202   crypto_pk_t *key1 = NULL, *key2 = NULL;
  203   key1 = pk_generate(2);
  204   key2 = pk_generate(3);
  205 
  206   tor_tls_t *tls = NULL;
  207   tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
  208                                  key1, key2, 86400), OP_EQ, 0);
  209   tls = tor_tls_new(-1, 0);
  210   setup_capture_of_logs(LOG_WARN);
  211   tor_tls_get_error(tls, 0, 0,
  212                     (const char *)"in unit test", LOG_WARN, LD_GENERAL);
  213   expect_single_log_msg_containing("unexpected close while in unit test");
  214 
  215  done:
  216   UNMOCK(tor_tls_cert_matches_key);
  217   NS_UNMOCK(logv);
  218   crypto_pk_free(key1);
  219   crypto_pk_free(key2);
  220   tor_tls_free(tls);
  221 }
  222 #endif /* defined(ENABLE_OPENSSL) */
  223 
  224 static void
  225 test_tortls_x509_cert_get_id_digests(void *ignored)
  226 {
  227   (void)ignored;
  228   tor_x509_cert_t *cert;
  229   common_digests_t *d;
  230   const common_digests_t *res;
  231   cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
  232   d = tor_malloc_zero(sizeof(common_digests_t));
  233   d->d[0][0] = 42;
  234 
  235   res = tor_x509_cert_get_id_digests(cert);
  236   tt_assert(!res);
  237 
  238   cert->pkey_digests_set = 1;
  239   cert->pkey_digests = *d;
  240   res = tor_x509_cert_get_id_digests(cert);
  241   tt_assert(res);
  242   tt_int_op(res->d[0][0], OP_EQ, 42);
  243 
  244  done:
  245   tor_free(cert);
  246   tor_free(d);
  247 }
  248 
  249 static void
  250 test_tortls_get_my_certs(void *ignored)
  251 {
  252   (void)ignored;
  253   int ret;
  254   tor_tls_context_t *ctx;
  255   const tor_x509_cert_t *link_cert_out = NULL;
  256   const tor_x509_cert_t *id_cert_out = NULL;
  257 
  258   ctx = tor_malloc_zero(sizeof(tor_tls_context_t));
  259 
  260   client_tls_context = NULL;
  261   ret = tor_tls_get_my_certs(0, NULL, NULL);
  262   tt_int_op(ret, OP_EQ, -1);
  263 
  264   server_tls_context = NULL;
  265   ret = tor_tls_get_my_certs(1, NULL, NULL);
  266   tt_int_op(ret, OP_EQ, -1);
  267 
  268   client_tls_context = ctx;
  269   ret = tor_tls_get_my_certs(0, NULL, NULL);
  270   tt_int_op(ret, OP_EQ, 0);
  271 
  272   client_tls_context = ctx;
  273   ret = tor_tls_get_my_certs(0, &link_cert_out, &id_cert_out);
  274   tt_int_op(ret, OP_EQ, 0);
  275 
  276   server_tls_context = ctx;
  277   ret = tor_tls_get_my_certs(1, &link_cert_out, &id_cert_out);
  278   tt_int_op(ret, OP_EQ, 0);
  279 
  280  done:
  281   (void)1;
  282 }
  283 
  284 #ifdef ENABLE_OPENSSL
  285 static void
  286 test_tortls_get_forced_write_size(void *ignored)
  287 {
  288   (void)ignored;
  289   long ret;
  290   tor_tls_t *tls;
  291 
  292   tls = tor_malloc_zero(sizeof(tor_tls_t));
  293 
  294   tls->wantwrite_n = 43;
  295   ret = tor_tls_get_forced_write_size(tls);
  296   tt_int_op(ret, OP_EQ, 43);
  297 
  298  done:
  299   tor_free(tls);
  300 }
  301 
  302 static void
  303 test_tortls_used_v1_handshake(void *ignored)
  304 {
  305   (void)ignored;
  306   int ret;
  307   tor_tls_t *tls;
  308   tls = tor_malloc_zero(sizeof(tor_tls_t));
  309 
  310   // These tests assume both V2 handshake server and client are enabled
  311   tls->wasV2Handshake = 0;
  312   ret = tor_tls_used_v1_handshake(tls);
  313   tt_int_op(ret, OP_EQ, 1);
  314 
  315   tls->wasV2Handshake = 1;
  316   ret = tor_tls_used_v1_handshake(tls);
  317   tt_int_op(ret, OP_EQ, 0);
  318 
  319  done:
  320   tor_free(tls);
  321 }
  322 
  323 static void
  324 test_tortls_server_got_renegotiate(void *ignored)
  325 {
  326   (void)ignored;
  327   int ret;
  328   tor_tls_t *tls;
  329 
  330   tls = tor_malloc_zero(sizeof(tor_tls_t));
  331 
  332   tls->got_renegotiate = 1;
  333   ret = tor_tls_server_got_renegotiate(tls);
  334   tt_int_op(ret, OP_EQ, 1);
  335 
  336  done:
  337   tor_free(tls);
  338 }
  339 #endif /* defined(ENABLE_OPENSSL) */
  340 
  341 static void
  342 test_tortls_evaluate_ecgroup_for_tls(void *ignored)
  343 {
  344   (void)ignored;
  345   int ret;
  346 
  347   ret = evaluate_ecgroup_for_tls(NULL);
  348   tt_int_op(ret, OP_EQ, 1);
  349 
  350   ret = evaluate_ecgroup_for_tls("foobar");
  351   tt_int_op(ret, OP_EQ, 0);
  352 
  353   ret = evaluate_ecgroup_for_tls("P256");
  354   tt_int_op(ret, OP_EQ, 1);
  355 
  356   ret = evaluate_ecgroup_for_tls("P224");
  357   //  tt_int_op(ret, OP_EQ, 1); This varies between machines
  358   tt_assert(ret == 0 || ret == 1);
  359 
  360  done:
  361   (void)0;
  362 }
  363 
  364 static void
  365 test_tortls_double_init(void *arg)
  366 {
  367   (void) arg;
  368   /* If we call tor_tls_context_init() a second time, nothing should go
  369    * wrong.
  370    */
  371   crypto_pk_t *pk1 = NULL, *pk2 = NULL;
  372   pk1 = pk_generate(2);
  373   pk2 = pk_generate(0);
  374 
  375   int r = tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
  376                                pk1, pk2, 86400);
  377   tt_int_op(r, OP_EQ, 0);
  378 
  379   r = tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
  380                                pk2, pk1, 86400);
  381   tt_int_op(r, OP_EQ, 0);
  382   /* For a public server context, these are the same */
  383   tt_ptr_op(tor_tls_context_get(0), OP_EQ, tor_tls_context_get(1));
  384 
  385  done:
  386   crypto_pk_free(pk1);
  387   crypto_pk_free(pk2);
  388 }
  389 
  390 static void
  391 test_tortls_bridge_init(void *arg)
  392 {
  393   (void)arg;
  394   crypto_pk_t *pk1 = NULL, *pk2 = NULL;
  395   pk1 = pk_generate(2);
  396   pk2 = pk_generate(0);
  397 
  398   /* If we pass in a server identity key but not the
  399      TOR_TLS_CTX_IS_PUBLIC_SERVER flag, we should get a bridge-style
  400      configuration, with two distinct contexts. */
  401   int r = tor_tls_context_init(0 /* flags */, pk1, pk2, 86400);
  402 
  403   tt_int_op(r, OP_EQ, 0);
  404   tt_ptr_op(tor_tls_context_get(0), OP_NE, tor_tls_context_get(1));
  405  done:
  406   crypto_pk_free(pk1);
  407   crypto_pk_free(pk2);
  408 }
  409 
  410 static void
  411 test_tortls_address(void *arg)
  412 {
  413   (void)arg;
  414   tor_tls_t *tls = NULL;
  415   crypto_pk_t *pk1=NULL, *pk2=NULL;
  416   pk1 = pk_generate(2);
  417   pk2 = pk_generate(0);
  418 
  419   int r = tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
  420                                pk1, pk2, 86400);
  421   tt_int_op(r, OP_EQ, 0);
  422 
  423   tls = tor_tls_new(-1, 0);
  424   tls->state = TOR_TLS_ST_OPEN;
  425   tor_tls_set_logged_address(tls, "zombo.com");
  426 
  427   /* This write should fail, since the fd is -1. */
  428   setup_capture_of_logs(LOG_INFO);
  429   int n = tor_tls_write(tls, "welcome", 7);
  430   tt_int_op(n, OP_LT, 0);
  431   expect_log_msg_containing("with zombo.com");
  432 
  433  done:
  434   teardown_capture_of_logs();
  435   tor_tls_free(tls);
  436   crypto_pk_free(pk1);
  437   crypto_pk_free(pk2);
  438 }
  439 
  440 static void
  441 test_tortls_is_server(void *arg)
  442 {
  443   (void)arg;
  444   crypto_pk_t *pk1=NULL, *pk2=NULL;
  445   tor_tls_t *tls1=NULL, *tls2=NULL;
  446   pk1 = pk_generate(2);
  447   pk2 = pk_generate(0);
  448 
  449   int r = tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
  450                                pk1, pk2, 86400);
  451   tt_int_op(r, OP_EQ, 0);
  452   tls1 = tor_tls_new(-1, 0);
  453   tls2 = tor_tls_new(-1, 1);
  454 
  455   tt_assert(! tor_tls_is_server(tls1));
  456   tt_assert(tor_tls_is_server(tls2));
  457 
  458  done:
  459   tor_tls_free(tls1);
  460   tor_tls_free(tls2);
  461   crypto_pk_free(pk1);
  462   crypto_pk_free(pk2);
  463 }
  464 
  465 static void
  466 test_tortls_verify(void *ignored)
  467 {
  468   (void)ignored;
  469   int ret;
  470   tor_tls_t *tls;
  471   crypto_pk_t *k = NULL;
  472   tor_x509_cert_impl_t *cert1 = NULL, *cert2 = NULL, *invalidCert = NULL,
  473     *validCert = NULL, *caCert = NULL;
  474 
  475   validCert = read_cert_from(validCertString);
  476   caCert = read_cert_from(caCertString);
  477   invalidCert = read_cert_from(notCompletelyValidCertString);
  478 
  479   tls = tor_malloc_zero(sizeof(tor_tls_t));
  480 
  481   MOCK(try_to_extract_certs_from_tls, fixed_try_to_extract_certs_from_tls);
  482 
  483   fixed_try_to_extract_certs_from_tls_cert_out_result = cert1;
  484   ret = tor_tls_verify(LOG_WARN, tls, &k);
  485   tt_int_op(ret, OP_EQ, -1);
  486 
  487   fixed_try_to_extract_certs_from_tls_id_cert_out_result = cert2;
  488   ret = tor_tls_verify(LOG_WARN, tls, &k);
  489   tt_int_op(ret, OP_EQ, -1);
  490 
  491   fixed_try_to_extract_certs_from_tls_cert_out_result = invalidCert;
  492   fixed_try_to_extract_certs_from_tls_id_cert_out_result = invalidCert;
  493 
  494   ret = tor_tls_verify(LOG_WARN, tls, &k);
  495   tt_int_op(ret, OP_EQ, -1);
  496 
  497   fixed_try_to_extract_certs_from_tls_cert_out_result = validCert;
  498   fixed_try_to_extract_certs_from_tls_id_cert_out_result = caCert;
  499 
  500   ret = tor_tls_verify(LOG_WARN, tls, &k);
  501   tt_int_op(ret, OP_EQ, 0);
  502   tt_assert(k);
  503 
  504  done:
  505   UNMOCK(try_to_extract_certs_from_tls);
  506   tor_x509_cert_impl_free(cert1);
  507   tor_x509_cert_impl_free(cert2);
  508   tor_x509_cert_impl_free(validCert);
  509   tor_x509_cert_impl_free(invalidCert);
  510   tor_x509_cert_impl_free(caCert);
  511 
  512   tor_free(tls);
  513   crypto_pk_free(k);
  514 }
  515 
  516 #define LOCAL_TEST_CASE(name, flags)                            \
  517   { #name, test_tortls_##name, (flags|TT_FORK), NULL, NULL }
  518 
  519 struct testcase_t tortls_tests[] = {
  520   LOCAL_TEST_CASE(errno_to_tls_error, 0),
  521   LOCAL_TEST_CASE(err_to_string, 0),
  522   LOCAL_TEST_CASE(x509_cert_get_id_digests, 0),
  523   LOCAL_TEST_CASE(get_my_certs, TT_FORK),
  524 #ifdef ENABLE_OPENSSL
  525   LOCAL_TEST_CASE(tor_tls_get_error, 0),
  526   LOCAL_TEST_CASE(get_forced_write_size, 0),
  527   LOCAL_TEST_CASE(used_v1_handshake, TT_FORK),
  528   LOCAL_TEST_CASE(server_got_renegotiate, 0),
  529 #endif /* defined(ENABLE_OPENSSL) */
  530   LOCAL_TEST_CASE(evaluate_ecgroup_for_tls, 0),
  531   LOCAL_TEST_CASE(double_init, TT_FORK),
  532   LOCAL_TEST_CASE(address, TT_FORK),
  533   LOCAL_TEST_CASE(is_server, 0),
  534   LOCAL_TEST_CASE(bridge_init, TT_FORK),
  535   LOCAL_TEST_CASE(verify, TT_FORK),
  536   END_OF_TESTCASES
  537 };