Loading crates/tor-proto/src/channel/handshake.rs +79 −0 Original line number Diff line number Diff line Loading @@ -1519,4 +1519,83 @@ pub(crate) mod test { } }); } /// Regression tests for [`verify_link_auth_cert`]. #[cfg(feature = "relay")] mod link_auth_cert { use super::*; use crate::relay::channel::build_certs_cell; use tor_cert::CertType; fn good_certs_and_signing_key() -> (msg::Certs, Ed25519Identity) { let auth_material = fake_auth_material(); let certs = build_certs_cell(&auth_material, /* is_responder = */ false); let cert_signing = get_cert(&certs, CertType::IDENTITY_V_SIGNING).unwrap(); let (cert_signing, _sig) = cert_signing .should_have_signing_key() .unwrap() .dangerously_split() .unwrap(); let (timeliness, cert_signing) = check_cert_timeliness(cert_signing, SystemTime::get(), ClockSkew::None); timeliness.unwrap(); let kp_relaysign_ed = *cert_signing.subject_key().as_ed25519().unwrap(); (certs, kp_relaysign_ed) } /// A valid CertType 6 LINK_AUTH cert must be accepted. #[test] fn link_auth_cert_good() { let (certs, kp_relaysign_ed) = good_certs_and_signing_key(); let _ = verify_link_auth_cert( &certs, &kp_relaysign_ed, Some(SystemTime::get()), ClockSkew::None, ) .expect("valid LINK_AUTH cert was rejected by verify_link_auth_cert"); } /// A CertType 6 whose signature has been corrupted must be rejected /// with the specific `Invalid ed25519 LINK_AUTH signature in handshake` error. #[test] fn link_auth_cert_badsig() { let (good_certs, kp_relaysign_ed) = good_certs_and_signing_key(); // Flip the last byte of the CertType 6 body to break its signature, // mirroring the existing `certs_badsig` pattern above. let bad_link_auth_body = { let mut v = good_certs .cert_body(CertType::SIGNING_V_LINK_AUTH) .unwrap() .to_vec(); let last = v.len() - 1; v[last] ^= 0x10; v }; // Carry over the supporting certs unchanged and replace only // CertType 6 with the corrupted body. let mut bad_certs = msg::Certs::new_empty(); for ct in [ CertType::RSA_ID_X509, CertType::IDENTITY_V_SIGNING, CertType::RSA_ID_V_IDENTITY, ] { bad_certs.push_cert_body(ct, good_certs.cert_body(ct).unwrap().to_vec()); } bad_certs.push_cert_body(CertType::SIGNING_V_LINK_AUTH, bad_link_auth_body); let err = verify_link_auth_cert( &bad_certs, &kp_relaysign_ed, Some(SystemTime::get()), ClockSkew::None, ) .expect_err("munged LINK_AUTH cert was accepted by verify_link_auth_cert"); assert_eq!( err.to_string(), "Handshake protocol violation: Invalid ed25519 LINK_AUTH signature in handshake" ); } } } Loading
crates/tor-proto/src/channel/handshake.rs +79 −0 Original line number Diff line number Diff line Loading @@ -1519,4 +1519,83 @@ pub(crate) mod test { } }); } /// Regression tests for [`verify_link_auth_cert`]. #[cfg(feature = "relay")] mod link_auth_cert { use super::*; use crate::relay::channel::build_certs_cell; use tor_cert::CertType; fn good_certs_and_signing_key() -> (msg::Certs, Ed25519Identity) { let auth_material = fake_auth_material(); let certs = build_certs_cell(&auth_material, /* is_responder = */ false); let cert_signing = get_cert(&certs, CertType::IDENTITY_V_SIGNING).unwrap(); let (cert_signing, _sig) = cert_signing .should_have_signing_key() .unwrap() .dangerously_split() .unwrap(); let (timeliness, cert_signing) = check_cert_timeliness(cert_signing, SystemTime::get(), ClockSkew::None); timeliness.unwrap(); let kp_relaysign_ed = *cert_signing.subject_key().as_ed25519().unwrap(); (certs, kp_relaysign_ed) } /// A valid CertType 6 LINK_AUTH cert must be accepted. #[test] fn link_auth_cert_good() { let (certs, kp_relaysign_ed) = good_certs_and_signing_key(); let _ = verify_link_auth_cert( &certs, &kp_relaysign_ed, Some(SystemTime::get()), ClockSkew::None, ) .expect("valid LINK_AUTH cert was rejected by verify_link_auth_cert"); } /// A CertType 6 whose signature has been corrupted must be rejected /// with the specific `Invalid ed25519 LINK_AUTH signature in handshake` error. #[test] fn link_auth_cert_badsig() { let (good_certs, kp_relaysign_ed) = good_certs_and_signing_key(); // Flip the last byte of the CertType 6 body to break its signature, // mirroring the existing `certs_badsig` pattern above. let bad_link_auth_body = { let mut v = good_certs .cert_body(CertType::SIGNING_V_LINK_AUTH) .unwrap() .to_vec(); let last = v.len() - 1; v[last] ^= 0x10; v }; // Carry over the supporting certs unchanged and replace only // CertType 6 with the corrupted body. let mut bad_certs = msg::Certs::new_empty(); for ct in [ CertType::RSA_ID_X509, CertType::IDENTITY_V_SIGNING, CertType::RSA_ID_V_IDENTITY, ] { bad_certs.push_cert_body(ct, good_certs.cert_body(ct).unwrap().to_vec()); } bad_certs.push_cert_body(CertType::SIGNING_V_LINK_AUTH, bad_link_auth_body); let err = verify_link_auth_cert( &bad_certs, &kp_relaysign_ed, Some(SystemTime::get()), ClockSkew::None, ) .expect_err("munged LINK_AUTH cert was accepted by verify_link_auth_cert"); assert_eq!( err.to_string(), "Handshake protocol violation: Invalid ed25519 LINK_AUTH signature in handshake" ); } } }