commit 8e9392c2670d949517f688d2d7c6320251bf6117 Author: Nick Mathewson nickm@torproject.org Date: Thu Jun 1 08:56:10 2017 -0400

Repair link_handshake unit tests to mock tor_tls_get_own_cert()

The tests previously assumed that the link handshake code would be calling get_my_certs() -- when I changed it to call get_own_cert() instead for the (case 2) 22460 fix, the tests failed, since the tls connection wasn't really there.

This change makes us start mocking out the tor_tls_get_own_cert() function too.

It also corrects the behavior of the mock_get_peer_cert() function -- it should have been returning a newly allocated copy. --- src/test/test_link_handshake.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/src/test/test_link_handshake.c b/src/test/test_link_handshake.c index 6c05670..b979485 100644 --- a/src/test/test_link_handshake.c +++ b/src/test/test_link_handshake.c @@ -66,6 +66,14 @@ mock_send_authenticate(or_connection_t *conn, int type) return 0; }

+static tor_x509_cert_t *mock_own_cert = NULL; +static tor_x509_cert_t * +mock_get_own_cert(tor_tls_t *tls) +{ + (void)tls; + return tor_x509_cert_dup(mock_own_cert); +} + /* Test good certs cells */ static void test_link_handshake_certs_ok(void *arg) @@ -84,6 +92,7 @@ test_link_handshake_certs_ok(void *arg) MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key); MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell); MOCK(connection_or_send_netinfo, mock_send_netinfo); + MOCK(tor_tls_get_own_cert, mock_get_own_cert);

key1 = pk_generate(2); key2 = pk_generate(3); @@ -94,6 +103,12 @@ test_link_handshake_certs_ok(void *arg) tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER, key1, key2, 86400), ==, 0);

+ { + const tor_x509_cert_t *link = NULL; + tt_assert(!tor_tls_get_my_certs(1, &link, NULL)); + mock_own_cert = tor_x509_cert_dup(link); + } + c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3; c1->link_proto = 3; tt_int_op(connection_init_or_handshake_state(c1, 1), ==, 0); @@ -174,6 +189,9 @@ test_link_handshake_certs_ok(void *arg) UNMOCK(tor_tls_cert_matches_key); UNMOCK(connection_or_write_var_cell_to_buf); UNMOCK(connection_or_send_netinfo); + UNMOCK(tor_tls_get_own_cert); + tor_x509_cert_free(mock_own_cert); + mock_own_cert = NULL; memset(c1->identity_digest, 0, sizeof(c1->identity_digest)); memset(c2->identity_digest, 0, sizeof(c2->identity_digest)); connection_free_(TO_CONN(c1)); @@ -656,11 +674,12 @@ AUTHCHALLENGE_FAIL(nonzero_circid, d->cell->circ_id = 1337)

static tor_x509_cert_t *mock_peer_cert = NULL; + static tor_x509_cert_t * mock_get_peer_cert(tor_tls_t *tls) { (void)tls; - return mock_peer_cert; + return tor_x509_cert_dup(mock_peer_cert); }

static int @@ -694,6 +713,7 @@ authenticate_data_cleanup(const struct testcase_t *test, void *arg) (void) test; UNMOCK(connection_or_write_var_cell_to_buf); UNMOCK(tor_tls_get_peer_cert); + UNMOCK(tor_tls_get_own_cert); UNMOCK(tor_tls_get_tlssecrets); UNMOCK(connection_or_close_for_error); UNMOCK(channel_set_circid_type); @@ -710,7 +730,10 @@ authenticate_data_cleanup(const struct testcase_t *test, void *arg) crypto_pk_free(d->key2); tor_free(d); } + tor_x509_cert_free(mock_peer_cert); + tor_x509_cert_free(mock_own_cert); mock_peer_cert = NULL; + mock_own_cert = NULL;

return 1; } @@ -724,6 +747,7 @@ authenticate_data_setup(const struct testcase_t *test)

MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell); MOCK(tor_tls_get_peer_cert, mock_get_peer_cert); + MOCK(tor_tls_get_own_cert, mock_get_own_cert); MOCK(tor_tls_get_tlssecrets, mock_get_tlssecrets); MOCK(connection_or_close_for_error, mock_close_for_err); MOCK(channel_set_circid_type, mock_set_circid_type); @@ -773,6 +797,8 @@ authenticate_data_setup(const struct testcase_t *test) tor_x509_cert_get_der(link_cert, &der, &sz); mock_peer_cert = tor_x509_cert_decode(der, sz); tt_assert(mock_peer_cert); + mock_own_cert = tor_x509_cert_decode(der, sz); + tt_assert(mock_own_cert); tt_assert(! tor_tls_get_my_certs(0, &auth_cert, &id_cert)); tor_x509_cert_get_der(auth_cert, &der, &sz); d->c2->handshake_state->auth_cert = tor_x509_cert_decode(der, sz);