diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2023-07-04 14:34:10 +0200 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2023-07-04 14:34:10 +0200 |
commit | 9a0b6cb59596b66ec796647f788c8d08170da69a (patch) | |
tree | 7e59b74a5cb751d22d0c2d02b49faaa42db9b29f /src/gnsrecord | |
parent | b195b613458c987787f7a0ec4de7e1cbabe02fa4 (diff) | |
download | gnunet-9a0b6cb59596b66ec796647f788c8d08170da69a.tar.gz gnunet-9a0b6cb59596b66ec796647f788c8d08170da69a.zip |
GNS: Dog-food even more of our TVs
Diffstat (limited to 'src/gnsrecord')
-rw-r--r-- | src/gnsrecord/test_gnsrecord_testvectors.c | 156 |
1 files changed, 152 insertions, 4 deletions
diff --git a/src/gnsrecord/test_gnsrecord_testvectors.c b/src/gnsrecord/test_gnsrecord_testvectors.c index 139eda58c..af91518ac 100644 --- a/src/gnsrecord/test_gnsrecord_testvectors.c +++ b/src/gnsrecord/test_gnsrecord_testvectors.c | |||
@@ -3,6 +3,7 @@ | |||
3 | #include "gnunet_gns_service.h" | 3 | #include "gnunet_gns_service.h" |
4 | #include "gnunet_gnsrecord_lib.h" | 4 | #include "gnunet_gnsrecord_lib.h" |
5 | #include <inttypes.h> | 5 | #include <inttypes.h> |
6 | #include "gnsrecord_crypto.h" | ||
6 | 7 | ||
7 | int res; | 8 | int res; |
8 | 9 | ||
@@ -12,10 +13,13 @@ struct GnsTv | |||
12 | struct GNUNET_GNSRECORD_Data expected_rd[2048]; | 13 | struct GNUNET_GNSRECORD_Data expected_rd[2048]; |
13 | char *d; | 14 | char *d; |
14 | char *zid; | 15 | char *zid; |
16 | char *ztld; | ||
15 | char *label; | 17 | char *label; |
16 | char *q; | 18 | char *q; |
17 | char *rdata; | 19 | char *rdata; |
18 | char *rrblock; | 20 | char *rrblock; |
21 | char *k; | ||
22 | char *nonce; | ||
19 | }; | 23 | }; |
20 | 24 | ||
21 | /** The first tests is from the Go implementation. | 25 | /** The first tests is from the Go implementation. |
@@ -34,6 +38,7 @@ struct GnsTv tvs[] = { | |||
34 | "f9 6d 84 ff 61 f5 98 2c" | 38 | "f9 6d 84 ff 61 f5 98 2c" |
35 | "2c 4f e0 2d 5a 11 fe df" | 39 | "2c 4f e0 2d 5a 11 fe df" |
36 | "b0 c2 90 1f", | 40 | "b0 c2 90 1f", |
41 | .ztld = "000G0037FH3QTBCK15Y8BCCNRVWPV17ZC7TSGB1C9ZG2TPGHZVFV1GMG3W", | ||
37 | .label = "74 65 73 74 64 65 6c 65" | 42 | .label = "74 65 73 74 64 65 6c 65" |
38 | "67 61 74 69 6f 6e", | 43 | "67 61 74 69 6f 6e", |
39 | .q = | 44 | .q = |
@@ -45,6 +50,14 @@ struct GnsTv tvs[] = { | |||
45 | "b0 f7 ec 9a f1 cc 42 64" | 50 | "b0 f7 ec 9a f1 cc 42 64" |
46 | "12 99 40 6b 04 fd 9b 5b" | 51 | "12 99 40 6b 04 fd 9b 5b" |
47 | "57 91 f8 6c 4b 08 d5 f4", | 52 | "57 91 f8 6c 4b 08 d5 f4", |
53 | .nonce = | ||
54 | "e9 0a 00 61 00 1c ee 8c" | ||
55 | "10 e2 59 80 00 00 00 01", | ||
56 | .k = | ||
57 | "86 4e 71 38 ea e7 fd 91" | ||
58 | "a3 01 36 89 9c 13 2b 23" | ||
59 | "ac eb db 2c ef 43 cb 19" | ||
60 | "f6 bf 55 b6 7d b9 b3 b3", | ||
48 | .rdata = | 61 | .rdata = |
49 | "00 1c ee 8c 10 e2 59 80" | 62 | "00 1c ee 8c 10 e2 59 80" |
50 | "00 20 00 01 00 01 00 00" | 63 | "00 20 00 01 00 01 00 00" |
@@ -84,9 +97,18 @@ struct GnsTv tvs[] = { | |||
84 | "f9 6d 84 ff 61 f5 98 2c" | 97 | "f9 6d 84 ff 61 f5 98 2c" |
85 | "2c 4f e0 2d 5a 11 fe df" | 98 | "2c 4f e0 2d 5a 11 fe df" |
86 | "b0 c2 90 1f", | 99 | "b0 c2 90 1f", |
100 | .ztld = "000G0037FH3QTBCK15Y8BCCNRVWPV17ZC7TSGB1C9ZG2TPGHZVFV1GMG3W", | ||
87 | .label = | 101 | .label = |
88 | "e5 a4 a9 e4 b8 8b e7 84" | 102 | "e5 a4 a9 e4 b8 8b e7 84" |
89 | "a1 e6 95 b5", | 103 | "a1 e6 95 b5", |
104 | .nonce = | ||
105 | "ee 96 33 c1 00 1c ee 8c" | ||
106 | "10 e2 59 80 00 00 00 01", | ||
107 | .k = | ||
108 | "fb 3a b5 de 23 bd da e1" | ||
109 | "99 7a af 7b 92 c2 d2 71" | ||
110 | "51 40 8b 77 af 7a 41 ac" | ||
111 | "79 05 7c 4d f5 38 3d 01", | ||
90 | .q = | 112 | .q = |
91 | "af f0 ad 6a 44 09 73 68" | 113 | "af f0 ad 6a 44 09 73 68" |
92 | "42 9a c4 76 df a1 f3 4b" | 114 | "42 9a c4 76 df a1 f3 4b" |
@@ -155,9 +177,19 @@ struct GnsTv tvs[] = { | |||
155 | "53 b8 5d 93 b0 47 b6 3d" | 177 | "53 b8 5d 93 b0 47 b6 3d" |
156 | "44 6c 58 45 cb 48 44 5d" | 178 | "44 6c 58 45 cb 48 44 5d" |
157 | "db 96 68 8f", | 179 | "db 96 68 8f", |
180 | .ztld = "000G051WYJWJ80S04BRDRM2R2H9VGQCKP13VCFA4DHC4BJT88HEXQ5K8HW", | ||
158 | .label = | 181 | .label = |
159 | "74 65 73 74 64 65 6c 65" | 182 | "74 65 73 74 64 65 6c 65" |
160 | "67 61 74 69 6f 6e", | 183 | "67 61 74 69 6f 6e", |
184 | .nonce = | ||
185 | "98 13 2e a8 68 59 d3 5c" | ||
186 | "88 bf d3 17 fa 99 1b cb" | ||
187 | "00 1c ee 8c 10 e2 59 80", | ||
188 | .k = | ||
189 | "85 c4 29 a9 56 7a a6 33" | ||
190 | "41 1a 96 91 e9 09 4c 45" | ||
191 | "28 16 72 be 58 60 34 aa" | ||
192 | "e4 a2 a2 cc 71 61 59 e2", | ||
161 | .q = | 193 | .q = |
162 | "ab aa ba c0 e1 24 94 59" | 194 | "ab aa ba c0 e1 24 94 59" |
163 | "75 98 83 95 aa c0 24 1e" | 195 | "75 98 83 95 aa c0 24 1e" |
@@ -208,9 +240,19 @@ struct GnsTv tvs[] = { | |||
208 | "53 b8 5d 93 b0 47 b6 3d" | 240 | "53 b8 5d 93 b0 47 b6 3d" |
209 | "44 6c 58 45 cb 48 44 5d" | 241 | "44 6c 58 45 cb 48 44 5d" |
210 | "db 96 68 8f", | 242 | "db 96 68 8f", |
243 | .ztld = "000G051WYJWJ80S04BRDRM2R2H9VGQCKP13VCFA4DHC4BJT88HEXQ5K8HW", | ||
211 | .label = | 244 | .label = |
212 | "e5 a4 a9 e4 b8 8b e7 84" | 245 | "e5 a4 a9 e4 b8 8b e7 84" |
213 | "a1 e6 95 b5", | 246 | "a1 e6 95 b5", |
247 | .nonce = | ||
248 | "bb 0d 3f 0f bd 22 42 77" | ||
249 | "50 da 5d 69 12 16 e6 c9" | ||
250 | "00 1c ee 8c 10 e2 59 80", | ||
251 | .k = | ||
252 | "3d f8 05 bd 66 87 aa 14" | ||
253 | "20 96 28 c2 44 b1 11 91" | ||
254 | "88 c3 92 56 37 a4 1e 5d" | ||
255 | "76 49 6c 29 45 dc 37 7b", | ||
214 | .q = | 256 | .q = |
215 | "ba f8 21 77 ee c0 81 e0" | 257 | "ba f8 21 77 ee c0 81 e0" |
216 | "74 a7 da 47 ff c6 48 77" | 258 | "74 a7 da 47 ff c6 48 77" |
@@ -399,6 +441,80 @@ res_checker (void *cls, | |||
399 | } | 441 | } |
400 | 442 | ||
401 | 443 | ||
444 | enum GNUNET_GenericReturnValue | ||
445 | check_derivations_edkey (const char*label, | ||
446 | struct GNUNET_TIME_Absolute expire, | ||
447 | struct GNUNET_IDENTITY_PublicKey *pub, | ||
448 | struct GnsTv *tv) | ||
449 | { | ||
450 | unsigned char nonce[crypto_secretbox_NONCEBYTES]; | ||
451 | unsigned char skey[crypto_secretbox_KEYBYTES]; | ||
452 | unsigned char nonce_expected[crypto_secretbox_NONCEBYTES]; | ||
453 | unsigned char skey_expected[crypto_secretbox_KEYBYTES]; | ||
454 | |||
455 | |||
456 | parsehex (tv->nonce,(char*) nonce_expected, crypto_secretbox_NONCEBYTES, 0); | ||
457 | parsehex (tv->k,(char*) skey_expected, crypto_secretbox_KEYBYTES, 0); | ||
458 | GNR_derive_block_xsalsa_key (nonce, | ||
459 | skey, | ||
460 | label, | ||
461 | GNUNET_TIME_absolute_hton ( | ||
462 | expire).abs_value_us__, | ||
463 | &pub->eddsa_key); | ||
464 | /* Ignore random 128-bit nonce, can't check this here. Will be checked on | ||
465 | * decryption. */ | ||
466 | if (0 != memcmp (nonce + 16, nonce_expected + 16, sizeof (nonce) - 16)) | ||
467 | { | ||
468 | printf ("FAIL: Failed to derive nonce:\n"); | ||
469 | print_bytes (nonce, sizeof (nonce), 8); | ||
470 | print_bytes (nonce_expected, sizeof (nonce), 8); | ||
471 | return GNUNET_NO; | ||
472 | } | ||
473 | if (0 != memcmp (skey, skey_expected, sizeof (skey))) | ||
474 | { | ||
475 | printf ("FAIL: Failed to derive secret key\n"); | ||
476 | return GNUNET_NO; | ||
477 | } | ||
478 | return GNUNET_OK; | ||
479 | } | ||
480 | |||
481 | |||
482 | enum GNUNET_GenericReturnValue | ||
483 | check_derivations_pkey (const char*label, | ||
484 | struct GNUNET_TIME_Absolute expire, | ||
485 | struct GNUNET_IDENTITY_PublicKey *pub, | ||
486 | struct GnsTv *tv) | ||
487 | { | ||
488 | unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2]; | ||
489 | unsigned char ctr_expected[GNUNET_CRYPTO_AES_KEY_LENGTH / 2]; | ||
490 | unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH]; | ||
491 | unsigned char skey_expected[GNUNET_CRYPTO_AES_KEY_LENGTH]; | ||
492 | |||
493 | parsehex (tv->nonce,(char*) ctr_expected, sizeof (ctr), 0); | ||
494 | parsehex (tv->k,(char*) skey_expected, sizeof (skey), 0); | ||
495 | GNR_derive_block_aes_key (ctr, | ||
496 | skey, | ||
497 | label, | ||
498 | GNUNET_TIME_absolute_hton ( | ||
499 | expire).abs_value_us__, | ||
500 | &pub->ecdsa_key); | ||
501 | |||
502 | /* Ignore random 32-bit nonce, can't check this here. Will be checked on | ||
503 | * decryption. */ | ||
504 | if (0 != memcmp (ctr + 4, ctr_expected + 4, sizeof (ctr) - 4)) | ||
505 | { | ||
506 | printf ("FAIL: Failed to derive nonce\n"); | ||
507 | return GNUNET_NO; | ||
508 | } | ||
509 | if (0 != memcmp (skey, skey_expected, sizeof (skey))) | ||
510 | { | ||
511 | printf ("FAIL: Failed to derive secret key\n"); | ||
512 | return GNUNET_NO; | ||
513 | } | ||
514 | return GNUNET_OK; | ||
515 | } | ||
516 | |||
517 | |||
402 | int | 518 | int |
403 | main () | 519 | main () |
404 | { | 520 | { |
@@ -408,8 +524,10 @@ main () | |||
408 | struct GNUNET_GNSRECORD_Block *rrblock; | 524 | struct GNUNET_GNSRECORD_Block *rrblock; |
409 | struct GNUNET_HashCode query; | 525 | struct GNUNET_HashCode query; |
410 | struct GNUNET_HashCode expected_query; | 526 | struct GNUNET_HashCode expected_query; |
527 | struct GNUNET_TIME_Absolute expire; | ||
411 | char label[128]; | 528 | char label[128]; |
412 | char rdata[8096]; | 529 | char rdata[8096]; |
530 | char ztld[128]; | ||
413 | res = 0; | 531 | res = 0; |
414 | 532 | ||
415 | for (int i = 0; NULL != tvs[i].d; i++) | 533 | for (int i = 0; NULL != tvs[i].d; i++) |
@@ -427,6 +545,19 @@ main () | |||
427 | printf ("Wrong pubkey.\n"); | 545 | printf ("Wrong pubkey.\n"); |
428 | print_bytes (&pub, 36, 8); | 546 | print_bytes (&pub, 36, 8); |
429 | print_bytes (&pub_parsed, 36, 8); | 547 | print_bytes (&pub_parsed, 36, 8); |
548 | res = 1; | ||
549 | break; | ||
550 | } | ||
551 | GNUNET_STRINGS_data_to_string (&pub, | ||
552 | GNUNET_IDENTITY_public_key_get_length ( | ||
553 | &pub), | ||
554 | ztld, | ||
555 | sizeof (ztld)); | ||
556 | if (0 != strcmp (ztld, tvs[i].ztld)) | ||
557 | { | ||
558 | printf ("Wrong zTLD: expected %s, got %s\n", tvs[i].ztld, ztld); | ||
559 | res = 1; | ||
560 | break; | ||
430 | } | 561 | } |
431 | rrblock = GNUNET_malloc (strlen (tvs[i].rrblock)); | 562 | rrblock = GNUNET_malloc (strlen (tvs[i].rrblock)); |
432 | parsehex (tvs[i].rrblock, (char*) rrblock, 0, 0); | 563 | parsehex (tvs[i].rrblock, (char*) rrblock, 0, 0); |
@@ -441,7 +572,7 @@ main () | |||
441 | printf (" expected: %s", GNUNET_h2s (&expected_query)); | 572 | printf (" expected: %s", GNUNET_h2s (&expected_query)); |
442 | printf (", was: %s\n", GNUNET_h2s (&query)); | 573 | printf (", was: %s\n", GNUNET_h2s (&query)); |
443 | res = 1; | 574 | res = 1; |
444 | goto finish; | 575 | break; |
445 | } | 576 | } |
446 | int len = parsehex (tvs[i].rdata, (char*) rdata, 0, 0); | 577 | int len = parsehex (tvs[i].rdata, (char*) rdata, 0, 0); |
447 | tvs[i].expected_rd_count = | 578 | tvs[i].expected_rd_count = |
@@ -451,13 +582,29 @@ main () | |||
451 | if (GNUNET_OK != | 582 | if (GNUNET_OK != |
452 | GNUNET_GNSRECORD_records_deserialize (len, | 583 | GNUNET_GNSRECORD_records_deserialize (len, |
453 | rdata, | 584 | rdata, |
454 | tvs[i]. | 585 | tvs[i].expected_rd_count, |
455 | expected_rd_count, | ||
456 | tvs[i].expected_rd)) | 586 | tvs[i].expected_rd)) |
457 | { | 587 | { |
458 | printf ("FAIL: Deserialization of RDATA failed\n"); | 588 | printf ("FAIL: Deserialization of RDATA failed\n"); |
459 | res = 1; | 589 | res = 1; |
460 | goto finish; | 590 | break; |
591 | } | ||
592 | expire = GNUNET_GNSRECORD_record_get_expiration_time ( | ||
593 | tvs[i].expected_rd_count, | ||
594 | tvs[i].expected_rd, | ||
595 | GNUNET_TIME_UNIT_ZERO_ABS); | ||
596 | if ((GNUNET_GNSRECORD_TYPE_PKEY == ntohl (pub.type)) && | ||
597 | (GNUNET_OK != check_derivations_pkey (label, expire, &pub, &tvs[i]))) | ||
598 | { | ||
599 | res = 1; | ||
600 | break; | ||
601 | } | ||
602 | else if ((GNUNET_GNSRECORD_TYPE_EDKEY == ntohl (pub.type)) && | ||
603 | (GNUNET_OK != check_derivations_edkey (label, expire, &pub, | ||
604 | &tvs[i]))) | ||
605 | { | ||
606 | res = 1; | ||
607 | break; | ||
461 | } | 608 | } |
462 | if (GNUNET_OK != GNUNET_GNSRECORD_block_decrypt (rrblock, | 609 | if (GNUNET_OK != GNUNET_GNSRECORD_block_decrypt (rrblock, |
463 | &pub_parsed, | 610 | &pub_parsed, |
@@ -467,6 +614,7 @@ main () | |||
467 | { | 614 | { |
468 | printf ("FAIL: Decryption of RRBLOCK failed\n"); | 615 | printf ("FAIL: Decryption of RRBLOCK failed\n"); |
469 | res = 1; | 616 | res = 1; |
617 | break; | ||
470 | } | 618 | } |
471 | if (0 != res) | 619 | if (0 != res) |
472 | break; | 620 | break; |