From 272fb852e72ac282144fe8608fea62ab74b9549c Mon Sep 17 00:00:00 2001 From: Yawning Angel Date: Fri, 23 May 2014 04:04:31 +0000 Subject: Change the maximm handshake length to 8192 bytes. * handhake_ntor_test now is considerably more comprehensive. * The padding related constants in the spec were clarified. This breaks wireprotocol compatibility. --- handshake_ntor_test.go | 168 ++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 145 insertions(+), 23 deletions(-) (limited to 'handshake_ntor_test.go') diff --git a/handshake_ntor_test.go b/handshake_ntor_test.go index 73b43bf..b3e0a4d 100644 --- a/handshake_ntor_test.go +++ b/handshake_ntor_test.go @@ -38,44 +38,166 @@ func TestHandshakeNtor(t *testing.T) { // Generate the server node id and id keypair. nodeID, _ := ntor.NewNodeID([]byte("\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13")) idKeypair, _ := ntor.NewKeypair(false) + serverFilter, _ := newReplayFilter() + + // Test client handshake padding. + for l := clientMinPadLength; l <= clientMaxPadLength; l++ { + // Generate the client state and override the pad length. + clientHs, err := newClientHandshake(nodeID, idKeypair.Public()) + if err != nil { + t.Fatalf("[%d:0] newClientHandshake failed:", l, err) + } + clientHs.padLen = l + + // Generate what the client will send to the server. + clientBlob, err := clientHs.generateHandshake() + if err != nil { + t.Fatalf("[%d:0] clientHandshake.generateHandshake() failed: %s", l, err) + } + if len(clientBlob) > maxHandshakeLength { + t.Fatalf("[%d:0] Generated client body is oversized: %d", l, len(clientBlob)) + } + if len(clientBlob) < clientMinHandshakeLength { + t.Fatalf("[%d:0] Generated client body is undersized: %d", l, len(clientBlob)) + } + if len(clientBlob) != clientMinHandshakeLength+l { + t.Fatalf("[%d:0] Generated client body incorrect size: %d", l, len(clientBlob)) + } + + // Generate the server state and override the pad length. + serverHs := newServerHandshake(nodeID, idKeypair) + serverHs.padLen = serverMinPadLength + + // Parse the client handshake message. + serverSeed, err := serverHs.parseClientHandshake(serverFilter, clientBlob) + if err != nil { + t.Fatalf("[%d:0] serverHandshake.parseClientHandshake() failed: %s", l, err) + } + + // Genrate what the server will send to the client. + serverBlob, err := serverHs.generateHandshake() + if err != nil { + t.Fatal("[%d:0]: serverHandshake.generateHandshake() failed: %s", l, err) + } + + // Parse the server handshake message. + clientHs.serverRepresentative = nil + n, clientSeed, err := clientHs.parseServerHandshake(serverBlob) + if err != nil { + t.Fatalf("[%d:0] clientHandshake.parseServerHandshake() failed: %s", l, err) + } + if n != len(serverBlob) { + t.Fatalf("[%d:0] clientHandshake.parseServerHandshake() has bytes remaining: %d", l, n) + } + + // Ensure the derived shared secret is the same. + if 0 != bytes.Compare(clientSeed, serverSeed) { + t.Fatalf("[%d:0] client/server seed mismatch", l) + } + } + + // Test server handshake padding. + for l := serverMinPadLength; l <= serverMaxPadLength+inlineSeedFrameLength; l++ { + // Generate the client state and override the pad length. + clientHs, err := newClientHandshake(nodeID, idKeypair.Public()) + if err != nil { + t.Fatalf("[%d:0] newClientHandshake failed:", l, err) + } + clientHs.padLen = clientMinPadLength + + // Generate what the client will send to the server. + clientBlob, err := clientHs.generateHandshake() + if err != nil { + t.Fatalf("[%d:1] clientHandshake.generateHandshake() failed: %s", l, err) + } + if len(clientBlob) > maxHandshakeLength { + t.Fatalf("[%d:1] Generated client body is oversized: %d", l, len(clientBlob)) + } + + // Generate the server state and override the pad length. + serverHs := newServerHandshake(nodeID, idKeypair) + serverHs.padLen = l + + // Parse the client handshake message. + serverSeed, err := serverHs.parseClientHandshake(serverFilter, clientBlob) + if err != nil { + t.Fatalf("[%d:1] serverHandshake.parseClientHandshake() failed: %s", l, err) + } - // Intialize the client and server handshake states + // Genrate what the server will send to the client. + serverBlob, err := serverHs.generateHandshake() + if err != nil { + t.Fatal("[%d:1]: serverHandshake.generateHandshake() failed: %s", l, err) + } + + // Parse the server handshake message. + n, clientSeed, err := clientHs.parseServerHandshake(serverBlob) + if err != nil { + t.Fatalf("[%d:1] clientHandshake.parseServerHandshake() failed: %s", l, err) + } + if n != len(serverBlob) { + t.Fatalf("[%d:1] clientHandshake.parseServerHandshake() has bytes remaining: %d", l, n) + } + + // Ensure the derived shared secret is the same. + if 0 != bytes.Compare(clientSeed, serverSeed) { + t.Fatalf("[%d:1] client/server seed mismatch", l) + } + } + + // Test oversized client padding. clientHs, err := newClientHandshake(nodeID, idKeypair.Public()) if err != nil { - t.Fatal("newClientHandshake failed:", err) + t.Fatalf("newClientHandshake failed:", err) } - serverHs := newServerHandshake(nodeID, idKeypair) - serverFilter, _ := newReplayFilter() - // Generate what the client will send to the server. - cToS, err := clientHs.generateHandshake() + clientHs.padLen = clientMaxPadLength + 1 + clientBlob, err := clientHs.generateHandshake() if err != nil { - t.Fatal("clientHandshake.generateHandshake() failed", err) + t.Fatalf("clientHandshake.generateHandshake() (forced oversize) failed: %s", err) + } + serverHs := newServerHandshake(nodeID, idKeypair) + _, err = serverHs.parseClientHandshake(serverFilter, clientBlob) + if err == nil { + t.Fatalf("serverHandshake.parseClientHandshake() succeded (oversized)") } - // Parse the client handshake message. - serverSeed, err := serverHs.parseClientHandshake(serverFilter, cToS) + // Test undersized client padding. + clientHs.padLen = clientMinPadLength - 1 + clientBlob, err = clientHs.generateHandshake() if err != nil { - t.Fatal("serverHandshake.parseClientHandshake() failed", err) + t.Fatalf("clientHandshake.generateHandshake() (forced undersize) failed: %s", err) + } + serverHs = newServerHandshake(nodeID, idKeypair) + _, err = serverHs.parseClientHandshake(serverFilter, clientBlob) + if err == nil { + t.Fatalf("serverHandshake.parseClientHandshake() succeded (undersized)") } - // Genrate what the server will send to the client. - sToC, err := serverHs.generateHandshake() + // Test oversized server padding. + // + // NB: serverMaxPadLength isn't the real maxPadLength that triggers client + // rejection, because the implementation is written with the asusmption + // that/ the PRNG_SEED is also inlined with the response. Thus the client + // actually accepts longer padding. The server handshake test and this + // test adjust around that. + clientHs.padLen = clientMinPadLength + clientBlob, err = clientHs.generateHandshake() if err != nil { - t.Fatal("serverHandshake.generateHandshake() failed", err) + t.Fatalf("clientHandshake.generateHandshake() failed: %s", err) } - - // Parse the server handshake message. - n, clientSeed, err := clientHs.parseServerHandshake(sToC) + serverHs = newServerHandshake(nodeID, idKeypair) + serverHs.padLen = serverMaxPadLength + inlineSeedFrameLength + 1 + _, err = serverHs.parseClientHandshake(serverFilter, clientBlob) if err != nil { - t.Fatal("clientHandshake.parseServerHandshake() failed", err) + t.Fatalf("serverHandshake.parseClientHandshake() failed: %s", err) } - if n != len(sToC) { - t.Fatalf("clientHandshake.parseServerHandshake() has bytes remaining: %d", n) + serverBlob, err := serverHs.generateHandshake() + if err != nil { + t.Fatal("serverHandshake.generateHandshake() (forced oversize) failed: %s", err) } - - // Ensure the derived shared secret is the same. - if 0 != bytes.Compare(clientSeed, serverSeed) { - t.Fatalf("client/server seed mismatch") + _, _, err = clientHs.parseServerHandshake(serverBlob) + if err == nil { + t.Fatalf("clientHandshake.parseServerHandshake() succeded (oversized)") } } -- cgit v1.2.3