July 2016 - tor-commits - lists.torproject.org

[tor/master] prop250: Add unit tests
by nickm＠torproject.org 01 Jul '16

01 Jul '16

commit 39be8af7092a4ee004f4c53fa1e55678d9d67f1f Author: David Goulet <dgoulet(a)torproject.org> Date: Tue May 3 11:42:50 2016 -0400 prop250: Add unit tests Signed-off-by: David Goulet <dgoulet(a)torproject.org> Signed-off-by: George Kadianakis <desnacked(a)riseup.net> --- src/or/networkstatus.c | 8 +- src/or/networkstatus.h | 4 +- src/or/shared_random_state.c | 19 + src/or/shared_random_state.h | 7 + src/test/include.am | 1 + src/test/sr_srv_calc_ref.py | 71 +++ src/test/test.c | 1 + src/test/test.h | 1 + src/test/test_dir.c | 73 ++- src/test/test_routerlist.c | 17 + src/test/test_shared_random.c | 1256 +++++++++++++++++++++++++++++++++++++++++ 11 files changed, 1449 insertions(+), 9 deletions(-) diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index aabbfff..cf395f9 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -1191,8 +1191,8 @@ consensus_is_waiting_for_certs(void) /** Return the most recent consensus that we have downloaded, or NULL if we * don't have one. */ -networkstatus_t * -networkstatus_get_latest_consensus(void) +MOCK_IMPL(networkstatus_t *, +networkstatus_get_latest_consensus,(void)) { return current_consensus; } @@ -1214,8 +1214,8 @@ networkstatus_get_latest_consensus_by_flavor,(consensus_flavor_t f)) /** Return the most recent consensus that we have downloaded, or NULL if it is * no longer live. */ -networkstatus_t * -networkstatus_get_live_consensus(time_t now) +MOCK_IMPL(networkstatus_t *, +networkstatus_get_live_consensus,(time_t now)) { if (current_consensus && current_consensus->valid_after <= now && diff --git a/src/or/networkstatus.h b/src/or/networkstatus.h index aee6641..b34696e 100644 --- a/src/or/networkstatus.h +++ b/src/or/networkstatus.h @@ -64,10 +64,10 @@ void update_certificate_downloads(time_t now); int consensus_is_waiting_for_certs(void); int client_would_use_router(const routerstatus_t *rs, time_t now, const or_options_t *options); -networkstatus_t *networkstatus_get_latest_consensus(void); +MOCK_DECL(networkstatus_t *,networkstatus_get_latest_consensus,(void)); MOCK_DECL(networkstatus_t *,networkstatus_get_latest_consensus_by_flavor, (consensus_flavor_t f)); -networkstatus_t *networkstatus_get_live_consensus(time_t now); +MOCK_DECL(networkstatus_t *, networkstatus_get_live_consensus,(time_t now)); networkstatus_t *networkstatus_get_reasonably_live_consensus(time_t now, int flavor); MOCK_DECL(int, networkstatus_consensus_is_bootstrapping,(time_t now)); diff --git a/src/or/shared_random_state.c b/src/or/shared_random_state.c index 6dd10d6..7c75431 100644 --- a/src/or/shared_random_state.c +++ b/src/or/shared_random_state.c @@ -1291,3 +1291,22 @@ sr_state_init(int save_to_disk, int read_from_disk) error: return -1; } + +#ifdef TOR_UNIT_TESTS + +/* Set the current phase of the protocol. Used only by unit tests. */ +void +set_sr_phase(sr_phase_t phase) +{ + tor_assert(sr_state); + sr_state->phase = phase; +} + +/* Get the SR state. Used only by unit tests */ +sr_state_t * +get_sr_state(void) +{ + return sr_state; +} + +#endif /* TOR_UNIT_TESTS */ diff --git a/src/or/shared_random_state.h b/src/or/shared_random_state.h index 499a375..d013650 100644 --- a/src/or/shared_random_state.h +++ b/src/or/shared_random_state.h @@ -135,4 +135,11 @@ STATIC int is_phase_transition(sr_phase_t next_phase); #endif /* SHARED_RANDOM_STATE_PRIVATE */ +#ifdef TOR_UNIT_TESTS + +STATIC void set_sr_phase(sr_phase_t phase); +STATIC sr_state_t *get_sr_state(void); + +#endif /* TOR_UNIT_TESTS */ + #endif /* TOR_SHARED_RANDOM_STATE_H */ diff --git a/src/test/include.am b/src/test/include.am index 5a91c74..d0bc808 100644 --- a/src/test/include.am +++ b/src/test/include.am @@ -116,6 +116,7 @@ src_test_test_SOURCES = \ src/test/test_routerlist.c \ src/test/test_routerset.c \ src/test/test_scheduler.c \ + src/test/test_shared_random.c \ src/test/test_socks.c \ src/test/test_status.c \ src/test/test_threads.c \ diff --git a/src/test/sr_srv_calc_ref.py b/src/test/sr_srv_calc_ref.py new file mode 100644 index 0000000..492ca62 --- /dev/null +++ b/src/test/sr_srv_calc_ref.py @@ -0,0 +1,71 @@ +# This is a reference implementation of the SRV calculation for prop250. We +# use it to generate a test vector for the test_sr_compute_srv() unittest. +# (./test shared-random/sr_compute_srv) +# +# Here is the SRV computation formula: +# +# HASHED_REVEALS = H(ID_a | R_a | ID_b | R_b | ..) +# +# SRV = SHA3-256("shared-random" | INT_8(reveal_num) | INT_4(version) | +# HASHED_REVEALS | previous_SRV) +# + +import sys +import hashlib +import struct + +# Python 3.6+, the SHA3 is available in hashlib natively. Else this requires +# the pysha3 package (pip install pysha3). +if sys.version_info < (3, 6): + import sha3 + +# Test vector to make sure the right sha3 version will be used. pysha3 < 1.0 +# used the old Keccak implementation. During the finalization of SHA3, NIST +# changed the delimiter suffix from 0x01 to 0x06. The Keccak sponge function +# stayed the same. pysha3 1.0 provides the previous Keccak hash, too. +TEST_VALUE = "e167f68d6563d75bb25f3aa49c29ef612d41352dc00606de7cbd630bb2665f51" +if TEST_VALUE != sha3.sha3_256(b"Hello World").hexdigest(): + print("pysha3 version is < 1.0. Please install from:") + print("https://github.com/tiran/pysha3https://github.com/tiran/pysha3") + sys.exit(1) + +# In this example, we use three reveal values. +reveal_num = 3 +version = 1 + +# We set directly the ascii value because memset(buf, 'A', 20) makes it to 20 +# times "41" in the final string. + +# Identity and reveal value of dirauth a +ID_a = 20 * "41" # RSA identity of 40 base16 bytes. +R_a = 56 * 'A' # 56 base64 characters + +# Identity and reveal value of dirauth b +ID_b = 20 * "42" # RSA identity of 40 base16 bytes. +R_b = 56 * 'B' # 56 base64 characters + +# Identity and reveal value of dirauth c +ID_c = 20 * "43" # RSA identity of 40 base16 bytes. +R_c = 56 * 'C' # 56 base64 characters + +# Concatenate them all together and hash them to form HASHED_REVEALS. +REVEALS = (ID_a + R_a + ID_b + R_b + ID_c + R_c).encode() +hashed_reveals_object = hashlib.sha3_256(REVEALS) +hashed_reveals = hashed_reveals_object.digest() + +previous_SRV = (32 * 'Z').encode() + +# Now form the message. +#srv_msg = struct.pack('13sQL256ss', "shared-random", reveal_num, version, +# hashed_reveals, previous_SRV) +invariant_token = b"shared-random" +srv_msg = invariant_token + \ + struct.pack('!QL', reveal_num, version) + \ + hashed_reveals + \ + previous_SRV + +# Now calculate the HMAC +srv = hashlib.sha3_256(srv_msg) +print("%s" % srv.hexdigest().upper()) + +# 2A9B1D6237DAB312A40F575DA85C147663E7ED3F80E9555395F15B515C74253D diff --git a/src/test/test.c b/src/test/test.c index c0faec3..3a1054d 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -1170,6 +1170,7 @@ struct testgroup_t testgroups[] = { { "routerset/" , routerset_tests }, { "scheduler/", scheduler_tests }, { "socks/", socks_tests }, + { "shared-random/", sr_tests }, { "status/" , status_tests }, { "tortls/", tortls_tests }, { "util/", util_tests }, diff --git a/src/test/test.h b/src/test/test.h index 747b61d..6744d25 100644 --- a/src/test/test.h +++ b/src/test/test.h @@ -225,6 +225,7 @@ extern struct testcase_t util_format_tests[]; extern struct testcase_t util_process_tests[]; extern struct testcase_t dns_tests[]; extern struct testcase_t handle_tests[]; +extern struct testcase_t sr_tests[]; extern struct testcase_t slow_crypto_tests[]; extern struct testcase_t slow_util_tests[]; diff --git a/src/test/test_dir.c b/src/test/test_dir.c index b7d58bd..b0ae2d9 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -30,6 +30,7 @@ #include "routerlist.h" #include "routerparse.h" #include "routerset.h" +#include "shared_random_state.h" #include "test.h" #include "test_dir_common.h" #include "torcert.h" @@ -1544,6 +1545,43 @@ test_dir_param_voting(void *arg) return; } +static void +test_dir_param_voting_lookup(void *arg) +{ + (void)arg; + smartlist_t *lst = smartlist_new(); + + smartlist_split_string(lst, + "moomin=9 moomin=10 moomintroll=5 fred " + "jack= electricity=sdk opa=6z abc=9 abcd=99", + NULL, 0, 0); + + tt_int_op(1000, + OP_EQ, dirvote_get_intermediate_param_value(lst, "ab", 1000)); + tt_int_op(9, OP_EQ, dirvote_get_intermediate_param_value(lst, "abc", 1000)); + tt_int_op(99, OP_EQ, dirvote_get_intermediate_param_value(lst, "abcd", 1000)); + + /* moomin appears twice. */ + tt_int_op(-100, OP_EQ, + dirvote_get_intermediate_param_value(lst, "moomin", -100)); + /* fred and jack are truncated */ + tt_int_op(-100, OP_EQ, + dirvote_get_intermediate_param_value(lst, "fred", -100)); + tt_int_op(-100, OP_EQ, + dirvote_get_intermediate_param_value(lst, "jack", -100)); + /* electricity and opa aren't integers. */ + tt_int_op(-100, OP_EQ, + dirvote_get_intermediate_param_value(lst, "electricity", -100)); + tt_int_op(-100, OP_EQ, + dirvote_get_intermediate_param_value(lst, "opa", -100)); + + done: + SMARTLIST_FOREACH(lst, char *, cp, tor_free(cp)); + smartlist_free(lst); +} + +#undef dirvote_compute_params + /** Helper: Test that two networkstatus_voter_info_t do in fact represent the * same voting authority, and that they do in fact have all the same * information. */ @@ -1788,6 +1826,15 @@ test_routerstatus_for_v3ns(routerstatus_t *rs, time_t now) return; } +static authority_cert_t *mock_cert; + +static authority_cert_t * +get_my_v3_authority_cert_m(void) +{ + tor_assert(mock_cert); + return mock_cert; +} + /** Run a unit tests for generating and parsing networkstatuses, with * the supply test fns. */ static void @@ -1831,10 +1878,30 @@ test_a_networkstatus( tt_assert(rs_test); tt_assert(vrs_test); - tt_assert(!dir_common_authority_pk_init(&cert1, &cert2, &cert3, - &sign_skey_1, &sign_skey_2, - &sign_skey_3)); + MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m); + + /* Parse certificates and keys. */ + cert1 = mock_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL); + tt_assert(cert1); + cert2 = authority_cert_parse_from_string(AUTHORITY_CERT_2, NULL); + tt_assert(cert2); + cert3 = authority_cert_parse_from_string(AUTHORITY_CERT_3, NULL); + tt_assert(cert3); + sign_skey_1 = crypto_pk_new(); + sign_skey_2 = crypto_pk_new(); + sign_skey_3 = crypto_pk_new(); sign_skey_leg1 = pk_generate(4); + sr_state_init(0, 0); + + tt_assert(!crypto_pk_read_private_key_from_string(sign_skey_1, + AUTHORITY_SIGNKEY_1, -1)); + tt_assert(!crypto_pk_read_private_key_from_string(sign_skey_2, + AUTHORITY_SIGNKEY_2, -1)); + tt_assert(!crypto_pk_read_private_key_from_string(sign_skey_3, + AUTHORITY_SIGNKEY_3, -1)); + + tt_assert(!crypto_pk_cmp_keys(sign_skey_1, cert1->signing_key)); + tt_assert(!crypto_pk_cmp_keys(sign_skey_2, cert2->signing_key)); tt_assert(!dir_common_construct_vote_1(&vote, cert1, sign_skey_1, vrs_gen, &v1, &n_vrs, now, 1)); diff --git a/src/test/test_routerlist.c b/src/test/test_routerlist.c index 34b70ac..088bd25 100644 --- a/src/test/test_routerlist.c +++ b/src/test/test_routerlist.c @@ -19,13 +19,24 @@ #include "networkstatus.h" #include "nodelist.h" #include "policies.h" +#include "router.h" #include "routerlist.h" #include "routerparse.h" +#include "shared_random.h" #include "test.h" #include "test_dir_common.h" void construct_consensus(char **consensus_text_md); +static authority_cert_t *mock_cert; + +static authority_cert_t * +get_my_v3_authority_cert_m(void) +{ + tor_assert(mock_cert); + return mock_cert; +} + /* 4 digests + 3 sep + pre + post + NULL */ static char output[4*BASE64_DIGEST256_LEN+3+2+2+1]; @@ -227,6 +238,12 @@ test_router_pick_directory_server_impl(void *arg) tt_assert(networkstatus_consensus_is_bootstrapping(now + 2*24*60*60)); tt_assert(networkstatus_consensus_is_bootstrapping(now - 2*24*60*60)); + /* Init SR subsystem. */ + MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m); + mock_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL); + sr_init(0); + UNMOCK(get_my_v3_authority_cert); + /* No consensus available, fail early */ rs = router_pick_directory_server_impl(V3_DIRINFO, (const int) 0, NULL); tt_assert(rs == NULL); diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c new file mode 100644 index 0000000..1125717 --- /dev/null +++ b/src/test/test_shared_random.c @@ -0,0 +1,1256 @@ +#define SHARED_RANDOM_PRIVATE +#define SHARED_RANDOM_STATE_PRIVATE +#define CONFIG_PRIVATE +#define DIRVOTE_PRIVATE + +#include "or.h" +#include "test.h" +#include "config.h" +#include "dirvote.h" +#include "shared_random.h" +#include "shared_random_state.h" +#include "routerkeys.h" +#include "routerlist.h" +#include "router.h" +#include "routerparse.h" +#include "networkstatus.h" + +static authority_cert_t *mock_cert; + +static authority_cert_t * +get_my_v3_authority_cert_m(void) +{ + tor_assert(mock_cert); + return mock_cert; +} + +/* Setup a minimal dirauth environment by initializing the SR state and + * making sure the options are set to be an authority directory. */ +static void +init_authority_state(void) +{ + MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m); + + or_options_t *options = get_options_mutable(); + mock_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL); + tt_assert(mock_cert); + options->AuthoritativeDir = 1; + tt_int_op(0, ==, load_ed_keys(options, time(NULL))); + sr_state_init(0, 0); + /* It's possible a commit has been generated in our state depending on + * the phase we are currently in which uses "now" as the starting + * timestamp. Delete it before we do any testing below. */ + sr_state_delete_commits(); + + done: + UNMOCK(get_my_v3_authority_cert); +} + +static void +test_get_sr_protocol_phase(void *arg) +{ + time_t the_time; + sr_phase_t phase; + int retval; + + (void) arg; + + /* Initialize SR state */ + init_authority_state(); + + { + retval = parse_rfc1123_time("Wed, 20 Apr 2015 23:59:00 UTC", &the_time); + tt_int_op(retval, ==, 0); + + phase = get_sr_protocol_phase(the_time); + tt_int_op(phase, ==, SR_PHASE_REVEAL); + } + + { + retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:00 UTC", &the_time); + tt_int_op(retval, ==, 0); + + phase = get_sr_protocol_phase(the_time); + tt_int_op(phase, ==, SR_PHASE_COMMIT); + } + + { + retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:01 UTC", &the_time); + tt_int_op(retval, ==, 0); + + phase = get_sr_protocol_phase(the_time); + tt_int_op(phase, ==, SR_PHASE_COMMIT); + } + + { + retval = parse_rfc1123_time("Wed, 20 Apr 2015 11:59:00 UTC", &the_time); + tt_int_op(retval, ==, 0); + + phase = get_sr_protocol_phase(the_time); + tt_int_op(phase, ==, SR_PHASE_COMMIT); + } + + { + retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:00 UTC", &the_time); + tt_int_op(retval, ==, 0); + + phase = get_sr_protocol_phase(the_time); + tt_int_op(phase, ==, SR_PHASE_REVEAL); + } + + { + retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:01 UTC", &the_time); + tt_int_op(retval, ==, 0); + + phase = get_sr_protocol_phase(the_time); + tt_int_op(phase, ==, SR_PHASE_REVEAL); + } + + { + retval = parse_rfc1123_time("Wed, 20 Apr 2015 13:00:00 UTC", &the_time); + tt_int_op(retval, ==, 0); + + phase = get_sr_protocol_phase(the_time); + tt_int_op(phase, ==, SR_PHASE_REVEAL); + } + + done: + ; +} + +static networkstatus_t *mock_consensus = NULL; + +static void +test_get_state_valid_until_time(void *arg) +{ + time_t current_time; + time_t valid_until_time; + char tbuf[ISO_TIME_LEN + 1]; + int retval; + + (void) arg; + + { + /* Get the valid until time if called at 00:00:01 */ + retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC", + &current_time); + tt_int_op(retval, ==, 0); + valid_until_time = get_state_valid_until_time(current_time); + + /* Compare it with the correct result */ + format_iso_time(tbuf, valid_until_time); + tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf); + } + + { + retval = parse_rfc1123_time("Mon, 20 Apr 2015 19:22:00 UTC", + &current_time); + tt_int_op(retval, ==, 0); + valid_until_time = get_state_valid_until_time(current_time); + + format_iso_time(tbuf, valid_until_time); + tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf); + } + + { + retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:59:00 UTC", + &current_time); + tt_int_op(retval, ==, 0); + valid_until_time = get_state_valid_until_time(current_time); + + format_iso_time(tbuf, valid_until_time); + tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf); + } + + { + retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC", + &current_time); + tt_int_op(retval, ==, 0); + valid_until_time = get_state_valid_until_time(current_time); + + format_iso_time(tbuf, valid_until_time); + tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf); + } + + done: + ; +} + +/* Mock function to immediately return our local 'mock_consensus'. */ +static networkstatus_t * +mock_networkstatus_get_live_consensus(time_t now) +{ + (void) now; + return mock_consensus; +} + +/** Test the get_next_valid_after_time() function. */ +static void +test_get_next_valid_after_time(void *arg) +{ + time_t current_time; + time_t valid_after_time; + char tbuf[ISO_TIME_LEN + 1]; + int retval; + + (void) arg; + + { + /* Setup a fake consensus just to get the times out of it, since + get_next_valid_after_time() needs them. */ + mock_consensus = tor_malloc_zero(sizeof(networkstatus_t)); + + retval = parse_rfc1123_time("Mon, 13 Jan 2016 16:00:00 UTC", + &mock_consensus->fresh_until); + tt_int_op(retval, ==, 0); + + retval = parse_rfc1123_time("Mon, 13 Jan 2016 15:00:00 UTC", + &mock_consensus->valid_after); + tt_int_op(retval, ==, 0); + + MOCK(networkstatus_get_live_consensus, + mock_networkstatus_get_live_consensus); + } + + { + /* Get the valid after time if called at 00:00:00 */ + retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC", + &current_time); + tt_int_op(retval, ==, 0); + valid_after_time = get_next_valid_after_time(current_time); + + /* Compare it with the correct result */ + format_iso_time(tbuf, valid_after_time); + tt_str_op("2015-04-20 01:00:00", OP_EQ, tbuf); + } + + { + /* Get the valid until time if called at 00:00:01 */ + retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC", + &current_time); + tt_int_op(retval, ==, 0); + valid_after_time = get_next_valid_after_time(current_time); + + /* Compare it with the correct result */ + format_iso_time(tbuf, valid_after_time); + tt_str_op("2015-04-20 01:00:00", OP_EQ, tbuf); + } + + { + retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:30:01 UTC", + &current_time); + tt_int_op(retval, ==, 0); + valid_after_time = get_next_valid_after_time(current_time); + + /* Compare it with the correct result */ + format_iso_time(tbuf, valid_after_time); + tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf); + } + + done: + networkstatus_vote_free(mock_consensus); +} + +/* In this test we are going to generate a sr_commit_t object and validate + * it. We first generate our values, and then we parse them as if they were + * received from the network. After we parse both the commit and the reveal, + * we verify that they indeed match. */ +static void +test_sr_commit(void *arg) +{ + authority_cert_t *auth_cert = NULL; + time_t now = time(NULL); + sr_commit_t *our_commit = NULL; + smartlist_t *args = smartlist_new(); + + (void) arg; + + { /* Setup a minimal dirauth environment for this test */ + or_options_t *options = get_options_mutable(); + + auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL); + tt_assert(auth_cert); + + options->AuthoritativeDir = 1; + tt_int_op(0, ==, load_ed_keys(options, now)); + } + + /* Generate our commit object and validate it has the appropriate field + * that we can then use to build a representation that we'll find in a + * vote coming from the network. */ + { + sr_commit_t test_commit; + our_commit = sr_generate_our_commit(now, auth_cert); + tt_assert(our_commit); + /* Default and only supported algorithm for now. */ + tt_assert(our_commit->alg == DIGEST_SHA3_256); + /* We should have a reveal value. */ + tt_assert(commit_has_reveal_value(our_commit)); + /* We should have a random value. */ + tt_assert(!tor_mem_is_zero((char *) our_commit->random_number, + sizeof(our_commit->random_number))); + /* Commit and reveal timestamp should be the same. */ + tt_int_op(our_commit->commit_ts, ==, our_commit->reveal_ts); + /* We should have a hashed reveal. */ + tt_assert(!tor_mem_is_zero(our_commit->hashed_reveal, + sizeof(our_commit->hashed_reveal))); + /* Do we have a valid encoded commit and reveal. Note the following only + * tests if the generated values are correct. Their could be a bug in + * the decode function but we test them seperately. */ + tt_int_op(0, ==, reveal_decode(our_commit->encoded_reveal, + &test_commit)); + tt_int_op(0, ==, commit_decode(our_commit->encoded_commit, + &test_commit)); + tt_int_op(0, ==, verify_commit_and_reveal(our_commit)); + } + + /* Let's make sure our verify commit and reveal function works. We'll + * make it fail a bit with known failure case. */ + { + /* Copy our commit so we don't alter it for the rest of testing. */ + sr_commit_t test_commit; + memcpy(&test_commit, our_commit, sizeof(test_commit)); + + /* Timestamp MUST match. */ + test_commit.commit_ts = test_commit.reveal_ts - 42; + tt_int_op(-1, ==, verify_commit_and_reveal(&test_commit)); + memcpy(&test_commit, our_commit, sizeof(test_commit)); + tt_int_op(0, ==, verify_commit_and_reveal(&test_commit)); + + /* Hashed reveal must match the H(encoded_reveal). */ + memset(test_commit.hashed_reveal, 'X', + sizeof(test_commit.hashed_reveal)); + tt_int_op(-1, ==, verify_commit_and_reveal(&test_commit)); + memcpy(&test_commit, our_commit, sizeof(test_commit)); + tt_int_op(0, ==, verify_commit_and_reveal(&test_commit)); + } + + /* We'll build a list of values from our commit that our parsing function + * takes from a vote line and see if we can parse it correctly. */ + { + sr_commit_t *parsed_commit; + smartlist_add(args, + tor_strdup(crypto_digest_algorithm_get_name(our_commit->alg))); + smartlist_add(args, our_commit->rsa_identity_fpr); + smartlist_add(args, our_commit->encoded_commit); + smartlist_add(args, our_commit->encoded_reveal); + parsed_commit = sr_parse_commit(args); + tt_assert(parsed_commit); + /* That parsed commit should be _EXACTLY_ like our original commit. */ + tt_mem_op(parsed_commit, OP_EQ, our_commit, sizeof(*parsed_commit)); + /* Cleanup */ + tor_free(smartlist_get(args, 0)); /* strdup here. */ + smartlist_clear(args); + sr_commit_free(parsed_commit); + } + + done: + smartlist_free(args); + sr_commit_free(our_commit); +} + +/* Test the encoding and decoding function for commit and reveal values. */ +static void +test_encoding(void *arg) +{ + (void) arg; + int ret, duper_rand = 42; + /* Random number is 32 bytes. */ + char raw_rand[32]; + time_t ts = 1454333590; + char hashed_rand[DIGEST256_LEN], hashed_reveal[DIGEST256_LEN]; + sr_commit_t parsed_commit; + + /* Encoded commit is: base64-encode( 1454333590 || H(H(42)) ). Remember + * that we do no expose the raw bytes of our PRNG to the network thus + * explaining the double H(). */ + static const char *encoded_commit = + "AAAAAFavXpZbx2LRneYFSLPCP8DLp9BXfeH5FXzbkxM4iRXKGeA54g=="; + /* Encoded reveal is: base64-encode( 1454333590 || H(42) ). */ + static const char *encoded_reveal = + "AAAAAFavXpYk9x9kTjiQWUqjHwSAEOdPAfCaurXgjPy173SzYjeC2g=="; + + /* Set up our raw random bytes array. */ + memset(raw_rand, 0, sizeof(raw_rand)); + memcpy(raw_rand, &duper_rand, sizeof(duper_rand)); + /* Hash random number. */ + ret = crypto_digest256(hashed_rand, raw_rand, + sizeof(raw_rand), SR_DIGEST_ALG); + tt_int_op(0, ==, ret); + /* Hash reveal value. */ + tt_int_op(SR_REVEAL_BASE64_LEN, ==, strlen(encoded_reveal)); + ret = crypto_digest256(hashed_reveal, encoded_reveal, + strlen(encoded_reveal), SR_DIGEST_ALG); + tt_int_op(0, ==, ret); + tt_int_op(SR_COMMIT_BASE64_LEN, ==, strlen(encoded_commit)); + + /* Test our commit/reveal decode functions. */ + { + /* Test the reveal encoded value. */ + tt_int_op(0, ==, reveal_decode(encoded_reveal, &parsed_commit)); + tt_uint_op(ts, ==, parsed_commit.reveal_ts); + tt_mem_op(hashed_rand, OP_EQ, parsed_commit.random_number, + sizeof(hashed_rand)); + + /* Test the commit encoded value. */ + memset(&parsed_commit, 0, sizeof(parsed_commit)); + tt_int_op(0, ==, commit_decode(encoded_commit, &parsed_commit)); + tt_uint_op(ts, ==, parsed_commit.commit_ts); + tt_mem_op(encoded_commit, OP_EQ, parsed_commit.encoded_commit, + sizeof(parsed_commit.encoded_commit)); + tt_mem_op(hashed_reveal, OP_EQ, parsed_commit.hashed_reveal, + sizeof(hashed_reveal)); + } + + /* Test our commit/reveal encode functions. */ + { + /* Test the reveal encode. */ + char encoded[SR_REVEAL_BASE64_LEN + 1]; + parsed_commit.reveal_ts = ts; + memcpy(parsed_commit.random_number, hashed_rand, + sizeof(parsed_commit.random_number)); + ret = reveal_encode(&parsed_commit, encoded, sizeof(encoded)); + tt_int_op(SR_REVEAL_BASE64_LEN, ==, ret); + tt_mem_op(encoded_reveal, OP_EQ, encoded, strlen(encoded_reveal)); + } + + { + /* Test the commit encode. */ + char encoded[SR_COMMIT_BASE64_LEN + 1]; + parsed_commit.commit_ts = ts; + memcpy(parsed_commit.hashed_reveal, hashed_reveal, + sizeof(parsed_commit.hashed_reveal)); + ret = commit_encode(&parsed_commit, encoded, sizeof(encoded)); + tt_int_op(SR_COMMIT_BASE64_LEN, ==, ret); + tt_mem_op(encoded_commit, OP_EQ, encoded, strlen(encoded_commit)); + } + + done: + ; +} + +/** Setup some SRVs in our SR state. If also_current is set, then set + * both current and previous SRVs. + * Helper of test_vote() and test_sr_compute_srv(). */ +static void +test_sr_setup_srv(int also_current) +{ + sr_srv_t *srv = tor_malloc_zero(sizeof(sr_srv_t)); + srv->num_reveals = 42; + memcpy(srv->value, + "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ", + sizeof(srv->value)); + + sr_state_set_previous_srv(srv); + + if (also_current) { + srv = tor_malloc_zero(sizeof(sr_srv_t)); + srv->num_reveals = 128; + memcpy(srv->value, + "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN", + sizeof(srv->value)); + + sr_state_set_current_srv(srv); + } +} + +/* Test anything that has to do with SR protocol and vote. */ +static void +test_vote(void *arg) +{ + int ret; + time_t now = time(NULL); + sr_commit_t *our_commit = NULL; + + (void) arg; + + { /* Setup a minimal dirauth environment for this test */ + init_authority_state(); + /* Set ourself in reveal phase so we can parse the reveal value in the + * vote as well. */ + set_sr_phase(SR_PHASE_REVEAL); + } + + /* Generate our commit object and validate it has the appropriate field + * that we can then use to build a representation that we'll find in a + * vote coming from the network. */ + { + sr_commit_t *saved_commit; + our_commit = sr_generate_our_commit(now, mock_cert); + tt_assert(our_commit); + sr_state_add_commit(our_commit); + /* Make sure it's there. */ + saved_commit = sr_state_get_commit(our_commit->rsa_identity_fpr); + tt_assert(saved_commit); + } + + /* Also setup the SRVs */ + test_sr_setup_srv(1); + + { /* Now test the vote generation */ + smartlist_t *chunks = smartlist_new(); + smartlist_t *tokens = smartlist_new(); + /* Get our vote line and validate it. */ + char *lines = sr_get_string_for_vote(); + tt_assert(lines); + /* Split the lines. We expect 2 here. */ + ret = smartlist_split_string(chunks, lines, "\n", SPLIT_IGNORE_BLANK, 0); + tt_int_op(ret, ==, 4); + tt_str_op(smartlist_get(chunks, 0), OP_EQ, "shared-rand-participate"); + /* Get our commitment line and will validate it agains our commit. The + * format is as follow: + * "shared-rand-commitment" SP identity SP algname SP COMMIT [SP REVEAL] NL + */ + char *commit_line = smartlist_get(chunks, 1); + tt_assert(commit_line); + ret = smartlist_split_string(tokens, commit_line, " ", 0, 0); + tt_int_op(ret, ==, 5); + tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-commit"); + tt_str_op(smartlist_get(tokens, 1), OP_EQ, + crypto_digest_algorithm_get_name(DIGEST_SHA3_256)); + tt_str_op(smartlist_get(tokens, 2), OP_EQ, + our_commit->rsa_identity_fpr); + tt_str_op(smartlist_get(tokens, 3), OP_EQ, our_commit->encoded_commit); + tt_str_op(smartlist_get(tokens, 4), OP_EQ, our_commit->encoded_reveal); + + /* Finally, does this vote line creates a valid commit object? */ + smartlist_t *args = smartlist_new(); + smartlist_add(args, smartlist_get(tokens, 1)); + smartlist_add(args, smartlist_get(tokens, 2)); + smartlist_add(args, smartlist_get(tokens, 3)); + smartlist_add(args, smartlist_get(tokens, 4)); + sr_commit_t *parsed_commit = sr_parse_commit(args); + tt_assert(parsed_commit); + tt_mem_op(parsed_commit, ==, our_commit, sizeof(*our_commit)); + + /* minor cleanup */ + SMARTLIST_FOREACH(tokens, char *, s, tor_free(s)); + smartlist_clear(tokens); + + /* Now test the previous SRV */ + char *prev_srv_line = smartlist_get(chunks, 2); + tt_assert(prev_srv_line); + ret = smartlist_split_string(tokens, prev_srv_line, " ", 0, 0); + tt_int_op(ret, ==, 3); + tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-previous-value"); + tt_str_op(smartlist_get(tokens, 1), OP_EQ, "42"); + tt_str_op(smartlist_get(tokens, 2), OP_EQ, + "WlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo="); + + /* minor cleanup */ + SMARTLIST_FOREACH(tokens, char *, s, tor_free(s)); + smartlist_clear(tokens); + + /* Now test the current SRV */ + char *current_srv_line = smartlist_get(chunks, 3); + tt_assert(current_srv_line); + ret = smartlist_split_string(tokens, current_srv_line, " ", 0, 0); + tt_int_op(ret, ==, 3); + tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-current-value"); + tt_str_op(smartlist_get(tokens, 1), OP_EQ, "128"); + tt_str_op(smartlist_get(tokens, 2), OP_EQ, + "Tk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk4="); + + /* Clean up */ + sr_commit_free(parsed_commit); + SMARTLIST_FOREACH(chunks, char *, s, tor_free(s)); + smartlist_free(chunks); + SMARTLIST_FOREACH(tokens, char *, s, tor_free(s)); + smartlist_free(tokens); + smartlist_clear(args); + smartlist_free(args); + } + + done: + sr_commit_free(our_commit); +} + +const char *sr_state_str = "Version 1\n" + "ValidUntil 2666-04-20 07:16:00\n" + "ValidAfter 2666-04-19 07:16:00\n" + "Commit sha3-256 FA3CEC2C99DC68D3166B9B6E4FA21A4026C2AB1C " + "7M8GdubCAAdh7WUG0DiwRyxTYRKji7HATa7LLJEZ/UAAAAAAVmfUSg== " + "AAAAAFZn1EojfIheIw42bjK3VqkpYyjsQFSbv/dxNna3Q8hUEPKpOw==\n" + "Commit sha3-256 41E89EDFBFBA44983E21F18F2230A4ECB5BFB543 " + "17aUsYuMeRjd2N1r8yNyg7aHqRa6gf4z7QPoxxAZbp0AAAAAVmfUSg==\n" + "Commit sha3-256 36637026573A04110CF3E6B1D201FB9A98B88734 " + "DDDYtripvdOU+XPEUm5xpU64d9IURSds1xSwQsgeB8oAAAAAVmfUSg==\n" + "SharedRandCurrentValue 3 8dWeW12KEzTGEiLGgO1UVJ7Z91CekoRcxt6Q9KhnOFI=\n" + "SharedRandPreviousValue 4 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=\n"; + +/** Create an SR disk state, parse it and validate that the parsing went + * well. Yes! */ +static void +test_state_load_from_disk(void *arg) +{ + int ret; + char *dir = tor_strdup(get_fname("test_sr_state")); + char *sr_state_path = tor_strdup(get_fname("test_sr_state/sr_state")); + sr_state_t *the_sr_state = NULL; + + (void) arg; + + /* First try with a nonexistent path. */ + ret = disk_state_load_from_disk_impl("NONEXISTENTNONEXISTENT"); + tt_assert(ret == -ENOENT); + + /* Now create a mock state directory and state file */ +#ifdef _WIN32 + ret = mkdir(dir); +#else + ret = mkdir(dir, 0700); +#endif + tt_assert(ret == 0); + ret = write_str_to_file(sr_state_path, sr_state_str, 0); + tt_assert(ret == 0); + + /* Try to load the directory itself. Should fail. */ + ret = disk_state_load_from_disk_impl(dir); + tt_assert(ret == -EINVAL); + + /* State should be non-existent at this point. */ + the_sr_state = get_sr_state(); + tt_assert(!the_sr_state); + + /* Now try to load the correct file! */ + ret = disk_state_load_from_disk_impl(sr_state_path); + tt_assert(ret == 0); + + /* Check the content of the state */ + /* XXX check more deeply!!! */ + the_sr_state = get_sr_state(); + tt_assert(the_sr_state); + tt_assert(the_sr_state->version == 1); + tt_assert(digestmap_size(the_sr_state->commits) == 3); + tt_assert(the_sr_state->current_srv); + tt_assert(the_sr_state->current_srv->num_reveals == 3); + tt_assert(the_sr_state->previous_srv); + + /* XXX Now also try loading corrupted state files and make sure parsing + fails */ + + done: + tor_free(dir); + tor_free(sr_state_path); +} + +/** Generate three specially crafted commits (based on the test + * vector at sr_srv_calc_ref.py). Helper of test_sr_compute_srv(). */ +static void +test_sr_setup_commits(void) +{ + time_t now = time(NULL); + sr_commit_t *commit_a, *commit_b, *commit_c, *commit_d; + sr_commit_t *place_holder = tor_malloc_zero(sizeof(*place_holder)); + authority_cert_t *auth_cert = NULL; + + { /* Setup a minimal dirauth environment for this test */ + or_options_t *options = get_options_mutable(); + + auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL); + tt_assert(auth_cert); + + options->AuthoritativeDir = 1; + tt_int_op(0, ==, load_ed_keys(options, now)); + } + + /* Generate three dummy commits according to sr_srv_calc_ref.py . Then + register them to the SR state. Also register a fourth commit 'd' with no + reveal info, to make sure that it will get ignored during SRV + calculation. */ + + { /* Commit from auth 'a' */ + commit_a = sr_generate_our_commit(now, auth_cert); + tt_assert(commit_a); + + /* Do some surgery on the commit */ + strlcpy(commit_a->rsa_identity_fpr, + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + sizeof(commit_a->rsa_identity_fpr)); + strlcpy(commit_a->encoded_reveal, + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + sizeof(commit_a->encoded_reveal)); + memcpy(commit_a->hashed_reveal, + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + sizeof(commit_a->hashed_reveal)); + } + + { /* Commit from auth 'b' */ + commit_b = sr_generate_our_commit(now, auth_cert); + tt_assert(commit_b); + + /* Do some surgery on the commit */ + strlcpy(commit_b->rsa_identity_fpr, + "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", + sizeof(commit_b->rsa_identity_fpr)); + strlcpy(commit_b->encoded_reveal, + "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", + sizeof(commit_b->encoded_reveal)); + memcpy(commit_b->hashed_reveal, + "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", + sizeof(commit_b->hashed_reveal)); + } + + { /* Commit from auth 'c' */ + commit_c = sr_generate_our_commit(now, auth_cert); + tt_assert(commit_c); + + /* Do some surgery on the commit */ + strlcpy(commit_c->rsa_identity_fpr, + "ccccccccccccccccccccccccccccccccccccccccccccccccc", + sizeof(commit_c->rsa_identity_fpr)); + strlcpy(commit_c->encoded_reveal, + "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC", + sizeof(commit_c->encoded_reveal)); + memcpy(commit_c->hashed_reveal, + "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC", + sizeof(commit_c->hashed_reveal)); + } + + { /* Commit from auth 'd' */ + commit_d = sr_generate_our_commit(now, auth_cert); + tt_assert(commit_d); + + /* Do some surgery on the commit */ + strlcpy(commit_d->rsa_identity_fpr, + "ddddddddddddddddddddddddddddddddddddddddddddddddd", + sizeof(commit_d->rsa_identity_fpr)); + strlcpy(commit_d->encoded_reveal, + "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD", + sizeof(commit_d->encoded_reveal)); + memcpy(commit_d->hashed_reveal, + "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD", + sizeof(commit_d->hashed_reveal)); + /* Clean up its reveal info */ + memcpy(place_holder, commit_d, sizeof(*place_holder)); + memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal)); + tt_assert(!commit_has_reveal_value(commit_d)); + } + + /* Register commits to state (during commit phase) */ + set_sr_phase(SR_PHASE_COMMIT); + save_commit_to_state(commit_a); + save_commit_to_state(commit_b); + save_commit_to_state(commit_c); + save_commit_to_state(commit_d); + tt_int_op(digestmap_size(get_sr_state()->commits), ==, 4); + + /* Now during REVEAL phase save commit D by restoring its reveal. */ + set_sr_phase(SR_PHASE_REVEAL); + save_commit_to_state(place_holder); + tt_str_op(commit_d->encoded_reveal, OP_EQ, + "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"); + /* Go back to an empty encoded reveal value. */ + memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal)); + memset(commit_d->random_number, 0, sizeof(commit_d->random_number)); + tt_assert(!commit_has_reveal_value(commit_d)); + + done: + return; +} + +/** Verify that the SRV generation procedure is proper by testing it against + * the test vector from ./sr_srv_calc_ref.py. */ +static void +test_sr_compute_srv(void *arg) +{ + (void) arg; + sr_srv_t *current_srv = NULL; + +#define SRV_TEST_VECTOR \ + "2A9B1D6237DAB312A40F575DA85C147663E7ED3F80E9555395F15B515C74253D" + + MOCK(trusteddirserver_get_by_v3_auth_digest, + trusteddirserver_get_by_v3_auth_digest_m); + + init_authority_state(); + + /* Setup the commits for this unittest */ + test_sr_setup_commits(); + test_sr_setup_srv(0); + + /* Now switch to reveal phase */ + set_sr_phase(SR_PHASE_REVEAL); + + /* Compute the SRV */ + sr_compute_srv(); + + /* Check the result against the test vector */ + current_srv = sr_state_get_current_srv(); + tt_assert(current_srv); + tt_int_op(current_srv->num_reveals, ==, 3); + tt_str_op(hex_str((char*)current_srv->value, 32), + ==, + SRV_TEST_VECTOR); + + done: + ; +} + +/** Return a minimal vote document with a current SRV value set to + * srv. */ +static networkstatus_t * +get_test_vote_with_curr_srv(const char *srv) +{ + networkstatus_t *vote = tor_malloc_zero(sizeof(networkstatus_t)); + + vote->type = NS_TYPE_VOTE; + vote->sr_info.participate = 1; + vote->sr_info.current_srv = tor_malloc_zero(sizeof(sr_srv_t)); + vote->sr_info.current_srv->num_reveals = 42; + memcpy(vote->sr_info.current_srv->value, + srv, + sizeof(vote->sr_info.current_srv->value)); + + return vote; +} + +/* Mock function to return the value located in the options instead of the + * consensus so we can modify it at will. */ +static networkstatus_t * +mock_networkstatus_get_latest_consensus(void) +{ + return mock_consensus; +} + +/* Test the function that picks the right SRV given a bunch of votes. Make sure + * that the function returns an SRV iff the majority/agreement requirements are + * met. */ +static void +test_sr_get_majority_srv_from_votes(void *arg) +{ + sr_srv_t *chosen_srv; + smartlist_t *votes = smartlist_new(); + +#define SRV_1 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +#define SRV_2 "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" + + (void) arg; + + init_authority_state(); + /* Make sure our SRV is fresh so we can consider the super majority with + * the consensus params of number of agreements needed. */ + sr_state_set_fresh_srv(); + + /* The test relies on the dirauth list being initialized. */ + clear_dir_servers(); + add_default_trusted_dir_authorities(V3_DIRINFO); + tt_int_op(get_n_authorities(V3_DIRINFO), ==, 9); + + { /* Prepare voting environment with just a single vote. */ + networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1); + smartlist_add(votes, vote); + } + + /* Since it's only one vote with an SRV, it should not achieve majority and + hence no SRV will be returned. */ + chosen_srv = get_majority_srv_from_votes(votes, 1); + tt_assert(!chosen_srv); + + { /* Now put in 8 more votes. Let SRV_1 have majority. */ + int i; + /* Now 7 votes believe in SRV_1 */ + for (i = 0; i < 6; i++) { + networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1); + smartlist_add(votes, vote); + } + /* and 2 votes believe in SRV_2 */ + for (i = 0; i < 2; i++) { + networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_2); + smartlist_add(votes, vote); + } + + tt_int_op(smartlist_len(votes), ==, 9); + } + + /* Now we achieve majority for SRV_1, but not the AuthDirNumSRVAgreements + requirement. So still not picking an SRV. */ + chosen_srv = get_majority_srv_from_votes(votes, 1); + tt_assert(!chosen_srv); + + /* We will now lower the AuthDirNumSRVAgreements requirement by tweaking the + * consensus parameter and we will try again. This time it should work. */ + { + char *my_net_params; + /* Set a dummy consensus parameter in every vote */ + SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, vote) { + vote->net_params = smartlist_new(); + smartlist_split_string(vote->net_params, + "AuthDirNumSRVAgreements=7", NULL, 0, 0); + } SMARTLIST_FOREACH_END(vote); + + /* Pretend you are making a consensus out of the votes */ + mock_consensus = tor_malloc_zero(sizeof(networkstatus_t)); + mock_consensus->net_params = smartlist_new(); + my_net_params = dirvote_compute_params(votes, 66, smartlist_len(votes)); + smartlist_split_string(mock_consensus->net_params, my_net_params, " ", + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); + } + + /* Use our fake consensus for finding consensus parameters. */ + MOCK(networkstatus_get_latest_consensus, + mock_networkstatus_get_latest_consensus); + chosen_srv = get_majority_srv_from_votes(votes, 1); + tt_assert(chosen_srv); + tt_int_op(chosen_srv->num_reveals, ==, 42); + tt_mem_op(chosen_srv->value, OP_EQ, SRV_1, sizeof(chosen_srv->value)); + + done: + SMARTLIST_FOREACH(votes, networkstatus_t *, vote, + networkstatus_vote_free(vote)); + smartlist_free(votes); + networkstatus_vote_free(mock_consensus); + UNMOCK(networkstatus_get_latest_consensus); +} + +static void +test_utils(void *arg) +{ + (void) arg; + + /* Testing srv_dup(). */ + { + sr_srv_t *srv = NULL, *dup_srv = NULL; + const char *srv_value = + "1BDB7C3E973936E4D13A49F37C859B3DC69C429334CF9412E3FEF6399C52D47A"; + srv = tor_malloc_zero(sizeof(*srv)); + srv->num_reveals = 42; + memcpy(srv->value, srv_value, sizeof(srv->value)); + dup_srv = srv_dup(srv); + tt_assert(dup_srv); + tt_int_op(dup_srv->num_reveals, ==, srv->num_reveals); + tt_mem_op(dup_srv->value, OP_EQ, srv->value, sizeof(srv->value)); + tor_free(srv); + tor_free(dup_srv); + } + + /* Testing commitments_are_the_same(). Currently, the check is to test the + * value of the encoded commit so let's make sure that actually works. */ + { + /* Payload of 55 bytes that is the length of + * sr_commit_t->encoded_commit. */ + const char *payload = + "\x5d\xb9\x60\xb6\xcc\x51\x68\x52\x31\xd9\x88\x88\x71\x71\xe0\x30" + "\x59\x55\x7f\xcd\x61\xc0\x4b\x05\xb8\xcd\xc1\x48\xe9\xcd\x16\x1f" + "\x70\x15\x0c\xfc\xd3\x1a\x75\xd0\x93\x6c\xc4\xe0\x5c\xbe\xe2\x18" + "\xc7\xaf\x72\xb6\x7c\x9b\x52"; + sr_commit_t commit1, commit2; + memcpy(commit1.encoded_commit, payload, sizeof(commit1.encoded_commit)); + memcpy(commit2.encoded_commit, payload, sizeof(commit2.encoded_commit)); + tt_int_op(commitments_are_the_same(&commit1, &commit2), ==, 1); + /* Let's corrupt one of them. */ + memset(commit1.encoded_commit, 'A', sizeof(commit1.encoded_commit)); + tt_int_op(commitments_are_the_same(&commit1, &commit2), ==, 0); + } + + /* Testing commit_is_authoritative(). */ + { + crypto_pk_t *k = crypto_pk_new(); + char fp[FINGERPRINT_LEN + 1]; + sr_commit_t commit; + + tt_assert(!crypto_pk_generate_key(k)); + + tt_int_op(0, ==, crypto_pk_get_fingerprint(k, fp, 0)); + memcpy(fp, commit.rsa_identity_fpr, sizeof(fp)); + tt_int_op(commit_is_authoritative(&commit, fp), ==, 1); + /* Change the pubkey. */ + memset(commit.rsa_identity_fpr, 0, sizeof(commit.rsa_identity_fpr)); + tt_int_op(commit_is_authoritative(&commit, fp), ==, 0); + } + + /* Testing get_phase_str(). */ + { + tt_str_op(get_phase_str(SR_PHASE_REVEAL), ==, "reveal"); + tt_str_op(get_phase_str(SR_PHASE_COMMIT), ==, "commit"); + } + + /* Testing phase transition */ + { + init_authority_state(); + set_sr_phase(SR_PHASE_COMMIT); + tt_int_op(is_phase_transition(SR_PHASE_REVEAL), ==, 1); + tt_int_op(is_phase_transition(SR_PHASE_COMMIT), ==, 0); + set_sr_phase(SR_PHASE_REVEAL); + tt_int_op(is_phase_transition(SR_PHASE_REVEAL), ==, 0); + tt_int_op(is_phase_transition(SR_PHASE_COMMIT), ==, 1); + /* Junk. */ + tt_int_op(is_phase_transition(42), ==, 1); + } + + done: + return; +} + +static void +test_state_transition(void *arg) +{ + sr_state_t *state = NULL; + time_t now = time(NULL); + + (void) arg; + + { /* Setup a minimal dirauth environment for this test */ + init_authority_state(); + state = get_sr_state(); + tt_assert(state); + } + + /* Test our state reset for a new protocol run. */ + { + /* Add a commit to the state so we can test if the reset cleans the + * commits. Also, change all params that we expect to be updated. */ + sr_commit_t *commit = sr_generate_our_commit(now, mock_cert); + tt_assert(commit); + sr_state_add_commit(commit); + tt_int_op(digestmap_size(state->commits), ==, 1); + /* Let's test our delete feature. */ + sr_state_delete_commits(); + tt_int_op(digestmap_size(state->commits), ==, 0); + /* Add it back so we can continue the rest of the test because after + * deletiong our commit will be freed so generate a new one. */ + commit = sr_generate_our_commit(now, mock_cert); + tt_assert(commit); + sr_state_add_commit(commit); + tt_int_op(digestmap_size(state->commits), ==, 1); + state->n_reveal_rounds = 42; + state->n_commit_rounds = 43; + state->n_protocol_runs = 44; + reset_state_for_new_protocol_run(now); + tt_int_op(state->n_reveal_rounds, ==, 0); + tt_int_op(state->n_commit_rounds, ==, 0); + tt_u64_op(state->n_protocol_runs, ==, 45); + tt_int_op(digestmap_size(state->commits), ==, 0); + } + + /* Test SRV rotation in our state. */ + { + sr_srv_t *cur, *prev; + test_sr_setup_srv(1); + cur = sr_state_get_current_srv(); + tt_assert(cur); + /* After, current srv should be the previous and then set to NULL. */ + state_rotate_srv(); + prev = sr_state_get_previous_srv(); + tt_assert(prev == cur); + tt_assert(!sr_state_get_current_srv()); + } + + /* New protocol run. */ + { + sr_srv_t *cur; + /* Setup some new SRVs so we can confirm that a new protocol run + * actually makes them rotate and compute new ones. */ + test_sr_setup_srv(1); + cur = sr_state_get_current_srv(); + tt_assert(cur); + set_sr_phase(SR_PHASE_REVEAL); + MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m); + new_protocol_run(now); + UNMOCK(get_my_v3_authority_cert); + /* Rotation happened. */ + tt_assert(sr_state_get_previous_srv() == cur); + /* We are going into COMMIT phase so we had to rotate our SRVs. Usually + * our current SRV would be NULL but a new protocol run should make us + * compute a new SRV. */ + tt_assert(sr_state_get_current_srv()); + /* Also, make sure we did change the current. */ + tt_assert(sr_state_get_current_srv() != cur); + /* We should have our commitment alone. */ + tt_int_op(digestmap_size(state->commits), ==, 1); + tt_int_op(state->n_reveal_rounds, ==, 0); + tt_int_op(state->n_commit_rounds, ==, 0); + /* 46 here since we were at 45 just before. */ + tt_u64_op(state->n_protocol_runs, ==, 46); + } + + /* Cleanup of SRVs. */ + { + sr_state_clean_srvs(); + tt_assert(!sr_state_get_current_srv()); + tt_assert(!sr_state_get_previous_srv()); + } + + done: + return; +} + +static void +test_keep_commit(void *arg) +{ + char fp[FINGERPRINT_LEN + 1]; + sr_commit_t *commit = NULL, *dup_commit = NULL; + sr_state_t *state; + time_t now = time(NULL); + + (void) arg; + + { /* Setup a minimal dirauth environment for this test */ + crypto_pk_t *k = crypto_pk_new(); + /* Have a key that is not the one from our commit. */ + tt_int_op(0, ==, crypto_pk_generate_key(k)); + tt_int_op(0, ==, crypto_pk_get_fingerprint(k, fp, 0)); + init_authority_state(); + state = get_sr_state(); + } + + /* Test this very important function that tells us if we should keep a + * commit or not in our state. Most of it depends on the phase and what's + * in the commit so we'll change the commit as we go. */ + commit = sr_generate_our_commit(now, mock_cert); + tt_assert(commit); + /* Set us in COMMIT phase for starter. */ + set_sr_phase(SR_PHASE_COMMIT); + /* We should never keep a commit from a non authoritative authority. */ + tt_int_op(should_keep_commit(commit, fp, SR_PHASE_COMMIT), ==, 0); + /* This should NOT be kept because it has a reveal value in it. */ + tt_assert(commit_has_reveal_value(commit)); + tt_int_op(should_keep_commit(commit, commit->rsa_identity_fpr, + SR_PHASE_COMMIT), ==, 0); + /* Add it to the state which should return to not keep it. */ + sr_state_add_commit(commit); + tt_int_op(should_keep_commit(commit, commit->rsa_identity_fpr, + SR_PHASE_COMMIT), ==, 0); + /* Remove it from state so we can continue our testing. */ + digestmap_remove(state->commits, commit->rsa_identity_fpr); + /* Let's remove our reveal value which should make it OK to keep it. */ + memset(commit->encoded_reveal, 0, sizeof(commit->encoded_reveal)); + tt_int_op(should_keep_commit(commit, commit->rsa_identity_fpr, + SR_PHASE_COMMIT), ==, 1); + + /* Let's reset our commit and go into REVEAL phase. */ + sr_commit_free(commit); + commit = sr_generate_our_commit(now, mock_cert); + tt_assert(commit); + /* Dup the commit so we have one with and one without a reveal value. */ + dup_commit = tor_malloc_zero(sizeof(*dup_commit)); + memcpy(dup_commit, commit, sizeof(*dup_commit)); + memset(dup_commit->encoded_reveal, 0, sizeof(dup_commit->encoded_reveal)); + set_sr_phase(SR_PHASE_REVEAL); + /* We should never keep a commit from a non authoritative authority. */ + tt_int_op(should_keep_commit(commit, fp, SR_PHASE_REVEAL), ==, 0); + /* We shouldn't accept a commit that is not in our state. */ + tt_int_op(should_keep_commit(commit, commit->rsa_identity_fpr, + SR_PHASE_REVEAL), ==, 0); + /* Important to add the commit _without_ the reveal here. */ + sr_state_add_commit(dup_commit); + tt_int_op(digestmap_size(state->commits), ==, 1); + /* Our commit should be valid that is authoritative, contains a reveal, be + * in the state and commitment and reveal values match. */ + tt_int_op(should_keep_commit(commit, commit->rsa_identity_fpr, + SR_PHASE_REVEAL), ==, 1); + /* The commit shouldn't be kept if it's not verified that is no matchin + * hashed reveal. */ + { + /* Let's save the hash reveal so we can restore it. */ + sr_commit_t place_holder; + memcpy(place_holder.hashed_reveal, commit->hashed_reveal, + sizeof(place_holder.hashed_reveal)); + memset(commit->hashed_reveal, 0, sizeof(commit->hashed_reveal)); + tt_int_op(should_keep_commit(commit, commit->rsa_identity_fpr, + SR_PHASE_REVEAL), ==, 0); + memcpy(commit->hashed_reveal, place_holder.hashed_reveal, + sizeof(commit->hashed_reveal)); + } + /* We shouldn't keep a commit that has no reveal. */ + tt_int_op(should_keep_commit(dup_commit, dup_commit->rsa_identity_fpr, + SR_PHASE_REVEAL), ==, 0); + /* We must not keep a commit that is not the same from the commit phase. */ + memset(commit->encoded_commit, 0, sizeof(commit->encoded_commit)); + tt_int_op(should_keep_commit(commit, commit->rsa_identity_fpr, + SR_PHASE_REVEAL), ==, 0); + + done: + sr_commit_free(commit); + sr_commit_free(dup_commit); +} + +static void +test_state_update(void *arg) +{ + time_t commit_phase_time = 1452076000; + time_t reveal_phase_time = 1452086800; + sr_state_t *state; + + (void) arg; + + { + init_authority_state(); + state = get_sr_state(); + set_sr_phase(SR_PHASE_COMMIT); + /* We'll cheat a bit here and reset the creation time of the state which + * will avoid us to compute a valid_after time that fits the commit + * phase. */ + state->valid_after = 0; + state->n_reveal_rounds = 0; + state->n_commit_rounds = 0; + } + + /* We need to mock for the state update function call. */ + MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m); + + /* We are in COMMIT phase here and we'll trigger a state update but no + * transition. */ + sr_state_update(commit_phase_time); + tt_int_op(state->valid_after, ==, commit_phase_time); + tt_int_op(state->n_commit_rounds, ==, 1); + tt_int_op(state->phase, ==, SR_PHASE_COMMIT); + tt_int_op(digestmap_size(state->commits), ==, 1); + + /* We are still in the COMMIT phase here but we'll trigger a state + * transition to the REVEAL phase. */ + sr_state_update(reveal_phase_time); + tt_int_op(state->phase, ==, SR_PHASE_REVEAL); + tt_int_op(state->valid_after, ==, reveal_phase_time); + /* Only our commit should be in there. */ + tt_int_op(digestmap_size(state->commits), ==, 1); + tt_int_op(state->n_reveal_rounds, ==, 1); + + /* We can't update a state with a valid after _lower_ than the creation + * time so here it is. */ + sr_state_update(commit_phase_time); + tt_int_op(state->valid_after, ==, reveal_phase_time); + + /* Finally, let's go back in COMMIT phase so we can test the state update + * of a new protocol run. */ + state->valid_after = 0; + sr_state_update(commit_phase_time); + tt_int_op(state->valid_after, ==, commit_phase_time); + tt_int_op(state->n_commit_rounds, ==, 1); + tt_int_op(state->n_reveal_rounds, ==, 0); + tt_u64_op(state->n_protocol_runs, ==, 1); + tt_int_op(state->phase, ==, SR_PHASE_COMMIT); + tt_int_op(digestmap_size(state->commits), ==, 1); + tt_assert(state->current_srv); + + done: + sr_state_free(); + UNMOCK(get_my_v3_authority_cert); +} + +struct testcase_t sr_tests[] = { + { "get_sr_protocol_phase", test_get_sr_protocol_phase, TT_FORK, + NULL, NULL }, + { "sr_commit", test_sr_commit, TT_FORK, + NULL, NULL }, + { "keep_commit", test_keep_commit, TT_FORK, + NULL, NULL }, + { "encoding", test_encoding, TT_FORK, + NULL, NULL }, + { "get_next_valid_after_time", test_get_next_valid_after_time, TT_FORK, + NULL, NULL }, + { "get_state_valid_until_time", test_get_state_valid_until_time, TT_FORK, + NULL, NULL }, + { "vote", test_vote, TT_FORK, + NULL, NULL }, + { "state_load_from_disk", test_state_load_from_disk, TT_FORK, + NULL, NULL }, + { "sr_compute_srv", test_sr_compute_srv, TT_FORK, NULL, NULL }, + { "sr_get_majority_srv_from_votes", test_sr_get_majority_srv_from_votes, + TT_FORK, NULL, NULL }, + { "utils", test_utils, TT_FORK, NULL, NULL }, + { "state_transition", test_state_transition, TT_FORK, NULL, NULL }, + { "state_update", test_state_update, TT_FORK, + NULL, NULL }, + END_OF_TESTCASES +};

1 0

[tor/master] prop250: Initialize the SR subsystem and us it!
by nickm＠torproject.org 01 Jul '16

01 Jul '16

commit 727d419a9d0845e7820364e8a8f0928043c67111 Author: David Goulet <dgoulet(a)torproject.org> Date: Tue May 3 11:44:26 2016 -0400 prop250: Initialize the SR subsystem and us it! This commit makes it that tor now uses the shared random protocol by initializing the subsystem. Signed-off-by: David Goulet <dgoulet(a)torproject.org> Signed-off-by: George Kadianakis <desnacked(a)riseup.net> --- src/or/main.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/or/main.c b/src/or/main.c index 9f3306d..d7cd701 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -57,6 +57,7 @@ #include "routerlist.h" #include "routerparse.h" #include "scheduler.h" +#include "shared_random.h" #include "statefile.h" #include "status.h" #include "util_process.h" @@ -2441,6 +2442,13 @@ do_main_loop(void) cpu_init(); } + /* Setup shared random protocol subsystem. */ + if (authdir_mode_publishes_statuses(get_options())) { + if (sr_init(1) < 0) { + return -1; + } + } + /* set up once-a-second callback. */ if (! second_timer) { struct timeval one_second; @@ -3204,6 +3212,9 @@ tor_cleanup(void) accounting_record_bandwidth_usage(now, get_or_state()); or_state_mark_dirty(get_or_state(), 0); /* force an immediate save. */ or_state_save(now); + if (authdir_mode(options)) { + sr_save_and_cleanup(); + } if (authdir_mode_tests_reachability(options)) rep_hist_record_mtbf_data(now, 0); keypin_close_journal(); @@ -3362,6 +3373,7 @@ sandbox_init_filter(void) OPEN_DATADIR_SUFFIX("cached-extrainfo.new", ".tmp"); OPEN_DATADIR("cached-extrainfo.tmp.tmp"); OPEN_DATADIR_SUFFIX("state", ".tmp"); + OPEN_DATADIR_SUFFIX("sr-state", ".tmp"); OPEN_DATADIR_SUFFIX("unparseable-desc", ".tmp"); OPEN_DATADIR_SUFFIX("v3-status-votes", ".tmp"); OPEN_DATADIR("key-pinning-journal"); @@ -3414,6 +3426,7 @@ sandbox_init_filter(void) RENAME_SUFFIX("cached-extrainfo", ".new"); RENAME_SUFFIX("cached-extrainfo.new", ".tmp"); RENAME_SUFFIX("state", ".tmp"); + RENAME_SUFFIX("sr-state", ".tmp"); RENAME_SUFFIX("unparseable-desc", ".tmp"); RENAME_SUFFIX("v3-status-votes", ".tmp");

1 0

[tor/master] prop250: Fix format string encoding in log statement
by nickm＠torproject.org 01 Jul '16

01 Jul '16

commit 09ecbdd8eef02228764018250b00ae8d8b64bb97 Author: David Goulet <dgoulet(a)torproject.org> Date: Thu May 26 12:30:00 2016 -0400 prop250: Fix format string encoding in log statement Commit and reveal length macro changed from int to unsigned long int (size_t) because of the sizeof(). Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/or/shared_random.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/or/shared_random.c b/src/or/shared_random.c index 5f61170..7915125 100644 --- a/src/or/shared_random.c +++ b/src/or/shared_random.c @@ -248,7 +248,7 @@ commit_decode(const char *encoded, sr_commit_t *commit) if (decoded_len != SR_COMMIT_LEN) { log_warn(LD_BUG, "SR: Commit from authority %s decoded length doesn't " - "match the expected length (%d vs %d).", + "match the expected length (%d vs %lu).", sr_commit_get_rsa_fpr(commit), decoded_len, SR_COMMIT_LEN); goto error; } @@ -301,7 +301,7 @@ reveal_decode(const char *encoded, sr_commit_t *commit) if (decoded_len != SR_REVEAL_LEN) { log_warn(LD_BUG, "SR: Reveal from authority %s decoded length is " - "doesn't match the expected length (%d vs %d)", + "doesn't match the expected length (%d vs %lu)", sr_commit_get_rsa_fpr(commit), decoded_len, SR_REVEAL_LEN); goto error; }

1 0

[tor/master] prop250: Change reveal_num to uint64_t and version to uint32_t
by nickm＠torproject.org 01 Jul '16

01 Jul '16

commit e62f3133bb0404b3c70dd59f37b2706bf75eb800 Author: David Goulet <dgoulet(a)torproject.org> Date: Thu May 26 12:25:01 2016 -0400 prop250: Change reveal_num to uint64_t and version to uint32_t Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/or/shared_random.c | 26 +++++++++++++------------- src/or/shared_random.h | 6 +++--- src/or/shared_random_state.c | 4 ++-- src/or/shared_random_state.h | 4 ++-- src/test/test_shared_random.c | 3 --- 5 files changed, 20 insertions(+), 23 deletions(-) diff --git a/src/or/shared_random.c b/src/or/shared_random.c index 599273f..5f61170 100644 --- a/src/or/shared_random.c +++ b/src/or/shared_random.c @@ -403,10 +403,10 @@ get_srv_element_from_commit(const sr_commit_t *commit) /* Return a srv object that is built with the construction: * SRV = SHA3-256("shared-random" | INT_8(reveal_num) | - * INT_8(version) | HASHED_REVEALS | previous_SRV) + * INT_4(version) | HASHED_REVEALS | previous_SRV) * This function cannot fail. */ static sr_srv_t * -generate_srv(const char *hashed_reveals, uint8_t reveal_num, +generate_srv(const char *hashed_reveals, uint64_t reveal_num, const sr_srv_t *previous_srv) { char msg[DIGEST256_LEN + SR_SRV_MSG_LEN] = {0}; @@ -418,10 +418,10 @@ generate_srv(const char *hashed_reveals, uint8_t reveal_num, /* Add the invariant token. */ memcpy(msg, SR_SRV_TOKEN, SR_SRV_TOKEN_LEN); offset += SR_SRV_TOKEN_LEN; - set_uint8(msg + offset, reveal_num); - offset += 1; - set_uint8(msg + offset, SR_PROTO_VERSION); - offset += 1; + set_uint64(msg + offset, tor_htonll(reveal_num)); + offset += sizeof(uint64_t); + set_uint32(msg + offset, htonl(SR_PROTO_VERSION)); + offset += sizeof(uint32_t); memcpy(msg + offset, hashed_reveals, DIGEST256_LEN); offset += DIGEST256_LEN; if (previous_srv != NULL) { @@ -505,7 +505,7 @@ srv_to_ns_string(const sr_srv_t *srv, const char *key) tor_assert(key); sr_srv_encode(srv_hash_encoded, sizeof(srv_hash_encoded), srv); - tor_asprintf(&srv_str, "%s %d %s\n", key, + tor_asprintf(&srv_str, "%s %" PRIu64 " %s\n", key, srv->num_reveals, srv_hash_encoded); log_debug(LD_DIR, "SR: Consensus SRV line: %s", srv_str); return srv_str; @@ -962,7 +962,7 @@ sr_generate_our_commit(time_t timestamp, const authority_cert_t *my_rsa_cert) void sr_compute_srv(void) { - size_t reveal_num = 0; + uint64_t reveal_num = 0; char *reveals = NULL; smartlist_t *chunks, *commits; digestmap_t *state_commits; @@ -1019,8 +1019,7 @@ sr_compute_srv(void) SR_DIGEST_ALG)) { goto end; } - tor_assert(reveal_num < UINT8_MAX); - current_srv = generate_srv(hashed_reveals, (uint8_t) reveal_num, + current_srv = generate_srv(hashed_reveals, reveal_num, sr_state_get_previous_srv()); sr_state_set_current_srv(current_srv); /* We have a fresh SRV, flag our state. */ @@ -1042,7 +1041,8 @@ sr_srv_t * sr_parse_srv(const smartlist_t *args) { char *value; - int num_reveals, ok, ret; + int ok, ret; + uint64_t num_reveals; sr_srv_t *srv = NULL; tor_assert(args); @@ -1052,8 +1052,8 @@ sr_parse_srv(const smartlist_t *args) } /* First argument is the number of reveal values */ - num_reveals = (int)tor_parse_long(smartlist_get(args, 0), - 10, 0, INT32_MAX, &ok, NULL); + num_reveals = tor_parse_uint64(smartlist_get(args, 0), + 10, 0, UINT64_MAX, &ok, NULL); if (!ok) { goto end; } diff --git a/src/or/shared_random.h b/src/or/shared_random.h index 4b16d26..6d68ad7 100644 --- a/src/or/shared_random.h +++ b/src/or/shared_random.h @@ -30,9 +30,9 @@ * timestamp and the hashed random number. This adds up to 40 bytes. */ #define SR_REVEAL_LEN (sizeof(uint64_t) + DIGEST256_LEN) /* Size of SRV message length. The construction is has follow: - * "shared-random" | INT_8(reveal_num) | INT_8(version) | PREV_SRV */ + * "shared-random" | INT_8(reveal_num) | INT_4(version) | PREV_SRV */ #define SR_SRV_MSG_LEN \ - (SR_SRV_TOKEN_LEN + 1 + 1 + DIGEST256_LEN) + (SR_SRV_TOKEN_LEN + sizeof(uint64_t) + sizeof(uint32_t) + DIGEST256_LEN) /* Length of base64 encoded commit NOT including the NULL terminated byte. * Formula is taken from base64_encode_size. */ @@ -62,7 +62,7 @@ typedef enum { /* A shared random value (SRV). */ typedef struct sr_srv_t { /* The number of reveal values used to derive this SRV. */ - int num_reveals; + uint64_t num_reveals; /* The actual value. This is the stored result of SHA3-256. */ uint8_t value[DIGEST256_LEN]; } sr_srv_t; diff --git a/src/or/shared_random_state.c b/src/or/shared_random_state.c index 87126f5..eeffb14 100644 --- a/src/or/shared_random_state.c +++ b/src/or/shared_random_state.c @@ -60,7 +60,7 @@ disk_state_validate_cb(void *old_state, void *state, void *default_state, /* Array of variables that are saved to disk as a persistent state. */ static config_var_t state_vars[] = { - V(Version, INT, "0"), + V(Version, UINT, "0"), V(TorVersion, STRING, NULL), V(ValidAfter, ISOTIME, NULL), V(ValidUntil, ISOTIME, NULL), @@ -590,7 +590,7 @@ disk_state_put_srv_line(const sr_srv_t *srv, config_line_t *line) return; } sr_srv_encode(encoded, sizeof(encoded), srv); - tor_asprintf(&line->value, "%d %s", srv->num_reveals, encoded); + tor_asprintf(&line->value, "%" PRIu64 " %s", srv->num_reveals, encoded); } /* Reset disk state that is free allocated memory and zeroed the object. */ diff --git a/src/or/shared_random_state.h b/src/or/shared_random_state.h index d013650..305797f 100644 --- a/src/or/shared_random_state.h +++ b/src/or/shared_random_state.h @@ -36,7 +36,7 @@ typedef struct sr_state_t { /* Filename of the state file on disk. */ char *fname; /* Version of the protocol. */ - uint8_t version; + uint32_t version; /* The valid-after of the voting period we have prepared the state for. */ time_t valid_after; /* Until when is this state valid? */ @@ -76,7 +76,7 @@ typedef struct sr_state_t { typedef struct sr_disk_state_t { uint32_t magic_; /* Version of the protocol. */ - int Version; + uint32_t Version; /* Version of our running tor. */ char *TorVersion; /* Creation time of this state */ diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c index dcd71e0..8940045 100644 --- a/src/test/test_shared_random.c +++ b/src/test/test_shared_random.c @@ -788,9 +788,6 @@ test_sr_compute_srv(void *arg) MOCK(trusteddirserver_get_by_v3_auth_digest, trusteddirserver_get_by_v3_auth_digest_m); - MOCK(trusteddirserver_get_by_v3_auth_digest, - trusteddirserver_get_by_v3_auth_digest_m); - init_authority_state(); /* Setup the commits for this unittest */

1 0

[tor/master] Refactor parameter computation and add a helper function
by nickm＠torproject.org 01 Jul '16

01 Jul '16

commit 6927467bef1b5c46b85d30ac77b364ed407f6d72 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon May 9 20:10:43 2016 -0400 Refactor parameter computation and add a helper function This patch makes us retain the intermediate list of K=V entries for the duration of computing our vote, and lets us use that list with a new function in order to look up parameters before the consensus is published. We can't actually use this function yet because of #19011: our existing code to do this doesn't actually work, and we'll need a new consensus method to start using it. Closes ticket #19012. --- src/or/dirvote.c | 60 ++++++++++++++++++++++++++++++++++++++++------------- src/or/dirvote.h | 6 +++++- src/test/test_dir.c | 14 +++++++++++++ 3 files changed, 65 insertions(+), 15 deletions(-) diff --git a/src/or/dirvote.c b/src/or/dirvote.c index 5071331..4ebea32 100644 --- a/src/or/dirvote.c +++ b/src/or/dirvote.c @@ -618,15 +618,47 @@ compute_consensus_versions_list(smartlist_t *lst, int n_versioning) return result; } +/** Given a list of K=V values, return the int32_t value corresponding to + * KEYWORD=, or default_val if no such value exists, or if the value is + * corrupt. + */ +STATIC int32_t +dirvote_get_intermediate_param_value(const smartlist_t *param_list, + const char *keyword, + int32_t default_val) +{ + unsigned int n_found = 0; + int32_t value = default_val; + + SMARTLIST_FOREACH_BEGIN(param_list, const char *, k_v_pair) { + if (!strcmpstart(k_v_pair, keyword) && k_v_pair[strlen(keyword)] == '=') { + const char *integer_str = &k_v_pair[strlen(keyword)+1]; + int ok; + value = (int32_t) + tor_parse_long(integer_str, 10, INT32_MIN, INT32_MAX, &ok, NULL); + if (BUG(! ok)) + return default_val; + ++n_found; + } + } SMARTLIST_FOREACH_END(k_v_pair); + + if (n_found == 1) + return value; + else if (BUG(n_found > 1)) + return default_val; + else + return default_val; +} + /** Minimum number of directory authorities voting for a parameter to * include it in the consensus, if consensus method 12 or later is to be * used. See proposal 178 for details. */ #define MIN_VOTES_FOR_PARAM 3 -/** Helper: given a list of valid networkstatus_t, return a new string +/** Helper: given a list of valid networkstatus_t, return a new smartlist * containing the contents of the consensus network parameter set. */ -STATIC char * +STATIC smartlist_t * dirvote_compute_params(smartlist_t *votes, int method, int total_authorities) { int i; @@ -635,7 +667,6 @@ dirvote_compute_params(smartlist_t *votes, int method, int total_authorities) int cur_param_len; const char *cur_param; const char *eq; - char *result; const int n_votes = smartlist_len(votes); smartlist_t *output; @@ -657,8 +688,7 @@ dirvote_compute_params(smartlist_t *votes, int method, int total_authorities) if (smartlist_len(param_list) == 0) { tor_free(vals); - smartlist_free(param_list); - return NULL; + return param_list; } smartlist_sort_strings(param_list); @@ -706,12 +736,9 @@ dirvote_compute_params(smartlist_t *votes, int method, int total_authorities) } } SMARTLIST_FOREACH_END(param); - result = smartlist_join_strings(output, " ", 0, NULL); - SMARTLIST_FOREACH(output, char *, cp, tor_free(cp)); - smartlist_free(output); smartlist_free(param_list); tor_free(vals); - return result; + return output; } #define RANGE_CHECK(a,b,c,d,e,f,g,mx) \ @@ -1158,6 +1185,8 @@ networkstatus_compute_consensus(smartlist_t *votes, char *packages = NULL; int added_weights = 0; dircollator_t *collator = NULL; + smartlist_t *param_list = NULL; + tor_assert(flavor == FLAV_NS || flavor == FLAV_MICRODESC); tor_assert(total_authorities >= smartlist_len(votes)); tor_assert(total_authorities > 0); @@ -1302,9 +1331,10 @@ networkstatus_compute_consensus(smartlist_t *votes, tor_free(flaglist); } - params = dirvote_compute_params(votes, consensus_method, - total_authorities); - if (params) { + param_list = dirvote_compute_params(votes, consensus_method, + total_authorities); + if (smartlist_len(param_list)) { + params = smartlist_join_strings(param_list, " ", 0, NULL); smartlist_add(chunks, tor_strdup("params ")); smartlist_add(chunks, params); smartlist_add(chunks, tor_strdup("\n")); @@ -1369,7 +1399,7 @@ networkstatus_compute_consensus(smartlist_t *votes, if (consensus_method >= MIN_METHOD_TO_CLIP_UNMEASURED_BW) { char *max_unmeasured_param = NULL; - /* XXXX Extract this code into a common function */ + /* XXXX Extract this code into a common function. Or don't! see #19011 */ if (params) { if (strcmpstart(params, "maxunmeasuredbw=") == 0) max_unmeasured_param = params; @@ -1924,7 +1954,7 @@ networkstatus_compute_consensus(smartlist_t *votes, // Parse params, extract BW_WEIGHT_SCALE if present // DO NOT use consensus_param_bw_weight_scale() in this code! // The consensus is not formed yet! - /* XXXX Extract this code into a common function */ + /* XXXX Extract this code into a common function. Or not: #19011. */ if (params) { if (strcmpstart(params, "bwweightscale=") == 0) bw_weight_param = params; @@ -2044,6 +2074,8 @@ networkstatus_compute_consensus(smartlist_t *votes, smartlist_free(flags); SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp)); smartlist_free(chunks); + SMARTLIST_FOREACH(param_list, char *, cp, tor_free(cp)); + smartlist_free(param_list); return result; } diff --git a/src/or/dirvote.h b/src/or/dirvote.h index 4c563aa..2a83802 100644 --- a/src/or/dirvote.h +++ b/src/or/dirvote.h @@ -210,9 +210,13 @@ document_signature_t *voter_get_sig_by_algorithm( digest_algorithm_t alg); #ifdef DIRVOTE_PRIVATE +STATIC int32_t dirvote_get_intermediate_param_value( + const smartlist_t *param_list, + const char *keyword, + int32_t default_val); STATIC char *format_networkstatus_vote(crypto_pk_t *private_key, networkstatus_t *v3_ns); -STATIC char *dirvote_compute_params(smartlist_t *votes, int method, +STATIC smartlist_t *dirvote_compute_params(smartlist_t *votes, int method, int total_authorities); STATIC char *compute_consensus_package_lines(smartlist_t *votes); STATIC char *make_consensus_method_list(int low, int high, const char *sep); diff --git a/src/test/test_dir.c b/src/test/test_dir.c index b0ae2d9..1f1b300 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -1436,6 +1436,19 @@ test_dir_measured_bw_kb_cache(void *arg) return; } +static char * +my_dirvote_compute_params(smartlist_t *votes, int method, int total_authorities) +{ + smartlist_t *s = dirvote_compute_params(votes, method, total_authorities); + tor_assert(s); + char *res = smartlist_join_strings(s, " ", 0, NULL); + SMARTLIST_FOREACH(s, char *, cp, tor_free(cp)); + smartlist_free(s); + return res; +} + +#define dirvote_compute_params my_dirvote_compute_params + static void test_dir_param_voting(void *arg) { @@ -4298,6 +4311,7 @@ struct testcase_t dir_tests[] = { DIR_LEGACY(measured_bw_kb), DIR_LEGACY(measured_bw_kb_cache), DIR_LEGACY(param_voting), + DIR(param_voting_lookup, 0), DIR_LEGACY(v3_networkstatus), DIR(random_weighted, 0), DIR(scale_bw, 0),

1 0

[tor/master] prop250: Use the new dirvote_get_intermediate_param_value for AuthDirNumSRVAgreements
by nickm＠torproject.org 01 Jul '16

01 Jul '16

commit 4a1904c12665b98c356aba8e7b73a3f3fd508a5b Author: David Goulet <dgoulet(a)torproject.org> Date: Thu May 26 15:26:09 2016 -0400 prop250: Use the new dirvote_get_intermediate_param_value for AuthDirNumSRVAgreements Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/or/dirvote.c | 10 ++++++++- src/or/shared_random.c | 48 +++++++++++++++++++++++++++---------------- src/or/shared_random.h | 9 +++++++- src/test/test_shared_random.c | 34 +++--------------------------- 4 files changed, 50 insertions(+), 51 deletions(-) diff --git a/src/or/dirvote.c b/src/or/dirvote.c index 4ebea32..4fbd6b3 100644 --- a/src/or/dirvote.c +++ b/src/or/dirvote.c @@ -1341,8 +1341,16 @@ networkstatus_compute_consensus(smartlist_t *votes, } if (consensus_method >= MIN_METHOD_FOR_SHARED_RANDOM) { + int num_dirauth = get_n_authorities(V3_DIRINFO); + /* Default value of this is 2/3 of the total number of authorities. For + * instance, if we have 9 dirauth, the default value is 6. The following + * calculation will round it down. */ + int32_t num_srv_agreements = + dirvote_get_intermediate_param_value(param_list, + "AuthDirNumSRVAgreements", + (num_dirauth * 2) / 3); /* Add the shared random value. */ - char *srv_lines = sr_get_string_for_consensus(votes); + char *srv_lines = sr_get_string_for_consensus(votes, num_srv_agreements); if (srv_lines != NULL) { smartlist_add(chunks, srv_lines); } diff --git a/src/or/shared_random.c b/src/or/shared_random.c index 7915125..5cdf3d0 100644 --- a/src/or/shared_random.c +++ b/src/or/shared_random.c @@ -105,6 +105,12 @@ static const char current_srv_str[] = "shared-rand-current-value"; static const char commit_ns_str[] = "shared-rand-commit"; static const char sr_flag_ns_str[] = "shared-rand-participate"; +/* The value of the consensus param AuthDirNumSRVAgreements found in the + * vote. This is set once the consensus creation subsystem requests the + * SRV(s) that should be put in the consensus. We use this value to decide + * if we keep or not an SRV. */ +static int32_t num_srv_agreements_from_vote; + /* Return a heap allocated copy of the SRV orig. */ STATIC sr_srv_t * srv_dup(const sr_srv_t *orig) @@ -737,18 +743,6 @@ save_commit_to_state(sr_commit_t *commit) } } -/* Return the number of required participants of the SR protocol. This is based - * on a consensus params. */ -static int -get_n_voters_for_srv_agreement(void) -{ - int num_dirauths = get_n_authorities(V3_DIRINFO); - /* If the params is not found, default value should always be the maximum - * number of trusted authorities. Let's not take any chances. */ - return networkstatus_get_param(NULL, "AuthDirNumSRVAgreements", - num_dirauths, 1, num_dirauths); -} - /* Return 1 if we should we keep an SRV voted by n_agreements auths. * Return 0 if we should ignore it. */ static int @@ -769,11 +763,9 @@ should_keep_srv(int n_agreements) * to keep it. */ if (sr_state_srv_is_fresh()) { /* Check if we have super majority for this new SRV value. */ - int num_required_agreements = get_n_voters_for_srv_agreement(); - - if (n_agreements < num_required_agreements) { + if (n_agreements < num_srv_agreements_from_vote) { log_notice(LD_DIR, "SR: New SRV didn't reach agreement [%d/%d]!", - n_agreements, num_required_agreements); + n_agreements, num_srv_agreements_from_vote); return 0; } } @@ -1253,9 +1245,14 @@ sr_get_string_for_vote(void) * * This is called when a consensus (any flavor) is bring created thus it * should NEVER change the state nor the state should be changed in between - * consensus creation. */ + * consensus creation. + * + * num_srv_agreements is taken from the votes thus the voted value + * that should be used. + * */ char * -sr_get_string_for_consensus(const smartlist_t *votes) +sr_get_string_for_consensus(const smartlist_t *votes, + int32_t num_srv_agreements) { char *srv_str; const or_options_t *options = get_options(); @@ -1269,6 +1266,9 @@ sr_get_string_for_consensus(const smartlist_t *votes) goto end; } + /* Set the global value of AuthDirNumSRVAgreements found in the votes. */ + num_srv_agreements_from_vote = num_srv_agreements; + /* Check the votes and figure out if SRVs should be included in the final * consensus. */ sr_srv_t *prev_srv = get_majority_srv_from_votes(votes, 0); @@ -1340,3 +1340,15 @@ sr_save_and_cleanup(void) sr_state_save(); sr_cleanup(); } + +#ifdef TOR_UNIT_TESTS + +/* Set the global value of number of SRV agreements so the test can play + * along by calling specific functions that don't parse the votes prior for + * the AuthDirNumSRVAgreements value. */ +void set_num_srv_agreements(int32_t value) +{ + num_srv_agreements_from_vote = value; +} + +#endif /* TOR_UNIT_TESTS */ diff --git a/src/or/shared_random.h b/src/or/shared_random.h index 6d68ad7..3922f33 100644 --- a/src/or/shared_random.h +++ b/src/or/shared_random.h @@ -112,7 +112,8 @@ void sr_handle_received_commits(smartlist_t *commits, sr_commit_t *sr_parse_commit(const smartlist_t *args); sr_srv_t *sr_parse_srv(const smartlist_t *args); char *sr_get_string_for_vote(void); -char *sr_get_string_for_consensus(const smartlist_t *votes); +char *sr_get_string_for_consensus(const smartlist_t *votes, + int32_t num_srv_agreements); void sr_commit_free(sr_commit_t *commit); void sr_srv_encode(char *dst, size_t dst_len, const sr_srv_t *srv); @@ -156,4 +157,10 @@ STATIC void save_commit_during_reveal_phase(const sr_commit_t *commit); #endif /* SHARED_RANDOM_PRIVATE */ +#ifdef TOR_UNIT_TESTS + +void set_num_srv_agreements(int32_t value); + +#endif /* TOR_UNIT_TESTS */ + #endif /* TOR_SHARED_RANDOM_H */ diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c index 8940045..b900350 100644 --- a/src/test/test_shared_random.c +++ b/src/test/test_shared_random.c @@ -830,14 +830,6 @@ get_test_vote_with_curr_srv(const char *srv) return vote; } -/* Mock function to return the value located in the options instead of the - * consensus so we can modify it at will. */ -static networkstatus_t * -mock_networkstatus_get_latest_consensus(void) -{ - return mock_consensus; -} - /* Test the function that picks the right SRV given a bunch of votes. Make sure * that the function returns an SRV iff the majority/agreement requirements are * met. */ @@ -894,31 +886,13 @@ test_sr_get_majority_srv_from_votes(void *arg) /* Now we achieve majority for SRV_1, but not the AuthDirNumSRVAgreements requirement. So still not picking an SRV. */ + set_num_srv_agreements(8); chosen_srv = get_majority_srv_from_votes(votes, 1); tt_assert(!chosen_srv); /* We will now lower the AuthDirNumSRVAgreements requirement by tweaking the - * consensus parameter and we will try again. This time it should work. */ - { - char *my_net_params; - /* Set a dummy consensus parameter in every vote */ - SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, vote) { - vote->net_params = smartlist_new(); - smartlist_split_string(vote->net_params, - "AuthDirNumSRVAgreements=7", NULL, 0, 0); - } SMARTLIST_FOREACH_END(vote); - - /* Pretend you are making a consensus out of the votes */ - mock_consensus = tor_malloc_zero(sizeof(networkstatus_t)); - mock_consensus->net_params = smartlist_new(); - my_net_params = dirvote_compute_params(votes, 66, smartlist_len(votes)); - smartlist_split_string(mock_consensus->net_params, my_net_params, " ", - SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); - } - - /* Use our fake consensus for finding consensus parameters. */ - MOCK(networkstatus_get_latest_consensus, - mock_networkstatus_get_latest_consensus); + * consensus parameter and we will try again. This time it should work. */ + set_num_srv_agreements(7); chosen_srv = get_majority_srv_from_votes(votes, 1); tt_assert(chosen_srv); tt_int_op(chosen_srv->num_reveals, ==, 42); @@ -928,8 +902,6 @@ test_sr_get_majority_srv_from_votes(void *arg) SMARTLIST_FOREACH(votes, networkstatus_t *, vote, networkstatus_vote_free(vote)); smartlist_free(votes); - networkstatus_vote_free(mock_consensus); - UNMOCK(networkstatus_get_latest_consensus); } static void

1 0

[tor/master] prop250: Add a DEL state action and return const SRVs
by nickm＠torproject.org 01 Jul '16

01 Jul '16

commit 36e201dffc5d57d92113e1e68ad4b6a0a7b3471e Author: David Goulet <dgoulet(a)torproject.org> Date: Wed Jun 29 15:32:51 2016 -0400 prop250: Add a DEL state action and return const SRVs The *get* state query functions for the SRVs now only return const pointers and the DEL action needs to be used to delete the SRVs from the state. Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/or/shared_random.c | 2 +- src/or/shared_random_state.c | 91 ++++++++++++++++++++++++++++++------------- src/or/shared_random_state.h | 9 +++-- src/test/test_shared_random.c | 6 +-- 4 files changed, 73 insertions(+), 35 deletions(-) diff --git a/src/or/shared_random.c b/src/or/shared_random.c index 5cdf3d0..7a0273d 100644 --- a/src/or/shared_random.c +++ b/src/or/shared_random.c @@ -589,7 +589,7 @@ STATIC int should_keep_commit(const sr_commit_t *commit, const char *voter_key, sr_phase_t phase) { - sr_commit_t *saved_commit; + const sr_commit_t *saved_commit; tor_assert(commit); tor_assert(voter_key); diff --git a/src/or/shared_random_state.c b/src/or/shared_random_state.c index eeffb14..d0cd460 100644 --- a/src/or/shared_random_state.c +++ b/src/or/shared_random_state.c @@ -793,20 +793,6 @@ reset_state_for_new_protocol_run(time_t valid_after) sr_state_delete_commits(); } -/* Rotate SRV value by freeing the previous value, assigning the current - * value to the previous one and nullifying the current one. */ -STATIC void -state_rotate_srv(void) -{ - /* Get a pointer to the previous SRV so we can free it after rotation. */ - sr_srv_t *previous_srv = sr_state_get_previous_srv(); - /* Set previous SRV with the current one. */ - sr_state_set_previous_srv(sr_state_get_current_srv()); - /* Nullify the current srv. */ - sr_state_set_current_srv(NULL); - tor_free(previous_srv); -} - /* This is the first round of the new protocol run starting at * valid_after. Do the necessary housekeeping. */ STATIC void @@ -857,6 +843,7 @@ state_query_get_commit(const char *rsa_fpr) tor_assert(rsa_fpr); return digestmap_get(sr_state->commits, rsa_fpr); } + /* Helper function: This handles the GET state action using an * obj_type and data needed for the action. */ static void * @@ -921,7 +908,7 @@ state_query_put_(sr_state_object_t obj_type, void *data) } } -/* Helper function: This handles the DEL state action using an +/* Helper function: This handles the DEL_ALL state action using an * obj_type and data needed for the action. */ static void state_query_del_all_(sr_state_object_t obj_type) @@ -947,6 +934,29 @@ state_query_del_all_(sr_state_object_t obj_type) } } +/* Helper function: This handles the DEL state action using an + * obj_type and data needed for the action. */ +static void +state_query_del_(sr_state_object_t obj_type, void *data) +{ + (void) data; + + switch (obj_type) { + case SR_STATE_OBJ_PREVSRV: + tor_free(sr_state->previous_srv); + break; + case SR_STATE_OBJ_CURSRV: + tor_free(sr_state->current_srv); + break; + case SR_STATE_OBJ_COMMIT: + case SR_STATE_OBJ_COMMITS: + case SR_STATE_OBJ_PHASE: + case SR_STATE_OBJ_VALID_AFTER: + default: + tor_assert(0); + } +} + /* Query state using an action for an object type obj_type. * The data pointer needs to point to an object that the action needs * to use and if anything is required to be returned, it is stored in @@ -969,6 +979,9 @@ state_query(sr_state_action_t action, sr_state_object_t obj_type, case SR_STATE_ACTION_PUT: state_query_put_(obj_type, data); break; + case SR_STATE_ACTION_DEL: + state_query_del_(obj_type, data); + break; case SR_STATE_ACTION_DEL_ALL: state_query_del_all_(obj_type); break; @@ -986,6 +999,35 @@ state_query(sr_state_action_t action, sr_state_object_t obj_type, } } +/* Delete the current SRV value from the state freeing it and the value is set + * to NULL meaning empty. */ +static void +state_del_current_srv(void) +{ + state_query(SR_STATE_ACTION_DEL, SR_STATE_OBJ_CURSRV, NULL, NULL); +} + +/* Delete the previous SRV value from the state freeing it and the value is + * set to NULL meaning empty. */ +static void +state_del_previous_srv(void) +{ + state_query(SR_STATE_ACTION_DEL, SR_STATE_OBJ_PREVSRV, NULL, NULL); +} + +/* Rotate SRV value by freeing the previous value, assigning the current + * value to the previous one and nullifying the current one. */ +STATIC void +state_rotate_srv(void) +{ + /* First delete previous SRV from the state. Object will be freed. */ + state_del_previous_srv(); + /* Set previous SRV with the current one. */ + sr_state_set_previous_srv(sr_state_get_current_srv()); + /* Nullify the current srv. */ + sr_state_set_current_srv(NULL); +} + /* Set valid after time in the our state. */ void sr_state_set_valid_after(time_t valid_after) @@ -1004,10 +1046,10 @@ sr_state_get_phase(void) } /* Return the previous SRV value from our state. Value CAN be NULL. */ -sr_srv_t * +const sr_srv_t * sr_state_get_previous_srv(void) { - sr_srv_t *srv; + const sr_srv_t *srv; state_query(SR_STATE_ACTION_GET, SR_STATE_OBJ_PREVSRV, NULL, (void *) &srv); return srv; @@ -1023,10 +1065,10 @@ sr_state_set_previous_srv(const sr_srv_t *srv) } /* Return the current SRV value from our state. Value CAN be NULL. */ -sr_srv_t * +const sr_srv_t * sr_state_get_current_srv(void) { - sr_srv_t *srv; + const sr_srv_t *srv; state_query(SR_STATE_ACTION_GET, SR_STATE_OBJ_CURSRV, NULL, (void *) &srv); return srv; @@ -1045,14 +1087,9 @@ sr_state_set_current_srv(const sr_srv_t *srv) void sr_state_clean_srvs(void) { - sr_srv_t *previous_srv = sr_state_get_previous_srv(); - sr_srv_t *current_srv = sr_state_get_current_srv(); - - tor_free(previous_srv); - sr_state_set_previous_srv(NULL); - - tor_free(current_srv); - sr_state_set_current_srv(NULL); + /* Remove SRVs from state. They will be set to NULL as "empty". */ + state_del_previous_srv(); + state_del_current_srv(); } /* Return a pointer to the commits map from our state. CANNOT be NULL. */ diff --git a/src/or/shared_random_state.h b/src/or/shared_random_state.h index 305797f..e0b6e46 100644 --- a/src/or/shared_random_state.h +++ b/src/or/shared_random_state.h @@ -10,8 +10,9 @@ typedef enum { SR_STATE_ACTION_GET = 1, SR_STATE_ACTION_PUT = 2, - SR_STATE_ACTION_DEL_ALL = 3, - SR_STATE_ACTION_SAVE = 4, + SR_STATE_ACTION_DEL = 3, + SR_STATE_ACTION_DEL_ALL = 4, + SR_STATE_ACTION_SAVE = 5, } sr_state_action_t; /* Object in the state that can be queried through the state API. */ @@ -101,8 +102,8 @@ void sr_state_update(time_t valid_after); void sr_state_set_valid_after(time_t valid_after); sr_phase_t sr_state_get_phase(void); -sr_srv_t *sr_state_get_previous_srv(void); -sr_srv_t *sr_state_get_current_srv(void); +const sr_srv_t *sr_state_get_previous_srv(void); +const sr_srv_t *sr_state_get_current_srv(void); void sr_state_set_previous_srv(const sr_srv_t *srv); void sr_state_set_current_srv(const sr_srv_t *srv); void sr_state_clean_srvs(void); diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c index b900350..20ed087 100644 --- a/src/test/test_shared_random.c +++ b/src/test/test_shared_random.c @@ -780,7 +780,7 @@ static void test_sr_compute_srv(void *arg) { (void) arg; - sr_srv_t *current_srv = NULL; + const sr_srv_t *current_srv = NULL; #define SRV_TEST_VECTOR \ "2A9B1D6237DAB312A40F575DA85C147663E7ED3F80E9555395F15B515C74253D" @@ -1026,7 +1026,7 @@ test_state_transition(void *arg) /* Test SRV rotation in our state. */ { - sr_srv_t *cur, *prev; + const sr_srv_t *cur, *prev; test_sr_setup_srv(1); cur = sr_state_get_current_srv(); tt_assert(cur); @@ -1039,7 +1039,7 @@ test_state_transition(void *arg) /* New protocol run. */ { - sr_srv_t *cur; + const sr_srv_t *cur; /* Setup some new SRVs so we can confirm that a new protocol run * actually makes them rotate and compute new ones. */ test_sr_setup_srv(1);

1 0

[tor/master] Merge remote-tracking branch 'dgoulet/ticket16943_029_05-squashed'
by nickm＠torproject.org 01 Jul '16

01 Jul '16

commit aaa31290431ea2cd1d1e8498dbe271eb53d2389d Merge: 738a8c6 36e201d Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jul 1 15:29:05 2016 -0400 Merge remote-tracking branch 'dgoulet/ticket16943_029_05-squashed' Trivial Conflicts: src/or/or.h src/or/routerparse.c changes/bug16943 | 8 + doc/tor.1.txt | 6 + src/common/util.c | 21 + src/common/util.h | 2 + src/or/config.c | 1 + src/or/directory.c | 5 + src/or/dirvote.c | 187 ++++-- src/or/dirvote.h | 45 +- src/or/include.am | 4 + src/or/main.c | 13 + src/or/networkstatus.c | 18 +- src/or/networkstatus.h | 4 +- src/or/or.h | 21 + src/or/routerlist.c | 4 +- src/or/routerlist.h | 3 +- src/or/routerparse.c | 158 +++++ src/or/shared_random.c | 1354 +++++++++++++++++++++++++++++++++++++++++ src/or/shared_random.h | 166 +++++ src/or/shared_random_state.c | 1353 ++++++++++++++++++++++++++++++++++++++++ src/or/shared_random_state.h | 146 +++++ src/test/include.am | 1 + src/test/sr_srv_calc_ref.py | 71 +++ src/test/test.c | 1 + src/test/test.h | 1 + src/test/test_dir.c | 87 ++- src/test/test_routerlist.c | 17 + src/test/test_shared_random.c | 1261 ++++++++++++++++++++++++++++++++++++++ 27 files changed, 4889 insertions(+), 69 deletions(-) diff --cc src/or/networkstatus.c index 5415c30,cf395f9..0dfb8af --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@@ -1216,56 -1189,10 +1226,56 @@@ consensus_is_waiting_for_certs(void ? 1 : 0; } +/** Look up the currently active (depending on bootstrap status) download + * status for this consensus flavor and return a pointer to it. + */ +MOCK_IMPL(download_status_t *, +networkstatus_get_dl_status_by_flavor,(consensus_flavor_t flavor)) +{ + download_status_t *dl = NULL; + const int we_are_bootstrapping = + networkstatus_consensus_is_bootstrapping(time(NULL)); + + if ((int)flavor <= N_CONSENSUS_FLAVORS) { + dl = &((we_are_bootstrapping ? + consensus_bootstrap_dl_status : consensus_dl_status)[flavor]); + } + + return dl; +} + +/** Look up the bootstrap download status for this consensus flavor + * and return a pointer to it. */ +MOCK_IMPL(download_status_t *, +networkstatus_get_dl_status_by_flavor_bootstrap,(consensus_flavor_t flavor)) +{ + download_status_t *dl = NULL; + + if ((int)flavor <= N_CONSENSUS_FLAVORS) { + dl = &(consensus_bootstrap_dl_status[flavor]); + } + + return dl; +} + +/** Look up the running (non-bootstrap) download status for this consensus + * flavor and return a pointer to it. */ +MOCK_IMPL(download_status_t *, +networkstatus_get_dl_status_by_flavor_running,(consensus_flavor_t flavor)) +{ + download_status_t *dl = NULL; + + if ((int)flavor <= N_CONSENSUS_FLAVORS) { + dl = &(consensus_dl_status[flavor]); + } + + return dl; +} + /** Return the most recent consensus that we have downloaded, or NULL if we * don't have one. */ - networkstatus_t * - networkstatus_get_latest_consensus(void) + MOCK_IMPL(networkstatus_t *, + networkstatus_get_latest_consensus,(void)) { return current_consensus; } diff --cc src/or/or.h index a1a0810,1b7f1a8..ed799b9 --- a/src/or/or.h +++ b/src/or/or.h @@@ -4499,10 -4496,11 +4514,16 @@@ typedef struct /** Autobool: Do we try to retain capabilities if we can? */ int KeepBindCapabilities; + /** Maximum total size of unparseable descriptors to log during the + * lifetime of this Tor process. + */ + uint64_t MaxUnparseableDescSizeToLog; ++ + /** Bool (default: 1): Switch for the shared random protocol. Only + * relevant to a directory authority. If off, the authority won't + * participate in the protocol. If on (default), a flag is added to the + * vote indicating participation. */ + int AuthDirSharedRandomness; } or_options_t; /** Persistent state for an onion router, as saved to disk. */ diff --cc src/or/routerparse.c index d257910,88cfbdc..0f9b9f7 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@@ -28,7 -28,7 +28,8 @@@ #include "routerparse.h" #include "entrynodes.h" #include "torcert.h" +#include "sandbox.h" + #include "shared_random.h" #undef log #include <math.h>

1 0

[tor/master] Fix a -Wmissing-variable-declarations warning
by nickm＠torproject.org 01 Jul '16

01 Jul '16

commit 3566ff05fd9b4b0e0d6c2667f11f769b63aeee4d Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jul 1 15:30:12 2016 -0400 Fix a -Wmissing-variable-declarations warning --- src/test/test_shared_random.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c index 20ed087..141c12b 100644 --- a/src/test/test_shared_random.c +++ b/src/test/test_shared_random.c @@ -593,7 +593,7 @@ test_vote(void *arg) UNMOCK(trusteddirserver_get_by_v3_auth_digest); } -const char *sr_state_str = "Version 1\n" +static const char *sr_state_str = "Version 1\n" "TorVersion 0.2.9.0-alpha-dev\n" "ValidAfter 2037-04-19 07:16:00\n" "ValidUntil 2037-04-20 07:16:00\n"

1 0

[stem/master] Standardize hash handling
by atagar＠torproject.org 01 Jul '16

01 Jul '16

commit 3b304ded555c1960321b1a476f72f56e11a06310 Author: Damian Johnson <atagar(a)torproject.org> Date: Fri Jul 1 10:27:10 2016 -0700 Standardize hash handling Any time we define an __eq__() method we need to define __hash__() as well, otherwise using the class as a hash key fails under python 3.x with... TypeError: unhashable type: 'DirectoryAuthority' Regression caught by dgoulet for the DirectoryAuthority class so taking this as an opportunety to ensure all our classes are in sync with their equality and hashing. --- stem/__init__.py | 26 ++++++++++++++ stem/descriptor/networkstatus.py | 9 +++++ stem/descriptor/remote.py | 45 ++++++++++++------------ stem/descriptor/router_status_entry.py | 12 +++++++ stem/exit_policy.py | 62 +++++++++------------------------- stem/manual.py | 25 +++++--------- stem/response/events.py | 3 ++ stem/version.py | 23 ++++--------- test/unit/descriptor/remote.py | 4 +++ 9 files changed, 107 insertions(+), 102 deletions(-) diff --git a/stem/__init__.py b/stem/__init__.py index 1f61075..56d294d 100644 --- a/stem/__init__.py +++ b/stem/__init__.py @@ -860,3 +860,29 @@ HSAuth = stem.util.enum.UppercaseEnum( 'STEALTH_AUTH', 'UNKNOWN', ) + + +def _hash_attr(obj, *attributes, **kwargs): + """ + Provide a hash value for the given set of attributes. + + :param Object obj: object to be hashed + :param list attributes: attribute names to take into account + :param class parent: parent object to include in the hash value + """ + + my_hash = 0 if kwargs.get('parent') == None else kwargs.get('parent').__hash__(obj) + + for attr in attributes: + my_hash *= 1024 + + attr_value = getattr(obj, attr) + + if attr_value is not None: + if isinstance(attr_value, dict): + for k, v in attr_value.items(): + my_hash = (my_hash + hash(k)) * 1024 + hash(v) + else: + my_hash += hash(attr_value) + + return my_hash diff --git a/stem/descriptor/networkstatus.py b/stem/descriptor/networkstatus.py index 08c284b..dcbfc5d 100644 --- a/stem/descriptor/networkstatus.py +++ b/stem/descriptor/networkstatus.py @@ -1236,6 +1236,9 @@ class DirectoryAuthority(Descriptor): return method(str(self).strip(), str(other).strip()) + def __hash__(self): + return hash(str(self).strip()) + def __eq__(self, other): return self._compare(other, lambda s, o: s == o) @@ -1352,6 +1355,9 @@ class KeyCertificate(Descriptor): return method(str(self).strip(), str(other).strip()) + def __hash__(self): + return hash(str(self).strip()) + def __eq__(self, other): return self._compare(other, lambda s, o: s == o) @@ -1404,6 +1410,9 @@ class DocumentSignature(object): return method(True, True) # we're equal + def __hash__(self): + return hash(str(self).strip()) + def __eq__(self, other): return self._compare(other, lambda s, o: s == o) diff --git a/stem/descriptor/remote.py b/stem/descriptor/remote.py index 6d48e39..69f4d39 100644 --- a/stem/descriptor/remote.py +++ b/stem/descriptor/remote.py @@ -91,6 +91,8 @@ import threading import time import zlib +import stem + try: # account for urllib's change between python 2.x and 3.x import urllib.request as urllib @@ -716,15 +718,14 @@ class Directory(object): self.dir_port = dir_port self.fingerprint = fingerprint - def __eq__(self, other): - if not isinstance(other, Directory): - return False + def __hash__(self): + return stem._hash_attr(self, 'address', 'or_port', 'dir_port', 'fingerprint') - for attr in ('address', 'or_port', 'dir_port', 'fingerprint'): - if getattr(self, attr) != getattr(other, attr): - return False + def __eq__(self, other): + return hash(self) == hash(other) if isinstance(other, Directory) else False - return True + def __ne__(self, other): + return not self == other class DirectoryAuthority(Directory): @@ -770,17 +771,14 @@ class DirectoryAuthority(Directory): self.v3ident = v3ident self.is_bandwidth_authority = is_bandwidth_authority - def __eq__(self, other): - if not isinstance(other, DirectoryAuthority): - return False - elif not super(DirectoryAuthority, self).__eq__(other): - return False + def __hash__(self): + return stem._hash_attr(self, 'nickname', 'v3ident', 'is_bandwidth_authority', parent = Directory) - for attr in ('nickname', 'v3ident', 'is_bandwidth_authority'): - if getattr(self, attr) != getattr(other, attr): - return False + def __eq__(self, other): + return hash(self) == hash(other) if isinstance(other, DirectoryAuthority) else False - return True + def __ne__(self, other): + return not self == other DIRECTORY_AUTHORITIES = { @@ -1067,15 +1065,14 @@ class FallbackDirectory(Directory): return results + def __hash__(self): + return stem._hash_attr(self, 'orport_v6', parent = Directory) + def __eq__(self, other): - if not isinstance(other, FallbackDirectory): - return False - elif not super(FallbackDirectory, self).__eq__(other): - return False - elif self.orport_v6 != other.orport_v6: - return False - - return True + return hash(self) == hash(other) if isinstance(other, FallbackDirectory) else False + + def __ne__(self, other): + return not self == other def _fallback_directory_differences(previous_directories, new_directories): diff --git a/stem/descriptor/router_status_entry.py b/stem/descriptor/router_status_entry.py index a30ad0f..cc6c659 100644 --- a/stem/descriptor/router_status_entry.py +++ b/stem/descriptor/router_status_entry.py @@ -477,6 +477,9 @@ class RouterStatusEntry(Descriptor): return method(str(self).strip(), str(other).strip()) + def __hash__(self): + return hash(str(self).strip()) + def __eq__(self, other): return self._compare(other, lambda s, o: s == o) @@ -520,6 +523,9 @@ class RouterStatusEntryV2(RouterStatusEntry): return method(str(self).strip(), str(other).strip()) + def __hash__(self): + return hash(str(self).strip()) + def __eq__(self, other): return self._compare(other, lambda s, o: s == o) @@ -604,6 +610,9 @@ class RouterStatusEntryV3(RouterStatusEntry): return method(str(self).strip(), str(other).strip()) + def __hash__(self): + return hash(str(self).strip()) + def __eq__(self, other): return self._compare(other, lambda s, o: s == o) @@ -664,6 +673,9 @@ class RouterStatusEntryMicroV3(RouterStatusEntry): return method(str(self).strip(), str(other).strip()) + def __hash__(self): + return hash(str(self).strip()) + def __eq__(self, other): return self._compare(other, lambda s, o: s == o) diff --git a/stem/exit_policy.py b/stem/exit_policy.py index c630608..a0b3064 100644 --- a/stem/exit_policy.py +++ b/stem/exit_policy.py @@ -70,6 +70,7 @@ from __future__ import absolute_import import socket import zlib +import stem import stem.prereq import stem.util.connection import stem.util.enum @@ -519,10 +520,7 @@ class ExitPolicy(object): return self._hash def __eq__(self, other): - if isinstance(other, ExitPolicy): - return self._get_rules() == list(other) - else: - return False + return hash(self) == hash(other) if isinstance(other, ExitPolicy) else False def __ne__(self, other): return not self == other @@ -605,10 +603,7 @@ class MicroExitPolicy(ExitPolicy): return hash(str(self)) def __eq__(self, other): - if isinstance(other, MicroExitPolicy): - return str(self) == str(other) - else: - return False + return hash(self) == hash(other) if isinstance(other, MicroExitPolicy) else False def __ne__(self, other): return not self == other @@ -903,25 +898,6 @@ class ExitPolicyRule(object): return label - def __hash__(self): - if self._hash is None: - my_hash = 0 - - for attr in ('is_accept', 'address', 'min_port', 'max_port'): - my_hash *= 1024 - - attr_value = getattr(self, attr) - - if attr_value is not None: - my_hash += hash(attr_value) - - my_hash *= 1024 - my_hash += hash(self.get_mask(False)) - - self._hash = my_hash - - return self._hash - @lru_cache() def _get_mask_bin(self): # provides an integer representation of our mask @@ -1036,16 +1012,14 @@ class ExitPolicyRule(object): else: raise ValueError("Port value isn't a wildcard, integer, or range: %s" % rule) - def __eq__(self, other): - if isinstance(other, ExitPolicyRule): - # Our string representation encompasses our effective policy. Technically - # this isn't quite right since our rule attribute may differ (ie, 'accept - # 0.0.0.0/0' == 'accept 0.0.0.0/0.0.0.0' will be True), but these - # policies are effectively equivalent. + def __hash__(self): + if self._hash is None: + self._hash = stem._hash_attr(self, 'is_accept', 'address', 'min_port', 'max_port') * 1024 + hash(self.get_mask(False)) - return hash(self) == hash(other) - else: - return False + return self._hash + + def __eq__(self, other): + return hash(self) == hash(other) if isinstance(other, ExitPolicyRule) else False def __ne__(self, other): return not self == other @@ -1086,19 +1060,15 @@ class MicroExitPolicyRule(ExitPolicyRule): def __hash__(self): if self._hash is None: - my_hash = 0 + self._hash = stem._hash_attr(self, 'is_accept', 'min_port', 'max_port') - for attr in ('is_accept', 'min_port', 'max_port'): - my_hash *= 1024 - - attr_value = getattr(self, attr) - - if attr_value is not None: - my_hash += hash(attr_value) + return self._hash - self._hash = my_hash + def __eq__(self, other): + return hash(self) == hash(other) if isinstance(other, MicroExitPolicyRule) else False - return self._hash + def __ne__(self, other): + return not self == other DEFAULT_POLICY_RULES = tuple([ExitPolicyRule(rule) for rule in ( diff --git a/stem/manual.py b/stem/manual.py index 1e2a5e1..fe83487 100644 --- a/stem/manual.py +++ b/stem/manual.py @@ -52,6 +52,7 @@ import shutil import sys import tempfile +import stem import stem.prereq import stem.util.conf import stem.util.enum @@ -110,15 +111,11 @@ class ConfigOption(object): self.summary = summary self.description = description - def __eq__(self, other): - if not isinstance(other, ConfigOption): - return False - - for attr in ('name', 'category', 'usage', 'summary', 'description'): - if getattr(self, attr) != getattr(other, attr): - return False + def __hash__(self): + return stem._hash_attr(self, 'name', 'category', 'usage', 'summary', 'description') - return True + def __eq__(self, other): + return hash(self) == hash(other) if isinstance(other, ConfigOption) else False def __ne__(self, other): return not self == other @@ -470,15 +467,11 @@ class Manual(object): conf.save(path) - def __eq__(self, other): - if not isinstance(other, Manual): - return False - - for attr in ('name', 'synopsis', 'description', 'commandline_options', 'signals', 'files', 'config_options'): - if getattr(self, attr) != getattr(other, attr): - return False + def __hash__(self): + return stem._hash_attr(self, 'name', 'synopsis', 'description', 'commandline_options', 'signals', 'files', 'config_options') - return True + def __eq__(self, other): + return hash(self) == hash(other) if isinstance(other, Manual) else False def __ne__(self, other): return not self == other diff --git a/stem/response/events.py b/stem/response/events.py index 35cc98f..22adc25 100644 --- a/stem/response/events.py +++ b/stem/response/events.py @@ -413,6 +413,9 @@ class CircuitEvent(Event): return True + def __hash__(self): + return hash(str(self).strip()) + def __eq__(self, other): return self._compare(other, lambda s, o: s == o) diff --git a/stem/version.py b/stem/version.py index 2dbcff2..de4a784 100644 --- a/stem/version.py +++ b/stem/version.py @@ -72,6 +72,7 @@ easily parsed and compared, for instance... import os import re +import stem import stem.util.enum import stem.util.system @@ -232,6 +233,12 @@ class Version(object): return method(my_status, other_status) + def __hash__(self): + if self._hash is None: + self._hash = stem._hash_attr(self, 'major', 'minor', 'micro', 'patch', 'status') + + return self._hash + def __eq__(self, other): return self._compare(other, lambda s, o: s == o) @@ -264,22 +271,6 @@ class Version(object): return self._compare(other, lambda s, o: s >= o) - def __hash__(self): - if self._hash is None: - my_hash = 0 - - for attr in ('major', 'minor', 'micro', 'patch', 'status'): - my_hash *= 1024 - - attr_value = getattr(self, attr) - - if attr_value is not None: - my_hash += hash(attr_value) - - self._hash = my_hash - - return self._hash - class _VersionRequirements(object): """ diff --git a/test/unit/descriptor/remote.py b/test/unit/descriptor/remote.py index 8193cc3..95fd6a7 100644 --- a/test/unit/descriptor/remote.py +++ b/test/unit/descriptor/remote.py @@ -167,6 +167,10 @@ class TestDescriptorDownloader(unittest.TestCase): self.assertEqual(1, len(list(query))) self.assertEqual(1, len(list(query))) + def test_using_authorities_in_hash(self): + # ensure our DirectoryAuthority instances can be used in hashes + {stem.descriptor.remote.get_authorities()['moria1']: 'hello'} + def test_fallback_directories_from_cache(self): # quick sanity test that we can load cached content fallback_directories = stem.descriptor.remote.FallbackDirectory.from_cache()

1 0