[doctor/master] Check that authority reveal values match all votes - tor-commits

18 Jan 2017

commit 5f86ba53a41fc0ffedfc53a21f5534182286a3f7
Author: Damian Johnson atagar@torproject.org
Date:   Tue Jan 17 10:52:16 2017 -0800
Check that authority reveal values match all votes
Second check requested on https://trac.torproject.org/projects/tor/ticket/17434
---
 consensus_health_checker.py | 46 ++++++++++++++++++++++++++++++++++++++-------
 data/consensus_health.cfg   |  5 ++++-
 2 files changed, 43 insertions(+), 8 deletions(-)

diff --git a/consensus_health_checker.py b/consensus_health_checker.py
index cca1099..5deb8b1 100755
--- a/consensus_health_checker.py
+++ b/consensus_health_checker.py
@@ -325,7 +325,8 @@ def run_checks(consensuses, votes):
     bad_exits_in_sync,
     bandwidth_authorities_in_sync,
     is_orport_reachable,
-    shared_random_commitment_mismatch,
+    shared_random_commit_partitioning,
+    shared_random_reveal_partitioning,
   )
all_issues = []
@@ -746,15 +747,13 @@ def is_orport_reachable(latest_consensus, consensuses, votes):
   return issues
-def shared_random_commitment_mismatch(latest_consensus, consensuses, votes):
+def shared_random_commit_partitioning(latest_consensus, consensuses, votes):
   """
   Check that each authority's commitment matches the votes from other
-  authorities.
+  authorities during the commit phase. The commit phase is 0:00 to 12:00 UTC
+  and this just checks near the end of that.
   """
-  # Check is for the commit phase which is 0:00 to 12:00 UTC. Just gonna check
-  # near the end of that.
-
   utc_hour = datetime.datetime.utcnow().hour
if utc_hour < 8 or utc_hour >= 12:
@@ -771,7 +770,40 @@ def shared_random_commitment_mismatch(latest_consensus, consensuses, votes):
   for authority, vote in votes.items():
     for commitment in vote.directory_authorities[0].shared_randomness_commitments:
       if commitment.commit != self_commitments[commitment.identity]:
-        issues.append(Issue(Runlevel.WARNING, 'SHARED_RANDOM_COMMITMENT_MISMATCH', authority = authority.nickname, their_v3ident = commitment.identity, our_value = commitment.commit, their_value = self_commitments[commitment.identity], to = [authority]))
+        issues.append(Issue(Runlevel.WARNING, 'SHARED_RANDOM_COMMITMENT_MISMATCH', authority = authority, their_v3ident = commitment.identity, our_value = commitment.commit, their_value = self_commitments[commitment.identity], to = [authority]))
+
+def shared_random_reveal_partitioning(latest_consensus, consensuses, votes):
+  """
+  Check that each authority's vote has all commitments during the reveal phase.
+  The reveal phase is 12:00 to 0:00 UTC and this just checks near the end of
+  that.
+  """
+
+  utc_hour = datetime.datetime.utcnow().hour
+
+  if utc_hour < 20:
+    return
+
+  issues = []
+  self_reveals = {}
+
+  for authority, vote in votes.items():
+    our_v3ident = DIRECTORY_AUTHORITIES[authority].v3ident
+    our_reveal = [c.reveal for c in vote.directory_authorities[0].shared_randomness_commitments if c.identity == our_v3ident][0]
+    self_reveals[our_v3ident] = our_reveal
+
+  for authority, vote in votes.items():
+    commitments = vote.directory_authorities[0].shared_randomness_commitments
+
+    for v3ident, reveal in self_reveals.items():
+      matches = [c.reveal for c in commitments if c.identity == v3ident]
+
+      if len(matches) == 0:
+        issues.append(Issue(Runlevel.WARNING, 'SHARED_RANDOM_REVEAL_MISSING', authority = authority, their_v3ident = v3ident, their_value = reveal, to = [authority]))
+      elif len(matches) > 0:
+        issues.append(Issue(Runlevel.WARNING, 'SHARED_RANDOM_REVEAL_DUPLICATED', authority = authority, their_v3ident = v3ident, to = [authority]))
+      elif matches[0] != reveal:
+        issues.append(Issue(Runlevel.WARNING, 'SHARED_RANDOM_REVEAL_MISMATCH', authority = authority, their_v3ident = v3ident, our_value = matches[0], their_value = reveal, to = [authority]))
def get_consensuses():
   """
diff --git a/data/consensus_health.cfg b/data/consensus_health.cfg
index 5eb5931..795bd9a 100644
--- a/data/consensus_health.cfg
+++ b/data/consensus_health.cfg
@@ -20,7 +20,10 @@ msg BADEXIT_OUT_OF_SYNC => Authorities disagree about the BadExit flag for {fing
 msg BANDWIDTH_AUTHORITIES_OUT_OF_SYNC => Bandwidth authorities have a substantially different number of measured entries: {authorities}
 msg AUTHORITY_UNAVAILABLE => Unable to retrieve the {fetch_type} from {authority} ({url}): {error}
 msg UNABLE_TO_REACH_ORPORT => Unable to reach the ORPort of {authority} ({address}, port {port}): {error}
-msg SHARED_RANDOM_COMMITMENT_MISMATCH => Shared randomness commitment we report for {their_v3ident} doesn't match their actual value (ours: {our_value}, theirs: {their_value})
+msg SHARED_RANDOM_COMMITMENT_MISMATCH => Shared randomness commitment {authority} reported for {their_v3ident} doesn't match their actual value ({authority}: {our_value}, theirs: {their_value})
+msg SHARED_RANDOM_REVEAL_MISSING => During the reveal phase the vote from {authority} lacked a shared random value for {their_v3ident}, which should be {their_value}
+msg SHARED_RANDOM_REVEAL_DUPLICATED => During the reveal phase the vote from {authority} reported multiple commitments for {their_v3ident}
+msg SHARED_RANDOM_REVEAL_MISMATCH => During the reveal phase the vote from {authority} had a reveal value for {their_v3ident} that mismatched theirs ({authority}: {our_value}, theirs: {their_value})
# hours that we'll suppress messages if it hasn't changed

    