r19694@catbus: nickm | 2008-05-12 00:21:37 -0400

 Add unit tests for last patch; make it more testable; fix a bug or two.


svn:r14586

src/or/dirvote.c

@@ -458,7 +458,9 @@ char *
 networkstatus_compute_consensus(smartlist_t *votes,
                                 int total_authorities,
                                 crypto_pk_env_t *identity_key,
-                                crypto_pk_env_t *signing_key)
+                                crypto_pk_env_t *signing_key,
+                                const char *legacy_id_key_digest,
+                                crypto_pk_env_t *legacy_signing_key)
 {
   smartlist_t *chunks;
   char *result = NULL;
@@ -623,7 +625,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
         e_legacy->v = v;
         e_legacy->digest = get_voter(v)->legacy_id_digest;
         e_legacy->is_legacy = 1;
-        smartlist_add(dir_sources, e);
+        smartlist_add(dir_sources, e_legacy);
       }
     });
     smartlist_sort(dir_sources, _compare_dir_src_ents_by_authority_id);
@@ -963,16 +965,16 @@ networkstatus_compute_consensus(smartlist_t *votes,
     }
     smartlist_add(chunks, tor_strdup(buf));
 
-    if (get_options()->V3AuthUseLegacyKey && consensus_method >= 3) {
-      crypto_pk_env_t *legacy_key = get_my_v3_legacy_signing_key();
-      authority_cert_t *legacy_cert = get_my_v3_legacy_cert();
+    if (legacy_id_key_digest && legacy_signing_key && consensus_method >= 3) {
       smartlist_add(chunks, tor_strdup("directory-signature "));
-      crypto_pk_get_fingerprint(legacy_cert->identity_key, fingerprint, 0);
-      crypto_pk_get_fingerprint(legacy_key, signing_key_fingerprint, 0);
+      base16_encode(fingerprint, sizeof(fingerprint),
+                    legacy_id_key_digest, DIGEST_LEN);
+      crypto_pk_get_fingerprint(legacy_signing_key,
+                                signing_key_fingerprint, 0);
       tor_snprintf(buf, sizeof(buf), "%s %s\n", fingerprint,
                    signing_key_fingerprint);
       if (router_append_dirobj_signature(buf, sizeof(buf), digest,
-                                         signing_key)) {
+                                         legacy_signing_key)) {
         log_warn(LD_BUG, "Couldn't sign consensus networkstatus.");
         return NULL; /* This leaks, but it should never happen. */
       }
@@ -1751,10 +1753,23 @@ dirvote_compute_consensus(void)
   SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, v,
                     smartlist_add(votes, v->vote));
 
-  consensus_body = networkstatus_compute_consensus(
+  {
+    char legacy_dbuf[DIGEST_LEN];
+    crypto_pk_env_t *legacy_sign=NULL;
+    char *legacy_id_digest = NULL;
+    if (get_options()->V3AuthUseLegacyKey) {
+      authority_cert_t *cert = get_my_v3_legacy_cert();
+      legacy_sign = get_my_v3_legacy_signing_key();
+      if (cert) {
+        crypto_pk_get_digest(cert->identity_key, legacy_dbuf);
+        legacy_id_digest = legacy_dbuf;
+      }
+    }
+    consensus_body = networkstatus_compute_consensus(
         votes, n_voters,
         my_cert->identity_key,
-        get_my_v3_authority_signing_key());
+        get_my_v3_authority_signing_key(), legacy_id_digest, legacy_sign);
+  }
   if (!consensus_body) {
     log_warn(LD_DIR, "Couldn't generate a consensus at all!");
     goto err;

src/or/or.h

@@ -3195,7 +3195,9 @@ void dirvote_free_all(void);
 char *networkstatus_compute_consensus(smartlist_t *votes,
                                       int total_authorities,
                                       crypto_pk_env_t *identity_key,
-                                      crypto_pk_env_t *signing_key);
+                                      crypto_pk_env_t *signing_key,
+                                      const char *legacy_identity_key_digest,
+                                      crypto_pk_env_t *legacy_signing_key);
 int networkstatus_add_detached_signatures(networkstatus_t *target,
                                           ns_detached_signatures_t *sigs,
                                           const char **msg_out);

src/or/routerlist.c

@@ -296,6 +296,7 @@ authority_cert_get_newest_by_id(const char *id_digest)
   if (!trusted_dir_certs ||
       !(cl = digestmap_get(trusted_dir_certs, id_digest)))
     return NULL;
+
   SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
   {
     if (!best || cert->cache_info.published_on > best->cache_info.published_on)
@@ -310,9 +311,17 @@ authority_cert_get_newest_by_id(const char *id_digest)
 authority_cert_t *
 authority_cert_get_by_sk_digest(const char *sk_digest)
 {
+  authority_cert_t *c;
   if (!trusted_dir_certs)
     return NULL;
 
+  if ((c = get_my_v3_authority_cert()) &&
+      !memcmp(c->signing_key_digest, sk_digest, DIGEST_LEN))
+    return c;
+  if ((c = get_my_v3_legacy_cert()) &&
+      !memcmp(c->signing_key_digest, sk_digest, DIGEST_LEN))
+    return c;
+
   DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
     SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
     {

src/or/test.c

@@ -2809,6 +2809,7 @@ test_v3_networkstatus(void)
 {
   authority_cert_t *cert1, *cert2, *cert3;
   crypto_pk_env_t *sign_skey_1, *sign_skey_2, *sign_skey_3;
+  crypto_pk_env_t *sign_skey_leg1;
 
   time_t now = time(NULL);
   networkstatus_voter_info_t *voter;
@@ -2828,7 +2829,8 @@ test_v3_networkstatus(void)
   sign_skey_1 = crypto_new_pk_env();
   sign_skey_2 = crypto_new_pk_env();
   sign_skey_3 = crypto_new_pk_env();
-
+  sign_skey_leg1 = pk_generate(4);
+  
   test_assert(!crypto_pk_read_private_key_from_string(sign_skey_1,
                                                       AUTHORITY_SIGNKEY_1));
   test_assert(!crypto_pk_read_private_key_from_string(sign_skey_2,
@@ -2850,6 +2852,8 @@ test_v3_networkstatus(void)
   vote->valid_until = now+3000;
   vote->vote_seconds = 100;
   vote->dist_seconds = 200;
+  vote->supported_methods = smartlist_create();
+  smartlist_split_string(vote->supported_methods, "1 2 3", NULL, 0, -1);
   vote->client_versions = tor_strdup("0.1.2.14,0.1.2.15");
   vote->server_versions = tor_strdup("0.1.2.14,0.1.2.15,0.1.2.16");
   vote->known_flags = smartlist_create();
@@ -3014,6 +3018,7 @@ test_v3_networkstatus(void)
   vote->dist_seconds = 250;
   authority_cert_free(vote->cert);
   vote->cert = authority_cert_dup(cert3);
+  smartlist_add(vote->supported_methods, tor_strdup("4"));
   vote->client_versions = tor_strdup("0.1.2.14,0.1.2.17");
   vote->server_versions = tor_strdup("0.1.2.10,0.1.2.15,0.1.2.16");
   voter = smartlist_get(vote->voters, 0);
@@ -3023,6 +3028,8 @@ test_v3_networkstatus(void)
   voter->address = tor_strdup("3.4.5.6");
   voter->addr = 0x03040506;
   crypto_pk_get_digest(cert3->identity_key, voter->identity_digest);
+  /* This one has a legacy id. */
+  memset(voter->legacy_id_digest, (int)'A', DIGEST_LEN);
   vrs = smartlist_get(vote->routerstatus_list, 0);
   smartlist_del_keeporder(vote->routerstatus_list, 0);
   tor_free(vrs->version);
@@ -3042,7 +3049,9 @@ test_v3_networkstatus(void)
   smartlist_add(votes, v2);
   consensus_text = networkstatus_compute_consensus(votes, 3,
                                                    cert3->identity_key,
-                                                   sign_skey_3);
+                                                   sign_skey_3,
+                                                   "AAAAAAAAAAAAAAAAAAAA",
+                                                   sign_skey_leg1);
   test_assert(consensus_text);
   con = networkstatus_parse_vote_from_string(consensus_text, NULL, 0);
   test_assert(con);
@@ -3063,17 +3072,17 @@ test_v3_networkstatus(void)
   test_streq(cp, "Authority:Exit:Fast:Guard:MadeOfCheese:MadeOfTin:"
              "Running:Stable:V2Dir:Valid");
   tor_free(cp);
-  test_eq(3, smartlist_len(con->voters));
+  test_eq(4, smartlist_len(con->voters)); /*3 voters, 1 legacy key.*/
   /* The voter id digests should be in this order. */
   test_assert(memcmp(cert2->cache_info.identity_digest,
                      cert3->cache_info.identity_digest,DIGEST_LEN)<0);
   test_assert(memcmp(cert3->cache_info.identity_digest,
                      cert1->cache_info.identity_digest,DIGEST_LEN)<0);
-  test_same_voter(smartlist_get(con->voters, 0),
-                  smartlist_get(v2->voters, 0));
   test_same_voter(smartlist_get(con->voters, 1),
-                  smartlist_get(v3->voters, 0));
+                  smartlist_get(v2->voters, 0));
   test_same_voter(smartlist_get(con->voters, 2),
+                  smartlist_get(v3->voters, 0));
+  test_same_voter(smartlist_get(con->voters, 3),
                   smartlist_get(v1->voters, 0));
 
   test_assert(!con->cert);
@@ -3119,19 +3128,19 @@ test_v3_networkstatus(void)
   test_assert(!rs->is_named);
   /* XXXX check version */
 
-  /* Check signatures.  the first voter hasn't got one.  The second one
-   * does: validate it. */
-  voter = smartlist_get(con->voters, 0);
+  /* Check signatures.  the first voter is pseudo.  The second one hasn't
+     signed.  The third one has signed: validate it. */
+  voter = smartlist_get(con->voters, 1);
   test_assert(!voter->signature);
   test_assert(!voter->good_signature);
   test_assert(!voter->bad_signature);
 
-  voter = smartlist_get(con->voters, 1);
+  voter = smartlist_get(con->voters, 2);
   test_assert(voter->signature);
   test_assert(!voter->good_signature);
   test_assert(!voter->bad_signature);
   test_assert(!networkstatus_check_voter_signature(con,
-                                               smartlist_get(con->voters, 1),
+                                               smartlist_get(con->voters, 2),
                                                cert3));
   test_assert(voter->signature);
   test_assert(voter->good_signature);
@@ -3147,11 +3156,11 @@ test_v3_networkstatus(void)
     smartlist_shuffle(votes);
     consensus_text2 = networkstatus_compute_consensus(votes, 3,
                                                       cert2->identity_key,
-                                                      sign_skey_2);
+                                                      sign_skey_2, NULL,NULL);
     smartlist_shuffle(votes);
     consensus_text3 = networkstatus_compute_consensus(votes, 3,
                                                       cert1->identity_key,
-                                                      sign_skey_1);
+                                                      sign_skey_1, NULL,NULL);
     test_assert(consensus_text2);
     test_assert(consensus_text3);
     con2 = networkstatus_parse_vote_from_string(consensus_text2, NULL, 0);
@@ -3208,10 +3217,10 @@ test_v3_networkstatus(void)
     test_eq(2, networkstatus_add_detached_signatures(con, dsig2, &msg));
     /* Check signatures */
     test_assert(!networkstatus_check_voter_signature(con,
-                                               smartlist_get(con->voters, 0),
+                                               smartlist_get(con->voters, 1),
                                                cert2));
     test_assert(!networkstatus_check_voter_signature(con,
-                                               smartlist_get(con->voters, 2),
+                                               smartlist_get(con->voters, 3),
                                                cert1));
 
     networkstatus_vote_free(con2);