test_shared_random.c 50 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436
  1. /* Copyright (c) 2016-2018, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. #define SHARED_RANDOM_PRIVATE
  4. #define SHARED_RANDOM_STATE_PRIVATE
  5. #define CONFIG_PRIVATE
  6. #define DIRVOTE_PRIVATE
  7. #include "core/or/or.h"
  8. #include "test/test.h"
  9. #include "app/config/config.h"
  10. #include "lib/crypt_ops/crypto_rand.h"
  11. #include "feature/dirauth/dirvote.h"
  12. #include "feature/dirauth/shared_random.h"
  13. #include "feature/dirauth/shared_random_state.h"
  14. #include "test/log_test_helpers.h"
  15. #include "feature/nodelist/networkstatus.h"
  16. #include "feature/relay/router.h"
  17. #include "feature/relay/routerkeys.h"
  18. #include "feature/nodelist/authcert.h"
  19. #include "feature/nodelist/dirlist.h"
  20. #include "feature/dirparse/authcert_parse.h"
  21. #include "feature/hs_common/shared_random_client.h"
  22. #include "feature/dircommon/voting_schedule.h"
  23. #include "feature/dirclient/dir_server_st.h"
  24. #include "feature/nodelist/networkstatus_st.h"
  25. #include "app/config/or_state_st.h"
  26. #ifdef HAVE_SYS_STAT_H
  27. #include <sys/stat.h>
  28. #endif
  29. #ifdef _WIN32
  30. /* For mkdir */
  31. #include <direct.h>
  32. #endif
  33. static authority_cert_t *mock_cert;
  34. static authority_cert_t *
  35. get_my_v3_authority_cert_m(void)
  36. {
  37. tor_assert(mock_cert);
  38. return mock_cert;
  39. }
  40. static dir_server_t ds;
  41. static dir_server_t *
  42. trusteddirserver_get_by_v3_auth_digest_m(const char *digest)
  43. {
  44. (void) digest;
  45. /* The shared random code only need to know if a valid pointer to a dir
  46. * server object has been found so this is safe because it won't use the
  47. * pointer at all never. */
  48. return &ds;
  49. }
  50. /* Setup a minimal dirauth environment by initializing the SR state and
  51. * making sure the options are set to be an authority directory. */
  52. static void
  53. init_authority_state(void)
  54. {
  55. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  56. or_options_t *options = get_options_mutable();
  57. mock_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  58. tt_assert(mock_cert);
  59. options->AuthoritativeDir = 1;
  60. tt_int_op(load_ed_keys(options, time(NULL)), OP_GE, 0);
  61. sr_state_init(0, 0);
  62. /* It's possible a commit has been generated in our state depending on
  63. * the phase we are currently in which uses "now" as the starting
  64. * timestamp. Delete it before we do any testing below. */
  65. sr_state_delete_commits();
  66. done:
  67. UNMOCK(get_my_v3_authority_cert);
  68. }
  69. static void
  70. test_get_sr_protocol_phase(void *arg)
  71. {
  72. time_t the_time;
  73. sr_phase_t phase;
  74. int retval;
  75. (void) arg;
  76. /* Initialize SR state */
  77. init_authority_state();
  78. {
  79. retval = parse_rfc1123_time("Wed, 20 Apr 2015 23:59:00 UTC", &the_time);
  80. tt_int_op(retval, OP_EQ, 0);
  81. phase = get_sr_protocol_phase(the_time);
  82. tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL);
  83. }
  84. {
  85. retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:00 UTC", &the_time);
  86. tt_int_op(retval, OP_EQ, 0);
  87. phase = get_sr_protocol_phase(the_time);
  88. tt_int_op(phase, OP_EQ, SR_PHASE_COMMIT);
  89. }
  90. {
  91. retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:01 UTC", &the_time);
  92. tt_int_op(retval, OP_EQ, 0);
  93. phase = get_sr_protocol_phase(the_time);
  94. tt_int_op(phase, OP_EQ, SR_PHASE_COMMIT);
  95. }
  96. {
  97. retval = parse_rfc1123_time("Wed, 20 Apr 2015 11:59:00 UTC", &the_time);
  98. tt_int_op(retval, OP_EQ, 0);
  99. phase = get_sr_protocol_phase(the_time);
  100. tt_int_op(phase, OP_EQ, SR_PHASE_COMMIT);
  101. }
  102. {
  103. retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:00 UTC", &the_time);
  104. tt_int_op(retval, OP_EQ, 0);
  105. phase = get_sr_protocol_phase(the_time);
  106. tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL);
  107. }
  108. {
  109. retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:01 UTC", &the_time);
  110. tt_int_op(retval, OP_EQ, 0);
  111. phase = get_sr_protocol_phase(the_time);
  112. tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL);
  113. }
  114. {
  115. retval = parse_rfc1123_time("Wed, 20 Apr 2015 13:00:00 UTC", &the_time);
  116. tt_int_op(retval, OP_EQ, 0);
  117. phase = get_sr_protocol_phase(the_time);
  118. tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL);
  119. }
  120. done:
  121. ;
  122. }
  123. static networkstatus_t mock_consensus;
  124. /* Mock function to immediately return our local 'mock_consensus'. */
  125. static networkstatus_t *
  126. mock_networkstatus_get_live_consensus(time_t now)
  127. {
  128. (void) now;
  129. return &mock_consensus;
  130. }
  131. static void
  132. test_get_state_valid_until_time(void *arg)
  133. {
  134. time_t current_time;
  135. time_t valid_until_time;
  136. char tbuf[ISO_TIME_LEN + 1];
  137. int retval;
  138. (void) arg;
  139. MOCK(networkstatus_get_live_consensus,
  140. mock_networkstatus_get_live_consensus);
  141. retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC",
  142. &mock_consensus.fresh_until);
  143. tt_int_op(retval, OP_EQ, 0);
  144. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  145. &mock_consensus.valid_after);
  146. tt_int_op(retval, OP_EQ, 0);
  147. {
  148. /* Get the valid until time if called at 00:00:01 */
  149. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
  150. &current_time);
  151. tt_int_op(retval, OP_EQ, 0);
  152. voting_schedule_recalculate_timing(get_options(), current_time);
  153. valid_until_time = get_state_valid_until_time(current_time);
  154. /* Compare it with the correct result */
  155. format_iso_time(tbuf, valid_until_time);
  156. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  157. }
  158. {
  159. retval = parse_rfc1123_time("Mon, 20 Apr 2015 19:22:00 UTC",
  160. &current_time);
  161. tt_int_op(retval, OP_EQ, 0);
  162. voting_schedule_recalculate_timing(get_options(), current_time);
  163. valid_until_time = get_state_valid_until_time(current_time);
  164. format_iso_time(tbuf, valid_until_time);
  165. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  166. }
  167. {
  168. retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:59:00 UTC",
  169. &current_time);
  170. tt_int_op(retval, OP_EQ, 0);
  171. voting_schedule_recalculate_timing(get_options(), current_time);
  172. valid_until_time = get_state_valid_until_time(current_time);
  173. format_iso_time(tbuf, valid_until_time);
  174. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  175. }
  176. {
  177. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  178. &current_time);
  179. tt_int_op(retval, OP_EQ, 0);
  180. voting_schedule_recalculate_timing(get_options(), current_time);
  181. valid_until_time = get_state_valid_until_time(current_time);
  182. format_iso_time(tbuf, valid_until_time);
  183. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  184. }
  185. done:
  186. UNMOCK(networkstatus_get_live_consensus);
  187. }
  188. /** Test the function that calculates the start time of the current SRV
  189. * protocol run. */
  190. static void
  191. test_get_start_time_of_current_run(void *arg)
  192. {
  193. int retval;
  194. char tbuf[ISO_TIME_LEN + 1];
  195. time_t current_time, run_start_time;
  196. (void) arg;
  197. MOCK(networkstatus_get_live_consensus,
  198. mock_networkstatus_get_live_consensus);
  199. retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC",
  200. &mock_consensus.fresh_until);
  201. tt_int_op(retval, OP_EQ, 0);
  202. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  203. &mock_consensus.valid_after);
  204. tt_int_op(retval, OP_EQ, 0);
  205. {
  206. /* Get start time if called at 00:00:01 */
  207. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
  208. &current_time);
  209. tt_int_op(retval, OP_EQ, 0);
  210. voting_schedule_recalculate_timing(get_options(), current_time);
  211. run_start_time = sr_state_get_start_time_of_current_protocol_run();
  212. /* Compare it with the correct result */
  213. format_iso_time(tbuf, run_start_time);
  214. tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf);
  215. }
  216. {
  217. retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:59:59 UTC",
  218. &current_time);
  219. tt_int_op(retval, OP_EQ, 0);
  220. voting_schedule_recalculate_timing(get_options(), current_time);
  221. run_start_time = sr_state_get_start_time_of_current_protocol_run();
  222. /* Compare it with the correct result */
  223. format_iso_time(tbuf, run_start_time);
  224. tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf);
  225. }
  226. {
  227. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  228. &current_time);
  229. tt_int_op(retval, OP_EQ, 0);
  230. voting_schedule_recalculate_timing(get_options(), current_time);
  231. run_start_time = sr_state_get_start_time_of_current_protocol_run();
  232. /* Compare it with the correct result */
  233. format_iso_time(tbuf, run_start_time);
  234. tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf);
  235. }
  236. {
  237. /* We want the local time to be past midnight, but the current consensus to
  238. * have valid-after 23:00 (e.g. this can happen if we fetch a new consensus
  239. * at 00:08 before dircaches have a chance to get the midnight consensus).
  240. *
  241. * Basically, we want to cause a desynch between ns->valid_after (23:00)
  242. * and the voting_schedule.interval_starts (01:00), to make sure that
  243. * sr_state_get_start_time_of_current_protocol_run() handles it gracefully:
  244. * It should actually follow the local consensus time and not the voting
  245. * schedule (which is designed for authority voting purposes). */
  246. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  247. &mock_consensus.fresh_until);
  248. tt_int_op(retval, OP_EQ, 0);
  249. retval = parse_rfc1123_time("Mon, 19 Apr 2015 23:00:00 UTC",
  250. &mock_consensus.valid_after);
  251. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:08:00 UTC",
  252. &current_time);
  253. tt_int_op(retval, OP_EQ, 0);
  254. update_approx_time(current_time);
  255. voting_schedule_recalculate_timing(get_options(), current_time);
  256. run_start_time = sr_state_get_start_time_of_current_protocol_run();
  257. /* Compare it with the correct result */
  258. format_iso_time(tbuf, run_start_time);
  259. tt_str_op("2015-04-19 00:00:00", OP_EQ, tbuf);
  260. /* Check that voting_schedule.interval_starts is at 01:00 (see above) */
  261. time_t interval_starts = voting_schedule_get_next_valid_after_time();
  262. format_iso_time(tbuf, interval_starts);
  263. tt_str_op("2015-04-20 01:00:00", OP_EQ, tbuf);
  264. }
  265. /* Next test is testing it without a consensus to use the testing voting
  266. * interval . */
  267. UNMOCK(networkstatus_get_live_consensus);
  268. /* Now let's alter the voting schedule and check the correctness of the
  269. * function. Voting interval of 10 seconds, means that an SRV protocol run
  270. * takes 10 seconds * 24 rounds = 4 mins */
  271. {
  272. or_options_t *options = get_options_mutable();
  273. options->V3AuthVotingInterval = 10;
  274. options->TestingV3AuthInitialVotingInterval = 10;
  275. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:15:32 UTC",
  276. &current_time);
  277. tt_int_op(retval, OP_EQ, 0);
  278. voting_schedule_recalculate_timing(get_options(), current_time);
  279. run_start_time = sr_state_get_start_time_of_current_protocol_run();
  280. /* Compare it with the correct result */
  281. format_iso_time(tbuf, run_start_time);
  282. tt_str_op("2015-04-20 00:12:00", OP_EQ, tbuf);
  283. }
  284. done:
  285. ;
  286. }
  287. /** Do some rudimentary consistency checks between the functions that
  288. * understand the shared random protocol schedule */
  289. static void
  290. test_get_start_time_functions(void *arg)
  291. {
  292. (void) arg;
  293. int retval;
  294. MOCK(networkstatus_get_live_consensus,
  295. mock_networkstatus_get_live_consensus);
  296. retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC",
  297. &mock_consensus.fresh_until);
  298. tt_int_op(retval, OP_EQ, 0);
  299. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  300. &mock_consensus.valid_after);
  301. tt_int_op(retval, OP_EQ, 0);
  302. time_t now = mock_consensus.valid_after;
  303. voting_schedule_recalculate_timing(get_options(), now);
  304. time_t start_time_of_protocol_run =
  305. sr_state_get_start_time_of_current_protocol_run();
  306. tt_assert(start_time_of_protocol_run);
  307. /* Check that the round start time of the beginning of the run, is itself */
  308. tt_int_op(get_start_time_of_current_round(), OP_EQ,
  309. start_time_of_protocol_run);
  310. done:
  311. UNMOCK(networkstatus_get_live_consensus);
  312. }
  313. static void
  314. test_get_sr_protocol_duration(void *arg)
  315. {
  316. (void) arg;
  317. /* Check that by default an SR phase is 12 hours */
  318. tt_int_op(sr_state_get_phase_duration(), OP_EQ, 12*60*60);
  319. tt_int_op(sr_state_get_protocol_run_duration(), OP_EQ, 24*60*60);
  320. /* Now alter the voting interval and check that the SR phase is 2 mins long
  321. * if voting happens every 10 seconds (10*12 seconds = 2 mins) */
  322. or_options_t *options = get_options_mutable();
  323. options->V3AuthVotingInterval = 10;
  324. tt_int_op(sr_state_get_phase_duration(), OP_EQ, 2*60);
  325. tt_int_op(sr_state_get_protocol_run_duration(), OP_EQ, 4*60);
  326. done: ;
  327. }
  328. /* In this test we are going to generate a sr_commit_t object and validate
  329. * it. We first generate our values, and then we parse them as if they were
  330. * received from the network. After we parse both the commit and the reveal,
  331. * we verify that they indeed match. */
  332. static void
  333. test_sr_commit(void *arg)
  334. {
  335. authority_cert_t *auth_cert = NULL;
  336. time_t now = time(NULL);
  337. sr_commit_t *our_commit = NULL;
  338. smartlist_t *args = smartlist_new();
  339. sr_commit_t *parsed_commit = NULL;
  340. (void) arg;
  341. { /* Setup a minimal dirauth environment for this test */
  342. or_options_t *options = get_options_mutable();
  343. auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  344. tt_assert(auth_cert);
  345. options->AuthoritativeDir = 1;
  346. tt_int_op(load_ed_keys(options, time(NULL)), OP_GE, 0);
  347. }
  348. /* Generate our commit object and validate it has the appropriate field
  349. * that we can then use to build a representation that we'll find in a
  350. * vote coming from the network. */
  351. {
  352. sr_commit_t test_commit;
  353. our_commit = sr_generate_our_commit(now, auth_cert);
  354. tt_assert(our_commit);
  355. /* Default and only supported algorithm for now. */
  356. tt_assert(our_commit->alg == DIGEST_SHA3_256);
  357. /* We should have a reveal value. */
  358. tt_assert(commit_has_reveal_value(our_commit));
  359. /* We should have a random value. */
  360. tt_assert(!tor_mem_is_zero((char *) our_commit->random_number,
  361. sizeof(our_commit->random_number)));
  362. /* Commit and reveal timestamp should be the same. */
  363. tt_u64_op(our_commit->commit_ts, OP_EQ, our_commit->reveal_ts);
  364. /* We should have a hashed reveal. */
  365. tt_assert(!tor_mem_is_zero(our_commit->hashed_reveal,
  366. sizeof(our_commit->hashed_reveal)));
  367. /* Do we have a valid encoded commit and reveal. Note the following only
  368. * tests if the generated values are correct. Their could be a bug in
  369. * the decode function but we test them separately. */
  370. tt_int_op(0, OP_EQ, reveal_decode(our_commit->encoded_reveal,
  371. &test_commit));
  372. tt_int_op(0, OP_EQ, commit_decode(our_commit->encoded_commit,
  373. &test_commit));
  374. tt_int_op(0, OP_EQ, verify_commit_and_reveal(our_commit));
  375. }
  376. /* Let's make sure our verify commit and reveal function works. We'll
  377. * make it fail a bit with known failure case. */
  378. {
  379. /* Copy our commit so we don't alter it for the rest of testing. */
  380. sr_commit_t test_commit;
  381. memcpy(&test_commit, our_commit, sizeof(test_commit));
  382. /* Timestamp MUST match. */
  383. test_commit.commit_ts = test_commit.reveal_ts - 42;
  384. setup_full_capture_of_logs(LOG_WARN);
  385. tt_int_op(-1, OP_EQ, verify_commit_and_reveal(&test_commit));
  386. expect_log_msg_containing("doesn't match reveal timestamp");
  387. teardown_capture_of_logs();
  388. memcpy(&test_commit, our_commit, sizeof(test_commit));
  389. tt_int_op(0, OP_EQ, verify_commit_and_reveal(&test_commit));
  390. /* Hashed reveal must match the H(encoded_reveal). */
  391. memset(test_commit.hashed_reveal, 'X',
  392. sizeof(test_commit.hashed_reveal));
  393. setup_full_capture_of_logs(LOG_WARN);
  394. tt_int_op(-1, OP_EQ, verify_commit_and_reveal(&test_commit));
  395. expect_single_log_msg_containing("doesn't match the commit value");
  396. teardown_capture_of_logs();
  397. memcpy(&test_commit, our_commit, sizeof(test_commit));
  398. tt_int_op(0, OP_EQ, verify_commit_and_reveal(&test_commit));
  399. }
  400. /* We'll build a list of values from our commit that our parsing function
  401. * takes from a vote line and see if we can parse it correctly. */
  402. {
  403. smartlist_add_strdup(args, "1");
  404. smartlist_add_strdup(args,
  405. crypto_digest_algorithm_get_name(our_commit->alg));
  406. smartlist_add_strdup(args, sr_commit_get_rsa_fpr(our_commit));
  407. smartlist_add_strdup(args, our_commit->encoded_commit);
  408. smartlist_add_strdup(args, our_commit->encoded_reveal);
  409. parsed_commit = sr_parse_commit(args);
  410. tt_assert(parsed_commit);
  411. /* That parsed commit should be _EXACTLY_ like our original commit (we
  412. * have to explicitly set the valid flag though). */
  413. parsed_commit->valid = 1;
  414. tt_mem_op(parsed_commit, OP_EQ, our_commit, sizeof(*parsed_commit));
  415. /* Cleanup */
  416. }
  417. done:
  418. teardown_capture_of_logs();
  419. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  420. smartlist_free(args);
  421. sr_commit_free(our_commit);
  422. sr_commit_free(parsed_commit);
  423. authority_cert_free(auth_cert);
  424. }
  425. /* Test the encoding and decoding function for commit and reveal values. */
  426. static void
  427. test_encoding(void *arg)
  428. {
  429. (void) arg;
  430. int ret;
  431. /* Random number is 32 bytes. */
  432. char raw_rand[32];
  433. time_t ts = 1454333590;
  434. char hashed_rand[DIGEST256_LEN], hashed_reveal[DIGEST256_LEN];
  435. sr_commit_t parsed_commit;
  436. /* Those values were generated by sr_commit_calc_ref.py where the random
  437. * value is 32 'A' and timestamp is the one in ts. */
  438. static const char *encoded_reveal =
  439. "AAAAAFavXpZJxbwTupvaJCTeIUCQmOPxAMblc7ChL5H2nZKuGchdaA==";
  440. static const char *encoded_commit =
  441. "AAAAAFavXpbkBMzMQG7aNoaGLFNpm2Wkk1ozXhuWWqL//GynltxVAg==";
  442. /* Set up our raw random bytes array. */
  443. memset(raw_rand, 'A', sizeof(raw_rand));
  444. /* Hash random number because we don't expose bytes of the RNG. */
  445. ret = crypto_digest256(hashed_rand, raw_rand,
  446. sizeof(raw_rand), SR_DIGEST_ALG);
  447. tt_int_op(0, OP_EQ, ret);
  448. /* Hash reveal value. */
  449. tt_int_op(SR_REVEAL_BASE64_LEN, OP_EQ, strlen(encoded_reveal));
  450. ret = crypto_digest256(hashed_reveal, encoded_reveal,
  451. strlen(encoded_reveal), SR_DIGEST_ALG);
  452. tt_int_op(0, OP_EQ, ret);
  453. tt_int_op(SR_COMMIT_BASE64_LEN, OP_EQ, strlen(encoded_commit));
  454. /* Test our commit/reveal decode functions. */
  455. {
  456. /* Test the reveal encoded value. */
  457. tt_int_op(0, OP_EQ, reveal_decode(encoded_reveal, &parsed_commit));
  458. tt_u64_op(ts, OP_EQ, parsed_commit.reveal_ts);
  459. tt_mem_op(hashed_rand, OP_EQ, parsed_commit.random_number,
  460. sizeof(hashed_rand));
  461. /* Test the commit encoded value. */
  462. memset(&parsed_commit, 0, sizeof(parsed_commit));
  463. tt_int_op(0, OP_EQ, commit_decode(encoded_commit, &parsed_commit));
  464. tt_u64_op(ts, OP_EQ, parsed_commit.commit_ts);
  465. tt_mem_op(encoded_commit, OP_EQ, parsed_commit.encoded_commit,
  466. sizeof(parsed_commit.encoded_commit));
  467. tt_mem_op(hashed_reveal, OP_EQ, parsed_commit.hashed_reveal,
  468. sizeof(hashed_reveal));
  469. }
  470. /* Test our commit/reveal encode functions. */
  471. {
  472. /* Test the reveal encode. */
  473. char encoded[SR_REVEAL_BASE64_LEN + 1];
  474. parsed_commit.reveal_ts = ts;
  475. memcpy(parsed_commit.random_number, hashed_rand,
  476. sizeof(parsed_commit.random_number));
  477. ret = reveal_encode(&parsed_commit, encoded, sizeof(encoded));
  478. tt_int_op(SR_REVEAL_BASE64_LEN, OP_EQ, ret);
  479. tt_mem_op(encoded_reveal, OP_EQ, encoded, strlen(encoded_reveal));
  480. }
  481. {
  482. /* Test the commit encode. */
  483. char encoded[SR_COMMIT_BASE64_LEN + 1];
  484. parsed_commit.commit_ts = ts;
  485. memcpy(parsed_commit.hashed_reveal, hashed_reveal,
  486. sizeof(parsed_commit.hashed_reveal));
  487. ret = commit_encode(&parsed_commit, encoded, sizeof(encoded));
  488. tt_int_op(SR_COMMIT_BASE64_LEN, OP_EQ, ret);
  489. tt_mem_op(encoded_commit, OP_EQ, encoded, strlen(encoded_commit));
  490. }
  491. done:
  492. ;
  493. }
  494. /** Setup some SRVs in our SR state. If <b>also_current</b> is set, then set
  495. * both current and previous SRVs.
  496. * Helper of test_vote() and test_sr_compute_srv(). */
  497. static void
  498. test_sr_setup_srv(int also_current)
  499. {
  500. sr_srv_t *srv = tor_malloc_zero(sizeof(sr_srv_t));
  501. srv->num_reveals = 42;
  502. memcpy(srv->value,
  503. "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
  504. sizeof(srv->value));
  505. sr_state_set_previous_srv(srv);
  506. if (also_current) {
  507. srv = tor_malloc_zero(sizeof(sr_srv_t));
  508. srv->num_reveals = 128;
  509. memcpy(srv->value,
  510. "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN",
  511. sizeof(srv->value));
  512. sr_state_set_current_srv(srv);
  513. }
  514. }
  515. /* Test anything that has to do with SR protocol and vote. */
  516. static void
  517. test_vote(void *arg)
  518. {
  519. int ret;
  520. time_t now = time(NULL);
  521. sr_commit_t *our_commit = NULL;
  522. (void) arg;
  523. MOCK(trusteddirserver_get_by_v3_auth_digest,
  524. trusteddirserver_get_by_v3_auth_digest_m);
  525. { /* Setup a minimal dirauth environment for this test */
  526. init_authority_state();
  527. /* Set ourself in reveal phase so we can parse the reveal value in the
  528. * vote as well. */
  529. set_sr_phase(SR_PHASE_REVEAL);
  530. }
  531. /* Generate our commit object and validate it has the appropriate field
  532. * that we can then use to build a representation that we'll find in a
  533. * vote coming from the network. */
  534. {
  535. sr_commit_t *saved_commit;
  536. our_commit = sr_generate_our_commit(now, mock_cert);
  537. tt_assert(our_commit);
  538. sr_state_add_commit(our_commit);
  539. /* Make sure it's there. */
  540. saved_commit = sr_state_get_commit(our_commit->rsa_identity);
  541. tt_assert(saved_commit);
  542. }
  543. /* Also setup the SRVs */
  544. test_sr_setup_srv(1);
  545. { /* Now test the vote generation */
  546. smartlist_t *chunks = smartlist_new();
  547. smartlist_t *tokens = smartlist_new();
  548. /* Get our vote line and validate it. */
  549. char *lines = sr_get_string_for_vote();
  550. tt_assert(lines);
  551. /* Split the lines. We expect 2 here. */
  552. ret = smartlist_split_string(chunks, lines, "\n", SPLIT_IGNORE_BLANK, 0);
  553. tt_int_op(ret, OP_EQ, 4);
  554. tt_str_op(smartlist_get(chunks, 0), OP_EQ, "shared-rand-participate");
  555. /* Get our commitment line and will validate it against our commit. The
  556. * format is as follow:
  557. * "shared-rand-commitment" SP version SP algname SP identity
  558. * SP COMMIT [SP REVEAL] NL
  559. */
  560. char *commit_line = smartlist_get(chunks, 1);
  561. tt_assert(commit_line);
  562. ret = smartlist_split_string(tokens, commit_line, " ", 0, 0);
  563. tt_int_op(ret, OP_EQ, 6);
  564. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-commit");
  565. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "1");
  566. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  567. crypto_digest_algorithm_get_name(DIGEST_SHA3_256));
  568. char digest[DIGEST_LEN];
  569. base16_decode(digest, sizeof(digest), smartlist_get(tokens, 3),
  570. HEX_DIGEST_LEN);
  571. tt_mem_op(digest, OP_EQ, our_commit->rsa_identity, sizeof(digest));
  572. tt_str_op(smartlist_get(tokens, 4), OP_EQ, our_commit->encoded_commit);
  573. tt_str_op(smartlist_get(tokens, 5), OP_EQ, our_commit->encoded_reveal)
  574. ;
  575. /* Finally, does this vote line creates a valid commit object? */
  576. smartlist_t *args = smartlist_new();
  577. smartlist_add(args, smartlist_get(tokens, 1));
  578. smartlist_add(args, smartlist_get(tokens, 2));
  579. smartlist_add(args, smartlist_get(tokens, 3));
  580. smartlist_add(args, smartlist_get(tokens, 4));
  581. smartlist_add(args, smartlist_get(tokens, 5));
  582. sr_commit_t *parsed_commit = sr_parse_commit(args);
  583. tt_assert(parsed_commit);
  584. /* Set valid flag explicitly here to compare since it's not set by
  585. * simply parsing the commit. */
  586. parsed_commit->valid = 1;
  587. tt_mem_op(parsed_commit, OP_EQ, our_commit, sizeof(*our_commit));
  588. /* minor cleanup */
  589. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  590. smartlist_clear(tokens);
  591. /* Now test the previous SRV */
  592. char *prev_srv_line = smartlist_get(chunks, 2);
  593. tt_assert(prev_srv_line);
  594. ret = smartlist_split_string(tokens, prev_srv_line, " ", 0, 0);
  595. tt_int_op(ret, OP_EQ, 3);
  596. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-previous-value");
  597. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "42");
  598. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  599. "WlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo=");
  600. /* minor cleanup */
  601. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  602. smartlist_clear(tokens);
  603. /* Now test the current SRV */
  604. char *current_srv_line = smartlist_get(chunks, 3);
  605. tt_assert(current_srv_line);
  606. ret = smartlist_split_string(tokens, current_srv_line, " ", 0, 0);
  607. tt_int_op(ret, OP_EQ, 3);
  608. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-current-value");
  609. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "128");
  610. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  611. "Tk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk4=");
  612. /* Clean up */
  613. sr_commit_free(parsed_commit);
  614. SMARTLIST_FOREACH(chunks, char *, s, tor_free(s));
  615. smartlist_free(chunks);
  616. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  617. smartlist_free(tokens);
  618. smartlist_clear(args);
  619. smartlist_free(args);
  620. tor_free(lines);
  621. }
  622. done:
  623. sr_commit_free(our_commit);
  624. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  625. }
  626. static const char *sr_state_str = "Version 1\n"
  627. "TorVersion 0.2.9.0-alpha-dev\n"
  628. "ValidAfter 2037-04-19 07:16:00\n"
  629. "ValidUntil 2037-04-20 07:16:00\n"
  630. "Commit 1 sha3-256 FA3CEC2C99DC68D3166B9B6E4FA21A4026C2AB1C "
  631. "7M8GdubCAAdh7WUG0DiwRyxTYRKji7HATa7LLJEZ/UAAAAAAVmfUSg== "
  632. "AAAAAFZn1EojfIheIw42bjK3VqkpYyjsQFSbv/dxNna3Q8hUEPKpOw==\n"
  633. "Commit 1 sha3-256 41E89EDFBFBA44983E21F18F2230A4ECB5BFB543 "
  634. "17aUsYuMeRjd2N1r8yNyg7aHqRa6gf4z7QPoxxAZbp0AAAAAVmfUSg==\n"
  635. "Commit 1 sha3-256 36637026573A04110CF3E6B1D201FB9A98B88734 "
  636. "DDDYtripvdOU+XPEUm5xpU64d9IURSds1xSwQsgeB8oAAAAAVmfUSg==\n"
  637. "SharedRandPreviousValue 4 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=\n"
  638. "SharedRandCurrentValue 3 8dWeW12KEzTGEiLGgO1UVJ7Z91CekoRcxt6Q9KhnOFI=\n";
  639. /** Create an SR disk state, parse it and validate that the parsing went
  640. * well. Yes! */
  641. static void
  642. test_state_load_from_disk(void *arg)
  643. {
  644. int ret;
  645. char *dir = tor_strdup(get_fname("test_sr_state"));
  646. char *sr_state_path = tor_strdup(get_fname("test_sr_state/sr_state"));
  647. sr_state_t *the_sr_state = NULL;
  648. (void) arg;
  649. MOCK(trusteddirserver_get_by_v3_auth_digest,
  650. trusteddirserver_get_by_v3_auth_digest_m);
  651. /* First try with a nonexistent path. */
  652. ret = disk_state_load_from_disk_impl("NONEXISTENTNONEXISTENT");
  653. tt_int_op(ret, OP_EQ, -ENOENT);
  654. /* Now create a mock state directory and state file */
  655. #ifdef _WIN32
  656. ret = mkdir(dir);
  657. #else
  658. ret = mkdir(dir, 0700);
  659. #endif
  660. tt_int_op(ret, OP_EQ, 0);
  661. ret = write_str_to_file(sr_state_path, sr_state_str, 0);
  662. tt_int_op(ret, OP_EQ, 0);
  663. /* Try to load the directory itself. Should fail. */
  664. ret = disk_state_load_from_disk_impl(dir);
  665. tt_int_op(ret, OP_LT, 0);
  666. /* State should be non-existent at this point. */
  667. the_sr_state = get_sr_state();
  668. tt_ptr_op(the_sr_state, OP_EQ, NULL);
  669. /* Now try to load the correct file! */
  670. ret = disk_state_load_from_disk_impl(sr_state_path);
  671. tt_int_op(ret, OP_EQ, 0);
  672. /* Check the content of the state */
  673. /* XXX check more deeply!!! */
  674. the_sr_state = get_sr_state();
  675. tt_assert(the_sr_state);
  676. tt_assert(the_sr_state->version == 1);
  677. tt_assert(digestmap_size(the_sr_state->commits) == 3);
  678. tt_assert(the_sr_state->current_srv);
  679. tt_assert(the_sr_state->current_srv->num_reveals == 3);
  680. tt_assert(the_sr_state->previous_srv);
  681. /* XXX Now also try loading corrupted state files and make sure parsing
  682. fails */
  683. done:
  684. tor_free(dir);
  685. tor_free(sr_state_path);
  686. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  687. }
  688. /** Generate three specially crafted commits (based on the test
  689. * vector at sr_srv_calc_ref.py). Helper of test_sr_compute_srv(). */
  690. static void
  691. test_sr_setup_commits(void)
  692. {
  693. time_t now = time(NULL);
  694. sr_commit_t *commit_a, *commit_b, *commit_c, *commit_d;
  695. sr_commit_t *place_holder = tor_malloc_zero(sizeof(*place_holder));
  696. authority_cert_t *auth_cert = NULL;
  697. { /* Setup a minimal dirauth environment for this test */
  698. or_options_t *options = get_options_mutable();
  699. auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  700. tt_assert(auth_cert);
  701. options->AuthoritativeDir = 1;
  702. tt_int_op(0, OP_EQ, load_ed_keys(options, now));
  703. }
  704. /* Generate three dummy commits according to sr_srv_calc_ref.py . Then
  705. register them to the SR state. Also register a fourth commit 'd' with no
  706. reveal info, to make sure that it will get ignored during SRV
  707. calculation. */
  708. { /* Commit from auth 'a' */
  709. commit_a = sr_generate_our_commit(now, auth_cert);
  710. tt_assert(commit_a);
  711. /* Do some surgery on the commit */
  712. memset(commit_a->rsa_identity, 'A', sizeof(commit_a->rsa_identity));
  713. base16_encode(commit_a->rsa_identity_hex,
  714. sizeof(commit_a->rsa_identity_hex), commit_a->rsa_identity,
  715. sizeof(commit_a->rsa_identity));
  716. strlcpy(commit_a->encoded_reveal,
  717. "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
  718. sizeof(commit_a->encoded_reveal));
  719. memcpy(commit_a->hashed_reveal,
  720. "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
  721. sizeof(commit_a->hashed_reveal));
  722. }
  723. { /* Commit from auth 'b' */
  724. commit_b = sr_generate_our_commit(now, auth_cert);
  725. tt_assert(commit_b);
  726. /* Do some surgery on the commit */
  727. memset(commit_b->rsa_identity, 'B', sizeof(commit_b->rsa_identity));
  728. base16_encode(commit_b->rsa_identity_hex,
  729. sizeof(commit_b->rsa_identity_hex), commit_b->rsa_identity,
  730. sizeof(commit_b->rsa_identity));
  731. strlcpy(commit_b->encoded_reveal,
  732. "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
  733. sizeof(commit_b->encoded_reveal));
  734. memcpy(commit_b->hashed_reveal,
  735. "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
  736. sizeof(commit_b->hashed_reveal));
  737. }
  738. { /* Commit from auth 'c' */
  739. commit_c = sr_generate_our_commit(now, auth_cert);
  740. tt_assert(commit_c);
  741. /* Do some surgery on the commit */
  742. memset(commit_c->rsa_identity, 'C', sizeof(commit_c->rsa_identity));
  743. base16_encode(commit_c->rsa_identity_hex,
  744. sizeof(commit_c->rsa_identity_hex), commit_c->rsa_identity,
  745. sizeof(commit_c->rsa_identity));
  746. strlcpy(commit_c->encoded_reveal,
  747. "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
  748. sizeof(commit_c->encoded_reveal));
  749. memcpy(commit_c->hashed_reveal,
  750. "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
  751. sizeof(commit_c->hashed_reveal));
  752. }
  753. { /* Commit from auth 'd' */
  754. commit_d = sr_generate_our_commit(now, auth_cert);
  755. tt_assert(commit_d);
  756. /* Do some surgery on the commit */
  757. memset(commit_d->rsa_identity, 'D', sizeof(commit_d->rsa_identity));
  758. base16_encode(commit_d->rsa_identity_hex,
  759. sizeof(commit_d->rsa_identity_hex), commit_d->rsa_identity,
  760. sizeof(commit_d->rsa_identity));
  761. strlcpy(commit_d->encoded_reveal,
  762. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
  763. sizeof(commit_d->encoded_reveal));
  764. memcpy(commit_d->hashed_reveal,
  765. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
  766. sizeof(commit_d->hashed_reveal));
  767. /* Clean up its reveal info */
  768. memcpy(place_holder, commit_d, sizeof(*place_holder));
  769. memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal));
  770. tt_assert(!commit_has_reveal_value(commit_d));
  771. }
  772. /* Register commits to state (during commit phase) */
  773. set_sr_phase(SR_PHASE_COMMIT);
  774. save_commit_to_state(commit_a);
  775. save_commit_to_state(commit_b);
  776. save_commit_to_state(commit_c);
  777. save_commit_to_state(commit_d);
  778. tt_int_op(digestmap_size(get_sr_state()->commits), OP_EQ, 4);
  779. /* Now during REVEAL phase save commit D by restoring its reveal. */
  780. set_sr_phase(SR_PHASE_REVEAL);
  781. save_commit_to_state(place_holder);
  782. place_holder = NULL;
  783. tt_str_op(commit_d->encoded_reveal, OP_EQ,
  784. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD");
  785. /* Go back to an empty encoded reveal value. */
  786. memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal));
  787. memset(commit_d->random_number, 0, sizeof(commit_d->random_number));
  788. tt_assert(!commit_has_reveal_value(commit_d));
  789. done:
  790. tor_free(place_holder);
  791. authority_cert_free(auth_cert);
  792. }
  793. /** Verify that the SRV generation procedure is proper by testing it against
  794. * the test vector from ./sr_srv_calc_ref.py. */
  795. static void
  796. test_sr_compute_srv(void *arg)
  797. {
  798. (void) arg;
  799. const sr_srv_t *current_srv = NULL;
  800. #define SRV_TEST_VECTOR \
  801. "2A9B1D6237DAB312A40F575DA85C147663E7ED3F80E9555395F15B515C74253D"
  802. MOCK(trusteddirserver_get_by_v3_auth_digest,
  803. trusteddirserver_get_by_v3_auth_digest_m);
  804. init_authority_state();
  805. /* Setup the commits for this unittest */
  806. test_sr_setup_commits();
  807. test_sr_setup_srv(0);
  808. /* Now switch to reveal phase */
  809. set_sr_phase(SR_PHASE_REVEAL);
  810. /* Compute the SRV */
  811. sr_compute_srv();
  812. /* Check the result against the test vector */
  813. current_srv = sr_state_get_current_srv();
  814. tt_assert(current_srv);
  815. tt_u64_op(current_srv->num_reveals, OP_EQ, 3);
  816. tt_str_op(hex_str((char*)current_srv->value, 32),
  817. OP_EQ,
  818. SRV_TEST_VECTOR);
  819. done:
  820. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  821. }
  822. /** Return a minimal vote document with a current SRV value set to
  823. * <b>srv</b>. */
  824. static networkstatus_t *
  825. get_test_vote_with_curr_srv(const char *srv)
  826. {
  827. networkstatus_t *vote = tor_malloc_zero(sizeof(networkstatus_t));
  828. vote->type = NS_TYPE_VOTE;
  829. vote->sr_info.participate = 1;
  830. vote->sr_info.current_srv = tor_malloc_zero(sizeof(sr_srv_t));
  831. vote->sr_info.current_srv->num_reveals = 42;
  832. memcpy(vote->sr_info.current_srv->value,
  833. srv,
  834. sizeof(vote->sr_info.current_srv->value));
  835. return vote;
  836. }
  837. /* Test the function that picks the right SRV given a bunch of votes. Make sure
  838. * that the function returns an SRV iff the majority/agreement requirements are
  839. * met. */
  840. static void
  841. test_sr_get_majority_srv_from_votes(void *arg)
  842. {
  843. sr_srv_t *chosen_srv;
  844. smartlist_t *votes = smartlist_new();
  845. #define SRV_1 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
  846. #define SRV_2 "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
  847. (void) arg;
  848. init_authority_state();
  849. /* Make sure our SRV is fresh so we can consider the super majority with
  850. * the consensus params of number of agreements needed. */
  851. sr_state_set_fresh_srv();
  852. /* The test relies on the dirauth list being initialized. */
  853. clear_dir_servers();
  854. add_default_trusted_dir_authorities(V3_DIRINFO);
  855. { /* Prepare voting environment with just a single vote. */
  856. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  857. smartlist_add(votes, vote);
  858. }
  859. /* Since it's only one vote with an SRV, it should not achieve majority and
  860. hence no SRV will be returned. */
  861. chosen_srv = get_majority_srv_from_votes(votes, 1);
  862. tt_ptr_op(chosen_srv, OP_EQ, NULL);
  863. { /* Now put in 8 more votes. Let SRV_1 have majority. */
  864. int i;
  865. /* Now 7 votes believe in SRV_1 */
  866. for (i = 0; i < 3; i++) {
  867. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  868. smartlist_add(votes, vote);
  869. }
  870. /* and 2 votes believe in SRV_2 */
  871. for (i = 0; i < 2; i++) {
  872. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_2);
  873. smartlist_add(votes, vote);
  874. }
  875. for (i = 0; i < 3; i++) {
  876. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  877. smartlist_add(votes, vote);
  878. }
  879. tt_int_op(smartlist_len(votes), OP_EQ, 9);
  880. }
  881. /* Now we achieve majority for SRV_1, but not the AuthDirNumSRVAgreements
  882. requirement. So still not picking an SRV. */
  883. set_num_srv_agreements(8);
  884. chosen_srv = get_majority_srv_from_votes(votes, 1);
  885. tt_ptr_op(chosen_srv, OP_EQ, NULL);
  886. /* We will now lower the AuthDirNumSRVAgreements requirement by tweaking the
  887. * consensus parameter and we will try again. This time it should work. */
  888. set_num_srv_agreements(7);
  889. chosen_srv = get_majority_srv_from_votes(votes, 1);
  890. tt_assert(chosen_srv);
  891. tt_u64_op(chosen_srv->num_reveals, OP_EQ, 42);
  892. tt_mem_op(chosen_srv->value, OP_EQ, SRV_1, sizeof(chosen_srv->value));
  893. done:
  894. SMARTLIST_FOREACH(votes, networkstatus_t *, vote,
  895. networkstatus_vote_free(vote));
  896. smartlist_free(votes);
  897. }
  898. static void
  899. test_utils(void *arg)
  900. {
  901. (void) arg;
  902. /* Testing srv_dup(). */
  903. {
  904. sr_srv_t *srv = NULL, *dup_srv = NULL;
  905. const char *srv_value =
  906. "1BDB7C3E973936E4D13A49F37C859B3DC69C429334CF9412E3FEF6399C52D47A";
  907. srv = tor_malloc_zero(sizeof(*srv));
  908. srv->num_reveals = 42;
  909. memcpy(srv->value, srv_value, sizeof(srv->value));
  910. dup_srv = srv_dup(srv);
  911. tt_assert(dup_srv);
  912. tt_u64_op(dup_srv->num_reveals, OP_EQ, srv->num_reveals);
  913. tt_mem_op(dup_srv->value, OP_EQ, srv->value, sizeof(srv->value));
  914. tor_free(srv);
  915. tor_free(dup_srv);
  916. }
  917. /* Testing commitments_are_the_same(). Currently, the check is to test the
  918. * value of the encoded commit so let's make sure that actually works. */
  919. {
  920. /* Payload of 57 bytes that is the length of sr_commit_t->encoded_commit.
  921. * 56 bytes of payload and a NUL terminated byte at the end ('\x00')
  922. * which comes down to SR_COMMIT_BASE64_LEN + 1. */
  923. const char *payload =
  924. "\x5d\xb9\x60\xb6\xcc\x51\x68\x52\x31\xd9\x88\x88\x71\x71\xe0\x30"
  925. "\x59\x55\x7f\xcd\x61\xc0\x4b\x05\xb8\xcd\xc1\x48\xe9\xcd\x16\x1f"
  926. "\x70\x15\x0c\xfc\xd3\x1a\x75\xd0\x93\x6c\xc4\xe0\x5c\xbe\xe2\x18"
  927. "\xc7\xaf\x72\xb6\x7c\x9b\x52\x00";
  928. sr_commit_t commit1, commit2;
  929. memcpy(commit1.encoded_commit, payload, sizeof(commit1.encoded_commit));
  930. memcpy(commit2.encoded_commit, payload, sizeof(commit2.encoded_commit));
  931. tt_int_op(commitments_are_the_same(&commit1, &commit2), OP_EQ, 1);
  932. /* Let's corrupt one of them. */
  933. memset(commit1.encoded_commit, 'A', sizeof(commit1.encoded_commit));
  934. tt_int_op(commitments_are_the_same(&commit1, &commit2), OP_EQ, 0);
  935. }
  936. /* Testing commit_is_authoritative(). */
  937. {
  938. crypto_pk_t *k = crypto_pk_new();
  939. char digest[DIGEST_LEN];
  940. sr_commit_t commit;
  941. tt_assert(!crypto_pk_generate_key(k));
  942. tt_int_op(0, OP_EQ, crypto_pk_get_digest(k, digest));
  943. memcpy(commit.rsa_identity, digest, sizeof(commit.rsa_identity));
  944. tt_int_op(commit_is_authoritative(&commit, digest), OP_EQ, 1);
  945. /* Change the pubkey. */
  946. memset(commit.rsa_identity, 0, sizeof(commit.rsa_identity));
  947. tt_int_op(commit_is_authoritative(&commit, digest), OP_EQ, 0);
  948. crypto_pk_free(k);
  949. }
  950. /* Testing get_phase_str(). */
  951. {
  952. tt_str_op(get_phase_str(SR_PHASE_REVEAL), OP_EQ, "reveal");
  953. tt_str_op(get_phase_str(SR_PHASE_COMMIT), OP_EQ, "commit");
  954. }
  955. /* Testing phase transition */
  956. {
  957. init_authority_state();
  958. set_sr_phase(SR_PHASE_COMMIT);
  959. tt_int_op(is_phase_transition(SR_PHASE_REVEAL), OP_EQ, 1);
  960. tt_int_op(is_phase_transition(SR_PHASE_COMMIT), OP_EQ, 0);
  961. set_sr_phase(SR_PHASE_REVEAL);
  962. tt_int_op(is_phase_transition(SR_PHASE_REVEAL), OP_EQ, 0);
  963. tt_int_op(is_phase_transition(SR_PHASE_COMMIT), OP_EQ, 1);
  964. /* Junk. */
  965. tt_int_op(is_phase_transition(42), OP_EQ, 1);
  966. }
  967. done:
  968. return;
  969. }
  970. static void
  971. test_state_transition(void *arg)
  972. {
  973. sr_state_t *state = NULL;
  974. time_t now = time(NULL);
  975. (void) arg;
  976. { /* Setup a minimal dirauth environment for this test */
  977. init_authority_state();
  978. state = get_sr_state();
  979. tt_assert(state);
  980. }
  981. /* Test our state reset for a new protocol run. */
  982. {
  983. /* Add a commit to the state so we can test if the reset cleans the
  984. * commits. Also, change all params that we expect to be updated. */
  985. sr_commit_t *commit = sr_generate_our_commit(now, mock_cert);
  986. tt_assert(commit);
  987. sr_state_add_commit(commit);
  988. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  989. /* Let's test our delete feature. */
  990. sr_state_delete_commits();
  991. tt_int_op(digestmap_size(state->commits), OP_EQ, 0);
  992. /* Add it back so we can continue the rest of the test because after
  993. * deletiong our commit will be freed so generate a new one. */
  994. commit = sr_generate_our_commit(now, mock_cert);
  995. tt_assert(commit);
  996. sr_state_add_commit(commit);
  997. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  998. state->n_reveal_rounds = 42;
  999. state->n_commit_rounds = 43;
  1000. state->n_protocol_runs = 44;
  1001. reset_state_for_new_protocol_run(now);
  1002. tt_int_op(state->n_reveal_rounds, OP_EQ, 0);
  1003. tt_int_op(state->n_commit_rounds, OP_EQ, 0);
  1004. tt_u64_op(state->n_protocol_runs, OP_EQ, 45);
  1005. tt_int_op(digestmap_size(state->commits), OP_EQ, 0);
  1006. }
  1007. /* Test SRV rotation in our state. */
  1008. {
  1009. const sr_srv_t *cur, *prev;
  1010. test_sr_setup_srv(1);
  1011. cur = sr_state_get_current_srv();
  1012. tt_assert(cur);
  1013. /* After, current srv should be the previous and then set to NULL. */
  1014. state_rotate_srv();
  1015. prev = sr_state_get_previous_srv();
  1016. tt_assert(prev == cur);
  1017. tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
  1018. sr_state_clean_srvs();
  1019. }
  1020. /* New protocol run. */
  1021. {
  1022. const sr_srv_t *cur;
  1023. /* Setup some new SRVs so we can confirm that a new protocol run
  1024. * actually makes them rotate and compute new ones. */
  1025. test_sr_setup_srv(1);
  1026. cur = sr_state_get_current_srv();
  1027. tt_assert(cur);
  1028. set_sr_phase(SR_PHASE_REVEAL);
  1029. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  1030. new_protocol_run(now);
  1031. UNMOCK(get_my_v3_authority_cert);
  1032. /* Rotation happened. */
  1033. tt_assert(sr_state_get_previous_srv() == cur);
  1034. /* We are going into COMMIT phase so we had to rotate our SRVs. Usually
  1035. * our current SRV would be NULL but a new protocol run should make us
  1036. * compute a new SRV. */
  1037. tt_assert(sr_state_get_current_srv());
  1038. /* Also, make sure we did change the current. */
  1039. tt_assert(sr_state_get_current_srv() != cur);
  1040. /* We should have our commitment alone. */
  1041. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  1042. tt_int_op(state->n_reveal_rounds, OP_EQ, 0);
  1043. tt_int_op(state->n_commit_rounds, OP_EQ, 0);
  1044. /* 46 here since we were at 45 just before. */
  1045. tt_u64_op(state->n_protocol_runs, OP_EQ, 46);
  1046. }
  1047. /* Cleanup of SRVs. */
  1048. {
  1049. sr_state_clean_srvs();
  1050. tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
  1051. tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
  1052. }
  1053. done:
  1054. return;
  1055. }
  1056. static void
  1057. test_keep_commit(void *arg)
  1058. {
  1059. char fp[FINGERPRINT_LEN + 1];
  1060. sr_commit_t *commit = NULL, *dup_commit = NULL;
  1061. sr_state_t *state;
  1062. time_t now = time(NULL);
  1063. crypto_pk_t *k = NULL;
  1064. (void) arg;
  1065. MOCK(trusteddirserver_get_by_v3_auth_digest,
  1066. trusteddirserver_get_by_v3_auth_digest_m);
  1067. {
  1068. k = pk_generate(1);
  1069. /* Setup a minimal dirauth environment for this test */
  1070. /* Have a key that is not the one from our commit. */
  1071. init_authority_state();
  1072. state = get_sr_state();
  1073. }
  1074. crypto_rand((char*)fp, sizeof(fp));
  1075. /* Test this very important function that tells us if we should keep a
  1076. * commit or not in our state. Most of it depends on the phase and what's
  1077. * in the commit so we'll change the commit as we go. */
  1078. commit = sr_generate_our_commit(now, mock_cert);
  1079. tt_assert(commit);
  1080. /* Set us in COMMIT phase for starter. */
  1081. set_sr_phase(SR_PHASE_COMMIT);
  1082. /* We should never keep a commit from a non authoritative authority. */
  1083. tt_int_op(should_keep_commit(commit, fp, SR_PHASE_COMMIT), OP_EQ, 0);
  1084. /* This should NOT be kept because it has a reveal value in it. */
  1085. tt_assert(commit_has_reveal_value(commit));
  1086. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1087. SR_PHASE_COMMIT), OP_EQ, 0);
  1088. /* Add it to the state which should return to not keep it. */
  1089. sr_state_add_commit(commit);
  1090. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1091. SR_PHASE_COMMIT), OP_EQ, 0);
  1092. /* Remove it from state so we can continue our testing. */
  1093. digestmap_remove(state->commits, commit->rsa_identity);
  1094. /* Let's remove our reveal value which should make it OK to keep it. */
  1095. memset(commit->encoded_reveal, 0, sizeof(commit->encoded_reveal));
  1096. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1097. SR_PHASE_COMMIT), OP_EQ, 1);
  1098. /* Let's reset our commit and go into REVEAL phase. */
  1099. sr_commit_free(commit);
  1100. commit = sr_generate_our_commit(now, mock_cert);
  1101. tt_assert(commit);
  1102. /* Dup the commit so we have one with and one without a reveal value. */
  1103. dup_commit = tor_malloc_zero(sizeof(*dup_commit));
  1104. memcpy(dup_commit, commit, sizeof(*dup_commit));
  1105. memset(dup_commit->encoded_reveal, 0, sizeof(dup_commit->encoded_reveal));
  1106. set_sr_phase(SR_PHASE_REVEAL);
  1107. /* We should never keep a commit from a non authoritative authority. */
  1108. tt_int_op(should_keep_commit(commit, fp, SR_PHASE_REVEAL), OP_EQ, 0);
  1109. /* We shouldn't accept a commit that is not in our state. */
  1110. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1111. SR_PHASE_REVEAL), OP_EQ, 0);
  1112. /* Important to add the commit _without_ the reveal here. */
  1113. sr_state_add_commit(dup_commit);
  1114. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  1115. /* Our commit should be valid that is authoritative, contains a reveal, be
  1116. * in the state and commitment and reveal values match. */
  1117. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1118. SR_PHASE_REVEAL), OP_EQ, 1);
  1119. /* The commit shouldn't be kept if it's not verified that is no matchin
  1120. * hashed reveal. */
  1121. {
  1122. /* Let's save the hash reveal so we can restore it. */
  1123. sr_commit_t place_holder;
  1124. memcpy(place_holder.hashed_reveal, commit->hashed_reveal,
  1125. sizeof(place_holder.hashed_reveal));
  1126. memset(commit->hashed_reveal, 0, sizeof(commit->hashed_reveal));
  1127. setup_full_capture_of_logs(LOG_WARN);
  1128. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1129. SR_PHASE_REVEAL), OP_EQ, 0);
  1130. expect_log_msg_containing("doesn't match the commit value.");
  1131. expect_log_msg_containing("has an invalid reveal value.");
  1132. assert_log_predicate(mock_saved_log_n_entries() == 2,
  1133. ("expected 2 log entries"));
  1134. teardown_capture_of_logs();
  1135. memcpy(commit->hashed_reveal, place_holder.hashed_reveal,
  1136. sizeof(commit->hashed_reveal));
  1137. }
  1138. /* We shouldn't keep a commit that has no reveal. */
  1139. tt_int_op(should_keep_commit(dup_commit, dup_commit->rsa_identity,
  1140. SR_PHASE_REVEAL), OP_EQ, 0);
  1141. /* We must not keep a commit that is not the same from the commit phase. */
  1142. memset(commit->encoded_commit, 0, sizeof(commit->encoded_commit));
  1143. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1144. SR_PHASE_REVEAL), OP_EQ, 0);
  1145. done:
  1146. teardown_capture_of_logs();
  1147. sr_commit_free(commit);
  1148. sr_commit_free(dup_commit);
  1149. crypto_pk_free(k);
  1150. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  1151. }
  1152. static void
  1153. test_state_update(void *arg)
  1154. {
  1155. time_t commit_phase_time = 1452076000;
  1156. time_t reveal_phase_time = 1452086800;
  1157. sr_state_t *state;
  1158. (void) arg;
  1159. {
  1160. init_authority_state();
  1161. state = get_sr_state();
  1162. set_sr_phase(SR_PHASE_COMMIT);
  1163. /* We'll cheat a bit here and reset the creation time of the state which
  1164. * will avoid us to compute a valid_after time that fits the commit
  1165. * phase. */
  1166. state->valid_after = 0;
  1167. state->n_reveal_rounds = 0;
  1168. state->n_commit_rounds = 0;
  1169. state->n_protocol_runs = 0;
  1170. }
  1171. /* We need to mock for the state update function call. */
  1172. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  1173. /* We are in COMMIT phase here and we'll trigger a state update but no
  1174. * transition. */
  1175. sr_state_update(commit_phase_time);
  1176. tt_int_op(state->valid_after, OP_EQ, commit_phase_time);
  1177. tt_int_op(state->n_commit_rounds, OP_EQ, 1);
  1178. tt_int_op(state->phase, OP_EQ, SR_PHASE_COMMIT);
  1179. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  1180. /* We are still in the COMMIT phase here but we'll trigger a state
  1181. * transition to the REVEAL phase. */
  1182. sr_state_update(reveal_phase_time);
  1183. tt_int_op(state->phase, OP_EQ, SR_PHASE_REVEAL);
  1184. tt_int_op(state->valid_after, OP_EQ, reveal_phase_time);
  1185. /* Only our commit should be in there. */
  1186. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  1187. tt_int_op(state->n_reveal_rounds, OP_EQ, 1);
  1188. /* We can't update a state with a valid after _lower_ than the creation
  1189. * time so here it is. */
  1190. sr_state_update(commit_phase_time);
  1191. tt_int_op(state->valid_after, OP_EQ, reveal_phase_time);
  1192. /* Finally, let's go back in COMMIT phase so we can test the state update
  1193. * of a new protocol run. */
  1194. state->valid_after = 0;
  1195. sr_state_update(commit_phase_time);
  1196. tt_int_op(state->valid_after, OP_EQ, commit_phase_time);
  1197. tt_int_op(state->n_commit_rounds, OP_EQ, 1);
  1198. tt_int_op(state->n_reveal_rounds, OP_EQ, 0);
  1199. tt_u64_op(state->n_protocol_runs, OP_EQ, 1);
  1200. tt_int_op(state->phase, OP_EQ, SR_PHASE_COMMIT);
  1201. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  1202. tt_assert(state->current_srv);
  1203. done:
  1204. sr_state_free_all();
  1205. UNMOCK(get_my_v3_authority_cert);
  1206. }
  1207. struct testcase_t sr_tests[] = {
  1208. { "get_sr_protocol_phase", test_get_sr_protocol_phase, TT_FORK,
  1209. NULL, NULL },
  1210. { "sr_commit", test_sr_commit, TT_FORK,
  1211. NULL, NULL },
  1212. { "keep_commit", test_keep_commit, TT_FORK,
  1213. NULL, NULL },
  1214. { "encoding", test_encoding, TT_FORK,
  1215. NULL, NULL },
  1216. { "get_start_time_of_current_run", test_get_start_time_of_current_run,
  1217. TT_FORK, NULL, NULL },
  1218. { "get_start_time_functions", test_get_start_time_functions,
  1219. TT_FORK, NULL, NULL },
  1220. { "get_sr_protocol_duration", test_get_sr_protocol_duration, TT_FORK,
  1221. NULL, NULL },
  1222. { "get_state_valid_until_time", test_get_state_valid_until_time, TT_FORK,
  1223. NULL, NULL },
  1224. { "vote", test_vote, TT_FORK,
  1225. NULL, NULL },
  1226. { "state_load_from_disk", test_state_load_from_disk, TT_FORK,
  1227. NULL, NULL },
  1228. { "sr_compute_srv", test_sr_compute_srv, TT_FORK, NULL, NULL },
  1229. { "sr_get_majority_srv_from_votes", test_sr_get_majority_srv_from_votes,
  1230. TT_FORK, NULL, NULL },
  1231. { "utils", test_utils, TT_FORK, NULL, NULL },
  1232. { "state_transition", test_state_transition, TT_FORK, NULL, NULL },
  1233. { "state_update", test_state_update, TT_FORK,
  1234. NULL, NULL },
  1235. END_OF_TESTCASES
  1236. };