test_shared_random.c 50 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437
  1. /* Copyright (c) 2016-2018, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. #define SHARED_RANDOM_PRIVATE
  4. #define SHARED_RANDOM_STATE_PRIVATE
  5. #define CONFIG_PRIVATE
  6. #define DIRVOTE_PRIVATE
  7. #include "core/or/or.h"
  8. #include "test/test.h"
  9. #include "app/config/config.h"
  10. #include "lib/crypt_ops/crypto_rand.h"
  11. #include "feature/dirauth/dirvote.h"
  12. #include "feature/dirauth/shared_random.h"
  13. #include "feature/dirauth/shared_random_state.h"
  14. #include "test/log_test_helpers.h"
  15. #include "feature/nodelist/networkstatus.h"
  16. #include "feature/relay/router.h"
  17. #include "feature/relay/routerkeys.h"
  18. #include "feature/nodelist/authcert.h"
  19. #include "feature/nodelist/dirlist.h"
  20. #include "feature/dirparse/authcert_parse.h"
  21. #include "feature/dirparse/routerparse.h"
  22. #include "feature/hs_common/shared_random_client.h"
  23. #include "feature/dircommon/voting_schedule.h"
  24. #include "feature/dirclient/dir_server_st.h"
  25. #include "feature/nodelist/networkstatus_st.h"
  26. #include "app/config/or_state_st.h"
  27. #ifdef HAVE_SYS_STAT_H
  28. #include <sys/stat.h>
  29. #endif
  30. #ifdef _WIN32
  31. /* For mkdir */
  32. #include <direct.h>
  33. #endif
  34. static authority_cert_t *mock_cert;
  35. static authority_cert_t *
  36. get_my_v3_authority_cert_m(void)
  37. {
  38. tor_assert(mock_cert);
  39. return mock_cert;
  40. }
  41. static dir_server_t ds;
  42. static dir_server_t *
  43. trusteddirserver_get_by_v3_auth_digest_m(const char *digest)
  44. {
  45. (void) digest;
  46. /* The shared random code only need to know if a valid pointer to a dir
  47. * server object has been found so this is safe because it won't use the
  48. * pointer at all never. */
  49. return &ds;
  50. }
  51. /* Setup a minimal dirauth environment by initializing the SR state and
  52. * making sure the options are set to be an authority directory. */
  53. static void
  54. init_authority_state(void)
  55. {
  56. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  57. or_options_t *options = get_options_mutable();
  58. mock_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  59. tt_assert(mock_cert);
  60. options->AuthoritativeDir = 1;
  61. tt_int_op(load_ed_keys(options, time(NULL)), OP_GE, 0);
  62. sr_state_init(0, 0);
  63. /* It's possible a commit has been generated in our state depending on
  64. * the phase we are currently in which uses "now" as the starting
  65. * timestamp. Delete it before we do any testing below. */
  66. sr_state_delete_commits();
  67. done:
  68. UNMOCK(get_my_v3_authority_cert);
  69. }
  70. static void
  71. test_get_sr_protocol_phase(void *arg)
  72. {
  73. time_t the_time;
  74. sr_phase_t phase;
  75. int retval;
  76. (void) arg;
  77. /* Initialize SR state */
  78. init_authority_state();
  79. {
  80. retval = parse_rfc1123_time("Wed, 20 Apr 2015 23:59:00 UTC", &the_time);
  81. tt_int_op(retval, OP_EQ, 0);
  82. phase = get_sr_protocol_phase(the_time);
  83. tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL);
  84. }
  85. {
  86. retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:00 UTC", &the_time);
  87. tt_int_op(retval, OP_EQ, 0);
  88. phase = get_sr_protocol_phase(the_time);
  89. tt_int_op(phase, OP_EQ, SR_PHASE_COMMIT);
  90. }
  91. {
  92. retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:01 UTC", &the_time);
  93. tt_int_op(retval, OP_EQ, 0);
  94. phase = get_sr_protocol_phase(the_time);
  95. tt_int_op(phase, OP_EQ, SR_PHASE_COMMIT);
  96. }
  97. {
  98. retval = parse_rfc1123_time("Wed, 20 Apr 2015 11:59:00 UTC", &the_time);
  99. tt_int_op(retval, OP_EQ, 0);
  100. phase = get_sr_protocol_phase(the_time);
  101. tt_int_op(phase, OP_EQ, SR_PHASE_COMMIT);
  102. }
  103. {
  104. retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:00 UTC", &the_time);
  105. tt_int_op(retval, OP_EQ, 0);
  106. phase = get_sr_protocol_phase(the_time);
  107. tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL);
  108. }
  109. {
  110. retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:01 UTC", &the_time);
  111. tt_int_op(retval, OP_EQ, 0);
  112. phase = get_sr_protocol_phase(the_time);
  113. tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL);
  114. }
  115. {
  116. retval = parse_rfc1123_time("Wed, 20 Apr 2015 13:00:00 UTC", &the_time);
  117. tt_int_op(retval, OP_EQ, 0);
  118. phase = get_sr_protocol_phase(the_time);
  119. tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL);
  120. }
  121. done:
  122. ;
  123. }
  124. static networkstatus_t mock_consensus;
  125. /* Mock function to immediately return our local 'mock_consensus'. */
  126. static networkstatus_t *
  127. mock_networkstatus_get_live_consensus(time_t now)
  128. {
  129. (void) now;
  130. return &mock_consensus;
  131. }
  132. static void
  133. test_get_state_valid_until_time(void *arg)
  134. {
  135. time_t current_time;
  136. time_t valid_until_time;
  137. char tbuf[ISO_TIME_LEN + 1];
  138. int retval;
  139. (void) arg;
  140. MOCK(networkstatus_get_live_consensus,
  141. mock_networkstatus_get_live_consensus);
  142. retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC",
  143. &mock_consensus.fresh_until);
  144. tt_int_op(retval, OP_EQ, 0);
  145. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  146. &mock_consensus.valid_after);
  147. tt_int_op(retval, OP_EQ, 0);
  148. {
  149. /* Get the valid until time if called at 00:00:01 */
  150. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
  151. &current_time);
  152. tt_int_op(retval, OP_EQ, 0);
  153. voting_schedule_recalculate_timing(get_options(), current_time);
  154. valid_until_time = get_state_valid_until_time(current_time);
  155. /* Compare it with the correct result */
  156. format_iso_time(tbuf, valid_until_time);
  157. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  158. }
  159. {
  160. retval = parse_rfc1123_time("Mon, 20 Apr 2015 19:22:00 UTC",
  161. &current_time);
  162. tt_int_op(retval, OP_EQ, 0);
  163. voting_schedule_recalculate_timing(get_options(), current_time);
  164. valid_until_time = get_state_valid_until_time(current_time);
  165. format_iso_time(tbuf, valid_until_time);
  166. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  167. }
  168. {
  169. retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:59:00 UTC",
  170. &current_time);
  171. tt_int_op(retval, OP_EQ, 0);
  172. voting_schedule_recalculate_timing(get_options(), current_time);
  173. valid_until_time = get_state_valid_until_time(current_time);
  174. format_iso_time(tbuf, valid_until_time);
  175. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  176. }
  177. {
  178. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  179. &current_time);
  180. tt_int_op(retval, OP_EQ, 0);
  181. voting_schedule_recalculate_timing(get_options(), current_time);
  182. valid_until_time = get_state_valid_until_time(current_time);
  183. format_iso_time(tbuf, valid_until_time);
  184. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  185. }
  186. done:
  187. UNMOCK(networkstatus_get_live_consensus);
  188. }
  189. /** Test the function that calculates the start time of the current SRV
  190. * protocol run. */
  191. static void
  192. test_get_start_time_of_current_run(void *arg)
  193. {
  194. int retval;
  195. char tbuf[ISO_TIME_LEN + 1];
  196. time_t current_time, run_start_time;
  197. (void) arg;
  198. MOCK(networkstatus_get_live_consensus,
  199. mock_networkstatus_get_live_consensus);
  200. retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC",
  201. &mock_consensus.fresh_until);
  202. tt_int_op(retval, OP_EQ, 0);
  203. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  204. &mock_consensus.valid_after);
  205. tt_int_op(retval, OP_EQ, 0);
  206. {
  207. /* Get start time if called at 00:00:01 */
  208. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
  209. &current_time);
  210. tt_int_op(retval, OP_EQ, 0);
  211. voting_schedule_recalculate_timing(get_options(), current_time);
  212. run_start_time = sr_state_get_start_time_of_current_protocol_run();
  213. /* Compare it with the correct result */
  214. format_iso_time(tbuf, run_start_time);
  215. tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf);
  216. }
  217. {
  218. retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:59:59 UTC",
  219. &current_time);
  220. tt_int_op(retval, OP_EQ, 0);
  221. voting_schedule_recalculate_timing(get_options(), current_time);
  222. run_start_time = sr_state_get_start_time_of_current_protocol_run();
  223. /* Compare it with the correct result */
  224. format_iso_time(tbuf, run_start_time);
  225. tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf);
  226. }
  227. {
  228. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  229. &current_time);
  230. tt_int_op(retval, OP_EQ, 0);
  231. voting_schedule_recalculate_timing(get_options(), current_time);
  232. run_start_time = sr_state_get_start_time_of_current_protocol_run();
  233. /* Compare it with the correct result */
  234. format_iso_time(tbuf, run_start_time);
  235. tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf);
  236. }
  237. {
  238. /* We want the local time to be past midnight, but the current consensus to
  239. * have valid-after 23:00 (e.g. this can happen if we fetch a new consensus
  240. * at 00:08 before dircaches have a chance to get the midnight consensus).
  241. *
  242. * Basically, we want to cause a desynch between ns->valid_after (23:00)
  243. * and the voting_schedule.interval_starts (01:00), to make sure that
  244. * sr_state_get_start_time_of_current_protocol_run() handles it gracefully:
  245. * It should actually follow the local consensus time and not the voting
  246. * schedule (which is designed for authority voting purposes). */
  247. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  248. &mock_consensus.fresh_until);
  249. tt_int_op(retval, OP_EQ, 0);
  250. retval = parse_rfc1123_time("Mon, 19 Apr 2015 23:00:00 UTC",
  251. &mock_consensus.valid_after);
  252. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:08:00 UTC",
  253. &current_time);
  254. tt_int_op(retval, OP_EQ, 0);
  255. update_approx_time(current_time);
  256. voting_schedule_recalculate_timing(get_options(), current_time);
  257. run_start_time = sr_state_get_start_time_of_current_protocol_run();
  258. /* Compare it with the correct result */
  259. format_iso_time(tbuf, run_start_time);
  260. tt_str_op("2015-04-19 00:00:00", OP_EQ, tbuf);
  261. /* Check that voting_schedule.interval_starts is at 01:00 (see above) */
  262. time_t interval_starts = voting_schedule_get_next_valid_after_time();
  263. format_iso_time(tbuf, interval_starts);
  264. tt_str_op("2015-04-20 01:00:00", OP_EQ, tbuf);
  265. }
  266. /* Next test is testing it without a consensus to use the testing voting
  267. * interval . */
  268. UNMOCK(networkstatus_get_live_consensus);
  269. /* Now let's alter the voting schedule and check the correctness of the
  270. * function. Voting interval of 10 seconds, means that an SRV protocol run
  271. * takes 10 seconds * 24 rounds = 4 mins */
  272. {
  273. or_options_t *options = get_options_mutable();
  274. options->V3AuthVotingInterval = 10;
  275. options->TestingV3AuthInitialVotingInterval = 10;
  276. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:15:32 UTC",
  277. &current_time);
  278. tt_int_op(retval, OP_EQ, 0);
  279. voting_schedule_recalculate_timing(get_options(), current_time);
  280. run_start_time = sr_state_get_start_time_of_current_protocol_run();
  281. /* Compare it with the correct result */
  282. format_iso_time(tbuf, run_start_time);
  283. tt_str_op("2015-04-20 00:12:00", OP_EQ, tbuf);
  284. }
  285. done:
  286. ;
  287. }
  288. /** Do some rudimentary consistency checks between the functions that
  289. * understand the shared random protocol schedule */
  290. static void
  291. test_get_start_time_functions(void *arg)
  292. {
  293. (void) arg;
  294. int retval;
  295. MOCK(networkstatus_get_live_consensus,
  296. mock_networkstatus_get_live_consensus);
  297. retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC",
  298. &mock_consensus.fresh_until);
  299. tt_int_op(retval, OP_EQ, 0);
  300. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  301. &mock_consensus.valid_after);
  302. tt_int_op(retval, OP_EQ, 0);
  303. time_t now = mock_consensus.valid_after;
  304. voting_schedule_recalculate_timing(get_options(), now);
  305. time_t start_time_of_protocol_run =
  306. sr_state_get_start_time_of_current_protocol_run();
  307. tt_assert(start_time_of_protocol_run);
  308. /* Check that the round start time of the beginning of the run, is itself */
  309. tt_int_op(get_start_time_of_current_round(), OP_EQ,
  310. start_time_of_protocol_run);
  311. done:
  312. UNMOCK(networkstatus_get_live_consensus);
  313. }
  314. static void
  315. test_get_sr_protocol_duration(void *arg)
  316. {
  317. (void) arg;
  318. /* Check that by default an SR phase is 12 hours */
  319. tt_int_op(sr_state_get_phase_duration(), OP_EQ, 12*60*60);
  320. tt_int_op(sr_state_get_protocol_run_duration(), OP_EQ, 24*60*60);
  321. /* Now alter the voting interval and check that the SR phase is 2 mins long
  322. * if voting happens every 10 seconds (10*12 seconds = 2 mins) */
  323. or_options_t *options = get_options_mutable();
  324. options->V3AuthVotingInterval = 10;
  325. tt_int_op(sr_state_get_phase_duration(), OP_EQ, 2*60);
  326. tt_int_op(sr_state_get_protocol_run_duration(), OP_EQ, 4*60);
  327. done: ;
  328. }
  329. /* In this test we are going to generate a sr_commit_t object and validate
  330. * it. We first generate our values, and then we parse them as if they were
  331. * received from the network. After we parse both the commit and the reveal,
  332. * we verify that they indeed match. */
  333. static void
  334. test_sr_commit(void *arg)
  335. {
  336. authority_cert_t *auth_cert = NULL;
  337. time_t now = time(NULL);
  338. sr_commit_t *our_commit = NULL;
  339. smartlist_t *args = smartlist_new();
  340. sr_commit_t *parsed_commit = NULL;
  341. (void) arg;
  342. { /* Setup a minimal dirauth environment for this test */
  343. or_options_t *options = get_options_mutable();
  344. auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  345. tt_assert(auth_cert);
  346. options->AuthoritativeDir = 1;
  347. tt_int_op(load_ed_keys(options, time(NULL)), OP_GE, 0);
  348. }
  349. /* Generate our commit object and validate it has the appropriate field
  350. * that we can then use to build a representation that we'll find in a
  351. * vote coming from the network. */
  352. {
  353. sr_commit_t test_commit;
  354. our_commit = sr_generate_our_commit(now, auth_cert);
  355. tt_assert(our_commit);
  356. /* Default and only supported algorithm for now. */
  357. tt_assert(our_commit->alg == DIGEST_SHA3_256);
  358. /* We should have a reveal value. */
  359. tt_assert(commit_has_reveal_value(our_commit));
  360. /* We should have a random value. */
  361. tt_assert(!tor_mem_is_zero((char *) our_commit->random_number,
  362. sizeof(our_commit->random_number)));
  363. /* Commit and reveal timestamp should be the same. */
  364. tt_u64_op(our_commit->commit_ts, OP_EQ, our_commit->reveal_ts);
  365. /* We should have a hashed reveal. */
  366. tt_assert(!tor_mem_is_zero(our_commit->hashed_reveal,
  367. sizeof(our_commit->hashed_reveal)));
  368. /* Do we have a valid encoded commit and reveal. Note the following only
  369. * tests if the generated values are correct. Their could be a bug in
  370. * the decode function but we test them separately. */
  371. tt_int_op(0, OP_EQ, reveal_decode(our_commit->encoded_reveal,
  372. &test_commit));
  373. tt_int_op(0, OP_EQ, commit_decode(our_commit->encoded_commit,
  374. &test_commit));
  375. tt_int_op(0, OP_EQ, verify_commit_and_reveal(our_commit));
  376. }
  377. /* Let's make sure our verify commit and reveal function works. We'll
  378. * make it fail a bit with known failure case. */
  379. {
  380. /* Copy our commit so we don't alter it for the rest of testing. */
  381. sr_commit_t test_commit;
  382. memcpy(&test_commit, our_commit, sizeof(test_commit));
  383. /* Timestamp MUST match. */
  384. test_commit.commit_ts = test_commit.reveal_ts - 42;
  385. setup_full_capture_of_logs(LOG_WARN);
  386. tt_int_op(-1, OP_EQ, verify_commit_and_reveal(&test_commit));
  387. expect_log_msg_containing("doesn't match reveal timestamp");
  388. teardown_capture_of_logs();
  389. memcpy(&test_commit, our_commit, sizeof(test_commit));
  390. tt_int_op(0, OP_EQ, verify_commit_and_reveal(&test_commit));
  391. /* Hashed reveal must match the H(encoded_reveal). */
  392. memset(test_commit.hashed_reveal, 'X',
  393. sizeof(test_commit.hashed_reveal));
  394. setup_full_capture_of_logs(LOG_WARN);
  395. tt_int_op(-1, OP_EQ, verify_commit_and_reveal(&test_commit));
  396. expect_single_log_msg_containing("doesn't match the commit value");
  397. teardown_capture_of_logs();
  398. memcpy(&test_commit, our_commit, sizeof(test_commit));
  399. tt_int_op(0, OP_EQ, verify_commit_and_reveal(&test_commit));
  400. }
  401. /* We'll build a list of values from our commit that our parsing function
  402. * takes from a vote line and see if we can parse it correctly. */
  403. {
  404. smartlist_add_strdup(args, "1");
  405. smartlist_add_strdup(args,
  406. crypto_digest_algorithm_get_name(our_commit->alg));
  407. smartlist_add_strdup(args, sr_commit_get_rsa_fpr(our_commit));
  408. smartlist_add_strdup(args, our_commit->encoded_commit);
  409. smartlist_add_strdup(args, our_commit->encoded_reveal);
  410. parsed_commit = sr_parse_commit(args);
  411. tt_assert(parsed_commit);
  412. /* That parsed commit should be _EXACTLY_ like our original commit (we
  413. * have to explicitly set the valid flag though). */
  414. parsed_commit->valid = 1;
  415. tt_mem_op(parsed_commit, OP_EQ, our_commit, sizeof(*parsed_commit));
  416. /* Cleanup */
  417. }
  418. done:
  419. teardown_capture_of_logs();
  420. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  421. smartlist_free(args);
  422. sr_commit_free(our_commit);
  423. sr_commit_free(parsed_commit);
  424. authority_cert_free(auth_cert);
  425. }
  426. /* Test the encoding and decoding function for commit and reveal values. */
  427. static void
  428. test_encoding(void *arg)
  429. {
  430. (void) arg;
  431. int ret;
  432. /* Random number is 32 bytes. */
  433. char raw_rand[32];
  434. time_t ts = 1454333590;
  435. char hashed_rand[DIGEST256_LEN], hashed_reveal[DIGEST256_LEN];
  436. sr_commit_t parsed_commit;
  437. /* Those values were generated by sr_commit_calc_ref.py where the random
  438. * value is 32 'A' and timestamp is the one in ts. */
  439. static const char *encoded_reveal =
  440. "AAAAAFavXpZJxbwTupvaJCTeIUCQmOPxAMblc7ChL5H2nZKuGchdaA==";
  441. static const char *encoded_commit =
  442. "AAAAAFavXpbkBMzMQG7aNoaGLFNpm2Wkk1ozXhuWWqL//GynltxVAg==";
  443. /* Set up our raw random bytes array. */
  444. memset(raw_rand, 'A', sizeof(raw_rand));
  445. /* Hash random number because we don't expose bytes of the RNG. */
  446. ret = crypto_digest256(hashed_rand, raw_rand,
  447. sizeof(raw_rand), SR_DIGEST_ALG);
  448. tt_int_op(0, OP_EQ, ret);
  449. /* Hash reveal value. */
  450. tt_int_op(SR_REVEAL_BASE64_LEN, OP_EQ, strlen(encoded_reveal));
  451. ret = crypto_digest256(hashed_reveal, encoded_reveal,
  452. strlen(encoded_reveal), SR_DIGEST_ALG);
  453. tt_int_op(0, OP_EQ, ret);
  454. tt_int_op(SR_COMMIT_BASE64_LEN, OP_EQ, strlen(encoded_commit));
  455. /* Test our commit/reveal decode functions. */
  456. {
  457. /* Test the reveal encoded value. */
  458. tt_int_op(0, OP_EQ, reveal_decode(encoded_reveal, &parsed_commit));
  459. tt_u64_op(ts, OP_EQ, parsed_commit.reveal_ts);
  460. tt_mem_op(hashed_rand, OP_EQ, parsed_commit.random_number,
  461. sizeof(hashed_rand));
  462. /* Test the commit encoded value. */
  463. memset(&parsed_commit, 0, sizeof(parsed_commit));
  464. tt_int_op(0, OP_EQ, commit_decode(encoded_commit, &parsed_commit));
  465. tt_u64_op(ts, OP_EQ, parsed_commit.commit_ts);
  466. tt_mem_op(encoded_commit, OP_EQ, parsed_commit.encoded_commit,
  467. sizeof(parsed_commit.encoded_commit));
  468. tt_mem_op(hashed_reveal, OP_EQ, parsed_commit.hashed_reveal,
  469. sizeof(hashed_reveal));
  470. }
  471. /* Test our commit/reveal encode functions. */
  472. {
  473. /* Test the reveal encode. */
  474. char encoded[SR_REVEAL_BASE64_LEN + 1];
  475. parsed_commit.reveal_ts = ts;
  476. memcpy(parsed_commit.random_number, hashed_rand,
  477. sizeof(parsed_commit.random_number));
  478. ret = reveal_encode(&parsed_commit, encoded, sizeof(encoded));
  479. tt_int_op(SR_REVEAL_BASE64_LEN, OP_EQ, ret);
  480. tt_mem_op(encoded_reveal, OP_EQ, encoded, strlen(encoded_reveal));
  481. }
  482. {
  483. /* Test the commit encode. */
  484. char encoded[SR_COMMIT_BASE64_LEN + 1];
  485. parsed_commit.commit_ts = ts;
  486. memcpy(parsed_commit.hashed_reveal, hashed_reveal,
  487. sizeof(parsed_commit.hashed_reveal));
  488. ret = commit_encode(&parsed_commit, encoded, sizeof(encoded));
  489. tt_int_op(SR_COMMIT_BASE64_LEN, OP_EQ, ret);
  490. tt_mem_op(encoded_commit, OP_EQ, encoded, strlen(encoded_commit));
  491. }
  492. done:
  493. ;
  494. }
  495. /** Setup some SRVs in our SR state. If <b>also_current</b> is set, then set
  496. * both current and previous SRVs.
  497. * Helper of test_vote() and test_sr_compute_srv(). */
  498. static void
  499. test_sr_setup_srv(int also_current)
  500. {
  501. sr_srv_t *srv = tor_malloc_zero(sizeof(sr_srv_t));
  502. srv->num_reveals = 42;
  503. memcpy(srv->value,
  504. "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
  505. sizeof(srv->value));
  506. sr_state_set_previous_srv(srv);
  507. if (also_current) {
  508. srv = tor_malloc_zero(sizeof(sr_srv_t));
  509. srv->num_reveals = 128;
  510. memcpy(srv->value,
  511. "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN",
  512. sizeof(srv->value));
  513. sr_state_set_current_srv(srv);
  514. }
  515. }
  516. /* Test anything that has to do with SR protocol and vote. */
  517. static void
  518. test_vote(void *arg)
  519. {
  520. int ret;
  521. time_t now = time(NULL);
  522. sr_commit_t *our_commit = NULL;
  523. (void) arg;
  524. MOCK(trusteddirserver_get_by_v3_auth_digest,
  525. trusteddirserver_get_by_v3_auth_digest_m);
  526. { /* Setup a minimal dirauth environment for this test */
  527. init_authority_state();
  528. /* Set ourself in reveal phase so we can parse the reveal value in the
  529. * vote as well. */
  530. set_sr_phase(SR_PHASE_REVEAL);
  531. }
  532. /* Generate our commit object and validate it has the appropriate field
  533. * that we can then use to build a representation that we'll find in a
  534. * vote coming from the network. */
  535. {
  536. sr_commit_t *saved_commit;
  537. our_commit = sr_generate_our_commit(now, mock_cert);
  538. tt_assert(our_commit);
  539. sr_state_add_commit(our_commit);
  540. /* Make sure it's there. */
  541. saved_commit = sr_state_get_commit(our_commit->rsa_identity);
  542. tt_assert(saved_commit);
  543. }
  544. /* Also setup the SRVs */
  545. test_sr_setup_srv(1);
  546. { /* Now test the vote generation */
  547. smartlist_t *chunks = smartlist_new();
  548. smartlist_t *tokens = smartlist_new();
  549. /* Get our vote line and validate it. */
  550. char *lines = sr_get_string_for_vote();
  551. tt_assert(lines);
  552. /* Split the lines. We expect 2 here. */
  553. ret = smartlist_split_string(chunks, lines, "\n", SPLIT_IGNORE_BLANK, 0);
  554. tt_int_op(ret, OP_EQ, 4);
  555. tt_str_op(smartlist_get(chunks, 0), OP_EQ, "shared-rand-participate");
  556. /* Get our commitment line and will validate it against our commit. The
  557. * format is as follow:
  558. * "shared-rand-commitment" SP version SP algname SP identity
  559. * SP COMMIT [SP REVEAL] NL
  560. */
  561. char *commit_line = smartlist_get(chunks, 1);
  562. tt_assert(commit_line);
  563. ret = smartlist_split_string(tokens, commit_line, " ", 0, 0);
  564. tt_int_op(ret, OP_EQ, 6);
  565. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-commit");
  566. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "1");
  567. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  568. crypto_digest_algorithm_get_name(DIGEST_SHA3_256));
  569. char digest[DIGEST_LEN];
  570. base16_decode(digest, sizeof(digest), smartlist_get(tokens, 3),
  571. HEX_DIGEST_LEN);
  572. tt_mem_op(digest, OP_EQ, our_commit->rsa_identity, sizeof(digest));
  573. tt_str_op(smartlist_get(tokens, 4), OP_EQ, our_commit->encoded_commit);
  574. tt_str_op(smartlist_get(tokens, 5), OP_EQ, our_commit->encoded_reveal)
  575. ;
  576. /* Finally, does this vote line creates a valid commit object? */
  577. smartlist_t *args = smartlist_new();
  578. smartlist_add(args, smartlist_get(tokens, 1));
  579. smartlist_add(args, smartlist_get(tokens, 2));
  580. smartlist_add(args, smartlist_get(tokens, 3));
  581. smartlist_add(args, smartlist_get(tokens, 4));
  582. smartlist_add(args, smartlist_get(tokens, 5));
  583. sr_commit_t *parsed_commit = sr_parse_commit(args);
  584. tt_assert(parsed_commit);
  585. /* Set valid flag explicitly here to compare since it's not set by
  586. * simply parsing the commit. */
  587. parsed_commit->valid = 1;
  588. tt_mem_op(parsed_commit, OP_EQ, our_commit, sizeof(*our_commit));
  589. /* minor cleanup */
  590. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  591. smartlist_clear(tokens);
  592. /* Now test the previous SRV */
  593. char *prev_srv_line = smartlist_get(chunks, 2);
  594. tt_assert(prev_srv_line);
  595. ret = smartlist_split_string(tokens, prev_srv_line, " ", 0, 0);
  596. tt_int_op(ret, OP_EQ, 3);
  597. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-previous-value");
  598. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "42");
  599. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  600. "WlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo=");
  601. /* minor cleanup */
  602. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  603. smartlist_clear(tokens);
  604. /* Now test the current SRV */
  605. char *current_srv_line = smartlist_get(chunks, 3);
  606. tt_assert(current_srv_line);
  607. ret = smartlist_split_string(tokens, current_srv_line, " ", 0, 0);
  608. tt_int_op(ret, OP_EQ, 3);
  609. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-current-value");
  610. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "128");
  611. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  612. "Tk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk4=");
  613. /* Clean up */
  614. sr_commit_free(parsed_commit);
  615. SMARTLIST_FOREACH(chunks, char *, s, tor_free(s));
  616. smartlist_free(chunks);
  617. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  618. smartlist_free(tokens);
  619. smartlist_clear(args);
  620. smartlist_free(args);
  621. tor_free(lines);
  622. }
  623. done:
  624. sr_commit_free(our_commit);
  625. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  626. }
  627. static const char *sr_state_str = "Version 1\n"
  628. "TorVersion 0.2.9.0-alpha-dev\n"
  629. "ValidAfter 2037-04-19 07:16:00\n"
  630. "ValidUntil 2037-04-20 07:16:00\n"
  631. "Commit 1 sha3-256 FA3CEC2C99DC68D3166B9B6E4FA21A4026C2AB1C "
  632. "7M8GdubCAAdh7WUG0DiwRyxTYRKji7HATa7LLJEZ/UAAAAAAVmfUSg== "
  633. "AAAAAFZn1EojfIheIw42bjK3VqkpYyjsQFSbv/dxNna3Q8hUEPKpOw==\n"
  634. "Commit 1 sha3-256 41E89EDFBFBA44983E21F18F2230A4ECB5BFB543 "
  635. "17aUsYuMeRjd2N1r8yNyg7aHqRa6gf4z7QPoxxAZbp0AAAAAVmfUSg==\n"
  636. "Commit 1 sha3-256 36637026573A04110CF3E6B1D201FB9A98B88734 "
  637. "DDDYtripvdOU+XPEUm5xpU64d9IURSds1xSwQsgeB8oAAAAAVmfUSg==\n"
  638. "SharedRandPreviousValue 4 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=\n"
  639. "SharedRandCurrentValue 3 8dWeW12KEzTGEiLGgO1UVJ7Z91CekoRcxt6Q9KhnOFI=\n";
  640. /** Create an SR disk state, parse it and validate that the parsing went
  641. * well. Yes! */
  642. static void
  643. test_state_load_from_disk(void *arg)
  644. {
  645. int ret;
  646. char *dir = tor_strdup(get_fname("test_sr_state"));
  647. char *sr_state_path = tor_strdup(get_fname("test_sr_state/sr_state"));
  648. sr_state_t *the_sr_state = NULL;
  649. (void) arg;
  650. MOCK(trusteddirserver_get_by_v3_auth_digest,
  651. trusteddirserver_get_by_v3_auth_digest_m);
  652. /* First try with a nonexistent path. */
  653. ret = disk_state_load_from_disk_impl("NONEXISTENTNONEXISTENT");
  654. tt_int_op(ret, OP_EQ, -ENOENT);
  655. /* Now create a mock state directory and state file */
  656. #ifdef _WIN32
  657. ret = mkdir(dir);
  658. #else
  659. ret = mkdir(dir, 0700);
  660. #endif
  661. tt_int_op(ret, OP_EQ, 0);
  662. ret = write_str_to_file(sr_state_path, sr_state_str, 0);
  663. tt_int_op(ret, OP_EQ, 0);
  664. /* Try to load the directory itself. Should fail. */
  665. ret = disk_state_load_from_disk_impl(dir);
  666. tt_int_op(ret, OP_LT, 0);
  667. /* State should be non-existent at this point. */
  668. the_sr_state = get_sr_state();
  669. tt_ptr_op(the_sr_state, OP_EQ, NULL);
  670. /* Now try to load the correct file! */
  671. ret = disk_state_load_from_disk_impl(sr_state_path);
  672. tt_int_op(ret, OP_EQ, 0);
  673. /* Check the content of the state */
  674. /* XXX check more deeply!!! */
  675. the_sr_state = get_sr_state();
  676. tt_assert(the_sr_state);
  677. tt_assert(the_sr_state->version == 1);
  678. tt_assert(digestmap_size(the_sr_state->commits) == 3);
  679. tt_assert(the_sr_state->current_srv);
  680. tt_assert(the_sr_state->current_srv->num_reveals == 3);
  681. tt_assert(the_sr_state->previous_srv);
  682. /* XXX Now also try loading corrupted state files and make sure parsing
  683. fails */
  684. done:
  685. tor_free(dir);
  686. tor_free(sr_state_path);
  687. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  688. }
  689. /** Generate three specially crafted commits (based on the test
  690. * vector at sr_srv_calc_ref.py). Helper of test_sr_compute_srv(). */
  691. static void
  692. test_sr_setup_commits(void)
  693. {
  694. time_t now = time(NULL);
  695. sr_commit_t *commit_a, *commit_b, *commit_c, *commit_d;
  696. sr_commit_t *place_holder = tor_malloc_zero(sizeof(*place_holder));
  697. authority_cert_t *auth_cert = NULL;
  698. { /* Setup a minimal dirauth environment for this test */
  699. or_options_t *options = get_options_mutable();
  700. auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  701. tt_assert(auth_cert);
  702. options->AuthoritativeDir = 1;
  703. tt_int_op(0, OP_EQ, load_ed_keys(options, now));
  704. }
  705. /* Generate three dummy commits according to sr_srv_calc_ref.py . Then
  706. register them to the SR state. Also register a fourth commit 'd' with no
  707. reveal info, to make sure that it will get ignored during SRV
  708. calculation. */
  709. { /* Commit from auth 'a' */
  710. commit_a = sr_generate_our_commit(now, auth_cert);
  711. tt_assert(commit_a);
  712. /* Do some surgery on the commit */
  713. memset(commit_a->rsa_identity, 'A', sizeof(commit_a->rsa_identity));
  714. base16_encode(commit_a->rsa_identity_hex,
  715. sizeof(commit_a->rsa_identity_hex), commit_a->rsa_identity,
  716. sizeof(commit_a->rsa_identity));
  717. strlcpy(commit_a->encoded_reveal,
  718. "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
  719. sizeof(commit_a->encoded_reveal));
  720. memcpy(commit_a->hashed_reveal,
  721. "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
  722. sizeof(commit_a->hashed_reveal));
  723. }
  724. { /* Commit from auth 'b' */
  725. commit_b = sr_generate_our_commit(now, auth_cert);
  726. tt_assert(commit_b);
  727. /* Do some surgery on the commit */
  728. memset(commit_b->rsa_identity, 'B', sizeof(commit_b->rsa_identity));
  729. base16_encode(commit_b->rsa_identity_hex,
  730. sizeof(commit_b->rsa_identity_hex), commit_b->rsa_identity,
  731. sizeof(commit_b->rsa_identity));
  732. strlcpy(commit_b->encoded_reveal,
  733. "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
  734. sizeof(commit_b->encoded_reveal));
  735. memcpy(commit_b->hashed_reveal,
  736. "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
  737. sizeof(commit_b->hashed_reveal));
  738. }
  739. { /* Commit from auth 'c' */
  740. commit_c = sr_generate_our_commit(now, auth_cert);
  741. tt_assert(commit_c);
  742. /* Do some surgery on the commit */
  743. memset(commit_c->rsa_identity, 'C', sizeof(commit_c->rsa_identity));
  744. base16_encode(commit_c->rsa_identity_hex,
  745. sizeof(commit_c->rsa_identity_hex), commit_c->rsa_identity,
  746. sizeof(commit_c->rsa_identity));
  747. strlcpy(commit_c->encoded_reveal,
  748. "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
  749. sizeof(commit_c->encoded_reveal));
  750. memcpy(commit_c->hashed_reveal,
  751. "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
  752. sizeof(commit_c->hashed_reveal));
  753. }
  754. { /* Commit from auth 'd' */
  755. commit_d = sr_generate_our_commit(now, auth_cert);
  756. tt_assert(commit_d);
  757. /* Do some surgery on the commit */
  758. memset(commit_d->rsa_identity, 'D', sizeof(commit_d->rsa_identity));
  759. base16_encode(commit_d->rsa_identity_hex,
  760. sizeof(commit_d->rsa_identity_hex), commit_d->rsa_identity,
  761. sizeof(commit_d->rsa_identity));
  762. strlcpy(commit_d->encoded_reveal,
  763. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
  764. sizeof(commit_d->encoded_reveal));
  765. memcpy(commit_d->hashed_reveal,
  766. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
  767. sizeof(commit_d->hashed_reveal));
  768. /* Clean up its reveal info */
  769. memcpy(place_holder, commit_d, sizeof(*place_holder));
  770. memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal));
  771. tt_assert(!commit_has_reveal_value(commit_d));
  772. }
  773. /* Register commits to state (during commit phase) */
  774. set_sr_phase(SR_PHASE_COMMIT);
  775. save_commit_to_state(commit_a);
  776. save_commit_to_state(commit_b);
  777. save_commit_to_state(commit_c);
  778. save_commit_to_state(commit_d);
  779. tt_int_op(digestmap_size(get_sr_state()->commits), OP_EQ, 4);
  780. /* Now during REVEAL phase save commit D by restoring its reveal. */
  781. set_sr_phase(SR_PHASE_REVEAL);
  782. save_commit_to_state(place_holder);
  783. place_holder = NULL;
  784. tt_str_op(commit_d->encoded_reveal, OP_EQ,
  785. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD");
  786. /* Go back to an empty encoded reveal value. */
  787. memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal));
  788. memset(commit_d->random_number, 0, sizeof(commit_d->random_number));
  789. tt_assert(!commit_has_reveal_value(commit_d));
  790. done:
  791. tor_free(place_holder);
  792. authority_cert_free(auth_cert);
  793. }
  794. /** Verify that the SRV generation procedure is proper by testing it against
  795. * the test vector from ./sr_srv_calc_ref.py. */
  796. static void
  797. test_sr_compute_srv(void *arg)
  798. {
  799. (void) arg;
  800. const sr_srv_t *current_srv = NULL;
  801. #define SRV_TEST_VECTOR \
  802. "2A9B1D6237DAB312A40F575DA85C147663E7ED3F80E9555395F15B515C74253D"
  803. MOCK(trusteddirserver_get_by_v3_auth_digest,
  804. trusteddirserver_get_by_v3_auth_digest_m);
  805. init_authority_state();
  806. /* Setup the commits for this unittest */
  807. test_sr_setup_commits();
  808. test_sr_setup_srv(0);
  809. /* Now switch to reveal phase */
  810. set_sr_phase(SR_PHASE_REVEAL);
  811. /* Compute the SRV */
  812. sr_compute_srv();
  813. /* Check the result against the test vector */
  814. current_srv = sr_state_get_current_srv();
  815. tt_assert(current_srv);
  816. tt_u64_op(current_srv->num_reveals, OP_EQ, 3);
  817. tt_str_op(hex_str((char*)current_srv->value, 32),
  818. OP_EQ,
  819. SRV_TEST_VECTOR);
  820. done:
  821. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  822. }
  823. /** Return a minimal vote document with a current SRV value set to
  824. * <b>srv</b>. */
  825. static networkstatus_t *
  826. get_test_vote_with_curr_srv(const char *srv)
  827. {
  828. networkstatus_t *vote = tor_malloc_zero(sizeof(networkstatus_t));
  829. vote->type = NS_TYPE_VOTE;
  830. vote->sr_info.participate = 1;
  831. vote->sr_info.current_srv = tor_malloc_zero(sizeof(sr_srv_t));
  832. vote->sr_info.current_srv->num_reveals = 42;
  833. memcpy(vote->sr_info.current_srv->value,
  834. srv,
  835. sizeof(vote->sr_info.current_srv->value));
  836. return vote;
  837. }
  838. /* Test the function that picks the right SRV given a bunch of votes. Make sure
  839. * that the function returns an SRV iff the majority/agreement requirements are
  840. * met. */
  841. static void
  842. test_sr_get_majority_srv_from_votes(void *arg)
  843. {
  844. sr_srv_t *chosen_srv;
  845. smartlist_t *votes = smartlist_new();
  846. #define SRV_1 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
  847. #define SRV_2 "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
  848. (void) arg;
  849. init_authority_state();
  850. /* Make sure our SRV is fresh so we can consider the super majority with
  851. * the consensus params of number of agreements needed. */
  852. sr_state_set_fresh_srv();
  853. /* The test relies on the dirauth list being initialized. */
  854. clear_dir_servers();
  855. add_default_trusted_dir_authorities(V3_DIRINFO);
  856. { /* Prepare voting environment with just a single vote. */
  857. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  858. smartlist_add(votes, vote);
  859. }
  860. /* Since it's only one vote with an SRV, it should not achieve majority and
  861. hence no SRV will be returned. */
  862. chosen_srv = get_majority_srv_from_votes(votes, 1);
  863. tt_ptr_op(chosen_srv, OP_EQ, NULL);
  864. { /* Now put in 8 more votes. Let SRV_1 have majority. */
  865. int i;
  866. /* Now 7 votes believe in SRV_1 */
  867. for (i = 0; i < 3; i++) {
  868. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  869. smartlist_add(votes, vote);
  870. }
  871. /* and 2 votes believe in SRV_2 */
  872. for (i = 0; i < 2; i++) {
  873. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_2);
  874. smartlist_add(votes, vote);
  875. }
  876. for (i = 0; i < 3; i++) {
  877. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  878. smartlist_add(votes, vote);
  879. }
  880. tt_int_op(smartlist_len(votes), OP_EQ, 9);
  881. }
  882. /* Now we achieve majority for SRV_1, but not the AuthDirNumSRVAgreements
  883. requirement. So still not picking an SRV. */
  884. set_num_srv_agreements(8);
  885. chosen_srv = get_majority_srv_from_votes(votes, 1);
  886. tt_ptr_op(chosen_srv, OP_EQ, NULL);
  887. /* We will now lower the AuthDirNumSRVAgreements requirement by tweaking the
  888. * consensus parameter and we will try again. This time it should work. */
  889. set_num_srv_agreements(7);
  890. chosen_srv = get_majority_srv_from_votes(votes, 1);
  891. tt_assert(chosen_srv);
  892. tt_u64_op(chosen_srv->num_reveals, OP_EQ, 42);
  893. tt_mem_op(chosen_srv->value, OP_EQ, SRV_1, sizeof(chosen_srv->value));
  894. done:
  895. SMARTLIST_FOREACH(votes, networkstatus_t *, vote,
  896. networkstatus_vote_free(vote));
  897. smartlist_free(votes);
  898. }
  899. static void
  900. test_utils(void *arg)
  901. {
  902. (void) arg;
  903. /* Testing srv_dup(). */
  904. {
  905. sr_srv_t *srv = NULL, *dup_srv = NULL;
  906. const char *srv_value =
  907. "1BDB7C3E973936E4D13A49F37C859B3DC69C429334CF9412E3FEF6399C52D47A";
  908. srv = tor_malloc_zero(sizeof(*srv));
  909. srv->num_reveals = 42;
  910. memcpy(srv->value, srv_value, sizeof(srv->value));
  911. dup_srv = srv_dup(srv);
  912. tt_assert(dup_srv);
  913. tt_u64_op(dup_srv->num_reveals, OP_EQ, srv->num_reveals);
  914. tt_mem_op(dup_srv->value, OP_EQ, srv->value, sizeof(srv->value));
  915. tor_free(srv);
  916. tor_free(dup_srv);
  917. }
  918. /* Testing commitments_are_the_same(). Currently, the check is to test the
  919. * value of the encoded commit so let's make sure that actually works. */
  920. {
  921. /* Payload of 57 bytes that is the length of sr_commit_t->encoded_commit.
  922. * 56 bytes of payload and a NUL terminated byte at the end ('\x00')
  923. * which comes down to SR_COMMIT_BASE64_LEN + 1. */
  924. const char *payload =
  925. "\x5d\xb9\x60\xb6\xcc\x51\x68\x52\x31\xd9\x88\x88\x71\x71\xe0\x30"
  926. "\x59\x55\x7f\xcd\x61\xc0\x4b\x05\xb8\xcd\xc1\x48\xe9\xcd\x16\x1f"
  927. "\x70\x15\x0c\xfc\xd3\x1a\x75\xd0\x93\x6c\xc4\xe0\x5c\xbe\xe2\x18"
  928. "\xc7\xaf\x72\xb6\x7c\x9b\x52\x00";
  929. sr_commit_t commit1, commit2;
  930. memcpy(commit1.encoded_commit, payload, sizeof(commit1.encoded_commit));
  931. memcpy(commit2.encoded_commit, payload, sizeof(commit2.encoded_commit));
  932. tt_int_op(commitments_are_the_same(&commit1, &commit2), OP_EQ, 1);
  933. /* Let's corrupt one of them. */
  934. memset(commit1.encoded_commit, 'A', sizeof(commit1.encoded_commit));
  935. tt_int_op(commitments_are_the_same(&commit1, &commit2), OP_EQ, 0);
  936. }
  937. /* Testing commit_is_authoritative(). */
  938. {
  939. crypto_pk_t *k = crypto_pk_new();
  940. char digest[DIGEST_LEN];
  941. sr_commit_t commit;
  942. tt_assert(!crypto_pk_generate_key(k));
  943. tt_int_op(0, OP_EQ, crypto_pk_get_digest(k, digest));
  944. memcpy(commit.rsa_identity, digest, sizeof(commit.rsa_identity));
  945. tt_int_op(commit_is_authoritative(&commit, digest), OP_EQ, 1);
  946. /* Change the pubkey. */
  947. memset(commit.rsa_identity, 0, sizeof(commit.rsa_identity));
  948. tt_int_op(commit_is_authoritative(&commit, digest), OP_EQ, 0);
  949. crypto_pk_free(k);
  950. }
  951. /* Testing get_phase_str(). */
  952. {
  953. tt_str_op(get_phase_str(SR_PHASE_REVEAL), OP_EQ, "reveal");
  954. tt_str_op(get_phase_str(SR_PHASE_COMMIT), OP_EQ, "commit");
  955. }
  956. /* Testing phase transition */
  957. {
  958. init_authority_state();
  959. set_sr_phase(SR_PHASE_COMMIT);
  960. tt_int_op(is_phase_transition(SR_PHASE_REVEAL), OP_EQ, 1);
  961. tt_int_op(is_phase_transition(SR_PHASE_COMMIT), OP_EQ, 0);
  962. set_sr_phase(SR_PHASE_REVEAL);
  963. tt_int_op(is_phase_transition(SR_PHASE_REVEAL), OP_EQ, 0);
  964. tt_int_op(is_phase_transition(SR_PHASE_COMMIT), OP_EQ, 1);
  965. /* Junk. */
  966. tt_int_op(is_phase_transition(42), OP_EQ, 1);
  967. }
  968. done:
  969. return;
  970. }
  971. static void
  972. test_state_transition(void *arg)
  973. {
  974. sr_state_t *state = NULL;
  975. time_t now = time(NULL);
  976. (void) arg;
  977. { /* Setup a minimal dirauth environment for this test */
  978. init_authority_state();
  979. state = get_sr_state();
  980. tt_assert(state);
  981. }
  982. /* Test our state reset for a new protocol run. */
  983. {
  984. /* Add a commit to the state so we can test if the reset cleans the
  985. * commits. Also, change all params that we expect to be updated. */
  986. sr_commit_t *commit = sr_generate_our_commit(now, mock_cert);
  987. tt_assert(commit);
  988. sr_state_add_commit(commit);
  989. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  990. /* Let's test our delete feature. */
  991. sr_state_delete_commits();
  992. tt_int_op(digestmap_size(state->commits), OP_EQ, 0);
  993. /* Add it back so we can continue the rest of the test because after
  994. * deletiong our commit will be freed so generate a new one. */
  995. commit = sr_generate_our_commit(now, mock_cert);
  996. tt_assert(commit);
  997. sr_state_add_commit(commit);
  998. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  999. state->n_reveal_rounds = 42;
  1000. state->n_commit_rounds = 43;
  1001. state->n_protocol_runs = 44;
  1002. reset_state_for_new_protocol_run(now);
  1003. tt_int_op(state->n_reveal_rounds, OP_EQ, 0);
  1004. tt_int_op(state->n_commit_rounds, OP_EQ, 0);
  1005. tt_u64_op(state->n_protocol_runs, OP_EQ, 45);
  1006. tt_int_op(digestmap_size(state->commits), OP_EQ, 0);
  1007. }
  1008. /* Test SRV rotation in our state. */
  1009. {
  1010. const sr_srv_t *cur, *prev;
  1011. test_sr_setup_srv(1);
  1012. cur = sr_state_get_current_srv();
  1013. tt_assert(cur);
  1014. /* After, current srv should be the previous and then set to NULL. */
  1015. state_rotate_srv();
  1016. prev = sr_state_get_previous_srv();
  1017. tt_assert(prev == cur);
  1018. tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
  1019. sr_state_clean_srvs();
  1020. }
  1021. /* New protocol run. */
  1022. {
  1023. const sr_srv_t *cur;
  1024. /* Setup some new SRVs so we can confirm that a new protocol run
  1025. * actually makes them rotate and compute new ones. */
  1026. test_sr_setup_srv(1);
  1027. cur = sr_state_get_current_srv();
  1028. tt_assert(cur);
  1029. set_sr_phase(SR_PHASE_REVEAL);
  1030. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  1031. new_protocol_run(now);
  1032. UNMOCK(get_my_v3_authority_cert);
  1033. /* Rotation happened. */
  1034. tt_assert(sr_state_get_previous_srv() == cur);
  1035. /* We are going into COMMIT phase so we had to rotate our SRVs. Usually
  1036. * our current SRV would be NULL but a new protocol run should make us
  1037. * compute a new SRV. */
  1038. tt_assert(sr_state_get_current_srv());
  1039. /* Also, make sure we did change the current. */
  1040. tt_assert(sr_state_get_current_srv() != cur);
  1041. /* We should have our commitment alone. */
  1042. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  1043. tt_int_op(state->n_reveal_rounds, OP_EQ, 0);
  1044. tt_int_op(state->n_commit_rounds, OP_EQ, 0);
  1045. /* 46 here since we were at 45 just before. */
  1046. tt_u64_op(state->n_protocol_runs, OP_EQ, 46);
  1047. }
  1048. /* Cleanup of SRVs. */
  1049. {
  1050. sr_state_clean_srvs();
  1051. tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
  1052. tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
  1053. }
  1054. done:
  1055. return;
  1056. }
  1057. static void
  1058. test_keep_commit(void *arg)
  1059. {
  1060. char fp[FINGERPRINT_LEN + 1];
  1061. sr_commit_t *commit = NULL, *dup_commit = NULL;
  1062. sr_state_t *state;
  1063. time_t now = time(NULL);
  1064. crypto_pk_t *k = NULL;
  1065. (void) arg;
  1066. MOCK(trusteddirserver_get_by_v3_auth_digest,
  1067. trusteddirserver_get_by_v3_auth_digest_m);
  1068. {
  1069. k = pk_generate(1);
  1070. /* Setup a minimal dirauth environment for this test */
  1071. /* Have a key that is not the one from our commit. */
  1072. init_authority_state();
  1073. state = get_sr_state();
  1074. }
  1075. crypto_rand((char*)fp, sizeof(fp));
  1076. /* Test this very important function that tells us if we should keep a
  1077. * commit or not in our state. Most of it depends on the phase and what's
  1078. * in the commit so we'll change the commit as we go. */
  1079. commit = sr_generate_our_commit(now, mock_cert);
  1080. tt_assert(commit);
  1081. /* Set us in COMMIT phase for starter. */
  1082. set_sr_phase(SR_PHASE_COMMIT);
  1083. /* We should never keep a commit from a non authoritative authority. */
  1084. tt_int_op(should_keep_commit(commit, fp, SR_PHASE_COMMIT), OP_EQ, 0);
  1085. /* This should NOT be kept because it has a reveal value in it. */
  1086. tt_assert(commit_has_reveal_value(commit));
  1087. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1088. SR_PHASE_COMMIT), OP_EQ, 0);
  1089. /* Add it to the state which should return to not keep it. */
  1090. sr_state_add_commit(commit);
  1091. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1092. SR_PHASE_COMMIT), OP_EQ, 0);
  1093. /* Remove it from state so we can continue our testing. */
  1094. digestmap_remove(state->commits, commit->rsa_identity);
  1095. /* Let's remove our reveal value which should make it OK to keep it. */
  1096. memset(commit->encoded_reveal, 0, sizeof(commit->encoded_reveal));
  1097. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1098. SR_PHASE_COMMIT), OP_EQ, 1);
  1099. /* Let's reset our commit and go into REVEAL phase. */
  1100. sr_commit_free(commit);
  1101. commit = sr_generate_our_commit(now, mock_cert);
  1102. tt_assert(commit);
  1103. /* Dup the commit so we have one with and one without a reveal value. */
  1104. dup_commit = tor_malloc_zero(sizeof(*dup_commit));
  1105. memcpy(dup_commit, commit, sizeof(*dup_commit));
  1106. memset(dup_commit->encoded_reveal, 0, sizeof(dup_commit->encoded_reveal));
  1107. set_sr_phase(SR_PHASE_REVEAL);
  1108. /* We should never keep a commit from a non authoritative authority. */
  1109. tt_int_op(should_keep_commit(commit, fp, SR_PHASE_REVEAL), OP_EQ, 0);
  1110. /* We shouldn't accept a commit that is not in our state. */
  1111. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1112. SR_PHASE_REVEAL), OP_EQ, 0);
  1113. /* Important to add the commit _without_ the reveal here. */
  1114. sr_state_add_commit(dup_commit);
  1115. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  1116. /* Our commit should be valid that is authoritative, contains a reveal, be
  1117. * in the state and commitment and reveal values match. */
  1118. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1119. SR_PHASE_REVEAL), OP_EQ, 1);
  1120. /* The commit shouldn't be kept if it's not verified that is no matchin
  1121. * hashed reveal. */
  1122. {
  1123. /* Let's save the hash reveal so we can restore it. */
  1124. sr_commit_t place_holder;
  1125. memcpy(place_holder.hashed_reveal, commit->hashed_reveal,
  1126. sizeof(place_holder.hashed_reveal));
  1127. memset(commit->hashed_reveal, 0, sizeof(commit->hashed_reveal));
  1128. setup_full_capture_of_logs(LOG_WARN);
  1129. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1130. SR_PHASE_REVEAL), OP_EQ, 0);
  1131. expect_log_msg_containing("doesn't match the commit value.");
  1132. expect_log_msg_containing("has an invalid reveal value.");
  1133. assert_log_predicate(mock_saved_log_n_entries() == 2,
  1134. ("expected 2 log entries"));
  1135. teardown_capture_of_logs();
  1136. memcpy(commit->hashed_reveal, place_holder.hashed_reveal,
  1137. sizeof(commit->hashed_reveal));
  1138. }
  1139. /* We shouldn't keep a commit that has no reveal. */
  1140. tt_int_op(should_keep_commit(dup_commit, dup_commit->rsa_identity,
  1141. SR_PHASE_REVEAL), OP_EQ, 0);
  1142. /* We must not keep a commit that is not the same from the commit phase. */
  1143. memset(commit->encoded_commit, 0, sizeof(commit->encoded_commit));
  1144. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1145. SR_PHASE_REVEAL), OP_EQ, 0);
  1146. done:
  1147. teardown_capture_of_logs();
  1148. sr_commit_free(commit);
  1149. sr_commit_free(dup_commit);
  1150. crypto_pk_free(k);
  1151. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  1152. }
  1153. static void
  1154. test_state_update(void *arg)
  1155. {
  1156. time_t commit_phase_time = 1452076000;
  1157. time_t reveal_phase_time = 1452086800;
  1158. sr_state_t *state;
  1159. (void) arg;
  1160. {
  1161. init_authority_state();
  1162. state = get_sr_state();
  1163. set_sr_phase(SR_PHASE_COMMIT);
  1164. /* We'll cheat a bit here and reset the creation time of the state which
  1165. * will avoid us to compute a valid_after time that fits the commit
  1166. * phase. */
  1167. state->valid_after = 0;
  1168. state->n_reveal_rounds = 0;
  1169. state->n_commit_rounds = 0;
  1170. state->n_protocol_runs = 0;
  1171. }
  1172. /* We need to mock for the state update function call. */
  1173. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  1174. /* We are in COMMIT phase here and we'll trigger a state update but no
  1175. * transition. */
  1176. sr_state_update(commit_phase_time);
  1177. tt_int_op(state->valid_after, OP_EQ, commit_phase_time);
  1178. tt_int_op(state->n_commit_rounds, OP_EQ, 1);
  1179. tt_int_op(state->phase, OP_EQ, SR_PHASE_COMMIT);
  1180. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  1181. /* We are still in the COMMIT phase here but we'll trigger a state
  1182. * transition to the REVEAL phase. */
  1183. sr_state_update(reveal_phase_time);
  1184. tt_int_op(state->phase, OP_EQ, SR_PHASE_REVEAL);
  1185. tt_int_op(state->valid_after, OP_EQ, reveal_phase_time);
  1186. /* Only our commit should be in there. */
  1187. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  1188. tt_int_op(state->n_reveal_rounds, OP_EQ, 1);
  1189. /* We can't update a state with a valid after _lower_ than the creation
  1190. * time so here it is. */
  1191. sr_state_update(commit_phase_time);
  1192. tt_int_op(state->valid_after, OP_EQ, reveal_phase_time);
  1193. /* Finally, let's go back in COMMIT phase so we can test the state update
  1194. * of a new protocol run. */
  1195. state->valid_after = 0;
  1196. sr_state_update(commit_phase_time);
  1197. tt_int_op(state->valid_after, OP_EQ, commit_phase_time);
  1198. tt_int_op(state->n_commit_rounds, OP_EQ, 1);
  1199. tt_int_op(state->n_reveal_rounds, OP_EQ, 0);
  1200. tt_u64_op(state->n_protocol_runs, OP_EQ, 1);
  1201. tt_int_op(state->phase, OP_EQ, SR_PHASE_COMMIT);
  1202. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  1203. tt_assert(state->current_srv);
  1204. done:
  1205. sr_state_free_all();
  1206. UNMOCK(get_my_v3_authority_cert);
  1207. }
  1208. struct testcase_t sr_tests[] = {
  1209. { "get_sr_protocol_phase", test_get_sr_protocol_phase, TT_FORK,
  1210. NULL, NULL },
  1211. { "sr_commit", test_sr_commit, TT_FORK,
  1212. NULL, NULL },
  1213. { "keep_commit", test_keep_commit, TT_FORK,
  1214. NULL, NULL },
  1215. { "encoding", test_encoding, TT_FORK,
  1216. NULL, NULL },
  1217. { "get_start_time_of_current_run", test_get_start_time_of_current_run,
  1218. TT_FORK, NULL, NULL },
  1219. { "get_start_time_functions", test_get_start_time_functions,
  1220. TT_FORK, NULL, NULL },
  1221. { "get_sr_protocol_duration", test_get_sr_protocol_duration, TT_FORK,
  1222. NULL, NULL },
  1223. { "get_state_valid_until_time", test_get_state_valid_until_time, TT_FORK,
  1224. NULL, NULL },
  1225. { "vote", test_vote, TT_FORK,
  1226. NULL, NULL },
  1227. { "state_load_from_disk", test_state_load_from_disk, TT_FORK,
  1228. NULL, NULL },
  1229. { "sr_compute_srv", test_sr_compute_srv, TT_FORK, NULL, NULL },
  1230. { "sr_get_majority_srv_from_votes", test_sr_get_majority_srv_from_votes,
  1231. TT_FORK, NULL, NULL },
  1232. { "utils", test_utils, TT_FORK, NULL, NULL },
  1233. { "state_transition", test_state_transition, TT_FORK, NULL, NULL },
  1234. { "state_update", test_state_update, TT_FORK,
  1235. NULL, NULL },
  1236. END_OF_TESTCASES
  1237. };