test_shared_random.c 48 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405
  1. /* Copyright (c) 2016-2018, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. #define SHARED_RANDOM_PRIVATE
  4. #define SHARED_RANDOM_STATE_PRIVATE
  5. #define CONFIG_PRIVATE
  6. #define DIRVOTE_PRIVATE
  7. #include "core/or/or.h"
  8. #include "test/test.h"
  9. #include "app/config/config.h"
  10. #include "lib/crypt_ops/crypto_rand.h"
  11. #include "feature/dirauth/dirvote.h"
  12. #include "feature/dirauth/shared_random.h"
  13. #include "feature/dirauth/shared_random_state.h"
  14. #include "test/log_test_helpers.h"
  15. #include "feature/nodelist/networkstatus.h"
  16. #include "feature/relay/router.h"
  17. #include "feature/relay/routerkeys.h"
  18. #include "feature/nodelist/routerlist.h"
  19. #include "feature/nodelist/routerparse.h"
  20. #include "feature/hs_common/shared_random_client.h"
  21. #include "feature/dircommon/voting_schedule.h"
  22. #include "feature/dirclient/dir_server_st.h"
  23. #include "feature/nodelist/networkstatus_st.h"
  24. #include "app/config/or_state_st.h"
  25. #ifdef HAVE_SYS_STAT_H
  26. #include <sys/stat.h>
  27. #endif
  28. #ifdef _WIN32
  29. /* For mkdir */
  30. #include <direct.h>
  31. #endif
  32. static authority_cert_t *mock_cert;
  33. static authority_cert_t *
  34. get_my_v3_authority_cert_m(void)
  35. {
  36. tor_assert(mock_cert);
  37. return mock_cert;
  38. }
  39. static dir_server_t ds;
  40. static dir_server_t *
  41. trusteddirserver_get_by_v3_auth_digest_m(const char *digest)
  42. {
  43. (void) digest;
  44. /* The shared random code only need to know if a valid pointer to a dir
  45. * server object has been found so this is safe because it won't use the
  46. * pointer at all never. */
  47. return &ds;
  48. }
  49. /* Setup a minimal dirauth environment by initializing the SR state and
  50. * making sure the options are set to be an authority directory. */
  51. static void
  52. init_authority_state(void)
  53. {
  54. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  55. or_options_t *options = get_options_mutable();
  56. mock_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  57. tt_assert(mock_cert);
  58. options->AuthoritativeDir = 1;
  59. tt_int_op(load_ed_keys(options, time(NULL)), OP_GE, 0);
  60. sr_state_init(0, 0);
  61. /* It's possible a commit has been generated in our state depending on
  62. * the phase we are currently in which uses "now" as the starting
  63. * timestamp. Delete it before we do any testing below. */
  64. sr_state_delete_commits();
  65. done:
  66. UNMOCK(get_my_v3_authority_cert);
  67. }
  68. static void
  69. test_get_sr_protocol_phase(void *arg)
  70. {
  71. time_t the_time;
  72. sr_phase_t phase;
  73. int retval;
  74. (void) arg;
  75. /* Initialize SR state */
  76. init_authority_state();
  77. {
  78. retval = parse_rfc1123_time("Wed, 20 Apr 2015 23:59:00 UTC", &the_time);
  79. tt_int_op(retval, OP_EQ, 0);
  80. phase = get_sr_protocol_phase(the_time);
  81. tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL);
  82. }
  83. {
  84. retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:00 UTC", &the_time);
  85. tt_int_op(retval, OP_EQ, 0);
  86. phase = get_sr_protocol_phase(the_time);
  87. tt_int_op(phase, OP_EQ, SR_PHASE_COMMIT);
  88. }
  89. {
  90. retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:01 UTC", &the_time);
  91. tt_int_op(retval, OP_EQ, 0);
  92. phase = get_sr_protocol_phase(the_time);
  93. tt_int_op(phase, OP_EQ, SR_PHASE_COMMIT);
  94. }
  95. {
  96. retval = parse_rfc1123_time("Wed, 20 Apr 2015 11:59:00 UTC", &the_time);
  97. tt_int_op(retval, OP_EQ, 0);
  98. phase = get_sr_protocol_phase(the_time);
  99. tt_int_op(phase, OP_EQ, SR_PHASE_COMMIT);
  100. }
  101. {
  102. retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:00 UTC", &the_time);
  103. tt_int_op(retval, OP_EQ, 0);
  104. phase = get_sr_protocol_phase(the_time);
  105. tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL);
  106. }
  107. {
  108. retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:01 UTC", &the_time);
  109. tt_int_op(retval, OP_EQ, 0);
  110. phase = get_sr_protocol_phase(the_time);
  111. tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL);
  112. }
  113. {
  114. retval = parse_rfc1123_time("Wed, 20 Apr 2015 13:00:00 UTC", &the_time);
  115. tt_int_op(retval, OP_EQ, 0);
  116. phase = get_sr_protocol_phase(the_time);
  117. tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL);
  118. }
  119. done:
  120. ;
  121. }
  122. static networkstatus_t mock_consensus;
  123. /* Mock function to immediately return our local 'mock_consensus'. */
  124. static networkstatus_t *
  125. mock_networkstatus_get_live_consensus(time_t now)
  126. {
  127. (void) now;
  128. return &mock_consensus;
  129. }
  130. static void
  131. test_get_state_valid_until_time(void *arg)
  132. {
  133. time_t current_time;
  134. time_t valid_until_time;
  135. char tbuf[ISO_TIME_LEN + 1];
  136. int retval;
  137. (void) arg;
  138. MOCK(networkstatus_get_live_consensus,
  139. mock_networkstatus_get_live_consensus);
  140. retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC",
  141. &mock_consensus.fresh_until);
  142. tt_int_op(retval, OP_EQ, 0);
  143. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  144. &mock_consensus.valid_after);
  145. tt_int_op(retval, OP_EQ, 0);
  146. {
  147. /* Get the valid until time if called at 00:00:01 */
  148. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
  149. &current_time);
  150. tt_int_op(retval, OP_EQ, 0);
  151. voting_schedule_recalculate_timing(get_options(), current_time);
  152. valid_until_time = get_state_valid_until_time(current_time);
  153. /* Compare it with the correct result */
  154. format_iso_time(tbuf, valid_until_time);
  155. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  156. }
  157. {
  158. retval = parse_rfc1123_time("Mon, 20 Apr 2015 19:22:00 UTC",
  159. &current_time);
  160. tt_int_op(retval, OP_EQ, 0);
  161. voting_schedule_recalculate_timing(get_options(), current_time);
  162. valid_until_time = get_state_valid_until_time(current_time);
  163. format_iso_time(tbuf, valid_until_time);
  164. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  165. }
  166. {
  167. retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:59:00 UTC",
  168. &current_time);
  169. tt_int_op(retval, OP_EQ, 0);
  170. voting_schedule_recalculate_timing(get_options(), current_time);
  171. valid_until_time = get_state_valid_until_time(current_time);
  172. format_iso_time(tbuf, valid_until_time);
  173. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  174. }
  175. {
  176. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  177. &current_time);
  178. tt_int_op(retval, OP_EQ, 0);
  179. voting_schedule_recalculate_timing(get_options(), current_time);
  180. valid_until_time = get_state_valid_until_time(current_time);
  181. format_iso_time(tbuf, valid_until_time);
  182. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  183. }
  184. done:
  185. UNMOCK(networkstatus_get_live_consensus);
  186. }
  187. /** Test the function that calculates the start time of the current SRV
  188. * protocol run. */
  189. static void
  190. test_get_start_time_of_current_run(void *arg)
  191. {
  192. int retval;
  193. char tbuf[ISO_TIME_LEN + 1];
  194. time_t current_time, run_start_time;
  195. (void) arg;
  196. MOCK(networkstatus_get_live_consensus,
  197. mock_networkstatus_get_live_consensus);
  198. retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC",
  199. &mock_consensus.fresh_until);
  200. tt_int_op(retval, OP_EQ, 0);
  201. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  202. &mock_consensus.valid_after);
  203. tt_int_op(retval, OP_EQ, 0);
  204. {
  205. /* Get start time if called at 00:00:01 */
  206. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
  207. &current_time);
  208. tt_int_op(retval, OP_EQ, 0);
  209. voting_schedule_recalculate_timing(get_options(), current_time);
  210. run_start_time =
  211. sr_state_get_start_time_of_current_protocol_run(current_time);
  212. /* Compare it with the correct result */
  213. format_iso_time(tbuf, run_start_time);
  214. tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf);
  215. }
  216. {
  217. retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:59:59 UTC",
  218. &current_time);
  219. tt_int_op(retval, OP_EQ, 0);
  220. voting_schedule_recalculate_timing(get_options(), current_time);
  221. run_start_time =
  222. sr_state_get_start_time_of_current_protocol_run(current_time);
  223. /* Compare it with the correct result */
  224. format_iso_time(tbuf, run_start_time);
  225. tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf);
  226. }
  227. {
  228. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  229. &current_time);
  230. tt_int_op(retval, OP_EQ, 0);
  231. voting_schedule_recalculate_timing(get_options(), current_time);
  232. run_start_time =
  233. sr_state_get_start_time_of_current_protocol_run(current_time);
  234. /* Compare it with the correct result */
  235. format_iso_time(tbuf, run_start_time);
  236. tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf);
  237. }
  238. /* Next test is testing it without a consensus to use the testing voting
  239. * interval . */
  240. UNMOCK(networkstatus_get_live_consensus);
  241. /* Now let's alter the voting schedule and check the correctness of the
  242. * function. Voting interval of 10 seconds, means that an SRV protocol run
  243. * takes 10 seconds * 24 rounds = 4 mins */
  244. {
  245. or_options_t *options = get_options_mutable();
  246. options->V3AuthVotingInterval = 10;
  247. options->TestingV3AuthInitialVotingInterval = 10;
  248. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:15:32 UTC",
  249. &current_time);
  250. tt_int_op(retval, OP_EQ, 0);
  251. voting_schedule_recalculate_timing(get_options(), current_time);
  252. run_start_time =
  253. sr_state_get_start_time_of_current_protocol_run(current_time);
  254. /* Compare it with the correct result */
  255. format_iso_time(tbuf, run_start_time);
  256. tt_str_op("2015-04-20 00:12:00", OP_EQ, tbuf);
  257. }
  258. done:
  259. ;
  260. }
  261. /** Do some rudimentary consistency checks between the functions that
  262. * understand the shared random protocol schedule */
  263. static void
  264. test_get_start_time_functions(void *arg)
  265. {
  266. (void) arg;
  267. int retval;
  268. MOCK(networkstatus_get_live_consensus,
  269. mock_networkstatus_get_live_consensus);
  270. retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC",
  271. &mock_consensus.fresh_until);
  272. tt_int_op(retval, OP_EQ, 0);
  273. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  274. &mock_consensus.valid_after);
  275. tt_int_op(retval, OP_EQ, 0);
  276. time_t now = mock_consensus.valid_after;
  277. voting_schedule_recalculate_timing(get_options(), now);
  278. time_t start_time_of_protocol_run =
  279. sr_state_get_start_time_of_current_protocol_run(now);
  280. tt_assert(start_time_of_protocol_run);
  281. /* Check that the round start time of the beginning of the run, is itself */
  282. tt_int_op(get_start_time_of_current_round(), OP_EQ,
  283. start_time_of_protocol_run);
  284. done:
  285. UNMOCK(networkstatus_get_live_consensus);
  286. }
  287. static void
  288. test_get_sr_protocol_duration(void *arg)
  289. {
  290. (void) arg;
  291. /* Check that by default an SR phase is 12 hours */
  292. tt_int_op(sr_state_get_phase_duration(), OP_EQ, 12*60*60);
  293. tt_int_op(sr_state_get_protocol_run_duration(), OP_EQ, 24*60*60);
  294. /* Now alter the voting interval and check that the SR phase is 2 mins long
  295. * if voting happens every 10 seconds (10*12 seconds = 2 mins) */
  296. or_options_t *options = get_options_mutable();
  297. options->V3AuthVotingInterval = 10;
  298. tt_int_op(sr_state_get_phase_duration(), OP_EQ, 2*60);
  299. tt_int_op(sr_state_get_protocol_run_duration(), OP_EQ, 4*60);
  300. done: ;
  301. }
  302. /* In this test we are going to generate a sr_commit_t object and validate
  303. * it. We first generate our values, and then we parse them as if they were
  304. * received from the network. After we parse both the commit and the reveal,
  305. * we verify that they indeed match. */
  306. static void
  307. test_sr_commit(void *arg)
  308. {
  309. authority_cert_t *auth_cert = NULL;
  310. time_t now = time(NULL);
  311. sr_commit_t *our_commit = NULL;
  312. smartlist_t *args = smartlist_new();
  313. sr_commit_t *parsed_commit = NULL;
  314. (void) arg;
  315. { /* Setup a minimal dirauth environment for this test */
  316. or_options_t *options = get_options_mutable();
  317. auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  318. tt_assert(auth_cert);
  319. options->AuthoritativeDir = 1;
  320. tt_int_op(load_ed_keys(options, time(NULL)), OP_GE, 0);
  321. }
  322. /* Generate our commit object and validate it has the appropriate field
  323. * that we can then use to build a representation that we'll find in a
  324. * vote coming from the network. */
  325. {
  326. sr_commit_t test_commit;
  327. our_commit = sr_generate_our_commit(now, auth_cert);
  328. tt_assert(our_commit);
  329. /* Default and only supported algorithm for now. */
  330. tt_assert(our_commit->alg == DIGEST_SHA3_256);
  331. /* We should have a reveal value. */
  332. tt_assert(commit_has_reveal_value(our_commit));
  333. /* We should have a random value. */
  334. tt_assert(!tor_mem_is_zero((char *) our_commit->random_number,
  335. sizeof(our_commit->random_number)));
  336. /* Commit and reveal timestamp should be the same. */
  337. tt_u64_op(our_commit->commit_ts, OP_EQ, our_commit->reveal_ts);
  338. /* We should have a hashed reveal. */
  339. tt_assert(!tor_mem_is_zero(our_commit->hashed_reveal,
  340. sizeof(our_commit->hashed_reveal)));
  341. /* Do we have a valid encoded commit and reveal. Note the following only
  342. * tests if the generated values are correct. Their could be a bug in
  343. * the decode function but we test them separately. */
  344. tt_int_op(0, OP_EQ, reveal_decode(our_commit->encoded_reveal,
  345. &test_commit));
  346. tt_int_op(0, OP_EQ, commit_decode(our_commit->encoded_commit,
  347. &test_commit));
  348. tt_int_op(0, OP_EQ, verify_commit_and_reveal(our_commit));
  349. }
  350. /* Let's make sure our verify commit and reveal function works. We'll
  351. * make it fail a bit with known failure case. */
  352. {
  353. /* Copy our commit so we don't alter it for the rest of testing. */
  354. sr_commit_t test_commit;
  355. memcpy(&test_commit, our_commit, sizeof(test_commit));
  356. /* Timestamp MUST match. */
  357. test_commit.commit_ts = test_commit.reveal_ts - 42;
  358. setup_full_capture_of_logs(LOG_WARN);
  359. tt_int_op(-1, OP_EQ, verify_commit_and_reveal(&test_commit));
  360. expect_log_msg_containing("doesn't match reveal timestamp");
  361. teardown_capture_of_logs();
  362. memcpy(&test_commit, our_commit, sizeof(test_commit));
  363. tt_int_op(0, OP_EQ, verify_commit_and_reveal(&test_commit));
  364. /* Hashed reveal must match the H(encoded_reveal). */
  365. memset(test_commit.hashed_reveal, 'X',
  366. sizeof(test_commit.hashed_reveal));
  367. setup_full_capture_of_logs(LOG_WARN);
  368. tt_int_op(-1, OP_EQ, verify_commit_and_reveal(&test_commit));
  369. expect_single_log_msg_containing("doesn't match the commit value");
  370. teardown_capture_of_logs();
  371. memcpy(&test_commit, our_commit, sizeof(test_commit));
  372. tt_int_op(0, OP_EQ, verify_commit_and_reveal(&test_commit));
  373. }
  374. /* We'll build a list of values from our commit that our parsing function
  375. * takes from a vote line and see if we can parse it correctly. */
  376. {
  377. smartlist_add_strdup(args, "1");
  378. smartlist_add_strdup(args,
  379. crypto_digest_algorithm_get_name(our_commit->alg));
  380. smartlist_add_strdup(args, sr_commit_get_rsa_fpr(our_commit));
  381. smartlist_add_strdup(args, our_commit->encoded_commit);
  382. smartlist_add_strdup(args, our_commit->encoded_reveal);
  383. parsed_commit = sr_parse_commit(args);
  384. tt_assert(parsed_commit);
  385. /* That parsed commit should be _EXACTLY_ like our original commit (we
  386. * have to explicitly set the valid flag though). */
  387. parsed_commit->valid = 1;
  388. tt_mem_op(parsed_commit, OP_EQ, our_commit, sizeof(*parsed_commit));
  389. /* Cleanup */
  390. }
  391. done:
  392. teardown_capture_of_logs();
  393. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  394. smartlist_free(args);
  395. sr_commit_free(our_commit);
  396. sr_commit_free(parsed_commit);
  397. authority_cert_free(auth_cert);
  398. }
  399. /* Test the encoding and decoding function for commit and reveal values. */
  400. static void
  401. test_encoding(void *arg)
  402. {
  403. (void) arg;
  404. int ret;
  405. /* Random number is 32 bytes. */
  406. char raw_rand[32];
  407. time_t ts = 1454333590;
  408. char hashed_rand[DIGEST256_LEN], hashed_reveal[DIGEST256_LEN];
  409. sr_commit_t parsed_commit;
  410. /* Those values were generated by sr_commit_calc_ref.py where the random
  411. * value is 32 'A' and timestamp is the one in ts. */
  412. static const char *encoded_reveal =
  413. "AAAAAFavXpZJxbwTupvaJCTeIUCQmOPxAMblc7ChL5H2nZKuGchdaA==";
  414. static const char *encoded_commit =
  415. "AAAAAFavXpbkBMzMQG7aNoaGLFNpm2Wkk1ozXhuWWqL//GynltxVAg==";
  416. /* Set up our raw random bytes array. */
  417. memset(raw_rand, 'A', sizeof(raw_rand));
  418. /* Hash random number because we don't expose bytes of the RNG. */
  419. ret = crypto_digest256(hashed_rand, raw_rand,
  420. sizeof(raw_rand), SR_DIGEST_ALG);
  421. tt_int_op(0, OP_EQ, ret);
  422. /* Hash reveal value. */
  423. tt_int_op(SR_REVEAL_BASE64_LEN, OP_EQ, strlen(encoded_reveal));
  424. ret = crypto_digest256(hashed_reveal, encoded_reveal,
  425. strlen(encoded_reveal), SR_DIGEST_ALG);
  426. tt_int_op(0, OP_EQ, ret);
  427. tt_int_op(SR_COMMIT_BASE64_LEN, OP_EQ, strlen(encoded_commit));
  428. /* Test our commit/reveal decode functions. */
  429. {
  430. /* Test the reveal encoded value. */
  431. tt_int_op(0, OP_EQ, reveal_decode(encoded_reveal, &parsed_commit));
  432. tt_u64_op(ts, OP_EQ, parsed_commit.reveal_ts);
  433. tt_mem_op(hashed_rand, OP_EQ, parsed_commit.random_number,
  434. sizeof(hashed_rand));
  435. /* Test the commit encoded value. */
  436. memset(&parsed_commit, 0, sizeof(parsed_commit));
  437. tt_int_op(0, OP_EQ, commit_decode(encoded_commit, &parsed_commit));
  438. tt_u64_op(ts, OP_EQ, parsed_commit.commit_ts);
  439. tt_mem_op(encoded_commit, OP_EQ, parsed_commit.encoded_commit,
  440. sizeof(parsed_commit.encoded_commit));
  441. tt_mem_op(hashed_reveal, OP_EQ, parsed_commit.hashed_reveal,
  442. sizeof(hashed_reveal));
  443. }
  444. /* Test our commit/reveal encode functions. */
  445. {
  446. /* Test the reveal encode. */
  447. char encoded[SR_REVEAL_BASE64_LEN + 1];
  448. parsed_commit.reveal_ts = ts;
  449. memcpy(parsed_commit.random_number, hashed_rand,
  450. sizeof(parsed_commit.random_number));
  451. ret = reveal_encode(&parsed_commit, encoded, sizeof(encoded));
  452. tt_int_op(SR_REVEAL_BASE64_LEN, OP_EQ, ret);
  453. tt_mem_op(encoded_reveal, OP_EQ, encoded, strlen(encoded_reveal));
  454. }
  455. {
  456. /* Test the commit encode. */
  457. char encoded[SR_COMMIT_BASE64_LEN + 1];
  458. parsed_commit.commit_ts = ts;
  459. memcpy(parsed_commit.hashed_reveal, hashed_reveal,
  460. sizeof(parsed_commit.hashed_reveal));
  461. ret = commit_encode(&parsed_commit, encoded, sizeof(encoded));
  462. tt_int_op(SR_COMMIT_BASE64_LEN, OP_EQ, ret);
  463. tt_mem_op(encoded_commit, OP_EQ, encoded, strlen(encoded_commit));
  464. }
  465. done:
  466. ;
  467. }
  468. /** Setup some SRVs in our SR state. If <b>also_current</b> is set, then set
  469. * both current and previous SRVs.
  470. * Helper of test_vote() and test_sr_compute_srv(). */
  471. static void
  472. test_sr_setup_srv(int also_current)
  473. {
  474. sr_srv_t *srv = tor_malloc_zero(sizeof(sr_srv_t));
  475. srv->num_reveals = 42;
  476. memcpy(srv->value,
  477. "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
  478. sizeof(srv->value));
  479. sr_state_set_previous_srv(srv);
  480. if (also_current) {
  481. srv = tor_malloc_zero(sizeof(sr_srv_t));
  482. srv->num_reveals = 128;
  483. memcpy(srv->value,
  484. "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN",
  485. sizeof(srv->value));
  486. sr_state_set_current_srv(srv);
  487. }
  488. }
  489. /* Test anything that has to do with SR protocol and vote. */
  490. static void
  491. test_vote(void *arg)
  492. {
  493. int ret;
  494. time_t now = time(NULL);
  495. sr_commit_t *our_commit = NULL;
  496. (void) arg;
  497. MOCK(trusteddirserver_get_by_v3_auth_digest,
  498. trusteddirserver_get_by_v3_auth_digest_m);
  499. { /* Setup a minimal dirauth environment for this test */
  500. init_authority_state();
  501. /* Set ourself in reveal phase so we can parse the reveal value in the
  502. * vote as well. */
  503. set_sr_phase(SR_PHASE_REVEAL);
  504. }
  505. /* Generate our commit object and validate it has the appropriate field
  506. * that we can then use to build a representation that we'll find in a
  507. * vote coming from the network. */
  508. {
  509. sr_commit_t *saved_commit;
  510. our_commit = sr_generate_our_commit(now, mock_cert);
  511. tt_assert(our_commit);
  512. sr_state_add_commit(our_commit);
  513. /* Make sure it's there. */
  514. saved_commit = sr_state_get_commit(our_commit->rsa_identity);
  515. tt_assert(saved_commit);
  516. }
  517. /* Also setup the SRVs */
  518. test_sr_setup_srv(1);
  519. { /* Now test the vote generation */
  520. smartlist_t *chunks = smartlist_new();
  521. smartlist_t *tokens = smartlist_new();
  522. /* Get our vote line and validate it. */
  523. char *lines = sr_get_string_for_vote();
  524. tt_assert(lines);
  525. /* Split the lines. We expect 2 here. */
  526. ret = smartlist_split_string(chunks, lines, "\n", SPLIT_IGNORE_BLANK, 0);
  527. tt_int_op(ret, OP_EQ, 4);
  528. tt_str_op(smartlist_get(chunks, 0), OP_EQ, "shared-rand-participate");
  529. /* Get our commitment line and will validate it against our commit. The
  530. * format is as follow:
  531. * "shared-rand-commitment" SP version SP algname SP identity
  532. * SP COMMIT [SP REVEAL] NL
  533. */
  534. char *commit_line = smartlist_get(chunks, 1);
  535. tt_assert(commit_line);
  536. ret = smartlist_split_string(tokens, commit_line, " ", 0, 0);
  537. tt_int_op(ret, OP_EQ, 6);
  538. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-commit");
  539. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "1");
  540. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  541. crypto_digest_algorithm_get_name(DIGEST_SHA3_256));
  542. char digest[DIGEST_LEN];
  543. base16_decode(digest, sizeof(digest), smartlist_get(tokens, 3),
  544. HEX_DIGEST_LEN);
  545. tt_mem_op(digest, OP_EQ, our_commit->rsa_identity, sizeof(digest));
  546. tt_str_op(smartlist_get(tokens, 4), OP_EQ, our_commit->encoded_commit);
  547. tt_str_op(smartlist_get(tokens, 5), OP_EQ, our_commit->encoded_reveal)
  548. ;
  549. /* Finally, does this vote line creates a valid commit object? */
  550. smartlist_t *args = smartlist_new();
  551. smartlist_add(args, smartlist_get(tokens, 1));
  552. smartlist_add(args, smartlist_get(tokens, 2));
  553. smartlist_add(args, smartlist_get(tokens, 3));
  554. smartlist_add(args, smartlist_get(tokens, 4));
  555. smartlist_add(args, smartlist_get(tokens, 5));
  556. sr_commit_t *parsed_commit = sr_parse_commit(args);
  557. tt_assert(parsed_commit);
  558. /* Set valid flag explicitly here to compare since it's not set by
  559. * simply parsing the commit. */
  560. parsed_commit->valid = 1;
  561. tt_mem_op(parsed_commit, OP_EQ, our_commit, sizeof(*our_commit));
  562. /* minor cleanup */
  563. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  564. smartlist_clear(tokens);
  565. /* Now test the previous SRV */
  566. char *prev_srv_line = smartlist_get(chunks, 2);
  567. tt_assert(prev_srv_line);
  568. ret = smartlist_split_string(tokens, prev_srv_line, " ", 0, 0);
  569. tt_int_op(ret, OP_EQ, 3);
  570. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-previous-value");
  571. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "42");
  572. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  573. "WlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo=");
  574. /* minor cleanup */
  575. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  576. smartlist_clear(tokens);
  577. /* Now test the current SRV */
  578. char *current_srv_line = smartlist_get(chunks, 3);
  579. tt_assert(current_srv_line);
  580. ret = smartlist_split_string(tokens, current_srv_line, " ", 0, 0);
  581. tt_int_op(ret, OP_EQ, 3);
  582. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-current-value");
  583. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "128");
  584. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  585. "Tk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk4=");
  586. /* Clean up */
  587. sr_commit_free(parsed_commit);
  588. SMARTLIST_FOREACH(chunks, char *, s, tor_free(s));
  589. smartlist_free(chunks);
  590. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  591. smartlist_free(tokens);
  592. smartlist_clear(args);
  593. smartlist_free(args);
  594. tor_free(lines);
  595. }
  596. done:
  597. sr_commit_free(our_commit);
  598. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  599. }
  600. static const char *sr_state_str = "Version 1\n"
  601. "TorVersion 0.2.9.0-alpha-dev\n"
  602. "ValidAfter 2037-04-19 07:16:00\n"
  603. "ValidUntil 2037-04-20 07:16:00\n"
  604. "Commit 1 sha3-256 FA3CEC2C99DC68D3166B9B6E4FA21A4026C2AB1C "
  605. "7M8GdubCAAdh7WUG0DiwRyxTYRKji7HATa7LLJEZ/UAAAAAAVmfUSg== "
  606. "AAAAAFZn1EojfIheIw42bjK3VqkpYyjsQFSbv/dxNna3Q8hUEPKpOw==\n"
  607. "Commit 1 sha3-256 41E89EDFBFBA44983E21F18F2230A4ECB5BFB543 "
  608. "17aUsYuMeRjd2N1r8yNyg7aHqRa6gf4z7QPoxxAZbp0AAAAAVmfUSg==\n"
  609. "Commit 1 sha3-256 36637026573A04110CF3E6B1D201FB9A98B88734 "
  610. "DDDYtripvdOU+XPEUm5xpU64d9IURSds1xSwQsgeB8oAAAAAVmfUSg==\n"
  611. "SharedRandPreviousValue 4 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=\n"
  612. "SharedRandCurrentValue 3 8dWeW12KEzTGEiLGgO1UVJ7Z91CekoRcxt6Q9KhnOFI=\n";
  613. /** Create an SR disk state, parse it and validate that the parsing went
  614. * well. Yes! */
  615. static void
  616. test_state_load_from_disk(void *arg)
  617. {
  618. int ret;
  619. char *dir = tor_strdup(get_fname("test_sr_state"));
  620. char *sr_state_path = tor_strdup(get_fname("test_sr_state/sr_state"));
  621. sr_state_t *the_sr_state = NULL;
  622. (void) arg;
  623. MOCK(trusteddirserver_get_by_v3_auth_digest,
  624. trusteddirserver_get_by_v3_auth_digest_m);
  625. /* First try with a nonexistent path. */
  626. ret = disk_state_load_from_disk_impl("NONEXISTENTNONEXISTENT");
  627. tt_int_op(ret, OP_EQ, -ENOENT);
  628. /* Now create a mock state directory and state file */
  629. #ifdef _WIN32
  630. ret = mkdir(dir);
  631. #else
  632. ret = mkdir(dir, 0700);
  633. #endif
  634. tt_int_op(ret, OP_EQ, 0);
  635. ret = write_str_to_file(sr_state_path, sr_state_str, 0);
  636. tt_int_op(ret, OP_EQ, 0);
  637. /* Try to load the directory itself. Should fail. */
  638. ret = disk_state_load_from_disk_impl(dir);
  639. tt_int_op(ret, OP_LT, 0);
  640. /* State should be non-existent at this point. */
  641. the_sr_state = get_sr_state();
  642. tt_ptr_op(the_sr_state, OP_EQ, NULL);
  643. /* Now try to load the correct file! */
  644. ret = disk_state_load_from_disk_impl(sr_state_path);
  645. tt_int_op(ret, OP_EQ, 0);
  646. /* Check the content of the state */
  647. /* XXX check more deeply!!! */
  648. the_sr_state = get_sr_state();
  649. tt_assert(the_sr_state);
  650. tt_assert(the_sr_state->version == 1);
  651. tt_assert(digestmap_size(the_sr_state->commits) == 3);
  652. tt_assert(the_sr_state->current_srv);
  653. tt_assert(the_sr_state->current_srv->num_reveals == 3);
  654. tt_assert(the_sr_state->previous_srv);
  655. /* XXX Now also try loading corrupted state files and make sure parsing
  656. fails */
  657. done:
  658. tor_free(dir);
  659. tor_free(sr_state_path);
  660. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  661. }
  662. /** Generate three specially crafted commits (based on the test
  663. * vector at sr_srv_calc_ref.py). Helper of test_sr_compute_srv(). */
  664. static void
  665. test_sr_setup_commits(void)
  666. {
  667. time_t now = time(NULL);
  668. sr_commit_t *commit_a, *commit_b, *commit_c, *commit_d;
  669. sr_commit_t *place_holder = tor_malloc_zero(sizeof(*place_holder));
  670. authority_cert_t *auth_cert = NULL;
  671. { /* Setup a minimal dirauth environment for this test */
  672. or_options_t *options = get_options_mutable();
  673. auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  674. tt_assert(auth_cert);
  675. options->AuthoritativeDir = 1;
  676. tt_int_op(0, OP_EQ, load_ed_keys(options, now));
  677. }
  678. /* Generate three dummy commits according to sr_srv_calc_ref.py . Then
  679. register them to the SR state. Also register a fourth commit 'd' with no
  680. reveal info, to make sure that it will get ignored during SRV
  681. calculation. */
  682. { /* Commit from auth 'a' */
  683. commit_a = sr_generate_our_commit(now, auth_cert);
  684. tt_assert(commit_a);
  685. /* Do some surgery on the commit */
  686. memset(commit_a->rsa_identity, 'A', sizeof(commit_a->rsa_identity));
  687. base16_encode(commit_a->rsa_identity_hex,
  688. sizeof(commit_a->rsa_identity_hex), commit_a->rsa_identity,
  689. sizeof(commit_a->rsa_identity));
  690. strlcpy(commit_a->encoded_reveal,
  691. "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
  692. sizeof(commit_a->encoded_reveal));
  693. memcpy(commit_a->hashed_reveal,
  694. "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
  695. sizeof(commit_a->hashed_reveal));
  696. }
  697. { /* Commit from auth 'b' */
  698. commit_b = sr_generate_our_commit(now, auth_cert);
  699. tt_assert(commit_b);
  700. /* Do some surgery on the commit */
  701. memset(commit_b->rsa_identity, 'B', sizeof(commit_b->rsa_identity));
  702. base16_encode(commit_b->rsa_identity_hex,
  703. sizeof(commit_b->rsa_identity_hex), commit_b->rsa_identity,
  704. sizeof(commit_b->rsa_identity));
  705. strlcpy(commit_b->encoded_reveal,
  706. "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
  707. sizeof(commit_b->encoded_reveal));
  708. memcpy(commit_b->hashed_reveal,
  709. "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
  710. sizeof(commit_b->hashed_reveal));
  711. }
  712. { /* Commit from auth 'c' */
  713. commit_c = sr_generate_our_commit(now, auth_cert);
  714. tt_assert(commit_c);
  715. /* Do some surgery on the commit */
  716. memset(commit_c->rsa_identity, 'C', sizeof(commit_c->rsa_identity));
  717. base16_encode(commit_c->rsa_identity_hex,
  718. sizeof(commit_c->rsa_identity_hex), commit_c->rsa_identity,
  719. sizeof(commit_c->rsa_identity));
  720. strlcpy(commit_c->encoded_reveal,
  721. "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
  722. sizeof(commit_c->encoded_reveal));
  723. memcpy(commit_c->hashed_reveal,
  724. "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
  725. sizeof(commit_c->hashed_reveal));
  726. }
  727. { /* Commit from auth 'd' */
  728. commit_d = sr_generate_our_commit(now, auth_cert);
  729. tt_assert(commit_d);
  730. /* Do some surgery on the commit */
  731. memset(commit_d->rsa_identity, 'D', sizeof(commit_d->rsa_identity));
  732. base16_encode(commit_d->rsa_identity_hex,
  733. sizeof(commit_d->rsa_identity_hex), commit_d->rsa_identity,
  734. sizeof(commit_d->rsa_identity));
  735. strlcpy(commit_d->encoded_reveal,
  736. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
  737. sizeof(commit_d->encoded_reveal));
  738. memcpy(commit_d->hashed_reveal,
  739. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
  740. sizeof(commit_d->hashed_reveal));
  741. /* Clean up its reveal info */
  742. memcpy(place_holder, commit_d, sizeof(*place_holder));
  743. memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal));
  744. tt_assert(!commit_has_reveal_value(commit_d));
  745. }
  746. /* Register commits to state (during commit phase) */
  747. set_sr_phase(SR_PHASE_COMMIT);
  748. save_commit_to_state(commit_a);
  749. save_commit_to_state(commit_b);
  750. save_commit_to_state(commit_c);
  751. save_commit_to_state(commit_d);
  752. tt_int_op(digestmap_size(get_sr_state()->commits), OP_EQ, 4);
  753. /* Now during REVEAL phase save commit D by restoring its reveal. */
  754. set_sr_phase(SR_PHASE_REVEAL);
  755. save_commit_to_state(place_holder);
  756. place_holder = NULL;
  757. tt_str_op(commit_d->encoded_reveal, OP_EQ,
  758. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD");
  759. /* Go back to an empty encoded reveal value. */
  760. memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal));
  761. memset(commit_d->random_number, 0, sizeof(commit_d->random_number));
  762. tt_assert(!commit_has_reveal_value(commit_d));
  763. done:
  764. tor_free(place_holder);
  765. authority_cert_free(auth_cert);
  766. }
  767. /** Verify that the SRV generation procedure is proper by testing it against
  768. * the test vector from ./sr_srv_calc_ref.py. */
  769. static void
  770. test_sr_compute_srv(void *arg)
  771. {
  772. (void) arg;
  773. const sr_srv_t *current_srv = NULL;
  774. #define SRV_TEST_VECTOR \
  775. "2A9B1D6237DAB312A40F575DA85C147663E7ED3F80E9555395F15B515C74253D"
  776. MOCK(trusteddirserver_get_by_v3_auth_digest,
  777. trusteddirserver_get_by_v3_auth_digest_m);
  778. init_authority_state();
  779. /* Setup the commits for this unittest */
  780. test_sr_setup_commits();
  781. test_sr_setup_srv(0);
  782. /* Now switch to reveal phase */
  783. set_sr_phase(SR_PHASE_REVEAL);
  784. /* Compute the SRV */
  785. sr_compute_srv();
  786. /* Check the result against the test vector */
  787. current_srv = sr_state_get_current_srv();
  788. tt_assert(current_srv);
  789. tt_u64_op(current_srv->num_reveals, OP_EQ, 3);
  790. tt_str_op(hex_str((char*)current_srv->value, 32),
  791. OP_EQ,
  792. SRV_TEST_VECTOR);
  793. done:
  794. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  795. }
  796. /** Return a minimal vote document with a current SRV value set to
  797. * <b>srv</b>. */
  798. static networkstatus_t *
  799. get_test_vote_with_curr_srv(const char *srv)
  800. {
  801. networkstatus_t *vote = tor_malloc_zero(sizeof(networkstatus_t));
  802. vote->type = NS_TYPE_VOTE;
  803. vote->sr_info.participate = 1;
  804. vote->sr_info.current_srv = tor_malloc_zero(sizeof(sr_srv_t));
  805. vote->sr_info.current_srv->num_reveals = 42;
  806. memcpy(vote->sr_info.current_srv->value,
  807. srv,
  808. sizeof(vote->sr_info.current_srv->value));
  809. return vote;
  810. }
  811. /* Test the function that picks the right SRV given a bunch of votes. Make sure
  812. * that the function returns an SRV iff the majority/agreement requirements are
  813. * met. */
  814. static void
  815. test_sr_get_majority_srv_from_votes(void *arg)
  816. {
  817. sr_srv_t *chosen_srv;
  818. smartlist_t *votes = smartlist_new();
  819. #define SRV_1 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
  820. #define SRV_2 "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
  821. (void) arg;
  822. init_authority_state();
  823. /* Make sure our SRV is fresh so we can consider the super majority with
  824. * the consensus params of number of agreements needed. */
  825. sr_state_set_fresh_srv();
  826. /* The test relies on the dirauth list being initialized. */
  827. clear_dir_servers();
  828. add_default_trusted_dir_authorities(V3_DIRINFO);
  829. { /* Prepare voting environment with just a single vote. */
  830. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  831. smartlist_add(votes, vote);
  832. }
  833. /* Since it's only one vote with an SRV, it should not achieve majority and
  834. hence no SRV will be returned. */
  835. chosen_srv = get_majority_srv_from_votes(votes, 1);
  836. tt_ptr_op(chosen_srv, OP_EQ, NULL);
  837. { /* Now put in 8 more votes. Let SRV_1 have majority. */
  838. int i;
  839. /* Now 7 votes believe in SRV_1 */
  840. for (i = 0; i < 3; i++) {
  841. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  842. smartlist_add(votes, vote);
  843. }
  844. /* and 2 votes believe in SRV_2 */
  845. for (i = 0; i < 2; i++) {
  846. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_2);
  847. smartlist_add(votes, vote);
  848. }
  849. for (i = 0; i < 3; i++) {
  850. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  851. smartlist_add(votes, vote);
  852. }
  853. tt_int_op(smartlist_len(votes), OP_EQ, 9);
  854. }
  855. /* Now we achieve majority for SRV_1, but not the AuthDirNumSRVAgreements
  856. requirement. So still not picking an SRV. */
  857. set_num_srv_agreements(8);
  858. chosen_srv = get_majority_srv_from_votes(votes, 1);
  859. tt_ptr_op(chosen_srv, OP_EQ, NULL);
  860. /* We will now lower the AuthDirNumSRVAgreements requirement by tweaking the
  861. * consensus parameter and we will try again. This time it should work. */
  862. set_num_srv_agreements(7);
  863. chosen_srv = get_majority_srv_from_votes(votes, 1);
  864. tt_assert(chosen_srv);
  865. tt_u64_op(chosen_srv->num_reveals, OP_EQ, 42);
  866. tt_mem_op(chosen_srv->value, OP_EQ, SRV_1, sizeof(chosen_srv->value));
  867. done:
  868. SMARTLIST_FOREACH(votes, networkstatus_t *, vote,
  869. networkstatus_vote_free(vote));
  870. smartlist_free(votes);
  871. }
  872. static void
  873. test_utils(void *arg)
  874. {
  875. (void) arg;
  876. /* Testing srv_dup(). */
  877. {
  878. sr_srv_t *srv = NULL, *dup_srv = NULL;
  879. const char *srv_value =
  880. "1BDB7C3E973936E4D13A49F37C859B3DC69C429334CF9412E3FEF6399C52D47A";
  881. srv = tor_malloc_zero(sizeof(*srv));
  882. srv->num_reveals = 42;
  883. memcpy(srv->value, srv_value, sizeof(srv->value));
  884. dup_srv = srv_dup(srv);
  885. tt_assert(dup_srv);
  886. tt_u64_op(dup_srv->num_reveals, OP_EQ, srv->num_reveals);
  887. tt_mem_op(dup_srv->value, OP_EQ, srv->value, sizeof(srv->value));
  888. tor_free(srv);
  889. tor_free(dup_srv);
  890. }
  891. /* Testing commitments_are_the_same(). Currently, the check is to test the
  892. * value of the encoded commit so let's make sure that actually works. */
  893. {
  894. /* Payload of 57 bytes that is the length of sr_commit_t->encoded_commit.
  895. * 56 bytes of payload and a NUL terminated byte at the end ('\x00')
  896. * which comes down to SR_COMMIT_BASE64_LEN + 1. */
  897. const char *payload =
  898. "\x5d\xb9\x60\xb6\xcc\x51\x68\x52\x31\xd9\x88\x88\x71\x71\xe0\x30"
  899. "\x59\x55\x7f\xcd\x61\xc0\x4b\x05\xb8\xcd\xc1\x48\xe9\xcd\x16\x1f"
  900. "\x70\x15\x0c\xfc\xd3\x1a\x75\xd0\x93\x6c\xc4\xe0\x5c\xbe\xe2\x18"
  901. "\xc7\xaf\x72\xb6\x7c\x9b\x52\x00";
  902. sr_commit_t commit1, commit2;
  903. memcpy(commit1.encoded_commit, payload, sizeof(commit1.encoded_commit));
  904. memcpy(commit2.encoded_commit, payload, sizeof(commit2.encoded_commit));
  905. tt_int_op(commitments_are_the_same(&commit1, &commit2), OP_EQ, 1);
  906. /* Let's corrupt one of them. */
  907. memset(commit1.encoded_commit, 'A', sizeof(commit1.encoded_commit));
  908. tt_int_op(commitments_are_the_same(&commit1, &commit2), OP_EQ, 0);
  909. }
  910. /* Testing commit_is_authoritative(). */
  911. {
  912. crypto_pk_t *k = crypto_pk_new();
  913. char digest[DIGEST_LEN];
  914. sr_commit_t commit;
  915. tt_assert(!crypto_pk_generate_key(k));
  916. tt_int_op(0, OP_EQ, crypto_pk_get_digest(k, digest));
  917. memcpy(commit.rsa_identity, digest, sizeof(commit.rsa_identity));
  918. tt_int_op(commit_is_authoritative(&commit, digest), OP_EQ, 1);
  919. /* Change the pubkey. */
  920. memset(commit.rsa_identity, 0, sizeof(commit.rsa_identity));
  921. tt_int_op(commit_is_authoritative(&commit, digest), OP_EQ, 0);
  922. crypto_pk_free(k);
  923. }
  924. /* Testing get_phase_str(). */
  925. {
  926. tt_str_op(get_phase_str(SR_PHASE_REVEAL), OP_EQ, "reveal");
  927. tt_str_op(get_phase_str(SR_PHASE_COMMIT), OP_EQ, "commit");
  928. }
  929. /* Testing phase transition */
  930. {
  931. init_authority_state();
  932. set_sr_phase(SR_PHASE_COMMIT);
  933. tt_int_op(is_phase_transition(SR_PHASE_REVEAL), OP_EQ, 1);
  934. tt_int_op(is_phase_transition(SR_PHASE_COMMIT), OP_EQ, 0);
  935. set_sr_phase(SR_PHASE_REVEAL);
  936. tt_int_op(is_phase_transition(SR_PHASE_REVEAL), OP_EQ, 0);
  937. tt_int_op(is_phase_transition(SR_PHASE_COMMIT), OP_EQ, 1);
  938. /* Junk. */
  939. tt_int_op(is_phase_transition(42), OP_EQ, 1);
  940. }
  941. done:
  942. return;
  943. }
  944. static void
  945. test_state_transition(void *arg)
  946. {
  947. sr_state_t *state = NULL;
  948. time_t now = time(NULL);
  949. (void) arg;
  950. { /* Setup a minimal dirauth environment for this test */
  951. init_authority_state();
  952. state = get_sr_state();
  953. tt_assert(state);
  954. }
  955. /* Test our state reset for a new protocol run. */
  956. {
  957. /* Add a commit to the state so we can test if the reset cleans the
  958. * commits. Also, change all params that we expect to be updated. */
  959. sr_commit_t *commit = sr_generate_our_commit(now, mock_cert);
  960. tt_assert(commit);
  961. sr_state_add_commit(commit);
  962. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  963. /* Let's test our delete feature. */
  964. sr_state_delete_commits();
  965. tt_int_op(digestmap_size(state->commits), OP_EQ, 0);
  966. /* Add it back so we can continue the rest of the test because after
  967. * deletiong our commit will be freed so generate a new one. */
  968. commit = sr_generate_our_commit(now, mock_cert);
  969. tt_assert(commit);
  970. sr_state_add_commit(commit);
  971. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  972. state->n_reveal_rounds = 42;
  973. state->n_commit_rounds = 43;
  974. state->n_protocol_runs = 44;
  975. reset_state_for_new_protocol_run(now);
  976. tt_int_op(state->n_reveal_rounds, OP_EQ, 0);
  977. tt_int_op(state->n_commit_rounds, OP_EQ, 0);
  978. tt_u64_op(state->n_protocol_runs, OP_EQ, 45);
  979. tt_int_op(digestmap_size(state->commits), OP_EQ, 0);
  980. }
  981. /* Test SRV rotation in our state. */
  982. {
  983. const sr_srv_t *cur, *prev;
  984. test_sr_setup_srv(1);
  985. cur = sr_state_get_current_srv();
  986. tt_assert(cur);
  987. /* After, current srv should be the previous and then set to NULL. */
  988. state_rotate_srv();
  989. prev = sr_state_get_previous_srv();
  990. tt_assert(prev == cur);
  991. tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
  992. sr_state_clean_srvs();
  993. }
  994. /* New protocol run. */
  995. {
  996. const sr_srv_t *cur;
  997. /* Setup some new SRVs so we can confirm that a new protocol run
  998. * actually makes them rotate and compute new ones. */
  999. test_sr_setup_srv(1);
  1000. cur = sr_state_get_current_srv();
  1001. tt_assert(cur);
  1002. set_sr_phase(SR_PHASE_REVEAL);
  1003. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  1004. new_protocol_run(now);
  1005. UNMOCK(get_my_v3_authority_cert);
  1006. /* Rotation happened. */
  1007. tt_assert(sr_state_get_previous_srv() == cur);
  1008. /* We are going into COMMIT phase so we had to rotate our SRVs. Usually
  1009. * our current SRV would be NULL but a new protocol run should make us
  1010. * compute a new SRV. */
  1011. tt_assert(sr_state_get_current_srv());
  1012. /* Also, make sure we did change the current. */
  1013. tt_assert(sr_state_get_current_srv() != cur);
  1014. /* We should have our commitment alone. */
  1015. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  1016. tt_int_op(state->n_reveal_rounds, OP_EQ, 0);
  1017. tt_int_op(state->n_commit_rounds, OP_EQ, 0);
  1018. /* 46 here since we were at 45 just before. */
  1019. tt_u64_op(state->n_protocol_runs, OP_EQ, 46);
  1020. }
  1021. /* Cleanup of SRVs. */
  1022. {
  1023. sr_state_clean_srvs();
  1024. tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
  1025. tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
  1026. }
  1027. done:
  1028. return;
  1029. }
  1030. static void
  1031. test_keep_commit(void *arg)
  1032. {
  1033. char fp[FINGERPRINT_LEN + 1];
  1034. sr_commit_t *commit = NULL, *dup_commit = NULL;
  1035. sr_state_t *state;
  1036. time_t now = time(NULL);
  1037. crypto_pk_t *k = NULL;
  1038. (void) arg;
  1039. MOCK(trusteddirserver_get_by_v3_auth_digest,
  1040. trusteddirserver_get_by_v3_auth_digest_m);
  1041. {
  1042. k = pk_generate(1);
  1043. /* Setup a minimal dirauth environment for this test */
  1044. /* Have a key that is not the one from our commit. */
  1045. init_authority_state();
  1046. state = get_sr_state();
  1047. }
  1048. crypto_rand((char*)fp, sizeof(fp));
  1049. /* Test this very important function that tells us if we should keep a
  1050. * commit or not in our state. Most of it depends on the phase and what's
  1051. * in the commit so we'll change the commit as we go. */
  1052. commit = sr_generate_our_commit(now, mock_cert);
  1053. tt_assert(commit);
  1054. /* Set us in COMMIT phase for starter. */
  1055. set_sr_phase(SR_PHASE_COMMIT);
  1056. /* We should never keep a commit from a non authoritative authority. */
  1057. tt_int_op(should_keep_commit(commit, fp, SR_PHASE_COMMIT), OP_EQ, 0);
  1058. /* This should NOT be kept because it has a reveal value in it. */
  1059. tt_assert(commit_has_reveal_value(commit));
  1060. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1061. SR_PHASE_COMMIT), OP_EQ, 0);
  1062. /* Add it to the state which should return to not keep it. */
  1063. sr_state_add_commit(commit);
  1064. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1065. SR_PHASE_COMMIT), OP_EQ, 0);
  1066. /* Remove it from state so we can continue our testing. */
  1067. digestmap_remove(state->commits, commit->rsa_identity);
  1068. /* Let's remove our reveal value which should make it OK to keep it. */
  1069. memset(commit->encoded_reveal, 0, sizeof(commit->encoded_reveal));
  1070. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1071. SR_PHASE_COMMIT), OP_EQ, 1);
  1072. /* Let's reset our commit and go into REVEAL phase. */
  1073. sr_commit_free(commit);
  1074. commit = sr_generate_our_commit(now, mock_cert);
  1075. tt_assert(commit);
  1076. /* Dup the commit so we have one with and one without a reveal value. */
  1077. dup_commit = tor_malloc_zero(sizeof(*dup_commit));
  1078. memcpy(dup_commit, commit, sizeof(*dup_commit));
  1079. memset(dup_commit->encoded_reveal, 0, sizeof(dup_commit->encoded_reveal));
  1080. set_sr_phase(SR_PHASE_REVEAL);
  1081. /* We should never keep a commit from a non authoritative authority. */
  1082. tt_int_op(should_keep_commit(commit, fp, SR_PHASE_REVEAL), OP_EQ, 0);
  1083. /* We shouldn't accept a commit that is not in our state. */
  1084. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1085. SR_PHASE_REVEAL), OP_EQ, 0);
  1086. /* Important to add the commit _without_ the reveal here. */
  1087. sr_state_add_commit(dup_commit);
  1088. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  1089. /* Our commit should be valid that is authoritative, contains a reveal, be
  1090. * in the state and commitment and reveal values match. */
  1091. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1092. SR_PHASE_REVEAL), OP_EQ, 1);
  1093. /* The commit shouldn't be kept if it's not verified that is no matchin
  1094. * hashed reveal. */
  1095. {
  1096. /* Let's save the hash reveal so we can restore it. */
  1097. sr_commit_t place_holder;
  1098. memcpy(place_holder.hashed_reveal, commit->hashed_reveal,
  1099. sizeof(place_holder.hashed_reveal));
  1100. memset(commit->hashed_reveal, 0, sizeof(commit->hashed_reveal));
  1101. setup_full_capture_of_logs(LOG_WARN);
  1102. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1103. SR_PHASE_REVEAL), OP_EQ, 0);
  1104. expect_log_msg_containing("doesn't match the commit value.");
  1105. expect_log_msg_containing("has an invalid reveal value.");
  1106. assert_log_predicate(mock_saved_log_n_entries() == 2,
  1107. "expected 2 log entries");
  1108. teardown_capture_of_logs();
  1109. memcpy(commit->hashed_reveal, place_holder.hashed_reveal,
  1110. sizeof(commit->hashed_reveal));
  1111. }
  1112. /* We shouldn't keep a commit that has no reveal. */
  1113. tt_int_op(should_keep_commit(dup_commit, dup_commit->rsa_identity,
  1114. SR_PHASE_REVEAL), OP_EQ, 0);
  1115. /* We must not keep a commit that is not the same from the commit phase. */
  1116. memset(commit->encoded_commit, 0, sizeof(commit->encoded_commit));
  1117. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1118. SR_PHASE_REVEAL), OP_EQ, 0);
  1119. done:
  1120. teardown_capture_of_logs();
  1121. sr_commit_free(commit);
  1122. sr_commit_free(dup_commit);
  1123. crypto_pk_free(k);
  1124. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  1125. }
  1126. static void
  1127. test_state_update(void *arg)
  1128. {
  1129. time_t commit_phase_time = 1452076000;
  1130. time_t reveal_phase_time = 1452086800;
  1131. sr_state_t *state;
  1132. (void) arg;
  1133. {
  1134. init_authority_state();
  1135. state = get_sr_state();
  1136. set_sr_phase(SR_PHASE_COMMIT);
  1137. /* We'll cheat a bit here and reset the creation time of the state which
  1138. * will avoid us to compute a valid_after time that fits the commit
  1139. * phase. */
  1140. state->valid_after = 0;
  1141. state->n_reveal_rounds = 0;
  1142. state->n_commit_rounds = 0;
  1143. state->n_protocol_runs = 0;
  1144. }
  1145. /* We need to mock for the state update function call. */
  1146. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  1147. /* We are in COMMIT phase here and we'll trigger a state update but no
  1148. * transition. */
  1149. sr_state_update(commit_phase_time);
  1150. tt_int_op(state->valid_after, OP_EQ, commit_phase_time);
  1151. tt_int_op(state->n_commit_rounds, OP_EQ, 1);
  1152. tt_int_op(state->phase, OP_EQ, SR_PHASE_COMMIT);
  1153. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  1154. /* We are still in the COMMIT phase here but we'll trigger a state
  1155. * transition to the REVEAL phase. */
  1156. sr_state_update(reveal_phase_time);
  1157. tt_int_op(state->phase, OP_EQ, SR_PHASE_REVEAL);
  1158. tt_int_op(state->valid_after, OP_EQ, reveal_phase_time);
  1159. /* Only our commit should be in there. */
  1160. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  1161. tt_int_op(state->n_reveal_rounds, OP_EQ, 1);
  1162. /* We can't update a state with a valid after _lower_ than the creation
  1163. * time so here it is. */
  1164. sr_state_update(commit_phase_time);
  1165. tt_int_op(state->valid_after, OP_EQ, reveal_phase_time);
  1166. /* Finally, let's go back in COMMIT phase so we can test the state update
  1167. * of a new protocol run. */
  1168. state->valid_after = 0;
  1169. sr_state_update(commit_phase_time);
  1170. tt_int_op(state->valid_after, OP_EQ, commit_phase_time);
  1171. tt_int_op(state->n_commit_rounds, OP_EQ, 1);
  1172. tt_int_op(state->n_reveal_rounds, OP_EQ, 0);
  1173. tt_u64_op(state->n_protocol_runs, OP_EQ, 1);
  1174. tt_int_op(state->phase, OP_EQ, SR_PHASE_COMMIT);
  1175. tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
  1176. tt_assert(state->current_srv);
  1177. done:
  1178. sr_state_free_all();
  1179. UNMOCK(get_my_v3_authority_cert);
  1180. }
  1181. struct testcase_t sr_tests[] = {
  1182. { "get_sr_protocol_phase", test_get_sr_protocol_phase, TT_FORK,
  1183. NULL, NULL },
  1184. { "sr_commit", test_sr_commit, TT_FORK,
  1185. NULL, NULL },
  1186. { "keep_commit", test_keep_commit, TT_FORK,
  1187. NULL, NULL },
  1188. { "encoding", test_encoding, TT_FORK,
  1189. NULL, NULL },
  1190. { "get_start_time_of_current_run", test_get_start_time_of_current_run,
  1191. TT_FORK, NULL, NULL },
  1192. { "get_start_time_functions", test_get_start_time_functions,
  1193. TT_FORK, NULL, NULL },
  1194. { "get_sr_protocol_duration", test_get_sr_protocol_duration, TT_FORK,
  1195. NULL, NULL },
  1196. { "get_state_valid_until_time", test_get_state_valid_until_time, TT_FORK,
  1197. NULL, NULL },
  1198. { "vote", test_vote, TT_FORK,
  1199. NULL, NULL },
  1200. { "state_load_from_disk", test_state_load_from_disk, TT_FORK,
  1201. NULL, NULL },
  1202. { "sr_compute_srv", test_sr_compute_srv, TT_FORK, NULL, NULL },
  1203. { "sr_get_majority_srv_from_votes", test_sr_get_majority_srv_from_votes,
  1204. TT_FORK, NULL, NULL },
  1205. { "utils", test_utils, TT_FORK, NULL, NULL },
  1206. { "state_transition", test_state_transition, TT_FORK, NULL, NULL },
  1207. { "state_update", test_state_update, TT_FORK,
  1208. NULL, NULL },
  1209. END_OF_TESTCASES
  1210. };