test_shared_random.c 44 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290
  1. #define SHARED_RANDOM_PRIVATE
  2. #define SHARED_RANDOM_STATE_PRIVATE
  3. #define CONFIG_PRIVATE
  4. #define DIRVOTE_PRIVATE
  5. #include "or.h"
  6. #include "test.h"
  7. #include "config.h"
  8. #include "dirvote.h"
  9. #include "shared_random.h"
  10. #include "shared_random_state.h"
  11. #include "routerkeys.h"
  12. #include "routerlist.h"
  13. #include "router.h"
  14. #include "routerparse.h"
  15. #include "networkstatus.h"
  16. #include "log_test_helpers.h"
  17. static authority_cert_t *mock_cert;
  18. static authority_cert_t *
  19. get_my_v3_authority_cert_m(void)
  20. {
  21. tor_assert(mock_cert);
  22. return mock_cert;
  23. }
  24. static dir_server_t ds;
  25. static dir_server_t *
  26. trusteddirserver_get_by_v3_auth_digest_m(const char *digest)
  27. {
  28. (void) digest;
  29. /* The shared random code only need to know if a valid pointer to a dir
  30. * server object has been found so this is safe because it won't use the
  31. * pointer at all never. */
  32. return &ds;
  33. }
  34. /* Setup a minimal dirauth environment by initializing the SR state and
  35. * making sure the options are set to be an authority directory. */
  36. static void
  37. init_authority_state(void)
  38. {
  39. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  40. or_options_t *options = get_options_mutable();
  41. mock_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  42. tt_assert(mock_cert);
  43. options->AuthoritativeDir = 1;
  44. tt_int_op(0, ==, load_ed_keys(options, time(NULL)));
  45. sr_state_init(0, 0);
  46. /* It's possible a commit has been generated in our state depending on
  47. * the phase we are currently in which uses "now" as the starting
  48. * timestamp. Delete it before we do any testing below. */
  49. sr_state_delete_commits();
  50. done:
  51. UNMOCK(get_my_v3_authority_cert);
  52. }
  53. static void
  54. test_get_sr_protocol_phase(void *arg)
  55. {
  56. time_t the_time;
  57. sr_phase_t phase;
  58. int retval;
  59. (void) arg;
  60. /* Initialize SR state */
  61. init_authority_state();
  62. {
  63. retval = parse_rfc1123_time("Wed, 20 Apr 2015 23:59:00 UTC", &the_time);
  64. tt_int_op(retval, ==, 0);
  65. phase = get_sr_protocol_phase(the_time);
  66. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  67. }
  68. {
  69. retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:00 UTC", &the_time);
  70. tt_int_op(retval, ==, 0);
  71. phase = get_sr_protocol_phase(the_time);
  72. tt_int_op(phase, ==, SR_PHASE_COMMIT);
  73. }
  74. {
  75. retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:01 UTC", &the_time);
  76. tt_int_op(retval, ==, 0);
  77. phase = get_sr_protocol_phase(the_time);
  78. tt_int_op(phase, ==, SR_PHASE_COMMIT);
  79. }
  80. {
  81. retval = parse_rfc1123_time("Wed, 20 Apr 2015 11:59:00 UTC", &the_time);
  82. tt_int_op(retval, ==, 0);
  83. phase = get_sr_protocol_phase(the_time);
  84. tt_int_op(phase, ==, SR_PHASE_COMMIT);
  85. }
  86. {
  87. retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:00 UTC", &the_time);
  88. tt_int_op(retval, ==, 0);
  89. phase = get_sr_protocol_phase(the_time);
  90. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  91. }
  92. {
  93. retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:01 UTC", &the_time);
  94. tt_int_op(retval, ==, 0);
  95. phase = get_sr_protocol_phase(the_time);
  96. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  97. }
  98. {
  99. retval = parse_rfc1123_time("Wed, 20 Apr 2015 13:00:00 UTC", &the_time);
  100. tt_int_op(retval, ==, 0);
  101. phase = get_sr_protocol_phase(the_time);
  102. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  103. }
  104. done:
  105. ;
  106. }
  107. static networkstatus_t *mock_consensus = NULL;
  108. static void
  109. test_get_state_valid_until_time(void *arg)
  110. {
  111. time_t current_time;
  112. time_t valid_until_time;
  113. char tbuf[ISO_TIME_LEN + 1];
  114. int retval;
  115. (void) arg;
  116. {
  117. /* Get the valid until time if called at 00:00:01 */
  118. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
  119. &current_time);
  120. tt_int_op(retval, ==, 0);
  121. valid_until_time = get_state_valid_until_time(current_time);
  122. /* Compare it with the correct result */
  123. format_iso_time(tbuf, valid_until_time);
  124. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  125. }
  126. {
  127. retval = parse_rfc1123_time("Mon, 20 Apr 2015 19:22:00 UTC",
  128. &current_time);
  129. tt_int_op(retval, ==, 0);
  130. valid_until_time = get_state_valid_until_time(current_time);
  131. format_iso_time(tbuf, valid_until_time);
  132. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  133. }
  134. {
  135. retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:59:00 UTC",
  136. &current_time);
  137. tt_int_op(retval, ==, 0);
  138. valid_until_time = get_state_valid_until_time(current_time);
  139. format_iso_time(tbuf, valid_until_time);
  140. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  141. }
  142. {
  143. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  144. &current_time);
  145. tt_int_op(retval, ==, 0);
  146. valid_until_time = get_state_valid_until_time(current_time);
  147. format_iso_time(tbuf, valid_until_time);
  148. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  149. }
  150. done:
  151. ;
  152. }
  153. /* Mock function to immediately return our local 'mock_consensus'. */
  154. static networkstatus_t *
  155. mock_networkstatus_get_live_consensus(time_t now)
  156. {
  157. (void) now;
  158. return mock_consensus;
  159. }
  160. /** Test the get_next_valid_after_time() function. */
  161. static void
  162. test_get_next_valid_after_time(void *arg)
  163. {
  164. time_t current_time;
  165. time_t valid_after_time;
  166. char tbuf[ISO_TIME_LEN + 1];
  167. int retval;
  168. (void) arg;
  169. {
  170. /* Setup a fake consensus just to get the times out of it, since
  171. get_next_valid_after_time() needs them. */
  172. mock_consensus = tor_malloc_zero(sizeof(networkstatus_t));
  173. retval = parse_rfc1123_time("Mon, 13 Jan 2016 16:00:00 UTC",
  174. &mock_consensus->fresh_until);
  175. tt_int_op(retval, ==, 0);
  176. retval = parse_rfc1123_time("Mon, 13 Jan 2016 15:00:00 UTC",
  177. &mock_consensus->valid_after);
  178. tt_int_op(retval, ==, 0);
  179. MOCK(networkstatus_get_live_consensus,
  180. mock_networkstatus_get_live_consensus);
  181. }
  182. {
  183. /* Get the valid after time if called at 00:00:00 */
  184. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  185. &current_time);
  186. tt_int_op(retval, ==, 0);
  187. valid_after_time = get_next_valid_after_time(current_time);
  188. /* Compare it with the correct result */
  189. format_iso_time(tbuf, valid_after_time);
  190. tt_str_op("2015-04-20 01:00:00", OP_EQ, tbuf);
  191. }
  192. {
  193. /* Get the valid until time if called at 00:00:01 */
  194. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
  195. &current_time);
  196. tt_int_op(retval, ==, 0);
  197. valid_after_time = get_next_valid_after_time(current_time);
  198. /* Compare it with the correct result */
  199. format_iso_time(tbuf, valid_after_time);
  200. tt_str_op("2015-04-20 01:00:00", OP_EQ, tbuf);
  201. }
  202. {
  203. retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:30:01 UTC",
  204. &current_time);
  205. tt_int_op(retval, ==, 0);
  206. valid_after_time = get_next_valid_after_time(current_time);
  207. /* Compare it with the correct result */
  208. format_iso_time(tbuf, valid_after_time);
  209. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  210. }
  211. done:
  212. networkstatus_vote_free(mock_consensus);
  213. }
  214. /* In this test we are going to generate a sr_commit_t object and validate
  215. * it. We first generate our values, and then we parse them as if they were
  216. * received from the network. After we parse both the commit and the reveal,
  217. * we verify that they indeed match. */
  218. static void
  219. test_sr_commit(void *arg)
  220. {
  221. authority_cert_t *auth_cert = NULL;
  222. time_t now = time(NULL);
  223. sr_commit_t *our_commit = NULL;
  224. smartlist_t *args = smartlist_new();
  225. sr_commit_t *parsed_commit = NULL;
  226. (void) arg;
  227. { /* Setup a minimal dirauth environment for this test */
  228. or_options_t *options = get_options_mutable();
  229. auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  230. tt_assert(auth_cert);
  231. options->AuthoritativeDir = 1;
  232. tt_int_op(0, ==, load_ed_keys(options, now));
  233. }
  234. /* Generate our commit object and validate it has the appropriate field
  235. * that we can then use to build a representation that we'll find in a
  236. * vote coming from the network. */
  237. {
  238. sr_commit_t test_commit;
  239. our_commit = sr_generate_our_commit(now, auth_cert);
  240. tt_assert(our_commit);
  241. /* Default and only supported algorithm for now. */
  242. tt_assert(our_commit->alg == DIGEST_SHA3_256);
  243. /* We should have a reveal value. */
  244. tt_assert(commit_has_reveal_value(our_commit));
  245. /* We should have a random value. */
  246. tt_assert(!tor_mem_is_zero((char *) our_commit->random_number,
  247. sizeof(our_commit->random_number)));
  248. /* Commit and reveal timestamp should be the same. */
  249. tt_u64_op(our_commit->commit_ts, ==, our_commit->reveal_ts);
  250. /* We should have a hashed reveal. */
  251. tt_assert(!tor_mem_is_zero(our_commit->hashed_reveal,
  252. sizeof(our_commit->hashed_reveal)));
  253. /* Do we have a valid encoded commit and reveal. Note the following only
  254. * tests if the generated values are correct. Their could be a bug in
  255. * the decode function but we test them seperately. */
  256. tt_int_op(0, ==, reveal_decode(our_commit->encoded_reveal,
  257. &test_commit));
  258. tt_int_op(0, ==, commit_decode(our_commit->encoded_commit,
  259. &test_commit));
  260. tt_int_op(0, ==, verify_commit_and_reveal(our_commit));
  261. }
  262. /* Let's make sure our verify commit and reveal function works. We'll
  263. * make it fail a bit with known failure case. */
  264. {
  265. /* Copy our commit so we don't alter it for the rest of testing. */
  266. sr_commit_t test_commit;
  267. memcpy(&test_commit, our_commit, sizeof(test_commit));
  268. /* Timestamp MUST match. */
  269. test_commit.commit_ts = test_commit.reveal_ts - 42;
  270. setup_full_capture_of_logs(LOG_WARN);
  271. tt_int_op(-1, ==, verify_commit_and_reveal(&test_commit));
  272. expect_log_msg_containing("doesn't match reveal timestamp");
  273. teardown_capture_of_logs();
  274. memcpy(&test_commit, our_commit, sizeof(test_commit));
  275. tt_int_op(0, ==, verify_commit_and_reveal(&test_commit));
  276. /* Hashed reveal must match the H(encoded_reveal). */
  277. memset(test_commit.hashed_reveal, 'X',
  278. sizeof(test_commit.hashed_reveal));
  279. setup_full_capture_of_logs(LOG_WARN);
  280. tt_int_op(-1, ==, verify_commit_and_reveal(&test_commit));
  281. expect_single_log_msg_containing("doesn't match the commit value");
  282. teardown_capture_of_logs();
  283. memcpy(&test_commit, our_commit, sizeof(test_commit));
  284. tt_int_op(0, ==, verify_commit_and_reveal(&test_commit));
  285. }
  286. /* We'll build a list of values from our commit that our parsing function
  287. * takes from a vote line and see if we can parse it correctly. */
  288. {
  289. smartlist_add_strdup(args, "1");
  290. smartlist_add_strdup(args,
  291. crypto_digest_algorithm_get_name(our_commit->alg));
  292. smartlist_add_strdup(args, sr_commit_get_rsa_fpr(our_commit));
  293. smartlist_add_strdup(args, our_commit->encoded_commit);
  294. smartlist_add_strdup(args, our_commit->encoded_reveal);
  295. parsed_commit = sr_parse_commit(args);
  296. tt_assert(parsed_commit);
  297. /* That parsed commit should be _EXACTLY_ like our original commit (we
  298. * have to explicitly set the valid flag though). */
  299. parsed_commit->valid = 1;
  300. tt_mem_op(parsed_commit, OP_EQ, our_commit, sizeof(*parsed_commit));
  301. /* Cleanup */
  302. }
  303. done:
  304. teardown_capture_of_logs();
  305. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  306. smartlist_free(args);
  307. sr_commit_free(our_commit);
  308. sr_commit_free(parsed_commit);
  309. authority_cert_free(auth_cert);
  310. }
  311. /* Test the encoding and decoding function for commit and reveal values. */
  312. static void
  313. test_encoding(void *arg)
  314. {
  315. (void) arg;
  316. int ret;
  317. /* Random number is 32 bytes. */
  318. char raw_rand[32];
  319. time_t ts = 1454333590;
  320. char hashed_rand[DIGEST256_LEN], hashed_reveal[DIGEST256_LEN];
  321. sr_commit_t parsed_commit;
  322. /* Those values were generated by sr_commit_calc_ref.py where the random
  323. * value is 32 'A' and timestamp is the one in ts. */
  324. static const char *encoded_reveal =
  325. "AAAAAFavXpZJxbwTupvaJCTeIUCQmOPxAMblc7ChL5H2nZKuGchdaA==";
  326. static const char *encoded_commit =
  327. "AAAAAFavXpbkBMzMQG7aNoaGLFNpm2Wkk1ozXhuWWqL//GynltxVAg==";
  328. /* Set up our raw random bytes array. */
  329. memset(raw_rand, 'A', sizeof(raw_rand));
  330. /* Hash random number because we don't expose bytes of the RNG. */
  331. ret = crypto_digest256(hashed_rand, raw_rand,
  332. sizeof(raw_rand), SR_DIGEST_ALG);
  333. tt_int_op(0, ==, ret);
  334. /* Hash reveal value. */
  335. tt_int_op(SR_REVEAL_BASE64_LEN, ==, strlen(encoded_reveal));
  336. ret = crypto_digest256(hashed_reveal, encoded_reveal,
  337. strlen(encoded_reveal), SR_DIGEST_ALG);
  338. tt_int_op(0, ==, ret);
  339. tt_int_op(SR_COMMIT_BASE64_LEN, ==, strlen(encoded_commit));
  340. /* Test our commit/reveal decode functions. */
  341. {
  342. /* Test the reveal encoded value. */
  343. tt_int_op(0, ==, reveal_decode(encoded_reveal, &parsed_commit));
  344. tt_u64_op(ts, ==, parsed_commit.reveal_ts);
  345. tt_mem_op(hashed_rand, OP_EQ, parsed_commit.random_number,
  346. sizeof(hashed_rand));
  347. /* Test the commit encoded value. */
  348. memset(&parsed_commit, 0, sizeof(parsed_commit));
  349. tt_int_op(0, ==, commit_decode(encoded_commit, &parsed_commit));
  350. tt_u64_op(ts, ==, parsed_commit.commit_ts);
  351. tt_mem_op(encoded_commit, OP_EQ, parsed_commit.encoded_commit,
  352. sizeof(parsed_commit.encoded_commit));
  353. tt_mem_op(hashed_reveal, OP_EQ, parsed_commit.hashed_reveal,
  354. sizeof(hashed_reveal));
  355. }
  356. /* Test our commit/reveal encode functions. */
  357. {
  358. /* Test the reveal encode. */
  359. char encoded[SR_REVEAL_BASE64_LEN + 1];
  360. parsed_commit.reveal_ts = ts;
  361. memcpy(parsed_commit.random_number, hashed_rand,
  362. sizeof(parsed_commit.random_number));
  363. ret = reveal_encode(&parsed_commit, encoded, sizeof(encoded));
  364. tt_int_op(SR_REVEAL_BASE64_LEN, ==, ret);
  365. tt_mem_op(encoded_reveal, OP_EQ, encoded, strlen(encoded_reveal));
  366. }
  367. {
  368. /* Test the commit encode. */
  369. char encoded[SR_COMMIT_BASE64_LEN + 1];
  370. parsed_commit.commit_ts = ts;
  371. memcpy(parsed_commit.hashed_reveal, hashed_reveal,
  372. sizeof(parsed_commit.hashed_reveal));
  373. ret = commit_encode(&parsed_commit, encoded, sizeof(encoded));
  374. tt_int_op(SR_COMMIT_BASE64_LEN, ==, ret);
  375. tt_mem_op(encoded_commit, OP_EQ, encoded, strlen(encoded_commit));
  376. }
  377. done:
  378. ;
  379. }
  380. /** Setup some SRVs in our SR state. If <b>also_current</b> is set, then set
  381. * both current and previous SRVs.
  382. * Helper of test_vote() and test_sr_compute_srv(). */
  383. static void
  384. test_sr_setup_srv(int also_current)
  385. {
  386. sr_srv_t *srv = tor_malloc_zero(sizeof(sr_srv_t));
  387. srv->num_reveals = 42;
  388. memcpy(srv->value,
  389. "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
  390. sizeof(srv->value));
  391. sr_state_set_previous_srv(srv);
  392. if (also_current) {
  393. srv = tor_malloc_zero(sizeof(sr_srv_t));
  394. srv->num_reveals = 128;
  395. memcpy(srv->value,
  396. "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN",
  397. sizeof(srv->value));
  398. sr_state_set_current_srv(srv);
  399. }
  400. }
  401. /* Test anything that has to do with SR protocol and vote. */
  402. static void
  403. test_vote(void *arg)
  404. {
  405. int ret;
  406. time_t now = time(NULL);
  407. sr_commit_t *our_commit = NULL;
  408. (void) arg;
  409. MOCK(trusteddirserver_get_by_v3_auth_digest,
  410. trusteddirserver_get_by_v3_auth_digest_m);
  411. { /* Setup a minimal dirauth environment for this test */
  412. init_authority_state();
  413. /* Set ourself in reveal phase so we can parse the reveal value in the
  414. * vote as well. */
  415. set_sr_phase(SR_PHASE_REVEAL);
  416. }
  417. /* Generate our commit object and validate it has the appropriate field
  418. * that we can then use to build a representation that we'll find in a
  419. * vote coming from the network. */
  420. {
  421. sr_commit_t *saved_commit;
  422. our_commit = sr_generate_our_commit(now, mock_cert);
  423. tt_assert(our_commit);
  424. sr_state_add_commit(our_commit);
  425. /* Make sure it's there. */
  426. saved_commit = sr_state_get_commit(our_commit->rsa_identity);
  427. tt_assert(saved_commit);
  428. }
  429. /* Also setup the SRVs */
  430. test_sr_setup_srv(1);
  431. { /* Now test the vote generation */
  432. smartlist_t *chunks = smartlist_new();
  433. smartlist_t *tokens = smartlist_new();
  434. /* Get our vote line and validate it. */
  435. char *lines = sr_get_string_for_vote();
  436. tt_assert(lines);
  437. /* Split the lines. We expect 2 here. */
  438. ret = smartlist_split_string(chunks, lines, "\n", SPLIT_IGNORE_BLANK, 0);
  439. tt_int_op(ret, ==, 4);
  440. tt_str_op(smartlist_get(chunks, 0), OP_EQ, "shared-rand-participate");
  441. /* Get our commitment line and will validate it agains our commit. The
  442. * format is as follow:
  443. * "shared-rand-commitment" SP version SP algname SP identity
  444. * SP COMMIT [SP REVEAL] NL
  445. */
  446. char *commit_line = smartlist_get(chunks, 1);
  447. tt_assert(commit_line);
  448. ret = smartlist_split_string(tokens, commit_line, " ", 0, 0);
  449. tt_int_op(ret, ==, 6);
  450. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-commit");
  451. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "1");
  452. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  453. crypto_digest_algorithm_get_name(DIGEST_SHA3_256));
  454. char digest[DIGEST_LEN];
  455. base16_decode(digest, sizeof(digest), smartlist_get(tokens, 3),
  456. HEX_DIGEST_LEN);
  457. tt_mem_op(digest, ==, our_commit->rsa_identity, sizeof(digest));
  458. tt_str_op(smartlist_get(tokens, 4), OP_EQ, our_commit->encoded_commit);
  459. tt_str_op(smartlist_get(tokens, 5), OP_EQ, our_commit->encoded_reveal)
  460. ;
  461. /* Finally, does this vote line creates a valid commit object? */
  462. smartlist_t *args = smartlist_new();
  463. smartlist_add(args, smartlist_get(tokens, 1));
  464. smartlist_add(args, smartlist_get(tokens, 2));
  465. smartlist_add(args, smartlist_get(tokens, 3));
  466. smartlist_add(args, smartlist_get(tokens, 4));
  467. smartlist_add(args, smartlist_get(tokens, 5));
  468. sr_commit_t *parsed_commit = sr_parse_commit(args);
  469. tt_assert(parsed_commit);
  470. /* Set valid flag explicitly here to compare since it's not set by
  471. * simply parsing the commit. */
  472. parsed_commit->valid = 1;
  473. tt_mem_op(parsed_commit, ==, our_commit, sizeof(*our_commit));
  474. /* minor cleanup */
  475. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  476. smartlist_clear(tokens);
  477. /* Now test the previous SRV */
  478. char *prev_srv_line = smartlist_get(chunks, 2);
  479. tt_assert(prev_srv_line);
  480. ret = smartlist_split_string(tokens, prev_srv_line, " ", 0, 0);
  481. tt_int_op(ret, ==, 3);
  482. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-previous-value");
  483. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "42");
  484. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  485. "WlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo=");
  486. /* minor cleanup */
  487. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  488. smartlist_clear(tokens);
  489. /* Now test the current SRV */
  490. char *current_srv_line = smartlist_get(chunks, 3);
  491. tt_assert(current_srv_line);
  492. ret = smartlist_split_string(tokens, current_srv_line, " ", 0, 0);
  493. tt_int_op(ret, ==, 3);
  494. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-current-value");
  495. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "128");
  496. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  497. "Tk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk4=");
  498. /* Clean up */
  499. sr_commit_free(parsed_commit);
  500. SMARTLIST_FOREACH(chunks, char *, s, tor_free(s));
  501. smartlist_free(chunks);
  502. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  503. smartlist_free(tokens);
  504. smartlist_clear(args);
  505. smartlist_free(args);
  506. tor_free(lines);
  507. }
  508. done:
  509. sr_commit_free(our_commit);
  510. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  511. }
  512. static const char *sr_state_str = "Version 1\n"
  513. "TorVersion 0.2.9.0-alpha-dev\n"
  514. "ValidAfter 2037-04-19 07:16:00\n"
  515. "ValidUntil 2037-04-20 07:16:00\n"
  516. "Commit 1 sha3-256 FA3CEC2C99DC68D3166B9B6E4FA21A4026C2AB1C "
  517. "7M8GdubCAAdh7WUG0DiwRyxTYRKji7HATa7LLJEZ/UAAAAAAVmfUSg== "
  518. "AAAAAFZn1EojfIheIw42bjK3VqkpYyjsQFSbv/dxNna3Q8hUEPKpOw==\n"
  519. "Commit 1 sha3-256 41E89EDFBFBA44983E21F18F2230A4ECB5BFB543 "
  520. "17aUsYuMeRjd2N1r8yNyg7aHqRa6gf4z7QPoxxAZbp0AAAAAVmfUSg==\n"
  521. "Commit 1 sha3-256 36637026573A04110CF3E6B1D201FB9A98B88734 "
  522. "DDDYtripvdOU+XPEUm5xpU64d9IURSds1xSwQsgeB8oAAAAAVmfUSg==\n"
  523. "SharedRandPreviousValue 4 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=\n"
  524. "SharedRandCurrentValue 3 8dWeW12KEzTGEiLGgO1UVJ7Z91CekoRcxt6Q9KhnOFI=\n";
  525. /** Create an SR disk state, parse it and validate that the parsing went
  526. * well. Yes! */
  527. static void
  528. test_state_load_from_disk(void *arg)
  529. {
  530. int ret;
  531. char *dir = tor_strdup(get_fname("test_sr_state"));
  532. char *sr_state_path = tor_strdup(get_fname("test_sr_state/sr_state"));
  533. sr_state_t *the_sr_state = NULL;
  534. (void) arg;
  535. MOCK(trusteddirserver_get_by_v3_auth_digest,
  536. trusteddirserver_get_by_v3_auth_digest_m);
  537. /* First try with a nonexistent path. */
  538. ret = disk_state_load_from_disk_impl("NONEXISTENTNONEXISTENT");
  539. tt_assert(ret == -ENOENT);
  540. /* Now create a mock state directory and state file */
  541. #ifdef _WIN32
  542. ret = mkdir(dir);
  543. #else
  544. ret = mkdir(dir, 0700);
  545. #endif
  546. tt_assert(ret == 0);
  547. ret = write_str_to_file(sr_state_path, sr_state_str, 0);
  548. tt_assert(ret == 0);
  549. /* Try to load the directory itself. Should fail. */
  550. ret = disk_state_load_from_disk_impl(dir);
  551. tt_int_op(ret, OP_LT, 0);
  552. /* State should be non-existent at this point. */
  553. the_sr_state = get_sr_state();
  554. tt_assert(!the_sr_state);
  555. /* Now try to load the correct file! */
  556. ret = disk_state_load_from_disk_impl(sr_state_path);
  557. tt_assert(ret == 0);
  558. /* Check the content of the state */
  559. /* XXX check more deeply!!! */
  560. the_sr_state = get_sr_state();
  561. tt_assert(the_sr_state);
  562. tt_assert(the_sr_state->version == 1);
  563. tt_assert(digestmap_size(the_sr_state->commits) == 3);
  564. tt_assert(the_sr_state->current_srv);
  565. tt_assert(the_sr_state->current_srv->num_reveals == 3);
  566. tt_assert(the_sr_state->previous_srv);
  567. /* XXX Now also try loading corrupted state files and make sure parsing
  568. fails */
  569. done:
  570. tor_free(dir);
  571. tor_free(sr_state_path);
  572. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  573. }
  574. /** Generate three specially crafted commits (based on the test
  575. * vector at sr_srv_calc_ref.py). Helper of test_sr_compute_srv(). */
  576. static void
  577. test_sr_setup_commits(void)
  578. {
  579. time_t now = time(NULL);
  580. sr_commit_t *commit_a, *commit_b, *commit_c, *commit_d;
  581. sr_commit_t *place_holder = tor_malloc_zero(sizeof(*place_holder));
  582. authority_cert_t *auth_cert = NULL;
  583. { /* Setup a minimal dirauth environment for this test */
  584. or_options_t *options = get_options_mutable();
  585. auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  586. tt_assert(auth_cert);
  587. options->AuthoritativeDir = 1;
  588. tt_int_op(0, ==, load_ed_keys(options, now));
  589. }
  590. /* Generate three dummy commits according to sr_srv_calc_ref.py . Then
  591. register them to the SR state. Also register a fourth commit 'd' with no
  592. reveal info, to make sure that it will get ignored during SRV
  593. calculation. */
  594. { /* Commit from auth 'a' */
  595. commit_a = sr_generate_our_commit(now, auth_cert);
  596. tt_assert(commit_a);
  597. /* Do some surgery on the commit */
  598. memset(commit_a->rsa_identity, 'A', sizeof(commit_a->rsa_identity));
  599. base16_encode(commit_a->rsa_identity_hex,
  600. sizeof(commit_a->rsa_identity_hex), commit_a->rsa_identity,
  601. sizeof(commit_a->rsa_identity));
  602. strlcpy(commit_a->encoded_reveal,
  603. "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
  604. sizeof(commit_a->encoded_reveal));
  605. memcpy(commit_a->hashed_reveal,
  606. "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
  607. sizeof(commit_a->hashed_reveal));
  608. }
  609. { /* Commit from auth 'b' */
  610. commit_b = sr_generate_our_commit(now, auth_cert);
  611. tt_assert(commit_b);
  612. /* Do some surgery on the commit */
  613. memset(commit_b->rsa_identity, 'B', sizeof(commit_b->rsa_identity));
  614. base16_encode(commit_b->rsa_identity_hex,
  615. sizeof(commit_b->rsa_identity_hex), commit_b->rsa_identity,
  616. sizeof(commit_b->rsa_identity));
  617. strlcpy(commit_b->encoded_reveal,
  618. "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
  619. sizeof(commit_b->encoded_reveal));
  620. memcpy(commit_b->hashed_reveal,
  621. "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
  622. sizeof(commit_b->hashed_reveal));
  623. }
  624. { /* Commit from auth 'c' */
  625. commit_c = sr_generate_our_commit(now, auth_cert);
  626. tt_assert(commit_c);
  627. /* Do some surgery on the commit */
  628. memset(commit_c->rsa_identity, 'C', sizeof(commit_c->rsa_identity));
  629. base16_encode(commit_c->rsa_identity_hex,
  630. sizeof(commit_c->rsa_identity_hex), commit_c->rsa_identity,
  631. sizeof(commit_c->rsa_identity));
  632. strlcpy(commit_c->encoded_reveal,
  633. "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
  634. sizeof(commit_c->encoded_reveal));
  635. memcpy(commit_c->hashed_reveal,
  636. "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
  637. sizeof(commit_c->hashed_reveal));
  638. }
  639. { /* Commit from auth 'd' */
  640. commit_d = sr_generate_our_commit(now, auth_cert);
  641. tt_assert(commit_d);
  642. /* Do some surgery on the commit */
  643. memset(commit_d->rsa_identity, 'D', sizeof(commit_d->rsa_identity));
  644. base16_encode(commit_d->rsa_identity_hex,
  645. sizeof(commit_d->rsa_identity_hex), commit_d->rsa_identity,
  646. sizeof(commit_d->rsa_identity));
  647. strlcpy(commit_d->encoded_reveal,
  648. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
  649. sizeof(commit_d->encoded_reveal));
  650. memcpy(commit_d->hashed_reveal,
  651. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
  652. sizeof(commit_d->hashed_reveal));
  653. /* Clean up its reveal info */
  654. memcpy(place_holder, commit_d, sizeof(*place_holder));
  655. memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal));
  656. tt_assert(!commit_has_reveal_value(commit_d));
  657. }
  658. /* Register commits to state (during commit phase) */
  659. set_sr_phase(SR_PHASE_COMMIT);
  660. save_commit_to_state(commit_a);
  661. save_commit_to_state(commit_b);
  662. save_commit_to_state(commit_c);
  663. save_commit_to_state(commit_d);
  664. tt_int_op(digestmap_size(get_sr_state()->commits), ==, 4);
  665. /* Now during REVEAL phase save commit D by restoring its reveal. */
  666. set_sr_phase(SR_PHASE_REVEAL);
  667. save_commit_to_state(place_holder);
  668. tt_str_op(commit_d->encoded_reveal, OP_EQ,
  669. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD");
  670. /* Go back to an empty encoded reveal value. */
  671. memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal));
  672. memset(commit_d->random_number, 0, sizeof(commit_d->random_number));
  673. tt_assert(!commit_has_reveal_value(commit_d));
  674. done:
  675. authority_cert_free(auth_cert);
  676. }
  677. /** Verify that the SRV generation procedure is proper by testing it against
  678. * the test vector from ./sr_srv_calc_ref.py. */
  679. static void
  680. test_sr_compute_srv(void *arg)
  681. {
  682. (void) arg;
  683. const sr_srv_t *current_srv = NULL;
  684. #define SRV_TEST_VECTOR \
  685. "2A9B1D6237DAB312A40F575DA85C147663E7ED3F80E9555395F15B515C74253D"
  686. MOCK(trusteddirserver_get_by_v3_auth_digest,
  687. trusteddirserver_get_by_v3_auth_digest_m);
  688. init_authority_state();
  689. /* Setup the commits for this unittest */
  690. test_sr_setup_commits();
  691. test_sr_setup_srv(0);
  692. /* Now switch to reveal phase */
  693. set_sr_phase(SR_PHASE_REVEAL);
  694. /* Compute the SRV */
  695. sr_compute_srv();
  696. /* Check the result against the test vector */
  697. current_srv = sr_state_get_current_srv();
  698. tt_assert(current_srv);
  699. tt_u64_op(current_srv->num_reveals, ==, 3);
  700. tt_str_op(hex_str((char*)current_srv->value, 32),
  701. ==,
  702. SRV_TEST_VECTOR);
  703. done:
  704. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  705. }
  706. /** Return a minimal vote document with a current SRV value set to
  707. * <b>srv</b>. */
  708. static networkstatus_t *
  709. get_test_vote_with_curr_srv(const char *srv)
  710. {
  711. networkstatus_t *vote = tor_malloc_zero(sizeof(networkstatus_t));
  712. vote->type = NS_TYPE_VOTE;
  713. vote->sr_info.participate = 1;
  714. vote->sr_info.current_srv = tor_malloc_zero(sizeof(sr_srv_t));
  715. vote->sr_info.current_srv->num_reveals = 42;
  716. memcpy(vote->sr_info.current_srv->value,
  717. srv,
  718. sizeof(vote->sr_info.current_srv->value));
  719. return vote;
  720. }
  721. /* Test the function that picks the right SRV given a bunch of votes. Make sure
  722. * that the function returns an SRV iff the majority/agreement requirements are
  723. * met. */
  724. static void
  725. test_sr_get_majority_srv_from_votes(void *arg)
  726. {
  727. sr_srv_t *chosen_srv;
  728. smartlist_t *votes = smartlist_new();
  729. #define SRV_1 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
  730. #define SRV_2 "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
  731. (void) arg;
  732. init_authority_state();
  733. /* Make sure our SRV is fresh so we can consider the super majority with
  734. * the consensus params of number of agreements needed. */
  735. sr_state_set_fresh_srv();
  736. /* The test relies on the dirauth list being initialized. */
  737. clear_dir_servers();
  738. add_default_trusted_dir_authorities(V3_DIRINFO);
  739. { /* Prepare voting environment with just a single vote. */
  740. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  741. smartlist_add(votes, vote);
  742. }
  743. /* Since it's only one vote with an SRV, it should not achieve majority and
  744. hence no SRV will be returned. */
  745. chosen_srv = get_majority_srv_from_votes(votes, 1);
  746. tt_assert(!chosen_srv);
  747. { /* Now put in 8 more votes. Let SRV_1 have majority. */
  748. int i;
  749. /* Now 7 votes believe in SRV_1 */
  750. for (i = 0; i < 3; i++) {
  751. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  752. smartlist_add(votes, vote);
  753. }
  754. /* and 2 votes believe in SRV_2 */
  755. for (i = 0; i < 2; i++) {
  756. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_2);
  757. smartlist_add(votes, vote);
  758. }
  759. for (i = 0; i < 3; i++) {
  760. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  761. smartlist_add(votes, vote);
  762. }
  763. tt_int_op(smartlist_len(votes), ==, 9);
  764. }
  765. /* Now we achieve majority for SRV_1, but not the AuthDirNumSRVAgreements
  766. requirement. So still not picking an SRV. */
  767. set_num_srv_agreements(8);
  768. chosen_srv = get_majority_srv_from_votes(votes, 1);
  769. tt_assert(!chosen_srv);
  770. /* We will now lower the AuthDirNumSRVAgreements requirement by tweaking the
  771. * consensus parameter and we will try again. This time it should work. */
  772. set_num_srv_agreements(7);
  773. chosen_srv = get_majority_srv_from_votes(votes, 1);
  774. tt_assert(chosen_srv);
  775. tt_u64_op(chosen_srv->num_reveals, ==, 42);
  776. tt_mem_op(chosen_srv->value, OP_EQ, SRV_1, sizeof(chosen_srv->value));
  777. done:
  778. SMARTLIST_FOREACH(votes, networkstatus_t *, vote,
  779. networkstatus_vote_free(vote));
  780. smartlist_free(votes);
  781. }
  782. static void
  783. test_utils(void *arg)
  784. {
  785. (void) arg;
  786. /* Testing srv_dup(). */
  787. {
  788. sr_srv_t *srv = NULL, *dup_srv = NULL;
  789. const char *srv_value =
  790. "1BDB7C3E973936E4D13A49F37C859B3DC69C429334CF9412E3FEF6399C52D47A";
  791. srv = tor_malloc_zero(sizeof(*srv));
  792. srv->num_reveals = 42;
  793. memcpy(srv->value, srv_value, sizeof(srv->value));
  794. dup_srv = srv_dup(srv);
  795. tt_assert(dup_srv);
  796. tt_u64_op(dup_srv->num_reveals, ==, srv->num_reveals);
  797. tt_mem_op(dup_srv->value, OP_EQ, srv->value, sizeof(srv->value));
  798. tor_free(srv);
  799. tor_free(dup_srv);
  800. }
  801. /* Testing commitments_are_the_same(). Currently, the check is to test the
  802. * value of the encoded commit so let's make sure that actually works. */
  803. {
  804. /* Payload of 57 bytes that is the length of sr_commit_t->encoded_commit.
  805. * 56 bytes of payload and a NUL terminated byte at the end ('\x00')
  806. * which comes down to SR_COMMIT_BASE64_LEN + 1. */
  807. const char *payload =
  808. "\x5d\xb9\x60\xb6\xcc\x51\x68\x52\x31\xd9\x88\x88\x71\x71\xe0\x30"
  809. "\x59\x55\x7f\xcd\x61\xc0\x4b\x05\xb8\xcd\xc1\x48\xe9\xcd\x16\x1f"
  810. "\x70\x15\x0c\xfc\xd3\x1a\x75\xd0\x93\x6c\xc4\xe0\x5c\xbe\xe2\x18"
  811. "\xc7\xaf\x72\xb6\x7c\x9b\x52\x00";
  812. sr_commit_t commit1, commit2;
  813. memcpy(commit1.encoded_commit, payload, sizeof(commit1.encoded_commit));
  814. memcpy(commit2.encoded_commit, payload, sizeof(commit2.encoded_commit));
  815. tt_int_op(commitments_are_the_same(&commit1, &commit2), ==, 1);
  816. /* Let's corrupt one of them. */
  817. memset(commit1.encoded_commit, 'A', sizeof(commit1.encoded_commit));
  818. tt_int_op(commitments_are_the_same(&commit1, &commit2), ==, 0);
  819. }
  820. /* Testing commit_is_authoritative(). */
  821. {
  822. crypto_pk_t *k = crypto_pk_new();
  823. char digest[DIGEST_LEN];
  824. sr_commit_t commit;
  825. tt_assert(!crypto_pk_generate_key(k));
  826. tt_int_op(0, ==, crypto_pk_get_digest(k, digest));
  827. memcpy(commit.rsa_identity, digest, sizeof(commit.rsa_identity));
  828. tt_int_op(commit_is_authoritative(&commit, digest), ==, 1);
  829. /* Change the pubkey. */
  830. memset(commit.rsa_identity, 0, sizeof(commit.rsa_identity));
  831. tt_int_op(commit_is_authoritative(&commit, digest), ==, 0);
  832. crypto_pk_free(k);
  833. }
  834. /* Testing get_phase_str(). */
  835. {
  836. tt_str_op(get_phase_str(SR_PHASE_REVEAL), ==, "reveal");
  837. tt_str_op(get_phase_str(SR_PHASE_COMMIT), ==, "commit");
  838. }
  839. /* Testing phase transition */
  840. {
  841. init_authority_state();
  842. set_sr_phase(SR_PHASE_COMMIT);
  843. tt_int_op(is_phase_transition(SR_PHASE_REVEAL), ==, 1);
  844. tt_int_op(is_phase_transition(SR_PHASE_COMMIT), ==, 0);
  845. set_sr_phase(SR_PHASE_REVEAL);
  846. tt_int_op(is_phase_transition(SR_PHASE_REVEAL), ==, 0);
  847. tt_int_op(is_phase_transition(SR_PHASE_COMMIT), ==, 1);
  848. /* Junk. */
  849. tt_int_op(is_phase_transition(42), ==, 1);
  850. }
  851. done:
  852. return;
  853. }
  854. static void
  855. test_state_transition(void *arg)
  856. {
  857. sr_state_t *state = NULL;
  858. time_t now = time(NULL);
  859. (void) arg;
  860. { /* Setup a minimal dirauth environment for this test */
  861. init_authority_state();
  862. state = get_sr_state();
  863. tt_assert(state);
  864. }
  865. /* Test our state reset for a new protocol run. */
  866. {
  867. /* Add a commit to the state so we can test if the reset cleans the
  868. * commits. Also, change all params that we expect to be updated. */
  869. sr_commit_t *commit = sr_generate_our_commit(now, mock_cert);
  870. tt_assert(commit);
  871. sr_state_add_commit(commit);
  872. tt_int_op(digestmap_size(state->commits), ==, 1);
  873. /* Let's test our delete feature. */
  874. sr_state_delete_commits();
  875. tt_int_op(digestmap_size(state->commits), ==, 0);
  876. /* Add it back so we can continue the rest of the test because after
  877. * deletiong our commit will be freed so generate a new one. */
  878. commit = sr_generate_our_commit(now, mock_cert);
  879. tt_assert(commit);
  880. sr_state_add_commit(commit);
  881. tt_int_op(digestmap_size(state->commits), ==, 1);
  882. state->n_reveal_rounds = 42;
  883. state->n_commit_rounds = 43;
  884. state->n_protocol_runs = 44;
  885. reset_state_for_new_protocol_run(now);
  886. tt_int_op(state->n_reveal_rounds, ==, 0);
  887. tt_int_op(state->n_commit_rounds, ==, 0);
  888. tt_u64_op(state->n_protocol_runs, ==, 45);
  889. tt_int_op(digestmap_size(state->commits), ==, 0);
  890. }
  891. /* Test SRV rotation in our state. */
  892. {
  893. const sr_srv_t *cur, *prev;
  894. test_sr_setup_srv(1);
  895. cur = sr_state_get_current_srv();
  896. tt_assert(cur);
  897. /* After, current srv should be the previous and then set to NULL. */
  898. state_rotate_srv();
  899. prev = sr_state_get_previous_srv();
  900. tt_assert(prev == cur);
  901. tt_assert(!sr_state_get_current_srv());
  902. sr_state_clean_srvs();
  903. }
  904. /* New protocol run. */
  905. {
  906. const sr_srv_t *cur;
  907. /* Setup some new SRVs so we can confirm that a new protocol run
  908. * actually makes them rotate and compute new ones. */
  909. test_sr_setup_srv(1);
  910. cur = sr_state_get_current_srv();
  911. tt_assert(cur);
  912. set_sr_phase(SR_PHASE_REVEAL);
  913. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  914. new_protocol_run(now);
  915. UNMOCK(get_my_v3_authority_cert);
  916. /* Rotation happened. */
  917. tt_assert(sr_state_get_previous_srv() == cur);
  918. /* We are going into COMMIT phase so we had to rotate our SRVs. Usually
  919. * our current SRV would be NULL but a new protocol run should make us
  920. * compute a new SRV. */
  921. tt_assert(sr_state_get_current_srv());
  922. /* Also, make sure we did change the current. */
  923. tt_assert(sr_state_get_current_srv() != cur);
  924. /* We should have our commitment alone. */
  925. tt_int_op(digestmap_size(state->commits), ==, 1);
  926. tt_int_op(state->n_reveal_rounds, ==, 0);
  927. tt_int_op(state->n_commit_rounds, ==, 0);
  928. /* 46 here since we were at 45 just before. */
  929. tt_u64_op(state->n_protocol_runs, ==, 46);
  930. }
  931. /* Cleanup of SRVs. */
  932. {
  933. sr_state_clean_srvs();
  934. tt_assert(!sr_state_get_current_srv());
  935. tt_assert(!sr_state_get_previous_srv());
  936. }
  937. done:
  938. return;
  939. }
  940. static void
  941. test_keep_commit(void *arg)
  942. {
  943. char fp[FINGERPRINT_LEN + 1];
  944. sr_commit_t *commit = NULL, *dup_commit = NULL;
  945. sr_state_t *state;
  946. time_t now = time(NULL);
  947. crypto_pk_t *k = NULL;
  948. (void) arg;
  949. MOCK(trusteddirserver_get_by_v3_auth_digest,
  950. trusteddirserver_get_by_v3_auth_digest_m);
  951. {
  952. k = pk_generate(1);
  953. /* Setup a minimal dirauth environment for this test */
  954. /* Have a key that is not the one from our commit. */
  955. init_authority_state();
  956. state = get_sr_state();
  957. }
  958. /* Test this very important function that tells us if we should keep a
  959. * commit or not in our state. Most of it depends on the phase and what's
  960. * in the commit so we'll change the commit as we go. */
  961. commit = sr_generate_our_commit(now, mock_cert);
  962. tt_assert(commit);
  963. /* Set us in COMMIT phase for starter. */
  964. set_sr_phase(SR_PHASE_COMMIT);
  965. /* We should never keep a commit from a non authoritative authority. */
  966. tt_int_op(should_keep_commit(commit, fp, SR_PHASE_COMMIT), ==, 0);
  967. /* This should NOT be kept because it has a reveal value in it. */
  968. tt_assert(commit_has_reveal_value(commit));
  969. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  970. SR_PHASE_COMMIT), ==, 0);
  971. /* Add it to the state which should return to not keep it. */
  972. sr_state_add_commit(commit);
  973. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  974. SR_PHASE_COMMIT), ==, 0);
  975. /* Remove it from state so we can continue our testing. */
  976. digestmap_remove(state->commits, commit->rsa_identity);
  977. /* Let's remove our reveal value which should make it OK to keep it. */
  978. memset(commit->encoded_reveal, 0, sizeof(commit->encoded_reveal));
  979. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  980. SR_PHASE_COMMIT), ==, 1);
  981. /* Let's reset our commit and go into REVEAL phase. */
  982. sr_commit_free(commit);
  983. commit = sr_generate_our_commit(now, mock_cert);
  984. tt_assert(commit);
  985. /* Dup the commit so we have one with and one without a reveal value. */
  986. dup_commit = tor_malloc_zero(sizeof(*dup_commit));
  987. memcpy(dup_commit, commit, sizeof(*dup_commit));
  988. memset(dup_commit->encoded_reveal, 0, sizeof(dup_commit->encoded_reveal));
  989. set_sr_phase(SR_PHASE_REVEAL);
  990. /* We should never keep a commit from a non authoritative authority. */
  991. tt_int_op(should_keep_commit(commit, fp, SR_PHASE_REVEAL), ==, 0);
  992. /* We shouldn't accept a commit that is not in our state. */
  993. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  994. SR_PHASE_REVEAL), ==, 0);
  995. /* Important to add the commit _without_ the reveal here. */
  996. sr_state_add_commit(dup_commit);
  997. tt_int_op(digestmap_size(state->commits), ==, 1);
  998. /* Our commit should be valid that is authoritative, contains a reveal, be
  999. * in the state and commitment and reveal values match. */
  1000. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1001. SR_PHASE_REVEAL), ==, 1);
  1002. /* The commit shouldn't be kept if it's not verified that is no matchin
  1003. * hashed reveal. */
  1004. {
  1005. /* Let's save the hash reveal so we can restore it. */
  1006. sr_commit_t place_holder;
  1007. memcpy(place_holder.hashed_reveal, commit->hashed_reveal,
  1008. sizeof(place_holder.hashed_reveal));
  1009. memset(commit->hashed_reveal, 0, sizeof(commit->hashed_reveal));
  1010. setup_full_capture_of_logs(LOG_WARN);
  1011. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1012. SR_PHASE_REVEAL), ==, 0);
  1013. expect_log_msg_containing("doesn't match the commit value.");
  1014. expect_log_msg_containing("has an invalid reveal value.");
  1015. assert_log_predicate(mock_saved_log_n_entries() == 2,
  1016. "expected 2 log entries");
  1017. teardown_capture_of_logs();
  1018. memcpy(commit->hashed_reveal, place_holder.hashed_reveal,
  1019. sizeof(commit->hashed_reveal));
  1020. }
  1021. /* We shouldn't keep a commit that has no reveal. */
  1022. tt_int_op(should_keep_commit(dup_commit, dup_commit->rsa_identity,
  1023. SR_PHASE_REVEAL), ==, 0);
  1024. /* We must not keep a commit that is not the same from the commit phase. */
  1025. memset(commit->encoded_commit, 0, sizeof(commit->encoded_commit));
  1026. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1027. SR_PHASE_REVEAL), ==, 0);
  1028. done:
  1029. teardown_capture_of_logs();
  1030. sr_commit_free(commit);
  1031. sr_commit_free(dup_commit);
  1032. crypto_pk_free(k);
  1033. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  1034. }
  1035. static void
  1036. test_state_update(void *arg)
  1037. {
  1038. time_t commit_phase_time = 1452076000;
  1039. time_t reveal_phase_time = 1452086800;
  1040. sr_state_t *state;
  1041. (void) arg;
  1042. {
  1043. init_authority_state();
  1044. state = get_sr_state();
  1045. set_sr_phase(SR_PHASE_COMMIT);
  1046. /* We'll cheat a bit here and reset the creation time of the state which
  1047. * will avoid us to compute a valid_after time that fits the commit
  1048. * phase. */
  1049. state->valid_after = 0;
  1050. state->n_reveal_rounds = 0;
  1051. state->n_commit_rounds = 0;
  1052. state->n_protocol_runs = 0;
  1053. }
  1054. /* We need to mock for the state update function call. */
  1055. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  1056. /* We are in COMMIT phase here and we'll trigger a state update but no
  1057. * transition. */
  1058. sr_state_update(commit_phase_time);
  1059. tt_int_op(state->valid_after, ==, commit_phase_time);
  1060. tt_int_op(state->n_commit_rounds, ==, 1);
  1061. tt_int_op(state->phase, ==, SR_PHASE_COMMIT);
  1062. tt_int_op(digestmap_size(state->commits), ==, 1);
  1063. /* We are still in the COMMIT phase here but we'll trigger a state
  1064. * transition to the REVEAL phase. */
  1065. sr_state_update(reveal_phase_time);
  1066. tt_int_op(state->phase, ==, SR_PHASE_REVEAL);
  1067. tt_int_op(state->valid_after, ==, reveal_phase_time);
  1068. /* Only our commit should be in there. */
  1069. tt_int_op(digestmap_size(state->commits), ==, 1);
  1070. tt_int_op(state->n_reveal_rounds, ==, 1);
  1071. /* We can't update a state with a valid after _lower_ than the creation
  1072. * time so here it is. */
  1073. sr_state_update(commit_phase_time);
  1074. tt_int_op(state->valid_after, ==, reveal_phase_time);
  1075. /* Finally, let's go back in COMMIT phase so we can test the state update
  1076. * of a new protocol run. */
  1077. state->valid_after = 0;
  1078. sr_state_update(commit_phase_time);
  1079. tt_int_op(state->valid_after, ==, commit_phase_time);
  1080. tt_int_op(state->n_commit_rounds, ==, 1);
  1081. tt_int_op(state->n_reveal_rounds, ==, 0);
  1082. tt_u64_op(state->n_protocol_runs, ==, 1);
  1083. tt_int_op(state->phase, ==, SR_PHASE_COMMIT);
  1084. tt_int_op(digestmap_size(state->commits), ==, 1);
  1085. tt_assert(state->current_srv);
  1086. done:
  1087. sr_state_free();
  1088. UNMOCK(get_my_v3_authority_cert);
  1089. }
  1090. struct testcase_t sr_tests[] = {
  1091. { "get_sr_protocol_phase", test_get_sr_protocol_phase, TT_FORK,
  1092. NULL, NULL },
  1093. { "sr_commit", test_sr_commit, TT_FORK,
  1094. NULL, NULL },
  1095. { "keep_commit", test_keep_commit, TT_FORK,
  1096. NULL, NULL },
  1097. { "encoding", test_encoding, TT_FORK,
  1098. NULL, NULL },
  1099. { "get_next_valid_after_time", test_get_next_valid_after_time, TT_FORK,
  1100. NULL, NULL },
  1101. { "get_state_valid_until_time", test_get_state_valid_until_time, TT_FORK,
  1102. NULL, NULL },
  1103. { "vote", test_vote, TT_FORK,
  1104. NULL, NULL },
  1105. { "state_load_from_disk", test_state_load_from_disk, TT_FORK,
  1106. NULL, NULL },
  1107. { "sr_compute_srv", test_sr_compute_srv, TT_FORK, NULL, NULL },
  1108. { "sr_get_majority_srv_from_votes", test_sr_get_majority_srv_from_votes,
  1109. TT_FORK, NULL, NULL },
  1110. { "utils", test_utils, TT_FORK, NULL, NULL },
  1111. { "state_transition", test_state_transition, TT_FORK, NULL, NULL },
  1112. { "state_update", test_state_update, TT_FORK,
  1113. NULL, NULL },
  1114. END_OF_TESTCASES
  1115. };