test_shared_random.c 44 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292
  1. #define SHARED_RANDOM_PRIVATE
  2. #define SHARED_RANDOM_STATE_PRIVATE
  3. #define CONFIG_PRIVATE
  4. #define DIRVOTE_PRIVATE
  5. #include "or.h"
  6. #include "test.h"
  7. #include "config.h"
  8. #include "dirvote.h"
  9. #include "shared_random.h"
  10. #include "shared_random_state.h"
  11. #include "routerkeys.h"
  12. #include "routerlist.h"
  13. #include "router.h"
  14. #include "routerparse.h"
  15. #include "networkstatus.h"
  16. static authority_cert_t *mock_cert;
  17. static authority_cert_t *
  18. get_my_v3_authority_cert_m(void)
  19. {
  20. tor_assert(mock_cert);
  21. return mock_cert;
  22. }
  23. static dir_server_t ds;
  24. static dir_server_t *
  25. trusteddirserver_get_by_v3_auth_digest_m(const char *digest)
  26. {
  27. (void) digest;
  28. /* The shared random code only need to know if a valid pointer to a dir
  29. * server object has been found so this is safe because it won't use the
  30. * pointer at all never. */
  31. return &ds;
  32. }
  33. /* Setup a minimal dirauth environment by initializing the SR state and
  34. * making sure the options are set to be an authority directory. */
  35. static void
  36. init_authority_state(void)
  37. {
  38. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  39. or_options_t *options = get_options_mutable();
  40. mock_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  41. tt_assert(mock_cert);
  42. options->AuthoritativeDir = 1;
  43. tt_int_op(0, ==, load_ed_keys(options, time(NULL)));
  44. sr_state_init(0, 0);
  45. /* It's possible a commit has been generated in our state depending on
  46. * the phase we are currently in which uses "now" as the starting
  47. * timestamp. Delete it before we do any testing below. */
  48. sr_state_delete_commits();
  49. done:
  50. UNMOCK(get_my_v3_authority_cert);
  51. }
  52. static void
  53. test_get_sr_protocol_phase(void *arg)
  54. {
  55. time_t the_time;
  56. sr_phase_t phase;
  57. int retval;
  58. (void) arg;
  59. /* Initialize SR state */
  60. init_authority_state();
  61. {
  62. retval = parse_rfc1123_time("Wed, 20 Apr 2015 23:59:00 UTC", &the_time);
  63. tt_int_op(retval, ==, 0);
  64. phase = get_sr_protocol_phase(the_time);
  65. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  66. }
  67. {
  68. retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:00 UTC", &the_time);
  69. tt_int_op(retval, ==, 0);
  70. phase = get_sr_protocol_phase(the_time);
  71. tt_int_op(phase, ==, SR_PHASE_COMMIT);
  72. }
  73. {
  74. retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:01 UTC", &the_time);
  75. tt_int_op(retval, ==, 0);
  76. phase = get_sr_protocol_phase(the_time);
  77. tt_int_op(phase, ==, SR_PHASE_COMMIT);
  78. }
  79. {
  80. retval = parse_rfc1123_time("Wed, 20 Apr 2015 11:59:00 UTC", &the_time);
  81. tt_int_op(retval, ==, 0);
  82. phase = get_sr_protocol_phase(the_time);
  83. tt_int_op(phase, ==, SR_PHASE_COMMIT);
  84. }
  85. {
  86. retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:00 UTC", &the_time);
  87. tt_int_op(retval, ==, 0);
  88. phase = get_sr_protocol_phase(the_time);
  89. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  90. }
  91. {
  92. retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:01 UTC", &the_time);
  93. tt_int_op(retval, ==, 0);
  94. phase = get_sr_protocol_phase(the_time);
  95. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  96. }
  97. {
  98. retval = parse_rfc1123_time("Wed, 20 Apr 2015 13:00:00 UTC", &the_time);
  99. tt_int_op(retval, ==, 0);
  100. phase = get_sr_protocol_phase(the_time);
  101. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  102. }
  103. done:
  104. ;
  105. }
  106. static networkstatus_t *mock_consensus = NULL;
  107. static void
  108. test_get_state_valid_until_time(void *arg)
  109. {
  110. time_t current_time;
  111. time_t valid_until_time;
  112. char tbuf[ISO_TIME_LEN + 1];
  113. int retval;
  114. (void) arg;
  115. {
  116. /* Get the valid until time if called at 00:00:01 */
  117. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
  118. &current_time);
  119. tt_int_op(retval, ==, 0);
  120. valid_until_time = get_state_valid_until_time(current_time);
  121. /* Compare it with the correct result */
  122. format_iso_time(tbuf, valid_until_time);
  123. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  124. }
  125. {
  126. retval = parse_rfc1123_time("Mon, 20 Apr 2015 19:22:00 UTC",
  127. &current_time);
  128. tt_int_op(retval, ==, 0);
  129. valid_until_time = get_state_valid_until_time(current_time);
  130. format_iso_time(tbuf, valid_until_time);
  131. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  132. }
  133. {
  134. retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:59:00 UTC",
  135. &current_time);
  136. tt_int_op(retval, ==, 0);
  137. valid_until_time = get_state_valid_until_time(current_time);
  138. format_iso_time(tbuf, valid_until_time);
  139. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  140. }
  141. {
  142. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  143. &current_time);
  144. tt_int_op(retval, ==, 0);
  145. valid_until_time = get_state_valid_until_time(current_time);
  146. format_iso_time(tbuf, valid_until_time);
  147. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  148. }
  149. done:
  150. ;
  151. }
  152. /* Mock function to immediately return our local 'mock_consensus'. */
  153. static networkstatus_t *
  154. mock_networkstatus_get_live_consensus(time_t now)
  155. {
  156. (void) now;
  157. return mock_consensus;
  158. }
  159. /** Test the get_next_valid_after_time() function. */
  160. static void
  161. test_get_next_valid_after_time(void *arg)
  162. {
  163. time_t current_time;
  164. time_t valid_after_time;
  165. char tbuf[ISO_TIME_LEN + 1];
  166. int retval;
  167. (void) arg;
  168. {
  169. /* Setup a fake consensus just to get the times out of it, since
  170. get_next_valid_after_time() needs them. */
  171. mock_consensus = tor_malloc_zero(sizeof(networkstatus_t));
  172. retval = parse_rfc1123_time("Mon, 13 Jan 2016 16:00:00 UTC",
  173. &mock_consensus->fresh_until);
  174. tt_int_op(retval, ==, 0);
  175. retval = parse_rfc1123_time("Mon, 13 Jan 2016 15:00:00 UTC",
  176. &mock_consensus->valid_after);
  177. tt_int_op(retval, ==, 0);
  178. MOCK(networkstatus_get_live_consensus,
  179. mock_networkstatus_get_live_consensus);
  180. }
  181. {
  182. /* Get the valid after time if called at 00:00:00 */
  183. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  184. &current_time);
  185. tt_int_op(retval, ==, 0);
  186. valid_after_time = get_next_valid_after_time(current_time);
  187. /* Compare it with the correct result */
  188. format_iso_time(tbuf, valid_after_time);
  189. tt_str_op("2015-04-20 01:00:00", OP_EQ, tbuf);
  190. }
  191. {
  192. /* Get the valid until time if called at 00:00:01 */
  193. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
  194. &current_time);
  195. tt_int_op(retval, ==, 0);
  196. valid_after_time = get_next_valid_after_time(current_time);
  197. /* Compare it with the correct result */
  198. format_iso_time(tbuf, valid_after_time);
  199. tt_str_op("2015-04-20 01:00:00", OP_EQ, tbuf);
  200. }
  201. {
  202. retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:30:01 UTC",
  203. &current_time);
  204. tt_int_op(retval, ==, 0);
  205. valid_after_time = get_next_valid_after_time(current_time);
  206. /* Compare it with the correct result */
  207. format_iso_time(tbuf, valid_after_time);
  208. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  209. }
  210. done:
  211. networkstatus_vote_free(mock_consensus);
  212. }
  213. /* In this test we are going to generate a sr_commit_t object and validate
  214. * it. We first generate our values, and then we parse them as if they were
  215. * received from the network. After we parse both the commit and the reveal,
  216. * we verify that they indeed match. */
  217. static void
  218. test_sr_commit(void *arg)
  219. {
  220. authority_cert_t *auth_cert = NULL;
  221. time_t now = time(NULL);
  222. sr_commit_t *our_commit = NULL;
  223. smartlist_t *args = smartlist_new();
  224. (void) arg;
  225. MOCK(trusteddirserver_get_by_v3_auth_digest,
  226. trusteddirserver_get_by_v3_auth_digest_m);
  227. { /* Setup a minimal dirauth environment for this test */
  228. or_options_t *options = get_options_mutable();
  229. auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  230. tt_assert(auth_cert);
  231. options->AuthoritativeDir = 1;
  232. tt_int_op(0, ==, load_ed_keys(options, now));
  233. }
  234. /* Generate our commit object and validate it has the appropriate field
  235. * that we can then use to build a representation that we'll find in a
  236. * vote coming from the network. */
  237. {
  238. sr_commit_t test_commit;
  239. our_commit = sr_generate_our_commit(now, auth_cert);
  240. tt_assert(our_commit);
  241. /* Default and only supported algorithm for now. */
  242. tt_assert(our_commit->alg == DIGEST_SHA3_256);
  243. /* We should have a reveal value. */
  244. tt_assert(commit_has_reveal_value(our_commit));
  245. /* We should have a random value. */
  246. tt_assert(!tor_mem_is_zero((char *) our_commit->random_number,
  247. sizeof(our_commit->random_number)));
  248. /* Commit and reveal timestamp should be the same. */
  249. tt_int_op(our_commit->commit_ts, ==, our_commit->reveal_ts);
  250. /* We should have a hashed reveal. */
  251. tt_assert(!tor_mem_is_zero(our_commit->hashed_reveal,
  252. sizeof(our_commit->hashed_reveal)));
  253. /* Do we have a valid encoded commit and reveal. Note the following only
  254. * tests if the generated values are correct. Their could be a bug in
  255. * the decode function but we test them seperately. */
  256. tt_int_op(0, ==, reveal_decode(our_commit->encoded_reveal,
  257. &test_commit));
  258. tt_int_op(0, ==, commit_decode(our_commit->encoded_commit,
  259. &test_commit));
  260. tt_int_op(0, ==, verify_commit_and_reveal(our_commit));
  261. }
  262. /* Let's make sure our verify commit and reveal function works. We'll
  263. * make it fail a bit with known failure case. */
  264. {
  265. /* Copy our commit so we don't alter it for the rest of testing. */
  266. sr_commit_t test_commit;
  267. memcpy(&test_commit, our_commit, sizeof(test_commit));
  268. /* Timestamp MUST match. */
  269. test_commit.commit_ts = test_commit.reveal_ts - 42;
  270. tt_int_op(-1, ==, verify_commit_and_reveal(&test_commit));
  271. memcpy(&test_commit, our_commit, sizeof(test_commit));
  272. tt_int_op(0, ==, verify_commit_and_reveal(&test_commit));
  273. /* Hashed reveal must match the H(encoded_reveal). */
  274. memset(test_commit.hashed_reveal, 'X',
  275. sizeof(test_commit.hashed_reveal));
  276. tt_int_op(-1, ==, verify_commit_and_reveal(&test_commit));
  277. memcpy(&test_commit, our_commit, sizeof(test_commit));
  278. tt_int_op(0, ==, verify_commit_and_reveal(&test_commit));
  279. }
  280. /* We'll build a list of values from our commit that our parsing function
  281. * takes from a vote line and see if we can parse it correctly. */
  282. {
  283. sr_commit_t *parsed_commit;
  284. smartlist_add(args, tor_strdup("1"));
  285. smartlist_add(args,
  286. tor_strdup(crypto_digest_algorithm_get_name(our_commit->alg)));
  287. smartlist_add(args, tor_strdup(sr_commit_get_rsa_fpr(our_commit)));
  288. smartlist_add(args, our_commit->encoded_commit);
  289. smartlist_add(args, our_commit->encoded_reveal);
  290. parsed_commit = sr_parse_commit(args);
  291. tt_assert(parsed_commit);
  292. /* That parsed commit should be _EXACTLY_ like our original commit (we
  293. * have to explicitly set the valid flag though). */
  294. parsed_commit->valid = 1;
  295. tt_mem_op(parsed_commit, OP_EQ, our_commit, sizeof(*parsed_commit));
  296. /* Cleanup */
  297. tor_free(smartlist_get(args, 0)); /* strdup here. */
  298. tor_free(smartlist_get(args, 1)); /* strdup here. */
  299. smartlist_clear(args);
  300. sr_commit_free(parsed_commit);
  301. }
  302. done:
  303. smartlist_free(args);
  304. sr_commit_free(our_commit);
  305. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  306. }
  307. /* Test the encoding and decoding function for commit and reveal values. */
  308. static void
  309. test_encoding(void *arg)
  310. {
  311. (void) arg;
  312. int ret, duper_rand = 42;
  313. /* Random number is 32 bytes. */
  314. char raw_rand[32];
  315. time_t ts = 1454333590;
  316. char hashed_rand[DIGEST256_LEN], hashed_reveal[DIGEST256_LEN];
  317. sr_commit_t parsed_commit;
  318. /* Encoded commit is: base64-encode( 1454333590 || H(H(42)) ). Remember
  319. * that we do no expose the raw bytes of our PRNG to the network thus
  320. * explaining the double H(). */
  321. static const char *encoded_commit =
  322. "AAAAAFavXpZbx2LRneYFSLPCP8DLp9BXfeH5FXzbkxM4iRXKGeA54g==";
  323. /* Encoded reveal is: base64-encode( 1454333590 || H(42) ). */
  324. static const char *encoded_reveal =
  325. "AAAAAFavXpYk9x9kTjiQWUqjHwSAEOdPAfCaurXgjPy173SzYjeC2g==";
  326. /* Set up our raw random bytes array. */
  327. memset(raw_rand, 0, sizeof(raw_rand));
  328. memcpy(raw_rand, &duper_rand, sizeof(duper_rand));
  329. /* Hash random number. */
  330. ret = crypto_digest256(hashed_rand, raw_rand,
  331. sizeof(raw_rand), SR_DIGEST_ALG);
  332. tt_int_op(0, ==, ret);
  333. /* Hash reveal value. */
  334. tt_int_op(SR_REVEAL_BASE64_LEN, ==, strlen(encoded_reveal));
  335. ret = crypto_digest256(hashed_reveal, encoded_reveal,
  336. strlen(encoded_reveal), SR_DIGEST_ALG);
  337. tt_int_op(0, ==, ret);
  338. tt_int_op(SR_COMMIT_BASE64_LEN, ==, strlen(encoded_commit));
  339. /* Test our commit/reveal decode functions. */
  340. {
  341. /* Test the reveal encoded value. */
  342. tt_int_op(0, ==, reveal_decode(encoded_reveal, &parsed_commit));
  343. tt_uint_op(ts, ==, parsed_commit.reveal_ts);
  344. tt_mem_op(hashed_rand, OP_EQ, parsed_commit.random_number,
  345. sizeof(hashed_rand));
  346. /* Test the commit encoded value. */
  347. memset(&parsed_commit, 0, sizeof(parsed_commit));
  348. tt_int_op(0, ==, commit_decode(encoded_commit, &parsed_commit));
  349. tt_uint_op(ts, ==, parsed_commit.commit_ts);
  350. tt_mem_op(encoded_commit, OP_EQ, parsed_commit.encoded_commit,
  351. sizeof(parsed_commit.encoded_commit));
  352. tt_mem_op(hashed_reveal, OP_EQ, parsed_commit.hashed_reveal,
  353. sizeof(hashed_reveal));
  354. }
  355. /* Test our commit/reveal encode functions. */
  356. {
  357. /* Test the reveal encode. */
  358. char encoded[SR_REVEAL_BASE64_LEN + 1];
  359. parsed_commit.reveal_ts = ts;
  360. memcpy(parsed_commit.random_number, hashed_rand,
  361. sizeof(parsed_commit.random_number));
  362. ret = reveal_encode(&parsed_commit, encoded, sizeof(encoded));
  363. tt_int_op(SR_REVEAL_BASE64_LEN, ==, ret);
  364. tt_mem_op(encoded_reveal, OP_EQ, encoded, strlen(encoded_reveal));
  365. }
  366. {
  367. /* Test the commit encode. */
  368. char encoded[SR_COMMIT_BASE64_LEN + 1];
  369. parsed_commit.commit_ts = ts;
  370. memcpy(parsed_commit.hashed_reveal, hashed_reveal,
  371. sizeof(parsed_commit.hashed_reveal));
  372. ret = commit_encode(&parsed_commit, encoded, sizeof(encoded));
  373. tt_int_op(SR_COMMIT_BASE64_LEN, ==, ret);
  374. tt_mem_op(encoded_commit, OP_EQ, encoded, strlen(encoded_commit));
  375. }
  376. done:
  377. ;
  378. }
  379. /** Setup some SRVs in our SR state. If <b>also_current</b> is set, then set
  380. * both current and previous SRVs.
  381. * Helper of test_vote() and test_sr_compute_srv(). */
  382. static void
  383. test_sr_setup_srv(int also_current)
  384. {
  385. sr_srv_t *srv = tor_malloc_zero(sizeof(sr_srv_t));
  386. srv->num_reveals = 42;
  387. memcpy(srv->value,
  388. "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
  389. sizeof(srv->value));
  390. sr_state_set_previous_srv(srv);
  391. if (also_current) {
  392. srv = tor_malloc_zero(sizeof(sr_srv_t));
  393. srv->num_reveals = 128;
  394. memcpy(srv->value,
  395. "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN",
  396. sizeof(srv->value));
  397. sr_state_set_current_srv(srv);
  398. }
  399. }
  400. /* Test anything that has to do with SR protocol and vote. */
  401. static void
  402. test_vote(void *arg)
  403. {
  404. int ret;
  405. time_t now = time(NULL);
  406. sr_commit_t *our_commit = NULL;
  407. (void) arg;
  408. MOCK(trusteddirserver_get_by_v3_auth_digest,
  409. trusteddirserver_get_by_v3_auth_digest_m);
  410. { /* Setup a minimal dirauth environment for this test */
  411. init_authority_state();
  412. /* Set ourself in reveal phase so we can parse the reveal value in the
  413. * vote as well. */
  414. set_sr_phase(SR_PHASE_REVEAL);
  415. }
  416. /* Generate our commit object and validate it has the appropriate field
  417. * that we can then use to build a representation that we'll find in a
  418. * vote coming from the network. */
  419. {
  420. sr_commit_t *saved_commit;
  421. our_commit = sr_generate_our_commit(now, mock_cert);
  422. tt_assert(our_commit);
  423. sr_state_add_commit(our_commit);
  424. /* Make sure it's there. */
  425. saved_commit = sr_state_get_commit(our_commit->rsa_identity);
  426. tt_assert(saved_commit);
  427. }
  428. /* Also setup the SRVs */
  429. test_sr_setup_srv(1);
  430. { /* Now test the vote generation */
  431. smartlist_t *chunks = smartlist_new();
  432. smartlist_t *tokens = smartlist_new();
  433. /* Get our vote line and validate it. */
  434. char *lines = sr_get_string_for_vote();
  435. tt_assert(lines);
  436. /* Split the lines. We expect 2 here. */
  437. ret = smartlist_split_string(chunks, lines, "\n", SPLIT_IGNORE_BLANK, 0);
  438. tt_int_op(ret, ==, 4);
  439. tt_str_op(smartlist_get(chunks, 0), OP_EQ, "shared-rand-participate");
  440. /* Get our commitment line and will validate it agains our commit. The
  441. * format is as follow:
  442. * "shared-rand-commitment" SP version SP algname SP identity
  443. * SP COMMIT [SP REVEAL] NL
  444. */
  445. char *commit_line = smartlist_get(chunks, 1);
  446. tt_assert(commit_line);
  447. ret = smartlist_split_string(tokens, commit_line, " ", 0, 0);
  448. tt_int_op(ret, ==, 6);
  449. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-commit");
  450. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "1");
  451. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  452. crypto_digest_algorithm_get_name(DIGEST_SHA3_256));
  453. char digest[DIGEST_LEN];
  454. base16_decode(digest, sizeof(digest), smartlist_get(tokens, 3),
  455. HEX_DIGEST_LEN);
  456. tt_mem_op(digest, ==, our_commit->rsa_identity, sizeof(digest));
  457. tt_str_op(smartlist_get(tokens, 4), OP_EQ, our_commit->encoded_commit);
  458. tt_str_op(smartlist_get(tokens, 5), OP_EQ, our_commit->encoded_reveal);
  459. /* Finally, does this vote line creates a valid commit object? */
  460. smartlist_t *args = smartlist_new();
  461. smartlist_add(args, smartlist_get(tokens, 1));
  462. smartlist_add(args, smartlist_get(tokens, 2));
  463. smartlist_add(args, smartlist_get(tokens, 3));
  464. smartlist_add(args, smartlist_get(tokens, 4));
  465. smartlist_add(args, smartlist_get(tokens, 5));
  466. sr_commit_t *parsed_commit = sr_parse_commit(args);
  467. tt_assert(parsed_commit);
  468. /* Set valid flag explicitly here to compare since it's not set by
  469. * simply parsing the commit. */
  470. parsed_commit->valid = 1;
  471. tt_mem_op(parsed_commit, ==, our_commit, sizeof(*our_commit));
  472. /* minor cleanup */
  473. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  474. smartlist_clear(tokens);
  475. /* Now test the previous SRV */
  476. char *prev_srv_line = smartlist_get(chunks, 2);
  477. tt_assert(prev_srv_line);
  478. ret = smartlist_split_string(tokens, prev_srv_line, " ", 0, 0);
  479. tt_int_op(ret, ==, 3);
  480. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-previous-value");
  481. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "42");
  482. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  483. "WlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo=");
  484. /* minor cleanup */
  485. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  486. smartlist_clear(tokens);
  487. /* Now test the current SRV */
  488. char *current_srv_line = smartlist_get(chunks, 3);
  489. tt_assert(current_srv_line);
  490. ret = smartlist_split_string(tokens, current_srv_line, " ", 0, 0);
  491. tt_int_op(ret, ==, 3);
  492. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-current-value");
  493. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "128");
  494. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  495. "Tk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk4=");
  496. /* Clean up */
  497. sr_commit_free(parsed_commit);
  498. SMARTLIST_FOREACH(chunks, char *, s, tor_free(s));
  499. smartlist_free(chunks);
  500. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  501. smartlist_free(tokens);
  502. smartlist_clear(args);
  503. smartlist_free(args);
  504. }
  505. done:
  506. sr_commit_free(our_commit);
  507. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  508. }
  509. const char *sr_state_str = "Version 1\n"
  510. "TorVersion 0.2.9.0-alpha-dev\n"
  511. "ValidAfter 2037-04-19 07:16:00\n"
  512. "ValidUntil 2037-04-20 07:16:00\n"
  513. "Commit 1 sha3-256 FA3CEC2C99DC68D3166B9B6E4FA21A4026C2AB1C "
  514. "7M8GdubCAAdh7WUG0DiwRyxTYRKji7HATa7LLJEZ/UAAAAAAVmfUSg== "
  515. "AAAAAFZn1EojfIheIw42bjK3VqkpYyjsQFSbv/dxNna3Q8hUEPKpOw==\n"
  516. "Commit 1 sha3-256 41E89EDFBFBA44983E21F18F2230A4ECB5BFB543 "
  517. "17aUsYuMeRjd2N1r8yNyg7aHqRa6gf4z7QPoxxAZbp0AAAAAVmfUSg==\n"
  518. "Commit 1 sha3-256 36637026573A04110CF3E6B1D201FB9A98B88734 "
  519. "DDDYtripvdOU+XPEUm5xpU64d9IURSds1xSwQsgeB8oAAAAAVmfUSg==\n"
  520. "SharedRandPreviousValue 4 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=\n"
  521. "SharedRandCurrentValue 3 8dWeW12KEzTGEiLGgO1UVJ7Z91CekoRcxt6Q9KhnOFI=\n";
  522. /** Create an SR disk state, parse it and validate that the parsing went
  523. * well. Yes! */
  524. static void
  525. test_state_load_from_disk(void *arg)
  526. {
  527. int ret;
  528. char *dir = tor_strdup(get_fname("test_sr_state"));
  529. char *sr_state_path = tor_strdup(get_fname("test_sr_state/sr_state"));
  530. sr_state_t *the_sr_state = NULL;
  531. (void) arg;
  532. MOCK(trusteddirserver_get_by_v3_auth_digest,
  533. trusteddirserver_get_by_v3_auth_digest_m);
  534. /* First try with a nonexistent path. */
  535. ret = disk_state_load_from_disk_impl("NONEXISTENTNONEXISTENT");
  536. tt_assert(ret == -ENOENT);
  537. /* Now create a mock state directory and state file */
  538. #ifdef _WIN32
  539. ret = mkdir(dir);
  540. #else
  541. ret = mkdir(dir, 0700);
  542. #endif
  543. tt_assert(ret == 0);
  544. ret = write_str_to_file(sr_state_path, sr_state_str, 0);
  545. tt_assert(ret == 0);
  546. /* Try to load the directory itself. Should fail. */
  547. ret = disk_state_load_from_disk_impl(dir);
  548. tt_assert(ret == -EISDIR);
  549. /* State should be non-existent at this point. */
  550. the_sr_state = get_sr_state();
  551. tt_assert(!the_sr_state);
  552. /* Now try to load the correct file! */
  553. ret = disk_state_load_from_disk_impl(sr_state_path);
  554. tt_assert(ret == 0);
  555. /* Check the content of the state */
  556. /* XXX check more deeply!!! */
  557. the_sr_state = get_sr_state();
  558. tt_assert(the_sr_state);
  559. tt_assert(the_sr_state->version == 1);
  560. tt_assert(digestmap_size(the_sr_state->commits) == 3);
  561. tt_assert(the_sr_state->current_srv);
  562. tt_assert(the_sr_state->current_srv->num_reveals == 3);
  563. tt_assert(the_sr_state->previous_srv);
  564. /* XXX Now also try loading corrupted state files and make sure parsing
  565. fails */
  566. done:
  567. tor_free(dir);
  568. tor_free(sr_state_path);
  569. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  570. }
  571. /** Generate three specially crafted commits (based on the test
  572. * vector at sr_srv_calc_ref.py). Helper of test_sr_compute_srv(). */
  573. static void
  574. test_sr_setup_commits(void)
  575. {
  576. time_t now = time(NULL);
  577. sr_commit_t *commit_a, *commit_b, *commit_c, *commit_d;
  578. sr_commit_t *place_holder = tor_malloc_zero(sizeof(*place_holder));
  579. authority_cert_t *auth_cert = NULL;
  580. { /* Setup a minimal dirauth environment for this test */
  581. or_options_t *options = get_options_mutable();
  582. auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  583. tt_assert(auth_cert);
  584. options->AuthoritativeDir = 1;
  585. tt_int_op(0, ==, load_ed_keys(options, now));
  586. }
  587. /* Generate three dummy commits according to sr_srv_calc_ref.py . Then
  588. register them to the SR state. Also register a fourth commit 'd' with no
  589. reveal info, to make sure that it will get ignored during SRV
  590. calculation. */
  591. { /* Commit from auth 'a' */
  592. commit_a = sr_generate_our_commit(now, auth_cert);
  593. tt_assert(commit_a);
  594. /* Do some surgery on the commit */
  595. memset(commit_a->rsa_identity, 'A', sizeof(commit_a->rsa_identity));
  596. strlcpy(commit_a->encoded_reveal,
  597. "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
  598. sizeof(commit_a->encoded_reveal));
  599. memcpy(commit_a->hashed_reveal,
  600. "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
  601. sizeof(commit_a->hashed_reveal));
  602. }
  603. { /* Commit from auth 'b' */
  604. commit_b = sr_generate_our_commit(now, auth_cert);
  605. tt_assert(commit_b);
  606. /* Do some surgery on the commit */
  607. memset(commit_b->rsa_identity, 'B', sizeof(commit_b->rsa_identity));
  608. strlcpy(commit_b->encoded_reveal,
  609. "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
  610. sizeof(commit_b->encoded_reveal));
  611. memcpy(commit_b->hashed_reveal,
  612. "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
  613. sizeof(commit_b->hashed_reveal));
  614. }
  615. { /* Commit from auth 'c' */
  616. commit_c = sr_generate_our_commit(now, auth_cert);
  617. tt_assert(commit_c);
  618. /* Do some surgery on the commit */
  619. memset(commit_c->rsa_identity, 'C', sizeof(commit_c->rsa_identity));
  620. strlcpy(commit_c->encoded_reveal,
  621. "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
  622. sizeof(commit_c->encoded_reveal));
  623. memcpy(commit_c->hashed_reveal,
  624. "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
  625. sizeof(commit_c->hashed_reveal));
  626. }
  627. { /* Commit from auth 'd' */
  628. commit_d = sr_generate_our_commit(now, auth_cert);
  629. tt_assert(commit_d);
  630. /* Do some surgery on the commit */
  631. memset(commit_d->rsa_identity, 'D', sizeof(commit_d->rsa_identity));
  632. strlcpy(commit_d->encoded_reveal,
  633. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
  634. sizeof(commit_d->encoded_reveal));
  635. memcpy(commit_d->hashed_reveal,
  636. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
  637. sizeof(commit_d->hashed_reveal));
  638. /* Clean up its reveal info */
  639. memcpy(place_holder, commit_d, sizeof(*place_holder));
  640. memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal));
  641. tt_assert(!commit_has_reveal_value(commit_d));
  642. }
  643. /* Register commits to state (during commit phase) */
  644. set_sr_phase(SR_PHASE_COMMIT);
  645. save_commit_to_state(commit_a);
  646. save_commit_to_state(commit_b);
  647. save_commit_to_state(commit_c);
  648. save_commit_to_state(commit_d);
  649. tt_int_op(digestmap_size(get_sr_state()->commits), ==, 4);
  650. /* Now during REVEAL phase save commit D by restoring its reveal. */
  651. set_sr_phase(SR_PHASE_REVEAL);
  652. save_commit_to_state(place_holder);
  653. tt_str_op(commit_d->encoded_reveal, OP_EQ,
  654. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD");
  655. /* Go back to an empty encoded reveal value. */
  656. memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal));
  657. memset(commit_d->random_number, 0, sizeof(commit_d->random_number));
  658. tt_assert(!commit_has_reveal_value(commit_d));
  659. done:
  660. return;
  661. }
  662. /** Verify that the SRV generation procedure is proper by testing it against
  663. * the test vector from ./sr_srv_calc_ref.py. */
  664. static void
  665. test_sr_compute_srv(void *arg)
  666. {
  667. (void) arg;
  668. sr_srv_t *current_srv = NULL;
  669. #define SRV_TEST_VECTOR \
  670. "2A9B1D6237DAB312A40F575DA85C147663E7ED3F80E9555395F15B515C74253D"
  671. MOCK(trusteddirserver_get_by_v3_auth_digest,
  672. trusteddirserver_get_by_v3_auth_digest_m);
  673. MOCK(trusteddirserver_get_by_v3_auth_digest,
  674. trusteddirserver_get_by_v3_auth_digest_m);
  675. init_authority_state();
  676. /* Setup the commits for this unittest */
  677. test_sr_setup_commits();
  678. test_sr_setup_srv(0);
  679. /* Now switch to reveal phase */
  680. set_sr_phase(SR_PHASE_REVEAL);
  681. /* Compute the SRV */
  682. sr_compute_srv();
  683. /* Check the result against the test vector */
  684. current_srv = sr_state_get_current_srv();
  685. tt_assert(current_srv);
  686. tt_int_op(current_srv->num_reveals, ==, 3);
  687. tt_str_op(hex_str((char*)current_srv->value, 32),
  688. ==,
  689. SRV_TEST_VECTOR);
  690. done:
  691. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  692. }
  693. /** Return a minimal vote document with a current SRV value set to
  694. * <b>srv</b>. */
  695. static networkstatus_t *
  696. get_test_vote_with_curr_srv(const char *srv)
  697. {
  698. networkstatus_t *vote = tor_malloc_zero(sizeof(networkstatus_t));
  699. vote->type = NS_TYPE_VOTE;
  700. vote->sr_info.participate = 1;
  701. vote->sr_info.current_srv = tor_malloc_zero(sizeof(sr_srv_t));
  702. vote->sr_info.current_srv->num_reveals = 42;
  703. memcpy(vote->sr_info.current_srv->value,
  704. srv,
  705. sizeof(vote->sr_info.current_srv->value));
  706. return vote;
  707. }
  708. /* Mock function to return the value located in the options instead of the
  709. * consensus so we can modify it at will. */
  710. static networkstatus_t *
  711. mock_networkstatus_get_latest_consensus(void)
  712. {
  713. return mock_consensus;
  714. }
  715. /* Test the function that picks the right SRV given a bunch of votes. Make sure
  716. * that the function returns an SRV iff the majority/agreement requirements are
  717. * met. */
  718. static void
  719. test_sr_get_majority_srv_from_votes(void *arg)
  720. {
  721. sr_srv_t *chosen_srv;
  722. smartlist_t *votes = smartlist_new();
  723. #define SRV_1 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
  724. #define SRV_2 "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
  725. (void) arg;
  726. init_authority_state();
  727. /* Make sure our SRV is fresh so we can consider the super majority with
  728. * the consensus params of number of agreements needed. */
  729. sr_state_set_fresh_srv();
  730. /* The test relies on the dirauth list being initialized. */
  731. clear_dir_servers();
  732. add_default_trusted_dir_authorities(V3_DIRINFO);
  733. tt_int_op(get_n_authorities(V3_DIRINFO), ==, 9);
  734. { /* Prepare voting environment with just a single vote. */
  735. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  736. smartlist_add(votes, vote);
  737. }
  738. /* Since it's only one vote with an SRV, it should not achieve majority and
  739. hence no SRV will be returned. */
  740. chosen_srv = get_majority_srv_from_votes(votes, 1);
  741. tt_assert(!chosen_srv);
  742. { /* Now put in 8 more votes. Let SRV_1 have majority. */
  743. int i;
  744. /* Now 7 votes believe in SRV_1 */
  745. for (i = 0; i < 3; i++) {
  746. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  747. smartlist_add(votes, vote);
  748. }
  749. /* and 2 votes believe in SRV_2 */
  750. for (i = 0; i < 2; i++) {
  751. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_2);
  752. smartlist_add(votes, vote);
  753. }
  754. for (i = 0; i < 3; i++) {
  755. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  756. smartlist_add(votes, vote);
  757. }
  758. tt_int_op(smartlist_len(votes), ==, 9);
  759. }
  760. /* Now we achieve majority for SRV_1, but not the AuthDirNumSRVAgreements
  761. requirement. So still not picking an SRV. */
  762. chosen_srv = get_majority_srv_from_votes(votes, 1);
  763. tt_assert(!chosen_srv);
  764. /* We will now lower the AuthDirNumSRVAgreements requirement by tweaking the
  765. * consensus parameter and we will try again. This time it should work. */
  766. {
  767. char *my_net_params;
  768. /* Set a dummy consensus parameter in every vote */
  769. SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, vote) {
  770. vote->net_params = smartlist_new();
  771. smartlist_split_string(vote->net_params,
  772. "AuthDirNumSRVAgreements=7", NULL, 0, 0);
  773. } SMARTLIST_FOREACH_END(vote);
  774. /* Pretend you are making a consensus out of the votes */
  775. mock_consensus = tor_malloc_zero(sizeof(networkstatus_t));
  776. mock_consensus->net_params = smartlist_new();
  777. my_net_params = dirvote_compute_params(votes, 66, smartlist_len(votes));
  778. smartlist_split_string(mock_consensus->net_params, my_net_params, " ",
  779. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
  780. }
  781. /* Use our fake consensus for finding consensus parameters. */
  782. MOCK(networkstatus_get_latest_consensus,
  783. mock_networkstatus_get_latest_consensus);
  784. chosen_srv = get_majority_srv_from_votes(votes, 1);
  785. tt_assert(chosen_srv);
  786. tt_int_op(chosen_srv->num_reveals, ==, 42);
  787. tt_mem_op(chosen_srv->value, OP_EQ, SRV_1, sizeof(chosen_srv->value));
  788. done:
  789. SMARTLIST_FOREACH(votes, networkstatus_t *, vote,
  790. networkstatus_vote_free(vote));
  791. smartlist_free(votes);
  792. networkstatus_vote_free(mock_consensus);
  793. UNMOCK(networkstatus_get_latest_consensus);
  794. }
  795. static void
  796. test_utils(void *arg)
  797. {
  798. (void) arg;
  799. /* Testing srv_dup(). */
  800. {
  801. sr_srv_t *srv = NULL, *dup_srv = NULL;
  802. const char *srv_value =
  803. "1BDB7C3E973936E4D13A49F37C859B3DC69C429334CF9412E3FEF6399C52D47A";
  804. srv = tor_malloc_zero(sizeof(*srv));
  805. srv->num_reveals = 42;
  806. memcpy(srv->value, srv_value, sizeof(srv->value));
  807. dup_srv = srv_dup(srv);
  808. tt_assert(dup_srv);
  809. tt_int_op(dup_srv->num_reveals, ==, srv->num_reveals);
  810. tt_mem_op(dup_srv->value, OP_EQ, srv->value, sizeof(srv->value));
  811. tor_free(srv);
  812. tor_free(dup_srv);
  813. }
  814. /* Testing commitments_are_the_same(). Currently, the check is to test the
  815. * value of the encoded commit so let's make sure that actually works. */
  816. {
  817. /* Payload of 55 bytes that is the length of
  818. * sr_commit_t->encoded_commit. */
  819. const char *payload =
  820. "\x5d\xb9\x60\xb6\xcc\x51\x68\x52\x31\xd9\x88\x88\x71\x71\xe0\x30"
  821. "\x59\x55\x7f\xcd\x61\xc0\x4b\x05\xb8\xcd\xc1\x48\xe9\xcd\x16\x1f"
  822. "\x70\x15\x0c\xfc\xd3\x1a\x75\xd0\x93\x6c\xc4\xe0\x5c\xbe\xe2\x18"
  823. "\xc7\xaf\x72\xb6\x7c\x9b\x52";
  824. sr_commit_t commit1, commit2;
  825. memcpy(commit1.encoded_commit, payload, sizeof(commit1.encoded_commit));
  826. memcpy(commit2.encoded_commit, payload, sizeof(commit2.encoded_commit));
  827. tt_int_op(commitments_are_the_same(&commit1, &commit2), ==, 1);
  828. /* Let's corrupt one of them. */
  829. memset(commit1.encoded_commit, 'A', sizeof(commit1.encoded_commit));
  830. tt_int_op(commitments_are_the_same(&commit1, &commit2), ==, 0);
  831. }
  832. /* Testing commit_is_authoritative(). */
  833. {
  834. crypto_pk_t *k = crypto_pk_new();
  835. char digest[DIGEST_LEN];
  836. sr_commit_t commit;
  837. tt_assert(!crypto_pk_generate_key(k));
  838. tt_int_op(0, ==, crypto_pk_get_digest(k, digest));
  839. memcpy(commit.rsa_identity, digest, sizeof(commit.rsa_identity));
  840. tt_int_op(commit_is_authoritative(&commit, digest), ==, 1);
  841. /* Change the pubkey. */
  842. memset(commit.rsa_identity, 0, sizeof(commit.rsa_identity));
  843. tt_int_op(commit_is_authoritative(&commit, digest), ==, 0);
  844. }
  845. /* Testing get_phase_str(). */
  846. {
  847. tt_str_op(get_phase_str(SR_PHASE_REVEAL), ==, "reveal");
  848. tt_str_op(get_phase_str(SR_PHASE_COMMIT), ==, "commit");
  849. }
  850. /* Testing phase transition */
  851. {
  852. init_authority_state();
  853. set_sr_phase(SR_PHASE_COMMIT);
  854. tt_int_op(is_phase_transition(SR_PHASE_REVEAL), ==, 1);
  855. tt_int_op(is_phase_transition(SR_PHASE_COMMIT), ==, 0);
  856. set_sr_phase(SR_PHASE_REVEAL);
  857. tt_int_op(is_phase_transition(SR_PHASE_REVEAL), ==, 0);
  858. tt_int_op(is_phase_transition(SR_PHASE_COMMIT), ==, 1);
  859. /* Junk. */
  860. tt_int_op(is_phase_transition(42), ==, 1);
  861. }
  862. done:
  863. return;
  864. }
  865. static void
  866. test_state_transition(void *arg)
  867. {
  868. sr_state_t *state = NULL;
  869. time_t now = time(NULL);
  870. (void) arg;
  871. { /* Setup a minimal dirauth environment for this test */
  872. init_authority_state();
  873. state = get_sr_state();
  874. tt_assert(state);
  875. }
  876. /* Test our state reset for a new protocol run. */
  877. {
  878. /* Add a commit to the state so we can test if the reset cleans the
  879. * commits. Also, change all params that we expect to be updated. */
  880. sr_commit_t *commit = sr_generate_our_commit(now, mock_cert);
  881. tt_assert(commit);
  882. sr_state_add_commit(commit);
  883. tt_int_op(digestmap_size(state->commits), ==, 1);
  884. /* Let's test our delete feature. */
  885. sr_state_delete_commits();
  886. tt_int_op(digestmap_size(state->commits), ==, 0);
  887. /* Add it back so we can continue the rest of the test because after
  888. * deletiong our commit will be freed so generate a new one. */
  889. commit = sr_generate_our_commit(now, mock_cert);
  890. tt_assert(commit);
  891. sr_state_add_commit(commit);
  892. tt_int_op(digestmap_size(state->commits), ==, 1);
  893. state->n_reveal_rounds = 42;
  894. state->n_commit_rounds = 43;
  895. state->n_protocol_runs = 44;
  896. reset_state_for_new_protocol_run(now);
  897. tt_int_op(state->n_reveal_rounds, ==, 0);
  898. tt_int_op(state->n_commit_rounds, ==, 0);
  899. tt_u64_op(state->n_protocol_runs, ==, 45);
  900. tt_int_op(digestmap_size(state->commits), ==, 0);
  901. }
  902. /* Test SRV rotation in our state. */
  903. {
  904. sr_srv_t *cur, *prev;
  905. test_sr_setup_srv(1);
  906. cur = sr_state_get_current_srv();
  907. tt_assert(cur);
  908. /* After, current srv should be the previous and then set to NULL. */
  909. state_rotate_srv();
  910. prev = sr_state_get_previous_srv();
  911. tt_assert(prev == cur);
  912. tt_assert(!sr_state_get_current_srv());
  913. }
  914. /* New protocol run. */
  915. {
  916. sr_srv_t *cur;
  917. /* Setup some new SRVs so we can confirm that a new protocol run
  918. * actually makes them rotate and compute new ones. */
  919. test_sr_setup_srv(1);
  920. cur = sr_state_get_current_srv();
  921. tt_assert(cur);
  922. set_sr_phase(SR_PHASE_REVEAL);
  923. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  924. new_protocol_run(now);
  925. UNMOCK(get_my_v3_authority_cert);
  926. /* Rotation happened. */
  927. tt_assert(sr_state_get_previous_srv() == cur);
  928. /* We are going into COMMIT phase so we had to rotate our SRVs. Usually
  929. * our current SRV would be NULL but a new protocol run should make us
  930. * compute a new SRV. */
  931. tt_assert(sr_state_get_current_srv());
  932. /* Also, make sure we did change the current. */
  933. tt_assert(sr_state_get_current_srv() != cur);
  934. /* We should have our commitment alone. */
  935. tt_int_op(digestmap_size(state->commits), ==, 1);
  936. tt_int_op(state->n_reveal_rounds, ==, 0);
  937. tt_int_op(state->n_commit_rounds, ==, 0);
  938. /* 46 here since we were at 45 just before. */
  939. tt_u64_op(state->n_protocol_runs, ==, 46);
  940. }
  941. /* Cleanup of SRVs. */
  942. {
  943. sr_state_clean_srvs();
  944. tt_assert(!sr_state_get_current_srv());
  945. tt_assert(!sr_state_get_previous_srv());
  946. }
  947. done:
  948. return;
  949. }
  950. static void
  951. test_keep_commit(void *arg)
  952. {
  953. char fp[FINGERPRINT_LEN + 1];
  954. sr_commit_t *commit = NULL, *dup_commit = NULL;
  955. sr_state_t *state;
  956. time_t now = time(NULL);
  957. (void) arg;
  958. { /* Setup a minimal dirauth environment for this test */
  959. crypto_pk_t *k = crypto_pk_new();
  960. /* Have a key that is not the one from our commit. */
  961. tt_int_op(0, ==, crypto_pk_generate_key(k));
  962. tt_int_op(0, ==, crypto_pk_get_fingerprint(k, fp, 0));
  963. init_authority_state();
  964. state = get_sr_state();
  965. }
  966. /* Test this very important function that tells us if we should keep a
  967. * commit or not in our state. Most of it depends on the phase and what's
  968. * in the commit so we'll change the commit as we go. */
  969. commit = sr_generate_our_commit(now, mock_cert);
  970. tt_assert(commit);
  971. /* Set us in COMMIT phase for starter. */
  972. set_sr_phase(SR_PHASE_COMMIT);
  973. /* We should never keep a commit from a non authoritative authority. */
  974. tt_int_op(should_keep_commit(commit, fp, SR_PHASE_COMMIT), ==, 0);
  975. /* This should NOT be kept because it has a reveal value in it. */
  976. tt_assert(commit_has_reveal_value(commit));
  977. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  978. SR_PHASE_COMMIT), ==, 0);
  979. /* Add it to the state which should return to not keep it. */
  980. sr_state_add_commit(commit);
  981. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  982. SR_PHASE_COMMIT), ==, 0);
  983. /* Remove it from state so we can continue our testing. */
  984. digestmap_remove(state->commits, commit->rsa_identity);
  985. /* Let's remove our reveal value which should make it OK to keep it. */
  986. memset(commit->encoded_reveal, 0, sizeof(commit->encoded_reveal));
  987. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  988. SR_PHASE_COMMIT), ==, 1);
  989. /* Let's reset our commit and go into REVEAL phase. */
  990. sr_commit_free(commit);
  991. commit = sr_generate_our_commit(now, mock_cert);
  992. tt_assert(commit);
  993. /* Dup the commit so we have one with and one without a reveal value. */
  994. dup_commit = tor_malloc_zero(sizeof(*dup_commit));
  995. memcpy(dup_commit, commit, sizeof(*dup_commit));
  996. memset(dup_commit->encoded_reveal, 0, sizeof(dup_commit->encoded_reveal));
  997. set_sr_phase(SR_PHASE_REVEAL);
  998. /* We should never keep a commit from a non authoritative authority. */
  999. tt_int_op(should_keep_commit(commit, fp, SR_PHASE_REVEAL), ==, 0);
  1000. /* We shouldn't accept a commit that is not in our state. */
  1001. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1002. SR_PHASE_REVEAL), ==, 0);
  1003. /* Important to add the commit _without_ the reveal here. */
  1004. sr_state_add_commit(dup_commit);
  1005. tt_int_op(digestmap_size(state->commits), ==, 1);
  1006. /* Our commit should be valid that is authoritative, contains a reveal, be
  1007. * in the state and commitment and reveal values match. */
  1008. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1009. SR_PHASE_REVEAL), ==, 1);
  1010. /* The commit shouldn't be kept if it's not verified that is no matchin
  1011. * hashed reveal. */
  1012. {
  1013. /* Let's save the hash reveal so we can restore it. */
  1014. sr_commit_t place_holder;
  1015. memcpy(place_holder.hashed_reveal, commit->hashed_reveal,
  1016. sizeof(place_holder.hashed_reveal));
  1017. memset(commit->hashed_reveal, 0, sizeof(commit->hashed_reveal));
  1018. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1019. SR_PHASE_REVEAL), ==, 0);
  1020. memcpy(commit->hashed_reveal, place_holder.hashed_reveal,
  1021. sizeof(commit->hashed_reveal));
  1022. }
  1023. /* We shouldn't keep a commit that has no reveal. */
  1024. tt_int_op(should_keep_commit(dup_commit, dup_commit->rsa_identity,
  1025. SR_PHASE_REVEAL), ==, 0);
  1026. /* We must not keep a commit that is not the same from the commit phase. */
  1027. memset(commit->encoded_commit, 0, sizeof(commit->encoded_commit));
  1028. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1029. SR_PHASE_REVEAL), ==, 0);
  1030. done:
  1031. sr_commit_free(commit);
  1032. sr_commit_free(dup_commit);
  1033. }
  1034. static void
  1035. test_state_update(void *arg)
  1036. {
  1037. time_t commit_phase_time = 1452076000;
  1038. time_t reveal_phase_time = 1452086800;
  1039. sr_state_t *state;
  1040. (void) arg;
  1041. {
  1042. init_authority_state();
  1043. state = get_sr_state();
  1044. set_sr_phase(SR_PHASE_COMMIT);
  1045. /* We'll cheat a bit here and reset the creation time of the state which
  1046. * will avoid us to compute a valid_after time that fits the commit
  1047. * phase. */
  1048. state->valid_after = 0;
  1049. state->n_reveal_rounds = 0;
  1050. state->n_commit_rounds = 0;
  1051. }
  1052. /* We need to mock for the state update function call. */
  1053. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  1054. /* We are in COMMIT phase here and we'll trigger a state update but no
  1055. * transition. */
  1056. sr_state_update(commit_phase_time);
  1057. tt_int_op(state->valid_after, ==, commit_phase_time);
  1058. tt_int_op(state->n_commit_rounds, ==, 1);
  1059. tt_int_op(state->phase, ==, SR_PHASE_COMMIT);
  1060. tt_int_op(digestmap_size(state->commits), ==, 1);
  1061. /* We are still in the COMMIT phase here but we'll trigger a state
  1062. * transition to the REVEAL phase. */
  1063. sr_state_update(reveal_phase_time);
  1064. tt_int_op(state->phase, ==, SR_PHASE_REVEAL);
  1065. tt_int_op(state->valid_after, ==, reveal_phase_time);
  1066. /* Only our commit should be in there. */
  1067. tt_int_op(digestmap_size(state->commits), ==, 1);
  1068. tt_int_op(state->n_reveal_rounds, ==, 1);
  1069. /* We can't update a state with a valid after _lower_ than the creation
  1070. * time so here it is. */
  1071. sr_state_update(commit_phase_time);
  1072. tt_int_op(state->valid_after, ==, reveal_phase_time);
  1073. /* Finally, let's go back in COMMIT phase so we can test the state update
  1074. * of a new protocol run. */
  1075. state->valid_after = 0;
  1076. sr_state_update(commit_phase_time);
  1077. tt_int_op(state->valid_after, ==, commit_phase_time);
  1078. tt_int_op(state->n_commit_rounds, ==, 1);
  1079. tt_int_op(state->n_reveal_rounds, ==, 0);
  1080. tt_u64_op(state->n_protocol_runs, ==, 1);
  1081. tt_int_op(state->phase, ==, SR_PHASE_COMMIT);
  1082. tt_int_op(digestmap_size(state->commits), ==, 1);
  1083. tt_assert(state->current_srv);
  1084. done:
  1085. sr_state_free();
  1086. UNMOCK(get_my_v3_authority_cert);
  1087. }
  1088. struct testcase_t sr_tests[] = {
  1089. { "get_sr_protocol_phase", test_get_sr_protocol_phase, TT_FORK,
  1090. NULL, NULL },
  1091. { "sr_commit", test_sr_commit, TT_FORK,
  1092. NULL, NULL },
  1093. { "keep_commit", test_keep_commit, TT_FORK,
  1094. NULL, NULL },
  1095. { "encoding", test_encoding, TT_FORK,
  1096. NULL, NULL },
  1097. { "get_next_valid_after_time", test_get_next_valid_after_time, TT_FORK,
  1098. NULL, NULL },
  1099. { "get_state_valid_until_time", test_get_state_valid_until_time, TT_FORK,
  1100. NULL, NULL },
  1101. { "vote", test_vote, TT_FORK,
  1102. NULL, NULL },
  1103. { "state_load_from_disk", test_state_load_from_disk, TT_FORK,
  1104. NULL, NULL },
  1105. { "sr_compute_srv", test_sr_compute_srv, TT_FORK, NULL, NULL },
  1106. { "sr_get_majority_srv_from_votes", test_sr_get_majority_srv_from_votes,
  1107. TT_FORK, NULL, NULL },
  1108. { "utils", test_utils, TT_FORK, NULL, NULL },
  1109. { "state_transition", test_state_transition, TT_FORK, NULL, NULL },
  1110. { "state_update", test_state_update, TT_FORK,
  1111. NULL, NULL },
  1112. END_OF_TESTCASES
  1113. };