test_shared_random.c 44 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292
  1. #define SHARED_RANDOM_PRIVATE
  2. #define SHARED_RANDOM_STATE_PRIVATE
  3. #define CONFIG_PRIVATE
  4. #define DIRVOTE_PRIVATE
  5. #include "or.h"
  6. #include "test.h"
  7. #include "config.h"
  8. #include "dirvote.h"
  9. #include "shared_random.h"
  10. #include "shared_random_state.h"
  11. #include "routerkeys.h"
  12. #include "routerlist.h"
  13. #include "router.h"
  14. #include "routerparse.h"
  15. #include "networkstatus.h"
  16. static authority_cert_t *mock_cert;
  17. static authority_cert_t *
  18. get_my_v3_authority_cert_m(void)
  19. {
  20. tor_assert(mock_cert);
  21. return mock_cert;
  22. }
  23. static dir_server_t ds;
  24. static dir_server_t *
  25. trusteddirserver_get_by_v3_auth_digest_m(const char *digest)
  26. {
  27. (void) digest;
  28. /* The shared random code only need to know if a valid pointer to a dir
  29. * server object has been found so this is safe because it won't use the
  30. * pointer at all never. */
  31. return &ds;
  32. }
  33. /* Setup a minimal dirauth environment by initializing the SR state and
  34. * making sure the options are set to be an authority directory. */
  35. static void
  36. init_authority_state(void)
  37. {
  38. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  39. or_options_t *options = get_options_mutable();
  40. mock_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  41. tt_assert(mock_cert);
  42. options->AuthoritativeDir = 1;
  43. tt_int_op(0, ==, load_ed_keys(options, time(NULL)));
  44. sr_state_init(0, 0);
  45. /* It's possible a commit has been generated in our state depending on
  46. * the phase we are currently in which uses "now" as the starting
  47. * timestamp. Delete it before we do any testing below. */
  48. sr_state_delete_commits();
  49. done:
  50. UNMOCK(get_my_v3_authority_cert);
  51. }
  52. static void
  53. test_get_sr_protocol_phase(void *arg)
  54. {
  55. time_t the_time;
  56. sr_phase_t phase;
  57. int retval;
  58. (void) arg;
  59. /* Initialize SR state */
  60. init_authority_state();
  61. {
  62. retval = parse_rfc1123_time("Wed, 20 Apr 2015 23:59:00 UTC", &the_time);
  63. tt_int_op(retval, ==, 0);
  64. phase = get_sr_protocol_phase(the_time);
  65. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  66. }
  67. {
  68. retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:00 UTC", &the_time);
  69. tt_int_op(retval, ==, 0);
  70. phase = get_sr_protocol_phase(the_time);
  71. tt_int_op(phase, ==, SR_PHASE_COMMIT);
  72. }
  73. {
  74. retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:01 UTC", &the_time);
  75. tt_int_op(retval, ==, 0);
  76. phase = get_sr_protocol_phase(the_time);
  77. tt_int_op(phase, ==, SR_PHASE_COMMIT);
  78. }
  79. {
  80. retval = parse_rfc1123_time("Wed, 20 Apr 2015 11:59:00 UTC", &the_time);
  81. tt_int_op(retval, ==, 0);
  82. phase = get_sr_protocol_phase(the_time);
  83. tt_int_op(phase, ==, SR_PHASE_COMMIT);
  84. }
  85. {
  86. retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:00 UTC", &the_time);
  87. tt_int_op(retval, ==, 0);
  88. phase = get_sr_protocol_phase(the_time);
  89. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  90. }
  91. {
  92. retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:01 UTC", &the_time);
  93. tt_int_op(retval, ==, 0);
  94. phase = get_sr_protocol_phase(the_time);
  95. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  96. }
  97. {
  98. retval = parse_rfc1123_time("Wed, 20 Apr 2015 13:00:00 UTC", &the_time);
  99. tt_int_op(retval, ==, 0);
  100. phase = get_sr_protocol_phase(the_time);
  101. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  102. }
  103. done:
  104. ;
  105. }
  106. static networkstatus_t *mock_consensus = NULL;
  107. static void
  108. test_get_state_valid_until_time(void *arg)
  109. {
  110. time_t current_time;
  111. time_t valid_until_time;
  112. char tbuf[ISO_TIME_LEN + 1];
  113. int retval;
  114. (void) arg;
  115. {
  116. /* Get the valid until time if called at 00:00:01 */
  117. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
  118. &current_time);
  119. tt_int_op(retval, ==, 0);
  120. valid_until_time = get_state_valid_until_time(current_time);
  121. /* Compare it with the correct result */
  122. format_iso_time(tbuf, valid_until_time);
  123. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  124. }
  125. {
  126. retval = parse_rfc1123_time("Mon, 20 Apr 2015 19:22:00 UTC",
  127. &current_time);
  128. tt_int_op(retval, ==, 0);
  129. valid_until_time = get_state_valid_until_time(current_time);
  130. format_iso_time(tbuf, valid_until_time);
  131. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  132. }
  133. {
  134. retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:59:00 UTC",
  135. &current_time);
  136. tt_int_op(retval, ==, 0);
  137. valid_until_time = get_state_valid_until_time(current_time);
  138. format_iso_time(tbuf, valid_until_time);
  139. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  140. }
  141. {
  142. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  143. &current_time);
  144. tt_int_op(retval, ==, 0);
  145. valid_until_time = get_state_valid_until_time(current_time);
  146. format_iso_time(tbuf, valid_until_time);
  147. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  148. }
  149. done:
  150. ;
  151. }
  152. /* Mock function to immediately return our local 'mock_consensus'. */
  153. static networkstatus_t *
  154. mock_networkstatus_get_live_consensus(time_t now)
  155. {
  156. (void) now;
  157. return mock_consensus;
  158. }
  159. /** Test the get_next_valid_after_time() function. */
  160. static void
  161. test_get_next_valid_after_time(void *arg)
  162. {
  163. time_t current_time;
  164. time_t valid_after_time;
  165. char tbuf[ISO_TIME_LEN + 1];
  166. int retval;
  167. (void) arg;
  168. {
  169. /* Setup a fake consensus just to get the times out of it, since
  170. get_next_valid_after_time() needs them. */
  171. mock_consensus = tor_malloc_zero(sizeof(networkstatus_t));
  172. retval = parse_rfc1123_time("Mon, 13 Jan 2016 16:00:00 UTC",
  173. &mock_consensus->fresh_until);
  174. tt_int_op(retval, ==, 0);
  175. retval = parse_rfc1123_time("Mon, 13 Jan 2016 15:00:00 UTC",
  176. &mock_consensus->valid_after);
  177. tt_int_op(retval, ==, 0);
  178. MOCK(networkstatus_get_live_consensus,
  179. mock_networkstatus_get_live_consensus);
  180. }
  181. {
  182. /* Get the valid after time if called at 00:00:00 */
  183. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  184. &current_time);
  185. tt_int_op(retval, ==, 0);
  186. valid_after_time = get_next_valid_after_time(current_time);
  187. /* Compare it with the correct result */
  188. format_iso_time(tbuf, valid_after_time);
  189. tt_str_op("2015-04-20 01:00:00", OP_EQ, tbuf);
  190. }
  191. {
  192. /* Get the valid until time if called at 00:00:01 */
  193. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
  194. &current_time);
  195. tt_int_op(retval, ==, 0);
  196. valid_after_time = get_next_valid_after_time(current_time);
  197. /* Compare it with the correct result */
  198. format_iso_time(tbuf, valid_after_time);
  199. tt_str_op("2015-04-20 01:00:00", OP_EQ, tbuf);
  200. }
  201. {
  202. retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:30:01 UTC",
  203. &current_time);
  204. tt_int_op(retval, ==, 0);
  205. valid_after_time = get_next_valid_after_time(current_time);
  206. /* Compare it with the correct result */
  207. format_iso_time(tbuf, valid_after_time);
  208. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  209. }
  210. done:
  211. networkstatus_vote_free(mock_consensus);
  212. }
  213. /* In this test we are going to generate a sr_commit_t object and validate
  214. * it. We first generate our values, and then we parse them as if they were
  215. * received from the network. After we parse both the commit and the reveal,
  216. * we verify that they indeed match. */
  217. static void
  218. test_sr_commit(void *arg)
  219. {
  220. authority_cert_t *auth_cert = NULL;
  221. time_t now = time(NULL);
  222. sr_commit_t *our_commit = NULL;
  223. smartlist_t *args = smartlist_new();
  224. (void) arg;
  225. { /* Setup a minimal dirauth environment for this test */
  226. or_options_t *options = get_options_mutable();
  227. auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  228. tt_assert(auth_cert);
  229. options->AuthoritativeDir = 1;
  230. tt_int_op(0, ==, load_ed_keys(options, now));
  231. }
  232. /* Generate our commit object and validate it has the appropriate field
  233. * that we can then use to build a representation that we'll find in a
  234. * vote coming from the network. */
  235. {
  236. sr_commit_t test_commit;
  237. our_commit = sr_generate_our_commit(now, auth_cert);
  238. tt_assert(our_commit);
  239. /* Default and only supported algorithm for now. */
  240. tt_assert(our_commit->alg == DIGEST_SHA3_256);
  241. /* We should have a reveal value. */
  242. tt_assert(commit_has_reveal_value(our_commit));
  243. /* We should have a random value. */
  244. tt_assert(!tor_mem_is_zero((char *) our_commit->random_number,
  245. sizeof(our_commit->random_number)));
  246. /* Commit and reveal timestamp should be the same. */
  247. tt_int_op(our_commit->commit_ts, ==, our_commit->reveal_ts);
  248. /* We should have a hashed reveal. */
  249. tt_assert(!tor_mem_is_zero(our_commit->hashed_reveal,
  250. sizeof(our_commit->hashed_reveal)));
  251. /* Do we have a valid encoded commit and reveal. Note the following only
  252. * tests if the generated values are correct. Their could be a bug in
  253. * the decode function but we test them seperately. */
  254. tt_int_op(0, ==, reveal_decode(our_commit->encoded_reveal,
  255. &test_commit));
  256. tt_int_op(0, ==, commit_decode(our_commit->encoded_commit,
  257. &test_commit));
  258. tt_int_op(0, ==, verify_commit_and_reveal(our_commit));
  259. }
  260. /* Let's make sure our verify commit and reveal function works. We'll
  261. * make it fail a bit with known failure case. */
  262. {
  263. /* Copy our commit so we don't alter it for the rest of testing. */
  264. sr_commit_t test_commit;
  265. memcpy(&test_commit, our_commit, sizeof(test_commit));
  266. /* Timestamp MUST match. */
  267. test_commit.commit_ts = test_commit.reveal_ts - 42;
  268. tt_int_op(-1, ==, verify_commit_and_reveal(&test_commit));
  269. memcpy(&test_commit, our_commit, sizeof(test_commit));
  270. tt_int_op(0, ==, verify_commit_and_reveal(&test_commit));
  271. /* Hashed reveal must match the H(encoded_reveal). */
  272. memset(test_commit.hashed_reveal, 'X',
  273. sizeof(test_commit.hashed_reveal));
  274. tt_int_op(-1, ==, verify_commit_and_reveal(&test_commit));
  275. memcpy(&test_commit, our_commit, sizeof(test_commit));
  276. tt_int_op(0, ==, verify_commit_and_reveal(&test_commit));
  277. }
  278. /* We'll build a list of values from our commit that our parsing function
  279. * takes from a vote line and see if we can parse it correctly. */
  280. {
  281. sr_commit_t *parsed_commit;
  282. smartlist_add(args, tor_strdup("1"));
  283. smartlist_add(args,
  284. tor_strdup(crypto_digest_algorithm_get_name(our_commit->alg)));
  285. smartlist_add(args, tor_strdup(sr_commit_get_rsa_fpr(our_commit)));
  286. smartlist_add(args, our_commit->encoded_commit);
  287. smartlist_add(args, our_commit->encoded_reveal);
  288. parsed_commit = sr_parse_commit(args);
  289. tt_assert(parsed_commit);
  290. /* That parsed commit should be _EXACTLY_ like our original commit (we
  291. * have to explicitly set the valid flag though). */
  292. parsed_commit->valid = 1;
  293. tt_mem_op(parsed_commit, OP_EQ, our_commit, sizeof(*parsed_commit));
  294. /* Cleanup */
  295. tor_free(smartlist_get(args, 0)); /* strdup here. */
  296. tor_free(smartlist_get(args, 1)); /* strdup here. */
  297. smartlist_clear(args);
  298. sr_commit_free(parsed_commit);
  299. }
  300. done:
  301. smartlist_free(args);
  302. sr_commit_free(our_commit);
  303. }
  304. /* Test the encoding and decoding function for commit and reveal values. */
  305. static void
  306. test_encoding(void *arg)
  307. {
  308. (void) arg;
  309. int ret, duper_rand = 42;
  310. /* Random number is 32 bytes. */
  311. char raw_rand[32];
  312. time_t ts = 1454333590;
  313. char hashed_rand[DIGEST256_LEN], hashed_reveal[DIGEST256_LEN];
  314. sr_commit_t parsed_commit;
  315. /* Encoded commit is: base64-encode( 1454333590 || H(H(42)) ). Remember
  316. * that we do no expose the raw bytes of our PRNG to the network thus
  317. * explaining the double H(). */
  318. static const char *encoded_commit =
  319. "AAAAAFavXpZbx2LRneYFSLPCP8DLp9BXfeH5FXzbkxM4iRXKGeA54g==";
  320. /* Encoded reveal is: base64-encode( 1454333590 || H(42) ). */
  321. static const char *encoded_reveal =
  322. "AAAAAFavXpYk9x9kTjiQWUqjHwSAEOdPAfCaurXgjPy173SzYjeC2g==";
  323. /* Set up our raw random bytes array. */
  324. memset(raw_rand, 0, sizeof(raw_rand));
  325. memcpy(raw_rand, &duper_rand, sizeof(duper_rand));
  326. /* Hash random number. */
  327. ret = crypto_digest256(hashed_rand, raw_rand,
  328. sizeof(raw_rand), SR_DIGEST_ALG);
  329. tt_int_op(0, ==, ret);
  330. /* Hash reveal value. */
  331. tt_int_op(SR_REVEAL_BASE64_LEN, ==, strlen(encoded_reveal));
  332. ret = crypto_digest256(hashed_reveal, encoded_reveal,
  333. strlen(encoded_reveal), SR_DIGEST_ALG);
  334. tt_int_op(0, ==, ret);
  335. tt_int_op(SR_COMMIT_BASE64_LEN, ==, strlen(encoded_commit));
  336. /* Test our commit/reveal decode functions. */
  337. {
  338. /* Test the reveal encoded value. */
  339. tt_int_op(0, ==, reveal_decode(encoded_reveal, &parsed_commit));
  340. tt_uint_op(ts, ==, parsed_commit.reveal_ts);
  341. tt_mem_op(hashed_rand, OP_EQ, parsed_commit.random_number,
  342. sizeof(hashed_rand));
  343. /* Test the commit encoded value. */
  344. memset(&parsed_commit, 0, sizeof(parsed_commit));
  345. tt_int_op(0, ==, commit_decode(encoded_commit, &parsed_commit));
  346. tt_uint_op(ts, ==, parsed_commit.commit_ts);
  347. tt_mem_op(encoded_commit, OP_EQ, parsed_commit.encoded_commit,
  348. sizeof(parsed_commit.encoded_commit));
  349. tt_mem_op(hashed_reveal, OP_EQ, parsed_commit.hashed_reveal,
  350. sizeof(hashed_reveal));
  351. }
  352. /* Test our commit/reveal encode functions. */
  353. {
  354. /* Test the reveal encode. */
  355. char encoded[SR_REVEAL_BASE64_LEN + 1];
  356. parsed_commit.reveal_ts = ts;
  357. memcpy(parsed_commit.random_number, hashed_rand,
  358. sizeof(parsed_commit.random_number));
  359. ret = reveal_encode(&parsed_commit, encoded, sizeof(encoded));
  360. tt_int_op(SR_REVEAL_BASE64_LEN, ==, ret);
  361. tt_mem_op(encoded_reveal, OP_EQ, encoded, strlen(encoded_reveal));
  362. }
  363. {
  364. /* Test the commit encode. */
  365. char encoded[SR_COMMIT_BASE64_LEN + 1];
  366. parsed_commit.commit_ts = ts;
  367. memcpy(parsed_commit.hashed_reveal, hashed_reveal,
  368. sizeof(parsed_commit.hashed_reveal));
  369. ret = commit_encode(&parsed_commit, encoded, sizeof(encoded));
  370. tt_int_op(SR_COMMIT_BASE64_LEN, ==, ret);
  371. tt_mem_op(encoded_commit, OP_EQ, encoded, strlen(encoded_commit));
  372. }
  373. done:
  374. ;
  375. }
  376. /** Setup some SRVs in our SR state. If <b>also_current</b> is set, then set
  377. * both current and previous SRVs.
  378. * Helper of test_vote() and test_sr_compute_srv(). */
  379. static void
  380. test_sr_setup_srv(int also_current)
  381. {
  382. sr_srv_t *srv = tor_malloc_zero(sizeof(sr_srv_t));
  383. srv->num_reveals = 42;
  384. memcpy(srv->value,
  385. "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
  386. sizeof(srv->value));
  387. sr_state_set_previous_srv(srv);
  388. if (also_current) {
  389. srv = tor_malloc_zero(sizeof(sr_srv_t));
  390. srv->num_reveals = 128;
  391. memcpy(srv->value,
  392. "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN",
  393. sizeof(srv->value));
  394. sr_state_set_current_srv(srv);
  395. }
  396. }
  397. /* Test anything that has to do with SR protocol and vote. */
  398. static void
  399. test_vote(void *arg)
  400. {
  401. int ret;
  402. time_t now = time(NULL);
  403. sr_commit_t *our_commit = NULL;
  404. (void) arg;
  405. MOCK(trusteddirserver_get_by_v3_auth_digest,
  406. trusteddirserver_get_by_v3_auth_digest_m);
  407. { /* Setup a minimal dirauth environment for this test */
  408. init_authority_state();
  409. /* Set ourself in reveal phase so we can parse the reveal value in the
  410. * vote as well. */
  411. set_sr_phase(SR_PHASE_REVEAL);
  412. }
  413. /* Generate our commit object and validate it has the appropriate field
  414. * that we can then use to build a representation that we'll find in a
  415. * vote coming from the network. */
  416. {
  417. sr_commit_t *saved_commit;
  418. our_commit = sr_generate_our_commit(now, mock_cert);
  419. tt_assert(our_commit);
  420. sr_state_add_commit(our_commit);
  421. /* Make sure it's there. */
  422. saved_commit = sr_state_get_commit(our_commit->rsa_identity);
  423. tt_assert(saved_commit);
  424. }
  425. /* Also setup the SRVs */
  426. test_sr_setup_srv(1);
  427. { /* Now test the vote generation */
  428. smartlist_t *chunks = smartlist_new();
  429. smartlist_t *tokens = smartlist_new();
  430. /* Get our vote line and validate it. */
  431. char *lines = sr_get_string_for_vote();
  432. tt_assert(lines);
  433. /* Split the lines. We expect 2 here. */
  434. ret = smartlist_split_string(chunks, lines, "\n", SPLIT_IGNORE_BLANK, 0);
  435. tt_int_op(ret, ==, 4);
  436. tt_str_op(smartlist_get(chunks, 0), OP_EQ, "shared-rand-participate");
  437. /* Get our commitment line and will validate it agains our commit. The
  438. * format is as follow:
  439. * "shared-rand-commitment" SP version SP algname SP identity
  440. * SP COMMIT [SP REVEAL] NL
  441. */
  442. char *commit_line = smartlist_get(chunks, 1);
  443. tt_assert(commit_line);
  444. ret = smartlist_split_string(tokens, commit_line, " ", 0, 0);
  445. tt_int_op(ret, ==, 6);
  446. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-commit");
  447. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "1");
  448. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  449. crypto_digest_algorithm_get_name(DIGEST_SHA3_256));
  450. char digest[DIGEST_LEN];
  451. base16_decode(digest, sizeof(digest), smartlist_get(tokens, 3),
  452. HEX_DIGEST_LEN);
  453. tt_mem_op(digest, ==, our_commit->rsa_identity, sizeof(digest));
  454. tt_str_op(smartlist_get(tokens, 4), OP_EQ, our_commit->encoded_commit);
  455. tt_str_op(smartlist_get(tokens, 5), OP_EQ, our_commit->encoded_reveal);
  456. /* Finally, does this vote line creates a valid commit object? */
  457. smartlist_t *args = smartlist_new();
  458. smartlist_add(args, smartlist_get(tokens, 1));
  459. smartlist_add(args, smartlist_get(tokens, 2));
  460. smartlist_add(args, smartlist_get(tokens, 3));
  461. smartlist_add(args, smartlist_get(tokens, 4));
  462. smartlist_add(args, smartlist_get(tokens, 5));
  463. sr_commit_t *parsed_commit = sr_parse_commit(args);
  464. tt_assert(parsed_commit);
  465. /* Set valid flag explicitly here to compare since it's not set by
  466. * simply parsing the commit. */
  467. parsed_commit->valid = 1;
  468. tt_mem_op(parsed_commit, ==, our_commit, sizeof(*our_commit));
  469. /* minor cleanup */
  470. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  471. smartlist_clear(tokens);
  472. /* Now test the previous SRV */
  473. char *prev_srv_line = smartlist_get(chunks, 2);
  474. tt_assert(prev_srv_line);
  475. ret = smartlist_split_string(tokens, prev_srv_line, " ", 0, 0);
  476. tt_int_op(ret, ==, 3);
  477. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-previous-value");
  478. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "42");
  479. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  480. "WlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo=");
  481. /* minor cleanup */
  482. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  483. smartlist_clear(tokens);
  484. /* Now test the current SRV */
  485. char *current_srv_line = smartlist_get(chunks, 3);
  486. tt_assert(current_srv_line);
  487. ret = smartlist_split_string(tokens, current_srv_line, " ", 0, 0);
  488. tt_int_op(ret, ==, 3);
  489. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-current-value");
  490. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "128");
  491. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  492. "Tk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk4=");
  493. /* Clean up */
  494. sr_commit_free(parsed_commit);
  495. SMARTLIST_FOREACH(chunks, char *, s, tor_free(s));
  496. smartlist_free(chunks);
  497. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  498. smartlist_free(tokens);
  499. smartlist_clear(args);
  500. smartlist_free(args);
  501. }
  502. done:
  503. sr_commit_free(our_commit);
  504. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  505. }
  506. const char *sr_state_str = "Version 1\n"
  507. "TorVersion 0.2.9.0-alpha-dev\n"
  508. "ValidAfter 2037-04-19 07:16:00\n"
  509. "ValidUntil 2037-04-20 07:16:00\n"
  510. "Commit 1 sha3-256 FA3CEC2C99DC68D3166B9B6E4FA21A4026C2AB1C "
  511. "7M8GdubCAAdh7WUG0DiwRyxTYRKji7HATa7LLJEZ/UAAAAAAVmfUSg== "
  512. "AAAAAFZn1EojfIheIw42bjK3VqkpYyjsQFSbv/dxNna3Q8hUEPKpOw==\n"
  513. "Commit 1 sha3-256 41E89EDFBFBA44983E21F18F2230A4ECB5BFB543 "
  514. "17aUsYuMeRjd2N1r8yNyg7aHqRa6gf4z7QPoxxAZbp0AAAAAVmfUSg==\n"
  515. "Commit 1 sha3-256 36637026573A04110CF3E6B1D201FB9A98B88734 "
  516. "DDDYtripvdOU+XPEUm5xpU64d9IURSds1xSwQsgeB8oAAAAAVmfUSg==\n"
  517. "SharedRandPreviousValue 4 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=\n"
  518. "SharedRandCurrentValue 3 8dWeW12KEzTGEiLGgO1UVJ7Z91CekoRcxt6Q9KhnOFI=\n";
  519. /** Create an SR disk state, parse it and validate that the parsing went
  520. * well. Yes! */
  521. static void
  522. test_state_load_from_disk(void *arg)
  523. {
  524. int ret;
  525. char *dir = tor_strdup(get_fname("test_sr_state"));
  526. char *sr_state_path = tor_strdup(get_fname("test_sr_state/sr_state"));
  527. sr_state_t *the_sr_state = NULL;
  528. (void) arg;
  529. MOCK(trusteddirserver_get_by_v3_auth_digest,
  530. trusteddirserver_get_by_v3_auth_digest_m);
  531. /* First try with a nonexistent path. */
  532. ret = disk_state_load_from_disk_impl("NONEXISTENTNONEXISTENT");
  533. tt_assert(ret == -ENOENT);
  534. /* Now create a mock state directory and state file */
  535. #ifdef _WIN32
  536. ret = mkdir(dir);
  537. #else
  538. ret = mkdir(dir, 0700);
  539. #endif
  540. tt_assert(ret == 0);
  541. ret = write_str_to_file(sr_state_path, sr_state_str, 0);
  542. tt_assert(ret == 0);
  543. /* Try to load the directory itself. Should fail. */
  544. ret = disk_state_load_from_disk_impl(dir);
  545. tt_assert(ret == -EISDIR);
  546. /* State should be non-existent at this point. */
  547. the_sr_state = get_sr_state();
  548. tt_assert(!the_sr_state);
  549. /* Now try to load the correct file! */
  550. ret = disk_state_load_from_disk_impl(sr_state_path);
  551. tt_assert(ret == 0);
  552. /* Check the content of the state */
  553. /* XXX check more deeply!!! */
  554. the_sr_state = get_sr_state();
  555. tt_assert(the_sr_state);
  556. tt_assert(the_sr_state->version == 1);
  557. tt_assert(digestmap_size(the_sr_state->commits) == 3);
  558. tt_assert(the_sr_state->current_srv);
  559. tt_assert(the_sr_state->current_srv->num_reveals == 3);
  560. tt_assert(the_sr_state->previous_srv);
  561. /* XXX Now also try loading corrupted state files and make sure parsing
  562. fails */
  563. done:
  564. tor_free(dir);
  565. tor_free(sr_state_path);
  566. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  567. }
  568. /** Generate three specially crafted commits (based on the test
  569. * vector at sr_srv_calc_ref.py). Helper of test_sr_compute_srv(). */
  570. static void
  571. test_sr_setup_commits(void)
  572. {
  573. time_t now = time(NULL);
  574. sr_commit_t *commit_a, *commit_b, *commit_c, *commit_d;
  575. sr_commit_t *place_holder = tor_malloc_zero(sizeof(*place_holder));
  576. authority_cert_t *auth_cert = NULL;
  577. { /* Setup a minimal dirauth environment for this test */
  578. or_options_t *options = get_options_mutable();
  579. auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  580. tt_assert(auth_cert);
  581. options->AuthoritativeDir = 1;
  582. tt_int_op(0, ==, load_ed_keys(options, now));
  583. }
  584. /* Generate three dummy commits according to sr_srv_calc_ref.py . Then
  585. register them to the SR state. Also register a fourth commit 'd' with no
  586. reveal info, to make sure that it will get ignored during SRV
  587. calculation. */
  588. { /* Commit from auth 'a' */
  589. commit_a = sr_generate_our_commit(now, auth_cert);
  590. tt_assert(commit_a);
  591. /* Do some surgery on the commit */
  592. memset(commit_a->rsa_identity, 'A', sizeof(commit_a->rsa_identity));
  593. strlcpy(commit_a->encoded_reveal,
  594. "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
  595. sizeof(commit_a->encoded_reveal));
  596. memcpy(commit_a->hashed_reveal,
  597. "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
  598. sizeof(commit_a->hashed_reveal));
  599. }
  600. { /* Commit from auth 'b' */
  601. commit_b = sr_generate_our_commit(now, auth_cert);
  602. tt_assert(commit_b);
  603. /* Do some surgery on the commit */
  604. memset(commit_b->rsa_identity, 'B', sizeof(commit_b->rsa_identity));
  605. strlcpy(commit_b->encoded_reveal,
  606. "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
  607. sizeof(commit_b->encoded_reveal));
  608. memcpy(commit_b->hashed_reveal,
  609. "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
  610. sizeof(commit_b->hashed_reveal));
  611. }
  612. { /* Commit from auth 'c' */
  613. commit_c = sr_generate_our_commit(now, auth_cert);
  614. tt_assert(commit_c);
  615. /* Do some surgery on the commit */
  616. memset(commit_c->rsa_identity, 'C', sizeof(commit_c->rsa_identity));
  617. strlcpy(commit_c->encoded_reveal,
  618. "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
  619. sizeof(commit_c->encoded_reveal));
  620. memcpy(commit_c->hashed_reveal,
  621. "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
  622. sizeof(commit_c->hashed_reveal));
  623. }
  624. { /* Commit from auth 'd' */
  625. commit_d = sr_generate_our_commit(now, auth_cert);
  626. tt_assert(commit_d);
  627. /* Do some surgery on the commit */
  628. memset(commit_d->rsa_identity, 'D', sizeof(commit_d->rsa_identity));
  629. strlcpy(commit_d->encoded_reveal,
  630. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
  631. sizeof(commit_d->encoded_reveal));
  632. memcpy(commit_d->hashed_reveal,
  633. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
  634. sizeof(commit_d->hashed_reveal));
  635. /* Clean up its reveal info */
  636. memcpy(place_holder, commit_d, sizeof(*place_holder));
  637. memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal));
  638. tt_assert(!commit_has_reveal_value(commit_d));
  639. }
  640. /* Register commits to state (during commit phase) */
  641. set_sr_phase(SR_PHASE_COMMIT);
  642. save_commit_to_state(commit_a);
  643. save_commit_to_state(commit_b);
  644. save_commit_to_state(commit_c);
  645. save_commit_to_state(commit_d);
  646. tt_int_op(digestmap_size(get_sr_state()->commits), ==, 4);
  647. /* Now during REVEAL phase save commit D by restoring its reveal. */
  648. set_sr_phase(SR_PHASE_REVEAL);
  649. save_commit_to_state(place_holder);
  650. tt_str_op(commit_d->encoded_reveal, OP_EQ,
  651. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD");
  652. /* Go back to an empty encoded reveal value. */
  653. memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal));
  654. memset(commit_d->random_number, 0, sizeof(commit_d->random_number));
  655. tt_assert(!commit_has_reveal_value(commit_d));
  656. done:
  657. return;
  658. }
  659. /** Verify that the SRV generation procedure is proper by testing it against
  660. * the test vector from ./sr_srv_calc_ref.py. */
  661. static void
  662. test_sr_compute_srv(void *arg)
  663. {
  664. (void) arg;
  665. sr_srv_t *current_srv = NULL;
  666. #define SRV_TEST_VECTOR \
  667. "2A9B1D6237DAB312A40F575DA85C147663E7ED3F80E9555395F15B515C74253D"
  668. MOCK(trusteddirserver_get_by_v3_auth_digest,
  669. trusteddirserver_get_by_v3_auth_digest_m);
  670. MOCK(trusteddirserver_get_by_v3_auth_digest,
  671. trusteddirserver_get_by_v3_auth_digest_m);
  672. init_authority_state();
  673. /* Setup the commits for this unittest */
  674. test_sr_setup_commits();
  675. test_sr_setup_srv(0);
  676. /* Now switch to reveal phase */
  677. set_sr_phase(SR_PHASE_REVEAL);
  678. /* Compute the SRV */
  679. sr_compute_srv();
  680. /* Check the result against the test vector */
  681. current_srv = sr_state_get_current_srv();
  682. tt_assert(current_srv);
  683. tt_int_op(current_srv->num_reveals, ==, 3);
  684. tt_str_op(hex_str((char*)current_srv->value, 32),
  685. ==,
  686. SRV_TEST_VECTOR);
  687. done:
  688. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  689. }
  690. /** Return a minimal vote document with a current SRV value set to
  691. * <b>srv</b>. */
  692. static networkstatus_t *
  693. get_test_vote_with_curr_srv(const char *srv)
  694. {
  695. networkstatus_t *vote = tor_malloc_zero(sizeof(networkstatus_t));
  696. vote->type = NS_TYPE_VOTE;
  697. vote->sr_info.participate = 1;
  698. vote->sr_info.current_srv = tor_malloc_zero(sizeof(sr_srv_t));
  699. vote->sr_info.current_srv->num_reveals = 42;
  700. memcpy(vote->sr_info.current_srv->value,
  701. srv,
  702. sizeof(vote->sr_info.current_srv->value));
  703. return vote;
  704. }
  705. /* Mock function to return the value located in the options instead of the
  706. * consensus so we can modify it at will. */
  707. static networkstatus_t *
  708. mock_networkstatus_get_latest_consensus(void)
  709. {
  710. return mock_consensus;
  711. }
  712. /* Test the function that picks the right SRV given a bunch of votes. Make sure
  713. * that the function returns an SRV iff the majority/agreement requirements are
  714. * met. */
  715. static void
  716. test_sr_get_majority_srv_from_votes(void *arg)
  717. {
  718. sr_srv_t *chosen_srv;
  719. smartlist_t *votes = smartlist_new();
  720. #define SRV_1 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
  721. #define SRV_2 "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
  722. (void) arg;
  723. init_authority_state();
  724. /* Make sure our SRV is fresh so we can consider the super majority with
  725. * the consensus params of number of agreements needed. */
  726. sr_state_set_fresh_srv();
  727. /* The test relies on the dirauth list being initialized. */
  728. clear_dir_servers();
  729. add_default_trusted_dir_authorities(V3_DIRINFO);
  730. tt_int_op(get_n_authorities(V3_DIRINFO), ==, 9);
  731. { /* Prepare voting environment with just a single vote. */
  732. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  733. smartlist_add(votes, vote);
  734. }
  735. /* Since it's only one vote with an SRV, it should not achieve majority and
  736. hence no SRV will be returned. */
  737. chosen_srv = get_majority_srv_from_votes(votes, 1);
  738. tt_assert(!chosen_srv);
  739. { /* Now put in 8 more votes. Let SRV_1 have majority. */
  740. int i;
  741. /* Now 7 votes believe in SRV_1 */
  742. for (i = 0; i < 3; i++) {
  743. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  744. smartlist_add(votes, vote);
  745. }
  746. /* and 2 votes believe in SRV_2 */
  747. for (i = 0; i < 2; i++) {
  748. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_2);
  749. smartlist_add(votes, vote);
  750. }
  751. for (i = 0; i < 3; i++) {
  752. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  753. smartlist_add(votes, vote);
  754. }
  755. tt_int_op(smartlist_len(votes), ==, 9);
  756. }
  757. /* Now we achieve majority for SRV_1, but not the AuthDirNumSRVAgreements
  758. requirement. So still not picking an SRV. */
  759. chosen_srv = get_majority_srv_from_votes(votes, 1);
  760. tt_assert(!chosen_srv);
  761. /* We will now lower the AuthDirNumSRVAgreements requirement by tweaking the
  762. * consensus parameter and we will try again. This time it should work. */
  763. {
  764. char *my_net_params;
  765. /* Set a dummy consensus parameter in every vote */
  766. SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, vote) {
  767. vote->net_params = smartlist_new();
  768. smartlist_split_string(vote->net_params,
  769. "AuthDirNumSRVAgreements=7", NULL, 0, 0);
  770. } SMARTLIST_FOREACH_END(vote);
  771. /* Pretend you are making a consensus out of the votes */
  772. mock_consensus = tor_malloc_zero(sizeof(networkstatus_t));
  773. mock_consensus->net_params = smartlist_new();
  774. my_net_params = dirvote_compute_params(votes, 66, smartlist_len(votes));
  775. smartlist_split_string(mock_consensus->net_params, my_net_params, " ",
  776. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
  777. }
  778. /* Use our fake consensus for finding consensus parameters. */
  779. MOCK(networkstatus_get_latest_consensus,
  780. mock_networkstatus_get_latest_consensus);
  781. chosen_srv = get_majority_srv_from_votes(votes, 1);
  782. tt_assert(chosen_srv);
  783. tt_int_op(chosen_srv->num_reveals, ==, 42);
  784. tt_mem_op(chosen_srv->value, OP_EQ, SRV_1, sizeof(chosen_srv->value));
  785. done:
  786. SMARTLIST_FOREACH(votes, networkstatus_t *, vote,
  787. networkstatus_vote_free(vote));
  788. smartlist_free(votes);
  789. networkstatus_vote_free(mock_consensus);
  790. UNMOCK(networkstatus_get_latest_consensus);
  791. }
  792. static void
  793. test_utils(void *arg)
  794. {
  795. (void) arg;
  796. /* Testing srv_dup(). */
  797. {
  798. sr_srv_t *srv = NULL, *dup_srv = NULL;
  799. const char *srv_value =
  800. "1BDB7C3E973936E4D13A49F37C859B3DC69C429334CF9412E3FEF6399C52D47A";
  801. srv = tor_malloc_zero(sizeof(*srv));
  802. srv->num_reveals = 42;
  803. memcpy(srv->value, srv_value, sizeof(srv->value));
  804. dup_srv = srv_dup(srv);
  805. tt_assert(dup_srv);
  806. tt_int_op(dup_srv->num_reveals, ==, srv->num_reveals);
  807. tt_mem_op(dup_srv->value, OP_EQ, srv->value, sizeof(srv->value));
  808. tor_free(srv);
  809. tor_free(dup_srv);
  810. }
  811. /* Testing commitments_are_the_same(). Currently, the check is to test the
  812. * value of the encoded commit so let's make sure that actually works. */
  813. {
  814. /* Payload of 55 bytes that is the length of
  815. * sr_commit_t->encoded_commit. */
  816. const char *payload =
  817. "\x5d\xb9\x60\xb6\xcc\x51\x68\x52\x31\xd9\x88\x88\x71\x71\xe0\x30"
  818. "\x59\x55\x7f\xcd\x61\xc0\x4b\x05\xb8\xcd\xc1\x48\xe9\xcd\x16\x1f"
  819. "\x70\x15\x0c\xfc\xd3\x1a\x75\xd0\x93\x6c\xc4\xe0\x5c\xbe\xe2\x18"
  820. "\xc7\xaf\x72\xb6\x7c\x9b\x52";
  821. sr_commit_t commit1, commit2;
  822. memcpy(commit1.encoded_commit, payload, sizeof(commit1.encoded_commit));
  823. memcpy(commit2.encoded_commit, payload, sizeof(commit2.encoded_commit));
  824. tt_int_op(commitments_are_the_same(&commit1, &commit2), ==, 1);
  825. /* Let's corrupt one of them. */
  826. memset(commit1.encoded_commit, 'A', sizeof(commit1.encoded_commit));
  827. tt_int_op(commitments_are_the_same(&commit1, &commit2), ==, 0);
  828. }
  829. /* Testing commit_is_authoritative(). */
  830. {
  831. crypto_pk_t *k = crypto_pk_new();
  832. char digest[DIGEST_LEN];
  833. sr_commit_t commit;
  834. tt_assert(!crypto_pk_generate_key(k));
  835. tt_int_op(0, ==, crypto_pk_get_digest(k, digest));
  836. memcpy(commit.rsa_identity, digest, sizeof(commit.rsa_identity));
  837. tt_int_op(commit_is_authoritative(&commit, digest), ==, 1);
  838. /* Change the pubkey. */
  839. memset(commit.rsa_identity, 0, sizeof(commit.rsa_identity));
  840. tt_int_op(commit_is_authoritative(&commit, digest), ==, 0);
  841. }
  842. /* Testing get_phase_str(). */
  843. {
  844. tt_str_op(get_phase_str(SR_PHASE_REVEAL), ==, "reveal");
  845. tt_str_op(get_phase_str(SR_PHASE_COMMIT), ==, "commit");
  846. }
  847. /* Testing phase transition */
  848. {
  849. init_authority_state();
  850. set_sr_phase(SR_PHASE_COMMIT);
  851. tt_int_op(is_phase_transition(SR_PHASE_REVEAL), ==, 1);
  852. tt_int_op(is_phase_transition(SR_PHASE_COMMIT), ==, 0);
  853. set_sr_phase(SR_PHASE_REVEAL);
  854. tt_int_op(is_phase_transition(SR_PHASE_REVEAL), ==, 0);
  855. tt_int_op(is_phase_transition(SR_PHASE_COMMIT), ==, 1);
  856. /* Junk. */
  857. tt_int_op(is_phase_transition(42), ==, 1);
  858. }
  859. done:
  860. return;
  861. }
  862. static void
  863. test_state_transition(void *arg)
  864. {
  865. sr_state_t *state = NULL;
  866. time_t now = time(NULL);
  867. (void) arg;
  868. { /* Setup a minimal dirauth environment for this test */
  869. init_authority_state();
  870. state = get_sr_state();
  871. tt_assert(state);
  872. }
  873. /* Test our state reset for a new protocol run. */
  874. {
  875. /* Add a commit to the state so we can test if the reset cleans the
  876. * commits. Also, change all params that we expect to be updated. */
  877. sr_commit_t *commit = sr_generate_our_commit(now, mock_cert);
  878. tt_assert(commit);
  879. sr_state_add_commit(commit);
  880. tt_int_op(digestmap_size(state->commits), ==, 1);
  881. /* Let's test our delete feature. */
  882. sr_state_delete_commits();
  883. tt_int_op(digestmap_size(state->commits), ==, 0);
  884. /* Add it back so we can continue the rest of the test because after
  885. * deletiong our commit will be freed so generate a new one. */
  886. commit = sr_generate_our_commit(now, mock_cert);
  887. tt_assert(commit);
  888. sr_state_add_commit(commit);
  889. tt_int_op(digestmap_size(state->commits), ==, 1);
  890. state->n_reveal_rounds = 42;
  891. state->n_commit_rounds = 43;
  892. state->n_protocol_runs = 44;
  893. reset_state_for_new_protocol_run(now);
  894. tt_int_op(state->n_reveal_rounds, ==, 0);
  895. tt_int_op(state->n_commit_rounds, ==, 0);
  896. tt_u64_op(state->n_protocol_runs, ==, 45);
  897. tt_int_op(digestmap_size(state->commits), ==, 0);
  898. }
  899. /* Test SRV rotation in our state. */
  900. {
  901. sr_srv_t *cur, *prev;
  902. test_sr_setup_srv(1);
  903. cur = sr_state_get_current_srv();
  904. tt_assert(cur);
  905. /* After, current srv should be the previous and then set to NULL. */
  906. state_rotate_srv();
  907. prev = sr_state_get_previous_srv();
  908. tt_assert(prev == cur);
  909. tt_assert(!sr_state_get_current_srv());
  910. }
  911. /* New protocol run. */
  912. {
  913. sr_srv_t *cur;
  914. /* Setup some new SRVs so we can confirm that a new protocol run
  915. * actually makes them rotate and compute new ones. */
  916. test_sr_setup_srv(1);
  917. cur = sr_state_get_current_srv();
  918. tt_assert(cur);
  919. set_sr_phase(SR_PHASE_REVEAL);
  920. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  921. new_protocol_run(now);
  922. UNMOCK(get_my_v3_authority_cert);
  923. /* Rotation happened. */
  924. tt_assert(sr_state_get_previous_srv() == cur);
  925. /* We are going into COMMIT phase so we had to rotate our SRVs. Usually
  926. * our current SRV would be NULL but a new protocol run should make us
  927. * compute a new SRV. */
  928. tt_assert(sr_state_get_current_srv());
  929. /* Also, make sure we did change the current. */
  930. tt_assert(sr_state_get_current_srv() != cur);
  931. /* We should have our commitment alone. */
  932. tt_int_op(digestmap_size(state->commits), ==, 1);
  933. tt_int_op(state->n_reveal_rounds, ==, 0);
  934. tt_int_op(state->n_commit_rounds, ==, 0);
  935. /* 46 here since we were at 45 just before. */
  936. tt_u64_op(state->n_protocol_runs, ==, 46);
  937. }
  938. /* Cleanup of SRVs. */
  939. {
  940. sr_state_clean_srvs();
  941. tt_assert(!sr_state_get_current_srv());
  942. tt_assert(!sr_state_get_previous_srv());
  943. }
  944. done:
  945. return;
  946. }
  947. static void
  948. test_keep_commit(void *arg)
  949. {
  950. char fp[FINGERPRINT_LEN + 1];
  951. sr_commit_t *commit = NULL, *dup_commit = NULL;
  952. sr_state_t *state;
  953. time_t now = time(NULL);
  954. (void) arg;
  955. MOCK(trusteddirserver_get_by_v3_auth_digest,
  956. trusteddirserver_get_by_v3_auth_digest_m);
  957. { /* Setup a minimal dirauth environment for this test */
  958. crypto_pk_t *k = crypto_pk_new();
  959. /* Have a key that is not the one from our commit. */
  960. tt_int_op(0, ==, crypto_pk_generate_key(k));
  961. tt_int_op(0, ==, crypto_pk_get_fingerprint(k, fp, 0));
  962. init_authority_state();
  963. state = get_sr_state();
  964. }
  965. /* Test this very important function that tells us if we should keep a
  966. * commit or not in our state. Most of it depends on the phase and what's
  967. * in the commit so we'll change the commit as we go. */
  968. commit = sr_generate_our_commit(now, mock_cert);
  969. tt_assert(commit);
  970. /* Set us in COMMIT phase for starter. */
  971. set_sr_phase(SR_PHASE_COMMIT);
  972. /* We should never keep a commit from a non authoritative authority. */
  973. tt_int_op(should_keep_commit(commit, fp, SR_PHASE_COMMIT), ==, 0);
  974. /* This should NOT be kept because it has a reveal value in it. */
  975. tt_assert(commit_has_reveal_value(commit));
  976. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  977. SR_PHASE_COMMIT), ==, 0);
  978. /* Add it to the state which should return to not keep it. */
  979. sr_state_add_commit(commit);
  980. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  981. SR_PHASE_COMMIT), ==, 0);
  982. /* Remove it from state so we can continue our testing. */
  983. digestmap_remove(state->commits, commit->rsa_identity);
  984. /* Let's remove our reveal value which should make it OK to keep it. */
  985. memset(commit->encoded_reveal, 0, sizeof(commit->encoded_reveal));
  986. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  987. SR_PHASE_COMMIT), ==, 1);
  988. /* Let's reset our commit and go into REVEAL phase. */
  989. sr_commit_free(commit);
  990. commit = sr_generate_our_commit(now, mock_cert);
  991. tt_assert(commit);
  992. /* Dup the commit so we have one with and one without a reveal value. */
  993. dup_commit = tor_malloc_zero(sizeof(*dup_commit));
  994. memcpy(dup_commit, commit, sizeof(*dup_commit));
  995. memset(dup_commit->encoded_reveal, 0, sizeof(dup_commit->encoded_reveal));
  996. set_sr_phase(SR_PHASE_REVEAL);
  997. /* We should never keep a commit from a non authoritative authority. */
  998. tt_int_op(should_keep_commit(commit, fp, SR_PHASE_REVEAL), ==, 0);
  999. /* We shouldn't accept a commit that is not in our state. */
  1000. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1001. SR_PHASE_REVEAL), ==, 0);
  1002. /* Important to add the commit _without_ the reveal here. */
  1003. sr_state_add_commit(dup_commit);
  1004. tt_int_op(digestmap_size(state->commits), ==, 1);
  1005. /* Our commit should be valid that is authoritative, contains a reveal, be
  1006. * in the state and commitment and reveal values match. */
  1007. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1008. SR_PHASE_REVEAL), ==, 1);
  1009. /* The commit shouldn't be kept if it's not verified that is no matchin
  1010. * hashed reveal. */
  1011. {
  1012. /* Let's save the hash reveal so we can restore it. */
  1013. sr_commit_t place_holder;
  1014. memcpy(place_holder.hashed_reveal, commit->hashed_reveal,
  1015. sizeof(place_holder.hashed_reveal));
  1016. memset(commit->hashed_reveal, 0, sizeof(commit->hashed_reveal));
  1017. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1018. SR_PHASE_REVEAL), ==, 0);
  1019. memcpy(commit->hashed_reveal, place_holder.hashed_reveal,
  1020. sizeof(commit->hashed_reveal));
  1021. }
  1022. /* We shouldn't keep a commit that has no reveal. */
  1023. tt_int_op(should_keep_commit(dup_commit, dup_commit->rsa_identity,
  1024. SR_PHASE_REVEAL), ==, 0);
  1025. /* We must not keep a commit that is not the same from the commit phase. */
  1026. memset(commit->encoded_commit, 0, sizeof(commit->encoded_commit));
  1027. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1028. SR_PHASE_REVEAL), ==, 0);
  1029. done:
  1030. sr_commit_free(commit);
  1031. sr_commit_free(dup_commit);
  1032. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  1033. }
  1034. static void
  1035. test_state_update(void *arg)
  1036. {
  1037. time_t commit_phase_time = 1452076000;
  1038. time_t reveal_phase_time = 1452086800;
  1039. sr_state_t *state;
  1040. (void) arg;
  1041. {
  1042. init_authority_state();
  1043. state = get_sr_state();
  1044. set_sr_phase(SR_PHASE_COMMIT);
  1045. /* We'll cheat a bit here and reset the creation time of the state which
  1046. * will avoid us to compute a valid_after time that fits the commit
  1047. * phase. */
  1048. state->valid_after = 0;
  1049. state->n_reveal_rounds = 0;
  1050. state->n_commit_rounds = 0;
  1051. }
  1052. /* We need to mock for the state update function call. */
  1053. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  1054. /* We are in COMMIT phase here and we'll trigger a state update but no
  1055. * transition. */
  1056. sr_state_update(commit_phase_time);
  1057. tt_int_op(state->valid_after, ==, commit_phase_time);
  1058. tt_int_op(state->n_commit_rounds, ==, 1);
  1059. tt_int_op(state->phase, ==, SR_PHASE_COMMIT);
  1060. tt_int_op(digestmap_size(state->commits), ==, 1);
  1061. /* We are still in the COMMIT phase here but we'll trigger a state
  1062. * transition to the REVEAL phase. */
  1063. sr_state_update(reveal_phase_time);
  1064. tt_int_op(state->phase, ==, SR_PHASE_REVEAL);
  1065. tt_int_op(state->valid_after, ==, reveal_phase_time);
  1066. /* Only our commit should be in there. */
  1067. tt_int_op(digestmap_size(state->commits), ==, 1);
  1068. tt_int_op(state->n_reveal_rounds, ==, 1);
  1069. /* We can't update a state with a valid after _lower_ than the creation
  1070. * time so here it is. */
  1071. sr_state_update(commit_phase_time);
  1072. tt_int_op(state->valid_after, ==, reveal_phase_time);
  1073. /* Finally, let's go back in COMMIT phase so we can test the state update
  1074. * of a new protocol run. */
  1075. state->valid_after = 0;
  1076. sr_state_update(commit_phase_time);
  1077. tt_int_op(state->valid_after, ==, commit_phase_time);
  1078. tt_int_op(state->n_commit_rounds, ==, 1);
  1079. tt_int_op(state->n_reveal_rounds, ==, 0);
  1080. tt_u64_op(state->n_protocol_runs, ==, 1);
  1081. tt_int_op(state->phase, ==, SR_PHASE_COMMIT);
  1082. tt_int_op(digestmap_size(state->commits), ==, 1);
  1083. tt_assert(state->current_srv);
  1084. done:
  1085. sr_state_free();
  1086. UNMOCK(get_my_v3_authority_cert);
  1087. }
  1088. struct testcase_t sr_tests[] = {
  1089. { "get_sr_protocol_phase", test_get_sr_protocol_phase, TT_FORK,
  1090. NULL, NULL },
  1091. { "sr_commit", test_sr_commit, TT_FORK,
  1092. NULL, NULL },
  1093. { "keep_commit", test_keep_commit, TT_FORK,
  1094. NULL, NULL },
  1095. { "encoding", test_encoding, TT_FORK,
  1096. NULL, NULL },
  1097. { "get_next_valid_after_time", test_get_next_valid_after_time, TT_FORK,
  1098. NULL, NULL },
  1099. { "get_state_valid_until_time", test_get_state_valid_until_time, TT_FORK,
  1100. NULL, NULL },
  1101. { "vote", test_vote, TT_FORK,
  1102. NULL, NULL },
  1103. { "state_load_from_disk", test_state_load_from_disk, TT_FORK,
  1104. NULL, NULL },
  1105. { "sr_compute_srv", test_sr_compute_srv, TT_FORK, NULL, NULL },
  1106. { "sr_get_majority_srv_from_votes", test_sr_get_majority_srv_from_votes,
  1107. TT_FORK, NULL, NULL },
  1108. { "utils", test_utils, TT_FORK, NULL, NULL },
  1109. { "state_transition", test_state_transition, TT_FORK, NULL, NULL },
  1110. { "state_update", test_state_update, TT_FORK,
  1111. NULL, NULL },
  1112. END_OF_TESTCASES
  1113. };