test_shared_random.c 47 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384
  1. #define SHARED_RANDOM_PRIVATE
  2. #define SHARED_RANDOM_STATE_PRIVATE
  3. #define CONFIG_PRIVATE
  4. #define DIRVOTE_PRIVATE
  5. #include "or.h"
  6. #include "test.h"
  7. #include "config.h"
  8. #include "dirvote.h"
  9. #include "shared_random.h"
  10. #include "shared_random_state.h"
  11. #include "routerkeys.h"
  12. #include "routerlist.h"
  13. #include "router.h"
  14. #include "routerparse.h"
  15. #include "networkstatus.h"
  16. #include "log_test_helpers.h"
  17. static authority_cert_t *mock_cert;
  18. static authority_cert_t *
  19. get_my_v3_authority_cert_m(void)
  20. {
  21. tor_assert(mock_cert);
  22. return mock_cert;
  23. }
  24. static dir_server_t ds;
  25. static dir_server_t *
  26. trusteddirserver_get_by_v3_auth_digest_m(const char *digest)
  27. {
  28. (void) digest;
  29. /* The shared random code only need to know if a valid pointer to a dir
  30. * server object has been found so this is safe because it won't use the
  31. * pointer at all never. */
  32. return &ds;
  33. }
  34. /* Setup a minimal dirauth environment by initializing the SR state and
  35. * making sure the options are set to be an authority directory. */
  36. static void
  37. init_authority_state(void)
  38. {
  39. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  40. or_options_t *options = get_options_mutable();
  41. mock_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  42. tt_assert(mock_cert);
  43. options->AuthoritativeDir = 1;
  44. tt_int_op(load_ed_keys(options, time(NULL)), OP_GE, 0);
  45. sr_state_init(0, 0);
  46. /* It's possible a commit has been generated in our state depending on
  47. * the phase we are currently in which uses "now" as the starting
  48. * timestamp. Delete it before we do any testing below. */
  49. sr_state_delete_commits();
  50. done:
  51. UNMOCK(get_my_v3_authority_cert);
  52. }
  53. static void
  54. test_get_sr_protocol_phase(void *arg)
  55. {
  56. time_t the_time;
  57. sr_phase_t phase;
  58. int retval;
  59. (void) arg;
  60. /* Initialize SR state */
  61. init_authority_state();
  62. {
  63. retval = parse_rfc1123_time("Wed, 20 Apr 2015 23:59:00 UTC", &the_time);
  64. tt_int_op(retval, ==, 0);
  65. phase = get_sr_protocol_phase(the_time);
  66. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  67. }
  68. {
  69. retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:00 UTC", &the_time);
  70. tt_int_op(retval, ==, 0);
  71. phase = get_sr_protocol_phase(the_time);
  72. tt_int_op(phase, ==, SR_PHASE_COMMIT);
  73. }
  74. {
  75. retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:01 UTC", &the_time);
  76. tt_int_op(retval, ==, 0);
  77. phase = get_sr_protocol_phase(the_time);
  78. tt_int_op(phase, ==, SR_PHASE_COMMIT);
  79. }
  80. {
  81. retval = parse_rfc1123_time("Wed, 20 Apr 2015 11:59:00 UTC", &the_time);
  82. tt_int_op(retval, ==, 0);
  83. phase = get_sr_protocol_phase(the_time);
  84. tt_int_op(phase, ==, SR_PHASE_COMMIT);
  85. }
  86. {
  87. retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:00 UTC", &the_time);
  88. tt_int_op(retval, ==, 0);
  89. phase = get_sr_protocol_phase(the_time);
  90. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  91. }
  92. {
  93. retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:01 UTC", &the_time);
  94. tt_int_op(retval, ==, 0);
  95. phase = get_sr_protocol_phase(the_time);
  96. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  97. }
  98. {
  99. retval = parse_rfc1123_time("Wed, 20 Apr 2015 13:00:00 UTC", &the_time);
  100. tt_int_op(retval, ==, 0);
  101. phase = get_sr_protocol_phase(the_time);
  102. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  103. }
  104. done:
  105. ;
  106. }
  107. static networkstatus_t *mock_consensus = NULL;
  108. static void
  109. test_get_state_valid_until_time(void *arg)
  110. {
  111. time_t current_time;
  112. time_t valid_until_time;
  113. char tbuf[ISO_TIME_LEN + 1];
  114. int retval;
  115. (void) arg;
  116. {
  117. /* Get the valid until time if called at 00:00:01 */
  118. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
  119. &current_time);
  120. tt_int_op(retval, ==, 0);
  121. valid_until_time = get_state_valid_until_time(current_time);
  122. /* Compare it with the correct result */
  123. format_iso_time(tbuf, valid_until_time);
  124. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  125. }
  126. {
  127. retval = parse_rfc1123_time("Mon, 20 Apr 2015 19:22:00 UTC",
  128. &current_time);
  129. tt_int_op(retval, ==, 0);
  130. valid_until_time = get_state_valid_until_time(current_time);
  131. format_iso_time(tbuf, valid_until_time);
  132. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  133. }
  134. {
  135. retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:59:00 UTC",
  136. &current_time);
  137. tt_int_op(retval, ==, 0);
  138. valid_until_time = get_state_valid_until_time(current_time);
  139. format_iso_time(tbuf, valid_until_time);
  140. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  141. }
  142. {
  143. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  144. &current_time);
  145. tt_int_op(retval, ==, 0);
  146. valid_until_time = get_state_valid_until_time(current_time);
  147. format_iso_time(tbuf, valid_until_time);
  148. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  149. }
  150. done:
  151. ;
  152. }
  153. /** Test the function that calculates the start time of the current SRV
  154. * protocol run. */
  155. static void
  156. test_get_start_time_of_current_run(void *arg)
  157. {
  158. int retval;
  159. char tbuf[ISO_TIME_LEN + 1];
  160. time_t current_time, run_start_time;
  161. (void) arg;
  162. {
  163. /* Get start time if called at 00:00:01 */
  164. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
  165. &current_time);
  166. tt_int_op(retval, ==, 0);
  167. run_start_time =
  168. sr_state_get_start_time_of_current_protocol_run(current_time);
  169. /* Compare it with the correct result */
  170. format_iso_time(tbuf, run_start_time);
  171. tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf);
  172. }
  173. {
  174. retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:59:59 UTC",
  175. &current_time);
  176. tt_int_op(retval, ==, 0);
  177. run_start_time =
  178. sr_state_get_start_time_of_current_protocol_run(current_time);
  179. /* Compare it with the correct result */
  180. format_iso_time(tbuf, run_start_time);
  181. tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf);
  182. }
  183. {
  184. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  185. &current_time);
  186. tt_int_op(retval, ==, 0);
  187. run_start_time =
  188. sr_state_get_start_time_of_current_protocol_run(current_time);
  189. /* Compare it with the correct result */
  190. format_iso_time(tbuf, run_start_time);
  191. tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf);
  192. }
  193. /* Now let's alter the voting schedule and check the correctness of the
  194. * function. Voting interval of 10 seconds, means that an SRV protocol run
  195. * takes 10 seconds * 24 rounds = 4 mins */
  196. {
  197. or_options_t *options = get_options_mutable();
  198. options->V3AuthVotingInterval = 10;
  199. options->TestingV3AuthInitialVotingInterval = 10;
  200. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:15:32 UTC",
  201. &current_time);
  202. tt_int_op(retval, ==, 0);
  203. run_start_time =
  204. sr_state_get_start_time_of_current_protocol_run(current_time);
  205. /* Compare it with the correct result */
  206. format_iso_time(tbuf, run_start_time);
  207. tt_str_op("2015-04-20 00:12:00", OP_EQ, tbuf);
  208. }
  209. done:
  210. ;
  211. }
  212. static void
  213. test_get_sr_protocol_duration(void *arg)
  214. {
  215. (void) arg;
  216. /* Check that by default an SR phase is 12 hours */
  217. tt_int_op(sr_state_get_phase_duration(), ==, 12*60*60);
  218. tt_int_op(sr_state_get_protocol_run_duration(), ==, 24*60*60);
  219. /* Now alter the voting interval and check that the SR phase is 2 mins long
  220. * if voting happens every 10 seconds (10*12 seconds = 2 mins) */
  221. or_options_t *options = get_options_mutable();
  222. options->V3AuthVotingInterval = 10;
  223. tt_int_op(sr_state_get_phase_duration(), ==, 2*60);
  224. tt_int_op(sr_state_get_protocol_run_duration(), ==, 4*60);
  225. done: ;
  226. }
  227. /* Mock function to immediately return our local 'mock_consensus'. */
  228. static networkstatus_t *
  229. mock_networkstatus_get_live_consensus(time_t now)
  230. {
  231. (void) now;
  232. return mock_consensus;
  233. }
  234. /** Test the get_next_valid_after_time() function. */
  235. static void
  236. test_get_next_valid_after_time(void *arg)
  237. {
  238. time_t current_time;
  239. time_t valid_after_time;
  240. char tbuf[ISO_TIME_LEN + 1];
  241. int retval;
  242. (void) arg;
  243. {
  244. /* Setup a fake consensus just to get the times out of it, since
  245. get_next_valid_after_time() needs them. */
  246. mock_consensus = tor_malloc_zero(sizeof(networkstatus_t));
  247. retval = parse_rfc1123_time("Mon, 13 Jan 2016 16:00:00 UTC",
  248. &mock_consensus->fresh_until);
  249. tt_int_op(retval, ==, 0);
  250. retval = parse_rfc1123_time("Mon, 13 Jan 2016 15:00:00 UTC",
  251. &mock_consensus->valid_after);
  252. tt_int_op(retval, ==, 0);
  253. MOCK(networkstatus_get_live_consensus,
  254. mock_networkstatus_get_live_consensus);
  255. }
  256. {
  257. /* Get the valid after time if called at 00:00:00 */
  258. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  259. &current_time);
  260. tt_int_op(retval, ==, 0);
  261. valid_after_time = get_next_valid_after_time(current_time);
  262. /* Compare it with the correct result */
  263. format_iso_time(tbuf, valid_after_time);
  264. tt_str_op("2015-04-20 01:00:00", OP_EQ, tbuf);
  265. }
  266. {
  267. /* Get the valid until time if called at 00:00:01 */
  268. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
  269. &current_time);
  270. tt_int_op(retval, ==, 0);
  271. valid_after_time = get_next_valid_after_time(current_time);
  272. /* Compare it with the correct result */
  273. format_iso_time(tbuf, valid_after_time);
  274. tt_str_op("2015-04-20 01:00:00", OP_EQ, tbuf);
  275. }
  276. {
  277. retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:30:01 UTC",
  278. &current_time);
  279. tt_int_op(retval, ==, 0);
  280. valid_after_time = get_next_valid_after_time(current_time);
  281. /* Compare it with the correct result */
  282. format_iso_time(tbuf, valid_after_time);
  283. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  284. }
  285. done:
  286. networkstatus_vote_free(mock_consensus);
  287. }
  288. /* In this test we are going to generate a sr_commit_t object and validate
  289. * it. We first generate our values, and then we parse them as if they were
  290. * received from the network. After we parse both the commit and the reveal,
  291. * we verify that they indeed match. */
  292. static void
  293. test_sr_commit(void *arg)
  294. {
  295. authority_cert_t *auth_cert = NULL;
  296. time_t now = time(NULL);
  297. sr_commit_t *our_commit = NULL;
  298. smartlist_t *args = smartlist_new();
  299. sr_commit_t *parsed_commit = NULL;
  300. (void) arg;
  301. { /* Setup a minimal dirauth environment for this test */
  302. or_options_t *options = get_options_mutable();
  303. auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  304. tt_assert(auth_cert);
  305. options->AuthoritativeDir = 1;
  306. tt_int_op(load_ed_keys(options, time(NULL)), OP_GE, 0);
  307. }
  308. /* Generate our commit object and validate it has the appropriate field
  309. * that we can then use to build a representation that we'll find in a
  310. * vote coming from the network. */
  311. {
  312. sr_commit_t test_commit;
  313. our_commit = sr_generate_our_commit(now, auth_cert);
  314. tt_assert(our_commit);
  315. /* Default and only supported algorithm for now. */
  316. tt_assert(our_commit->alg == DIGEST_SHA3_256);
  317. /* We should have a reveal value. */
  318. tt_assert(commit_has_reveal_value(our_commit));
  319. /* We should have a random value. */
  320. tt_assert(!tor_mem_is_zero((char *) our_commit->random_number,
  321. sizeof(our_commit->random_number)));
  322. /* Commit and reveal timestamp should be the same. */
  323. tt_u64_op(our_commit->commit_ts, ==, our_commit->reveal_ts);
  324. /* We should have a hashed reveal. */
  325. tt_assert(!tor_mem_is_zero(our_commit->hashed_reveal,
  326. sizeof(our_commit->hashed_reveal)));
  327. /* Do we have a valid encoded commit and reveal. Note the following only
  328. * tests if the generated values are correct. Their could be a bug in
  329. * the decode function but we test them seperately. */
  330. tt_int_op(0, ==, reveal_decode(our_commit->encoded_reveal,
  331. &test_commit));
  332. tt_int_op(0, ==, commit_decode(our_commit->encoded_commit,
  333. &test_commit));
  334. tt_int_op(0, ==, verify_commit_and_reveal(our_commit));
  335. }
  336. /* Let's make sure our verify commit and reveal function works. We'll
  337. * make it fail a bit with known failure case. */
  338. {
  339. /* Copy our commit so we don't alter it for the rest of testing. */
  340. sr_commit_t test_commit;
  341. memcpy(&test_commit, our_commit, sizeof(test_commit));
  342. /* Timestamp MUST match. */
  343. test_commit.commit_ts = test_commit.reveal_ts - 42;
  344. setup_full_capture_of_logs(LOG_WARN);
  345. tt_int_op(-1, ==, verify_commit_and_reveal(&test_commit));
  346. expect_log_msg_containing("doesn't match reveal timestamp");
  347. teardown_capture_of_logs();
  348. memcpy(&test_commit, our_commit, sizeof(test_commit));
  349. tt_int_op(0, ==, verify_commit_and_reveal(&test_commit));
  350. /* Hashed reveal must match the H(encoded_reveal). */
  351. memset(test_commit.hashed_reveal, 'X',
  352. sizeof(test_commit.hashed_reveal));
  353. setup_full_capture_of_logs(LOG_WARN);
  354. tt_int_op(-1, ==, verify_commit_and_reveal(&test_commit));
  355. expect_single_log_msg_containing("doesn't match the commit value");
  356. teardown_capture_of_logs();
  357. memcpy(&test_commit, our_commit, sizeof(test_commit));
  358. tt_int_op(0, ==, verify_commit_and_reveal(&test_commit));
  359. }
  360. /* We'll build a list of values from our commit that our parsing function
  361. * takes from a vote line and see if we can parse it correctly. */
  362. {
  363. smartlist_add_strdup(args, "1");
  364. smartlist_add_strdup(args,
  365. crypto_digest_algorithm_get_name(our_commit->alg));
  366. smartlist_add_strdup(args, sr_commit_get_rsa_fpr(our_commit));
  367. smartlist_add_strdup(args, our_commit->encoded_commit);
  368. smartlist_add_strdup(args, our_commit->encoded_reveal);
  369. parsed_commit = sr_parse_commit(args);
  370. tt_assert(parsed_commit);
  371. /* That parsed commit should be _EXACTLY_ like our original commit (we
  372. * have to explicitly set the valid flag though). */
  373. parsed_commit->valid = 1;
  374. tt_mem_op(parsed_commit, OP_EQ, our_commit, sizeof(*parsed_commit));
  375. /* Cleanup */
  376. }
  377. done:
  378. teardown_capture_of_logs();
  379. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  380. smartlist_free(args);
  381. sr_commit_free(our_commit);
  382. sr_commit_free(parsed_commit);
  383. authority_cert_free(auth_cert);
  384. }
  385. /* Test the encoding and decoding function for commit and reveal values. */
  386. static void
  387. test_encoding(void *arg)
  388. {
  389. (void) arg;
  390. int ret;
  391. /* Random number is 32 bytes. */
  392. char raw_rand[32];
  393. time_t ts = 1454333590;
  394. char hashed_rand[DIGEST256_LEN], hashed_reveal[DIGEST256_LEN];
  395. sr_commit_t parsed_commit;
  396. /* Those values were generated by sr_commit_calc_ref.py where the random
  397. * value is 32 'A' and timestamp is the one in ts. */
  398. static const char *encoded_reveal =
  399. "AAAAAFavXpZJxbwTupvaJCTeIUCQmOPxAMblc7ChL5H2nZKuGchdaA==";
  400. static const char *encoded_commit =
  401. "AAAAAFavXpbkBMzMQG7aNoaGLFNpm2Wkk1ozXhuWWqL//GynltxVAg==";
  402. /* Set up our raw random bytes array. */
  403. memset(raw_rand, 'A', sizeof(raw_rand));
  404. /* Hash random number because we don't expose bytes of the RNG. */
  405. ret = crypto_digest256(hashed_rand, raw_rand,
  406. sizeof(raw_rand), SR_DIGEST_ALG);
  407. tt_int_op(0, ==, ret);
  408. /* Hash reveal value. */
  409. tt_int_op(SR_REVEAL_BASE64_LEN, ==, strlen(encoded_reveal));
  410. ret = crypto_digest256(hashed_reveal, encoded_reveal,
  411. strlen(encoded_reveal), SR_DIGEST_ALG);
  412. tt_int_op(0, ==, ret);
  413. tt_int_op(SR_COMMIT_BASE64_LEN, ==, strlen(encoded_commit));
  414. /* Test our commit/reveal decode functions. */
  415. {
  416. /* Test the reveal encoded value. */
  417. tt_int_op(0, ==, reveal_decode(encoded_reveal, &parsed_commit));
  418. tt_u64_op(ts, ==, parsed_commit.reveal_ts);
  419. tt_mem_op(hashed_rand, OP_EQ, parsed_commit.random_number,
  420. sizeof(hashed_rand));
  421. /* Test the commit encoded value. */
  422. memset(&parsed_commit, 0, sizeof(parsed_commit));
  423. tt_int_op(0, ==, commit_decode(encoded_commit, &parsed_commit));
  424. tt_u64_op(ts, ==, parsed_commit.commit_ts);
  425. tt_mem_op(encoded_commit, OP_EQ, parsed_commit.encoded_commit,
  426. sizeof(parsed_commit.encoded_commit));
  427. tt_mem_op(hashed_reveal, OP_EQ, parsed_commit.hashed_reveal,
  428. sizeof(hashed_reveal));
  429. }
  430. /* Test our commit/reveal encode functions. */
  431. {
  432. /* Test the reveal encode. */
  433. char encoded[SR_REVEAL_BASE64_LEN + 1];
  434. parsed_commit.reveal_ts = ts;
  435. memcpy(parsed_commit.random_number, hashed_rand,
  436. sizeof(parsed_commit.random_number));
  437. ret = reveal_encode(&parsed_commit, encoded, sizeof(encoded));
  438. tt_int_op(SR_REVEAL_BASE64_LEN, ==, ret);
  439. tt_mem_op(encoded_reveal, OP_EQ, encoded, strlen(encoded_reveal));
  440. }
  441. {
  442. /* Test the commit encode. */
  443. char encoded[SR_COMMIT_BASE64_LEN + 1];
  444. parsed_commit.commit_ts = ts;
  445. memcpy(parsed_commit.hashed_reveal, hashed_reveal,
  446. sizeof(parsed_commit.hashed_reveal));
  447. ret = commit_encode(&parsed_commit, encoded, sizeof(encoded));
  448. tt_int_op(SR_COMMIT_BASE64_LEN, ==, ret);
  449. tt_mem_op(encoded_commit, OP_EQ, encoded, strlen(encoded_commit));
  450. }
  451. done:
  452. ;
  453. }
  454. /** Setup some SRVs in our SR state. If <b>also_current</b> is set, then set
  455. * both current and previous SRVs.
  456. * Helper of test_vote() and test_sr_compute_srv(). */
  457. static void
  458. test_sr_setup_srv(int also_current)
  459. {
  460. sr_srv_t *srv = tor_malloc_zero(sizeof(sr_srv_t));
  461. srv->num_reveals = 42;
  462. memcpy(srv->value,
  463. "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
  464. sizeof(srv->value));
  465. sr_state_set_previous_srv(srv);
  466. if (also_current) {
  467. srv = tor_malloc_zero(sizeof(sr_srv_t));
  468. srv->num_reveals = 128;
  469. memcpy(srv->value,
  470. "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN",
  471. sizeof(srv->value));
  472. sr_state_set_current_srv(srv);
  473. }
  474. }
  475. /* Test anything that has to do with SR protocol and vote. */
  476. static void
  477. test_vote(void *arg)
  478. {
  479. int ret;
  480. time_t now = time(NULL);
  481. sr_commit_t *our_commit = NULL;
  482. (void) arg;
  483. MOCK(trusteddirserver_get_by_v3_auth_digest,
  484. trusteddirserver_get_by_v3_auth_digest_m);
  485. { /* Setup a minimal dirauth environment for this test */
  486. init_authority_state();
  487. /* Set ourself in reveal phase so we can parse the reveal value in the
  488. * vote as well. */
  489. set_sr_phase(SR_PHASE_REVEAL);
  490. }
  491. /* Generate our commit object and validate it has the appropriate field
  492. * that we can then use to build a representation that we'll find in a
  493. * vote coming from the network. */
  494. {
  495. sr_commit_t *saved_commit;
  496. our_commit = sr_generate_our_commit(now, mock_cert);
  497. tt_assert(our_commit);
  498. sr_state_add_commit(our_commit);
  499. /* Make sure it's there. */
  500. saved_commit = sr_state_get_commit(our_commit->rsa_identity);
  501. tt_assert(saved_commit);
  502. }
  503. /* Also setup the SRVs */
  504. test_sr_setup_srv(1);
  505. { /* Now test the vote generation */
  506. smartlist_t *chunks = smartlist_new();
  507. smartlist_t *tokens = smartlist_new();
  508. /* Get our vote line and validate it. */
  509. char *lines = sr_get_string_for_vote();
  510. tt_assert(lines);
  511. /* Split the lines. We expect 2 here. */
  512. ret = smartlist_split_string(chunks, lines, "\n", SPLIT_IGNORE_BLANK, 0);
  513. tt_int_op(ret, ==, 4);
  514. tt_str_op(smartlist_get(chunks, 0), OP_EQ, "shared-rand-participate");
  515. /* Get our commitment line and will validate it agains our commit. The
  516. * format is as follow:
  517. * "shared-rand-commitment" SP version SP algname SP identity
  518. * SP COMMIT [SP REVEAL] NL
  519. */
  520. char *commit_line = smartlist_get(chunks, 1);
  521. tt_assert(commit_line);
  522. ret = smartlist_split_string(tokens, commit_line, " ", 0, 0);
  523. tt_int_op(ret, ==, 6);
  524. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-commit");
  525. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "1");
  526. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  527. crypto_digest_algorithm_get_name(DIGEST_SHA3_256));
  528. char digest[DIGEST_LEN];
  529. base16_decode(digest, sizeof(digest), smartlist_get(tokens, 3),
  530. HEX_DIGEST_LEN);
  531. tt_mem_op(digest, ==, our_commit->rsa_identity, sizeof(digest));
  532. tt_str_op(smartlist_get(tokens, 4), OP_EQ, our_commit->encoded_commit);
  533. tt_str_op(smartlist_get(tokens, 5), OP_EQ, our_commit->encoded_reveal)
  534. ;
  535. /* Finally, does this vote line creates a valid commit object? */
  536. smartlist_t *args = smartlist_new();
  537. smartlist_add(args, smartlist_get(tokens, 1));
  538. smartlist_add(args, smartlist_get(tokens, 2));
  539. smartlist_add(args, smartlist_get(tokens, 3));
  540. smartlist_add(args, smartlist_get(tokens, 4));
  541. smartlist_add(args, smartlist_get(tokens, 5));
  542. sr_commit_t *parsed_commit = sr_parse_commit(args);
  543. tt_assert(parsed_commit);
  544. /* Set valid flag explicitly here to compare since it's not set by
  545. * simply parsing the commit. */
  546. parsed_commit->valid = 1;
  547. tt_mem_op(parsed_commit, ==, our_commit, sizeof(*our_commit));
  548. /* minor cleanup */
  549. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  550. smartlist_clear(tokens);
  551. /* Now test the previous SRV */
  552. char *prev_srv_line = smartlist_get(chunks, 2);
  553. tt_assert(prev_srv_line);
  554. ret = smartlist_split_string(tokens, prev_srv_line, " ", 0, 0);
  555. tt_int_op(ret, ==, 3);
  556. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-previous-value");
  557. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "42");
  558. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  559. "WlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo=");
  560. /* minor cleanup */
  561. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  562. smartlist_clear(tokens);
  563. /* Now test the current SRV */
  564. char *current_srv_line = smartlist_get(chunks, 3);
  565. tt_assert(current_srv_line);
  566. ret = smartlist_split_string(tokens, current_srv_line, " ", 0, 0);
  567. tt_int_op(ret, ==, 3);
  568. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-current-value");
  569. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "128");
  570. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  571. "Tk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk4=");
  572. /* Clean up */
  573. sr_commit_free(parsed_commit);
  574. SMARTLIST_FOREACH(chunks, char *, s, tor_free(s));
  575. smartlist_free(chunks);
  576. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  577. smartlist_free(tokens);
  578. smartlist_clear(args);
  579. smartlist_free(args);
  580. tor_free(lines);
  581. }
  582. done:
  583. sr_commit_free(our_commit);
  584. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  585. }
  586. static const char *sr_state_str = "Version 1\n"
  587. "TorVersion 0.2.9.0-alpha-dev\n"
  588. "ValidAfter 2037-04-19 07:16:00\n"
  589. "ValidUntil 2037-04-20 07:16:00\n"
  590. "Commit 1 sha3-256 FA3CEC2C99DC68D3166B9B6E4FA21A4026C2AB1C "
  591. "7M8GdubCAAdh7WUG0DiwRyxTYRKji7HATa7LLJEZ/UAAAAAAVmfUSg== "
  592. "AAAAAFZn1EojfIheIw42bjK3VqkpYyjsQFSbv/dxNna3Q8hUEPKpOw==\n"
  593. "Commit 1 sha3-256 41E89EDFBFBA44983E21F18F2230A4ECB5BFB543 "
  594. "17aUsYuMeRjd2N1r8yNyg7aHqRa6gf4z7QPoxxAZbp0AAAAAVmfUSg==\n"
  595. "Commit 1 sha3-256 36637026573A04110CF3E6B1D201FB9A98B88734 "
  596. "DDDYtripvdOU+XPEUm5xpU64d9IURSds1xSwQsgeB8oAAAAAVmfUSg==\n"
  597. "SharedRandPreviousValue 4 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=\n"
  598. "SharedRandCurrentValue 3 8dWeW12KEzTGEiLGgO1UVJ7Z91CekoRcxt6Q9KhnOFI=\n";
  599. /** Create an SR disk state, parse it and validate that the parsing went
  600. * well. Yes! */
  601. static void
  602. test_state_load_from_disk(void *arg)
  603. {
  604. int ret;
  605. char *dir = tor_strdup(get_fname("test_sr_state"));
  606. char *sr_state_path = tor_strdup(get_fname("test_sr_state/sr_state"));
  607. sr_state_t *the_sr_state = NULL;
  608. (void) arg;
  609. MOCK(trusteddirserver_get_by_v3_auth_digest,
  610. trusteddirserver_get_by_v3_auth_digest_m);
  611. /* First try with a nonexistent path. */
  612. ret = disk_state_load_from_disk_impl("NONEXISTENTNONEXISTENT");
  613. tt_assert(ret == -ENOENT);
  614. /* Now create a mock state directory and state file */
  615. #ifdef _WIN32
  616. ret = mkdir(dir);
  617. #else
  618. ret = mkdir(dir, 0700);
  619. #endif
  620. tt_assert(ret == 0);
  621. ret = write_str_to_file(sr_state_path, sr_state_str, 0);
  622. tt_assert(ret == 0);
  623. /* Try to load the directory itself. Should fail. */
  624. ret = disk_state_load_from_disk_impl(dir);
  625. tt_int_op(ret, OP_LT, 0);
  626. /* State should be non-existent at this point. */
  627. the_sr_state = get_sr_state();
  628. tt_assert(!the_sr_state);
  629. /* Now try to load the correct file! */
  630. ret = disk_state_load_from_disk_impl(sr_state_path);
  631. tt_assert(ret == 0);
  632. /* Check the content of the state */
  633. /* XXX check more deeply!!! */
  634. the_sr_state = get_sr_state();
  635. tt_assert(the_sr_state);
  636. tt_assert(the_sr_state->version == 1);
  637. tt_assert(digestmap_size(the_sr_state->commits) == 3);
  638. tt_assert(the_sr_state->current_srv);
  639. tt_assert(the_sr_state->current_srv->num_reveals == 3);
  640. tt_assert(the_sr_state->previous_srv);
  641. /* XXX Now also try loading corrupted state files and make sure parsing
  642. fails */
  643. done:
  644. tor_free(dir);
  645. tor_free(sr_state_path);
  646. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  647. }
  648. /** Generate three specially crafted commits (based on the test
  649. * vector at sr_srv_calc_ref.py). Helper of test_sr_compute_srv(). */
  650. static void
  651. test_sr_setup_commits(void)
  652. {
  653. time_t now = time(NULL);
  654. sr_commit_t *commit_a, *commit_b, *commit_c, *commit_d;
  655. sr_commit_t *place_holder = tor_malloc_zero(sizeof(*place_holder));
  656. authority_cert_t *auth_cert = NULL;
  657. { /* Setup a minimal dirauth environment for this test */
  658. or_options_t *options = get_options_mutable();
  659. auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  660. tt_assert(auth_cert);
  661. options->AuthoritativeDir = 1;
  662. tt_int_op(0, ==, load_ed_keys(options, now));
  663. }
  664. /* Generate three dummy commits according to sr_srv_calc_ref.py . Then
  665. register them to the SR state. Also register a fourth commit 'd' with no
  666. reveal info, to make sure that it will get ignored during SRV
  667. calculation. */
  668. { /* Commit from auth 'a' */
  669. commit_a = sr_generate_our_commit(now, auth_cert);
  670. tt_assert(commit_a);
  671. /* Do some surgery on the commit */
  672. memset(commit_a->rsa_identity, 'A', sizeof(commit_a->rsa_identity));
  673. base16_encode(commit_a->rsa_identity_hex,
  674. sizeof(commit_a->rsa_identity_hex), commit_a->rsa_identity,
  675. sizeof(commit_a->rsa_identity));
  676. strlcpy(commit_a->encoded_reveal,
  677. "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
  678. sizeof(commit_a->encoded_reveal));
  679. memcpy(commit_a->hashed_reveal,
  680. "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
  681. sizeof(commit_a->hashed_reveal));
  682. }
  683. { /* Commit from auth 'b' */
  684. commit_b = sr_generate_our_commit(now, auth_cert);
  685. tt_assert(commit_b);
  686. /* Do some surgery on the commit */
  687. memset(commit_b->rsa_identity, 'B', sizeof(commit_b->rsa_identity));
  688. base16_encode(commit_b->rsa_identity_hex,
  689. sizeof(commit_b->rsa_identity_hex), commit_b->rsa_identity,
  690. sizeof(commit_b->rsa_identity));
  691. strlcpy(commit_b->encoded_reveal,
  692. "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
  693. sizeof(commit_b->encoded_reveal));
  694. memcpy(commit_b->hashed_reveal,
  695. "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
  696. sizeof(commit_b->hashed_reveal));
  697. }
  698. { /* Commit from auth 'c' */
  699. commit_c = sr_generate_our_commit(now, auth_cert);
  700. tt_assert(commit_c);
  701. /* Do some surgery on the commit */
  702. memset(commit_c->rsa_identity, 'C', sizeof(commit_c->rsa_identity));
  703. base16_encode(commit_c->rsa_identity_hex,
  704. sizeof(commit_c->rsa_identity_hex), commit_c->rsa_identity,
  705. sizeof(commit_c->rsa_identity));
  706. strlcpy(commit_c->encoded_reveal,
  707. "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
  708. sizeof(commit_c->encoded_reveal));
  709. memcpy(commit_c->hashed_reveal,
  710. "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
  711. sizeof(commit_c->hashed_reveal));
  712. }
  713. { /* Commit from auth 'd' */
  714. commit_d = sr_generate_our_commit(now, auth_cert);
  715. tt_assert(commit_d);
  716. /* Do some surgery on the commit */
  717. memset(commit_d->rsa_identity, 'D', sizeof(commit_d->rsa_identity));
  718. base16_encode(commit_d->rsa_identity_hex,
  719. sizeof(commit_d->rsa_identity_hex), commit_d->rsa_identity,
  720. sizeof(commit_d->rsa_identity));
  721. strlcpy(commit_d->encoded_reveal,
  722. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
  723. sizeof(commit_d->encoded_reveal));
  724. memcpy(commit_d->hashed_reveal,
  725. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
  726. sizeof(commit_d->hashed_reveal));
  727. /* Clean up its reveal info */
  728. memcpy(place_holder, commit_d, sizeof(*place_holder));
  729. memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal));
  730. tt_assert(!commit_has_reveal_value(commit_d));
  731. }
  732. /* Register commits to state (during commit phase) */
  733. set_sr_phase(SR_PHASE_COMMIT);
  734. save_commit_to_state(commit_a);
  735. save_commit_to_state(commit_b);
  736. save_commit_to_state(commit_c);
  737. save_commit_to_state(commit_d);
  738. tt_int_op(digestmap_size(get_sr_state()->commits), ==, 4);
  739. /* Now during REVEAL phase save commit D by restoring its reveal. */
  740. set_sr_phase(SR_PHASE_REVEAL);
  741. save_commit_to_state(place_holder);
  742. tt_str_op(commit_d->encoded_reveal, OP_EQ,
  743. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD");
  744. /* Go back to an empty encoded reveal value. */
  745. memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal));
  746. memset(commit_d->random_number, 0, sizeof(commit_d->random_number));
  747. tt_assert(!commit_has_reveal_value(commit_d));
  748. done:
  749. authority_cert_free(auth_cert);
  750. }
  751. /** Verify that the SRV generation procedure is proper by testing it against
  752. * the test vector from ./sr_srv_calc_ref.py. */
  753. static void
  754. test_sr_compute_srv(void *arg)
  755. {
  756. (void) arg;
  757. const sr_srv_t *current_srv = NULL;
  758. #define SRV_TEST_VECTOR \
  759. "2A9B1D6237DAB312A40F575DA85C147663E7ED3F80E9555395F15B515C74253D"
  760. MOCK(trusteddirserver_get_by_v3_auth_digest,
  761. trusteddirserver_get_by_v3_auth_digest_m);
  762. init_authority_state();
  763. /* Setup the commits for this unittest */
  764. test_sr_setup_commits();
  765. test_sr_setup_srv(0);
  766. /* Now switch to reveal phase */
  767. set_sr_phase(SR_PHASE_REVEAL);
  768. /* Compute the SRV */
  769. sr_compute_srv();
  770. /* Check the result against the test vector */
  771. current_srv = sr_state_get_current_srv();
  772. tt_assert(current_srv);
  773. tt_u64_op(current_srv->num_reveals, ==, 3);
  774. tt_str_op(hex_str((char*)current_srv->value, 32),
  775. ==,
  776. SRV_TEST_VECTOR);
  777. done:
  778. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  779. }
  780. /** Return a minimal vote document with a current SRV value set to
  781. * <b>srv</b>. */
  782. static networkstatus_t *
  783. get_test_vote_with_curr_srv(const char *srv)
  784. {
  785. networkstatus_t *vote = tor_malloc_zero(sizeof(networkstatus_t));
  786. vote->type = NS_TYPE_VOTE;
  787. vote->sr_info.participate = 1;
  788. vote->sr_info.current_srv = tor_malloc_zero(sizeof(sr_srv_t));
  789. vote->sr_info.current_srv->num_reveals = 42;
  790. memcpy(vote->sr_info.current_srv->value,
  791. srv,
  792. sizeof(vote->sr_info.current_srv->value));
  793. return vote;
  794. }
  795. /* Test the function that picks the right SRV given a bunch of votes. Make sure
  796. * that the function returns an SRV iff the majority/agreement requirements are
  797. * met. */
  798. static void
  799. test_sr_get_majority_srv_from_votes(void *arg)
  800. {
  801. sr_srv_t *chosen_srv;
  802. smartlist_t *votes = smartlist_new();
  803. #define SRV_1 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
  804. #define SRV_2 "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
  805. (void) arg;
  806. init_authority_state();
  807. /* Make sure our SRV is fresh so we can consider the super majority with
  808. * the consensus params of number of agreements needed. */
  809. sr_state_set_fresh_srv();
  810. /* The test relies on the dirauth list being initialized. */
  811. clear_dir_servers();
  812. add_default_trusted_dir_authorities(V3_DIRINFO);
  813. { /* Prepare voting environment with just a single vote. */
  814. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  815. smartlist_add(votes, vote);
  816. }
  817. /* Since it's only one vote with an SRV, it should not achieve majority and
  818. hence no SRV will be returned. */
  819. chosen_srv = get_majority_srv_from_votes(votes, 1);
  820. tt_assert(!chosen_srv);
  821. { /* Now put in 8 more votes. Let SRV_1 have majority. */
  822. int i;
  823. /* Now 7 votes believe in SRV_1 */
  824. for (i = 0; i < 3; i++) {
  825. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  826. smartlist_add(votes, vote);
  827. }
  828. /* and 2 votes believe in SRV_2 */
  829. for (i = 0; i < 2; i++) {
  830. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_2);
  831. smartlist_add(votes, vote);
  832. }
  833. for (i = 0; i < 3; i++) {
  834. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  835. smartlist_add(votes, vote);
  836. }
  837. tt_int_op(smartlist_len(votes), ==, 9);
  838. }
  839. /* Now we achieve majority for SRV_1, but not the AuthDirNumSRVAgreements
  840. requirement. So still not picking an SRV. */
  841. set_num_srv_agreements(8);
  842. chosen_srv = get_majority_srv_from_votes(votes, 1);
  843. tt_assert(!chosen_srv);
  844. /* We will now lower the AuthDirNumSRVAgreements requirement by tweaking the
  845. * consensus parameter and we will try again. This time it should work. */
  846. set_num_srv_agreements(7);
  847. chosen_srv = get_majority_srv_from_votes(votes, 1);
  848. tt_assert(chosen_srv);
  849. tt_u64_op(chosen_srv->num_reveals, ==, 42);
  850. tt_mem_op(chosen_srv->value, OP_EQ, SRV_1, sizeof(chosen_srv->value));
  851. done:
  852. SMARTLIST_FOREACH(votes, networkstatus_t *, vote,
  853. networkstatus_vote_free(vote));
  854. smartlist_free(votes);
  855. }
  856. static void
  857. test_utils(void *arg)
  858. {
  859. (void) arg;
  860. /* Testing srv_dup(). */
  861. {
  862. sr_srv_t *srv = NULL, *dup_srv = NULL;
  863. const char *srv_value =
  864. "1BDB7C3E973936E4D13A49F37C859B3DC69C429334CF9412E3FEF6399C52D47A";
  865. srv = tor_malloc_zero(sizeof(*srv));
  866. srv->num_reveals = 42;
  867. memcpy(srv->value, srv_value, sizeof(srv->value));
  868. dup_srv = srv_dup(srv);
  869. tt_assert(dup_srv);
  870. tt_u64_op(dup_srv->num_reveals, ==, srv->num_reveals);
  871. tt_mem_op(dup_srv->value, OP_EQ, srv->value, sizeof(srv->value));
  872. tor_free(srv);
  873. tor_free(dup_srv);
  874. }
  875. /* Testing commitments_are_the_same(). Currently, the check is to test the
  876. * value of the encoded commit so let's make sure that actually works. */
  877. {
  878. /* Payload of 57 bytes that is the length of sr_commit_t->encoded_commit.
  879. * 56 bytes of payload and a NUL terminated byte at the end ('\x00')
  880. * which comes down to SR_COMMIT_BASE64_LEN + 1. */
  881. const char *payload =
  882. "\x5d\xb9\x60\xb6\xcc\x51\x68\x52\x31\xd9\x88\x88\x71\x71\xe0\x30"
  883. "\x59\x55\x7f\xcd\x61\xc0\x4b\x05\xb8\xcd\xc1\x48\xe9\xcd\x16\x1f"
  884. "\x70\x15\x0c\xfc\xd3\x1a\x75\xd0\x93\x6c\xc4\xe0\x5c\xbe\xe2\x18"
  885. "\xc7\xaf\x72\xb6\x7c\x9b\x52\x00";
  886. sr_commit_t commit1, commit2;
  887. memcpy(commit1.encoded_commit, payload, sizeof(commit1.encoded_commit));
  888. memcpy(commit2.encoded_commit, payload, sizeof(commit2.encoded_commit));
  889. tt_int_op(commitments_are_the_same(&commit1, &commit2), ==, 1);
  890. /* Let's corrupt one of them. */
  891. memset(commit1.encoded_commit, 'A', sizeof(commit1.encoded_commit));
  892. tt_int_op(commitments_are_the_same(&commit1, &commit2), ==, 0);
  893. }
  894. /* Testing commit_is_authoritative(). */
  895. {
  896. crypto_pk_t *k = crypto_pk_new();
  897. char digest[DIGEST_LEN];
  898. sr_commit_t commit;
  899. tt_assert(!crypto_pk_generate_key(k));
  900. tt_int_op(0, ==, crypto_pk_get_digest(k, digest));
  901. memcpy(commit.rsa_identity, digest, sizeof(commit.rsa_identity));
  902. tt_int_op(commit_is_authoritative(&commit, digest), ==, 1);
  903. /* Change the pubkey. */
  904. memset(commit.rsa_identity, 0, sizeof(commit.rsa_identity));
  905. tt_int_op(commit_is_authoritative(&commit, digest), ==, 0);
  906. crypto_pk_free(k);
  907. }
  908. /* Testing get_phase_str(). */
  909. {
  910. tt_str_op(get_phase_str(SR_PHASE_REVEAL), ==, "reveal");
  911. tt_str_op(get_phase_str(SR_PHASE_COMMIT), ==, "commit");
  912. }
  913. /* Testing phase transition */
  914. {
  915. init_authority_state();
  916. set_sr_phase(SR_PHASE_COMMIT);
  917. tt_int_op(is_phase_transition(SR_PHASE_REVEAL), ==, 1);
  918. tt_int_op(is_phase_transition(SR_PHASE_COMMIT), ==, 0);
  919. set_sr_phase(SR_PHASE_REVEAL);
  920. tt_int_op(is_phase_transition(SR_PHASE_REVEAL), ==, 0);
  921. tt_int_op(is_phase_transition(SR_PHASE_COMMIT), ==, 1);
  922. /* Junk. */
  923. tt_int_op(is_phase_transition(42), ==, 1);
  924. }
  925. done:
  926. return;
  927. }
  928. static void
  929. test_state_transition(void *arg)
  930. {
  931. sr_state_t *state = NULL;
  932. time_t now = time(NULL);
  933. (void) arg;
  934. { /* Setup a minimal dirauth environment for this test */
  935. init_authority_state();
  936. state = get_sr_state();
  937. tt_assert(state);
  938. }
  939. /* Test our state reset for a new protocol run. */
  940. {
  941. /* Add a commit to the state so we can test if the reset cleans the
  942. * commits. Also, change all params that we expect to be updated. */
  943. sr_commit_t *commit = sr_generate_our_commit(now, mock_cert);
  944. tt_assert(commit);
  945. sr_state_add_commit(commit);
  946. tt_int_op(digestmap_size(state->commits), ==, 1);
  947. /* Let's test our delete feature. */
  948. sr_state_delete_commits();
  949. tt_int_op(digestmap_size(state->commits), ==, 0);
  950. /* Add it back so we can continue the rest of the test because after
  951. * deletiong our commit will be freed so generate a new one. */
  952. commit = sr_generate_our_commit(now, mock_cert);
  953. tt_assert(commit);
  954. sr_state_add_commit(commit);
  955. tt_int_op(digestmap_size(state->commits), ==, 1);
  956. state->n_reveal_rounds = 42;
  957. state->n_commit_rounds = 43;
  958. state->n_protocol_runs = 44;
  959. reset_state_for_new_protocol_run(now);
  960. tt_int_op(state->n_reveal_rounds, ==, 0);
  961. tt_int_op(state->n_commit_rounds, ==, 0);
  962. tt_u64_op(state->n_protocol_runs, ==, 45);
  963. tt_int_op(digestmap_size(state->commits), ==, 0);
  964. }
  965. /* Test SRV rotation in our state. */
  966. {
  967. const sr_srv_t *cur, *prev;
  968. test_sr_setup_srv(1);
  969. cur = sr_state_get_current_srv();
  970. tt_assert(cur);
  971. /* After, current srv should be the previous and then set to NULL. */
  972. state_rotate_srv();
  973. prev = sr_state_get_previous_srv();
  974. tt_assert(prev == cur);
  975. tt_assert(!sr_state_get_current_srv());
  976. sr_state_clean_srvs();
  977. }
  978. /* New protocol run. */
  979. {
  980. const sr_srv_t *cur;
  981. /* Setup some new SRVs so we can confirm that a new protocol run
  982. * actually makes them rotate and compute new ones. */
  983. test_sr_setup_srv(1);
  984. cur = sr_state_get_current_srv();
  985. tt_assert(cur);
  986. set_sr_phase(SR_PHASE_REVEAL);
  987. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  988. new_protocol_run(now);
  989. UNMOCK(get_my_v3_authority_cert);
  990. /* Rotation happened. */
  991. tt_assert(sr_state_get_previous_srv() == cur);
  992. /* We are going into COMMIT phase so we had to rotate our SRVs. Usually
  993. * our current SRV would be NULL but a new protocol run should make us
  994. * compute a new SRV. */
  995. tt_assert(sr_state_get_current_srv());
  996. /* Also, make sure we did change the current. */
  997. tt_assert(sr_state_get_current_srv() != cur);
  998. /* We should have our commitment alone. */
  999. tt_int_op(digestmap_size(state->commits), ==, 1);
  1000. tt_int_op(state->n_reveal_rounds, ==, 0);
  1001. tt_int_op(state->n_commit_rounds, ==, 0);
  1002. /* 46 here since we were at 45 just before. */
  1003. tt_u64_op(state->n_protocol_runs, ==, 46);
  1004. }
  1005. /* Cleanup of SRVs. */
  1006. {
  1007. sr_state_clean_srvs();
  1008. tt_assert(!sr_state_get_current_srv());
  1009. tt_assert(!sr_state_get_previous_srv());
  1010. }
  1011. done:
  1012. return;
  1013. }
  1014. static void
  1015. test_keep_commit(void *arg)
  1016. {
  1017. char fp[FINGERPRINT_LEN + 1];
  1018. sr_commit_t *commit = NULL, *dup_commit = NULL;
  1019. sr_state_t *state;
  1020. time_t now = time(NULL);
  1021. crypto_pk_t *k = NULL;
  1022. (void) arg;
  1023. MOCK(trusteddirserver_get_by_v3_auth_digest,
  1024. trusteddirserver_get_by_v3_auth_digest_m);
  1025. {
  1026. k = pk_generate(1);
  1027. /* Setup a minimal dirauth environment for this test */
  1028. /* Have a key that is not the one from our commit. */
  1029. init_authority_state();
  1030. state = get_sr_state();
  1031. }
  1032. /* Test this very important function that tells us if we should keep a
  1033. * commit or not in our state. Most of it depends on the phase and what's
  1034. * in the commit so we'll change the commit as we go. */
  1035. commit = sr_generate_our_commit(now, mock_cert);
  1036. tt_assert(commit);
  1037. /* Set us in COMMIT phase for starter. */
  1038. set_sr_phase(SR_PHASE_COMMIT);
  1039. /* We should never keep a commit from a non authoritative authority. */
  1040. tt_int_op(should_keep_commit(commit, fp, SR_PHASE_COMMIT), ==, 0);
  1041. /* This should NOT be kept because it has a reveal value in it. */
  1042. tt_assert(commit_has_reveal_value(commit));
  1043. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1044. SR_PHASE_COMMIT), ==, 0);
  1045. /* Add it to the state which should return to not keep it. */
  1046. sr_state_add_commit(commit);
  1047. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1048. SR_PHASE_COMMIT), ==, 0);
  1049. /* Remove it from state so we can continue our testing. */
  1050. digestmap_remove(state->commits, commit->rsa_identity);
  1051. /* Let's remove our reveal value which should make it OK to keep it. */
  1052. memset(commit->encoded_reveal, 0, sizeof(commit->encoded_reveal));
  1053. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1054. SR_PHASE_COMMIT), ==, 1);
  1055. /* Let's reset our commit and go into REVEAL phase. */
  1056. sr_commit_free(commit);
  1057. commit = sr_generate_our_commit(now, mock_cert);
  1058. tt_assert(commit);
  1059. /* Dup the commit so we have one with and one without a reveal value. */
  1060. dup_commit = tor_malloc_zero(sizeof(*dup_commit));
  1061. memcpy(dup_commit, commit, sizeof(*dup_commit));
  1062. memset(dup_commit->encoded_reveal, 0, sizeof(dup_commit->encoded_reveal));
  1063. set_sr_phase(SR_PHASE_REVEAL);
  1064. /* We should never keep a commit from a non authoritative authority. */
  1065. tt_int_op(should_keep_commit(commit, fp, SR_PHASE_REVEAL), ==, 0);
  1066. /* We shouldn't accept a commit that is not in our state. */
  1067. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1068. SR_PHASE_REVEAL), ==, 0);
  1069. /* Important to add the commit _without_ the reveal here. */
  1070. sr_state_add_commit(dup_commit);
  1071. tt_int_op(digestmap_size(state->commits), ==, 1);
  1072. /* Our commit should be valid that is authoritative, contains a reveal, be
  1073. * in the state and commitment and reveal values match. */
  1074. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1075. SR_PHASE_REVEAL), ==, 1);
  1076. /* The commit shouldn't be kept if it's not verified that is no matchin
  1077. * hashed reveal. */
  1078. {
  1079. /* Let's save the hash reveal so we can restore it. */
  1080. sr_commit_t place_holder;
  1081. memcpy(place_holder.hashed_reveal, commit->hashed_reveal,
  1082. sizeof(place_holder.hashed_reveal));
  1083. memset(commit->hashed_reveal, 0, sizeof(commit->hashed_reveal));
  1084. setup_full_capture_of_logs(LOG_WARN);
  1085. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1086. SR_PHASE_REVEAL), ==, 0);
  1087. expect_log_msg_containing("doesn't match the commit value.");
  1088. expect_log_msg_containing("has an invalid reveal value.");
  1089. assert_log_predicate(mock_saved_log_n_entries() == 2,
  1090. "expected 2 log entries");
  1091. teardown_capture_of_logs();
  1092. memcpy(commit->hashed_reveal, place_holder.hashed_reveal,
  1093. sizeof(commit->hashed_reveal));
  1094. }
  1095. /* We shouldn't keep a commit that has no reveal. */
  1096. tt_int_op(should_keep_commit(dup_commit, dup_commit->rsa_identity,
  1097. SR_PHASE_REVEAL), ==, 0);
  1098. /* We must not keep a commit that is not the same from the commit phase. */
  1099. memset(commit->encoded_commit, 0, sizeof(commit->encoded_commit));
  1100. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1101. SR_PHASE_REVEAL), ==, 0);
  1102. done:
  1103. teardown_capture_of_logs();
  1104. sr_commit_free(commit);
  1105. sr_commit_free(dup_commit);
  1106. crypto_pk_free(k);
  1107. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  1108. }
  1109. static void
  1110. test_state_update(void *arg)
  1111. {
  1112. time_t commit_phase_time = 1452076000;
  1113. time_t reveal_phase_time = 1452086800;
  1114. sr_state_t *state;
  1115. (void) arg;
  1116. {
  1117. init_authority_state();
  1118. state = get_sr_state();
  1119. set_sr_phase(SR_PHASE_COMMIT);
  1120. /* We'll cheat a bit here and reset the creation time of the state which
  1121. * will avoid us to compute a valid_after time that fits the commit
  1122. * phase. */
  1123. state->valid_after = 0;
  1124. state->n_reveal_rounds = 0;
  1125. state->n_commit_rounds = 0;
  1126. state->n_protocol_runs = 0;
  1127. }
  1128. /* We need to mock for the state update function call. */
  1129. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  1130. /* We are in COMMIT phase here and we'll trigger a state update but no
  1131. * transition. */
  1132. sr_state_update(commit_phase_time);
  1133. tt_int_op(state->valid_after, ==, commit_phase_time);
  1134. tt_int_op(state->n_commit_rounds, ==, 1);
  1135. tt_int_op(state->phase, ==, SR_PHASE_COMMIT);
  1136. tt_int_op(digestmap_size(state->commits), ==, 1);
  1137. /* We are still in the COMMIT phase here but we'll trigger a state
  1138. * transition to the REVEAL phase. */
  1139. sr_state_update(reveal_phase_time);
  1140. tt_int_op(state->phase, ==, SR_PHASE_REVEAL);
  1141. tt_int_op(state->valid_after, ==, reveal_phase_time);
  1142. /* Only our commit should be in there. */
  1143. tt_int_op(digestmap_size(state->commits), ==, 1);
  1144. tt_int_op(state->n_reveal_rounds, ==, 1);
  1145. /* We can't update a state with a valid after _lower_ than the creation
  1146. * time so here it is. */
  1147. sr_state_update(commit_phase_time);
  1148. tt_int_op(state->valid_after, ==, reveal_phase_time);
  1149. /* Finally, let's go back in COMMIT phase so we can test the state update
  1150. * of a new protocol run. */
  1151. state->valid_after = 0;
  1152. sr_state_update(commit_phase_time);
  1153. tt_int_op(state->valid_after, ==, commit_phase_time);
  1154. tt_int_op(state->n_commit_rounds, ==, 1);
  1155. tt_int_op(state->n_reveal_rounds, ==, 0);
  1156. tt_u64_op(state->n_protocol_runs, ==, 1);
  1157. tt_int_op(state->phase, ==, SR_PHASE_COMMIT);
  1158. tt_int_op(digestmap_size(state->commits), ==, 1);
  1159. tt_assert(state->current_srv);
  1160. done:
  1161. sr_state_free();
  1162. UNMOCK(get_my_v3_authority_cert);
  1163. }
  1164. struct testcase_t sr_tests[] = {
  1165. { "get_sr_protocol_phase", test_get_sr_protocol_phase, TT_FORK,
  1166. NULL, NULL },
  1167. { "sr_commit", test_sr_commit, TT_FORK,
  1168. NULL, NULL },
  1169. { "keep_commit", test_keep_commit, TT_FORK,
  1170. NULL, NULL },
  1171. { "encoding", test_encoding, TT_FORK,
  1172. NULL, NULL },
  1173. { "get_next_valid_after_time", test_get_next_valid_after_time, TT_FORK,
  1174. NULL, NULL },
  1175. { "get_start_time_of_current_run", test_get_start_time_of_current_run,
  1176. TT_FORK, NULL, NULL },
  1177. { "get_sr_protocol_duration", test_get_sr_protocol_duration, TT_FORK,
  1178. NULL, NULL },
  1179. { "get_state_valid_until_time", test_get_state_valid_until_time, TT_FORK,
  1180. NULL, NULL },
  1181. { "vote", test_vote, TT_FORK,
  1182. NULL, NULL },
  1183. { "state_load_from_disk", test_state_load_from_disk, TT_FORK,
  1184. NULL, NULL },
  1185. { "sr_compute_srv", test_sr_compute_srv, TT_FORK, NULL, NULL },
  1186. { "sr_get_majority_srv_from_votes", test_sr_get_majority_srv_from_votes,
  1187. TT_FORK, NULL, NULL },
  1188. { "utils", test_utils, TT_FORK, NULL, NULL },
  1189. { "state_transition", test_state_transition, TT_FORK, NULL, NULL },
  1190. { "state_update", test_state_update, TT_FORK,
  1191. NULL, NULL },
  1192. END_OF_TESTCASES
  1193. };