test_shared_random.c 43 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275
  1. #define SHARED_RANDOM_PRIVATE
  2. #define SHARED_RANDOM_STATE_PRIVATE
  3. #define CONFIG_PRIVATE
  4. #define DIRVOTE_PRIVATE
  5. #include "or.h"
  6. #include "test.h"
  7. #include "config.h"
  8. #include "dirvote.h"
  9. #include "shared_random.h"
  10. #include "shared_random_state.h"
  11. #include "routerkeys.h"
  12. #include "routerlist.h"
  13. #include "router.h"
  14. #include "routerparse.h"
  15. #include "networkstatus.h"
  16. static authority_cert_t *mock_cert;
  17. static authority_cert_t *
  18. get_my_v3_authority_cert_m(void)
  19. {
  20. tor_assert(mock_cert);
  21. return mock_cert;
  22. }
  23. static dir_server_t ds;
  24. static dir_server_t *
  25. trusteddirserver_get_by_v3_auth_digest_m(const char *digest)
  26. {
  27. (void) digest;
  28. /* The shared random code only need to know if a valid pointer to a dir
  29. * server object has been found so this is safe because it won't use the
  30. * pointer at all never. */
  31. return &ds;
  32. }
  33. /* Setup a minimal dirauth environment by initializing the SR state and
  34. * making sure the options are set to be an authority directory. */
  35. static void
  36. init_authority_state(void)
  37. {
  38. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  39. or_options_t *options = get_options_mutable();
  40. mock_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  41. tt_assert(mock_cert);
  42. options->AuthoritativeDir = 1;
  43. tt_int_op(0, ==, load_ed_keys(options, time(NULL)));
  44. sr_state_init(0, 0);
  45. /* It's possible a commit has been generated in our state depending on
  46. * the phase we are currently in which uses "now" as the starting
  47. * timestamp. Delete it before we do any testing below. */
  48. sr_state_delete_commits();
  49. done:
  50. UNMOCK(get_my_v3_authority_cert);
  51. }
  52. static void
  53. test_get_sr_protocol_phase(void *arg)
  54. {
  55. time_t the_time;
  56. sr_phase_t phase;
  57. int retval;
  58. (void) arg;
  59. /* Initialize SR state */
  60. init_authority_state();
  61. {
  62. retval = parse_rfc1123_time("Wed, 20 Apr 2015 23:59:00 UTC", &the_time);
  63. tt_int_op(retval, ==, 0);
  64. phase = get_sr_protocol_phase(the_time);
  65. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  66. }
  67. {
  68. retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:00 UTC", &the_time);
  69. tt_int_op(retval, ==, 0);
  70. phase = get_sr_protocol_phase(the_time);
  71. tt_int_op(phase, ==, SR_PHASE_COMMIT);
  72. }
  73. {
  74. retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:01 UTC", &the_time);
  75. tt_int_op(retval, ==, 0);
  76. phase = get_sr_protocol_phase(the_time);
  77. tt_int_op(phase, ==, SR_PHASE_COMMIT);
  78. }
  79. {
  80. retval = parse_rfc1123_time("Wed, 20 Apr 2015 11:59:00 UTC", &the_time);
  81. tt_int_op(retval, ==, 0);
  82. phase = get_sr_protocol_phase(the_time);
  83. tt_int_op(phase, ==, SR_PHASE_COMMIT);
  84. }
  85. {
  86. retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:00 UTC", &the_time);
  87. tt_int_op(retval, ==, 0);
  88. phase = get_sr_protocol_phase(the_time);
  89. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  90. }
  91. {
  92. retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:01 UTC", &the_time);
  93. tt_int_op(retval, ==, 0);
  94. phase = get_sr_protocol_phase(the_time);
  95. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  96. }
  97. {
  98. retval = parse_rfc1123_time("Wed, 20 Apr 2015 13:00:00 UTC", &the_time);
  99. tt_int_op(retval, ==, 0);
  100. phase = get_sr_protocol_phase(the_time);
  101. tt_int_op(phase, ==, SR_PHASE_REVEAL);
  102. }
  103. done:
  104. ;
  105. }
  106. static networkstatus_t *mock_consensus = NULL;
  107. static void
  108. test_get_state_valid_until_time(void *arg)
  109. {
  110. time_t current_time;
  111. time_t valid_until_time;
  112. char tbuf[ISO_TIME_LEN + 1];
  113. int retval;
  114. (void) arg;
  115. {
  116. /* Get the valid until time if called at 00:00:01 */
  117. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
  118. &current_time);
  119. tt_int_op(retval, ==, 0);
  120. valid_until_time = get_state_valid_until_time(current_time);
  121. /* Compare it with the correct result */
  122. format_iso_time(tbuf, valid_until_time);
  123. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  124. }
  125. {
  126. retval = parse_rfc1123_time("Mon, 20 Apr 2015 19:22:00 UTC",
  127. &current_time);
  128. tt_int_op(retval, ==, 0);
  129. valid_until_time = get_state_valid_until_time(current_time);
  130. format_iso_time(tbuf, valid_until_time);
  131. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  132. }
  133. {
  134. retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:59:00 UTC",
  135. &current_time);
  136. tt_int_op(retval, ==, 0);
  137. valid_until_time = get_state_valid_until_time(current_time);
  138. format_iso_time(tbuf, valid_until_time);
  139. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  140. }
  141. {
  142. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  143. &current_time);
  144. tt_int_op(retval, ==, 0);
  145. valid_until_time = get_state_valid_until_time(current_time);
  146. format_iso_time(tbuf, valid_until_time);
  147. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  148. }
  149. done:
  150. ;
  151. }
  152. /* Mock function to immediately return our local 'mock_consensus'. */
  153. static networkstatus_t *
  154. mock_networkstatus_get_live_consensus(time_t now)
  155. {
  156. (void) now;
  157. return mock_consensus;
  158. }
  159. /** Test the get_next_valid_after_time() function. */
  160. static void
  161. test_get_next_valid_after_time(void *arg)
  162. {
  163. time_t current_time;
  164. time_t valid_after_time;
  165. char tbuf[ISO_TIME_LEN + 1];
  166. int retval;
  167. (void) arg;
  168. {
  169. /* Setup a fake consensus just to get the times out of it, since
  170. get_next_valid_after_time() needs them. */
  171. mock_consensus = tor_malloc_zero(sizeof(networkstatus_t));
  172. retval = parse_rfc1123_time("Mon, 13 Jan 2016 16:00:00 UTC",
  173. &mock_consensus->fresh_until);
  174. tt_int_op(retval, ==, 0);
  175. retval = parse_rfc1123_time("Mon, 13 Jan 2016 15:00:00 UTC",
  176. &mock_consensus->valid_after);
  177. tt_int_op(retval, ==, 0);
  178. MOCK(networkstatus_get_live_consensus,
  179. mock_networkstatus_get_live_consensus);
  180. }
  181. {
  182. /* Get the valid after time if called at 00:00:00 */
  183. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
  184. &current_time);
  185. tt_int_op(retval, ==, 0);
  186. valid_after_time = get_next_valid_after_time(current_time);
  187. /* Compare it with the correct result */
  188. format_iso_time(tbuf, valid_after_time);
  189. tt_str_op("2015-04-20 01:00:00", OP_EQ, tbuf);
  190. }
  191. {
  192. /* Get the valid until time if called at 00:00:01 */
  193. retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
  194. &current_time);
  195. tt_int_op(retval, ==, 0);
  196. valid_after_time = get_next_valid_after_time(current_time);
  197. /* Compare it with the correct result */
  198. format_iso_time(tbuf, valid_after_time);
  199. tt_str_op("2015-04-20 01:00:00", OP_EQ, tbuf);
  200. }
  201. {
  202. retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:30:01 UTC",
  203. &current_time);
  204. tt_int_op(retval, ==, 0);
  205. valid_after_time = get_next_valid_after_time(current_time);
  206. /* Compare it with the correct result */
  207. format_iso_time(tbuf, valid_after_time);
  208. tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
  209. }
  210. done:
  211. networkstatus_vote_free(mock_consensus);
  212. }
  213. /* In this test we are going to generate a sr_commit_t object and validate
  214. * it. We first generate our values, and then we parse them as if they were
  215. * received from the network. After we parse both the commit and the reveal,
  216. * we verify that they indeed match. */
  217. static void
  218. test_sr_commit(void *arg)
  219. {
  220. authority_cert_t *auth_cert = NULL;
  221. time_t now = time(NULL);
  222. sr_commit_t *our_commit = NULL;
  223. smartlist_t *args = smartlist_new();
  224. (void) arg;
  225. { /* Setup a minimal dirauth environment for this test */
  226. or_options_t *options = get_options_mutable();
  227. auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  228. tt_assert(auth_cert);
  229. options->AuthoritativeDir = 1;
  230. tt_int_op(0, ==, load_ed_keys(options, now));
  231. }
  232. /* Generate our commit object and validate it has the appropriate field
  233. * that we can then use to build a representation that we'll find in a
  234. * vote coming from the network. */
  235. {
  236. sr_commit_t test_commit;
  237. our_commit = sr_generate_our_commit(now, auth_cert);
  238. tt_assert(our_commit);
  239. /* Default and only supported algorithm for now. */
  240. tt_assert(our_commit->alg == DIGEST_SHA3_256);
  241. /* We should have a reveal value. */
  242. tt_assert(commit_has_reveal_value(our_commit));
  243. /* We should have a random value. */
  244. tt_assert(!tor_mem_is_zero((char *) our_commit->random_number,
  245. sizeof(our_commit->random_number)));
  246. /* Commit and reveal timestamp should be the same. */
  247. tt_u64_op(our_commit->commit_ts, ==, our_commit->reveal_ts);
  248. /* We should have a hashed reveal. */
  249. tt_assert(!tor_mem_is_zero(our_commit->hashed_reveal,
  250. sizeof(our_commit->hashed_reveal)));
  251. /* Do we have a valid encoded commit and reveal. Note the following only
  252. * tests if the generated values are correct. Their could be a bug in
  253. * the decode function but we test them seperately. */
  254. tt_int_op(0, ==, reveal_decode(our_commit->encoded_reveal,
  255. &test_commit));
  256. tt_int_op(0, ==, commit_decode(our_commit->encoded_commit,
  257. &test_commit));
  258. tt_int_op(0, ==, verify_commit_and_reveal(our_commit));
  259. }
  260. /* Let's make sure our verify commit and reveal function works. We'll
  261. * make it fail a bit with known failure case. */
  262. {
  263. /* Copy our commit so we don't alter it for the rest of testing. */
  264. sr_commit_t test_commit;
  265. memcpy(&test_commit, our_commit, sizeof(test_commit));
  266. /* Timestamp MUST match. */
  267. test_commit.commit_ts = test_commit.reveal_ts - 42;
  268. tt_int_op(-1, ==, verify_commit_and_reveal(&test_commit));
  269. memcpy(&test_commit, our_commit, sizeof(test_commit));
  270. tt_int_op(0, ==, verify_commit_and_reveal(&test_commit));
  271. /* Hashed reveal must match the H(encoded_reveal). */
  272. memset(test_commit.hashed_reveal, 'X',
  273. sizeof(test_commit.hashed_reveal));
  274. tt_int_op(-1, ==, verify_commit_and_reveal(&test_commit));
  275. memcpy(&test_commit, our_commit, sizeof(test_commit));
  276. tt_int_op(0, ==, verify_commit_and_reveal(&test_commit));
  277. }
  278. /* We'll build a list of values from our commit that our parsing function
  279. * takes from a vote line and see if we can parse it correctly. */
  280. {
  281. sr_commit_t *parsed_commit;
  282. smartlist_add(args, tor_strdup("1"));
  283. smartlist_add(args,
  284. tor_strdup(crypto_digest_algorithm_get_name(our_commit->alg)));
  285. smartlist_add(args, tor_strdup(sr_commit_get_rsa_fpr(our_commit)));
  286. smartlist_add(args, our_commit->encoded_commit);
  287. smartlist_add(args, our_commit->encoded_reveal);
  288. parsed_commit = sr_parse_commit(args);
  289. tt_assert(parsed_commit);
  290. /* That parsed commit should be _EXACTLY_ like our original commit (we
  291. * have to explicitly set the valid flag though). */
  292. parsed_commit->valid = 1;
  293. tt_mem_op(parsed_commit, OP_EQ, our_commit, sizeof(*parsed_commit));
  294. /* Cleanup */
  295. tor_free(smartlist_get(args, 0)); /* strdup here. */
  296. tor_free(smartlist_get(args, 1)); /* strdup here. */
  297. smartlist_clear(args);
  298. sr_commit_free(parsed_commit);
  299. }
  300. done:
  301. smartlist_free(args);
  302. sr_commit_free(our_commit);
  303. }
  304. /* Test the encoding and decoding function for commit and reveal values. */
  305. static void
  306. test_encoding(void *arg)
  307. {
  308. (void) arg;
  309. int ret, duper_rand = 42;
  310. /* Random number is 32 bytes. */
  311. char raw_rand[32];
  312. time_t ts = 1454333590;
  313. char hashed_rand[DIGEST256_LEN], hashed_reveal[DIGEST256_LEN];
  314. sr_commit_t parsed_commit;
  315. /* Encoded commit is: base64-encode( 1454333590 || H(H(42)) ). Remember
  316. * that we do no expose the raw bytes of our PRNG to the network thus
  317. * explaining the double H(). */
  318. static const char *encoded_commit =
  319. "AAAAAFavXpZbx2LRneYFSLPCP8DLp9BXfeH5FXzbkxM4iRXKGeA54g==";
  320. /* Encoded reveal is: base64-encode( 1454333590 || H(42) ). */
  321. static const char *encoded_reveal =
  322. "AAAAAFavXpYk9x9kTjiQWUqjHwSAEOdPAfCaurXgjPy173SzYjeC2g==";
  323. /* Set up our raw random bytes array. */
  324. memset(raw_rand, 0, sizeof(raw_rand));
  325. memcpy(raw_rand, &duper_rand, sizeof(duper_rand));
  326. /* Hash random number. */
  327. ret = crypto_digest256(hashed_rand, raw_rand,
  328. sizeof(raw_rand), SR_DIGEST_ALG);
  329. tt_int_op(0, ==, ret);
  330. /* Hash reveal value. */
  331. tt_int_op(SR_REVEAL_BASE64_LEN, ==, strlen(encoded_reveal));
  332. ret = crypto_digest256(hashed_reveal, encoded_reveal,
  333. strlen(encoded_reveal), SR_DIGEST_ALG);
  334. tt_int_op(0, ==, ret);
  335. tt_int_op(SR_COMMIT_BASE64_LEN, ==, strlen(encoded_commit));
  336. /* Test our commit/reveal decode functions. */
  337. {
  338. /* Test the reveal encoded value. */
  339. tt_int_op(0, ==, reveal_decode(encoded_reveal, &parsed_commit));
  340. tt_u64_op(ts, ==, parsed_commit.reveal_ts);
  341. tt_mem_op(hashed_rand, OP_EQ, parsed_commit.random_number,
  342. sizeof(hashed_rand));
  343. /* Test the commit encoded value. */
  344. memset(&parsed_commit, 0, sizeof(parsed_commit));
  345. tt_int_op(0, ==, commit_decode(encoded_commit, &parsed_commit));
  346. tt_u64_op(ts, ==, parsed_commit.commit_ts);
  347. tt_mem_op(encoded_commit, OP_EQ, parsed_commit.encoded_commit,
  348. sizeof(parsed_commit.encoded_commit));
  349. tt_mem_op(hashed_reveal, OP_EQ, parsed_commit.hashed_reveal,
  350. sizeof(hashed_reveal));
  351. }
  352. /* Test our commit/reveal encode functions. */
  353. {
  354. /* Test the reveal encode. */
  355. char encoded[SR_REVEAL_BASE64_LEN + 1];
  356. parsed_commit.reveal_ts = ts;
  357. memcpy(parsed_commit.random_number, hashed_rand,
  358. sizeof(parsed_commit.random_number));
  359. ret = reveal_encode(&parsed_commit, encoded, sizeof(encoded));
  360. tt_int_op(SR_REVEAL_BASE64_LEN, ==, ret);
  361. tt_mem_op(encoded_reveal, OP_EQ, encoded, strlen(encoded_reveal));
  362. }
  363. {
  364. /* Test the commit encode. */
  365. char encoded[SR_COMMIT_BASE64_LEN + 1];
  366. parsed_commit.commit_ts = ts;
  367. memcpy(parsed_commit.hashed_reveal, hashed_reveal,
  368. sizeof(parsed_commit.hashed_reveal));
  369. ret = commit_encode(&parsed_commit, encoded, sizeof(encoded));
  370. tt_int_op(SR_COMMIT_BASE64_LEN, ==, ret);
  371. tt_mem_op(encoded_commit, OP_EQ, encoded, strlen(encoded_commit));
  372. }
  373. done:
  374. ;
  375. }
  376. /** Setup some SRVs in our SR state. If <b>also_current</b> is set, then set
  377. * both current and previous SRVs.
  378. * Helper of test_vote() and test_sr_compute_srv(). */
  379. static void
  380. test_sr_setup_srv(int also_current)
  381. {
  382. sr_srv_t *srv = tor_malloc_zero(sizeof(sr_srv_t));
  383. srv->num_reveals = 42;
  384. memcpy(srv->value,
  385. "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
  386. sizeof(srv->value));
  387. sr_state_set_previous_srv(srv);
  388. if (also_current) {
  389. srv = tor_malloc_zero(sizeof(sr_srv_t));
  390. srv->num_reveals = 128;
  391. memcpy(srv->value,
  392. "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN",
  393. sizeof(srv->value));
  394. sr_state_set_current_srv(srv);
  395. }
  396. }
  397. /* Test anything that has to do with SR protocol and vote. */
  398. static void
  399. test_vote(void *arg)
  400. {
  401. int ret;
  402. time_t now = time(NULL);
  403. sr_commit_t *our_commit = NULL;
  404. (void) arg;
  405. MOCK(trusteddirserver_get_by_v3_auth_digest,
  406. trusteddirserver_get_by_v3_auth_digest_m);
  407. { /* Setup a minimal dirauth environment for this test */
  408. init_authority_state();
  409. /* Set ourself in reveal phase so we can parse the reveal value in the
  410. * vote as well. */
  411. set_sr_phase(SR_PHASE_REVEAL);
  412. }
  413. /* Generate our commit object and validate it has the appropriate field
  414. * that we can then use to build a representation that we'll find in a
  415. * vote coming from the network. */
  416. {
  417. sr_commit_t *saved_commit;
  418. our_commit = sr_generate_our_commit(now, mock_cert);
  419. tt_assert(our_commit);
  420. sr_state_add_commit(our_commit);
  421. /* Make sure it's there. */
  422. saved_commit = sr_state_get_commit(our_commit->rsa_identity);
  423. tt_assert(saved_commit);
  424. }
  425. /* Also setup the SRVs */
  426. test_sr_setup_srv(1);
  427. { /* Now test the vote generation */
  428. smartlist_t *chunks = smartlist_new();
  429. smartlist_t *tokens = smartlist_new();
  430. /* Get our vote line and validate it. */
  431. char *lines = sr_get_string_for_vote();
  432. tt_assert(lines);
  433. /* Split the lines. We expect 2 here. */
  434. ret = smartlist_split_string(chunks, lines, "\n", SPLIT_IGNORE_BLANK, 0);
  435. tt_int_op(ret, ==, 4);
  436. tt_str_op(smartlist_get(chunks, 0), OP_EQ, "shared-rand-participate");
  437. /* Get our commitment line and will validate it agains our commit. The
  438. * format is as follow:
  439. * "shared-rand-commitment" SP version SP algname SP identity
  440. * SP COMMIT [SP REVEAL] NL
  441. */
  442. char *commit_line = smartlist_get(chunks, 1);
  443. tt_assert(commit_line);
  444. ret = smartlist_split_string(tokens, commit_line, " ", 0, 0);
  445. tt_int_op(ret, ==, 6);
  446. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-commit");
  447. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "1");
  448. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  449. crypto_digest_algorithm_get_name(DIGEST_SHA3_256));
  450. char digest[DIGEST_LEN];
  451. base16_decode(digest, sizeof(digest), smartlist_get(tokens, 3),
  452. HEX_DIGEST_LEN);
  453. tt_mem_op(digest, ==, our_commit->rsa_identity, sizeof(digest));
  454. tt_str_op(smartlist_get(tokens, 4), OP_EQ, our_commit->encoded_commit);
  455. tt_str_op(smartlist_get(tokens, 5), OP_EQ, our_commit->encoded_reveal);
  456. /* Finally, does this vote line creates a valid commit object? */
  457. smartlist_t *args = smartlist_new();
  458. smartlist_add(args, smartlist_get(tokens, 1));
  459. smartlist_add(args, smartlist_get(tokens, 2));
  460. smartlist_add(args, smartlist_get(tokens, 3));
  461. smartlist_add(args, smartlist_get(tokens, 4));
  462. smartlist_add(args, smartlist_get(tokens, 5));
  463. sr_commit_t *parsed_commit = sr_parse_commit(args);
  464. tt_assert(parsed_commit);
  465. /* Set valid flag explicitly here to compare since it's not set by
  466. * simply parsing the commit. */
  467. parsed_commit->valid = 1;
  468. tt_mem_op(parsed_commit, ==, our_commit, sizeof(*our_commit));
  469. /* minor cleanup */
  470. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  471. smartlist_clear(tokens);
  472. /* Now test the previous SRV */
  473. char *prev_srv_line = smartlist_get(chunks, 2);
  474. tt_assert(prev_srv_line);
  475. ret = smartlist_split_string(tokens, prev_srv_line, " ", 0, 0);
  476. tt_int_op(ret, ==, 3);
  477. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-previous-value");
  478. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "42");
  479. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  480. "WlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo=");
  481. /* minor cleanup */
  482. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  483. smartlist_clear(tokens);
  484. /* Now test the current SRV */
  485. char *current_srv_line = smartlist_get(chunks, 3);
  486. tt_assert(current_srv_line);
  487. ret = smartlist_split_string(tokens, current_srv_line, " ", 0, 0);
  488. tt_int_op(ret, ==, 3);
  489. tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-current-value");
  490. tt_str_op(smartlist_get(tokens, 1), OP_EQ, "128");
  491. tt_str_op(smartlist_get(tokens, 2), OP_EQ,
  492. "Tk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk4=");
  493. /* Clean up */
  494. sr_commit_free(parsed_commit);
  495. SMARTLIST_FOREACH(chunks, char *, s, tor_free(s));
  496. smartlist_free(chunks);
  497. SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
  498. smartlist_free(tokens);
  499. smartlist_clear(args);
  500. smartlist_free(args);
  501. }
  502. done:
  503. sr_commit_free(our_commit);
  504. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  505. }
  506. static const char *sr_state_str = "Version 1\n"
  507. "TorVersion 0.2.9.0-alpha-dev\n"
  508. "ValidAfter 2037-04-19 07:16:00\n"
  509. "ValidUntil 2037-04-20 07:16:00\n"
  510. "Commit 1 sha3-256 FA3CEC2C99DC68D3166B9B6E4FA21A4026C2AB1C "
  511. "7M8GdubCAAdh7WUG0DiwRyxTYRKji7HATa7LLJEZ/UAAAAAAVmfUSg== "
  512. "AAAAAFZn1EojfIheIw42bjK3VqkpYyjsQFSbv/dxNna3Q8hUEPKpOw==\n"
  513. "Commit 1 sha3-256 41E89EDFBFBA44983E21F18F2230A4ECB5BFB543 "
  514. "17aUsYuMeRjd2N1r8yNyg7aHqRa6gf4z7QPoxxAZbp0AAAAAVmfUSg==\n"
  515. "Commit 1 sha3-256 36637026573A04110CF3E6B1D201FB9A98B88734 "
  516. "DDDYtripvdOU+XPEUm5xpU64d9IURSds1xSwQsgeB8oAAAAAVmfUSg==\n"
  517. "SharedRandPreviousValue 4 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=\n"
  518. "SharedRandCurrentValue 3 8dWeW12KEzTGEiLGgO1UVJ7Z91CekoRcxt6Q9KhnOFI=\n";
  519. /** Create an SR disk state, parse it and validate that the parsing went
  520. * well. Yes! */
  521. static void
  522. test_state_load_from_disk(void *arg)
  523. {
  524. int ret;
  525. char *dir = tor_strdup(get_fname("test_sr_state"));
  526. char *sr_state_path = tor_strdup(get_fname("test_sr_state/sr_state"));
  527. sr_state_t *the_sr_state = NULL;
  528. (void) arg;
  529. MOCK(trusteddirserver_get_by_v3_auth_digest,
  530. trusteddirserver_get_by_v3_auth_digest_m);
  531. /* First try with a nonexistent path. */
  532. ret = disk_state_load_from_disk_impl("NONEXISTENTNONEXISTENT");
  533. tt_assert(ret == -ENOENT);
  534. /* Now create a mock state directory and state file */
  535. #ifdef _WIN32
  536. ret = mkdir(dir);
  537. #else
  538. ret = mkdir(dir, 0700);
  539. #endif
  540. tt_assert(ret == 0);
  541. ret = write_str_to_file(sr_state_path, sr_state_str, 0);
  542. tt_assert(ret == 0);
  543. /* Try to load the directory itself. Should fail. */
  544. ret = disk_state_load_from_disk_impl(dir);
  545. tt_int_op(ret, OP_LT, 0);
  546. /* State should be non-existent at this point. */
  547. the_sr_state = get_sr_state();
  548. tt_assert(!the_sr_state);
  549. /* Now try to load the correct file! */
  550. ret = disk_state_load_from_disk_impl(sr_state_path);
  551. tt_assert(ret == 0);
  552. /* Check the content of the state */
  553. /* XXX check more deeply!!! */
  554. the_sr_state = get_sr_state();
  555. tt_assert(the_sr_state);
  556. tt_assert(the_sr_state->version == 1);
  557. tt_assert(digestmap_size(the_sr_state->commits) == 3);
  558. tt_assert(the_sr_state->current_srv);
  559. tt_assert(the_sr_state->current_srv->num_reveals == 3);
  560. tt_assert(the_sr_state->previous_srv);
  561. /* XXX Now also try loading corrupted state files and make sure parsing
  562. fails */
  563. done:
  564. tor_free(dir);
  565. tor_free(sr_state_path);
  566. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  567. }
  568. /** Generate three specially crafted commits (based on the test
  569. * vector at sr_srv_calc_ref.py). Helper of test_sr_compute_srv(). */
  570. static void
  571. test_sr_setup_commits(void)
  572. {
  573. time_t now = time(NULL);
  574. sr_commit_t *commit_a, *commit_b, *commit_c, *commit_d;
  575. sr_commit_t *place_holder = tor_malloc_zero(sizeof(*place_holder));
  576. authority_cert_t *auth_cert = NULL;
  577. { /* Setup a minimal dirauth environment for this test */
  578. or_options_t *options = get_options_mutable();
  579. auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
  580. tt_assert(auth_cert);
  581. options->AuthoritativeDir = 1;
  582. tt_int_op(0, ==, load_ed_keys(options, now));
  583. }
  584. /* Generate three dummy commits according to sr_srv_calc_ref.py . Then
  585. register them to the SR state. Also register a fourth commit 'd' with no
  586. reveal info, to make sure that it will get ignored during SRV
  587. calculation. */
  588. { /* Commit from auth 'a' */
  589. commit_a = sr_generate_our_commit(now, auth_cert);
  590. tt_assert(commit_a);
  591. /* Do some surgery on the commit */
  592. memset(commit_a->rsa_identity, 'A', sizeof(commit_a->rsa_identity));
  593. base16_encode(commit_a->rsa_identity_hex,
  594. sizeof(commit_a->rsa_identity_hex), commit_a->rsa_identity,
  595. sizeof(commit_a->rsa_identity));
  596. strlcpy(commit_a->encoded_reveal,
  597. "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
  598. sizeof(commit_a->encoded_reveal));
  599. memcpy(commit_a->hashed_reveal,
  600. "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
  601. sizeof(commit_a->hashed_reveal));
  602. }
  603. { /* Commit from auth 'b' */
  604. commit_b = sr_generate_our_commit(now, auth_cert);
  605. tt_assert(commit_b);
  606. /* Do some surgery on the commit */
  607. memset(commit_b->rsa_identity, 'B', sizeof(commit_b->rsa_identity));
  608. base16_encode(commit_b->rsa_identity_hex,
  609. sizeof(commit_b->rsa_identity_hex), commit_b->rsa_identity,
  610. sizeof(commit_b->rsa_identity));
  611. strlcpy(commit_b->encoded_reveal,
  612. "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
  613. sizeof(commit_b->encoded_reveal));
  614. memcpy(commit_b->hashed_reveal,
  615. "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
  616. sizeof(commit_b->hashed_reveal));
  617. }
  618. { /* Commit from auth 'c' */
  619. commit_c = sr_generate_our_commit(now, auth_cert);
  620. tt_assert(commit_c);
  621. /* Do some surgery on the commit */
  622. memset(commit_c->rsa_identity, 'C', sizeof(commit_c->rsa_identity));
  623. base16_encode(commit_c->rsa_identity_hex,
  624. sizeof(commit_c->rsa_identity_hex), commit_c->rsa_identity,
  625. sizeof(commit_c->rsa_identity));
  626. strlcpy(commit_c->encoded_reveal,
  627. "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
  628. sizeof(commit_c->encoded_reveal));
  629. memcpy(commit_c->hashed_reveal,
  630. "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
  631. sizeof(commit_c->hashed_reveal));
  632. }
  633. { /* Commit from auth 'd' */
  634. commit_d = sr_generate_our_commit(now, auth_cert);
  635. tt_assert(commit_d);
  636. /* Do some surgery on the commit */
  637. memset(commit_d->rsa_identity, 'D', sizeof(commit_d->rsa_identity));
  638. base16_encode(commit_d->rsa_identity_hex,
  639. sizeof(commit_d->rsa_identity_hex), commit_d->rsa_identity,
  640. sizeof(commit_d->rsa_identity));
  641. strlcpy(commit_d->encoded_reveal,
  642. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
  643. sizeof(commit_d->encoded_reveal));
  644. memcpy(commit_d->hashed_reveal,
  645. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
  646. sizeof(commit_d->hashed_reveal));
  647. /* Clean up its reveal info */
  648. memcpy(place_holder, commit_d, sizeof(*place_holder));
  649. memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal));
  650. tt_assert(!commit_has_reveal_value(commit_d));
  651. }
  652. /* Register commits to state (during commit phase) */
  653. set_sr_phase(SR_PHASE_COMMIT);
  654. save_commit_to_state(commit_a);
  655. save_commit_to_state(commit_b);
  656. save_commit_to_state(commit_c);
  657. save_commit_to_state(commit_d);
  658. tt_int_op(digestmap_size(get_sr_state()->commits), ==, 4);
  659. /* Now during REVEAL phase save commit D by restoring its reveal. */
  660. set_sr_phase(SR_PHASE_REVEAL);
  661. save_commit_to_state(place_holder);
  662. tt_str_op(commit_d->encoded_reveal, OP_EQ,
  663. "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD");
  664. /* Go back to an empty encoded reveal value. */
  665. memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal));
  666. memset(commit_d->random_number, 0, sizeof(commit_d->random_number));
  667. tt_assert(!commit_has_reveal_value(commit_d));
  668. done:
  669. return;
  670. }
  671. /** Verify that the SRV generation procedure is proper by testing it against
  672. * the test vector from ./sr_srv_calc_ref.py. */
  673. static void
  674. test_sr_compute_srv(void *arg)
  675. {
  676. (void) arg;
  677. const sr_srv_t *current_srv = NULL;
  678. #define SRV_TEST_VECTOR \
  679. "2A9B1D6237DAB312A40F575DA85C147663E7ED3F80E9555395F15B515C74253D"
  680. MOCK(trusteddirserver_get_by_v3_auth_digest,
  681. trusteddirserver_get_by_v3_auth_digest_m);
  682. init_authority_state();
  683. /* Setup the commits for this unittest */
  684. test_sr_setup_commits();
  685. test_sr_setup_srv(0);
  686. /* Now switch to reveal phase */
  687. set_sr_phase(SR_PHASE_REVEAL);
  688. /* Compute the SRV */
  689. sr_compute_srv();
  690. /* Check the result against the test vector */
  691. current_srv = sr_state_get_current_srv();
  692. tt_assert(current_srv);
  693. tt_u64_op(current_srv->num_reveals, ==, 3);
  694. tt_str_op(hex_str((char*)current_srv->value, 32),
  695. ==,
  696. SRV_TEST_VECTOR);
  697. done:
  698. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  699. }
  700. /** Return a minimal vote document with a current SRV value set to
  701. * <b>srv</b>. */
  702. static networkstatus_t *
  703. get_test_vote_with_curr_srv(const char *srv)
  704. {
  705. networkstatus_t *vote = tor_malloc_zero(sizeof(networkstatus_t));
  706. vote->type = NS_TYPE_VOTE;
  707. vote->sr_info.participate = 1;
  708. vote->sr_info.current_srv = tor_malloc_zero(sizeof(sr_srv_t));
  709. vote->sr_info.current_srv->num_reveals = 42;
  710. memcpy(vote->sr_info.current_srv->value,
  711. srv,
  712. sizeof(vote->sr_info.current_srv->value));
  713. return vote;
  714. }
  715. /* Test the function that picks the right SRV given a bunch of votes. Make sure
  716. * that the function returns an SRV iff the majority/agreement requirements are
  717. * met. */
  718. static void
  719. test_sr_get_majority_srv_from_votes(void *arg)
  720. {
  721. sr_srv_t *chosen_srv;
  722. smartlist_t *votes = smartlist_new();
  723. #define SRV_1 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
  724. #define SRV_2 "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
  725. (void) arg;
  726. init_authority_state();
  727. /* Make sure our SRV is fresh so we can consider the super majority with
  728. * the consensus params of number of agreements needed. */
  729. sr_state_set_fresh_srv();
  730. /* The test relies on the dirauth list being initialized. */
  731. clear_dir_servers();
  732. add_default_trusted_dir_authorities(V3_DIRINFO);
  733. { /* Prepare voting environment with just a single vote. */
  734. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  735. smartlist_add(votes, vote);
  736. }
  737. /* Since it's only one vote with an SRV, it should not achieve majority and
  738. hence no SRV will be returned. */
  739. chosen_srv = get_majority_srv_from_votes(votes, 1);
  740. tt_assert(!chosen_srv);
  741. { /* Now put in 8 more votes. Let SRV_1 have majority. */
  742. int i;
  743. /* Now 7 votes believe in SRV_1 */
  744. for (i = 0; i < 3; i++) {
  745. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  746. smartlist_add(votes, vote);
  747. }
  748. /* and 2 votes believe in SRV_2 */
  749. for (i = 0; i < 2; i++) {
  750. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_2);
  751. smartlist_add(votes, vote);
  752. }
  753. for (i = 0; i < 3; i++) {
  754. networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
  755. smartlist_add(votes, vote);
  756. }
  757. tt_int_op(smartlist_len(votes), ==, 9);
  758. }
  759. /* Now we achieve majority for SRV_1, but not the AuthDirNumSRVAgreements
  760. requirement. So still not picking an SRV. */
  761. set_num_srv_agreements(8);
  762. chosen_srv = get_majority_srv_from_votes(votes, 1);
  763. tt_assert(!chosen_srv);
  764. /* We will now lower the AuthDirNumSRVAgreements requirement by tweaking the
  765. * consensus parameter and we will try again. This time it should work. */
  766. set_num_srv_agreements(7);
  767. chosen_srv = get_majority_srv_from_votes(votes, 1);
  768. tt_assert(chosen_srv);
  769. tt_u64_op(chosen_srv->num_reveals, ==, 42);
  770. tt_mem_op(chosen_srv->value, OP_EQ, SRV_1, sizeof(chosen_srv->value));
  771. done:
  772. SMARTLIST_FOREACH(votes, networkstatus_t *, vote,
  773. networkstatus_vote_free(vote));
  774. smartlist_free(votes);
  775. }
  776. static void
  777. test_utils(void *arg)
  778. {
  779. (void) arg;
  780. /* Testing srv_dup(). */
  781. {
  782. sr_srv_t *srv = NULL, *dup_srv = NULL;
  783. const char *srv_value =
  784. "1BDB7C3E973936E4D13A49F37C859B3DC69C429334CF9412E3FEF6399C52D47A";
  785. srv = tor_malloc_zero(sizeof(*srv));
  786. srv->num_reveals = 42;
  787. memcpy(srv->value, srv_value, sizeof(srv->value));
  788. dup_srv = srv_dup(srv);
  789. tt_assert(dup_srv);
  790. tt_u64_op(dup_srv->num_reveals, ==, srv->num_reveals);
  791. tt_mem_op(dup_srv->value, OP_EQ, srv->value, sizeof(srv->value));
  792. tor_free(srv);
  793. tor_free(dup_srv);
  794. }
  795. /* Testing commitments_are_the_same(). Currently, the check is to test the
  796. * value of the encoded commit so let's make sure that actually works. */
  797. {
  798. /* Payload of 57 bytes that is the length of sr_commit_t->encoded_commit.
  799. * 56 bytes of payload and a NUL terminated byte at the end ('\x00')
  800. * which comes down to SR_COMMIT_BASE64_LEN + 1. */
  801. const char *payload =
  802. "\x5d\xb9\x60\xb6\xcc\x51\x68\x52\x31\xd9\x88\x88\x71\x71\xe0\x30"
  803. "\x59\x55\x7f\xcd\x61\xc0\x4b\x05\xb8\xcd\xc1\x48\xe9\xcd\x16\x1f"
  804. "\x70\x15\x0c\xfc\xd3\x1a\x75\xd0\x93\x6c\xc4\xe0\x5c\xbe\xe2\x18"
  805. "\xc7\xaf\x72\xb6\x7c\x9b\x52\x00";
  806. sr_commit_t commit1, commit2;
  807. memcpy(commit1.encoded_commit, payload, sizeof(commit1.encoded_commit));
  808. memcpy(commit2.encoded_commit, payload, sizeof(commit2.encoded_commit));
  809. tt_int_op(commitments_are_the_same(&commit1, &commit2), ==, 1);
  810. /* Let's corrupt one of them. */
  811. memset(commit1.encoded_commit, 'A', sizeof(commit1.encoded_commit));
  812. tt_int_op(commitments_are_the_same(&commit1, &commit2), ==, 0);
  813. }
  814. /* Testing commit_is_authoritative(). */
  815. {
  816. crypto_pk_t *k = crypto_pk_new();
  817. char digest[DIGEST_LEN];
  818. sr_commit_t commit;
  819. tt_assert(!crypto_pk_generate_key(k));
  820. tt_int_op(0, ==, crypto_pk_get_digest(k, digest));
  821. memcpy(commit.rsa_identity, digest, sizeof(commit.rsa_identity));
  822. tt_int_op(commit_is_authoritative(&commit, digest), ==, 1);
  823. /* Change the pubkey. */
  824. memset(commit.rsa_identity, 0, sizeof(commit.rsa_identity));
  825. tt_int_op(commit_is_authoritative(&commit, digest), ==, 0);
  826. }
  827. /* Testing get_phase_str(). */
  828. {
  829. tt_str_op(get_phase_str(SR_PHASE_REVEAL), ==, "reveal");
  830. tt_str_op(get_phase_str(SR_PHASE_COMMIT), ==, "commit");
  831. }
  832. /* Testing phase transition */
  833. {
  834. init_authority_state();
  835. set_sr_phase(SR_PHASE_COMMIT);
  836. tt_int_op(is_phase_transition(SR_PHASE_REVEAL), ==, 1);
  837. tt_int_op(is_phase_transition(SR_PHASE_COMMIT), ==, 0);
  838. set_sr_phase(SR_PHASE_REVEAL);
  839. tt_int_op(is_phase_transition(SR_PHASE_REVEAL), ==, 0);
  840. tt_int_op(is_phase_transition(SR_PHASE_COMMIT), ==, 1);
  841. /* Junk. */
  842. tt_int_op(is_phase_transition(42), ==, 1);
  843. }
  844. done:
  845. return;
  846. }
  847. static void
  848. test_state_transition(void *arg)
  849. {
  850. sr_state_t *state = NULL;
  851. time_t now = time(NULL);
  852. (void) arg;
  853. { /* Setup a minimal dirauth environment for this test */
  854. init_authority_state();
  855. state = get_sr_state();
  856. tt_assert(state);
  857. }
  858. /* Test our state reset for a new protocol run. */
  859. {
  860. /* Add a commit to the state so we can test if the reset cleans the
  861. * commits. Also, change all params that we expect to be updated. */
  862. sr_commit_t *commit = sr_generate_our_commit(now, mock_cert);
  863. tt_assert(commit);
  864. sr_state_add_commit(commit);
  865. tt_int_op(digestmap_size(state->commits), ==, 1);
  866. /* Let's test our delete feature. */
  867. sr_state_delete_commits();
  868. tt_int_op(digestmap_size(state->commits), ==, 0);
  869. /* Add it back so we can continue the rest of the test because after
  870. * deletiong our commit will be freed so generate a new one. */
  871. commit = sr_generate_our_commit(now, mock_cert);
  872. tt_assert(commit);
  873. sr_state_add_commit(commit);
  874. tt_int_op(digestmap_size(state->commits), ==, 1);
  875. state->n_reveal_rounds = 42;
  876. state->n_commit_rounds = 43;
  877. state->n_protocol_runs = 44;
  878. reset_state_for_new_protocol_run(now);
  879. tt_int_op(state->n_reveal_rounds, ==, 0);
  880. tt_int_op(state->n_commit_rounds, ==, 0);
  881. tt_u64_op(state->n_protocol_runs, ==, 45);
  882. tt_int_op(digestmap_size(state->commits), ==, 0);
  883. }
  884. /* Test SRV rotation in our state. */
  885. {
  886. const sr_srv_t *cur, *prev;
  887. test_sr_setup_srv(1);
  888. cur = sr_state_get_current_srv();
  889. tt_assert(cur);
  890. /* After, current srv should be the previous and then set to NULL. */
  891. state_rotate_srv();
  892. prev = sr_state_get_previous_srv();
  893. tt_assert(prev == cur);
  894. tt_assert(!sr_state_get_current_srv());
  895. }
  896. /* New protocol run. */
  897. {
  898. const sr_srv_t *cur;
  899. /* Setup some new SRVs so we can confirm that a new protocol run
  900. * actually makes them rotate and compute new ones. */
  901. test_sr_setup_srv(1);
  902. cur = sr_state_get_current_srv();
  903. tt_assert(cur);
  904. set_sr_phase(SR_PHASE_REVEAL);
  905. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  906. new_protocol_run(now);
  907. UNMOCK(get_my_v3_authority_cert);
  908. /* Rotation happened. */
  909. tt_assert(sr_state_get_previous_srv() == cur);
  910. /* We are going into COMMIT phase so we had to rotate our SRVs. Usually
  911. * our current SRV would be NULL but a new protocol run should make us
  912. * compute a new SRV. */
  913. tt_assert(sr_state_get_current_srv());
  914. /* Also, make sure we did change the current. */
  915. tt_assert(sr_state_get_current_srv() != cur);
  916. /* We should have our commitment alone. */
  917. tt_int_op(digestmap_size(state->commits), ==, 1);
  918. tt_int_op(state->n_reveal_rounds, ==, 0);
  919. tt_int_op(state->n_commit_rounds, ==, 0);
  920. /* 46 here since we were at 45 just before. */
  921. tt_u64_op(state->n_protocol_runs, ==, 46);
  922. }
  923. /* Cleanup of SRVs. */
  924. {
  925. sr_state_clean_srvs();
  926. tt_assert(!sr_state_get_current_srv());
  927. tt_assert(!sr_state_get_previous_srv());
  928. }
  929. done:
  930. return;
  931. }
  932. static void
  933. test_keep_commit(void *arg)
  934. {
  935. char fp[FINGERPRINT_LEN + 1];
  936. sr_commit_t *commit = NULL, *dup_commit = NULL;
  937. sr_state_t *state;
  938. time_t now = time(NULL);
  939. (void) arg;
  940. MOCK(trusteddirserver_get_by_v3_auth_digest,
  941. trusteddirserver_get_by_v3_auth_digest_m);
  942. { /* Setup a minimal dirauth environment for this test */
  943. crypto_pk_t *k = crypto_pk_new();
  944. /* Have a key that is not the one from our commit. */
  945. tt_int_op(0, ==, crypto_pk_generate_key(k));
  946. tt_int_op(0, ==, crypto_pk_get_fingerprint(k, fp, 0));
  947. init_authority_state();
  948. state = get_sr_state();
  949. }
  950. /* Test this very important function that tells us if we should keep a
  951. * commit or not in our state. Most of it depends on the phase and what's
  952. * in the commit so we'll change the commit as we go. */
  953. commit = sr_generate_our_commit(now, mock_cert);
  954. tt_assert(commit);
  955. /* Set us in COMMIT phase for starter. */
  956. set_sr_phase(SR_PHASE_COMMIT);
  957. /* We should never keep a commit from a non authoritative authority. */
  958. tt_int_op(should_keep_commit(commit, fp, SR_PHASE_COMMIT), ==, 0);
  959. /* This should NOT be kept because it has a reveal value in it. */
  960. tt_assert(commit_has_reveal_value(commit));
  961. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  962. SR_PHASE_COMMIT), ==, 0);
  963. /* Add it to the state which should return to not keep it. */
  964. sr_state_add_commit(commit);
  965. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  966. SR_PHASE_COMMIT), ==, 0);
  967. /* Remove it from state so we can continue our testing. */
  968. digestmap_remove(state->commits, commit->rsa_identity);
  969. /* Let's remove our reveal value which should make it OK to keep it. */
  970. memset(commit->encoded_reveal, 0, sizeof(commit->encoded_reveal));
  971. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  972. SR_PHASE_COMMIT), ==, 1);
  973. /* Let's reset our commit and go into REVEAL phase. */
  974. sr_commit_free(commit);
  975. commit = sr_generate_our_commit(now, mock_cert);
  976. tt_assert(commit);
  977. /* Dup the commit so we have one with and one without a reveal value. */
  978. dup_commit = tor_malloc_zero(sizeof(*dup_commit));
  979. memcpy(dup_commit, commit, sizeof(*dup_commit));
  980. memset(dup_commit->encoded_reveal, 0, sizeof(dup_commit->encoded_reveal));
  981. set_sr_phase(SR_PHASE_REVEAL);
  982. /* We should never keep a commit from a non authoritative authority. */
  983. tt_int_op(should_keep_commit(commit, fp, SR_PHASE_REVEAL), ==, 0);
  984. /* We shouldn't accept a commit that is not in our state. */
  985. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  986. SR_PHASE_REVEAL), ==, 0);
  987. /* Important to add the commit _without_ the reveal here. */
  988. sr_state_add_commit(dup_commit);
  989. tt_int_op(digestmap_size(state->commits), ==, 1);
  990. /* Our commit should be valid that is authoritative, contains a reveal, be
  991. * in the state and commitment and reveal values match. */
  992. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  993. SR_PHASE_REVEAL), ==, 1);
  994. /* The commit shouldn't be kept if it's not verified that is no matchin
  995. * hashed reveal. */
  996. {
  997. /* Let's save the hash reveal so we can restore it. */
  998. sr_commit_t place_holder;
  999. memcpy(place_holder.hashed_reveal, commit->hashed_reveal,
  1000. sizeof(place_holder.hashed_reveal));
  1001. memset(commit->hashed_reveal, 0, sizeof(commit->hashed_reveal));
  1002. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1003. SR_PHASE_REVEAL), ==, 0);
  1004. memcpy(commit->hashed_reveal, place_holder.hashed_reveal,
  1005. sizeof(commit->hashed_reveal));
  1006. }
  1007. /* We shouldn't keep a commit that has no reveal. */
  1008. tt_int_op(should_keep_commit(dup_commit, dup_commit->rsa_identity,
  1009. SR_PHASE_REVEAL), ==, 0);
  1010. /* We must not keep a commit that is not the same from the commit phase. */
  1011. memset(commit->encoded_commit, 0, sizeof(commit->encoded_commit));
  1012. tt_int_op(should_keep_commit(commit, commit->rsa_identity,
  1013. SR_PHASE_REVEAL), ==, 0);
  1014. done:
  1015. sr_commit_free(commit);
  1016. sr_commit_free(dup_commit);
  1017. UNMOCK(trusteddirserver_get_by_v3_auth_digest);
  1018. }
  1019. static void
  1020. test_state_update(void *arg)
  1021. {
  1022. time_t commit_phase_time = 1452076000;
  1023. time_t reveal_phase_time = 1452086800;
  1024. sr_state_t *state;
  1025. (void) arg;
  1026. {
  1027. init_authority_state();
  1028. state = get_sr_state();
  1029. set_sr_phase(SR_PHASE_COMMIT);
  1030. /* We'll cheat a bit here and reset the creation time of the state which
  1031. * will avoid us to compute a valid_after time that fits the commit
  1032. * phase. */
  1033. state->valid_after = 0;
  1034. state->n_reveal_rounds = 0;
  1035. state->n_commit_rounds = 0;
  1036. state->n_protocol_runs = 0;
  1037. }
  1038. /* We need to mock for the state update function call. */
  1039. MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
  1040. /* We are in COMMIT phase here and we'll trigger a state update but no
  1041. * transition. */
  1042. sr_state_update(commit_phase_time);
  1043. tt_int_op(state->valid_after, ==, commit_phase_time);
  1044. tt_int_op(state->n_commit_rounds, ==, 1);
  1045. tt_int_op(state->phase, ==, SR_PHASE_COMMIT);
  1046. tt_int_op(digestmap_size(state->commits), ==, 1);
  1047. /* We are still in the COMMIT phase here but we'll trigger a state
  1048. * transition to the REVEAL phase. */
  1049. sr_state_update(reveal_phase_time);
  1050. tt_int_op(state->phase, ==, SR_PHASE_REVEAL);
  1051. tt_int_op(state->valid_after, ==, reveal_phase_time);
  1052. /* Only our commit should be in there. */
  1053. tt_int_op(digestmap_size(state->commits), ==, 1);
  1054. tt_int_op(state->n_reveal_rounds, ==, 1);
  1055. /* We can't update a state with a valid after _lower_ than the creation
  1056. * time so here it is. */
  1057. sr_state_update(commit_phase_time);
  1058. tt_int_op(state->valid_after, ==, reveal_phase_time);
  1059. /* Finally, let's go back in COMMIT phase so we can test the state update
  1060. * of a new protocol run. */
  1061. state->valid_after = 0;
  1062. sr_state_update(commit_phase_time);
  1063. tt_int_op(state->valid_after, ==, commit_phase_time);
  1064. tt_int_op(state->n_commit_rounds, ==, 1);
  1065. tt_int_op(state->n_reveal_rounds, ==, 0);
  1066. tt_u64_op(state->n_protocol_runs, ==, 1);
  1067. tt_int_op(state->phase, ==, SR_PHASE_COMMIT);
  1068. tt_int_op(digestmap_size(state->commits), ==, 1);
  1069. tt_assert(state->current_srv);
  1070. done:
  1071. sr_state_free();
  1072. UNMOCK(get_my_v3_authority_cert);
  1073. }
  1074. struct testcase_t sr_tests[] = {
  1075. { "get_sr_protocol_phase", test_get_sr_protocol_phase, TT_FORK,
  1076. NULL, NULL },
  1077. { "sr_commit", test_sr_commit, TT_FORK,
  1078. NULL, NULL },
  1079. { "keep_commit", test_keep_commit, TT_FORK,
  1080. NULL, NULL },
  1081. { "encoding", test_encoding, TT_FORK,
  1082. NULL, NULL },
  1083. { "get_next_valid_after_time", test_get_next_valid_after_time, TT_FORK,
  1084. NULL, NULL },
  1085. { "get_state_valid_until_time", test_get_state_valid_until_time, TT_FORK,
  1086. NULL, NULL },
  1087. { "vote", test_vote, TT_FORK,
  1088. NULL, NULL },
  1089. { "state_load_from_disk", test_state_load_from_disk, TT_FORK,
  1090. NULL, NULL },
  1091. { "sr_compute_srv", test_sr_compute_srv, TT_FORK, NULL, NULL },
  1092. { "sr_get_majority_srv_from_votes", test_sr_get_majority_srv_from_votes,
  1093. TT_FORK, NULL, NULL },
  1094. { "utils", test_utils, TT_FORK, NULL, NULL },
  1095. { "state_transition", test_state_transition, TT_FORK, NULL, NULL },
  1096. { "state_update", test_state_update, TT_FORK,
  1097. NULL, NULL },
  1098. END_OF_TESTCASES
  1099. };