nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 13:13:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'tor-github/pr/699'

Browse Source
This commit is contained in:
Nick Mathewson 2019-02-13 15:19:59 -05:00
commit 5f42bc0f48
7 changed files with 178 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changes/ticket26698 Normal file
View File

@ -0,0 +1,4 @@
o Minor features (directory authority):
- When a directory authority is using a bandwidth file to obtain the
bandwidth values, include the digest of the file in the vote.
Closes ticket 26698.

3
src/app/config/config.c
View File

@ -3554,7 +3554,8 @@ options_validate(or_options_t *old_options, or_options_t *options,
"(Bridge/V3)AuthoritativeDir is set.");
/* If we have a v3bandwidthsfile and it's broken, complain on startup */
if (options->V3BandwidthsFile && !old_options) {
dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL, NULL);
dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL, NULL,
NULL);
}
/* same for guardfraction file */
if (options->GuardfractionFile && !old_options) {

28
src/feature/dirauth/bwauth.c
View File

@ -20,6 +20,7 @@
#include "feature/nodelist/routerinfo_st.h"
#include "feature/nodelist/vote_routerstatus_st.h"
#include "lib/crypt_ops/crypto_format.h"
#include "lib/encoding/keyval.h"
/** Total number of routers with measured bandwidth; this is set by
@ -205,7 +206,8 @@ dirserv_get_credible_bandwidth_kb(const routerinfo_t *ri)
int
dirserv_read_measured_bandwidths(const char *from_file,
smartlist_t *routerstatuses,
smartlist_t *bw_file_headers)
smartlist_t *bw_file_headers,
uint8_t *digest_out)
{
FILE *fp = tor_fopen_cloexec(from_file, "r");
int applied_lines = 0;
@ -219,6 +221,7 @@ dirserv_read_measured_bandwidths(const char *from_file,
int rv = -1;
char *line = NULL;
size_t n = 0;
crypto_digest_t *digest = crypto_digest256_new(DIGEST_SHA256);
/* Initialise line, so that we can't possibly run off the end. */
@ -233,11 +236,14 @@ dirserv_read_measured_bandwidths(const char *from_file,
log_warn(LD_DIRSERV, "Empty bandwidth file");
goto err;
}
/* If the line could be gotten, add it to the digest */
crypto_digest_add_bytes(digest, (const char *) line, strlen(line));
if (!strlen(line) || line[strlen(line)-1] != '\n') {
log_warn(LD_DIRSERV, "Long or truncated time in bandwidth file: %s",
escaped(line));
goto err;
/* Continue adding lines to the digest. */
goto continue_digest;
}
line[strlen(line)-1] = '\0';
@ -245,14 +251,14 @@ dirserv_read_measured_bandwidths(const char *from_file,
if (!ok) {
log_warn(LD_DIRSERV, "Non-integer time in bandwidth file: %s",
escaped(line));
goto err;
goto continue_digest;
}
now = time(NULL);
now = approx_time();
if ((now - file_time) > MAX_MEASUREMENT_AGE) {
log_warn(LD_DIRSERV, "Bandwidth measurement file stale. Age: %u",
(unsigned)(time(NULL) - file_time));
goto err;
goto continue_digest;
}
/* If timestamp was correct and bw_file_headers is not NULL,
@ -267,6 +273,7 @@ dirserv_read_measured_bandwidths(const char *from_file,
while (!feof(fp)) {
measured_bw_line_t parsed_line;
if (tor_getline(&line, &n, fp) >= 0) {
crypto_digest_add_bytes(digest, (const char *) line, strlen(line));
if (measured_bw_line_parse(&parsed_line, line,
line_is_after_headers) != -1) {
/* This condition will be true when the first complete valid bw line
@ -305,6 +312,14 @@ dirserv_read_measured_bandwidths(const char *from_file,
"Applied %d measurements.", applied_lines);
rv = 0;
continue_digest:
/* Continue parsing lines to return the digest of the Bandwidth File. */
while (!feof(fp)) {
if (tor_getline(&line, &n, fp) >= 0) {
crypto_digest_add_bytes(digest, (const char *) line, strlen(line));
}
}
err:
if (line) {
// we need to raw_free this buffer because we got it from tor_getdelim()
@ -312,6 +327,9 @@ dirserv_read_measured_bandwidths(const char *from_file,
}
if (fp)
fclose(fp);
if (digest_out)
crypto_digest_get_digest(digest, (char *) digest_out, DIGEST256_LEN);
crypto_digest_free(digest);
return rv;
}

4
src/feature/dirauth/bwauth.h
View File

@ -21,8 +21,8 @@
int dirserv_read_measured_bandwidths(const char *from_file,
smartlist_t *routerstatuses,
smartlist_t *bw_file_headers);
smartlist_t *bw_file_headers,
uint8_t *digest_out);
int dirserv_query_measured_bw_cache_kb(const char *node_id,
long *bw_out,
time_t *as_of_out);

40
src/feature/dirauth/dirvote.c
View File

@ -61,6 +61,9 @@
#include "lib/encoding/confline.h"
#include "lib/crypt_ops/crypto_format.h"
/* Algorithm to use for the bandwidth file digest. */
#define DIGEST_ALG_BW_FILE DIGEST_SHA256
/**
* \file dirvote.c
* \brief Functions to compute directory consensus, and schedule voting.
@ -269,6 +272,7 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key,
char *flag_thresholds = dirserv_get_flag_thresholds_line();
char *params;
char *bw_headers_line = NULL;
char *bw_file_digest = NULL;
authority_cert_t *cert = v3_ns->cert;
char *methods =
make_consensus_method_list(MIN_SUPPORTED_CONSENSUS_METHOD,
@ -308,6 +312,28 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key,
tor_free(bw_file_headers);
}
/* Create bandwidth-file-digest if applicable.
* v3_ns->b64_digest_bw_file will contain the digest when V3BandwidthsFile
* is configured and the bandwidth file could be read, even if it was not
* parseable.
*/
if (!tor_digest256_is_zero((const char *)v3_ns->bw_file_digest256)) {
/* Encode the digest. */
char b64_digest_bw_file[BASE64_DIGEST256_LEN+1] = {0};
if (digest256_to_base64(b64_digest_bw_file,
(const char *)v3_ns->bw_file_digest256)>0) {
/* "bandwidth-file-digest" 1*(SP algorithm "=" digest) NL */
char *digest_algo_b64_digest_bw_file = NULL;
tor_asprintf(&digest_algo_b64_digest_bw_file, "%s=%s",
crypto_digest_algorithm_get_name(DIGEST_ALG_BW_FILE),
b64_digest_bw_file);
/* No need for tor_strdup(""), format_line_if_present does it. */
bw_file_digest = format_line_if_present(
"bandwidth-file-digest", digest_algo_b64_digest_bw_file);
tor_free(digest_algo_b64_digest_bw_file);
}
}
smartlist_add_asprintf(chunks,
"network-status-version 3\n"
"vote-status %s\n"
@ -327,6 +353,7 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key,
"contact %s\n"
"%s" /* shared randomness information */
"%s" /* bandwidth file headers */
"%s" /* bandwidth file */
,
v3_ns->type == NS_TYPE_VOTE ? "vote" : "opinion",
methods,
@ -345,7 +372,8 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key,
shared_random_vote_str ?
shared_random_vote_str : "",
bw_headers_line ?
bw_headers_line : "");
bw_headers_line : "",
bw_file_digest ? bw_file_digest: "");
tor_free(params);
tor_free(flags);
@ -353,6 +381,7 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key,
tor_free(methods);
tor_free(shared_random_vote_str);
tor_free(bw_headers_line);
tor_free(bw_file_digest);
if (!tor_digest_is_zero(voter->legacy_id_digest)) {
char fpbuf[HEX_DIGEST_LEN+1];
@ -4425,6 +4454,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
const int vote_on_reachability = running_long_enough_to_decide_unreachable();
smartlist_t *microdescriptors = NULL;
smartlist_t *bw_file_headers = NULL;
uint8_t bw_file_digest256[DIGEST256_LEN] = {0};
tor_assert(private_key);
tor_assert(cert);
@ -4462,7 +4492,8 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
* set_routerstatus_from_routerinfo() see up-to-date bandwidth info.
*/
if (options->V3BandwidthsFile) {
dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL, NULL);
dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL, NULL,
NULL);
} else {
/*
* No bandwidths file; clear the measured bandwidth cache in case we had
@ -4567,7 +4598,9 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
/* Only set bw_file_headers when V3BandwidthsFile is configured */
bw_file_headers = smartlist_new();
dirserv_read_measured_bandwidths(options->V3BandwidthsFile,
routerstatuses, bw_file_headers);
routerstatuses, bw_file_headers,
bw_file_digest256);
} else {
/*
* No bandwidths file; clear the measured bandwidth cache in case we had
@ -4664,6 +4697,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
smartlist_sort_strings(v3_out->net_params);
}
v3_out->bw_file_headers = bw_file_headers;
memcpy(v3_out->bw_file_digest256, bw_file_digest256, DIGEST256_LEN);
voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
voter->nickname = tor_strdup(options->Nickname);

3
src/feature/nodelist/networkstatus_st.h
View File

@ -99,6 +99,9 @@ struct networkstatus_t {
/** List of key=value strings from the headers of the bandwidth list file */
smartlist_t *bw_file_headers;
/** A SHA256 digest of the bandwidth file used in a vote. */
uint8_t bw_file_digest256[DIGEST256_LEN];
};
#endif

123
src/test/test_dir.c
View File

@ -91,6 +91,9 @@
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#define NS_MODULE dir
@ -1765,7 +1768,8 @@ test_dir_dirserv_read_measured_bandwidths(void *arg)
write_str_to_file(fname, "", 0);
setup_capture_of_logs(LOG_WARN);
tt_int_op(-1, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
bw_file_headers));
bw_file_headers,
NULL));
expect_log_msg("Empty bandwidth file\n");
teardown_capture_of_logs();
bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
@ -1781,7 +1785,9 @@ test_dir_dirserv_read_measured_bandwidths(void *arg)
write_str_to_file(fname, content, 0);
tor_free(content);
tt_int_op(-1, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
bw_file_headers));
bw_file_headers,
NULL));
bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
tt_str_op("", OP_EQ, bw_file_headers_str);
SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
@ -1792,7 +1798,9 @@ test_dir_dirserv_read_measured_bandwidths(void *arg)
write_str_to_file(fname, header_lines_v100, 0);
bw_file_headers = smartlist_new();
tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
bw_file_headers));
bw_file_headers,
NULL));
bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
tt_str_op(bw_file_headers_str_v100, OP_EQ, bw_file_headers_str);
SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
@ -1805,7 +1813,9 @@ test_dir_dirserv_read_measured_bandwidths(void *arg)
write_str_to_file(fname, content, 0);
tor_free(content);
tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
bw_file_headers));
bw_file_headers,
NULL));
bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
tt_str_op(bw_file_headers_str_v100, OP_EQ, bw_file_headers_str);
SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
@ -1816,7 +1826,8 @@ test_dir_dirserv_read_measured_bandwidths(void *arg)
tor_asprintf(&content, "%s%s", header_lines_v100, relay_lines_v100);
write_str_to_file(fname, content, 0);
tor_free(content);
tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL, NULL));
tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL, NULL,
NULL));
/* Test bandwidth file including v1.1.0 bandwidth headers and
* v1.0.0 relay lines. bw_file_headers will contain the v1.1.0 headers. */
@ -1826,7 +1837,9 @@ test_dir_dirserv_read_measured_bandwidths(void *arg)
write_str_to_file(fname, content, 0);
tor_free(content);
tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
bw_file_headers));
bw_file_headers,
NULL));
bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
tt_str_op(bw_file_headers_str_v110, OP_EQ, bw_file_headers_str);
SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
@ -1842,7 +1855,9 @@ test_dir_dirserv_read_measured_bandwidths(void *arg)
write_str_to_file(fname, content, 0);
tor_free(content);
tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
bw_file_headers));
bw_file_headers,
NULL));
bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
tt_str_op(bw_file_headers_str_v100, OP_EQ, bw_file_headers_str);
SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
@ -1859,7 +1874,9 @@ test_dir_dirserv_read_measured_bandwidths(void *arg)
write_str_to_file(fname, content, 0);
tor_free(content);
tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
bw_file_headers));
bw_file_headers,
NULL));
bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
tt_str_op(bw_file_headers_str_v100, OP_EQ, bw_file_headers_str);
SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
@ -1870,7 +1887,9 @@ test_dir_dirserv_read_measured_bandwidths(void *arg)
bw_file_headers = smartlist_new();
write_str_to_file(fname, header_lines_v110_no_terminator, 0);
tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
bw_file_headers));
bw_file_headers,
NULL));
bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
tt_str_op(bw_file_headers_str_v110, OP_EQ, bw_file_headers_str);
SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
@ -1881,7 +1900,9 @@ test_dir_dirserv_read_measured_bandwidths(void *arg)
bw_file_headers = smartlist_new();
write_str_to_file(fname, header_lines_v110, 0);
tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
bw_file_headers));
bw_file_headers,
NULL));
bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
tt_str_op(bw_file_headers_str_v110, OP_EQ, bw_file_headers_str);
SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
@ -1896,7 +1917,9 @@ test_dir_dirserv_read_measured_bandwidths(void *arg)
write_str_to_file(fname, content, 0);
tor_free(content);
tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
bw_file_headers));
bw_file_headers,
NULL));
bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
tt_str_op(bw_file_headers_str_v110, OP_EQ, bw_file_headers_str);
SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
@ -1911,7 +1934,9 @@ test_dir_dirserv_read_measured_bandwidths(void *arg)
write_str_to_file(fname, content, 0);
tor_free(content);
tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
bw_file_headers));
bw_file_headers,
NULL));
bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
tt_str_op(bw_file_headers_str_v110, OP_EQ, bw_file_headers_str);
SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
@ -1927,7 +1952,9 @@ test_dir_dirserv_read_measured_bandwidths(void *arg)
write_str_to_file(fname, content, 0);
tor_free(content);
tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
bw_file_headers));
bw_file_headers,
NULL));
bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
tt_str_op(bw_file_headers_str_v110, OP_EQ, bw_file_headers_str);
SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
@ -1944,7 +1971,9 @@ test_dir_dirserv_read_measured_bandwidths(void *arg)
write_str_to_file(fname, content, 0);
tor_free(content);
tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
bw_file_headers));
bw_file_headers,
NULL));
bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
tt_str_op(bw_file_headers_str_bad, OP_EQ, bw_file_headers_str);
SMARTLIST_FOREACH(bw_file_headers, char *, c, tor_free(c));
@ -1962,7 +1991,9 @@ test_dir_dirserv_read_measured_bandwidths(void *arg)
write_str_to_file(fname, content, 0);
tor_free(content);
tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
bw_file_headers));
bw_file_headers,
NULL));
tt_int_op(MAX_BW_FILE_HEADER_COUNT_IN_VOTE, OP_EQ,
smartlist_len(bw_file_headers));
bw_file_headers_str = smartlist_join_strings(bw_file_headers, " ", 0, NULL);
@ -1983,7 +2014,9 @@ test_dir_dirserv_read_measured_bandwidths(void *arg)
write_str_to_file(fname, content, 0);
tor_free(content);
tt_int_op(0, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL,
bw_file_headers));
bw_file_headers,
NULL));
tt_int_op(MAX_BW_FILE_HEADER_COUNT_IN_VOTE, OP_EQ,
smartlist_len(bw_file_headers));
/* force bw_file_headers to be bigger than
@ -1997,6 +2030,7 @@ test_dir_dirserv_read_measured_bandwidths(void *arg)
tor_free(bw_file_headers_str);
done:
unlink(fname);
tor_free(fname);
tor_free(header_lines_v100);
tor_free(header_lines_v110_no_terminator);
@ -3830,6 +3864,62 @@ mock_get_options(void)
return mock_options;
}
/**
* Test dirauth_get_b64_digest_bw_file.
* This function should be near the other bwauth functions, but it needs
* mock_get_options, that is only defined here.
*/
static void
test_dir_bwauth_bw_file_digest256(void *arg)
{
(void)arg;
const char *content =
"1541171221\n"
"node_id=$68A483E05A2ABDCA6DA5A3EF8DB5177638A27F80 "
"master_key_ed25519=YaqV4vbvPYKucElk297eVdNArDz9HtIwUoIeo0+cVIpQ "
"bw=760 nick=Test time=2018-05-08T16:13:26\n";
char *fname = tor_strdup(get_fname("V3BandwidthsFile"));
/* Initialize to a wrong digest. */
uint8_t digest[DIGEST256_LEN] = "01234567890123456789abcdefghijkl";
/* Digest of an empty string. Initialize to a wrong digest. */
char digest_empty_str[DIGEST256_LEN] = "01234567890123456789abcdefghijkl";
crypto_digest256(digest_empty_str, "", 0, DIGEST_SHA256);
/* Digest of the content. Initialize to a wrong digest. */
char digest_expected[DIGEST256_LEN] = "01234567890123456789abcdefghijkl";
crypto_digest256(digest_expected, content, strlen(content), DIGEST_SHA256);
/* When the bandwidth file can not be found. */
tt_int_op(-1, OP_EQ,
dirserv_read_measured_bandwidths(fname,
NULL, NULL, digest));
tt_mem_op(digest, OP_EQ, digest_empty_str, DIGEST256_LEN);
/* When there is a timestamp but it is too old. */
write_str_to_file(fname, content, 0);
tt_int_op(-1, OP_EQ,
dirserv_read_measured_bandwidths(fname,
NULL, NULL, digest));
/* The digest will be correct. */
tt_mem_op(digest, OP_EQ, digest_expected, DIGEST256_LEN);
update_approx_time(1541171221);
/* When there is a bandwidth file and it can be read. */
tt_int_op(0, OP_EQ,
dirserv_read_measured_bandwidths(fname,
NULL, NULL, digest));
tt_mem_op(digest, OP_EQ, digest_expected, DIGEST256_LEN);
done:
unlink(fname);
tor_free(fname);
update_approx_time(time(NULL));
}
static void
reset_routerstatus(routerstatus_t *rs,
const char *hex_identity_digest,
@ -6411,6 +6501,7 @@ struct testcase_t dir_tests[] = {
DIR_LEGACY(measured_bw_kb_line_is_after_headers),
DIR_LEGACY(measured_bw_kb_cache),
DIR_LEGACY(dirserv_read_measured_bandwidths),
DIR(bwauth_bw_file_digest256, 0),
DIR_LEGACY(param_voting),
DIR(param_voting_lookup, 0),
DIR_LEGACY(v3_networkstatus),