/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define SHARED_RANDOM_PRIVATE #define SHARED_RANDOM_STATE_PRIVATE #define CONFIG_PRIVATE #define DIRVOTE_PRIVATE #include "core/or/or.h" #include "test/test.h" #include "app/config/config.h" #include "lib/crypt_ops/crypto_rand.h" #include "feature/dirauth/dirvote.h" #include "feature/dirauth/shared_random.h" #include "feature/dirauth/shared_random_state.h" #include "test/log_test_helpers.h" #include "feature/nodelist/networkstatus.h" #include "feature/relay/router.h" #include "feature/relay/routerkeys.h" #include "feature/nodelist/authcert.h" #include "feature/nodelist/dirlist.h" #include "feature/dirparse/authcert_parse.h" #include "feature/hs_common/shared_random_client.h" #include "feature/dirauth/voting_schedule.h" #include "feature/dirclient/dir_server_st.h" #include "feature/nodelist/networkstatus_st.h" #include "app/config/or_state_st.h" #ifdef HAVE_SYS_STAT_H #include #endif #ifdef _WIN32 /* For mkdir */ #include #endif static authority_cert_t *mock_cert; static authority_cert_t * get_my_v3_authority_cert_m(void) { tor_assert(mock_cert); return mock_cert; } static dir_server_t ds; static dir_server_t * trusteddirserver_get_by_v3_auth_digest_m(const char *digest) { (void) digest; /* The shared random code only need to know if a valid pointer to a dir * server object has been found so this is safe because it won't use the * pointer at all never. */ return &ds; } /* Setup a minimal dirauth environment by initializing the SR state and * making sure the options are set to be an authority directory. * You must only call this function once per process. */ static void init_authority_state(void) { MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m); or_options_t *options = get_options_mutable(); mock_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, strlen(AUTHORITY_CERT_1), NULL); tt_assert(mock_cert); options->AuthoritativeDir = 1; tt_int_op(load_ed_keys(options, time(NULL)), OP_GE, 0); sr_state_init(0, 0); /* It's possible a commit has been generated in our state depending on * the phase we are currently in which uses "now" as the starting * timestamp. Delete it before we do any testing below. */ sr_state_delete_commits(); /* It's also possible that a current SRV has been generated, if we are at * state transition time. But let's just forget about that SRV. */ sr_state_clean_srvs(); done: UNMOCK(get_my_v3_authority_cert); } static void test_get_sr_protocol_phase(void *arg) { time_t the_time; sr_phase_t phase; int retval; (void) arg; /* Initialize SR state */ init_authority_state(); { retval = parse_rfc1123_time("Wed, 20 Apr 2015 23:59:00 UTC", &the_time); tt_int_op(retval, OP_EQ, 0); phase = get_sr_protocol_phase(the_time); tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL); } { retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:00 UTC", &the_time); tt_int_op(retval, OP_EQ, 0); phase = get_sr_protocol_phase(the_time); tt_int_op(phase, OP_EQ, SR_PHASE_COMMIT); } { retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:01 UTC", &the_time); tt_int_op(retval, OP_EQ, 0); phase = get_sr_protocol_phase(the_time); tt_int_op(phase, OP_EQ, SR_PHASE_COMMIT); } { retval = parse_rfc1123_time("Wed, 20 Apr 2015 11:59:00 UTC", &the_time); tt_int_op(retval, OP_EQ, 0); phase = get_sr_protocol_phase(the_time); tt_int_op(phase, OP_EQ, SR_PHASE_COMMIT); } { retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:00 UTC", &the_time); tt_int_op(retval, OP_EQ, 0); phase = get_sr_protocol_phase(the_time); tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL); } { retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:01 UTC", &the_time); tt_int_op(retval, OP_EQ, 0); phase = get_sr_protocol_phase(the_time); tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL); } { retval = parse_rfc1123_time("Wed, 20 Apr 2015 13:00:00 UTC", &the_time); tt_int_op(retval, OP_EQ, 0); phase = get_sr_protocol_phase(the_time); tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL); } done: ; } static networkstatus_t mock_consensus; /* Mock function to immediately return our local 'mock_consensus'. */ static networkstatus_t * mock_networkstatus_get_live_consensus(time_t now) { (void) now; return &mock_consensus; } /* Mock function to immediately return our local 'mock_consensus'. */ static networkstatus_t * mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor) { (void) now; (void) flavor; return &mock_consensus; } static void test_get_state_valid_until_time(void *arg) { time_t current_time; time_t valid_until_time; char tbuf[ISO_TIME_LEN + 1]; int retval; (void) arg; MOCK(networkstatus_get_live_consensus, mock_networkstatus_get_live_consensus); MOCK(networkstatus_get_reasonably_live_consensus, mock_networkstatus_get_reasonably_live_consensus); retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC", &mock_consensus.fresh_until); tt_int_op(retval, OP_EQ, 0); retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC", &mock_consensus.valid_after); tt_int_op(retval, OP_EQ, 0); { /* Get the valid until time if called at 00:00:01 */ retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC", ¤t_time); tt_int_op(retval, OP_EQ, 0); dirauth_sched_recalculate_timing(get_options(), current_time); valid_until_time = get_state_valid_until_time(current_time); /* Compare it with the correct result */ format_iso_time(tbuf, valid_until_time); tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf); } { retval = parse_rfc1123_time("Mon, 20 Apr 2015 19:22:00 UTC", ¤t_time); tt_int_op(retval, OP_EQ, 0); dirauth_sched_recalculate_timing(get_options(), current_time); valid_until_time = get_state_valid_until_time(current_time); format_iso_time(tbuf, valid_until_time); tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf); } { retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:59:00 UTC", ¤t_time); tt_int_op(retval, OP_EQ, 0); dirauth_sched_recalculate_timing(get_options(), current_time); valid_until_time = get_state_valid_until_time(current_time); format_iso_time(tbuf, valid_until_time); tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf); } { retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC", ¤t_time); tt_int_op(retval, OP_EQ, 0); dirauth_sched_recalculate_timing(get_options(), current_time); valid_until_time = get_state_valid_until_time(current_time); format_iso_time(tbuf, valid_until_time); tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf); } done: UNMOCK(networkstatus_get_reasonably_live_consensus); } /** Test the function that calculates the start time of the current SRV * protocol run. */ static void test_get_start_time_of_current_run(void *arg) { int retval; char tbuf[ISO_TIME_LEN + 1]; time_t current_time, run_start_time; (void) arg; MOCK(networkstatus_get_live_consensus, mock_networkstatus_get_live_consensus); MOCK(networkstatus_get_reasonably_live_consensus, mock_networkstatus_get_reasonably_live_consensus); retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC", &mock_consensus.fresh_until); tt_int_op(retval, OP_EQ, 0); retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC", &mock_consensus.valid_after); tt_int_op(retval, OP_EQ, 0); { /* Get start time if called at 00:00:01 */ retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC", ¤t_time); tt_int_op(retval, OP_EQ, 0); dirauth_sched_recalculate_timing(get_options(), current_time); run_start_time = sr_state_get_start_time_of_current_protocol_run(); /* Compare it with the correct result */ format_iso_time(tbuf, run_start_time); tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf); } { retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:59:59 UTC", ¤t_time); tt_int_op(retval, OP_EQ, 0); dirauth_sched_recalculate_timing(get_options(), current_time); run_start_time = sr_state_get_start_time_of_current_protocol_run(); /* Compare it with the correct result */ format_iso_time(tbuf, run_start_time); tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf); } { retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC", ¤t_time); tt_int_op(retval, OP_EQ, 0); dirauth_sched_recalculate_timing(get_options(), current_time); run_start_time = sr_state_get_start_time_of_current_protocol_run(); /* Compare it with the correct result */ format_iso_time(tbuf, run_start_time); tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf); } { /* We want the local time to be past midnight, but the current consensus to * have valid-after 23:00 (e.g. this can happen if we fetch a new consensus * at 00:08 before dircaches have a chance to get the midnight consensus). * * Basically, we want to cause a desynch between ns->valid_after (23:00) * and the voting_schedule.interval_starts (01:00), to make sure that * sr_state_get_start_time_of_current_protocol_run() handles it gracefully: * It should actually follow the local consensus time and not the voting * schedule (which is designed for authority voting purposes). */ retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC", &mock_consensus.fresh_until); tt_int_op(retval, OP_EQ, 0); retval = parse_rfc1123_time("Mon, 19 Apr 2015 23:00:00 UTC", &mock_consensus.valid_after); tt_int_op(retval, OP_EQ, 0); retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:08:00 UTC", ¤t_time); tt_int_op(retval, OP_EQ, 0); update_approx_time(current_time); dirauth_sched_recalculate_timing(get_options(), current_time); run_start_time = sr_state_get_start_time_of_current_protocol_run(); /* Compare it with the correct result */ format_iso_time(tbuf, run_start_time); tt_str_op("2015-04-19 00:00:00", OP_EQ, tbuf); /* Check that voting_schedule.interval_starts is at 01:00 (see above) */ time_t interval_starts = dirauth_sched_get_next_valid_after_time(); format_iso_time(tbuf, interval_starts); tt_str_op("2015-04-20 01:00:00", OP_EQ, tbuf); } /* Next test is testing it without a consensus to use the testing voting * interval . */ UNMOCK(networkstatus_get_live_consensus); UNMOCK(networkstatus_get_reasonably_live_consensus); /* Now let's alter the voting schedule and check the correctness of the * function. Voting interval of 10 seconds, means that an SRV protocol run * takes 10 seconds * 24 rounds = 4 mins */ { or_options_t *options = get_options_mutable(); options->V3AuthVotingInterval = 10; options->TestingV3AuthInitialVotingInterval = 10; retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:15:32 UTC", ¤t_time); tt_int_op(retval, OP_EQ, 0); dirauth_sched_recalculate_timing(get_options(), current_time); run_start_time = sr_state_get_start_time_of_current_protocol_run(); /* Compare it with the correct result */ format_iso_time(tbuf, run_start_time); tt_str_op("2015-04-20 00:12:00", OP_EQ, tbuf); } done: ; } /** Do some rudimentary consistency checks between the functions that * understand the shared random protocol schedule */ static void test_get_start_time_functions(void *arg) { (void) arg; int retval; MOCK(networkstatus_get_reasonably_live_consensus, mock_networkstatus_get_reasonably_live_consensus); retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC", &mock_consensus.fresh_until); tt_int_op(retval, OP_EQ, 0); retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC", &mock_consensus.valid_after); tt_int_op(retval, OP_EQ, 0); time_t now = mock_consensus.valid_after; dirauth_sched_recalculate_timing(get_options(), now); time_t start_time_of_protocol_run = sr_state_get_start_time_of_current_protocol_run(); tt_assert(start_time_of_protocol_run); /* Check that the round start time of the beginning of the run, is itself */ tt_int_op(dirauth_sched_get_cur_valid_after_time(), OP_EQ, start_time_of_protocol_run); done: UNMOCK(networkstatus_get_reasonably_live_consensus); } static void test_get_sr_protocol_duration(void *arg) { (void) arg; /* Check that by default an SR phase is 12 hours */ tt_int_op(sr_state_get_phase_duration(), OP_EQ, 12*60*60); tt_int_op(sr_state_get_protocol_run_duration(), OP_EQ, 24*60*60); /* Now alter the voting interval and check that the SR phase is 2 mins long * if voting happens every 10 seconds (10*12 seconds = 2 mins) */ or_options_t *options = get_options_mutable(); options->V3AuthVotingInterval = 10; tt_int_op(sr_state_get_phase_duration(), OP_EQ, 2*60); tt_int_op(sr_state_get_protocol_run_duration(), OP_EQ, 4*60); done: ; } /* In this test we are going to generate a sr_commit_t object and validate * it. We first generate our values, and then we parse them as if they were * received from the network. After we parse both the commit and the reveal, * we verify that they indeed match. */ static void test_sr_commit(void *arg) { authority_cert_t *auth_cert = NULL; time_t now = time(NULL); sr_commit_t *our_commit = NULL; smartlist_t *args = smartlist_new(); sr_commit_t *parsed_commit = NULL; (void) arg; { /* Setup a minimal dirauth environment for this test */ or_options_t *options = get_options_mutable(); auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, strlen(AUTHORITY_CERT_1), NULL); tt_assert(auth_cert); options->AuthoritativeDir = 1; tt_int_op(load_ed_keys(options, time(NULL)), OP_GE, 0); } /* Generate our commit object and validate it has the appropriate field * that we can then use to build a representation that we'll find in a * vote coming from the network. */ { sr_commit_t test_commit; our_commit = sr_generate_our_commit(now, auth_cert); tt_assert(our_commit); /* Default and only supported algorithm for now. */ tt_assert(our_commit->alg == DIGEST_SHA3_256); /* We should have a reveal value. */ tt_assert(commit_has_reveal_value(our_commit)); /* We should have a random value. */ tt_assert(!fast_mem_is_zero((char *) our_commit->random_number, sizeof(our_commit->random_number))); /* Commit and reveal timestamp should be the same. */ tt_u64_op(our_commit->commit_ts, OP_EQ, our_commit->reveal_ts); /* We should have a hashed reveal. */ tt_assert(!fast_mem_is_zero(our_commit->hashed_reveal, sizeof(our_commit->hashed_reveal))); /* Do we have a valid encoded commit and reveal. Note the following only * tests if the generated values are correct. Their could be a bug in * the decode function but we test them separately. */ tt_int_op(0, OP_EQ, reveal_decode(our_commit->encoded_reveal, &test_commit)); tt_int_op(0, OP_EQ, commit_decode(our_commit->encoded_commit, &test_commit)); tt_int_op(0, OP_EQ, verify_commit_and_reveal(our_commit)); } /* Let's make sure our verify commit and reveal function works. We'll * make it fail a bit with known failure case. */ { /* Copy our commit so we don't alter it for the rest of testing. */ sr_commit_t test_commit; memcpy(&test_commit, our_commit, sizeof(test_commit)); /* Timestamp MUST match. */ test_commit.commit_ts = test_commit.reveal_ts - 42; setup_full_capture_of_logs(LOG_WARN); tt_int_op(-1, OP_EQ, verify_commit_and_reveal(&test_commit)); expect_log_msg_containing("doesn't match reveal timestamp"); teardown_capture_of_logs(); memcpy(&test_commit, our_commit, sizeof(test_commit)); tt_int_op(0, OP_EQ, verify_commit_and_reveal(&test_commit)); /* Hashed reveal must match the H(encoded_reveal). */ memset(test_commit.hashed_reveal, 'X', sizeof(test_commit.hashed_reveal)); setup_full_capture_of_logs(LOG_WARN); tt_int_op(-1, OP_EQ, verify_commit_and_reveal(&test_commit)); expect_single_log_msg_containing("doesn't match the commit value"); teardown_capture_of_logs(); memcpy(&test_commit, our_commit, sizeof(test_commit)); tt_int_op(0, OP_EQ, verify_commit_and_reveal(&test_commit)); } /* We'll build a list of values from our commit that our parsing function * takes from a vote line and see if we can parse it correctly. */ { smartlist_add_strdup(args, "1"); smartlist_add_strdup(args, crypto_digest_algorithm_get_name(our_commit->alg)); smartlist_add_strdup(args, sr_commit_get_rsa_fpr(our_commit)); smartlist_add_strdup(args, our_commit->encoded_commit); smartlist_add_strdup(args, our_commit->encoded_reveal); parsed_commit = sr_parse_commit(args); tt_assert(parsed_commit); /* That parsed commit should be _EXACTLY_ like our original commit (we * have to explicitly set the valid flag though). */ parsed_commit->valid = 1; tt_mem_op(parsed_commit, OP_EQ, our_commit, sizeof(*parsed_commit)); /* Cleanup */ } done: teardown_capture_of_logs(); SMARTLIST_FOREACH(args, char *, cp, tor_free(cp)); smartlist_free(args); sr_commit_free(our_commit); sr_commit_free(parsed_commit); authority_cert_free(auth_cert); } /* Test the encoding and decoding function for commit and reveal values. */ static void test_encoding(void *arg) { (void) arg; int ret; /* Random number is 32 bytes. */ char raw_rand[32]; time_t ts = 1454333590; char hashed_rand[DIGEST256_LEN], hashed_reveal[DIGEST256_LEN]; sr_commit_t parsed_commit; /* Those values were generated by sr_commit_calc_ref.py where the random * value is 32 'A' and timestamp is the one in ts. */ static const char *encoded_reveal = "AAAAAFavXpZJxbwTupvaJCTeIUCQmOPxAMblc7ChL5H2nZKuGchdaA=="; static const char *encoded_commit = "AAAAAFavXpbkBMzMQG7aNoaGLFNpm2Wkk1ozXhuWWqL//GynltxVAg=="; /* Set up our raw random bytes array. */ memset(raw_rand, 'A', sizeof(raw_rand)); /* Hash random number because we don't expose bytes of the RNG. */ ret = crypto_digest256(hashed_rand, raw_rand, sizeof(raw_rand), SR_DIGEST_ALG); tt_int_op(0, OP_EQ, ret); /* Hash reveal value. */ tt_int_op(SR_REVEAL_BASE64_LEN, OP_EQ, strlen(encoded_reveal)); ret = crypto_digest256(hashed_reveal, encoded_reveal, strlen(encoded_reveal), SR_DIGEST_ALG); tt_int_op(0, OP_EQ, ret); tt_int_op(SR_COMMIT_BASE64_LEN, OP_EQ, strlen(encoded_commit)); /* Test our commit/reveal decode functions. */ { /* Test the reveal encoded value. */ tt_int_op(0, OP_EQ, reveal_decode(encoded_reveal, &parsed_commit)); tt_u64_op(ts, OP_EQ, parsed_commit.reveal_ts); tt_mem_op(hashed_rand, OP_EQ, parsed_commit.random_number, sizeof(hashed_rand)); /* Test the commit encoded value. */ memset(&parsed_commit, 0, sizeof(parsed_commit)); tt_int_op(0, OP_EQ, commit_decode(encoded_commit, &parsed_commit)); tt_u64_op(ts, OP_EQ, parsed_commit.commit_ts); tt_mem_op(encoded_commit, OP_EQ, parsed_commit.encoded_commit, sizeof(parsed_commit.encoded_commit)); tt_mem_op(hashed_reveal, OP_EQ, parsed_commit.hashed_reveal, sizeof(hashed_reveal)); } /* Test our commit/reveal encode functions. */ { /* Test the reveal encode. */ char encoded[SR_REVEAL_BASE64_LEN + 1]; parsed_commit.reveal_ts = ts; memcpy(parsed_commit.random_number, hashed_rand, sizeof(parsed_commit.random_number)); ret = reveal_encode(&parsed_commit, encoded, sizeof(encoded)); tt_int_op(SR_REVEAL_BASE64_LEN, OP_EQ, ret); tt_mem_op(encoded_reveal, OP_EQ, encoded, strlen(encoded_reveal)); } { /* Test the commit encode. */ char encoded[SR_COMMIT_BASE64_LEN + 1]; parsed_commit.commit_ts = ts; memcpy(parsed_commit.hashed_reveal, hashed_reveal, sizeof(parsed_commit.hashed_reveal)); ret = commit_encode(&parsed_commit, encoded, sizeof(encoded)); tt_int_op(SR_COMMIT_BASE64_LEN, OP_EQ, ret); tt_mem_op(encoded_commit, OP_EQ, encoded, strlen(encoded_commit)); } done: ; } /** Setup some SRVs in our SR state. * If also_current is set, then set both current and previous SRVs. * Otherwise, just set the previous SRV. (And clear the current SRV.) * * You must call sr_state_free_all() to free the state at the end of each test * function (on pass or fail). */ static void test_sr_setup_srv(int also_current) { /* Clear both SRVs before starting. * In 0.3.5 and earlier, sr_state_set_previous_srv() and * sr_state_set_current_srv() do not free() the old srvs. */ sr_state_clean_srvs(); sr_srv_t *srv = tor_malloc_zero(sizeof(sr_srv_t)); srv->num_reveals = 42; memcpy(srv->value, "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ", sizeof(srv->value)); sr_state_set_previous_srv(srv); if (also_current) { srv = tor_malloc_zero(sizeof(sr_srv_t)); srv->num_reveals = 128; memcpy(srv->value, "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN", sizeof(srv->value)); sr_state_set_current_srv(srv); } } /* Test anything that has to do with SR protocol and vote. */ static void test_vote(void *arg) { int ret; time_t now = time(NULL); sr_commit_t *our_commit = NULL; (void) arg; MOCK(trusteddirserver_get_by_v3_auth_digest, trusteddirserver_get_by_v3_auth_digest_m); { /* Setup a minimal dirauth environment for this test */ init_authority_state(); /* Set ourself in reveal phase so we can parse the reveal value in the * vote as well. */ set_sr_phase(SR_PHASE_REVEAL); } /* Generate our commit object and validate it has the appropriate field * that we can then use to build a representation that we'll find in a * vote coming from the network. */ { sr_commit_t *saved_commit; our_commit = sr_generate_our_commit(now, mock_cert); tt_assert(our_commit); sr_state_add_commit(our_commit); /* Make sure it's there. */ saved_commit = sr_state_get_commit(our_commit->rsa_identity); tt_assert(saved_commit); } /* Also setup the SRVs */ test_sr_setup_srv(1); { /* Now test the vote generation */ smartlist_t *chunks = smartlist_new(); smartlist_t *tokens = smartlist_new(); /* Get our vote line and validate it. */ char *lines = sr_get_string_for_vote(); tt_assert(lines); /* Split the lines. We expect 2 here. */ ret = smartlist_split_string(chunks, lines, "\n", SPLIT_IGNORE_BLANK, 0); tt_int_op(ret, OP_EQ, 4); tt_str_op(smartlist_get(chunks, 0), OP_EQ, "shared-rand-participate"); /* Get our commitment line and will validate it against our commit. The * format is as follow: * "shared-rand-commitment" SP version SP algname SP identity * SP COMMIT [SP REVEAL] NL */ char *commit_line = smartlist_get(chunks, 1); tt_assert(commit_line); ret = smartlist_split_string(tokens, commit_line, " ", 0, 0); tt_int_op(ret, OP_EQ, 6); tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-commit"); tt_str_op(smartlist_get(tokens, 1), OP_EQ, "1"); tt_str_op(smartlist_get(tokens, 2), OP_EQ, crypto_digest_algorithm_get_name(DIGEST_SHA3_256)); char digest[DIGEST_LEN]; base16_decode(digest, sizeof(digest), smartlist_get(tokens, 3), HEX_DIGEST_LEN); tt_mem_op(digest, OP_EQ, our_commit->rsa_identity, sizeof(digest)); tt_str_op(smartlist_get(tokens, 4), OP_EQ, our_commit->encoded_commit); tt_str_op(smartlist_get(tokens, 5), OP_EQ, our_commit->encoded_reveal) ; /* Finally, does this vote line creates a valid commit object? */ smartlist_t *args = smartlist_new(); smartlist_add(args, smartlist_get(tokens, 1)); smartlist_add(args, smartlist_get(tokens, 2)); smartlist_add(args, smartlist_get(tokens, 3)); smartlist_add(args, smartlist_get(tokens, 4)); smartlist_add(args, smartlist_get(tokens, 5)); sr_commit_t *parsed_commit = sr_parse_commit(args); tt_assert(parsed_commit); /* Set valid flag explicitly here to compare since it's not set by * simply parsing the commit. */ parsed_commit->valid = 1; tt_mem_op(parsed_commit, OP_EQ, our_commit, sizeof(*our_commit)); /* minor cleanup */ SMARTLIST_FOREACH(tokens, char *, s, tor_free(s)); smartlist_clear(tokens); /* Now test the previous SRV */ char *prev_srv_line = smartlist_get(chunks, 2); tt_assert(prev_srv_line); ret = smartlist_split_string(tokens, prev_srv_line, " ", 0, 0); tt_int_op(ret, OP_EQ, 3); tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-previous-value"); tt_str_op(smartlist_get(tokens, 1), OP_EQ, "42"); tt_str_op(smartlist_get(tokens, 2), OP_EQ, "WlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo="); /* minor cleanup */ SMARTLIST_FOREACH(tokens, char *, s, tor_free(s)); smartlist_clear(tokens); /* Now test the current SRV */ char *current_srv_line = smartlist_get(chunks, 3); tt_assert(current_srv_line); ret = smartlist_split_string(tokens, current_srv_line, " ", 0, 0); tt_int_op(ret, OP_EQ, 3); tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-current-value"); tt_str_op(smartlist_get(tokens, 1), OP_EQ, "128"); tt_str_op(smartlist_get(tokens, 2), OP_EQ, "Tk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk4="); /* Clean up */ sr_commit_free(parsed_commit); SMARTLIST_FOREACH(chunks, char *, s, tor_free(s)); smartlist_free(chunks); SMARTLIST_FOREACH(tokens, char *, s, tor_free(s)); smartlist_free(tokens); smartlist_clear(args); smartlist_free(args); tor_free(lines); } done: UNMOCK(trusteddirserver_get_by_v3_auth_digest); sr_state_free_all(); } static const char *sr_state_str = "Version 1\n" "TorVersion 0.2.9.0-alpha-dev\n" "ValidAfter 2037-04-19 07:16:00\n" "ValidUntil 2037-04-20 07:16:00\n" "Commit 1 sha3-256 FA3CEC2C99DC68D3166B9B6E4FA21A4026C2AB1C " "7M8GdubCAAdh7WUG0DiwRyxTYRKji7HATa7LLJEZ/UAAAAAAVmfUSg== " "AAAAAFZn1EojfIheIw42bjK3VqkpYyjsQFSbv/dxNna3Q8hUEPKpOw==\n" "Commit 1 sha3-256 41E89EDFBFBA44983E21F18F2230A4ECB5BFB543 " "17aUsYuMeRjd2N1r8yNyg7aHqRa6gf4z7QPoxxAZbp0AAAAAVmfUSg==\n" "Commit 1 sha3-256 36637026573A04110CF3E6B1D201FB9A98B88734 " "DDDYtripvdOU+XPEUm5xpU64d9IURSds1xSwQsgeB8oAAAAAVmfUSg==\n" "SharedRandPreviousValue 4 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=\n" "SharedRandCurrentValue 3 8dWeW12KEzTGEiLGgO1UVJ7Z91CekoRcxt6Q9KhnOFI=\n"; /** Create an SR disk state, parse it and validate that the parsing went * well. Yes! */ static void test_state_load_from_disk(void *arg) { int ret; char *dir = tor_strdup(get_fname("test_sr_state")); char *sr_state_path = tor_strdup(get_fname("test_sr_state/sr_state")); sr_state_t *the_sr_state = NULL; (void) arg; MOCK(trusteddirserver_get_by_v3_auth_digest, trusteddirserver_get_by_v3_auth_digest_m); /* First try with a nonexistent path. */ ret = disk_state_load_from_disk_impl("NONEXISTENTNONEXISTENT"); tt_int_op(ret, OP_EQ, -ENOENT); /* Now create a mock state directory and state file */ #ifdef _WIN32 ret = mkdir(dir); #else ret = mkdir(dir, 0700); #endif tt_int_op(ret, OP_EQ, 0); ret = write_str_to_file(sr_state_path, sr_state_str, 0); tt_int_op(ret, OP_EQ, 0); /* Try to load the directory itself. Should fail. */ ret = disk_state_load_from_disk_impl(dir); tt_int_op(ret, OP_LT, 0); /* State should be non-existent at this point. */ the_sr_state = get_sr_state(); tt_ptr_op(the_sr_state, OP_EQ, NULL); /* Now try to load the correct file! */ ret = disk_state_load_from_disk_impl(sr_state_path); tt_int_op(ret, OP_EQ, 0); /* Check the content of the state */ /* XXX check more deeply!!! */ the_sr_state = get_sr_state(); tt_assert(the_sr_state); tt_assert(the_sr_state->version == 1); tt_assert(digestmap_size(the_sr_state->commits) == 3); tt_assert(the_sr_state->current_srv); tt_assert(the_sr_state->current_srv->num_reveals == 3); tt_assert(the_sr_state->previous_srv); /* XXX Now also try loading corrupted state files and make sure parsing fails */ done: tor_free(dir); tor_free(sr_state_path); UNMOCK(trusteddirserver_get_by_v3_auth_digest); } /** Generate three specially crafted commits (based on the test * vector at sr_srv_calc_ref.py). Helper of test_sr_compute_srv(). */ static void test_sr_setup_commits(void) { time_t now = time(NULL); sr_commit_t *commit_a, *commit_b, *commit_c, *commit_d; sr_commit_t *place_holder = tor_malloc_zero(sizeof(*place_holder)); authority_cert_t *auth_cert = NULL; { /* Setup a minimal dirauth environment for this test */ or_options_t *options = get_options_mutable(); auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, strlen(AUTHORITY_CERT_1), NULL); tt_assert(auth_cert); options->AuthoritativeDir = 1; tt_int_op(0, OP_EQ, load_ed_keys(options, now)); } /* Generate three dummy commits according to sr_srv_calc_ref.py . Then register them to the SR state. Also register a fourth commit 'd' with no reveal info, to make sure that it will get ignored during SRV calculation. */ { /* Commit from auth 'a' */ commit_a = sr_generate_our_commit(now, auth_cert); tt_assert(commit_a); /* Do some surgery on the commit */ memset(commit_a->rsa_identity, 'A', sizeof(commit_a->rsa_identity)); base16_encode(commit_a->rsa_identity_hex, sizeof(commit_a->rsa_identity_hex), commit_a->rsa_identity, sizeof(commit_a->rsa_identity)); strlcpy(commit_a->encoded_reveal, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(commit_a->encoded_reveal)); memcpy(commit_a->hashed_reveal, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(commit_a->hashed_reveal)); } { /* Commit from auth 'b' */ commit_b = sr_generate_our_commit(now, auth_cert); tt_assert(commit_b); /* Do some surgery on the commit */ memset(commit_b->rsa_identity, 'B', sizeof(commit_b->rsa_identity)); base16_encode(commit_b->rsa_identity_hex, sizeof(commit_b->rsa_identity_hex), commit_b->rsa_identity, sizeof(commit_b->rsa_identity)); strlcpy(commit_b->encoded_reveal, "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", sizeof(commit_b->encoded_reveal)); memcpy(commit_b->hashed_reveal, "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", sizeof(commit_b->hashed_reveal)); } { /* Commit from auth 'c' */ commit_c = sr_generate_our_commit(now, auth_cert); tt_assert(commit_c); /* Do some surgery on the commit */ memset(commit_c->rsa_identity, 'C', sizeof(commit_c->rsa_identity)); base16_encode(commit_c->rsa_identity_hex, sizeof(commit_c->rsa_identity_hex), commit_c->rsa_identity, sizeof(commit_c->rsa_identity)); strlcpy(commit_c->encoded_reveal, "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC", sizeof(commit_c->encoded_reveal)); memcpy(commit_c->hashed_reveal, "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC", sizeof(commit_c->hashed_reveal)); } { /* Commit from auth 'd' */ commit_d = sr_generate_our_commit(now, auth_cert); tt_assert(commit_d); /* Do some surgery on the commit */ memset(commit_d->rsa_identity, 'D', sizeof(commit_d->rsa_identity)); base16_encode(commit_d->rsa_identity_hex, sizeof(commit_d->rsa_identity_hex), commit_d->rsa_identity, sizeof(commit_d->rsa_identity)); strlcpy(commit_d->encoded_reveal, "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD", sizeof(commit_d->encoded_reveal)); memcpy(commit_d->hashed_reveal, "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD", sizeof(commit_d->hashed_reveal)); /* Clean up its reveal info */ memcpy(place_holder, commit_d, sizeof(*place_holder)); memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal)); tt_assert(!commit_has_reveal_value(commit_d)); } /* Register commits to state (during commit phase) */ set_sr_phase(SR_PHASE_COMMIT); save_commit_to_state(commit_a); save_commit_to_state(commit_b); save_commit_to_state(commit_c); save_commit_to_state(commit_d); tt_int_op(digestmap_size(get_sr_state()->commits), OP_EQ, 4); /* Now during REVEAL phase save commit D by restoring its reveal. */ set_sr_phase(SR_PHASE_REVEAL); save_commit_to_state(place_holder); place_holder = NULL; tt_str_op(commit_d->encoded_reveal, OP_EQ, "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"); /* Go back to an empty encoded reveal value. */ memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal)); memset(commit_d->random_number, 0, sizeof(commit_d->random_number)); tt_assert(!commit_has_reveal_value(commit_d)); done: tor_free(place_holder); authority_cert_free(auth_cert); } /** Verify that the SRV generation procedure is proper by testing it against * the test vector from ./sr_srv_calc_ref.py. */ static void test_sr_compute_srv(void *arg) { (void) arg; const sr_srv_t *current_srv = NULL; #define SRV_TEST_VECTOR \ "2A9B1D6237DAB312A40F575DA85C147663E7ED3F80E9555395F15B515C74253D" MOCK(trusteddirserver_get_by_v3_auth_digest, trusteddirserver_get_by_v3_auth_digest_m); init_authority_state(); /* Setup the commits for this unittest */ test_sr_setup_commits(); test_sr_setup_srv(0); /* Now switch to reveal phase */ set_sr_phase(SR_PHASE_REVEAL); /* Compute the SRV */ sr_compute_srv(); /* Check the result against the test vector */ current_srv = sr_state_get_current_srv(); tt_assert(current_srv); tt_u64_op(current_srv->num_reveals, OP_EQ, 3); tt_str_op(hex_str((char*)current_srv->value, 32), OP_EQ, SRV_TEST_VECTOR); done: UNMOCK(trusteddirserver_get_by_v3_auth_digest); sr_state_free_all(); } /** Return a minimal vote document with a current SRV value set to * srv. */ static networkstatus_t * get_test_vote_with_curr_srv(const char *srv) { networkstatus_t *vote = tor_malloc_zero(sizeof(networkstatus_t)); vote->type = NS_TYPE_VOTE; vote->sr_info.participate = 1; vote->sr_info.current_srv = tor_malloc_zero(sizeof(sr_srv_t)); vote->sr_info.current_srv->num_reveals = 42; memcpy(vote->sr_info.current_srv->value, srv, sizeof(vote->sr_info.current_srv->value)); return vote; } /* Test the function that picks the right SRV given a bunch of votes. Make sure * that the function returns an SRV iff the majority/agreement requirements are * met. */ static void test_sr_get_majority_srv_from_votes(void *arg) { sr_srv_t *chosen_srv; smartlist_t *votes = smartlist_new(); #define SRV_1 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define SRV_2 "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" (void) arg; init_authority_state(); /* Make sure our SRV is fresh so we can consider the super majority with * the consensus params of number of agreements needed. */ sr_state_set_fresh_srv(); /* The test relies on the dirauth list being initialized. */ clear_dir_servers(); add_default_trusted_dir_authorities(V3_DIRINFO); { /* Prepare voting environment with just a single vote. */ networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1); smartlist_add(votes, vote); } /* Since it's only one vote with an SRV, it should not achieve majority and hence no SRV will be returned. */ chosen_srv = get_majority_srv_from_votes(votes, 1); tt_ptr_op(chosen_srv, OP_EQ, NULL); { /* Now put in 8 more votes. Let SRV_1 have majority. */ int i; /* Now 7 votes believe in SRV_1 */ for (i = 0; i < 3; i++) { networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1); smartlist_add(votes, vote); } /* and 2 votes believe in SRV_2 */ for (i = 0; i < 2; i++) { networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_2); smartlist_add(votes, vote); } for (i = 0; i < 3; i++) { networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1); smartlist_add(votes, vote); } tt_int_op(smartlist_len(votes), OP_EQ, 9); } /* Now we achieve majority for SRV_1, but not the AuthDirNumSRVAgreements requirement. So still not picking an SRV. */ set_num_srv_agreements(8); chosen_srv = get_majority_srv_from_votes(votes, 1); tt_ptr_op(chosen_srv, OP_EQ, NULL); /* We will now lower the AuthDirNumSRVAgreements requirement by tweaking the * consensus parameter and we will try again. This time it should work. */ set_num_srv_agreements(7); chosen_srv = get_majority_srv_from_votes(votes, 1); tt_assert(chosen_srv); tt_u64_op(chosen_srv->num_reveals, OP_EQ, 42); tt_mem_op(chosen_srv->value, OP_EQ, SRV_1, sizeof(chosen_srv->value)); done: SMARTLIST_FOREACH(votes, networkstatus_t *, vote, networkstatus_vote_free(vote)); smartlist_free(votes); } /* Testing sr_srv_dup(). */ static void test_sr_svr_dup(void *arg) { (void)arg; sr_srv_t *srv = NULL, *dup_srv = NULL; const char *srv_value = "1BDB7C3E973936E4D13A49F37C859B3DC69C429334CF9412E3FEF6399C52D47A"; srv = tor_malloc_zero(sizeof(*srv)); srv->num_reveals = 42; memcpy(srv->value, srv_value, sizeof(srv->value)); dup_srv = sr_srv_dup(srv); tt_assert(dup_srv); tt_u64_op(dup_srv->num_reveals, OP_EQ, srv->num_reveals); tt_mem_op(dup_srv->value, OP_EQ, srv->value, sizeof(srv->value)); done: tor_free(srv); tor_free(dup_srv); } /* Testing commitments_are_the_same(). Currently, the check is to test the * value of the encoded commit so let's make sure that actually works. */ static void test_commitments_are_the_same(void *arg) { (void)arg; /* Payload of 57 bytes that is the length of sr_commit_t->encoded_commit. * 56 bytes of payload and a NUL terminated byte at the end ('\x00') * which comes down to SR_COMMIT_BASE64_LEN + 1. */ const char *payload = "\x5d\xb9\x60\xb6\xcc\x51\x68\x52\x31\xd9\x88\x88\x71\x71\xe0\x30" "\x59\x55\x7f\xcd\x61\xc0\x4b\x05\xb8\xcd\xc1\x48\xe9\xcd\x16\x1f" "\x70\x15\x0c\xfc\xd3\x1a\x75\xd0\x93\x6c\xc4\xe0\x5c\xbe\xe2\x18" "\xc7\xaf\x72\xb6\x7c\x9b\x52\x00"; sr_commit_t commit1, commit2; memcpy(commit1.encoded_commit, payload, sizeof(commit1.encoded_commit)); memcpy(commit2.encoded_commit, payload, sizeof(commit2.encoded_commit)); tt_int_op(commitments_are_the_same(&commit1, &commit2), OP_EQ, 1); /* Let's corrupt one of them. */ memset(commit1.encoded_commit, 'A', sizeof(commit1.encoded_commit)); tt_int_op(commitments_are_the_same(&commit1, &commit2), OP_EQ, 0); done: return; } /* Testing commit_is_authoritative(). */ static void test_commit_is_authoritative(void *arg) { (void)arg; crypto_pk_t *k = crypto_pk_new(); char digest[DIGEST_LEN]; sr_commit_t commit; tt_assert(!crypto_pk_generate_key(k)); tt_int_op(0, OP_EQ, crypto_pk_get_digest(k, digest)); memcpy(commit.rsa_identity, digest, sizeof(commit.rsa_identity)); tt_int_op(commit_is_authoritative(&commit, digest), OP_EQ, 1); /* Change the pubkey. */ memset(commit.rsa_identity, 0, sizeof(commit.rsa_identity)); tt_int_op(commit_is_authoritative(&commit, digest), OP_EQ, 0); done: crypto_pk_free(k); } static void test_get_phase_str(void *arg) { (void)arg; tt_str_op(get_phase_str(SR_PHASE_REVEAL), OP_EQ, "reveal"); tt_str_op(get_phase_str(SR_PHASE_COMMIT), OP_EQ, "commit"); done: return; } /* Test utils that depend on authority state */ static void test_utils_auth(void *arg) { (void)arg; init_authority_state(); /* Testing phase transition */ { set_sr_phase(SR_PHASE_COMMIT); tt_int_op(is_phase_transition(SR_PHASE_REVEAL), OP_EQ, 1); tt_int_op(is_phase_transition(SR_PHASE_COMMIT), OP_EQ, 0); set_sr_phase(SR_PHASE_REVEAL); tt_int_op(is_phase_transition(SR_PHASE_REVEAL), OP_EQ, 0); tt_int_op(is_phase_transition(SR_PHASE_COMMIT), OP_EQ, 1); /* Junk. */ tt_int_op(is_phase_transition(42), OP_EQ, 1); } /* Testing get, set, delete, clean SRVs */ { /* Just set the previous SRV */ test_sr_setup_srv(0); tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL); state_del_previous_srv(); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL); } { /* Delete the SRVs one at a time */ test_sr_setup_srv(1); tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); state_del_current_srv(); tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL); state_del_previous_srv(); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL); /* And in the opposite order */ test_sr_setup_srv(1); tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); state_del_previous_srv(); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); state_del_current_srv(); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL); /* And both at once */ test_sr_setup_srv(1); tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); sr_state_clean_srvs(); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL); /* And do the gets and sets multiple times */ test_sr_setup_srv(1); tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); state_del_previous_srv(); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); state_del_previous_srv(); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); sr_state_clean_srvs(); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL); state_del_current_srv(); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL); sr_state_clean_srvs(); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL); state_del_current_srv(); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL); } { /* Now set the SRVs to NULL instead */ test_sr_setup_srv(1); tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); sr_state_set_current_srv(NULL); tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL); sr_state_set_previous_srv(NULL); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL); /* And in the opposite order */ test_sr_setup_srv(1); tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); sr_state_set_previous_srv(NULL); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); sr_state_set_current_srv(NULL); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL); /* And both at once */ test_sr_setup_srv(1); tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); sr_state_clean_srvs(); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL); /* And do the gets and sets multiple times */ test_sr_setup_srv(1); tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); sr_state_set_previous_srv(NULL); sr_state_set_previous_srv(NULL); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); sr_state_set_current_srv(NULL); sr_state_set_previous_srv(NULL); sr_state_set_current_srv(NULL); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL); } { /* Now copy the values across */ test_sr_setup_srv(1); /* Check that the pointers are non-NULL, and different from each other */ tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_previous_srv(), OP_NE, sr_state_get_current_srv()); /* Check that the content is different */ tt_mem_op(sr_state_get_previous_srv(), OP_NE, sr_state_get_current_srv(), sizeof(sr_srv_t)); /* Set the current to the previous: the protocol goes the other way */ sr_state_set_current_srv(sr_srv_dup(sr_state_get_previous_srv())); /* Check that the pointers are non-NULL, and different from each other */ tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_previous_srv(), OP_NE, sr_state_get_current_srv()); /* Check that the content is the same */ tt_mem_op(sr_state_get_previous_srv(), OP_EQ, sr_state_get_current_srv(), sizeof(sr_srv_t)); } { /* Now copy a value onto itself */ test_sr_setup_srv(1); /* Check that the pointers are non-NULL, and different from each other */ tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_previous_srv(), OP_NE, sr_state_get_current_srv()); /* Take a copy of the old value */ sr_srv_t old_current_srv; memcpy(&old_current_srv, sr_state_get_current_srv(), sizeof(sr_srv_t)); /* Check that the content is different */ tt_mem_op(sr_state_get_previous_srv(), OP_NE, sr_state_get_current_srv(), sizeof(sr_srv_t)); /* Set the current to the current: the protocol never replaces an SRV with * the same value */ sr_state_set_current_srv(sr_srv_dup(sr_state_get_current_srv())); /* Check that the pointers are non-NULL, and different from each other */ tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL); tt_ptr_op(sr_state_get_previous_srv(), OP_NE, sr_state_get_current_srv()); /* Check that the content is different between current and previous */ tt_mem_op(sr_state_get_previous_srv(), OP_NE, sr_state_get_current_srv(), sizeof(sr_srv_t)); /* Check that the content is the same as the old content */ tt_mem_op(&old_current_srv, OP_EQ, sr_state_get_current_srv(), sizeof(sr_srv_t)); } /* I don't think we can say "expect a BUG()" in our tests. */ #if 0 { /* Now copy a value onto itself without sr_srv_dup(). * This should fail with a BUG() warning. */ test_sr_setup_srv(1); sr_state_set_current_srv(sr_state_get_current_srv()); sr_state_set_previous_srv(sr_state_get_previous_srv()); } #endif /* 0 */ done: sr_state_free_all(); } static void test_state_transition(void *arg) { sr_state_t *state = NULL; time_t now = time(NULL); sr_srv_t *cur = NULL; (void) arg; { /* Setup a minimal dirauth environment for this test */ init_authority_state(); state = get_sr_state(); tt_assert(state); } /* Test our state reset for a new protocol run. */ { /* Add a commit to the state so we can test if the reset cleans the * commits. Also, change all params that we expect to be updated. */ sr_commit_t *commit = sr_generate_our_commit(now, mock_cert); tt_assert(commit); sr_state_add_commit(commit); tt_int_op(digestmap_size(state->commits), OP_EQ, 1); /* Let's test our delete feature. */ sr_state_delete_commits(); tt_int_op(digestmap_size(state->commits), OP_EQ, 0); /* Add it back so we can continue the rest of the test because after * deleting our commit will be freed so generate a new one. */ commit = sr_generate_our_commit(now, mock_cert); tt_assert(commit); sr_state_add_commit(commit); tt_int_op(digestmap_size(state->commits), OP_EQ, 1); state->n_reveal_rounds = 42; state->n_commit_rounds = 43; state->n_protocol_runs = 44; reset_state_for_new_protocol_run(now); tt_int_op(state->n_reveal_rounds, OP_EQ, 0); tt_int_op(state->n_commit_rounds, OP_EQ, 0); tt_u64_op(state->n_protocol_runs, OP_EQ, 45); tt_int_op(digestmap_size(state->commits), OP_EQ, 0); } /* Test SRV rotation in our state. */ { test_sr_setup_srv(1); tt_assert(sr_state_get_current_srv()); /* Take a copy of the data, because the state owns the pointer */ cur = sr_srv_dup(sr_state_get_current_srv()); tt_assert(cur); /* After, the previous SRV should be the same as the old current SRV, and * the current SRV should be set to NULL */ state_rotate_srv(); tt_mem_op(sr_state_get_previous_srv(), OP_EQ, cur, sizeof(sr_srv_t)); tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL); sr_state_clean_srvs(); tor_free(cur); } /* New protocol run. */ { /* Setup some new SRVs so we can confirm that a new protocol run * actually makes them rotate and compute new ones. */ test_sr_setup_srv(1); tt_assert(sr_state_get_current_srv()); /* Take a copy of the data, because the state owns the pointer */ cur = sr_srv_dup(sr_state_get_current_srv()); set_sr_phase(SR_PHASE_REVEAL); MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m); new_protocol_run(now); UNMOCK(get_my_v3_authority_cert); /* Rotation happened. */ tt_mem_op(sr_state_get_previous_srv(), OP_EQ, cur, sizeof(sr_srv_t)); /* We are going into COMMIT phase so we had to rotate our SRVs. Usually * our current SRV would be NULL but a new protocol run should make us * compute a new SRV. */ tt_assert(sr_state_get_current_srv()); /* Also, make sure we did change the current. */ tt_mem_op(sr_state_get_current_srv(), OP_NE, cur, sizeof(sr_srv_t)); /* We should have our commitment alone. */ tt_int_op(digestmap_size(state->commits), OP_EQ, 1); tt_int_op(state->n_reveal_rounds, OP_EQ, 0); tt_int_op(state->n_commit_rounds, OP_EQ, 0); /* 46 here since we were at 45 just before. */ tt_u64_op(state->n_protocol_runs, OP_EQ, 46); tor_free(cur); } /* Cleanup of SRVs. */ { sr_state_clean_srvs(); tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL); tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL); } done: tor_free(cur); sr_state_free_all(); } static void test_keep_commit(void *arg) { char fp[FINGERPRINT_LEN + 1]; sr_commit_t *commit = NULL, *dup_commit = NULL; sr_state_t *state; time_t now = time(NULL); crypto_pk_t *k = NULL; (void) arg; MOCK(trusteddirserver_get_by_v3_auth_digest, trusteddirserver_get_by_v3_auth_digest_m); { k = pk_generate(1); /* Setup a minimal dirauth environment for this test */ /* Have a key that is not the one from our commit. */ init_authority_state(); state = get_sr_state(); } crypto_rand((char*)fp, sizeof(fp)); /* Test this very important function that tells us if we should keep a * commit or not in our state. Most of it depends on the phase and what's * in the commit so we'll change the commit as we go. */ commit = sr_generate_our_commit(now, mock_cert); tt_assert(commit); /* Set us in COMMIT phase for starter. */ set_sr_phase(SR_PHASE_COMMIT); /* We should never keep a commit from a non authoritative authority. */ tt_int_op(should_keep_commit(commit, fp, SR_PHASE_COMMIT), OP_EQ, 0); /* This should NOT be kept because it has a reveal value in it. */ tt_assert(commit_has_reveal_value(commit)); tt_int_op(should_keep_commit(commit, commit->rsa_identity, SR_PHASE_COMMIT), OP_EQ, 0); /* Add it to the state which should return to not keep it. */ sr_state_add_commit(commit); tt_int_op(should_keep_commit(commit, commit->rsa_identity, SR_PHASE_COMMIT), OP_EQ, 0); /* Remove it from state so we can continue our testing. */ digestmap_remove(state->commits, commit->rsa_identity); /* Let's remove our reveal value which should make it OK to keep it. */ memset(commit->encoded_reveal, 0, sizeof(commit->encoded_reveal)); tt_int_op(should_keep_commit(commit, commit->rsa_identity, SR_PHASE_COMMIT), OP_EQ, 1); /* Let's reset our commit and go into REVEAL phase. */ sr_commit_free(commit); commit = sr_generate_our_commit(now, mock_cert); tt_assert(commit); /* Dup the commit so we have one with and one without a reveal value. */ dup_commit = tor_malloc_zero(sizeof(*dup_commit)); memcpy(dup_commit, commit, sizeof(*dup_commit)); memset(dup_commit->encoded_reveal, 0, sizeof(dup_commit->encoded_reveal)); set_sr_phase(SR_PHASE_REVEAL); /* We should never keep a commit from a non authoritative authority. */ tt_int_op(should_keep_commit(commit, fp, SR_PHASE_REVEAL), OP_EQ, 0); /* We shouldn't accept a commit that is not in our state. */ tt_int_op(should_keep_commit(commit, commit->rsa_identity, SR_PHASE_REVEAL), OP_EQ, 0); /* Important to add the commit _without_ the reveal here. */ sr_state_add_commit(dup_commit); tt_int_op(digestmap_size(state->commits), OP_EQ, 1); /* Our commit should be valid that is authoritative, contains a reveal, be * in the state and commitment and reveal values match. */ tt_int_op(should_keep_commit(commit, commit->rsa_identity, SR_PHASE_REVEAL), OP_EQ, 1); /* The commit shouldn't be kept if it's not verified that is no matching * hashed reveal. */ { /* Let's save the hash reveal so we can restore it. */ sr_commit_t place_holder; memcpy(place_holder.hashed_reveal, commit->hashed_reveal, sizeof(place_holder.hashed_reveal)); memset(commit->hashed_reveal, 0, sizeof(commit->hashed_reveal)); setup_full_capture_of_logs(LOG_WARN); tt_int_op(should_keep_commit(commit, commit->rsa_identity, SR_PHASE_REVEAL), OP_EQ, 0); expect_log_msg_containing("doesn't match the commit value."); expect_log_msg_containing("has an invalid reveal value."); assert_log_predicate(mock_saved_log_n_entries() == 2, ("expected 2 log entries")); teardown_capture_of_logs(); memcpy(commit->hashed_reveal, place_holder.hashed_reveal, sizeof(commit->hashed_reveal)); } /* We shouldn't keep a commit that has no reveal. */ tt_int_op(should_keep_commit(dup_commit, dup_commit->rsa_identity, SR_PHASE_REVEAL), OP_EQ, 0); /* We must not keep a commit that is not the same from the commit phase. */ memset(commit->encoded_commit, 0, sizeof(commit->encoded_commit)); tt_int_op(should_keep_commit(commit, commit->rsa_identity, SR_PHASE_REVEAL), OP_EQ, 0); done: teardown_capture_of_logs(); sr_commit_free(commit); sr_commit_free(dup_commit); crypto_pk_free(k); UNMOCK(trusteddirserver_get_by_v3_auth_digest); } static void test_state_update(void *arg) { time_t commit_phase_time = 1452076000; time_t reveal_phase_time = 1452086800; sr_state_t *state; (void) arg; { init_authority_state(); state = get_sr_state(); set_sr_phase(SR_PHASE_COMMIT); /* We'll cheat a bit here and reset the creation time of the state which * will avoid us to compute a valid_after time that fits the commit * phase. */ state->valid_after = 0; state->n_reveal_rounds = 0; state->n_commit_rounds = 0; state->n_protocol_runs = 0; } /* We need to mock for the state update function call. */ MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m); /* We are in COMMIT phase here and we'll trigger a state update but no * transition. */ sr_state_update(commit_phase_time); tt_int_op(state->valid_after, OP_EQ, commit_phase_time); tt_int_op(state->n_commit_rounds, OP_EQ, 1); tt_int_op(state->phase, OP_EQ, SR_PHASE_COMMIT); tt_int_op(digestmap_size(state->commits), OP_EQ, 1); /* We are still in the COMMIT phase here but we'll trigger a state * transition to the REVEAL phase. */ sr_state_update(reveal_phase_time); tt_int_op(state->phase, OP_EQ, SR_PHASE_REVEAL); tt_int_op(state->valid_after, OP_EQ, reveal_phase_time); /* Only our commit should be in there. */ tt_int_op(digestmap_size(state->commits), OP_EQ, 1); tt_int_op(state->n_reveal_rounds, OP_EQ, 1); /* We can't update a state with a valid after _lower_ than the creation * time so here it is. */ sr_state_update(commit_phase_time); tt_int_op(state->valid_after, OP_EQ, reveal_phase_time); /* Finally, let's go back in COMMIT phase so we can test the state update * of a new protocol run. */ state->valid_after = 0; sr_state_update(commit_phase_time); tt_int_op(state->valid_after, OP_EQ, commit_phase_time); tt_int_op(state->n_commit_rounds, OP_EQ, 1); tt_int_op(state->n_reveal_rounds, OP_EQ, 0); tt_u64_op(state->n_protocol_runs, OP_EQ, 1); tt_int_op(state->phase, OP_EQ, SR_PHASE_COMMIT); tt_int_op(digestmap_size(state->commits), OP_EQ, 1); tt_assert(state->current_srv); done: sr_state_free_all(); UNMOCK(get_my_v3_authority_cert); } struct testcase_t sr_tests[] = { { "get_sr_protocol_phase", test_get_sr_protocol_phase, TT_FORK, NULL, NULL }, { "sr_commit", test_sr_commit, TT_FORK, NULL, NULL }, { "keep_commit", test_keep_commit, TT_FORK, NULL, NULL }, { "encoding", test_encoding, TT_FORK, NULL, NULL }, { "get_start_time_of_current_run", test_get_start_time_of_current_run, TT_FORK, NULL, NULL }, { "get_start_time_functions", test_get_start_time_functions, TT_FORK, NULL, NULL }, { "get_sr_protocol_duration", test_get_sr_protocol_duration, TT_FORK, NULL, NULL }, { "get_state_valid_until_time", test_get_state_valid_until_time, TT_FORK, NULL, NULL }, { "vote", test_vote, TT_FORK, NULL, NULL }, { "state_load_from_disk", test_state_load_from_disk, TT_FORK, NULL, NULL }, { "sr_compute_srv", test_sr_compute_srv, TT_FORK, NULL, NULL }, { "sr_get_majority_srv_from_votes", test_sr_get_majority_srv_from_votes, TT_FORK, NULL, NULL }, { "sr_svr_dup", test_sr_svr_dup, TT_FORK, NULL, NULL }, { "commitments_are_the_same", test_commitments_are_the_same, TT_FORK, NULL, NULL }, { "commit_is_authoritative", test_commit_is_authoritative, TT_FORK, NULL, NULL }, { "get_phase_str", test_get_phase_str, TT_FORK, NULL, NULL }, { "utils_auth", test_utils_auth, TT_FORK, NULL, NULL }, { "state_transition", test_state_transition, TT_FORK, NULL, NULL }, { "state_update", test_state_update, TT_FORK, NULL, NULL }, END_OF_TESTCASES };