search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update copyrights to 2021, using "make update-copyright"
[tor.git] / src / test / test_shared_random.c
blobc28d5920a384fc3f3bb994693d2a62af4f1751c3
1 /* Copyright (c) 2016-2021, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3
4 #define SHARED_RANDOM_PRIVATE
5 #define SHARED_RANDOM_STATE_PRIVATE
6 #define CONFIG_PRIVATE
7 #define DIRVOTE_PRIVATE
8
9 #include "core/or/or.h"
10 #include "test/test.h"
11 #include "app/config/config.h"
12 #include "lib/crypt_ops/crypto_rand.h"
13 #include "feature/dirauth/dirvote.h"
14 #include "feature/dirauth/shared_random.h"
15 #include "feature/dirauth/shared_random_state.h"
16 #include "test/log_test_helpers.h"
17 #include "feature/nodelist/networkstatus.h"
18 #include "feature/relay/router.h"
19 #include "feature/relay/routerkeys.h"
20 #include "feature/nodelist/authcert.h"
21 #include "feature/nodelist/dirlist.h"
22 #include "feature/dirparse/authcert_parse.h"
23 #include "feature/hs_common/shared_random_client.h"
24 #include "feature/dirauth/voting_schedule.h"
25
26 #include "feature/dirclient/dir_server_st.h"
27 #include "feature/nodelist/networkstatus_st.h"
28 #include "app/config/or_state_st.h"
29
30 #ifdef HAVE_SYS_STAT_H
31 #include <sys/stat.h>
32 #endif
33
34 #ifdef _WIN32
35 /* For mkdir */
36 #include <direct.h>
37 #endif
38
39 static authority_cert_t *mock_cert;
40
41 static authority_cert_t *
42 get_my_v3_authority_cert_m(void)
43 {
44 tor_assert(mock_cert);
45 return mock_cert;
46 }
47
48 static dir_server_t ds;
49
50 static dir_server_t *
51 trusteddirserver_get_by_v3_auth_digest_m(const char *digest)
52 {
53 (void) digest;
54 /* The shared random code only need to know if a valid pointer to a dir
55 * server object has been found so this is safe because it won't use the
56 * pointer at all never. */
57 return &ds;
58 }
59
60 /* Setup a minimal dirauth environment by initializing the SR state and
61 * making sure the options are set to be an authority directory.
62 * You must only call this function once per process. */
63 static void
64 init_authority_state(void)
65 {
66 MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
67
68 or_options_t *options = get_options_mutable();
69 mock_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1,
70 strlen(AUTHORITY_CERT_1),
71 NULL);
72 tt_assert(mock_cert);
73 options->AuthoritativeDir = 1;
74 tt_int_op(load_ed_keys(options, time(NULL)), OP_GE, 0);
75 sr_state_init(0, 0);
76 /* It's possible a commit has been generated in our state depending on
77 * the phase we are currently in which uses "now" as the starting
78 * timestamp. Delete it before we do any testing below. */
79 sr_state_delete_commits();
80 /* It's also possible that a current SRV has been generated, if we are at
81 * state transition time. But let's just forget about that SRV. */
82 sr_state_clean_srvs();
83
84 done:
85 UNMOCK(get_my_v3_authority_cert);
86 }
87
88 static void
89 test_get_sr_protocol_phase(void *arg)
90 {
91 time_t the_time;
92 sr_phase_t phase;
93 int retval;
94
95 (void) arg;
96
97 /* Initialize SR state */
98 init_authority_state();
99
100 {
101 retval = parse_rfc1123_time("Wed, 20 Apr 2015 23:59:00 UTC", &the_time);
102 tt_int_op(retval, OP_EQ, 0);
103
104 phase = get_sr_protocol_phase(the_time);
105 tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL);
106 }
107
108 {
109 retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:00 UTC", &the_time);
110 tt_int_op(retval, OP_EQ, 0);
111
112 phase = get_sr_protocol_phase(the_time);
113 tt_int_op(phase, OP_EQ, SR_PHASE_COMMIT);
114 }
115
116 {
117 retval = parse_rfc1123_time("Wed, 20 Apr 2015 00:00:01 UTC", &the_time);
118 tt_int_op(retval, OP_EQ, 0);
119
120 phase = get_sr_protocol_phase(the_time);
121 tt_int_op(phase, OP_EQ, SR_PHASE_COMMIT);
122 }
123
124 {
125 retval = parse_rfc1123_time("Wed, 20 Apr 2015 11:59:00 UTC", &the_time);
126 tt_int_op(retval, OP_EQ, 0);
127
128 phase = get_sr_protocol_phase(the_time);
129 tt_int_op(phase, OP_EQ, SR_PHASE_COMMIT);
130 }
131
132 {
133 retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:00 UTC", &the_time);
134 tt_int_op(retval, OP_EQ, 0);
135
136 phase = get_sr_protocol_phase(the_time);
137 tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL);
138 }
139
140 {
141 retval = parse_rfc1123_time("Wed, 20 Apr 2015 12:00:01 UTC", &the_time);
142 tt_int_op(retval, OP_EQ, 0);
143
144 phase = get_sr_protocol_phase(the_time);
145 tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL);
146 }
147
148 {
149 retval = parse_rfc1123_time("Wed, 20 Apr 2015 13:00:00 UTC", &the_time);
150 tt_int_op(retval, OP_EQ, 0);
151
152 phase = get_sr_protocol_phase(the_time);
153 tt_int_op(phase, OP_EQ, SR_PHASE_REVEAL);
154 }
155
156 done:
157 ;
158 }
159
160 static networkstatus_t mock_consensus;
161
162 /* Mock function to immediately return our local 'mock_consensus'. */
163 static networkstatus_t *
164 mock_networkstatus_get_live_consensus(time_t now)
165 {
166 (void) now;
167 return &mock_consensus;
168 }
169
170 /* Mock function to immediately return our local 'mock_consensus'. */
171 static networkstatus_t *
172 mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor)
173 {
174 (void) now;
175 (void) flavor;
176 return &mock_consensus;
177 }
178
179 static void
180 test_get_state_valid_until_time(void *arg)
181 {
182 time_t current_time;
183 time_t valid_until_time;
184 char tbuf[ISO_TIME_LEN + 1];
185 int retval;
186
187 (void) arg;
188
189 MOCK(networkstatus_get_live_consensus,
190 mock_networkstatus_get_live_consensus);
191 MOCK(networkstatus_get_reasonably_live_consensus,
192 mock_networkstatus_get_reasonably_live_consensus);
193
194 retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC",
195 &mock_consensus.fresh_until);
196 tt_int_op(retval, OP_EQ, 0);
197
198 retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
199 &mock_consensus.valid_after);
200 tt_int_op(retval, OP_EQ, 0);
201
202 {
203 /* Get the valid until time if called at 00:00:01 */
204 retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
205 &current_time);
206 tt_int_op(retval, OP_EQ, 0);
207 dirauth_sched_recalculate_timing(get_options(), current_time);
208 valid_until_time = get_state_valid_until_time(current_time);
209
210 /* Compare it with the correct result */
211 format_iso_time(tbuf, valid_until_time);
212 tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
213 }
214
215 {
216 retval = parse_rfc1123_time("Mon, 20 Apr 2015 19:22:00 UTC",
217 &current_time);
218 tt_int_op(retval, OP_EQ, 0);
219 dirauth_sched_recalculate_timing(get_options(), current_time);
220 valid_until_time = get_state_valid_until_time(current_time);
221
222 format_iso_time(tbuf, valid_until_time);
223 tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
224 }
225
226 {
227 retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:59:00 UTC",
228 &current_time);
229 tt_int_op(retval, OP_EQ, 0);
230 dirauth_sched_recalculate_timing(get_options(), current_time);
231 valid_until_time = get_state_valid_until_time(current_time);
232
233 format_iso_time(tbuf, valid_until_time);
234 tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
235 }
236
237 {
238 retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
239 &current_time);
240 tt_int_op(retval, OP_EQ, 0);
241 dirauth_sched_recalculate_timing(get_options(), current_time);
242 valid_until_time = get_state_valid_until_time(current_time);
243
244 format_iso_time(tbuf, valid_until_time);
245 tt_str_op("2015-04-21 00:00:00", OP_EQ, tbuf);
246 }
247
248 done:
249 UNMOCK(networkstatus_get_reasonably_live_consensus);
250 }
251
252 /** Test the function that calculates the start time of the current SRV
253 * protocol run. */
254 static void
255 test_get_start_time_of_current_run(void *arg)
256 {
257 int retval;
258 char tbuf[ISO_TIME_LEN + 1];
259 time_t current_time, run_start_time;
260
261 (void) arg;
262
263 MOCK(networkstatus_get_live_consensus,
264 mock_networkstatus_get_live_consensus);
265 MOCK(networkstatus_get_reasonably_live_consensus,
266 mock_networkstatus_get_reasonably_live_consensus);
267
268 retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC",
269 &mock_consensus.fresh_until);
270 tt_int_op(retval, OP_EQ, 0);
271
272 retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
273 &mock_consensus.valid_after);
274 tt_int_op(retval, OP_EQ, 0);
275
276 {
277 /* Get start time if called at 00:00:01 */
278 retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:01 UTC",
279 &current_time);
280 tt_int_op(retval, OP_EQ, 0);
281 dirauth_sched_recalculate_timing(get_options(), current_time);
282 run_start_time = sr_state_get_start_time_of_current_protocol_run();
283
284 /* Compare it with the correct result */
285 format_iso_time(tbuf, run_start_time);
286 tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf);
287 }
288
289 {
290 retval = parse_rfc1123_time("Mon, 20 Apr 2015 23:59:59 UTC",
291 &current_time);
292 tt_int_op(retval, OP_EQ, 0);
293 dirauth_sched_recalculate_timing(get_options(), current_time);
294 run_start_time = sr_state_get_start_time_of_current_protocol_run();
295
296 /* Compare it with the correct result */
297 format_iso_time(tbuf, run_start_time);
298 tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf);
299 }
300
301 {
302 retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
303 &current_time);
304 tt_int_op(retval, OP_EQ, 0);
305 dirauth_sched_recalculate_timing(get_options(), current_time);
306 run_start_time = sr_state_get_start_time_of_current_protocol_run();
307
308 /* Compare it with the correct result */
309 format_iso_time(tbuf, run_start_time);
310 tt_str_op("2015-04-20 00:00:00", OP_EQ, tbuf);
311 }
312
313 {
314 /* We want the local time to be past midnight, but the current consensus to
315 * have valid-after 23:00 (e.g. this can happen if we fetch a new consensus
316 * at 00:08 before dircaches have a chance to get the midnight consensus).
317 *
318 * Basically, we want to cause a desynch between ns->valid_after (23:00)
319 * and the voting_schedule.interval_starts (01:00), to make sure that
320 * sr_state_get_start_time_of_current_protocol_run() handles it gracefully:
321 * It should actually follow the local consensus time and not the voting
322 * schedule (which is designed for authority voting purposes). */
323 retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
324 &mock_consensus.fresh_until);
325 tt_int_op(retval, OP_EQ, 0);
326
327 retval = parse_rfc1123_time("Mon, 19 Apr 2015 23:00:00 UTC",
328 &mock_consensus.valid_after);
329 tt_int_op(retval, OP_EQ, 0);
330
331 retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:08:00 UTC",
332 &current_time);
333 tt_int_op(retval, OP_EQ, 0);
334 update_approx_time(current_time);
335 dirauth_sched_recalculate_timing(get_options(), current_time);
336
337 run_start_time = sr_state_get_start_time_of_current_protocol_run();
338
339 /* Compare it with the correct result */
340 format_iso_time(tbuf, run_start_time);
341 tt_str_op("2015-04-19 00:00:00", OP_EQ, tbuf);
342 /* Check that voting_schedule.interval_starts is at 01:00 (see above) */
343 time_t interval_starts = dirauth_sched_get_next_valid_after_time();
344 format_iso_time(tbuf, interval_starts);
345 tt_str_op("2015-04-20 01:00:00", OP_EQ, tbuf);
346 }
347
348 /* Next test is testing it without a consensus to use the testing voting
349 * interval . */
350 UNMOCK(networkstatus_get_live_consensus);
351 UNMOCK(networkstatus_get_reasonably_live_consensus);
352
353 /* Now let's alter the voting schedule and check the correctness of the
354 * function. Voting interval of 10 seconds, means that an SRV protocol run
355 * takes 10 seconds * 24 rounds = 4 mins */
356 {
357 or_options_t *options = get_options_mutable();
358 options->V3AuthVotingInterval = 10;
359 options->TestingV3AuthInitialVotingInterval = 10;
360 retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:15:32 UTC",
361 &current_time);
362 tt_int_op(retval, OP_EQ, 0);
363 dirauth_sched_recalculate_timing(get_options(), current_time);
364 run_start_time = sr_state_get_start_time_of_current_protocol_run();
365
366 /* Compare it with the correct result */
367 format_iso_time(tbuf, run_start_time);
368 tt_str_op("2015-04-20 00:12:00", OP_EQ, tbuf);
369 }
370
371 done:
372 ;
373 }
374
375 /** Do some rudimentary consistency checks between the functions that
376 * understand the shared random protocol schedule */
377 static void
378 test_get_start_time_functions(void *arg)
379 {
380 (void) arg;
381 int retval;
382
383 MOCK(networkstatus_get_reasonably_live_consensus,
384 mock_networkstatus_get_reasonably_live_consensus);
385
386 retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC",
387 &mock_consensus.fresh_until);
388 tt_int_op(retval, OP_EQ, 0);
389
390 retval = parse_rfc1123_time("Mon, 20 Apr 2015 00:00:00 UTC",
391 &mock_consensus.valid_after);
392 tt_int_op(retval, OP_EQ, 0);
393 time_t now = mock_consensus.valid_after;
394
395 dirauth_sched_recalculate_timing(get_options(), now);
396 time_t start_time_of_protocol_run =
397 sr_state_get_start_time_of_current_protocol_run();
398 tt_assert(start_time_of_protocol_run);
399
400 /* Check that the round start time of the beginning of the run, is itself */
401 tt_int_op(dirauth_sched_get_cur_valid_after_time(), OP_EQ,
402 start_time_of_protocol_run);
403
404 done:
405 UNMOCK(networkstatus_get_reasonably_live_consensus);
406 }
407
408 static void
409 test_get_sr_protocol_duration(void *arg)
410 {
411 (void) arg;
412
413 /* Check that by default an SR phase is 12 hours */
414 tt_int_op(sr_state_get_phase_duration(), OP_EQ, 12*60*60);
415 tt_int_op(sr_state_get_protocol_run_duration(), OP_EQ, 24*60*60);
416
417 /* Now alter the voting interval and check that the SR phase is 2 mins long
418 * if voting happens every 10 seconds (10*12 seconds = 2 mins) */
419 or_options_t *options = get_options_mutable();
420 options->V3AuthVotingInterval = 10;
421 tt_int_op(sr_state_get_phase_duration(), OP_EQ, 2*60);
422 tt_int_op(sr_state_get_protocol_run_duration(), OP_EQ, 4*60);
423
424 done: ;
425 }
426
427 /* In this test we are going to generate a sr_commit_t object and validate
428 * it. We first generate our values, and then we parse them as if they were
429 * received from the network. After we parse both the commit and the reveal,
430 * we verify that they indeed match. */
431 static void
432 test_sr_commit(void *arg)
433 {
434 authority_cert_t *auth_cert = NULL;
435 time_t now = time(NULL);
436 sr_commit_t *our_commit = NULL;
437 smartlist_t *args = smartlist_new();
438 sr_commit_t *parsed_commit = NULL;
439
440 (void) arg;
441
442 { /* Setup a minimal dirauth environment for this test */
443 or_options_t *options = get_options_mutable();
444
445 auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1,
446 strlen(AUTHORITY_CERT_1),
447 NULL);
448 tt_assert(auth_cert);
449
450 options->AuthoritativeDir = 1;
451 tt_int_op(load_ed_keys(options, time(NULL)), OP_GE, 0);
452 }
453
454 /* Generate our commit object and validate it has the appropriate field
455 * that we can then use to build a representation that we'll find in a
456 * vote coming from the network. */
457 {
458 sr_commit_t test_commit;
459 our_commit = sr_generate_our_commit(now, auth_cert);
460 tt_assert(our_commit);
461 /* Default and only supported algorithm for now. */
462 tt_assert(our_commit->alg == DIGEST_SHA3_256);
463 /* We should have a reveal value. */
464 tt_assert(commit_has_reveal_value(our_commit));
465 /* We should have a random value. */
466 tt_assert(!fast_mem_is_zero((char *) our_commit->random_number,
467 sizeof(our_commit->random_number)));
468 /* Commit and reveal timestamp should be the same. */
469 tt_u64_op(our_commit->commit_ts, OP_EQ, our_commit->reveal_ts);
470 /* We should have a hashed reveal. */
471 tt_assert(!fast_mem_is_zero(our_commit->hashed_reveal,
472 sizeof(our_commit->hashed_reveal)));
473 /* Do we have a valid encoded commit and reveal. Note the following only
474 * tests if the generated values are correct. Their could be a bug in
475 * the decode function but we test them separately. */
476 tt_int_op(0, OP_EQ, reveal_decode(our_commit->encoded_reveal,
477 &test_commit));
478 tt_int_op(0, OP_EQ, commit_decode(our_commit->encoded_commit,
479 &test_commit));
480 tt_int_op(0, OP_EQ, verify_commit_and_reveal(our_commit));
481 }
482
483 /* Let's make sure our verify commit and reveal function works. We'll
484 * make it fail a bit with known failure case. */
485 {
486 /* Copy our commit so we don't alter it for the rest of testing. */
487 sr_commit_t test_commit;
488 memcpy(&test_commit, our_commit, sizeof(test_commit));
489
490 /* Timestamp MUST match. */
491 test_commit.commit_ts = test_commit.reveal_ts - 42;
492 setup_full_capture_of_logs(LOG_WARN);
493 tt_int_op(-1, OP_EQ, verify_commit_and_reveal(&test_commit));
494 expect_log_msg_containing("doesn't match reveal timestamp");
495 teardown_capture_of_logs();
496 memcpy(&test_commit, our_commit, sizeof(test_commit));
497 tt_int_op(0, OP_EQ, verify_commit_and_reveal(&test_commit));
498
499 /* Hashed reveal must match the H(encoded_reveal). */
500 memset(test_commit.hashed_reveal, 'X',
501 sizeof(test_commit.hashed_reveal));
502 setup_full_capture_of_logs(LOG_WARN);
503 tt_int_op(-1, OP_EQ, verify_commit_and_reveal(&test_commit));
504 expect_single_log_msg_containing("doesn't match the commit value");
505 teardown_capture_of_logs();
506 memcpy(&test_commit, our_commit, sizeof(test_commit));
507 tt_int_op(0, OP_EQ, verify_commit_and_reveal(&test_commit));
508 }
509
510 /* We'll build a list of values from our commit that our parsing function
511 * takes from a vote line and see if we can parse it correctly. */
512 {
513 smartlist_add_strdup(args, "1");
514 smartlist_add_strdup(args,
515 crypto_digest_algorithm_get_name(our_commit->alg));
516 smartlist_add_strdup(args, sr_commit_get_rsa_fpr(our_commit));
517 smartlist_add_strdup(args, our_commit->encoded_commit);
518 smartlist_add_strdup(args, our_commit->encoded_reveal);
519 parsed_commit = sr_parse_commit(args);
520 tt_assert(parsed_commit);
521 /* That parsed commit should be _EXACTLY_ like our original commit (we
522 * have to explicitly set the valid flag though). */
523 parsed_commit->valid = 1;
524 tt_mem_op(parsed_commit, OP_EQ, our_commit, sizeof(*parsed_commit));
525 /* Cleanup */
526 }
527
528 done:
529 teardown_capture_of_logs();
530 SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
531 smartlist_free(args);
532 sr_commit_free(our_commit);
533 sr_commit_free(parsed_commit);
534 authority_cert_free(auth_cert);
535 }
536
537 /* Test the encoding and decoding function for commit and reveal values. */
538 static void
539 test_encoding(void *arg)
540 {
541 (void) arg;
542 int ret;
543 /* Random number is 32 bytes. */
544 char raw_rand[32];
545 time_t ts = 1454333590;
546 char hashed_rand[DIGEST256_LEN], hashed_reveal[DIGEST256_LEN];
547 sr_commit_t parsed_commit;
548
549 /* Those values were generated by sr_commit_calc_ref.py where the random
550 * value is 32 'A' and timestamp is the one in ts. */
551 static const char *encoded_reveal =
552 "AAAAAFavXpZJxbwTupvaJCTeIUCQmOPxAMblc7ChL5H2nZKuGchdaA==";
553 static const char *encoded_commit =
554 "AAAAAFavXpbkBMzMQG7aNoaGLFNpm2Wkk1ozXhuWWqL//GynltxVAg==";
555
556 /* Set up our raw random bytes array. */
557 memset(raw_rand, 'A', sizeof(raw_rand));
558 /* Hash random number because we don't expose bytes of the RNG. */
559 ret = crypto_digest256(hashed_rand, raw_rand,
560 sizeof(raw_rand), SR_DIGEST_ALG);
561 tt_int_op(0, OP_EQ, ret);
562 /* Hash reveal value. */
563 tt_int_op(SR_REVEAL_BASE64_LEN, OP_EQ, strlen(encoded_reveal));
564 ret = crypto_digest256(hashed_reveal, encoded_reveal,
565 strlen(encoded_reveal), SR_DIGEST_ALG);
566 tt_int_op(0, OP_EQ, ret);
567 tt_int_op(SR_COMMIT_BASE64_LEN, OP_EQ, strlen(encoded_commit));
568
569 /* Test our commit/reveal decode functions. */
570 {
571 /* Test the reveal encoded value. */
572 tt_int_op(0, OP_EQ, reveal_decode(encoded_reveal, &parsed_commit));
573 tt_u64_op(ts, OP_EQ, parsed_commit.reveal_ts);
574 tt_mem_op(hashed_rand, OP_EQ, parsed_commit.random_number,
575 sizeof(hashed_rand));
576
577 /* Test the commit encoded value. */
578 memset(&parsed_commit, 0, sizeof(parsed_commit));
579 tt_int_op(0, OP_EQ, commit_decode(encoded_commit, &parsed_commit));
580 tt_u64_op(ts, OP_EQ, parsed_commit.commit_ts);
581 tt_mem_op(encoded_commit, OP_EQ, parsed_commit.encoded_commit,
582 sizeof(parsed_commit.encoded_commit));
583 tt_mem_op(hashed_reveal, OP_EQ, parsed_commit.hashed_reveal,
584 sizeof(hashed_reveal));
585 }
586
587 /* Test our commit/reveal encode functions. */
588 {
589 /* Test the reveal encode. */
590 char encoded[SR_REVEAL_BASE64_LEN + 1];
591 parsed_commit.reveal_ts = ts;
592 memcpy(parsed_commit.random_number, hashed_rand,
593 sizeof(parsed_commit.random_number));
594 ret = reveal_encode(&parsed_commit, encoded, sizeof(encoded));
595 tt_int_op(SR_REVEAL_BASE64_LEN, OP_EQ, ret);
596 tt_mem_op(encoded_reveal, OP_EQ, encoded, strlen(encoded_reveal));
597 }
598
599 {
600 /* Test the commit encode. */
601 char encoded[SR_COMMIT_BASE64_LEN + 1];
602 parsed_commit.commit_ts = ts;
603 memcpy(parsed_commit.hashed_reveal, hashed_reveal,
604 sizeof(parsed_commit.hashed_reveal));
605 ret = commit_encode(&parsed_commit, encoded, sizeof(encoded));
606 tt_int_op(SR_COMMIT_BASE64_LEN, OP_EQ, ret);
607 tt_mem_op(encoded_commit, OP_EQ, encoded, strlen(encoded_commit));
608 }
609
610 done:
611 ;
612 }
613
614 /** Setup some SRVs in our SR state.
615 * If <b>also_current</b> is set, then set both current and previous SRVs.
616 * Otherwise, just set the previous SRV. (And clear the current SRV.)
617 *
618 * You must call sr_state_free_all() to free the state at the end of each test
619 * function (on pass or fail). */
620 static void
621 test_sr_setup_srv(int also_current)
622 {
623 /* Clear both SRVs before starting.
624 * In 0.3.5 and earlier, sr_state_set_previous_srv() and
625 * sr_state_set_current_srv() do not free() the old srvs. */
626 sr_state_clean_srvs();
627
628 sr_srv_t *srv = tor_malloc_zero(sizeof(sr_srv_t));
629 srv->num_reveals = 42;
630 memcpy(srv->value,
631 "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
632 sizeof(srv->value));
633
634 sr_state_set_previous_srv(srv);
635
636 if (also_current) {
637 srv = tor_malloc_zero(sizeof(sr_srv_t));
638 srv->num_reveals = 128;
639 memcpy(srv->value,
640 "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN",
641 sizeof(srv->value));
642
643 sr_state_set_current_srv(srv);
644 }
645 }
646
647 /* Test anything that has to do with SR protocol and vote. */
648 static void
649 test_vote(void *arg)
650 {
651 int ret;
652 time_t now = time(NULL);
653 sr_commit_t *our_commit = NULL;
654
655 (void) arg;
656
657 MOCK(trusteddirserver_get_by_v3_auth_digest,
658 trusteddirserver_get_by_v3_auth_digest_m);
659
660 { /* Setup a minimal dirauth environment for this test */
661 init_authority_state();
662 /* Set ourself in reveal phase so we can parse the reveal value in the
663 * vote as well. */
664 set_sr_phase(SR_PHASE_REVEAL);
665 }
666
667 /* Generate our commit object and validate it has the appropriate field
668 * that we can then use to build a representation that we'll find in a
669 * vote coming from the network. */
670 {
671 sr_commit_t *saved_commit;
672 our_commit = sr_generate_our_commit(now, mock_cert);
673 tt_assert(our_commit);
674 sr_state_add_commit(our_commit);
675 /* Make sure it's there. */
676 saved_commit = sr_state_get_commit(our_commit->rsa_identity);
677 tt_assert(saved_commit);
678 }
679
680 /* Also setup the SRVs */
681 test_sr_setup_srv(1);
682
683 { /* Now test the vote generation */
684 smartlist_t *chunks = smartlist_new();
685 smartlist_t *tokens = smartlist_new();
686 /* Get our vote line and validate it. */
687 char *lines = sr_get_string_for_vote();
688 tt_assert(lines);
689 /* Split the lines. We expect 2 here. */
690 ret = smartlist_split_string(chunks, lines, "\n", SPLIT_IGNORE_BLANK, 0);
691 tt_int_op(ret, OP_EQ, 4);
692 tt_str_op(smartlist_get(chunks, 0), OP_EQ, "shared-rand-participate");
693 /* Get our commitment line and will validate it against our commit. The
694 * format is as follow:
695 * "shared-rand-commitment" SP version SP algname SP identity
696 * SP COMMIT [SP REVEAL] NL
697 */
698 char *commit_line = smartlist_get(chunks, 1);
699 tt_assert(commit_line);
700 ret = smartlist_split_string(tokens, commit_line, " ", 0, 0);
701 tt_int_op(ret, OP_EQ, 6);
702 tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-commit");
703 tt_str_op(smartlist_get(tokens, 1), OP_EQ, "1");
704 tt_str_op(smartlist_get(tokens, 2), OP_EQ,
705 crypto_digest_algorithm_get_name(DIGEST_SHA3_256));
706 char digest[DIGEST_LEN];
707 base16_decode(digest, sizeof(digest), smartlist_get(tokens, 3),
708 HEX_DIGEST_LEN);
709 tt_mem_op(digest, OP_EQ, our_commit->rsa_identity, sizeof(digest));
710 tt_str_op(smartlist_get(tokens, 4), OP_EQ, our_commit->encoded_commit);
711 tt_str_op(smartlist_get(tokens, 5), OP_EQ, our_commit->encoded_reveal)
712 ;
713 /* Finally, does this vote line creates a valid commit object? */
714 smartlist_t *args = smartlist_new();
715 smartlist_add(args, smartlist_get(tokens, 1));
716 smartlist_add(args, smartlist_get(tokens, 2));
717 smartlist_add(args, smartlist_get(tokens, 3));
718 smartlist_add(args, smartlist_get(tokens, 4));
719 smartlist_add(args, smartlist_get(tokens, 5));
720 sr_commit_t *parsed_commit = sr_parse_commit(args);
721 tt_assert(parsed_commit);
722 /* Set valid flag explicitly here to compare since it's not set by
723 * simply parsing the commit. */
724 parsed_commit->valid = 1;
725 tt_mem_op(parsed_commit, OP_EQ, our_commit, sizeof(*our_commit));
726
727 /* minor cleanup */
728 SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
729 smartlist_clear(tokens);
730
731 /* Now test the previous SRV */
732 char *prev_srv_line = smartlist_get(chunks, 2);
733 tt_assert(prev_srv_line);
734 ret = smartlist_split_string(tokens, prev_srv_line, " ", 0, 0);
735 tt_int_op(ret, OP_EQ, 3);
736 tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-previous-value");
737 tt_str_op(smartlist_get(tokens, 1), OP_EQ, "42");
738 tt_str_op(smartlist_get(tokens, 2), OP_EQ,
739 "WlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo=");
740
741 /* minor cleanup */
742 SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
743 smartlist_clear(tokens);
744
745 /* Now test the current SRV */
746 char *current_srv_line = smartlist_get(chunks, 3);
747 tt_assert(current_srv_line);
748 ret = smartlist_split_string(tokens, current_srv_line, " ", 0, 0);
749 tt_int_op(ret, OP_EQ, 3);
750 tt_str_op(smartlist_get(tokens, 0), OP_EQ, "shared-rand-current-value");
751 tt_str_op(smartlist_get(tokens, 1), OP_EQ, "128");
752 tt_str_op(smartlist_get(tokens, 2), OP_EQ,
753 "Tk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk4=");
754
755 /* Clean up */
756 sr_commit_free(parsed_commit);
757 SMARTLIST_FOREACH(chunks, char *, s, tor_free(s));
758 smartlist_free(chunks);
759 SMARTLIST_FOREACH(tokens, char *, s, tor_free(s));
760 smartlist_free(tokens);
761 smartlist_clear(args);
762 smartlist_free(args);
763 tor_free(lines);
764 }
765
766 done:
767 UNMOCK(trusteddirserver_get_by_v3_auth_digest);
768 sr_state_free_all();
769 }
770
771 static const char *sr_state_str = "Version 1\n"
772 "TorVersion 0.2.9.0-alpha-dev\n"
773 "ValidAfter 2037-04-19 07:16:00\n"
774 "ValidUntil 2037-04-20 07:16:00\n"
775 "Commit 1 sha3-256 FA3CEC2C99DC68D3166B9B6E4FA21A4026C2AB1C "
776 "7M8GdubCAAdh7WUG0DiwRyxTYRKji7HATa7LLJEZ/UAAAAAAVmfUSg== "
777 "AAAAAFZn1EojfIheIw42bjK3VqkpYyjsQFSbv/dxNna3Q8hUEPKpOw==\n"
778 "Commit 1 sha3-256 41E89EDFBFBA44983E21F18F2230A4ECB5BFB543 "
779 "17aUsYuMeRjd2N1r8yNyg7aHqRa6gf4z7QPoxxAZbp0AAAAAVmfUSg==\n"
780 "Commit 1 sha3-256 36637026573A04110CF3E6B1D201FB9A98B88734 "
781 "DDDYtripvdOU+XPEUm5xpU64d9IURSds1xSwQsgeB8oAAAAAVmfUSg==\n"
782 "SharedRandPreviousValue 4 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=\n"
783 "SharedRandCurrentValue 3 8dWeW12KEzTGEiLGgO1UVJ7Z91CekoRcxt6Q9KhnOFI=\n";
784
785 /** Create an SR disk state, parse it and validate that the parsing went
786 * well. Yes! */
787 static void
788 test_state_load_from_disk(void *arg)
789 {
790 int ret;
791 char *dir = tor_strdup(get_fname("test_sr_state"));
792 char *sr_state_path = tor_strdup(get_fname("test_sr_state/sr_state"));
793 sr_state_t *the_sr_state = NULL;
794
795 (void) arg;
796
797 MOCK(trusteddirserver_get_by_v3_auth_digest,
798 trusteddirserver_get_by_v3_auth_digest_m);
799
800 /* First try with a nonexistent path. */
801 ret = disk_state_load_from_disk_impl("NONEXISTENTNONEXISTENT");
802 tt_int_op(ret, OP_EQ, -ENOENT);
803
804 /* Now create a mock state directory and state file */
805 #ifdef _WIN32
806 ret = mkdir(dir);
807 #else
808 ret = mkdir(dir, 0700);
809 #endif
810 tt_int_op(ret, OP_EQ, 0);
811 ret = write_str_to_file(sr_state_path, sr_state_str, 0);
812 tt_int_op(ret, OP_EQ, 0);
813
814 /* Try to load the directory itself. Should fail. */
815 ret = disk_state_load_from_disk_impl(dir);
816 tt_int_op(ret, OP_LT, 0);
817
818 /* State should be non-existent at this point. */
819 the_sr_state = get_sr_state();
820 tt_ptr_op(the_sr_state, OP_EQ, NULL);
821
822 /* Now try to load the correct file! */
823 ret = disk_state_load_from_disk_impl(sr_state_path);
824 tt_int_op(ret, OP_EQ, 0);
825
826 /* Check the content of the state */
827 /* XXX check more deeply!!! */
828 the_sr_state = get_sr_state();
829 tt_assert(the_sr_state);
830 tt_assert(the_sr_state->version == 1);
831 tt_assert(digestmap_size(the_sr_state->commits) == 3);
832 tt_assert(the_sr_state->current_srv);
833 tt_assert(the_sr_state->current_srv->num_reveals == 3);
834 tt_assert(the_sr_state->previous_srv);
835
836 /* XXX Now also try loading corrupted state files and make sure parsing
837 fails */
838
839 done:
840 tor_free(dir);
841 tor_free(sr_state_path);
842 UNMOCK(trusteddirserver_get_by_v3_auth_digest);
843 }
844
845 /** Generate three specially crafted commits (based on the test
846 * vector at sr_srv_calc_ref.py). Helper of test_sr_compute_srv(). */
847 static void
848 test_sr_setup_commits(void)
849 {
850 time_t now = time(NULL);
851 sr_commit_t *commit_a, *commit_b, *commit_c, *commit_d;
852 sr_commit_t *place_holder = tor_malloc_zero(sizeof(*place_holder));
853 authority_cert_t *auth_cert = NULL;
854
855 { /* Setup a minimal dirauth environment for this test */
856 or_options_t *options = get_options_mutable();
857
858 auth_cert = authority_cert_parse_from_string(AUTHORITY_CERT_1,
859 strlen(AUTHORITY_CERT_1),
860 NULL);
861 tt_assert(auth_cert);
862
863 options->AuthoritativeDir = 1;
864 tt_int_op(0, OP_EQ, load_ed_keys(options, now));
865 }
866
867 /* Generate three dummy commits according to sr_srv_calc_ref.py . Then
868 register them to the SR state. Also register a fourth commit 'd' with no
869 reveal info, to make sure that it will get ignored during SRV
870 calculation. */
871
872 { /* Commit from auth 'a' */
873 commit_a = sr_generate_our_commit(now, auth_cert);
874 tt_assert(commit_a);
875
876 /* Do some surgery on the commit */
877 memset(commit_a->rsa_identity, 'A', sizeof(commit_a->rsa_identity));
878 base16_encode(commit_a->rsa_identity_hex,
879 sizeof(commit_a->rsa_identity_hex), commit_a->rsa_identity,
880 sizeof(commit_a->rsa_identity));
881 strlcpy(commit_a->encoded_reveal,
882 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
883 sizeof(commit_a->encoded_reveal));
884 memcpy(commit_a->hashed_reveal,
885 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
886 sizeof(commit_a->hashed_reveal));
887 }
888
889 { /* Commit from auth 'b' */
890 commit_b = sr_generate_our_commit(now, auth_cert);
891 tt_assert(commit_b);
892
893 /* Do some surgery on the commit */
894 memset(commit_b->rsa_identity, 'B', sizeof(commit_b->rsa_identity));
895 base16_encode(commit_b->rsa_identity_hex,
896 sizeof(commit_b->rsa_identity_hex), commit_b->rsa_identity,
897 sizeof(commit_b->rsa_identity));
898 strlcpy(commit_b->encoded_reveal,
899 "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
900 sizeof(commit_b->encoded_reveal));
901 memcpy(commit_b->hashed_reveal,
902 "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
903 sizeof(commit_b->hashed_reveal));
904 }
905
906 { /* Commit from auth 'c' */
907 commit_c = sr_generate_our_commit(now, auth_cert);
908 tt_assert(commit_c);
909
910 /* Do some surgery on the commit */
911 memset(commit_c->rsa_identity, 'C', sizeof(commit_c->rsa_identity));
912 base16_encode(commit_c->rsa_identity_hex,
913 sizeof(commit_c->rsa_identity_hex), commit_c->rsa_identity,
914 sizeof(commit_c->rsa_identity));
915 strlcpy(commit_c->encoded_reveal,
916 "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
917 sizeof(commit_c->encoded_reveal));
918 memcpy(commit_c->hashed_reveal,
919 "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
920 sizeof(commit_c->hashed_reveal));
921 }
922
923 { /* Commit from auth 'd' */
924 commit_d = sr_generate_our_commit(now, auth_cert);
925 tt_assert(commit_d);
926
927 /* Do some surgery on the commit */
928 memset(commit_d->rsa_identity, 'D', sizeof(commit_d->rsa_identity));
929 base16_encode(commit_d->rsa_identity_hex,
930 sizeof(commit_d->rsa_identity_hex), commit_d->rsa_identity,
931 sizeof(commit_d->rsa_identity));
932 strlcpy(commit_d->encoded_reveal,
933 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
934 sizeof(commit_d->encoded_reveal));
935 memcpy(commit_d->hashed_reveal,
936 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
937 sizeof(commit_d->hashed_reveal));
938 /* Clean up its reveal info */
939 memcpy(place_holder, commit_d, sizeof(*place_holder));
940 memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal));
941 tt_assert(!commit_has_reveal_value(commit_d));
942 }
943
944 /* Register commits to state (during commit phase) */
945 set_sr_phase(SR_PHASE_COMMIT);
946 save_commit_to_state(commit_a);
947 save_commit_to_state(commit_b);
948 save_commit_to_state(commit_c);
949 save_commit_to_state(commit_d);
950 tt_int_op(digestmap_size(get_sr_state()->commits), OP_EQ, 4);
951
952 /* Now during REVEAL phase save commit D by restoring its reveal. */
953 set_sr_phase(SR_PHASE_REVEAL);
954 save_commit_to_state(place_holder);
955 place_holder = NULL;
956 tt_str_op(commit_d->encoded_reveal, OP_EQ,
957 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD");
958 /* Go back to an empty encoded reveal value. */
959 memset(commit_d->encoded_reveal, 0, sizeof(commit_d->encoded_reveal));
960 memset(commit_d->random_number, 0, sizeof(commit_d->random_number));
961 tt_assert(!commit_has_reveal_value(commit_d));
962
963 done:
964 tor_free(place_holder);
965 authority_cert_free(auth_cert);
966 }
967
968 /** Verify that the SRV generation procedure is proper by testing it against
969 * the test vector from ./sr_srv_calc_ref.py. */
970 static void
971 test_sr_compute_srv(void *arg)
972 {
973 (void) arg;
974 const sr_srv_t *current_srv = NULL;
975
976 #define SRV_TEST_VECTOR \
977 "2A9B1D6237DAB312A40F575DA85C147663E7ED3F80E9555395F15B515C74253D"
978
979 MOCK(trusteddirserver_get_by_v3_auth_digest,
980 trusteddirserver_get_by_v3_auth_digest_m);
981
982 init_authority_state();
983
984 /* Setup the commits for this unittest */
985 test_sr_setup_commits();
986 test_sr_setup_srv(0);
987
988 /* Now switch to reveal phase */
989 set_sr_phase(SR_PHASE_REVEAL);
990
991 /* Compute the SRV */
992 sr_compute_srv();
993
994 /* Check the result against the test vector */
995 current_srv = sr_state_get_current_srv();
996 tt_assert(current_srv);
997 tt_u64_op(current_srv->num_reveals, OP_EQ, 3);
998 tt_str_op(hex_str((char*)current_srv->value, 32),
999 OP_EQ,
1000 SRV_TEST_VECTOR);
1001
1002 done:
1003 UNMOCK(trusteddirserver_get_by_v3_auth_digest);
1004 sr_state_free_all();
1005 }
1006
1007 /** Return a minimal vote document with a current SRV value set to
1008 * <b>srv</b>. */
1009 static networkstatus_t *
1010 get_test_vote_with_curr_srv(const char *srv)
1011 {
1012 networkstatus_t *vote = tor_malloc_zero(sizeof(networkstatus_t));
1013
1014 vote->type = NS_TYPE_VOTE;
1015 vote->sr_info.participate = 1;
1016 vote->sr_info.current_srv = tor_malloc_zero(sizeof(sr_srv_t));
1017 vote->sr_info.current_srv->num_reveals = 42;
1018 memcpy(vote->sr_info.current_srv->value,
1019 srv,
1020 sizeof(vote->sr_info.current_srv->value));
1021
1022 return vote;
1023 }
1024
1025 /* Test the function that picks the right SRV given a bunch of votes. Make sure
1026 * that the function returns an SRV iff the majority/agreement requirements are
1027 * met. */
1028 static void
1029 test_sr_get_majority_srv_from_votes(void *arg)
1030 {
1031 sr_srv_t *chosen_srv;
1032 smartlist_t *votes = smartlist_new();
1033
1034 #define SRV_1 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
1035 #define SRV_2 "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
1036
1037 (void) arg;
1038
1039 init_authority_state();
1040 /* Make sure our SRV is fresh so we can consider the super majority with
1041 * the consensus params of number of agreements needed. */
1042 sr_state_set_fresh_srv();
1043
1044 /* The test relies on the dirauth list being initialized. */
1045 clear_dir_servers();
1046 add_default_trusted_dir_authorities(V3_DIRINFO);
1047
1048 { /* Prepare voting environment with just a single vote. */
1049 networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
1050 smartlist_add(votes, vote);
1051 }
1052
1053 /* Since it's only one vote with an SRV, it should not achieve majority and
1054 hence no SRV will be returned. */
1055 chosen_srv = get_majority_srv_from_votes(votes, 1);
1056 tt_ptr_op(chosen_srv, OP_EQ, NULL);
1057
1058 { /* Now put in 8 more votes. Let SRV_1 have majority. */
1059 int i;
1060 /* Now 7 votes believe in SRV_1 */
1061 for (i = 0; i < 3; i++) {
1062 networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
1063 smartlist_add(votes, vote);
1064 }
1065 /* and 2 votes believe in SRV_2 */
1066 for (i = 0; i < 2; i++) {
1067 networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_2);
1068 smartlist_add(votes, vote);
1069 }
1070 for (i = 0; i < 3; i++) {
1071 networkstatus_t *vote = get_test_vote_with_curr_srv(SRV_1);
1072 smartlist_add(votes, vote);
1073 }
1074
1075 tt_int_op(smartlist_len(votes), OP_EQ, 9);
1076 }
1077
1078 /* Now we achieve majority for SRV_1, but not the AuthDirNumSRVAgreements
1079 requirement. So still not picking an SRV. */
1080 set_num_srv_agreements(8);
1081 chosen_srv = get_majority_srv_from_votes(votes, 1);
1082 tt_ptr_op(chosen_srv, OP_EQ, NULL);
1083
1084 /* We will now lower the AuthDirNumSRVAgreements requirement by tweaking the
1085 * consensus parameter and we will try again. This time it should work. */
1086 set_num_srv_agreements(7);
1087 chosen_srv = get_majority_srv_from_votes(votes, 1);
1088 tt_assert(chosen_srv);
1089 tt_u64_op(chosen_srv->num_reveals, OP_EQ, 42);
1090 tt_mem_op(chosen_srv->value, OP_EQ, SRV_1, sizeof(chosen_srv->value));
1091
1092 done:
1093 SMARTLIST_FOREACH(votes, networkstatus_t *, vote,
1094 networkstatus_vote_free(vote));
1095 smartlist_free(votes);
1096 }
1097
1098 /* Testing sr_srv_dup(). */
1099 static void
1100 test_sr_svr_dup(void *arg)
1101 {
1102 (void)arg;
1103
1104 sr_srv_t *srv = NULL, *dup_srv = NULL;
1105 const char *srv_value =
1106 "1BDB7C3E973936E4D13A49F37C859B3DC69C429334CF9412E3FEF6399C52D47A";
1107 srv = tor_malloc_zero(sizeof(*srv));
1108 srv->num_reveals = 42;
1109 memcpy(srv->value, srv_value, sizeof(srv->value));
1110 dup_srv = sr_srv_dup(srv);
1111 tt_assert(dup_srv);
1112 tt_u64_op(dup_srv->num_reveals, OP_EQ, srv->num_reveals);
1113 tt_mem_op(dup_srv->value, OP_EQ, srv->value, sizeof(srv->value));
1114
1115 done:
1116 tor_free(srv);
1117 tor_free(dup_srv);
1118 }
1119
1120 /* Testing commitments_are_the_same(). Currently, the check is to test the
1121 * value of the encoded commit so let's make sure that actually works. */
1122 static void
1123 test_commitments_are_the_same(void *arg)
1124 {
1125 (void)arg;
1126
1127 /* Payload of 57 bytes that is the length of sr_commit_t->encoded_commit.
1128 * 56 bytes of payload and a NUL terminated byte at the end ('\x00')
1129 * which comes down to SR_COMMIT_BASE64_LEN + 1. */
1130 const char *payload =
1131 "\x5d\xb9\x60\xb6\xcc\x51\x68\x52\x31\xd9\x88\x88\x71\x71\xe0\x30"
1132 "\x59\x55\x7f\xcd\x61\xc0\x4b\x05\xb8\xcd\xc1\x48\xe9\xcd\x16\x1f"
1133 "\x70\x15\x0c\xfc\xd3\x1a\x75\xd0\x93\x6c\xc4\xe0\x5c\xbe\xe2\x18"
1134 "\xc7\xaf\x72\xb6\x7c\x9b\x52\x00";
1135 sr_commit_t commit1, commit2;
1136 memcpy(commit1.encoded_commit, payload, sizeof(commit1.encoded_commit));
1137 memcpy(commit2.encoded_commit, payload, sizeof(commit2.encoded_commit));
1138 tt_int_op(commitments_are_the_same(&commit1, &commit2), OP_EQ, 1);
1139 /* Let's corrupt one of them. */
1140 memset(commit1.encoded_commit, 'A', sizeof(commit1.encoded_commit));
1141 tt_int_op(commitments_are_the_same(&commit1, &commit2), OP_EQ, 0);
1142
1143 done:
1144 return;
1145 }
1146
1147 /* Testing commit_is_authoritative(). */
1148 static void
1149 test_commit_is_authoritative(void *arg)
1150 {
1151 (void)arg;
1152
1153 crypto_pk_t *k = crypto_pk_new();
1154 char digest[DIGEST_LEN];
1155 sr_commit_t commit;
1156
1157 tt_assert(!crypto_pk_generate_key(k));
1158
1159 tt_int_op(0, OP_EQ, crypto_pk_get_digest(k, digest));
1160 memcpy(commit.rsa_identity, digest, sizeof(commit.rsa_identity));
1161 tt_int_op(commit_is_authoritative(&commit, digest), OP_EQ, 1);
1162 /* Change the pubkey. */
1163 memset(commit.rsa_identity, 0, sizeof(commit.rsa_identity));
1164 tt_int_op(commit_is_authoritative(&commit, digest), OP_EQ, 0);
1165
1166 done:
1167 crypto_pk_free(k);
1168 }
1169
1170 static void
1171 test_get_phase_str(void *arg)
1172 {
1173 (void)arg;
1174
1175 tt_str_op(get_phase_str(SR_PHASE_REVEAL), OP_EQ, "reveal");
1176 tt_str_op(get_phase_str(SR_PHASE_COMMIT), OP_EQ, "commit");
1177
1178 done:
1179 return;
1180 }
1181
1182 /* Test utils that depend on authority state */
1183 static void
1184 test_utils_auth(void *arg)
1185 {
1186 (void)arg;
1187 init_authority_state();
1188
1189 /* Testing phase transition */
1190 {
1191 set_sr_phase(SR_PHASE_COMMIT);
1192 tt_int_op(is_phase_transition(SR_PHASE_REVEAL), OP_EQ, 1);
1193 tt_int_op(is_phase_transition(SR_PHASE_COMMIT), OP_EQ, 0);
1194 set_sr_phase(SR_PHASE_REVEAL);
1195 tt_int_op(is_phase_transition(SR_PHASE_REVEAL), OP_EQ, 0);
1196 tt_int_op(is_phase_transition(SR_PHASE_COMMIT), OP_EQ, 1);
1197 /* Junk. */
1198 tt_int_op(is_phase_transition(42), OP_EQ, 1);
1199 }
1200
1201 /* Testing get, set, delete, clean SRVs */
1202
1203 {
1204 /* Just set the previous SRV */
1205 test_sr_setup_srv(0);
1206 tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL);
1207 tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
1208 state_del_previous_srv();
1209 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1210 tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
1211 }
1212
1213 {
1214 /* Delete the SRVs one at a time */
1215 test_sr_setup_srv(1);
1216 tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL);
1217 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1218 state_del_current_srv();
1219 tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL);
1220 tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
1221 state_del_previous_srv();
1222 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1223 tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
1224
1225 /* And in the opposite order */
1226 test_sr_setup_srv(1);
1227 tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL);
1228 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1229 state_del_previous_srv();
1230 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1231 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1232 state_del_current_srv();
1233 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1234 tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
1235
1236 /* And both at once */
1237 test_sr_setup_srv(1);
1238 tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL);
1239 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1240 sr_state_clean_srvs();
1241 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1242 tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
1243
1244 /* And do the gets and sets multiple times */
1245 test_sr_setup_srv(1);
1246 tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL);
1247 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1248 tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL);
1249 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1250 state_del_previous_srv();
1251 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1252 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1253 state_del_previous_srv();
1254 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1255 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1256 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1257 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1258 sr_state_clean_srvs();
1259 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1260 tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
1261 state_del_current_srv();
1262 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1263 tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
1264 sr_state_clean_srvs();
1265 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1266 tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
1267 state_del_current_srv();
1268 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1269 tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
1270 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1271 tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
1272 }
1273
1274 {
1275 /* Now set the SRVs to NULL instead */
1276 test_sr_setup_srv(1);
1277 tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL);
1278 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1279 sr_state_set_current_srv(NULL);
1280 tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL);
1281 tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
1282 sr_state_set_previous_srv(NULL);
1283 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1284 tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
1285
1286 /* And in the opposite order */
1287 test_sr_setup_srv(1);
1288 tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL);
1289 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1290 sr_state_set_previous_srv(NULL);
1291 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1292 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1293 sr_state_set_current_srv(NULL);
1294 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1295 tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
1296
1297 /* And both at once */
1298 test_sr_setup_srv(1);
1299 tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL);
1300 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1301 sr_state_clean_srvs();
1302 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1303 tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
1304
1305 /* And do the gets and sets multiple times */
1306 test_sr_setup_srv(1);
1307 tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL);
1308 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1309 sr_state_set_previous_srv(NULL);
1310 sr_state_set_previous_srv(NULL);
1311 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1312 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1313 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1314 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1315 sr_state_set_current_srv(NULL);
1316 sr_state_set_previous_srv(NULL);
1317 sr_state_set_current_srv(NULL);
1318 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1319 tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
1320 }
1321
1322 {
1323 /* Now copy the values across */
1324 test_sr_setup_srv(1);
1325 /* Check that the pointers are non-NULL, and different from each other */
1326 tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL);
1327 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1328 tt_ptr_op(sr_state_get_previous_srv(), OP_NE,
1329 sr_state_get_current_srv());
1330 /* Check that the content is different */
1331 tt_mem_op(sr_state_get_previous_srv(), OP_NE,
1332 sr_state_get_current_srv(), sizeof(sr_srv_t));
1333 /* Set the current to the previous: the protocol goes the other way */
1334 sr_state_set_current_srv(sr_srv_dup(sr_state_get_previous_srv()));
1335 /* Check that the pointers are non-NULL, and different from each other */
1336 tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL);
1337 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1338 tt_ptr_op(sr_state_get_previous_srv(), OP_NE,
1339 sr_state_get_current_srv());
1340 /* Check that the content is the same */
1341 tt_mem_op(sr_state_get_previous_srv(), OP_EQ,
1342 sr_state_get_current_srv(), sizeof(sr_srv_t));
1343 }
1344
1345 {
1346 /* Now copy a value onto itself */
1347 test_sr_setup_srv(1);
1348 /* Check that the pointers are non-NULL, and different from each other */
1349 tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL);
1350 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1351 tt_ptr_op(sr_state_get_previous_srv(), OP_NE,
1352 sr_state_get_current_srv());
1353 /* Take a copy of the old value */
1354 sr_srv_t old_current_srv;
1355 memcpy(&old_current_srv, sr_state_get_current_srv(), sizeof(sr_srv_t));
1356 /* Check that the content is different */
1357 tt_mem_op(sr_state_get_previous_srv(), OP_NE,
1358 sr_state_get_current_srv(), sizeof(sr_srv_t));
1359 /* Set the current to the current: the protocol never replaces an SRV with
1360 * the same value */
1361 sr_state_set_current_srv(sr_srv_dup(sr_state_get_current_srv()));
1362 /* Check that the pointers are non-NULL, and different from each other */
1363 tt_ptr_op(sr_state_get_previous_srv(), OP_NE, NULL);
1364 tt_ptr_op(sr_state_get_current_srv(), OP_NE, NULL);
1365 tt_ptr_op(sr_state_get_previous_srv(), OP_NE,
1366 sr_state_get_current_srv());
1367 /* Check that the content is different between current and previous */
1368 tt_mem_op(sr_state_get_previous_srv(), OP_NE,
1369 sr_state_get_current_srv(), sizeof(sr_srv_t));
1370 /* Check that the content is the same as the old content */
1371 tt_mem_op(&old_current_srv, OP_EQ,
1372 sr_state_get_current_srv(), sizeof(sr_srv_t));
1373 }
1374
1375 /* I don't think we can say "expect a BUG()" in our tests. */
1376 #if 0
1377 {
1378 /* Now copy a value onto itself without sr_srv_dup().
1379 * This should fail with a BUG() warning. */
1380 test_sr_setup_srv(1);
1381 sr_state_set_current_srv(sr_state_get_current_srv());
1382 sr_state_set_previous_srv(sr_state_get_previous_srv());
1383 }
1384 #endif /* 0 */
1385
1386 done:
1387 sr_state_free_all();
1388 }
1389
1390 static void
1391 test_state_transition(void *arg)
1392 {
1393 sr_state_t *state = NULL;
1394 time_t now = time(NULL);
1395 sr_srv_t *cur = NULL;
1396
1397 (void) arg;
1398
1399 { /* Setup a minimal dirauth environment for this test */
1400 init_authority_state();
1401 state = get_sr_state();
1402 tt_assert(state);
1403 }
1404
1405 /* Test our state reset for a new protocol run. */
1406 {
1407 /* Add a commit to the state so we can test if the reset cleans the
1408 * commits. Also, change all params that we expect to be updated. */
1409 sr_commit_t *commit = sr_generate_our_commit(now, mock_cert);
1410 tt_assert(commit);
1411 sr_state_add_commit(commit);
1412 tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
1413 /* Let's test our delete feature. */
1414 sr_state_delete_commits();
1415 tt_int_op(digestmap_size(state->commits), OP_EQ, 0);
1416 /* Add it back so we can continue the rest of the test because after
1417 * deleting our commit will be freed so generate a new one. */
1418 commit = sr_generate_our_commit(now, mock_cert);
1419 tt_assert(commit);
1420 sr_state_add_commit(commit);
1421 tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
1422 state->n_reveal_rounds = 42;
1423 state->n_commit_rounds = 43;
1424 state->n_protocol_runs = 44;
1425 reset_state_for_new_protocol_run(now);
1426 tt_int_op(state->n_reveal_rounds, OP_EQ, 0);
1427 tt_int_op(state->n_commit_rounds, OP_EQ, 0);
1428 tt_u64_op(state->n_protocol_runs, OP_EQ, 45);
1429 tt_int_op(digestmap_size(state->commits), OP_EQ, 0);
1430 }
1431
1432 /* Test SRV rotation in our state. */
1433 {
1434 test_sr_setup_srv(1);
1435 tt_assert(sr_state_get_current_srv());
1436 /* Take a copy of the data, because the state owns the pointer */
1437 cur = sr_srv_dup(sr_state_get_current_srv());
1438 tt_assert(cur);
1439 /* After, the previous SRV should be the same as the old current SRV, and
1440 * the current SRV should be set to NULL */
1441 state_rotate_srv();
1442 tt_mem_op(sr_state_get_previous_srv(), OP_EQ, cur, sizeof(sr_srv_t));
1443 tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
1444 sr_state_clean_srvs();
1445 tor_free(cur);
1446 }
1447
1448 /* New protocol run. */
1449 {
1450 /* Setup some new SRVs so we can confirm that a new protocol run
1451 * actually makes them rotate and compute new ones. */
1452 test_sr_setup_srv(1);
1453 tt_assert(sr_state_get_current_srv());
1454 /* Take a copy of the data, because the state owns the pointer */
1455 cur = sr_srv_dup(sr_state_get_current_srv());
1456 set_sr_phase(SR_PHASE_REVEAL);
1457 MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
1458 new_protocol_run(now);
1459 UNMOCK(get_my_v3_authority_cert);
1460 /* Rotation happened. */
1461 tt_mem_op(sr_state_get_previous_srv(), OP_EQ, cur, sizeof(sr_srv_t));
1462 /* We are going into COMMIT phase so we had to rotate our SRVs. Usually
1463 * our current SRV would be NULL but a new protocol run should make us
1464 * compute a new SRV. */
1465 tt_assert(sr_state_get_current_srv());
1466 /* Also, make sure we did change the current. */
1467 tt_mem_op(sr_state_get_current_srv(), OP_NE, cur, sizeof(sr_srv_t));
1468 /* We should have our commitment alone. */
1469 tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
1470 tt_int_op(state->n_reveal_rounds, OP_EQ, 0);
1471 tt_int_op(state->n_commit_rounds, OP_EQ, 0);
1472 /* 46 here since we were at 45 just before. */
1473 tt_u64_op(state->n_protocol_runs, OP_EQ, 46);
1474 tor_free(cur);
1475 }
1476
1477 /* Cleanup of SRVs. */
1478 {
1479 sr_state_clean_srvs();
1480 tt_ptr_op(sr_state_get_current_srv(), OP_EQ, NULL);
1481 tt_ptr_op(sr_state_get_previous_srv(), OP_EQ, NULL);
1482 }
1483
1484 done:
1485 tor_free(cur);
1486 sr_state_free_all();
1487 }
1488
1489 static void
1490 test_keep_commit(void *arg)
1491 {
1492 char fp[FINGERPRINT_LEN + 1];
1493 sr_commit_t *commit = NULL, *dup_commit = NULL;
1494 sr_state_t *state;
1495 time_t now = time(NULL);
1496 crypto_pk_t *k = NULL;
1497
1498 (void) arg;
1499
1500 MOCK(trusteddirserver_get_by_v3_auth_digest,
1501 trusteddirserver_get_by_v3_auth_digest_m);
1502
1503 {
1504 k = pk_generate(1);
1505 /* Setup a minimal dirauth environment for this test */
1506 /* Have a key that is not the one from our commit. */
1507 init_authority_state();
1508 state = get_sr_state();
1509 }
1510
1511 crypto_rand((char*)fp, sizeof(fp));
1512
1513 /* Test this very important function that tells us if we should keep a
1514 * commit or not in our state. Most of it depends on the phase and what's
1515 * in the commit so we'll change the commit as we go. */
1516 commit = sr_generate_our_commit(now, mock_cert);
1517 tt_assert(commit);
1518 /* Set us in COMMIT phase for starter. */
1519 set_sr_phase(SR_PHASE_COMMIT);
1520 /* We should never keep a commit from a non authoritative authority. */
1521 tt_int_op(should_keep_commit(commit, fp, SR_PHASE_COMMIT), OP_EQ, 0);
1522 /* This should NOT be kept because it has a reveal value in it. */
1523 tt_assert(commit_has_reveal_value(commit));
1524 tt_int_op(should_keep_commit(commit, commit->rsa_identity,
1525 SR_PHASE_COMMIT), OP_EQ, 0);
1526 /* Add it to the state which should return to not keep it. */
1527 sr_state_add_commit(commit);
1528 tt_int_op(should_keep_commit(commit, commit->rsa_identity,
1529 SR_PHASE_COMMIT), OP_EQ, 0);
1530 /* Remove it from state so we can continue our testing. */
1531 digestmap_remove(state->commits, commit->rsa_identity);
1532 /* Let's remove our reveal value which should make it OK to keep it. */
1533 memset(commit->encoded_reveal, 0, sizeof(commit->encoded_reveal));
1534 tt_int_op(should_keep_commit(commit, commit->rsa_identity,
1535 SR_PHASE_COMMIT), OP_EQ, 1);
1536
1537 /* Let's reset our commit and go into REVEAL phase. */
1538 sr_commit_free(commit);
1539 commit = sr_generate_our_commit(now, mock_cert);
1540 tt_assert(commit);
1541 /* Dup the commit so we have one with and one without a reveal value. */
1542 dup_commit = tor_malloc_zero(sizeof(*dup_commit));
1543 memcpy(dup_commit, commit, sizeof(*dup_commit));
1544 memset(dup_commit->encoded_reveal, 0, sizeof(dup_commit->encoded_reveal));
1545 set_sr_phase(SR_PHASE_REVEAL);
1546 /* We should never keep a commit from a non authoritative authority. */
1547 tt_int_op(should_keep_commit(commit, fp, SR_PHASE_REVEAL), OP_EQ, 0);
1548 /* We shouldn't accept a commit that is not in our state. */
1549 tt_int_op(should_keep_commit(commit, commit->rsa_identity,
1550 SR_PHASE_REVEAL), OP_EQ, 0);
1551 /* Important to add the commit _without_ the reveal here. */
1552 sr_state_add_commit(dup_commit);
1553 tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
1554 /* Our commit should be valid that is authoritative, contains a reveal, be
1555 * in the state and commitment and reveal values match. */
1556 tt_int_op(should_keep_commit(commit, commit->rsa_identity,
1557 SR_PHASE_REVEAL), OP_EQ, 1);
1558 /* The commit shouldn't be kept if it's not verified that is no matching
1559 * hashed reveal. */
1560 {
1561 /* Let's save the hash reveal so we can restore it. */
1562 sr_commit_t place_holder;
1563 memcpy(place_holder.hashed_reveal, commit->hashed_reveal,
1564 sizeof(place_holder.hashed_reveal));
1565 memset(commit->hashed_reveal, 0, sizeof(commit->hashed_reveal));
1566 setup_full_capture_of_logs(LOG_WARN);
1567 tt_int_op(should_keep_commit(commit, commit->rsa_identity,
1568 SR_PHASE_REVEAL), OP_EQ, 0);
1569 expect_log_msg_containing("doesn't match the commit value.");
1570 expect_log_msg_containing("has an invalid reveal value.");
1571 assert_log_predicate(mock_saved_log_n_entries() == 2,
1572 ("expected 2 log entries"));
1573 teardown_capture_of_logs();
1574 memcpy(commit->hashed_reveal, place_holder.hashed_reveal,
1575 sizeof(commit->hashed_reveal));
1576 }
1577 /* We shouldn't keep a commit that has no reveal. */
1578 tt_int_op(should_keep_commit(dup_commit, dup_commit->rsa_identity,
1579 SR_PHASE_REVEAL), OP_EQ, 0);
1580 /* We must not keep a commit that is not the same from the commit phase. */
1581 memset(commit->encoded_commit, 0, sizeof(commit->encoded_commit));
1582 tt_int_op(should_keep_commit(commit, commit->rsa_identity,
1583 SR_PHASE_REVEAL), OP_EQ, 0);
1584
1585 done:
1586 teardown_capture_of_logs();
1587 sr_commit_free(commit);
1588 sr_commit_free(dup_commit);
1589 crypto_pk_free(k);
1590 UNMOCK(trusteddirserver_get_by_v3_auth_digest);
1591 }
1592
1593 static void
1594 test_state_update(void *arg)
1595 {
1596 time_t commit_phase_time = 1452076000;
1597 time_t reveal_phase_time = 1452086800;
1598 sr_state_t *state;
1599
1600 (void) arg;
1601
1602 {
1603 init_authority_state();
1604 state = get_sr_state();
1605 set_sr_phase(SR_PHASE_COMMIT);
1606 /* We'll cheat a bit here and reset the creation time of the state which
1607 * will avoid us to compute a valid_after time that fits the commit
1608 * phase. */
1609 state->valid_after = 0;
1610 state->n_reveal_rounds = 0;
1611 state->n_commit_rounds = 0;
1612 state->n_protocol_runs = 0;
1613 }
1614
1615 /* We need to mock for the state update function call. */
1616 MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
1617
1618 /* We are in COMMIT phase here and we'll trigger a state update but no
1619 * transition. */
1620 sr_state_update(commit_phase_time);
1621 tt_int_op(state->valid_after, OP_EQ, commit_phase_time);
1622 tt_int_op(state->n_commit_rounds, OP_EQ, 1);
1623 tt_int_op(state->phase, OP_EQ, SR_PHASE_COMMIT);
1624 tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
1625
1626 /* We are still in the COMMIT phase here but we'll trigger a state
1627 * transition to the REVEAL phase. */
1628 sr_state_update(reveal_phase_time);
1629 tt_int_op(state->phase, OP_EQ, SR_PHASE_REVEAL);
1630 tt_int_op(state->valid_after, OP_EQ, reveal_phase_time);
1631 /* Only our commit should be in there. */
1632 tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
1633 tt_int_op(state->n_reveal_rounds, OP_EQ, 1);
1634
1635 /* We can't update a state with a valid after _lower_ than the creation
1636 * time so here it is. */
1637 sr_state_update(commit_phase_time);
1638 tt_int_op(state->valid_after, OP_EQ, reveal_phase_time);
1639
1640 /* Finally, let's go back in COMMIT phase so we can test the state update
1641 * of a new protocol run. */
1642 state->valid_after = 0;
1643 sr_state_update(commit_phase_time);
1644 tt_int_op(state->valid_after, OP_EQ, commit_phase_time);
1645 tt_int_op(state->n_commit_rounds, OP_EQ, 1);
1646 tt_int_op(state->n_reveal_rounds, OP_EQ, 0);
1647 tt_u64_op(state->n_protocol_runs, OP_EQ, 1);
1648 tt_int_op(state->phase, OP_EQ, SR_PHASE_COMMIT);
1649 tt_int_op(digestmap_size(state->commits), OP_EQ, 1);
1650 tt_assert(state->current_srv);
1651
1652 done:
1653 sr_state_free_all();
1654 UNMOCK(get_my_v3_authority_cert);
1655 }
1656
1657 struct testcase_t sr_tests[] = {
1658 { "get_sr_protocol_phase", test_get_sr_protocol_phase, TT_FORK,
1659 NULL, NULL },
1660 { "sr_commit", test_sr_commit, TT_FORK,
1661 NULL, NULL },
1662 { "keep_commit", test_keep_commit, TT_FORK,
1663 NULL, NULL },
1664 { "encoding", test_encoding, TT_FORK,
1665 NULL, NULL },
1666 { "get_start_time_of_current_run", test_get_start_time_of_current_run,
1667 TT_FORK, NULL, NULL },
1668 { "get_start_time_functions", test_get_start_time_functions,
1669 TT_FORK, NULL, NULL },
1670 { "get_sr_protocol_duration", test_get_sr_protocol_duration, TT_FORK,
1671 NULL, NULL },
1672 { "get_state_valid_until_time", test_get_state_valid_until_time, TT_FORK,
1673 NULL, NULL },
1674 { "vote", test_vote, TT_FORK,
1675 NULL, NULL },
1676 { "state_load_from_disk", test_state_load_from_disk, TT_FORK,
1677 NULL, NULL },
1678 { "sr_compute_srv", test_sr_compute_srv, TT_FORK, NULL, NULL },
1679 { "sr_get_majority_srv_from_votes", test_sr_get_majority_srv_from_votes,
1680 TT_FORK, NULL, NULL },
1681 { "sr_svr_dup", test_sr_svr_dup, TT_FORK, NULL, NULL },
1682 { "commitments_are_the_same", test_commitments_are_the_same, TT_FORK, NULL,
1683 NULL },
1684 { "commit_is_authoritative", test_commit_is_authoritative, TT_FORK, NULL,
1685 NULL },
1686 { "get_phase_str", test_get_phase_str, TT_FORK, NULL, NULL },
1687 { "utils_auth", test_utils_auth, TT_FORK, NULL, NULL },
1688 { "state_transition", test_state_transition, TT_FORK, NULL, NULL },
1689 { "state_update", test_state_update, TT_FORK,
1690 NULL, NULL },
1691 END_OF_TESTCASES
1692 };
The Onion Router