diff options
| author | Nick Mathewson <nickm@torproject.org> | 2008-05-12 04:29:07 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2008-05-12 04:29:07 +0000 |
| commit | 029a8976345a0840c725b1200611ab5b6fc27fd4 (patch) | |
| tree | fa13f80cff12617170deb15da2feb899fe6ec873 | |
| parent | befa56c72e612ac2cb234e7d924511645d6a0a93 (diff) | |
| download | tor-029a8976345a0840c725b1200611ab5b6fc27fd4.tar.gz tor-029a8976345a0840c725b1200611ab5b6fc27fd4.zip | |
r19696@catbus: nickm | 2008-05-12 00:22:25 -0400
Backport: Add unit tests for last patch; make it more testable; fix a bug or two.
svn:r14587
| -rw-r--r-- | src/or/dirvote.c | 35 | ||||
| -rw-r--r-- | src/or/or.h | 4 | ||||
| -rw-r--r-- | src/or/routerlist.c | 9 | ||||
| -rw-r--r-- | src/or/test.c | 39 |
4 files changed, 61 insertions, 26 deletions
diff --git a/src/or/dirvote.c b/src/or/dirvote.c index 683389341d..a34b7f1803 100644 --- a/src/or/dirvote.c +++ b/src/or/dirvote.c @@ -458,7 +458,9 @@ char * networkstatus_compute_consensus(smartlist_t *votes, int total_authorities, crypto_pk_env_t *identity_key, - crypto_pk_env_t *signing_key) + crypto_pk_env_t *signing_key, + const char *legacy_id_key_digest, + crypto_pk_env_t *legacy_signing_key) { smartlist_t *chunks; char *result = NULL; @@ -623,7 +625,7 @@ networkstatus_compute_consensus(smartlist_t *votes, e_legacy->v = v; e_legacy->digest = get_voter(v)->legacy_id_digest; e_legacy->is_legacy = 1; - smartlist_add(dir_sources, e); + smartlist_add(dir_sources, e_legacy); } }); smartlist_sort(dir_sources, _compare_dir_src_ents_by_authority_id); @@ -963,16 +965,16 @@ networkstatus_compute_consensus(smartlist_t *votes, } smartlist_add(chunks, tor_strdup(buf)); - if (get_options()->V3AuthUseLegacyKey && consensus_method >= 3) { - crypto_pk_env_t *legacy_key = get_my_v3_legacy_signing_key(); - authority_cert_t *legacy_cert = get_my_v3_legacy_cert(); + if (legacy_id_key_digest && legacy_signing_key && consensus_method >= 3) { smartlist_add(chunks, tor_strdup("directory-signature ")); - crypto_pk_get_fingerprint(legacy_cert->identity_key, fingerprint, 0); - crypto_pk_get_fingerprint(legacy_key, signing_key_fingerprint, 0); + base16_encode(fingerprint, sizeof(fingerprint), + legacy_id_key_digest, DIGEST_LEN); + crypto_pk_get_fingerprint(legacy_signing_key, + signing_key_fingerprint, 0); tor_snprintf(buf, sizeof(buf), "%s %s\n", fingerprint, signing_key_fingerprint); if (router_append_dirobj_signature(buf, sizeof(buf), digest, - signing_key)) { + legacy_signing_key)) { log_warn(LD_BUG, "Couldn't sign consensus networkstatus."); return NULL; /* This leaks, but it should never happen. */ } @@ -1751,10 +1753,23 @@ dirvote_compute_consensus(void) SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, v, smartlist_add(votes, v->vote)); - consensus_body = networkstatus_compute_consensus( + { + char legacy_dbuf[DIGEST_LEN]; + crypto_pk_env_t *legacy_sign=NULL; + char *legacy_id_digest = NULL; + if (get_options()->V3AuthUseLegacyKey) { + authority_cert_t *cert = get_my_v3_legacy_cert(); + legacy_sign = get_my_v3_legacy_signing_key(); + if (cert) { + crypto_pk_get_digest(cert->identity_key, legacy_dbuf); + legacy_id_digest = legacy_dbuf; + } + } + consensus_body = networkstatus_compute_consensus( votes, n_voters, my_cert->identity_key, - get_my_v3_authority_signing_key()); + get_my_v3_authority_signing_key(), legacy_id_digest, legacy_sign); + } if (!consensus_body) { log_warn(LD_DIR, "Couldn't generate a consensus at all!"); goto err; diff --git a/src/or/or.h b/src/or/or.h index bb19a144c3..8af92d1dda 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3174,7 +3174,9 @@ void dirvote_free_all(void); char *networkstatus_compute_consensus(smartlist_t *votes, int total_authorities, crypto_pk_env_t *identity_key, - crypto_pk_env_t *signing_key); + crypto_pk_env_t *signing_key, + const char *legacy_identity_key_digest, + crypto_pk_env_t *legacy_signing_key); int networkstatus_add_detached_signatures(networkstatus_t *target, ns_detached_signatures_t *sigs, const char **msg_out); diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 891960d56a..aaadaf1678 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -296,6 +296,7 @@ authority_cert_get_newest_by_id(const char *id_digest) if (!trusted_dir_certs || !(cl = digestmap_get(trusted_dir_certs, id_digest))) return NULL; + SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert, { if (!best || cert->cache_info.published_on > best->cache_info.published_on) @@ -310,9 +311,17 @@ authority_cert_get_newest_by_id(const char *id_digest) authority_cert_t * authority_cert_get_by_sk_digest(const char *sk_digest) { + authority_cert_t *c; if (!trusted_dir_certs) return NULL; + if ((c = get_my_v3_authority_cert()) && + !memcmp(c->signing_key_digest, sk_digest, DIGEST_LEN)) + return c; + if ((c = get_my_v3_legacy_cert()) && + !memcmp(c->signing_key_digest, sk_digest, DIGEST_LEN)) + return c; + DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) { SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert, { diff --git a/src/or/test.c b/src/or/test.c index d4d5275a39..a54c3f2c6b 100644 --- a/src/or/test.c +++ b/src/or/test.c @@ -2537,6 +2537,7 @@ test_v3_networkstatus(void) { authority_cert_t *cert1, *cert2, *cert3; crypto_pk_env_t *sign_skey_1, *sign_skey_2, *sign_skey_3; + crypto_pk_env_t *sign_skey_leg1; time_t now = time(NULL); networkstatus_voter_info_t *voter; @@ -2556,7 +2557,8 @@ test_v3_networkstatus(void) sign_skey_1 = crypto_new_pk_env(); sign_skey_2 = crypto_new_pk_env(); sign_skey_3 = crypto_new_pk_env(); - + sign_skey_leg1 = pk_generate(4); + test_assert(!crypto_pk_read_private_key_from_string(sign_skey_1, AUTHORITY_SIGNKEY_1)); test_assert(!crypto_pk_read_private_key_from_string(sign_skey_2, @@ -2578,6 +2580,8 @@ test_v3_networkstatus(void) vote->valid_until = now+3000; vote->vote_seconds = 100; vote->dist_seconds = 200; + vote->supported_methods = smartlist_create(); + smartlist_split_string(vote->supported_methods, "1 2 3", NULL, 0, -1); vote->client_versions = tor_strdup("0.1.2.14,0.1.2.15"); vote->server_versions = tor_strdup("0.1.2.14,0.1.2.15,0.1.2.16"); vote->known_flags = smartlist_create(); @@ -2742,6 +2746,7 @@ test_v3_networkstatus(void) vote->dist_seconds = 250; authority_cert_free(vote->cert); vote->cert = authority_cert_dup(cert3); + smartlist_add(vote->supported_methods, tor_strdup("4")); vote->client_versions = tor_strdup("0.1.2.14,0.1.2.17"); vote->server_versions = tor_strdup("0.1.2.10,0.1.2.15,0.1.2.16"); voter = smartlist_get(vote->voters, 0); @@ -2751,6 +2756,8 @@ test_v3_networkstatus(void) voter->address = tor_strdup("3.4.5.6"); voter->addr = 0x03040506; crypto_pk_get_digest(cert3->identity_key, voter->identity_digest); + /* This one has a legacy id. */ + memset(voter->legacy_id_digest, (int)'A', DIGEST_LEN); vrs = smartlist_get(vote->routerstatus_list, 0); smartlist_del_keeporder(vote->routerstatus_list, 0); tor_free(vrs->version); @@ -2770,7 +2777,9 @@ test_v3_networkstatus(void) smartlist_add(votes, v2); consensus_text = networkstatus_compute_consensus(votes, 3, cert3->identity_key, - sign_skey_3); + sign_skey_3, + "AAAAAAAAAAAAAAAAAAAA", + sign_skey_leg1); test_assert(consensus_text); con = networkstatus_parse_vote_from_string(consensus_text, NULL, 0); test_assert(con); @@ -2791,17 +2800,17 @@ test_v3_networkstatus(void) test_streq(cp, "Authority:Exit:Fast:Guard:MadeOfCheese:MadeOfTin:" "Running:Stable:V2Dir:Valid"); tor_free(cp); - test_eq(3, smartlist_len(con->voters)); + test_eq(4, smartlist_len(con->voters)); /*3 voters, 1 legacy key.*/ /* The voter id digests should be in this order. */ test_assert(memcmp(cert2->cache_info.identity_digest, cert3->cache_info.identity_digest,DIGEST_LEN)<0); test_assert(memcmp(cert3->cache_info.identity_digest, cert1->cache_info.identity_digest,DIGEST_LEN)<0); - test_same_voter(smartlist_get(con->voters, 0), - smartlist_get(v2->voters, 0)); test_same_voter(smartlist_get(con->voters, 1), - smartlist_get(v3->voters, 0)); + smartlist_get(v2->voters, 0)); test_same_voter(smartlist_get(con->voters, 2), + smartlist_get(v3->voters, 0)); + test_same_voter(smartlist_get(con->voters, 3), smartlist_get(v1->voters, 0)); test_assert(!con->cert); @@ -2847,19 +2856,19 @@ test_v3_networkstatus(void) test_assert(!rs->is_named); /* XXXX check version */ - /* Check signatures. the first voter hasn't got one. The second one - * does: validate it. */ - voter = smartlist_get(con->voters, 0); + /* Check signatures. the first voter is pseudo. The second one hasn't + signed. The third one has signed: validate it. */ + voter = smartlist_get(con->voters, 1); test_assert(!voter->signature); test_assert(!voter->good_signature); test_assert(!voter->bad_signature); - voter = smartlist_get(con->voters, 1); + voter = smartlist_get(con->voters, 2); test_assert(voter->signature); test_assert(!voter->good_signature); test_assert(!voter->bad_signature); test_assert(!networkstatus_check_voter_signature(con, - smartlist_get(con->voters, 1), + smartlist_get(con->voters, 2), cert3)); test_assert(voter->signature); test_assert(voter->good_signature); @@ -2875,11 +2884,11 @@ test_v3_networkstatus(void) smartlist_shuffle(votes); consensus_text2 = networkstatus_compute_consensus(votes, 3, cert2->identity_key, - sign_skey_2); + sign_skey_2, NULL,NULL); smartlist_shuffle(votes); consensus_text3 = networkstatus_compute_consensus(votes, 3, cert1->identity_key, - sign_skey_1); + sign_skey_1, NULL,NULL); test_assert(consensus_text2); test_assert(consensus_text3); con2 = networkstatus_parse_vote_from_string(consensus_text2, NULL, 0); @@ -2936,10 +2945,10 @@ test_v3_networkstatus(void) test_eq(2, networkstatus_add_detached_signatures(con, dsig2, &msg)); /* Check signatures */ test_assert(!networkstatus_check_voter_signature(con, - smartlist_get(con->voters, 0), + smartlist_get(con->voters, 1), cert2)); test_assert(!networkstatus_check_voter_signature(con, - smartlist_get(con->voters, 2), + smartlist_get(con->voters, 3), cert1)); networkstatus_vote_free(con2); |