aboutsummaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2008-05-12 04:22:01 +0000
committerNick Mathewson <nickm@torproject.org>2008-05-12 04:22:01 +0000
commit08ba3355bc2153a23edc3756a36fbae57c89b142 (patch)
tree0797ac813a757e341995c82092365e8b05467ebe /src/or
parentf3f6ecef48b019fe18fac371b64c3f3466ef3388 (diff)
downloadtor-08ba3355bc2153a23edc3756a36fbae57c89b142.tar.gz
tor-08ba3355bc2153a23edc3756a36fbae57c89b142.zip
r19694@catbus: nickm | 2008-05-12 00:21:37 -0400
Add unit tests for last patch; make it more testable; fix a bug or two. svn:r14586
Diffstat (limited to 'src/or')
-rw-r--r--src/or/dirvote.c35
-rw-r--r--src/or/or.h4
-rw-r--r--src/or/routerlist.c9
-rw-r--r--src/or/test.c39
4 files changed, 61 insertions, 26 deletions
diff --git a/src/or/dirvote.c b/src/or/dirvote.c
index 683389341d..a34b7f1803 100644
--- a/src/or/dirvote.c
+++ b/src/or/dirvote.c
@@ -458,7 +458,9 @@ char *
networkstatus_compute_consensus(smartlist_t *votes,
int total_authorities,
crypto_pk_env_t *identity_key,
- crypto_pk_env_t *signing_key)
+ crypto_pk_env_t *signing_key,
+ const char *legacy_id_key_digest,
+ crypto_pk_env_t *legacy_signing_key)
{
smartlist_t *chunks;
char *result = NULL;
@@ -623,7 +625,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
e_legacy->v = v;
e_legacy->digest = get_voter(v)->legacy_id_digest;
e_legacy->is_legacy = 1;
- smartlist_add(dir_sources, e);
+ smartlist_add(dir_sources, e_legacy);
}
});
smartlist_sort(dir_sources, _compare_dir_src_ents_by_authority_id);
@@ -963,16 +965,16 @@ networkstatus_compute_consensus(smartlist_t *votes,
}
smartlist_add(chunks, tor_strdup(buf));
- if (get_options()->V3AuthUseLegacyKey && consensus_method >= 3) {
- crypto_pk_env_t *legacy_key = get_my_v3_legacy_signing_key();
- authority_cert_t *legacy_cert = get_my_v3_legacy_cert();
+ if (legacy_id_key_digest && legacy_signing_key && consensus_method >= 3) {
smartlist_add(chunks, tor_strdup("directory-signature "));
- crypto_pk_get_fingerprint(legacy_cert->identity_key, fingerprint, 0);
- crypto_pk_get_fingerprint(legacy_key, signing_key_fingerprint, 0);
+ base16_encode(fingerprint, sizeof(fingerprint),
+ legacy_id_key_digest, DIGEST_LEN);
+ crypto_pk_get_fingerprint(legacy_signing_key,
+ signing_key_fingerprint, 0);
tor_snprintf(buf, sizeof(buf), "%s %s\n", fingerprint,
signing_key_fingerprint);
if (router_append_dirobj_signature(buf, sizeof(buf), digest,
- signing_key)) {
+ legacy_signing_key)) {
log_warn(LD_BUG, "Couldn't sign consensus networkstatus.");
return NULL; /* This leaks, but it should never happen. */
}
@@ -1751,10 +1753,23 @@ dirvote_compute_consensus(void)
SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, v,
smartlist_add(votes, v->vote));
- consensus_body = networkstatus_compute_consensus(
+ {
+ char legacy_dbuf[DIGEST_LEN];
+ crypto_pk_env_t *legacy_sign=NULL;
+ char *legacy_id_digest = NULL;
+ if (get_options()->V3AuthUseLegacyKey) {
+ authority_cert_t *cert = get_my_v3_legacy_cert();
+ legacy_sign = get_my_v3_legacy_signing_key();
+ if (cert) {
+ crypto_pk_get_digest(cert->identity_key, legacy_dbuf);
+ legacy_id_digest = legacy_dbuf;
+ }
+ }
+ consensus_body = networkstatus_compute_consensus(
votes, n_voters,
my_cert->identity_key,
- get_my_v3_authority_signing_key());
+ get_my_v3_authority_signing_key(), legacy_id_digest, legacy_sign);
+ }
if (!consensus_body) {
log_warn(LD_DIR, "Couldn't generate a consensus at all!");
goto err;
diff --git a/src/or/or.h b/src/or/or.h
index 4153b76a37..624d407d4c 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3195,7 +3195,9 @@ void dirvote_free_all(void);
char *networkstatus_compute_consensus(smartlist_t *votes,
int total_authorities,
crypto_pk_env_t *identity_key,
- crypto_pk_env_t *signing_key);
+ crypto_pk_env_t *signing_key,
+ const char *legacy_identity_key_digest,
+ crypto_pk_env_t *legacy_signing_key);
int networkstatus_add_detached_signatures(networkstatus_t *target,
ns_detached_signatures_t *sigs,
const char **msg_out);
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 5966d753ac..fdd9feb9a5 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -296,6 +296,7 @@ authority_cert_get_newest_by_id(const char *id_digest)
if (!trusted_dir_certs ||
!(cl = digestmap_get(trusted_dir_certs, id_digest)))
return NULL;
+
SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
{
if (!best || cert->cache_info.published_on > best->cache_info.published_on)
@@ -310,9 +311,17 @@ authority_cert_get_newest_by_id(const char *id_digest)
authority_cert_t *
authority_cert_get_by_sk_digest(const char *sk_digest)
{
+ authority_cert_t *c;
if (!trusted_dir_certs)
return NULL;
+ if ((c = get_my_v3_authority_cert()) &&
+ !memcmp(c->signing_key_digest, sk_digest, DIGEST_LEN))
+ return c;
+ if ((c = get_my_v3_legacy_cert()) &&
+ !memcmp(c->signing_key_digest, sk_digest, DIGEST_LEN))
+ return c;
+
DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
{
diff --git a/src/or/test.c b/src/or/test.c
index 374abd1ab5..b68c0e08f1 100644
--- a/src/or/test.c
+++ b/src/or/test.c
@@ -2809,6 +2809,7 @@ test_v3_networkstatus(void)
{
authority_cert_t *cert1, *cert2, *cert3;
crypto_pk_env_t *sign_skey_1, *sign_skey_2, *sign_skey_3;
+ crypto_pk_env_t *sign_skey_leg1;
time_t now = time(NULL);
networkstatus_voter_info_t *voter;
@@ -2828,7 +2829,8 @@ test_v3_networkstatus(void)
sign_skey_1 = crypto_new_pk_env();
sign_skey_2 = crypto_new_pk_env();
sign_skey_3 = crypto_new_pk_env();
-
+ sign_skey_leg1 = pk_generate(4);
+
test_assert(!crypto_pk_read_private_key_from_string(sign_skey_1,
AUTHORITY_SIGNKEY_1));
test_assert(!crypto_pk_read_private_key_from_string(sign_skey_2,
@@ -2850,6 +2852,8 @@ test_v3_networkstatus(void)
vote->valid_until = now+3000;
vote->vote_seconds = 100;
vote->dist_seconds = 200;
+ vote->supported_methods = smartlist_create();
+ smartlist_split_string(vote->supported_methods, "1 2 3", NULL, 0, -1);
vote->client_versions = tor_strdup("0.1.2.14,0.1.2.15");
vote->server_versions = tor_strdup("0.1.2.14,0.1.2.15,0.1.2.16");
vote->known_flags = smartlist_create();
@@ -3014,6 +3018,7 @@ test_v3_networkstatus(void)
vote->dist_seconds = 250;
authority_cert_free(vote->cert);
vote->cert = authority_cert_dup(cert3);
+ smartlist_add(vote->supported_methods, tor_strdup("4"));
vote->client_versions = tor_strdup("0.1.2.14,0.1.2.17");
vote->server_versions = tor_strdup("0.1.2.10,0.1.2.15,0.1.2.16");
voter = smartlist_get(vote->voters, 0);
@@ -3023,6 +3028,8 @@ test_v3_networkstatus(void)
voter->address = tor_strdup("3.4.5.6");
voter->addr = 0x03040506;
crypto_pk_get_digest(cert3->identity_key, voter->identity_digest);
+ /* This one has a legacy id. */
+ memset(voter->legacy_id_digest, (int)'A', DIGEST_LEN);
vrs = smartlist_get(vote->routerstatus_list, 0);
smartlist_del_keeporder(vote->routerstatus_list, 0);
tor_free(vrs->version);
@@ -3042,7 +3049,9 @@ test_v3_networkstatus(void)
smartlist_add(votes, v2);
consensus_text = networkstatus_compute_consensus(votes, 3,
cert3->identity_key,
- sign_skey_3);
+ sign_skey_3,
+ "AAAAAAAAAAAAAAAAAAAA",
+ sign_skey_leg1);
test_assert(consensus_text);
con = networkstatus_parse_vote_from_string(consensus_text, NULL, 0);
test_assert(con);
@@ -3063,17 +3072,17 @@ test_v3_networkstatus(void)
test_streq(cp, "Authority:Exit:Fast:Guard:MadeOfCheese:MadeOfTin:"
"Running:Stable:V2Dir:Valid");
tor_free(cp);
- test_eq(3, smartlist_len(con->voters));
+ test_eq(4, smartlist_len(con->voters)); /*3 voters, 1 legacy key.*/
/* The voter id digests should be in this order. */
test_assert(memcmp(cert2->cache_info.identity_digest,
cert3->cache_info.identity_digest,DIGEST_LEN)<0);
test_assert(memcmp(cert3->cache_info.identity_digest,
cert1->cache_info.identity_digest,DIGEST_LEN)<0);
- test_same_voter(smartlist_get(con->voters, 0),
- smartlist_get(v2->voters, 0));
test_same_voter(smartlist_get(con->voters, 1),
- smartlist_get(v3->voters, 0));
+ smartlist_get(v2->voters, 0));
test_same_voter(smartlist_get(con->voters, 2),
+ smartlist_get(v3->voters, 0));
+ test_same_voter(smartlist_get(con->voters, 3),
smartlist_get(v1->voters, 0));
test_assert(!con->cert);
@@ -3119,19 +3128,19 @@ test_v3_networkstatus(void)
test_assert(!rs->is_named);
/* XXXX check version */
- /* Check signatures. the first voter hasn't got one. The second one
- * does: validate it. */
- voter = smartlist_get(con->voters, 0);
+ /* Check signatures. the first voter is pseudo. The second one hasn't
+ signed. The third one has signed: validate it. */
+ voter = smartlist_get(con->voters, 1);
test_assert(!voter->signature);
test_assert(!voter->good_signature);
test_assert(!voter->bad_signature);
- voter = smartlist_get(con->voters, 1);
+ voter = smartlist_get(con->voters, 2);
test_assert(voter->signature);
test_assert(!voter->good_signature);
test_assert(!voter->bad_signature);
test_assert(!networkstatus_check_voter_signature(con,
- smartlist_get(con->voters, 1),
+ smartlist_get(con->voters, 2),
cert3));
test_assert(voter->signature);
test_assert(voter->good_signature);
@@ -3147,11 +3156,11 @@ test_v3_networkstatus(void)
smartlist_shuffle(votes);
consensus_text2 = networkstatus_compute_consensus(votes, 3,
cert2->identity_key,
- sign_skey_2);
+ sign_skey_2, NULL,NULL);
smartlist_shuffle(votes);
consensus_text3 = networkstatus_compute_consensus(votes, 3,
cert1->identity_key,
- sign_skey_1);
+ sign_skey_1, NULL,NULL);
test_assert(consensus_text2);
test_assert(consensus_text3);
con2 = networkstatus_parse_vote_from_string(consensus_text2, NULL, 0);
@@ -3208,10 +3217,10 @@ test_v3_networkstatus(void)
test_eq(2, networkstatus_add_detached_signatures(con, dsig2, &msg));
/* Check signatures */
test_assert(!networkstatus_check_voter_signature(con,
- smartlist_get(con->voters, 0),
+ smartlist_get(con->voters, 1),
cert2));
test_assert(!networkstatus_check_voter_signature(con,
- smartlist_get(con->voters, 2),
+ smartlist_get(con->voters, 3),
cert1));
networkstatus_vote_free(con2);
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion