[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r14587: Backport: Add unit tests for last patch; make it more testab (in tor/branches/tor-0_2_0-patches: . src/or)



Author: nickm
Date: 2008-05-12 00:29:07 -0400 (Mon, 12 May 2008)
New Revision: 14587

Modified:
   tor/branches/tor-0_2_0-patches/
   tor/branches/tor-0_2_0-patches/src/or/dirvote.c
   tor/branches/tor-0_2_0-patches/src/or/or.h
   tor/branches/tor-0_2_0-patches/src/or/routerlist.c
   tor/branches/tor-0_2_0-patches/src/or/test.c
Log:
 r19696@catbus:  nickm | 2008-05-12 00:22:25 -0400
 Backport: Add unit tests for last patch; make it more testable; fix a bug or two.



Property changes on: tor/branches/tor-0_2_0-patches
___________________________________________________________________
 svk:merge ticket from /tor/020 [r19696] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/branches/tor-0_2_0-patches/src/or/dirvote.c
===================================================================
--- tor/branches/tor-0_2_0-patches/src/or/dirvote.c	2008-05-12 04:22:01 UTC (rev 14586)
+++ tor/branches/tor-0_2_0-patches/src/or/dirvote.c	2008-05-12 04:29:07 UTC (rev 14587)
@@ -458,7 +458,9 @@
 networkstatus_compute_consensus(smartlist_t *votes,
                                 int total_authorities,
                                 crypto_pk_env_t *identity_key,
-                                crypto_pk_env_t *signing_key)
+                                crypto_pk_env_t *signing_key,
+                                const char *legacy_id_key_digest,
+                                crypto_pk_env_t *legacy_signing_key)
 {
   smartlist_t *chunks;
   char *result = NULL;
@@ -623,7 +625,7 @@
         e_legacy->v = v;
         e_legacy->digest = get_voter(v)->legacy_id_digest;
         e_legacy->is_legacy = 1;
-        smartlist_add(dir_sources, e);
+        smartlist_add(dir_sources, e_legacy);
       }
     });
     smartlist_sort(dir_sources, _compare_dir_src_ents_by_authority_id);
@@ -963,16 +965,16 @@
     }
     smartlist_add(chunks, tor_strdup(buf));
 
-    if (get_options()->V3AuthUseLegacyKey && consensus_method >= 3) {
-      crypto_pk_env_t *legacy_key = get_my_v3_legacy_signing_key();
-      authority_cert_t *legacy_cert = get_my_v3_legacy_cert();
+    if (legacy_id_key_digest && legacy_signing_key && consensus_method >= 3) {
       smartlist_add(chunks, tor_strdup("directory-signature "));
-      crypto_pk_get_fingerprint(legacy_cert->identity_key, fingerprint, 0);
-      crypto_pk_get_fingerprint(legacy_key, signing_key_fingerprint, 0);
+      base16_encode(fingerprint, sizeof(fingerprint),
+                    legacy_id_key_digest, DIGEST_LEN);
+      crypto_pk_get_fingerprint(legacy_signing_key,
+                                signing_key_fingerprint, 0);
       tor_snprintf(buf, sizeof(buf), "%s %s\n", fingerprint,
                    signing_key_fingerprint);
       if (router_append_dirobj_signature(buf, sizeof(buf), digest,
-                                         signing_key)) {
+                                         legacy_signing_key)) {
         log_warn(LD_BUG, "Couldn't sign consensus networkstatus.");
         return NULL; /* This leaks, but it should never happen. */
       }
@@ -1751,10 +1753,23 @@
   SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, v,
                     smartlist_add(votes, v->vote));
 
-  consensus_body = networkstatus_compute_consensus(
+  {
+    char legacy_dbuf[DIGEST_LEN];
+    crypto_pk_env_t *legacy_sign=NULL;
+    char *legacy_id_digest = NULL;
+    if (get_options()->V3AuthUseLegacyKey) {
+      authority_cert_t *cert = get_my_v3_legacy_cert();
+      legacy_sign = get_my_v3_legacy_signing_key();
+      if (cert) {
+        crypto_pk_get_digest(cert->identity_key, legacy_dbuf);
+        legacy_id_digest = legacy_dbuf;
+      }
+    }
+    consensus_body = networkstatus_compute_consensus(
         votes, n_voters,
         my_cert->identity_key,
-        get_my_v3_authority_signing_key());
+        get_my_v3_authority_signing_key(), legacy_id_digest, legacy_sign);
+  }
   if (!consensus_body) {
     log_warn(LD_DIR, "Couldn't generate a consensus at all!");
     goto err;

Modified: tor/branches/tor-0_2_0-patches/src/or/or.h
===================================================================
--- tor/branches/tor-0_2_0-patches/src/or/or.h	2008-05-12 04:22:01 UTC (rev 14586)
+++ tor/branches/tor-0_2_0-patches/src/or/or.h	2008-05-12 04:29:07 UTC (rev 14587)
@@ -3174,7 +3174,9 @@
 char *networkstatus_compute_consensus(smartlist_t *votes,
                                       int total_authorities,
                                       crypto_pk_env_t *identity_key,
-                                      crypto_pk_env_t *signing_key);
+                                      crypto_pk_env_t *signing_key,
+                                      const char *legacy_identity_key_digest,
+                                      crypto_pk_env_t *legacy_signing_key);
 int networkstatus_add_detached_signatures(networkstatus_t *target,
                                           ns_detached_signatures_t *sigs,
                                           const char **msg_out);

Modified: tor/branches/tor-0_2_0-patches/src/or/routerlist.c
===================================================================
--- tor/branches/tor-0_2_0-patches/src/or/routerlist.c	2008-05-12 04:22:01 UTC (rev 14586)
+++ tor/branches/tor-0_2_0-patches/src/or/routerlist.c	2008-05-12 04:29:07 UTC (rev 14587)
@@ -296,6 +296,7 @@
   if (!trusted_dir_certs ||
       !(cl = digestmap_get(trusted_dir_certs, id_digest)))
     return NULL;
+
   SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
   {
     if (!best || cert->cache_info.published_on > best->cache_info.published_on)
@@ -310,9 +311,17 @@
 authority_cert_t *
 authority_cert_get_by_sk_digest(const char *sk_digest)
 {
+  authority_cert_t *c;
   if (!trusted_dir_certs)
     return NULL;
 
+  if ((c = get_my_v3_authority_cert()) &&
+      !memcmp(c->signing_key_digest, sk_digest, DIGEST_LEN))
+    return c;
+  if ((c = get_my_v3_legacy_cert()) &&
+      !memcmp(c->signing_key_digest, sk_digest, DIGEST_LEN))
+    return c;
+
   DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
     SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
     {

Modified: tor/branches/tor-0_2_0-patches/src/or/test.c
===================================================================
--- tor/branches/tor-0_2_0-patches/src/or/test.c	2008-05-12 04:22:01 UTC (rev 14586)
+++ tor/branches/tor-0_2_0-patches/src/or/test.c	2008-05-12 04:29:07 UTC (rev 14587)
@@ -2537,6 +2537,7 @@
 {
   authority_cert_t *cert1, *cert2, *cert3;
   crypto_pk_env_t *sign_skey_1, *sign_skey_2, *sign_skey_3;
+  crypto_pk_env_t *sign_skey_leg1;
 
   time_t now = time(NULL);
   networkstatus_voter_info_t *voter;
@@ -2556,7 +2557,8 @@
   sign_skey_1 = crypto_new_pk_env();
   sign_skey_2 = crypto_new_pk_env();
   sign_skey_3 = crypto_new_pk_env();
-
+  sign_skey_leg1 = pk_generate(4);
+  
   test_assert(!crypto_pk_read_private_key_from_string(sign_skey_1,
                                                       AUTHORITY_SIGNKEY_1));
   test_assert(!crypto_pk_read_private_key_from_string(sign_skey_2,
@@ -2578,6 +2580,8 @@
   vote->valid_until = now+3000;
   vote->vote_seconds = 100;
   vote->dist_seconds = 200;
+  vote->supported_methods = smartlist_create();
+  smartlist_split_string(vote->supported_methods, "1 2 3", NULL, 0, -1);
   vote->client_versions = tor_strdup("0.1.2.14,0.1.2.15");
   vote->server_versions = tor_strdup("0.1.2.14,0.1.2.15,0.1.2.16");
   vote->known_flags = smartlist_create();
@@ -2742,6 +2746,7 @@
   vote->dist_seconds = 250;
   authority_cert_free(vote->cert);
   vote->cert = authority_cert_dup(cert3);
+  smartlist_add(vote->supported_methods, tor_strdup("4"));
   vote->client_versions = tor_strdup("0.1.2.14,0.1.2.17");
   vote->server_versions = tor_strdup("0.1.2.10,0.1.2.15,0.1.2.16");
   voter = smartlist_get(vote->voters, 0);
@@ -2751,6 +2756,8 @@
   voter->address = tor_strdup("3.4.5.6");
   voter->addr = 0x03040506;
   crypto_pk_get_digest(cert3->identity_key, voter->identity_digest);
+  /* This one has a legacy id. */
+  memset(voter->legacy_id_digest, (int)'A', DIGEST_LEN);
   vrs = smartlist_get(vote->routerstatus_list, 0);
   smartlist_del_keeporder(vote->routerstatus_list, 0);
   tor_free(vrs->version);
@@ -2770,7 +2777,9 @@
   smartlist_add(votes, v2);
   consensus_text = networkstatus_compute_consensus(votes, 3,
                                                    cert3->identity_key,
-                                                   sign_skey_3);
+                                                   sign_skey_3,
+                                                   "AAAAAAAAAAAAAAAAAAAA",
+                                                   sign_skey_leg1);
   test_assert(consensus_text);
   con = networkstatus_parse_vote_from_string(consensus_text, NULL, 0);
   test_assert(con);
@@ -2791,17 +2800,17 @@
   test_streq(cp, "Authority:Exit:Fast:Guard:MadeOfCheese:MadeOfTin:"
              "Running:Stable:V2Dir:Valid");
   tor_free(cp);
-  test_eq(3, smartlist_len(con->voters));
+  test_eq(4, smartlist_len(con->voters)); /*3 voters, 1 legacy key.*/
   /* The voter id digests should be in this order. */
   test_assert(memcmp(cert2->cache_info.identity_digest,
                      cert3->cache_info.identity_digest,DIGEST_LEN)<0);
   test_assert(memcmp(cert3->cache_info.identity_digest,
                      cert1->cache_info.identity_digest,DIGEST_LEN)<0);
-  test_same_voter(smartlist_get(con->voters, 0),
+  test_same_voter(smartlist_get(con->voters, 1),
                   smartlist_get(v2->voters, 0));
-  test_same_voter(smartlist_get(con->voters, 1),
+  test_same_voter(smartlist_get(con->voters, 2),
                   smartlist_get(v3->voters, 0));
-  test_same_voter(smartlist_get(con->voters, 2),
+  test_same_voter(smartlist_get(con->voters, 3),
                   smartlist_get(v1->voters, 0));
 
   test_assert(!con->cert);
@@ -2847,19 +2856,19 @@
   test_assert(!rs->is_named);
   /* XXXX check version */
 
-  /* Check signatures.  the first voter hasn't got one.  The second one
-   * does: validate it. */
-  voter = smartlist_get(con->voters, 0);
+  /* Check signatures.  the first voter is pseudo.  The second one hasn't
+     signed.  The third one has signed: validate it. */
+  voter = smartlist_get(con->voters, 1);
   test_assert(!voter->signature);
   test_assert(!voter->good_signature);
   test_assert(!voter->bad_signature);
 
-  voter = smartlist_get(con->voters, 1);
+  voter = smartlist_get(con->voters, 2);
   test_assert(voter->signature);
   test_assert(!voter->good_signature);
   test_assert(!voter->bad_signature);
   test_assert(!networkstatus_check_voter_signature(con,
-                                               smartlist_get(con->voters, 1),
+                                               smartlist_get(con->voters, 2),
                                                cert3));
   test_assert(voter->signature);
   test_assert(voter->good_signature);
@@ -2875,11 +2884,11 @@
     smartlist_shuffle(votes);
     consensus_text2 = networkstatus_compute_consensus(votes, 3,
                                                       cert2->identity_key,
-                                                      sign_skey_2);
+                                                      sign_skey_2, NULL,NULL);
     smartlist_shuffle(votes);
     consensus_text3 = networkstatus_compute_consensus(votes, 3,
                                                       cert1->identity_key,
-                                                      sign_skey_1);
+                                                      sign_skey_1, NULL,NULL);
     test_assert(consensus_text2);
     test_assert(consensus_text3);
     con2 = networkstatus_parse_vote_from_string(consensus_text2, NULL, 0);
@@ -2936,10 +2945,10 @@
     test_eq(2, networkstatus_add_detached_signatures(con, dsig2, &msg));
     /* Check signatures */
     test_assert(!networkstatus_check_voter_signature(con,
-                                               smartlist_get(con->voters, 0),
+                                               smartlist_get(con->voters, 1),
                                                cert2));
     test_assert(!networkstatus_check_voter_signature(con,
-                                               smartlist_get(con->voters, 2),
+                                               smartlist_get(con->voters, 3),
                                                cert1));
 
     networkstatus_vote_free(con2);