Tor 0.4.9.0-alpha-dev
dirvote.c
Go to the documentation of this file.
1/* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2021, The Tor Project, Inc. */
4/* See LICENSE for licensing information */
5
6#define DIRVOTE_PRIVATE
7
8#include "core/or/or.h"
9#include "app/config/config.h"
11#include "core/or/policies.h"
12#include "core/or/protover.h"
14#include "core/or/versions.h"
39#include "feature/client/entrynodes.h" /* needed for guardfraction methods */
42
47
63
64#include "lib/container/order.h"
67
68/* Algorithm to use for the bandwidth file digest. */
69#define DIGEST_ALG_BW_FILE DIGEST_SHA256
70
71/**
72 * \file dirvote.c
73 * \brief Functions to compute directory consensus, and schedule voting.
74 *
75 * This module is the center of the consensus-voting based directory
76 * authority system. With this system, a set of authorities first
77 * publish vote based on their opinions of the network, and then compute
78 * a consensus from those votes. Each authority signs the consensus,
79 * and clients trust the consensus if enough known authorities have
80 * signed it.
81 *
82 * The code in this module is only invoked on directory authorities. It's
83 * responsible for:
84 *
85 * <ul>
86 * <li>Generating this authority's vote networkstatus, based on the
87 * authority's view of the network as represented in dirserv.c
88 * <li>Formatting the vote networkstatus objects.
89 * <li>Generating the microdescriptors that correspond to our own
90 * vote.
91 * <li>Sending votes to all the other authorities.
92 * <li>Trying to fetch missing votes from other authorities.
93 * <li>Computing the consensus from a set of votes, as well as
94 * a "detached signature" object for other authorities to fetch.
95 * <li>Collecting other authorities' signatures on the same consensus,
96 * until there are enough.
97 * <li>Publishing the consensus to the reset of the directory system.
98 * <li>Scheduling all of the above operations.
99 * </ul>
100 *
101 * The main entry points are in dirvote_act(), which handles scheduled
102 * actions; and dirvote_add_vote() and dirvote_add_signatures(), which
103 * handle uploaded and downloaded votes and signatures.
104 *
105 * (See dir-spec.txt from torspec.git for a complete specification of
106 * the directory protocol and voting algorithms.)
107 **/
108
109/** A consensus that we have built and are appending signatures to. Once it's
110 * time to publish it, it will become an active consensus if it accumulates
111 * enough signatures. */
112typedef struct pending_consensus_t {
113 /** The body of the consensus that we're currently building. Once we
114 * have it built, it goes into dirserv.c */
115 char *body;
116 /** The parsed in-progress consensus document. */
119
120/* DOCDOC dirvote_add_signatures_to_all_pending_consensuses */
122 const char *detached_signatures_body,
123 const char *source,
124 const char **msg_out);
128 const char *source,
129 int severity,
130 const char **msg_out);
131static char *list_v3_auth_ids(void);
132static void dirvote_fetch_missing_votes(void);
133static void dirvote_fetch_missing_signatures(void);
134static int dirvote_perform_vote(void);
135static void dirvote_clear_votes(int all_votes);
136static int dirvote_compute_consensuses(void);
137static int dirvote_publish_consensus(void);
138
139/* =====
140 * Certificate functions
141 * ===== */
142
143/** Allocate and return a new authority_cert_t with the same contents as
144 * <b>cert</b>. */
147{
148 authority_cert_t *out = tor_malloc(sizeof(authority_cert_t));
149 tor_assert(cert);
150
151 memcpy(out, cert, sizeof(authority_cert_t));
152 /* Now copy pointed-to things. */
154 tor_strndup(cert->cache_info.signed_descriptor_body,
159
160 return out;
161}
162
163/* =====
164 * Voting
165 * =====*/
166
167/* If <b>opt_value</b> is non-NULL, return "keyword opt_value\n" in a new
168 * string. Otherwise return a new empty string. */
169static char *
170format_line_if_present(const char *keyword, const char *opt_value)
171{
172 if (opt_value) {
173 char *result = NULL;
174 tor_asprintf(&result, "%s %s\n", keyword, opt_value);
175 return result;
176 } else {
177 return tor_strdup("");
178 }
179}
180
181/** Format the recommended/required-relay-client protocols lines for a vote in
182 * a newly allocated string, and return that string. */
183static char *
185{
186 char *recommended_relay_protocols_line = NULL;
187 char *recommended_client_protocols_line = NULL;
188 char *required_relay_protocols_line = NULL;
189 char *required_client_protocols_line = NULL;
190
191 recommended_relay_protocols_line =
192 format_line_if_present("recommended-relay-protocols",
194 recommended_client_protocols_line =
195 format_line_if_present("recommended-client-protocols",
196 v3_ns->recommended_client_protocols);
197 required_relay_protocols_line =
198 format_line_if_present("required-relay-protocols",
199 v3_ns->required_relay_protocols);
200 required_client_protocols_line =
201 format_line_if_present("required-client-protocols",
202 v3_ns->required_client_protocols);
203
204 char *result = NULL;
205 tor_asprintf(&result, "%s%s%s%s",
206 recommended_relay_protocols_line,
207 recommended_client_protocols_line,
208 required_relay_protocols_line,
209 required_client_protocols_line);
210
211 tor_free(recommended_relay_protocols_line);
212 tor_free(recommended_client_protocols_line);
213 tor_free(required_relay_protocols_line);
214 tor_free(required_client_protocols_line);
215
216 return result;
217}
218
219/** Return a new string containing the string representation of the vote in
220 * <b>v3_ns</b>, signed with our v3 signing key <b>private_signing_key</b>.
221 * For v3 authorities. */
222STATIC char *
224 networkstatus_t *v3_ns)
225{
226 smartlist_t *chunks = smartlist_new();
227 char fingerprint[FINGERPRINT_LEN+1];
228 char digest[DIGEST_LEN];
229 char *protocols_lines = NULL;
230 char *client_versions_line = NULL, *server_versions_line = NULL;
231 char *shared_random_vote_str = NULL;
233 char *status = NULL;
234
235 tor_assert(private_signing_key);
236 tor_assert(v3_ns->type == NS_TYPE_VOTE || v3_ns->type == NS_TYPE_OPINION);
237
238 voter = smartlist_get(v3_ns->voters, 0);
239
240 base16_encode(fingerprint, sizeof(fingerprint),
242
243 client_versions_line = format_line_if_present("client-versions",
244 v3_ns->client_versions);
245 server_versions_line = format_line_if_present("server-versions",
246 v3_ns->server_versions);
247 protocols_lines = format_protocols_lines_for_vote(v3_ns);
248
249 /* Get shared random commitments/reveals line(s). */
250 shared_random_vote_str = sr_get_string_for_vote();
251
252 {
253 char published[ISO_TIME_LEN+1];
254 char va[ISO_TIME_LEN+1];
255 char fu[ISO_TIME_LEN+1];
256 char vu[ISO_TIME_LEN+1];
257 char *flags = smartlist_join_strings(v3_ns->known_flags, " ", 0, NULL);
258 /* XXXX Abstraction violation: should be pulling a field out of v3_ns.*/
259 char *flag_thresholds = dirserv_get_flag_thresholds_line();
260 char *params;
261 char *bw_headers_line = NULL;
262 char *bw_file_digest = NULL;
263 authority_cert_t *cert = v3_ns->cert;
264 char *methods =
267 format_iso_time(published, v3_ns->published);
268 format_iso_time(va, v3_ns->valid_after);
269 format_iso_time(fu, v3_ns->fresh_until);
270 format_iso_time(vu, v3_ns->valid_until);
271
272 if (v3_ns->net_params)
273 params = smartlist_join_strings(v3_ns->net_params, " ", 0, NULL);
274 else
275 params = tor_strdup("");
276 tor_assert(cert);
277
278 /* v3_ns->bw_file_headers is only set when V3BandwidthsFile is
279 * configured */
280 if (v3_ns->bw_file_headers) {
281 char *bw_file_headers = NULL;
282 /* If there are too many headers, leave the header string NULL */
283 if (! BUG(smartlist_len(v3_ns->bw_file_headers)
285 bw_file_headers = smartlist_join_strings(v3_ns->bw_file_headers, " ",
286 0, NULL);
287 if (BUG(strlen(bw_file_headers) > MAX_BW_FILE_HEADERS_LINE_LEN)) {
288 /* Free and set to NULL, because the line was too long */
289 tor_free(bw_file_headers);
290 }
291 }
292 if (!bw_file_headers) {
293 /* If parsing failed, add a bandwidth header line with no entries */
294 bw_file_headers = tor_strdup("");
295 }
296 /* At this point, the line will always be present */
297 bw_headers_line = format_line_if_present("bandwidth-file-headers",
298 bw_file_headers);
299 tor_free(bw_file_headers);
300 }
301
302 /* Create bandwidth-file-digest if applicable.
303 * v3_ns->b64_digest_bw_file will contain the digest when V3BandwidthsFile
304 * is configured and the bandwidth file could be read, even if it was not
305 * parseable.
306 */
307 if (!tor_digest256_is_zero((const char *)v3_ns->bw_file_digest256)) {
308 /* Encode the digest. */
309 char b64_digest_bw_file[BASE64_DIGEST256_LEN+1] = {0};
310 digest256_to_base64(b64_digest_bw_file,
311 (const char *)v3_ns->bw_file_digest256);
312 /* "bandwidth-file-digest" 1*(SP algorithm "=" digest) NL */
313 char *digest_algo_b64_digest_bw_file = NULL;
314 tor_asprintf(&digest_algo_b64_digest_bw_file, "%s=%s",
315 crypto_digest_algorithm_get_name(DIGEST_ALG_BW_FILE),
316 b64_digest_bw_file);
317 /* No need for tor_strdup(""), format_line_if_present does it. */
318 bw_file_digest = format_line_if_present(
319 "bandwidth-file-digest", digest_algo_b64_digest_bw_file);
320 tor_free(digest_algo_b64_digest_bw_file);
321 }
322
323 const char *ip_str = fmt_addr(&voter->ipv4_addr);
324
325 if (ip_str[0]) {
327 "network-status-version 3\n"
328 "vote-status %s\n"
329 "consensus-methods %s\n"
330 "published %s\n"
331 "valid-after %s\n"
332 "fresh-until %s\n"
333 "valid-until %s\n"
334 "voting-delay %d %d\n"
335 "%s%s" /* versions */
336 "%s" /* protocols */
337 "known-flags %s\n"
338 "flag-thresholds %s\n"
339 "params %s\n"
340 "%s" /* bandwidth file headers */
341 "%s" /* bandwidth file digest */
342 "dir-source %s %s %s %s %d %d\n"
343 "contact %s\n"
344 "%s" /* shared randomness information */
345 ,
346 v3_ns->type == NS_TYPE_VOTE ? "vote" : "opinion",
347 methods,
348 published, va, fu, vu,
349 v3_ns->vote_seconds, v3_ns->dist_seconds,
350 client_versions_line,
351 server_versions_line,
352 protocols_lines,
353 flags,
354 flag_thresholds,
355 params,
356 bw_headers_line ? bw_headers_line : "",
357 bw_file_digest ? bw_file_digest: "",
358 voter->nickname, fingerprint, voter->address,
359 ip_str, voter->ipv4_dirport, voter->ipv4_orport,
360 voter->contact,
361 shared_random_vote_str ?
362 shared_random_vote_str : "");
363 }
364
365 tor_free(params);
366 tor_free(flags);
367 tor_free(flag_thresholds);
368 tor_free(methods);
369 tor_free(shared_random_vote_str);
370 tor_free(bw_headers_line);
371 tor_free(bw_file_digest);
372
373 if (ip_str[0] == '\0')
374 goto err;
375
377 char fpbuf[HEX_DIGEST_LEN+1];
378 base16_encode(fpbuf, sizeof(fpbuf), voter->legacy_id_digest, DIGEST_LEN);
379 smartlist_add_asprintf(chunks, "legacy-dir-key %s\n", fpbuf);
380 }
381
382 smartlist_add(chunks, tor_strndup(cert->cache_info.signed_descriptor_body,
384 }
385
387 vrs) {
388 char *rsf;
390 rsf = routerstatus_format_entry(&vrs->status,
391 vrs->version, vrs->protocols,
393 vrs,
394 -1);
395 if (rsf)
396 smartlist_add(chunks, rsf);
397
398 for (h = vrs->microdesc; h; h = h->next) {
400 }
401 } SMARTLIST_FOREACH_END(vrs);
402
403 smartlist_add_strdup(chunks, "directory-footer\n");
404
405 /* The digest includes everything up through the space after
406 * directory-signature. (Yuck.) */
407 crypto_digest_smartlist(digest, DIGEST_LEN, chunks,
408 "directory-signature ", DIGEST_SHA1);
409
410 {
411 char signing_key_fingerprint[FINGERPRINT_LEN+1];
412 if (crypto_pk_get_fingerprint(private_signing_key,
413 signing_key_fingerprint, 0)<0) {
414 log_warn(LD_BUG, "Unable to get fingerprint for signing key");
415 goto err;
416 }
417
418 smartlist_add_asprintf(chunks, "directory-signature %s %s\n", fingerprint,
419 signing_key_fingerprint);
420 }
421
422 {
423 char *sig = router_get_dirobj_signature(digest, DIGEST_LEN,
424 private_signing_key);
425 if (!sig) {
426 log_warn(LD_BUG, "Unable to sign networkstatus vote.");
427 goto err;
428 }
429 smartlist_add(chunks, sig);
430 }
431
432 status = smartlist_join_strings(chunks, "", 0, NULL);
433
434 {
436 if (!(v = networkstatus_parse_vote_from_string(status, strlen(status),
437 NULL,
438 v3_ns->type))) {
439 log_err(LD_BUG,"Generated a networkstatus %s we couldn't parse: "
440 "<<%s>>",
441 v3_ns->type == NS_TYPE_VOTE ? "vote" : "opinion", status);
442 goto err;
443 }
444 networkstatus_vote_free(v);
445 }
446
447 goto done;
448
449 err:
450 tor_free(status);
451 done:
452 tor_free(client_versions_line);
453 tor_free(server_versions_line);
454 tor_free(protocols_lines);
455
456 SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
457 smartlist_free(chunks);
458 return status;
459}
460
461/** Set *<b>timing_out</b> to the intervals at which we would like to vote.
462 * Note that these aren't the intervals we'll use to vote; they're the ones
463 * that we'll vote to use. */
464static void
466{
467 const or_options_t *options = get_options();
468
469 tor_assert(timing_out);
470
471 timing_out->vote_interval = options->V3AuthVotingInterval;
472 timing_out->n_intervals_valid = options->V3AuthNIntervalsValid;
473 timing_out->vote_delay = options->V3AuthVoteDelay;
474 timing_out->dist_delay = options->V3AuthDistDelay;
475}
476
477/* =====
478 * Consensus generation
479 * ===== */
480
481/** If <b>vrs</b> has a hash made for the consensus method <b>method</b> with
482 * the digest algorithm <b>alg</b>, decode it and copy it into
483 * <b>digest256_out</b> and return 0. Otherwise return -1. */
484static int
486 const vote_routerstatus_t *vrs,
487 int method,
489{
490 /* XXXX only returns the sha256 method. */
491 const vote_microdesc_hash_t *h;
492 char mstr[64];
493 size_t mlen;
494 char dstr[64];
495
496 tor_snprintf(mstr, sizeof(mstr), "%d", method);
497 mlen = strlen(mstr);
498 tor_snprintf(dstr, sizeof(dstr), " %s=",
500
501 for (h = vrs->microdesc; h; h = h->next) {
502 const char *cp = h->microdesc_hash_line;
503 size_t num_len;
504 /* cp looks like \d+(,\d+)* (digesttype=val )+ . Let's hunt for mstr in
505 * the first part. */
506 while (1) {
507 num_len = strspn(cp, "1234567890");
508 if (num_len == mlen && fast_memeq(mstr, cp, mlen)) {
509 /* This is the line. */
510 char buf[BASE64_DIGEST256_LEN+1];
511 /* XXXX ignores extraneous stuff if the digest is too long. This
512 * seems harmless enough, right? */
513 cp = strstr(cp, dstr);
514 if (!cp)
515 return -1;
516 cp += strlen(dstr);
517 strlcpy(buf, cp, sizeof(buf));
518 return digest256_from_base64(digest256_out, buf);
519 }
520 if (num_len == 0 || cp[num_len] != ',')
521 break;
522 cp += num_len + 1;
523 }
524 }
525 return -1;
526}
527
528/** Given a vote <b>vote</b> (not a consensus!), return its associated
529 * networkstatus_voter_info_t. */
532{
533 tor_assert(vote);
534 tor_assert(vote->type == NS_TYPE_VOTE);
535 tor_assert(vote->voters);
536 tor_assert(smartlist_len(vote->voters) == 1);
537 return smartlist_get(vote->voters, 0);
538}
539
540/** Temporary structure used in constructing a list of dir-source entries
541 * for a consensus. One of these is generated for every vote, and one more
542 * for every legacy key in each vote. */
543typedef struct dir_src_ent_t {
545 const char *digest;
546 int is_legacy;
548
549/** Helper for sorting networkstatus_t votes (not consensuses) by the
550 * hash of their voters' identity digests. */
551static int
552compare_votes_by_authority_id_(const void **_a, const void **_b)
553{
554 const networkstatus_t *a = *_a, *b = *_b;
555 return fast_memcmp(get_voter(a)->identity_digest,
556 get_voter(b)->identity_digest, DIGEST_LEN);
557}
558
559/** Helper: Compare the dir_src_ent_ts in *<b>_a</b> and *<b>_b</b> by
560 * their identity digests, and return -1, 0, or 1 depending on their
561 * ordering */
562static int
563compare_dir_src_ents_by_authority_id_(const void **_a, const void **_b)
564{
565 const dir_src_ent_t *a = *_a, *b = *_b;
566 const networkstatus_voter_info_t *a_v = get_voter(a->v),
567 *b_v = get_voter(b->v);
568 const char *a_id, *b_id;
569 a_id = a->is_legacy ? a_v->legacy_id_digest : a_v->identity_digest;
570 b_id = b->is_legacy ? b_v->legacy_id_digest : b_v->identity_digest;
571
572 return fast_memcmp(a_id, b_id, DIGEST_LEN);
573}
574
575/** Given a sorted list of strings <b>in</b>, add every member to <b>out</b>
576 * that occurs more than <b>min</b> times. */
577static void
579{
580 char *cur = NULL;
581 int count = 0;
582 SMARTLIST_FOREACH_BEGIN(in, char *, cp) {
583 if (cur && !strcmp(cp, cur)) {
584 ++count;
585 } else {
586 if (count > min)
587 smartlist_add(out, cur);
588 cur = cp;
589 count = 1;
590 }
591 } SMARTLIST_FOREACH_END(cp);
592 if (count > min)
593 smartlist_add(out, cur);
594}
595
596/** Given a sorted list of strings <b>lst</b>, return the member that appears
597 * most. Break ties in favor of later-occurring members. */
598#define get_most_frequent_member(lst) \
599 smartlist_get_most_frequent_string(lst)
600
601/** Return 0 if and only if <b>a</b> and <b>b</b> are routerstatuses
602 * that come from the same routerinfo, with the same derived elements.
603 */
604static int
606{
607 int r;
608 tor_assert(a);
609 tor_assert(b);
610
612 DIGEST_LEN)))
613 return r;
616 DIGEST_LEN)))
617 return r;
618 /* If we actually reached this point, then the identities and
619 * the descriptor digests matched, so somebody is making SHA1 collisions.
620 */
621#define CMP_FIELD(utype, itype, field) do { \
622 utype aval = (utype) (itype) a->field; \
623 utype bval = (utype) (itype) b->field; \
624 utype u = bval - aval; \
625 itype r2 = (itype) u; \
626 if (r2 < 0) { \
627 return -1; \
628 } else if (r2 > 0) { \
629 return 1; \
630 } \
631 } while (0)
632
633 CMP_FIELD(uint64_t, int64_t, published_on);
634
635 if ((r = strcmp(b->status.nickname, a->status.nickname)))
636 return r;
637
638 if ((r = tor_addr_compare(&a->status.ipv4_addr, &b->status.ipv4_addr,
639 CMP_EXACT))) {
640 return r;
641 }
642 CMP_FIELD(unsigned, int, status.ipv4_orport);
643 CMP_FIELD(unsigned, int, status.ipv4_dirport);
644
645 return 0;
646}
647
648/** Helper for sorting routerlists based on compare_vote_rs. */
649static int
650compare_vote_rs_(const void **_a, const void **_b)
651{
652 const vote_routerstatus_t *a = *_a, *b = *_b;
653 return compare_vote_rs(a,b);
654}
655
656/** Helper for sorting OR ports. */
657static int
658compare_orports_(const void **_a, const void **_b)
659{
660 const tor_addr_port_t *a = *_a, *b = *_b;
661 int r;
662
663 if ((r = tor_addr_compare(&a->addr, &b->addr, CMP_EXACT)))
664 return r;
665 if ((r = (((int) b->port) - ((int) a->port))))
666 return r;
667
668 return 0;
669}
670
671/** Given a list of vote_routerstatus_t, all for the same router identity,
672 * return whichever is most frequent, breaking ties in favor of more
673 * recently published vote_routerstatus_t and in case of ties there,
674 * in favor of smaller descriptor digest.
675 */
676static vote_routerstatus_t *
677compute_routerstatus_consensus(smartlist_t *votes, int consensus_method,
678 char *microdesc_digest256_out,
679 tor_addr_port_t *best_alt_orport_out)
680{
681 vote_routerstatus_t *most = NULL, *cur = NULL;
682 int most_n = 0, cur_n = 0;
683 time_t most_published = 0;
684
685 /* compare_vote_rs_() sorts the items by identity digest (all the same),
686 * then by SD digest. That way, if we have a tie that the published_on
687 * date cannot break, we use the descriptor with the smaller digest.
688 */
691 if (cur && !compare_vote_rs(cur, rs)) {
692 ++cur_n;
693 } else {
694 if (cur && (cur_n > most_n ||
695 (cur_n == most_n &&
696 cur->published_on > most_published))) {
697 most = cur;
698 most_n = cur_n;
699 most_published = cur->published_on;
700 }
701 cur_n = 1;
702 cur = rs;
703 }
704 } SMARTLIST_FOREACH_END(rs);
705
706 if (cur_n > most_n ||
707 (cur && cur_n == most_n && cur->published_on > most_published)) {
708 most = cur;
709 // most_n = cur_n; // unused after this point.
710 // most_published = cur->status.published_on; // unused after this point.
711 }
712
713 tor_assert(most);
714
715 /* Vote on potential alternative (sets of) OR port(s) in the winning
716 * routerstatuses.
717 *
718 * XXX prop186 There's at most one alternative OR port (_the_ IPv6
719 * port) for now. */
720 if (best_alt_orport_out) {
721 smartlist_t *alt_orports = smartlist_new();
722 const tor_addr_port_t *most_alt_orport = NULL;
723
725 tor_assert(rs);
726 if (compare_vote_rs(most, rs) == 0 &&
727 !tor_addr_is_null(&rs->status.ipv6_addr)
728 && rs->status.ipv6_orport) {
729 smartlist_add(alt_orports, tor_addr_port_new(&rs->status.ipv6_addr,
730 rs->status.ipv6_orport));
731 }
732 } SMARTLIST_FOREACH_END(rs);
733
734 smartlist_sort(alt_orports, compare_orports_);
735 most_alt_orport = smartlist_get_most_frequent(alt_orports,
737 if (most_alt_orport) {
738 memcpy(best_alt_orport_out, most_alt_orport, sizeof(tor_addr_port_t));
739 log_debug(LD_DIR, "\"a\" line winner for %s is %s",
740 most->status.nickname,
741 fmt_addrport(&most_alt_orport->addr, most_alt_orport->port));
742 }
743
744 SMARTLIST_FOREACH(alt_orports, tor_addr_port_t *, ap, tor_free(ap));
745 smartlist_free(alt_orports);
746 }
747
748 if (microdesc_digest256_out) {
749 smartlist_t *digests = smartlist_new();
750 const uint8_t *best_microdesc_digest;
752 char d[DIGEST256_LEN];
753 if (compare_vote_rs(rs, most))
754 continue;
755 if (!vote_routerstatus_find_microdesc_hash(d, rs, consensus_method,
756 DIGEST_SHA256))
757 smartlist_add(digests, tor_memdup(d, sizeof(d)));
758 } SMARTLIST_FOREACH_END(rs);
760 best_microdesc_digest = smartlist_get_most_frequent_digest256(digests);
761 if (best_microdesc_digest)
762 memcpy(microdesc_digest256_out, best_microdesc_digest, DIGEST256_LEN);
763 SMARTLIST_FOREACH(digests, char *, cp, tor_free(cp));
764 smartlist_free(digests);
765 }
766
767 return most;
768}
769
770/** Sorting helper: compare two strings based on their values as base-ten
771 * positive integers. (Non-integers are treated as prior to all integers, and
772 * compared lexically.) */
773static int
774cmp_int_strings_(const void **_a, const void **_b)
775{
776 const char *a = *_a, *b = *_b;
777 int ai = (int)tor_parse_long(a, 10, 1, INT_MAX, NULL, NULL);
778 int bi = (int)tor_parse_long(b, 10, 1, INT_MAX, NULL, NULL);
779 if (ai<bi) {
780 return -1;
781 } else if (ai==bi) {
782 if (ai == 0) /* Parsing failed. */
783 return strcmp(a, b);
784 return 0;
785 } else {
786 return 1;
787 }
788}
789
790/** Given a list of networkstatus_t votes, determine and return the number of
791 * the highest consensus method that is supported by 2/3 of the voters. */
792static int
794{
795 smartlist_t *all_methods = smartlist_new();
796 smartlist_t *acceptable_methods = smartlist_new();
797 smartlist_t *tmp = smartlist_new();
798 int min = (smartlist_len(votes) * 2) / 3;
799 int n_ok;
800 int result;
801 SMARTLIST_FOREACH(votes, networkstatus_t *, vote,
802 {
803 tor_assert(vote->supported_methods);
804 smartlist_add_all(tmp, vote->supported_methods);
807 smartlist_add_all(all_methods, tmp);
808 smartlist_clear(tmp);
809 });
810
811 smartlist_sort(all_methods, cmp_int_strings_);
812 get_frequent_members(acceptable_methods, all_methods, min);
813 n_ok = smartlist_len(acceptable_methods);
814 if (n_ok) {
815 const char *best = smartlist_get(acceptable_methods, n_ok-1);
816 result = (int)tor_parse_long(best, 10, 1, INT_MAX, NULL, NULL);
817 } else {
818 result = 1;
819 }
820 smartlist_free(tmp);
821 smartlist_free(all_methods);
822 smartlist_free(acceptable_methods);
823 return result;
824}
825
826/** Return true iff <b>method</b> is a consensus method that we support. */
827static int
829{
830 return (method >= MIN_SUPPORTED_CONSENSUS_METHOD) &&
832}
833
834/** Return a newly allocated string holding the numbers between low and high
835 * (inclusive) that are supported consensus methods. */
836STATIC char *
837make_consensus_method_list(int low, int high, const char *separator)
838{
839 char *list;
840
841 int i;
842 smartlist_t *lst;
843 lst = smartlist_new();
844 for (i = low; i <= high; ++i) {
846 continue;
847 smartlist_add_asprintf(lst, "%d", i);
848 }
849 list = smartlist_join_strings(lst, separator, 0, NULL);
850 tor_assert(list);
851 SMARTLIST_FOREACH(lst, char *, cp, tor_free(cp));
852 smartlist_free(lst);
853 return list;
854}
855
856/** Helper: given <b>lst</b>, a list of version strings such that every
857 * version appears once for every versioning voter who recommends it, return a
858 * newly allocated string holding the resulting client-versions or
859 * server-versions list. May change contents of <b>lst</b> */
860static char *
862{
863 int min = n_versioning / 2;
864 smartlist_t *good = smartlist_new();
865 char *result;
866 SMARTLIST_FOREACH_BEGIN(lst, const char *, v) {
867 if (strchr(v, ' ')) {
868 log_warn(LD_DIR, "At least one authority has voted for a version %s "
869 "that contains a space. This probably wasn't intentional, and "
870 "is likely to cause trouble. Please tell them to stop it.",
871 escaped(v));
872 }
873 } SMARTLIST_FOREACH_END(v);
874 sort_version_list(lst, 0);
875 get_frequent_members(good, lst, min);
876 result = smartlist_join_strings(good, ",", 0, NULL);
877 smartlist_free(good);
878 return result;
879}
880
881/** Given a list of K=V values, return the int32_t value corresponding to
882 * KEYWORD=, or default_val if no such value exists, or if the value is
883 * corrupt.
884 */
885STATIC int32_t
887 const char *keyword,
888 int32_t default_val)
889{
890 unsigned int n_found = 0;
891 int32_t value = default_val;
892
893 SMARTLIST_FOREACH_BEGIN(param_list, const char *, k_v_pair) {
894 if (!strcmpstart(k_v_pair, keyword) && k_v_pair[strlen(keyword)] == '=') {
895 const char *integer_str = &k_v_pair[strlen(keyword)+1];
896 int ok;
897 value = (int32_t)
898 tor_parse_long(integer_str, 10, INT32_MIN, INT32_MAX, &ok, NULL);
899 if (BUG(!ok))
900 return default_val;
901 ++n_found;
902 }
903 } SMARTLIST_FOREACH_END(k_v_pair);
904
905 if (n_found == 1) {
906 return value;
907 } else {
908 tor_assert_nonfatal(n_found == 0);
909 return default_val;
910 }
911}
912
913/** Minimum number of directory authorities voting for a parameter to
914 * include it in the consensus, if consensus method 12 or later is to be
915 * used. See proposal 178 for details. */
916#define MIN_VOTES_FOR_PARAM 3
917
918/** Helper: given a list of valid networkstatus_t, return a new smartlist
919 * containing the contents of the consensus network parameter set.
920 */
922dirvote_compute_params(smartlist_t *votes, int method, int total_authorities)
923{
924 int i;
925 int32_t *vals;
926
927 int cur_param_len;
928 const char *cur_param;
929 const char *eq;
930
931 const int n_votes = smartlist_len(votes);
932 smartlist_t *output;
933 smartlist_t *param_list = smartlist_new();
934 (void) method;
935
936 /* We require that the parameter lists in the votes are well-formed: that
937 is, that their keywords are unique and sorted, and that their values are
938 between INT32_MIN and INT32_MAX inclusive. This should be guaranteed by
939 the parsing code. */
940
941 vals = tor_calloc(n_votes, sizeof(int));
942
944 if (!v->net_params)
945 continue;
946 smartlist_add_all(param_list, v->net_params);
947 } SMARTLIST_FOREACH_END(v);
948
949 if (smartlist_len(param_list) == 0) {
950 tor_free(vals);
951 return param_list;
952 }
953
954 smartlist_sort_strings(param_list);
955 i = 0;
956 cur_param = smartlist_get(param_list, 0);
957 eq = strchr(cur_param, '=');
958 tor_assert(eq);
959 cur_param_len = (int)(eq+1 - cur_param);
960
961 output = smartlist_new();
962
963 SMARTLIST_FOREACH_BEGIN(param_list, const char *, param) {
964 /* resolve spurious clang shallow analysis null pointer errors */
965 tor_assert(param);
966
967 const char *next_param;
968 int ok=0;
969 eq = strchr(param, '=');
970 tor_assert(i<n_votes); /* Make sure we prevented vote-stuffing. */
971 vals[i++] = (int32_t)
972 tor_parse_long(eq+1, 10, INT32_MIN, INT32_MAX, &ok, NULL);
973 tor_assert(ok); /* Already checked these when parsing. */
974
975 if (param_sl_idx+1 == smartlist_len(param_list))
976 next_param = NULL;
977 else
978 next_param = smartlist_get(param_list, param_sl_idx+1);
979
980 if (!next_param || strncmp(next_param, param, cur_param_len)) {
981 /* We've reached the end of a series. */
982 /* Make sure enough authorities voted on this param, unless the
983 * the consensus method we use is too old for that. */
984 if (i > total_authorities/2 ||
985 i >= MIN_VOTES_FOR_PARAM) {
986 int32_t median = median_int32(vals, i);
987 char *out_string = tor_malloc(64+cur_param_len);
988 memcpy(out_string, param, cur_param_len);
989 tor_snprintf(out_string+cur_param_len,64, "%ld", (long)median);
990 smartlist_add(output, out_string);
991 }
992
993 i = 0;
994 if (next_param) {
995 eq = strchr(next_param, '=');
996 cur_param_len = (int)(eq+1 - next_param);
997 }
998 }
999 } SMARTLIST_FOREACH_END(param);
1000
1001 smartlist_free(param_list);
1002 tor_free(vals);
1003 return output;
1004}
1005
1006#define RANGE_CHECK(a,b,c,d,e,f,g,mx) \
1007 ((a) >= 0 && (a) <= (mx) && (b) >= 0 && (b) <= (mx) && \
1008 (c) >= 0 && (c) <= (mx) && (d) >= 0 && (d) <= (mx) && \
1009 (e) >= 0 && (e) <= (mx) && (f) >= 0 && (f) <= (mx) && \
1010 (g) >= 0 && (g) <= (mx))
1011
1012#define CHECK_EQ(a, b, margin) \
1013 ((a)-(b) >= 0 ? (a)-(b) <= (margin) : (b)-(a) <= (margin))
1014
1015typedef enum {
1016 BW_WEIGHTS_NO_ERROR = 0,
1017 BW_WEIGHTS_RANGE_ERROR = 1,
1018 BW_WEIGHTS_SUMG_ERROR = 2,
1019 BW_WEIGHTS_SUME_ERROR = 3,
1020 BW_WEIGHTS_SUMD_ERROR = 4,
1021 BW_WEIGHTS_BALANCE_MID_ERROR = 5,
1022 BW_WEIGHTS_BALANCE_EG_ERROR = 6
1023} bw_weights_error_t;
1024
1025/**
1026 * Verify that any weightings satisfy the balanced formulas.
1027 */
1028static bw_weights_error_t
1029networkstatus_check_weights(int64_t Wgg, int64_t Wgd, int64_t Wmg,
1030 int64_t Wme, int64_t Wmd, int64_t Wee,
1031 int64_t Wed, int64_t scale, int64_t G,
1032 int64_t M, int64_t E, int64_t D, int64_t T,
1033 int64_t margin, int do_balance) {
1034 bw_weights_error_t berr = BW_WEIGHTS_NO_ERROR;
1035
1036 // Wed + Wmd + Wgd == 1
1037 if (!CHECK_EQ(Wed + Wmd + Wgd, scale, margin)) {
1038 berr = BW_WEIGHTS_SUMD_ERROR;
1039 goto out;
1040 }
1041
1042 // Wmg + Wgg == 1
1043 if (!CHECK_EQ(Wmg + Wgg, scale, margin)) {
1044 berr = BW_WEIGHTS_SUMG_ERROR;
1045 goto out;
1046 }
1047
1048 // Wme + Wee == 1
1049 if (!CHECK_EQ(Wme + Wee, scale, margin)) {
1050 berr = BW_WEIGHTS_SUME_ERROR;
1051 goto out;
1052 }
1053
1054 // Verify weights within range 0->1
1055 if (!RANGE_CHECK(Wgg, Wgd, Wmg, Wme, Wmd, Wed, Wee, scale)) {
1056 berr = BW_WEIGHTS_RANGE_ERROR;
1057 goto out;
1058 }
1059
1060 if (do_balance) {
1061 // Wgg*G + Wgd*D == Wee*E + Wed*D, already scaled
1062 if (!CHECK_EQ(Wgg*G + Wgd*D, Wee*E + Wed*D, (margin*T)/3)) {
1063 berr = BW_WEIGHTS_BALANCE_EG_ERROR;
1064 goto out;
1065 }
1066
1067 // Wgg*G + Wgd*D == M*scale + Wmd*D + Wme*E + Wmg*G, already scaled
1068 if (!CHECK_EQ(Wgg*G + Wgd*D, M*scale + Wmd*D + Wme*E + Wmg*G,
1069 (margin*T)/3)) {
1070 berr = BW_WEIGHTS_BALANCE_MID_ERROR;
1071 goto out;
1072 }
1073 }
1074
1075 out:
1076 if (berr) {
1077 log_info(LD_DIR,
1078 "Bw weight mismatch %d. G=%"PRId64" M=%"PRId64
1079 " E=%"PRId64" D=%"PRId64" T=%"PRId64
1080 " Wmd=%d Wme=%d Wmg=%d Wed=%d Wee=%d"
1081 " Wgd=%d Wgg=%d Wme=%d Wmg=%d",
1082 berr,
1083 (G), (M), (E),
1084 (D), (T),
1085 (int)Wmd, (int)Wme, (int)Wmg, (int)Wed, (int)Wee,
1086 (int)Wgd, (int)Wgg, (int)Wme, (int)Wmg);
1087 }
1088
1089 return berr;
1090}
1091
1092/**
1093 * This function computes the bandwidth weights for consensus method 10.
1094 *
1095 * It returns true if weights could be computed, false otherwise.
1096 */
1097int
1099 int64_t M, int64_t E, int64_t D,
1100 int64_t T, int64_t weight_scale)
1101{
1102 bw_weights_error_t berr = 0;
1103 int64_t Wgg = -1, Wgd = -1;
1104 int64_t Wmg = -1, Wme = -1, Wmd = -1;
1105 int64_t Wed = -1, Wee = -1;
1106 const char *casename;
1107
1108 if (G <= 0 || M <= 0 || E <= 0 || D <= 0) {
1109 log_warn(LD_DIR, "Consensus with empty bandwidth: "
1110 "G=%"PRId64" M=%"PRId64" E=%"PRId64
1111 " D=%"PRId64" T=%"PRId64,
1112 (G), (M), (E),
1113 (D), (T));
1114 return 0;
1115 }
1116
1117 /*
1118 * Computed from cases in 3.8.3 of dir-spec.txt
1119 *
1120 * 1. Neither are scarce
1121 * 2. Both Guard and Exit are scarce
1122 * a. R+D <= S
1123 * b. R+D > S
1124 * 3. One of Guard or Exit is scarce
1125 * a. S+D < T/3
1126 * b. S+D >= T/3
1127 */
1128 if (3*E >= T && 3*G >= T) { // E >= T/3 && G >= T/3
1129 /* Case 1: Neither are scarce. */
1130 casename = "Case 1 (Wgd=Wmd=Wed)";
1131 Wgd = weight_scale/3;
1132 Wed = weight_scale/3;
1133 Wmd = weight_scale/3;
1134 Wee = (weight_scale*(E+G+M))/(3*E);
1135 Wme = weight_scale - Wee;
1136 Wmg = (weight_scale*(2*G-E-M))/(3*G);
1137 Wgg = weight_scale - Wmg;
1138
1139 berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed,
1140 weight_scale, G, M, E, D, T, 10, 1);
1141
1142 if (berr) {
1143 log_warn(LD_DIR,
1144 "Bw Weights error %d for %s v10. G=%"PRId64" M=%"PRId64
1145 " E=%"PRId64" D=%"PRId64" T=%"PRId64
1146 " Wmd=%d Wme=%d Wmg=%d Wed=%d Wee=%d"
1147 " Wgd=%d Wgg=%d Wme=%d Wmg=%d weight_scale=%d",
1148 berr, casename,
1149 (G), (M), (E),
1150 (D), (T),
1151 (int)Wmd, (int)Wme, (int)Wmg, (int)Wed, (int)Wee,
1152 (int)Wgd, (int)Wgg, (int)Wme, (int)Wmg, (int)weight_scale);
1153 return 0;
1154 }
1155 } else if (3*E < T && 3*G < T) { // E < T/3 && G < T/3
1156 int64_t R = MIN(E, G);
1157 int64_t S = MAX(E, G);
1158 /*
1159 * Case 2: Both Guards and Exits are scarce
1160 * Balance D between E and G, depending upon
1161 * D capacity and scarcity.
1162 */
1163 if (R+D < S) { // Subcase a
1164 Wgg = weight_scale;
1165 Wee = weight_scale;
1166 Wmg = 0;
1167 Wme = 0;
1168 Wmd = 0;
1169 if (E < G) {
1170 casename = "Case 2a (E scarce)";
1171 Wed = weight_scale;
1172 Wgd = 0;
1173 } else { /* E >= G */
1174 casename = "Case 2a (G scarce)";
1175 Wed = 0;
1176 Wgd = weight_scale;
1177 }
1178 } else { // Subcase b: R+D >= S
1179 casename = "Case 2b1 (Wgg=weight_scale, Wmd=Wgd)";
1180 Wee = (weight_scale*(E - G + M))/E;
1181 Wed = (weight_scale*(D - 2*E + 4*G - 2*M))/(3*D);
1182 Wme = (weight_scale*(G-M))/E;
1183 Wmg = 0;
1184 Wgg = weight_scale;
1185 Wmd = (weight_scale - Wed)/2;
1186 Wgd = (weight_scale - Wed)/2;
1187
1188 berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed,
1189 weight_scale, G, M, E, D, T, 10, 1);
1190
1191 if (berr) {
1192 casename = "Case 2b2 (Wgg=weight_scale, Wee=weight_scale)";
1193 Wgg = weight_scale;
1194 Wee = weight_scale;
1195 Wed = (weight_scale*(D - 2*E + G + M))/(3*D);
1196 Wmd = (weight_scale*(D - 2*M + G + E))/(3*D);
1197 Wme = 0;
1198 Wmg = 0;
1199
1200 if (Wmd < 0) { // Can happen if M > T/3
1201 casename = "Case 2b3 (Wmd=0)";
1202 Wmd = 0;
1203 log_warn(LD_DIR,
1204 "Too much Middle bandwidth on the network to calculate "
1205 "balanced bandwidth-weights. Consider increasing the "
1206 "number of Guard nodes by lowering the requirements.");
1207 }
1208 Wgd = weight_scale - Wed - Wmd;
1209 berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee,
1210 Wed, weight_scale, G, M, E, D, T, 10, 1);
1211 }
1212 if (berr != BW_WEIGHTS_NO_ERROR &&
1213 berr != BW_WEIGHTS_BALANCE_MID_ERROR) {
1214 log_warn(LD_DIR,
1215 "Bw Weights error %d for %s v10. G=%"PRId64" M=%"PRId64
1216 " E=%"PRId64" D=%"PRId64" T=%"PRId64
1217 " Wmd=%d Wme=%d Wmg=%d Wed=%d Wee=%d"
1218 " Wgd=%d Wgg=%d Wme=%d Wmg=%d weight_scale=%d",
1219 berr, casename,
1220 (G), (M), (E),
1221 (D), (T),
1222 (int)Wmd, (int)Wme, (int)Wmg, (int)Wed, (int)Wee,
1223 (int)Wgd, (int)Wgg, (int)Wme, (int)Wmg, (int)weight_scale);
1224 return 0;
1225 }
1226 }
1227 } else { // if (E < T/3 || G < T/3) {
1228 int64_t S = MIN(E, G);
1229 // Case 3: Exactly one of Guard or Exit is scarce
1230 if (!(3*E < T || 3*G < T) || !(3*G >= T || 3*E >= T)) {
1231 log_warn(LD_BUG,
1232 "Bw-Weights Case 3 v10 but with G=%"PRId64" M="
1233 "%"PRId64" E=%"PRId64" D=%"PRId64" T=%"PRId64,
1234 (G), (M), (E),
1235 (D), (T));
1236 }
1237
1238 if (3*(S+D) < T) { // Subcase a: S+D < T/3
1239 if (G < E) {
1240 casename = "Case 3a (G scarce)";
1241 Wgg = Wgd = weight_scale;
1242 Wmd = Wed = Wmg = 0;
1243 // Minor subcase, if E is more scarce than M,
1244 // keep its bandwidth in place.
1245 if (E < M) Wme = 0;
1246 else Wme = (weight_scale*(E-M))/(2*E);
1247 Wee = weight_scale-Wme;
1248 } else { // G >= E
1249 casename = "Case 3a (E scarce)";
1250 Wee = Wed = weight_scale;
1251 Wmd = Wgd = Wme = 0;
1252 // Minor subcase, if G is more scarce than M,
1253 // keep its bandwidth in place.
1254 if (G < M) Wmg = 0;
1255 else Wmg = (weight_scale*(G-M))/(2*G);
1256 Wgg = weight_scale-Wmg;
1257 }
1258 } else { // Subcase b: S+D >= T/3
1259 // D != 0 because S+D >= T/3
1260 if (G < E) {
1261 casename = "Case 3bg (G scarce, Wgg=weight_scale, Wmd == Wed)";
1262 Wgg = weight_scale;
1263 Wgd = (weight_scale*(D - 2*G + E + M))/(3*D);
1264 Wmg = 0;
1265 Wee = (weight_scale*(E+M))/(2*E);
1266 Wme = weight_scale - Wee;
1267 Wmd = (weight_scale - Wgd)/2;
1268 Wed = (weight_scale - Wgd)/2;
1269
1270 berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee,
1271 Wed, weight_scale, G, M, E, D, T, 10, 1);
1272 } else { // G >= E
1273 casename = "Case 3be (E scarce, Wee=weight_scale, Wmd == Wgd)";
1274 Wee = weight_scale;
1275 Wed = (weight_scale*(D - 2*E + G + M))/(3*D);
1276 Wme = 0;
1277 Wgg = (weight_scale*(G+M))/(2*G);
1278 Wmg = weight_scale - Wgg;
1279 Wmd = (weight_scale - Wed)/2;
1280 Wgd = (weight_scale - Wed)/2;
1281
1282 berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee,
1283 Wed, weight_scale, G, M, E, D, T, 10, 1);
1284 }
1285 if (berr) {
1286 log_warn(LD_DIR,
1287 "Bw Weights error %d for %s v10. G=%"PRId64" M=%"PRId64
1288 " E=%"PRId64" D=%"PRId64" T=%"PRId64
1289 " Wmd=%d Wme=%d Wmg=%d Wed=%d Wee=%d"
1290 " Wgd=%d Wgg=%d Wme=%d Wmg=%d weight_scale=%d",
1291 berr, casename,
1292 (G), (M), (E),
1293 (D), (T),
1294 (int)Wmd, (int)Wme, (int)Wmg, (int)Wed, (int)Wee,
1295 (int)Wgd, (int)Wgg, (int)Wme, (int)Wmg, (int)weight_scale);
1296 return 0;
1297 }
1298 }
1299 }
1300
1301 /* We cast down the weights to 32 bit ints on the assumption that
1302 * weight_scale is ~= 10000. We need to ensure a rogue authority
1303 * doesn't break this assumption to rig our weights */
1304 tor_assert(0 < weight_scale && weight_scale <= INT32_MAX);
1305
1306 /*
1307 * Provide Wgm=Wgg, Wmm=weight_scale, Wem=Wee, Weg=Wed. May later determine
1308 * that middle nodes need different bandwidth weights for dirport traffic,
1309 * or that weird exit policies need special weight, or that bridges
1310 * need special weight.
1311 *
1312 * NOTE: This list is sorted.
1313 */
1315 "bandwidth-weights Wbd=%d Wbe=%d Wbg=%d Wbm=%d "
1316 "Wdb=%d "
1317 "Web=%d Wed=%d Wee=%d Weg=%d Wem=%d "
1318 "Wgb=%d Wgd=%d Wgg=%d Wgm=%d "
1319 "Wmb=%d Wmd=%d Wme=%d Wmg=%d Wmm=%d\n",
1320 (int)Wmd, (int)Wme, (int)Wmg, (int)weight_scale,
1321 (int)weight_scale,
1322 (int)weight_scale, (int)Wed, (int)Wee, (int)Wed, (int)Wee,
1323 (int)weight_scale, (int)Wgd, (int)Wgg, (int)Wgg,
1324 (int)weight_scale, (int)Wmd, (int)Wme, (int)Wmg, (int)weight_scale);
1325
1326 log_notice(LD_CIRC, "Computed bandwidth weights for %s with v10: "
1327 "G=%"PRId64" M=%"PRId64" E=%"PRId64" D=%"PRId64
1328 " T=%"PRId64,
1329 casename,
1330 (G), (M), (E),
1331 (D), (T));
1332 return 1;
1333}
1334
1335/** Update total bandwidth weights (G/M/E/D/T) with the bandwidth of
1336 * the router in <b>rs</b>. */
1337static void
1339 int is_exit, int is_guard,
1340 int64_t *G, int64_t *M, int64_t *E, int64_t *D,
1341 int64_t *T)
1342{
1343 int default_bandwidth = rs->bandwidth_kb;
1344 int guardfraction_bandwidth = 0;
1345
1346 if (!rs->has_bandwidth) {
1347 log_info(LD_BUG, "Missing consensus bandwidth for router %s",
1348 rs->nickname);
1349 return;
1350 }
1351
1352 /* If this routerstatus represents a guard that we have
1353 * guardfraction information on, use it to calculate its actual
1354 * bandwidth. From proposal236:
1355 *
1356 * Similarly, when calculating the bandwidth-weights line as in
1357 * section 3.8.3 of dir-spec.txt, directory authorities should treat N
1358 * as if fraction F of its bandwidth has the guard flag and (1-F) does
1359 * not. So when computing the totals G,M,E,D, each relay N with guard
1360 * visibility fraction F and bandwidth B should be added as follows:
1361 *
1362 * G' = G + F*B, if N does not have the exit flag
1363 * M' = M + (1-F)*B, if N does not have the exit flag
1364 *
1365 * or
1366 *
1367 * D' = D + F*B, if N has the exit flag
1368 * E' = E + (1-F)*B, if N has the exit flag
1369 *
1370 * In this block of code, we prepare the bandwidth values by setting
1371 * the default_bandwidth to F*B and guardfraction_bandwidth to (1-F)*B.
1372 */
1373 if (rs->has_guardfraction) {
1374 guardfraction_bandwidth_t guardfraction_bw;
1375
1376 tor_assert(is_guard);
1377
1378 guard_get_guardfraction_bandwidth(&guardfraction_bw,
1379 rs->bandwidth_kb,
1381
1382 default_bandwidth = guardfraction_bw.guard_bw;
1383 guardfraction_bandwidth = guardfraction_bw.non_guard_bw;
1384 }
1385
1386 /* Now calculate the total bandwidth weights with or without
1387 * guardfraction. Depending on the flags of the relay, add its
1388 * bandwidth to the appropriate weight pool. If it's a guard and
1389 * guardfraction is enabled, add its bandwidth to both pools as
1390 * indicated by the previous comment.
1391 */
1392 *T += default_bandwidth;
1393 if (is_exit && is_guard) {
1394
1395 *D += default_bandwidth;
1396 if (rs->has_guardfraction) {
1397 *E += guardfraction_bandwidth;
1398 }
1399
1400 } else if (is_exit) {
1401
1402 *E += default_bandwidth;
1403
1404 } else if (is_guard) {
1405
1406 *G += default_bandwidth;
1407 if (rs->has_guardfraction) {
1408 *M += guardfraction_bandwidth;
1409 }
1410
1411 } else {
1412
1413 *M += default_bandwidth;
1414 }
1415}
1416
1417/** Considering the different recommended/required protocols sets as a
1418 * 4-element array, return the element from <b>vote</b> for that protocol
1419 * set.
1420 */
1421static const char *
1423{
1424 switch (n) {
1425 case 0: return vote->recommended_client_protocols;
1426 case 1: return vote->recommended_relay_protocols;
1427 case 2: return vote->required_client_protocols;
1428 case 3: return vote->required_relay_protocols;
1429 default:
1430 tor_assert_unreached();
1431 return NULL;
1432 }
1433}
1434
1435/** Considering the different recommended/required protocols sets as a
1436 * 4-element array, return a newly allocated string for the consensus value
1437 * for the n'th set.
1438 */
1439static char *
1440compute_nth_protocol_set(int n, int n_voters, const smartlist_t *votes)
1441{
1442 const char *keyword;
1443 smartlist_t *proto_votes = smartlist_new();
1444 int threshold;
1445 switch (n) {
1446 case 0:
1447 keyword = "recommended-client-protocols";
1448 threshold = CEIL_DIV(n_voters, 2);
1449 break;
1450 case 1:
1451 keyword = "recommended-relay-protocols";
1452 threshold = CEIL_DIV(n_voters, 2);
1453 break;
1454 case 2:
1455 keyword = "required-client-protocols";
1456 threshold = CEIL_DIV(n_voters * 2, 3);
1457 break;
1458 case 3:
1459 keyword = "required-relay-protocols";
1460 threshold = CEIL_DIV(n_voters * 2, 3);
1461 break;
1462 default:
1463 tor_assert_unreached();
1464 return NULL;
1465 }
1466
1467 SMARTLIST_FOREACH_BEGIN(votes, const networkstatus_t *, ns) {
1468 const char *v = get_nth_protocol_set_vote(n, ns);
1469 if (v)
1470 smartlist_add(proto_votes, (void*)v);
1471 } SMARTLIST_FOREACH_END(ns);
1472
1473 char *protocols = protover_compute_vote(proto_votes, threshold);
1474 smartlist_free(proto_votes);
1475
1476 char *result = NULL;
1477 tor_asprintf(&result, "%s %s\n", keyword, protocols);
1478 tor_free(protocols);
1479
1480 return result;
1481}
1482
1483/** Helper: Takes a smartlist of `const char *` flags, and a flag to remove.
1484 *
1485 * Removes that flag if it is present in the list. Doesn't free it.
1486 */
1487static void
1488remove_flag(smartlist_t *sl, const char *flag)
1489{
1490 /* We can't use smartlist_string_remove() here, since that doesn't preserve
1491 * order, and since it frees elements from the string. */
1492
1493 int idx = smartlist_string_pos(sl, flag);
1494 if (idx >= 0)
1495 smartlist_del_keeporder(sl, idx);
1496}
1497
1498/** Given a list of vote networkstatus_t in <b>votes</b>, our public
1499 * authority <b>identity_key</b>, our private authority <b>signing_key</b>,
1500 * and the number of <b>total_authorities</b> that we believe exist in our
1501 * voting quorum, generate the text of a new v3 consensus or microdescriptor
1502 * consensus (depending on <b>flavor</b>), and return the value in a newly
1503 * allocated string.
1504 *
1505 * Note: this function DOES NOT check whether the votes are from
1506 * recognized authorities. (dirvote_add_vote does that.)
1507 *
1508 * <strong>WATCH OUT</strong>: You need to think before you change the
1509 * behavior of this function, or of the functions it calls! If some
1510 * authorities compute the consensus with a different algorithm than
1511 * others, they will not reach the same result, and they will not all
1512 * sign the same thing! If you really need to change the algorithm
1513 * here, you should allocate a new "consensus_method" for the new
1514 * behavior, and make the new behavior conditional on a new-enough
1515 * consensus_method.
1516 **/
1517STATIC char *
1519 int total_authorities,
1520 crypto_pk_t *identity_key,
1521 crypto_pk_t *signing_key,
1522 const char *legacy_id_key_digest,
1524 consensus_flavor_t flavor)
1525{
1526 smartlist_t *chunks;
1527 char *result = NULL;
1528 int consensus_method;
1529 time_t valid_after, fresh_until, valid_until;
1530 int vote_seconds, dist_seconds;
1531 char *client_versions = NULL, *server_versions = NULL;
1532 smartlist_t *flags;
1533 const char *flavor_name;
1534 uint32_t max_unmeasured_bw_kb = DEFAULT_MAX_UNMEASURED_BW_KB;
1535 int64_t G, M, E, D, T; /* For bandwidth weights */
1536 const routerstatus_format_type_t rs_format =
1537 flavor == FLAV_NS ? NS_V3_CONSENSUS : NS_V3_CONSENSUS_MICRODESC;
1538 char *params = NULL;
1539 char *packages = NULL;
1540 int added_weights = 0;
1541 dircollator_t *collator = NULL;
1542 smartlist_t *param_list = NULL;
1543
1544 tor_assert(flavor == FLAV_NS || flavor == FLAV_MICRODESC);
1545 tor_assert(total_authorities >= smartlist_len(votes));
1546 tor_assert(total_authorities > 0);
1547
1548 flavor_name = networkstatus_get_flavor_name(flavor);
1549
1550 if (!smartlist_len(votes)) {
1551 log_warn(LD_DIR, "Can't compute a consensus from no votes.");
1552 return NULL;
1553 }
1554 flags = smartlist_new();
1555
1556 consensus_method = compute_consensus_method(votes);
1557 if (consensus_method_is_supported(consensus_method)) {
1558 log_info(LD_DIR, "Generating consensus using method %d.",
1559 consensus_method);
1560 } else {
1561 log_warn(LD_DIR, "The other authorities will use consensus method %d, "
1562 "which I don't support. Maybe I should upgrade!",
1563 consensus_method);
1564 consensus_method = MAX_SUPPORTED_CONSENSUS_METHOD;
1565 }
1566
1567 {
1568 /* It's smarter to initialize these weights to 1, so that later on,
1569 * we can't accidentally divide by zero. */
1570 G = M = E = D = 1;
1571 T = 4;
1572 }
1573
1574 /* Compute medians of time-related things, and figure out how many
1575 * routers we might need to talk about. */
1576 {
1577 int n_votes = smartlist_len(votes);
1578 time_t *va_times = tor_calloc(n_votes, sizeof(time_t));
1579 time_t *fu_times = tor_calloc(n_votes, sizeof(time_t));
1580 time_t *vu_times = tor_calloc(n_votes, sizeof(time_t));
1581 int *votesec_list = tor_calloc(n_votes, sizeof(int));
1582 int *distsec_list = tor_calloc(n_votes, sizeof(int));
1583 int n_versioning_clients = 0, n_versioning_servers = 0;
1584 smartlist_t *combined_client_versions = smartlist_new();
1585 smartlist_t *combined_server_versions = smartlist_new();
1586
1588 tor_assert(v->type == NS_TYPE_VOTE);
1589 va_times[v_sl_idx] = v->valid_after;
1590 fu_times[v_sl_idx] = v->fresh_until;
1591 vu_times[v_sl_idx] = v->valid_until;
1592 votesec_list[v_sl_idx] = v->vote_seconds;
1593 distsec_list[v_sl_idx] = v->dist_seconds;
1594 if (v->client_versions) {
1595 smartlist_t *cv = smartlist_new();
1596 ++n_versioning_clients;
1597 smartlist_split_string(cv, v->client_versions, ",",
1598 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1599 sort_version_list(cv, 1);
1600 smartlist_add_all(combined_client_versions, cv);
1601 smartlist_free(cv); /* elements get freed later. */
1602 }
1603 if (v->server_versions) {
1604 smartlist_t *sv = smartlist_new();
1605 ++n_versioning_servers;
1606 smartlist_split_string(sv, v->server_versions, ",",
1607 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1608 sort_version_list(sv, 1);
1609 smartlist_add_all(combined_server_versions, sv);
1610 smartlist_free(sv); /* elements get freed later. */
1611 }
1612 SMARTLIST_FOREACH(v->known_flags, const char *, cp,
1613 smartlist_add_strdup(flags, cp));
1614 } SMARTLIST_FOREACH_END(v);
1615 valid_after = median_time(va_times, n_votes);
1616 fresh_until = median_time(fu_times, n_votes);
1617 valid_until = median_time(vu_times, n_votes);
1618 vote_seconds = median_int(votesec_list, n_votes);
1619 dist_seconds = median_int(distsec_list, n_votes);
1620
1621 tor_assert(valid_after +
1622 (get_options()->TestingTorNetwork ?
1624 tor_assert(fresh_until +
1625 (get_options()->TestingTorNetwork ?
1627 tor_assert(vote_seconds >= MIN_VOTE_SECONDS);
1628 tor_assert(dist_seconds >= MIN_DIST_SECONDS);
1629
1630 server_versions = compute_consensus_versions_list(combined_server_versions,
1631 n_versioning_servers);
1632 client_versions = compute_consensus_versions_list(combined_client_versions,
1633 n_versioning_clients);
1634
1635 if (consensus_method < MIN_METHOD_TO_OMIT_PACKAGE_FINGERPRINTS)
1636 packages = tor_strdup("");
1637 else
1638 packages = compute_consensus_package_lines(votes);
1639
1640 SMARTLIST_FOREACH(combined_server_versions, char *, cp, tor_free(cp));
1641 SMARTLIST_FOREACH(combined_client_versions, char *, cp, tor_free(cp));
1642 smartlist_free(combined_server_versions);
1643 smartlist_free(combined_client_versions);
1644
1645 smartlist_add_strdup(flags, "NoEdConsensus");
1646
1649
1650 tor_free(va_times);
1651 tor_free(fu_times);
1652 tor_free(vu_times);
1653 tor_free(votesec_list);
1654 tor_free(distsec_list);
1655 }
1656 // True if anybody is voting on the BadExit flag.
1657 const bool badexit_flag_is_listed =
1658 smartlist_contains_string(flags, "BadExit");
1659
1660 chunks = smartlist_new();
1661
1662 {
1663 char va_buf[ISO_TIME_LEN+1], fu_buf[ISO_TIME_LEN+1],
1664 vu_buf[ISO_TIME_LEN+1];
1665 char *flaglist;
1666 format_iso_time(va_buf, valid_after);
1667 format_iso_time(fu_buf, fresh_until);
1668 format_iso_time(vu_buf, valid_until);
1669 flaglist = smartlist_join_strings(flags, " ", 0, NULL);
1670
1671 smartlist_add_asprintf(chunks, "network-status-version 3%s%s\n"
1672 "vote-status consensus\n",
1673 flavor == FLAV_NS ? "" : " ",
1674 flavor == FLAV_NS ? "" : flavor_name);
1675
1676 smartlist_add_asprintf(chunks, "consensus-method %d\n",
1677 consensus_method);
1678
1680 "valid-after %s\n"
1681 "fresh-until %s\n"
1682 "valid-until %s\n"
1683 "voting-delay %d %d\n"
1684 "client-versions %s\n"
1685 "server-versions %s\n"
1686 "%s" /* packages */
1687 "known-flags %s\n",
1688 va_buf, fu_buf, vu_buf,
1689 vote_seconds, dist_seconds,
1690 client_versions, server_versions,
1691 packages,
1692 flaglist);
1693
1694 tor_free(flaglist);
1695 }
1696
1697 {
1698 int num_dirauth = get_n_authorities(V3_DIRINFO);
1699 int idx;
1700 for (idx = 0; idx < 4; ++idx) {
1701 char *proto_line = compute_nth_protocol_set(idx, num_dirauth, votes);
1702 if (BUG(!proto_line))
1703 continue;
1704 smartlist_add(chunks, proto_line);
1705 }
1706 }
1707
1708 param_list = dirvote_compute_params(votes, consensus_method,
1709 total_authorities);
1710 if (smartlist_len(param_list)) {
1711 params = smartlist_join_strings(param_list, " ", 0, NULL);
1712 smartlist_add_strdup(chunks, "params ");
1713 smartlist_add(chunks, params);
1714 smartlist_add_strdup(chunks, "\n");
1715 }
1716
1717 {
1718 int num_dirauth = get_n_authorities(V3_DIRINFO);
1719 /* Default value of this is 2/3 of the total number of authorities. For
1720 * instance, if we have 9 dirauth, the default value is 6. The following
1721 * calculation will round it down. */
1722 int32_t num_srv_agreements =
1724 "AuthDirNumSRVAgreements",
1725 (num_dirauth * 2) / 3);
1726 /* Add the shared random value. */
1727 char *srv_lines = sr_get_string_for_consensus(votes, num_srv_agreements);
1728 if (srv_lines != NULL) {
1729 smartlist_add(chunks, srv_lines);
1730 }
1731 }
1732
1733 /* Sort the votes. */
1735 /* Add the authority sections. */
1736 {
1737 smartlist_t *dir_sources = smartlist_new();
1739 dir_src_ent_t *e = tor_malloc_zero(sizeof(dir_src_ent_t));
1740 e->v = v;
1741 e->digest = get_voter(v)->identity_digest;
1742 e->is_legacy = 0;
1743 smartlist_add(dir_sources, e);
1744 if (!tor_digest_is_zero(get_voter(v)->legacy_id_digest)) {
1745 dir_src_ent_t *e_legacy = tor_malloc_zero(sizeof(dir_src_ent_t));
1746 e_legacy->v = v;
1747 e_legacy->digest = get_voter(v)->legacy_id_digest;
1748 e_legacy->is_legacy = 1;
1749 smartlist_add(dir_sources, e_legacy);
1750 }
1751 } SMARTLIST_FOREACH_END(v);
1753
1754 SMARTLIST_FOREACH_BEGIN(dir_sources, const dir_src_ent_t *, e) {
1755 char fingerprint[HEX_DIGEST_LEN+1];
1756 char votedigest[HEX_DIGEST_LEN+1];
1757 networkstatus_t *v = e->v;
1759
1760 base16_encode(fingerprint, sizeof(fingerprint), e->digest, DIGEST_LEN);
1761 base16_encode(votedigest, sizeof(votedigest), voter->vote_digest,
1762 DIGEST_LEN);
1763
1765 "dir-source %s%s %s %s %s %d %d\n",
1766 voter->nickname, e->is_legacy ? "-legacy" : "",
1767 fingerprint, voter->address, fmt_addr(&voter->ipv4_addr),
1768 voter->ipv4_dirport,
1769 voter->ipv4_orport);
1770 if (! e->is_legacy) {
1772 "contact %s\n"
1773 "vote-digest %s\n",
1774 voter->contact,
1775 votedigest);
1776 }
1777 } SMARTLIST_FOREACH_END(e);
1778 SMARTLIST_FOREACH(dir_sources, dir_src_ent_t *, e, tor_free(e));
1779 smartlist_free(dir_sources);
1780 }
1781
1782 {
1783 max_unmeasured_bw_kb = dirvote_get_intermediate_param_value(
1784 param_list, "maxunmeasuredbw", DEFAULT_MAX_UNMEASURED_BW_KB);
1785 if (max_unmeasured_bw_kb < 1)
1786 max_unmeasured_bw_kb = 1;
1787 }
1788
1789 /* Add the actual router entries. */
1790 {
1791 int *size; /* size[j] is the number of routerstatuses in votes[j]. */
1792 int *flag_counts; /* The number of voters that list flag[j] for the
1793 * currently considered router. */
1794 int i;
1795 smartlist_t *matching_descs = smartlist_new();
1796 smartlist_t *chosen_flags = smartlist_new();
1797 smartlist_t *versions = smartlist_new();
1798 smartlist_t *protocols = smartlist_new();
1799 smartlist_t *exitsummaries = smartlist_new();
1800 uint32_t *bandwidths_kb = tor_calloc(smartlist_len(votes),
1801 sizeof(uint32_t));
1802 uint32_t *measured_bws_kb = tor_calloc(smartlist_len(votes),
1803 sizeof(uint32_t));
1804 uint32_t *measured_guardfraction = tor_calloc(smartlist_len(votes),
1805 sizeof(uint32_t));
1806 int num_bandwidths;
1807 int num_mbws;
1808 int num_guardfraction_inputs;
1809
1810 int *n_voter_flags; /* n_voter_flags[j] is the number of flags that
1811 * votes[j] knows about. */
1812 int *n_flag_voters; /* n_flag_voters[f] is the number of votes that care
1813 * about flags[f]. */
1814 int **flag_map; /* flag_map[j][b] is an index f such that flag_map[f]
1815 * is the same flag as votes[j]->known_flags[b]. */
1816 int *named_flag; /* Index of the flag "Named" for votes[j] */
1817 int *unnamed_flag; /* Index of the flag "Unnamed" for votes[j] */
1818 int n_authorities_measuring_bandwidth;
1819
1820 strmap_t *name_to_id_map = strmap_new();
1821 char conflict[DIGEST_LEN];
1822 char unknown[DIGEST_LEN];
1823 memset(conflict, 0, sizeof(conflict));
1824 memset(unknown, 0xff, sizeof(conflict));
1825
1826 size = tor_calloc(smartlist_len(votes), sizeof(int));
1827 n_voter_flags = tor_calloc(smartlist_len(votes), sizeof(int));
1828 n_flag_voters = tor_calloc(smartlist_len(flags), sizeof(int));
1829 flag_map = tor_calloc(smartlist_len(votes), sizeof(int *));
1830 named_flag = tor_calloc(smartlist_len(votes), sizeof(int));
1831 unnamed_flag = tor_calloc(smartlist_len(votes), sizeof(int));
1832 for (i = 0; i < smartlist_len(votes); ++i)
1833 unnamed_flag[i] = named_flag[i] = -1;
1834
1835 /* Build the flag indexes. Note that no vote can have more than 64 members
1836 * for known_flags, so no value will be greater than 63, so it's safe to
1837 * do UINT64_C(1) << index on these values. But note also that
1838 * named_flag and unnamed_flag are initialized to -1, so we need to check
1839 * that they're actually set before doing UINT64_C(1) << index with
1840 * them.*/
1842 flag_map[v_sl_idx] = tor_calloc(smartlist_len(v->known_flags),
1843 sizeof(int));
1844 if (smartlist_len(v->known_flags) > MAX_KNOWN_FLAGS_IN_VOTE) {
1845 log_warn(LD_BUG, "Somehow, a vote has %d entries in known_flags",
1846 smartlist_len(v->known_flags));
1847 }
1848 SMARTLIST_FOREACH_BEGIN(v->known_flags, const char *, fl) {
1849 int p = smartlist_string_pos(flags, fl);
1850 tor_assert(p >= 0);
1851 flag_map[v_sl_idx][fl_sl_idx] = p;
1852 ++n_flag_voters[p];
1853 if (!strcmp(fl, "Named"))
1854 named_flag[v_sl_idx] = fl_sl_idx;
1855 if (!strcmp(fl, "Unnamed"))
1856 unnamed_flag[v_sl_idx] = fl_sl_idx;
1857 } SMARTLIST_FOREACH_END(fl);
1858 n_voter_flags[v_sl_idx] = smartlist_len(v->known_flags);
1859 size[v_sl_idx] = smartlist_len(v->routerstatus_list);
1860 } SMARTLIST_FOREACH_END(v);
1861
1862 /* Named and Unnamed get treated specially */
1863 {
1865 uint64_t nf;
1866 if (named_flag[v_sl_idx]<0)
1867 continue;
1868 nf = UINT64_C(1) << named_flag[v_sl_idx];
1869 SMARTLIST_FOREACH_BEGIN(v->routerstatus_list,
1870 vote_routerstatus_t *, rs) {
1871
1872 if ((rs->flags & nf) != 0) {
1873 const char *d = strmap_get_lc(name_to_id_map, rs->status.nickname);
1874 if (!d) {
1875 /* We have no name officially mapped to this digest. */
1876 strmap_set_lc(name_to_id_map, rs->status.nickname,
1877 rs->status.identity_digest);
1878 } else if (d != conflict &&
1879 fast_memcmp(d, rs->status.identity_digest, DIGEST_LEN)) {
1880 /* Authorities disagree about this nickname. */
1881 strmap_set_lc(name_to_id_map, rs->status.nickname, conflict);
1882 } else {
1883 /* It's already a conflict, or it's already this ID. */
1884 }
1885 }
1886 } SMARTLIST_FOREACH_END(rs);
1887 } SMARTLIST_FOREACH_END(v);
1888
1890 uint64_t uf;
1891 if (unnamed_flag[v_sl_idx]<0)
1892 continue;
1893 uf = UINT64_C(1) << unnamed_flag[v_sl_idx];
1894 SMARTLIST_FOREACH_BEGIN(v->routerstatus_list,
1895 vote_routerstatus_t *, rs) {
1896 if ((rs->flags & uf) != 0) {
1897 const char *d = strmap_get_lc(name_to_id_map, rs->status.nickname);
1898 if (d == conflict || d == unknown) {
1899 /* Leave it alone; we know what it is. */
1900 } else if (!d) {
1901 /* We have no name officially mapped to this digest. */
1902 strmap_set_lc(name_to_id_map, rs->status.nickname, unknown);
1903 } else if (fast_memeq(d, rs->status.identity_digest, DIGEST_LEN)) {
1904 /* Authorities disagree about this nickname. */
1905 strmap_set_lc(name_to_id_map, rs->status.nickname, conflict);
1906 } else {
1907 /* It's mapped to a different name. */
1908 }
1909 }
1910 } SMARTLIST_FOREACH_END(rs);
1911 } SMARTLIST_FOREACH_END(v);
1912 }
1913
1914 /* We need to know how many votes measure bandwidth. */
1915 n_authorities_measuring_bandwidth = 0;
1916 SMARTLIST_FOREACH(votes, const networkstatus_t *, v,
1917 if (v->has_measured_bws) {
1918 ++n_authorities_measuring_bandwidth;
1919 }
1920 );
1921
1922 /* Populate the collator */
1923 collator = dircollator_new(smartlist_len(votes), total_authorities);
1925 dircollator_add_vote(collator, v);
1926 } SMARTLIST_FOREACH_END(v);
1927
1928 dircollator_collate(collator, consensus_method);
1929
1930 /* Now go through all the votes */
1931 flag_counts = tor_calloc(smartlist_len(flags), sizeof(int));
1932 const int num_routers = dircollator_n_routers(collator);
1933 for (i = 0; i < num_routers; ++i) {
1934 vote_routerstatus_t **vrs_lst =
1936
1938 routerstatus_t rs_out;
1939 const char *current_rsa_id = NULL;
1940 const char *chosen_version;
1941 const char *chosen_protocol_list;
1942 const char *chosen_name = NULL;
1943 int exitsummary_disagreement = 0;
1944 int is_named = 0, is_unnamed = 0, is_running = 0, is_valid = 0;
1945 int is_guard = 0, is_exit = 0, is_bad_exit = 0, is_middle_only = 0;
1946 int naming_conflict = 0;
1947 int n_listing = 0;
1948 char microdesc_digest[DIGEST256_LEN];
1949 tor_addr_port_t alt_orport = {TOR_ADDR_NULL, 0};
1950
1951 memset(flag_counts, 0, sizeof(int)*smartlist_len(flags));
1952 smartlist_clear(matching_descs);
1953 smartlist_clear(chosen_flags);
1954 smartlist_clear(versions);
1955 smartlist_clear(protocols);
1956 num_bandwidths = 0;
1957 num_mbws = 0;
1958 num_guardfraction_inputs = 0;
1959 int ed_consensus = 0;
1960 const uint8_t *ed_consensus_val = NULL;
1961
1962 /* Okay, go through all the entries for this digest. */
1963 for (int voter_idx = 0; voter_idx < smartlist_len(votes); ++voter_idx) {
1964 if (vrs_lst[voter_idx] == NULL)
1965 continue; /* This voter had nothing to say about this entry. */
1966 rs = vrs_lst[voter_idx];
1967 ++n_listing;
1968
1969 current_rsa_id = rs->status.identity_digest;
1970
1971 smartlist_add(matching_descs, rs);
1972 if (rs->version && rs->version[0])
1973 smartlist_add(versions, rs->version);
1974
1975 if (rs->protocols) {
1976 /* We include this one even if it's empty: voting for an
1977 * empty protocol list actually is meaningful. */
1978 smartlist_add(protocols, rs->protocols);
1979 }
1980
1981 /* Tally up all the flags. */
1982 for (int flag = 0; flag < n_voter_flags[voter_idx]; ++flag) {
1983 if (rs->flags & (UINT64_C(1) << flag))
1984 ++flag_counts[flag_map[voter_idx][flag]];
1985 }
1986 if (named_flag[voter_idx] >= 0 &&
1987 (rs->flags & (UINT64_C(1) << named_flag[voter_idx]))) {
1988 if (chosen_name && strcmp(chosen_name, rs->status.nickname)) {
1989 log_notice(LD_DIR, "Conflict on naming for router: %s vs %s",
1990 chosen_name, rs->status.nickname);
1991 naming_conflict = 1;
1992 }
1993 chosen_name = rs->status.nickname;
1994 }
1995
1996 /* Count guardfraction votes and note down the values. */
1997 if (rs->status.has_guardfraction) {
1998 measured_guardfraction[num_guardfraction_inputs++] =
2000 }
2001
2002 /* count bandwidths */
2003 if (rs->has_measured_bw)
2004 measured_bws_kb[num_mbws++] = rs->measured_bw_kb;
2005
2006 if (rs->status.has_bandwidth)
2007 bandwidths_kb[num_bandwidths++] = rs->status.bandwidth_kb;
2008
2009 /* Count number for which ed25519 is canonical. */
2011 ++ed_consensus;
2012 if (ed_consensus_val) {
2013 tor_assert(fast_memeq(ed_consensus_val, rs->ed25519_id,
2015 } else {
2016 ed_consensus_val = rs->ed25519_id;
2017 }
2018 }
2019 }
2020
2021 /* We don't include this router at all unless more than half of
2022 * the authorities we believe in list it. */
2023 if (n_listing <= total_authorities/2)
2024 continue;
2025
2026 if (ed_consensus > 0) {
2027 if (ed_consensus <= total_authorities / 2) {
2028 log_warn(LD_BUG, "Not enough entries had ed_consensus set; how "
2029 "can we have a consensus of %d?", ed_consensus);
2030 }
2031 }
2032
2033 /* The clangalyzer can't figure out that this will never be NULL
2034 * if n_listing is at least 1 */
2035 tor_assert(current_rsa_id);
2036
2037 /* Figure out the most popular opinion of what the most recent
2038 * routerinfo and its contents are. */
2039 memset(microdesc_digest, 0, sizeof(microdesc_digest));
2040 rs = compute_routerstatus_consensus(matching_descs, consensus_method,
2041 microdesc_digest, &alt_orport);
2042 /* Copy bits of that into rs_out. */
2043 memset(&rs_out, 0, sizeof(rs_out));
2044 tor_assert(fast_memeq(current_rsa_id,
2046 memcpy(rs_out.identity_digest, current_rsa_id, DIGEST_LEN);
2047 memcpy(rs_out.descriptor_digest, rs->status.descriptor_digest,
2048 DIGEST_LEN);
2049 tor_addr_copy(&rs_out.ipv4_addr, &rs->status.ipv4_addr);
2050 rs_out.ipv4_dirport = rs->status.ipv4_dirport;
2051 rs_out.ipv4_orport = rs->status.ipv4_orport;
2052 tor_addr_copy(&rs_out.ipv6_addr, &alt_orport.addr);
2053 rs_out.ipv6_orport = alt_orport.port;
2054 rs_out.has_bandwidth = 0;
2055 rs_out.has_exitsummary = 0;
2056
2057 time_t published_on = rs->published_on;
2058
2059 /* Starting with this consensus method, we no longer include a
2060 meaningful published_on time for microdescriptor consensuses. This
2061 makes their diffs smaller and more compressible.
2062
2063 We need to keep including a meaningful published_on time for NS
2064 consensuses, however, until 035 relays are all obsolete. (They use
2065 it for a purpose similar to the current StaleDesc flag.)
2066 */
2067 if (consensus_method >= MIN_METHOD_TO_SUPPRESS_MD_PUBLISHED &&
2068 flavor == FLAV_MICRODESC) {
2069 published_on = -1;
2070 }
2071
2072 if (chosen_name && !naming_conflict) {
2073 strlcpy(rs_out.nickname, chosen_name, sizeof(rs_out.nickname));
2074 } else {
2075 strlcpy(rs_out.nickname, rs->status.nickname, sizeof(rs_out.nickname));
2076 }
2077
2078 {
2079 const char *d = strmap_get_lc(name_to_id_map, rs_out.nickname);
2080 if (!d) {
2081 is_named = is_unnamed = 0;
2082 } else if (fast_memeq(d, current_rsa_id, DIGEST_LEN)) {
2083 is_named = 1; is_unnamed = 0;
2084 } else {
2085 is_named = 0; is_unnamed = 1;
2086 }
2087 }
2088
2089 /* Set the flags. */
2090 SMARTLIST_FOREACH_BEGIN(flags, const char *, fl) {
2091 if (!strcmp(fl, "Named")) {
2092 if (is_named)
2093 smartlist_add(chosen_flags, (char*)fl);
2094 } else if (!strcmp(fl, "Unnamed")) {
2095 if (is_unnamed)
2096 smartlist_add(chosen_flags, (char*)fl);
2097 } else if (!strcmp(fl, "NoEdConsensus")) {
2098 if (ed_consensus <= total_authorities/2)
2099 smartlist_add(chosen_flags, (char*)fl);
2100 } else {
2101 if (flag_counts[fl_sl_idx] > n_flag_voters[fl_sl_idx]/2) {
2102 smartlist_add(chosen_flags, (char*)fl);
2103 if (!strcmp(fl, "Exit"))
2104 is_exit = 1;
2105 else if (!strcmp(fl, "Guard"))
2106 is_guard = 1;
2107 else if (!strcmp(fl, "Running"))
2108 is_running = 1;
2109 else if (!strcmp(fl, "BadExit"))
2110 is_bad_exit = 1;
2111 else if (!strcmp(fl, "MiddleOnly"))
2112 is_middle_only = 1;
2113 else if (!strcmp(fl, "Valid"))
2114 is_valid = 1;
2115 }
2116 }
2117 } SMARTLIST_FOREACH_END(fl);
2118
2119 /* Starting with consensus method 4 we do not list servers
2120 * that are not running in a consensus. See Proposal 138 */
2121 if (!is_running)
2122 continue;
2123
2124 /* Starting with consensus method 24, we don't list servers
2125 * that are not valid in a consensus. See Proposal 272 */
2126 if (!is_valid)
2127 continue;
2128
2129 /* Starting with consensus method 32, we handle the middle-only
2130 * flag specially: when it is present, we clear some flags, and
2131 * set others. */
2132 if (is_middle_only) {
2133 remove_flag(chosen_flags, "Exit");
2134 remove_flag(chosen_flags, "V2Dir");
2135 remove_flag(chosen_flags, "Guard");
2136 remove_flag(chosen_flags, "HSDir");
2137 is_exit = is_guard = 0;
2138 if (! is_bad_exit && badexit_flag_is_listed) {
2139 is_bad_exit = 1;
2140 smartlist_add(chosen_flags, (char *)"BadExit");
2141 smartlist_sort_strings(chosen_flags); // restore order.
2142 }
2143 }
2144
2145 /* Pick the version. */
2146 if (smartlist_len(versions)) {
2147 sort_version_list(versions, 0);
2148 chosen_version = get_most_frequent_member(versions);
2149 } else {
2150 chosen_version = NULL;
2151 }
2152
2153 /* Pick the protocol list */
2154 if (smartlist_len(protocols)) {
2155 smartlist_sort_strings(protocols);
2156 chosen_protocol_list = get_most_frequent_member(protocols);
2157 } else {
2158 chosen_protocol_list = NULL;
2159 }
2160
2161 /* If it's a guard and we have enough guardfraction votes,
2162 calculate its consensus guardfraction value. */
2163 if (is_guard && num_guardfraction_inputs > 2) {
2164 rs_out.has_guardfraction = 1;
2165 rs_out.guardfraction_percentage = median_uint32(measured_guardfraction,
2166 num_guardfraction_inputs);
2167 /* final value should be an integer percentage! */
2168 tor_assert(rs_out.guardfraction_percentage <= 100);
2169 }
2170
2171 /* Pick a bandwidth */
2172 if (num_mbws > 2) {
2173 rs_out.has_bandwidth = 1;
2174 rs_out.bw_is_unmeasured = 0;
2175 rs_out.bandwidth_kb = median_uint32(measured_bws_kb, num_mbws);
2176 } else if (num_bandwidths > 0) {
2177 rs_out.has_bandwidth = 1;
2178 rs_out.bw_is_unmeasured = 1;
2179 rs_out.bandwidth_kb = median_uint32(bandwidths_kb, num_bandwidths);
2180 if (n_authorities_measuring_bandwidth > 2) {
2181 /* Cap non-measured bandwidths. */
2182 if (rs_out.bandwidth_kb > max_unmeasured_bw_kb) {
2183 rs_out.bandwidth_kb = max_unmeasured_bw_kb;
2184 }
2185 }
2186 }
2187
2188 /* Fix bug 2203: Do not count BadExit nodes as Exits for bw weights */
2189 is_exit = is_exit && !is_bad_exit;
2190
2191 /* Update total bandwidth weights with the bandwidths of this router. */
2192 {
2194 is_exit, is_guard,
2195 &G, &M, &E, &D, &T);
2196 }
2197
2198 /* Ok, we already picked a descriptor digest we want to list
2199 * previously. Now we want to use the exit policy summary from
2200 * that descriptor. If everybody plays nice all the voters who
2201 * listed that descriptor will have the same summary. If not then
2202 * something is fishy and we'll use the most common one (breaking
2203 * ties in favor of lexicographically larger one (only because it
2204 * lets me reuse more existing code)).
2205 *
2206 * The other case that can happen is that no authority that voted
2207 * for that descriptor has an exit policy summary. That's
2208 * probably quite unlikely but can happen. In that case we use
2209 * the policy that was most often listed in votes, again breaking
2210 * ties like in the previous case.
2211 */
2212 {
2213 /* Okay, go through all the votes for this router. We prepared
2214 * that list previously */
2215 const char *chosen_exitsummary = NULL;
2216 smartlist_clear(exitsummaries);
2217 SMARTLIST_FOREACH_BEGIN(matching_descs, vote_routerstatus_t *, vsr) {
2218 /* Check if the vote where this status comes from had the
2219 * proper descriptor */
2221 vsr->status.identity_digest,
2222 DIGEST_LEN));
2223 if (vsr->status.has_exitsummary &&
2225 vsr->status.descriptor_digest,
2226 DIGEST_LEN)) {
2227 tor_assert(vsr->status.exitsummary);
2228 smartlist_add(exitsummaries, vsr->status.exitsummary);
2229 if (!chosen_exitsummary) {
2230 chosen_exitsummary = vsr->status.exitsummary;
2231 } else if (strcmp(chosen_exitsummary, vsr->status.exitsummary)) {
2232 /* Great. There's disagreement among the voters. That
2233 * really shouldn't be */
2234 exitsummary_disagreement = 1;
2235 }
2236 }
2237 } SMARTLIST_FOREACH_END(vsr);
2238
2239 if (exitsummary_disagreement) {
2240 char id[HEX_DIGEST_LEN+1];
2241 char dd[HEX_DIGEST_LEN+1];
2242 base16_encode(id, sizeof(dd), rs_out.identity_digest, DIGEST_LEN);
2243 base16_encode(dd, sizeof(dd), rs_out.descriptor_digest, DIGEST_LEN);
2244 log_warn(LD_DIR, "The voters disagreed on the exit policy summary "
2245 " for router %s with descriptor %s. This really shouldn't"
2246 " have happened.", id, dd);
2247
2248 smartlist_sort_strings(exitsummaries);
2249 chosen_exitsummary = get_most_frequent_member(exitsummaries);
2250 } else if (!chosen_exitsummary) {
2251 char id[HEX_DIGEST_LEN+1];
2252 char dd[HEX_DIGEST_LEN+1];
2253 base16_encode(id, sizeof(dd), rs_out.identity_digest, DIGEST_LEN);
2254 base16_encode(dd, sizeof(dd), rs_out.descriptor_digest, DIGEST_LEN);
2255 log_warn(LD_DIR, "Not one of the voters that made us select"
2256 "descriptor %s for router %s had an exit policy"
2257 "summary", dd, id);
2258
2259 /* Ok, none of those voting for the digest we chose had an
2260 * exit policy for us. Well, that kinda sucks.
2261 */
2262 smartlist_clear(exitsummaries);
2263 SMARTLIST_FOREACH(matching_descs, vote_routerstatus_t *, vsr, {
2264 if (vsr->status.has_exitsummary)
2265 smartlist_add(exitsummaries, vsr->status.exitsummary);
2266 });
2267 smartlist_sort_strings(exitsummaries);
2268 chosen_exitsummary = get_most_frequent_member(exitsummaries);
2269
2270 if (!chosen_exitsummary)
2271 log_warn(LD_DIR, "Wow, not one of the voters had an exit "
2272 "policy summary for %s. Wow.", id);
2273 }
2274
2275 if (chosen_exitsummary) {
2276 rs_out.has_exitsummary = 1;
2277 /* yea, discards the const */
2278 rs_out.exitsummary = (char *)chosen_exitsummary;
2279 }
2280 }
2281
2282 if (flavor == FLAV_MICRODESC &&
2283 tor_digest256_is_zero(microdesc_digest)) {
2284 /* With no microdescriptor digest, we omit the entry entirely. */
2285 continue;
2286 }
2287
2288 {
2289 char *buf;
2290 /* Okay!! Now we can write the descriptor... */
2291 /* First line goes into "buf". */
2292 buf = routerstatus_format_entry(&rs_out, NULL, NULL,
2293 rs_format, NULL, published_on);
2294 if (buf)
2295 smartlist_add(chunks, buf);
2296 }
2297 /* Now an m line, if applicable. */
2298 if (flavor == FLAV_MICRODESC &&
2299 !tor_digest256_is_zero(microdesc_digest)) {
2300 char m[BASE64_DIGEST256_LEN+1];
2301 digest256_to_base64(m, microdesc_digest);
2302 smartlist_add_asprintf(chunks, "m %s\n", m);
2303 }
2304 /* Next line is all flags. The "\n" is missing. */
2305 smartlist_add_asprintf(chunks, "s%s",
2306 smartlist_len(chosen_flags)?" ":"");
2307 smartlist_add(chunks,
2308 smartlist_join_strings(chosen_flags, " ", 0, NULL));
2309 /* Now the version line. */
2310 if (chosen_version) {
2311 smartlist_add_strdup(chunks, "\nv ");
2312 smartlist_add_strdup(chunks, chosen_version);
2313 }
2314 smartlist_add_strdup(chunks, "\n");
2315 if (chosen_protocol_list) {
2316 smartlist_add_asprintf(chunks, "pr %s\n", chosen_protocol_list);
2317 }
2318 /* Now the weight line. */
2319 if (rs_out.has_bandwidth) {
2320 char *guardfraction_str = NULL;
2321 int unmeasured = rs_out.bw_is_unmeasured;
2322
2323 /* If we have guardfraction info, include it in the 'w' line. */
2324 if (rs_out.has_guardfraction) {
2325 tor_asprintf(&guardfraction_str,
2326 " GuardFraction=%u", rs_out.guardfraction_percentage);
2327 }
2328 smartlist_add_asprintf(chunks, "w Bandwidth=%d%s%s\n",
2329 rs_out.bandwidth_kb,
2330 unmeasured?" Unmeasured=1":"",
2331 guardfraction_str ? guardfraction_str : "");
2332
2333 tor_free(guardfraction_str);
2334 }
2335
2336 /* Now the exitpolicy summary line. */
2337 if (rs_out.has_exitsummary && flavor == FLAV_NS) {
2338 smartlist_add_asprintf(chunks, "p %s\n", rs_out.exitsummary);
2339 }
2340
2341 /* And the loop is over and we move on to the next router */
2342 }
2343
2344 tor_free(size);
2345 tor_free(n_voter_flags);
2346 tor_free(n_flag_voters);
2347 for (i = 0; i < smartlist_len(votes); ++i)
2348 tor_free(flag_map[i]);
2349 tor_free(flag_map);
2350 tor_free(flag_counts);
2351 tor_free(named_flag);
2352 tor_free(unnamed_flag);
2353 strmap_free(name_to_id_map, NULL);
2354 smartlist_free(matching_descs);
2355 smartlist_free(chosen_flags);
2356 smartlist_free(versions);
2357 smartlist_free(protocols);
2358 smartlist_free(exitsummaries);
2359 tor_free(bandwidths_kb);
2360 tor_free(measured_bws_kb);
2361 tor_free(measured_guardfraction);
2362 }
2363
2364 /* Mark the directory footer region */
2365 smartlist_add_strdup(chunks, "directory-footer\n");
2366
2367 {
2368 int64_t weight_scale;
2370 param_list, "bwweightscale", BW_WEIGHT_SCALE);
2371 if (weight_scale < 1)
2372 weight_scale = 1;
2373 added_weights = networkstatus_compute_bw_weights_v10(chunks, G, M, E, D,
2374 T, weight_scale);
2375 }
2376
2377 /* Add a signature. */
2378 {
2379 char digest[DIGEST256_LEN];
2380 char fingerprint[HEX_DIGEST_LEN+1];
2381 char signing_key_fingerprint[HEX_DIGEST_LEN+1];
2382 digest_algorithm_t digest_alg =
2383 flavor == FLAV_NS ? DIGEST_SHA1 : DIGEST_SHA256;
2384 size_t digest_len =
2385 flavor == FLAV_NS ? DIGEST_LEN : DIGEST256_LEN;
2386 const char *algname = crypto_digest_algorithm_get_name(digest_alg);
2387 char *signature;
2388
2389 smartlist_add_strdup(chunks, "directory-signature ");
2390
2391 /* Compute the hash of the chunks. */
2392 crypto_digest_smartlist(digest, digest_len, chunks, "", digest_alg);
2393
2394 /* Get the fingerprints */
2395 crypto_pk_get_fingerprint(identity_key, fingerprint, 0);
2396 crypto_pk_get_fingerprint(signing_key, signing_key_fingerprint, 0);
2397
2398 /* add the junk that will go at the end of the line. */
2399 if (flavor == FLAV_NS) {
2400 smartlist_add_asprintf(chunks, "%s %s\n", fingerprint,
2401 signing_key_fingerprint);
2402 } else {
2403 smartlist_add_asprintf(chunks, "%s %s %s\n",
2404 algname, fingerprint,
2405 signing_key_fingerprint);
2406 }
2407 /* And the signature. */
2408 if (!(signature = router_get_dirobj_signature(digest, digest_len,
2409 signing_key))) {
2410 log_warn(LD_BUG, "Couldn't sign consensus networkstatus.");
2411 goto done;
2412 }
2413 smartlist_add(chunks, signature);
2414
2415 if (legacy_id_key_digest && legacy_signing_key) {
2416 smartlist_add_strdup(chunks, "directory-signature ");
2417 base16_encode(fingerprint, sizeof(fingerprint),
2418 legacy_id_key_digest, DIGEST_LEN);
2420 signing_key_fingerprint, 0);
2421 if (flavor == FLAV_NS) {
2422 smartlist_add_asprintf(chunks, "%s %s\n", fingerprint,
2423 signing_key_fingerprint);
2424 } else {
2425 smartlist_add_asprintf(chunks, "%s %s %s\n",
2426 algname, fingerprint,
2427 signing_key_fingerprint);
2428 }
2429
2430 if (!(signature = router_get_dirobj_signature(digest, digest_len,
2432 log_warn(LD_BUG, "Couldn't sign consensus networkstatus.");
2433 goto done;
2434 }
2435 smartlist_add(chunks, signature);
2436 }
2437 }
2438
2439 result = smartlist_join_strings(chunks, "", 0, NULL);
2440
2441 {
2442 networkstatus_t *c;
2443 if (!(c = networkstatus_parse_vote_from_string(result, strlen(result),
2444 NULL,
2445 NS_TYPE_CONSENSUS))) {
2446 log_err(LD_BUG, "Generated a networkstatus consensus we couldn't "
2447 "parse.");
2448 tor_free(result);
2449 goto done;
2450 }
2451 // Verify balancing parameters
2452 if (added_weights) {
2453 networkstatus_verify_bw_weights(c, consensus_method);
2454 }
2455 networkstatus_vote_free(c);
2456 }
2457
2458 done:
2459
2460 dircollator_free(collator);
2461 tor_free(client_versions);
2462 tor_free(server_versions);
2463 tor_free(packages);
2464 SMARTLIST_FOREACH(flags, char *, cp, tor_free(cp));
2465 smartlist_free(flags);
2466 SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
2467 smartlist_free(chunks);
2468 SMARTLIST_FOREACH(param_list, char *, cp, tor_free(cp));
2469 smartlist_free(param_list);
2470
2471 return result;
2472}
2473
2474/** Given a list of networkstatus_t for each vote, return a newly allocated
2475 * string containing the "package" lines for the vote. */
2476STATIC char *
2478{
2479 const int n_votes = smartlist_len(votes);
2480
2481 /* This will be a map from "packagename version" strings to arrays
2482 * of const char *, with the i'th member of the array corresponding to the
2483 * package line from the i'th vote.
2484 */
2485 strmap_t *package_status = strmap_new();
2486
2488 if (! v->package_lines)
2489 continue;
2490 SMARTLIST_FOREACH_BEGIN(v->package_lines, const char *, line) {
2492 continue;
2493
2494 /* Skip 'cp' to the second space in the line. */
2495 const char *cp = strchr(line, ' ');
2496 if (!cp) continue;
2497 ++cp;
2498 cp = strchr(cp, ' ');
2499 if (!cp) continue;
2500
2501 char *key = tor_strndup(line, cp - line);
2502
2503 const char **status = strmap_get(package_status, key);
2504 if (!status) {
2505 status = tor_calloc(n_votes, sizeof(const char *));
2506 strmap_set(package_status, key, status);
2507 }
2508 status[v_sl_idx] = line; /* overwrite old value */
2509 tor_free(key);
2510 } SMARTLIST_FOREACH_END(line);
2511 } SMARTLIST_FOREACH_END(v);
2512
2513 smartlist_t *entries = smartlist_new(); /* temporary */
2514 smartlist_t *result_list = smartlist_new(); /* output */
2515 STRMAP_FOREACH(package_status, key, const char **, values) {
2516 int i, count=-1;
2517 for (i = 0; i < n_votes; ++i) {
2518 if (values[i])
2519 smartlist_add(entries, (void*) values[i]);
2520 }
2521 smartlist_sort_strings(entries);
2522 int n_voting_for_entry = smartlist_len(entries);
2523 const char *most_frequent =
2524 smartlist_get_most_frequent_string_(entries, &count);
2525
2526 if (n_voting_for_entry >= 3 && count > n_voting_for_entry / 2) {
2527 smartlist_add_asprintf(result_list, "package %s\n", most_frequent);
2528 }
2529
2530 smartlist_clear(entries);
2531
2532 } STRMAP_FOREACH_END;
2533
2534 smartlist_sort_strings(result_list);
2535
2536 char *result = smartlist_join_strings(result_list, "", 0, NULL);
2537
2538 SMARTLIST_FOREACH(result_list, char *, cp, tor_free(cp));
2539 smartlist_free(result_list);
2540 smartlist_free(entries);
2541 strmap_free(package_status, tor_free_);
2542
2543 return result;
2544}
2545
2546/** Given a consensus vote <b>target</b> and a set of detached signatures in
2547 * <b>sigs</b> that correspond to the same consensus, check whether there are
2548 * any new signatures in <b>src_voter_list</b> that should be added to
2549 * <b>target</b>. (A signature should be added if we have no signature for that
2550 * voter in <b>target</b> yet, or if we have no verifiable signature and the
2551 * new signature is verifiable.)
2552 *
2553 * Return the number of signatures added or changed, or -1 if the document
2554 * signatures are invalid. Sets *<b>msg_out</b> to a string constant
2555 * describing the signature status.
2556 */
2557STATIC int
2560 const char *source,
2561 int severity,
2562 const char **msg_out)
2563{
2564 int r = 0;
2565 const char *flavor;
2566 smartlist_t *siglist;
2567 tor_assert(sigs);
2568 tor_assert(target);
2569 tor_assert(target->type == NS_TYPE_CONSENSUS);
2570
2571 flavor = networkstatus_get_flavor_name(target->flavor);
2572
2573 /* Do the times seem right? */
2574 if (target->valid_after != sigs->valid_after) {
2575 *msg_out = "Valid-After times do not match "
2576 "when adding detached signatures to consensus";
2577 return -1;
2578 }
2579 if (target->fresh_until != sigs->fresh_until) {
2580 *msg_out = "Fresh-until times do not match "
2581 "when adding detached signatures to consensus";
2582 return -1;
2583 }
2584 if (target->valid_until != sigs->valid_until) {
2585 *msg_out = "Valid-until times do not match "
2586 "when adding detached signatures to consensus";
2587 return -1;
2588 }
2589 siglist = strmap_get(sigs->signatures, flavor);
2590 if (!siglist) {
2591 *msg_out = "No signatures for given consensus flavor";
2592 return -1;
2593 }
2594
2595 /** Make sure all the digests we know match, and at least one matches. */
2596 {
2597 common_digests_t *digests = strmap_get(sigs->digests, flavor);
2598 int n_matches = 0;
2599 int alg;
2600 if (!digests) {
2601 *msg_out = "No digests for given consensus flavor";
2602 return -1;
2603 }
2604 for (alg = DIGEST_SHA1; alg < N_COMMON_DIGEST_ALGORITHMS; ++alg) {
2605 if (!fast_mem_is_zero(digests->d[alg], DIGEST256_LEN)) {
2606 if (fast_memeq(target->digests.d[alg], digests->d[alg],
2607 DIGEST256_LEN)) {
2608 ++n_matches;
2609 } else {
2610 *msg_out = "Mismatched digest.";
2611 return -1;
2612 }
2613 }
2614 }
2615 if (!n_matches) {
2616 *msg_out = "No recognized digests for given consensus flavor";
2617 }
2618 }
2619
2620 /* For each voter in src... */
2622 char voter_identity[HEX_DIGEST_LEN+1];
2623 networkstatus_voter_info_t *target_voter =
2624 networkstatus_get_voter_by_id(target, sig->identity_digest);
2625 authority_cert_t *cert = NULL;
2626 const char *algorithm;
2627 document_signature_t *old_sig = NULL;
2628
2629 algorithm = crypto_digest_algorithm_get_name(sig->alg);
2630
2631 base16_encode(voter_identity, sizeof(voter_identity),
2632 sig->identity_digest, DIGEST_LEN);
2633 log_info(LD_DIR, "Looking at signature from %s using %s", voter_identity,
2634 algorithm);
2635 /* If the target doesn't know about this voter, then forget it. */
2636 if (!target_voter) {
2637 log_info(LD_DIR, "We do not know any voter with ID %s", voter_identity);
2638 continue;
2639 }
2640
2641 old_sig = networkstatus_get_voter_sig_by_alg(target_voter, sig->alg);
2642
2643 /* If the target already has a good signature from this voter, then skip
2644 * this one. */
2645 if (old_sig && old_sig->good_signature) {
2646 log_info(LD_DIR, "We already have a good signature from %s using %s",
2647 voter_identity, algorithm);
2648 continue;
2649 }
2650
2651 /* Try checking the signature if we haven't already. */
2652 if (!sig->good_signature && !sig->bad_signature) {
2653 cert = authority_cert_get_by_digests(sig->identity_digest,
2654 sig->signing_key_digest);
2655 if (cert) {
2656 /* Not checking the return value here, since we are going to look
2657 * at the status of sig->good_signature in a moment. */
2658 (void) networkstatus_check_document_signature(target, sig, cert);
2659 }
2660 }
2661
2662 /* If this signature is good, or we don't have any signature yet,
2663 * then maybe add it. */
2664 if (sig->good_signature || !old_sig || old_sig->bad_signature) {
2665 log_info(LD_DIR, "Adding signature from %s with %s", voter_identity,
2666 algorithm);
2667 tor_log(severity, LD_DIR, "Added a signature for %s from %s.",
2668 target_voter->nickname, source);
2669 ++r;
2670 if (old_sig) {
2671 smartlist_remove(target_voter->sigs, old_sig);
2672 document_signature_free(old_sig);
2673 }
2674 smartlist_add(target_voter->sigs, document_signature_dup(sig));
2675 } else {
2676 log_info(LD_DIR, "Not adding signature from %s", voter_identity);
2677 }
2678 } SMARTLIST_FOREACH_END(sig);
2679
2680 return r;
2681}
2682
2683/** Return a newly allocated string containing all the signatures on
2684 * <b>consensus</b> by all voters. If <b>for_detached_signatures</b> is true,
2685 * then the signatures will be put in a detached signatures document, so
2686 * prefix any non-NS-flavored signatures with "additional-signature" rather
2687 * than "directory-signature". */
2688static char *
2690 int for_detached_signatures)
2691{
2692 smartlist_t *elements;
2693 char buf[4096];
2694 char *result = NULL;
2695 int n_sigs = 0;
2696 const consensus_flavor_t flavor = consensus->flavor;
2697 const char *flavor_name = networkstatus_get_flavor_name(flavor);
2698 const char *keyword;
2699
2700 if (for_detached_signatures && flavor != FLAV_NS)
2701 keyword = "additional-signature";
2702 else
2703 keyword = "directory-signature";
2704
2705 elements = smartlist_new();
2706
2709 char sk[HEX_DIGEST_LEN+1];
2710 char id[HEX_DIGEST_LEN+1];
2711 if (!sig->signature || sig->bad_signature)
2712 continue;
2713 ++n_sigs;
2714 base16_encode(sk, sizeof(sk), sig->signing_key_digest, DIGEST_LEN);
2715 base16_encode(id, sizeof(id), sig->identity_digest, DIGEST_LEN);
2716 if (flavor == FLAV_NS) {
2717 smartlist_add_asprintf(elements,
2718 "%s %s %s\n-----BEGIN SIGNATURE-----\n",
2719 keyword, id, sk);
2720 } else {
2721 const char *digest_name =
2723 smartlist_add_asprintf(elements,
2724 "%s%s%s %s %s %s\n-----BEGIN SIGNATURE-----\n",
2725 keyword,
2726 for_detached_signatures ? " " : "",
2727 for_detached_signatures ? flavor_name : "",
2728 digest_name, id, sk);
2729 }
2730 base64_encode(buf, sizeof(buf), sig->signature, sig->signature_len,
2731 BASE64_ENCODE_MULTILINE);
2732 strlcat(buf, "-----END SIGNATURE-----\n", sizeof(buf));
2733 smartlist_add_strdup(elements, buf);
2734 } SMARTLIST_FOREACH_END(sig);
2735 } SMARTLIST_FOREACH_END(v);
2736
2737 result = smartlist_join_strings(elements, "", 0, NULL);
2738 SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
2739 smartlist_free(elements);
2740 if (!n_sigs)
2741 tor_free(result);
2742 return result;
2743}
2744
2745/** Return a newly allocated string holding the detached-signatures document
2746 * corresponding to the signatures on <b>consensuses</b>, which must contain
2747 * exactly one FLAV_NS consensus, and no more than one consensus for each
2748 * other flavor. */
2749STATIC char *
2751{
2752 smartlist_t *elements;
2753 char *result = NULL, *sigs = NULL;
2754 networkstatus_t *consensus_ns = NULL;
2755 tor_assert(consensuses);
2756
2757 SMARTLIST_FOREACH(consensuses, networkstatus_t *, ns, {
2758 tor_assert(ns);
2759 tor_assert(ns->type == NS_TYPE_CONSENSUS);
2760 if (ns && ns->flavor == FLAV_NS)
2761 consensus_ns = ns;
2762 });
2763 if (!consensus_ns) {
2764 log_warn(LD_BUG, "No NS consensus given.");
2765 return NULL;
2766 }
2767
2768 elements = smartlist_new();
2769
2770 {
2771 char va_buf[ISO_TIME_LEN+1], fu_buf[ISO_TIME_LEN+1],
2772 vu_buf[ISO_TIME_LEN+1];
2773 char d[HEX_DIGEST_LEN+1];
2774
2775 base16_encode(d, sizeof(d),
2776 consensus_ns->digests.d[DIGEST_SHA1], DIGEST_LEN);
2777 format_iso_time(va_buf, consensus_ns->valid_after);
2778 format_iso_time(fu_buf, consensus_ns->fresh_until);
2779 format_iso_time(vu_buf, consensus_ns->valid_until);
2780
2781 smartlist_add_asprintf(elements,
2782 "consensus-digest %s\n"
2783 "valid-after %s\n"
2784 "fresh-until %s\n"
2785 "valid-until %s\n", d, va_buf, fu_buf, vu_buf);
2786 }
2787
2788 /* Get all the digests for the non-FLAV_NS consensuses */
2789 SMARTLIST_FOREACH_BEGIN(consensuses, networkstatus_t *, ns) {
2790 const char *flavor_name = networkstatus_get_flavor_name(ns->flavor);
2791 int alg;
2792 if (ns->flavor == FLAV_NS)
2793 continue;
2794
2795 /* start with SHA256; we don't include SHA1 for anything but the basic
2796 * consensus. */
2797 for (alg = DIGEST_SHA256; alg < N_COMMON_DIGEST_ALGORITHMS; ++alg) {
2798 char d[HEX_DIGEST256_LEN+1];
2799 const char *alg_name =
2801 if (fast_mem_is_zero(ns->digests.d[alg], DIGEST256_LEN))
2802 continue;
2803 base16_encode(d, sizeof(d), ns->digests.d[alg], DIGEST256_LEN);
2804 smartlist_add_asprintf(elements, "additional-digest %s %s %s\n",
2805 flavor_name, alg_name, d);
2806 }
2807 } SMARTLIST_FOREACH_END(ns);
2808
2809 /* Now get all the sigs for non-FLAV_NS consensuses */
2810 SMARTLIST_FOREACH_BEGIN(consensuses, networkstatus_t *, ns) {
2811 char *sigs_on_this_consensus;
2812 if (ns->flavor == FLAV_NS)
2813 continue;
2814 sigs_on_this_consensus = networkstatus_format_signatures(ns, 1);
2815 if (!sigs_on_this_consensus) {
2816 log_warn(LD_DIR, "Couldn't format signatures");
2817 goto err;
2818 }
2819 smartlist_add(elements, sigs_on_this_consensus);
2820 } SMARTLIST_FOREACH_END(ns);
2821
2822 /* Now add the FLAV_NS consensus signatrures. */
2823 sigs = networkstatus_format_signatures(consensus_ns, 1);
2824 if (!sigs)
2825 goto err;
2826 smartlist_add(elements, sigs);
2827
2828 result = smartlist_join_strings(elements, "", 0, NULL);
2829 err:
2830 SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
2831 smartlist_free(elements);
2832 return result;
2833}
2834
2835/** Return a newly allocated string holding a detached-signatures document for
2836 * all of the in-progress consensuses in the <b>n_flavors</b>-element array at
2837 * <b>pending</b>. */
2838static char *
2840 int n_flavors)
2841{
2842 int flav;
2843 char *signatures;
2845 for (flav = 0; flav < n_flavors; ++flav) {
2846 if (pending[flav].consensus)
2847 smartlist_add(c, pending[flav].consensus);
2848 }
2850 smartlist_free(c);
2851 return signatures;
2852}
2853
2854/**
2855 * Entry point: Take whatever voting actions are pending as of <b>now</b>.
2856 *
2857 * Return the time at which the next action should be taken.
2858 */
2859time_t
2860dirvote_act(const or_options_t *options, time_t now)
2861{
2862 if (!authdir_mode_v3(options))
2863 return TIME_MAX;
2864 tor_assert_nonfatal(voting_schedule.voting_starts);
2865 /* If we haven't initialized this object through this codeflow, we need to
2866 * recalculate the timings to match our vote. The reason to do that is if we
2867 * have a voting schedule initialized 1 minute ago, the voting timings might
2868 * not be aligned to what we should expect with "now". This is especially
2869 * true for TestingTorNetwork using smaller timings. */
2870 if (voting_schedule.created_on_demand) {
2871 char *keys = list_v3_auth_ids();
2873 log_notice(LD_DIR, "Scheduling voting. Known authority IDs are %s. "
2874 "Mine is %s.",
2876 tor_free(keys);
2878 }
2879
2880#define IF_TIME_FOR_NEXT_ACTION(when_field, done_field) \
2881 if (! voting_schedule.done_field) { \
2882 if (voting_schedule.when_field > now) { \
2883 return voting_schedule.when_field; \
2884 } else {
2885#define ENDIF \
2886 } \
2887 }
2888
2889 IF_TIME_FOR_NEXT_ACTION(voting_starts, have_voted) {
2890 log_notice(LD_DIR, "Time to vote.");
2892 voting_schedule.have_voted = 1;
2893 } ENDIF
2894 IF_TIME_FOR_NEXT_ACTION(fetch_missing_votes, have_fetched_missing_votes) {
2895 log_notice(LD_DIR, "Time to fetch any votes that we're missing.");
2897 voting_schedule.have_fetched_missing_votes = 1;
2898 } ENDIF
2899 IF_TIME_FOR_NEXT_ACTION(voting_ends, have_built_consensus) {
2900 log_notice(LD_DIR, "Time to compute a consensus.");
2902 /* XXXX We will want to try again later if we haven't got enough
2903 * votes yet. Implement this if it turns out to ever happen. */
2904 voting_schedule.have_built_consensus = 1;
2905 } ENDIF
2906 IF_TIME_FOR_NEXT_ACTION(fetch_missing_signatures,
2907 have_fetched_missing_signatures) {
2908 log_notice(LD_DIR, "Time to fetch any signatures that we're missing.");
2910 voting_schedule.have_fetched_missing_signatures = 1;
2911 } ENDIF
2912 IF_TIME_FOR_NEXT_ACTION(interval_starts,
2913 have_published_consensus) {
2914 log_notice(LD_DIR, "Time to publish the consensus and discard old votes");
2917 voting_schedule.have_published_consensus = 1;
2918 /* Update our shared random state with the consensus just published. */
2921 /* XXXX We will want to try again later if we haven't got enough
2922 * signatures yet. Implement this if it turns out to ever happen. */
2924 return voting_schedule.voting_starts;
2925 } ENDIF
2926
2928 return now + 1;
2929
2930#undef ENDIF
2931#undef IF_TIME_FOR_NEXT_ACTION
2932}
2933
2934/** A vote networkstatus_t and its unparsed body: held around so we can
2935 * use it to generate a consensus (at voting_ends) and so we can serve it to
2936 * other authorities that might want it. */
2937typedef struct pending_vote_t {
2938 cached_dir_t *vote_body;
2939 networkstatus_t *vote;
2941
2942/** List of pending_vote_t for the current vote. Before we've used them to
2943 * build a consensus, the votes go here. */
2945/** List of pending_vote_t for the previous vote. After we've used them to
2946 * build a consensus, the votes go here for the next period. */
2948
2949/* DOCDOC pending_consensuses */
2950static pending_consensus_t pending_consensuses[N_CONSENSUS_FLAVORS];
2951
2952/** The detached signatures for the consensus that we're currently
2953 * building. */
2955
2956/** List of ns_detached_signatures_t: hold signatures that get posted to us
2957 * before we have generated the consensus on our own. */
2959
2960/** Generate a networkstatus vote and post it to all the v3 authorities.
2961 * (V3 Authority only) */
2962static int
2964{
2967 networkstatus_t *ns;
2968 char *contents;
2969 pending_vote_t *pending_vote;
2970 time_t now = time(NULL);
2971
2972 int status;
2973 const char *msg = "";
2974
2975 if (!cert || !key) {
2976 log_warn(LD_NET, "Didn't find key/certificate to generate v3 vote");
2977 return -1;
2978 } else if (cert->expires < now) {
2979 log_warn(LD_NET, "Can't generate v3 vote with expired certificate");
2980 return -1;
2981 }
2982 if (!(ns = dirserv_generate_networkstatus_vote_obj(key, cert)))
2983 return -1;
2984
2985 contents = format_networkstatus_vote(key, ns);
2986 networkstatus_vote_free(ns);
2987 if (!contents)
2988 return -1;
2989
2990 pending_vote = dirvote_add_vote(contents, 0, "self", &msg, &status);
2991 tor_free(contents);
2992 if (!pending_vote) {
2993 log_warn(LD_DIR, "Couldn't store my own vote! (I told myself, '%s'.)",
2994 msg);
2995 return -1;
2996 }
2997
3000 V3_DIRINFO,
3001 pending_vote->vote_body->dir,
3002 pending_vote->vote_body->dir_len, 0);
3003 log_notice(LD_DIR, "Vote posted.");
3004 return 0;
3005}
3006
3007/** Send an HTTP request to every other v3 authority, for the votes of every
3008 * authority for which we haven't received a vote yet in this period. (V3
3009 * authority only) */
3010static void
3012{
3013 smartlist_t *missing_fps = smartlist_new();
3014 char *resource;
3015
3016 SMARTLIST_FOREACH_BEGIN(router_get_trusted_dir_servers(),
3017 dir_server_t *, ds) {
3018 if (!(ds->type & V3_DIRINFO))
3019 continue;
3020 if (!dirvote_get_vote(ds->v3_identity_digest,
3021 DGV_BY_ID|DGV_INCLUDE_PENDING)) {
3022 char *cp = tor_malloc(HEX_DIGEST_LEN+1);
3023 base16_encode(cp, HEX_DIGEST_LEN+1, ds->v3_identity_digest,
3024 DIGEST_LEN);
3025 smartlist_add(missing_fps, cp);
3026 }
3027 } SMARTLIST_FOREACH_END(ds);
3028
3029 if (!smartlist_len(missing_fps)) {
3030 smartlist_free(missing_fps);
3031 return;
3032 }
3033 {
3034 char *tmp = smartlist_join_strings(missing_fps, " ", 0, NULL);
3035 log_notice(LOG_NOTICE, "We're missing votes from %d authorities (%s). "
3036 "Asking every other authority for a copy.",
3037 smartlist_len(missing_fps), tmp);
3038 tor_free(tmp);
3039 }
3040 resource = smartlist_join_strings(missing_fps, "+", 0, NULL);
3042 0, resource);
3043 tor_free(resource);
3044 SMARTLIST_FOREACH(missing_fps, char *, cp, tor_free(cp));
3045 smartlist_free(missing_fps);
3046}
3047
3048/** Send a request to every other authority for its detached signatures,
3049 * unless we have signatures from all other v3 authorities already. */
3050static void
3052{
3053 int need_any = 0;
3054 int i;
3055 for (i=0; i < N_CONSENSUS_FLAVORS; ++i) {
3056 networkstatus_t *consensus = pending_consensuses[i].consensus;
3057 if (!consensus ||
3058 networkstatus_check_consensus_signature(consensus, -1) == 1) {
3059 /* We have no consensus, or we have one that's signed by everybody. */
3060 continue;
3061 }
3062 need_any = 1;
3063 }
3064 if (!need_any)
3065 return;
3066
3068 0, NULL);
3069}
3070
3071/** Release all storage held by pending consensuses (those waiting for
3072 * signatures). */
3073static void
3075{
3076 int i;
3077 for (i = 0; i < N_CONSENSUS_FLAVORS; ++i) {
3078 pending_consensus_t *pc = &pending_consensuses[i];
3079 tor_free(pc->body);
3080
3081 networkstatus_vote_free(pc->consensus);
3082 pc->consensus = NULL;
3083 }
3084}
3085
3086/** Drop all currently pending votes, consensus, and detached signatures. */
3087static void
3089{
3090 if (!previous_vote_list)
3092 if (!pending_vote_list)
3094
3095 /* All "previous" votes are now junk. */
3097 cached_dir_decref(v->vote_body);
3098 v->vote_body = NULL;
3099 networkstatus_vote_free(v->vote);
3100 tor_free(v);
3101 });
3103
3104 if (all_votes) {
3105 /* If we're dumping all the votes, we delete the pending ones. */
3107 cached_dir_decref(v->vote_body);
3108 v->vote_body = NULL;
3109 networkstatus_vote_free(v->vote);
3110 tor_free(v);
3111 });
3112 } else {
3113 /* Otherwise, we move them into "previous". */
3115 }
3117
3120 tor_free(cp));
3122 }
3125}
3126
3127/** Return a newly allocated string containing the hex-encoded v3 authority
3128 identity digest of every recognized v3 authority. */
3129static char *
3131{
3132 smartlist_t *known_v3_keys = smartlist_new();
3133 char *keys;
3134 SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
3135 dir_server_t *, ds,
3136 if ((ds->type & V3_DIRINFO) &&
3137 !tor_digest_is_zero(ds->v3_identity_digest))
3138 smartlist_add(known_v3_keys,
3139 tor_strdup(hex_str(ds->v3_identity_digest, DIGEST_LEN))));
3140 keys = smartlist_join_strings(known_v3_keys, ", ", 0, NULL);
3141 SMARTLIST_FOREACH(known_v3_keys, char *, cp, tor_free(cp));
3142 smartlist_free(known_v3_keys);
3143 return keys;
3144}
3145
3146/* Check the voter information <b>vi</b>, and assert that at least one
3147 * signature is good. Asserts on failure. */
3148static void
3149assert_any_sig_good(const networkstatus_voter_info_t *vi)
3150{
3151 int any_sig_good = 0;
3153 if (sig->good_signature)
3154 any_sig_good = 1);
3155 tor_assert(any_sig_good);
3156}
3157
3158/* Add <b>cert</b> to our list of known authority certificates. */
3159static void
3160add_new_cert_if_needed(const struct authority_cert_t *cert)
3161{
3162 tor_assert(cert);
3164 cert->signing_key_digest)) {
3165 /* Hey, it's a new cert! */
3168 TRUSTED_DIRS_CERTS_SRC_FROM_VOTE, 1 /*flush*/,
3169 NULL);
3171 cert->signing_key_digest)) {
3172 log_warn(LD_BUG, "We added a cert, but still couldn't find it.");
3173 }
3174 }
3175}
3176
3177/** Called when we have received a networkstatus vote in <b>vote_body</b>.
3178 * Parse and validate it, and on success store it as a pending vote (which we
3179 * then return). Return NULL on failure. Sets *<b>msg_out</b> and
3180 * *<b>status_out</b> to an HTTP response and status code. (V3 authority
3181 * only) */
3183dirvote_add_vote(const char *vote_body, time_t time_posted,
3184 const char *where_from,
3185 const char **msg_out, int *status_out)
3186{
3187 networkstatus_t *vote;
3189 dir_server_t *ds;
3190 pending_vote_t *pending_vote = NULL;
3191 const char *end_of_vote = NULL;
3192 int any_failed = 0;
3193 tor_assert(vote_body);
3194 tor_assert(msg_out);
3195 tor_assert(status_out);
3196
3197 if (!pending_vote_list)
3199 *status_out = 0;
3200 *msg_out = NULL;
3201
3202 again:
3203 vote = networkstatus_parse_vote_from_string(vote_body, strlen(vote_body),
3204 &end_of_vote,
3205 NS_TYPE_VOTE);
3206 if (!end_of_vote)
3207 end_of_vote = vote_body + strlen(vote_body);
3208 if (!vote) {
3209 log_warn(LD_DIR, "Couldn't parse vote: length was %d",
3210 (int)strlen(vote_body));
3211 *msg_out = "Unable to parse vote";
3212 goto err;
3213 }
3214 tor_assert(smartlist_len(vote->voters) == 1);
3215 vi = get_voter(vote);
3216 assert_any_sig_good(vi);
3218 if (!ds) {
3219 char *keys = list_v3_auth_ids();
3220 log_warn(LD_DIR, "Got a vote from an authority (nickname %s, address %s) "
3221 "with authority key ID %s. "
3222 "This key ID is not recognized. Known v3 key IDs are: %s",
3223 vi->nickname, vi->address,
3224 hex_str(vi->identity_digest, DIGEST_LEN), keys);
3225 tor_free(keys);
3226 *msg_out = "Vote not from a recognized v3 authority";
3227 goto err;
3228 }
3229 add_new_cert_if_needed(vote->cert);
3230
3231 /* Is it for the right period? */
3232 if (vote->valid_after != voting_schedule.interval_starts) {
3233 char tbuf1[ISO_TIME_LEN+1], tbuf2[ISO_TIME_LEN+1];
3234 format_iso_time(tbuf1, vote->valid_after);
3235 format_iso_time(tbuf2, voting_schedule.interval_starts);
3236 log_warn(LD_DIR, "Rejecting vote from %s with valid-after time of %s; "
3237 "we were expecting %s", vi->address, tbuf1, tbuf2);
3238 *msg_out = "Bad valid-after time";
3239 goto err;
3240 }
3241
3242 if (time_posted) { /* they sent it to me via a POST */
3243 log_notice(LD_DIR, "%s posted a vote to me from %s.",
3244 vi->nickname, where_from);
3245 } else { /* I imported this one myself */
3246 log_notice(LD_DIR, "Retrieved %s's vote from %s.",
3247 vi->nickname, where_from);
3248 }
3249
3250 /* Check if we received it, as a post, after the cutoff when we
3251 * start asking other dir auths for it. If we do, the best plan
3252 * is to discard it, because using it greatly increases the chances
3253 * of a split vote for this round (some dir auths got it in time,
3254 * some didn't). */
3255 if (time_posted && time_posted > voting_schedule.fetch_missing_votes) {
3256 char tbuf1[ISO_TIME_LEN+1], tbuf2[ISO_TIME_LEN+1];
3257 format_iso_time(tbuf1, time_posted);
3258 format_iso_time(tbuf2, voting_schedule.fetch_missing_votes);
3259 log_warn(LD_DIR, "Rejecting %s's posted vote from %s received at %s; "
3260 "our cutoff for received votes is %s. Check your clock, "
3261 "CPU load, and network load. Also check the authority that "
3262 "posted the vote.", vi->nickname, vi->address, tbuf1, tbuf2);
3263 *msg_out = "Posted vote received too late, would be dangerous to count it";
3264 goto err;
3265 }
3266
3267 /* Fetch any new router descriptors we just learned about */
3269
3270 /* Now see whether we already have a vote from this authority. */
3272 if (fast_memeq(v->vote->cert->cache_info.identity_digest,
3274 DIGEST_LEN)) {
3275 networkstatus_voter_info_t *vi_old = get_voter(v->vote);
3276 if (fast_memeq(vi_old->vote_digest, vi->vote_digest, DIGEST_LEN)) {
3277 /* Ah, it's the same vote. Not a problem. */
3278 log_notice(LD_DIR, "Discarding a vote we already have (from %s).",
3279 vi->address);
3280 if (*status_out < 200)
3281 *status_out = 200;
3282 goto discard;
3283 } else if (v->vote->published < vote->published) {
3284 log_notice(LD_DIR, "Replacing an older pending vote from this "
3285 "directory (%s)", vi->address);
3286 cached_dir_decref(v->vote_body);
3287 networkstatus_vote_free(v->vote);
3288 v->vote_body = new_cached_dir(tor_strndup(vote_body,
3289 end_of_vote-vote_body),
3290 vote->published);
3291 v->vote = vote;
3292 if (end_of_vote &&
3293 !strcmpstart(end_of_vote, "network-status-version"))
3294 goto again;
3295
3296 if (*status_out < 200)
3297 *status_out = 200;
3298 if (!*msg_out)
3299 *msg_out = "OK";
3300 return v;
3301 } else {
3302 log_notice(LD_DIR, "Discarding vote from %s because we have "
3303 "a newer one already.", vi->address);
3304 *msg_out = "Already have a newer pending vote";
3305 goto err;
3306 }
3307 }
3308 } SMARTLIST_FOREACH_END(v);
3309
3310 /* This a valid vote, update our shared random state. */
3311 sr_handle_received_commits(vote->sr_info.commits,
3312 vote->cert->identity_key);
3313
3314 pending_vote = tor_malloc_zero(sizeof(pending_vote_t));
3315 pending_vote->vote_body = new_cached_dir(tor_strndup(vote_body,
3316 end_of_vote-vote_body),
3317 vote->published);
3318 pending_vote->vote = vote;
3319 smartlist_add(pending_vote_list, pending_vote);
3320
3321 if (!strcmpstart(end_of_vote, "network-status-version ")) {
3322 vote_body = end_of_vote;
3323 goto again;
3324 }
3325
3326 goto done;
3327
3328 err:
3329 any_failed = 1;
3330 if (!*msg_out)
3331 *msg_out = "Error adding vote";
3332 if (*status_out < 400)
3333 *status_out = 400;
3334
3335 discard:
3336 networkstatus_vote_free(vote);
3337
3338 if (end_of_vote && !strcmpstart(end_of_vote, "network-status-version ")) {
3339 vote_body = end_of_vote;
3340 goto again;
3341 }
3342
3343 done:
3344
3345 if (*status_out < 200)
3346 *status_out = 200;
3347 if (!*msg_out) {
3348 if (!any_failed && !pending_vote) {
3349 *msg_out = "Duplicate discarded";
3350 } else {
3351 *msg_out = "ok";
3352 }
3353 }
3354
3355 return any_failed ? NULL : pending_vote;
3356}
3357
3358/* Write the votes in <b>pending_vote_list</b> to disk. */
3359static void
3360write_v3_votes_to_disk(const smartlist_t *pending_votes)
3361{
3362 smartlist_t *votestrings = smartlist_new();
3363 char *votefile = NULL;
3364
3365 SMARTLIST_FOREACH(pending_votes, pending_vote_t *, v,
3366 {
3367 sized_chunk_t *c = tor_malloc(sizeof(sized_chunk_t));
3368 c->bytes = v->vote_body->dir;
3369 c->len = v->vote_body->dir_len;
3370 smartlist_add(votestrings, c); /* collect strings to write to disk */
3371 });
3372
3373 votefile = get_datadir_fname("v3-status-votes");
3374 write_chunks_to_file(votefile, votestrings, 0, 0);
3375 log_debug(LD_DIR, "Wrote votes to disk (%s)!", votefile);
3376
3377 tor_free(votefile);
3378 SMARTLIST_FOREACH(votestrings, sized_chunk_t *, c, tor_free(c));
3379 smartlist_free(votestrings);
3380}
3381
3382/** Try to compute a v3 networkstatus consensus from the currently pending
3383 * votes. Return 0 on success, -1 on failure. Store the consensus in
3384 * pending_consensus: it won't be ready to be published until we have
3385 * everybody else's signatures collected too. (V3 Authority only) */
3386static int
3388{
3389 /* Have we got enough votes to try? */
3390 int n_votes, n_voters, n_vote_running = 0;
3391 smartlist_t *votes = NULL;
3392 char *consensus_body = NULL, *signatures = NULL;
3393 networkstatus_t *consensus = NULL;
3394 authority_cert_t *my_cert;
3396 int flav;
3397
3398 memset(pending, 0, sizeof(pending));
3399
3400 if (!pending_vote_list)
3402
3403 /* Write votes to disk */
3404 write_v3_votes_to_disk(pending_vote_list);
3405
3406 /* Setup votes smartlist */
3407 votes = smartlist_new();
3409 {
3410 smartlist_add(votes, v->vote); /* collect votes to compute consensus */
3411 });
3412
3413 /* See if consensus managed to achieve majority */
3414 n_voters = get_n_authorities(V3_DIRINFO);
3415 n_votes = smartlist_len(pending_vote_list);
3416 if (n_votes <= n_voters/2) {
3417 log_warn(LD_DIR, "We don't have enough votes to generate a consensus: "
3418 "%d of %d", n_votes, n_voters/2+1);
3419 goto err;
3420 }
3423 if (smartlist_contains_string(v->vote->known_flags, "Running"))
3424 n_vote_running++;
3425 });
3426 if (!n_vote_running) {
3427 /* See task 1066. */
3428 log_warn(LD_DIR, "Nobody has voted on the Running flag. Generating "
3429 "and publishing a consensus without Running nodes "
3430 "would make many clients stop working. Not "
3431 "generating a consensus!");
3432 goto err;
3433 }
3434
3435 if (!(my_cert = get_my_v3_authority_cert())) {
3436 log_warn(LD_DIR, "Can't generate consensus without a certificate.");
3437 goto err;
3438 }
3439
3440 {
3441 char legacy_dbuf[DIGEST_LEN];
3442 crypto_pk_t *legacy_sign=NULL;
3443 char *legacy_id_digest = NULL;
3444 int n_generated = 0;
3445 if (get_options()->V3AuthUseLegacyKey) {
3447 legacy_sign = get_my_v3_legacy_signing_key();
3448 if (cert) {
3449 if (crypto_pk_get_digest(cert->identity_key, legacy_dbuf)) {
3450 log_warn(LD_BUG,
3451 "Unable to compute digest of legacy v3 identity key");
3452 } else {
3453 legacy_id_digest = legacy_dbuf;
3454 }
3455 }
3456 }
3457
3458 for (flav = 0; flav < N_CONSENSUS_FLAVORS; ++flav) {
3459 const char *flavor_name = networkstatus_get_flavor_name(flav);
3460 consensus_body = networkstatus_compute_consensus(
3461 votes, n_voters,
3462 my_cert->identity_key,
3463 get_my_v3_authority_signing_key(), legacy_id_digest, legacy_sign,
3464 flav);
3465
3466 if (!consensus_body) {
3467 log_warn(LD_DIR, "Couldn't generate a %s consensus at all!",
3468 flavor_name);
3469 continue;
3470 }
3471 consensus = networkstatus_parse_vote_from_string(consensus_body,
3472 strlen(consensus_body),
3473 NULL,
3474 NS_TYPE_CONSENSUS);
3475 if (!consensus) {
3476 log_warn(LD_DIR, "Couldn't parse %s consensus we generated!",
3477 flavor_name);
3478 tor_free(consensus_body);
3479 continue;
3480 }
3481
3482 /* 'Check' our own signature, to mark it valid. */
3484
3485 pending[flav].body = consensus_body;
3486 pending[flav].consensus = consensus;
3487 n_generated++;
3488
3489 /* Write it out to disk too, for dir auth debugging purposes */
3490 {
3491 char *filename;
3492 tor_asprintf(&filename, "my-consensus-%s", flavor_name);
3493 write_str_to_file(get_datadir_fname(filename), consensus_body, 0);
3494 tor_free(filename);
3495 }
3496
3497 consensus_body = NULL;
3498 consensus = NULL;
3499 }
3500 if (!n_generated) {
3501 log_warn(LD_DIR, "Couldn't generate any consensus flavors at all.");
3502 goto err;
3503 }
3504 }
3505
3507 pending, N_CONSENSUS_FLAVORS);
3508
3509 if (!signatures) {
3510 log_warn(LD_DIR, "Couldn't extract signatures.");
3511 goto err;
3512 }
3513
3515 memcpy(pending_consensuses, pending, sizeof(pending));
3516
3518 pending_consensus_signatures = signatures;
3519
3521 int n_sigs = 0;
3522 /* we may have gotten signatures for this consensus before we built
3523 * it ourself. Add them now. */
3525 const char *msg = NULL;
3527 "pending", &msg);
3528 if (r >= 0)
3529 n_sigs += r;
3530 else
3531 log_warn(LD_DIR,
3532 "Could not add queued signature to new consensus: %s",
3533 msg);
3534 tor_free(sig);
3535 } SMARTLIST_FOREACH_END(sig);
3536 if (n_sigs)
3537 log_notice(LD_DIR, "Added %d pending signatures while building "
3538 "consensus.", n_sigs);
3540 }
3541
3542 log_notice(LD_DIR, "Consensus computed; uploading signature(s)");
3543
3546 V3_DIRINFO,
3548 strlen(pending_consensus_signatures), 0);
3549 log_notice(LD_DIR, "Signature(s) posted.");
3550
3551 smartlist_free(votes);
3552 return 0;
3553 err:
3554 smartlist_free(votes);
3555 tor_free(consensus_body);
3556 tor_free(signatures);
3557 networkstatus_vote_free(consensus);
3558
3559 return -1;
3560}
3561
3562/** Helper: we just got the <b>detached_signatures_body</b> sent to us as
3563 * signatures on the currently pending consensus. Add them to <b>pc</b>
3564 * as appropriate. Return the number of signatures added. (?) */
3565static int
3569 const char *source,
3570 int severity,
3571 const char **msg_out)
3572{
3573 const char *flavor_name;
3574 int r = -1;
3575
3576 /* Only call if we have a pending consensus right now. */
3577 tor_assert(pc->consensus);
3578 tor_assert(pc->body);
3580
3582 *msg_out = NULL;
3583
3584 {
3585 smartlist_t *sig_list = strmap_get(sigs->signatures, flavor_name);
3586 log_info(LD_DIR, "Have %d signatures for adding to %s consensus.",
3587 sig_list ? smartlist_len(sig_list) : 0, flavor_name);
3588 }
3590 source, severity, msg_out);
3591 if (r >= 0) {
3592 log_info(LD_DIR,"Added %d signatures to consensus.", r);
3593 } else {
3594 log_fn(LOG_PROTOCOL_WARN, LD_DIR,
3595 "Unable to add signatures to consensus: %s",
3596 *msg_out ? *msg_out : "(unknown)");
3597 }
3598
3599 if (r >= 1) {
3600 char *new_signatures =
3602 char *dst, *dst_end;
3603 size_t new_consensus_len;
3604 if (!new_signatures) {
3605 *msg_out = "No signatures to add";
3606 goto err;
3607 }
3608 new_consensus_len =
3609 strlen(pc->body) + strlen(new_signatures) + 1;
3610 pc->body = tor_realloc(pc->body, new_consensus_len);
3611 dst_end = pc->body + new_consensus_len;
3612 dst = (char *) find_str_at_start_of_line(pc->body, "directory-signature ");
3613 tor_assert(dst);
3614 strlcpy(dst, new_signatures, dst_end-dst);
3615
3616 /* We remove this block once it has failed to crash for a while. But
3617 * unless it shows up in profiles, we're probably better leaving it in,
3618 * just in case we break detached signature processing at some point. */
3619 {
3621 pc->body, strlen(pc->body), NULL,
3622 NS_TYPE_CONSENSUS);
3623 tor_assert(v);
3624 networkstatus_vote_free(v);
3625 }
3626 *msg_out = "Signatures added";
3627 tor_free(new_signatures);
3628 } else if (r == 0) {
3629 *msg_out = "Signatures ignored";
3630 } else {
3631 goto err;
3632 }
3633
3634 goto done;
3635 err:
3636 if (!*msg_out)
3637 *msg_out = "Unrecognized error while adding detached signatures.";
3638 done:
3639 return r;
3640}
3641
3642/** Helper: we just got the <b>detached_signatures_body</b> sent to us as
3643 * signatures on the currently pending consensus. Add them to the pending
3644 * consensus (if we have one).
3645 *
3646 * Set *<b>msg</b> to a string constant describing the status, regardless of
3647 * success or failure.
3648 *
3649 * Return negative on failure, nonnegative on success. */
3650static int
3652 const char *detached_signatures_body,
3653 const char *source,
3654 const char **msg_out)
3655{
3656 int r=0, i, n_added = 0, errors = 0;
3658 tor_assert(detached_signatures_body);
3659 tor_assert(msg_out);
3661
3663 detached_signatures_body, NULL))) {
3664 *msg_out = "Couldn't parse detached signatures.";
3665 goto err;
3666 }
3667
3668 for (i = 0; i < N_CONSENSUS_FLAVORS; ++i) {
3669 int res;
3670 int severity = i == FLAV_NS ? LOG_NOTICE : LOG_INFO;
3671 pending_consensus_t *pc = &pending_consensuses[i];
3672 if (!pc->consensus)
3673 continue;
3674 res = dirvote_add_signatures_to_pending_consensus(pc, sigs, source,
3675 severity, msg_out);
3676 if (res < 0)
3677 errors++;
3678 else
3679 n_added += res;
3680 }
3681
3682 if (errors && !n_added) {
3683 r = -1;
3684 goto err;
3685 }
3686
3687 if (n_added && pending_consensuses[FLAV_NS].consensus) {
3688 char *new_detached =
3690 pending_consensuses, N_CONSENSUS_FLAVORS);
3691 if (new_detached) {
3693 pending_consensus_signatures = new_detached;
3694 }
3695 }
3696
3697 r = n_added;
3698 goto done;
3699 err:
3700 if (!*msg_out)
3701 *msg_out = "Unrecognized error while adding detached signatures.";
3702 done:
3703 ns_detached_signatures_free(sigs);
3704 /* XXXX NM Check how return is used. We can now have an error *and*
3705 signatures added. */
3706 return r;
3707}
3708
3709/** Helper: we just got the <b>detached_signatures_body</b> sent to us as
3710 * signatures on the currently pending consensus. Add them to the pending
3711 * consensus (if we have one); otherwise queue them until we have a
3712 * consensus.
3713 *
3714 * Set *<b>msg</b> to a string constant describing the status, regardless of
3715 * success or failure.
3716 *
3717 * Return negative on failure, nonnegative on success. */
3718int
3719dirvote_add_signatures(const char *detached_signatures_body,
3720 const char *source,
3721 const char **msg)
3722{
3723 if (pending_consensuses[FLAV_NS].consensus) {
3724 log_notice(LD_DIR, "Got a signature from %s. "
3725 "Adding it to the pending consensus.", source);
3727 detached_signatures_body, source, msg);
3728 } else {
3729 log_notice(LD_DIR, "Got a signature from %s. "
3730 "Queuing it for the next consensus.", source);
3734 detached_signatures_body);
3735 *msg = "Signature queued";
3736 return 0;
3737 }
3738}
3739
3740/** Replace the consensus that we're currently serving with the one that we've
3741 * been building. (V3 Authority only) */
3742static int
3744{
3745 int i;
3746
3747 /* Now remember all the other consensuses as if we were a directory cache. */
3748 for (i = 0; i < N_CONSENSUS_FLAVORS; ++i) {
3749 pending_consensus_t *pending = &pending_consensuses[i];
3750 const char *name;
3753 if (!pending->consensus ||
3755 log_warn(LD_DIR, "Not enough info to publish pending %s consensus",name);
3756 continue;
3757 }
3758
3760 strlen(pending->body),
3761 name, 0, NULL))
3762 log_warn(LD_DIR, "Error publishing %s consensus", name);
3763 else
3764 log_notice(LD_DIR, "Published %s consensus", name);
3765 }
3766
3767 return 0;
3768}
3769
3770/** Release all static storage held in dirvote.c */
3771void
3773{
3775 /* now empty as a result of dirvote_clear_votes(). */
3776 smartlist_free(pending_vote_list);
3777 pending_vote_list = NULL;
3778 smartlist_free(previous_vote_list);
3779 previous_vote_list = NULL;
3780
3784 /* now empty as a result of dirvote_clear_votes(). */
3785 smartlist_free(pending_consensus_signature_list);
3787 }
3788}
3789
3790/* ====
3791 * Access to pending items.
3792 * ==== */
3793
3794/** Return the body of the consensus that we're currently trying to build. */
3795MOCK_IMPL(const char *,
3797{
3798 tor_assert(((int)flav) >= 0 && (int)flav < N_CONSENSUS_FLAVORS);
3799 return pending_consensuses[flav].body;
3800}
3801
3802/** Return the signatures that we know for the consensus that we're currently
3803 * trying to build. */
3804MOCK_IMPL(const char *,
3806{
3808}
3809
3810/** Return a given vote specified by <b>fp</b>. If <b>by_id</b>, return the
3811 * vote for the authority with the v3 authority identity key digest <b>fp</b>;
3812 * if <b>by_id</b> is false, return the vote whose digest is <b>fp</b>. If
3813 * <b>fp</b> is NULL, return our own vote. If <b>include_previous</b> is
3814 * false, do not consider any votes for a consensus that's already been built.
3815 * If <b>include_pending</b> is false, do not consider any votes for the
3816 * consensus that's in progress. May return NULL if we have no vote for the
3817 * authority in question. */
3818const cached_dir_t *
3819dirvote_get_vote(const char *fp, int flags)
3820{
3821 int by_id = flags & DGV_BY_ID;
3822 const int include_pending = flags & DGV_INCLUDE_PENDING;
3823 const int include_previous = flags & DGV_INCLUDE_PREVIOUS;
3824
3826 return NULL;
3827 if (fp == NULL) {
3829 if (c) {
3831 by_id = 1;
3832 } else
3833 return NULL;
3834 }
3835 if (by_id) {
3836 if (pending_vote_list && include_pending) {
3838 if (fast_memeq(get_voter(pv->vote)->identity_digest, fp, DIGEST_LEN))
3839 return pv->vote_body);
3840 }
3841 if (previous_vote_list && include_previous) {
3843 if (fast_memeq(get_voter(pv->vote)->identity_digest, fp, DIGEST_LEN))
3844 return pv->vote_body);
3845 }
3846 } else {
3847 if (pending_vote_list && include_pending) {
3849 if (fast_memeq(pv->vote->digests.d[DIGEST_SHA1], fp, DIGEST_LEN))
3850 return pv->vote_body);
3851 }
3852 if (previous_vote_list && include_previous) {
3854 if (fast_memeq(pv->vote->digests.d[DIGEST_SHA1], fp, DIGEST_LEN))
3855 return pv->vote_body);
3856 }
3857 }
3858 return NULL;
3859}
3860
3861/** Construct and return a new microdescriptor from a routerinfo <b>ri</b>
3862 * according to <b>consensus_method</b>.
3863 **/
3865dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method)
3866{
3867 (void) consensus_method; // Currently unneeded...
3868 microdesc_t *result = NULL;
3869 char *key = NULL, *summary = NULL, *family = NULL;
3870 size_t keylen;
3871 smartlist_t *chunks = smartlist_new();
3872 char *output = NULL;
3873 crypto_pk_t *rsa_pubkey = router_get_rsa_onion_pkey(ri->onion_pkey,
3874 ri->onion_pkey_len);
3875
3876 if (crypto_pk_write_public_key_to_string(rsa_pubkey, &key, &keylen)<0)
3877 goto done;
3878 summary = policy_summarize(ri->exit_policy, AF_INET);
3879 if (ri->declared_family)
3880 family = smartlist_join_strings(ri->declared_family, " ", 0, NULL);
3881
3882 smartlist_add_asprintf(chunks, "onion-key\n%s", key);
3883
3884 if (ri->onion_curve25519_pkey) {
3885 char kbuf[CURVE25519_BASE64_PADDED_LEN + 1];
3887 smartlist_add_asprintf(chunks, "ntor-onion-key %s\n", kbuf);
3888 }
3889
3890 if (family) {
3891 const uint8_t *id = (const uint8_t *)ri->cache_info.identity_digest;
3892 char *canonical_family = nodefamily_canonicalize(family, id, 0);
3893 smartlist_add_asprintf(chunks, "family %s\n", canonical_family);
3894 tor_free(canonical_family);
3895 }
3896
3897 if (summary && strcmp(summary, "reject 1-65535"))
3898 smartlist_add_asprintf(chunks, "p %s\n", summary);
3899
3900 if (ri->ipv6_exit_policy) {
3901 /* XXXX+++ This doesn't match proposal 208, which says these should
3902 * be taken unchanged from the routerinfo. That's bogosity, IMO:
3903 * the proposal should have said to do this instead.*/
3904 char *p6 = write_short_policy(ri->ipv6_exit_policy);
3905 if (p6 && strcmp(p6, "reject 1-65535"))
3906 smartlist_add_asprintf(chunks, "p6 %s\n", p6);
3907 tor_free(p6);
3908 }
3909
3910 {
3911 char idbuf[ED25519_BASE64_LEN+1];
3912 const char *keytype;
3913 if (ri->cache_info.signing_key_cert &&
3914 ri->cache_info.signing_key_cert->signing_key_included) {
3915 keytype = "ed25519";
3917 &ri->cache_info.signing_key_cert->signing_key);
3918 } else {
3919 keytype = "rsa1024";
3920 digest_to_base64(idbuf, ri->cache_info.identity_digest);
3921 }
3922 smartlist_add_asprintf(chunks, "id %s %s\n", keytype, idbuf);
3923 }
3924
3925 output = smartlist_join_strings(chunks, "", 0, NULL);
3926
3927 {
3929 output+strlen(output), 0,
3930 SAVED_NOWHERE, NULL);
3931 if (smartlist_len(lst) != 1) {
3932 log_warn(LD_DIR, "We generated a microdescriptor we couldn't parse.");
3933 SMARTLIST_FOREACH(lst, microdesc_t *, md, microdesc_free(md));
3934 smartlist_free(lst);
3935 goto done;
3936 }
3937 result = smartlist_get(lst, 0);
3938 smartlist_free(lst);
3939 }
3940
3941 done:
3942 crypto_pk_free(rsa_pubkey);
3943 tor_free(output);
3944 tor_free(key);
3945 tor_free(summary);
3946 tor_free(family);
3947 if (chunks) {
3948 SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
3949 smartlist_free(chunks);
3950 }
3951 return result;
3952}
3953
3954/** Format the appropriate vote line to describe the microdescriptor <b>md</b>
3955 * in a consensus vote document. Write it into the <b>out_len</b>-byte buffer
3956 * in <b>out</b>. Return -1 on failure and the number of characters written
3957 * on success. */
3958static ssize_t
3959dirvote_format_microdesc_vote_line(char *out_buf, size_t out_buf_len,
3960 const microdesc_t *md,
3961 int consensus_method_low,
3962 int consensus_method_high)
3963{
3964 ssize_t ret = -1;
3965 char d64[BASE64_DIGEST256_LEN+1];
3966 char *microdesc_consensus_methods =
3967 make_consensus_method_list(consensus_method_low,
3968 consensus_method_high,
3969 ",");
3970 tor_assert(microdesc_consensus_methods);
3971
3972 digest256_to_base64(d64, md->digest);
3973
3974 if (tor_snprintf(out_buf, out_buf_len, "m %s sha256=%s\n",
3975 microdesc_consensus_methods, d64)<0)
3976 goto out;
3977
3978 ret = strlen(out_buf);
3979
3980 out:
3981 tor_free(microdesc_consensus_methods);
3982 return ret;
3983}
3984
3985/** Array of start and end of consensus methods used for supported
3986 microdescriptor formats. */
3987static const struct consensus_method_range_t {
3988 int low;
3989 int high;
3990} microdesc_consensus_methods[] = {
3993 {-1, -1}
3994};
3995
3996/** Helper type used when generating the microdescriptor lines in a directory
3997 * vote. */
3999 int low;
4000 int high;
4001 microdesc_t *md;
4002 struct microdesc_vote_line_t *next;
4004
4005/** Generate and return a linked list of all the lines that should appear to
4006 * describe a router's microdescriptor versions in a directory vote.
4007 * Add the generated microdescriptors to <b>microdescriptors_out</b>. */
4010 smartlist_t *microdescriptors_out)
4011{
4012 const struct consensus_method_range_t *cmr;
4013 microdesc_vote_line_t *entries = NULL, *ep;
4014 vote_microdesc_hash_t *result = NULL;
4015
4016 /* Generate the microdescriptors. */
4017 for (cmr = microdesc_consensus_methods;
4018 cmr->low != -1 && cmr->high != -1;
4019 cmr++) {
4020 microdesc_t *md = dirvote_create_microdescriptor(ri, cmr->low);
4021 if (md) {
4023 tor_malloc_zero(sizeof(microdesc_vote_line_t));
4024 e->md = md;
4025 e->low = cmr->low;
4026 e->high = cmr->high;
4027 e->next = entries;
4028 entries = e;
4029 }
4030 }
4031
4032 /* Compress adjacent identical ones */
4033 for (ep = entries; ep; ep = ep->next) {
4034 while (ep->next &&
4035 fast_memeq(ep->md->digest, ep->next->md->digest, DIGEST256_LEN) &&
4036 ep->low == ep->next->high + 1) {
4037 microdesc_vote_line_t *next = ep->next;
4038 ep->low = next->low;
4039 microdesc_free(next->md);
4040 ep->next = next->next;
4041 tor_free(next);
4042 }
4043 }
4044
4045 /* Format them into vote_microdesc_hash_t, and add to microdescriptors_out.*/
4046 while ((ep = entries)) {
4047 char buf[128];
4049 if (dirvote_format_microdesc_vote_line(buf, sizeof(buf), ep->md,
4050 ep->low, ep->high) >= 0) {
4051 h = tor_malloc_zero(sizeof(vote_microdesc_hash_t));
4052 h->microdesc_hash_line = tor_strdup(buf);
4053 h->next = result;
4054 result = h;
4055 ep->md->last_listed = now;
4056 smartlist_add(microdescriptors_out, ep->md);
4057 }
4058 entries = ep->next;
4059 tor_free(ep);
4060 }
4061
4062 return result;
4063}
4064
4065/** Parse and extract all SR commits from <b>tokens</b> and place them in
4066 * <b>ns</b>. */
4067static void
4069{
4070 smartlist_t *chunks = NULL;
4071
4072 tor_assert(ns);
4073 tor_assert(tokens);
4074 /* Commits are only present in a vote. */
4075 tor_assert(ns->type == NS_TYPE_VOTE);
4076
4077 ns->sr_info.commits = smartlist_new();
4078
4079 smartlist_t *commits = find_all_by_keyword(tokens, K_COMMIT);
4080 /* It's normal that a vote might contain no commits even if it participates
4081 * in the SR protocol. Don't treat it as an error. */
4082 if (commits == NULL) {
4083 goto end;
4084 }
4085
4086 /* Parse the commit. We do NO validation of number of arguments or ordering
4087 * for forward compatibility, it's the parse commit job to inform us if it's
4088 * supported or not. */
4089 chunks = smartlist_new();
4091 /* Extract all arguments and put them in the chunks list. */
4092 for (int i = 0; i < tok->n_args; i++) {
4093 smartlist_add(chunks, tok->args[i]);
4094 }
4095 sr_commit_t *commit = sr_parse_commit(chunks);
4096 smartlist_clear(chunks);
4097 if (commit == NULL) {
4098 /* Get voter identity so we can warn that this dirauth vote contains
4099 * commit we can't parse. */
4100 networkstatus_voter_info_t *voter = smartlist_get(ns->voters, 0);
4101 tor_assert(voter);
4102 log_warn(LD_DIR, "SR: Unable to parse commit %s from vote of voter %s.",
4103 escaped(tok->object_body),
4104 hex_str(voter->identity_digest,
4105 sizeof(voter->identity_digest)));
4106 /* Commitment couldn't be parsed. Continue onto the next commit because
4107 * this one could be unsupported for instance. */
4108 continue;
4109 }
4110 /* Add newly created commit object to the vote. */
4111 smartlist_add(ns->sr_info.commits, commit);
4112 } SMARTLIST_FOREACH_END(tok);
4113
4114 end:
4115 smartlist_free(chunks);
4116 smartlist_free(commits);
4117}
4118
4119/* Using the given directory tokens in tokens, parse the shared random commits
4120 * and put them in the given vote document ns.
4121 *
4122 * This also sets the SR participation flag if present in the vote. */
4123void
4124dirvote_parse_sr_commits(networkstatus_t *ns, const smartlist_t *tokens)
4125{
4126 /* Does this authority participates in the SR protocol? */
4127 directory_token_t *tok = find_opt_by_keyword(tokens, K_SR_FLAG);
4128 if (tok) {
4129 ns->sr_info.participate = 1;
4130 /* Get the SR commitments and reveals from the vote. */
4132 }
4133}
4134
4135/* For the given vote, free the shared random commits if any. */
4136void
4137dirvote_clear_commits(networkstatus_t *ns)
4138{
4139 tor_assert(ns->type == NS_TYPE_VOTE);
4140
4141 if (ns->sr_info.commits) {
4142 SMARTLIST_FOREACH(ns->sr_info.commits, sr_commit_t *, c,
4143 sr_commit_free(c));
4144 smartlist_free(ns->sr_info.commits);
4145 }
4146}
4147
4148/* The given url is the /tor/status-vote GET directory request. Populates the
4149 * items list with strings that we can compress on the fly and dir_items with
4150 * cached_dir_t objects that have a precompressed deflated version. */
4151void
4152dirvote_dirreq_get_status_vote(const char *url, smartlist_t *items,
4153 smartlist_t *dir_items)
4154{
4155 int current;
4156
4157 url += strlen("/tor/status-vote/");
4158 current = !strcmpstart(url, "current/");
4159 url = strchr(url, '/');
4160 tor_assert(url);
4161 ++url;
4162 if (!strcmp(url, "consensus")) {
4163 const char *item;
4164 tor_assert(!current); /* we handle current consensus specially above,
4165 * since it wants to be spooled. */
4166 if ((item = dirvote_get_pending_consensus(FLAV_NS)))
4167 smartlist_add(items, (char*)item);
4168 } else if (!current && !strcmp(url, "consensus-signatures")) {
4169 /* XXXX the spec says that we should implement
4170 * current/consensus-signatures too. It doesn't seem to be needed,
4171 * though. */
4172 const char *item;
4174 smartlist_add(items, (char*)item);
4175 } else if (!strcmp(url, "authority")) {
4176 const cached_dir_t *d;
4177 int flags = DGV_BY_ID |
4178 (current ? DGV_INCLUDE_PREVIOUS : DGV_INCLUDE_PENDING);
4179 if ((d=dirvote_get_vote(NULL, flags)))
4180 smartlist_add(dir_items, (cached_dir_t*)d);
4181 } else {
4182 const cached_dir_t *d;
4183 smartlist_t *fps = smartlist_new();
4184 int flags;
4185 if (!strcmpstart(url, "d/")) {
4186 url += 2;
4187 flags = DGV_INCLUDE_PENDING | DGV_INCLUDE_PREVIOUS;
4188 } else {
4189 flags = DGV_BY_ID |
4190 (current ? DGV_INCLUDE_PREVIOUS : DGV_INCLUDE_PENDING);
4191 }
4193 DSR_HEX|DSR_SORT_UNIQ);
4194 SMARTLIST_FOREACH(fps, char *, fp, {
4195 if ((d = dirvote_get_vote(fp, flags)))
4196 smartlist_add(dir_items, (cached_dir_t*)d);
4197 tor_free(fp);
4198 });
4199 smartlist_free(fps);
4200 }
4201}
4202
4203/** Get the best estimate of a router's bandwidth for dirauth purposes,
4204 * preferring measured to advertised values if available. */
4206 (const routerinfo_t *ri))
4207{
4208 uint32_t bw_kb = 0;
4209 /*
4210 * Yeah, measured bandwidths in measured_bw_line_t are (implicitly
4211 * signed) longs and the ones router_get_advertised_bandwidth() returns
4212 * are uint32_t.
4213 */
4214 long mbw_kb = 0;
4215
4216 if (ri) {
4217 /*
4218 * * First try to see if we have a measured bandwidth; don't bother with
4219 * as_of_out here, on the theory that a stale measured bandwidth is still
4220 * better to trust than an advertised one.
4221 */
4223 &mbw_kb, NULL)) {
4224 /* Got one! */
4225 bw_kb = (uint32_t)mbw_kb;
4226 } else {
4227 /* If not, fall back to advertised */
4228 bw_kb = router_get_advertised_bandwidth(ri) / 1000;
4229 }
4230 }
4231
4232 return bw_kb;
4233}
4234
4235/**
4236 * Helper: compare the address of family `family` in `a` with the address in
4237 * `b`. The family must be one of `AF_INET` and `AF_INET6`.
4238 **/
4239static int
4241 const routerinfo_t *b,
4242 int family)
4243{
4244 const tor_addr_t *addr1 = (family==AF_INET) ? &a->ipv4_addr : &a->ipv6_addr;
4245 const tor_addr_t *addr2 = (family==AF_INET) ? &b->ipv4_addr : &b->ipv6_addr;
4246 return tor_addr_compare(addr1, addr2, CMP_EXACT);
4247}
4248
4249/** Helper for sorting: compares two ipv4 routerinfos first by ipv4 address,
4250 * and then by descending order of "usefulness"
4251 * (see compare_routerinfo_usefulness)
4252 **/
4253STATIC int
4254compare_routerinfo_by_ipv4(const void **a, const void **b)
4255{
4256 const routerinfo_t *first = *(const routerinfo_t **)a;
4257 const routerinfo_t *second = *(const routerinfo_t **)b;
4258 int comparison = compare_routerinfo_addrs_by_family(first, second, AF_INET);
4259 if (comparison == 0) {
4260 // If addresses are equal, use other comparison criteria
4261 return compare_routerinfo_usefulness(first, second);
4262 } else {
4263 return comparison;
4264 }
4265}
4266
4267/** Helper for sorting: compares two ipv6 routerinfos first by ipv6 address,
4268 * and then by descending order of "usefulness"
4269 * (see compare_routerinfo_usefulness)
4270 **/
4271STATIC int
4272compare_routerinfo_by_ipv6(const void **a, const void **b)
4273{
4274 const routerinfo_t *first = *(const routerinfo_t **)a;
4275 const routerinfo_t *second = *(const routerinfo_t **)b;
4276 int comparison = compare_routerinfo_addrs_by_family(first, second, AF_INET6);
4277 // If addresses are equal, use other comparison criteria
4278 if (comparison == 0)
4279 return compare_routerinfo_usefulness(first, second);
4280 else
4281 return comparison;
4282}
4283
4284/**
4285* Compare routerinfos by descending order of "usefulness" :
4286* An authority is more useful than a non-authority; a running router is
4287* more useful than a non-running router; and a router with more bandwidth
4288* is more useful than one with less.
4289**/
4290STATIC int
4292 const routerinfo_t *second)
4293{
4294 int first_is_auth, second_is_auth;
4295 const node_t *node_first, *node_second;
4296 int first_is_running, second_is_running;
4297 uint32_t bw_kb_first, bw_kb_second;
4298 /* Potentially, this next bit could cause k n lg n memeq calls. But in
4299 * reality, we will almost never get here, since addresses will usually be
4300 * different. */
4301 first_is_auth =
4302 router_digest_is_trusted_dir(first->cache_info.identity_digest);
4303 second_is_auth =
4304 router_digest_is_trusted_dir(second->cache_info.identity_digest);
4305
4306 if (first_is_auth && !second_is_auth)
4307 return -1;
4308 else if (!first_is_auth && second_is_auth)
4309 return 1;
4310
4311 node_first = node_get_by_id(first->cache_info.identity_digest);
4312 node_second = node_get_by_id(second->cache_info.identity_digest);
4313 first_is_running = node_first && node_first->is_running;
4314 second_is_running = node_second && node_second->is_running;
4315 if (first_is_running && !second_is_running)
4316 return -1;
4317 else if (!first_is_running && second_is_running)
4318 return 1;
4319
4320 bw_kb_first = dirserv_get_bandwidth_for_router_kb(first);
4321 bw_kb_second = dirserv_get_bandwidth_for_router_kb(second);
4322
4323 if (bw_kb_first > bw_kb_second)
4324 return -1;
4325 else if (bw_kb_first < bw_kb_second)
4326 return 1;
4327
4328 /* They're equal! Compare by identity digest, so there's a
4329 * deterministic order and we avoid flapping. */
4330 return fast_memcmp(first->cache_info.identity_digest,
4331 second->cache_info.identity_digest,
4332 DIGEST_LEN);
4333}
4334
4335/** Given a list of routerinfo_t in <b>routers</b> that all use the same
4336 * IP version, specified in <b>family</b>, return a new digestmap_t whose keys
4337 * are the identity digests of those routers that we're going to exclude for
4338 * Sybil-like appearance.
4339 */
4340STATIC digestmap_t *
4342{
4343 const dirauth_options_t *options = dirauth_get_options();
4344 digestmap_t *omit_as_sybil = digestmap_new();
4345 smartlist_t *routers_by_ip = smartlist_new();
4346 int addr_count = 0;
4347 routerinfo_t *last_ri = NULL;
4348 /* Allow at most this number of Tor servers on a single IP address, ... */
4349 int max_with_same_addr = options->AuthDirMaxServersPerAddr;
4350 if (max_with_same_addr <= 0)
4351 max_with_same_addr = INT_MAX;
4352
4353 smartlist_add_all(routers_by_ip, routers);
4354 if (family == AF_INET6)
4356 else
4358
4359 SMARTLIST_FOREACH_BEGIN(routers_by_ip, routerinfo_t *, ri) {
4360 bool addrs_equal;
4361 if (last_ri)
4362 addrs_equal = !compare_routerinfo_addrs_by_family(last_ri, ri, family);
4363 else
4364 addrs_equal = false;
4365
4366 if (! addrs_equal) {
4367 last_ri = ri;
4368 addr_count = 1;
4369 } else if (++addr_count > max_with_same_addr) {
4370 digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
4371 }
4372 } SMARTLIST_FOREACH_END(ri);
4373 smartlist_free(routers_by_ip);
4374 return omit_as_sybil;
4375}
4376
4377/** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
4378 * whose keys are the identity digests of those routers that we're going to
4379 * exclude for Sybil-like appearance. */
4380STATIC digestmap_t *
4382{
4383 smartlist_t *routers_ipv6, *routers_ipv4;
4384 routers_ipv6 = smartlist_new();
4385 routers_ipv4 = smartlist_new();
4386 digestmap_t *omit_as_sybil_ipv4;
4387 digestmap_t *omit_as_sybil_ipv6;
4388 digestmap_t *omit_as_sybil = digestmap_new();
4389 // Sort the routers in two lists depending on their IP version
4390 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
4391 // If the router has an IPv6 address
4392 if (tor_addr_family(&(ri->ipv6_addr)) == AF_INET6) {
4393 smartlist_add(routers_ipv6, ri);
4394 }
4395 // If the router has an IPv4 address
4396 if (tor_addr_family(&(ri->ipv4_addr)) == AF_INET) {
4397 smartlist_add(routers_ipv4, ri);
4398 }
4399 } SMARTLIST_FOREACH_END(ri);
4400 omit_as_sybil_ipv4 = get_sybil_list_by_ip_version(routers_ipv4, AF_INET);
4401 omit_as_sybil_ipv6 = get_sybil_list_by_ip_version(routers_ipv6, AF_INET6);
4402
4403 // Add all possible sybils to the common digestmap
4404 DIGESTMAP_FOREACH (omit_as_sybil_ipv4, sybil_id, routerinfo_t *, ri) {
4405 digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
4407 DIGESTMAP_FOREACH (omit_as_sybil_ipv6, sybil_id, routerinfo_t *, ri) {
4408 digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
4410 // Clean the temp variables
4411 smartlist_free(routers_ipv4);
4412 smartlist_free(routers_ipv6);
4413 digestmap_free(omit_as_sybil_ipv4, NULL);
4414 digestmap_free(omit_as_sybil_ipv6, NULL);
4415 // Return the digestmap: it now contains all the possible sybils
4416 return omit_as_sybil;
4417}
4418
4419/** Given a platform string as in a routerinfo_t (possibly null), return a
4420 * newly allocated version string for a networkstatus document, or NULL if the
4421 * platform doesn't give a Tor version. */
4422static char *
4423version_from_platform(const char *platform)
4424{
4425 if (platform && !strcmpstart(platform, "Tor ")) {
4426 const char *eos = find_whitespace(platform+4);
4427 if (eos && !strcmpstart(eos, " (r")) {
4428 /* XXXX Unify this logic with the other version extraction
4429 * logic in routerparse.c. */
4430 eos = find_whitespace(eos+1);
4431 }
4432 if (eos) {
4433 return tor_strndup(platform, eos-platform);
4434 }
4435 }
4436 return NULL;
4437}
4438
4439/** Given a (possibly empty) list of config_line_t, each line of which contains
4440 * a list of comma-separated version numbers surrounded by optional space,
4441 * allocate and return a new string containing the version numbers, in order,
4442 * separated by commas. Used to generate Recommended(Client|Server)?Versions
4443 */
4444char *
4446{
4447 smartlist_t *versions;
4448 char *result;
4449 versions = smartlist_new();
4450 for ( ; ln; ln = ln->next) {
4451 smartlist_split_string(versions, ln->value, ",",
4452 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
4453 }
4454
4455 /* Handle the case where a dirauth operator has accidentally made some
4456 * versions space-separated instead of comma-separated. */
4457 smartlist_t *more_versions = smartlist_new();
4458 SMARTLIST_FOREACH_BEGIN(versions, char *, v) {
4459 if (strchr(v, ' ')) {
4460 if (warn)
4461 log_warn(LD_DIRSERV, "Unexpected space in versions list member %s. "
4462 "(These are supposed to be comma-separated; I'll pretend you "
4463 "used commas instead.)", escaped(v));
4464 SMARTLIST_DEL_CURRENT(versions, v);
4465 smartlist_split_string(more_versions, v, NULL,
4466 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
4467 tor_free(v);
4468 }
4469 } SMARTLIST_FOREACH_END(v);
4470 smartlist_add_all(versions, more_versions);
4471 smartlist_free(more_versions);
4472
4473 /* Check to make sure everything looks like a version. */
4474 if (warn) {
4475 SMARTLIST_FOREACH_BEGIN(versions, const char *, v) {
4476 tor_version_t ver;
4477 if (tor_version_parse(v, &ver) < 0) {
4478 log_warn(LD_DIRSERV, "Recommended version %s does not look valid. "
4479 " (I'll include it anyway, since you told me to.)",
4480 escaped(v));
4481 }
4482 } SMARTLIST_FOREACH_END(v);
4483 }
4484
4485 sort_version_list(versions, 1);
4486 result = smartlist_join_strings(versions,",",0,NULL);
4487 SMARTLIST_FOREACH(versions,char *,s,tor_free(s));
4488 smartlist_free(versions);
4489 return result;
4490}
4491
4492/** If there are entries in <b>routers</b> with exactly the same ed25519 keys,
4493 * remove the older one. If they are exactly the same age, remove the one
4494 * with the greater descriptor digest. May alter the order of the list. */
4495static void
4497{
4498 routerinfo_t *ri2;
4499 digest256map_t *by_ed_key = digest256map_new();
4500
4501 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
4502 ri->omit_from_vote = 0;
4503 if (ri->cache_info.signing_key_cert == NULL)
4504 continue; /* No ed key */
4505 const uint8_t *pk = ri->cache_info.signing_key_cert->signing_key.pubkey;
4506 if ((ri2 = digest256map_get(by_ed_key, pk))) {
4507 /* Duplicate; must omit one. Set the omit_from_vote flag in whichever
4508 * one has the earlier published_on. */
4509 const time_t ri_pub = ri->cache_info.published_on;
4510 const time_t ri2_pub = ri2->cache_info.published_on;
4511 if (ri2_pub < ri_pub ||
4512 (ri2_pub == ri_pub &&
4513 fast_memcmp(ri->cache_info.signed_descriptor_digest,
4514 ri2->cache_info.signed_descriptor_digest,DIGEST_LEN)<0)) {
4515 digest256map_set(by_ed_key, pk, ri);
4516 ri2->omit_from_vote = 1;
4517 } else {
4518 ri->omit_from_vote = 1;
4519 }
4520 } else {
4521 /* Add to map */
4522 digest256map_set(by_ed_key, pk, ri);
4523 }
4524 } SMARTLIST_FOREACH_END(ri);
4525
4526 digest256map_free(by_ed_key, NULL);
4527
4528 /* Now remove every router where the omit_from_vote flag got set. */
4529 SMARTLIST_FOREACH_BEGIN(routers, const routerinfo_t *, ri) {
4530 if (ri->omit_from_vote) {
4531 SMARTLIST_DEL_CURRENT(routers, ri);
4532 }
4533 } SMARTLIST_FOREACH_END(ri);
4534}
4535
4536/** Routerstatus <b>rs</b> is part of a group of routers that are on too
4537 * narrow an IP-space. Clear out its flags since we don't want it be used
4538 * because of its Sybil-like appearance.
4539 *
4540 * Leave its BadExit flag alone though, since if we think it's a bad exit,
4541 * we want to vote that way in case all the other authorities are voting
4542 * Running and Exit.
4543 *
4544 * Also set the Sybil flag in order to let a relay operator know that's
4545 * why their relay hasn't been voted on.
4546 */
4547static void
4549{
4550 rs->is_authority = rs->is_exit = rs->is_stable = rs->is_fast =
4551 rs->is_flagged_running = rs->is_named = rs->is_valid =
4552 rs->is_hs_dir = rs->is_v2_dir = rs->is_possible_guard = 0;
4553 rs->is_sybil = 1;
4554 /* FFFF we might want some mechanism to check later on if we
4555 * missed zeroing any flags: it's easy to add a new flag but
4556 * forget to add it to this clause. */
4557}
4558
4559/** Space-separated list of all the flags that we will always vote on. */
4561 "Authority "
4562 "Exit "
4563 "Fast "
4564 "Guard "
4565 "HSDir "
4566 "Stable "
4567 "StaleDesc "
4568 "Sybil "
4569 "V2Dir "
4570 "Valid";
4571/** Space-separated list of all flags that we may or may not vote on,
4572 * depending on our configuration. */
4574 "BadExit "
4575 "MiddleOnly "
4576 "Running";
4577
4578/** Return a new networkstatus_t* containing our current opinion. (For v3
4579 * authorities) */
4582 authority_cert_t *cert)
4583{
4584 const or_options_t *options = get_options();
4585 const dirauth_options_t *d_options = dirauth_get_options();
4586 networkstatus_t *v3_out = NULL;
4587 tor_addr_t addr;
4588 char *hostname = NULL, *client_versions = NULL, *server_versions = NULL;
4589 const char *contact;
4590 smartlist_t *routers, *routerstatuses;
4591 char identity_digest[DIGEST_LEN];
4592 char signing_key_digest[DIGEST_LEN];
4593 const int list_bad_exits = d_options->AuthDirListBadExits;
4594 const int list_middle_only = d_options->AuthDirListMiddleOnly;
4596 time_t now = time(NULL);
4597 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
4598 networkstatus_voter_info_t *voter = NULL;
4599 vote_timing_t timing;
4600 const int vote_on_reachability = running_long_enough_to_decide_unreachable();
4601 smartlist_t *microdescriptors = NULL;
4602 smartlist_t *bw_file_headers = NULL;
4603 uint8_t bw_file_digest256[DIGEST256_LEN] = {0};
4604
4605 tor_assert(private_key);
4606 tor_assert(cert);
4607
4608 if (crypto_pk_get_digest(private_key, signing_key_digest)<0) {
4609 log_err(LD_BUG, "Error computing signing key digest");
4610 return NULL;
4611 }
4612 if (crypto_pk_get_digest(cert->identity_key, identity_digest)<0) {
4613 log_err(LD_BUG, "Error computing identity key digest");
4614 return NULL;
4615 }
4616 if (!find_my_address(options, AF_INET, LOG_WARN, &addr, NULL, &hostname)) {
4617 log_warn(LD_NET, "Couldn't resolve my hostname");
4618 return NULL;
4619 }
4620 if (!hostname || !strchr(hostname, '.')) {
4621 tor_free(hostname);
4622 hostname = tor_addr_to_str_dup(&addr);
4623 }
4624
4625 if (!hostname) {
4626 log_err(LD_BUG, "Failed to determine hostname AND duplicate address");
4627 return NULL;
4628 }
4629
4630 if (d_options->VersioningAuthoritativeDirectory) {
4631 client_versions =
4633 server_versions =
4635 }
4636
4637 contact = get_options()->ContactInfo;
4638 if (!contact)
4639 contact = "(none)";
4640
4641 /*
4642 * Do this so dirserv_compute_performance_thresholds() and
4643 * set_routerstatus_from_routerinfo() see up-to-date bandwidth info.
4644 */
4645 if (options->V3BandwidthsFile) {
4647 NULL);
4648 } else {
4649 /*
4650 * No bandwidths file; clear the measured bandwidth cache in case we had
4651 * one last time around.
4652 */
4655 }
4656 }
4657
4658 /* precompute this part, since we need it to decide what "stable"
4659 * means. */
4661 dirserv_set_router_is_running(ri, now);
4662 });
4663
4664 routers = smartlist_new();
4665 smartlist_add_all(routers, rl->routers);
4667 /* After this point, don't use rl->routers; use 'routers' instead. */
4668 routers_sort_by_identity(routers);
4669 /* Get a digestmap of possible sybil routers, IPv4 or IPv6 */
4670 digestmap_t *omit_as_sybil = get_all_possible_sybil(routers);
4671 DIGESTMAP_FOREACH (omit_as_sybil, sybil_id, void *, ignore) {
4672 (void)ignore;
4673 rep_hist_make_router_pessimal(sybil_id, now);
4675 /* Count how many have measured bandwidths so we know how to assign flags;
4676 * this must come before dirserv_compute_performance_thresholds() */
4679 routerstatuses = smartlist_new();
4680 microdescriptors = smartlist_new();
4681
4682 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
4683 /* If it has a protover list and contains a protocol name greater than
4684 * MAX_PROTOCOL_NAME_LENGTH, skip it. */
4685 if (ri->protocol_list &&
4686 protover_list_is_invalid(ri->protocol_list)) {
4687 continue;
4688 }
4689 if (ri->cache_info.published_on >= cutoff) {
4690 routerstatus_t *rs;
4692 node_t *node = node_get_mutable_by_id(ri->cache_info.identity_digest);
4693 if (!node)
4694 continue;
4695
4696 vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
4697 rs = &vrs->status;
4699 list_bad_exits,
4700 list_middle_only);
4701 vrs->published_on = ri->cache_info.published_on;
4702
4703 if (ri->cache_info.signing_key_cert) {
4704 memcpy(vrs->ed25519_id,
4705 ri->cache_info.signing_key_cert->signing_key.pubkey,
4707 }
4708 if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
4710
4711 if (!vote_on_reachability)
4712 rs->is_flagged_running = 0;
4713
4714 vrs->version = version_from_platform(ri->platform);
4715 if (ri->protocol_list) {
4716 vrs->protocols = tor_strdup(ri->protocol_list);
4717 } else {
4718 vrs->protocols = tor_strdup(
4720 }
4722 microdescriptors);
4723
4724 smartlist_add(routerstatuses, vrs);
4725 }
4726 } SMARTLIST_FOREACH_END(ri);
4727
4728 {
4729 smartlist_t *added =
4731 microdescriptors, SAVED_NOWHERE, 0);
4732 smartlist_free(added);
4733 smartlist_free(microdescriptors);
4734 }
4735
4736 smartlist_free(routers);
4737 digestmap_free(omit_as_sybil, NULL);
4738
4739 /* Apply guardfraction information to routerstatuses. */
4740 if (options->GuardfractionFile) {
4742 routerstatuses);
4743 }
4744
4745 /* This pass through applies the measured bw lines to the routerstatuses */
4746 if (options->V3BandwidthsFile) {
4747 /* Only set bw_file_headers when V3BandwidthsFile is configured */
4748 bw_file_headers = smartlist_new();
4750 routerstatuses, bw_file_headers,
4751 bw_file_digest256);
4752 } else {
4753 /*
4754 * No bandwidths file; clear the measured bandwidth cache in case we had
4755 * one last time around.
4756 */
4759 }
4760 }
4761
4762 v3_out = tor_malloc_zero(sizeof(networkstatus_t));
4763
4764 v3_out->type = NS_TYPE_VOTE;
4766 v3_out->published = now;
4767 {
4768 char tbuf[ISO_TIME_LEN+1];
4769 networkstatus_t *current_consensus =
4771 long last_consensus_interval; /* only used to pick a valid_after */
4772 if (current_consensus)
4773 last_consensus_interval = current_consensus->fresh_until -
4774 current_consensus->valid_after;
4775 else
4776 last_consensus_interval = options->TestingV3AuthInitialVotingInterval;
4777 v3_out->valid_after =
4779 (int)last_consensus_interval,
4781 format_iso_time(tbuf, v3_out->valid_after);
4782 log_notice(LD_DIR,"Choosing valid-after time in vote as %s: "
4783 "consensus_set=%d, last_interval=%d",
4784 tbuf, current_consensus?1:0, (int)last_consensus_interval);
4785 }
4786 v3_out->fresh_until = v3_out->valid_after + timing.vote_interval;
4787 v3_out->valid_until = v3_out->valid_after +
4788 (timing.vote_interval * timing.n_intervals_valid);
4789 v3_out->vote_seconds = timing.vote_delay;
4790 v3_out->dist_seconds = timing.dist_delay;
4791 tor_assert(v3_out->vote_seconds > 0);
4792 tor_assert(v3_out->dist_seconds > 0);
4793 tor_assert(timing.n_intervals_valid > 0);
4794
4795 v3_out->client_versions = client_versions;
4796 v3_out->server_versions = server_versions;
4797
4800 v3_out->recommended_client_protocols =
4802 v3_out->required_client_protocols =
4804 v3_out->required_relay_protocols =
4806
4807 /* We are not allowed to vote to require anything we don't have. */
4808 tor_assert(protover_all_supported(v3_out->required_relay_protocols, NULL));
4809 tor_assert(protover_all_supported(v3_out->required_client_protocols, NULL));
4810
4811 /* We should not recommend anything we don't have. */
4812 tor_assert_nonfatal(protover_all_supported(
4813 v3_out->recommended_relay_protocols, NULL));
4814 tor_assert_nonfatal(protover_all_supported(
4815 v3_out->recommended_client_protocols, NULL));
4816
4817 v3_out->known_flags = smartlist_new();
4820 0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
4821 if (vote_on_reachability)
4822 smartlist_add_strdup(v3_out->known_flags, "Running");
4823 if (list_bad_exits)
4824 smartlist_add_strdup(v3_out->known_flags, "BadExit");
4825 if (list_middle_only)
4826 smartlist_add_strdup(v3_out->known_flags, "MiddleOnly");
4828
4829 if (d_options->ConsensusParams) {
4830 config_line_t *paramline = d_options->ConsensusParams;
4831 v3_out->net_params = smartlist_new();
4832 for ( ; paramline; paramline = paramline->next) {
4834 paramline->value, NULL, 0, 0);
4835 }
4836
4837 /* for transparency and visibility, include our current value of
4838 * AuthDirMaxServersPerAddr in our consensus params. Once enough dir
4839 * auths do this, external tools should be able to use that value to
4840 * help understand which relays are allowed into the consensus. */
4841 smartlist_add_asprintf(v3_out->net_params, "AuthDirMaxServersPerAddr=%d",
4842 d_options->AuthDirMaxServersPerAddr);
4843
4845 }
4846 v3_out->bw_file_headers = bw_file_headers;
4847 memcpy(v3_out->bw_file_digest256, bw_file_digest256, DIGEST256_LEN);
4848
4849 voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
4850 voter->nickname = tor_strdup(options->Nickname);
4851 memcpy(voter->identity_digest, identity_digest, DIGEST_LEN);
4852 voter->sigs = smartlist_new();
4853 voter->address = hostname;
4854 tor_addr_copy(&voter->ipv4_addr, &addr);
4855 voter->ipv4_dirport = routerconf_find_dir_port(options, 0);
4856 voter->ipv4_orport = routerconf_find_or_port(options, AF_INET);
4857 voter->contact = tor_strdup(contact);
4858 if (options->V3AuthUseLegacyKey) {
4860 if (c) {
4862 log_warn(LD_BUG, "Unable to compute digest of legacy v3 identity key");
4863 memset(voter->legacy_id_digest, 0, DIGEST_LEN);
4864 }
4865 }
4866 }
4867
4868 v3_out->voters = smartlist_new();
4869 smartlist_add(v3_out->voters, voter);
4870 v3_out->cert = authority_cert_dup(cert);
4871 v3_out->routerstatus_list = routerstatuses;
4872 /* Note: networkstatus_digest is unset; it won't get set until we actually
4873 * format the vote. */
4874
4875 return v3_out;
4876}
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:933
tor_addr_port_t * tor_addr_port_new(const tor_addr_t *addr, uint16_t port)
Definition: address.c:2100
int tor_addr_compare(const tor_addr_t *addr1, const tor_addr_t *addr2, tor_addr_comparison_t how)
Definition: address.c:984
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:780
char * tor_addr_to_str_dup(const tor_addr_t *addr)
Definition: address.c:1164
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
Definition: address.c:1199
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:187
#define fmt_addr(a)
Definition: address.h:239
int trusted_dirs_load_certs_from_string(const char *contents, int source, int flush, const char *source_dir)
Definition: authcert.c:373
authority_cert_t * authority_cert_get_by_digests(const char *id_digest, const char *sk_digest)
Definition: authcert.c:648
Header file for authcert.c.
Header file for directory authority mode.
Authority certificate structure.
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen, int flags)
Definition: binascii.c:215
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:478
int dirserv_get_measured_bw_cache_size(void)
Definition: bwauth.c:166
int dirserv_read_measured_bandwidths(const char *from_file, smartlist_t *routerstatuses, smartlist_t *bw_file_headers, uint8_t *digest_out)
Definition: bwauth.c:232
void dirserv_count_measured_bws(const smartlist_t *routers)
Definition: bwauth.c:39
int dirserv_query_measured_bw_cache_kb(const char *node_id, long *bw_kb_out, time_t *as_of_out)
Definition: bwauth.c:138
void dirserv_clear_measured_bw_cache(void)
Definition: bwauth.c:103
Header file for bwauth.c.
#define MAX_BW_FILE_HEADER_COUNT_IN_VOTE
Definition: bwauth.h:16
Cached large directory object structure.
#define MAX(a, b)
Definition: cmp.h:22
const char * name
Definition: config.c:2462
const or_options_t * get_options(void)
Definition: config.c:944
Header file for config.c.
Header for confline.c.
void curve25519_public_to_base64(char *output, const curve25519_public_key_t *pkey, bool pad)
const char * crypto_digest_algorithm_get_name(digest_algorithm_t alg)
Definition: crypto_digest.c:44
#define BASE64_DIGEST256_LEN
Definition: crypto_digest.h:29
#define HEX_DIGEST256_LEN
Definition: crypto_digest.h:37
digest_algorithm_t
Definition: crypto_digest.h:44
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
#define N_COMMON_DIGEST_ALGORITHMS
Definition: crypto_digest.h:58
void digest256_to_base64(char *d64, const char *digest)
void ed25519_public_to_base64(char *output, const ed25519_public_key_t *pkey)
int digest256_from_base64(char *digest, const char *d64)
void digest_to_base64(char *d64, const char *digest)
Header for crypto_format.c.
int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out, int add_space)
Definition: crypto_rsa.c:229
int crypto_pk_write_public_key_to_string(crypto_pk_t *env, char **dest, size_t *len)
Definition: crypto_rsa.c:466
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
Definition: crypto_rsa.c:356
crypto_pk_t * crypto_pk_dup_key(crypto_pk_t *orig)
#define FINGERPRINT_LEN
Definition: crypto_rsa.h:34
#define fast_memeq(a, b, c)
Definition: di_ops.h:35
#define fast_memcmp(a, b, c)
Definition: di_ops.h:28
#define DIGEST_LEN
Definition: digest_sizes.h:20
#define DIGEST256_LEN
Definition: digest_sizes.h:23
Trusted/fallback directory server structure.
Structure dirauth_options_t to hold directory authority options.
Header for dirauth_sys.c.
void directory_get_from_all_authorities(uint8_t dir_purpose, uint8_t router_purpose, const char *resource)
Definition: dirclient.c:585
void directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose, dirinfo_type_t type, const char *payload, size_t payload_len, size_t extrainfo_len)
Definition: dirclient.c:229
Header file for dirclient.c.
int dircollator_n_routers(dircollator_t *dc)
Definition: dircollate.c:305
dircollator_t * dircollator_new(int n_votes, int n_authorities)
Definition: dircollate.c:149
void dircollator_collate(dircollator_t *dc, int consensus_method)
Definition: dircollate.c:211
void dircollator_add_vote(dircollator_t *dc, networkstatus_t *v)
Definition: dircollate.c:194
vote_routerstatus_t ** dircollator_get_votes_for_router(dircollator_t *dc, int idx)
Definition: dircollate.c:320
Header file for dircollate.c.
int dir_split_resource_into_fingerprints(const char *resource, smartlist_t *fp_out, int *compressed_out, int flags)
Definition: directory.c:640
Header file for directory.c.
#define DIR_PURPOSE_UPLOAD_VOTE
Definition: directory.h:43
#define DIR_PURPOSE_FETCH_DETACHED_SIGNATURES
Definition: directory.h:51
#define DIR_PURPOSE_UPLOAD_SIGNATURES
Definition: directory.h:45
#define DIR_PURPOSE_FETCH_STATUS_VOTE
Definition: directory.h:48
int get_n_authorities(dirinfo_type_t type)
Definition: dirlist.c:103
dir_server_t * trusteddirserver_get_by_v3_auth_digest(const char *digest)
Definition: dirlist.c:215
Header file for dirlist.c.
void cached_dir_decref(cached_dir_t *d)
Definition: dirserv.c:124
cached_dir_t * new_cached_dir(char *s, time_t published)
Definition: dirserv.c:135
Header file for dirserv.c.
static char * networkstatus_format_signatures(networkstatus_t *consensus, int for_detached_signatures)
Definition: dirvote.c:2689
STATIC microdesc_t * dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method)
Definition: dirvote.c:3865
static int dirvote_add_signatures_to_all_pending_consensuses(const char *detached_signatures_body, const char *source, const char **msg_out)
Definition: dirvote.c:3651
static void dirvote_fetch_missing_signatures(void)
Definition: dirvote.c:3051
static void dirvote_clear_pending_consensuses(void)
Definition: dirvote.c:3074
STATIC int compare_routerinfo_usefulness(const routerinfo_t *first, const routerinfo_t *second)
Definition: dirvote.c:4291
static int cmp_int_strings_(const void **_a, const void **_b)
Definition: dirvote.c:774
networkstatus_t * dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, authority_cert_t *cert)
Definition: dirvote.c:4581
pending_vote_t * dirvote_add_vote(const char *vote_body, time_t time_posted, const char *where_from, const char **msg_out, int *status_out)
Definition: dirvote.c:3183
static int consensus_method_is_supported(int method)
Definition: dirvote.c:828
static vote_routerstatus_t * compute_routerstatus_consensus(smartlist_t *votes, int consensus_method, char *microdesc_digest256_out, tor_addr_port_t *best_alt_orport_out)
Definition: dirvote.c:677
char * format_recommended_version_list(const config_line_t *ln, int warn)
Definition: dirvote.c:4445
static void get_frequent_members(smartlist_t *out, smartlist_t *in, int min)
Definition: dirvote.c:578
static bw_weights_error_t networkstatus_check_weights(int64_t Wgg, int64_t Wgd, int64_t Wmg, int64_t Wme, int64_t Wmd, int64_t Wee, int64_t Wed, int64_t scale, int64_t G, int64_t M, int64_t E, int64_t D, int64_t T, int64_t margin, int do_balance)
Definition: dirvote.c:1029
static void remove_flag(smartlist_t *sl, const char *flag)
Definition: dirvote.c:1488
static int compare_routerinfo_addrs_by_family(const routerinfo_t *a, const routerinfo_t *b, int family)
Definition: dirvote.c:4240
STATIC authority_cert_t * authority_cert_dup(authority_cert_t *cert)
Definition: dirvote.c:146
STATIC int compare_routerinfo_by_ipv6(const void **a, const void **b)
Definition: dirvote.c:4272
static int dirvote_perform_vote(void)
Definition: dirvote.c:2963
STATIC char * make_consensus_method_list(int low, int high, const char *separator)
Definition: dirvote.c:837
static int compare_orports_(const void **_a, const void **_b)
Definition: dirvote.c:658
STATIC digestmap_t * get_all_possible_sybil(const smartlist_t *routers)
Definition: dirvote.c:4381
static char * format_protocols_lines_for_vote(const networkstatus_t *v3_ns)
Definition: dirvote.c:184
static void extract_shared_random_commits(networkstatus_t *ns, const smartlist_t *tokens)
Definition: dirvote.c:4068
time_t dirvote_act(const or_options_t *options, time_t now)
Definition: dirvote.c:2860
const cached_dir_t * dirvote_get_vote(const char *fp, int flags)
Definition: dirvote.c:3819
static void dirvote_clear_votes(int all_votes)
Definition: dirvote.c:3088
static char * compute_nth_protocol_set(int n, int n_voters, const smartlist_t *votes)
Definition: dirvote.c:1440
static char * pending_consensus_signatures
Definition: dirvote.c:2954
STATIC char * format_networkstatus_vote(crypto_pk_t *private_signing_key, networkstatus_t *v3_ns)
Definition: dirvote.c:223
STATIC int32_t dirvote_get_intermediate_param_value(const smartlist_t *param_list, const char *keyword, int32_t default_val)
Definition: dirvote.c:886
const char * dirvote_get_pending_consensus(consensus_flavor_t flav)
Definition: dirvote.c:3796
static int dirvote_publish_consensus(void)
Definition: dirvote.c:3743
static const char * get_nth_protocol_set_vote(int n, const networkstatus_t *vote)
Definition: dirvote.c:1422
void dirvote_free_all(void)
Definition: dirvote.c:3772
static int compare_votes_by_authority_id_(const void **_a, const void **_b)
Definition: dirvote.c:552
STATIC smartlist_t * dirvote_compute_params(smartlist_t *votes, int method, int total_authorities)
Definition: dirvote.c:922
static char * version_from_platform(const char *platform)
Definition: dirvote.c:4423
static int vote_routerstatus_find_microdesc_hash(char *digest256_out, const vote_routerstatus_t *vrs, int method, digest_algorithm_t alg)
Definition: dirvote.c:485
static int compare_vote_rs_(const void **_a, const void **_b)
Definition: dirvote.c:650
int dirvote_add_signatures(const char *detached_signatures_body, const char *source, const char **msg)
Definition: dirvote.c:3719
static void dirvote_fetch_missing_votes(void)
Definition: dirvote.c:3011
STATIC char * networkstatus_get_detached_signatures(smartlist_t *consensuses)
Definition: dirvote.c:2750
static char * compute_consensus_versions_list(smartlist_t *lst, int n_versioning)
Definition: dirvote.c:861
static char * get_detached_signatures_from_pending_consensuses(pending_consensus_t *pending, int n_flavors)
Definition: dirvote.c:2839
uint32_t dirserv_get_bandwidth_for_router_kb(const routerinfo_t *ri)
Definition: dirvote.c:4206
static void routers_make_ed_keys_unique(smartlist_t *routers)
Definition: dirvote.c:4496
static void dirvote_get_preferred_voting_intervals(vote_timing_t *timing_out)
Definition: dirvote.c:465
int networkstatus_compute_bw_weights_v10(smartlist_t *chunks, int64_t G, int64_t M, int64_t E, int64_t D, int64_t T, int64_t weight_scale)
Definition: dirvote.c:1098
static char * list_v3_auth_ids(void)
Definition: dirvote.c:3130
#define get_most_frequent_member(lst)
Definition: dirvote.c:598
STATIC int networkstatus_add_detached_signatures(networkstatus_t *target, ns_detached_signatures_t *sigs, const char *source, int severity, const char **msg_out)
Definition: dirvote.c:2558
static smartlist_t * pending_vote_list
Definition: dirvote.c:2944
static int dirvote_add_signatures_to_pending_consensus(pending_consensus_t *pc, ns_detached_signatures_t *sigs, const char *source, int severity, const char **msg_out)
Definition: dirvote.c:3566
const char DIRVOTE_OPTIONAL_FLAGS[]
Definition: dirvote.c:4573
STATIC char * compute_consensus_package_lines(smartlist_t *votes)
Definition: dirvote.c:2477
#define MIN_VOTES_FOR_PARAM
Definition: dirvote.c:916
STATIC digestmap_t * get_sybil_list_by_ip_version(const smartlist_t *routers, sa_family_t family)
Definition: dirvote.c:4341
static smartlist_t * pending_consensus_signature_list
Definition: dirvote.c:2958
static void clear_status_flags_on_sybil(routerstatus_t *rs)
Definition: dirvote.c:4548
const char * dirvote_get_pending_detached_signatures(void)
Definition: dirvote.c:3805
static ssize_t dirvote_format_microdesc_vote_line(char *out_buf, size_t out_buf_len, const microdesc_t *md, int consensus_method_low, int consensus_method_high)
Definition: dirvote.c:3959
static int dirvote_compute_consensuses(void)
Definition: dirvote.c:3387
static int compute_consensus_method(smartlist_t *votes)
Definition: dirvote.c:793
static void update_total_bandwidth_weights(const routerstatus_t *rs, int is_exit, int is_guard, int64_t *G, int64_t *M, int64_t *E, int64_t *D, int64_t *T)
Definition: dirvote.c:1338
STATIC int compare_routerinfo_by_ipv4(const void **a, const void **b)
Definition: dirvote.c:4254
static smartlist_t * previous_vote_list
Definition: dirvote.c:2947
static int compare_vote_rs(const vote_routerstatus_t *a, const vote_routerstatus_t *b)
Definition: dirvote.c:605
static int compare_dir_src_ents_by_authority_id_(const void **_a, const void **_b)
Definition: dirvote.c:563
const char DIRVOTE_UNIVERSAL_FLAGS[]
Definition: dirvote.c:4560
vote_microdesc_hash_t * dirvote_format_all_microdesc_vote_lines(const routerinfo_t *ri, time_t now, smartlist_t *microdescriptors_out)
Definition: dirvote.c:4009
STATIC char * networkstatus_compute_consensus(smartlist_t *votes, int total_authorities, crypto_pk_t *identity_key, crypto_pk_t *signing_key, const char *legacy_id_key_digest, crypto_pk_t *legacy_signing_key, consensus_flavor_t flavor)
Definition: dirvote.c:1518
static networkstatus_voter_info_t * get_voter(const networkstatus_t *vote)
Definition: dirvote.c:531
Header file for dirvote.c.
#define MIN_VOTE_INTERVAL_TESTING
Definition: dirvote.h:46
#define MIN_VOTE_INTERVAL
Definition: dirvote.h:37
#define MIN_METHOD_TO_SUPPRESS_MD_PUBLISHED
Definition: dirvote.h:62
#define MIN_SUPPORTED_CONSENSUS_METHOD
Definition: dirvote.h:53
#define MIN_METHOD_TO_OMIT_PACKAGE_FINGERPRINTS
Definition: dirvote.h:68
#define DEFAULT_MAX_UNMEASURED_BW_KB
Definition: dirvote.h:73
#define MAX_BW_FILE_HEADERS_LINE_LEN
Definition: dirvote.h:81
#define MIN_DIST_SECONDS
Definition: dirvote.h:32
#define MIN_VOTE_SECONDS
Definition: dirvote.h:27
#define MAX_SUPPORTED_CONSENSUS_METHOD
Definition: dirvote.h:56
Authority signature structure.
Code to parse and validate detached-signature objects.
ns_detached_signatures_t * networkstatus_parse_detached_signatures(const char *s, const char *eos)
Definition: dsigs_parse.c:67
Header file for circuitbuild.c.
const char * escaped(const char *s)
Definition: escape.c:126
int write_str_to_file(const char *fname, const char *str, int bin)
Definition: files.c:275
Format routerstatus entries for controller, vote, or consensus.
routerstatus_format_type_t
@ NS_V3_VOTE
@ NS_V3_CONSENSUS
@ NS_V3_CONSENSUS_MICRODESC
char * routerstatus_format_entry(const routerstatus_t *rs, const char *version, const char *protocols, routerstatus_format_type_t format, const vote_routerstatus_t *vrs, time_t declared_publish_time)
Header file for guardfraction.c.
int dirserv_read_guardfraction_file(const char *fname, smartlist_t *vote_routerstatuses)
uint16_t sa_family_t
Definition: inaddr_st.h:77
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:591
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define LD_DIRSERV
Definition: log.h:90
#define LD_BUG
Definition: log.h:86
#define LD_NET
Definition: log.h:66
#define LD_DIR
Definition: log.h:88
#define LOG_NOTICE
Definition: log.h:50
#define LD_CIRC
Definition: log.h:82
#define LOG_WARN
Definition: log.h:53
#define LOG_INFO
Definition: log.h:45
void tor_free_(void *mem)
Definition: malloc.c:227
#define tor_free(p)
Definition: malloc.h:56
void * strmap_get_lc(const strmap_t *map, const char *key)
Definition: map.c:360
void * strmap_set_lc(strmap_t *map, const char *key, void *val)
Definition: map.c:346
#define DIGESTMAP_FOREACH_END
Definition: map.h:168
#define DIGESTMAP_FOREACH(map, keyvar, valtype, valvar)
Definition: map.h:154
smartlist_t * microdescs_add_list_to_cache(microdesc_cache_t *cache, smartlist_t *descriptors, saved_location_t where, int no_save)
Definition: microdesc.c:383
microdesc_cache_t * get_microdesc_cache(void)
Definition: microdesc.c:251
Header file for microdesc.c.
smartlist_t * microdescs_parse_from_string(const char *s, const char *eos, int allow_annotations, saved_location_t where, smartlist_t *invalid_digests_out)
Header file for microdesc_parse.c.
Microdescriptor structure.
networkstatus_t * networkstatus_get_latest_consensus_by_flavor(consensus_flavor_t f)
int networkstatus_check_document_signature(const networkstatus_t *consensus, document_signature_t *sig, const authority_cert_t *cert)
const char * networkstatus_get_flavor_name(consensus_flavor_t flav)
int networkstatus_set_current_consensus(const char *consensus, size_t consensus_len, const char *flavor, unsigned flags, const char *source_dir)
document_signature_t * networkstatus_get_voter_sig_by_alg(const networkstatus_voter_info_t *voter, digest_algorithm_t alg)
time_t voting_sched_get_start_of_interval_after(time_t now, int interval, int offset)
networkstatus_voter_info_t * networkstatus_get_voter_by_id(networkstatus_t *vote, const char *identity)
int networkstatus_check_consensus_signature(networkstatus_t *consensus, int warn)
document_signature_t * document_signature_dup(const document_signature_t *sig)
networkstatus_t * networkstatus_get_live_consensus(time_t now)
Header file for networkstatus.c.
Networkstatus consensus/vote structure.
Single consensus voter structure.
Node information structure.
char * nodefamily_canonicalize(const char *s, const uint8_t *rsa_id_self, unsigned flags)
Definition: nodefamily.c:111
Header file for nodefamily.c.
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:226
node_t * node_get_mutable_by_id(const char *identity_digest)
Definition: nodelist.c:197
Header file for nodelist.c.
Detached consensus signatures structure.
Header file for ns_parse.c.
networkstatus_t * networkstatus_parse_vote_from_string(const char *s, size_t len, const char **eos_out, enum networkstatus_type_t ns_type)
Definition: ns_parse.c:1094
int networkstatus_verify_bw_weights(networkstatus_t *ns, int)
Definition: ns_parse.c:613
Master header file for Tor-specific functionality.
@ SAVED_NOWHERE
Definition: or.h:626
#define BW_WEIGHT_SCALE
Definition: or.h:907
consensus_flavor_t
Definition: or.h:763
#define ROUTER_MAX_AGE_TO_PUBLISH
Definition: or.h:161
@ V3_DIRINFO
Definition: or.h:790
#define N_CONSENSUS_FLAVORS
Definition: or.h:769
Header for order.c.
long tor_parse_long(const char *s, int base, long min, long max, int *ok, char **next)
Definition: parse_int.c:59
smartlist_t * find_all_by_keyword(const smartlist_t *s, directory_keyword k)
Definition: parsecommon.c:451
directory_token_t * find_opt_by_keyword(const smartlist_t *s, directory_keyword keyword)
Definition: parsecommon.c:440
Header file for parsecommon.c.
#define T(s, t, a, o)
Definition: parsecommon.h:247
char * write_short_policy(const short_policy_t *policy)
Definition: policies.c:2806
char * policy_summarize(smartlist_t *policy, sa_family_t family)
Definition: policies.c:2593
Header file for policies.c.
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
bool protover_list_is_invalid(const char *s)
Definition: protover.c:301
const char * protover_get_recommended_relay_protocols(void)
Definition: protover.c:531
const char * protover_get_required_relay_protocols(void)
Definition: protover.c:548
const char * protover_get_required_client_protocols(void)
Definition: protover.c:540
const char * protover_get_recommended_client_protocols(void)
Definition: protover.c:522
char * protover_compute_vote(const smartlist_t *list_of_proto_strings, int threshold)
Definition: protover.c:661
const char * protover_compute_for_old_tor(const char *version)
C_RUST_COUPLED: src/rust/protover/protover.rs compute_for_old_tor
Definition: protover.c:849
int protover_all_supported(const char *s, char **missing_out)
Definition: protover.c:750
Headers and type declarations for protover.c.
int validate_recommended_package_line(const char *line)
Definition: recommend_pkg.c:38
Header file for recommend_pkg.c.
void rep_hist_make_router_pessimal(const char *id, time_t when)
Definition: rephist.c:760
Header file for rephist.c.
bool find_my_address(const or_options_t *options, int family, int warn_severity, tor_addr_t *addr_out, resolved_addr_method_t *method_out, char **hostname_out)
Attempt to find our IP address that can be used as our external reachable address.
Definition: resolve_addr.c:727
Header file for resolve_addr.c.
uint16_t routerconf_find_or_port(const or_options_t *options, sa_family_t family)
Definition: router.c:1507
crypto_pk_t * get_my_v3_legacy_signing_key(void)
Definition: router.c:474
crypto_pk_t * get_my_v3_authority_signing_key(void)
Definition: router.c:457
static crypto_pk_t * legacy_signing_key
Definition: router.c:131
authority_cert_t * get_my_v3_authority_cert(void)
Definition: router.c:449
uint16_t routerconf_find_dir_port(const or_options_t *options, uint16_t dirport)
Definition: router.c:1612
authority_cert_t * get_my_v3_legacy_cert(void)
Definition: router.c:466
Header file for router.c.
Router descriptor structure.
#define ROUTER_PURPOSE_GENERAL
Definition: routerinfo_st.h:98
Header for routerkeys.c.
void update_consensus_router_descriptor_downloads(time_t now, int is_vote, networkstatus_t *consensus)
Definition: routerlist.c:2650
routerlist_t * router_get_routerlist(void)
Definition: routerlist.c:898
uint32_t router_get_advertised_bandwidth(const routerinfo_t *router)
Definition: routerlist.c:646
void routers_sort_by_identity(smartlist_t *routers)
Definition: routerlist.c:3317
Header file for routerlist.c.
Router descriptor list structure.
char * sr_get_string_for_consensus(const smartlist_t *votes, int32_t num_srv_agreements)
char * sr_get_string_for_vote(void)
void sr_act_post_consensus(const networkstatus_t *consensus)
void sr_handle_received_commits(smartlist_t *commits, crypto_pk_t *voter_key)
sr_commit_t * sr_parse_commit(const smartlist_t *args)
Header for shared_random_state.c.
char * router_get_dirobj_signature(const char *digest, size_t digest_len, const crypto_pk_t *private_key)
Definition: signing.c:22
Header file for signing.c.
void smartlist_sort_digests256(smartlist_t *sl)
Definition: smartlist.c:846
const uint8_t * smartlist_get_most_frequent_digest256(smartlist_t *sl)
Definition: smartlist.c:854
void smartlist_add_asprintf(struct smartlist_t *sl, const char *pattern,...)
Definition: smartlist.c:36
void smartlist_uniq_strings(smartlist_t *sl)
Definition: smartlist.c:574
void smartlist_sort_strings(smartlist_t *sl)
Definition: smartlist.c:549
int smartlist_contains_string(const smartlist_t *sl, const char *element)
Definition: smartlist.c:93
const char * smartlist_get_most_frequent_string_(smartlist_t *sl, int *count_out)
Definition: smartlist.c:566
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
Definition: smartlist.c:279
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: smartlist.c:334
int smartlist_string_pos(const smartlist_t *sl, const char *element)
Definition: smartlist.c:106
void smartlist_uniq(smartlist_t *sl, int(*compare)(const void **a, const void **b), void(*free_fn)(void *a))
Definition: smartlist.c:390
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_clear(smartlist_t *sl)
void smartlist_remove(smartlist_t *sl, const void *element)
void smartlist_del_keeporder(smartlist_t *sl, int idx)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
crypto_pk_t * identity_key
crypto_pk_t * signing_key
char signing_key_digest[DIGEST_LEN]
signed_descriptor_t cache_info
size_t dir_len
Definition: cached_dir_st.h:20
char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN]
Definition: crypto_digest.h:89
LINELIST RecommendedServerVersions
LINELIST RecommendedClientVersions
char digest[DIGEST256_LEN]
Definition: microdesc_st.h:62
smartlist_t * known_flags
common_digests_t digests
char * recommended_relay_protocols
smartlist_t * voters
smartlist_t * net_params
smartlist_t * routerstatus_list
uint8_t bw_file_digest256[DIGEST256_LEN]
networkstatus_sr_info_t sr_info
struct authority_cert_t * cert
consensus_flavor_t flavor
networkstatus_type_t type
smartlist_t * bw_file_headers
Definition: node_st.h:34
unsigned int is_running
Definition: node_st.h:63
char * ContactInfo
int V3AuthNIntervalsValid
int V3AuthUseLegacyKey
char * GuardfractionFile
char * Nickname
Definition: or_options_st.h:97
char * V3BandwidthsFile
int TestingV3AuthInitialVotingInterval
int V3AuthVotingInterval
int TestingV3AuthVotingStartOffset
networkstatus_t * consensus
Definition: dirvote.c:117