Tor 0.4.9.0-alpha-dev
dirvote.c
Go to the documentation of this file.
1/* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2021, The Tor Project, Inc. */
4/* See LICENSE for licensing information */
5
6#define DIRVOTE_PRIVATE
7
8#include "core/or/or.h"
9#include "app/config/config.h"
11#include "core/or/policies.h"
12#include "core/or/protover.h"
14#include "core/or/versions.h"
39#include "feature/client/entrynodes.h" /* needed for guardfraction methods */
42
47
63
64#include "lib/container/order.h"
67
68/* Algorithm to use for the bandwidth file digest. */
69#define DIGEST_ALG_BW_FILE DIGEST_SHA256
70
71/**
72 * \file dirvote.c
73 * \brief Functions to compute directory consensus, and schedule voting.
74 *
75 * This module is the center of the consensus-voting based directory
76 * authority system. With this system, a set of authorities first
77 * publish vote based on their opinions of the network, and then compute
78 * a consensus from those votes. Each authority signs the consensus,
79 * and clients trust the consensus if enough known authorities have
80 * signed it.
81 *
82 * The code in this module is only invoked on directory authorities. It's
83 * responsible for:
84 *
85 * <ul>
86 * <li>Generating this authority's vote networkstatus, based on the
87 * authority's view of the network as represented in dirserv.c
88 * <li>Formatting the vote networkstatus objects.
89 * <li>Generating the microdescriptors that correspond to our own
90 * vote.
91 * <li>Sending votes to all the other authorities.
92 * <li>Trying to fetch missing votes from other authorities.
93 * <li>Computing the consensus from a set of votes, as well as
94 * a "detached signature" object for other authorities to fetch.
95 * <li>Collecting other authorities' signatures on the same consensus,
96 * until there are enough.
97 * <li>Publishing the consensus to the reset of the directory system.
98 * <li>Scheduling all of the above operations.
99 * </ul>
100 *
101 * The main entry points are in dirvote_act(), which handles scheduled
102 * actions; and dirvote_add_vote() and dirvote_add_signatures(), which
103 * handle uploaded and downloaded votes and signatures.
104 *
105 * (See dir-spec.txt from torspec.git for a complete specification of
106 * the directory protocol and voting algorithms.)
107 **/
108
109/** A consensus that we have built and are appending signatures to. Once it's
110 * time to publish it, it will become an active consensus if it accumulates
111 * enough signatures. */
112typedef struct pending_consensus_t {
113 /** The body of the consensus that we're currently building. Once we
114 * have it built, it goes into dirserv.c */
115 char *body;
116 /** The parsed in-progress consensus document. */
119
120/* DOCDOC dirvote_add_signatures_to_all_pending_consensuses */
122 const char *detached_signatures_body,
123 const char *source,
124 const char **msg_out);
128 const char *source,
129 int severity,
130 const char **msg_out);
131static char *list_v3_auth_ids(void);
132static void dirvote_fetch_missing_votes(void);
133static void dirvote_fetch_missing_signatures(void);
134static int dirvote_perform_vote(void);
135static void dirvote_clear_votes(int all_votes);
136static int dirvote_compute_consensuses(void);
137static int dirvote_publish_consensus(void);
138
139/* =====
140 * Certificate functions
141 * ===== */
142
143/** Allocate and return a new authority_cert_t with the same contents as
144 * <b>cert</b>. */
147{
148 authority_cert_t *out = tor_malloc(sizeof(authority_cert_t));
149 tor_assert(cert);
150
151 memcpy(out, cert, sizeof(authority_cert_t));
152 /* Now copy pointed-to things. */
154 tor_strndup(cert->cache_info.signed_descriptor_body,
159
160 return out;
161}
162
163/* =====
164 * Voting
165 * =====*/
166
167/* If <b>opt_value</b> is non-NULL, return "keyword opt_value\n" in a new
168 * string. Otherwise return a new empty string. */
169static char *
170format_line_if_present(const char *keyword, const char *opt_value)
171{
172 if (opt_value) {
173 char *result = NULL;
174 tor_asprintf(&result, "%s %s\n", keyword, opt_value);
175 return result;
176 } else {
177 return tor_strdup("");
178 }
179}
180
181/** Format the recommended/required-relay-client protocols lines for a vote in
182 * a newly allocated string, and return that string. */
183static char *
185{
186 char *recommended_relay_protocols_line = NULL;
187 char *recommended_client_protocols_line = NULL;
188 char *required_relay_protocols_line = NULL;
189 char *required_client_protocols_line = NULL;
190
191 recommended_relay_protocols_line =
192 format_line_if_present("recommended-relay-protocols",
194 recommended_client_protocols_line =
195 format_line_if_present("recommended-client-protocols",
196 v3_ns->recommended_client_protocols);
197 required_relay_protocols_line =
198 format_line_if_present("required-relay-protocols",
199 v3_ns->required_relay_protocols);
200 required_client_protocols_line =
201 format_line_if_present("required-client-protocols",
202 v3_ns->required_client_protocols);
203
204 char *result = NULL;
205 tor_asprintf(&result, "%s%s%s%s",
206 recommended_relay_protocols_line,
207 recommended_client_protocols_line,
208 required_relay_protocols_line,
209 required_client_protocols_line);
210
211 tor_free(recommended_relay_protocols_line);
212 tor_free(recommended_client_protocols_line);
213 tor_free(required_relay_protocols_line);
214 tor_free(required_client_protocols_line);
215
216 return result;
217}
218
219/** Return a new string containing the string representation of the vote in
220 * <b>v3_ns</b>, signed with our v3 signing key <b>private_signing_key</b>.
221 * For v3 authorities. */
222STATIC char *
224 networkstatus_t *v3_ns)
225{
226 smartlist_t *chunks = smartlist_new();
227 char fingerprint[FINGERPRINT_LEN+1];
228 char digest[DIGEST_LEN];
229 char *protocols_lines = NULL;
230 char *client_versions_line = NULL, *server_versions_line = NULL;
231 char *shared_random_vote_str = NULL;
233 char *status = NULL;
234
235 tor_assert(private_signing_key);
236 tor_assert(v3_ns->type == NS_TYPE_VOTE || v3_ns->type == NS_TYPE_OPINION);
237
238 voter = smartlist_get(v3_ns->voters, 0);
239
240 base16_encode(fingerprint, sizeof(fingerprint),
242
243 client_versions_line = format_line_if_present("client-versions",
244 v3_ns->client_versions);
245 server_versions_line = format_line_if_present("server-versions",
246 v3_ns->server_versions);
247 protocols_lines = format_protocols_lines_for_vote(v3_ns);
248
249 /* Get shared random commitments/reveals line(s). */
250 shared_random_vote_str = sr_get_string_for_vote();
251
252 {
253 char published[ISO_TIME_LEN+1];
254 char va[ISO_TIME_LEN+1];
255 char fu[ISO_TIME_LEN+1];
256 char vu[ISO_TIME_LEN+1];
257 char *flags = smartlist_join_strings(v3_ns->known_flags, " ", 0, NULL);
258 /* XXXX Abstraction violation: should be pulling a field out of v3_ns.*/
259 char *flag_thresholds = dirserv_get_flag_thresholds_line();
260 char *params;
261 char *bw_headers_line = NULL;
262 char *bw_file_digest = NULL;
263 authority_cert_t *cert = v3_ns->cert;
264 char *methods =
267 format_iso_time(published, v3_ns->published);
268 format_iso_time(va, v3_ns->valid_after);
269 format_iso_time(fu, v3_ns->fresh_until);
270 format_iso_time(vu, v3_ns->valid_until);
271
272 if (v3_ns->net_params)
273 params = smartlist_join_strings(v3_ns->net_params, " ", 0, NULL);
274 else
275 params = tor_strdup("");
276 tor_assert(cert);
277
278 /* v3_ns->bw_file_headers is only set when V3BandwidthsFile is
279 * configured */
280 if (v3_ns->bw_file_headers) {
281 char *bw_file_headers = NULL;
282 /* If there are too many headers, leave the header string NULL */
283 if (! BUG(smartlist_len(v3_ns->bw_file_headers)
285 bw_file_headers = smartlist_join_strings(v3_ns->bw_file_headers, " ",
286 0, NULL);
287 if (BUG(strlen(bw_file_headers) > MAX_BW_FILE_HEADERS_LINE_LEN)) {
288 /* Free and set to NULL, because the line was too long */
289 tor_free(bw_file_headers);
290 }
291 }
292 if (!bw_file_headers) {
293 /* If parsing failed, add a bandwidth header line with no entries */
294 bw_file_headers = tor_strdup("");
295 }
296 /* At this point, the line will always be present */
297 bw_headers_line = format_line_if_present("bandwidth-file-headers",
298 bw_file_headers);
299 tor_free(bw_file_headers);
300 }
301
302 /* Create bandwidth-file-digest if applicable.
303 * v3_ns->b64_digest_bw_file will contain the digest when V3BandwidthsFile
304 * is configured and the bandwidth file could be read, even if it was not
305 * parseable.
306 */
307 if (!tor_digest256_is_zero((const char *)v3_ns->bw_file_digest256)) {
308 /* Encode the digest. */
309 char b64_digest_bw_file[BASE64_DIGEST256_LEN+1] = {0};
310 digest256_to_base64(b64_digest_bw_file,
311 (const char *)v3_ns->bw_file_digest256);
312 /* "bandwidth-file-digest" 1*(SP algorithm "=" digest) NL */
313 char *digest_algo_b64_digest_bw_file = NULL;
314 tor_asprintf(&digest_algo_b64_digest_bw_file, "%s=%s",
315 crypto_digest_algorithm_get_name(DIGEST_ALG_BW_FILE),
316 b64_digest_bw_file);
317 /* No need for tor_strdup(""), format_line_if_present does it. */
318 bw_file_digest = format_line_if_present(
319 "bandwidth-file-digest", digest_algo_b64_digest_bw_file);
320 tor_free(digest_algo_b64_digest_bw_file);
321 }
322
323 const char *ip_str = fmt_addr(&voter->ipv4_addr);
324
325 if (ip_str[0]) {
327 "network-status-version 3\n"
328 "vote-status %s\n"
329 "consensus-methods %s\n"
330 "published %s\n"
331 "valid-after %s\n"
332 "fresh-until %s\n"
333 "valid-until %s\n"
334 "voting-delay %d %d\n"
335 "%s%s" /* versions */
336 "%s" /* protocols */
337 "known-flags %s\n"
338 "flag-thresholds %s\n"
339 "params %s\n"
340 "%s" /* bandwidth file headers */
341 "%s" /* bandwidth file digest */
342 "dir-source %s %s %s %s %d %d\n"
343 "contact %s\n"
344 "%s" /* shared randomness information */
345 ,
346 v3_ns->type == NS_TYPE_VOTE ? "vote" : "opinion",
347 methods,
348 published, va, fu, vu,
349 v3_ns->vote_seconds, v3_ns->dist_seconds,
350 client_versions_line,
351 server_versions_line,
352 protocols_lines,
353 flags,
354 flag_thresholds,
355 params,
356 bw_headers_line ? bw_headers_line : "",
357 bw_file_digest ? bw_file_digest: "",
358 voter->nickname, fingerprint, voter->address,
359 ip_str, voter->ipv4_dirport, voter->ipv4_orport,
360 voter->contact,
361 shared_random_vote_str ?
362 shared_random_vote_str : "");
363 }
364
365 tor_free(params);
366 tor_free(flags);
367 tor_free(flag_thresholds);
368 tor_free(methods);
369 tor_free(shared_random_vote_str);
370 tor_free(bw_headers_line);
371 tor_free(bw_file_digest);
372
373 if (ip_str[0] == '\0')
374 goto err;
375
377 char fpbuf[HEX_DIGEST_LEN+1];
378 base16_encode(fpbuf, sizeof(fpbuf), voter->legacy_id_digest, DIGEST_LEN);
379 smartlist_add_asprintf(chunks, "legacy-dir-key %s\n", fpbuf);
380 }
381
382 smartlist_add(chunks, tor_strndup(cert->cache_info.signed_descriptor_body,
384 }
385
387 vrs) {
388 char *rsf;
390 rsf = routerstatus_format_entry(&vrs->status,
391 vrs->version, vrs->protocols,
393 vrs,
394 -1);
395 if (rsf)
396 smartlist_add(chunks, rsf);
397
398 for (h = vrs->microdesc; h; h = h->next) {
400 }
401 } SMARTLIST_FOREACH_END(vrs);
402
403 smartlist_add_strdup(chunks, "directory-footer\n");
404
405 /* The digest includes everything up through the space after
406 * directory-signature. (Yuck.) */
407 crypto_digest_smartlist(digest, DIGEST_LEN, chunks,
408 "directory-signature ", DIGEST_SHA1);
409
410 {
411 char signing_key_fingerprint[FINGERPRINT_LEN+1];
412 if (crypto_pk_get_fingerprint(private_signing_key,
413 signing_key_fingerprint, 0)<0) {
414 log_warn(LD_BUG, "Unable to get fingerprint for signing key");
415 goto err;
416 }
417
418 smartlist_add_asprintf(chunks, "directory-signature %s %s\n", fingerprint,
419 signing_key_fingerprint);
420 }
421
422 {
423 char *sig = router_get_dirobj_signature(digest, DIGEST_LEN,
424 private_signing_key);
425 if (!sig) {
426 log_warn(LD_BUG, "Unable to sign networkstatus vote.");
427 goto err;
428 }
429 smartlist_add(chunks, sig);
430 }
431
432 status = smartlist_join_strings(chunks, "", 0, NULL);
433
434 {
436 if (!(v = networkstatus_parse_vote_from_string(status, strlen(status),
437 NULL,
438 v3_ns->type))) {
439 log_err(LD_BUG,"Generated a networkstatus %s we couldn't parse: "
440 "<<%s>>",
441 v3_ns->type == NS_TYPE_VOTE ? "vote" : "opinion", status);
442 goto err;
443 }
444 networkstatus_vote_free(v);
445 }
446
447 goto done;
448
449 err:
450 tor_free(status);
451 done:
452 tor_free(client_versions_line);
453 tor_free(server_versions_line);
454 tor_free(protocols_lines);
455
456 SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
457 smartlist_free(chunks);
458 return status;
459}
460
461/** Set *<b>timing_out</b> to the intervals at which we would like to vote.
462 * Note that these aren't the intervals we'll use to vote; they're the ones
463 * that we'll vote to use. */
464static void
466{
467 const or_options_t *options = get_options();
468
469 tor_assert(timing_out);
470
471 timing_out->vote_interval = options->V3AuthVotingInterval;
472 timing_out->n_intervals_valid = options->V3AuthNIntervalsValid;
473 timing_out->vote_delay = options->V3AuthVoteDelay;
474 timing_out->dist_delay = options->V3AuthDistDelay;
475}
476
477/* =====
478 * Consensus generation
479 * ===== */
480
481/** If <b>vrs</b> has a hash made for the consensus method <b>method</b> with
482 * the digest algorithm <b>alg</b>, decode it and copy it into
483 * <b>digest256_out</b> and return 0. Otherwise return -1. */
484static int
486 const vote_routerstatus_t *vrs,
487 int method,
489{
490 /* XXXX only returns the sha256 method. */
491 const vote_microdesc_hash_t *h;
492 char mstr[64];
493 size_t mlen;
494 char dstr[64];
495
496 tor_snprintf(mstr, sizeof(mstr), "%d", method);
497 mlen = strlen(mstr);
498 tor_snprintf(dstr, sizeof(dstr), " %s=",
500
501 for (h = vrs->microdesc; h; h = h->next) {
502 const char *cp = h->microdesc_hash_line;
503 size_t num_len;
504 /* cp looks like \d+(,\d+)* (digesttype=val )+ . Let's hunt for mstr in
505 * the first part. */
506 while (1) {
507 num_len = strspn(cp, "1234567890");
508 if (num_len == mlen && fast_memeq(mstr, cp, mlen)) {
509 /* This is the line. */
510 char buf[BASE64_DIGEST256_LEN+1];
511 /* XXXX ignores extraneous stuff if the digest is too long. This
512 * seems harmless enough, right? */
513 cp = strstr(cp, dstr);
514 if (!cp)
515 return -1;
516 cp += strlen(dstr);
517 strlcpy(buf, cp, sizeof(buf));
518 return digest256_from_base64(digest256_out, buf);
519 }
520 if (num_len == 0 || cp[num_len] != ',')
521 break;
522 cp += num_len + 1;
523 }
524 }
525 return -1;
526}
527
528/** Given a vote <b>vote</b> (not a consensus!), return its associated
529 * networkstatus_voter_info_t. */
532{
533 tor_assert(vote);
534 tor_assert(vote->type == NS_TYPE_VOTE);
535 tor_assert(vote->voters);
536 tor_assert(smartlist_len(vote->voters) == 1);
537 return smartlist_get(vote->voters, 0);
538}
539
540/** Temporary structure used in constructing a list of dir-source entries
541 * for a consensus. One of these is generated for every vote, and one more
542 * for every legacy key in each vote. */
543typedef struct dir_src_ent_t {
545 const char *digest;
546 int is_legacy;
548
549/** Helper for sorting networkstatus_t votes (not consensuses) by the
550 * hash of their voters' identity digests. */
551static int
552compare_votes_by_authority_id_(const void **_a, const void **_b)
553{
554 const networkstatus_t *a = *_a, *b = *_b;
555 return fast_memcmp(get_voter(a)->identity_digest,
556 get_voter(b)->identity_digest, DIGEST_LEN);
557}
558
559/** Helper: Compare the dir_src_ent_ts in *<b>_a</b> and *<b>_b</b> by
560 * their identity digests, and return -1, 0, or 1 depending on their
561 * ordering */
562static int
563compare_dir_src_ents_by_authority_id_(const void **_a, const void **_b)
564{
565 const dir_src_ent_t *a = *_a, *b = *_b;
566 const networkstatus_voter_info_t *a_v = get_voter(a->v),
567 *b_v = get_voter(b->v);
568 const char *a_id, *b_id;
569 a_id = a->is_legacy ? a_v->legacy_id_digest : a_v->identity_digest;
570 b_id = b->is_legacy ? b_v->legacy_id_digest : b_v->identity_digest;
571
572 return fast_memcmp(a_id, b_id, DIGEST_LEN);
573}
574
575/** Given a sorted list of strings <b>in</b>, add every member to <b>out</b>
576 * that occurs more than <b>min</b> times. */
577static void
579{
580 char *cur = NULL;
581 int count = 0;
582 SMARTLIST_FOREACH_BEGIN(in, char *, cp) {
583 if (cur && !strcmp(cp, cur)) {
584 ++count;
585 } else {
586 if (count > min)
587 smartlist_add(out, cur);
588 cur = cp;
589 count = 1;
590 }
591 } SMARTLIST_FOREACH_END(cp);
592 if (count > min)
593 smartlist_add(out, cur);
594}
595
596/** Given a sorted list of strings <b>lst</b>, return the member that appears
597 * most. Break ties in favor of later-occurring members. */
598#define get_most_frequent_member(lst) \
599 smartlist_get_most_frequent_string(lst)
600
601/** Return 0 if and only if <b>a</b> and <b>b</b> are routerstatuses
602 * that come from the same routerinfo, with the same derived elements.
603 */
604static int
606{
607 int r;
608 tor_assert(a);
609 tor_assert(b);
610
612 DIGEST_LEN)))
613 return r;
616 DIGEST_LEN)))
617 return r;
618 /* If we actually reached this point, then the identities and
619 * the descriptor digests matched, so somebody is making SHA1 collisions.
620 */
621#define CMP_FIELD(utype, itype, field) do { \
622 utype aval = (utype) (itype) a->field; \
623 utype bval = (utype) (itype) b->field; \
624 utype u = bval - aval; \
625 itype r2 = (itype) u; \
626 if (r2 < 0) { \
627 return -1; \
628 } else if (r2 > 0) { \
629 return 1; \
630 } \
631 } while (0)
632
633 CMP_FIELD(uint64_t, int64_t, published_on);
634
635 if ((r = strcmp(b->status.nickname, a->status.nickname)))
636 return r;
637
638 if ((r = tor_addr_compare(&a->status.ipv4_addr, &b->status.ipv4_addr,
639 CMP_EXACT))) {
640 return r;
641 }
642 CMP_FIELD(unsigned, int, status.ipv4_orport);
643 CMP_FIELD(unsigned, int, status.ipv4_dirport);
644
645 return 0;
646}
647
648/** Helper for sorting routerlists based on compare_vote_rs. */
649static int
650compare_vote_rs_(const void **_a, const void **_b)
651{
652 const vote_routerstatus_t *a = *_a, *b = *_b;
653 return compare_vote_rs(a,b);
654}
655
656/** Helper for sorting OR ports. */
657static int
658compare_orports_(const void **_a, const void **_b)
659{
660 const tor_addr_port_t *a = *_a, *b = *_b;
661 int r;
662
663 if ((r = tor_addr_compare(&a->addr, &b->addr, CMP_EXACT)))
664 return r;
665 if ((r = (((int) b->port) - ((int) a->port))))
666 return r;
667
668 return 0;
669}
670
671/** Given a list of vote_routerstatus_t, all for the same router identity,
672 * return whichever is most frequent, breaking ties in favor of more
673 * recently published vote_routerstatus_t and in case of ties there,
674 * in favor of smaller descriptor digest.
675 */
676static vote_routerstatus_t *
677compute_routerstatus_consensus(smartlist_t *votes, int consensus_method,
678 char *microdesc_digest256_out,
679 tor_addr_port_t *best_alt_orport_out)
680{
681 vote_routerstatus_t *most = NULL, *cur = NULL;
682 int most_n = 0, cur_n = 0;
683 time_t most_published = 0;
684
685 /* compare_vote_rs_() sorts the items by identity digest (all the same),
686 * then by SD digest. That way, if we have a tie that the published_on
687 * date cannot break, we use the descriptor with the smaller digest.
688 */
691 if (cur && !compare_vote_rs(cur, rs)) {
692 ++cur_n;
693 } else {
694 if (cur && (cur_n > most_n ||
695 (cur_n == most_n &&
696 cur->published_on > most_published))) {
697 most = cur;
698 most_n = cur_n;
699 most_published = cur->published_on;
700 }
701 cur_n = 1;
702 cur = rs;
703 }
704 } SMARTLIST_FOREACH_END(rs);
705
706 if (cur_n > most_n ||
707 (cur && cur_n == most_n && cur->published_on > most_published)) {
708 most = cur;
709 // most_n = cur_n; // unused after this point.
710 // most_published = cur->status.published_on; // unused after this point.
711 }
712
713 tor_assert(most);
714
715 /* Vote on potential alternative (sets of) OR port(s) in the winning
716 * routerstatuses.
717 *
718 * XXX prop186 There's at most one alternative OR port (_the_ IPv6
719 * port) for now. */
720 if (best_alt_orport_out) {
721 smartlist_t *alt_orports = smartlist_new();
722 const tor_addr_port_t *most_alt_orport = NULL;
723
725 tor_assert(rs);
726 if (compare_vote_rs(most, rs) == 0 &&
727 !tor_addr_is_null(&rs->status.ipv6_addr)
728 && rs->status.ipv6_orport) {
729 smartlist_add(alt_orports, tor_addr_port_new(&rs->status.ipv6_addr,
730 rs->status.ipv6_orport));
731 }
732 } SMARTLIST_FOREACH_END(rs);
733
734 smartlist_sort(alt_orports, compare_orports_);
735 most_alt_orport = smartlist_get_most_frequent(alt_orports,
737 if (most_alt_orport) {
738 memcpy(best_alt_orport_out, most_alt_orport, sizeof(tor_addr_port_t));
739 log_debug(LD_DIR, "\"a\" line winner for %s is %s",
740 most->status.nickname,
741 fmt_addrport(&most_alt_orport->addr, most_alt_orport->port));
742 }
743
744 SMARTLIST_FOREACH(alt_orports, tor_addr_port_t *, ap, tor_free(ap));
745 smartlist_free(alt_orports);
746 }
747
748 if (microdesc_digest256_out) {
749 smartlist_t *digests = smartlist_new();
750 const uint8_t *best_microdesc_digest;
752 char d[DIGEST256_LEN];
753 if (compare_vote_rs(rs, most))
754 continue;
755 if (!vote_routerstatus_find_microdesc_hash(d, rs, consensus_method,
756 DIGEST_SHA256))
757 smartlist_add(digests, tor_memdup(d, sizeof(d)));
758 } SMARTLIST_FOREACH_END(rs);
760 best_microdesc_digest = smartlist_get_most_frequent_digest256(digests);
761 if (best_microdesc_digest)
762 memcpy(microdesc_digest256_out, best_microdesc_digest, DIGEST256_LEN);
763 SMARTLIST_FOREACH(digests, char *, cp, tor_free(cp));
764 smartlist_free(digests);
765 }
766
767 return most;
768}
769
770/** Sorting helper: compare two strings based on their values as base-ten
771 * positive integers. (Non-integers are treated as prior to all integers, and
772 * compared lexically.) */
773static int
774cmp_int_strings_(const void **_a, const void **_b)
775{
776 const char *a = *_a, *b = *_b;
777 int ai = (int)tor_parse_long(a, 10, 1, INT_MAX, NULL, NULL);
778 int bi = (int)tor_parse_long(b, 10, 1, INT_MAX, NULL, NULL);
779 if (ai<bi) {
780 return -1;
781 } else if (ai==bi) {
782 if (ai == 0) /* Parsing failed. */
783 return strcmp(a, b);
784 return 0;
785 } else {
786 return 1;
787 }
788}
789
790/** Given a list of networkstatus_t votes, determine and return the number of
791 * the highest consensus method that is supported by 2/3 of the voters. */
792static int
794{
795 smartlist_t *all_methods = smartlist_new();
796 smartlist_t *acceptable_methods = smartlist_new();
797 smartlist_t *tmp = smartlist_new();
798 int min = (smartlist_len(votes) * 2) / 3;
799 int n_ok;
800 int result;
801 SMARTLIST_FOREACH(votes, networkstatus_t *, vote,
802 {
803 tor_assert(vote->supported_methods);
804 smartlist_add_all(tmp, vote->supported_methods);
807 smartlist_add_all(all_methods, tmp);
808 smartlist_clear(tmp);
809 });
810
811 smartlist_sort(all_methods, cmp_int_strings_);
812 get_frequent_members(acceptable_methods, all_methods, min);
813 n_ok = smartlist_len(acceptable_methods);
814 if (n_ok) {
815 const char *best = smartlist_get(acceptable_methods, n_ok-1);
816 result = (int)tor_parse_long(best, 10, 1, INT_MAX, NULL, NULL);
817 } else {
818 result = 1;
819 }
820 smartlist_free(tmp);
821 smartlist_free(all_methods);
822 smartlist_free(acceptable_methods);
823 return result;
824}
825
826/** Return true iff <b>method</b> is a consensus method that we support. */
827static int
829{
830 return (method >= MIN_SUPPORTED_CONSENSUS_METHOD) &&
832}
833
834/** Return a newly allocated string holding the numbers between low and high
835 * (inclusive) that are supported consensus methods. */
836STATIC char *
837make_consensus_method_list(int low, int high, const char *separator)
838{
839 char *list;
840
841 int i;
842 smartlist_t *lst;
843 lst = smartlist_new();
844 for (i = low; i <= high; ++i) {
846 continue;
847 smartlist_add_asprintf(lst, "%d", i);
848 }
849 list = smartlist_join_strings(lst, separator, 0, NULL);
850 tor_assert(list);
851 SMARTLIST_FOREACH(lst, char *, cp, tor_free(cp));
852 smartlist_free(lst);
853 return list;
854}
855
856/** Helper: given <b>lst</b>, a list of version strings such that every
857 * version appears once for every versioning voter who recommends it, return a
858 * newly allocated string holding the resulting client-versions or
859 * server-versions list. May change contents of <b>lst</b> */
860static char *
862{
863 int min = n_versioning / 2;
864 smartlist_t *good = smartlist_new();
865 char *result;
866 SMARTLIST_FOREACH_BEGIN(lst, const char *, v) {
867 if (strchr(v, ' ')) {
868 log_warn(LD_DIR, "At least one authority has voted for a version %s "
869 "that contains a space. This probably wasn't intentional, and "
870 "is likely to cause trouble. Please tell them to stop it.",
871 escaped(v));
872 }
873 } SMARTLIST_FOREACH_END(v);
874 sort_version_list(lst, 0);
875 get_frequent_members(good, lst, min);
876 result = smartlist_join_strings(good, ",", 0, NULL);
877 smartlist_free(good);
878 return result;
879}
880
881/** Given a list of K=V values, return the int32_t value corresponding to
882 * KEYWORD=, or default_val if no such value exists, or if the value is
883 * corrupt.
884 */
885STATIC int32_t
887 const char *keyword,
888 int32_t default_val)
889{
890 unsigned int n_found = 0;
891 int32_t value = default_val;
892
893 SMARTLIST_FOREACH_BEGIN(param_list, const char *, k_v_pair) {
894 if (!strcmpstart(k_v_pair, keyword) && k_v_pair[strlen(keyword)] == '=') {
895 const char *integer_str = &k_v_pair[strlen(keyword)+1];
896 int ok;
897 value = (int32_t)
898 tor_parse_long(integer_str, 10, INT32_MIN, INT32_MAX, &ok, NULL);
899 if (BUG(!ok))
900 return default_val;
901 ++n_found;
902 }
903 } SMARTLIST_FOREACH_END(k_v_pair);
904
905 if (n_found == 1) {
906 return value;
907 } else {
908 tor_assert_nonfatal(n_found == 0);
909 return default_val;
910 }
911}
912
913/** Minimum number of directory authorities voting for a parameter to
914 * include it in the consensus, if consensus method 12 or later is to be
915 * used. See proposal 178 for details. */
916#define MIN_VOTES_FOR_PARAM 3
917
918/** Helper: given a list of valid networkstatus_t, return a new smartlist
919 * containing the contents of the consensus network parameter set.
920 */
922dirvote_compute_params(smartlist_t *votes, int method, int total_authorities)
923{
924 int i;
925 int32_t *vals;
926
927 int cur_param_len;
928 const char *cur_param;
929 const char *eq;
930
931 const int n_votes = smartlist_len(votes);
932 smartlist_t *output;
933 smartlist_t *param_list = smartlist_new();
934 (void) method;
935
936 /* We require that the parameter lists in the votes are well-formed: that
937 is, that their keywords are unique and sorted, and that their values are
938 between INT32_MIN and INT32_MAX inclusive. This should be guaranteed by
939 the parsing code. */
940
941 vals = tor_calloc(n_votes, sizeof(int));
942
944 if (!v->net_params)
945 continue;
946 smartlist_add_all(param_list, v->net_params);
947 } SMARTLIST_FOREACH_END(v);
948
949 if (smartlist_len(param_list) == 0) {
950 tor_free(vals);
951 return param_list;
952 }
953
954 smartlist_sort_strings(param_list);
955 i = 0;
956 cur_param = smartlist_get(param_list, 0);
957 eq = strchr(cur_param, '=');
958 tor_assert(eq);
959 cur_param_len = (int)(eq+1 - cur_param);
960
961 output = smartlist_new();
962
963 SMARTLIST_FOREACH_BEGIN(param_list, const char *, param) {
964 /* resolve spurious clang shallow analysis null pointer errors */
965 tor_assert(param);
966
967 const char *next_param;
968 int ok=0;
969 eq = strchr(param, '=');
970 tor_assert(i<n_votes); /* Make sure we prevented vote-stuffing. */
971 vals[i++] = (int32_t)
972 tor_parse_long(eq+1, 10, INT32_MIN, INT32_MAX, &ok, NULL);
973 tor_assert(ok); /* Already checked these when parsing. */
974
975 if (param_sl_idx+1 == smartlist_len(param_list))
976 next_param = NULL;
977 else
978 next_param = smartlist_get(param_list, param_sl_idx+1);
979
980 if (!next_param || strncmp(next_param, param, cur_param_len)) {
981 /* We've reached the end of a series. */
982 /* Make sure enough authorities voted on this param, unless the
983 * the consensus method we use is too old for that. */
984 if (i > total_authorities/2 ||
985 i >= MIN_VOTES_FOR_PARAM) {
986 int32_t median = median_int32(vals, i);
987 char *out_string = tor_malloc(64+cur_param_len);
988 memcpy(out_string, param, cur_param_len);
989 tor_snprintf(out_string+cur_param_len,64, "%ld", (long)median);
990 smartlist_add(output, out_string);
991 }
992
993 i = 0;
994 if (next_param) {
995 eq = strchr(next_param, '=');
996 cur_param_len = (int)(eq+1 - next_param);
997 }
998 }
999 } SMARTLIST_FOREACH_END(param);
1000
1001 smartlist_free(param_list);
1002 tor_free(vals);
1003 return output;
1004}
1005
1006#define RANGE_CHECK(a,b,c,d,e,f,g,mx) \
1007 ((a) >= 0 && (a) <= (mx) && (b) >= 0 && (b) <= (mx) && \
1008 (c) >= 0 && (c) <= (mx) && (d) >= 0 && (d) <= (mx) && \
1009 (e) >= 0 && (e) <= (mx) && (f) >= 0 && (f) <= (mx) && \
1010 (g) >= 0 && (g) <= (mx))
1011
1012#define CHECK_EQ(a, b, margin) \
1013 ((a)-(b) >= 0 ? (a)-(b) <= (margin) : (b)-(a) <= (margin))
1014
1015typedef enum {
1016 BW_WEIGHTS_NO_ERROR = 0,
1017 BW_WEIGHTS_RANGE_ERROR = 1,
1018 BW_WEIGHTS_SUMG_ERROR = 2,
1019 BW_WEIGHTS_SUME_ERROR = 3,
1020 BW_WEIGHTS_SUMD_ERROR = 4,
1021 BW_WEIGHTS_BALANCE_MID_ERROR = 5,
1022 BW_WEIGHTS_BALANCE_EG_ERROR = 6
1023} bw_weights_error_t;
1024
1025/**
1026 * Verify that any weightings satisfy the balanced formulas.
1027 */
1028static bw_weights_error_t
1029networkstatus_check_weights(int64_t Wgg, int64_t Wgd, int64_t Wmg,
1030 int64_t Wme, int64_t Wmd, int64_t Wee,
1031 int64_t Wed, int64_t scale, int64_t G,
1032 int64_t M, int64_t E, int64_t D, int64_t T,
1033 int64_t margin, int do_balance) {
1034 bw_weights_error_t berr = BW_WEIGHTS_NO_ERROR;
1035
1036 // Wed + Wmd + Wgd == 1
1037 if (!CHECK_EQ(Wed + Wmd + Wgd, scale, margin)) {
1038 berr = BW_WEIGHTS_SUMD_ERROR;
1039 goto out;
1040 }
1041
1042 // Wmg + Wgg == 1
1043 if (!CHECK_EQ(Wmg + Wgg, scale, margin)) {
1044 berr = BW_WEIGHTS_SUMG_ERROR;
1045 goto out;
1046 }
1047
1048 // Wme + Wee == 1
1049 if (!CHECK_EQ(Wme + Wee, scale, margin)) {
1050 berr = BW_WEIGHTS_SUME_ERROR;
1051 goto out;
1052 }
1053
1054 // Verify weights within range 0->1
1055 if (!RANGE_CHECK(Wgg, Wgd, Wmg, Wme, Wmd, Wed, Wee, scale)) {
1056 berr = BW_WEIGHTS_RANGE_ERROR;
1057 goto out;
1058 }
1059
1060 if (do_balance) {
1061 // Wgg*G + Wgd*D == Wee*E + Wed*D, already scaled
1062 if (!CHECK_EQ(Wgg*G + Wgd*D, Wee*E + Wed*D, (margin*T)/3)) {
1063 berr = BW_WEIGHTS_BALANCE_EG_ERROR;
1064 goto out;
1065 }
1066
1067 // Wgg*G + Wgd*D == M*scale + Wmd*D + Wme*E + Wmg*G, already scaled
1068 if (!CHECK_EQ(Wgg*G + Wgd*D, M*scale + Wmd*D + Wme*E + Wmg*G,
1069 (margin*T)/3)) {
1070 berr = BW_WEIGHTS_BALANCE_MID_ERROR;
1071 goto out;
1072 }
1073 }
1074
1075 out:
1076 if (berr) {
1077 log_info(LD_DIR,
1078 "Bw weight mismatch %d. G=%"PRId64" M=%"PRId64
1079 " E=%"PRId64" D=%"PRId64" T=%"PRId64
1080 " Wmd=%d Wme=%d Wmg=%d Wed=%d Wee=%d"
1081 " Wgd=%d Wgg=%d Wme=%d Wmg=%d",
1082 berr,
1083 (G), (M), (E),
1084 (D), (T),
1085 (int)Wmd, (int)Wme, (int)Wmg, (int)Wed, (int)Wee,
1086 (int)Wgd, (int)Wgg, (int)Wme, (int)Wmg);
1087 }
1088
1089 return berr;
1090}
1091
1092/**
1093 * This function computes the bandwidth weights for consensus method 10.
1094 *
1095 * It returns true if weights could be computed, false otherwise.
1096 */
1097int
1099 int64_t M, int64_t E, int64_t D,
1100 int64_t T, int64_t weight_scale)
1101{
1102 bw_weights_error_t berr = 0;
1103 int64_t Wgg = -1, Wgd = -1;
1104 int64_t Wmg = -1, Wme = -1, Wmd = -1;
1105 int64_t Wed = -1, Wee = -1;
1106 const char *casename;
1107
1108 if (G <= 0 || M <= 0 || E <= 0 || D <= 0) {
1109 log_warn(LD_DIR, "Consensus with empty bandwidth: "
1110 "G=%"PRId64" M=%"PRId64" E=%"PRId64
1111 " D=%"PRId64" T=%"PRId64,
1112 (G), (M), (E),
1113 (D), (T));
1114 return 0;
1115 }
1116
1117 /*
1118 * Computed from cases in 3.8.3 of dir-spec.txt
1119 *
1120 * 1. Neither are scarce
1121 * 2. Both Guard and Exit are scarce
1122 * a. R+D <= S
1123 * b. R+D > S
1124 * 3. One of Guard or Exit is scarce
1125 * a. S+D < T/3
1126 * b. S+D >= T/3
1127 */
1128 if (3*E >= T && 3*G >= T) { // E >= T/3 && G >= T/3
1129 /* Case 1: Neither are scarce. */
1130 casename = "Case 1 (Wgd=Wmd=Wed)";
1131 Wgd = weight_scale/3;
1132 Wed = weight_scale/3;
1133 Wmd = weight_scale/3;
1134 Wee = (weight_scale*(E+G+M))/(3*E);
1135 Wme = weight_scale - Wee;
1136 Wmg = (weight_scale*(2*G-E-M))/(3*G);
1137 Wgg = weight_scale - Wmg;
1138
1139 berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed,
1140 weight_scale, G, M, E, D, T, 10, 1);
1141
1142 if (berr) {
1143 log_warn(LD_DIR,
1144 "Bw Weights error %d for %s v10. G=%"PRId64" M=%"PRId64
1145 " E=%"PRId64" D=%"PRId64" T=%"PRId64
1146 " Wmd=%d Wme=%d Wmg=%d Wed=%d Wee=%d"
1147 " Wgd=%d Wgg=%d Wme=%d Wmg=%d weight_scale=%d",
1148 berr, casename,
1149 (G), (M), (E),
1150 (D), (T),
1151 (int)Wmd, (int)Wme, (int)Wmg, (int)Wed, (int)Wee,
1152 (int)Wgd, (int)Wgg, (int)Wme, (int)Wmg, (int)weight_scale);
1153 return 0;
1154 }
1155 } else if (3*E < T && 3*G < T) { // E < T/3 && G < T/3
1156 int64_t R = MIN(E, G);
1157 int64_t S = MAX(E, G);
1158 /*
1159 * Case 2: Both Guards and Exits are scarce
1160 * Balance D between E and G, depending upon
1161 * D capacity and scarcity.
1162 */
1163 if (R+D < S) { // Subcase a
1164 Wgg = weight_scale;
1165 Wee = weight_scale;
1166 Wmg = 0;
1167 Wme = 0;
1168 Wmd = 0;
1169 if (E < G) {
1170 casename = "Case 2a (E scarce)";
1171 Wed = weight_scale;
1172 Wgd = 0;
1173 } else { /* E >= G */
1174 casename = "Case 2a (G scarce)";
1175 Wed = 0;
1176 Wgd = weight_scale;
1177 }
1178 } else { // Subcase b: R+D >= S
1179 casename = "Case 2b1 (Wgg=weight_scale, Wmd=Wgd)";
1180 Wee = (weight_scale*(E - G + M))/E;
1181 Wed = (weight_scale*(D - 2*E + 4*G - 2*M))/(3*D);
1182 Wme = (weight_scale*(G-M))/E;
1183 Wmg = 0;
1184 Wgg = weight_scale;
1185 Wmd = (weight_scale - Wed)/2;
1186 Wgd = (weight_scale - Wed)/2;
1187
1188 berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed,
1189 weight_scale, G, M, E, D, T, 10, 1);
1190
1191 if (berr) {
1192 casename = "Case 2b2 (Wgg=weight_scale, Wee=weight_scale)";
1193 Wgg = weight_scale;
1194 Wee = weight_scale;
1195 Wed = (weight_scale*(D - 2*E + G + M))/(3*D);
1196 Wmd = (weight_scale*(D - 2*M + G + E))/(3*D);
1197 Wme = 0;
1198 Wmg = 0;
1199
1200 if (Wmd < 0) { // Can happen if M > T/3
1201 casename = "Case 2b3 (Wmd=0)";
1202 Wmd = 0;
1203 log_warn(LD_DIR,
1204 "Too much Middle bandwidth on the network to calculate "
1205 "balanced bandwidth-weights. Consider increasing the "
1206 "number of Guard nodes by lowering the requirements.");
1207 }
1208 Wgd = weight_scale - Wed - Wmd;
1209 berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee,
1210 Wed, weight_scale, G, M, E, D, T, 10, 1);
1211 }
1212 if (berr != BW_WEIGHTS_NO_ERROR &&
1213 berr != BW_WEIGHTS_BALANCE_MID_ERROR) {
1214 log_warn(LD_DIR,
1215 "Bw Weights error %d for %s v10. G=%"PRId64" M=%"PRId64
1216 " E=%"PRId64" D=%"PRId64" T=%"PRId64
1217 " Wmd=%d Wme=%d Wmg=%d Wed=%d Wee=%d"
1218 " Wgd=%d Wgg=%d Wme=%d Wmg=%d weight_scale=%d",
1219 berr, casename,
1220 (G), (M), (E),
1221 (D), (T),
1222 (int)Wmd, (int)Wme, (int)Wmg, (int)Wed, (int)Wee,
1223 (int)Wgd, (int)Wgg, (int)Wme, (int)Wmg, (int)weight_scale);
1224 return 0;
1225 }
1226 }
1227 } else { // if (E < T/3 || G < T/3) {
1228 int64_t S = MIN(E, G);
1229 // Case 3: Exactly one of Guard or Exit is scarce
1230 if (!(3*E < T || 3*G < T) || !(3*G >= T || 3*E >= T)) {
1231 log_warn(LD_BUG,
1232 "Bw-Weights Case 3 v10 but with G=%"PRId64" M="
1233 "%"PRId64" E=%"PRId64" D=%"PRId64" T=%"PRId64,
1234 (G), (M), (E),
1235 (D), (T));
1236 }
1237
1238 if (3*(S+D) < T) { // Subcase a: S+D < T/3
1239 if (G < E) {
1240 casename = "Case 3a (G scarce)";
1241 Wgg = Wgd = weight_scale;
1242 Wmd = Wed = Wmg = 0;
1243 // Minor subcase, if E is more scarce than M,
1244 // keep its bandwidth in place.
1245 if (E < M) Wme = 0;
1246 else Wme = (weight_scale*(E-M))/(2*E);
1247 Wee = weight_scale-Wme;
1248 } else { // G >= E
1249 casename = "Case 3a (E scarce)";
1250 Wee = Wed = weight_scale;
1251 Wmd = Wgd = Wme = 0;
1252 // Minor subcase, if G is more scarce than M,
1253 // keep its bandwidth in place.
1254 if (G < M) Wmg = 0;
1255 else Wmg = (weight_scale*(G-M))/(2*G);
1256 Wgg = weight_scale-Wmg;
1257 }
1258 } else { // Subcase b: S+D >= T/3
1259 // D != 0 because S+D >= T/3
1260 if (G < E) {
1261 casename = "Case 3bg (G scarce, Wgg=weight_scale, Wmd == Wed)";
1262 Wgg = weight_scale;
1263 Wgd = (weight_scale*(D - 2*G + E + M))/(3*D);
1264 Wmg = 0;
1265 Wee = (weight_scale*(E+M))/(2*E);
1266 Wme = weight_scale - Wee;
1267 Wmd = (weight_scale - Wgd)/2;
1268 Wed = (weight_scale - Wgd)/2;
1269
1270 berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee,
1271 Wed, weight_scale, G, M, E, D, T, 10, 1);
1272 } else { // G >= E
1273 casename = "Case 3be (E scarce, Wee=weight_scale, Wmd == Wgd)";
1274 Wee = weight_scale;
1275 Wed = (weight_scale*(D - 2*E + G + M))/(3*D);
1276 Wme = 0;
1277 Wgg = (weight_scale*(G+M))/(2*G);
1278 Wmg = weight_scale - Wgg;
1279 Wmd = (weight_scale - Wed)/2;
1280 Wgd = (weight_scale - Wed)/2;
1281
1282 berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee,
1283 Wed, weight_scale, G, M, E, D, T, 10, 1);
1284 }
1285 if (berr) {
1286 log_warn(LD_DIR,
1287 "Bw Weights error %d for %s v10. G=%"PRId64" M=%"PRId64
1288 " E=%"PRId64" D=%"PRId64" T=%"PRId64
1289 " Wmd=%d Wme=%d Wmg=%d Wed=%d Wee=%d"
1290 " Wgd=%d Wgg=%d Wme=%d Wmg=%d weight_scale=%d",
1291 berr, casename,
1292 (G), (M), (E),
1293 (D), (T),
1294 (int)Wmd, (int)Wme, (int)Wmg, (int)Wed, (int)Wee,
1295 (int)Wgd, (int)Wgg, (int)Wme, (int)Wmg, (int)weight_scale);
1296 return 0;
1297 }
1298 }
1299 }
1300
1301 /* We cast down the weights to 32 bit ints on the assumption that
1302 * weight_scale is ~= 10000. We need to ensure a rogue authority
1303 * doesn't break this assumption to rig our weights */
1304 tor_assert(0 < weight_scale && weight_scale <= INT32_MAX);
1305
1306 /*
1307 * Provide Wgm=Wgg, Wmm=weight_scale, Wem=Wee, Weg=Wed. May later determine
1308 * that middle nodes need different bandwidth weights for dirport traffic,
1309 * or that weird exit policies need special weight, or that bridges
1310 * need special weight.
1311 *
1312 * NOTE: This list is sorted.
1313 */
1315 "bandwidth-weights Wbd=%d Wbe=%d Wbg=%d Wbm=%d "
1316 "Wdb=%d "
1317 "Web=%d Wed=%d Wee=%d Weg=%d Wem=%d "
1318 "Wgb=%d Wgd=%d Wgg=%d Wgm=%d "
1319 "Wmb=%d Wmd=%d Wme=%d Wmg=%d Wmm=%d\n",
1320 (int)Wmd, (int)Wme, (int)Wmg, (int)weight_scale,
1321 (int)weight_scale,
1322 (int)weight_scale, (int)Wed, (int)Wee, (int)Wed, (int)Wee,
1323 (int)weight_scale, (int)Wgd, (int)Wgg, (int)Wgg,
1324 (int)weight_scale, (int)Wmd, (int)Wme, (int)Wmg, (int)weight_scale);
1325
1326 log_notice(LD_CIRC, "Computed bandwidth weights for %s with v10: "
1327 "G=%"PRId64" M=%"PRId64" E=%"PRId64" D=%"PRId64
1328 " T=%"PRId64,
1329 casename,
1330 (G), (M), (E),
1331 (D), (T));
1332 return 1;
1333}
1334
1335/** Update total bandwidth weights (G/M/E/D/T) with the bandwidth of
1336 * the router in <b>rs</b>. */
1337static void
1339 int is_exit, int is_guard,
1340 int64_t *G, int64_t *M, int64_t *E, int64_t *D,
1341 int64_t *T)
1342{
1343 int default_bandwidth = rs->bandwidth_kb;
1344 int guardfraction_bandwidth = 0;
1345
1346 if (!rs->has_bandwidth) {
1347 log_info(LD_BUG, "Missing consensus bandwidth for router %s",
1348 rs->nickname);
1349 return;
1350 }
1351
1352 /* If this routerstatus represents a guard that we have
1353 * guardfraction information on, use it to calculate its actual
1354 * bandwidth. From proposal236:
1355 *
1356 * Similarly, when calculating the bandwidth-weights line as in
1357 * section 3.8.3 of dir-spec.txt, directory authorities should treat N
1358 * as if fraction F of its bandwidth has the guard flag and (1-F) does
1359 * not. So when computing the totals G,M,E,D, each relay N with guard
1360 * visibility fraction F and bandwidth B should be added as follows:
1361 *
1362 * G' = G + F*B, if N does not have the exit flag
1363 * M' = M + (1-F)*B, if N does not have the exit flag
1364 *
1365 * or
1366 *
1367 * D' = D + F*B, if N has the exit flag
1368 * E' = E + (1-F)*B, if N has the exit flag
1369 *
1370 * In this block of code, we prepare the bandwidth values by setting
1371 * the default_bandwidth to F*B and guardfraction_bandwidth to (1-F)*B.
1372 */
1373 if (rs->has_guardfraction) {
1374 guardfraction_bandwidth_t guardfraction_bw;
1375
1376 tor_assert(is_guard);
1377
1378 guard_get_guardfraction_bandwidth(&guardfraction_bw,
1379 rs->bandwidth_kb,
1381
1382 default_bandwidth = guardfraction_bw.guard_bw;
1383 guardfraction_bandwidth = guardfraction_bw.non_guard_bw;
1384 }
1385
1386 /* Now calculate the total bandwidth weights with or without
1387 * guardfraction. Depending on the flags of the relay, add its
1388 * bandwidth to the appropriate weight pool. If it's a guard and
1389 * guardfraction is enabled, add its bandwidth to both pools as
1390 * indicated by the previous comment.
1391 */
1392 *T += default_bandwidth;
1393 if (is_exit && is_guard) {
1394
1395 *D += default_bandwidth;
1396 if (rs->has_guardfraction) {
1397 *E += guardfraction_bandwidth;
1398 }
1399
1400 } else if (is_exit) {
1401
1402 *E += default_bandwidth;
1403
1404 } else if (is_guard) {
1405
1406 *G += default_bandwidth;
1407 if (rs->has_guardfraction) {
1408 *M += guardfraction_bandwidth;
1409 }
1410
1411 } else {
1412
1413 *M += default_bandwidth;
1414 }
1415}
1416
1417/** Considering the different recommended/required protocols sets as a
1418 * 4-element array, return the element from <b>vote</b> for that protocol
1419 * set.
1420 */
1421static const char *
1423{
1424 switch (n) {
1425 case 0: return vote->recommended_client_protocols;
1426 case 1: return vote->recommended_relay_protocols;
1427 case 2: return vote->required_client_protocols;
1428 case 3: return vote->required_relay_protocols;
1429 default:
1430 tor_assert_unreached();
1431 return NULL;
1432 }
1433}
1434
1435/** Considering the different recommended/required protocols sets as a
1436 * 4-element array, return a newly allocated string for the consensus value
1437 * for the n'th set.
1438 */
1439static char *
1440compute_nth_protocol_set(int n, int n_voters, const smartlist_t *votes)
1441{
1442 const char *keyword;
1443 smartlist_t *proto_votes = smartlist_new();
1444 int threshold;
1445 switch (n) {
1446 case 0:
1447 keyword = "recommended-client-protocols";
1448 threshold = CEIL_DIV(n_voters, 2);
1449 break;
1450 case 1:
1451 keyword = "recommended-relay-protocols";
1452 threshold = CEIL_DIV(n_voters, 2);
1453 break;
1454 case 2:
1455 keyword = "required-client-protocols";
1456 threshold = CEIL_DIV(n_voters * 2, 3);
1457 break;
1458 case 3:
1459 keyword = "required-relay-protocols";
1460 threshold = CEIL_DIV(n_voters * 2, 3);
1461 break;
1462 default:
1463 tor_assert_unreached();
1464 return NULL;
1465 }
1466
1467 SMARTLIST_FOREACH_BEGIN(votes, const networkstatus_t *, ns) {
1468 const char *v = get_nth_protocol_set_vote(n, ns);
1469 if (v)
1470 smartlist_add(proto_votes, (void*)v);
1471 } SMARTLIST_FOREACH_END(ns);
1472
1473 char *protocols = protover_compute_vote(proto_votes, threshold);
1474 smartlist_free(proto_votes);
1475
1476 char *result = NULL;
1477 tor_asprintf(&result, "%s %s\n", keyword, protocols);
1478 tor_free(protocols);
1479
1480 return result;
1481}
1482
1483/** Helper: Takes a smartlist of `const char *` flags, and a flag to remove.
1484 *
1485 * Removes that flag if it is present in the list. Doesn't free it.
1486 */
1487static void
1488remove_flag(smartlist_t *sl, const char *flag)
1489{
1490 /* We can't use smartlist_string_remove() here, since that doesn't preserve
1491 * order, and since it frees elements from the string. */
1492
1493 int idx = smartlist_string_pos(sl, flag);
1494 if (idx >= 0)
1495 smartlist_del_keeporder(sl, idx);
1496}
1497
1498/** Given a list of vote networkstatus_t in <b>votes</b>, our public
1499 * authority <b>identity_key</b>, our private authority <b>signing_key</b>,
1500 * and the number of <b>total_authorities</b> that we believe exist in our
1501 * voting quorum, generate the text of a new v3 consensus or microdescriptor
1502 * consensus (depending on <b>flavor</b>), and return the value in a newly
1503 * allocated string.
1504 *
1505 * Note: this function DOES NOT check whether the votes are from
1506 * recognized authorities. (dirvote_add_vote does that.)
1507 *
1508 * <strong>WATCH OUT</strong>: You need to think before you change the
1509 * behavior of this function, or of the functions it calls! If some
1510 * authorities compute the consensus with a different algorithm than
1511 * others, they will not reach the same result, and they will not all
1512 * sign the same thing! If you really need to change the algorithm
1513 * here, you should allocate a new "consensus_method" for the new
1514 * behavior, and make the new behavior conditional on a new-enough
1515 * consensus_method.
1516 **/
1517STATIC char *
1519 int total_authorities,
1520 crypto_pk_t *identity_key,
1521 crypto_pk_t *signing_key,
1522 const char *legacy_id_key_digest,
1524 consensus_flavor_t flavor)
1525{
1526 smartlist_t *chunks;
1527 char *result = NULL;
1528 int consensus_method;
1529 time_t valid_after, fresh_until, valid_until;
1530 int vote_seconds, dist_seconds;
1531 char *client_versions = NULL, *server_versions = NULL;
1532 smartlist_t *flags;
1533 const char *flavor_name;
1534 uint32_t max_unmeasured_bw_kb = DEFAULT_MAX_UNMEASURED_BW_KB;
1535 int64_t G, M, E, D, T; /* For bandwidth weights */
1536 const routerstatus_format_type_t rs_format =
1537 flavor == FLAV_NS ? NS_V3_CONSENSUS : NS_V3_CONSENSUS_MICRODESC;
1538 char *params = NULL;
1539 char *packages = NULL;
1540 int added_weights = 0;
1541 dircollator_t *collator = NULL;
1542 smartlist_t *param_list = NULL;
1543
1544 tor_assert(flavor == FLAV_NS || flavor == FLAV_MICRODESC);
1545 tor_assert(total_authorities >= smartlist_len(votes));
1546 tor_assert(total_authorities > 0);
1547
1548 flavor_name = networkstatus_get_flavor_name(flavor);
1549
1550 if (!smartlist_len(votes)) {
1551 log_warn(LD_DIR, "Can't compute a consensus from no votes.");
1552 return NULL;
1553 }
1554 flags = smartlist_new();
1555
1556 consensus_method = compute_consensus_method(votes);
1557 if (consensus_method_is_supported(consensus_method)) {
1558 log_info(LD_DIR, "Generating consensus using method %d.",
1559 consensus_method);
1560 } else {
1561 log_warn(LD_DIR, "The other authorities will use consensus method %d, "
1562 "which I don't support. Maybe I should upgrade!",
1563 consensus_method);
1564 consensus_method = MAX_SUPPORTED_CONSENSUS_METHOD;
1565 }
1566
1567 {
1568 /* It's smarter to initialize these weights to 1, so that later on,
1569 * we can't accidentally divide by zero. */
1570 G = M = E = D = 1;
1571 T = 4;
1572 }
1573
1574 /* Compute medians of time-related things, and figure out how many
1575 * routers we might need to talk about. */
1576 {
1577 int n_votes = smartlist_len(votes);
1578 time_t *va_times = tor_calloc(n_votes, sizeof(time_t));
1579 time_t *fu_times = tor_calloc(n_votes, sizeof(time_t));
1580 time_t *vu_times = tor_calloc(n_votes, sizeof(time_t));
1581 int *votesec_list = tor_calloc(n_votes, sizeof(int));
1582 int *distsec_list = tor_calloc(n_votes, sizeof(int));
1583 int n_versioning_clients = 0, n_versioning_servers = 0;
1584 smartlist_t *combined_client_versions = smartlist_new();
1585 smartlist_t *combined_server_versions = smartlist_new();
1586
1588 tor_assert(v->type == NS_TYPE_VOTE);
1589 va_times[v_sl_idx] = v->valid_after;
1590 fu_times[v_sl_idx] = v->fresh_until;
1591 vu_times[v_sl_idx] = v->valid_until;
1592 votesec_list[v_sl_idx] = v->vote_seconds;
1593 distsec_list[v_sl_idx] = v->dist_seconds;
1594 if (v->client_versions) {
1595 smartlist_t *cv = smartlist_new();
1596 ++n_versioning_clients;
1597 smartlist_split_string(cv, v->client_versions, ",",
1598 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1599 sort_version_list(cv, 1);
1600 smartlist_add_all(combined_client_versions, cv);
1601 smartlist_free(cv); /* elements get freed later. */
1602 }
1603 if (v->server_versions) {
1604 smartlist_t *sv = smartlist_new();
1605 ++n_versioning_servers;
1606 smartlist_split_string(sv, v->server_versions, ",",
1607 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1608 sort_version_list(sv, 1);
1609 smartlist_add_all(combined_server_versions, sv);
1610 smartlist_free(sv); /* elements get freed later. */
1611 }
1612 SMARTLIST_FOREACH(v->known_flags, const char *, cp,
1613 smartlist_add_strdup(flags, cp));
1614 } SMARTLIST_FOREACH_END(v);
1615 valid_after = median_time(va_times, n_votes);
1616 fresh_until = median_time(fu_times, n_votes);
1617 valid_until = median_time(vu_times, n_votes);
1618 vote_seconds = median_int(votesec_list, n_votes);
1619 dist_seconds = median_int(distsec_list, n_votes);
1620
1621 tor_assert(valid_after +
1622 (get_options()->TestingTorNetwork ?
1624 tor_assert(fresh_until +
1625 (get_options()->TestingTorNetwork ?
1627 tor_assert(vote_seconds >= MIN_VOTE_SECONDS);
1628 tor_assert(dist_seconds >= MIN_DIST_SECONDS);
1629
1630 server_versions = compute_consensus_versions_list(combined_server_versions,
1631 n_versioning_servers);
1632 client_versions = compute_consensus_versions_list(combined_client_versions,
1633 n_versioning_clients);
1634
1635 if (consensus_method < MIN_METHOD_TO_OMIT_PACKAGE_FINGERPRINTS)
1636 packages = tor_strdup("");
1637 else
1638 packages = compute_consensus_package_lines(votes);
1639
1640 SMARTLIST_FOREACH(combined_server_versions, char *, cp, tor_free(cp));
1641 SMARTLIST_FOREACH(combined_client_versions, char *, cp, tor_free(cp));
1642 smartlist_free(combined_server_versions);
1643 smartlist_free(combined_client_versions);
1644
1645 smartlist_add_strdup(flags, "NoEdConsensus");
1646
1649
1650 tor_free(va_times);
1651 tor_free(fu_times);
1652 tor_free(vu_times);
1653 tor_free(votesec_list);
1654 tor_free(distsec_list);
1655 }
1656 // True if anybody is voting on the BadExit flag.
1657 const bool badexit_flag_is_listed =
1658 smartlist_contains_string(flags, "BadExit");
1659
1660 chunks = smartlist_new();
1661
1662 {
1663 char va_buf[ISO_TIME_LEN+1], fu_buf[ISO_TIME_LEN+1],
1664 vu_buf[ISO_TIME_LEN+1];
1665 char *flaglist;
1666 format_iso_time(va_buf, valid_after);
1667 format_iso_time(fu_buf, fresh_until);
1668 format_iso_time(vu_buf, valid_until);
1669 flaglist = smartlist_join_strings(flags, " ", 0, NULL);
1670
1671 smartlist_add_asprintf(chunks, "network-status-version 3%s%s\n"
1672 "vote-status consensus\n",
1673 flavor == FLAV_NS ? "" : " ",
1674 flavor == FLAV_NS ? "" : flavor_name);
1675
1676 smartlist_add_asprintf(chunks, "consensus-method %d\n",
1677 consensus_method);
1678
1680 "valid-after %s\n"
1681 "fresh-until %s\n"
1682 "valid-until %s\n"
1683 "voting-delay %d %d\n"
1684 "client-versions %s\n"
1685 "server-versions %s\n"
1686 "%s" /* packages */
1687 "known-flags %s\n",
1688 va_buf, fu_buf, vu_buf,
1689 vote_seconds, dist_seconds,
1690 client_versions, server_versions,
1691 packages,
1692 flaglist);
1693
1694 tor_free(flaglist);
1695 }
1696
1697 {
1698 int num_dirauth = get_n_authorities(V3_DIRINFO);
1699 int idx;
1700 for (idx = 0; idx < 4; ++idx) {
1701 char *proto_line = compute_nth_protocol_set(idx, num_dirauth, votes);
1702 if (BUG(!proto_line))
1703 continue;
1704 smartlist_add(chunks, proto_line);
1705 }
1706 }
1707
1708 param_list = dirvote_compute_params(votes, consensus_method,
1709 total_authorities);
1710 if (smartlist_len(param_list)) {
1711 params = smartlist_join_strings(param_list, " ", 0, NULL);
1712 smartlist_add_strdup(chunks, "params ");
1713 smartlist_add(chunks, params);
1714 smartlist_add_strdup(chunks, "\n");
1715 }
1716
1717 {
1718 int num_dirauth = get_n_authorities(V3_DIRINFO);
1719 /* Default value of this is 2/3 of the total number of authorities. For
1720 * instance, if we have 9 dirauth, the default value is 6. The following
1721 * calculation will round it down. */
1722 int32_t num_srv_agreements =
1724 "AuthDirNumSRVAgreements",
1725 (num_dirauth * 2) / 3);
1726 /* Add the shared random value. */
1727 char *srv_lines = sr_get_string_for_consensus(votes, num_srv_agreements);
1728 if (srv_lines != NULL) {
1729 smartlist_add(chunks, srv_lines);
1730 }
1731 }
1732
1733 /* Sort the votes. */
1735 /* Add the authority sections. */
1736 {
1737 smartlist_t *dir_sources = smartlist_new();
1739 dir_src_ent_t *e = tor_malloc_zero(sizeof(dir_src_ent_t));
1740 e->v = v;
1741 e->digest = get_voter(v)->identity_digest;
1742 e->is_legacy = 0;
1743 smartlist_add(dir_sources, e);
1744 if (!tor_digest_is_zero(get_voter(v)->legacy_id_digest)) {
1745 dir_src_ent_t *e_legacy = tor_malloc_zero(sizeof(dir_src_ent_t));
1746 e_legacy->v = v;
1747 e_legacy->digest = get_voter(v)->legacy_id_digest;
1748 e_legacy->is_legacy = 1;
1749 smartlist_add(dir_sources, e_legacy);
1750 }
1751 } SMARTLIST_FOREACH_END(v);
1753
1754 SMARTLIST_FOREACH_BEGIN(dir_sources, const dir_src_ent_t *, e) {
1755 char fingerprint[HEX_DIGEST_LEN+1];
1756 char votedigest[HEX_DIGEST_LEN+1];
1757 networkstatus_t *v = e->v;
1759
1760 base16_encode(fingerprint, sizeof(fingerprint), e->digest, DIGEST_LEN);
1761 base16_encode(votedigest, sizeof(votedigest), voter->vote_digest,
1762 DIGEST_LEN);
1763
1765 "dir-source %s%s %s %s %s %d %d\n",
1766 voter->nickname, e->is_legacy ? "-legacy" : "",
1767 fingerprint, voter->address, fmt_addr(&voter->ipv4_addr),
1768 voter->ipv4_dirport,
1769 voter->ipv4_orport);
1770 if (! e->is_legacy) {
1772 "contact %s\n"
1773 "vote-digest %s\n",
1774 voter->contact,
1775 votedigest);
1776 }
1777 } SMARTLIST_FOREACH_END(e);
1778 SMARTLIST_FOREACH(dir_sources, dir_src_ent_t *, e, tor_free(e));
1779 smartlist_free(dir_sources);
1780 }
1781
1782 {
1783 if (consensus_method < MIN_METHOD_FOR_CORRECT_BWWEIGHTSCALE) {
1784 max_unmeasured_bw_kb = (int32_t) extract_param_buggy(
1785 params, "maxunmeasuredbw", DEFAULT_MAX_UNMEASURED_BW_KB);
1786 } else {
1787 max_unmeasured_bw_kb = dirvote_get_intermediate_param_value(
1788 param_list, "maxunmeasurdbw", DEFAULT_MAX_UNMEASURED_BW_KB);
1789 if (max_unmeasured_bw_kb < 1)
1790 max_unmeasured_bw_kb = 1;
1791 }
1792 }
1793
1794 /* Add the actual router entries. */
1795 {
1796 int *size; /* size[j] is the number of routerstatuses in votes[j]. */
1797 int *flag_counts; /* The number of voters that list flag[j] for the
1798 * currently considered router. */
1799 int i;
1800 smartlist_t *matching_descs = smartlist_new();
1801 smartlist_t *chosen_flags = smartlist_new();
1802 smartlist_t *versions = smartlist_new();
1803 smartlist_t *protocols = smartlist_new();
1804 smartlist_t *exitsummaries = smartlist_new();
1805 uint32_t *bandwidths_kb = tor_calloc(smartlist_len(votes),
1806 sizeof(uint32_t));
1807 uint32_t *measured_bws_kb = tor_calloc(smartlist_len(votes),
1808 sizeof(uint32_t));
1809 uint32_t *measured_guardfraction = tor_calloc(smartlist_len(votes),
1810 sizeof(uint32_t));
1811 int num_bandwidths;
1812 int num_mbws;
1813 int num_guardfraction_inputs;
1814
1815 int *n_voter_flags; /* n_voter_flags[j] is the number of flags that
1816 * votes[j] knows about. */
1817 int *n_flag_voters; /* n_flag_voters[f] is the number of votes that care
1818 * about flags[f]. */
1819 int **flag_map; /* flag_map[j][b] is an index f such that flag_map[f]
1820 * is the same flag as votes[j]->known_flags[b]. */
1821 int *named_flag; /* Index of the flag "Named" for votes[j] */
1822 int *unnamed_flag; /* Index of the flag "Unnamed" for votes[j] */
1823 int n_authorities_measuring_bandwidth;
1824
1825 strmap_t *name_to_id_map = strmap_new();
1826 char conflict[DIGEST_LEN];
1827 char unknown[DIGEST_LEN];
1828 memset(conflict, 0, sizeof(conflict));
1829 memset(unknown, 0xff, sizeof(conflict));
1830
1831 size = tor_calloc(smartlist_len(votes), sizeof(int));
1832 n_voter_flags = tor_calloc(smartlist_len(votes), sizeof(int));
1833 n_flag_voters = tor_calloc(smartlist_len(flags), sizeof(int));
1834 flag_map = tor_calloc(smartlist_len(votes), sizeof(int *));
1835 named_flag = tor_calloc(smartlist_len(votes), sizeof(int));
1836 unnamed_flag = tor_calloc(smartlist_len(votes), sizeof(int));
1837 for (i = 0; i < smartlist_len(votes); ++i)
1838 unnamed_flag[i] = named_flag[i] = -1;
1839
1840 /* Build the flag indexes. Note that no vote can have more than 64 members
1841 * for known_flags, so no value will be greater than 63, so it's safe to
1842 * do UINT64_C(1) << index on these values. But note also that
1843 * named_flag and unnamed_flag are initialized to -1, so we need to check
1844 * that they're actually set before doing UINT64_C(1) << index with
1845 * them.*/
1847 flag_map[v_sl_idx] = tor_calloc(smartlist_len(v->known_flags),
1848 sizeof(int));
1849 if (smartlist_len(v->known_flags) > MAX_KNOWN_FLAGS_IN_VOTE) {
1850 log_warn(LD_BUG, "Somehow, a vote has %d entries in known_flags",
1851 smartlist_len(v->known_flags));
1852 }
1853 SMARTLIST_FOREACH_BEGIN(v->known_flags, const char *, fl) {
1854 int p = smartlist_string_pos(flags, fl);
1855 tor_assert(p >= 0);
1856 flag_map[v_sl_idx][fl_sl_idx] = p;
1857 ++n_flag_voters[p];
1858 if (!strcmp(fl, "Named"))
1859 named_flag[v_sl_idx] = fl_sl_idx;
1860 if (!strcmp(fl, "Unnamed"))
1861 unnamed_flag[v_sl_idx] = fl_sl_idx;
1862 } SMARTLIST_FOREACH_END(fl);
1863 n_voter_flags[v_sl_idx] = smartlist_len(v->known_flags);
1864 size[v_sl_idx] = smartlist_len(v->routerstatus_list);
1865 } SMARTLIST_FOREACH_END(v);
1866
1867 /* Named and Unnamed get treated specially */
1868 {
1870 uint64_t nf;
1871 if (named_flag[v_sl_idx]<0)
1872 continue;
1873 nf = UINT64_C(1) << named_flag[v_sl_idx];
1874 SMARTLIST_FOREACH_BEGIN(v->routerstatus_list,
1875 vote_routerstatus_t *, rs) {
1876
1877 if ((rs->flags & nf) != 0) {
1878 const char *d = strmap_get_lc(name_to_id_map, rs->status.nickname);
1879 if (!d) {
1880 /* We have no name officially mapped to this digest. */
1881 strmap_set_lc(name_to_id_map, rs->status.nickname,
1882 rs->status.identity_digest);
1883 } else if (d != conflict &&
1884 fast_memcmp(d, rs->status.identity_digest, DIGEST_LEN)) {
1885 /* Authorities disagree about this nickname. */
1886 strmap_set_lc(name_to_id_map, rs->status.nickname, conflict);
1887 } else {
1888 /* It's already a conflict, or it's already this ID. */
1889 }
1890 }
1891 } SMARTLIST_FOREACH_END(rs);
1892 } SMARTLIST_FOREACH_END(v);
1893
1895 uint64_t uf;
1896 if (unnamed_flag[v_sl_idx]<0)
1897 continue;
1898 uf = UINT64_C(1) << unnamed_flag[v_sl_idx];
1899 SMARTLIST_FOREACH_BEGIN(v->routerstatus_list,
1900 vote_routerstatus_t *, rs) {
1901 if ((rs->flags & uf) != 0) {
1902 const char *d = strmap_get_lc(name_to_id_map, rs->status.nickname);
1903 if (d == conflict || d == unknown) {
1904 /* Leave it alone; we know what it is. */
1905 } else if (!d) {
1906 /* We have no name officially mapped to this digest. */
1907 strmap_set_lc(name_to_id_map, rs->status.nickname, unknown);
1908 } else if (fast_memeq(d, rs->status.identity_digest, DIGEST_LEN)) {
1909 /* Authorities disagree about this nickname. */
1910 strmap_set_lc(name_to_id_map, rs->status.nickname, conflict);
1911 } else {
1912 /* It's mapped to a different name. */
1913 }
1914 }
1915 } SMARTLIST_FOREACH_END(rs);
1916 } SMARTLIST_FOREACH_END(v);
1917 }
1918
1919 /* We need to know how many votes measure bandwidth. */
1920 n_authorities_measuring_bandwidth = 0;
1921 SMARTLIST_FOREACH(votes, const networkstatus_t *, v,
1922 if (v->has_measured_bws) {
1923 ++n_authorities_measuring_bandwidth;
1924 }
1925 );
1926
1927 /* Populate the collator */
1928 collator = dircollator_new(smartlist_len(votes), total_authorities);
1930 dircollator_add_vote(collator, v);
1931 } SMARTLIST_FOREACH_END(v);
1932
1933 dircollator_collate(collator, consensus_method);
1934
1935 /* Now go through all the votes */
1936 flag_counts = tor_calloc(smartlist_len(flags), sizeof(int));
1937 const int num_routers = dircollator_n_routers(collator);
1938 for (i = 0; i < num_routers; ++i) {
1939 vote_routerstatus_t **vrs_lst =
1941
1943 routerstatus_t rs_out;
1944 const char *current_rsa_id = NULL;
1945 const char *chosen_version;
1946 const char *chosen_protocol_list;
1947 const char *chosen_name = NULL;
1948 int exitsummary_disagreement = 0;
1949 int is_named = 0, is_unnamed = 0, is_running = 0, is_valid = 0;
1950 int is_guard = 0, is_exit = 0, is_bad_exit = 0, is_middle_only = 0;
1951 int naming_conflict = 0;
1952 int n_listing = 0;
1953 char microdesc_digest[DIGEST256_LEN];
1954 tor_addr_port_t alt_orport = {TOR_ADDR_NULL, 0};
1955
1956 memset(flag_counts, 0, sizeof(int)*smartlist_len(flags));
1957 smartlist_clear(matching_descs);
1958 smartlist_clear(chosen_flags);
1959 smartlist_clear(versions);
1960 smartlist_clear(protocols);
1961 num_bandwidths = 0;
1962 num_mbws = 0;
1963 num_guardfraction_inputs = 0;
1964 int ed_consensus = 0;
1965 const uint8_t *ed_consensus_val = NULL;
1966
1967 /* Okay, go through all the entries for this digest. */
1968 for (int voter_idx = 0; voter_idx < smartlist_len(votes); ++voter_idx) {
1969 if (vrs_lst[voter_idx] == NULL)
1970 continue; /* This voter had nothing to say about this entry. */
1971 rs = vrs_lst[voter_idx];
1972 ++n_listing;
1973
1974 current_rsa_id = rs->status.identity_digest;
1975
1976 smartlist_add(matching_descs, rs);
1977 if (rs->version && rs->version[0])
1978 smartlist_add(versions, rs->version);
1979
1980 if (rs->protocols) {
1981 /* We include this one even if it's empty: voting for an
1982 * empty protocol list actually is meaningful. */
1983 smartlist_add(protocols, rs->protocols);
1984 }
1985
1986 /* Tally up all the flags. */
1987 for (int flag = 0; flag < n_voter_flags[voter_idx]; ++flag) {
1988 if (rs->flags & (UINT64_C(1) << flag))
1989 ++flag_counts[flag_map[voter_idx][flag]];
1990 }
1991 if (named_flag[voter_idx] >= 0 &&
1992 (rs->flags & (UINT64_C(1) << named_flag[voter_idx]))) {
1993 if (chosen_name && strcmp(chosen_name, rs->status.nickname)) {
1994 log_notice(LD_DIR, "Conflict on naming for router: %s vs %s",
1995 chosen_name, rs->status.nickname);
1996 naming_conflict = 1;
1997 }
1998 chosen_name = rs->status.nickname;
1999 }
2000
2001 /* Count guardfraction votes and note down the values. */
2002 if (rs->status.has_guardfraction) {
2003 measured_guardfraction[num_guardfraction_inputs++] =
2005 }
2006
2007 /* count bandwidths */
2008 if (rs->has_measured_bw)
2009 measured_bws_kb[num_mbws++] = rs->measured_bw_kb;
2010
2011 if (rs->status.has_bandwidth)
2012 bandwidths_kb[num_bandwidths++] = rs->status.bandwidth_kb;
2013
2014 /* Count number for which ed25519 is canonical. */
2016 ++ed_consensus;
2017 if (ed_consensus_val) {
2018 tor_assert(fast_memeq(ed_consensus_val, rs->ed25519_id,
2020 } else {
2021 ed_consensus_val = rs->ed25519_id;
2022 }
2023 }
2024 }
2025
2026 /* We don't include this router at all unless more than half of
2027 * the authorities we believe in list it. */
2028 if (n_listing <= total_authorities/2)
2029 continue;
2030
2031 if (ed_consensus > 0) {
2032 if (ed_consensus <= total_authorities / 2) {
2033 log_warn(LD_BUG, "Not enough entries had ed_consensus set; how "
2034 "can we have a consensus of %d?", ed_consensus);
2035 }
2036 }
2037
2038 /* The clangalyzer can't figure out that this will never be NULL
2039 * if n_listing is at least 1 */
2040 tor_assert(current_rsa_id);
2041
2042 /* Figure out the most popular opinion of what the most recent
2043 * routerinfo and its contents are. */
2044 memset(microdesc_digest, 0, sizeof(microdesc_digest));
2045 rs = compute_routerstatus_consensus(matching_descs, consensus_method,
2046 microdesc_digest, &alt_orport);
2047 /* Copy bits of that into rs_out. */
2048 memset(&rs_out, 0, sizeof(rs_out));
2049 tor_assert(fast_memeq(current_rsa_id,
2051 memcpy(rs_out.identity_digest, current_rsa_id, DIGEST_LEN);
2052 memcpy(rs_out.descriptor_digest, rs->status.descriptor_digest,
2053 DIGEST_LEN);
2054 tor_addr_copy(&rs_out.ipv4_addr, &rs->status.ipv4_addr);
2055 rs_out.ipv4_dirport = rs->status.ipv4_dirport;
2056 rs_out.ipv4_orport = rs->status.ipv4_orport;
2057 tor_addr_copy(&rs_out.ipv6_addr, &alt_orport.addr);
2058 rs_out.ipv6_orport = alt_orport.port;
2059 rs_out.has_bandwidth = 0;
2060 rs_out.has_exitsummary = 0;
2061
2062 time_t published_on = rs->published_on;
2063
2064 /* Starting with this consensus method, we no longer include a
2065 meaningful published_on time for microdescriptor consensuses. This
2066 makes their diffs smaller and more compressible.
2067
2068 We need to keep including a meaningful published_on time for NS
2069 consensuses, however, until 035 relays are all obsolete. (They use
2070 it for a purpose similar to the current StaleDesc flag.)
2071 */
2072 if (consensus_method >= MIN_METHOD_TO_SUPPRESS_MD_PUBLISHED &&
2073 flavor == FLAV_MICRODESC) {
2074 published_on = -1;
2075 }
2076
2077 if (chosen_name && !naming_conflict) {
2078 strlcpy(rs_out.nickname, chosen_name, sizeof(rs_out.nickname));
2079 } else {
2080 strlcpy(rs_out.nickname, rs->status.nickname, sizeof(rs_out.nickname));
2081 }
2082
2083 {
2084 const char *d = strmap_get_lc(name_to_id_map, rs_out.nickname);
2085 if (!d) {
2086 is_named = is_unnamed = 0;
2087 } else if (fast_memeq(d, current_rsa_id, DIGEST_LEN)) {
2088 is_named = 1; is_unnamed = 0;
2089 } else {
2090 is_named = 0; is_unnamed = 1;
2091 }
2092 }
2093
2094 /* Set the flags. */
2095 SMARTLIST_FOREACH_BEGIN(flags, const char *, fl) {
2096 if (!strcmp(fl, "Named")) {
2097 if (is_named)
2098 smartlist_add(chosen_flags, (char*)fl);
2099 } else if (!strcmp(fl, "Unnamed")) {
2100 if (is_unnamed)
2101 smartlist_add(chosen_flags, (char*)fl);
2102 } else if (!strcmp(fl, "NoEdConsensus")) {
2103 if (ed_consensus <= total_authorities/2)
2104 smartlist_add(chosen_flags, (char*)fl);
2105 } else {
2106 if (flag_counts[fl_sl_idx] > n_flag_voters[fl_sl_idx]/2) {
2107 smartlist_add(chosen_flags, (char*)fl);
2108 if (!strcmp(fl, "Exit"))
2109 is_exit = 1;
2110 else if (!strcmp(fl, "Guard"))
2111 is_guard = 1;
2112 else if (!strcmp(fl, "Running"))
2113 is_running = 1;
2114 else if (!strcmp(fl, "BadExit"))
2115 is_bad_exit = 1;
2116 else if (!strcmp(fl, "MiddleOnly"))
2117 is_middle_only = 1;
2118 else if (!strcmp(fl, "Valid"))
2119 is_valid = 1;
2120 }
2121 }
2122 } SMARTLIST_FOREACH_END(fl);
2123
2124 /* Starting with consensus method 4 we do not list servers
2125 * that are not running in a consensus. See Proposal 138 */
2126 if (!is_running)
2127 continue;
2128
2129 /* Starting with consensus method 24, we don't list servers
2130 * that are not valid in a consensus. See Proposal 272 */
2131 if (!is_valid)
2132 continue;
2133
2134 /* Starting with consensus method 32, we handle the middle-only
2135 * flag specially: when it is present, we clear some flags, and
2136 * set others. */
2137 if (is_middle_only && consensus_method >= MIN_METHOD_FOR_MIDDLEONLY) {
2138 remove_flag(chosen_flags, "Exit");
2139 remove_flag(chosen_flags, "V2Dir");
2140 remove_flag(chosen_flags, "Guard");
2141 remove_flag(chosen_flags, "HSDir");
2142 is_exit = is_guard = 0;
2143 if (! is_bad_exit && badexit_flag_is_listed) {
2144 is_bad_exit = 1;
2145 smartlist_add(chosen_flags, (char *)"BadExit");
2146 smartlist_sort_strings(chosen_flags); // restore order.
2147 }
2148 }
2149
2150 /* Pick the version. */
2151 if (smartlist_len(versions)) {
2152 sort_version_list(versions, 0);
2153 chosen_version = get_most_frequent_member(versions);
2154 } else {
2155 chosen_version = NULL;
2156 }
2157
2158 /* Pick the protocol list */
2159 if (smartlist_len(protocols)) {
2160 smartlist_sort_strings(protocols);
2161 chosen_protocol_list = get_most_frequent_member(protocols);
2162 } else {
2163 chosen_protocol_list = NULL;
2164 }
2165
2166 /* If it's a guard and we have enough guardfraction votes,
2167 calculate its consensus guardfraction value. */
2168 if (is_guard && num_guardfraction_inputs > 2) {
2169 rs_out.has_guardfraction = 1;
2170 rs_out.guardfraction_percentage = median_uint32(measured_guardfraction,
2171 num_guardfraction_inputs);
2172 /* final value should be an integer percentage! */
2173 tor_assert(rs_out.guardfraction_percentage <= 100);
2174 }
2175
2176 /* Pick a bandwidth */
2177 if (num_mbws > 2) {
2178 rs_out.has_bandwidth = 1;
2179 rs_out.bw_is_unmeasured = 0;
2180 rs_out.bandwidth_kb = median_uint32(measured_bws_kb, num_mbws);
2181 } else if (num_bandwidths > 0) {
2182 rs_out.has_bandwidth = 1;
2183 rs_out.bw_is_unmeasured = 1;
2184 rs_out.bandwidth_kb = median_uint32(bandwidths_kb, num_bandwidths);
2185 if (n_authorities_measuring_bandwidth > 2) {
2186 /* Cap non-measured bandwidths. */
2187 if (rs_out.bandwidth_kb > max_unmeasured_bw_kb) {
2188 rs_out.bandwidth_kb = max_unmeasured_bw_kb;
2189 }
2190 }
2191 }
2192
2193 /* Fix bug 2203: Do not count BadExit nodes as Exits for bw weights */
2194 is_exit = is_exit && !is_bad_exit;
2195
2196 /* Update total bandwidth weights with the bandwidths of this router. */
2197 {
2199 is_exit, is_guard,
2200 &G, &M, &E, &D, &T);
2201 }
2202
2203 /* Ok, we already picked a descriptor digest we want to list
2204 * previously. Now we want to use the exit policy summary from
2205 * that descriptor. If everybody plays nice all the voters who
2206 * listed that descriptor will have the same summary. If not then
2207 * something is fishy and we'll use the most common one (breaking
2208 * ties in favor of lexicographically larger one (only because it
2209 * lets me reuse more existing code)).
2210 *
2211 * The other case that can happen is that no authority that voted
2212 * for that descriptor has an exit policy summary. That's
2213 * probably quite unlikely but can happen. In that case we use
2214 * the policy that was most often listed in votes, again breaking
2215 * ties like in the previous case.
2216 */
2217 {
2218 /* Okay, go through all the votes for this router. We prepared
2219 * that list previously */
2220 const char *chosen_exitsummary = NULL;
2221 smartlist_clear(exitsummaries);
2222 SMARTLIST_FOREACH_BEGIN(matching_descs, vote_routerstatus_t *, vsr) {
2223 /* Check if the vote where this status comes from had the
2224 * proper descriptor */
2226 vsr->status.identity_digest,
2227 DIGEST_LEN));
2228 if (vsr->status.has_exitsummary &&
2230 vsr->status.descriptor_digest,
2231 DIGEST_LEN)) {
2232 tor_assert(vsr->status.exitsummary);
2233 smartlist_add(exitsummaries, vsr->status.exitsummary);
2234 if (!chosen_exitsummary) {
2235 chosen_exitsummary = vsr->status.exitsummary;
2236 } else if (strcmp(chosen_exitsummary, vsr->status.exitsummary)) {
2237 /* Great. There's disagreement among the voters. That
2238 * really shouldn't be */
2239 exitsummary_disagreement = 1;
2240 }
2241 }
2242 } SMARTLIST_FOREACH_END(vsr);
2243
2244 if (exitsummary_disagreement) {
2245 char id[HEX_DIGEST_LEN+1];
2246 char dd[HEX_DIGEST_LEN+1];
2247 base16_encode(id, sizeof(dd), rs_out.identity_digest, DIGEST_LEN);
2248 base16_encode(dd, sizeof(dd), rs_out.descriptor_digest, DIGEST_LEN);
2249 log_warn(LD_DIR, "The voters disagreed on the exit policy summary "
2250 " for router %s with descriptor %s. This really shouldn't"
2251 " have happened.", id, dd);
2252
2253 smartlist_sort_strings(exitsummaries);
2254 chosen_exitsummary = get_most_frequent_member(exitsummaries);
2255 } else if (!chosen_exitsummary) {
2256 char id[HEX_DIGEST_LEN+1];
2257 char dd[HEX_DIGEST_LEN+1];
2258 base16_encode(id, sizeof(dd), rs_out.identity_digest, DIGEST_LEN);
2259 base16_encode(dd, sizeof(dd), rs_out.descriptor_digest, DIGEST_LEN);
2260 log_warn(LD_DIR, "Not one of the voters that made us select"
2261 "descriptor %s for router %s had an exit policy"
2262 "summary", dd, id);
2263
2264 /* Ok, none of those voting for the digest we chose had an
2265 * exit policy for us. Well, that kinda sucks.
2266 */
2267 smartlist_clear(exitsummaries);
2268 SMARTLIST_FOREACH(matching_descs, vote_routerstatus_t *, vsr, {
2269 if (vsr->status.has_exitsummary)
2270 smartlist_add(exitsummaries, vsr->status.exitsummary);
2271 });
2272 smartlist_sort_strings(exitsummaries);
2273 chosen_exitsummary = get_most_frequent_member(exitsummaries);
2274
2275 if (!chosen_exitsummary)
2276 log_warn(LD_DIR, "Wow, not one of the voters had an exit "
2277 "policy summary for %s. Wow.", id);
2278 }
2279
2280 if (chosen_exitsummary) {
2281 rs_out.has_exitsummary = 1;
2282 /* yea, discards the const */
2283 rs_out.exitsummary = (char *)chosen_exitsummary;
2284 }
2285 }
2286
2287 if (flavor == FLAV_MICRODESC &&
2288 tor_digest256_is_zero(microdesc_digest)) {
2289 /* With no microdescriptor digest, we omit the entry entirely. */
2290 continue;
2291 }
2292
2293 {
2294 char *buf;
2295 /* Okay!! Now we can write the descriptor... */
2296 /* First line goes into "buf". */
2297 buf = routerstatus_format_entry(&rs_out, NULL, NULL,
2298 rs_format, NULL, published_on);
2299 if (buf)
2300 smartlist_add(chunks, buf);
2301 }
2302 /* Now an m line, if applicable. */
2303 if (flavor == FLAV_MICRODESC &&
2304 !tor_digest256_is_zero(microdesc_digest)) {
2305 char m[BASE64_DIGEST256_LEN+1];
2306 digest256_to_base64(m, microdesc_digest);
2307 smartlist_add_asprintf(chunks, "m %s\n", m);
2308 }
2309 /* Next line is all flags. The "\n" is missing. */
2310 smartlist_add_asprintf(chunks, "s%s",
2311 smartlist_len(chosen_flags)?" ":"");
2312 smartlist_add(chunks,
2313 smartlist_join_strings(chosen_flags, " ", 0, NULL));
2314 /* Now the version line. */
2315 if (chosen_version) {
2316 smartlist_add_strdup(chunks, "\nv ");
2317 smartlist_add_strdup(chunks, chosen_version);
2318 }
2319 smartlist_add_strdup(chunks, "\n");
2320 if (chosen_protocol_list) {
2321 smartlist_add_asprintf(chunks, "pr %s\n", chosen_protocol_list);
2322 }
2323 /* Now the weight line. */
2324 if (rs_out.has_bandwidth) {
2325 char *guardfraction_str = NULL;
2326 int unmeasured = rs_out.bw_is_unmeasured;
2327
2328 /* If we have guardfraction info, include it in the 'w' line. */
2329 if (rs_out.has_guardfraction) {
2330 tor_asprintf(&guardfraction_str,
2331 " GuardFraction=%u", rs_out.guardfraction_percentage);
2332 }
2333 smartlist_add_asprintf(chunks, "w Bandwidth=%d%s%s\n",
2334 rs_out.bandwidth_kb,
2335 unmeasured?" Unmeasured=1":"",
2336 guardfraction_str ? guardfraction_str : "");
2337
2338 tor_free(guardfraction_str);
2339 }
2340
2341 /* Now the exitpolicy summary line. */
2342 if (rs_out.has_exitsummary && flavor == FLAV_NS) {
2343 smartlist_add_asprintf(chunks, "p %s\n", rs_out.exitsummary);
2344 }
2345
2346 /* And the loop is over and we move on to the next router */
2347 }
2348
2349 tor_free(size);
2350 tor_free(n_voter_flags);
2351 tor_free(n_flag_voters);
2352 for (i = 0; i < smartlist_len(votes); ++i)
2353 tor_free(flag_map[i]);
2354 tor_free(flag_map);
2355 tor_free(flag_counts);
2356 tor_free(named_flag);
2357 tor_free(unnamed_flag);
2358 strmap_free(name_to_id_map, NULL);
2359 smartlist_free(matching_descs);
2360 smartlist_free(chosen_flags);
2361 smartlist_free(versions);
2362 smartlist_free(protocols);
2363 smartlist_free(exitsummaries);
2364 tor_free(bandwidths_kb);
2365 tor_free(measured_bws_kb);
2366 tor_free(measured_guardfraction);
2367 }
2368
2369 /* Mark the directory footer region */
2370 smartlist_add_strdup(chunks, "directory-footer\n");
2371
2372 {
2373 int64_t weight_scale;
2374 if (consensus_method < MIN_METHOD_FOR_CORRECT_BWWEIGHTSCALE) {
2375 weight_scale = extract_param_buggy(params, "bwweightscale",
2377 } else {
2379 param_list, "bwweightscale", BW_WEIGHT_SCALE);
2380 if (weight_scale < 1)
2381 weight_scale = 1;
2382 }
2383 added_weights = networkstatus_compute_bw_weights_v10(chunks, G, M, E, D,
2384 T, weight_scale);
2385 }
2386
2387 /* Add a signature. */
2388 {
2389 char digest[DIGEST256_LEN];
2390 char fingerprint[HEX_DIGEST_LEN+1];
2391 char signing_key_fingerprint[HEX_DIGEST_LEN+1];
2392 digest_algorithm_t digest_alg =
2393 flavor == FLAV_NS ? DIGEST_SHA1 : DIGEST_SHA256;
2394 size_t digest_len =
2395 flavor == FLAV_NS ? DIGEST_LEN : DIGEST256_LEN;
2396 const char *algname = crypto_digest_algorithm_get_name(digest_alg);
2397 char *signature;
2398
2399 smartlist_add_strdup(chunks, "directory-signature ");
2400
2401 /* Compute the hash of the chunks. */
2402 crypto_digest_smartlist(digest, digest_len, chunks, "", digest_alg);
2403
2404 /* Get the fingerprints */
2405 crypto_pk_get_fingerprint(identity_key, fingerprint, 0);
2406 crypto_pk_get_fingerprint(signing_key, signing_key_fingerprint, 0);
2407
2408 /* add the junk that will go at the end of the line. */
2409 if (flavor == FLAV_NS) {
2410 smartlist_add_asprintf(chunks, "%s %s\n", fingerprint,
2411 signing_key_fingerprint);
2412 } else {
2413 smartlist_add_asprintf(chunks, "%s %s %s\n",
2414 algname, fingerprint,
2415 signing_key_fingerprint);
2416 }
2417 /* And the signature. */
2418 if (!(signature = router_get_dirobj_signature(digest, digest_len,
2419 signing_key))) {
2420 log_warn(LD_BUG, "Couldn't sign consensus networkstatus.");
2421 goto done;
2422 }
2423 smartlist_add(chunks, signature);
2424
2425 if (legacy_id_key_digest && legacy_signing_key) {
2426 smartlist_add_strdup(chunks, "directory-signature ");
2427 base16_encode(fingerprint, sizeof(fingerprint),
2428 legacy_id_key_digest, DIGEST_LEN);
2430 signing_key_fingerprint, 0);
2431 if (flavor == FLAV_NS) {
2432 smartlist_add_asprintf(chunks, "%s %s\n", fingerprint,
2433 signing_key_fingerprint);
2434 } else {
2435 smartlist_add_asprintf(chunks, "%s %s %s\n",
2436 algname, fingerprint,
2437 signing_key_fingerprint);
2438 }
2439
2440 if (!(signature = router_get_dirobj_signature(digest, digest_len,
2442 log_warn(LD_BUG, "Couldn't sign consensus networkstatus.");
2443 goto done;
2444 }
2445 smartlist_add(chunks, signature);
2446 }
2447 }
2448
2449 result = smartlist_join_strings(chunks, "", 0, NULL);
2450
2451 {
2452 networkstatus_t *c;
2453 if (!(c = networkstatus_parse_vote_from_string(result, strlen(result),
2454 NULL,
2455 NS_TYPE_CONSENSUS))) {
2456 log_err(LD_BUG, "Generated a networkstatus consensus we couldn't "
2457 "parse.");
2458 tor_free(result);
2459 goto done;
2460 }
2461 // Verify balancing parameters
2462 if (added_weights) {
2463 networkstatus_verify_bw_weights(c, consensus_method);
2464 }
2465 networkstatus_vote_free(c);
2466 }
2467
2468 done:
2469
2470 dircollator_free(collator);
2471 tor_free(client_versions);
2472 tor_free(server_versions);
2473 tor_free(packages);
2474 SMARTLIST_FOREACH(flags, char *, cp, tor_free(cp));
2475 smartlist_free(flags);
2476 SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
2477 smartlist_free(chunks);
2478 SMARTLIST_FOREACH(param_list, char *, cp, tor_free(cp));
2479 smartlist_free(param_list);
2480
2481 return result;
2482}
2483
2484/** Extract the value of a parameter from a string encoding a list of
2485 * parameters, badly.
2486 *
2487 * This is a deliberately buggy implementation, for backward compatibility
2488 * with versions of Tor affected by #19011. Once all authorities have
2489 * upgraded to consensus method 31 or later, then we can throw away this
2490 * function. */
2491STATIC int64_t
2492extract_param_buggy(const char *params,
2493 const char *param_name,
2494 int64_t default_value)
2495{
2496 int64_t value = default_value;
2497 const char *param_str = NULL;
2498
2499 if (params) {
2500 char *prefix1 = NULL, *prefix2=NULL;
2501 tor_asprintf(&prefix1, "%s=", param_name);
2502 tor_asprintf(&prefix2, " %s=", param_name);
2503 if (strcmpstart(params, prefix1) == 0)
2504 param_str = params;
2505 else
2506 param_str = strstr(params, prefix2);
2507 tor_free(prefix1);
2508 tor_free(prefix2);
2509 }
2510
2511 if (param_str) {
2512 int ok=0;
2513 char *eq = strchr(param_str, '=');
2514 if (eq) {
2515 value = tor_parse_long(eq+1, 10, 1, INT32_MAX, &ok, NULL);
2516 if (!ok) {
2517 log_warn(LD_DIR, "Bad element '%s' in %s",
2518 escaped(param_str), param_name);
2519 value = default_value;
2520 }
2521 } else {
2522 log_warn(LD_DIR, "Bad element '%s' in %s",
2523 escaped(param_str), param_name);
2524 value = default_value;
2525 }
2526 }
2527
2528 return value;
2529}
2530
2531/** Given a list of networkstatus_t for each vote, return a newly allocated
2532 * string containing the "package" lines for the vote. */
2533STATIC char *
2535{
2536 const int n_votes = smartlist_len(votes);
2537
2538 /* This will be a map from "packagename version" strings to arrays
2539 * of const char *, with the i'th member of the array corresponding to the
2540 * package line from the i'th vote.
2541 */
2542 strmap_t *package_status = strmap_new();
2543
2545 if (! v->package_lines)
2546 continue;
2547 SMARTLIST_FOREACH_BEGIN(v->package_lines, const char *, line) {
2549 continue;
2550
2551 /* Skip 'cp' to the second space in the line. */
2552 const char *cp = strchr(line, ' ');
2553 if (!cp) continue;
2554 ++cp;
2555 cp = strchr(cp, ' ');
2556 if (!cp) continue;
2557
2558 char *key = tor_strndup(line, cp - line);
2559
2560 const char **status = strmap_get(package_status, key);
2561 if (!status) {
2562 status = tor_calloc(n_votes, sizeof(const char *));
2563 strmap_set(package_status, key, status);
2564 }
2565 status[v_sl_idx] = line; /* overwrite old value */
2566 tor_free(key);
2567 } SMARTLIST_FOREACH_END(line);
2568 } SMARTLIST_FOREACH_END(v);
2569
2570 smartlist_t *entries = smartlist_new(); /* temporary */
2571 smartlist_t *result_list = smartlist_new(); /* output */
2572 STRMAP_FOREACH(package_status, key, const char **, values) {
2573 int i, count=-1;
2574 for (i = 0; i < n_votes; ++i) {
2575 if (values[i])
2576 smartlist_add(entries, (void*) values[i]);
2577 }
2578 smartlist_sort_strings(entries);
2579 int n_voting_for_entry = smartlist_len(entries);
2580 const char *most_frequent =
2581 smartlist_get_most_frequent_string_(entries, &count);
2582
2583 if (n_voting_for_entry >= 3 && count > n_voting_for_entry / 2) {
2584 smartlist_add_asprintf(result_list, "package %s\n", most_frequent);
2585 }
2586
2587 smartlist_clear(entries);
2588
2589 } STRMAP_FOREACH_END;
2590
2591 smartlist_sort_strings(result_list);
2592
2593 char *result = smartlist_join_strings(result_list, "", 0, NULL);
2594
2595 SMARTLIST_FOREACH(result_list, char *, cp, tor_free(cp));
2596 smartlist_free(result_list);
2597 smartlist_free(entries);
2598 strmap_free(package_status, tor_free_);
2599
2600 return result;
2601}
2602
2603/** Given a consensus vote <b>target</b> and a set of detached signatures in
2604 * <b>sigs</b> that correspond to the same consensus, check whether there are
2605 * any new signatures in <b>src_voter_list</b> that should be added to
2606 * <b>target</b>. (A signature should be added if we have no signature for that
2607 * voter in <b>target</b> yet, or if we have no verifiable signature and the
2608 * new signature is verifiable.)
2609 *
2610 * Return the number of signatures added or changed, or -1 if the document
2611 * signatures are invalid. Sets *<b>msg_out</b> to a string constant
2612 * describing the signature status.
2613 */
2614STATIC int
2617 const char *source,
2618 int severity,
2619 const char **msg_out)
2620{
2621 int r = 0;
2622 const char *flavor;
2623 smartlist_t *siglist;
2624 tor_assert(sigs);
2625 tor_assert(target);
2626 tor_assert(target->type == NS_TYPE_CONSENSUS);
2627
2628 flavor = networkstatus_get_flavor_name(target->flavor);
2629
2630 /* Do the times seem right? */
2631 if (target->valid_after != sigs->valid_after) {
2632 *msg_out = "Valid-After times do not match "
2633 "when adding detached signatures to consensus";
2634 return -1;
2635 }
2636 if (target->fresh_until != sigs->fresh_until) {
2637 *msg_out = "Fresh-until times do not match "
2638 "when adding detached signatures to consensus";
2639 return -1;
2640 }
2641 if (target->valid_until != sigs->valid_until) {
2642 *msg_out = "Valid-until times do not match "
2643 "when adding detached signatures to consensus";
2644 return -1;
2645 }
2646 siglist = strmap_get(sigs->signatures, flavor);
2647 if (!siglist) {
2648 *msg_out = "No signatures for given consensus flavor";
2649 return -1;
2650 }
2651
2652 /** Make sure all the digests we know match, and at least one matches. */
2653 {
2654 common_digests_t *digests = strmap_get(sigs->digests, flavor);
2655 int n_matches = 0;
2656 int alg;
2657 if (!digests) {
2658 *msg_out = "No digests for given consensus flavor";
2659 return -1;
2660 }
2661 for (alg = DIGEST_SHA1; alg < N_COMMON_DIGEST_ALGORITHMS; ++alg) {
2662 if (!fast_mem_is_zero(digests->d[alg], DIGEST256_LEN)) {
2663 if (fast_memeq(target->digests.d[alg], digests->d[alg],
2664 DIGEST256_LEN)) {
2665 ++n_matches;
2666 } else {
2667 *msg_out = "Mismatched digest.";
2668 return -1;
2669 }
2670 }
2671 }
2672 if (!n_matches) {
2673 *msg_out = "No recognized digests for given consensus flavor";
2674 }
2675 }
2676
2677 /* For each voter in src... */
2679 char voter_identity[HEX_DIGEST_LEN+1];
2680 networkstatus_voter_info_t *target_voter =
2681 networkstatus_get_voter_by_id(target, sig->identity_digest);
2682 authority_cert_t *cert = NULL;
2683 const char *algorithm;
2684 document_signature_t *old_sig = NULL;
2685
2686 algorithm = crypto_digest_algorithm_get_name(sig->alg);
2687
2688 base16_encode(voter_identity, sizeof(voter_identity),
2689 sig->identity_digest, DIGEST_LEN);
2690 log_info(LD_DIR, "Looking at signature from %s using %s", voter_identity,
2691 algorithm);
2692 /* If the target doesn't know about this voter, then forget it. */
2693 if (!target_voter) {
2694 log_info(LD_DIR, "We do not know any voter with ID %s", voter_identity);
2695 continue;
2696 }
2697
2698 old_sig = networkstatus_get_voter_sig_by_alg(target_voter, sig->alg);
2699
2700 /* If the target already has a good signature from this voter, then skip
2701 * this one. */
2702 if (old_sig && old_sig->good_signature) {
2703 log_info(LD_DIR, "We already have a good signature from %s using %s",
2704 voter_identity, algorithm);
2705 continue;
2706 }
2707
2708 /* Try checking the signature if we haven't already. */
2709 if (!sig->good_signature && !sig->bad_signature) {
2710 cert = authority_cert_get_by_digests(sig->identity_digest,
2711 sig->signing_key_digest);
2712 if (cert) {
2713 /* Not checking the return value here, since we are going to look
2714 * at the status of sig->good_signature in a moment. */
2715 (void) networkstatus_check_document_signature(target, sig, cert);
2716 }
2717 }
2718
2719 /* If this signature is good, or we don't have any signature yet,
2720 * then maybe add it. */
2721 if (sig->good_signature || !old_sig || old_sig->bad_signature) {
2722 log_info(LD_DIR, "Adding signature from %s with %s", voter_identity,
2723 algorithm);
2724 tor_log(severity, LD_DIR, "Added a signature for %s from %s.",
2725 target_voter->nickname, source);
2726 ++r;
2727 if (old_sig) {
2728 smartlist_remove(target_voter->sigs, old_sig);
2729 document_signature_free(old_sig);
2730 }
2731 smartlist_add(target_voter->sigs, document_signature_dup(sig));
2732 } else {
2733 log_info(LD_DIR, "Not adding signature from %s", voter_identity);
2734 }
2735 } SMARTLIST_FOREACH_END(sig);
2736
2737 return r;
2738}
2739
2740/** Return a newly allocated string containing all the signatures on
2741 * <b>consensus</b> by all voters. If <b>for_detached_signatures</b> is true,
2742 * then the signatures will be put in a detached signatures document, so
2743 * prefix any non-NS-flavored signatures with "additional-signature" rather
2744 * than "directory-signature". */
2745static char *
2747 int for_detached_signatures)
2748{
2749 smartlist_t *elements;
2750 char buf[4096];
2751 char *result = NULL;
2752 int n_sigs = 0;
2753 const consensus_flavor_t flavor = consensus->flavor;
2754 const char *flavor_name = networkstatus_get_flavor_name(flavor);
2755 const char *keyword;
2756
2757 if (for_detached_signatures && flavor != FLAV_NS)
2758 keyword = "additional-signature";
2759 else
2760 keyword = "directory-signature";
2761
2762 elements = smartlist_new();
2763
2766 char sk[HEX_DIGEST_LEN+1];
2767 char id[HEX_DIGEST_LEN+1];
2768 if (!sig->signature || sig->bad_signature)
2769 continue;
2770 ++n_sigs;
2771 base16_encode(sk, sizeof(sk), sig->signing_key_digest, DIGEST_LEN);
2772 base16_encode(id, sizeof(id), sig->identity_digest, DIGEST_LEN);
2773 if (flavor == FLAV_NS) {
2774 smartlist_add_asprintf(elements,
2775 "%s %s %s\n-----BEGIN SIGNATURE-----\n",
2776 keyword, id, sk);
2777 } else {
2778 const char *digest_name =
2780 smartlist_add_asprintf(elements,
2781 "%s%s%s %s %s %s\n-----BEGIN SIGNATURE-----\n",
2782 keyword,
2783 for_detached_signatures ? " " : "",
2784 for_detached_signatures ? flavor_name : "",
2785 digest_name, id, sk);
2786 }
2787 base64_encode(buf, sizeof(buf), sig->signature, sig->signature_len,
2788 BASE64_ENCODE_MULTILINE);
2789 strlcat(buf, "-----END SIGNATURE-----\n", sizeof(buf));
2790 smartlist_add_strdup(elements, buf);
2791 } SMARTLIST_FOREACH_END(sig);
2792 } SMARTLIST_FOREACH_END(v);
2793
2794 result = smartlist_join_strings(elements, "", 0, NULL);
2795 SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
2796 smartlist_free(elements);
2797 if (!n_sigs)
2798 tor_free(result);
2799 return result;
2800}
2801
2802/** Return a newly allocated string holding the detached-signatures document
2803 * corresponding to the signatures on <b>consensuses</b>, which must contain
2804 * exactly one FLAV_NS consensus, and no more than one consensus for each
2805 * other flavor. */
2806STATIC char *
2808{
2809 smartlist_t *elements;
2810 char *result = NULL, *sigs = NULL;
2811 networkstatus_t *consensus_ns = NULL;
2812 tor_assert(consensuses);
2813
2814 SMARTLIST_FOREACH(consensuses, networkstatus_t *, ns, {
2815 tor_assert(ns);
2816 tor_assert(ns->type == NS_TYPE_CONSENSUS);
2817 if (ns && ns->flavor == FLAV_NS)
2818 consensus_ns = ns;
2819 });
2820 if (!consensus_ns) {
2821 log_warn(LD_BUG, "No NS consensus given.");
2822 return NULL;
2823 }
2824
2825 elements = smartlist_new();
2826
2827 {
2828 char va_buf[ISO_TIME_LEN+1], fu_buf[ISO_TIME_LEN+1],
2829 vu_buf[ISO_TIME_LEN+1];
2830 char d[HEX_DIGEST_LEN+1];
2831
2832 base16_encode(d, sizeof(d),
2833 consensus_ns->digests.d[DIGEST_SHA1], DIGEST_LEN);
2834 format_iso_time(va_buf, consensus_ns->valid_after);
2835 format_iso_time(fu_buf, consensus_ns->fresh_until);
2836 format_iso_time(vu_buf, consensus_ns->valid_until);
2837
2838 smartlist_add_asprintf(elements,
2839 "consensus-digest %s\n"
2840 "valid-after %s\n"
2841 "fresh-until %s\n"
2842 "valid-until %s\n", d, va_buf, fu_buf, vu_buf);
2843 }
2844
2845 /* Get all the digests for the non-FLAV_NS consensuses */
2846 SMARTLIST_FOREACH_BEGIN(consensuses, networkstatus_t *, ns) {
2847 const char *flavor_name = networkstatus_get_flavor_name(ns->flavor);
2848 int alg;
2849 if (ns->flavor == FLAV_NS)
2850 continue;
2851
2852 /* start with SHA256; we don't include SHA1 for anything but the basic
2853 * consensus. */
2854 for (alg = DIGEST_SHA256; alg < N_COMMON_DIGEST_ALGORITHMS; ++alg) {
2855 char d[HEX_DIGEST256_LEN+1];
2856 const char *alg_name =
2858 if (fast_mem_is_zero(ns->digests.d[alg], DIGEST256_LEN))
2859 continue;
2860 base16_encode(d, sizeof(d), ns->digests.d[alg], DIGEST256_LEN);
2861 smartlist_add_asprintf(elements, "additional-digest %s %s %s\n",
2862 flavor_name, alg_name, d);
2863 }
2864 } SMARTLIST_FOREACH_END(ns);
2865
2866 /* Now get all the sigs for non-FLAV_NS consensuses */
2867 SMARTLIST_FOREACH_BEGIN(consensuses, networkstatus_t *, ns) {
2868 char *sigs_on_this_consensus;
2869 if (ns->flavor == FLAV_NS)
2870 continue;
2871 sigs_on_this_consensus = networkstatus_format_signatures(ns, 1);
2872 if (!sigs_on_this_consensus) {
2873 log_warn(LD_DIR, "Couldn't format signatures");
2874 goto err;
2875 }
2876 smartlist_add(elements, sigs_on_this_consensus);
2877 } SMARTLIST_FOREACH_END(ns);
2878
2879 /* Now add the FLAV_NS consensus signatrures. */
2880 sigs = networkstatus_format_signatures(consensus_ns, 1);
2881 if (!sigs)
2882 goto err;
2883 smartlist_add(elements, sigs);
2884
2885 result = smartlist_join_strings(elements, "", 0, NULL);
2886 err:
2887 SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
2888 smartlist_free(elements);
2889 return result;
2890}
2891
2892/** Return a newly allocated string holding a detached-signatures document for
2893 * all of the in-progress consensuses in the <b>n_flavors</b>-element array at
2894 * <b>pending</b>. */
2895static char *
2897 int n_flavors)
2898{
2899 int flav;
2900 char *signatures;
2902 for (flav = 0; flav < n_flavors; ++flav) {
2903 if (pending[flav].consensus)
2904 smartlist_add(c, pending[flav].consensus);
2905 }
2907 smartlist_free(c);
2908 return signatures;
2909}
2910
2911/**
2912 * Entry point: Take whatever voting actions are pending as of <b>now</b>.
2913 *
2914 * Return the time at which the next action should be taken.
2915 */
2916time_t
2917dirvote_act(const or_options_t *options, time_t now)
2918{
2919 if (!authdir_mode_v3(options))
2920 return TIME_MAX;
2921 tor_assert_nonfatal(voting_schedule.voting_starts);
2922 /* If we haven't initialized this object through this codeflow, we need to
2923 * recalculate the timings to match our vote. The reason to do that is if we
2924 * have a voting schedule initialized 1 minute ago, the voting timings might
2925 * not be aligned to what we should expect with "now". This is especially
2926 * true for TestingTorNetwork using smaller timings. */
2927 if (voting_schedule.created_on_demand) {
2928 char *keys = list_v3_auth_ids();
2930 log_notice(LD_DIR, "Scheduling voting. Known authority IDs are %s. "
2931 "Mine is %s.",
2933 tor_free(keys);
2935 }
2936
2937#define IF_TIME_FOR_NEXT_ACTION(when_field, done_field) \
2938 if (! voting_schedule.done_field) { \
2939 if (voting_schedule.when_field > now) { \
2940 return voting_schedule.when_field; \
2941 } else {
2942#define ENDIF \
2943 } \
2944 }
2945
2946 IF_TIME_FOR_NEXT_ACTION(voting_starts, have_voted) {
2947 log_notice(LD_DIR, "Time to vote.");
2949 voting_schedule.have_voted = 1;
2950 } ENDIF
2951 IF_TIME_FOR_NEXT_ACTION(fetch_missing_votes, have_fetched_missing_votes) {
2952 log_notice(LD_DIR, "Time to fetch any votes that we're missing.");
2954 voting_schedule.have_fetched_missing_votes = 1;
2955 } ENDIF
2956 IF_TIME_FOR_NEXT_ACTION(voting_ends, have_built_consensus) {
2957 log_notice(LD_DIR, "Time to compute a consensus.");
2959 /* XXXX We will want to try again later if we haven't got enough
2960 * votes yet. Implement this if it turns out to ever happen. */
2961 voting_schedule.have_built_consensus = 1;
2962 } ENDIF
2963 IF_TIME_FOR_NEXT_ACTION(fetch_missing_signatures,
2964 have_fetched_missing_signatures) {
2965 log_notice(LD_DIR, "Time to fetch any signatures that we're missing.");
2967 voting_schedule.have_fetched_missing_signatures = 1;
2968 } ENDIF
2969 IF_TIME_FOR_NEXT_ACTION(interval_starts,
2970 have_published_consensus) {
2971 log_notice(LD_DIR, "Time to publish the consensus and discard old votes");
2974 voting_schedule.have_published_consensus = 1;
2975 /* Update our shared random state with the consensus just published. */
2978 /* XXXX We will want to try again later if we haven't got enough
2979 * signatures yet. Implement this if it turns out to ever happen. */
2981 return voting_schedule.voting_starts;
2982 } ENDIF
2983
2985 return now + 1;
2986
2987#undef ENDIF
2988#undef IF_TIME_FOR_NEXT_ACTION
2989}
2990
2991/** A vote networkstatus_t and its unparsed body: held around so we can
2992 * use it to generate a consensus (at voting_ends) and so we can serve it to
2993 * other authorities that might want it. */
2994typedef struct pending_vote_t {
2995 cached_dir_t *vote_body;
2996 networkstatus_t *vote;
2998
2999/** List of pending_vote_t for the current vote. Before we've used them to
3000 * build a consensus, the votes go here. */
3002/** List of pending_vote_t for the previous vote. After we've used them to
3003 * build a consensus, the votes go here for the next period. */
3005
3006/* DOCDOC pending_consensuses */
3007static pending_consensus_t pending_consensuses[N_CONSENSUS_FLAVORS];
3008
3009/** The detached signatures for the consensus that we're currently
3010 * building. */
3012
3013/** List of ns_detached_signatures_t: hold signatures that get posted to us
3014 * before we have generated the consensus on our own. */
3016
3017/** Generate a networkstatus vote and post it to all the v3 authorities.
3018 * (V3 Authority only) */
3019static int
3021{
3024 networkstatus_t *ns;
3025 char *contents;
3026 pending_vote_t *pending_vote;
3027 time_t now = time(NULL);
3028
3029 int status;
3030 const char *msg = "";
3031
3032 if (!cert || !key) {
3033 log_warn(LD_NET, "Didn't find key/certificate to generate v3 vote");
3034 return -1;
3035 } else if (cert->expires < now) {
3036 log_warn(LD_NET, "Can't generate v3 vote with expired certificate");
3037 return -1;
3038 }
3039 if (!(ns = dirserv_generate_networkstatus_vote_obj(key, cert)))
3040 return -1;
3041
3042 contents = format_networkstatus_vote(key, ns);
3043 networkstatus_vote_free(ns);
3044 if (!contents)
3045 return -1;
3046
3047 pending_vote = dirvote_add_vote(contents, 0, "self", &msg, &status);
3048 tor_free(contents);
3049 if (!pending_vote) {
3050 log_warn(LD_DIR, "Couldn't store my own vote! (I told myself, '%s'.)",
3051 msg);
3052 return -1;
3053 }
3054
3057 V3_DIRINFO,
3058 pending_vote->vote_body->dir,
3059 pending_vote->vote_body->dir_len, 0);
3060 log_notice(LD_DIR, "Vote posted.");
3061 return 0;
3062}
3063
3064/** Send an HTTP request to every other v3 authority, for the votes of every
3065 * authority for which we haven't received a vote yet in this period. (V3
3066 * authority only) */
3067static void
3069{
3070 smartlist_t *missing_fps = smartlist_new();
3071 char *resource;
3072
3073 SMARTLIST_FOREACH_BEGIN(router_get_trusted_dir_servers(),
3074 dir_server_t *, ds) {
3075 if (!(ds->type & V3_DIRINFO))
3076 continue;
3077 if (!dirvote_get_vote(ds->v3_identity_digest,
3078 DGV_BY_ID|DGV_INCLUDE_PENDING)) {
3079 char *cp = tor_malloc(HEX_DIGEST_LEN+1);
3080 base16_encode(cp, HEX_DIGEST_LEN+1, ds->v3_identity_digest,
3081 DIGEST_LEN);
3082 smartlist_add(missing_fps, cp);
3083 }
3084 } SMARTLIST_FOREACH_END(ds);
3085
3086 if (!smartlist_len(missing_fps)) {
3087 smartlist_free(missing_fps);
3088 return;
3089 }
3090 {
3091 char *tmp = smartlist_join_strings(missing_fps, " ", 0, NULL);
3092 log_notice(LOG_NOTICE, "We're missing votes from %d authorities (%s). "
3093 "Asking every other authority for a copy.",
3094 smartlist_len(missing_fps), tmp);
3095 tor_free(tmp);
3096 }
3097 resource = smartlist_join_strings(missing_fps, "+", 0, NULL);
3099 0, resource);
3100 tor_free(resource);
3101 SMARTLIST_FOREACH(missing_fps, char *, cp, tor_free(cp));
3102 smartlist_free(missing_fps);
3103}
3104
3105/** Send a request to every other authority for its detached signatures,
3106 * unless we have signatures from all other v3 authorities already. */
3107static void
3109{
3110 int need_any = 0;
3111 int i;
3112 for (i=0; i < N_CONSENSUS_FLAVORS; ++i) {
3113 networkstatus_t *consensus = pending_consensuses[i].consensus;
3114 if (!consensus ||
3115 networkstatus_check_consensus_signature(consensus, -1) == 1) {
3116 /* We have no consensus, or we have one that's signed by everybody. */
3117 continue;
3118 }
3119 need_any = 1;
3120 }
3121 if (!need_any)
3122 return;
3123
3125 0, NULL);
3126}
3127
3128/** Release all storage held by pending consensuses (those waiting for
3129 * signatures). */
3130static void
3132{
3133 int i;
3134 for (i = 0; i < N_CONSENSUS_FLAVORS; ++i) {
3135 pending_consensus_t *pc = &pending_consensuses[i];
3136 tor_free(pc->body);
3137
3138 networkstatus_vote_free(pc->consensus);
3139 pc->consensus = NULL;
3140 }
3141}
3142
3143/** Drop all currently pending votes, consensus, and detached signatures. */
3144static void
3146{
3147 if (!previous_vote_list)
3149 if (!pending_vote_list)
3151
3152 /* All "previous" votes are now junk. */
3154 cached_dir_decref(v->vote_body);
3155 v->vote_body = NULL;
3156 networkstatus_vote_free(v->vote);
3157 tor_free(v);
3158 });
3160
3161 if (all_votes) {
3162 /* If we're dumping all the votes, we delete the pending ones. */
3164 cached_dir_decref(v->vote_body);
3165 v->vote_body = NULL;
3166 networkstatus_vote_free(v->vote);
3167 tor_free(v);
3168 });
3169 } else {
3170 /* Otherwise, we move them into "previous". */
3172 }
3174
3177 tor_free(cp));
3179 }
3182}
3183
3184/** Return a newly allocated string containing the hex-encoded v3 authority
3185 identity digest of every recognized v3 authority. */
3186static char *
3188{
3189 smartlist_t *known_v3_keys = smartlist_new();
3190 char *keys;
3191 SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
3192 dir_server_t *, ds,
3193 if ((ds->type & V3_DIRINFO) &&
3194 !tor_digest_is_zero(ds->v3_identity_digest))
3195 smartlist_add(known_v3_keys,
3196 tor_strdup(hex_str(ds->v3_identity_digest, DIGEST_LEN))));
3197 keys = smartlist_join_strings(known_v3_keys, ", ", 0, NULL);
3198 SMARTLIST_FOREACH(known_v3_keys, char *, cp, tor_free(cp));
3199 smartlist_free(known_v3_keys);
3200 return keys;
3201}
3202
3203/* Check the voter information <b>vi</b>, and assert that at least one
3204 * signature is good. Asserts on failure. */
3205static void
3206assert_any_sig_good(const networkstatus_voter_info_t *vi)
3207{
3208 int any_sig_good = 0;
3210 if (sig->good_signature)
3211 any_sig_good = 1);
3212 tor_assert(any_sig_good);
3213}
3214
3215/* Add <b>cert</b> to our list of known authority certificates. */
3216static void
3217add_new_cert_if_needed(const struct authority_cert_t *cert)
3218{
3219 tor_assert(cert);
3221 cert->signing_key_digest)) {
3222 /* Hey, it's a new cert! */
3225 TRUSTED_DIRS_CERTS_SRC_FROM_VOTE, 1 /*flush*/,
3226 NULL);
3228 cert->signing_key_digest)) {
3229 log_warn(LD_BUG, "We added a cert, but still couldn't find it.");
3230 }
3231 }
3232}
3233
3234/** Called when we have received a networkstatus vote in <b>vote_body</b>.
3235 * Parse and validate it, and on success store it as a pending vote (which we
3236 * then return). Return NULL on failure. Sets *<b>msg_out</b> and
3237 * *<b>status_out</b> to an HTTP response and status code. (V3 authority
3238 * only) */
3240dirvote_add_vote(const char *vote_body, time_t time_posted,
3241 const char *where_from,
3242 const char **msg_out, int *status_out)
3243{
3244 networkstatus_t *vote;
3246 dir_server_t *ds;
3247 pending_vote_t *pending_vote = NULL;
3248 const char *end_of_vote = NULL;
3249 int any_failed = 0;
3250 tor_assert(vote_body);
3251 tor_assert(msg_out);
3252 tor_assert(status_out);
3253
3254 if (!pending_vote_list)
3256 *status_out = 0;
3257 *msg_out = NULL;
3258
3259 again:
3260 vote = networkstatus_parse_vote_from_string(vote_body, strlen(vote_body),
3261 &end_of_vote,
3262 NS_TYPE_VOTE);
3263 if (!end_of_vote)
3264 end_of_vote = vote_body + strlen(vote_body);
3265 if (!vote) {
3266 log_warn(LD_DIR, "Couldn't parse vote: length was %d",
3267 (int)strlen(vote_body));
3268 *msg_out = "Unable to parse vote";
3269 goto err;
3270 }
3271 tor_assert(smartlist_len(vote->voters) == 1);
3272 vi = get_voter(vote);
3273 assert_any_sig_good(vi);
3275 if (!ds) {
3276 char *keys = list_v3_auth_ids();
3277 log_warn(LD_DIR, "Got a vote from an authority (nickname %s, address %s) "
3278 "with authority key ID %s. "
3279 "This key ID is not recognized. Known v3 key IDs are: %s",
3280 vi->nickname, vi->address,
3281 hex_str(vi->identity_digest, DIGEST_LEN), keys);
3282 tor_free(keys);
3283 *msg_out = "Vote not from a recognized v3 authority";
3284 goto err;
3285 }
3286 add_new_cert_if_needed(vote->cert);
3287
3288 /* Is it for the right period? */
3289 if (vote->valid_after != voting_schedule.interval_starts) {
3290 char tbuf1[ISO_TIME_LEN+1], tbuf2[ISO_TIME_LEN+1];
3291 format_iso_time(tbuf1, vote->valid_after);
3292 format_iso_time(tbuf2, voting_schedule.interval_starts);
3293 log_warn(LD_DIR, "Rejecting vote from %s with valid-after time of %s; "
3294 "we were expecting %s", vi->address, tbuf1, tbuf2);
3295 *msg_out = "Bad valid-after time";
3296 goto err;
3297 }
3298
3299 if (time_posted) { /* they sent it to me via a POST */
3300 log_notice(LD_DIR, "%s posted a vote to me from %s.",
3301 vi->nickname, where_from);
3302 } else { /* I imported this one myself */
3303 log_notice(LD_DIR, "Retrieved %s's vote from %s.",
3304 vi->nickname, where_from);
3305 }
3306
3307 /* Check if we received it, as a post, after the cutoff when we
3308 * start asking other dir auths for it. If we do, the best plan
3309 * is to discard it, because using it greatly increases the chances
3310 * of a split vote for this round (some dir auths got it in time,
3311 * some didn't). */
3312 if (time_posted && time_posted > voting_schedule.fetch_missing_votes) {
3313 char tbuf1[ISO_TIME_LEN+1], tbuf2[ISO_TIME_LEN+1];
3314 format_iso_time(tbuf1, time_posted);
3315 format_iso_time(tbuf2, voting_schedule.fetch_missing_votes);
3316 log_warn(LD_DIR, "Rejecting %s's posted vote from %s received at %s; "
3317 "our cutoff for received votes is %s. Check your clock, "
3318 "CPU load, and network load. Also check the authority that "
3319 "posted the vote.", vi->nickname, vi->address, tbuf1, tbuf2);
3320 *msg_out = "Posted vote received too late, would be dangerous to count it";
3321 goto err;
3322 }
3323
3324 /* Fetch any new router descriptors we just learned about */
3326
3327 /* Now see whether we already have a vote from this authority. */
3329 if (fast_memeq(v->vote->cert->cache_info.identity_digest,
3331 DIGEST_LEN)) {
3332 networkstatus_voter_info_t *vi_old = get_voter(v->vote);
3333 if (fast_memeq(vi_old->vote_digest, vi->vote_digest, DIGEST_LEN)) {
3334 /* Ah, it's the same vote. Not a problem. */
3335 log_notice(LD_DIR, "Discarding a vote we already have (from %s).",
3336 vi->address);
3337 if (*status_out < 200)
3338 *status_out = 200;
3339 goto discard;
3340 } else if (v->vote->published < vote->published) {
3341 log_notice(LD_DIR, "Replacing an older pending vote from this "
3342 "directory (%s)", vi->address);
3343 cached_dir_decref(v->vote_body);
3344 networkstatus_vote_free(v->vote);
3345 v->vote_body = new_cached_dir(tor_strndup(vote_body,
3346 end_of_vote-vote_body),
3347 vote->published);
3348 v->vote = vote;
3349 if (end_of_vote &&
3350 !strcmpstart(end_of_vote, "network-status-version"))
3351 goto again;
3352
3353 if (*status_out < 200)
3354 *status_out = 200;
3355 if (!*msg_out)
3356 *msg_out = "OK";
3357 return v;
3358 } else {
3359 log_notice(LD_DIR, "Discarding vote from %s because we have "
3360 "a newer one already.", vi->address);
3361 *msg_out = "Already have a newer pending vote";
3362 goto err;
3363 }
3364 }
3365 } SMARTLIST_FOREACH_END(v);
3366
3367 /* This a valid vote, update our shared random state. */
3368 sr_handle_received_commits(vote->sr_info.commits,
3369 vote->cert->identity_key);
3370
3371 pending_vote = tor_malloc_zero(sizeof(pending_vote_t));
3372 pending_vote->vote_body = new_cached_dir(tor_strndup(vote_body,
3373 end_of_vote-vote_body),
3374 vote->published);
3375 pending_vote->vote = vote;
3376 smartlist_add(pending_vote_list, pending_vote);
3377
3378 if (!strcmpstart(end_of_vote, "network-status-version ")) {
3379 vote_body = end_of_vote;
3380 goto again;
3381 }
3382
3383 goto done;
3384
3385 err:
3386 any_failed = 1;
3387 if (!*msg_out)
3388 *msg_out = "Error adding vote";
3389 if (*status_out < 400)
3390 *status_out = 400;
3391
3392 discard:
3393 networkstatus_vote_free(vote);
3394
3395 if (end_of_vote && !strcmpstart(end_of_vote, "network-status-version ")) {
3396 vote_body = end_of_vote;
3397 goto again;
3398 }
3399
3400 done:
3401
3402 if (*status_out < 200)
3403 *status_out = 200;
3404 if (!*msg_out) {
3405 if (!any_failed && !pending_vote) {
3406 *msg_out = "Duplicate discarded";
3407 } else {
3408 *msg_out = "ok";
3409 }
3410 }
3411
3412 return any_failed ? NULL : pending_vote;
3413}
3414
3415/* Write the votes in <b>pending_vote_list</b> to disk. */
3416static void
3417write_v3_votes_to_disk(const smartlist_t *pending_votes)
3418{
3419 smartlist_t *votestrings = smartlist_new();
3420 char *votefile = NULL;
3421
3422 SMARTLIST_FOREACH(pending_votes, pending_vote_t *, v,
3423 {
3424 sized_chunk_t *c = tor_malloc(sizeof(sized_chunk_t));
3425 c->bytes = v->vote_body->dir;
3426 c->len = v->vote_body->dir_len;
3427 smartlist_add(votestrings, c); /* collect strings to write to disk */
3428 });
3429
3430 votefile = get_datadir_fname("v3-status-votes");
3431 write_chunks_to_file(votefile, votestrings, 0, 0);
3432 log_debug(LD_DIR, "Wrote votes to disk (%s)!", votefile);
3433
3434 tor_free(votefile);
3435 SMARTLIST_FOREACH(votestrings, sized_chunk_t *, c, tor_free(c));
3436 smartlist_free(votestrings);
3437}
3438
3439/** Try to compute a v3 networkstatus consensus from the currently pending
3440 * votes. Return 0 on success, -1 on failure. Store the consensus in
3441 * pending_consensus: it won't be ready to be published until we have
3442 * everybody else's signatures collected too. (V3 Authority only) */
3443static int
3445{
3446 /* Have we got enough votes to try? */
3447 int n_votes, n_voters, n_vote_running = 0;
3448 smartlist_t *votes = NULL;
3449 char *consensus_body = NULL, *signatures = NULL;
3450 networkstatus_t *consensus = NULL;
3451 authority_cert_t *my_cert;
3453 int flav;
3454
3455 memset(pending, 0, sizeof(pending));
3456
3457 if (!pending_vote_list)
3459
3460 /* Write votes to disk */
3461 write_v3_votes_to_disk(pending_vote_list);
3462
3463 /* Setup votes smartlist */
3464 votes = smartlist_new();
3466 {
3467 smartlist_add(votes, v->vote); /* collect votes to compute consensus */
3468 });
3469
3470 /* See if consensus managed to achieve majority */
3471 n_voters = get_n_authorities(V3_DIRINFO);
3472 n_votes = smartlist_len(pending_vote_list);
3473 if (n_votes <= n_voters/2) {
3474 log_warn(LD_DIR, "We don't have enough votes to generate a consensus: "
3475 "%d of %d", n_votes, n_voters/2+1);
3476 goto err;
3477 }
3480 if (smartlist_contains_string(v->vote->known_flags, "Running"))
3481 n_vote_running++;
3482 });
3483 if (!n_vote_running) {
3484 /* See task 1066. */
3485 log_warn(LD_DIR, "Nobody has voted on the Running flag. Generating "
3486 "and publishing a consensus without Running nodes "
3487 "would make many clients stop working. Not "
3488 "generating a consensus!");
3489 goto err;
3490 }
3491
3492 if (!(my_cert = get_my_v3_authority_cert())) {
3493 log_warn(LD_DIR, "Can't generate consensus without a certificate.");
3494 goto err;
3495 }
3496
3497 {
3498 char legacy_dbuf[DIGEST_LEN];
3499 crypto_pk_t *legacy_sign=NULL;
3500 char *legacy_id_digest = NULL;
3501 int n_generated = 0;
3502 if (get_options()->V3AuthUseLegacyKey) {
3504 legacy_sign = get_my_v3_legacy_signing_key();
3505 if (cert) {
3506 if (crypto_pk_get_digest(cert->identity_key, legacy_dbuf)) {
3507 log_warn(LD_BUG,
3508 "Unable to compute digest of legacy v3 identity key");
3509 } else {
3510 legacy_id_digest = legacy_dbuf;
3511 }
3512 }
3513 }
3514
3515 for (flav = 0; flav < N_CONSENSUS_FLAVORS; ++flav) {
3516 const char *flavor_name = networkstatus_get_flavor_name(flav);
3517 consensus_body = networkstatus_compute_consensus(
3518 votes, n_voters,
3519 my_cert->identity_key,
3520 get_my_v3_authority_signing_key(), legacy_id_digest, legacy_sign,
3521 flav);
3522
3523 if (!consensus_body) {
3524 log_warn(LD_DIR, "Couldn't generate a %s consensus at all!",
3525 flavor_name);
3526 continue;
3527 }
3528 consensus = networkstatus_parse_vote_from_string(consensus_body,
3529 strlen(consensus_body),
3530 NULL,
3531 NS_TYPE_CONSENSUS);
3532 if (!consensus) {
3533 log_warn(LD_DIR, "Couldn't parse %s consensus we generated!",
3534 flavor_name);
3535 tor_free(consensus_body);
3536 continue;
3537 }
3538
3539 /* 'Check' our own signature, to mark it valid. */
3541
3542 pending[flav].body = consensus_body;
3543 pending[flav].consensus = consensus;
3544 n_generated++;
3545
3546 /* Write it out to disk too, for dir auth debugging purposes */
3547 {
3548 char *filename;
3549 tor_asprintf(&filename, "my-consensus-%s", flavor_name);
3550 write_str_to_file(get_datadir_fname(filename), consensus_body, 0);
3551 tor_free(filename);
3552 }
3553
3554 consensus_body = NULL;
3555 consensus = NULL;
3556 }
3557 if (!n_generated) {
3558 log_warn(LD_DIR, "Couldn't generate any consensus flavors at all.");
3559 goto err;
3560 }
3561 }
3562
3564 pending, N_CONSENSUS_FLAVORS);
3565
3566 if (!signatures) {
3567 log_warn(LD_DIR, "Couldn't extract signatures.");
3568 goto err;
3569 }
3570
3572 memcpy(pending_consensuses, pending, sizeof(pending));
3573
3575 pending_consensus_signatures = signatures;
3576
3578 int n_sigs = 0;
3579 /* we may have gotten signatures for this consensus before we built
3580 * it ourself. Add them now. */
3582 const char *msg = NULL;
3584 "pending", &msg);
3585 if (r >= 0)
3586 n_sigs += r;
3587 else
3588 log_warn(LD_DIR,
3589 "Could not add queued signature to new consensus: %s",
3590 msg);
3591 tor_free(sig);
3592 } SMARTLIST_FOREACH_END(sig);
3593 if (n_sigs)
3594 log_notice(LD_DIR, "Added %d pending signatures while building "
3595 "consensus.", n_sigs);
3597 }
3598
3599 log_notice(LD_DIR, "Consensus computed; uploading signature(s)");
3600
3603 V3_DIRINFO,
3605 strlen(pending_consensus_signatures), 0);
3606 log_notice(LD_DIR, "Signature(s) posted.");
3607
3608 smartlist_free(votes);
3609 return 0;
3610 err:
3611 smartlist_free(votes);
3612 tor_free(consensus_body);
3613 tor_free(signatures);
3614 networkstatus_vote_free(consensus);
3615
3616 return -1;
3617}
3618
3619/** Helper: we just got the <b>detached_signatures_body</b> sent to us as
3620 * signatures on the currently pending consensus. Add them to <b>pc</b>
3621 * as appropriate. Return the number of signatures added. (?) */
3622static int
3626 const char *source,
3627 int severity,
3628 const char **msg_out)
3629{
3630 const char *flavor_name;
3631 int r = -1;
3632
3633 /* Only call if we have a pending consensus right now. */
3634 tor_assert(pc->consensus);
3635 tor_assert(pc->body);
3637
3639 *msg_out = NULL;
3640
3641 {
3642 smartlist_t *sig_list = strmap_get(sigs->signatures, flavor_name);
3643 log_info(LD_DIR, "Have %d signatures for adding to %s consensus.",
3644 sig_list ? smartlist_len(sig_list) : 0, flavor_name);
3645 }
3647 source, severity, msg_out);
3648 if (r >= 0) {
3649 log_info(LD_DIR,"Added %d signatures to consensus.", r);
3650 } else {
3651 log_fn(LOG_PROTOCOL_WARN, LD_DIR,
3652 "Unable to add signatures to consensus: %s",
3653 *msg_out ? *msg_out : "(unknown)");
3654 }
3655
3656 if (r >= 1) {
3657 char *new_signatures =
3659 char *dst, *dst_end;
3660 size_t new_consensus_len;
3661 if (!new_signatures) {
3662 *msg_out = "No signatures to add";
3663 goto err;
3664 }
3665 new_consensus_len =
3666 strlen(pc->body) + strlen(new_signatures) + 1;
3667 pc->body = tor_realloc(pc->body, new_consensus_len);
3668 dst_end = pc->body + new_consensus_len;
3669 dst = (char *) find_str_at_start_of_line(pc->body, "directory-signature ");
3670 tor_assert(dst);
3671 strlcpy(dst, new_signatures, dst_end-dst);
3672
3673 /* We remove this block once it has failed to crash for a while. But
3674 * unless it shows up in profiles, we're probably better leaving it in,
3675 * just in case we break detached signature processing at some point. */
3676 {
3678 pc->body, strlen(pc->body), NULL,
3679 NS_TYPE_CONSENSUS);
3680 tor_assert(v);
3681 networkstatus_vote_free(v);
3682 }
3683 *msg_out = "Signatures added";
3684 tor_free(new_signatures);
3685 } else if (r == 0) {
3686 *msg_out = "Signatures ignored";
3687 } else {
3688 goto err;
3689 }
3690
3691 goto done;
3692 err:
3693 if (!*msg_out)
3694 *msg_out = "Unrecognized error while adding detached signatures.";
3695 done:
3696 return r;
3697}
3698
3699/** Helper: we just got the <b>detached_signatures_body</b> sent to us as
3700 * signatures on the currently pending consensus. Add them to the pending
3701 * consensus (if we have one).
3702 *
3703 * Set *<b>msg</b> to a string constant describing the status, regardless of
3704 * success or failure.
3705 *
3706 * Return negative on failure, nonnegative on success. */
3707static int
3709 const char *detached_signatures_body,
3710 const char *source,
3711 const char **msg_out)
3712{
3713 int r=0, i, n_added = 0, errors = 0;
3715 tor_assert(detached_signatures_body);
3716 tor_assert(msg_out);
3718
3720 detached_signatures_body, NULL))) {
3721 *msg_out = "Couldn't parse detached signatures.";
3722 goto err;
3723 }
3724
3725 for (i = 0; i < N_CONSENSUS_FLAVORS; ++i) {
3726 int res;
3727 int severity = i == FLAV_NS ? LOG_NOTICE : LOG_INFO;
3728 pending_consensus_t *pc = &pending_consensuses[i];
3729 if (!pc->consensus)
3730 continue;
3731 res = dirvote_add_signatures_to_pending_consensus(pc, sigs, source,
3732 severity, msg_out);
3733 if (res < 0)
3734 errors++;
3735 else
3736 n_added += res;
3737 }
3738
3739 if (errors && !n_added) {
3740 r = -1;
3741 goto err;
3742 }
3743
3744 if (n_added && pending_consensuses[FLAV_NS].consensus) {
3745 char *new_detached =
3747 pending_consensuses, N_CONSENSUS_FLAVORS);
3748 if (new_detached) {
3750 pending_consensus_signatures = new_detached;
3751 }
3752 }
3753
3754 r = n_added;
3755 goto done;
3756 err:
3757 if (!*msg_out)
3758 *msg_out = "Unrecognized error while adding detached signatures.";
3759 done:
3760 ns_detached_signatures_free(sigs);
3761 /* XXXX NM Check how return is used. We can now have an error *and*
3762 signatures added. */
3763 return r;
3764}
3765
3766/** Helper: we just got the <b>detached_signatures_body</b> sent to us as
3767 * signatures on the currently pending consensus. Add them to the pending
3768 * consensus (if we have one); otherwise queue them until we have a
3769 * consensus.
3770 *
3771 * Set *<b>msg</b> to a string constant describing the status, regardless of
3772 * success or failure.
3773 *
3774 * Return negative on failure, nonnegative on success. */
3775int
3776dirvote_add_signatures(const char *detached_signatures_body,
3777 const char *source,
3778 const char **msg)
3779{
3780 if (pending_consensuses[FLAV_NS].consensus) {
3781 log_notice(LD_DIR, "Got a signature from %s. "
3782 "Adding it to the pending consensus.", source);
3784 detached_signatures_body, source, msg);
3785 } else {
3786 log_notice(LD_DIR, "Got a signature from %s. "
3787 "Queuing it for the next consensus.", source);
3791 detached_signatures_body);
3792 *msg = "Signature queued";
3793 return 0;
3794 }
3795}
3796
3797/** Replace the consensus that we're currently serving with the one that we've
3798 * been building. (V3 Authority only) */
3799static int
3801{
3802 int i;
3803
3804 /* Now remember all the other consensuses as if we were a directory cache. */
3805 for (i = 0; i < N_CONSENSUS_FLAVORS; ++i) {
3806 pending_consensus_t *pending = &pending_consensuses[i];
3807 const char *name;
3810 if (!pending->consensus ||
3812 log_warn(LD_DIR, "Not enough info to publish pending %s consensus",name);
3813 continue;
3814 }
3815
3817 strlen(pending->body),
3818 name, 0, NULL))
3819 log_warn(LD_DIR, "Error publishing %s consensus", name);
3820 else
3821 log_notice(LD_DIR, "Published %s consensus", name);
3822 }
3823
3824 return 0;
3825}
3826
3827/** Release all static storage held in dirvote.c */
3828void
3830{
3832 /* now empty as a result of dirvote_clear_votes(). */
3833 smartlist_free(pending_vote_list);
3834 pending_vote_list = NULL;
3835 smartlist_free(previous_vote_list);
3836 previous_vote_list = NULL;
3837
3841 /* now empty as a result of dirvote_clear_votes(). */
3842 smartlist_free(pending_consensus_signature_list);
3844 }
3845}
3846
3847/* ====
3848 * Access to pending items.
3849 * ==== */
3850
3851/** Return the body of the consensus that we're currently trying to build. */
3852MOCK_IMPL(const char *,
3854{
3855 tor_assert(((int)flav) >= 0 && (int)flav < N_CONSENSUS_FLAVORS);
3856 return pending_consensuses[flav].body;
3857}
3858
3859/** Return the signatures that we know for the consensus that we're currently
3860 * trying to build. */
3861MOCK_IMPL(const char *,
3863{
3865}
3866
3867/** Return a given vote specified by <b>fp</b>. If <b>by_id</b>, return the
3868 * vote for the authority with the v3 authority identity key digest <b>fp</b>;
3869 * if <b>by_id</b> is false, return the vote whose digest is <b>fp</b>. If
3870 * <b>fp</b> is NULL, return our own vote. If <b>include_previous</b> is
3871 * false, do not consider any votes for a consensus that's already been built.
3872 * If <b>include_pending</b> is false, do not consider any votes for the
3873 * consensus that's in progress. May return NULL if we have no vote for the
3874 * authority in question. */
3875const cached_dir_t *
3876dirvote_get_vote(const char *fp, int flags)
3877{
3878 int by_id = flags & DGV_BY_ID;
3879 const int include_pending = flags & DGV_INCLUDE_PENDING;
3880 const int include_previous = flags & DGV_INCLUDE_PREVIOUS;
3881
3883 return NULL;
3884 if (fp == NULL) {
3886 if (c) {
3888 by_id = 1;
3889 } else
3890 return NULL;
3891 }
3892 if (by_id) {
3893 if (pending_vote_list && include_pending) {
3895 if (fast_memeq(get_voter(pv->vote)->identity_digest, fp, DIGEST_LEN))
3896 return pv->vote_body);
3897 }
3898 if (previous_vote_list && include_previous) {
3900 if (fast_memeq(get_voter(pv->vote)->identity_digest, fp, DIGEST_LEN))
3901 return pv->vote_body);
3902 }
3903 } else {
3904 if (pending_vote_list && include_pending) {
3906 if (fast_memeq(pv->vote->digests.d[DIGEST_SHA1], fp, DIGEST_LEN))
3907 return pv->vote_body);
3908 }
3909 if (previous_vote_list && include_previous) {
3911 if (fast_memeq(pv->vote->digests.d[DIGEST_SHA1], fp, DIGEST_LEN))
3912 return pv->vote_body);
3913 }
3914 }
3915 return NULL;
3916}
3917
3918/** Construct and return a new microdescriptor from a routerinfo <b>ri</b>
3919 * according to <b>consensus_method</b>.
3920 **/
3922dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method)
3923{
3924 microdesc_t *result = NULL;
3925 char *key = NULL, *summary = NULL, *family = NULL;
3926 size_t keylen;
3927 smartlist_t *chunks = smartlist_new();
3928 char *output = NULL;
3929 crypto_pk_t *rsa_pubkey = router_get_rsa_onion_pkey(ri->onion_pkey,
3930 ri->onion_pkey_len);
3931
3932 if (crypto_pk_write_public_key_to_string(rsa_pubkey, &key, &keylen)<0)
3933 goto done;
3934 summary = policy_summarize(ri->exit_policy, AF_INET);
3935 if (ri->declared_family)
3936 family = smartlist_join_strings(ri->declared_family, " ", 0, NULL);
3937
3938 smartlist_add_asprintf(chunks, "onion-key\n%s", key);
3939
3940 if (ri->onion_curve25519_pkey) {
3941 char kbuf[CURVE25519_BASE64_PADDED_LEN + 1];
3942 bool add_padding = (consensus_method < MIN_METHOD_FOR_UNPADDED_NTOR_KEY);
3943 curve25519_public_to_base64(kbuf, ri->onion_curve25519_pkey, add_padding);
3944 smartlist_add_asprintf(chunks, "ntor-onion-key %s\n", kbuf);
3945 }
3946
3947 if (family) {
3948 if (consensus_method < MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS) {
3949 smartlist_add_asprintf(chunks, "family %s\n", family);
3950 } else {
3951 const uint8_t *id = (const uint8_t *)ri->cache_info.identity_digest;
3952 char *canonical_family = nodefamily_canonicalize(family, id, 0);
3953 smartlist_add_asprintf(chunks, "family %s\n", canonical_family);
3954 tor_free(canonical_family);
3955 }
3956 }
3957
3958 if (summary && strcmp(summary, "reject 1-65535"))
3959 smartlist_add_asprintf(chunks, "p %s\n", summary);
3960
3961 if (ri->ipv6_exit_policy) {
3962 /* XXXX+++ This doesn't match proposal 208, which says these should
3963 * be taken unchanged from the routerinfo. That's bogosity, IMO:
3964 * the proposal should have said to do this instead.*/
3965 char *p6 = write_short_policy(ri->ipv6_exit_policy);
3966 if (p6 && strcmp(p6, "reject 1-65535"))
3967 smartlist_add_asprintf(chunks, "p6 %s\n", p6);
3968 tor_free(p6);
3969 }
3970
3971 {
3972 char idbuf[ED25519_BASE64_LEN+1];
3973 const char *keytype;
3974 if (ri->cache_info.signing_key_cert &&
3975 ri->cache_info.signing_key_cert->signing_key_included) {
3976 keytype = "ed25519";
3978 &ri->cache_info.signing_key_cert->signing_key);
3979 } else {
3980 keytype = "rsa1024";
3981 digest_to_base64(idbuf, ri->cache_info.identity_digest);
3982 }
3983 smartlist_add_asprintf(chunks, "id %s %s\n", keytype, idbuf);
3984 }
3985
3986 output = smartlist_join_strings(chunks, "", 0, NULL);
3987
3988 {
3990 output+strlen(output), 0,
3991 SAVED_NOWHERE, NULL);
3992 if (smartlist_len(lst) != 1) {
3993 log_warn(LD_DIR, "We generated a microdescriptor we couldn't parse.");
3994 SMARTLIST_FOREACH(lst, microdesc_t *, md, microdesc_free(md));
3995 smartlist_free(lst);
3996 goto done;
3997 }
3998 result = smartlist_get(lst, 0);
3999 smartlist_free(lst);
4000 }
4001
4002 done:
4003 crypto_pk_free(rsa_pubkey);
4004 tor_free(output);
4005 tor_free(key);
4006 tor_free(summary);
4007 tor_free(family);
4008 if (chunks) {
4009 SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
4010 smartlist_free(chunks);
4011 }
4012 return result;
4013}
4014
4015/** Format the appropriate vote line to describe the microdescriptor <b>md</b>
4016 * in a consensus vote document. Write it into the <b>out_len</b>-byte buffer
4017 * in <b>out</b>. Return -1 on failure and the number of characters written
4018 * on success. */
4019static ssize_t
4020dirvote_format_microdesc_vote_line(char *out_buf, size_t out_buf_len,
4021 const microdesc_t *md,
4022 int consensus_method_low,
4023 int consensus_method_high)
4024{
4025 ssize_t ret = -1;
4026 char d64[BASE64_DIGEST256_LEN+1];
4027 char *microdesc_consensus_methods =
4028 make_consensus_method_list(consensus_method_low,
4029 consensus_method_high,
4030 ",");
4031 tor_assert(microdesc_consensus_methods);
4032
4033 digest256_to_base64(d64, md->digest);
4034
4035 if (tor_snprintf(out_buf, out_buf_len, "m %s sha256=%s\n",
4036 microdesc_consensus_methods, d64)<0)
4037 goto out;
4038
4039 ret = strlen(out_buf);
4040
4041 out:
4042 tor_free(microdesc_consensus_methods);
4043 return ret;
4044}
4045
4046/** Array of start and end of consensus methods used for supported
4047 microdescriptor formats. */
4048static const struct consensus_method_range_t {
4049 int low;
4050 int high;
4051} microdesc_consensus_methods[] = {
4058 {-1, -1}
4059};
4060
4061/** Helper type used when generating the microdescriptor lines in a directory
4062 * vote. */
4064 int low;
4065 int high;
4066 microdesc_t *md;
4067 struct microdesc_vote_line_t *next;
4069
4070/** Generate and return a linked list of all the lines that should appear to
4071 * describe a router's microdescriptor versions in a directory vote.
4072 * Add the generated microdescriptors to <b>microdescriptors_out</b>. */
4075 smartlist_t *microdescriptors_out)
4076{
4077 const struct consensus_method_range_t *cmr;
4078 microdesc_vote_line_t *entries = NULL, *ep;
4079 vote_microdesc_hash_t *result = NULL;
4080
4081 /* Generate the microdescriptors. */
4082 for (cmr = microdesc_consensus_methods;
4083 cmr->low != -1 && cmr->high != -1;
4084 cmr++) {
4085 microdesc_t *md = dirvote_create_microdescriptor(ri, cmr->low);
4086 if (md) {
4088 tor_malloc_zero(sizeof(microdesc_vote_line_t));
4089 e->md = md;
4090 e->low = cmr->low;
4091 e->high = cmr->high;
4092 e->next = entries;
4093 entries = e;
4094 }
4095 }
4096
4097 /* Compress adjacent identical ones */
4098 for (ep = entries; ep; ep = ep->next) {
4099 while (ep->next &&
4100 fast_memeq(ep->md->digest, ep->next->md->digest, DIGEST256_LEN) &&
4101 ep->low == ep->next->high + 1) {
4102 microdesc_vote_line_t *next = ep->next;
4103 ep->low = next->low;
4104 microdesc_free(next->md);
4105 ep->next = next->next;
4106 tor_free(next);
4107 }
4108 }
4109
4110 /* Format them into vote_microdesc_hash_t, and add to microdescriptors_out.*/
4111 while ((ep = entries)) {
4112 char buf[128];
4114 if (dirvote_format_microdesc_vote_line(buf, sizeof(buf), ep->md,
4115 ep->low, ep->high) >= 0) {
4116 h = tor_malloc_zero(sizeof(vote_microdesc_hash_t));
4117 h->microdesc_hash_line = tor_strdup(buf);
4118 h->next = result;
4119 result = h;
4120 ep->md->last_listed = now;
4121 smartlist_add(microdescriptors_out, ep->md);
4122 }
4123 entries = ep->next;
4124 tor_free(ep);
4125 }
4126
4127 return result;
4128}
4129
4130/** Parse and extract all SR commits from <b>tokens</b> and place them in
4131 * <b>ns</b>. */
4132static void
4134{
4135 smartlist_t *chunks = NULL;
4136
4137 tor_assert(ns);
4138 tor_assert(tokens);
4139 /* Commits are only present in a vote. */
4140 tor_assert(ns->type == NS_TYPE_VOTE);
4141
4142 ns->sr_info.commits = smartlist_new();
4143
4144 smartlist_t *commits = find_all_by_keyword(tokens, K_COMMIT);
4145 /* It's normal that a vote might contain no commits even if it participates
4146 * in the SR protocol. Don't treat it as an error. */
4147 if (commits == NULL) {
4148 goto end;
4149 }
4150
4151 /* Parse the commit. We do NO validation of number of arguments or ordering
4152 * for forward compatibility, it's the parse commit job to inform us if it's
4153 * supported or not. */
4154 chunks = smartlist_new();
4156 /* Extract all arguments and put them in the chunks list. */
4157 for (int i = 0; i < tok->n_args; i++) {
4158 smartlist_add(chunks, tok->args[i]);
4159 }
4160 sr_commit_t *commit = sr_parse_commit(chunks);
4161 smartlist_clear(chunks);
4162 if (commit == NULL) {
4163 /* Get voter identity so we can warn that this dirauth vote contains
4164 * commit we can't parse. */
4165 networkstatus_voter_info_t *voter = smartlist_get(ns->voters, 0);
4166 tor_assert(voter);
4167 log_warn(LD_DIR, "SR: Unable to parse commit %s from vote of voter %s.",
4168 escaped(tok->object_body),
4169 hex_str(voter->identity_digest,
4170 sizeof(voter->identity_digest)));
4171 /* Commitment couldn't be parsed. Continue onto the next commit because
4172 * this one could be unsupported for instance. */
4173 continue;
4174 }
4175 /* Add newly created commit object to the vote. */
4176 smartlist_add(ns->sr_info.commits, commit);
4177 } SMARTLIST_FOREACH_END(tok);
4178
4179 end:
4180 smartlist_free(chunks);
4181 smartlist_free(commits);
4182}
4183
4184/* Using the given directory tokens in tokens, parse the shared random commits
4185 * and put them in the given vote document ns.
4186 *
4187 * This also sets the SR participation flag if present in the vote. */
4188void
4189dirvote_parse_sr_commits(networkstatus_t *ns, const smartlist_t *tokens)
4190{
4191 /* Does this authority participates in the SR protocol? */
4192 directory_token_t *tok = find_opt_by_keyword(tokens, K_SR_FLAG);
4193 if (tok) {
4194 ns->sr_info.participate = 1;
4195 /* Get the SR commitments and reveals from the vote. */
4197 }
4198}
4199
4200/* For the given vote, free the shared random commits if any. */
4201void
4202dirvote_clear_commits(networkstatus_t *ns)
4203{
4204 tor_assert(ns->type == NS_TYPE_VOTE);
4205
4206 if (ns->sr_info.commits) {
4207 SMARTLIST_FOREACH(ns->sr_info.commits, sr_commit_t *, c,
4208 sr_commit_free(c));
4209 smartlist_free(ns->sr_info.commits);
4210 }
4211}
4212
4213/* The given url is the /tor/status-vote GET directory request. Populates the
4214 * items list with strings that we can compress on the fly and dir_items with
4215 * cached_dir_t objects that have a precompressed deflated version. */
4216void
4217dirvote_dirreq_get_status_vote(const char *url, smartlist_t *items,
4218 smartlist_t *dir_items)
4219{
4220 int current;
4221
4222 url += strlen("/tor/status-vote/");
4223 current = !strcmpstart(url, "current/");
4224 url = strchr(url, '/');
4225 tor_assert(url);
4226 ++url;
4227 if (!strcmp(url, "consensus")) {
4228 const char *item;
4229 tor_assert(!current); /* we handle current consensus specially above,
4230 * since it wants to be spooled. */
4231 if ((item = dirvote_get_pending_consensus(FLAV_NS)))
4232 smartlist_add(items, (char*)item);
4233 } else if (!current && !strcmp(url, "consensus-signatures")) {
4234 /* XXXX the spec says that we should implement
4235 * current/consensus-signatures too. It doesn't seem to be needed,
4236 * though. */
4237 const char *item;
4239 smartlist_add(items, (char*)item);
4240 } else if (!strcmp(url, "authority")) {
4241 const cached_dir_t *d;
4242 int flags = DGV_BY_ID |
4243 (current ? DGV_INCLUDE_PREVIOUS : DGV_INCLUDE_PENDING);
4244 if ((d=dirvote_get_vote(NULL, flags)))
4245 smartlist_add(dir_items, (cached_dir_t*)d);
4246 } else {
4247 const cached_dir_t *d;
4248 smartlist_t *fps = smartlist_new();
4249 int flags;
4250 if (!strcmpstart(url, "d/")) {
4251 url += 2;
4252 flags = DGV_INCLUDE_PENDING | DGV_INCLUDE_PREVIOUS;
4253 } else {
4254 flags = DGV_BY_ID |
4255 (current ? DGV_INCLUDE_PREVIOUS : DGV_INCLUDE_PENDING);
4256 }
4258 DSR_HEX|DSR_SORT_UNIQ);
4259 SMARTLIST_FOREACH(fps, char *, fp, {
4260 if ((d = dirvote_get_vote(fp, flags)))
4261 smartlist_add(dir_items, (cached_dir_t*)d);
4262 tor_free(fp);
4263 });
4264 smartlist_free(fps);
4265 }
4266}
4267
4268/** Get the best estimate of a router's bandwidth for dirauth purposes,
4269 * preferring measured to advertised values if available. */
4271 (const routerinfo_t *ri))
4272{
4273 uint32_t bw_kb = 0;
4274 /*
4275 * Yeah, measured bandwidths in measured_bw_line_t are (implicitly
4276 * signed) longs and the ones router_get_advertised_bandwidth() returns
4277 * are uint32_t.
4278 */
4279 long mbw_kb = 0;
4280
4281 if (ri) {
4282 /*
4283 * * First try to see if we have a measured bandwidth; don't bother with
4284 * as_of_out here, on the theory that a stale measured bandwidth is still
4285 * better to trust than an advertised one.
4286 */
4288 &mbw_kb, NULL)) {
4289 /* Got one! */
4290 bw_kb = (uint32_t)mbw_kb;
4291 } else {
4292 /* If not, fall back to advertised */
4293 bw_kb = router_get_advertised_bandwidth(ri) / 1000;
4294 }
4295 }
4296
4297 return bw_kb;
4298}
4299
4300/**
4301 * Helper: compare the address of family `family` in `a` with the address in
4302 * `b`. The family must be one of `AF_INET` and `AF_INET6`.
4303 **/
4304static int
4306 const routerinfo_t *b,
4307 int family)
4308{
4309 const tor_addr_t *addr1 = (family==AF_INET) ? &a->ipv4_addr : &a->ipv6_addr;
4310 const tor_addr_t *addr2 = (family==AF_INET) ? &b->ipv4_addr : &b->ipv6_addr;
4311 return tor_addr_compare(addr1, addr2, CMP_EXACT);
4312}
4313
4314/** Helper for sorting: compares two ipv4 routerinfos first by ipv4 address,
4315 * and then by descending order of "usefulness"
4316 * (see compare_routerinfo_usefulness)
4317 **/
4318STATIC int
4319compare_routerinfo_by_ipv4(const void **a, const void **b)
4320{
4321 const routerinfo_t *first = *(const routerinfo_t **)a;
4322 const routerinfo_t *second = *(const routerinfo_t **)b;
4323 int comparison = compare_routerinfo_addrs_by_family(first, second, AF_INET);
4324 if (comparison == 0) {
4325 // If addresses are equal, use other comparison criteria
4326 return compare_routerinfo_usefulness(first, second);
4327 } else {
4328 return comparison;
4329 }
4330}
4331
4332/** Helper for sorting: compares two ipv6 routerinfos first by ipv6 address,
4333 * and then by descending order of "usefulness"
4334 * (see compare_routerinfo_usefulness)
4335 **/
4336STATIC int
4337compare_routerinfo_by_ipv6(const void **a, const void **b)
4338{
4339 const routerinfo_t *first = *(const routerinfo_t **)a;
4340 const routerinfo_t *second = *(const routerinfo_t **)b;
4341 int comparison = compare_routerinfo_addrs_by_family(first, second, AF_INET6);
4342 // If addresses are equal, use other comparison criteria
4343 if (comparison == 0)
4344 return compare_routerinfo_usefulness(first, second);
4345 else
4346 return comparison;
4347}
4348
4349/**
4350* Compare routerinfos by descending order of "usefulness" :
4351* An authority is more useful than a non-authority; a running router is
4352* more useful than a non-running router; and a router with more bandwidth
4353* is more useful than one with less.
4354**/
4355STATIC int
4357 const routerinfo_t *second)
4358{
4359 int first_is_auth, second_is_auth;
4360 const node_t *node_first, *node_second;
4361 int first_is_running, second_is_running;
4362 uint32_t bw_kb_first, bw_kb_second;
4363 /* Potentially, this next bit could cause k n lg n memeq calls. But in
4364 * reality, we will almost never get here, since addresses will usually be
4365 * different. */
4366 first_is_auth =
4367 router_digest_is_trusted_dir(first->cache_info.identity_digest);
4368 second_is_auth =
4369 router_digest_is_trusted_dir(second->cache_info.identity_digest);
4370
4371 if (first_is_auth && !second_is_auth)
4372 return -1;
4373 else if (!first_is_auth && second_is_auth)
4374 return 1;
4375
4376 node_first = node_get_by_id(first->cache_info.identity_digest);
4377 node_second = node_get_by_id(second->cache_info.identity_digest);
4378 first_is_running = node_first && node_first->is_running;
4379 second_is_running = node_second && node_second->is_running;
4380 if (first_is_running && !second_is_running)
4381 return -1;
4382 else if (!first_is_running && second_is_running)
4383 return 1;
4384
4385 bw_kb_first = dirserv_get_bandwidth_for_router_kb(first);
4386 bw_kb_second = dirserv_get_bandwidth_for_router_kb(second);
4387
4388 if (bw_kb_first > bw_kb_second)
4389 return -1;
4390 else if (bw_kb_first < bw_kb_second)
4391 return 1;
4392
4393 /* They're equal! Compare by identity digest, so there's a
4394 * deterministic order and we avoid flapping. */
4395 return fast_memcmp(first->cache_info.identity_digest,
4396 second->cache_info.identity_digest,
4397 DIGEST_LEN);
4398}
4399
4400/** Given a list of routerinfo_t in <b>routers</b> that all use the same
4401 * IP version, specified in <b>family</b>, return a new digestmap_t whose keys
4402 * are the identity digests of those routers that we're going to exclude for
4403 * Sybil-like appearance.
4404 */
4405STATIC digestmap_t *
4407{
4408 const dirauth_options_t *options = dirauth_get_options();
4409 digestmap_t *omit_as_sybil = digestmap_new();
4410 smartlist_t *routers_by_ip = smartlist_new();
4411 int addr_count = 0;
4412 routerinfo_t *last_ri = NULL;
4413 /* Allow at most this number of Tor servers on a single IP address, ... */
4414 int max_with_same_addr = options->AuthDirMaxServersPerAddr;
4415 if (max_with_same_addr <= 0)
4416 max_with_same_addr = INT_MAX;
4417
4418 smartlist_add_all(routers_by_ip, routers);
4419 if (family == AF_INET6)
4421 else
4423
4424 SMARTLIST_FOREACH_BEGIN(routers_by_ip, routerinfo_t *, ri) {
4425 bool addrs_equal;
4426 if (last_ri)
4427 addrs_equal = !compare_routerinfo_addrs_by_family(last_ri, ri, family);
4428 else
4429 addrs_equal = false;
4430
4431 if (! addrs_equal) {
4432 last_ri = ri;
4433 addr_count = 1;
4434 } else if (++addr_count > max_with_same_addr) {
4435 digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
4436 }
4437 } SMARTLIST_FOREACH_END(ri);
4438 smartlist_free(routers_by_ip);
4439 return omit_as_sybil;
4440}
4441
4442/** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
4443 * whose keys are the identity digests of those routers that we're going to
4444 * exclude for Sybil-like appearance. */
4445STATIC digestmap_t *
4447{
4448 smartlist_t *routers_ipv6, *routers_ipv4;
4449 routers_ipv6 = smartlist_new();
4450 routers_ipv4 = smartlist_new();
4451 digestmap_t *omit_as_sybil_ipv4;
4452 digestmap_t *omit_as_sybil_ipv6;
4453 digestmap_t *omit_as_sybil = digestmap_new();
4454 // Sort the routers in two lists depending on their IP version
4455 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
4456 // If the router has an IPv6 address
4457 if (tor_addr_family(&(ri->ipv6_addr)) == AF_INET6) {
4458 smartlist_add(routers_ipv6, ri);
4459 }
4460 // If the router has an IPv4 address
4461 if (tor_addr_family(&(ri->ipv4_addr)) == AF_INET) {
4462 smartlist_add(routers_ipv4, ri);
4463 }
4464 } SMARTLIST_FOREACH_END(ri);
4465 omit_as_sybil_ipv4 = get_sybil_list_by_ip_version(routers_ipv4, AF_INET);
4466 omit_as_sybil_ipv6 = get_sybil_list_by_ip_version(routers_ipv6, AF_INET6);
4467
4468 // Add all possible sybils to the common digestmap
4469 DIGESTMAP_FOREACH (omit_as_sybil_ipv4, sybil_id, routerinfo_t *, ri) {
4470 digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
4472 DIGESTMAP_FOREACH (omit_as_sybil_ipv6, sybil_id, routerinfo_t *, ri) {
4473 digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
4475 // Clean the temp variables
4476 smartlist_free(routers_ipv4);
4477 smartlist_free(routers_ipv6);
4478 digestmap_free(omit_as_sybil_ipv4, NULL);
4479 digestmap_free(omit_as_sybil_ipv6, NULL);
4480 // Return the digestmap: it now contains all the possible sybils
4481 return omit_as_sybil;
4482}
4483
4484/** Given a platform string as in a routerinfo_t (possibly null), return a
4485 * newly allocated version string for a networkstatus document, or NULL if the
4486 * platform doesn't give a Tor version. */
4487static char *
4488version_from_platform(const char *platform)
4489{
4490 if (platform && !strcmpstart(platform, "Tor ")) {
4491 const char *eos = find_whitespace(platform+4);
4492 if (eos && !strcmpstart(eos, " (r")) {
4493 /* XXXX Unify this logic with the other version extraction
4494 * logic in routerparse.c. */
4495 eos = find_whitespace(eos+1);
4496 }
4497 if (eos) {
4498 return tor_strndup(platform, eos-platform);
4499 }
4500 }
4501 return NULL;
4502}
4503
4504/** Given a (possibly empty) list of config_line_t, each line of which contains
4505 * a list of comma-separated version numbers surrounded by optional space,
4506 * allocate and return a new string containing the version numbers, in order,
4507 * separated by commas. Used to generate Recommended(Client|Server)?Versions
4508 */
4509char *
4511{
4512 smartlist_t *versions;
4513 char *result;
4514 versions = smartlist_new();
4515 for ( ; ln; ln = ln->next) {
4516 smartlist_split_string(versions, ln->value, ",",
4517 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
4518 }
4519
4520 /* Handle the case where a dirauth operator has accidentally made some
4521 * versions space-separated instead of comma-separated. */
4522 smartlist_t *more_versions = smartlist_new();
4523 SMARTLIST_FOREACH_BEGIN(versions, char *, v) {
4524 if (strchr(v, ' ')) {
4525 if (warn)
4526 log_warn(LD_DIRSERV, "Unexpected space in versions list member %s. "
4527 "(These are supposed to be comma-separated; I'll pretend you "
4528 "used commas instead.)", escaped(v));
4529 SMARTLIST_DEL_CURRENT(versions, v);
4530 smartlist_split_string(more_versions, v, NULL,
4531 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
4532 tor_free(v);
4533 }
4534 } SMARTLIST_FOREACH_END(v);
4535 smartlist_add_all(versions, more_versions);
4536 smartlist_free(more_versions);
4537
4538 /* Check to make sure everything looks like a version. */
4539 if (warn) {
4540 SMARTLIST_FOREACH_BEGIN(versions, const char *, v) {
4541 tor_version_t ver;
4542 if (tor_version_parse(v, &ver) < 0) {
4543 log_warn(LD_DIRSERV, "Recommended version %s does not look valid. "
4544 " (I'll include it anyway, since you told me to.)",
4545 escaped(v));
4546 }
4547 } SMARTLIST_FOREACH_END(v);
4548 }
4549
4550 sort_version_list(versions, 1);
4551 result = smartlist_join_strings(versions,",",0,NULL);
4552 SMARTLIST_FOREACH(versions,char *,s,tor_free(s));
4553 smartlist_free(versions);
4554 return result;
4555}
4556
4557/** If there are entries in <b>routers</b> with exactly the same ed25519 keys,
4558 * remove the older one. If they are exactly the same age, remove the one
4559 * with the greater descriptor digest. May alter the order of the list. */
4560static void
4562{
4563 routerinfo_t *ri2;
4564 digest256map_t *by_ed_key = digest256map_new();
4565
4566 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
4567 ri->omit_from_vote = 0;
4568 if (ri->cache_info.signing_key_cert == NULL)
4569 continue; /* No ed key */
4570 const uint8_t *pk = ri->cache_info.signing_key_cert->signing_key.pubkey;
4571 if ((ri2 = digest256map_get(by_ed_key, pk))) {
4572 /* Duplicate; must omit one. Set the omit_from_vote flag in whichever
4573 * one has the earlier published_on. */
4574 const time_t ri_pub = ri->cache_info.published_on;
4575 const time_t ri2_pub = ri2->cache_info.published_on;
4576 if (ri2_pub < ri_pub ||
4577 (ri2_pub == ri_pub &&
4578 fast_memcmp(ri->cache_info.signed_descriptor_digest,
4579 ri2->cache_info.signed_descriptor_digest,DIGEST_LEN)<0)) {
4580 digest256map_set(by_ed_key, pk, ri);
4581 ri2->omit_from_vote = 1;
4582 } else {
4583 ri->omit_from_vote = 1;
4584 }
4585 } else {
4586 /* Add to map */
4587 digest256map_set(by_ed_key, pk, ri);
4588 }
4589 } SMARTLIST_FOREACH_END(ri);
4590
4591 digest256map_free(by_ed_key, NULL);
4592
4593 /* Now remove every router where the omit_from_vote flag got set. */
4594 SMARTLIST_FOREACH_BEGIN(routers, const routerinfo_t *, ri) {
4595 if (ri->omit_from_vote) {
4596 SMARTLIST_DEL_CURRENT(routers, ri);
4597 }
4598 } SMARTLIST_FOREACH_END(ri);
4599}
4600
4601/** Routerstatus <b>rs</b> is part of a group of routers that are on too
4602 * narrow an IP-space. Clear out its flags since we don't want it be used
4603 * because of its Sybil-like appearance.
4604 *
4605 * Leave its BadExit flag alone though, since if we think it's a bad exit,
4606 * we want to vote that way in case all the other authorities are voting
4607 * Running and Exit.
4608 *
4609 * Also set the Sybil flag in order to let a relay operator know that's
4610 * why their relay hasn't been voted on.
4611 */
4612static void
4614{
4615 rs->is_authority = rs->is_exit = rs->is_stable = rs->is_fast =
4616 rs->is_flagged_running = rs->is_named = rs->is_valid =
4617 rs->is_hs_dir = rs->is_v2_dir = rs->is_possible_guard = 0;
4618 rs->is_sybil = 1;
4619 /* FFFF we might want some mechanism to check later on if we
4620 * missed zeroing any flags: it's easy to add a new flag but
4621 * forget to add it to this clause. */
4622}
4623
4624/** Space-separated list of all the flags that we will always vote on. */
4626 "Authority "
4627 "Exit "
4628 "Fast "
4629 "Guard "
4630 "HSDir "
4631 "Stable "
4632 "StaleDesc "
4633 "Sybil "
4634 "V2Dir "
4635 "Valid";
4636/** Space-separated list of all flags that we may or may not vote on,
4637 * depending on our configuration. */
4639 "BadExit "
4640 "MiddleOnly "
4641 "Running";
4642
4643/** Return a new networkstatus_t* containing our current opinion. (For v3
4644 * authorities) */
4647 authority_cert_t *cert)
4648{
4649 const or_options_t *options = get_options();
4650 const dirauth_options_t *d_options = dirauth_get_options();
4651 networkstatus_t *v3_out = NULL;
4652 tor_addr_t addr;
4653 char *hostname = NULL, *client_versions = NULL, *server_versions = NULL;
4654 const char *contact;
4655 smartlist_t *routers, *routerstatuses;
4656 char identity_digest[DIGEST_LEN];
4657 char signing_key_digest[DIGEST_LEN];
4658 const int list_bad_exits = d_options->AuthDirListBadExits;
4659 const int list_middle_only = d_options->AuthDirListMiddleOnly;
4661 time_t now = time(NULL);
4662 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
4663 networkstatus_voter_info_t *voter = NULL;
4664 vote_timing_t timing;
4665 const int vote_on_reachability = running_long_enough_to_decide_unreachable();
4666 smartlist_t *microdescriptors = NULL;
4667 smartlist_t *bw_file_headers = NULL;
4668 uint8_t bw_file_digest256[DIGEST256_LEN] = {0};
4669
4670 tor_assert(private_key);
4671 tor_assert(cert);
4672
4673 if (crypto_pk_get_digest(private_key, signing_key_digest)<0) {
4674 log_err(LD_BUG, "Error computing signing key digest");
4675 return NULL;
4676 }
4677 if (crypto_pk_get_digest(cert->identity_key, identity_digest)<0) {
4678 log_err(LD_BUG, "Error computing identity key digest");
4679 return NULL;
4680 }
4681 if (!find_my_address(options, AF_INET, LOG_WARN, &addr, NULL, &hostname)) {
4682 log_warn(LD_NET, "Couldn't resolve my hostname");
4683 return NULL;
4684 }
4685 if (!hostname || !strchr(hostname, '.')) {
4686 tor_free(hostname);
4687 hostname = tor_addr_to_str_dup(&addr);
4688 }
4689
4690 if (!hostname) {
4691 log_err(LD_BUG, "Failed to determine hostname AND duplicate address");
4692 return NULL;
4693 }
4694
4695 if (d_options->VersioningAuthoritativeDirectory) {
4696 client_versions =
4698 server_versions =
4700 }
4701
4702 contact = get_options()->ContactInfo;
4703 if (!contact)
4704 contact = "(none)";
4705
4706 /*
4707 * Do this so dirserv_compute_performance_thresholds() and
4708 * set_routerstatus_from_routerinfo() see up-to-date bandwidth info.
4709 */
4710 if (options->V3BandwidthsFile) {
4712 NULL);
4713 } else {
4714 /*
4715 * No bandwidths file; clear the measured bandwidth cache in case we had
4716 * one last time around.
4717 */
4720 }
4721 }
4722
4723 /* precompute this part, since we need it to decide what "stable"
4724 * means. */
4726 dirserv_set_router_is_running(ri, now);
4727 });
4728
4729 routers = smartlist_new();
4730 smartlist_add_all(routers, rl->routers);
4732 /* After this point, don't use rl->routers; use 'routers' instead. */
4733 routers_sort_by_identity(routers);
4734 /* Get a digestmap of possible sybil routers, IPv4 or IPv6 */
4735 digestmap_t *omit_as_sybil = get_all_possible_sybil(routers);
4736 DIGESTMAP_FOREACH (omit_as_sybil, sybil_id, void *, ignore) {
4737 (void)ignore;
4738 rep_hist_make_router_pessimal(sybil_id, now);
4740 /* Count how many have measured bandwidths so we know how to assign flags;
4741 * this must come before dirserv_compute_performance_thresholds() */
4744 routerstatuses = smartlist_new();
4745 microdescriptors = smartlist_new();
4746
4747 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
4748 /* If it has a protover list and contains a protocol name greater than
4749 * MAX_PROTOCOL_NAME_LENGTH, skip it. */
4750 if (ri->protocol_list &&
4751 protover_list_is_invalid(ri->protocol_list)) {
4752 continue;
4753 }
4754 if (ri->cache_info.published_on >= cutoff) {
4755 routerstatus_t *rs;
4757 node_t *node = node_get_mutable_by_id(ri->cache_info.identity_digest);
4758 if (!node)
4759 continue;
4760
4761 vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
4762 rs = &vrs->status;
4764 list_bad_exits,
4765 list_middle_only);
4766 vrs->published_on = ri->cache_info.published_on;
4767
4768 if (ri->cache_info.signing_key_cert) {
4769 memcpy(vrs->ed25519_id,
4770 ri->cache_info.signing_key_cert->signing_key.pubkey,
4772 }
4773 if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
4775
4776 if (!vote_on_reachability)
4777 rs->is_flagged_running = 0;
4778
4779 vrs->version = version_from_platform(ri->platform);
4780 if (ri->protocol_list) {
4781 vrs->protocols = tor_strdup(ri->protocol_list);
4782 } else {
4783 vrs->protocols = tor_strdup(
4785 }
4787 microdescriptors);
4788
4789 smartlist_add(routerstatuses, vrs);
4790 }
4791 } SMARTLIST_FOREACH_END(ri);
4792
4793 {
4794 smartlist_t *added =
4796 microdescriptors, SAVED_NOWHERE, 0);
4797 smartlist_free(added);
4798 smartlist_free(microdescriptors);
4799 }
4800
4801 smartlist_free(routers);
4802 digestmap_free(omit_as_sybil, NULL);
4803
4804 /* Apply guardfraction information to routerstatuses. */
4805 if (options->GuardfractionFile) {
4807 routerstatuses);
4808 }
4809
4810 /* This pass through applies the measured bw lines to the routerstatuses */
4811 if (options->V3BandwidthsFile) {
4812 /* Only set bw_file_headers when V3BandwidthsFile is configured */
4813 bw_file_headers = smartlist_new();
4815 routerstatuses, bw_file_headers,
4816 bw_file_digest256);
4817 } else {
4818 /*
4819 * No bandwidths file; clear the measured bandwidth cache in case we had
4820 * one last time around.
4821 */
4824 }
4825 }
4826
4827 v3_out = tor_malloc_zero(sizeof(networkstatus_t));
4828
4829 v3_out->type = NS_TYPE_VOTE;
4831 v3_out->published = now;
4832 {
4833 char tbuf[ISO_TIME_LEN+1];
4834 networkstatus_t *current_consensus =
4836 long last_consensus_interval; /* only used to pick a valid_after */
4837 if (current_consensus)
4838 last_consensus_interval = current_consensus->fresh_until -
4839 current_consensus->valid_after;
4840 else
4841 last_consensus_interval = options->TestingV3AuthInitialVotingInterval;
4842 v3_out->valid_after =
4844 (int)last_consensus_interval,
4846 format_iso_time(tbuf, v3_out->valid_after);
4847 log_notice(LD_DIR,"Choosing valid-after time in vote as %s: "
4848 "consensus_set=%d, last_interval=%d",
4849 tbuf, current_consensus?1:0, (int)last_consensus_interval);
4850 }
4851 v3_out->fresh_until = v3_out->valid_after + timing.vote_interval;
4852 v3_out->valid_until = v3_out->valid_after +
4853 (timing.vote_interval * timing.n_intervals_valid);
4854 v3_out->vote_seconds = timing.vote_delay;
4855 v3_out->dist_seconds = timing.dist_delay;
4856 tor_assert(v3_out->vote_seconds > 0);
4857 tor_assert(v3_out->dist_seconds > 0);
4858 tor_assert(timing.n_intervals_valid > 0);
4859
4860 v3_out->client_versions = client_versions;
4861 v3_out->server_versions = server_versions;
4862
4865 v3_out->recommended_client_protocols =
4867 v3_out->required_client_protocols =
4869 v3_out->required_relay_protocols =
4871
4872 /* We are not allowed to vote to require anything we don't have. */
4873 tor_assert(protover_all_supported(v3_out->required_relay_protocols, NULL));
4874 tor_assert(protover_all_supported(v3_out->required_client_protocols, NULL));
4875
4876 /* We should not recommend anything we don't have. */
4877 tor_assert_nonfatal(protover_all_supported(
4878 v3_out->recommended_relay_protocols, NULL));
4879 tor_assert_nonfatal(protover_all_supported(
4880 v3_out->recommended_client_protocols, NULL));
4881
4882 v3_out->known_flags = smartlist_new();
4885 0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
4886 if (vote_on_reachability)
4887 smartlist_add_strdup(v3_out->known_flags, "Running");
4888 if (list_bad_exits)
4889 smartlist_add_strdup(v3_out->known_flags, "BadExit");
4890 if (list_middle_only)
4891 smartlist_add_strdup(v3_out->known_flags, "MiddleOnly");
4893
4894 if (d_options->ConsensusParams) {
4895 config_line_t *paramline = d_options->ConsensusParams;
4896 v3_out->net_params = smartlist_new();
4897 for ( ; paramline; paramline = paramline->next) {
4899 paramline->value, NULL, 0, 0);
4900 }
4901
4902 /* for transparency and visibility, include our current value of
4903 * AuthDirMaxServersPerAddr in our consensus params. Once enough dir
4904 * auths do this, external tools should be able to use that value to
4905 * help understand which relays are allowed into the consensus. */
4906 smartlist_add_asprintf(v3_out->net_params, "AuthDirMaxServersPerAddr=%d",
4907 d_options->AuthDirMaxServersPerAddr);
4908
4910 }
4911 v3_out->bw_file_headers = bw_file_headers;
4912 memcpy(v3_out->bw_file_digest256, bw_file_digest256, DIGEST256_LEN);
4913
4914 voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
4915 voter->nickname = tor_strdup(options->Nickname);
4916 memcpy(voter->identity_digest, identity_digest, DIGEST_LEN);
4917 voter->sigs = smartlist_new();
4918 voter->address = hostname;
4919 tor_addr_copy(&voter->ipv4_addr, &addr);
4920 voter->ipv4_dirport = routerconf_find_dir_port(options, 0);
4921 voter->ipv4_orport = routerconf_find_or_port(options, AF_INET);
4922 voter->contact = tor_strdup(contact);
4923 if (options->V3AuthUseLegacyKey) {
4925 if (c) {
4927 log_warn(LD_BUG, "Unable to compute digest of legacy v3 identity key");
4928 memset(voter->legacy_id_digest, 0, DIGEST_LEN);
4929 }
4930 }
4931 }
4932
4933 v3_out->voters = smartlist_new();
4934 smartlist_add(v3_out->voters, voter);
4935 v3_out->cert = authority_cert_dup(cert);
4936 v3_out->routerstatus_list = routerstatuses;
4937 /* Note: networkstatus_digest is unset; it won't get set until we actually
4938 * format the vote. */
4939
4940 return v3_out;
4941}
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:933
tor_addr_port_t * tor_addr_port_new(const tor_addr_t *addr, uint16_t port)
Definition: address.c:2100
int tor_addr_compare(const tor_addr_t *addr1, const tor_addr_t *addr2, tor_addr_comparison_t how)
Definition: address.c:984
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:780
char * tor_addr_to_str_dup(const tor_addr_t *addr)
Definition: address.c:1164
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
Definition: address.c:1199
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:187
#define fmt_addr(a)
Definition: address.h:239
int trusted_dirs_load_certs_from_string(const char *contents, int source, int flush, const char *source_dir)
Definition: authcert.c:373
authority_cert_t * authority_cert_get_by_digests(const char *id_digest, const char *sk_digest)
Definition: authcert.c:648
Header file for authcert.c.
Header file for directory authority mode.
Authority certificate structure.
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen, int flags)
Definition: binascii.c:215
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:478
int dirserv_get_measured_bw_cache_size(void)
Definition: bwauth.c:166
int dirserv_read_measured_bandwidths(const char *from_file, smartlist_t *routerstatuses, smartlist_t *bw_file_headers, uint8_t *digest_out)
Definition: bwauth.c:232
void dirserv_count_measured_bws(const smartlist_t *routers)
Definition: bwauth.c:39
int dirserv_query_measured_bw_cache_kb(const char *node_id, long *bw_kb_out, time_t *as_of_out)
Definition: bwauth.c:138
void dirserv_clear_measured_bw_cache(void)
Definition: bwauth.c:103
Header file for bwauth.c.
#define MAX_BW_FILE_HEADER_COUNT_IN_VOTE
Definition: bwauth.h:16
Cached large directory object structure.
#define MAX(a, b)
Definition: cmp.h:22
const char * name
Definition: config.c:2462
const or_options_t * get_options(void)
Definition: config.c:944
Header file for config.c.
Header for confline.c.
void curve25519_public_to_base64(char *output, const curve25519_public_key_t *pkey, bool pad)
const char * crypto_digest_algorithm_get_name(digest_algorithm_t alg)
Definition: crypto_digest.c:44
#define BASE64_DIGEST256_LEN
Definition: crypto_digest.h:29
#define HEX_DIGEST256_LEN
Definition: crypto_digest.h:37
digest_algorithm_t
Definition: crypto_digest.h:44
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
#define N_COMMON_DIGEST_ALGORITHMS
Definition: crypto_digest.h:58
void digest256_to_base64(char *d64, const char *digest)
void ed25519_public_to_base64(char *output, const ed25519_public_key_t *pkey)
int digest256_from_base64(char *digest, const char *d64)
void digest_to_base64(char *d64, const char *digest)
Header for crypto_format.c.
int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out, int add_space)
Definition: crypto_rsa.c:229
int crypto_pk_write_public_key_to_string(crypto_pk_t *env, char **dest, size_t *len)
Definition: crypto_rsa.c:466
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
Definition: crypto_rsa.c:356
crypto_pk_t * crypto_pk_dup_key(crypto_pk_t *orig)
#define FINGERPRINT_LEN
Definition: crypto_rsa.h:34
#define fast_memeq(a, b, c)
Definition: di_ops.h:35
#define fast_memcmp(a, b, c)
Definition: di_ops.h:28
#define DIGEST_LEN
Definition: digest_sizes.h:20
#define DIGEST256_LEN
Definition: digest_sizes.h:23
Trusted/fallback directory server structure.
Structure dirauth_options_t to hold directory authority options.
Header for dirauth_sys.c.
void directory_get_from_all_authorities(uint8_t dir_purpose, uint8_t router_purpose, const char *resource)
Definition: dirclient.c:585
void directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose, dirinfo_type_t type, const char *payload, size_t payload_len, size_t extrainfo_len)
Definition: dirclient.c:229
Header file for dirclient.c.
int dircollator_n_routers(dircollator_t *dc)
Definition: dircollate.c:305
dircollator_t * dircollator_new(int n_votes, int n_authorities)
Definition: dircollate.c:149
void dircollator_collate(dircollator_t *dc, int consensus_method)
Definition: dircollate.c:211
void dircollator_add_vote(dircollator_t *dc, networkstatus_t *v)
Definition: dircollate.c:194
vote_routerstatus_t ** dircollator_get_votes_for_router(dircollator_t *dc, int idx)
Definition: dircollate.c:320
Header file for dircollate.c.
int dir_split_resource_into_fingerprints(const char *resource, smartlist_t *fp_out, int *compressed_out, int flags)
Definition: directory.c:640
Header file for directory.c.
#define DIR_PURPOSE_UPLOAD_VOTE
Definition: directory.h:43
#define DIR_PURPOSE_FETCH_DETACHED_SIGNATURES
Definition: directory.h:51
#define DIR_PURPOSE_UPLOAD_SIGNATURES
Definition: directory.h:45
#define DIR_PURPOSE_FETCH_STATUS_VOTE
Definition: directory.h:48
int get_n_authorities(dirinfo_type_t type)
Definition: dirlist.c:103
dir_server_t * trusteddirserver_get_by_v3_auth_digest(const char *digest)
Definition: dirlist.c:215
Header file for dirlist.c.
void cached_dir_decref(cached_dir_t *d)
Definition: dirserv.c:124
cached_dir_t * new_cached_dir(char *s, time_t published)
Definition: dirserv.c:135
Header file for dirserv.c.
static char * networkstatus_format_signatures(networkstatus_t *consensus, int for_detached_signatures)
Definition: dirvote.c:2746
STATIC microdesc_t * dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method)
Definition: dirvote.c:3922
static int dirvote_add_signatures_to_all_pending_consensuses(const char *detached_signatures_body, const char *source, const char **msg_out)
Definition: dirvote.c:3708
static void dirvote_fetch_missing_signatures(void)
Definition: dirvote.c:3108
static void dirvote_clear_pending_consensuses(void)
Definition: dirvote.c:3131
STATIC int compare_routerinfo_usefulness(const routerinfo_t *first, const routerinfo_t *second)
Definition: dirvote.c:4356
static int cmp_int_strings_(const void **_a, const void **_b)
Definition: dirvote.c:774
networkstatus_t * dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, authority_cert_t *cert)
Definition: dirvote.c:4646
pending_vote_t * dirvote_add_vote(const char *vote_body, time_t time_posted, const char *where_from, const char **msg_out, int *status_out)
Definition: dirvote.c:3240
static int consensus_method_is_supported(int method)
Definition: dirvote.c:828
static vote_routerstatus_t * compute_routerstatus_consensus(smartlist_t *votes, int consensus_method, char *microdesc_digest256_out, tor_addr_port_t *best_alt_orport_out)
Definition: dirvote.c:677
char * format_recommended_version_list(const config_line_t *ln, int warn)
Definition: dirvote.c:4510
static void get_frequent_members(smartlist_t *out, smartlist_t *in, int min)
Definition: dirvote.c:578
static bw_weights_error_t networkstatus_check_weights(int64_t Wgg, int64_t Wgd, int64_t Wmg, int64_t Wme, int64_t Wmd, int64_t Wee, int64_t Wed, int64_t scale, int64_t G, int64_t M, int64_t E, int64_t D, int64_t T, int64_t margin, int do_balance)
Definition: dirvote.c:1029
static void remove_flag(smartlist_t *sl, const char *flag)
Definition: dirvote.c:1488
static int compare_routerinfo_addrs_by_family(const routerinfo_t *a, const routerinfo_t *b, int family)
Definition: dirvote.c:4305
STATIC authority_cert_t * authority_cert_dup(authority_cert_t *cert)
Definition: dirvote.c:146
STATIC int compare_routerinfo_by_ipv6(const void **a, const void **b)
Definition: dirvote.c:4337
static int dirvote_perform_vote(void)
Definition: dirvote.c:3020
STATIC char * make_consensus_method_list(int low, int high, const char *separator)
Definition: dirvote.c:837
static int compare_orports_(const void **_a, const void **_b)
Definition: dirvote.c:658
STATIC digestmap_t * get_all_possible_sybil(const smartlist_t *routers)
Definition: dirvote.c:4446
static char * format_protocols_lines_for_vote(const networkstatus_t *v3_ns)
Definition: dirvote.c:184
static void extract_shared_random_commits(networkstatus_t *ns, const smartlist_t *tokens)
Definition: dirvote.c:4133
time_t dirvote_act(const or_options_t *options, time_t now)
Definition: dirvote.c:2917
const cached_dir_t * dirvote_get_vote(const char *fp, int flags)
Definition: dirvote.c:3876
static void dirvote_clear_votes(int all_votes)
Definition: dirvote.c:3145
static char * compute_nth_protocol_set(int n, int n_voters, const smartlist_t *votes)
Definition: dirvote.c:1440
static char * pending_consensus_signatures
Definition: dirvote.c:3011
STATIC char * format_networkstatus_vote(crypto_pk_t *private_signing_key, networkstatus_t *v3_ns)
Definition: dirvote.c:223
STATIC int32_t dirvote_get_intermediate_param_value(const smartlist_t *param_list, const char *keyword, int32_t default_val)
Definition: dirvote.c:886
const char * dirvote_get_pending_consensus(consensus_flavor_t flav)
Definition: dirvote.c:3853
static int dirvote_publish_consensus(void)
Definition: dirvote.c:3800
static const char * get_nth_protocol_set_vote(int n, const networkstatus_t *vote)
Definition: dirvote.c:1422
void dirvote_free_all(void)
Definition: dirvote.c:3829
static int compare_votes_by_authority_id_(const void **_a, const void **_b)
Definition: dirvote.c:552
STATIC smartlist_t * dirvote_compute_params(smartlist_t *votes, int method, int total_authorities)
Definition: dirvote.c:922
static char * version_from_platform(const char *platform)
Definition: dirvote.c:4488
static int vote_routerstatus_find_microdesc_hash(char *digest256_out, const vote_routerstatus_t *vrs, int method, digest_algorithm_t alg)
Definition: dirvote.c:485
static int compare_vote_rs_(const void **_a, const void **_b)
Definition: dirvote.c:650
int dirvote_add_signatures(const char *detached_signatures_body, const char *source, const char **msg)
Definition: dirvote.c:3776
static void dirvote_fetch_missing_votes(void)
Definition: dirvote.c:3068
STATIC char * networkstatus_get_detached_signatures(smartlist_t *consensuses)
Definition: dirvote.c:2807
static char * compute_consensus_versions_list(smartlist_t *lst, int n_versioning)
Definition: dirvote.c:861
static char * get_detached_signatures_from_pending_consensuses(pending_consensus_t *pending, int n_flavors)
Definition: dirvote.c:2896
uint32_t dirserv_get_bandwidth_for_router_kb(const routerinfo_t *ri)
Definition: dirvote.c:4271
static void routers_make_ed_keys_unique(smartlist_t *routers)
Definition: dirvote.c:4561
static void dirvote_get_preferred_voting_intervals(vote_timing_t *timing_out)
Definition: dirvote.c:465
int networkstatus_compute_bw_weights_v10(smartlist_t *chunks, int64_t G, int64_t M, int64_t E, int64_t D, int64_t T, int64_t weight_scale)
Definition: dirvote.c:1098
static char * list_v3_auth_ids(void)
Definition: dirvote.c:3187
#define get_most_frequent_member(lst)
Definition: dirvote.c:598
STATIC int networkstatus_add_detached_signatures(networkstatus_t *target, ns_detached_signatures_t *sigs, const char *source, int severity, const char **msg_out)
Definition: dirvote.c:2615
static smartlist_t * pending_vote_list
Definition: dirvote.c:3001
static int dirvote_add_signatures_to_pending_consensus(pending_consensus_t *pc, ns_detached_signatures_t *sigs, const char *source, int severity, const char **msg_out)
Definition: dirvote.c:3623
const char DIRVOTE_OPTIONAL_FLAGS[]
Definition: dirvote.c:4638
STATIC char * compute_consensus_package_lines(smartlist_t *votes)
Definition: dirvote.c:2534
#define MIN_VOTES_FOR_PARAM
Definition: dirvote.c:916
STATIC digestmap_t * get_sybil_list_by_ip_version(const smartlist_t *routers, sa_family_t family)
Definition: dirvote.c:4406
STATIC int64_t extract_param_buggy(const char *params, const char *param_name, int64_t default_value)
Definition: dirvote.c:2492
static smartlist_t * pending_consensus_signature_list
Definition: dirvote.c:3015
static void clear_status_flags_on_sybil(routerstatus_t *rs)
Definition: dirvote.c:4613
const char * dirvote_get_pending_detached_signatures(void)
Definition: dirvote.c:3862
static ssize_t dirvote_format_microdesc_vote_line(char *out_buf, size_t out_buf_len, const microdesc_t *md, int consensus_method_low, int consensus_method_high)
Definition: dirvote.c:4020
static int dirvote_compute_consensuses(void)
Definition: dirvote.c:3444
static int compute_consensus_method(smartlist_t *votes)
Definition: dirvote.c:793
static void update_total_bandwidth_weights(const routerstatus_t *rs, int is_exit, int is_guard, int64_t *G, int64_t *M, int64_t *E, int64_t *D, int64_t *T)
Definition: dirvote.c:1338
STATIC int compare_routerinfo_by_ipv4(const void **a, const void **b)
Definition: dirvote.c:4319
static smartlist_t * previous_vote_list
Definition: dirvote.c:3004
static int compare_vote_rs(const vote_routerstatus_t *a, const vote_routerstatus_t *b)
Definition: dirvote.c:605
static int compare_dir_src_ents_by_authority_id_(const void **_a, const void **_b)
Definition: dirvote.c:563
const char DIRVOTE_UNIVERSAL_FLAGS[]
Definition: dirvote.c:4625
vote_microdesc_hash_t * dirvote_format_all_microdesc_vote_lines(const routerinfo_t *ri, time_t now, smartlist_t *microdescriptors_out)
Definition: dirvote.c:4074
STATIC char * networkstatus_compute_consensus(smartlist_t *votes, int total_authorities, crypto_pk_t *identity_key, crypto_pk_t *signing_key, const char *legacy_id_key_digest, crypto_pk_t *legacy_signing_key, consensus_flavor_t flavor)
Definition: dirvote.c:1518
static networkstatus_voter_info_t * get_voter(const networkstatus_t *vote)
Definition: dirvote.c:531
Header file for dirvote.c.
#define MIN_METHOD_FOR_CORRECT_BWWEIGHTSCALE
Definition: dirvote.h:71
#define MIN_VOTE_INTERVAL_TESTING
Definition: dirvote.h:46
#define MIN_VOTE_INTERVAL
Definition: dirvote.h:37
#define MIN_METHOD_TO_SUPPRESS_MD_PUBLISHED
Definition: dirvote.h:81
#define MIN_METHOD_FOR_MIDDLEONLY
Definition: dirvote.h:75
#define MIN_SUPPORTED_CONSENSUS_METHOD
Definition: dirvote.h:53
#define MIN_METHOD_TO_OMIT_PACKAGE_FINGERPRINTS
Definition: dirvote.h:87
#define MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS
Definition: dirvote.h:62
#define DEFAULT_MAX_UNMEASURED_BW_KB
Definition: dirvote.h:92
#define MAX_BW_FILE_HEADERS_LINE_LEN
Definition: dirvote.h:100
#define MIN_DIST_SECONDS
Definition: dirvote.h:32
#define MIN_METHOD_FOR_UNPADDED_NTOR_KEY
Definition: dirvote.h:66
#define MIN_VOTE_SECONDS
Definition: dirvote.h:27
#define MAX_SUPPORTED_CONSENSUS_METHOD
Definition: dirvote.h:56
Authority signature structure.
Code to parse and validate detached-signature objects.
ns_detached_signatures_t * networkstatus_parse_detached_signatures(const char *s, const char *eos)
Definition: dsigs_parse.c:67
Header file for circuitbuild.c.
const char * escaped(const char *s)
Definition: escape.c:126
int write_str_to_file(const char *fname, const char *str, int bin)
Definition: files.c:274
Format routerstatus entries for controller, vote, or consensus.
routerstatus_format_type_t
@ NS_V3_VOTE
@ NS_V3_CONSENSUS
@ NS_V3_CONSENSUS_MICRODESC
char * routerstatus_format_entry(const routerstatus_t *rs, const char *version, const char *protocols, routerstatus_format_type_t format, const vote_routerstatus_t *vrs, time_t declared_publish_time)
Header file for guardfraction.c.
int dirserv_read_guardfraction_file(const char *fname, smartlist_t *vote_routerstatuses)
uint16_t sa_family_t
Definition: inaddr_st.h:77
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:590
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define LD_DIRSERV
Definition: log.h:90
#define LD_BUG
Definition: log.h:86
#define LD_NET
Definition: log.h:66
#define LD_DIR
Definition: log.h:88
#define LOG_NOTICE
Definition: log.h:50
#define LD_CIRC
Definition: log.h:82
#define LOG_WARN
Definition: log.h:53
#define LOG_INFO
Definition: log.h:45
void tor_free_(void *mem)
Definition: malloc.c:227
#define tor_free(p)
Definition: malloc.h:56
void * strmap_get_lc(const strmap_t *map, const char *key)
Definition: map.c:360
void * strmap_set_lc(strmap_t *map, const char *key, void *val)
Definition: map.c:346
#define DIGESTMAP_FOREACH_END
Definition: map.h:168
#define DIGESTMAP_FOREACH(map, keyvar, valtype, valvar)
Definition: map.h:154
smartlist_t * microdescs_add_list_to_cache(microdesc_cache_t *cache, smartlist_t *descriptors, saved_location_t where, int no_save)
Definition: microdesc.c:383
microdesc_cache_t * get_microdesc_cache(void)
Definition: microdesc.c:251
Header file for microdesc.c.
smartlist_t * microdescs_parse_from_string(const char *s, const char *eos, int allow_annotations, saved_location_t where, smartlist_t *invalid_digests_out)
Header file for microdesc_parse.c.
Microdescriptor structure.
networkstatus_t * networkstatus_get_latest_consensus_by_flavor(consensus_flavor_t f)
int networkstatus_check_document_signature(const networkstatus_t *consensus, document_signature_t *sig, const authority_cert_t *cert)
const char * networkstatus_get_flavor_name(consensus_flavor_t flav)
int networkstatus_set_current_consensus(const char *consensus, size_t consensus_len, const char *flavor, unsigned flags, const char *source_dir)
document_signature_t * networkstatus_get_voter_sig_by_alg(const networkstatus_voter_info_t *voter, digest_algorithm_t alg)
time_t voting_sched_get_start_of_interval_after(time_t now, int interval, int offset)
networkstatus_voter_info_t * networkstatus_get_voter_by_id(networkstatus_t *vote, const char *identity)
int networkstatus_check_consensus_signature(networkstatus_t *consensus, int warn)
document_signature_t * document_signature_dup(const document_signature_t *sig)
networkstatus_t * networkstatus_get_live_consensus(time_t now)
Header file for networkstatus.c.
Networkstatus consensus/vote structure.
Single consensus voter structure.
Node information structure.
char * nodefamily_canonicalize(const char *s, const uint8_t *rsa_id_self, unsigned flags)
Definition: nodefamily.c:111
Header file for nodefamily.c.
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:226
node_t * node_get_mutable_by_id(const char *identity_digest)
Definition: nodelist.c:197
Header file for nodelist.c.
Detached consensus signatures structure.
Header file for ns_parse.c.
networkstatus_t * networkstatus_parse_vote_from_string(const char *s, size_t len, const char **eos_out, enum networkstatus_type_t ns_type)
Definition: ns_parse.c:1094
int networkstatus_verify_bw_weights(networkstatus_t *ns, int)
Definition: ns_parse.c:613
Master header file for Tor-specific functionality.
@ SAVED_NOWHERE
Definition: or.h:626
#define BW_WEIGHT_SCALE
Definition: or.h:907
consensus_flavor_t
Definition: or.h:763
#define ROUTER_MAX_AGE_TO_PUBLISH
Definition: or.h:161
@ V3_DIRINFO
Definition: or.h:790
#define N_CONSENSUS_FLAVORS
Definition: or.h:769
Header for order.c.
long tor_parse_long(const char *s, int base, long min, long max, int *ok, char **next)
Definition: parse_int.c:59
smartlist_t * find_all_by_keyword(const smartlist_t *s, directory_keyword k)
Definition: parsecommon.c:451
directory_token_t * find_opt_by_keyword(const smartlist_t *s, directory_keyword keyword)
Definition: parsecommon.c:440
Header file for parsecommon.c.
#define T(s, t, a, o)
Definition: parsecommon.h:247
char * write_short_policy(const short_policy_t *policy)
Definition: policies.c:2806
char * policy_summarize(smartlist_t *policy, sa_family_t family)
Definition: policies.c:2593
Header file for policies.c.
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
bool protover_list_is_invalid(const char *s)
Definition: protover.c:301
const char * protover_get_recommended_relay_protocols(void)
Definition: protover.c:531
const char * protover_get_required_relay_protocols(void)
Definition: protover.c:548
const char * protover_get_required_client_protocols(void)
Definition: protover.c:540
const char * protover_get_recommended_client_protocols(void)
Definition: protover.c:522
char * protover_compute_vote(const smartlist_t *list_of_proto_strings, int threshold)
Definition: protover.c:661
const char * protover_compute_for_old_tor(const char *version)
C_RUST_COUPLED: src/rust/protover/protover.rs compute_for_old_tor
Definition: protover.c:849
int protover_all_supported(const char *s, char **missing_out)
Definition: protover.c:750
Headers and type declarations for protover.c.
int validate_recommended_package_line(const char *line)
Definition: recommend_pkg.c:38
Header file for recommend_pkg.c.
void rep_hist_make_router_pessimal(const char *id, time_t when)
Definition: rephist.c:757
Header file for rephist.c.
bool find_my_address(const or_options_t *options, int family, int warn_severity, tor_addr_t *addr_out, resolved_addr_method_t *method_out, char **hostname_out)
Attempt to find our IP address that can be used as our external reachable address.
Definition: resolve_addr.c:727
Header file for resolve_addr.c.
uint16_t routerconf_find_or_port(const or_options_t *options, sa_family_t family)
Definition: router.c:1507
crypto_pk_t * get_my_v3_legacy_signing_key(void)
Definition: router.c:474
crypto_pk_t * get_my_v3_authority_signing_key(void)
Definition: router.c:457
static crypto_pk_t * legacy_signing_key
Definition: router.c:131
authority_cert_t * get_my_v3_authority_cert(void)
Definition: router.c:449
uint16_t routerconf_find_dir_port(const or_options_t *options, uint16_t dirport)
Definition: router.c:1612
authority_cert_t * get_my_v3_legacy_cert(void)
Definition: router.c:466
Header file for router.c.
Router descriptor structure.
#define ROUTER_PURPOSE_GENERAL
Definition: routerinfo_st.h:98
Header for routerkeys.c.
void update_consensus_router_descriptor_downloads(time_t now, int is_vote, networkstatus_t *consensus)
Definition: routerlist.c:2650
routerlist_t * router_get_routerlist(void)
Definition: routerlist.c:898
uint32_t router_get_advertised_bandwidth(const routerinfo_t *router)
Definition: routerlist.c:646
void routers_sort_by_identity(smartlist_t *routers)
Definition: routerlist.c:3317
Header file for routerlist.c.
Router descriptor list structure.
char * sr_get_string_for_consensus(const smartlist_t *votes, int32_t num_srv_agreements)
char * sr_get_string_for_vote(void)
void sr_act_post_consensus(const networkstatus_t *consensus)
void sr_handle_received_commits(smartlist_t *commits, crypto_pk_t *voter_key)
sr_commit_t * sr_parse_commit(const smartlist_t *args)
Header for shared_random_state.c.
char * router_get_dirobj_signature(const char *digest, size_t digest_len, const crypto_pk_t *private_key)
Definition: signing.c:22
Header file for signing.c.
void smartlist_sort_digests256(smartlist_t *sl)
Definition: smartlist.c:846
const uint8_t * smartlist_get_most_frequent_digest256(smartlist_t *sl)
Definition: smartlist.c:854
void smartlist_add_asprintf(struct smartlist_t *sl, const char *pattern,...)
Definition: smartlist.c:36
void smartlist_uniq_strings(smartlist_t *sl)
Definition: smartlist.c:574
void smartlist_sort_strings(smartlist_t *sl)
Definition: smartlist.c:549
int smartlist_contains_string(const smartlist_t *sl, const char *element)
Definition: smartlist.c:93
const char * smartlist_get_most_frequent_string_(smartlist_t *sl, int *count_out)
Definition: smartlist.c:566
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
Definition: smartlist.c:279
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: smartlist.c:334
int smartlist_string_pos(const smartlist_t *sl, const char *element)
Definition: smartlist.c:106
void smartlist_uniq(smartlist_t *sl, int(*compare)(const void **a, const void **b), void(*free_fn)(void *a))
Definition: smartlist.c:390
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_clear(smartlist_t *sl)
void smartlist_remove(smartlist_t *sl, const void *element)
void smartlist_del_keeporder(smartlist_t *sl, int idx)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
crypto_pk_t * identity_key
crypto_pk_t * signing_key
char signing_key_digest[DIGEST_LEN]
signed_descriptor_t cache_info
size_t dir_len
Definition: cached_dir_st.h:20
char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN]
Definition: crypto_digest.h:89
LINELIST RecommendedServerVersions
LINELIST RecommendedClientVersions
char digest[DIGEST256_LEN]
Definition: microdesc_st.h:62
smartlist_t * known_flags
common_digests_t digests
char * recommended_relay_protocols
smartlist_t * voters
smartlist_t * net_params
smartlist_t * routerstatus_list
uint8_t bw_file_digest256[DIGEST256_LEN]
networkstatus_sr_info_t sr_info
struct authority_cert_t * cert