Tor  0.4.4.0-alpha-dev
dirvote.c
Go to the documentation of this file.
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3  * Copyright (c) 2007-2020, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5 
6 #define DIRVOTE_PRIVATE
7 #include "core/or/or.h"
8 #include "app/config/config.h"
9 #include "core/or/policies.h"
10 #include "core/or/protover.h"
11 #include "core/or/tor_version_st.h"
12 #include "core/or/versions.h"
13 #include "feature/dirauth/bwauth.h"
34 #include "feature/relay/router.h"
36 #include "feature/stats/rephist.h"
37 #include "feature/client/entrynodes.h" /* needed for guardfraction methods */
40 
45 
61 
62 #include "lib/container/order.h"
63 #include "lib/encoding/confline.h"
65 
66 /* Algorithm to use for the bandwidth file digest. */
67 #define DIGEST_ALG_BW_FILE DIGEST_SHA256
68 
69 /**
70  * \file dirvote.c
71  * \brief Functions to compute directory consensus, and schedule voting.
72  *
73  * This module is the center of the consensus-voting based directory
74  * authority system. With this system, a set of authorities first
75  * publish vote based on their opinions of the network, and then compute
76  * a consensus from those votes. Each authority signs the consensus,
77  * and clients trust the consensus if enough known authorities have
78  * signed it.
79  *
80  * The code in this module is only invoked on directory authorities. It's
81  * responsible for:
82  *
83  * <ul>
84  * <li>Generating this authority's vote networkstatus, based on the
85  * authority's view of the network as represented in dirserv.c
86  * <li>Formatting the vote networkstatus objects.
87  * <li>Generating the microdescriptors that correspond to our own
88  * vote.
89  * <li>Sending votes to all the other authorities.
90  * <li>Trying to fetch missing votes from other authorities.
91  * <li>Computing the consensus from a set of votes, as well as
92  * a "detached signature" object for other authorities to fetch.
93  * <li>Collecting other authorities' signatures on the same consensus,
94  * until there are enough.
95  * <li>Publishing the consensus to the reset of the directory system.
96  * <li>Scheduling all of the above operations.
97  * </ul>
98  *
99  * The main entry points are in dirvote_act(), which handles scheduled
100  * actions; and dirvote_add_vote() and dirvote_add_signatures(), which
101  * handle uploaded and downloaded votes and signatures.
102  *
103  * (See dir-spec.txt from torspec.git for a complete specification of
104  * the directory protocol and voting algorithms.)
105  **/
106 
107 /** A consensus that we have built and are appending signatures to. Once it's
108  * time to publish it, it will become an active consensus if it accumulates
109  * enough signatures. */
110 typedef struct pending_consensus_t {
111  /** The body of the consensus that we're currently building. Once we
112  * have it built, it goes into dirserv.c */
113  char *body;
114  /** The parsed in-progress consensus document. */
117 
118 /* DOCDOC dirvote_add_signatures_to_all_pending_consensuses */
119 static int dirvote_add_signatures_to_all_pending_consensuses(
120  const char *detached_signatures_body,
121  const char *source,
122  const char **msg_out);
126  const char *source,
127  int severity,
128  const char **msg_out);
129 static char *list_v3_auth_ids(void);
130 static void dirvote_fetch_missing_votes(void);
131 static void dirvote_fetch_missing_signatures(void);
132 static int dirvote_perform_vote(void);
133 static void dirvote_clear_votes(int all_votes);
134 static int dirvote_compute_consensuses(void);
135 static int dirvote_publish_consensus(void);
136 
137 /* =====
138  * Certificate functions
139  * ===== */
140 
141 /** Allocate and return a new authority_cert_t with the same contents as
142  * <b>cert</b>. */
145 {
146  authority_cert_t *out = tor_malloc(sizeof(authority_cert_t));
147  tor_assert(cert);
148 
149  memcpy(out, cert, sizeof(authority_cert_t));
150  /* Now copy pointed-to things. */
152  tor_strndup(cert->cache_info.signed_descriptor_body,
157 
158  return out;
159 }
160 
161 /* =====
162  * Voting
163  * =====*/
164 
165 /* If <b>opt_value</b> is non-NULL, return "keyword opt_value\n" in a new
166  * string. Otherwise return a new empty string. */
167 static char *
168 format_line_if_present(const char *keyword, const char *opt_value)
169 {
170  if (opt_value) {
171  char *result = NULL;
172  tor_asprintf(&result, "%s %s\n", keyword, opt_value);
173  return result;
174  } else {
175  return tor_strdup("");
176  }
177 }
178 
179 /** Format the recommended/required-relay-client protocols lines for a vote in
180  * a newly allocated string, and return that string. */
181 static char *
183 {
184  char *recommended_relay_protocols_line = NULL;
185  char *recommended_client_protocols_line = NULL;
186  char *required_relay_protocols_line = NULL;
187  char *required_client_protocols_line = NULL;
188 
189  recommended_relay_protocols_line =
190  format_line_if_present("recommended-relay-protocols",
192  recommended_client_protocols_line =
193  format_line_if_present("recommended-client-protocols",
194  v3_ns->recommended_client_protocols);
195  required_relay_protocols_line =
196  format_line_if_present("required-relay-protocols",
197  v3_ns->required_relay_protocols);
198  required_client_protocols_line =
199  format_line_if_present("required-client-protocols",
200  v3_ns->required_client_protocols);
201 
202  char *result = NULL;
203  tor_asprintf(&result, "%s%s%s%s",
204  recommended_relay_protocols_line,
205  recommended_client_protocols_line,
206  required_relay_protocols_line,
207  required_client_protocols_line);
208 
209  tor_free(recommended_relay_protocols_line);
210  tor_free(recommended_client_protocols_line);
211  tor_free(required_relay_protocols_line);
212  tor_free(required_client_protocols_line);
213 
214  return result;
215 }
216 
217 /** Return a new string containing the string representation of the vote in
218  * <b>v3_ns</b>, signed with our v3 signing key <b>private_signing_key</b>.
219  * For v3 authorities. */
220 STATIC char *
222  networkstatus_t *v3_ns)
223 {
224  smartlist_t *chunks = smartlist_new();
225  char fingerprint[FINGERPRINT_LEN+1];
226  char digest[DIGEST_LEN];
227  uint32_t addr;
228  char *protocols_lines = NULL;
229  char *client_versions_line = NULL, *server_versions_line = NULL;
230  char *shared_random_vote_str = NULL;
232  char *status = NULL;
233 
234  tor_assert(private_signing_key);
235  tor_assert(v3_ns->type == NS_TYPE_VOTE || v3_ns->type == NS_TYPE_OPINION);
236 
237  voter = smartlist_get(v3_ns->voters, 0);
238 
239  addr = voter->addr;
240 
241  base16_encode(fingerprint, sizeof(fingerprint),
243 
244  client_versions_line = format_line_if_present("client-versions",
245  v3_ns->client_versions);
246  server_versions_line = format_line_if_present("server-versions",
247  v3_ns->server_versions);
248  protocols_lines = format_protocols_lines_for_vote(v3_ns);
249 
250  /* Get shared random commitments/reveals line(s). */
251  shared_random_vote_str = sr_get_string_for_vote();
252 
253  {
254  char published[ISO_TIME_LEN+1];
255  char va[ISO_TIME_LEN+1];
256  char fu[ISO_TIME_LEN+1];
257  char vu[ISO_TIME_LEN+1];
258  char *flags = smartlist_join_strings(v3_ns->known_flags, " ", 0, NULL);
259  /* XXXX Abstraction violation: should be pulling a field out of v3_ns.*/
260  char *flag_thresholds = dirserv_get_flag_thresholds_line();
261  char *params;
262  char *bw_headers_line = NULL;
263  char *bw_file_digest = NULL;
264  authority_cert_t *cert = v3_ns->cert;
265  char *methods =
268  format_iso_time(published, v3_ns->published);
269  format_iso_time(va, v3_ns->valid_after);
270  format_iso_time(fu, v3_ns->fresh_until);
271  format_iso_time(vu, v3_ns->valid_until);
272 
273  if (v3_ns->net_params)
274  params = smartlist_join_strings(v3_ns->net_params, " ", 0, NULL);
275  else
276  params = tor_strdup("");
277  tor_assert(cert);
278 
279  /* v3_ns->bw_file_headers is only set when V3BandwidthsFile is
280  * configured */
281  if (v3_ns->bw_file_headers) {
282  char *bw_file_headers = NULL;
283  /* If there are too many headers, leave the header string NULL */
284  if (! BUG(smartlist_len(v3_ns->bw_file_headers)
286  bw_file_headers = smartlist_join_strings(v3_ns->bw_file_headers, " ",
287  0, NULL);
288  if (BUG(strlen(bw_file_headers) > MAX_BW_FILE_HEADERS_LINE_LEN)) {
289  /* Free and set to NULL, because the line was too long */
290  tor_free(bw_file_headers);
291  }
292  }
293  if (!bw_file_headers) {
294  /* If parsing failed, add a bandwidth header line with no entries */
295  bw_file_headers = tor_strdup("");
296  }
297  /* At this point, the line will always be present */
298  bw_headers_line = format_line_if_present("bandwidth-file-headers",
299  bw_file_headers);
300  tor_free(bw_file_headers);
301  }
302 
303  /* Create bandwidth-file-digest if applicable.
304  * v3_ns->b64_digest_bw_file will contain the digest when V3BandwidthsFile
305  * is configured and the bandwidth file could be read, even if it was not
306  * parseable.
307  */
308  if (!tor_digest256_is_zero((const char *)v3_ns->bw_file_digest256)) {
309  /* Encode the digest. */
310  char b64_digest_bw_file[BASE64_DIGEST256_LEN+1] = {0};
311  digest256_to_base64(b64_digest_bw_file,
312  (const char *)v3_ns->bw_file_digest256);
313  /* "bandwidth-file-digest" 1*(SP algorithm "=" digest) NL */
314  char *digest_algo_b64_digest_bw_file = NULL;
315  tor_asprintf(&digest_algo_b64_digest_bw_file, "%s=%s",
316  crypto_digest_algorithm_get_name(DIGEST_ALG_BW_FILE),
317  b64_digest_bw_file);
318  /* No need for tor_strdup(""), format_line_if_present does it. */
319  bw_file_digest = format_line_if_present(
320  "bandwidth-file-digest", digest_algo_b64_digest_bw_file);
321  tor_free(digest_algo_b64_digest_bw_file);
322  }
323 
324  smartlist_add_asprintf(chunks,
325  "network-status-version 3\n"
326  "vote-status %s\n"
327  "consensus-methods %s\n"
328  "published %s\n"
329  "valid-after %s\n"
330  "fresh-until %s\n"
331  "valid-until %s\n"
332  "voting-delay %d %d\n"
333  "%s%s" /* versions */
334  "%s" /* protocols */
335  "known-flags %s\n"
336  "flag-thresholds %s\n"
337  "params %s\n"
338  "%s" /* bandwidth file headers */
339  "%s" /* bandwidth file digest */
340  "dir-source %s %s %s %s %d %d\n"
341  "contact %s\n"
342  "%s" /* shared randomness information */
343  ,
344  v3_ns->type == NS_TYPE_VOTE ? "vote" : "opinion",
345  methods,
346  published, va, fu, vu,
347  v3_ns->vote_seconds, v3_ns->dist_seconds,
348  client_versions_line,
349  server_versions_line,
350  protocols_lines,
351  flags,
352  flag_thresholds,
353  params,
354  bw_headers_line ? bw_headers_line : "",
355  bw_file_digest ? bw_file_digest: "",
356  voter->nickname, fingerprint, voter->address,
357  fmt_addr32(addr), voter->dir_port, voter->or_port,
358  voter->contact,
359  shared_random_vote_str ?
360  shared_random_vote_str : "");
361 
362  tor_free(params);
363  tor_free(flags);
364  tor_free(flag_thresholds);
365  tor_free(methods);
366  tor_free(shared_random_vote_str);
367  tor_free(bw_headers_line);
368  tor_free(bw_file_digest);
369 
370  if (!tor_digest_is_zero(voter->legacy_id_digest)) {
371  char fpbuf[HEX_DIGEST_LEN+1];
372  base16_encode(fpbuf, sizeof(fpbuf), voter->legacy_id_digest, DIGEST_LEN);
373  smartlist_add_asprintf(chunks, "legacy-dir-key %s\n", fpbuf);
374  }
375 
376  smartlist_add(chunks, tor_strndup(cert->cache_info.signed_descriptor_body,
378  }
379 
381  vrs) {
382  char *rsf;
384  rsf = routerstatus_format_entry(&vrs->status,
385  vrs->version, vrs->protocols,
386  NS_V3_VOTE,
387  vrs);
388  if (rsf)
389  smartlist_add(chunks, rsf);
390 
391  for (h = vrs->microdesc; h; h = h->next) {
393  }
394  } SMARTLIST_FOREACH_END(vrs);
395 
396  smartlist_add_strdup(chunks, "directory-footer\n");
397 
398  /* The digest includes everything up through the space after
399  * directory-signature. (Yuck.) */
400  crypto_digest_smartlist(digest, DIGEST_LEN, chunks,
401  "directory-signature ", DIGEST_SHA1);
402 
403  {
404  char signing_key_fingerprint[FINGERPRINT_LEN+1];
405  if (crypto_pk_get_fingerprint(private_signing_key,
406  signing_key_fingerprint, 0)<0) {
407  log_warn(LD_BUG, "Unable to get fingerprint for signing key");
408  goto err;
409  }
410 
411  smartlist_add_asprintf(chunks, "directory-signature %s %s\n", fingerprint,
412  signing_key_fingerprint);
413  }
414 
415  {
416  char *sig = router_get_dirobj_signature(digest, DIGEST_LEN,
417  private_signing_key);
418  if (!sig) {
419  log_warn(LD_BUG, "Unable to sign networkstatus vote.");
420  goto err;
421  }
422  smartlist_add(chunks, sig);
423  }
424 
425  status = smartlist_join_strings(chunks, "", 0, NULL);
426 
427  {
428  networkstatus_t *v;
429  if (!(v = networkstatus_parse_vote_from_string(status, strlen(status),
430  NULL,
431  v3_ns->type))) {
432  log_err(LD_BUG,"Generated a networkstatus %s we couldn't parse: "
433  "<<%s>>",
434  v3_ns->type == NS_TYPE_VOTE ? "vote" : "opinion", status);
435  goto err;
436  }
437  networkstatus_vote_free(v);
438  }
439 
440  goto done;
441 
442  err:
443  tor_free(status);
444  done:
445  tor_free(client_versions_line);
446  tor_free(server_versions_line);
447  tor_free(protocols_lines);
448 
449  SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
450  smartlist_free(chunks);
451  return status;
452 }
453 
454 /** Set *<b>timing_out</b> to the intervals at which we would like to vote.
455  * Note that these aren't the intervals we'll use to vote; they're the ones
456  * that we'll vote to use. */
457 static void
459 {
460  const or_options_t *options = get_options();
461 
462  tor_assert(timing_out);
463 
464  timing_out->vote_interval = options->V3AuthVotingInterval;
465  timing_out->n_intervals_valid = options->V3AuthNIntervalsValid;
466  timing_out->vote_delay = options->V3AuthVoteDelay;
467  timing_out->dist_delay = options->V3AuthDistDelay;
468 }
469 
470 /* =====
471  * Consensus generation
472  * ===== */
473 
474 /** If <b>vrs</b> has a hash made for the consensus method <b>method</b> with
475  * the digest algorithm <b>alg</b>, decode it and copy it into
476  * <b>digest256_out</b> and return 0. Otherwise return -1. */
477 static int
479  const vote_routerstatus_t *vrs,
480  int method,
481  digest_algorithm_t alg)
482 {
483  /* XXXX only returns the sha256 method. */
484  const vote_microdesc_hash_t *h;
485  char mstr[64];
486  size_t mlen;
487  char dstr[64];
488 
489  tor_snprintf(mstr, sizeof(mstr), "%d", method);
490  mlen = strlen(mstr);
491  tor_snprintf(dstr, sizeof(dstr), " %s=",
493 
494  for (h = vrs->microdesc; h; h = h->next) {
495  const char *cp = h->microdesc_hash_line;
496  size_t num_len;
497  /* cp looks like \d+(,\d+)* (digesttype=val )+ . Let's hunt for mstr in
498  * the first part. */
499  while (1) {
500  num_len = strspn(cp, "1234567890");
501  if (num_len == mlen && fast_memeq(mstr, cp, mlen)) {
502  /* This is the line. */
503  char buf[BASE64_DIGEST256_LEN+1];
504  /* XXXX ignores extraneous stuff if the digest is too long. This
505  * seems harmless enough, right? */
506  cp = strstr(cp, dstr);
507  if (!cp)
508  return -1;
509  cp += strlen(dstr);
510  strlcpy(buf, cp, sizeof(buf));
511  return digest256_from_base64(digest256_out, buf);
512  }
513  if (num_len == 0 || cp[num_len] != ',')
514  break;
515  cp += num_len + 1;
516  }
517  }
518  return -1;
519 }
520 
521 /** Given a vote <b>vote</b> (not a consensus!), return its associated
522  * networkstatus_voter_info_t. */
525 {
526  tor_assert(vote);
527  tor_assert(vote->type == NS_TYPE_VOTE);
528  tor_assert(vote->voters);
529  tor_assert(smartlist_len(vote->voters) == 1);
530  return smartlist_get(vote->voters, 0);
531 }
532 
533 /** Temporary structure used in constructing a list of dir-source entries
534  * for a consensus. One of these is generated for every vote, and one more
535  * for every legacy key in each vote. */
536 typedef struct dir_src_ent_t {
537  networkstatus_t *v;
538  const char *digest;
539  int is_legacy;
540 } dir_src_ent_t;
541 
542 /** Helper for sorting networkstatus_t votes (not consensuses) by the
543  * hash of their voters' identity digests. */
544 static int
545 compare_votes_by_authority_id_(const void **_a, const void **_b)
546 {
547  const networkstatus_t *a = *_a, *b = *_b;
548  return fast_memcmp(get_voter(a)->identity_digest,
549  get_voter(b)->identity_digest, DIGEST_LEN);
550 }
551 
552 /** Helper: Compare the dir_src_ent_ts in *<b>_a</b> and *<b>_b</b> by
553  * their identity digests, and return -1, 0, or 1 depending on their
554  * ordering */
555 static int
556 compare_dir_src_ents_by_authority_id_(const void **_a, const void **_b)
557 {
558  const dir_src_ent_t *a = *_a, *b = *_b;
559  const networkstatus_voter_info_t *a_v = get_voter(a->v),
560  *b_v = get_voter(b->v);
561  const char *a_id, *b_id;
562  a_id = a->is_legacy ? a_v->legacy_id_digest : a_v->identity_digest;
563  b_id = b->is_legacy ? b_v->legacy_id_digest : b_v->identity_digest;
564 
565  return fast_memcmp(a_id, b_id, DIGEST_LEN);
566 }
567 
568 /** Given a sorted list of strings <b>in</b>, add every member to <b>out</b>
569  * that occurs more than <b>min</b> times. */
570 static void
572 {
573  char *cur = NULL;
574  int count = 0;
575  SMARTLIST_FOREACH_BEGIN(in, char *, cp) {
576  if (cur && !strcmp(cp, cur)) {
577  ++count;
578  } else {
579  if (count > min)
580  smartlist_add(out, cur);
581  cur = cp;
582  count = 1;
583  }
584  } SMARTLIST_FOREACH_END(cp);
585  if (count > min)
586  smartlist_add(out, cur);
587 }
588 
589 /** Given a sorted list of strings <b>lst</b>, return the member that appears
590  * most. Break ties in favor of later-occurring members. */
591 #define get_most_frequent_member(lst) \
592  smartlist_get_most_frequent_string(lst)
593 
594 /** Return 0 if and only if <b>a</b> and <b>b</b> are routerstatuses
595  * that come from the same routerinfo, with the same derived elements.
596  */
597 static int
599 {
600  int r;
601  tor_assert(a);
602  tor_assert(b);
603 
605  DIGEST_LEN)))
606  return r;
609  DIGEST_LEN)))
610  return r;
611  /* If we actually reached this point, then the identities and
612  * the descriptor digests matched, so somebody is making SHA1 collisions.
613  */
614 #define CMP_FIELD(utype, itype, field) do { \
615  utype aval = (utype) (itype) a->status.field; \
616  utype bval = (utype) (itype) b->status.field; \
617  utype u = bval - aval; \
618  itype r2 = (itype) u; \
619  if (r2 < 0) { \
620  return -1; \
621  } else if (r2 > 0) { \
622  return 1; \
623  } \
624  } while (0)
625 
626  CMP_FIELD(uint64_t, int64_t, published_on);
627 
628  if ((r = strcmp(b->status.nickname, a->status.nickname)))
629  return r;
630 
631  CMP_FIELD(unsigned, int, addr);
632  CMP_FIELD(unsigned, int, or_port);
633  CMP_FIELD(unsigned, int, dir_port);
634 
635  return 0;
636 }
637 
638 /** Helper for sorting routerlists based on compare_vote_rs. */
639 static int
640 compare_vote_rs_(const void **_a, const void **_b)
641 {
642  const vote_routerstatus_t *a = *_a, *b = *_b;
643  return compare_vote_rs(a,b);
644 }
645 
646 /** Helper for sorting OR ports. */
647 static int
648 compare_orports_(const void **_a, const void **_b)
649 {
650  const tor_addr_port_t *a = *_a, *b = *_b;
651  int r;
652 
653  if ((r = tor_addr_compare(&a->addr, &b->addr, CMP_EXACT)))
654  return r;
655  if ((r = (((int) b->port) - ((int) a->port))))
656  return r;
657 
658  return 0;
659 }
660 
661 /** Given a list of vote_routerstatus_t, all for the same router identity,
662  * return whichever is most frequent, breaking ties in favor of more
663  * recently published vote_routerstatus_t and in case of ties there,
664  * in favor of smaller descriptor digest.
665  */
666 static vote_routerstatus_t *
667 compute_routerstatus_consensus(smartlist_t *votes, int consensus_method,
668  char *microdesc_digest256_out,
669  tor_addr_port_t *best_alt_orport_out)
670 {
671  vote_routerstatus_t *most = NULL, *cur = NULL;
672  int most_n = 0, cur_n = 0;
673  time_t most_published = 0;
674 
675  /* compare_vote_rs_() sorts the items by identity digest (all the same),
676  * then by SD digest. That way, if we have a tie that the published_on
677  * date cannot break, we use the descriptor with the smaller digest.
678  */
681  if (cur && !compare_vote_rs(cur, rs)) {
682  ++cur_n;
683  } else {
684  if (cur && (cur_n > most_n ||
685  (cur_n == most_n &&
686  cur->status.published_on > most_published))) {
687  most = cur;
688  most_n = cur_n;
689  most_published = cur->status.published_on;
690  }
691  cur_n = 1;
692  cur = rs;
693  }
694  } SMARTLIST_FOREACH_END(rs);
695 
696  if (cur_n > most_n ||
697  (cur && cur_n == most_n && cur->status.published_on > most_published)) {
698  most = cur;
699  // most_n = cur_n; // unused after this point.
700  // most_published = cur->status.published_on; // unused after this point.
701  }
702 
703  tor_assert(most);
704 
705  /* Vote on potential alternative (sets of) OR port(s) in the winning
706  * routerstatuses.
707  *
708  * XXX prop186 There's at most one alternative OR port (_the_ IPv6
709  * port) for now. */
710  if (best_alt_orport_out) {
711  smartlist_t *alt_orports = smartlist_new();
712  const tor_addr_port_t *most_alt_orport = NULL;
713 
715  tor_assert(rs);
716  if (compare_vote_rs(most, rs) == 0 &&
717  !tor_addr_is_null(&rs->status.ipv6_addr)
718  && rs->status.ipv6_orport) {
719  smartlist_add(alt_orports, tor_addr_port_new(&rs->status.ipv6_addr,
720  rs->status.ipv6_orport));
721  }
722  } SMARTLIST_FOREACH_END(rs);
723 
724  smartlist_sort(alt_orports, compare_orports_);
725  most_alt_orport = smartlist_get_most_frequent(alt_orports,
727  if (most_alt_orport) {
728  memcpy(best_alt_orport_out, most_alt_orport, sizeof(tor_addr_port_t));
729  log_debug(LD_DIR, "\"a\" line winner for %s is %s",
730  most->status.nickname,
731  fmt_addrport(&most_alt_orport->addr, most_alt_orport->port));
732  }
733 
734  SMARTLIST_FOREACH(alt_orports, tor_addr_port_t *, ap, tor_free(ap));
735  smartlist_free(alt_orports);
736  }
737 
738  if (microdesc_digest256_out) {
739  smartlist_t *digests = smartlist_new();
740  const uint8_t *best_microdesc_digest;
742  char d[DIGEST256_LEN];
743  if (compare_vote_rs(rs, most))
744  continue;
745  if (!vote_routerstatus_find_microdesc_hash(d, rs, consensus_method,
746  DIGEST_SHA256))
747  smartlist_add(digests, tor_memdup(d, sizeof(d)));
748  } SMARTLIST_FOREACH_END(rs);
749  smartlist_sort_digests256(digests);
750  best_microdesc_digest = smartlist_get_most_frequent_digest256(digests);
751  if (best_microdesc_digest)
752  memcpy(microdesc_digest256_out, best_microdesc_digest, DIGEST256_LEN);
753  SMARTLIST_FOREACH(digests, char *, cp, tor_free(cp));
754  smartlist_free(digests);
755  }
756 
757  return most;
758 }
759 
760 /** Sorting helper: compare two strings based on their values as base-ten
761  * positive integers. (Non-integers are treated as prior to all integers, and
762  * compared lexically.) */
763 static int
764 cmp_int_strings_(const void **_a, const void **_b)
765 {
766  const char *a = *_a, *b = *_b;
767  int ai = (int)tor_parse_long(a, 10, 1, INT_MAX, NULL, NULL);
768  int bi = (int)tor_parse_long(b, 10, 1, INT_MAX, NULL, NULL);
769  if (ai<bi) {
770  return -1;
771  } else if (ai==bi) {
772  if (ai == 0) /* Parsing failed. */
773  return strcmp(a, b);
774  return 0;
775  } else {
776  return 1;
777  }
778 }
779 
780 /** Given a list of networkstatus_t votes, determine and return the number of
781  * the highest consensus method that is supported by 2/3 of the voters. */
782 static int
784 {
785  smartlist_t *all_methods = smartlist_new();
786  smartlist_t *acceptable_methods = smartlist_new();
787  smartlist_t *tmp = smartlist_new();
788  int min = (smartlist_len(votes) * 2) / 3;
789  int n_ok;
790  int result;
791  SMARTLIST_FOREACH(votes, networkstatus_t *, vote,
792  {
793  tor_assert(vote->supported_methods);
794  smartlist_add_all(tmp, vote->supported_methods);
796  smartlist_uniq(tmp, cmp_int_strings_, NULL);
797  smartlist_add_all(all_methods, tmp);
798  smartlist_clear(tmp);
799  });
800 
801  smartlist_sort(all_methods, cmp_int_strings_);
802  get_frequent_members(acceptable_methods, all_methods, min);
803  n_ok = smartlist_len(acceptable_methods);
804  if (n_ok) {
805  const char *best = smartlist_get(acceptable_methods, n_ok-1);
806  result = (int)tor_parse_long(best, 10, 1, INT_MAX, NULL, NULL);
807  } else {
808  result = 1;
809  }
810  smartlist_free(tmp);
811  smartlist_free(all_methods);
812  smartlist_free(acceptable_methods);
813  return result;
814 }
815 
816 /** Return true iff <b>method</b> is a consensus method that we support. */
817 static int
819 {
820  return (method >= MIN_SUPPORTED_CONSENSUS_METHOD) &&
821  (method <= MAX_SUPPORTED_CONSENSUS_METHOD);
822 }
823 
824 /** Return a newly allocated string holding the numbers between low and high
825  * (inclusive) that are supported consensus methods. */
826 STATIC char *
827 make_consensus_method_list(int low, int high, const char *separator)
828 {
829  char *list;
830 
831  int i;
832  smartlist_t *lst;
833  lst = smartlist_new();
834  for (i = low; i <= high; ++i) {
836  continue;
837  smartlist_add_asprintf(lst, "%d", i);
838  }
839  list = smartlist_join_strings(lst, separator, 0, NULL);
840  tor_assert(list);
841  SMARTLIST_FOREACH(lst, char *, cp, tor_free(cp));
842  smartlist_free(lst);
843  return list;
844 }
845 
846 /** Helper: given <b>lst</b>, a list of version strings such that every
847  * version appears once for every versioning voter who recommends it, return a
848  * newly allocated string holding the resulting client-versions or
849  * server-versions list. May change contents of <b>lst</b> */
850 static char *
852 {
853  int min = n_versioning / 2;
854  smartlist_t *good = smartlist_new();
855  char *result;
856  SMARTLIST_FOREACH_BEGIN(lst, const char *, v) {
857  if (strchr(v, ' ')) {
858  log_warn(LD_DIR, "At least one authority has voted for a version %s "
859  "that contains a space. This probably wasn't intentional, and "
860  "is likely to cause trouble. Please tell them to stop it.",
861  escaped(v));
862  }
863  } SMARTLIST_FOREACH_END(v);
864  sort_version_list(lst, 0);
865  get_frequent_members(good, lst, min);
866  result = smartlist_join_strings(good, ",", 0, NULL);
867  smartlist_free(good);
868  return result;
869 }
870 
871 /** Given a list of K=V values, return the int32_t value corresponding to
872  * KEYWORD=, or default_val if no such value exists, or if the value is
873  * corrupt.
874  */
875 STATIC int32_t
877  const char *keyword,
878  int32_t default_val)
879 {
880  unsigned int n_found = 0;
881  int32_t value = default_val;
882 
883  SMARTLIST_FOREACH_BEGIN(param_list, const char *, k_v_pair) {
884  if (!strcmpstart(k_v_pair, keyword) && k_v_pair[strlen(keyword)] == '=') {
885  const char *integer_str = &k_v_pair[strlen(keyword)+1];
886  int ok;
887  value = (int32_t)
888  tor_parse_long(integer_str, 10, INT32_MIN, INT32_MAX, &ok, NULL);
889  if (BUG(! ok))
890  return default_val;
891  ++n_found;
892  }
893  } SMARTLIST_FOREACH_END(k_v_pair);
894 
895  if (n_found == 1) {
896  return value;
897  } else {
898  tor_assert_nonfatal(n_found == 0);
899  return default_val;
900  }
901 }
902 
903 /** Minimum number of directory authorities voting for a parameter to
904  * include it in the consensus, if consensus method 12 or later is to be
905  * used. See proposal 178 for details. */
906 #define MIN_VOTES_FOR_PARAM 3
907 
908 /** Helper: given a list of valid networkstatus_t, return a new smartlist
909  * containing the contents of the consensus network parameter set.
910  */
912 dirvote_compute_params(smartlist_t *votes, int method, int total_authorities)
913 {
914  int i;
915  int32_t *vals;
916 
917  int cur_param_len;
918  const char *cur_param;
919  const char *eq;
920 
921  const int n_votes = smartlist_len(votes);
922  smartlist_t *output;
923  smartlist_t *param_list = smartlist_new();
924  (void) method;
925 
926  /* We require that the parameter lists in the votes are well-formed: that
927  is, that their keywords are unique and sorted, and that their values are
928  between INT32_MIN and INT32_MAX inclusive. This should be guaranteed by
929  the parsing code. */
930 
931  vals = tor_calloc(n_votes, sizeof(int));
932 
934  if (!v->net_params)
935  continue;
936  smartlist_add_all(param_list, v->net_params);
937  } SMARTLIST_FOREACH_END(v);
938 
939  if (smartlist_len(param_list) == 0) {
940  tor_free(vals);
941  return param_list;
942  }
943 
944  smartlist_sort_strings(param_list);
945  i = 0;
946  cur_param = smartlist_get(param_list, 0);
947  eq = strchr(cur_param, '=');
948  tor_assert(eq);
949  cur_param_len = (int)(eq+1 - cur_param);
950 
951  output = smartlist_new();
952 
953  SMARTLIST_FOREACH_BEGIN(param_list, const char *, param) {
954  /* resolve spurious clang shallow analysis null pointer errors */
955  tor_assert(param);
956 
957  const char *next_param;
958  int ok=0;
959  eq = strchr(param, '=');
960  tor_assert(i<n_votes); /* Make sure we prevented vote-stuffing. */
961  vals[i++] = (int32_t)
962  tor_parse_long(eq+1, 10, INT32_MIN, INT32_MAX, &ok, NULL);
963  tor_assert(ok); /* Already checked these when parsing. */
964 
965  if (param_sl_idx+1 == smartlist_len(param_list))
966  next_param = NULL;
967  else
968  next_param = smartlist_get(param_list, param_sl_idx+1);
969 
970  if (!next_param || strncmp(next_param, param, cur_param_len)) {
971  /* We've reached the end of a series. */
972  /* Make sure enough authorities voted on this param, unless the
973  * the consensus method we use is too old for that. */
974  if (i > total_authorities/2 ||
975  i >= MIN_VOTES_FOR_PARAM) {
976  int32_t median = median_int32(vals, i);
977  char *out_string = tor_malloc(64+cur_param_len);
978  memcpy(out_string, param, cur_param_len);
979  tor_snprintf(out_string+cur_param_len,64, "%ld", (long)median);
980  smartlist_add(output, out_string);
981  }
982 
983  i = 0;
984  if (next_param) {
985  eq = strchr(next_param, '=');
986  cur_param_len = (int)(eq+1 - next_param);
987  }
988  }
989  } SMARTLIST_FOREACH_END(param);
990 
991  smartlist_free(param_list);
992  tor_free(vals);
993  return output;
994 }
995 
996 #define RANGE_CHECK(a,b,c,d,e,f,g,mx) \
997  ((a) >= 0 && (a) <= (mx) && (b) >= 0 && (b) <= (mx) && \
998  (c) >= 0 && (c) <= (mx) && (d) >= 0 && (d) <= (mx) && \
999  (e) >= 0 && (e) <= (mx) && (f) >= 0 && (f) <= (mx) && \
1000  (g) >= 0 && (g) <= (mx))
1001 
1002 #define CHECK_EQ(a, b, margin) \
1003  ((a)-(b) >= 0 ? (a)-(b) <= (margin) : (b)-(a) <= (margin))
1004 
1005 typedef enum {
1006  BW_WEIGHTS_NO_ERROR = 0,
1007  BW_WEIGHTS_RANGE_ERROR = 1,
1008  BW_WEIGHTS_SUMG_ERROR = 2,
1009  BW_WEIGHTS_SUME_ERROR = 3,
1010  BW_WEIGHTS_SUMD_ERROR = 4,
1011  BW_WEIGHTS_BALANCE_MID_ERROR = 5,
1012  BW_WEIGHTS_BALANCE_EG_ERROR = 6
1013 } bw_weights_error_t;
1014 
1015 /**
1016  * Verify that any weightings satisfy the balanced formulas.
1017  */
1018 static bw_weights_error_t
1019 networkstatus_check_weights(int64_t Wgg, int64_t Wgd, int64_t Wmg,
1020  int64_t Wme, int64_t Wmd, int64_t Wee,
1021  int64_t Wed, int64_t scale, int64_t G,
1022  int64_t M, int64_t E, int64_t D, int64_t T,
1023  int64_t margin, int do_balance) {
1024  bw_weights_error_t berr = BW_WEIGHTS_NO_ERROR;
1025 
1026  // Wed + Wmd + Wgd == 1
1027  if (!CHECK_EQ(Wed + Wmd + Wgd, scale, margin)) {
1028  berr = BW_WEIGHTS_SUMD_ERROR;
1029  goto out;
1030  }
1031 
1032  // Wmg + Wgg == 1
1033  if (!CHECK_EQ(Wmg + Wgg, scale, margin)) {
1034  berr = BW_WEIGHTS_SUMG_ERROR;
1035  goto out;
1036  }
1037 
1038  // Wme + Wee == 1
1039  if (!CHECK_EQ(Wme + Wee, scale, margin)) {
1040  berr = BW_WEIGHTS_SUME_ERROR;
1041  goto out;
1042  }
1043 
1044  // Verify weights within range 0->1
1045  if (!RANGE_CHECK(Wgg, Wgd, Wmg, Wme, Wmd, Wed, Wee, scale)) {
1046  berr = BW_WEIGHTS_RANGE_ERROR;
1047  goto out;
1048  }
1049 
1050  if (do_balance) {
1051  // Wgg*G + Wgd*D == Wee*E + Wed*D, already scaled
1052  if (!CHECK_EQ(Wgg*G + Wgd*D, Wee*E + Wed*D, (margin*T)/3)) {
1053  berr = BW_WEIGHTS_BALANCE_EG_ERROR;
1054  goto out;
1055  }
1056 
1057  // Wgg*G + Wgd*D == M*scale + Wmd*D + Wme*E + Wmg*G, already scaled
1058  if (!CHECK_EQ(Wgg*G + Wgd*D, M*scale + Wmd*D + Wme*E + Wmg*G,
1059  (margin*T)/3)) {
1060  berr = BW_WEIGHTS_BALANCE_MID_ERROR;
1061  goto out;
1062  }
1063  }
1064 
1065  out:
1066  if (berr) {
1067  log_info(LD_DIR,
1068  "Bw weight mismatch %d. G=%"PRId64" M=%"PRId64
1069  " E=%"PRId64" D=%"PRId64" T=%"PRId64
1070  " Wmd=%d Wme=%d Wmg=%d Wed=%d Wee=%d"
1071  " Wgd=%d Wgg=%d Wme=%d Wmg=%d",
1072  berr,
1073  (G), (M), (E),
1074  (D), (T),
1075  (int)Wmd, (int)Wme, (int)Wmg, (int)Wed, (int)Wee,
1076  (int)Wgd, (int)Wgg, (int)Wme, (int)Wmg);
1077  }
1078 
1079  return berr;
1080 }
1081 
1082 /**
1083  * This function computes the bandwidth weights for consensus method 10.
1084  *
1085  * It returns true if weights could be computed, false otherwise.
1086  */
1087 int
1089  int64_t M, int64_t E, int64_t D,
1090  int64_t T, int64_t weight_scale)
1091 {
1092  bw_weights_error_t berr = 0;
1093  int64_t Wgg = -1, Wgd = -1;
1094  int64_t Wmg = -1, Wme = -1, Wmd = -1;
1095  int64_t Wed = -1, Wee = -1;
1096  const char *casename;
1097 
1098  if (G <= 0 || M <= 0 || E <= 0 || D <= 0) {
1099  log_warn(LD_DIR, "Consensus with empty bandwidth: "
1100  "G=%"PRId64" M=%"PRId64" E=%"PRId64
1101  " D=%"PRId64" T=%"PRId64,
1102  (G), (M), (E),
1103  (D), (T));
1104  return 0;
1105  }
1106 
1107  /*
1108  * Computed from cases in 3.8.3 of dir-spec.txt
1109  *
1110  * 1. Neither are scarce
1111  * 2. Both Guard and Exit are scarce
1112  * a. R+D <= S
1113  * b. R+D > S
1114  * 3. One of Guard or Exit is scarce
1115  * a. S+D < T/3
1116  * b. S+D >= T/3
1117  */
1118  if (3*E >= T && 3*G >= T) { // E >= T/3 && G >= T/3
1119  /* Case 1: Neither are scarce. */
1120  casename = "Case 1 (Wgd=Wmd=Wed)";
1121  Wgd = weight_scale/3;
1122  Wed = weight_scale/3;
1123  Wmd = weight_scale/3;
1124  Wee = (weight_scale*(E+G+M))/(3*E);
1125  Wme = weight_scale - Wee;
1126  Wmg = (weight_scale*(2*G-E-M))/(3*G);
1127  Wgg = weight_scale - Wmg;
1128 
1129  berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed,
1130  weight_scale, G, M, E, D, T, 10, 1);
1131 
1132  if (berr) {
1133  log_warn(LD_DIR,
1134  "Bw Weights error %d for %s v10. G=%"PRId64" M=%"PRId64
1135  " E=%"PRId64" D=%"PRId64" T=%"PRId64
1136  " Wmd=%d Wme=%d Wmg=%d Wed=%d Wee=%d"
1137  " Wgd=%d Wgg=%d Wme=%d Wmg=%d weight_scale=%d",
1138  berr, casename,
1139  (G), (M), (E),
1140  (D), (T),
1141  (int)Wmd, (int)Wme, (int)Wmg, (int)Wed, (int)Wee,
1142  (int)Wgd, (int)Wgg, (int)Wme, (int)Wmg, (int)weight_scale);
1143  return 0;
1144  }
1145  } else if (3*E < T && 3*G < T) { // E < T/3 && G < T/3
1146  int64_t R = MIN(E, G);
1147  int64_t S = MAX(E, G);
1148  /*
1149  * Case 2: Both Guards and Exits are scarce
1150  * Balance D between E and G, depending upon
1151  * D capacity and scarcity.
1152  */
1153  if (R+D < S) { // Subcase a
1154  Wgg = weight_scale;
1155  Wee = weight_scale;
1156  Wmg = 0;
1157  Wme = 0;
1158  Wmd = 0;
1159  if (E < G) {
1160  casename = "Case 2a (E scarce)";
1161  Wed = weight_scale;
1162  Wgd = 0;
1163  } else { /* E >= G */
1164  casename = "Case 2a (G scarce)";
1165  Wed = 0;
1166  Wgd = weight_scale;
1167  }
1168  } else { // Subcase b: R+D >= S
1169  casename = "Case 2b1 (Wgg=weight_scale, Wmd=Wgd)";
1170  Wee = (weight_scale*(E - G + M))/E;
1171  Wed = (weight_scale*(D - 2*E + 4*G - 2*M))/(3*D);
1172  Wme = (weight_scale*(G-M))/E;
1173  Wmg = 0;
1174  Wgg = weight_scale;
1175  Wmd = (weight_scale - Wed)/2;
1176  Wgd = (weight_scale - Wed)/2;
1177 
1178  berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed,
1179  weight_scale, G, M, E, D, T, 10, 1);
1180 
1181  if (berr) {
1182  casename = "Case 2b2 (Wgg=weight_scale, Wee=weight_scale)";
1183  Wgg = weight_scale;
1184  Wee = weight_scale;
1185  Wed = (weight_scale*(D - 2*E + G + M))/(3*D);
1186  Wmd = (weight_scale*(D - 2*M + G + E))/(3*D);
1187  Wme = 0;
1188  Wmg = 0;
1189 
1190  if (Wmd < 0) { // Can happen if M > T/3
1191  casename = "Case 2b3 (Wmd=0)";
1192  Wmd = 0;
1193  log_warn(LD_DIR,
1194  "Too much Middle bandwidth on the network to calculate "
1195  "balanced bandwidth-weights. Consider increasing the "
1196  "number of Guard nodes by lowering the requirements.");
1197  }
1198  Wgd = weight_scale - Wed - Wmd;
1199  berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee,
1200  Wed, weight_scale, G, M, E, D, T, 10, 1);
1201  }
1202  if (berr != BW_WEIGHTS_NO_ERROR &&
1203  berr != BW_WEIGHTS_BALANCE_MID_ERROR) {
1204  log_warn(LD_DIR,
1205  "Bw Weights error %d for %s v10. G=%"PRId64" M=%"PRId64
1206  " E=%"PRId64" D=%"PRId64" T=%"PRId64
1207  " Wmd=%d Wme=%d Wmg=%d Wed=%d Wee=%d"
1208  " Wgd=%d Wgg=%d Wme=%d Wmg=%d weight_scale=%d",
1209  berr, casename,
1210  (G), (M), (E),
1211  (D), (T),
1212  (int)Wmd, (int)Wme, (int)Wmg, (int)Wed, (int)Wee,
1213  (int)Wgd, (int)Wgg, (int)Wme, (int)Wmg, (int)weight_scale);
1214  return 0;
1215  }
1216  }
1217  } else { // if (E < T/3 || G < T/3) {
1218  int64_t S = MIN(E, G);
1219  // Case 3: Exactly one of Guard or Exit is scarce
1220  if (!(3*E < T || 3*G < T) || !(3*G >= T || 3*E >= T)) {
1221  log_warn(LD_BUG,
1222  "Bw-Weights Case 3 v10 but with G=%"PRId64" M="
1223  "%"PRId64" E=%"PRId64" D=%"PRId64" T=%"PRId64,
1224  (G), (M), (E),
1225  (D), (T));
1226  }
1227 
1228  if (3*(S+D) < T) { // Subcase a: S+D < T/3
1229  if (G < E) {
1230  casename = "Case 3a (G scarce)";
1231  Wgg = Wgd = weight_scale;
1232  Wmd = Wed = Wmg = 0;
1233  // Minor subcase, if E is more scarce than M,
1234  // keep its bandwidth in place.
1235  if (E < M) Wme = 0;
1236  else Wme = (weight_scale*(E-M))/(2*E);
1237  Wee = weight_scale-Wme;
1238  } else { // G >= E
1239  casename = "Case 3a (E scarce)";
1240  Wee = Wed = weight_scale;
1241  Wmd = Wgd = Wme = 0;
1242  // Minor subcase, if G is more scarce than M,
1243  // keep its bandwidth in place.
1244  if (G < M) Wmg = 0;
1245  else Wmg = (weight_scale*(G-M))/(2*G);
1246  Wgg = weight_scale-Wmg;
1247  }
1248  } else { // Subcase b: S+D >= T/3
1249  // D != 0 because S+D >= T/3
1250  if (G < E) {
1251  casename = "Case 3bg (G scarce, Wgg=weight_scale, Wmd == Wed)";
1252  Wgg = weight_scale;
1253  Wgd = (weight_scale*(D - 2*G + E + M))/(3*D);
1254  Wmg = 0;
1255  Wee = (weight_scale*(E+M))/(2*E);
1256  Wme = weight_scale - Wee;
1257  Wmd = (weight_scale - Wgd)/2;
1258  Wed = (weight_scale - Wgd)/2;
1259 
1260  berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee,
1261  Wed, weight_scale, G, M, E, D, T, 10, 1);
1262  } else { // G >= E
1263  casename = "Case 3be (E scarce, Wee=weight_scale, Wmd == Wgd)";
1264  Wee = weight_scale;
1265  Wed = (weight_scale*(D - 2*E + G + M))/(3*D);
1266  Wme = 0;
1267  Wgg = (weight_scale*(G+M))/(2*G);
1268  Wmg = weight_scale - Wgg;
1269  Wmd = (weight_scale - Wed)/2;
1270  Wgd = (weight_scale - Wed)/2;
1271 
1272  berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee,
1273  Wed, weight_scale, G, M, E, D, T, 10, 1);
1274  }
1275  if (berr) {
1276  log_warn(LD_DIR,
1277  "Bw Weights error %d for %s v10. G=%"PRId64" M=%"PRId64
1278  " E=%"PRId64" D=%"PRId64" T=%"PRId64
1279  " Wmd=%d Wme=%d Wmg=%d Wed=%d Wee=%d"
1280  " Wgd=%d Wgg=%d Wme=%d Wmg=%d weight_scale=%d",
1281  berr, casename,
1282  (G), (M), (E),
1283  (D), (T),
1284  (int)Wmd, (int)Wme, (int)Wmg, (int)Wed, (int)Wee,
1285  (int)Wgd, (int)Wgg, (int)Wme, (int)Wmg, (int)weight_scale);
1286  return 0;
1287  }
1288  }
1289  }
1290 
1291  /* We cast down the weights to 32 bit ints on the assumption that
1292  * weight_scale is ~= 10000. We need to ensure a rogue authority
1293  * doesn't break this assumption to rig our weights */
1294  tor_assert(0 < weight_scale && weight_scale <= INT32_MAX);
1295 
1296  /*
1297  * Provide Wgm=Wgg, Wmm=weight_scale, Wem=Wee, Weg=Wed. May later determine
1298  * that middle nodes need different bandwidth weights for dirport traffic,
1299  * or that weird exit policies need special weight, or that bridges
1300  * need special weight.
1301  *
1302  * NOTE: This list is sorted.
1303  */
1304  smartlist_add_asprintf(chunks,
1305  "bandwidth-weights Wbd=%d Wbe=%d Wbg=%d Wbm=%d "
1306  "Wdb=%d "
1307  "Web=%d Wed=%d Wee=%d Weg=%d Wem=%d "
1308  "Wgb=%d Wgd=%d Wgg=%d Wgm=%d "
1309  "Wmb=%d Wmd=%d Wme=%d Wmg=%d Wmm=%d\n",
1310  (int)Wmd, (int)Wme, (int)Wmg, (int)weight_scale,
1311  (int)weight_scale,
1312  (int)weight_scale, (int)Wed, (int)Wee, (int)Wed, (int)Wee,
1313  (int)weight_scale, (int)Wgd, (int)Wgg, (int)Wgg,
1314  (int)weight_scale, (int)Wmd, (int)Wme, (int)Wmg, (int)weight_scale);
1315 
1316  log_notice(LD_CIRC, "Computed bandwidth weights for %s with v10: "
1317  "G=%"PRId64" M=%"PRId64" E=%"PRId64" D=%"PRId64
1318  " T=%"PRId64,
1319  casename,
1320  (G), (M), (E),
1321  (D), (T));
1322  return 1;
1323 }
1324 
1325 /** Update total bandwidth weights (G/M/E/D/T) with the bandwidth of
1326  * the router in <b>rs</b>. */
1327 static void
1329  int is_exit, int is_guard,
1330  int64_t *G, int64_t *M, int64_t *E, int64_t *D,
1331  int64_t *T)
1332 {
1333  int default_bandwidth = rs->bandwidth_kb;
1334  int guardfraction_bandwidth = 0;
1335 
1336  if (!rs->has_bandwidth) {
1337  log_info(LD_BUG, "Missing consensus bandwidth for router %s",
1338  rs->nickname);
1339  return;
1340  }
1341 
1342  /* If this routerstatus represents a guard that we have
1343  * guardfraction information on, use it to calculate its actual
1344  * bandwidth. From proposal236:
1345  *
1346  * Similarly, when calculating the bandwidth-weights line as in
1347  * section 3.8.3 of dir-spec.txt, directory authorities should treat N
1348  * as if fraction F of its bandwidth has the guard flag and (1-F) does
1349  * not. So when computing the totals G,M,E,D, each relay N with guard
1350  * visibility fraction F and bandwidth B should be added as follows:
1351  *
1352  * G' = G + F*B, if N does not have the exit flag
1353  * M' = M + (1-F)*B, if N does not have the exit flag
1354  *
1355  * or
1356  *
1357  * D' = D + F*B, if N has the exit flag
1358  * E' = E + (1-F)*B, if N has the exit flag
1359  *
1360  * In this block of code, we prepare the bandwidth values by setting
1361  * the default_bandwidth to F*B and guardfraction_bandwidth to (1-F)*B.
1362  */
1363  if (rs->has_guardfraction) {
1364  guardfraction_bandwidth_t guardfraction_bw;
1365 
1366  tor_assert(is_guard);
1367 
1368  guard_get_guardfraction_bandwidth(&guardfraction_bw,
1369  rs->bandwidth_kb,
1371 
1372  default_bandwidth = guardfraction_bw.guard_bw;
1373  guardfraction_bandwidth = guardfraction_bw.non_guard_bw;
1374  }
1375 
1376  /* Now calculate the total bandwidth weights with or without
1377  * guardfraction. Depending on the flags of the relay, add its
1378  * bandwidth to the appropriate weight pool. If it's a guard and
1379  * guardfraction is enabled, add its bandwidth to both pools as
1380  * indicated by the previous comment.
1381  */
1382  *T += default_bandwidth;
1383  if (is_exit && is_guard) {
1384 
1385  *D += default_bandwidth;
1386  if (rs->has_guardfraction) {
1387  *E += guardfraction_bandwidth;
1388  }
1389 
1390  } else if (is_exit) {
1391 
1392  *E += default_bandwidth;
1393 
1394  } else if (is_guard) {
1395 
1396  *G += default_bandwidth;
1397  if (rs->has_guardfraction) {
1398  *M += guardfraction_bandwidth;
1399  }
1400 
1401  } else {
1402 
1403  *M += default_bandwidth;
1404  }
1405 }
1406 
1407 /** Considering the different recommended/required protocols sets as a
1408  * 4-element array, return the element from <b>vote</b> for that protocol
1409  * set.
1410  */
1411 static const char *
1413 {
1414  switch (n) {
1415  case 0: return vote->recommended_client_protocols;
1416  case 1: return vote->recommended_relay_protocols;
1417  case 2: return vote->required_client_protocols;
1418  case 3: return vote->required_relay_protocols;
1419  default:
1420  tor_assert_unreached();
1421  return NULL;
1422  }
1423 }
1424 
1425 /** Considering the different recommended/required protocols sets as a
1426  * 4-element array, return a newly allocated string for the consensus value
1427  * for the n'th set.
1428  */
1429 static char *
1430 compute_nth_protocol_set(int n, int n_voters, const smartlist_t *votes)
1431 {
1432  const char *keyword;
1433  smartlist_t *proto_votes = smartlist_new();
1434  int threshold;
1435  switch (n) {
1436  case 0:
1437  keyword = "recommended-client-protocols";
1438  threshold = CEIL_DIV(n_voters, 2);
1439  break;
1440  case 1:
1441  keyword = "recommended-relay-protocols";
1442  threshold = CEIL_DIV(n_voters, 2);
1443  break;
1444  case 2:
1445  keyword = "required-client-protocols";
1446  threshold = CEIL_DIV(n_voters * 2, 3);
1447  break;
1448  case 3:
1449  keyword = "required-relay-protocols";
1450  threshold = CEIL_DIV(n_voters * 2, 3);
1451  break;
1452  default:
1453  tor_assert_unreached();
1454  return NULL;
1455  }
1456 
1457  SMARTLIST_FOREACH_BEGIN(votes, const networkstatus_t *, ns) {
1458  const char *v = get_nth_protocol_set_vote(n, ns);
1459  if (v)
1460  smartlist_add(proto_votes, (void*)v);
1461  } SMARTLIST_FOREACH_END(ns);
1462 
1463  char *protocols = protover_compute_vote(proto_votes, threshold);
1464  smartlist_free(proto_votes);
1465 
1466  char *result = NULL;
1467  tor_asprintf(&result, "%s %s\n", keyword, protocols);
1468  tor_free(protocols);
1469 
1470  return result;
1471 }
1472 
1473 /** Given a list of vote networkstatus_t in <b>votes</b>, our public
1474  * authority <b>identity_key</b>, our private authority <b>signing_key</b>,
1475  * and the number of <b>total_authorities</b> that we believe exist in our
1476  * voting quorum, generate the text of a new v3 consensus or microdescriptor
1477  * consensus (depending on <b>flavor</b>), and return the value in a newly
1478  * allocated string.
1479  *
1480  * Note: this function DOES NOT check whether the votes are from
1481  * recognized authorities. (dirvote_add_vote does that.)
1482  *
1483  * <strong>WATCH OUT</strong>: You need to think before you change the
1484  * behavior of this function, or of the functions it calls! If some
1485  * authorities compute the consensus with a different algorithm than
1486  * others, they will not reach the same result, and they will not all
1487  * sign the same thing! If you really need to change the algorithm
1488  * here, you should allocate a new "consensus_method" for the new
1489  * behavior, and make the new behavior conditional on a new-enough
1490  * consensus_method.
1491  **/
1492 STATIC char *
1494  int total_authorities,
1495  crypto_pk_t *identity_key,
1496  crypto_pk_t *signing_key,
1497  const char *legacy_id_key_digest,
1499  consensus_flavor_t flavor)
1500 {
1501  smartlist_t *chunks;
1502  char *result = NULL;
1503  int consensus_method;
1504  time_t valid_after, fresh_until, valid_until;
1505  int vote_seconds, dist_seconds;
1506  char *client_versions = NULL, *server_versions = NULL;
1507  smartlist_t *flags;
1508  const char *flavor_name;
1509  uint32_t max_unmeasured_bw_kb = DEFAULT_MAX_UNMEASURED_BW_KB;
1510  int64_t G, M, E, D, T; /* For bandwidth weights */
1511  const routerstatus_format_type_t rs_format =
1512  flavor == FLAV_NS ? NS_V3_CONSENSUS : NS_V3_CONSENSUS_MICRODESC;
1513  char *params = NULL;
1514  char *packages = NULL;
1515  int added_weights = 0;
1516  dircollator_t *collator = NULL;
1517  smartlist_t *param_list = NULL;
1518 
1519  tor_assert(flavor == FLAV_NS || flavor == FLAV_MICRODESC);
1520  tor_assert(total_authorities >= smartlist_len(votes));
1521  tor_assert(total_authorities > 0);
1522 
1523  flavor_name = networkstatus_get_flavor_name(flavor);
1524 
1525  if (!smartlist_len(votes)) {
1526  log_warn(LD_DIR, "Can't compute a consensus from no votes.");
1527  return NULL;
1528  }
1529  flags = smartlist_new();
1530 
1531  consensus_method = compute_consensus_method(votes);
1532  if (consensus_method_is_supported(consensus_method)) {
1533  log_info(LD_DIR, "Generating consensus using method %d.",
1534  consensus_method);
1535  } else {
1536  log_warn(LD_DIR, "The other authorities will use consensus method %d, "
1537  "which I don't support. Maybe I should upgrade!",
1538  consensus_method);
1539  consensus_method = MAX_SUPPORTED_CONSENSUS_METHOD;
1540  }
1541 
1542  {
1543  /* It's smarter to initialize these weights to 1, so that later on,
1544  * we can't accidentally divide by zero. */
1545  G = M = E = D = 1;
1546  T = 4;
1547  }
1548 
1549  /* Compute medians of time-related things, and figure out how many
1550  * routers we might need to talk about. */
1551  {
1552  int n_votes = smartlist_len(votes);
1553  time_t *va_times = tor_calloc(n_votes, sizeof(time_t));
1554  time_t *fu_times = tor_calloc(n_votes, sizeof(time_t));
1555  time_t *vu_times = tor_calloc(n_votes, sizeof(time_t));
1556  int *votesec_list = tor_calloc(n_votes, sizeof(int));
1557  int *distsec_list = tor_calloc(n_votes, sizeof(int));
1558  int n_versioning_clients = 0, n_versioning_servers = 0;
1559  smartlist_t *combined_client_versions = smartlist_new();
1560  smartlist_t *combined_server_versions = smartlist_new();
1561 
1563  tor_assert(v->type == NS_TYPE_VOTE);
1564  va_times[v_sl_idx] = v->valid_after;
1565  fu_times[v_sl_idx] = v->fresh_until;
1566  vu_times[v_sl_idx] = v->valid_until;
1567  votesec_list[v_sl_idx] = v->vote_seconds;
1568  distsec_list[v_sl_idx] = v->dist_seconds;
1569  if (v->client_versions) {
1570  smartlist_t *cv = smartlist_new();
1571  ++n_versioning_clients;
1572  smartlist_split_string(cv, v->client_versions, ",",
1573  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1574  sort_version_list(cv, 1);
1575  smartlist_add_all(combined_client_versions, cv);
1576  smartlist_free(cv); /* elements get freed later. */
1577  }
1578  if (v->server_versions) {
1579  smartlist_t *sv = smartlist_new();
1580  ++n_versioning_servers;
1581  smartlist_split_string(sv, v->server_versions, ",",
1582  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1583  sort_version_list(sv, 1);
1584  smartlist_add_all(combined_server_versions, sv);
1585  smartlist_free(sv); /* elements get freed later. */
1586  }
1587  SMARTLIST_FOREACH(v->known_flags, const char *, cp,
1588  smartlist_add_strdup(flags, cp));
1589  } SMARTLIST_FOREACH_END(v);
1590  valid_after = median_time(va_times, n_votes);
1591  fresh_until = median_time(fu_times, n_votes);
1592  valid_until = median_time(vu_times, n_votes);
1593  vote_seconds = median_int(votesec_list, n_votes);
1594  dist_seconds = median_int(distsec_list, n_votes);
1595 
1596  tor_assert(valid_after +
1597  (get_options()->TestingTorNetwork ?
1598  MIN_VOTE_INTERVAL_TESTING : MIN_VOTE_INTERVAL) <= fresh_until);
1599  tor_assert(fresh_until +
1600  (get_options()->TestingTorNetwork ?
1601  MIN_VOTE_INTERVAL_TESTING : MIN_VOTE_INTERVAL) <= valid_until);
1602  tor_assert(vote_seconds >= MIN_VOTE_SECONDS);
1603  tor_assert(dist_seconds >= MIN_DIST_SECONDS);
1604 
1605  server_versions = compute_consensus_versions_list(combined_server_versions,
1606  n_versioning_servers);
1607  client_versions = compute_consensus_versions_list(combined_client_versions,
1608  n_versioning_clients);
1609  packages = compute_consensus_package_lines(votes);
1610 
1611  SMARTLIST_FOREACH(combined_server_versions, char *, cp, tor_free(cp));
1612  SMARTLIST_FOREACH(combined_client_versions, char *, cp, tor_free(cp));
1613  smartlist_free(combined_server_versions);
1614  smartlist_free(combined_client_versions);
1615 
1616  smartlist_add_strdup(flags, "NoEdConsensus");
1617 
1618  smartlist_sort_strings(flags);
1619  smartlist_uniq_strings(flags);
1620 
1621  tor_free(va_times);
1622  tor_free(fu_times);
1623  tor_free(vu_times);
1624  tor_free(votesec_list);
1625  tor_free(distsec_list);
1626  }
1627 
1628  chunks = smartlist_new();
1629 
1630  {
1631  char va_buf[ISO_TIME_LEN+1], fu_buf[ISO_TIME_LEN+1],
1632  vu_buf[ISO_TIME_LEN+1];
1633  char *flaglist;
1634  format_iso_time(va_buf, valid_after);
1635  format_iso_time(fu_buf, fresh_until);
1636  format_iso_time(vu_buf, valid_until);
1637  flaglist = smartlist_join_strings(flags, " ", 0, NULL);
1638 
1639  smartlist_add_asprintf(chunks, "network-status-version 3%s%s\n"
1640  "vote-status consensus\n",
1641  flavor == FLAV_NS ? "" : " ",
1642  flavor == FLAV_NS ? "" : flavor_name);
1643 
1644  smartlist_add_asprintf(chunks, "consensus-method %d\n",
1645  consensus_method);
1646 
1647  smartlist_add_asprintf(chunks,
1648  "valid-after %s\n"
1649  "fresh-until %s\n"
1650  "valid-until %s\n"
1651  "voting-delay %d %d\n"
1652  "client-versions %s\n"
1653  "server-versions %s\n"
1654  "%s" /* packages */
1655  "known-flags %s\n",
1656  va_buf, fu_buf, vu_buf,
1657  vote_seconds, dist_seconds,
1658  client_versions, server_versions,
1659  packages,
1660  flaglist);
1661 
1662  tor_free(flaglist);
1663  }
1664 
1665  {
1666  int num_dirauth = get_n_authorities(V3_DIRINFO);
1667  int idx;
1668  for (idx = 0; idx < 4; ++idx) {
1669  char *proto_line = compute_nth_protocol_set(idx, num_dirauth, votes);
1670  if (BUG(!proto_line))
1671  continue;
1672  smartlist_add(chunks, proto_line);
1673  }
1674  }
1675 
1676  param_list = dirvote_compute_params(votes, consensus_method,
1677  total_authorities);
1678  if (smartlist_len(param_list)) {
1679  params = smartlist_join_strings(param_list, " ", 0, NULL);
1680  smartlist_add_strdup(chunks, "params ");
1681  smartlist_add(chunks, params);
1682  smartlist_add_strdup(chunks, "\n");
1683  }
1684 
1685  {
1686  int num_dirauth = get_n_authorities(V3_DIRINFO);
1687  /* Default value of this is 2/3 of the total number of authorities. For
1688  * instance, if we have 9 dirauth, the default value is 6. The following
1689  * calculation will round it down. */
1690  int32_t num_srv_agreements =
1692  "AuthDirNumSRVAgreements",
1693  (num_dirauth * 2) / 3);
1694  /* Add the shared random value. */
1695  char *srv_lines = sr_get_string_for_consensus(votes, num_srv_agreements);
1696  if (srv_lines != NULL) {
1697  smartlist_add(chunks, srv_lines);
1698  }
1699  }
1700 
1701  /* Sort the votes. */
1703  /* Add the authority sections. */
1704  {
1705  smartlist_t *dir_sources = smartlist_new();
1707  dir_src_ent_t *e = tor_malloc_zero(sizeof(dir_src_ent_t));
1708  e->v = v;
1709  e->digest = get_voter(v)->identity_digest;
1710  e->is_legacy = 0;
1711  smartlist_add(dir_sources, e);
1712  if (!tor_digest_is_zero(get_voter(v)->legacy_id_digest)) {
1713  dir_src_ent_t *e_legacy = tor_malloc_zero(sizeof(dir_src_ent_t));
1714  e_legacy->v = v;
1715  e_legacy->digest = get_voter(v)->legacy_id_digest;
1716  e_legacy->is_legacy = 1;
1717  smartlist_add(dir_sources, e_legacy);
1718  }
1719  } SMARTLIST_FOREACH_END(v);
1721 
1722  SMARTLIST_FOREACH_BEGIN(dir_sources, const dir_src_ent_t *, e) {
1723  char fingerprint[HEX_DIGEST_LEN+1];
1724  char votedigest[HEX_DIGEST_LEN+1];
1725  networkstatus_t *v = e->v;
1727 
1728  base16_encode(fingerprint, sizeof(fingerprint), e->digest, DIGEST_LEN);
1729  base16_encode(votedigest, sizeof(votedigest), voter->vote_digest,
1730  DIGEST_LEN);
1731 
1732  smartlist_add_asprintf(chunks,
1733  "dir-source %s%s %s %s %s %d %d\n",
1734  voter->nickname, e->is_legacy ? "-legacy" : "",
1735  fingerprint, voter->address, fmt_addr32(voter->addr),
1736  voter->dir_port,
1737  voter->or_port);
1738  if (! e->is_legacy) {
1739  smartlist_add_asprintf(chunks,
1740  "contact %s\n"
1741  "vote-digest %s\n",
1742  voter->contact,
1743  votedigest);
1744  }
1745  } SMARTLIST_FOREACH_END(e);
1746  SMARTLIST_FOREACH(dir_sources, dir_src_ent_t *, e, tor_free(e));
1747  smartlist_free(dir_sources);
1748  }
1749 
1750  {
1751  char *max_unmeasured_param = NULL;
1752  /* XXXX Extract this code into a common function. Or don't! see #19011 */
1753  if (params) {
1754  if (strcmpstart(params, "maxunmeasuredbw=") == 0)
1755  max_unmeasured_param = params;
1756  else
1757  max_unmeasured_param = strstr(params, " maxunmeasuredbw=");
1758  }
1759  if (max_unmeasured_param) {
1760  int ok = 0;
1761  char *eq = strchr(max_unmeasured_param, '=');
1762  if (eq) {
1763  max_unmeasured_bw_kb = (uint32_t)
1764  tor_parse_ulong(eq+1, 10, 1, UINT32_MAX, &ok, NULL);
1765  if (!ok) {
1766  log_warn(LD_DIR, "Bad element '%s' in max unmeasured bw param",
1767  escaped(max_unmeasured_param));
1768  max_unmeasured_bw_kb = DEFAULT_MAX_UNMEASURED_BW_KB;
1769  }
1770  }
1771  }
1772  }
1773 
1774  /* Add the actual router entries. */
1775  {
1776  int *size; /* size[j] is the number of routerstatuses in votes[j]. */
1777  int *flag_counts; /* The number of voters that list flag[j] for the
1778  * currently considered router. */
1779  int i;
1780  smartlist_t *matching_descs = smartlist_new();
1781  smartlist_t *chosen_flags = smartlist_new();
1782  smartlist_t *versions = smartlist_new();
1783  smartlist_t *protocols = smartlist_new();
1784  smartlist_t *exitsummaries = smartlist_new();
1785  uint32_t *bandwidths_kb = tor_calloc(smartlist_len(votes),
1786  sizeof(uint32_t));
1787  uint32_t *measured_bws_kb = tor_calloc(smartlist_len(votes),
1788  sizeof(uint32_t));
1789  uint32_t *measured_guardfraction = tor_calloc(smartlist_len(votes),
1790  sizeof(uint32_t));
1791  int num_bandwidths;
1792  int num_mbws;
1793  int num_guardfraction_inputs;
1794 
1795  int *n_voter_flags; /* n_voter_flags[j] is the number of flags that
1796  * votes[j] knows about. */
1797  int *n_flag_voters; /* n_flag_voters[f] is the number of votes that care
1798  * about flags[f]. */
1799  int **flag_map; /* flag_map[j][b] is an index f such that flag_map[f]
1800  * is the same flag as votes[j]->known_flags[b]. */
1801  int *named_flag; /* Index of the flag "Named" for votes[j] */
1802  int *unnamed_flag; /* Index of the flag "Unnamed" for votes[j] */
1803  int n_authorities_measuring_bandwidth;
1804 
1805  strmap_t *name_to_id_map = strmap_new();
1806  char conflict[DIGEST_LEN];
1807  char unknown[DIGEST_LEN];
1808  memset(conflict, 0, sizeof(conflict));
1809  memset(unknown, 0xff, sizeof(conflict));
1810 
1811  size = tor_calloc(smartlist_len(votes), sizeof(int));
1812  n_voter_flags = tor_calloc(smartlist_len(votes), sizeof(int));
1813  n_flag_voters = tor_calloc(smartlist_len(flags), sizeof(int));
1814  flag_map = tor_calloc(smartlist_len(votes), sizeof(int *));
1815  named_flag = tor_calloc(smartlist_len(votes), sizeof(int));
1816  unnamed_flag = tor_calloc(smartlist_len(votes), sizeof(int));
1817  for (i = 0; i < smartlist_len(votes); ++i)
1818  unnamed_flag[i] = named_flag[i] = -1;
1819 
1820  /* Build the flag indexes. Note that no vote can have more than 64 members
1821  * for known_flags, so no value will be greater than 63, so it's safe to
1822  * do UINT64_C(1) << index on these values. But note also that
1823  * named_flag and unnamed_flag are initialized to -1, so we need to check
1824  * that they're actually set before doing UINT64_C(1) << index with
1825  * them.*/
1827  flag_map[v_sl_idx] = tor_calloc(smartlist_len(v->known_flags),
1828  sizeof(int));
1829  if (smartlist_len(v->known_flags) > MAX_KNOWN_FLAGS_IN_VOTE) {
1830  log_warn(LD_BUG, "Somehow, a vote has %d entries in known_flags",
1831  smartlist_len(v->known_flags));
1832  }
1833  SMARTLIST_FOREACH_BEGIN(v->known_flags, const char *, fl) {
1834  int p = smartlist_string_pos(flags, fl);
1835  tor_assert(p >= 0);
1836  flag_map[v_sl_idx][fl_sl_idx] = p;
1837  ++n_flag_voters[p];
1838  if (!strcmp(fl, "Named"))
1839  named_flag[v_sl_idx] = fl_sl_idx;
1840  if (!strcmp(fl, "Unnamed"))
1841  unnamed_flag[v_sl_idx] = fl_sl_idx;
1842  } SMARTLIST_FOREACH_END(fl);
1843  n_voter_flags[v_sl_idx] = smartlist_len(v->known_flags);
1844  size[v_sl_idx] = smartlist_len(v->routerstatus_list);
1845  } SMARTLIST_FOREACH_END(v);
1846 
1847  /* Named and Unnamed get treated specially */
1848  {
1850  uint64_t nf;
1851  if (named_flag[v_sl_idx]<0)
1852  continue;
1853  nf = UINT64_C(1) << named_flag[v_sl_idx];
1854  SMARTLIST_FOREACH_BEGIN(v->routerstatus_list,
1855  vote_routerstatus_t *, rs) {
1856 
1857  if ((rs->flags & nf) != 0) {
1858  const char *d = strmap_get_lc(name_to_id_map, rs->status.nickname);
1859  if (!d) {
1860  /* We have no name officially mapped to this digest. */
1861  strmap_set_lc(name_to_id_map, rs->status.nickname,
1862  rs->status.identity_digest);
1863  } else if (d != conflict &&
1864  fast_memcmp(d, rs->status.identity_digest, DIGEST_LEN)) {
1865  /* Authorities disagree about this nickname. */
1866  strmap_set_lc(name_to_id_map, rs->status.nickname, conflict);
1867  } else {
1868  /* It's already a conflict, or it's already this ID. */
1869  }
1870  }
1871  } SMARTLIST_FOREACH_END(rs);
1872  } SMARTLIST_FOREACH_END(v);
1873 
1875  uint64_t uf;
1876  if (unnamed_flag[v_sl_idx]<0)
1877  continue;
1878  uf = UINT64_C(1) << unnamed_flag[v_sl_idx];
1879  SMARTLIST_FOREACH_BEGIN(v->routerstatus_list,
1880  vote_routerstatus_t *, rs) {
1881  if ((rs->flags & uf) != 0) {
1882  const char *d = strmap_get_lc(name_to_id_map, rs->status.nickname);
1883  if (d == conflict || d == unknown) {
1884  /* Leave it alone; we know what it is. */
1885  } else if (!d) {
1886  /* We have no name officially mapped to this digest. */
1887  strmap_set_lc(name_to_id_map, rs->status.nickname, unknown);
1888  } else if (fast_memeq(d, rs->status.identity_digest, DIGEST_LEN)) {
1889  /* Authorities disagree about this nickname. */
1890  strmap_set_lc(name_to_id_map, rs->status.nickname, conflict);
1891  } else {
1892  /* It's mapped to a different name. */
1893  }
1894  }
1895  } SMARTLIST_FOREACH_END(rs);
1896  } SMARTLIST_FOREACH_END(v);
1897  }
1898 
1899  /* We need to know how many votes measure bandwidth. */
1900  n_authorities_measuring_bandwidth = 0;
1901  SMARTLIST_FOREACH(votes, const networkstatus_t *, v,
1902  if (v->has_measured_bws) {
1903  ++n_authorities_measuring_bandwidth;
1904  }
1905  );
1906 
1907  /* Populate the collator */
1908  collator = dircollator_new(smartlist_len(votes), total_authorities);
1910  dircollator_add_vote(collator, v);
1911  } SMARTLIST_FOREACH_END(v);
1912 
1913  dircollator_collate(collator, consensus_method);
1914 
1915  /* Now go through all the votes */
1916  flag_counts = tor_calloc(smartlist_len(flags), sizeof(int));
1917  const int num_routers = dircollator_n_routers(collator);
1918  for (i = 0; i < num_routers; ++i) {
1919  vote_routerstatus_t **vrs_lst =
1920  dircollator_get_votes_for_router(collator, i);
1921 
1922  vote_routerstatus_t *rs;
1923  routerstatus_t rs_out;
1924  const char *current_rsa_id = NULL;
1925  const char *chosen_version;
1926  const char *chosen_protocol_list;
1927  const char *chosen_name = NULL;
1928  int exitsummary_disagreement = 0;
1929  int is_named = 0, is_unnamed = 0, is_running = 0, is_valid = 0;
1930  int is_guard = 0, is_exit = 0, is_bad_exit = 0;
1931  int naming_conflict = 0;
1932  int n_listing = 0;
1933  char microdesc_digest[DIGEST256_LEN];
1934  tor_addr_port_t alt_orport = {TOR_ADDR_NULL, 0};
1935 
1936  memset(flag_counts, 0, sizeof(int)*smartlist_len(flags));
1937  smartlist_clear(matching_descs);
1938  smartlist_clear(chosen_flags);
1939  smartlist_clear(versions);
1940  smartlist_clear(protocols);
1941  num_bandwidths = 0;
1942  num_mbws = 0;
1943  num_guardfraction_inputs = 0;
1944  int ed_consensus = 0;
1945  const uint8_t *ed_consensus_val = NULL;
1946 
1947  /* Okay, go through all the entries for this digest. */
1948  for (int voter_idx = 0; voter_idx < smartlist_len(votes); ++voter_idx) {
1949  if (vrs_lst[voter_idx] == NULL)
1950  continue; /* This voter had nothing to say about this entry. */
1951  rs = vrs_lst[voter_idx];
1952  ++n_listing;
1953 
1954  current_rsa_id = rs->status.identity_digest;
1955 
1956  smartlist_add(matching_descs, rs);
1957  if (rs->version && rs->version[0])
1958  smartlist_add(versions, rs->version);
1959 
1960  if (rs->protocols) {
1961  /* We include this one even if it's empty: voting for an
1962  * empty protocol list actually is meaningful. */
1963  smartlist_add(protocols, rs->protocols);
1964  }
1965 
1966  /* Tally up all the flags. */
1967  for (int flag = 0; flag < n_voter_flags[voter_idx]; ++flag) {
1968  if (rs->flags & (UINT64_C(1) << flag))
1969  ++flag_counts[flag_map[voter_idx][flag]];
1970  }
1971  if (named_flag[voter_idx] >= 0 &&
1972  (rs->flags & (UINT64_C(1) << named_flag[voter_idx]))) {
1973  if (chosen_name && strcmp(chosen_name, rs->status.nickname)) {
1974  log_notice(LD_DIR, "Conflict on naming for router: %s vs %s",
1975  chosen_name, rs->status.nickname);
1976  naming_conflict = 1;
1977  }
1978  chosen_name = rs->status.nickname;
1979  }
1980 
1981  /* Count guardfraction votes and note down the values. */
1982  if (rs->status.has_guardfraction) {
1983  measured_guardfraction[num_guardfraction_inputs++] =
1985  }
1986 
1987  /* count bandwidths */
1988  if (rs->has_measured_bw)
1989  measured_bws_kb[num_mbws++] = rs->measured_bw_kb;
1990 
1991  if (rs->status.has_bandwidth)
1992  bandwidths_kb[num_bandwidths++] = rs->status.bandwidth_kb;
1993 
1994  /* Count number for which ed25519 is canonical. */
1995  if (rs->ed25519_reflects_consensus) {
1996  ++ed_consensus;
1997  if (ed_consensus_val) {
1998  tor_assert(fast_memeq(ed_consensus_val, rs->ed25519_id,
2000  } else {
2001  ed_consensus_val = rs->ed25519_id;
2002  }
2003  }
2004  }
2005 
2006  /* We don't include this router at all unless more than half of
2007  * the authorities we believe in list it. */
2008  if (n_listing <= total_authorities/2)
2009  continue;
2010 
2011  if (ed_consensus > 0) {
2012  if (ed_consensus <= total_authorities / 2) {
2013  log_warn(LD_BUG, "Not enough entries had ed_consensus set; how "
2014  "can we have a consensus of %d?", ed_consensus);
2015  }
2016  }
2017 
2018  /* The clangalyzer can't figure out that this will never be NULL
2019  * if n_listing is at least 1 */
2020  tor_assert(current_rsa_id);
2021 
2022  /* Figure out the most popular opinion of what the most recent
2023  * routerinfo and its contents are. */
2024  memset(microdesc_digest, 0, sizeof(microdesc_digest));
2025  rs = compute_routerstatus_consensus(matching_descs, consensus_method,
2026  microdesc_digest, &alt_orport);
2027  /* Copy bits of that into rs_out. */
2028  memset(&rs_out, 0, sizeof(rs_out));
2029  tor_assert(fast_memeq(current_rsa_id,
2031  memcpy(rs_out.identity_digest, current_rsa_id, DIGEST_LEN);
2032  memcpy(rs_out.descriptor_digest, rs->status.descriptor_digest,
2033  DIGEST_LEN);
2034  rs_out.addr = rs->status.addr;
2035  rs_out.published_on = rs->status.published_on;
2036  rs_out.dir_port = rs->status.dir_port;
2037  rs_out.or_port = rs->status.or_port;
2038  tor_addr_copy(&rs_out.ipv6_addr, &alt_orport.addr);
2039  rs_out.ipv6_orport = alt_orport.port;
2040  rs_out.has_bandwidth = 0;
2041  rs_out.has_exitsummary = 0;
2042 
2043  if (chosen_name && !naming_conflict) {
2044  strlcpy(rs_out.nickname, chosen_name, sizeof(rs_out.nickname));
2045  } else {
2046  strlcpy(rs_out.nickname, rs->status.nickname, sizeof(rs_out.nickname));
2047  }
2048 
2049  {
2050  const char *d = strmap_get_lc(name_to_id_map, rs_out.nickname);
2051  if (!d) {
2052  is_named = is_unnamed = 0;
2053  } else if (fast_memeq(d, current_rsa_id, DIGEST_LEN)) {
2054  is_named = 1; is_unnamed = 0;
2055  } else {
2056  is_named = 0; is_unnamed = 1;
2057  }
2058  }
2059 
2060  /* Set the flags. */
2061  smartlist_add(chosen_flags, (char*)"s"); /* for the start of the line. */
2062  SMARTLIST_FOREACH_BEGIN(flags, const char *, fl) {
2063  if (!strcmp(fl, "Named")) {
2064  if (is_named)
2065  smartlist_add(chosen_flags, (char*)fl);
2066  } else if (!strcmp(fl, "Unnamed")) {
2067  if (is_unnamed)
2068  smartlist_add(chosen_flags, (char*)fl);
2069  } else if (!strcmp(fl, "NoEdConsensus")) {
2070  if (ed_consensus <= total_authorities/2)
2071  smartlist_add(chosen_flags, (char*)fl);
2072  } else {
2073  if (flag_counts[fl_sl_idx] > n_flag_voters[fl_sl_idx]/2) {
2074  smartlist_add(chosen_flags, (char*)fl);
2075  if (!strcmp(fl, "Exit"))
2076  is_exit = 1;
2077  else if (!strcmp(fl, "Guard"))
2078  is_guard = 1;
2079  else if (!strcmp(fl, "Running"))
2080  is_running = 1;
2081  else if (!strcmp(fl, "BadExit"))
2082  is_bad_exit = 1;
2083  else if (!strcmp(fl, "Valid"))
2084  is_valid = 1;
2085  }
2086  }
2087  } SMARTLIST_FOREACH_END(fl);
2088 
2089  /* Starting with consensus method 4 we do not list servers
2090  * that are not running in a consensus. See Proposal 138 */
2091  if (!is_running)
2092  continue;
2093 
2094  /* Starting with consensus method 24, we don't list servers
2095  * that are not valid in a consensus. See Proposal 272 */
2096  if (!is_valid)
2097  continue;
2098 
2099  /* Pick the version. */
2100  if (smartlist_len(versions)) {
2101  sort_version_list(versions, 0);
2102  chosen_version = get_most_frequent_member(versions);
2103  } else {
2104  chosen_version = NULL;
2105  }
2106 
2107  /* Pick the protocol list */
2108  if (smartlist_len(protocols)) {
2109  smartlist_sort_strings(protocols);
2110  chosen_protocol_list = get_most_frequent_member(protocols);
2111  } else {
2112  chosen_protocol_list = NULL;
2113  }
2114 
2115  /* If it's a guard and we have enough guardfraction votes,
2116  calculate its consensus guardfraction value. */
2117  if (is_guard && num_guardfraction_inputs > 2) {
2118  rs_out.has_guardfraction = 1;
2119  rs_out.guardfraction_percentage = median_uint32(measured_guardfraction,
2120  num_guardfraction_inputs);
2121  /* final value should be an integer percentage! */
2122  tor_assert(rs_out.guardfraction_percentage <= 100);
2123  }
2124 
2125  /* Pick a bandwidth */
2126  if (num_mbws > 2) {
2127  rs_out.has_bandwidth = 1;
2128  rs_out.bw_is_unmeasured = 0;
2129  rs_out.bandwidth_kb = median_uint32(measured_bws_kb, num_mbws);
2130  } else if (num_bandwidths > 0) {
2131  rs_out.has_bandwidth = 1;
2132  rs_out.bw_is_unmeasured = 1;
2133  rs_out.bandwidth_kb = median_uint32(bandwidths_kb, num_bandwidths);
2134  if (n_authorities_measuring_bandwidth > 2) {
2135  /* Cap non-measured bandwidths. */
2136  if (rs_out.bandwidth_kb > max_unmeasured_bw_kb) {
2137  rs_out.bandwidth_kb = max_unmeasured_bw_kb;
2138  }
2139  }
2140  }
2141 
2142  /* Fix bug 2203: Do not count BadExit nodes as Exits for bw weights */
2143  is_exit = is_exit && !is_bad_exit;
2144 
2145  /* Update total bandwidth weights with the bandwidths of this router. */
2146  {
2148  is_exit, is_guard,
2149  &G, &M, &E, &D, &T);
2150  }
2151 
2152  /* Ok, we already picked a descriptor digest we want to list
2153  * previously. Now we want to use the exit policy summary from
2154  * that descriptor. If everybody plays nice all the voters who
2155  * listed that descriptor will have the same summary. If not then
2156  * something is fishy and we'll use the most common one (breaking
2157  * ties in favor of lexicographically larger one (only because it
2158  * lets me reuse more existing code)).
2159  *
2160  * The other case that can happen is that no authority that voted
2161  * for that descriptor has an exit policy summary. That's
2162  * probably quite unlikely but can happen. In that case we use
2163  * the policy that was most often listed in votes, again breaking
2164  * ties like in the previous case.
2165  */
2166  {
2167  /* Okay, go through all the votes for this router. We prepared
2168  * that list previously */
2169  const char *chosen_exitsummary = NULL;
2170  smartlist_clear(exitsummaries);
2171  SMARTLIST_FOREACH_BEGIN(matching_descs, vote_routerstatus_t *, vsr) {
2172  /* Check if the vote where this status comes from had the
2173  * proper descriptor */
2175  vsr->status.identity_digest,
2176  DIGEST_LEN));
2177  if (vsr->status.has_exitsummary &&
2179  vsr->status.descriptor_digest,
2180  DIGEST_LEN)) {
2181  tor_assert(vsr->status.exitsummary);
2182  smartlist_add(exitsummaries, vsr->status.exitsummary);
2183  if (!chosen_exitsummary) {
2184  chosen_exitsummary = vsr->status.exitsummary;
2185  } else if (strcmp(chosen_exitsummary, vsr->status.exitsummary)) {
2186  /* Great. There's disagreement among the voters. That
2187  * really shouldn't be */
2188  exitsummary_disagreement = 1;
2189  }
2190  }
2191  } SMARTLIST_FOREACH_END(vsr);
2192 
2193  if (exitsummary_disagreement) {
2194  char id[HEX_DIGEST_LEN+1];
2195  char dd[HEX_DIGEST_LEN+1];
2196  base16_encode(id, sizeof(dd), rs_out.identity_digest, DIGEST_LEN);
2197  base16_encode(dd, sizeof(dd), rs_out.descriptor_digest, DIGEST_LEN);
2198  log_warn(LD_DIR, "The voters disagreed on the exit policy summary "
2199  " for router %s with descriptor %s. This really shouldn't"
2200  " have happened.", id, dd);
2201 
2202  smartlist_sort_strings(exitsummaries);
2203  chosen_exitsummary = get_most_frequent_member(exitsummaries);
2204  } else if (!chosen_exitsummary) {
2205  char id[HEX_DIGEST_LEN+1];
2206  char dd[HEX_DIGEST_LEN+1];
2207  base16_encode(id, sizeof(dd), rs_out.identity_digest, DIGEST_LEN);
2208  base16_encode(dd, sizeof(dd), rs_out.descriptor_digest, DIGEST_LEN);
2209  log_warn(LD_DIR, "Not one of the voters that made us select"
2210  "descriptor %s for router %s had an exit policy"
2211  "summary", dd, id);
2212 
2213  /* Ok, none of those voting for the digest we chose had an
2214  * exit policy for us. Well, that kinda sucks.
2215  */
2216  smartlist_clear(exitsummaries);
2217  SMARTLIST_FOREACH(matching_descs, vote_routerstatus_t *, vsr, {
2218  if (vsr->status.has_exitsummary)
2219  smartlist_add(exitsummaries, vsr->status.exitsummary);
2220  });
2221  smartlist_sort_strings(exitsummaries);
2222  chosen_exitsummary = get_most_frequent_member(exitsummaries);
2223 
2224  if (!chosen_exitsummary)
2225  log_warn(LD_DIR, "Wow, not one of the voters had an exit "
2226  "policy summary for %s. Wow.", id);
2227  }
2228 
2229  if (chosen_exitsummary) {
2230  rs_out.has_exitsummary = 1;
2231  /* yea, discards the const */
2232  rs_out.exitsummary = (char *)chosen_exitsummary;
2233  }
2234  }
2235 
2236  if (flavor == FLAV_MICRODESC &&
2237  tor_digest256_is_zero(microdesc_digest)) {
2238  /* With no microdescriptor digest, we omit the entry entirely. */
2239  continue;
2240  }
2241 
2242  {
2243  char *buf;
2244  /* Okay!! Now we can write the descriptor... */
2245  /* First line goes into "buf". */
2246  buf = routerstatus_format_entry(&rs_out, NULL, NULL,
2247  rs_format, NULL);
2248  if (buf)
2249  smartlist_add(chunks, buf);
2250  }
2251  /* Now an m line, if applicable. */
2252  if (flavor == FLAV_MICRODESC &&
2253  !tor_digest256_is_zero(microdesc_digest)) {
2254  char m[BASE64_DIGEST256_LEN+1];
2255  digest256_to_base64(m, microdesc_digest);
2256  smartlist_add_asprintf(chunks, "m %s\n", m);
2257  }
2258  /* Next line is all flags. The "\n" is missing. */
2259  smartlist_add(chunks,
2260  smartlist_join_strings(chosen_flags, " ", 0, NULL));
2261  /* Now the version line. */
2262  if (chosen_version) {
2263  smartlist_add_strdup(chunks, "\nv ");
2264  smartlist_add_strdup(chunks, chosen_version);
2265  }
2266  smartlist_add_strdup(chunks, "\n");
2267  if (chosen_protocol_list) {
2268  smartlist_add_asprintf(chunks, "pr %s\n", chosen_protocol_list);
2269  }
2270  /* Now the weight line. */
2271  if (rs_out.has_bandwidth) {
2272  char *guardfraction_str = NULL;
2273  int unmeasured = rs_out.bw_is_unmeasured;
2274 
2275  /* If we have guardfraction info, include it in the 'w' line. */
2276  if (rs_out.has_guardfraction) {
2277  tor_asprintf(&guardfraction_str,
2278  " GuardFraction=%u", rs_out.guardfraction_percentage);
2279  }
2280  smartlist_add_asprintf(chunks, "w Bandwidth=%d%s%s\n",
2281  rs_out.bandwidth_kb,
2282  unmeasured?" Unmeasured=1":"",
2283  guardfraction_str ? guardfraction_str : "");
2284 
2285  tor_free(guardfraction_str);
2286  }
2287 
2288  /* Now the exitpolicy summary line. */
2289  if (rs_out.has_exitsummary && flavor == FLAV_NS) {
2290  smartlist_add_asprintf(chunks, "p %s\n", rs_out.exitsummary);
2291  }
2292 
2293  /* And the loop is over and we move on to the next router */
2294  }
2295 
2296  tor_free(size);
2297  tor_free(n_voter_flags);
2298  tor_free(n_flag_voters);
2299  for (i = 0; i < smartlist_len(votes); ++i)
2300  tor_free(flag_map[i]);
2301  tor_free(flag_map);
2302  tor_free(flag_counts);
2303  tor_free(named_flag);
2304  tor_free(unnamed_flag);
2305  strmap_free(name_to_id_map, NULL);
2306  smartlist_free(matching_descs);
2307  smartlist_free(chosen_flags);
2308  smartlist_free(versions);
2309  smartlist_free(protocols);
2310  smartlist_free(exitsummaries);
2311  tor_free(bandwidths_kb);
2312  tor_free(measured_bws_kb);
2313  tor_free(measured_guardfraction);
2314  }
2315 
2316  /* Mark the directory footer region */
2317  smartlist_add_strdup(chunks, "directory-footer\n");
2318 
2319  {
2320  int64_t weight_scale = BW_WEIGHT_SCALE;
2321  char *bw_weight_param = NULL;
2322 
2323  // Parse params, extract BW_WEIGHT_SCALE if present
2324  // DO NOT use consensus_param_bw_weight_scale() in this code!
2325  // The consensus is not formed yet!
2326  /* XXXX Extract this code into a common function. Or not: #19011. */
2327  if (params) {
2328  if (strcmpstart(params, "bwweightscale=") == 0)
2329  bw_weight_param = params;
2330  else
2331  bw_weight_param = strstr(params, " bwweightscale=");
2332  }
2333 
2334  if (bw_weight_param) {
2335  int ok=0;
2336  char *eq = strchr(bw_weight_param, '=');
2337  if (eq) {
2338  weight_scale = tor_parse_long(eq+1, 10, 1, INT32_MAX, &ok,
2339  NULL);
2340  if (!ok) {
2341  log_warn(LD_DIR, "Bad element '%s' in bw weight param",
2342  escaped(bw_weight_param));
2343  weight_scale = BW_WEIGHT_SCALE;
2344  }
2345  } else {
2346  log_warn(LD_DIR, "Bad element '%s' in bw weight param",
2347  escaped(bw_weight_param));
2348  weight_scale = BW_WEIGHT_SCALE;
2349  }
2350  }
2351 
2352  added_weights = networkstatus_compute_bw_weights_v10(chunks, G, M, E, D,
2353  T, weight_scale);
2354  }
2355 
2356  /* Add a signature. */
2357  {
2358  char digest[DIGEST256_LEN];
2359  char fingerprint[HEX_DIGEST_LEN+1];
2360  char signing_key_fingerprint[HEX_DIGEST_LEN+1];
2361  digest_algorithm_t digest_alg =
2362  flavor == FLAV_NS ? DIGEST_SHA1 : DIGEST_SHA256;
2363  size_t digest_len =
2364  flavor == FLAV_NS ? DIGEST_LEN : DIGEST256_LEN;
2365  const char *algname = crypto_digest_algorithm_get_name(digest_alg);
2366  char *signature;
2367 
2368  smartlist_add_strdup(chunks, "directory-signature ");
2369 
2370  /* Compute the hash of the chunks. */
2371  crypto_digest_smartlist(digest, digest_len, chunks, "", digest_alg);
2372 
2373  /* Get the fingerprints */
2374  crypto_pk_get_fingerprint(identity_key, fingerprint, 0);
2375  crypto_pk_get_fingerprint(signing_key, signing_key_fingerprint, 0);
2376 
2377  /* add the junk that will go at the end of the line. */
2378  if (flavor == FLAV_NS) {
2379  smartlist_add_asprintf(chunks, "%s %s\n", fingerprint,
2380  signing_key_fingerprint);
2381  } else {
2382  smartlist_add_asprintf(chunks, "%s %s %s\n",
2383  algname, fingerprint,
2384  signing_key_fingerprint);
2385  }
2386  /* And the signature. */
2387  if (!(signature = router_get_dirobj_signature(digest, digest_len,
2388  signing_key))) {
2389  log_warn(LD_BUG, "Couldn't sign consensus networkstatus.");
2390  goto done;
2391  }
2392  smartlist_add(chunks, signature);
2393 
2394  if (legacy_id_key_digest && legacy_signing_key) {
2395  smartlist_add_strdup(chunks, "directory-signature ");
2396  base16_encode(fingerprint, sizeof(fingerprint),
2397  legacy_id_key_digest, DIGEST_LEN);
2399  signing_key_fingerprint, 0);
2400  if (flavor == FLAV_NS) {
2401  smartlist_add_asprintf(chunks, "%s %s\n", fingerprint,
2402  signing_key_fingerprint);
2403  } else {
2404  smartlist_add_asprintf(chunks, "%s %s %s\n",
2405  algname, fingerprint,
2406  signing_key_fingerprint);
2407  }
2408 
2409  if (!(signature = router_get_dirobj_signature(digest, digest_len,
2410  legacy_signing_key))) {
2411  log_warn(LD_BUG, "Couldn't sign consensus networkstatus.");
2412  goto done;
2413  }
2414  smartlist_add(chunks, signature);
2415  }
2416  }
2417 
2418  result = smartlist_join_strings(chunks, "", 0, NULL);
2419 
2420  {
2421  networkstatus_t *c;
2422  if (!(c = networkstatus_parse_vote_from_string(result, strlen(result),
2423  NULL,
2424  NS_TYPE_CONSENSUS))) {
2425  log_err(LD_BUG, "Generated a networkstatus consensus we couldn't "
2426  "parse.");
2427  tor_free(result);
2428  goto done;
2429  }
2430  // Verify balancing parameters
2431  if (added_weights) {
2432  networkstatus_verify_bw_weights(c, consensus_method);
2433  }
2434  networkstatus_vote_free(c);
2435  }
2436 
2437  done:
2438 
2439  dircollator_free(collator);
2440  tor_free(client_versions);
2441  tor_free(server_versions);
2442  tor_free(packages);
2443  SMARTLIST_FOREACH(flags, char *, cp, tor_free(cp));
2444  smartlist_free(flags);
2445  SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
2446  smartlist_free(chunks);
2447  SMARTLIST_FOREACH(param_list, char *, cp, tor_free(cp));
2448  smartlist_free(param_list);
2449 
2450  return result;
2451 }
2452 
2453 /** Given a list of networkstatus_t for each vote, return a newly allocated
2454  * string containing the "package" lines for the vote. */
2455 STATIC char *
2457 {
2458  const int n_votes = smartlist_len(votes);
2459 
2460  /* This will be a map from "packagename version" strings to arrays
2461  * of const char *, with the i'th member of the array corresponding to the
2462  * package line from the i'th vote.
2463  */
2464  strmap_t *package_status = strmap_new();
2465 
2467  if (! v->package_lines)
2468  continue;
2469  SMARTLIST_FOREACH_BEGIN(v->package_lines, const char *, line) {
2471  continue;
2472 
2473  /* Skip 'cp' to the second space in the line. */
2474  const char *cp = strchr(line, ' ');
2475  if (!cp) continue;
2476  ++cp;
2477  cp = strchr(cp, ' ');
2478  if (!cp) continue;
2479 
2480  char *key = tor_strndup(line, cp - line);
2481 
2482  const char **status = strmap_get(package_status, key);
2483  if (!status) {
2484  status = tor_calloc(n_votes, sizeof(const char *));
2485  strmap_set(package_status, key, status);
2486  }
2487  status[v_sl_idx] = line; /* overwrite old value */
2488  tor_free(key);
2489  } SMARTLIST_FOREACH_END(line);
2490  } SMARTLIST_FOREACH_END(v);
2491 
2492  smartlist_t *entries = smartlist_new(); /* temporary */
2493  smartlist_t *result_list = smartlist_new(); /* output */
2494  STRMAP_FOREACH(package_status, key, const char **, values) {
2495  int i, count=-1;
2496  for (i = 0; i < n_votes; ++i) {
2497  if (values[i])
2498  smartlist_add(entries, (void*) values[i]);
2499  }
2500  smartlist_sort_strings(entries);
2501  int n_voting_for_entry = smartlist_len(entries);
2502  const char *most_frequent =
2503  smartlist_get_most_frequent_string_(entries, &count);
2504 
2505  if (n_voting_for_entry >= 3 && count > n_voting_for_entry / 2) {
2506  smartlist_add_asprintf(result_list, "package %s\n", most_frequent);
2507  }
2508 
2509  smartlist_clear(entries);
2510 
2511  } STRMAP_FOREACH_END;
2512 
2513  smartlist_sort_strings(result_list);
2514 
2515  char *result = smartlist_join_strings(result_list, "", 0, NULL);
2516 
2517  SMARTLIST_FOREACH(result_list, char *, cp, tor_free(cp));
2518  smartlist_free(result_list);
2519  smartlist_free(entries);
2520  strmap_free(package_status, tor_free_);
2521 
2522  return result;
2523 }
2524 
2525 /** Given a consensus vote <b>target</b> and a set of detached signatures in
2526  * <b>sigs</b> that correspond to the same consensus, check whether there are
2527  * any new signatures in <b>src_voter_list</b> that should be added to
2528  * <b>target</b>. (A signature should be added if we have no signature for that
2529  * voter in <b>target</b> yet, or if we have no verifiable signature and the
2530  * new signature is verifiable.) Return the number of signatures added or
2531  * changed, or -1 if the document signed by <b>sigs</b> isn't the same
2532  * document as <b>target</b>. */
2533 STATIC int
2536  const char *source,
2537  int severity,
2538  const char **msg_out)
2539 {
2540  int r = 0;
2541  const char *flavor;
2542  smartlist_t *siglist;
2543  tor_assert(sigs);
2544  tor_assert(target);
2545  tor_assert(target->type == NS_TYPE_CONSENSUS);
2546 
2547  flavor = networkstatus_get_flavor_name(target->flavor);
2548 
2549  /* Do the times seem right? */
2550  if (target->valid_after != sigs->valid_after) {
2551  *msg_out = "Valid-After times do not match "
2552  "when adding detached signatures to consensus";
2553  return -1;
2554  }
2555  if (target->fresh_until != sigs->fresh_until) {
2556  *msg_out = "Fresh-until times do not match "
2557  "when adding detached signatures to consensus";
2558  return -1;
2559  }
2560  if (target->valid_until != sigs->valid_until) {
2561  *msg_out = "Valid-until times do not match "
2562  "when adding detached signatures to consensus";
2563  return -1;
2564  }
2565  siglist = strmap_get(sigs->signatures, flavor);
2566  if (!siglist) {
2567  *msg_out = "No signatures for given consensus flavor";
2568  return -1;
2569  }
2570 
2571  /** Make sure all the digests we know match, and at least one matches. */
2572  {
2573  common_digests_t *digests = strmap_get(sigs->digests, flavor);
2574  int n_matches = 0;
2575  int alg;
2576  if (!digests) {
2577  *msg_out = "No digests for given consensus flavor";
2578  return -1;
2579  }
2580  for (alg = DIGEST_SHA1; alg < N_COMMON_DIGEST_ALGORITHMS; ++alg) {
2581  if (!fast_mem_is_zero(digests->d[alg], DIGEST256_LEN)) {
2582  if (fast_memeq(target->digests.d[alg], digests->d[alg],
2583  DIGEST256_LEN)) {
2584  ++n_matches;
2585  } else {
2586  *msg_out = "Mismatched digest.";
2587  return -1;
2588  }
2589  }
2590  }
2591  if (!n_matches) {
2592  *msg_out = "No recognized digests for given consensus flavor";
2593  }
2594  }
2595 
2596  /* For each voter in src... */
2598  char voter_identity[HEX_DIGEST_LEN+1];
2599  networkstatus_voter_info_t *target_voter =
2600  networkstatus_get_voter_by_id(target, sig->identity_digest);
2601  authority_cert_t *cert = NULL;
2602  const char *algorithm;
2603  document_signature_t *old_sig = NULL;
2604 
2605  algorithm = crypto_digest_algorithm_get_name(sig->alg);
2606 
2607  base16_encode(voter_identity, sizeof(voter_identity),
2608  sig->identity_digest, DIGEST_LEN);
2609  log_info(LD_DIR, "Looking at signature from %s using %s", voter_identity,
2610  algorithm);
2611  /* If the target doesn't know about this voter, then forget it. */
2612  if (!target_voter) {
2613  log_info(LD_DIR, "We do not know any voter with ID %s", voter_identity);
2614  continue;
2615  }
2616 
2617  old_sig = networkstatus_get_voter_sig_by_alg(target_voter, sig->alg);
2618 
2619  /* If the target already has a good signature from this voter, then skip
2620  * this one. */
2621  if (old_sig && old_sig->good_signature) {
2622  log_info(LD_DIR, "We already have a good signature from %s using %s",
2623  voter_identity, algorithm);
2624  continue;
2625  }
2626 
2627  /* Try checking the signature if we haven't already. */
2628  if (!sig->good_signature && !sig->bad_signature) {
2629  cert = authority_cert_get_by_digests(sig->identity_digest,
2630  sig->signing_key_digest);
2631  if (cert) {
2632  /* Not checking the return value here, since we are going to look
2633  * at the status of sig->good_signature in a moment. */
2634  (void) networkstatus_check_document_signature(target, sig, cert);
2635  }
2636  }
2637 
2638  /* If this signature is good, or we don't have any signature yet,
2639  * then maybe add it. */
2640  if (sig->good_signature || !old_sig || old_sig->bad_signature) {
2641  log_info(LD_DIR, "Adding signature from %s with %s", voter_identity,
2642  algorithm);
2643  tor_log(severity, LD_DIR, "Added a signature for %s from %s.",
2644  target_voter->nickname, source);
2645  ++r;
2646  if (old_sig) {
2647  smartlist_remove(target_voter->sigs, old_sig);
2648  document_signature_free(old_sig);
2649  }
2650  smartlist_add(target_voter->sigs, document_signature_dup(sig));
2651  } else {
2652  log_info(LD_DIR, "Not adding signature from %s", voter_identity);
2653  }
2654  } SMARTLIST_FOREACH_END(sig);
2655 
2656  return r;
2657 }
2658 
2659 /** Return a newly allocated string containing all the signatures on
2660  * <b>consensus</b> by all voters. If <b>for_detached_signatures</b> is true,
2661  * then the signatures will be put in a detached signatures document, so
2662  * prefix any non-NS-flavored signatures with "additional-signature" rather
2663  * than "directory-signature". */
2664 static char *
2666  int for_detached_signatures)
2667 {
2668  smartlist_t *elements;
2669  char buf[4096];
2670  char *result = NULL;
2671  int n_sigs = 0;
2672  const consensus_flavor_t flavor = consensus->flavor;
2673  const char *flavor_name = networkstatus_get_flavor_name(flavor);
2674  const char *keyword;
2675 
2676  if (for_detached_signatures && flavor != FLAV_NS)
2677  keyword = "additional-signature";
2678  else
2679  keyword = "directory-signature";
2680 
2681  elements = smartlist_new();
2682 
2685  char sk[HEX_DIGEST_LEN+1];
2686  char id[HEX_DIGEST_LEN+1];
2687  if (!sig->signature || sig->bad_signature)
2688  continue;
2689  ++n_sigs;
2690  base16_encode(sk, sizeof(sk), sig->signing_key_digest, DIGEST_LEN);
2691  base16_encode(id, sizeof(id), sig->identity_digest, DIGEST_LEN);
2692  if (flavor == FLAV_NS) {
2693  smartlist_add_asprintf(elements,
2694  "%s %s %s\n-----BEGIN SIGNATURE-----\n",
2695  keyword, id, sk);
2696  } else {
2697  const char *digest_name =
2699  smartlist_add_asprintf(elements,
2700  "%s%s%s %s %s %s\n-----BEGIN SIGNATURE-----\n",
2701  keyword,
2702  for_detached_signatures ? " " : "",
2703  for_detached_signatures ? flavor_name : "",
2704  digest_name, id, sk);
2705  }
2706  base64_encode(buf, sizeof(buf), sig->signature, sig->signature_len,
2707  BASE64_ENCODE_MULTILINE);
2708  strlcat(buf, "-----END SIGNATURE-----\n", sizeof(buf));
2709  smartlist_add_strdup(elements, buf);
2710  } SMARTLIST_FOREACH_END(sig);
2711  } SMARTLIST_FOREACH_END(v);
2712 
2713  result = smartlist_join_strings(elements, "", 0, NULL);
2714  SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
2715  smartlist_free(elements);
2716  if (!n_sigs)
2717  tor_free(result);
2718  return result;
2719 }
2720 
2721 /** Return a newly allocated string holding the detached-signatures document
2722  * corresponding to the signatures on <b>consensuses</b>, which must contain
2723  * exactly one FLAV_NS consensus, and no more than one consensus for each
2724  * other flavor. */
2725 STATIC char *
2727 {
2728  smartlist_t *elements;
2729  char *result = NULL, *sigs = NULL;
2730  networkstatus_t *consensus_ns = NULL;
2731  tor_assert(consensuses);
2732 
2733  SMARTLIST_FOREACH(consensuses, networkstatus_t *, ns, {
2734  tor_assert(ns);
2735  tor_assert(ns->type == NS_TYPE_CONSENSUS);
2736  if (ns && ns->flavor == FLAV_NS)
2737  consensus_ns = ns;
2738  });
2739  if (!consensus_ns) {
2740  log_warn(LD_BUG, "No NS consensus given.");
2741  return NULL;
2742  }
2743 
2744  elements = smartlist_new();
2745 
2746  {
2747  char va_buf[ISO_TIME_LEN+1], fu_buf[ISO_TIME_LEN+1],
2748  vu_buf[ISO_TIME_LEN+1];
2749  char d[HEX_DIGEST_LEN+1];
2750 
2751  base16_encode(d, sizeof(d),
2752  consensus_ns->digests.d[DIGEST_SHA1], DIGEST_LEN);
2753  format_iso_time(va_buf, consensus_ns->valid_after);
2754  format_iso_time(fu_buf, consensus_ns->fresh_until);
2755  format_iso_time(vu_buf, consensus_ns->valid_until);
2756 
2757  smartlist_add_asprintf(elements,
2758  "consensus-digest %s\n"
2759  "valid-after %s\n"
2760  "fresh-until %s\n"
2761  "valid-until %s\n", d, va_buf, fu_buf, vu_buf);
2762  }
2763 
2764  /* Get all the digests for the non-FLAV_NS consensuses */
2765  SMARTLIST_FOREACH_BEGIN(consensuses, networkstatus_t *, ns) {
2766  const char *flavor_name = networkstatus_get_flavor_name(ns->flavor);
2767  int alg;
2768  if (ns->flavor == FLAV_NS)
2769  continue;
2770 
2771  /* start with SHA256; we don't include SHA1 for anything but the basic
2772  * consensus. */
2773  for (alg = DIGEST_SHA256; alg < N_COMMON_DIGEST_ALGORITHMS; ++alg) {
2774  char d[HEX_DIGEST256_LEN+1];
2775  const char *alg_name =
2777  if (fast_mem_is_zero(ns->digests.d[alg], DIGEST256_LEN))
2778  continue;
2779  base16_encode(d, sizeof(d), ns->digests.d[alg], DIGEST256_LEN);
2780  smartlist_add_asprintf(elements, "additional-digest %s %s %s\n",
2781  flavor_name, alg_name, d);
2782  }
2783  } SMARTLIST_FOREACH_END(ns);
2784 
2785  /* Now get all the sigs for non-FLAV_NS consensuses */
2786  SMARTLIST_FOREACH_BEGIN(consensuses, networkstatus_t *, ns) {
2787  char *sigs_on_this_consensus;
2788  if (ns->flavor == FLAV_NS)
2789  continue;
2790  sigs_on_this_consensus = networkstatus_format_signatures(ns, 1);
2791  if (!sigs_on_this_consensus) {
2792  log_warn(LD_DIR, "Couldn't format signatures");
2793  goto err;
2794  }
2795  smartlist_add(elements, sigs_on_this_consensus);
2796  } SMARTLIST_FOREACH_END(ns);
2797 
2798  /* Now add the FLAV_NS consensus signatrures. */
2799  sigs = networkstatus_format_signatures(consensus_ns, 1);
2800  if (!sigs)
2801  goto err;
2802  smartlist_add(elements, sigs);
2803 
2804  result = smartlist_join_strings(elements, "", 0, NULL);
2805  err:
2806  SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
2807  smartlist_free(elements);
2808  return result;
2809 }
2810 
2811 /** Return a newly allocated string holding a detached-signatures document for
2812  * all of the in-progress consensuses in the <b>n_flavors</b>-element array at
2813  * <b>pending</b>. */
2814 static char *
2816  int n_flavors)
2817 {
2818  int flav;
2819  char *signatures;
2820  smartlist_t *c = smartlist_new();
2821  for (flav = 0; flav < n_flavors; ++flav) {
2822  if (pending[flav].consensus)
2823  smartlist_add(c, pending[flav].consensus);
2824  }
2825  signatures = networkstatus_get_detached_signatures(c);
2826  smartlist_free(c);
2827  return signatures;
2828 }
2829 
2830 /**
2831  * Entry point: Take whatever voting actions are pending as of <b>now</b>.
2832  *
2833  * Return the time at which the next action should be taken.
2834  */
2835 time_t
2836 dirvote_act(const or_options_t *options, time_t now)
2837 {
2838  if (!authdir_mode_v3(options))
2839  return TIME_MAX;
2840  tor_assert_nonfatal(voting_schedule.voting_starts);
2841  /* If we haven't initialized this object through this codeflow, we need to
2842  * recalculate the timings to match our vote. The reason to do that is if we
2843  * have a voting schedule initialized 1 minute ago, the voting timings might
2844  * not be aligned to what we should expect with "now". This is especially
2845  * true for TestingTorNetwork using smaller timings. */
2846  if (voting_schedule.created_on_demand) {
2847  char *keys = list_v3_auth_ids();
2849  log_notice(LD_DIR, "Scheduling voting. Known authority IDs are %s. "
2850  "Mine is %s.",
2852  tor_free(keys);
2853  voting_schedule_recalculate_timing(options, now);
2854  }
2855 
2856 #define IF_TIME_FOR_NEXT_ACTION(when_field, done_field) \
2857  if (! voting_schedule.done_field) { \
2858  if (voting_schedule.when_field > now) { \
2859  return voting_schedule.when_field; \
2860  } else {
2861 #define ENDIF \
2862  } \
2863  }
2864 
2865  IF_TIME_FOR_NEXT_ACTION(voting_starts, have_voted) {
2866  log_notice(LD_DIR, "Time to vote.");
2868  voting_schedule.have_voted = 1;
2869  } ENDIF
2870  IF_TIME_FOR_NEXT_ACTION(fetch_missing_votes, have_fetched_missing_votes) {
2871  log_notice(LD_DIR, "Time to fetch any votes that we're missing.");
2873  voting_schedule.have_fetched_missing_votes = 1;
2874  } ENDIF
2875  IF_TIME_FOR_NEXT_ACTION(voting_ends, have_built_consensus) {
2876  log_notice(LD_DIR, "Time to compute a consensus.");
2878  /* XXXX We will want to try again later if we haven't got enough
2879  * votes yet. Implement this if it turns out to ever happen. */
2880  voting_schedule.have_built_consensus = 1;
2881  } ENDIF
2882  IF_TIME_FOR_NEXT_ACTION(fetch_missing_signatures,
2883  have_fetched_missing_signatures) {
2884  log_notice(LD_DIR, "Time to fetch any signatures that we're missing.");
2886  voting_schedule.have_fetched_missing_signatures = 1;
2887  } ENDIF
2888  IF_TIME_FOR_NEXT_ACTION(interval_starts,
2889  have_published_consensus) {
2890  log_notice(LD_DIR, "Time to publish the consensus and discard old votes");
2893  voting_schedule.have_published_consensus = 1;
2894  /* Update our shared random state with the consensus just published. */
2897  /* XXXX We will want to try again later if we haven't got enough
2898  * signatures yet. Implement this if it turns out to ever happen. */
2899  voting_schedule_recalculate_timing(options, now);
2900  return voting_schedule.voting_starts;
2901  } ENDIF
2902 
2903  tor_assert_nonfatal_unreached();
2904  return now + 1;
2905 
2906 #undef ENDIF
2907 #undef IF_TIME_FOR_NEXT_ACTION
2908 }
2909 
2910 /** A vote networkstatus_t and its unparsed body: held around so we can
2911  * use it to generate a consensus (at voting_ends) and so we can serve it to
2912  * other authorities that might want it. */
2913 typedef struct pending_vote_t {
2914  cached_dir_t *vote_body;
2915  networkstatus_t *vote;
2916 } pending_vote_t;
2917 
2918 /** List of pending_vote_t for the current vote. Before we've used them to
2919  * build a consensus, the votes go here. */
2921 /** List of pending_vote_t for the previous vote. After we've used them to
2922  * build a consensus, the votes go here for the next period. */
2924 
2925 /* DOCDOC pending_consensuses */
2926 static pending_consensus_t pending_consensuses[N_CONSENSUS_FLAVORS];
2927 
2928 /** The detached signatures for the consensus that we're currently
2929  * building. */
2930 static char *pending_consensus_signatures = NULL;
2931 
2932 /** List of ns_detached_signatures_t: hold signatures that get posted to us
2933  * before we have generated the consensus on our own. */
2935 
2936 /** Generate a networkstatus vote and post it to all the v3 authorities.
2937  * (V3 Authority only) */
2938 static int
2940 {
2943  networkstatus_t *ns;
2944  char *contents;
2945  pending_vote_t *pending_vote;
2946  time_t now = time(NULL);
2947 
2948  int status;
2949  const char *msg = "";
2950 
2951  if (!cert || !key) {
2952  log_warn(LD_NET, "Didn't find key/certificate to generate v3 vote");
2953  return -1;
2954  } else if (cert->expires < now) {
2955  log_warn(LD_NET, "Can't generate v3 vote with expired certificate");
2956  return -1;
2957  }
2958  if (!(ns = dirserv_generate_networkstatus_vote_obj(key, cert)))
2959  return -1;
2960 
2961  contents = format_networkstatus_vote(key, ns);
2962  networkstatus_vote_free(ns);
2963  if (!contents)
2964  return -1;
2965 
2966  pending_vote = dirvote_add_vote(contents, 0, &msg, &status);
2967  tor_free(contents);
2968  if (!pending_vote) {
2969  log_warn(LD_DIR, "Couldn't store my own vote! (I told myself, '%s'.)",
2970  msg);
2971  return -1;
2972  }
2973 
2976  V3_DIRINFO,
2977  pending_vote->vote_body->dir,
2978  pending_vote->vote_body->dir_len, 0);
2979  log_notice(LD_DIR, "Vote posted.");
2980  return 0;
2981 }
2982 
2983 /** Send an HTTP request to every other v3 authority, for the votes of every
2984  * authority for which we haven't received a vote yet in this period. (V3
2985  * authority only) */
2986 static void
2988 {
2989  smartlist_t *missing_fps = smartlist_new();
2990  char *resource;
2991 
2992  SMARTLIST_FOREACH_BEGIN(router_get_trusted_dir_servers(),
2993  dir_server_t *, ds) {
2994  if (!(ds->type & V3_DIRINFO))
2995  continue;
2996  if (!dirvote_get_vote(ds->v3_identity_digest,
2997  DGV_BY_ID|DGV_INCLUDE_PENDING)) {
2998  char *cp = tor_malloc(HEX_DIGEST_LEN+1);
2999  base16_encode(cp, HEX_DIGEST_LEN+1, ds->v3_identity_digest,
3000  DIGEST_LEN);
3001  smartlist_add(missing_fps, cp);
3002  }
3003  } SMARTLIST_FOREACH_END(ds);
3004 
3005  if (!smartlist_len(missing_fps)) {
3006  smartlist_free(missing_fps);
3007  return;
3008  }
3009  {
3010  char *tmp = smartlist_join_strings(missing_fps, " ", 0, NULL);
3011  log_notice(LOG_NOTICE, "We're missing votes from %d authorities (%s). "
3012  "Asking every other authority for a copy.",
3013  smartlist_len(missing_fps), tmp);
3014  tor_free(tmp);
3015  }
3016  resource = smartlist_join_strings(missing_fps, "+", 0, NULL);
3018  0, resource);
3019  tor_free(resource);
3020  SMARTLIST_FOREACH(missing_fps, char *, cp, tor_free(cp));
3021  smartlist_free(missing_fps);
3022 }
3023 
3024 /** Send a request to every other authority for its detached signatures,
3025  * unless we have signatures from all other v3 authorities already. */
3026 static void
3028 {
3029  int need_any = 0;
3030  int i;
3031  for (i=0; i < N_CONSENSUS_FLAVORS; ++i) {
3032  networkstatus_t *consensus = pending_consensuses[i].consensus;
3033  if (!consensus ||
3034  networkstatus_check_consensus_signature(consensus, -1) == 1) {
3035  /* We have no consensus, or we have one that's signed by everybody. */
3036  continue;
3037  }
3038  need_any = 1;
3039  }
3040  if (!need_any)
3041  return;
3042 
3044  0, NULL);
3045 }
3046 
3047 /** Release all storage held by pending consensuses (those waiting for
3048  * signatures). */
3049 static void
3051 {
3052  int i;
3053  for (i = 0; i < N_CONSENSUS_FLAVORS; ++i) {
3054  pending_consensus_t *pc = &pending_consensuses[i];
3055  tor_free(pc->body);
3056 
3057  networkstatus_vote_free(pc->consensus);
3058  pc->consensus = NULL;
3059  }
3060 }
3061 
3062 /** Drop all currently pending votes, consensus, and detached signatures. */
3063 static void
3064 dirvote_clear_votes(int all_votes)
3065 {
3066  if (!previous_vote_list)
3068  if (!pending_vote_list)
3070 
3071  /* All "previous" votes are now junk. */
3073  cached_dir_decref(v->vote_body);
3074  v->vote_body = NULL;
3075  networkstatus_vote_free(v->vote);
3076  tor_free(v);
3077  });
3079 
3080  if (all_votes) {
3081  /* If we're dumping all the votes, we delete the pending ones. */
3083  cached_dir_decref(v->vote_body);
3084  v->vote_body = NULL;
3085  networkstatus_vote_free(v->vote);
3086  tor_free(v);
3087  });
3088  } else {
3089  /* Otherwise, we move them into "previous". */
3091  }
3093 
3096  tor_free(cp));
3098  }
3101 }
3102 
3103 /** Return a newly allocated string containing the hex-encoded v3 authority
3104  identity digest of every recognized v3 authority. */
3105 static char *
3107 {
3108  smartlist_t *known_v3_keys = smartlist_new();
3109  char *keys;
3110  SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
3111  dir_server_t *, ds,
3112  if ((ds->type & V3_DIRINFO) &&
3113  !tor_digest_is_zero(ds->v3_identity_digest))
3114  smartlist_add(known_v3_keys,
3115  tor_strdup(hex_str(ds->v3_identity_digest, DIGEST_LEN))));
3116  keys = smartlist_join_strings(known_v3_keys, ", ", 0, NULL);
3117  SMARTLIST_FOREACH(known_v3_keys, char *, cp, tor_free(cp));
3118  smartlist_free(known_v3_keys);
3119  return keys;
3120 }
3121 
3122 /* Check the voter information <b>vi</b>, and assert that at least one
3123  * signature is good. Asserts on failure. */
3124 static void
3125 assert_any_sig_good(const networkstatus_voter_info_t *vi)
3126 {
3127  int any_sig_good = 0;
3129  if (sig->good_signature)
3130  any_sig_good = 1);
3131  tor_assert(any_sig_good);
3132 }
3133 
3134 /* Add <b>cert</b> to our list of known authority certificates. */
3135 static void
3136 add_new_cert_if_needed(const struct authority_cert_t *cert)
3137 {
3138  tor_assert(cert);
3140  cert->signing_key_digest)) {
3141  /* Hey, it's a new cert! */
3144  TRUSTED_DIRS_CERTS_SRC_FROM_VOTE, 1 /*flush*/,
3145  NULL);
3147  cert->signing_key_digest)) {
3148  log_warn(LD_BUG, "We added a cert, but still couldn't find it.");
3149  }
3150  }
3151 }
3152 
3153 /** Called when we have received a networkstatus vote in <b>vote_body</b>.
3154  * Parse and validate it, and on success store it as a pending vote (which we
3155  * then return). Return NULL on failure. Sets *<b>msg_out</b> and
3156  * *<b>status_out</b> to an HTTP response and status code. (V3 authority
3157  * only) */
3159 dirvote_add_vote(const char *vote_body, time_t time_posted,
3160  const char **msg_out, int *status_out)
3161 {
3162  networkstatus_t *vote;
3164  dir_server_t *ds;
3165  pending_vote_t *pending_vote = NULL;
3166  const char *end_of_vote = NULL;
3167  int any_failed = 0;
3168  tor_assert(vote_body);
3169  tor_assert(msg_out);
3170  tor_assert(status_out);
3171 
3172  if (!pending_vote_list)
3174  *status_out = 0;
3175  *msg_out = NULL;
3176 
3177  again:
3178  vote = networkstatus_parse_vote_from_string(vote_body, strlen(vote_body),
3179  &end_of_vote,
3180  NS_TYPE_VOTE);
3181  if (!end_of_vote)
3182  end_of_vote = vote_body + strlen(vote_body);
3183  if (!vote) {
3184  log_warn(LD_DIR, "Couldn't parse vote: length was %d",
3185  (int)strlen(vote_body));
3186  *msg_out = "Unable to parse vote";
3187  goto err;
3188  }
3189  tor_assert(smartlist_len(vote->voters) == 1);
3190  vi = get_voter(vote);
3191  assert_any_sig_good(vi);
3193  if (!ds) {
3194  char *keys = list_v3_auth_ids();
3195  log_warn(LD_DIR, "Got a vote from an authority (nickname %s, address %s) "
3196  "with authority key ID %s. "
3197  "This key ID is not recognized. Known v3 key IDs are: %s",
3198  vi->nickname, vi->address,
3199  hex_str(vi->identity_digest, DIGEST_LEN), keys);
3200  tor_free(keys);
3201  *msg_out = "Vote not from a recognized v3 authority";
3202  goto err;
3203  }
3204  add_new_cert_if_needed(vote->cert);
3205 
3206  /* Is it for the right period? */
3207  if (vote->valid_after != voting_schedule.interval_starts) {
3208  char tbuf1[ISO_TIME_LEN+1], tbuf2[ISO_TIME_LEN+1];
3209  format_iso_time(tbuf1, vote->valid_after);
3210  format_iso_time(tbuf2, voting_schedule.interval_starts);
3211  log_warn(LD_DIR, "Rejecting vote from %s with valid-after time of %s; "
3212  "we were expecting %s", vi->address, tbuf1, tbuf2);
3213  *msg_out = "Bad valid-after time";
3214  goto err;
3215  }
3216 
3217  /* Check if we received it, as a post, after the cutoff when we
3218  * start asking other dir auths for it. If we do, the best plan
3219  * is to discard it, because using it greatly increases the chances
3220  * of a split vote for this round (some dir auths got it in time,
3221  * some didn't). */
3222  if (time_posted && time_posted > voting_schedule.fetch_missing_votes) {
3223  char tbuf1[ISO_TIME_LEN+1], tbuf2[ISO_TIME_LEN+1];
3224  format_iso_time(tbuf1, time_posted);
3225  format_iso_time(tbuf2, voting_schedule.fetch_missing_votes);
3226  log_warn(LD_DIR, "Rejecting posted vote from %s received at %s; "
3227  "our cutoff for received votes is %s. Check your clock, "
3228  "CPU load, and network load. Also check the authority that "
3229  "posted the vote.", vi->address, tbuf1, tbuf2);
3230  *msg_out = "Posted vote received too late, would be dangerous to count it";
3231  goto err;
3232  }
3233 
3234  /* Fetch any new router descriptors we just learned about */
3235  update_consensus_router_descriptor_downloads(time(NULL), 1, vote);
3236 
3237  /* Now see whether we already have a vote from this authority. */
3239  if (fast_memeq(v->vote->cert->cache_info.identity_digest,
3241  DIGEST_LEN)) {
3242  networkstatus_voter_info_t *vi_old = get_voter(v->vote);
3243  if (fast_memeq(vi_old->vote_digest, vi->vote_digest, DIGEST_LEN)) {
3244  /* Ah, it's the same vote. Not a problem. */
3245  log_info(LD_DIR, "Discarding a vote we already have (from %s).",
3246  vi->address);
3247  if (*status_out < 200)
3248  *status_out = 200;
3249  goto discard;
3250  } else if (v->vote->published < vote->published) {
3251  log_notice(LD_DIR, "Replacing an older pending vote from this "
3252  "directory (%s)", vi->address);
3253  cached_dir_decref(v->vote_body);
3254  networkstatus_vote_free(v->vote);
3255  v->vote_body = new_cached_dir(tor_strndup(vote_body,
3256  end_of_vote-vote_body),
3257  vote->published);
3258  v->vote = vote;
3259  if (end_of_vote &&
3260  !strcmpstart(end_of_vote, "network-status-version"))
3261  goto again;
3262 
3263  if (*status_out < 200)
3264  *status_out = 200;
3265  if (!*msg_out)
3266  *msg_out = "OK";
3267  return v;
3268  } else {
3269  *msg_out = "Already have a newer pending vote";
3270  goto err;
3271  }
3272  }
3273  } SMARTLIST_FOREACH_END(v);
3274 
3275  /* This a valid vote, update our shared random state. */
3276  sr_handle_received_commits(vote->sr_info.commits,
3277  vote->cert->identity_key);
3278 
3279  pending_vote = tor_malloc_zero(sizeof(pending_vote_t));
3280  pending_vote->vote_body = new_cached_dir(tor_strndup(vote_body,
3281  end_of_vote-vote_body),
3282  vote->published);
3283  pending_vote->vote = vote;
3284  smartlist_add(pending_vote_list, pending_vote);
3285 
3286  if (!strcmpstart(end_of_vote, "network-status-version ")) {
3287  vote_body = end_of_vote;
3288  goto again;
3289  }
3290 
3291  goto done;
3292 
3293  err:
3294  any_failed = 1;
3295  if (!*msg_out)
3296  *msg_out = "Error adding vote";
3297  if (*status_out < 400)
3298  *status_out = 400;
3299 
3300  discard:
3301  networkstatus_vote_free(vote);
3302 
3303  if (end_of_vote && !strcmpstart(end_of_vote, "network-status-version ")) {
3304  vote_body = end_of_vote;
3305  goto again;
3306  }
3307 
3308  done:
3309 
3310  if (*status_out < 200)
3311  *status_out = 200;
3312  if (!*msg_out) {
3313  if (!any_failed && !pending_vote) {
3314  *msg_out = "Duplicate discarded";
3315  } else {
3316  *msg_out = "ok";
3317  }
3318  }
3319 
3320  return any_failed ? NULL : pending_vote;
3321 }
3322 
3323 /* Write the votes in <b>pending_vote_list</b> to disk. */
3324 static void
3325 write_v3_votes_to_disk(const smartlist_t *pending_votes)
3326 {
3327  smartlist_t *votestrings = smartlist_new();
3328  char *votefile = NULL;
3329 
3330  SMARTLIST_FOREACH(pending_votes, pending_vote_t *, v,
3331  {
3332  sized_chunk_t *c = tor_malloc(sizeof(sized_chunk_t));
3333  c->bytes = v->vote_body->dir;
3334  c->len = v->vote_body->dir_len;
3335  smartlist_add(votestrings, c); /* collect strings to write to disk */
3336  });
3337 
3338  votefile = get_datadir_fname("v3-status-votes");
3339  write_chunks_to_file(votefile, votestrings, 0, 0);
3340  log_debug(LD_DIR, "Wrote votes to disk (%s)!", votefile);
3341 
3342  tor_free(votefile);
3343  SMARTLIST_FOREACH(votestrings, sized_chunk_t *, c, tor_free(c));
3344  smartlist_free(votestrings);
3345 }
3346 
3347 /** Try to compute a v3 networkstatus consensus from the currently pending
3348  * votes. Return 0 on success, -1 on failure. Store the consensus in
3349  * pending_consensus: it won't be ready to be published until we have
3350  * everybody else's signatures collected too. (V3 Authority only) */
3351 static int
3353 {
3354  /* Have we got enough votes to try? */
3355  int n_votes, n_voters, n_vote_running = 0;
3356  smartlist_t *votes = NULL;
3357  char *consensus_body = NULL, *signatures = NULL;
3358  networkstatus_t *consensus = NULL;
3359  authority_cert_t *my_cert;
3361  int flav;
3362 
3363  memset(pending, 0, sizeof(pending));
3364 
3365  if (!pending_vote_list)
3367 
3368  /* Write votes to disk */
3369  write_v3_votes_to_disk(pending_vote_list);
3370 
3371  /* Setup votes smartlist */
3372  votes = smartlist_new();
3374  {
3375  smartlist_add(votes, v->vote); /* collect votes to compute consensus */
3376  });
3377 
3378  /* See if consensus managed to achieve majority */
3379  n_voters = get_n_authorities(V3_DIRINFO);
3380  n_votes = smartlist_len(pending_vote_list);
3381  if (n_votes <= n_voters/2) {
3382  log_warn(LD_DIR, "We don't have enough votes to generate a consensus: "
3383  "%d of %d", n_votes, n_voters/2+1);
3384  goto err;
3385  }
3388  if (smartlist_contains_string(v->vote->known_flags, "Running"))
3389  n_vote_running++;
3390  });
3391  if (!n_vote_running) {
3392  /* See task 1066. */
3393  log_warn(LD_DIR, "Nobody has voted on the Running flag. Generating "
3394  "and publishing a consensus without Running nodes "
3395  "would make many clients stop working. Not "
3396  "generating a consensus!");
3397  goto err;
3398  }
3399 
3400  if (!(my_cert = get_my_v3_authority_cert())) {
3401  log_warn(LD_DIR, "Can't generate consensus without a certificate.");
3402  goto err;
3403  }
3404 
3405  {
3406  char legacy_dbuf[DIGEST_LEN];
3407  crypto_pk_t *legacy_sign=NULL;
3408  char *legacy_id_digest = NULL;
3409  int n_generated = 0;
3410  if (get_options()->V3AuthUseLegacyKey) {
3412  legacy_sign = get_my_v3_legacy_signing_key();
3413  if (cert) {
3414  if (crypto_pk_get_digest(cert->identity_key, legacy_dbuf)) {
3415  log_warn(LD_BUG,
3416  "Unable to compute digest of legacy v3 identity key");
3417  } else {
3418  legacy_id_digest = legacy_dbuf;
3419  }
3420  }
3421  }
3422 
3423  for (flav = 0; flav < N_CONSENSUS_FLAVORS; ++flav) {
3424  const char *flavor_name = networkstatus_get_flavor_name(flav);
3425  consensus_body = networkstatus_compute_consensus(
3426  votes, n_voters,
3427  my_cert->identity_key,
3428  get_my_v3_authority_signing_key(), legacy_id_digest, legacy_sign,
3429  flav);
3430 
3431  if (!consensus_body) {
3432  log_warn(LD_DIR, "Couldn't generate a %s consensus at all!",
3433  flavor_name);
3434  continue;
3435  }
3436  consensus = networkstatus_parse_vote_from_string(consensus_body,
3437  strlen(consensus_body),
3438  NULL,
3439  NS_TYPE_CONSENSUS);
3440  if (!consensus) {
3441  log_warn(LD_DIR, "Couldn't parse %s consensus we generated!",
3442  flavor_name);
3443  tor_free(consensus_body);
3444  continue;
3445  }
3446 
3447  /* 'Check' our own signature, to mark it valid. */
3449 
3450  pending[flav].body = consensus_body;
3451  pending[flav].consensus = consensus;
3452  n_generated++;
3453  consensus_body = NULL;
3454  consensus = NULL;
3455  }
3456  if (!n_generated) {
3457  log_warn(LD_DIR, "Couldn't generate any consensus flavors at all.");
3458  goto err;
3459  }
3460  }
3461 
3463  pending, N_CONSENSUS_FLAVORS);
3464 
3465  if (!signatures) {
3466  log_warn(LD_DIR, "Couldn't extract signatures.");
3467  goto err;
3468  }
3469 
3471  memcpy(pending_consensuses, pending, sizeof(pending));
3472 
3474  pending_consensus_signatures = signatures;
3475 
3477  int n_sigs = 0;
3478  /* we may have gotten signatures for this consensus before we built
3479  * it ourself. Add them now. */
3481  const char *msg = NULL;
3482  int r = dirvote_add_signatures_to_all_pending_consensuses(sig,
3483  "pending", &msg);
3484  if (r >= 0)
3485  n_sigs += r;
3486  else
3487  log_warn(LD_DIR,
3488  "Could not add queued signature to new consensus: %s",
3489  msg);
3490  tor_free(sig);
3491  } SMARTLIST_FOREACH_END(sig);
3492  if (n_sigs)
3493  log_notice(LD_DIR, "Added %d pending signatures while building "
3494  "consensus.", n_sigs);
3496  }
3497 
3498  log_notice(LD_DIR, "Consensus computed; uploading signature(s)");
3499 
3502  V3_DIRINFO,
3504  strlen(pending_consensus_signatures), 0);
3505  log_notice(LD_DIR, "Signature(s) posted.");
3506 
3507  smartlist_free(votes);
3508  return 0;
3509  err:
3510  smartlist_free(votes);
3511  tor_free(consensus_body);
3512  tor_free(signatures);
3513  networkstatus_vote_free(consensus);
3514 
3515  return -1;
3516 }
3517 
3518 /** Helper: we just got the <b>detached_signatures_body</b> sent to us as
3519  * signatures on the currently pending consensus. Add them to <b>pc</b>
3520  * as appropriate. Return the number of signatures added. (?) */
3521 static int
3523  pending_consensus_t *pc,
3525  const char *source,
3526  int severity,
3527  const char **msg_out)
3528 {
3529  const char *flavor_name;
3530  int r = -1;
3531 
3532  /* Only call if we have a pending consensus right now. */
3533  tor_assert(pc->consensus);
3534  tor_assert(pc->body);
3536 
3537  flavor_name = networkstatus_get_flavor_name(pc->consensus->flavor);
3538  *msg_out = NULL;
3539 
3540  {
3541  smartlist_t *sig_list = strmap_get(sigs->signatures, flavor_name);
3542  log_info(LD_DIR, "Have %d signatures for adding to %s consensus.",
3543  sig_list ? smartlist_len(sig_list) : 0, flavor_name);
3544  }
3546  source, severity, msg_out);
3547  if (r >= 0) {
3548  log_info(LD_DIR,"Added %d signatures to consensus.", r);
3549  } else {
3550  log_fn(LOG_PROTOCOL_WARN, LD_DIR,
3551  "Unable to add signatures to consensus: %s",
3552  *msg_out ? *msg_out : "(unknown)");
3553  }
3554 
3555  if (r >= 1) {
3556  char *new_signatures =
3558  char *dst, *dst_end;
3559  size_t new_consensus_len;
3560  if (!new_signatures) {
3561  *msg_out = "No signatures to add";
3562  goto err;
3563  }
3564  new_consensus_len =
3565  strlen(pc->body) + strlen(new_signatures) + 1;
3566  pc->body = tor_realloc(pc->body, new_consensus_len);
3567  dst_end = pc->body + new_consensus_len;
3568  dst = strstr(pc->body, "directory-signature ");
3569  tor_assert(dst);
3570  strlcpy(dst, new_signatures, dst_end-dst);
3571 
3572  /* We remove this block once it has failed to crash for a while. But
3573  * unless it shows up in profiles, we're probably better leaving it in,
3574  * just in case we break detached signature processing at some point. */
3575  {
3577  pc->body, strlen(pc->body), NULL,
3578  NS_TYPE_CONSENSUS);
3579  tor_assert(v);
3580  networkstatus_vote_free(v);
3581  }
3582  *msg_out = "Signatures added";
3583  tor_free(new_signatures);
3584  } else if (r == 0) {
3585  *msg_out = "Signatures ignored";
3586  } else {
3587  goto err;
3588  }
3589 
3590  goto done;
3591  err:
3592  if (!*msg_out)
3593  *msg_out = "Unrecognized error while adding detached signatures.";
3594  done:
3595  return r;
3596 }
3597 
3598 static int
3599 dirvote_add_signatures_to_all_pending_consensuses(
3600  const char *detached_signatures_body,
3601  const char *source,
3602  const char **msg_out)
3603 {
3604  int r=0, i, n_added = 0, errors = 0;
3606  tor_assert(detached_signatures_body);
3607  tor_assert(msg_out);
3609 
3611  detached_signatures_body, NULL))) {
3612  *msg_out = "Couldn't parse detached signatures.";
3613  goto err;
3614  }
3615 
3616  for (i = 0; i < N_CONSENSUS_FLAVORS; ++i) {
3617  int res;
3618  int severity = i == FLAV_NS ? LOG_NOTICE : LOG_INFO;
3619  pending_consensus_t *pc = &pending_consensuses[i];
3620  if (!pc->consensus)
3621  continue;
3622  res = dirvote_add_signatures_to_pending_consensus(pc, sigs, source,
3623  severity, msg_out);
3624  if (res < 0)
3625  errors++;
3626  else
3627  n_added += res;
3628  }
3629 
3630  if (errors && !n_added) {
3631  r = -1;
3632  goto err;
3633  }
3634 
3635  if (n_added && pending_consensuses[FLAV_NS].consensus) {
3636  char *new_detached =
3638  pending_consensuses, N_CONSENSUS_FLAVORS);
3639  if (new_detached) {
3641  pending_consensus_signatures = new_detached;
3642  }
3643  }
3644 
3645  r = n_added;
3646  goto done;
3647  err:
3648  if (!*msg_out)
3649  *msg_out = "Unrecognized error while adding detached signatures.";
3650  done:
3651  ns_detached_signatures_free(sigs);
3652  /* XXXX NM Check how return is used. We can now have an error *and*
3653  signatures added. */
3654  return r;
3655 }
3656 
3657 /** Helper: we just got the <b>detached_signatures_body</b> sent to us as
3658  * signatures on the currently pending consensus. Add them to the pending
3659  * consensus (if we have one); otherwise queue them until we have a
3660  * consensus. Return negative on failure, nonnegative on success. */
3661 int
3662 dirvote_add_signatures(const char *detached_signatures_body,
3663  const char *source,
3664  const char **msg)
3665 {
3666  if (pending_consensuses[FLAV_NS].consensus) {
3667  log_notice(LD_DIR, "Got a signature from %s. "
3668  "Adding it to the pending consensus.", source);
3669  return dirvote_add_signatures_to_all_pending_consensuses(
3670  detached_signatures_body, source, msg);
3671  } else {
3672  log_notice(LD_DIR, "Got a signature from %s. "
3673  "Queuing it for the next consensus.", source);
3677  detached_signatures_body);
3678  *msg = "Signature queued";
3679  return 0;
3680  }
3681 }
3682 
3683 /** Replace the consensus that we're currently serving with the one that we've
3684  * been building. (V3 Authority only) */
3685 static int
3687 {
3688  int i;
3689 
3690  /* Now remember all the other consensuses as if we were a directory cache. */
3691  for (i = 0; i < N_CONSENSUS_FLAVORS; ++i) {
3692  pending_consensus_t *pending = &pending_consensuses[i];
3693  const char *name;
3695  tor_assert(name);
3696  if (!pending->consensus ||
3698  log_warn(LD_DIR, "Not enough info to publish pending %s consensus",name);
3699  continue;
3700  }
3701 
3703  strlen(pending->body),
3704  name, 0, NULL))
3705  log_warn(LD_DIR, "Error publishing %s consensus", name);
3706  else
3707  log_notice(LD_DIR, "Published %s consensus", name);
3708  }
3709 
3710  return 0;
3711 }
3712 
3713 /** Release all static storage held in dirvote.c */
3714 void
3716 {
3718  /* now empty as a result of dirvote_clear_votes(). */
3719  smartlist_free(pending_vote_list);
3720  pending_vote_list = NULL;
3721  smartlist_free(previous_vote_list);
3722  previous_vote_list = NULL;
3723 
3727  /* now empty as a result of dirvote_clear_votes(). */
3728  smartlist_free(pending_consensus_signature_list);
3730  }
3731 }
3732 
3733 /* ====
3734  * Access to pending items.
3735  * ==== */
3736 
3737 /** Return the body of the consensus that we're currently trying to build. */
3738 MOCK_IMPL(const char *,
3740 {
3741  tor_assert(((int)flav) >= 0 && (int)flav < N_CONSENSUS_FLAVORS);
3742  return pending_consensuses[flav].body;
3743 }
3744 
3745 /** Return the signatures that we know for the consensus that we're currently
3746  * trying to build. */
3747 MOCK_IMPL(const char *,
3749 {
3751 }
3752 
3753 /** Return a given vote specified by <b>fp</b>. If <b>by_id</b>, return the
3754  * vote for the authority with the v3 authority identity key digest <b>fp</b>;
3755  * if <b>by_id</b> is false, return the vote whose digest is <b>fp</b>. If
3756  * <b>fp</b> is NULL, return our own vote. If <b>include_previous</b> is
3757  * false, do not consider any votes for a consensus that's already been built.
3758  * If <b>include_pending</b> is false, do not consider any votes for the
3759  * consensus that's in progress. May return NULL if we have no vote for the
3760  * authority in question. */
3761 const cached_dir_t *
3762 dirvote_get_vote(const char *fp, int flags)
3763 {
3764  int by_id = flags & DGV_BY_ID;
3765  const int include_pending = flags & DGV_INCLUDE_PENDING;
3766  const int include_previous = flags & DGV_INCLUDE_PREVIOUS;
3767 
3769  return NULL;
3770  if (fp == NULL) {
3772  if (c) {
3773  fp = c->cache_info.identity_digest;
3774  by_id = 1;
3775  } else
3776  return NULL;
3777  }
3778  if (by_id) {
3779  if (pending_vote_list && include_pending) {
3781  if (fast_memeq(get_voter(pv->vote)->identity_digest, fp, DIGEST_LEN))
3782  return pv->vote_body);
3783  }
3784  if (previous_vote_list && include_previous) {
3786  if (fast_memeq(get_voter(pv->vote)->identity_digest, fp, DIGEST_LEN))
3787  return pv->vote_body);
3788  }
3789  } else {
3790  if (pending_vote_list && include_pending) {
3792  if (fast_memeq(pv->vote->digests.d[DIGEST_SHA1], fp, DIGEST_LEN))
3793  return pv->vote_body);
3794  }
3795  if (previous_vote_list && include_previous) {
3797  if (fast_memeq(pv->vote->digests.d[DIGEST_SHA1], fp, DIGEST_LEN))
3798  return pv->vote_body);
3799  }
3800  }
3801  return NULL;
3802 }
3803 
3804 /** Construct and return a new microdescriptor from a routerinfo <b>ri</b>
3805  * according to <b>consensus_method</b>.
3806  **/
3808 dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method)
3809 {
3810  microdesc_t *result = NULL;
3811  char *key = NULL, *summary = NULL, *family = NULL;
3812  size_t keylen;
3813  smartlist_t *chunks = smartlist_new();
3814  char *output = NULL;
3815  crypto_pk_t *rsa_pubkey = router_get_rsa_onion_pkey(ri->onion_pkey,
3816  ri->onion_pkey_len);
3817 
3818  if (crypto_pk_write_public_key_to_string(rsa_pubkey, &key, &keylen)<0)
3819  goto done;
3820  summary = policy_summarize(ri->exit_policy, AF_INET);
3821  if (ri->declared_family)
3822  family = smartlist_join_strings(ri->declared_family, " ", 0, NULL);
3823 
3824  smartlist_add_asprintf(chunks, "onion-key\n%s", key);
3825 
3826  if (ri->onion_curve25519_pkey) {
3827  char kbuf[128];
3828  base64_encode(kbuf, sizeof(kbuf),
3829  (const char*)ri->onion_curve25519_pkey->public_key,
3830  CURVE25519_PUBKEY_LEN, BASE64_ENCODE_MULTILINE);
3831  smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf);
3832  }
3833 
3834  if (family) {
3835  if (consensus_method < MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS) {
3836  smartlist_add_asprintf(chunks, "family %s\n", family);
3837  } else {
3838  const uint8_t *id = (const uint8_t *)ri->cache_info.identity_digest;
3839  char *canonical_family = nodefamily_canonicalize(family, id, 0);
3840  smartlist_add_asprintf(chunks, "family %s\n", canonical_family);
3841  tor_free(canonical_family);
3842  }
3843  }
3844 
3845  if (summary && strcmp(summary, "reject 1-65535"))
3846  smartlist_add_asprintf(chunks, "p %s\n", summary);
3847 
3848  if (ri->ipv6_exit_policy) {
3849  /* XXXX+++ This doesn't match proposal 208, which says these should
3850  * be taken unchanged from the routerinfo. That's bogosity, IMO:
3851  * the proposal should have said to do this instead.*/
3852  char *p6 = write_short_policy(ri->ipv6_exit_policy);
3853  if (p6 && strcmp(p6, "reject 1-65535"))
3854  smartlist_add_asprintf(chunks, "p6 %s\n", p6);
3855  tor_free(p6);
3856  }
3857 
3858  {
3859  char idbuf[ED25519_BASE64_LEN+1];
3860  const char *keytype;
3861  if (ri->cache_info.signing_key_cert &&
3862  ri->cache_info.signing_key_cert->signing_key_included) {
3863  keytype = "ed25519";
3865  &ri->cache_info.signing_key_cert->signing_key);
3866  } else {
3867  keytype = "rsa1024";
3868  digest_to_base64(idbuf, ri->cache_info.identity_digest);
3869  }
3870  smartlist_add_asprintf(chunks, "id %s %s\n", keytype, idbuf);
3871  }
3872 
3873  output = smartlist_join_strings(chunks, "", 0, NULL);
3874 
3875  {
3877  output+strlen(output), 0,
3878  SAVED_NOWHERE, NULL);
3879  if (smartlist_len(lst) != 1) {
3880  log_warn(LD_DIR, "We generated a microdescriptor we couldn't parse.");
3881  SMARTLIST_FOREACH(lst, microdesc_t *, md, microdesc_free(md));
3882  smartlist_free(lst);
3883  goto done;
3884  }
3885  result = smartlist_get(lst, 0);
3886  smartlist_free(lst);
3887  }
3888 
3889  done:
3890  crypto_pk_free(rsa_pubkey);
3891  tor_free(output);
3892  tor_free(key);
3893  tor_free(summary);
3894  tor_free(family);
3895  if (chunks) {
3896  SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
3897  smartlist_free(chunks);
3898  }
3899  return result;
3900 }
3901 
3902 /** Format the appropriate vote line to describe the microdescriptor <b>md</b>
3903  * in a consensus vote document. Write it into the <b>out_len</b>-byte buffer
3904  * in <b>out</b>. Return -1 on failure and the number of characters written
3905  * on success. */
3906 static ssize_t
3907 dirvote_format_microdesc_vote_line(char *out_buf, size_t out_buf_len,
3908  const microdesc_t *md,
3909  int consensus_method_low,
3910  int consensus_method_high)
3911 {
3912  ssize_t ret = -1;
3913  char d64[BASE64_DIGEST256_LEN+1];
3914  char *microdesc_consensus_methods =
3915  make_consensus_method_list(consensus_method_low,
3916  consensus_method_high,
3917  ",");
3918  tor_assert(microdesc_consensus_methods);
3919 
3920  digest256_to_base64(d64, md->digest);
3921 
3922  if (tor_snprintf(out_buf, out_buf_len, "m %s sha256=%s\n",
3923  microdesc_consensus_methods, d64)<0)
3924  goto out;
3925 
3926  ret = strlen(out_buf);
3927 
3928  out:
3929  tor_free(microdesc_consensus_methods);
3930  return ret;
3931 }
3932 
3933 /** Array of start and end of consensus methods used for supported
3934  microdescriptor formats. */
3935 static const struct consensus_method_range_t {
3936  int low;
3937  int high;
3938 } microdesc_consensus_methods[] = {
3943  {-1, -1}
3944 };
3945 
3946 /** Helper type used when generating the microdescriptor lines in a directory
3947  * vote. */
3948 typedef struct microdesc_vote_line_t {
3949  int low;
3950  int high;
3951  microdesc_t *md;
3952  struct microdesc_vote_line_t *next;
3954 
3955 /** Generate and return a linked list of all the lines that should appear to
3956  * describe a router's microdescriptor versions in a directory vote.
3957  * Add the generated microdescriptors to <b>microdescriptors_out</b>. */
3960  smartlist_t *microdescriptors_out)
3961 {
3962  const struct consensus_method_range_t *cmr;
3963  microdesc_vote_line_t *entries = NULL, *ep;
3964  vote_microdesc_hash_t *result = NULL;
3965 
3966  /* Generate the microdescriptors. */
3967  for (cmr = microdesc_consensus_methods;
3968  cmr->low != -1 && cmr->high != -1;
3969  cmr++) {
3970  microdesc_t *md = dirvote_create_microdescriptor(ri, cmr->low);
3971  if (md) {
3973  tor_malloc_zero(sizeof(microdesc_vote_line_t));
3974  e->md = md;
3975  e->low = cmr->low;
3976  e->high = cmr->high;
3977  e->next = entries;
3978  entries = e;
3979  }
3980  }
3981 
3982  /* Compress adjacent identical ones */
3983  for (ep = entries; ep; ep = ep->next) {
3984  while (ep->next &&
3985  fast_memeq(ep->md->digest, ep->next->md->digest, DIGEST256_LEN) &&
3986  ep->low == ep->next->high + 1) {
3987  microdesc_vote_line_t *next = ep->next;
3988  ep->low = next->low;
3989  microdesc_free(next->md);
3990  ep->next = next->next;
3991  tor_free(next);
3992  }
3993  }
3994 
3995  /* Format them into vote_microdesc_hash_t, and add to microdescriptors_out.*/
3996  while ((ep = entries)) {
3997  char buf[128];
3999  if (dirvote_format_microdesc_vote_line(buf, sizeof(buf), ep->md,
4000  ep->low, ep->high) >= 0) {
4001  h = tor_malloc_zero(sizeof(vote_microdesc_hash_t));
4002  h->microdesc_hash_line = tor_strdup(buf);
4003  h->next = result;
4004  result = h;
4005  ep->md->last_listed = now;
4006  smartlist_add(microdescriptors_out, ep->md);
4007  }
4008  entries = ep->next;
4009  tor_free(ep);
4010  }
4011 
4012  return result;
4013 }
4014 
4015 /** Parse and extract all SR commits from <b>tokens</b> and place them in
4016  * <b>ns</b>. */
4017 static void
4019 {
4020  smartlist_t *chunks = NULL;
4021 
4022  tor_assert(ns);
4023  tor_assert(tokens);
4024  /* Commits are only present in a vote. */
4025  tor_assert(ns->type == NS_TYPE_VOTE);
4026 
4027  ns->sr_info.commits = smartlist_new();
4028 
4029  smartlist_t *commits = find_all_by_keyword(tokens, K_COMMIT);
4030  /* It's normal that a vote might contain no commits even if it participates
4031  * in the SR protocol. Don't treat it as an error. */
4032  if (commits == NULL) {
4033  goto end;
4034  }
4035 
4036  /* Parse the commit. We do NO validation of number of arguments or ordering
4037  * for forward compatibility, it's the parse commit job to inform us if it's
4038  * supported or not. */
4039  chunks = smartlist_new();
4040  SMARTLIST_FOREACH_BEGIN(commits, directory_token_t *, tok) {
4041  /* Extract all arguments and put them in the chunks list. */
4042  for (int i = 0; i < tok->n_args; i++) {
4043  smartlist_add(chunks, tok->args[i]);
4044  }
4045  sr_commit_t *commit = sr_parse_commit(chunks);
4046  smartlist_clear(chunks);
4047  if (commit == NULL) {
4048  /* Get voter identity so we can warn that this dirauth vote contains
4049  * commit we can't parse. */
4050  networkstatus_voter_info_t *voter = smartlist_get(ns->voters, 0);
4051  tor_assert(voter);
4052  log_warn(LD_DIR, "SR: Unable to parse commit %s from vote of voter %s.",
4053  escaped(tok->object_body),
4054  hex_str(voter->identity_digest,
4055  sizeof(voter->identity_digest)));
4056  /* Commitment couldn't be parsed. Continue onto the next commit because
4057  * this one could be unsupported for instance. */
4058  continue;
4059  }
4060  /* Add newly created commit object to the vote. */
4061  smartlist_add(ns->sr_info.commits, commit);
4062  } SMARTLIST_FOREACH_END(tok);
4063 
4064  end:
4065  smartlist_free(chunks);
4066  smartlist_free(commits);
4067 }
4068 
4069 /* Using the given directory tokens in tokens, parse the shared random commits
4070  * and put them in the given vote document ns.
4071  *
4072  * This also sets the SR participation flag if present in the vote. */
4073 void
4074 dirvote_parse_sr_commits(networkstatus_t *ns, const smartlist_t *tokens)
4075 {
4076  /* Does this authority participates in the SR protocol? */
4077  directory_token_t *tok = find_opt_by_keyword(tokens, K_SR_FLAG);
4078  if (tok) {
4079  ns->sr_info.participate = 1;
4080  /* Get the SR commitments and reveals from the vote. */
4081  extract_shared_random_commits(ns, tokens);
4082  }
4083 }
4084 
4085 /* For the given vote, free the shared random commits if any. */
4086 void
4087 dirvote_clear_commits(networkstatus_t *ns)
4088 {
4089  tor_assert(ns->type == NS_TYPE_VOTE);
4090 
4091  if (ns->sr_info.commits) {
4092  SMARTLIST_FOREACH(ns->sr_info.commits, sr_commit_t *, c,
4093  sr_commit_free(c));
4094  smartlist_free(ns->sr_info.commits);
4095  }
4096 }
4097 
4098 /* The given url is the /tor/status-vote GET directory request. Populates the
4099  * items list with strings that we can compress on the fly and dir_items with
4100  * cached_dir_t objects that have a precompressed deflated version. */
4101 void
4102 dirvote_dirreq_get_status_vote(const char *url, smartlist_t *items,
4103  smartlist_t *dir_items)
4104 {
4105  int current;
4106 
4107  url += strlen("/tor/status-vote/");
4108  current = !strcmpstart(url, "current/");
4109  url = strchr(url, '/');
4110  tor_assert(url);
4111  ++url;
4112  if (!strcmp(url, "consensus")) {
4113  const char *item;
4114  tor_assert(!current); /* we handle current consensus specially above,
4115  * since it wants to be spooled. */
4116  if ((item = dirvote_get_pending_consensus(FLAV_NS)))
4117  smartlist_add(items, (char*)item);
4118  } else if (!current && !strcmp(url, "consensus-signatures")) {
4119  /* XXXX the spec says that we should implement
4120  * current/consensus-signatures too. It doesn't seem to be needed,
4121  * though. */
4122  const char *item;
4124  smartlist_add(items, (char*)item);
4125  } else if (!strcmp(url, "authority")) {
4126  const cached_dir_t *d;
4127  int flags = DGV_BY_ID |
4128  (current ? DGV_INCLUDE_PREVIOUS : DGV_INCLUDE_PENDING);
4129  if ((d=dirvote_get_vote(NULL, flags)))
4130  smartlist_add(dir_items, (cached_dir_t*)d);
4131  } else {
4132  const cached_dir_t *d;
4133  smartlist_t *fps = smartlist_new();
4134  int flags;
4135  if (!strcmpstart(url, "d/")) {
4136  url += 2;
4137  flags = DGV_INCLUDE_PENDING | DGV_INCLUDE_PREVIOUS;
4138  } else {
4139  flags = DGV_BY_ID |
4140  (current ? DGV_INCLUDE_PREVIOUS : DGV_INCLUDE_PENDING);
4141  }
4142  dir_split_resource_into_fingerprints(url, fps, NULL,
4143  DSR_HEX|DSR_SORT_UNIQ);
4144  SMARTLIST_FOREACH(fps, char *, fp, {
4145  if ((d = dirvote_get_vote(fp, flags)))
4146  smartlist_add(dir_items, (cached_dir_t*)d);
4147  tor_free(fp);
4148  });
4149  smartlist_free(fps);
4150  }
4151 }
4152 
4153 /** Get the best estimate of a router's bandwidth for dirauth purposes,
4154  * preferring measured to advertised values if available. */
4155 static uint32_t
4157 {
4158  uint32_t bw_kb = 0;
4159  /*
4160  * Yeah, measured bandwidths in measured_bw_line_t are (implicitly
4161  * signed) longs and the ones router_get_advertised_bandwidth() returns
4162  * are uint32_t.
4163  */
4164  long mbw_kb = 0;
4165 
4166  if (ri) {
4167  /*
4168  * * First try to see if we have a measured bandwidth; don't bother with
4169  * as_of_out here, on the theory that a stale measured bandwidth is still
4170  * better to trust than an advertised one.
4171  */
4173  &mbw_kb, NULL)) {
4174  /* Got one! */
4175  bw_kb = (uint32_t)mbw_kb;
4176  } else {
4177  /* If not, fall back to advertised */
4178  bw_kb = router_get_advertised_bandwidth(ri) / 1000;
4179  }
4180  }
4181 
4182  return bw_kb;
4183 }
4184 
4185 /** Helper for sorting: compares two routerinfos first by address, and then by
4186  * descending order of "usefulness". (An authority is more useful than a
4187  * non-authority; a running router is more useful than a non-running router;
4188  * and a router with more bandwidth is more useful than one with less.)
4189  **/
4190 static int
4191 compare_routerinfo_by_ip_and_bw_(const void **a, const void **b)
4192 {
4193  routerinfo_t *first = *(routerinfo_t **)a, *second = *(routerinfo_t **)b;
4194  int first_is_auth, second_is_auth;
4195  uint32_t bw_kb_first, bw_kb_second;
4196  const node_t *node_first, *node_second;
4197  int first_is_running, second_is_running;
4198 
4199  /* we return -1 if first should appear before second... that is,
4200  * if first is a better router. */
4201  if (first->addr < second->addr)
4202  return -1;
4203  else if (first->addr > second->addr)
4204  return 1;
4205 
4206  /* Potentially, this next bit could cause k n lg n memeq calls. But in
4207  * reality, we will almost never get here, since addresses will usually be
4208  * different. */
4209 
4210  first_is_auth =
4211  router_digest_is_trusted_dir(first->cache_info.identity_digest);
4212  second_is_auth =
4213  router_digest_is_trusted_dir(second->cache_info.identity_digest);
4214 
4215  if (first_is_auth && !second_is_auth)
4216  return -1;
4217  else if (!first_is_auth && second_is_auth)
4218  return 1;
4219 
4220  node_first = node_get_by_id(first->cache_info.identity_digest);
4221  node_second = node_get_by_id(second->cache_info.identity_digest);
4222  first_is_running = node_first && node_first->is_running;
4223  second_is_running = node_second && node_second->is_running;
4224 
4225  if (first_is_running && !second_is_running)
4226  return -1;
4227  else if (!first_is_running && second_is_running)
4228  return 1;
4229 
4230  bw_kb_first = dirserv_get_bandwidth_for_router_kb(first);
4231  bw_kb_second = dirserv_get_bandwidth_for_router_kb(second);
4232 
4233  if (bw_kb_first > bw_kb_second)
4234  return -1;
4235  else if (bw_kb_first < bw_kb_second)
4236  return 1;
4237 
4238  /* They're equal! Compare by identity digest, so there's a
4239  * deterministic order and we avoid flapping. */
4240  return fast_memcmp(first->cache_info.identity_digest,
4241  second->cache_info.identity_digest,
4242  DIGEST_LEN);
4243 }
4244 
4245 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
4246  * whose keys are the identity digests of those routers that we're going to
4247  * exclude for Sybil-like appearance. */
4248 static digestmap_t *
4250 {
4251  const dirauth_options_t *options = dirauth_get_options();
4252  digestmap_t *omit_as_sybil;
4253  smartlist_t *routers_by_ip = smartlist_new();
4254  uint32_t last_addr;
4255  int addr_count;
4256  /* Allow at most this number of Tor servers on a single IP address, ... */
4257  int max_with_same_addr = options->AuthDirMaxServersPerAddr;
4258  if (max_with_same_addr <= 0)
4259  max_with_same_addr = INT_MAX;
4260 
4261  smartlist_add_all(routers_by_ip, routers);
4263  omit_as_sybil = digestmap_new();
4264 
4265  last_addr = 0;
4266  addr_count = 0;
4267  SMARTLIST_FOREACH_BEGIN(routers_by_ip, routerinfo_t *, ri) {
4268  if (last_addr != ri->addr) {
4269  last_addr = ri->addr;
4270  addr_count = 1;
4271  } else if (++addr_count > max_with_same_addr) {
4272  digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
4273  }
4274  } SMARTLIST_FOREACH_END(ri);
4275 
4276  smartlist_free(routers_by_ip);
4277  return omit_as_sybil;
4278 }
4279 
4280 /** Given a platform string as in a routerinfo_t (possibly null), return a
4281  * newly allocated version string for a networkstatus document, or NULL if the
4282  * platform doesn't give a Tor version. */
4283 static char *
4284 version_from_platform(const char *platform)
4285 {
4286  if (platform && !strcmpstart(platform, "Tor ")) {
4287  const char *eos = find_whitespace(platform+4);
4288  if (eos && !strcmpstart(eos, " (r")) {
4289  /* XXXX Unify this logic with the other version extraction
4290  * logic in routerparse.c. */
4291  eos = find_whitespace(eos+1);
4292  }
4293  if (eos) {
4294  return tor_strndup(platform, eos-platform);
4295  }
4296  }
4297  return NULL;
4298 }
4299 
4300 /** Given a (possibly empty) list of config_line_t, each line of which contains
4301  * a list of comma-separated version numbers surrounded by optional space,
4302  * allocate and return a new string containing the version numbers, in order,
4303  * separated by commas. Used to generate Recommended(Client|Server)?Versions
4304  */
4305 char *
4307 {
4308  smartlist_t *versions;
4309  char *result;
4310  versions = smartlist_new();
4311  for ( ; ln; ln = ln->next) {
4312  smartlist_split_string(versions, ln->value, ",",
4313  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
4314  }
4315 
4316  /* Handle the case where a dirauth operator has accidentally made some
4317  * versions space-separated instead of comma-separated. */
4318  smartlist_t *more_versions = smartlist_new();
4319  SMARTLIST_FOREACH_BEGIN(versions, char *, v) {
4320  if (strchr(v, ' ')) {
4321  if (warn)
4322  log_warn(LD_DIRSERV, "Unexpected space in versions list member %s. "
4323  "(These are supposed to be comma-separated; I'll pretend you "
4324  "used commas instead.)", escaped(v));
4325  SMARTLIST_DEL_CURRENT(versions, v);
4326  smartlist_split_string(more_versions, v, NULL,
4327  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
4328  tor_free(v);
4329  }
4330  } SMARTLIST_FOREACH_END(v);
4331  smartlist_add_all(versions, more_versions);
4332  smartlist_free(more_versions);
4333 
4334  /* Check to make sure everything looks like a version. */
4335  if (warn) {
4336  SMARTLIST_FOREACH_BEGIN(versions, const char *, v) {
4337  tor_version_t ver;
4338  if (tor_version_parse(v, &ver) < 0) {
4339  log_warn(LD_DIRSERV, "Recommended version %s does not look valid. "
4340  " (I'll include it anyway, since you told me to.)",
4341  escaped(v));
4342  }
4343  } SMARTLIST_FOREACH_END(v);
4344  }
4345 
4346  sort_version_list(versions, 1);
4347  result = smartlist_join_strings(versions,",",0,NULL);
4348  SMARTLIST_FOREACH(versions,char *,s,tor_free(s));
4349  smartlist_free(versions);
4350  return result;
4351 }
4352 
4353 /** If there are entries in <b>routers</b> with exactly the same ed25519 keys,
4354  * remove the older one. If they are exactly the same age, remove the one
4355  * with the greater descriptor digest. May alter the order of the list. */
4356 static void
4358 {
4359  routerinfo_t *ri2;
4360  digest256map_t *by_ed_key = digest256map_new();
4361 
4362  SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
4363  ri->omit_from_vote = 0;
4364  if (ri->cache_info.signing_key_cert == NULL)
4365  continue; /* No ed key */
4366  const uint8_t *pk = ri->cache_info.signing_key_cert->signing_key.pubkey;
4367  if ((ri2 = digest256map_get(by_ed_key, pk))) {
4368  /* Duplicate; must omit one. Set the omit_from_vote flag in whichever
4369  * one has the earlier published_on. */
4370  const time_t ri_pub = ri->cache_info.published_on;
4371  const time_t ri2_pub = ri2->cache_info.published_on;
4372  if (ri2_pub < ri_pub ||
4373  (ri2_pub == ri_pub &&
4374  fast_memcmp(ri->cache_info.signed_descriptor_digest,
4375  ri2->cache_info.signed_descriptor_digest,DIGEST_LEN)<0)) {
4376  digest256map_set(by_ed_key, pk, ri);
4377  ri2->omit_from_vote = 1;
4378  } else {
4379  ri->omit_from_vote = 1;
4380  }
4381  } else {
4382  /* Add to map */
4383  digest256map_set(by_ed_key, pk, ri);
4384  }
4385  } SMARTLIST_FOREACH_END(ri);
4386 
4387  digest256map_free(by_ed_key, NULL);
4388 
4389  /* Now remove every router where the omit_from_vote flag got set. */
4390  SMARTLIST_FOREACH_BEGIN(routers, const routerinfo_t *, ri) {
4391  if (ri->omit_from_vote) {
4392  SMARTLIST_DEL_CURRENT(routers, ri);
4393  }
4394  } SMARTLIST_FOREACH_END(ri);
4395 }
4396 
4397 /** Routerstatus <b>rs</b> is part of a group of routers that are on
4398  * too narrow an IP-space. Clear out its flags since we don't want it be used
4399  * because of its Sybil-like appearance.
4400  *
4401  * Leave its BadExit flag alone though, since if we think it's a bad exit,
4402  * we want to vote that way in case all the other authorities are voting
4403  * Running and Exit.
4404  */
4405 static void
4407 {
4408  rs->is_authority = rs->is_exit = rs->is_stable = rs->is_fast =
4409  rs->is_flagged_running = rs->is_named = rs->is_valid =
4410  rs->is_hs_dir = rs->is_v2_dir = rs->is_possible_guard = 0;
4411  /* FFFF we might want some mechanism to check later on if we
4412  * missed zeroing any flags: it's easy to add a new flag but
4413  * forget to add it to this clause. */
4414 }
4415 
4416 /** Space-separated list of all the flags that we will always vote on. */
4418  "Authority "
4419  "Exit "
4420  "Fast "
4421  "Guard "
4422  "HSDir "
4423  "Stable "
4424  "StaleDesc "
4425  "V2Dir "
4426  "Valid";
4427 /** Space-separated list of all flags that we may or may not vote on,
4428  * depending on our configuration. */
4430  "BadExit "
4431  "Running";
4432 
4433 /** Return a new networkstatus_t* containing our current opinion. (For v3
4434  * authorities) */
4437  authority_cert_t *cert)
4438 {
4439  const or_options_t *options = get_options();
4440  const dirauth_options_t *d_options = dirauth_get_options();
4441  networkstatus_t *v3_out = NULL;
4442  uint32_t addr;
4443  char *hostname = NULL, *client_versions = NULL, *server_versions = NULL;
4444  const char *contact;
4445  smartlist_t *routers, *routerstatuses;
4446  char identity_digest[DIGEST_LEN];
4447  char signing_key_digest[DIGEST_LEN];
4448  const int listbadexits = d_options->AuthDirListBadExits;
4450  time_t now = time(NULL);
4451  time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
4452  networkstatus_voter_info_t *voter = NULL;
4453  vote_timing_t timing;
4454  digestmap_t *omit_as_sybil = NULL;
4455  const int vote_on_reachability = running_long_enough_to_decide_unreachable();
4456  smartlist_t *microdescriptors = NULL;
4457  smartlist_t *bw_file_headers = NULL;
4458  uint8_t bw_file_digest256[DIGEST256_LEN] = {0};
4459 
4460  tor_assert(private_key);
4461  tor_assert(cert);
4462 
4463  if (crypto_pk_get_digest(private_key, signing_key_digest)<0) {
4464  log_err(LD_BUG, "Error computing signing key digest");
4465  return NULL;
4466  }
4467  if (crypto_pk_get_digest(cert->identity_key, identity_digest)<0) {
4468  log_err(LD_BUG, "Error computing identity key digest");
4469  return NULL;
4470  }
4471  if (resolve_my_address(LOG_WARN, options, &addr, NULL, &hostname)<0) {
4472  log_warn(LD_NET, "Couldn't resolve my hostname");
4473  return NULL;
4474  }
4475  if (!hostname || !strchr(hostname, '.')) {
4476  tor_free(hostname);
4477  hostname = tor_dup_ip(addr);
4478  }
4479 
4480  if (d_options->VersioningAuthoritativeDirectory) {
4481  client_versions =
4483  server_versions =
4485  }
4486 
4487  contact = get_options()->ContactInfo;
4488  if (!contact)
4489  contact = "(none)";
4490 
4491  /*
4492  * Do this so dirserv_compute_performance_thresholds() and
4493  * set_routerstatus_from_routerinfo() see up-to-date bandwidth info.
4494  */
4495  if (options->V3BandwidthsFile) {
4497  NULL);
4498  } else {
4499  /*
4500  * No bandwidths file; clear the measured bandwidth cache in case we had
4501  * one last time around.
4502  */
4505  }
4506  }
4507 
4508  /* precompute this part, since we need it to decide what "stable"
4509  * means. */
4510  SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
4511  dirserv_set_router_is_running(ri, now);
4512  });
4513 
4514  routers = smartlist_new();
4515  smartlist_add_all(routers, rl->routers);
4516  routers_make_ed_keys_unique(routers);
4517  /* After this point, don't use rl->routers; use 'routers' instead. */
4518  routers_sort_by_identity(routers);
4519  omit_as_sybil = get_possible_sybil_list(routers);
4520 
4521  DIGESTMAP_FOREACH(omit_as_sybil, sybil_id, void *, ignore) {
4522  (void) ignore;
4523  rep_hist_make_router_pessimal(sybil_id, now);
4525 
4526  /* Count how many have measured bandwidths so we know how to assign flags;
4527  * this must come before dirserv_compute_performance_thresholds() */
4528  dirserv_count_measured_bws(routers);
4529 
4531 
4532  routerstatuses = smartlist_new();
4533  microdescriptors = smartlist_new();
4534 
4535  SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
4536  /* If it has a protover list and contains a protocol name greater than
4537  * MAX_PROTOCOL_NAME_LENGTH, skip it. */
4538  if (ri->protocol_list &&
4539  protover_contains_long_protocol_names(ri->protocol_list)) {
4540  continue;
4541  }
4542  if (ri->cache_info.published_on >= cutoff) {
4543  routerstatus_t *rs;
4544  vote_routerstatus_t *vrs;
4545  node_t *node = node_get_mutable_by_id(ri->cache_info.identity_digest);
4546  if (!node)
4547  continue;
4548 
4549  vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
4550  rs = &vrs->status;
4551  dirauth_set_routerstatus_from_routerinfo(rs, node, ri, now,
4552  listbadexits);
4553 
4554  if (ri->cache_info.signing_key_cert) {
4555  memcpy(vrs->ed25519_id,
4556  ri->cache_info.signing_key_cert->signing_key.pubkey,
4558  }
4559 
4560  if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
4562 
4563  if (!vote_on_reachability)
4564  rs->is_flagged_running = 0;
4565 
4566  vrs->version = version_from_platform(ri->platform);
4567  if (ri->protocol_list) {
4568  vrs->protocols = tor_strdup(ri->protocol_list);
4569  } else {
4570  vrs->protocols = tor_strdup(
4572  }
4574  microdescriptors);
4575 
4576  smartlist_add(routerstatuses, vrs);
4577  }
4578  } SMARTLIST_FOREACH_END(ri);
4579 
4580  {
4581  smartlist_t *added =
4583  microdescriptors, SAVED_NOWHERE, 0);
4584  smartlist_free(added);
4585  smartlist_free(microdescriptors);
4586  }
4587 
4588  smartlist_free(routers);
4589  digestmap_free(omit_as_sybil, NULL);
4590 
4591  /* Apply guardfraction information to routerstatuses. */
4592  if (options->GuardfractionFile) {
4594  routerstatuses);
4595  }
4596 
4597  /* This pass through applies the measured bw lines to the routerstatuses */
4598  if (options->V3BandwidthsFile) {
4599  /* Only set bw_file_headers when V3BandwidthsFile is configured */
4600  bw_file_headers = smartlist_new();
4602  routerstatuses, bw_file_headers,
4603  bw_file_digest256);
4604 
4605  } else {
4606  /*
4607  * No bandwidths file; clear the measured bandwidth cache in case we had
4608  * one last time around.
4609  */
4612  }
4613  }
4614 
4615  v3_out = tor_malloc_zero(sizeof(networkstatus_t));
4616 
4617  v3_out->type = NS_TYPE_VOTE;
4619  v3_out->published = now;
4620  {
4621  char tbuf[ISO_TIME_LEN+1];
4622  networkstatus_t *current_consensus =
4624  long last_consensus_interval; /* only used to pick a valid_after */
4625  if (current_consensus)
4626  last_consensus_interval = current_consensus->fresh_until -
4627  current_consensus->valid_after;
4628  else
4629  last_consensus_interval = options->TestingV3AuthInitialVotingInterval;
4630  v3_out->valid_after =
4632  (int)last_consensus_interval,
4634  format_iso_time(tbuf, v3_out->valid_after);
4635  log_notice(LD_DIR,"Choosing valid-after time in vote as %s: "
4636  "consensus_set=%d, last_interval=%d",
4637  tbuf, current_consensus?1:0, (int)last_consensus_interval);
4638  }
4639  v3_out->fresh_until = v3_out->valid_after + timing.vote_interval;
4640  v3_out->valid_until = v3_out->valid_after +
4641  (timing.vote_interval * timing.n_intervals_valid);
4642  v3_out->vote_seconds = timing.vote_delay;
4643  v3_out->dist_seconds = timing.dist_delay;
4644  tor_assert(v3_out->vote_seconds > 0);
4645  tor_assert(v3_out->dist_seconds > 0);
4646  tor_assert(timing.n_intervals_valid > 0);
4647 
4648  v3_out->client_versions = client_versions;
4649  v3_out->server_versions = server_versions;
4650 
4651  /* These are hardwired, to avoid disaster. */
4652  v3_out->recommended_relay_protocols =
4653  tor_strdup(DIRVOTE_RECCOMEND_RELAY_PROTO);
4654  v3_out->recommended_client_protocols =
4655  tor_strdup(DIRVOTE_RECCOMEND_CLIENT_PROTO);
4656 
4657  v3_out->required_relay_protocols =
4658  tor_strdup(DIRVOTE_REQUIRE_RELAY_PROTO);
4659  v3_out->required_client_protocols =
4660  tor_strdup(DIRVOTE_REQUIRE_CLIENT_PROTO);
4661 
4662  /* We are not allowed to vote to require anything we don't have. */
4663  tor_assert(protover_all_supported(v3_out->required_relay_protocols, NULL));
4664  tor_assert(protover_all_supported(v3_out->required_client_protocols, NULL));
4665 
4666  /* We should not recommend anything we don't have. */
4667  tor_assert_nonfatal(protover_all_supported(
4668  v3_out->recommended_relay_protocols, NULL));
4669  tor_assert_nonfatal(protover_all_supported(
4670  v3_out->recommended_client_protocols, NULL));
4671 
4672  v3_out->known_flags = smartlist_new();
4675  0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
4676  if (vote_on_reachability)
4677  smartlist_add_strdup(v3_out->known_flags, "Running");
4678  if (listbadexits)
4679  smartlist_add_strdup(v3_out->known_flags, "BadExit");
4681 
4682  if (d_options->ConsensusParams) {
4683  v3_out->net_params = smartlist_new();
4685  d_options->ConsensusParams, NULL, 0, 0);
4687  }
4688  v3_out->bw_file_headers = bw_file_headers;
4689  memcpy(v3_out->bw_file_digest256, bw_file_digest256, DIGEST256_LEN);
4690 
4691  voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
4692  voter->nickname = tor_strdup(options->Nickname);
4693  memcpy(voter->identity_digest, identity_digest, DIGEST_LEN);
4694  voter->sigs = smartlist_new();
4695  voter->address = hostname;
4696  voter->addr = addr;
4697  voter->dir_port = router_get_advertised_dir_port(options, 0);
4698  voter->or_port = router_get_advertised_or_port(options);
4699  voter->contact = tor_strdup(contact);
4700  if (options->V3AuthUseLegacyKey) {
4702  if (c) {
4704  log_warn(LD_BUG, "Unable to compute digest of legacy v3 identity key");
4705  memset(voter->legacy_id_digest, 0, DIGEST_LEN);
4706  }
4707  }
4708  }
4709 
4710  v3_out->voters = smartlist_new();
4711  smartlist_add(v3_out->voters, voter);
4712  v3_out->cert = authority_cert_dup(cert);
4713  v3_out->routerstatus_list = routerstatuses;
4714  /* Note: networkstatus_digest is unset; it won't get set until we actually
4715  * format the vote. */
4716 
4717  return v3_out;
4718 }
static int compute_consensus_method(smartlist_t *votes)
Definition: dirvote.c:783
Header file for dirserv.c.
int V3AuthUseLegacyKey
STATIC char * networkstatus_get_detached_signatures(smartlist_t *consensuses)
Definition: dirvote.c:2726
networkstatus_voter_info_t * networkstatus_get_voter_by_id(networkstatus_t *vote, const char *identity)
char * routerstatus_format_entry(const routerstatus_t *rs, const char *version, const char *protocols, routerstatus_format_type_t format, const vote_routerstatus_t *vrs)
const char * smartlist_get_most_frequent_string_(smartlist_t *sl, int *count_out)
Definition: smartlist.c:566
size_t onion_pkey_len
Definition: routerinfo_st.h:41
pending_vote_t * dirvote_add_vote(const char *vote_body, time_t time_posted, const char **msg_out, int *status_out)
Definition: dirvote.c:3159
common_digests_t digests
const char * dirvote_get_pending_detached_signatures(void)
Definition: dirvote.c:3748
const cached_dir_t * dirvote_get_vote(const char *fp, int flags)
Definition: dirvote.c:3762
Header file for dirclient.c.
int dirserv_get_measured_bw_cache_size(void)
Definition: bwauth.c:166
Structure dirauth_options_t to hold directory authority options.
document_signature_t * networkstatus_get_voter_sig_by_alg(const networkstatus_voter_info_t *voter, digest_algorithm_t alg)
Header for confline.c.
smartlist_t * declared_family
Definition: routerinfo_st.h:67
dircollator_t * dircollator_new(int n_votes, int n_authorities)
Definition: dircollate.c:149
Router descriptor structure.
STATIC char * compute_consensus_package_lines(smartlist_t *votes)
Definition: dirvote.c:2456
uint16_t ipv6_orport
void * strmap_get_lc(const strmap_t *map, const char *key)
Definition: map.c:393
smartlist_t * find_all_by_keyword(const smartlist_t *s, directory_keyword k)
Definition: parsecommon.c:461
Format routerstatus entries for controller, vote, or consensus.
char * policy_summarize(smartlist_t *policy, sa_family_t family)
Definition: policies.c:2636
Header file for circuitbuild.c.
smartlist_t * bw_file_headers
Header file for signing.c.
Definition: node_st.h:34
Header file for voteflags.c.
smartlist_t * routers
Definition: routerlist_st.h:32
smartlist_t * voters
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
Header for shared_random_state.c.
const char * dirvote_get_pending_consensus(consensus_flavor_t flav)
Definition: dirvote.c:3739
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
char * router_get_dirobj_signature(const char *digest, size_t digest_len, const crypto_pk_t *private_key)
Definition: signing.c:22
time_t dirvote_act(const or_options_t *options, time_t now)
Definition: dirvote.c:2836
unsigned int is_hs_dir
uint16_t router_get_advertised_or_port(const or_options_t *options)
Definition: router.c:1425
Header for dirauth_sys.c.
#define BW_WEIGHT_SCALE
Definition: or.h:1012
uint8_t bw_file_digest256[DIGEST256_LEN]
networkstatus_t * consensus
Definition: dirvote.c:115
Detached consensus signatures structure.
char * ContactInfo
Header file for guardfraction.c.
Header file for nodefamily.c.
#define MIN_VOTE_INTERVAL
Definition: dirvote.h:37
smartlist_t * net_params
networkstatus_t * networkstatus_parse_vote_from_string(const char *s, size_t len, const char **eos_out, enum networkstatus_type_t ns_type)
Definition: ns_parse.c:1061
smartlist_t * known_flags
#define MAX_KNOWN_FLAGS_IN_VOTE
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
void dirserv_count_measured_bws(const smartlist_t *routers)
Definition: bwauth.c:39
static void dirvote_clear_votes(int all_votes)
Definition: dirvote.c:3064
unsigned long tor_parse_ulong(const char *s, int base, unsigned long min, unsigned long max, int *ok, char **next)
Definition: parse_int.c:78
static const char * get_nth_protocol_set_vote(int n, const networkstatus_t *vote)
Definition: dirvote.c:1412
Parsed Tor version structure.
#define DIR_PURPOSE_FETCH_STATUS_VOTE
Definition: directory.h:50
int tor_addr_compare(const tor_addr_t *addr1, const tor_addr_t *addr2, tor_addr_comparison_t how)
Definition: address.c:954
#define LOG_INFO
Definition: log.h:45
int get_n_authorities(dirinfo_type_t type)
Definition: dirlist.c:86
Header file for nodelist.c.
const uint8_t * smartlist_get_most_frequent_digest256(smartlist_t *sl)
Definition: smartlist.c:854
Single consensus voter structure.
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:628
static void dirvote_fetch_missing_votes(void)
Definition: dirvote.c:2987
Header file for directory.c.
static char * pending_consensus_signatures
Definition: dirvote.c:2930
Microdescriptor structure.
void smartlist_add(smartlist_t *sl, void *element)
char nickname[MAX_NICKNAME_LEN+1]
void smartlist_sort_digests256(smartlist_t *sl)
Definition: smartlist.c:846
Node information structure.
int digest256_from_base64(char *digest, const char *d64)
unsigned int is_fast
static int compare_orports_(const void **_a, const void **_b)
Definition: dirvote.c:648
#define ED25519_BASE64_LEN
Definition: x25519_sizes.h:40
unsigned int is_stable
void voting_schedule_recalculate_timing(const or_options_t *options, time_t now)
Header file for config.c.
Header file for authcert.c.
char identity_digest[DIGEST_LEN]
static networkstatus_voter_info_t * get_voter(const networkstatus_t *vote)
Definition: dirvote.c:524
unsigned int is_named
static smartlist_t * previous_vote_list
Definition: dirvote.c:2923
char * sr_get_string_for_consensus(const smartlist_t *votes, int32_t num_srv_agreements)
int crypto_pk_write_public_key_to_string(crypto_pk_t *env, char **dest, size_t *len)
Definition: crypto_rsa.c:466
BOOL VersioningAuthoritativeDirectory
#define HEX_DIGEST256_LEN
Definition: crypto_digest.h:37
int networkstatus_check_document_signature(const networkstatus_t *consensus, document_signature_t *sig, const authority_cert_t *cert)
const char * find_whitespace(const char *s)
Definition: util_string.c:344
void digest_to_base64(char *d64, const char *digest)
static char * compute_consensus_versions_list(smartlist_t *lst, int n_versioning)
Definition: dirvote.c:851
const or_options_t * get_options(void)
Definition: config.c:926
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
#define tor_assert(expr)
Definition: util_bug.h:102
Header file for microdesc.c.
LINELIST RecommendedServerVersions
void smartlist_uniq_strings(smartlist_t *sl)
Definition: smartlist.c:574
void routers_sort_by_identity(smartlist_t *routers)
Definition: routerlist.c:3220
networkstatus_t * networkstatus_get_latest_consensus_by_flavor(consensus_flavor_t f)
consensus_flavor_t flavor
void ed25519_public_to_base64(char *output, const ed25519_public_key_t *pkey)
unsigned int has_bandwidth
int strcmpstart(const char *s1, const char *s2)
Definition: util_string.c:206
networkstatus_t * dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, authority_cert_t *cert)
Definition: dirvote.c:4436
#define tor_free(p)
Definition: malloc.h:52
#define MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS
Definition: dirvote.h:62
#define ED25519_PUBKEY_LEN
Definition: x25519_sizes.h:27
static char * format_protocols_lines_for_vote(const networkstatus_t *v3_ns)
Definition: dirvote.c:182
static bw_weights_error_t networkstatus_check_weights(int64_t Wgg, int64_t Wgd, int64_t Wmg, int64_t Wme, int64_t Wmd, int64_t Wee, int64_t Wed, int64_t scale, int64_t G, int64_t M, int64_t E, int64_t D, int64_t T, int64_t margin, int do_balance)
Definition: dirvote.c:1019
int smartlist_string_pos(const smartlist_t *sl, const char *element)
Definition: smartlist.c:106
#define DIR_PURPOSE_FETCH_DETACHED_SIGNATURES
Definition: directory.h:53
const char * name
Definition: config.c:2441
#define LOG_NOTICE
Definition: log.h:50
unsigned int has_exitsummary
#define SMARTLIST_DEL_CURRENT(sl, var)
Cached large directory object structure.
networkstatus_t * networkstatus_get_live_consensus(time_t now)
char signing_key_digest[DIGEST_LEN]
Header file for microdesc_parse.c.
void smartlist_sort_strings(smartlist_t *sl)
Definition: smartlist.c:549
void * strmap_set_lc(strmap_t *map, const char *key, void *val)
Definition: map.c:379
smartlist_t * smartlist_new(void)
void directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose, dirinfo_type_t type, const char *payload, size_t payload_len, size_t extrainfo_len)
Definition: dirclient.c:234
void dirserv_clear_measured_bw_cache(void)
Definition: bwauth.c:103
#define DIR_PURPOSE_UPLOAD_SIGNATURES
Definition: directory.h:47
Header file for versions.c.
int tor_version_parse(const char *s, tor_version_t *out)
Definition: versions.c:206
unsigned int is_exit
networkstatus_sr_info_t sr_info
#define STATIC
Definition: testsupport.h:32
unsigned int bw_is_unmeasured
static vote_routerstatus_t * compute_routerstatus_consensus(smartlist_t *votes, int consensus_method, char *microdesc_digest256_out, tor_addr_port_t *best_alt_orport_out)
Definition: dirvote.c:667
int validate_recommended_package_line(const char *line)
Definition: recommend_pkg.c:38
time_t voting_schedule_get_start_of_next_interval(time_t now, int interval, int offset)
int trusted_dirs_load_certs_from_string(const char *contents, int source, int flush, const char *source_dir)
Definition: authcert.c:373
int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen, int flags)
Definition: binascii.c:215
struct curve25519_public_key_t * onion_curve25519_pkey
Definition: routerinfo_st.h:45
#define N_COMMON_DIGEST_ALGORITHMS
Definition: crypto_digest.h:58
Header file for directory authority mode.
#define MAX_BW_FILE_HEADER_COUNT_IN_VOTE
Definition: bwauth.h:16
int dirserv_read_measured_bandwidths(const char *from_file, smartlist_t *routerstatuses, smartlist_t *bw_file_headers, uint8_t *digest_out)
Definition: bwauth.c:232
Trusted/fallback directory server structure.
#define DIGEST256_LEN
Definition: digest_sizes.h:23
Header file for policies.c.
Authority signature structure.
#define DIGESTMAP_FOREACH(map, keyvar, valtype, valvar)
Definition: map.h:154
unsigned int ed25519_reflects_consensus
char signed_descriptor_digest[DIGEST_LEN]
char descriptor_digest[DIGEST256_LEN]
STATIC char * make_consensus_method_list(int low, int high, const char *separator)
Definition: dirvote.c:827
size_t dir_len
Definition: cached_dir_st.h:20
void update_consensus_router_descriptor_downloads(time_t now, int is_vote, networkstatus_t *consensus)
Definition: routerlist.c:2530
void dirauth_set_routerstatus_from_routerinfo(routerstatus_t *rs, node_t *node, const routerinfo_t *ri, time_t now, int listbadexits)
Definition: voteflags.c:564
void smartlist_uniq(smartlist_t *sl, int(*compare)(const void **a, const void **b), void(*free_fn)(void *a))
Definition: smartlist.c:390
static void dirvote_clear_pending_consensuses(void)
Definition: dirvote.c:3050
static int compare_vote_rs_(const void **_a, const void **_b)
Definition: dirvote.c:640
Header file for recommend_pkg.c.
void cached_dir_decref(cached_dir_t *d)
Definition: dirserv.c:124
#define LD_CIRC
Definition: log.h:82
Code to parse and validate detached-signature objects.
smartlist_t * microdescs_parse_from_string(const char *s, const char *eos, int allow_annotations, saved_location_t where, smartlist_t *invalid_digests_out)
#define DIR_PURPOSE_UPLOAD_VOTE
Definition: directory.h:45
Header for crypto_format.c.
static int dirvote_publish_consensus(void)
Definition: dirvote.c:3686
crypto_pk_t * get_my_v3_legacy_signing_key(void)
Definition: router.c:455
void sr_handle_received_commits(smartlist_t *commits, crypto_pk_t *voter_key)
int networkstatus_verify_bw_weights(networkstatus_t *ns, int)
Definition: ns_parse.c:593
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
Definition: address.c:1169
STATIC authority_cert_t * authority_cert_dup(authority_cert_t *cert)
Definition: dirvote.c:144
static char * version_from_platform(const char *platform)
Definition: dirvote.c:4284
void directory_get_from_all_authorities(uint8_t dir_purpose, uint8_t router_purpose, const char *resource)
Definition: dirclient.c:585
#define DIGEST_LEN
Definition: digest_sizes.h:20
static int cmp_int_strings_(const void **_a, const void **_b)
Definition: dirvote.c:764
unsigned int is_possible_guard
void smartlist_add_asprintf(struct smartlist_t *sl, const char *pattern,...)
Definition: smartlist.c:36
signed_descriptor_t cache_info
Master header file for Tor-specific functionality.
static ssize_t dirvote_format_microdesc_vote_line(char *out_buf, size_t out_buf_len, const microdesc_t *md, int consensus_method_low, int consensus_method_high)
Definition: dirvote.c:3907
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
#define LD_DIRSERV
Definition: log.h:90
int networkstatus_check_consensus_signature(networkstatus_t *consensus, int warn)
Header file for bwauth.c.
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:223
uint16_t router_get_advertised_dir_port(const or_options_t *options, uint16_t dirport)
Definition: router.c:1455
void dircollator_collate(dircollator_t *dc, int consensus_method)
Definition: dircollate.c:211
static char * get_detached_signatures_from_pending_consensuses(pending_consensus_t *pending, int n_flavors)
Definition: dirvote.c:2815
static digestmap_t * get_possible_sybil_list(const smartlist_t *routers)
Definition: dirvote.c:4249
saved_location_t saved_location
tor_addr_t ipv6_addr
Header file for rephist.c.
void smartlist_remove(smartlist_t *sl, const void *element)
const char * fmt_addr32(uint32_t addr)
Definition: address.c:1181
char * recommended_relay_protocols
#define ROUTER_PURPOSE_GENERAL
#define LOG_WARN
Definition: log.h:53
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:770
unsigned int has_guardfraction
Header for routerkeys.c.
struct short_policy_t * ipv6_exit_policy
Definition: routerinfo_st.h:65
LINELIST RecommendedClientVersions
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:478
#define get_most_frequent_member(lst)
Definition: dirvote.c:591
void dirvote_free_all(void)
Definition: dirvote.c:3715
unsigned int is_running
Definition: node_st.h:63
static void extract_shared_random_commits(networkstatus_t *ns, const smartlist_t *tokens)
Definition: dirvote.c:4018
char * nodefamily_canonicalize(const char *s, const uint8_t *rsa_id_self, unsigned flags)
Definition: nodefamily.c:111
#define MIN_VOTE_SECONDS
Definition: dirvote.h:27
void tor_free_(void *mem)
Definition: malloc.c:227
vote_microdesc_hash_t * microdesc
STATIC int networkstatus_add_detached_signatures(networkstatus_t *target, ns_detached_signatures_t *sigs, const char *source, int severity, const char **msg_out)
Definition: dirvote.c:2534
char digest[DIGEST256_LEN]
Definition: microdesc_st.h:62
crypto_pk_t * crypto_pk_dup_key(crypto_pk_t *orig)
#define MIN_SUPPORTED_CONSENSUS_METHOD
Definition: dirvote.h:53
Header file for voting_schedule.c.
void dircollator_add_vote(dircollator_t *dc, networkstatus_t *v)
Definition: dircollate.c:194
#define MAX_SUPPORTED_CONSENSUS_METHOD
Definition: dirvote.h:56
directory_token_t * find_opt_by_keyword(const smartlist_t *s, directory_keyword keyword)
Definition: parsecommon.c:450
int tor_digest_is_zero(const char *digest)
Definition: util_string.c:96
void digest256_to_base64(char *d64, const char *digest)
crypto_pk_t * signing_key
void dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil)
Definition: voteflags.c:239
int resolve_my_address(int warn_severity, const or_options_t *options, uint32_t *addr_out, const char **method_out, char **hostname_out)
Definition: config.c:2797
Header for order.c.
Headers and type declarations for protover.c.
static int compare_vote_rs(const vote_routerstatus_t *a, const vote_routerstatus_t *b)
Definition: dirvote.c:598
static int consensus_method_is_supported(int method)
Definition: dirvote.c:818
#define DIGESTMAP_FOREACH_END
Definition: map.h:168
bool protover_contains_long_protocol_names(const char *s)
Definition: protover.c:305
#define MAX_BW_FILE_HEADERS_LINE_LEN
Definition: dirvote.h:75
void sort_version_list(smartlist_t *versions, int remove_duplicates)
Definition: versions.c:391
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
#define MIN_VOTES_FOR_PARAM
Definition: dirvote.c:906
#define LD_DIR
Definition: log.h:88
unsigned int omit_from_vote
Definition: routerinfo_st.h:92
static int vote_routerstatus_find_microdesc_hash(char *digest256_out, const vote_routerstatus_t *vrs, int method, digest_algorithm_t alg)
Definition: dirvote.c:478
#define DEFAULT_MAX_UNMEASURED_BW_KB
Definition: dirvote.h:67
authority_cert_t * authority_cert_get_by_digests(const char *id_digest, const char *sk_digest)
Definition: authcert.c:650
Header file for parsecommon.c.
char * Nickname
Definition: or_options_st.h:73
STATIC microdesc_t * dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method)
Definition: dirvote.c:3808
int smartlist_contains_string(const smartlist_t *sl, const char *element)
Definition: smartlist.c:93
cached_dir_t * new_cached_dir(char *s, time_t published)
Definition: dirserv.c:135
static int compare_dir_src_ents_by_authority_id_(const void **_a, const void **_b)
Definition: dirvote.c:556
int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out, int add_space)
Definition: crypto_rsa.c:229
Header file for ns_parse.c.
const char * crypto_digest_algorithm_get_name(digest_algorithm_t alg)
Definition: crypto_digest.c:44
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
void sr_act_post_consensus(const networkstatus_t *consensus)
#define ROUTER_MAX_AGE_TO_PUBLISH
Definition: or.h:161
char * sr_get_string_for_vote(void)
int dirserv_query_measured_bw_cache_kb(const char *node_id, long *bw_kb_out, time_t *as_of_out)
Definition: bwauth.c:138
void format_iso_time(char *buf, time_t t)
Definition: time_fmt.c:295
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
Definition: smartlist.c:279
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
Definition: crypto_rsa.c:356
microdesc_cache_t * get_microdesc_cache(void)
Definition: microdesc.c:250
authority_cert_t * get_my_v3_authority_cert(void)
Definition: router.c:430
static void clear_status_flags_on_sybil(routerstatus_t *rs)
Definition: dirvote.c:4406
Header file for dircollate.c.
Header file for dirvote.c.
int TestingV3AuthInitialVotingInterval
#define SMARTLIST_FOREACH(sl, type, var, cmd)
static char * networkstatus_format_signatures(networkstatus_t *consensus, int for_detached_signatures)
Definition: dirvote.c:2665
uint32_t guardfraction_percentage
Header file for router.c.
vote_routerstatus_t ** dircollator_get_votes_for_router(dircollator_t *dc, int idx)
Definition: dircollate.c:320
tor_addr_port_t * tor_addr_port_new(const tor_addr_t *addr, uint16_t port)
Definition: address.c:1995
int networkstatus_set_current_consensus(const char *consensus, size_t consensus_len, const char *flavor, unsigned flags, const char *source_dir)
const char * escaped(const char *s)
Definition: escape.c:126
routerstatus_format_type_t
#define FINGERPRINT_LEN
Definition: crypto_rsa.h:34
smartlist_t * routerstatus_list
static char * compute_nth_protocol_set(int n, int n_voters, const smartlist_t *votes)
Definition: dirvote.c:1430
struct authority_cert_t * cert
char identity_digest[DIGEST_LEN]
consensus_flavor_t
Definition: or.h:867
smartlist_t * exit_policy
Definition: routerinfo_st.h:61
#define log_fn(severity, domain, args,...)
Definition: log.h:287
uint32_t bandwidth_kb
static void update_total_bandwidth_weights(const routerstatus_t *rs, int is_exit, int is_guard, int64_t *G, int64_t *M, int64_t *E, int64_t *D, int64_t *T)
Definition: dirvote.c:1328
char * onion_pkey
Definition: routerinfo_st.h:39
crypto_pk_t * get_my_v3_authority_signing_key(void)
Definition: router.c:438
int V3AuthNIntervalsValid
int dir_split_resource_into_fingerprints(const char *resource, smartlist_t *fp_out, int *compressed_out, int flags)
Definition: directory.c:628
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
authority_cert_t * get_my_v3_legacy_cert(void)
Definition: router.c:447
STATIC int32_t dirvote_get_intermediate_param_value(const smartlist_t *param_list, const char *keyword, int32_t default_val)
Definition: dirvote.c:876
static int compare_votes_by_authority_id_(const void **_a, const void **_b)
Definition: dirvote.c:545
int protover_all_supported(const char *s, char **missing_out)
Definition: protover.c:748
sr_commit_t * sr_parse_commit(const smartlist_t *args)
const char * protover_compute_for_old_tor(const char *version)
C_RUST_COUPLED: src/rust/protover/protover.rs compute_for_old_tor
Definition: protover.c:902
void rep_hist_make_router_pessimal(const char *id, time_t when)
Definition: rephist.c:368
Definition: or.h:894
static uint32_t dirserv_get_bandwidth_for_router_kb(const routerinfo_t *ri)
Definition: dirvote.c:4156
crypto_pk_t * identity_key
#define fast_memcmp(a, b, c)
Definition: di_ops.h:28
ns_detached_signatures_t * networkstatus_parse_detached_signatures(const char *s, const char *eos)
Definition: dsigs_parse.c:67
static int compare_routerinfo_by_ip_and_bw_(const void **a, const void **b)
Definition: dirvote.c:4191
char * GuardfractionFile
STATIC char * format_networkstatus_vote(crypto_pk_t *private_signing_key, networkstatus_t *v3_ns)
Definition: dirvote.c:221
int TestingV3AuthVotingStartOffset
#define BASE64_DIGEST256_LEN
Definition: crypto_digest.h:29
Header for torcert.c.
int networkstatus_compute_bw_weights_v10(smartlist_t *chunks, int64_t G, int64_t M, int64_t E, int64_t D, int64_t T, int64_t weight_scale)
Definition: dirvote.c:1088
char * write_short_policy(const short_policy_t *policy)
Definition: policies.c:2849
Header file for dirlist.c.
static smartlist_t * pending_consensus_signature_list
Definition: dirvote.c:2934
char * V3BandwidthsFile
dir_server_t * trusteddirserver_get_by_v3_auth_digest(const char *digest)
Definition: dirlist.c:198
struct tor_cert_st * signing_key_cert
long tor_parse_long(const char *s, int base, long min, long max, int *ok, char **next)
Definition: parse_int.c:59
const char DIRVOTE_UNIVERSAL_FLAGS[]
Definition: dirvote.c:4417
#define N_CONSENSUS_FLAVORS
Definition: or.h:873
int dirserv_read_guardfraction_file(const char *fname, smartlist_t *vote_routerstatuses)
char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN]
Definition: crypto_digest.h:89
#define MAX(a, b)
Definition: cmp.h:22
uint32_t addr
Definition: routerinfo_st.h:24
int V3AuthVotingInterval
#define MIN_DIST_SECONDS
Definition: dirvote.h:32
static void dirvote_fetch_missing_signatures(void)
Definition: dirvote.c:3027
static int dirvote_compute_consensuses(void)
Definition: dirvote.c:3352
int tor_digest256_is_zero(const char *digest)
Definition: util_string.c:103
#define LD_NET
Definition: log.h:66
static int dirvote_add_signatures_to_pending_consensus(pending_consensus_t *pc, ns_detached_signatures_t *sigs, const char *source, int severity, const char **msg_out)
Definition: dirvote.c:3522
vote_microdesc_hash_t * dirvote_format_all_microdesc_vote_lines(const routerinfo_t *ri, time_t now, smartlist_t *microdescriptors_out)
Definition: dirvote.c:3959
node_t * node_get_mutable_by_id(const char *identity_digest)
Definition: nodelist.c:194
struct vote_microdesc_hash_t * next
STATIC char * networkstatus_compute_consensus(smartlist_t *votes, int total_authorities, crypto_pk_t *identity_key, crypto_pk_t *signing_key, const char *legacy_id_key_digest, crypto_pk_t *legacy_signing_key, consensus_flavor_t flavor)
Definition: dirvote.c:1493
uint8_t ed25519_id[ED25519_PUBKEY_LEN]
static smartlist_t * pending_vote_list
Definition: dirvote.c:2920
digest_algorithm_t
Definition: crypto_digest.h:44
unsigned int is_authority
Directory voting schedule structure.
static void get_frequent_members(smartlist_t *out, smartlist_t *in, int min)
Definition: dirvote.c:571
int dirvote_add_signatures(const char *detached_signatures_body, const char *source, const char **msg)
Definition: dirvote.c:3662
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:904
networkstatus_type_t type
unsigned int is_valid
STATIC smartlist_t * dirvote_compute_params(smartlist_t *votes, int method, int total_authorities)
Definition: dirvote.c:912
smartlist_t * microdescs_add_list_to_cache(microdesc_cache_t *cache, smartlist_t *descriptors, saved_location_t where, int no_save)
Definition: microdesc.c:382
char * dirserv_get_flag_thresholds_line(void)
Definition: voteflags.c:433
document_signature_t * document_signature_dup(const document_signature_t *sig)
const char * networkstatus_get_flavor_name(consensus_flavor_t flav)
static void dirvote_get_preferred_voting_intervals(vote_timing_t *timing_out)
Definition: dirvote.c:458
void smartlist_clear(smartlist_t *sl)
static void routers_make_ed_keys_unique(smartlist_t *routers)
Definition: dirvote.c:4357
static crypto_pk_t * legacy_signing_key
Definition: router.c:127
#define MIN_VOTE_INTERVAL_TESTING
Definition: dirvote.h:46
uint32_t router_get_advertised_bandwidth(const routerinfo_t *router)
Definition: routerlist.c:558
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: smartlist.c:334
int dircollator_n_routers(dircollator_t *dc)
Definition: dircollate.c:305
Authority certificate structure.
Microdescriptor-hash voting strcture.
char * protover_compute_vote(const smartlist_t *list_of_proto_strings, int threshold)
Definition: protover.c:671
static char * list_v3_auth_ids(void)
Definition: dirvote.c:3106
routerlist_t * router_get_routerlist(void)
Definition: routerlist.c:810
int have_fetched_missing_signatures
char * format_recommended_version_list(const config_line_t *ln, int warn)
Definition: dirvote.c:4306
Header file for networkstatus.c.
#define LD_BUG
Definition: log.h:86
unsigned int is_flagged_running
Router descriptor list structure.
#define CURVE25519_PUBKEY_LEN
Definition: x25519_sizes.h:20
Header file for routerlist.c.
Routerstatus (vote entry) structure.
const char DIRVOTE_OPTIONAL_FLAGS[]
Definition: dirvote.c:4429
Networkstatus consensus/vote structure.
static int dirvote_perform_vote(void)
Definition: dirvote.c:2939
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
#define fast_memeq(a, b, c)
Definition: di_ops.h:35
char * tor_dup_ip(uint32_t addr)
Definition: address.c:1948
#define T(s, t, a, o)
Definition: parsecommon.h:246