88 #define SHARED_RANDOM_PRIVATE
114 static const char current_srv_str[] =
"shared-rand-current-value";
115 static const char commit_ns_str[] =
"shared-rand-commit";
116 static const char sr_flag_ns_str[] =
"shared-rand-participate";
134 duplicate = tor_malloc_zero(
sizeof(
sr_srv_t));
150 commit = tor_malloc_zero(
sizeof(*commit));
153 base16_encode(commit->rsa_identity_hex,
sizeof(commit->rsa_identity_hex),
164 log_debug(
LD_DIR,
"SR: Commit from %s", sr_commit_get_rsa_fpr(commit));
165 log_debug(
LD_DIR,
"SR: Commit: [TS: %" PRIu64
"] [Encoded: %s]",
166 commit->
commit_ts, commit->encoded_commit);
167 log_debug(
LD_DIR,
"SR: Reveal: [TS: %" PRIu64
"] [Encoded: %s]",
180 log_debug(
LD_DIR,
"SR: Validating commit from authority %s",
181 sr_commit_get_rsa_fpr(commit));
185 log_warn(
LD_BUG,
"SR: Commit timestamp %" PRIu64
" doesn't match reveal "
195 char received_hashed_reveal[
sizeof(commit->hashed_reveal)];
211 if (
fast_memneq(received_hashed_reveal, commit->hashed_reveal,
212 sizeof(received_hashed_reveal))) {
213 log_warn(
LD_BUG,
"SR: Received reveal value from authority %s "
214 "doesn't match the commit value.",
215 sr_commit_get_rsa_fpr(commit));
257 decoded_len =
base64_decode(b64_decoded,
sizeof(b64_decoded),
258 encoded, strlen(encoded));
259 if (decoded_len < 0) {
260 log_warn(
LD_BUG,
"SR: Commit from authority %s can't be decoded.",
261 sr_commit_get_rsa_fpr(commit));
266 log_warn(
LD_BUG,
"SR: Commit from authority %s decoded length doesn't "
267 "match the expected length (%d vs %u).",
268 sr_commit_get_rsa_fpr(commit), decoded_len,
275 offset +=
sizeof(uint64_t);
277 memcpy(commit->hashed_reveal, b64_decoded + offset,
278 sizeof(commit->hashed_reveal));
280 strlcpy(commit->encoded_commit, encoded,
sizeof(commit->encoded_commit));
309 decoded_len =
base64_decode(b64_decoded,
sizeof(b64_decoded),
310 encoded, strlen(encoded));
311 if (decoded_len < 0) {
312 log_warn(
LD_BUG,
"SR: Reveal from authority %s can't be decoded.",
313 sr_commit_get_rsa_fpr(commit));
318 log_warn(
LD_BUG,
"SR: Reveal from authority %s decoded length is "
319 "doesn't match the expected length (%d vs %u)",
320 sr_commit_get_rsa_fpr(commit), decoded_len,
355 offset +=
sizeof(uint64_t);
383 offset +=
sizeof(uint64_t);
385 memcpy(buf + offset, commit->hashed_reveal,
386 sizeof(commit->hashed_reveal));
414 tor_asprintf(&element,
"%s%s", sr_commit_get_rsa_fpr(commit),
437 offset +=
sizeof(uint64_t);
439 offset +=
sizeof(uint32_t);
442 if (previous_srv != NULL) {
443 memcpy(msg + offset, previous_srv->
value,
sizeof(previous_srv->
value));
448 srv = tor_malloc_zero(
sizeof(*srv));
455 sr_srv_encode(srv_hash_encoded,
sizeof(srv_hash_encoded), srv);
456 log_info(
LD_DIR,
"SR: Generated SRV: %s", srv_hash_encoded);
467 return fast_memcmp(a->hashed_reveal, b->hashed_reveal,
468 sizeof(a->hashed_reveal));
476 char *vote_line = NULL;
484 sr_commit_get_rsa_fpr(commit),
485 commit->encoded_commit);
499 sr_commit_get_rsa_fpr(commit),
500 commit->encoded_commit, reveal_str);
507 log_debug(
LD_DIR,
"SR: Commit vote line: %s", vote_line);
522 sr_srv_encode(srv_hash_encoded,
sizeof(srv_hash_encoded), srv);
525 log_debug(
LD_DIR,
"SR: Consensus SRV line: %s", srv_str);
538 if (!prev_srv && !cur_srv) {
557 smartlist_free(chunks);
571 if (strcmp(commit_one->encoded_commit, commit_two->encoded_commit)) {
582 const char *voter_key)
606 log_debug(
LD_DIR,
"SR: Inspecting commit from %s (voter: %s)?",
607 sr_commit_get_rsa_fpr(commit),
613 log_debug(
LD_DIR,
"SR: Ignoring non-authoritative commit.");
621 log_warn(
LD_DIR,
"SR: Fingerprint %s is not from a recognized "
622 "authority. Discarding commit.",
640 "SR: Received altered commit from %s in commit phase.",
641 sr_commit_get_rsa_fpr(commit));
643 log_debug(
LD_DIR,
"SR: Ignoring known commit during commit phase.");
650 log_warn(
LD_DIR,
"SR: Commit from authority %s has a reveal value "
651 "during COMMIT phase. (voter: %s)",
652 sr_commit_get_rsa_fpr(commit),
670 log_debug(
LD_DIR,
"SR: Ignoring commit first seen in reveal phase.");
675 log_warn(
LD_DIR,
"SR: Commit from authority %s is different from "
676 "previous commit in our state (voter: %s)",
677 sr_commit_get_rsa_fpr(commit),
683 log_debug(
LD_DIR,
"SR: Ignoring commit with known reveal info.");
688 log_debug(
LD_DIR,
"SR: Ignoring commit without reveal value.");
693 log_warn(
LD_BUG,
"SR: Commit from authority %s has an invalid "
694 "reveal value. (voter: %s)",
695 sr_commit_get_rsa_fpr(commit),
749 sr_commit_free(commit);
763 int votes_required_for_majority = (n_voters / 2) + 1;
766 if (n_agreements < votes_required_for_majority) {
767 log_notice(
LD_DIR,
"SR: SRV didn't reach majority [%d/%d]!",
768 n_agreements, votes_required_for_majority);
777 log_notice(
LD_DIR,
"SR: New SRV didn't reach agreement [%d/%d]!",
832 if (!v->sr_info.participate) {
837 srv_tmp = current ? v->sr_info.current_srv : v->sr_info.previous_srv;
843 } SMARTLIST_FOREACH_END(v);
847 if (!most_frequent_srv) {
857 the_srv = most_frequent_srv;
863 log_debug(
LD_DIR,
"SR: Chosen SRV by majority: %s (%d votes)", encoded,
869 smartlist_free(srv_list);
877 if (commit == NULL) {
911 log_err(
LD_DIR,
"SR: Unable to encode our reveal value!");
926 sizeof(commit->encoded_commit)) < 0) {
927 log_err(
LD_DIR,
"SR: Unable to encode our commit value!");
931 log_debug(
LD_DIR,
"SR: Generated our commitment:");
938 sr_commit_free(commit);
947 uint64_t reveal_num = 0;
948 char *reveals = NULL;
950 digestmap_t *state_commits;
971 log_warn(
LD_DIR,
"SR: Fingerprint %s is not from a recognized "
972 "authority. Discarding commit for the SRV computation.",
973 sr_commit_get_rsa_fpr(c));
990 } SMARTLIST_FOREACH_END(c);
991 smartlist_free(commits);
1000 smartlist_free(chunks);
1028 const char *rsa_identity_fpr;
1031 if (smartlist_len(args) < 4) {
1037 value = smartlist_get(args, 0);
1038 version = (uint32_t)
tor_parse_ulong(value, 10, 1, UINT32_MAX, NULL, NULL);
1040 log_info(
LD_DIR,
"SR: Commit version %" PRIu32
" (%s) is not supported.",
1046 value = smartlist_get(args, 1);
1049 log_warn(
LD_BUG,
"SR: Commit algorithm %s is not recognized.",
1056 rsa_identity_fpr = smartlist_get(args, 2);
1059 log_warn(
LD_DIR,
"SR: RSA fingerprint %s not decodable",
1068 value = smartlist_get(args, 3);
1074 if (smartlist_len(args) > 4) {
1075 value = smartlist_get(args, 4);
1084 sr_commit_free(commit);
1100 if (commits == NULL) {
1115 sr_commit_free(commit);
1123 } SMARTLIST_FOREACH_END(commit);
1132 char *vote_str = NULL;
1133 digestmap_t *state_commits;
1142 log_debug(
LD_DIR,
"SR: Preparing our vote info:");
1166 smartlist_free(state_commit_vote_lines);
1180 smartlist_free(chunks);
1197 int32_t num_srv_agreements)
1206 log_info(
LD_DIR,
"SR: Support disabled (AuthDirSharedRandomness %d)",
1283 #ifdef TOR_UNIT_TESTS
1289 set_num_srv_agreements(int32_t value)
int authdir_mode_bridge(const or_options_t *options)
Header file for directory authority mode.
Authority certificate structure.
const char * hex_str(const char *from, size_t fromlen)
int base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen, int flags)
int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
static uint64_t tor_ntohll(uint64_t a)
static void set_uint64(void *cp, uint64_t v)
static void set_uint32(void *cp, uint32_t v)
static uint64_t tor_htonll(uint64_t a)
static uint64_t get_uint64(const void *cp)
const or_options_t * get_options(void)
Header file for config.c.
const char * crypto_digest_algorithm_get_name(digest_algorithm_t alg)
int crypto_digest_algorithm_parse_name(const char *name)
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
void crypto_strongest_rand(uint8_t *out, size_t out_len)
Common functions for using (pseudo-)random number generators.
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
int tor_memcmp(const void *a, const void *b, size_t len)
#define fast_memeq(a, b, c)
#define fast_memcmp(a, b, c)
#define fast_memneq(a, b, c)
Structure dirauth_options_t to hold directory authority options.
Header for dirauth_sys.c.
int get_n_authorities(dirinfo_type_t type)
dir_server_t * trusteddirserver_get_by_v3_auth_digest(const char *digest)
Header file for dirlist.c.
Header file for dirvote.c.
const char * escaped(const char *s)
#define DIGESTMAP_FOREACH_END
#define DIGESTMAP_FOREACH(map, keyvar, valtype, valvar)
Header file for networkstatus.c.
Networkstatus consensus/vote structure.
Master header file for Tor-specific functionality.
unsigned long tor_parse_ulong(const char *s, int base, unsigned long min, unsigned long max, int *ok, char **next)
int tor_asprintf(char **strp, const char *fmt,...)
Header file for router.c.
char * sr_get_string_for_consensus(const smartlist_t *votes, int32_t num_srv_agreements)
static char * get_srv_element_from_commit(const sr_commit_t *commit)
static int compare_reveal_(const void **_a, const void **_b)
sr_commit_t * sr_generate_our_commit(time_t timestamp, const authority_cert_t *my_rsa_cert)
static int compare_srv_(const void **_a, const void **_b)
STATIC void save_commit_during_reveal_phase(const sr_commit_t *commit)
sr_commit_t * sr_parse_commit(const smartlist_t *args)
static char * get_vote_line_from_commit(const sr_commit_t *commit, sr_phase_t phase)
static char * get_ns_str_from_sr_values(const sr_srv_t *prev_srv, const sr_srv_t *cur_srv)
STATIC int reveal_encode(const sr_commit_t *commit, char *dst, size_t len)
static const char previous_srv_str[]
void sr_save_and_cleanup(void)
static int compare_srvs_(const void **_a, const void **_b)
static int32_t num_srv_agreements_from_vote
STATIC int should_keep_commit(const sr_commit_t *commit, const char *voter_key, sr_phase_t phase)
int sr_init(int save_to_disk)
STATIC int commit_is_authoritative(const sr_commit_t *commit, const char *voter_key)
static sr_srv_t * generate_srv(const char *hashed_reveals, uint64_t reveal_num, const sr_srv_t *previous_srv)
static sr_commit_t * commit_new(const char *rsa_identity)
void sr_act_post_consensus(const networkstatus_t *consensus)
static void sr_cleanup(void)
sr_srv_t * sr_srv_dup(const sr_srv_t *orig)
STATIC void save_commit_to_state(sr_commit_t *commit)
void sr_handle_received_commits(smartlist_t *commits, crypto_pk_t *voter_key)
STATIC int commit_has_reveal_value(const sr_commit_t *commit)
STATIC int reveal_decode(const char *encoded, sr_commit_t *commit)
static void commit_log(const sr_commit_t *commit)
char * sr_get_string_for_vote(void)
static sr_srv_t * smartlist_get_most_frequent_srv(const smartlist_t *sl, int *count_out)
STATIC int commit_encode(const sr_commit_t *commit, char *dst, size_t len)
STATIC int commitments_are_the_same(const sr_commit_t *commit_one, const sr_commit_t *commit_two)
STATIC int verify_commit_and_reveal(const sr_commit_t *commit)
void sr_compute_srv(void)
STATIC int commit_decode(const char *encoded, sr_commit_t *commit)
static int should_keep_srv(int n_agreements)
STATIC sr_srv_t * get_majority_srv_from_votes(const smartlist_t *votes, int current)
static char * srv_to_ns_string(const sr_srv_t *srv, const char *key)
void sr_commit_free_(sr_commit_t *commit)
This file contains ABI/API of the shared random protocol defined in proposal #250....
#define SR_SRV_VALUE_BASE64_LEN
#define SR_REVEAL_BASE64_LEN
#define ASSERT_COMMIT_VALID(c)
#define SR_COMMIT_BASE64_LEN
void sr_srv_encode(char *dst, size_t dst_len, const sr_srv_t *srv)
Header file for shared_random_client.c.
void sr_state_update(time_t valid_after)
void sr_state_set_fresh_srv(void)
const sr_srv_t * sr_state_get_current_srv(void)
sr_commit_t * sr_state_get_commit(const char *rsa_identity)
void sr_state_free_all(void)
void sr_state_copy_reveal_info(sr_commit_t *saved_commit, const sr_commit_t *commit)
void sr_state_set_previous_srv(const sr_srv_t *srv)
const sr_srv_t * sr_state_get_previous_srv(void)
void sr_state_clean_srvs(void)
void sr_state_set_current_srv(const sr_srv_t *srv)
digestmap_t * sr_state_get_commits(void)
int sr_state_init(int save_to_disk, int read_from_disk)
void sr_state_unset_fresh_srv(void)
int sr_state_is_initialized(void)
unsigned int sr_state_srv_is_fresh(void)
void sr_state_add_commit(sr_commit_t *commit)
sr_phase_t sr_state_get_phase(void)
Header for shared_random_state.c.
void * smartlist_get_most_frequent_(const smartlist_t *sl, int(*compare)(const void **a, const void **b), int *count_out)
void smartlist_sort_strings(smartlist_t *sl)
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
crypto_pk_t * identity_key
BOOL AuthDirSharedRandomness
networkstatus_sr_info_t sr_info
char rsa_identity[DIGEST_LEN]
char encoded_reveal[SR_REVEAL_BASE64_LEN+1]
uint8_t random_number[SR_RANDOM_NUMBER_LEN]
uint8_t value[DIGEST256_LEN]
int fast_mem_is_zero(const char *mem, size_t len)
time_t dirauth_sched_get_next_valid_after_time(void)
Header file for voting_schedule.c.