search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'maint-0.4.8' into release-0.4.8
[tor.git] / src / feature / dirauth / dirvote.c
blob77148c8725203eefdaa28c92c945c20ef6c62677
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2021, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5
6 #define DIRVOTE_PRIVATE
7
8 #include "core/or/or.h"
9 #include "app/config/config.h"
10 #include "app/config/resolve_addr.h"
11 #include "core/or/policies.h"
12 #include "core/or/protover.h"
13 #include "core/or/tor_version_st.h"
14 #include "core/or/versions.h"
15 #include "feature/dirauth/bwauth.h"
16 #include "feature/dirauth/dircollate.h"
17 #include "feature/dirauth/dsigs_parse.h"
18 #include "feature/dirauth/guardfraction.h"
19 #include "feature/dirauth/recommend_pkg.h"
20 #include "feature/dirauth/voteflags.h"
21 #include "feature/dircache/dirserv.h"
22 #include "feature/dirclient/dirclient.h"
23 #include "feature/dircommon/directory.h"
24 #include "feature/dirparse/microdesc_parse.h"
25 #include "feature/dirparse/ns_parse.h"
26 #include "feature/dirparse/parsecommon.h"
27 #include "feature/dirparse/signing.h"
28 #include "feature/nodelist/authcert.h"
29 #include "feature/nodelist/dirlist.h"
30 #include "feature/nodelist/fmt_routerstatus.h"
31 #include "feature/nodelist/microdesc.h"
32 #include "feature/nodelist/networkstatus.h"
33 #include "feature/nodelist/nodefamily.h"
34 #include "feature/nodelist/nodelist.h"
35 #include "feature/nodelist/routerlist.h"
36 #include "feature/relay/router.h"
37 #include "feature/relay/routerkeys.h"
38 #include "feature/stats/rephist.h"
39 #include "feature/client/entrynodes.h" /* needed for guardfraction methods */
40 #include "feature/nodelist/torcert.h"
41 #include "feature/dirauth/voting_schedule.h"
42
43 #include "feature/dirauth/dirvote.h"
44 #include "feature/dirauth/authmode.h"
45 #include "feature/dirauth/shared_random_state.h"
46 #include "feature/dirauth/dirauth_sys.h"
47
48 #include "feature/nodelist/authority_cert_st.h"
49 #include "feature/dircache/cached_dir_st.h"
50 #include "feature/dirclient/dir_server_st.h"
51 #include "feature/dirauth/dirauth_options_st.h"
52 #include "feature/nodelist/document_signature_st.h"
53 #include "feature/nodelist/microdesc_st.h"
54 #include "feature/nodelist/networkstatus_st.h"
55 #include "feature/nodelist/networkstatus_voter_info_st.h"
56 #include "feature/nodelist/node_st.h"
57 #include "feature/dirauth/ns_detached_signatures_st.h"
58 #include "feature/nodelist/routerinfo_st.h"
59 #include "feature/nodelist/routerlist_st.h"
60 #include "feature/dirauth/vote_microdesc_hash_st.h"
61 #include "feature/nodelist/vote_routerstatus_st.h"
62 #include "feature/dircommon/vote_timing_st.h"
63
64 #include "lib/container/order.h"
65 #include "lib/encoding/confline.h"
66 #include "lib/crypt_ops/crypto_format.h"
67
68 /* Algorithm to use for the bandwidth file digest. */
69 #define DIGEST_ALG_BW_FILE DIGEST_SHA256
70
71 /**
72 * \file dirvote.c
73 * \brief Functions to compute directory consensus, and schedule voting.
74 *
75 * This module is the center of the consensus-voting based directory
76 * authority system. With this system, a set of authorities first
77 * publish vote based on their opinions of the network, and then compute
78 * a consensus from those votes. Each authority signs the consensus,
79 * and clients trust the consensus if enough known authorities have
80 * signed it.
81 *
82 * The code in this module is only invoked on directory authorities. It's
83 * responsible for:
84 *
85 * <ul>
86 * <li>Generating this authority's vote networkstatus, based on the
87 * authority's view of the network as represented in dirserv.c
88 * <li>Formatting the vote networkstatus objects.
89 * <li>Generating the microdescriptors that correspond to our own
90 * vote.
91 * <li>Sending votes to all the other authorities.
92 * <li>Trying to fetch missing votes from other authorities.
93 * <li>Computing the consensus from a set of votes, as well as
94 * a "detached signature" object for other authorities to fetch.
95 * <li>Collecting other authorities' signatures on the same consensus,
96 * until there are enough.
97 * <li>Publishing the consensus to the reset of the directory system.
98 * <li>Scheduling all of the above operations.
99 * </ul>
100 *
101 * The main entry points are in dirvote_act(), which handles scheduled
102 * actions; and dirvote_add_vote() and dirvote_add_signatures(), which
103 * handle uploaded and downloaded votes and signatures.
104 *
105 * (See dir-spec.txt from torspec.git for a complete specification of
106 * the directory protocol and voting algorithms.)
107 **/
108
109 /** A consensus that we have built and are appending signatures to. Once it's
110 * time to publish it, it will become an active consensus if it accumulates
111 * enough signatures. */
112 typedef struct pending_consensus_t {
113 /** The body of the consensus that we're currently building. Once we
114 * have it built, it goes into dirserv.c */
115 char *body;
116 /** The parsed in-progress consensus document. */
117 networkstatus_t *consensus;
118 } pending_consensus_t;
119
120 /* DOCDOC dirvote_add_signatures_to_all_pending_consensuses */
121 static int dirvote_add_signatures_to_all_pending_consensuses(
122 const char *detached_signatures_body,
123 const char *source,
124 const char **msg_out);
125 static int dirvote_add_signatures_to_pending_consensus(
126 pending_consensus_t *pc,
127 ns_detached_signatures_t *sigs,
128 const char *source,
129 int severity,
130 const char **msg_out);
131 static char *list_v3_auth_ids(void);
132 static void dirvote_fetch_missing_votes(void);
133 static void dirvote_fetch_missing_signatures(void);
134 static int dirvote_perform_vote(void);
135 static void dirvote_clear_votes(int all_votes);
136 static int dirvote_compute_consensuses(void);
137 static int dirvote_publish_consensus(void);
138
139 /* =====
140 * Certificate functions
141 * ===== */
142
143 /** Allocate and return a new authority_cert_t with the same contents as
144 * <b>cert</b>. */
145 STATIC authority_cert_t *
146 authority_cert_dup(authority_cert_t *cert)
147 {
148 authority_cert_t *out = tor_malloc(sizeof(authority_cert_t));
149 tor_assert(cert);
150
151 memcpy(out, cert, sizeof(authority_cert_t));
152 /* Now copy pointed-to things. */
153 out->cache_info.signed_descriptor_body =
154 tor_strndup(cert->cache_info.signed_descriptor_body,
155 cert->cache_info.signed_descriptor_len);
156 out->cache_info.saved_location = SAVED_NOWHERE;
157 out->identity_key = crypto_pk_dup_key(cert->identity_key);
158 out->signing_key = crypto_pk_dup_key(cert->signing_key);
159
160 return out;
161 }
162
163 /* =====
164 * Voting
165 * =====*/
166
167 /* If <b>opt_value</b> is non-NULL, return "keyword opt_value\n" in a new
168 * string. Otherwise return a new empty string. */
169 static char *
170 format_line_if_present(const char *keyword, const char *opt_value)
171 {
172 if (opt_value) {
173 char *result = NULL;
174 tor_asprintf(&result, "%s %s\n", keyword, opt_value);
175 return result;
176 } else {
177 return tor_strdup("");
178 }
179 }
180
181 /** Format the recommended/required-relay-client protocols lines for a vote in
182 * a newly allocated string, and return that string. */
183 static char *
184 format_protocols_lines_for_vote(const networkstatus_t *v3_ns)
185 {
186 char *recommended_relay_protocols_line = NULL;
187 char *recommended_client_protocols_line = NULL;
188 char *required_relay_protocols_line = NULL;
189 char *required_client_protocols_line = NULL;
190
191 recommended_relay_protocols_line =
192 format_line_if_present("recommended-relay-protocols",
193 v3_ns->recommended_relay_protocols);
194 recommended_client_protocols_line =
195 format_line_if_present("recommended-client-protocols",
196 v3_ns->recommended_client_protocols);
197 required_relay_protocols_line =
198 format_line_if_present("required-relay-protocols",
199 v3_ns->required_relay_protocols);
200 required_client_protocols_line =
201 format_line_if_present("required-client-protocols",
202 v3_ns->required_client_protocols);
203
204 char *result = NULL;
205 tor_asprintf(&result, "%s%s%s%s",
206 recommended_relay_protocols_line,
207 recommended_client_protocols_line,
208 required_relay_protocols_line,
209 required_client_protocols_line);
210
211 tor_free(recommended_relay_protocols_line);
212 tor_free(recommended_client_protocols_line);
213 tor_free(required_relay_protocols_line);
214 tor_free(required_client_protocols_line);
215
216 return result;
217 }
218
219 /** Return a new string containing the string representation of the vote in
220 * <b>v3_ns</b>, signed with our v3 signing key <b>private_signing_key</b>.
221 * For v3 authorities. */
222 STATIC char *
223 format_networkstatus_vote(crypto_pk_t *private_signing_key,
224 networkstatus_t *v3_ns)
225 {
226 smartlist_t *chunks = smartlist_new();
227 char fingerprint[FINGERPRINT_LEN+1];
228 char digest[DIGEST_LEN];
229 char *protocols_lines = NULL;
230 char *client_versions_line = NULL, *server_versions_line = NULL;
231 char *shared_random_vote_str = NULL;
232 networkstatus_voter_info_t *voter;
233 char *status = NULL;
234
235 tor_assert(private_signing_key);
236 tor_assert(v3_ns->type == NS_TYPE_VOTE || v3_ns->type == NS_TYPE_OPINION);
237
238 voter = smartlist_get(v3_ns->voters, 0);
239
240 base16_encode(fingerprint, sizeof(fingerprint),
241 v3_ns->cert->cache_info.identity_digest, DIGEST_LEN);
242
243 client_versions_line = format_line_if_present("client-versions",
244 v3_ns->client_versions);
245 server_versions_line = format_line_if_present("server-versions",
246 v3_ns->server_versions);
247 protocols_lines = format_protocols_lines_for_vote(v3_ns);
248
249 /* Get shared random commitments/reveals line(s). */
250 shared_random_vote_str = sr_get_string_for_vote();
251
252 {
253 char published[ISO_TIME_LEN+1];
254 char va[ISO_TIME_LEN+1];
255 char fu[ISO_TIME_LEN+1];
256 char vu[ISO_TIME_LEN+1];
257 char *flags = smartlist_join_strings(v3_ns->known_flags, " ", 0, NULL);
258 /* XXXX Abstraction violation: should be pulling a field out of v3_ns.*/
259 char *flag_thresholds = dirserv_get_flag_thresholds_line();
260 char *params;
261 char *bw_headers_line = NULL;
262 char *bw_file_digest = NULL;
263 authority_cert_t *cert = v3_ns->cert;
264 char *methods =
265 make_consensus_method_list(MIN_SUPPORTED_CONSENSUS_METHOD,
266 MAX_SUPPORTED_CONSENSUS_METHOD, " ");
267 format_iso_time(published, v3_ns->published);
268 format_iso_time(va, v3_ns->valid_after);
269 format_iso_time(fu, v3_ns->fresh_until);
270 format_iso_time(vu, v3_ns->valid_until);
271
272 if (v3_ns->net_params)
273 params = smartlist_join_strings(v3_ns->net_params, " ", 0, NULL);
274 else
275 params = tor_strdup("");
276 tor_assert(cert);
277
278 /* v3_ns->bw_file_headers is only set when V3BandwidthsFile is
279 * configured */
280 if (v3_ns->bw_file_headers) {
281 char *bw_file_headers = NULL;
282 /* If there are too many headers, leave the header string NULL */
283 if (! BUG(smartlist_len(v3_ns->bw_file_headers)
284 > MAX_BW_FILE_HEADER_COUNT_IN_VOTE)) {
285 bw_file_headers = smartlist_join_strings(v3_ns->bw_file_headers, " ",
286 0, NULL);
287 if (BUG(strlen(bw_file_headers) > MAX_BW_FILE_HEADERS_LINE_LEN)) {
288 /* Free and set to NULL, because the line was too long */
289 tor_free(bw_file_headers);
290 }
291 }
292 if (!bw_file_headers) {
293 /* If parsing failed, add a bandwidth header line with no entries */
294 bw_file_headers = tor_strdup("");
295 }
296 /* At this point, the line will always be present */
297 bw_headers_line = format_line_if_present("bandwidth-file-headers",
298 bw_file_headers);
299 tor_free(bw_file_headers);
300 }
301
302 /* Create bandwidth-file-digest if applicable.
303 * v3_ns->b64_digest_bw_file will contain the digest when V3BandwidthsFile
304 * is configured and the bandwidth file could be read, even if it was not
305 * parseable.
306 */
307 if (!tor_digest256_is_zero((const char *)v3_ns->bw_file_digest256)) {
308 /* Encode the digest. */
309 char b64_digest_bw_file[BASE64_DIGEST256_LEN+1] = {0};
310 digest256_to_base64(b64_digest_bw_file,
311 (const char *)v3_ns->bw_file_digest256);
312 /* "bandwidth-file-digest" 1*(SP algorithm "=" digest) NL */
313 char *digest_algo_b64_digest_bw_file = NULL;
314 tor_asprintf(&digest_algo_b64_digest_bw_file, "%s=%s",
315 crypto_digest_algorithm_get_name(DIGEST_ALG_BW_FILE),
316 b64_digest_bw_file);
317 /* No need for tor_strdup(""), format_line_if_present does it. */
318 bw_file_digest = format_line_if_present(
319 "bandwidth-file-digest", digest_algo_b64_digest_bw_file);
320 tor_free(digest_algo_b64_digest_bw_file);
321 }
322
323 const char *ip_str = fmt_addr(&voter->ipv4_addr);
324
325 if (ip_str[0]) {
326 smartlist_add_asprintf(chunks,
327 "network-status-version 3\n"
328 "vote-status %s\n"
329 "consensus-methods %s\n"
330 "published %s\n"
331 "valid-after %s\n"
332 "fresh-until %s\n"
333 "valid-until %s\n"
334 "voting-delay %d %d\n"
335 "%s%s" /* versions */
336 "%s" /* protocols */
337 "known-flags %s\n"
338 "flag-thresholds %s\n"
339 "params %s\n"
340 "%s" /* bandwidth file headers */
341 "%s" /* bandwidth file digest */
342 "dir-source %s %s %s %s %d %d\n"
343 "contact %s\n"
344 "%s" /* shared randomness information */
345 ,
346 v3_ns->type == NS_TYPE_VOTE ? "vote" : "opinion",
347 methods,
348 published, va, fu, vu,
349 v3_ns->vote_seconds, v3_ns->dist_seconds,
350 client_versions_line,
351 server_versions_line,
352 protocols_lines,
353 flags,
354 flag_thresholds,
355 params,
356 bw_headers_line ? bw_headers_line : "",
357 bw_file_digest ? bw_file_digest: "",
358 voter->nickname, fingerprint, voter->address,
359 ip_str, voter->ipv4_dirport, voter->ipv4_orport,
360 voter->contact,
361 shared_random_vote_str ?
362 shared_random_vote_str : "");
363 }
364
365 tor_free(params);
366 tor_free(flags);
367 tor_free(flag_thresholds);
368 tor_free(methods);
369 tor_free(shared_random_vote_str);
370 tor_free(bw_headers_line);
371 tor_free(bw_file_digest);
372
373 if (ip_str[0] == '\0')
374 goto err;
375
376 if (!tor_digest_is_zero(voter->legacy_id_digest)) {
377 char fpbuf[HEX_DIGEST_LEN+1];
378 base16_encode(fpbuf, sizeof(fpbuf), voter->legacy_id_digest, DIGEST_LEN);
379 smartlist_add_asprintf(chunks, "legacy-dir-key %s\n", fpbuf);
380 }
381
382 smartlist_add(chunks, tor_strndup(cert->cache_info.signed_descriptor_body,
383 cert->cache_info.signed_descriptor_len));
384 }
385
386 SMARTLIST_FOREACH_BEGIN(v3_ns->routerstatus_list, vote_routerstatus_t *,
387 vrs) {
388 char *rsf;
389 vote_microdesc_hash_t *h;
390 rsf = routerstatus_format_entry(&vrs->status,
391 vrs->version, vrs->protocols,
392 NS_V3_VOTE,
393 vrs,
394 -1);
395 if (rsf)
396 smartlist_add(chunks, rsf);
397
398 for (h = vrs->microdesc; h; h = h->next) {
399 smartlist_add_strdup(chunks, h->microdesc_hash_line);
400 }
401 } SMARTLIST_FOREACH_END(vrs);
402
403 smartlist_add_strdup(chunks, "directory-footer\n");
404
405 /* The digest includes everything up through the space after
406 * directory-signature. (Yuck.) */
407 crypto_digest_smartlist(digest, DIGEST_LEN, chunks,
408 "directory-signature ", DIGEST_SHA1);
409
410 {
411 char signing_key_fingerprint[FINGERPRINT_LEN+1];
412 if (crypto_pk_get_fingerprint(private_signing_key,
413 signing_key_fingerprint, 0)<0) {
414 log_warn(LD_BUG, "Unable to get fingerprint for signing key");
415 goto err;
416 }
417
418 smartlist_add_asprintf(chunks, "directory-signature %s %s\n", fingerprint,
419 signing_key_fingerprint);
420 }
421
422 {
423 char *sig = router_get_dirobj_signature(digest, DIGEST_LEN,
424 private_signing_key);
425 if (!sig) {
426 log_warn(LD_BUG, "Unable to sign networkstatus vote.");
427 goto err;
428 }
429 smartlist_add(chunks, sig);
430 }
431
432 status = smartlist_join_strings(chunks, "", 0, NULL);
433
434 {
435 networkstatus_t *v;
436 if (!(v = networkstatus_parse_vote_from_string(status, strlen(status),
437 NULL,
438 v3_ns->type))) {
439 log_err(LD_BUG,"Generated a networkstatus %s we couldn't parse: "
440 "<<%s>>",
441 v3_ns->type == NS_TYPE_VOTE ? "vote" : "opinion", status);
442 goto err;
443 }
444 networkstatus_vote_free(v);
445 }
446
447 goto done;
448
449 err:
450 tor_free(status);
451 done:
452 tor_free(client_versions_line);
453 tor_free(server_versions_line);
454 tor_free(protocols_lines);
455
456 SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
457 smartlist_free(chunks);
458 return status;
459 }
460
461 /** Set *<b>timing_out</b> to the intervals at which we would like to vote.
462 * Note that these aren't the intervals we'll use to vote; they're the ones
463 * that we'll vote to use. */
464 static void
465 dirvote_get_preferred_voting_intervals(vote_timing_t *timing_out)
466 {
467 const or_options_t *options = get_options();
468
469 tor_assert(timing_out);
470
471 timing_out->vote_interval = options->V3AuthVotingInterval;
472 timing_out->n_intervals_valid = options->V3AuthNIntervalsValid;
473 timing_out->vote_delay = options->V3AuthVoteDelay;
474 timing_out->dist_delay = options->V3AuthDistDelay;
475 }
476
477 /* =====
478 * Consensus generation
479 * ===== */
480
481 /** If <b>vrs</b> has a hash made for the consensus method <b>method</b> with
482 * the digest algorithm <b>alg</b>, decode it and copy it into
483 * <b>digest256_out</b> and return 0. Otherwise return -1. */
484 static int
485 vote_routerstatus_find_microdesc_hash(char *digest256_out,
486 const vote_routerstatus_t *vrs,
487 int method,
488 digest_algorithm_t alg)
489 {
490 /* XXXX only returns the sha256 method. */
491 const vote_microdesc_hash_t *h;
492 char mstr[64];
493 size_t mlen;
494 char dstr[64];
495
496 tor_snprintf(mstr, sizeof(mstr), "%d", method);
497 mlen = strlen(mstr);
498 tor_snprintf(dstr, sizeof(dstr), " %s=",
499 crypto_digest_algorithm_get_name(alg));
500
501 for (h = vrs->microdesc; h; h = h->next) {
502 const char *cp = h->microdesc_hash_line;
503 size_t num_len;
504 /* cp looks like \d+(,\d+)* (digesttype=val )+ . Let's hunt for mstr in
505 * the first part. */
506 while (1) {
507 num_len = strspn(cp, "1234567890");
508 if (num_len == mlen && fast_memeq(mstr, cp, mlen)) {
509 /* This is the line. */
510 char buf[BASE64_DIGEST256_LEN+1];
511 /* XXXX ignores extraneous stuff if the digest is too long. This
512 * seems harmless enough, right? */
513 cp = strstr(cp, dstr);
514 if (!cp)
515 return -1;
516 cp += strlen(dstr);
517 strlcpy(buf, cp, sizeof(buf));
518 return digest256_from_base64(digest256_out, buf);
519 }
520 if (num_len == 0 || cp[num_len] != ',')
521 break;
522 cp += num_len + 1;
523 }
524 }
525 return -1;
526 }
527
528 /** Given a vote <b>vote</b> (not a consensus!), return its associated
529 * networkstatus_voter_info_t. */
530 static networkstatus_voter_info_t *
531 get_voter(const networkstatus_t *vote)
532 {
533 tor_assert(vote);
534 tor_assert(vote->type == NS_TYPE_VOTE);
535 tor_assert(vote->voters);
536 tor_assert(smartlist_len(vote->voters) == 1);
537 return smartlist_get(vote->voters, 0);
538 }
539
540 /** Temporary structure used in constructing a list of dir-source entries
541 * for a consensus. One of these is generated for every vote, and one more
542 * for every legacy key in each vote. */
543 typedef struct dir_src_ent_t {
544 networkstatus_t *v;
545 const char *digest;
546 int is_legacy;
547 } dir_src_ent_t;
548
549 /** Helper for sorting networkstatus_t votes (not consensuses) by the
550 * hash of their voters' identity digests. */
551 static int
552 compare_votes_by_authority_id_(const void **_a, const void **_b)
553 {
554 const networkstatus_t *a = *_a, *b = *_b;
555 return fast_memcmp(get_voter(a)->identity_digest,
556 get_voter(b)->identity_digest, DIGEST_LEN);
557 }
558
559 /** Helper: Compare the dir_src_ent_ts in *<b>_a</b> and *<b>_b</b> by
560 * their identity digests, and return -1, 0, or 1 depending on their
561 * ordering */
562 static int
563 compare_dir_src_ents_by_authority_id_(const void **_a, const void **_b)
564 {
565 const dir_src_ent_t *a = *_a, *b = *_b;
566 const networkstatus_voter_info_t *a_v = get_voter(a->v),
567 *b_v = get_voter(b->v);
568 const char *a_id, *b_id;
569 a_id = a->is_legacy ? a_v->legacy_id_digest : a_v->identity_digest;
570 b_id = b->is_legacy ? b_v->legacy_id_digest : b_v->identity_digest;
571
572 return fast_memcmp(a_id, b_id, DIGEST_LEN);
573 }
574
575 /** Given a sorted list of strings <b>in</b>, add every member to <b>out</b>
576 * that occurs more than <b>min</b> times. */
577 static void
578 get_frequent_members(smartlist_t *out, smartlist_t *in, int min)
579 {
580 char *cur = NULL;
581 int count = 0;
582 SMARTLIST_FOREACH_BEGIN(in, char *, cp) {
583 if (cur && !strcmp(cp, cur)) {
584 ++count;
585 } else {
586 if (count > min)
587 smartlist_add(out, cur);
588 cur = cp;
589 count = 1;
590 }
591 } SMARTLIST_FOREACH_END(cp);
592 if (count > min)
593 smartlist_add(out, cur);
594 }
595
596 /** Given a sorted list of strings <b>lst</b>, return the member that appears
597 * most. Break ties in favor of later-occurring members. */
598 #define get_most_frequent_member(lst) \
599 smartlist_get_most_frequent_string(lst)
600
601 /** Return 0 if and only if <b>a</b> and <b>b</b> are routerstatuses
602 * that come from the same routerinfo, with the same derived elements.
603 */
604 static int
605 compare_vote_rs(const vote_routerstatus_t *a, const vote_routerstatus_t *b)
606 {
607 int r;
608 tor_assert(a);
609 tor_assert(b);
610
611 if ((r = fast_memcmp(a->status.identity_digest, b->status.identity_digest,
612 DIGEST_LEN)))
613 return r;
614 if ((r = fast_memcmp(a->status.descriptor_digest,
615 b->status.descriptor_digest,
616 DIGEST_LEN)))
617 return r;
618 /* If we actually reached this point, then the identities and
619 * the descriptor digests matched, so somebody is making SHA1 collisions.
620 */
621 #define CMP_FIELD(utype, itype, field) do { \
622 utype aval = (utype) (itype) a->field; \
623 utype bval = (utype) (itype) b->field; \
624 utype u = bval - aval; \
625 itype r2 = (itype) u; \
626 if (r2 < 0) { \
627 return -1; \
628 } else if (r2 > 0) { \
629 return 1; \
630 } \
631 } while (0)
632
633 CMP_FIELD(uint64_t, int64_t, published_on);
634
635 if ((r = strcmp(b->status.nickname, a->status.nickname)))
636 return r;
637
638 if ((r = tor_addr_compare(&a->status.ipv4_addr, &b->status.ipv4_addr,
639 CMP_EXACT))) {
640 return r;
641 }
642 CMP_FIELD(unsigned, int, status.ipv4_orport);
643 CMP_FIELD(unsigned, int, status.ipv4_dirport);
644
645 return 0;
646 }
647
648 /** Helper for sorting routerlists based on compare_vote_rs. */
649 static int
650 compare_vote_rs_(const void **_a, const void **_b)
651 {
652 const vote_routerstatus_t *a = *_a, *b = *_b;
653 return compare_vote_rs(a,b);
654 }
655
656 /** Helper for sorting OR ports. */
657 static int
658 compare_orports_(const void **_a, const void **_b)
659 {
660 const tor_addr_port_t *a = *_a, *b = *_b;
661 int r;
662
663 if ((r = tor_addr_compare(&a->addr, &b->addr, CMP_EXACT)))
664 return r;
665 if ((r = (((int) b->port) - ((int) a->port))))
666 return r;
667
668 return 0;
669 }
670
671 /** Given a list of vote_routerstatus_t, all for the same router identity,
672 * return whichever is most frequent, breaking ties in favor of more
673 * recently published vote_routerstatus_t and in case of ties there,
674 * in favor of smaller descriptor digest.
675 */
676 static vote_routerstatus_t *
677 compute_routerstatus_consensus(smartlist_t *votes, int consensus_method,
678 char *microdesc_digest256_out,
679 tor_addr_port_t *best_alt_orport_out)
680 {
681 vote_routerstatus_t *most = NULL, *cur = NULL;
682 int most_n = 0, cur_n = 0;
683 time_t most_published = 0;
684
685 /* compare_vote_rs_() sorts the items by identity digest (all the same),
686 * then by SD digest. That way, if we have a tie that the published_on
687 * date cannot break, we use the descriptor with the smaller digest.
688 */
689 smartlist_sort(votes, compare_vote_rs_);
690 SMARTLIST_FOREACH_BEGIN(votes, vote_routerstatus_t *, rs) {
691 if (cur && !compare_vote_rs(cur, rs)) {
692 ++cur_n;
693 } else {
694 if (cur && (cur_n > most_n ||
695 (cur_n == most_n &&
696 cur->published_on > most_published))) {
697 most = cur;
698 most_n = cur_n;
699 most_published = cur->published_on;
700 }
701 cur_n = 1;
702 cur = rs;
703 }
704 } SMARTLIST_FOREACH_END(rs);
705
706 if (cur_n > most_n ||
707 (cur && cur_n == most_n && cur->published_on > most_published)) {
708 most = cur;
709 // most_n = cur_n; // unused after this point.
710 // most_published = cur->status.published_on; // unused after this point.
711 }
712
713 tor_assert(most);
714
715 /* Vote on potential alternative (sets of) OR port(s) in the winning
716 * routerstatuses.
717 *
718 * XXX prop186 There's at most one alternative OR port (_the_ IPv6
719 * port) for now. */
720 if (best_alt_orport_out) {
721 smartlist_t *alt_orports = smartlist_new();
722 const tor_addr_port_t *most_alt_orport = NULL;
723
724 SMARTLIST_FOREACH_BEGIN(votes, vote_routerstatus_t *, rs) {
725 tor_assert(rs);
726 if (compare_vote_rs(most, rs) == 0 &&
727 !tor_addr_is_null(&rs->status.ipv6_addr)
728 && rs->status.ipv6_orport) {
729 smartlist_add(alt_orports, tor_addr_port_new(&rs->status.ipv6_addr,
730 rs->status.ipv6_orport));
731 }
732 } SMARTLIST_FOREACH_END(rs);
733
734 smartlist_sort(alt_orports, compare_orports_);
735 most_alt_orport = smartlist_get_most_frequent(alt_orports,
736 compare_orports_);
737 if (most_alt_orport) {
738 memcpy(best_alt_orport_out, most_alt_orport, sizeof(tor_addr_port_t));
739 log_debug(LD_DIR, "\"a\" line winner for %s is %s",
740 most->status.nickname,
741 fmt_addrport(&most_alt_orport->addr, most_alt_orport->port));
742 }
743
744 SMARTLIST_FOREACH(alt_orports, tor_addr_port_t *, ap, tor_free(ap));
745 smartlist_free(alt_orports);
746 }
747
748 if (microdesc_digest256_out) {
749 smartlist_t *digests = smartlist_new();
750 const uint8_t *best_microdesc_digest;
751 SMARTLIST_FOREACH_BEGIN(votes, vote_routerstatus_t *, rs) {
752 char d[DIGEST256_LEN];
753 if (compare_vote_rs(rs, most))
754 continue;
755 if (!vote_routerstatus_find_microdesc_hash(d, rs, consensus_method,
756 DIGEST_SHA256))
757 smartlist_add(digests, tor_memdup(d, sizeof(d)));
758 } SMARTLIST_FOREACH_END(rs);
759 smartlist_sort_digests256(digests);
760 best_microdesc_digest = smartlist_get_most_frequent_digest256(digests);
761 if (best_microdesc_digest)
762 memcpy(microdesc_digest256_out, best_microdesc_digest, DIGEST256_LEN);
763 SMARTLIST_FOREACH(digests, char *, cp, tor_free(cp));
764 smartlist_free(digests);
765 }
766
767 return most;
768 }
769
770 /** Sorting helper: compare two strings based on their values as base-ten
771 * positive integers. (Non-integers are treated as prior to all integers, and
772 * compared lexically.) */
773 static int
774 cmp_int_strings_(const void **_a, const void **_b)
775 {
776 const char *a = *_a, *b = *_b;
777 int ai = (int)tor_parse_long(a, 10, 1, INT_MAX, NULL, NULL);
778 int bi = (int)tor_parse_long(b, 10, 1, INT_MAX, NULL, NULL);
779 if (ai<bi) {
780 return -1;
781 } else if (ai==bi) {
782 if (ai == 0) /* Parsing failed. */
783 return strcmp(a, b);
784 return 0;
785 } else {
786 return 1;
787 }
788 }
789
790 /** Given a list of networkstatus_t votes, determine and return the number of
791 * the highest consensus method that is supported by 2/3 of the voters. */
792 static int
793 compute_consensus_method(smartlist_t *votes)
794 {
795 smartlist_t *all_methods = smartlist_new();
796 smartlist_t *acceptable_methods = smartlist_new();
797 smartlist_t *tmp = smartlist_new();
798 int min = (smartlist_len(votes) * 2) / 3;
799 int n_ok;
800 int result;
801 SMARTLIST_FOREACH(votes, networkstatus_t *, vote,
802 {
803 tor_assert(vote->supported_methods);
804 smartlist_add_all(tmp, vote->supported_methods);
805 smartlist_sort(tmp, cmp_int_strings_);
806 smartlist_uniq(tmp, cmp_int_strings_, NULL);
807 smartlist_add_all(all_methods, tmp);
808 smartlist_clear(tmp);
809 });
810
811 smartlist_sort(all_methods, cmp_int_strings_);
812 get_frequent_members(acceptable_methods, all_methods, min);
813 n_ok = smartlist_len(acceptable_methods);
814 if (n_ok) {
815 const char *best = smartlist_get(acceptable_methods, n_ok-1);
816 result = (int)tor_parse_long(best, 10, 1, INT_MAX, NULL, NULL);
817 } else {
818 result = 1;
819 }
820 smartlist_free(tmp);
821 smartlist_free(all_methods);
822 smartlist_free(acceptable_methods);
823 return result;
824 }
825
826 /** Return true iff <b>method</b> is a consensus method that we support. */
827 static int
828 consensus_method_is_supported(int method)
829 {
830 return (method >= MIN_SUPPORTED_CONSENSUS_METHOD) &&
831 (method <= MAX_SUPPORTED_CONSENSUS_METHOD);
832 }
833
834 /** Return a newly allocated string holding the numbers between low and high
835 * (inclusive) that are supported consensus methods. */
836 STATIC char *
837 make_consensus_method_list(int low, int high, const char *separator)
838 {
839 char *list;
840
841 int i;
842 smartlist_t *lst;
843 lst = smartlist_new();
844 for (i = low; i <= high; ++i) {
845 if (!consensus_method_is_supported(i))
846 continue;
847 smartlist_add_asprintf(lst, "%d", i);
848 }
849 list = smartlist_join_strings(lst, separator, 0, NULL);
850 tor_assert(list);
851 SMARTLIST_FOREACH(lst, char *, cp, tor_free(cp));
852 smartlist_free(lst);
853 return list;
854 }
855
856 /** Helper: given <b>lst</b>, a list of version strings such that every
857 * version appears once for every versioning voter who recommends it, return a
858 * newly allocated string holding the resulting client-versions or
859 * server-versions list. May change contents of <b>lst</b> */
860 static char *
861 compute_consensus_versions_list(smartlist_t *lst, int n_versioning)
862 {
863 int min = n_versioning / 2;
864 smartlist_t *good = smartlist_new();
865 char *result;
866 SMARTLIST_FOREACH_BEGIN(lst, const char *, v) {
867 if (strchr(v, ' ')) {
868 log_warn(LD_DIR, "At least one authority has voted for a version %s "
869 "that contains a space. This probably wasn't intentional, and "
870 "is likely to cause trouble. Please tell them to stop it.",
871 escaped(v));
872 }
873 } SMARTLIST_FOREACH_END(v);
874 sort_version_list(lst, 0);
875 get_frequent_members(good, lst, min);
876 result = smartlist_join_strings(good, ",", 0, NULL);
877 smartlist_free(good);
878 return result;
879 }
880
881 /** Given a list of K=V values, return the int32_t value corresponding to
882 * KEYWORD=, or default_val if no such value exists, or if the value is
883 * corrupt.
884 */
885 STATIC int32_t
886 dirvote_get_intermediate_param_value(const smartlist_t *param_list,
887 const char *keyword,
888 int32_t default_val)
889 {
890 unsigned int n_found = 0;
891 int32_t value = default_val;
892
893 SMARTLIST_FOREACH_BEGIN(param_list, const char *, k_v_pair) {
894 if (!strcmpstart(k_v_pair, keyword) && k_v_pair[strlen(keyword)] == '=') {
895 const char *integer_str = &k_v_pair[strlen(keyword)+1];
896 int ok;
897 value = (int32_t)
898 tor_parse_long(integer_str, 10, INT32_MIN, INT32_MAX, &ok, NULL);
899 if (BUG(!ok))
900 return default_val;
901 ++n_found;
902 }
903 } SMARTLIST_FOREACH_END(k_v_pair);
904
905 if (n_found == 1) {
906 return value;
907 } else {
908 tor_assert_nonfatal(n_found == 0);
909 return default_val;
910 }
911 }
912
913 /** Minimum number of directory authorities voting for a parameter to
914 * include it in the consensus, if consensus method 12 or later is to be
915 * used. See proposal 178 for details. */
916 #define MIN_VOTES_FOR_PARAM 3
917
918 /** Helper: given a list of valid networkstatus_t, return a new smartlist
919 * containing the contents of the consensus network parameter set.
920 */
921 STATIC smartlist_t *
922 dirvote_compute_params(smartlist_t *votes, int method, int total_authorities)
923 {
924 int i;
925 int32_t *vals;
926
927 int cur_param_len;
928 const char *cur_param;
929 const char *eq;
930
931 const int n_votes = smartlist_len(votes);
932 smartlist_t *output;
933 smartlist_t *param_list = smartlist_new();
934 (void) method;
935
936 /* We require that the parameter lists in the votes are well-formed: that
937 is, that their keywords are unique and sorted, and that their values are
938 between INT32_MIN and INT32_MAX inclusive. This should be guaranteed by
939 the parsing code. */
940
941 vals = tor_calloc(n_votes, sizeof(int));
942
943 SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
944 if (!v->net_params)
945 continue;
946 smartlist_add_all(param_list, v->net_params);
947 } SMARTLIST_FOREACH_END(v);
948
949 if (smartlist_len(param_list) == 0) {
950 tor_free(vals);
951 return param_list;
952 }
953
954 smartlist_sort_strings(param_list);
955 i = 0;
956 cur_param = smartlist_get(param_list, 0);
957 eq = strchr(cur_param, '=');
958 tor_assert(eq);
959 cur_param_len = (int)(eq+1 - cur_param);
960
961 output = smartlist_new();
962
963 SMARTLIST_FOREACH_BEGIN(param_list, const char *, param) {
964 /* resolve spurious clang shallow analysis null pointer errors */
965 tor_assert(param);
966
967 const char *next_param;
968 int ok=0;
969 eq = strchr(param, '=');
970 tor_assert(i<n_votes); /* Make sure we prevented vote-stuffing. */
971 vals[i++] = (int32_t)
972 tor_parse_long(eq+1, 10, INT32_MIN, INT32_MAX, &ok, NULL);
973 tor_assert(ok); /* Already checked these when parsing. */
974
975 if (param_sl_idx+1 == smartlist_len(param_list))
976 next_param = NULL;
977 else
978 next_param = smartlist_get(param_list, param_sl_idx+1);
979
980 if (!next_param || strncmp(next_param, param, cur_param_len)) {
981 /* We've reached the end of a series. */
982 /* Make sure enough authorities voted on this param, unless the
983 * the consensus method we use is too old for that. */
984 if (i > total_authorities/2 ||
985 i >= MIN_VOTES_FOR_PARAM) {
986 int32_t median = median_int32(vals, i);
987 char *out_string = tor_malloc(64+cur_param_len);
988 memcpy(out_string, param, cur_param_len);
989 tor_snprintf(out_string+cur_param_len,64, "%ld", (long)median);
990 smartlist_add(output, out_string);
991 }
992
993 i = 0;
994 if (next_param) {
995 eq = strchr(next_param, '=');
996 cur_param_len = (int)(eq+1 - next_param);
997 }
998 }
999 } SMARTLIST_FOREACH_END(param);
1000
1001 smartlist_free(param_list);
1002 tor_free(vals);
1003 return output;
1004 }
1005
1006 #define RANGE_CHECK(a,b,c,d,e,f,g,mx) \
1007 ((a) >= 0 && (a) <= (mx) && (b) >= 0 && (b) <= (mx) && \
1008 (c) >= 0 && (c) <= (mx) && (d) >= 0 && (d) <= (mx) && \
1009 (e) >= 0 && (e) <= (mx) && (f) >= 0 && (f) <= (mx) && \
1010 (g) >= 0 && (g) <= (mx))
1011
1012 #define CHECK_EQ(a, b, margin) \
1013 ((a)-(b) >= 0 ? (a)-(b) <= (margin) : (b)-(a) <= (margin))
1014
1015 typedef enum {
1016 BW_WEIGHTS_NO_ERROR = 0,
1017 BW_WEIGHTS_RANGE_ERROR = 1,
1018 BW_WEIGHTS_SUMG_ERROR = 2,
1019 BW_WEIGHTS_SUME_ERROR = 3,
1020 BW_WEIGHTS_SUMD_ERROR = 4,
1021 BW_WEIGHTS_BALANCE_MID_ERROR = 5,
1022 BW_WEIGHTS_BALANCE_EG_ERROR = 6
1023 } bw_weights_error_t;
1024
1025 /**
1026 * Verify that any weightings satisfy the balanced formulas.
1027 */
1028 static bw_weights_error_t
1029 networkstatus_check_weights(int64_t Wgg, int64_t Wgd, int64_t Wmg,
1030 int64_t Wme, int64_t Wmd, int64_t Wee,
1031 int64_t Wed, int64_t scale, int64_t G,
1032 int64_t M, int64_t E, int64_t D, int64_t T,
1033 int64_t margin, int do_balance) {
1034 bw_weights_error_t berr = BW_WEIGHTS_NO_ERROR;
1035
1036 // Wed + Wmd + Wgd == 1
1037 if (!CHECK_EQ(Wed + Wmd + Wgd, scale, margin)) {
1038 berr = BW_WEIGHTS_SUMD_ERROR;
1039 goto out;
1040 }
1041
1042 // Wmg + Wgg == 1
1043 if (!CHECK_EQ(Wmg + Wgg, scale, margin)) {
1044 berr = BW_WEIGHTS_SUMG_ERROR;
1045 goto out;
1046 }
1047
1048 // Wme + Wee == 1
1049 if (!CHECK_EQ(Wme + Wee, scale, margin)) {
1050 berr = BW_WEIGHTS_SUME_ERROR;
1051 goto out;
1052 }
1053
1054 // Verify weights within range 0->1
1055 if (!RANGE_CHECK(Wgg, Wgd, Wmg, Wme, Wmd, Wed, Wee, scale)) {
1056 berr = BW_WEIGHTS_RANGE_ERROR;
1057 goto out;
1058 }
1059
1060 if (do_balance) {
1061 // Wgg*G + Wgd*D == Wee*E + Wed*D, already scaled
1062 if (!CHECK_EQ(Wgg*G + Wgd*D, Wee*E + Wed*D, (margin*T)/3)) {
1063 berr = BW_WEIGHTS_BALANCE_EG_ERROR;
1064 goto out;
1065 }
1066
1067 // Wgg*G + Wgd*D == M*scale + Wmd*D + Wme*E + Wmg*G, already scaled
1068 if (!CHECK_EQ(Wgg*G + Wgd*D, M*scale + Wmd*D + Wme*E + Wmg*G,
1069 (margin*T)/3)) {
1070 berr = BW_WEIGHTS_BALANCE_MID_ERROR;
1071 goto out;
1072 }
1073 }
1074
1075 out:
1076 if (berr) {
1077 log_info(LD_DIR,
1078 "Bw weight mismatch %d. G=%"PRId64" M=%"PRId64
1079 " E=%"PRId64" D=%"PRId64" T=%"PRId64
1080 " Wmd=%d Wme=%d Wmg=%d Wed=%d Wee=%d"
1081 " Wgd=%d Wgg=%d Wme=%d Wmg=%d",
1082 berr,
1083 (G), (M), (E),
1084 (D), (T),
1085 (int)Wmd, (int)Wme, (int)Wmg, (int)Wed, (int)Wee,
1086 (int)Wgd, (int)Wgg, (int)Wme, (int)Wmg);
1087 }
1088
1089 return berr;
1090 }
1091
1092 /**
1093 * This function computes the bandwidth weights for consensus method 10.
1094 *
1095 * It returns true if weights could be computed, false otherwise.
1096 */
1097 int
1098 networkstatus_compute_bw_weights_v10(smartlist_t *chunks, int64_t G,
1099 int64_t M, int64_t E, int64_t D,
1100 int64_t T, int64_t weight_scale)
1101 {
1102 bw_weights_error_t berr = 0;
1103 int64_t Wgg = -1, Wgd = -1;
1104 int64_t Wmg = -1, Wme = -1, Wmd = -1;
1105 int64_t Wed = -1, Wee = -1;
1106 const char *casename;
1107
1108 if (G <= 0 || M <= 0 || E <= 0 || D <= 0) {
1109 log_warn(LD_DIR, "Consensus with empty bandwidth: "
1110 "G=%"PRId64" M=%"PRId64" E=%"PRId64
1111 " D=%"PRId64" T=%"PRId64,
1112 (G), (M), (E),
1113 (D), (T));
1114 return 0;
1115 }
1116
1117 /*
1118 * Computed from cases in 3.8.3 of dir-spec.txt
1119 *
1120 * 1. Neither are scarce
1121 * 2. Both Guard and Exit are scarce
1122 * a. R+D <= S
1123 * b. R+D > S
1124 * 3. One of Guard or Exit is scarce
1125 * a. S+D < T/3
1126 * b. S+D >= T/3
1127 */
1128 if (3*E >= T && 3*G >= T) { // E >= T/3 && G >= T/3
1129 /* Case 1: Neither are scarce. */
1130 casename = "Case 1 (Wgd=Wmd=Wed)";
1131 Wgd = weight_scale/3;
1132 Wed = weight_scale/3;
1133 Wmd = weight_scale/3;
1134 Wee = (weight_scale*(E+G+M))/(3*E);
1135 Wme = weight_scale - Wee;
1136 Wmg = (weight_scale*(2*G-E-M))/(3*G);
1137 Wgg = weight_scale - Wmg;
1138
1139 berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed,
1140 weight_scale, G, M, E, D, T, 10, 1);
1141
1142 if (berr) {
1143 log_warn(LD_DIR,
1144 "Bw Weights error %d for %s v10. G=%"PRId64" M=%"PRId64
1145 " E=%"PRId64" D=%"PRId64" T=%"PRId64
1146 " Wmd=%d Wme=%d Wmg=%d Wed=%d Wee=%d"
1147 " Wgd=%d Wgg=%d Wme=%d Wmg=%d weight_scale=%d",
1148 berr, casename,
1149 (G), (M), (E),
1150 (D), (T),
1151 (int)Wmd, (int)Wme, (int)Wmg, (int)Wed, (int)Wee,
1152 (int)Wgd, (int)Wgg, (int)Wme, (int)Wmg, (int)weight_scale);
1153 return 0;
1154 }
1155 } else if (3*E < T && 3*G < T) { // E < T/3 && G < T/3
1156 int64_t R = MIN(E, G);
1157 int64_t S = MAX(E, G);
1158 /*
1159 * Case 2: Both Guards and Exits are scarce
1160 * Balance D between E and G, depending upon
1161 * D capacity and scarcity.
1162 */
1163 if (R+D < S) { // Subcase a
1164 Wgg = weight_scale;
1165 Wee = weight_scale;
1166 Wmg = 0;
1167 Wme = 0;
1168 Wmd = 0;
1169 if (E < G) {
1170 casename = "Case 2a (E scarce)";
1171 Wed = weight_scale;
1172 Wgd = 0;
1173 } else { /* E >= G */
1174 casename = "Case 2a (G scarce)";
1175 Wed = 0;
1176 Wgd = weight_scale;
1177 }
1178 } else { // Subcase b: R+D >= S
1179 casename = "Case 2b1 (Wgg=weight_scale, Wmd=Wgd)";
1180 Wee = (weight_scale*(E - G + M))/E;
1181 Wed = (weight_scale*(D - 2*E + 4*G - 2*M))/(3*D);
1182 Wme = (weight_scale*(G-M))/E;
1183 Wmg = 0;
1184 Wgg = weight_scale;
1185 Wmd = (weight_scale - Wed)/2;
1186 Wgd = (weight_scale - Wed)/2;
1187
1188 berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed,
1189 weight_scale, G, M, E, D, T, 10, 1);
1190
1191 if (berr) {
1192 casename = "Case 2b2 (Wgg=weight_scale, Wee=weight_scale)";
1193 Wgg = weight_scale;
1194 Wee = weight_scale;
1195 Wed = (weight_scale*(D - 2*E + G + M))/(3*D);
1196 Wmd = (weight_scale*(D - 2*M + G + E))/(3*D);
1197 Wme = 0;
1198 Wmg = 0;
1199
1200 if (Wmd < 0) { // Can happen if M > T/3
1201 casename = "Case 2b3 (Wmd=0)";
1202 Wmd = 0;
1203 log_warn(LD_DIR,
1204 "Too much Middle bandwidth on the network to calculate "
1205 "balanced bandwidth-weights. Consider increasing the "
1206 "number of Guard nodes by lowering the requirements.");
1207 }
1208 Wgd = weight_scale - Wed - Wmd;
1209 berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee,
1210 Wed, weight_scale, G, M, E, D, T, 10, 1);
1211 }
1212 if (berr != BW_WEIGHTS_NO_ERROR &&
1213 berr != BW_WEIGHTS_BALANCE_MID_ERROR) {
1214 log_warn(LD_DIR,
1215 "Bw Weights error %d for %s v10. G=%"PRId64" M=%"PRId64
1216 " E=%"PRId64" D=%"PRId64" T=%"PRId64
1217 " Wmd=%d Wme=%d Wmg=%d Wed=%d Wee=%d"
1218 " Wgd=%d Wgg=%d Wme=%d Wmg=%d weight_scale=%d",
1219 berr, casename,
1220 (G), (M), (E),
1221 (D), (T),
1222 (int)Wmd, (int)Wme, (int)Wmg, (int)Wed, (int)Wee,
1223 (int)Wgd, (int)Wgg, (int)Wme, (int)Wmg, (int)weight_scale);
1224 return 0;
1225 }
1226 }
1227 } else { // if (E < T/3 || G < T/3) {
1228 int64_t S = MIN(E, G);
1229 // Case 3: Exactly one of Guard or Exit is scarce
1230 if (!(3*E < T || 3*G < T) || !(3*G >= T || 3*E >= T)) {
1231 log_warn(LD_BUG,
1232 "Bw-Weights Case 3 v10 but with G=%"PRId64" M="
1233 "%"PRId64" E=%"PRId64" D=%"PRId64" T=%"PRId64,
1234 (G), (M), (E),
1235 (D), (T));
1236 }
1237
1238 if (3*(S+D) < T) { // Subcase a: S+D < T/3
1239 if (G < E) {
1240 casename = "Case 3a (G scarce)";
1241 Wgg = Wgd = weight_scale;
1242 Wmd = Wed = Wmg = 0;
1243 // Minor subcase, if E is more scarce than M,
1244 // keep its bandwidth in place.
1245 if (E < M) Wme = 0;
1246 else Wme = (weight_scale*(E-M))/(2*E);
1247 Wee = weight_scale-Wme;
1248 } else { // G >= E
1249 casename = "Case 3a (E scarce)";
1250 Wee = Wed = weight_scale;
1251 Wmd = Wgd = Wme = 0;
1252 // Minor subcase, if G is more scarce than M,
1253 // keep its bandwidth in place.
1254 if (G < M) Wmg = 0;
1255 else Wmg = (weight_scale*(G-M))/(2*G);
1256 Wgg = weight_scale-Wmg;
1257 }
1258 } else { // Subcase b: S+D >= T/3
1259 // D != 0 because S+D >= T/3
1260 if (G < E) {
1261 casename = "Case 3bg (G scarce, Wgg=weight_scale, Wmd == Wed)";
1262 Wgg = weight_scale;
1263 Wgd = (weight_scale*(D - 2*G + E + M))/(3*D);
1264 Wmg = 0;
1265 Wee = (weight_scale*(E+M))/(2*E);
1266 Wme = weight_scale - Wee;
1267 Wmd = (weight_scale - Wgd)/2;
1268 Wed = (weight_scale - Wgd)/2;
1269
1270 berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee,
1271 Wed, weight_scale, G, M, E, D, T, 10, 1);
1272 } else { // G >= E
1273 casename = "Case 3be (E scarce, Wee=weight_scale, Wmd == Wgd)";
1274 Wee = weight_scale;
1275 Wed = (weight_scale*(D - 2*E + G + M))/(3*D);
1276 Wme = 0;
1277 Wgg = (weight_scale*(G+M))/(2*G);
1278 Wmg = weight_scale - Wgg;
1279 Wmd = (weight_scale - Wed)/2;
1280 Wgd = (weight_scale - Wed)/2;
1281
1282 berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee,
1283 Wed, weight_scale, G, M, E, D, T, 10, 1);
1284 }
1285 if (berr) {
1286 log_warn(LD_DIR,
1287 "Bw Weights error %d for %s v10. G=%"PRId64" M=%"PRId64
1288 " E=%"PRId64" D=%"PRId64" T=%"PRId64
1289 " Wmd=%d Wme=%d Wmg=%d Wed=%d Wee=%d"
1290 " Wgd=%d Wgg=%d Wme=%d Wmg=%d weight_scale=%d",
1291 berr, casename,
1292 (G), (M), (E),
1293 (D), (T),
1294 (int)Wmd, (int)Wme, (int)Wmg, (int)Wed, (int)Wee,
1295 (int)Wgd, (int)Wgg, (int)Wme, (int)Wmg, (int)weight_scale);
1296 return 0;
1297 }
1298 }
1299 }
1300
1301 /* We cast down the weights to 32 bit ints on the assumption that
1302 * weight_scale is ~= 10000. We need to ensure a rogue authority
1303 * doesn't break this assumption to rig our weights */
1304 tor_assert(0 < weight_scale && weight_scale <= INT32_MAX);
1305
1306 /*
1307 * Provide Wgm=Wgg, Wmm=weight_scale, Wem=Wee, Weg=Wed. May later determine
1308 * that middle nodes need different bandwidth weights for dirport traffic,
1309 * or that weird exit policies need special weight, or that bridges
1310 * need special weight.
1311 *
1312 * NOTE: This list is sorted.
1313 */
1314 smartlist_add_asprintf(chunks,
1315 "bandwidth-weights Wbd=%d Wbe=%d Wbg=%d Wbm=%d "
1316 "Wdb=%d "
1317 "Web=%d Wed=%d Wee=%d Weg=%d Wem=%d "
1318 "Wgb=%d Wgd=%d Wgg=%d Wgm=%d "
1319 "Wmb=%d Wmd=%d Wme=%d Wmg=%d Wmm=%d\n",
1320 (int)Wmd, (int)Wme, (int)Wmg, (int)weight_scale,
1321 (int)weight_scale,
1322 (int)weight_scale, (int)Wed, (int)Wee, (int)Wed, (int)Wee,
1323 (int)weight_scale, (int)Wgd, (int)Wgg, (int)Wgg,
1324 (int)weight_scale, (int)Wmd, (int)Wme, (int)Wmg, (int)weight_scale);
1325
1326 log_notice(LD_CIRC, "Computed bandwidth weights for %s with v10: "
1327 "G=%"PRId64" M=%"PRId64" E=%"PRId64" D=%"PRId64
1328 " T=%"PRId64,
1329 casename,
1330 (G), (M), (E),
1331 (D), (T));
1332 return 1;
1333 }
1334
1335 /** Update total bandwidth weights (G/M/E/D/T) with the bandwidth of
1336 * the router in <b>rs</b>. */
1337 static void
1338 update_total_bandwidth_weights(const routerstatus_t *rs,
1339 int is_exit, int is_guard,
1340 int64_t *G, int64_t *M, int64_t *E, int64_t *D,
1341 int64_t *T)
1342 {
1343 int default_bandwidth = rs->bandwidth_kb;
1344 int guardfraction_bandwidth = 0;
1345
1346 if (!rs->has_bandwidth) {
1347 log_info(LD_BUG, "Missing consensus bandwidth for router %s",
1348 rs->nickname);
1349 return;
1350 }
1351
1352 /* If this routerstatus represents a guard that we have
1353 * guardfraction information on, use it to calculate its actual
1354 * bandwidth. From proposal236:
1355 *
1356 * Similarly, when calculating the bandwidth-weights line as in
1357 * section 3.8.3 of dir-spec.txt, directory authorities should treat N
1358 * as if fraction F of its bandwidth has the guard flag and (1-F) does
1359 * not. So when computing the totals G,M,E,D, each relay N with guard
1360 * visibility fraction F and bandwidth B should be added as follows:
1361 *
1362 * G' = G + F*B, if N does not have the exit flag
1363 * M' = M + (1-F)*B, if N does not have the exit flag
1364 *
1365 * or
1366 *
1367 * D' = D + F*B, if N has the exit flag
1368 * E' = E + (1-F)*B, if N has the exit flag
1369 *
1370 * In this block of code, we prepare the bandwidth values by setting
1371 * the default_bandwidth to F*B and guardfraction_bandwidth to (1-F)*B.
1372 */
1373 if (rs->has_guardfraction) {
1374 guardfraction_bandwidth_t guardfraction_bw;
1375
1376 tor_assert(is_guard);
1377
1378 guard_get_guardfraction_bandwidth(&guardfraction_bw,
1379 rs->bandwidth_kb,
1380 rs->guardfraction_percentage);
1381
1382 default_bandwidth = guardfraction_bw.guard_bw;
1383 guardfraction_bandwidth = guardfraction_bw.non_guard_bw;
1384 }
1385
1386 /* Now calculate the total bandwidth weights with or without
1387 * guardfraction. Depending on the flags of the relay, add its
1388 * bandwidth to the appropriate weight pool. If it's a guard and
1389 * guardfraction is enabled, add its bandwidth to both pools as
1390 * indicated by the previous comment.
1391 */
1392 *T += default_bandwidth;
1393 if (is_exit && is_guard) {
1394
1395 *D += default_bandwidth;
1396 if (rs->has_guardfraction) {
1397 *E += guardfraction_bandwidth;
1398 }
1399
1400 } else if (is_exit) {
1401
1402 *E += default_bandwidth;
1403
1404 } else if (is_guard) {
1405
1406 *G += default_bandwidth;
1407 if (rs->has_guardfraction) {
1408 *M += guardfraction_bandwidth;
1409 }
1410
1411 } else {
1412
1413 *M += default_bandwidth;
1414 }
1415 }
1416
1417 /** Considering the different recommended/required protocols sets as a
1418 * 4-element array, return the element from <b>vote</b> for that protocol
1419 * set.
1420 */
1421 static const char *
1422 get_nth_protocol_set_vote(int n, const networkstatus_t *vote)
1423 {
1424 switch (n) {
1425 case 0: return vote->recommended_client_protocols;
1426 case 1: return vote->recommended_relay_protocols;
1427 case 2: return vote->required_client_protocols;
1428 case 3: return vote->required_relay_protocols;
1429 default:
1430 tor_assert_unreached();
1431 return NULL;
1432 }
1433 }
1434
1435 /** Considering the different recommended/required protocols sets as a
1436 * 4-element array, return a newly allocated string for the consensus value
1437 * for the n'th set.
1438 */
1439 static char *
1440 compute_nth_protocol_set(int n, int n_voters, const smartlist_t *votes)
1441 {
1442 const char *keyword;
1443 smartlist_t *proto_votes = smartlist_new();
1444 int threshold;
1445 switch (n) {
1446 case 0:
1447 keyword = "recommended-client-protocols";
1448 threshold = CEIL_DIV(n_voters, 2);
1449 break;
1450 case 1:
1451 keyword = "recommended-relay-protocols";
1452 threshold = CEIL_DIV(n_voters, 2);
1453 break;
1454 case 2:
1455 keyword = "required-client-protocols";
1456 threshold = CEIL_DIV(n_voters * 2, 3);
1457 break;
1458 case 3:
1459 keyword = "required-relay-protocols";
1460 threshold = CEIL_DIV(n_voters * 2, 3);
1461 break;
1462 default:
1463 tor_assert_unreached();
1464 return NULL;
1465 }
1466
1467 SMARTLIST_FOREACH_BEGIN(votes, const networkstatus_t *, ns) {
1468 const char *v = get_nth_protocol_set_vote(n, ns);
1469 if (v)
1470 smartlist_add(proto_votes, (void*)v);
1471 } SMARTLIST_FOREACH_END(ns);
1472
1473 char *protocols = protover_compute_vote(proto_votes, threshold);
1474 smartlist_free(proto_votes);
1475
1476 char *result = NULL;
1477 tor_asprintf(&result, "%s %s\n", keyword, protocols);
1478 tor_free(protocols);
1479
1480 return result;
1481 }
1482
1483 /** Helper: Takes a smartlist of `const char *` flags, and a flag to remove.
1484 *
1485 * Removes that flag if it is present in the list. Doesn't free it.
1486 */
1487 static void
1488 remove_flag(smartlist_t *sl, const char *flag)
1489 {
1490 /* We can't use smartlist_string_remove() here, since that doesn't preserve
1491 * order, and since it frees elements from the string. */
1492
1493 int idx = smartlist_string_pos(sl, flag);
1494 if (idx >= 0)
1495 smartlist_del_keeporder(sl, idx);
1496 }
1497
1498 /** Given a list of vote networkstatus_t in <b>votes</b>, our public
1499 * authority <b>identity_key</b>, our private authority <b>signing_key</b>,
1500 * and the number of <b>total_authorities</b> that we believe exist in our
1501 * voting quorum, generate the text of a new v3 consensus or microdescriptor
1502 * consensus (depending on <b>flavor</b>), and return the value in a newly
1503 * allocated string.
1504 *
1505 * Note: this function DOES NOT check whether the votes are from
1506 * recognized authorities. (dirvote_add_vote does that.)
1507 *
1508 * <strong>WATCH OUT</strong>: You need to think before you change the
1509 * behavior of this function, or of the functions it calls! If some
1510 * authorities compute the consensus with a different algorithm than
1511 * others, they will not reach the same result, and they will not all
1512 * sign the same thing! If you really need to change the algorithm
1513 * here, you should allocate a new "consensus_method" for the new
1514 * behavior, and make the new behavior conditional on a new-enough
1515 * consensus_method.
1516 **/
1517 STATIC char *
1518 networkstatus_compute_consensus(smartlist_t *votes,
1519 int total_authorities,
1520 crypto_pk_t *identity_key,
1521 crypto_pk_t *signing_key,
1522 const char *legacy_id_key_digest,
1523 crypto_pk_t *legacy_signing_key,
1524 consensus_flavor_t flavor)
1525 {
1526 smartlist_t *chunks;
1527 char *result = NULL;
1528 int consensus_method;
1529 time_t valid_after, fresh_until, valid_until;
1530 int vote_seconds, dist_seconds;
1531 char *client_versions = NULL, *server_versions = NULL;
1532 smartlist_t *flags;
1533 const char *flavor_name;
1534 uint32_t max_unmeasured_bw_kb = DEFAULT_MAX_UNMEASURED_BW_KB;
1535 int64_t G, M, E, D, T; /* For bandwidth weights */
1536 const routerstatus_format_type_t rs_format =
1537 flavor == FLAV_NS ? NS_V3_CONSENSUS : NS_V3_CONSENSUS_MICRODESC;
1538 char *params = NULL;
1539 char *packages = NULL;
1540 int added_weights = 0;
1541 dircollator_t *collator = NULL;
1542 smartlist_t *param_list = NULL;
1543
1544 tor_assert(flavor == FLAV_NS || flavor == FLAV_MICRODESC);
1545 tor_assert(total_authorities >= smartlist_len(votes));
1546 tor_assert(total_authorities > 0);
1547
1548 flavor_name = networkstatus_get_flavor_name(flavor);
1549
1550 if (!smartlist_len(votes)) {
1551 log_warn(LD_DIR, "Can't compute a consensus from no votes.");
1552 return NULL;
1553 }
1554 flags = smartlist_new();
1555
1556 consensus_method = compute_consensus_method(votes);
1557 if (consensus_method_is_supported(consensus_method)) {
1558 log_info(LD_DIR, "Generating consensus using method %d.",
1559 consensus_method);
1560 } else {
1561 log_warn(LD_DIR, "The other authorities will use consensus method %d, "
1562 "which I don't support. Maybe I should upgrade!",
1563 consensus_method);
1564 consensus_method = MAX_SUPPORTED_CONSENSUS_METHOD;
1565 }
1566
1567 {
1568 /* It's smarter to initialize these weights to 1, so that later on,
1569 * we can't accidentally divide by zero. */
1570 G = M = E = D = 1;
1571 T = 4;
1572 }
1573
1574 /* Compute medians of time-related things, and figure out how many
1575 * routers we might need to talk about. */
1576 {
1577 int n_votes = smartlist_len(votes);
1578 time_t *va_times = tor_calloc(n_votes, sizeof(time_t));
1579 time_t *fu_times = tor_calloc(n_votes, sizeof(time_t));
1580 time_t *vu_times = tor_calloc(n_votes, sizeof(time_t));
1581 int *votesec_list = tor_calloc(n_votes, sizeof(int));
1582 int *distsec_list = tor_calloc(n_votes, sizeof(int));
1583 int n_versioning_clients = 0, n_versioning_servers = 0;
1584 smartlist_t *combined_client_versions = smartlist_new();
1585 smartlist_t *combined_server_versions = smartlist_new();
1586
1587 SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
1588 tor_assert(v->type == NS_TYPE_VOTE);
1589 va_times[v_sl_idx] = v->valid_after;
1590 fu_times[v_sl_idx] = v->fresh_until;
1591 vu_times[v_sl_idx] = v->valid_until;
1592 votesec_list[v_sl_idx] = v->vote_seconds;
1593 distsec_list[v_sl_idx] = v->dist_seconds;
1594 if (v->client_versions) {
1595 smartlist_t *cv = smartlist_new();
1596 ++n_versioning_clients;
1597 smartlist_split_string(cv, v->client_versions, ",",
1598 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1599 sort_version_list(cv, 1);
1600 smartlist_add_all(combined_client_versions, cv);
1601 smartlist_free(cv); /* elements get freed later. */
1602 }
1603 if (v->server_versions) {
1604 smartlist_t *sv = smartlist_new();
1605 ++n_versioning_servers;
1606 smartlist_split_string(sv, v->server_versions, ",",
1607 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1608 sort_version_list(sv, 1);
1609 smartlist_add_all(combined_server_versions, sv);
1610 smartlist_free(sv); /* elements get freed later. */
1611 }
1612 SMARTLIST_FOREACH(v->known_flags, const char *, cp,
1613 smartlist_add_strdup(flags, cp));
1614 } SMARTLIST_FOREACH_END(v);
1615 valid_after = median_time(va_times, n_votes);
1616 fresh_until = median_time(fu_times, n_votes);
1617 valid_until = median_time(vu_times, n_votes);
1618 vote_seconds = median_int(votesec_list, n_votes);
1619 dist_seconds = median_int(distsec_list, n_votes);
1620
1621 tor_assert(valid_after +
1622 (get_options()->TestingTorNetwork ?
1623 MIN_VOTE_INTERVAL_TESTING : MIN_VOTE_INTERVAL) <= fresh_until);
1624 tor_assert(fresh_until +
1625 (get_options()->TestingTorNetwork ?
1626 MIN_VOTE_INTERVAL_TESTING : MIN_VOTE_INTERVAL) <= valid_until);
1627 tor_assert(vote_seconds >= MIN_VOTE_SECONDS);
1628 tor_assert(dist_seconds >= MIN_DIST_SECONDS);
1629
1630 server_versions = compute_consensus_versions_list(combined_server_versions,
1631 n_versioning_servers);
1632 client_versions = compute_consensus_versions_list(combined_client_versions,
1633 n_versioning_clients);
1634 packages = compute_consensus_package_lines(votes);
1635
1636 SMARTLIST_FOREACH(combined_server_versions, char *, cp, tor_free(cp));
1637 SMARTLIST_FOREACH(combined_client_versions, char *, cp, tor_free(cp));
1638 smartlist_free(combined_server_versions);
1639 smartlist_free(combined_client_versions);
1640
1641 smartlist_add_strdup(flags, "NoEdConsensus");
1642
1643 smartlist_sort_strings(flags);
1644 smartlist_uniq_strings(flags);
1645
1646 tor_free(va_times);
1647 tor_free(fu_times);
1648 tor_free(vu_times);
1649 tor_free(votesec_list);
1650 tor_free(distsec_list);
1651 }
1652 // True if anybody is voting on the BadExit flag.
1653 const bool badexit_flag_is_listed =
1654 smartlist_contains_string(flags, "BadExit");
1655
1656 chunks = smartlist_new();
1657
1658 {
1659 char va_buf[ISO_TIME_LEN+1], fu_buf[ISO_TIME_LEN+1],
1660 vu_buf[ISO_TIME_LEN+1];
1661 char *flaglist;
1662 format_iso_time(va_buf, valid_after);
1663 format_iso_time(fu_buf, fresh_until);
1664 format_iso_time(vu_buf, valid_until);
1665 flaglist = smartlist_join_strings(flags, " ", 0, NULL);
1666
1667 smartlist_add_asprintf(chunks, "network-status-version 3%s%s\n"
1668 "vote-status consensus\n",
1669 flavor == FLAV_NS ? "" : " ",
1670 flavor == FLAV_NS ? "" : flavor_name);
1671
1672 smartlist_add_asprintf(chunks, "consensus-method %d\n",
1673 consensus_method);
1674
1675 smartlist_add_asprintf(chunks,
1676 "valid-after %s\n"
1677 "fresh-until %s\n"
1678 "valid-until %s\n"
1679 "voting-delay %d %d\n"
1680 "client-versions %s\n"
1681 "server-versions %s\n"
1682 "%s" /* packages */
1683 "known-flags %s\n",
1684 va_buf, fu_buf, vu_buf,
1685 vote_seconds, dist_seconds,
1686 client_versions, server_versions,
1687 packages,
1688 flaglist);
1689
1690 tor_free(flaglist);
1691 }
1692
1693 {
1694 int num_dirauth = get_n_authorities(V3_DIRINFO);
1695 int idx;
1696 for (idx = 0; idx < 4; ++idx) {
1697 char *proto_line = compute_nth_protocol_set(idx, num_dirauth, votes);
1698 if (BUG(!proto_line))
1699 continue;
1700 smartlist_add(chunks, proto_line);
1701 }
1702 }
1703
1704 param_list = dirvote_compute_params(votes, consensus_method,
1705 total_authorities);
1706 if (smartlist_len(param_list)) {
1707 params = smartlist_join_strings(param_list, " ", 0, NULL);
1708 smartlist_add_strdup(chunks, "params ");
1709 smartlist_add(chunks, params);
1710 smartlist_add_strdup(chunks, "\n");
1711 }
1712
1713 {
1714 int num_dirauth = get_n_authorities(V3_DIRINFO);
1715 /* Default value of this is 2/3 of the total number of authorities. For
1716 * instance, if we have 9 dirauth, the default value is 6. The following
1717 * calculation will round it down. */
1718 int32_t num_srv_agreements =
1719 dirvote_get_intermediate_param_value(param_list,
1720 "AuthDirNumSRVAgreements",
1721 (num_dirauth * 2) / 3);
1722 /* Add the shared random value. */
1723 char *srv_lines = sr_get_string_for_consensus(votes, num_srv_agreements);
1724 if (srv_lines != NULL) {
1725 smartlist_add(chunks, srv_lines);
1726 }
1727 }
1728
1729 /* Sort the votes. */
1730 smartlist_sort(votes, compare_votes_by_authority_id_);
1731 /* Add the authority sections. */
1732 {
1733 smartlist_t *dir_sources = smartlist_new();
1734 SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
1735 dir_src_ent_t *e = tor_malloc_zero(sizeof(dir_src_ent_t));
1736 e->v = v;
1737 e->digest = get_voter(v)->identity_digest;
1738 e->is_legacy = 0;
1739 smartlist_add(dir_sources, e);
1740 if (!tor_digest_is_zero(get_voter(v)->legacy_id_digest)) {
1741 dir_src_ent_t *e_legacy = tor_malloc_zero(sizeof(dir_src_ent_t));
1742 e_legacy->v = v;
1743 e_legacy->digest = get_voter(v)->legacy_id_digest;
1744 e_legacy->is_legacy = 1;
1745 smartlist_add(dir_sources, e_legacy);
1746 }
1747 } SMARTLIST_FOREACH_END(v);
1748 smartlist_sort(dir_sources, compare_dir_src_ents_by_authority_id_);
1749
1750 SMARTLIST_FOREACH_BEGIN(dir_sources, const dir_src_ent_t *, e) {
1751 char fingerprint[HEX_DIGEST_LEN+1];
1752 char votedigest[HEX_DIGEST_LEN+1];
1753 networkstatus_t *v = e->v;
1754 networkstatus_voter_info_t *voter = get_voter(v);
1755
1756 base16_encode(fingerprint, sizeof(fingerprint), e->digest, DIGEST_LEN);
1757 base16_encode(votedigest, sizeof(votedigest), voter->vote_digest,
1758 DIGEST_LEN);
1759
1760 smartlist_add_asprintf(chunks,
1761 "dir-source %s%s %s %s %s %d %d\n",
1762 voter->nickname, e->is_legacy ? "-legacy" : "",
1763 fingerprint, voter->address, fmt_addr(&voter->ipv4_addr),
1764 voter->ipv4_dirport,
1765 voter->ipv4_orport);
1766 if (! e->is_legacy) {
1767 smartlist_add_asprintf(chunks,
1768 "contact %s\n"
1769 "vote-digest %s\n",
1770 voter->contact,
1771 votedigest);
1772 }
1773 } SMARTLIST_FOREACH_END(e);
1774 SMARTLIST_FOREACH(dir_sources, dir_src_ent_t *, e, tor_free(e));
1775 smartlist_free(dir_sources);
1776 }
1777
1778 {
1779 if (consensus_method < MIN_METHOD_FOR_CORRECT_BWWEIGHTSCALE) {
1780 max_unmeasured_bw_kb = (int32_t) extract_param_buggy(
1781 params, "maxunmeasuredbw", DEFAULT_MAX_UNMEASURED_BW_KB);
1782 } else {
1783 max_unmeasured_bw_kb = dirvote_get_intermediate_param_value(
1784 param_list, "maxunmeasurdbw", DEFAULT_MAX_UNMEASURED_BW_KB);
1785 if (max_unmeasured_bw_kb < 1)
1786 max_unmeasured_bw_kb = 1;
1787 }
1788 }
1789
1790 /* Add the actual router entries. */
1791 {
1792 int *size; /* size[j] is the number of routerstatuses in votes[j]. */
1793 int *flag_counts; /* The number of voters that list flag[j] for the
1794 * currently considered router. */
1795 int i;
1796 smartlist_t *matching_descs = smartlist_new();
1797 smartlist_t *chosen_flags = smartlist_new();
1798 smartlist_t *versions = smartlist_new();
1799 smartlist_t *protocols = smartlist_new();
1800 smartlist_t *exitsummaries = smartlist_new();
1801 uint32_t *bandwidths_kb = tor_calloc(smartlist_len(votes),
1802 sizeof(uint32_t));
1803 uint32_t *measured_bws_kb = tor_calloc(smartlist_len(votes),
1804 sizeof(uint32_t));
1805 uint32_t *measured_guardfraction = tor_calloc(smartlist_len(votes),
1806 sizeof(uint32_t));
1807 int num_bandwidths;
1808 int num_mbws;
1809 int num_guardfraction_inputs;
1810
1811 int *n_voter_flags; /* n_voter_flags[j] is the number of flags that
1812 * votes[j] knows about. */
1813 int *n_flag_voters; /* n_flag_voters[f] is the number of votes that care
1814 * about flags[f]. */
1815 int **flag_map; /* flag_map[j][b] is an index f such that flag_map[f]
1816 * is the same flag as votes[j]->known_flags[b]. */
1817 int *named_flag; /* Index of the flag "Named" for votes[j] */
1818 int *unnamed_flag; /* Index of the flag "Unnamed" for votes[j] */
1819 int n_authorities_measuring_bandwidth;
1820
1821 strmap_t *name_to_id_map = strmap_new();
1822 char conflict[DIGEST_LEN];
1823 char unknown[DIGEST_LEN];
1824 memset(conflict, 0, sizeof(conflict));
1825 memset(unknown, 0xff, sizeof(conflict));
1826
1827 size = tor_calloc(smartlist_len(votes), sizeof(int));
1828 n_voter_flags = tor_calloc(smartlist_len(votes), sizeof(int));
1829 n_flag_voters = tor_calloc(smartlist_len(flags), sizeof(int));
1830 flag_map = tor_calloc(smartlist_len(votes), sizeof(int *));
1831 named_flag = tor_calloc(smartlist_len(votes), sizeof(int));
1832 unnamed_flag = tor_calloc(smartlist_len(votes), sizeof(int));
1833 for (i = 0; i < smartlist_len(votes); ++i)
1834 unnamed_flag[i] = named_flag[i] = -1;
1835
1836 /* Build the flag indexes. Note that no vote can have more than 64 members
1837 * for known_flags, so no value will be greater than 63, so it's safe to
1838 * do UINT64_C(1) << index on these values. But note also that
1839 * named_flag and unnamed_flag are initialized to -1, so we need to check
1840 * that they're actually set before doing UINT64_C(1) << index with
1841 * them.*/
1842 SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
1843 flag_map[v_sl_idx] = tor_calloc(smartlist_len(v->known_flags),
1844 sizeof(int));
1845 if (smartlist_len(v->known_flags) > MAX_KNOWN_FLAGS_IN_VOTE) {
1846 log_warn(LD_BUG, "Somehow, a vote has %d entries in known_flags",
1847 smartlist_len(v->known_flags));
1848 }
1849 SMARTLIST_FOREACH_BEGIN(v->known_flags, const char *, fl) {
1850 int p = smartlist_string_pos(flags, fl);
1851 tor_assert(p >= 0);
1852 flag_map[v_sl_idx][fl_sl_idx] = p;
1853 ++n_flag_voters[p];
1854 if (!strcmp(fl, "Named"))
1855 named_flag[v_sl_idx] = fl_sl_idx;
1856 if (!strcmp(fl, "Unnamed"))
1857 unnamed_flag[v_sl_idx] = fl_sl_idx;
1858 } SMARTLIST_FOREACH_END(fl);
1859 n_voter_flags[v_sl_idx] = smartlist_len(v->known_flags);
1860 size[v_sl_idx] = smartlist_len(v->routerstatus_list);
1861 } SMARTLIST_FOREACH_END(v);
1862
1863 /* Named and Unnamed get treated specially */
1864 {
1865 SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
1866 uint64_t nf;
1867 if (named_flag[v_sl_idx]<0)
1868 continue;
1869 nf = UINT64_C(1) << named_flag[v_sl_idx];
1870 SMARTLIST_FOREACH_BEGIN(v->routerstatus_list,
1871 vote_routerstatus_t *, rs) {
1872
1873 if ((rs->flags & nf) != 0) {
1874 const char *d = strmap_get_lc(name_to_id_map, rs->status.nickname);
1875 if (!d) {
1876 /* We have no name officially mapped to this digest. */
1877 strmap_set_lc(name_to_id_map, rs->status.nickname,
1878 rs->status.identity_digest);
1879 } else if (d != conflict &&
1880 fast_memcmp(d, rs->status.identity_digest, DIGEST_LEN)) {
1881 /* Authorities disagree about this nickname. */
1882 strmap_set_lc(name_to_id_map, rs->status.nickname, conflict);
1883 } else {
1884 /* It's already a conflict, or it's already this ID. */
1885 }
1886 }
1887 } SMARTLIST_FOREACH_END(rs);
1888 } SMARTLIST_FOREACH_END(v);
1889
1890 SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
1891 uint64_t uf;
1892 if (unnamed_flag[v_sl_idx]<0)
1893 continue;
1894 uf = UINT64_C(1) << unnamed_flag[v_sl_idx];
1895 SMARTLIST_FOREACH_BEGIN(v->routerstatus_list,
1896 vote_routerstatus_t *, rs) {
1897 if ((rs->flags & uf) != 0) {
1898 const char *d = strmap_get_lc(name_to_id_map, rs->status.nickname);
1899 if (d == conflict || d == unknown) {
1900 /* Leave it alone; we know what it is. */
1901 } else if (!d) {
1902 /* We have no name officially mapped to this digest. */
1903 strmap_set_lc(name_to_id_map, rs->status.nickname, unknown);
1904 } else if (fast_memeq(d, rs->status.identity_digest, DIGEST_LEN)) {
1905 /* Authorities disagree about this nickname. */
1906 strmap_set_lc(name_to_id_map, rs->status.nickname, conflict);
1907 } else {
1908 /* It's mapped to a different name. */
1909 }
1910 }
1911 } SMARTLIST_FOREACH_END(rs);
1912 } SMARTLIST_FOREACH_END(v);
1913 }
1914
1915 /* We need to know how many votes measure bandwidth. */
1916 n_authorities_measuring_bandwidth = 0;
1917 SMARTLIST_FOREACH(votes, const networkstatus_t *, v,
1918 if (v->has_measured_bws) {
1919 ++n_authorities_measuring_bandwidth;
1920 }
1921 );
1922
1923 /* Populate the collator */
1924 collator = dircollator_new(smartlist_len(votes), total_authorities);
1925 SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
1926 dircollator_add_vote(collator, v);
1927 } SMARTLIST_FOREACH_END(v);
1928
1929 dircollator_collate(collator, consensus_method);
1930
1931 /* Now go through all the votes */
1932 flag_counts = tor_calloc(smartlist_len(flags), sizeof(int));
1933 const int num_routers = dircollator_n_routers(collator);
1934 for (i = 0; i < num_routers; ++i) {
1935 vote_routerstatus_t **vrs_lst =
1936 dircollator_get_votes_for_router(collator, i);
1937
1938 vote_routerstatus_t *rs;
1939 routerstatus_t rs_out;
1940 const char *current_rsa_id = NULL;
1941 const char *chosen_version;
1942 const char *chosen_protocol_list;
1943 const char *chosen_name = NULL;
1944 int exitsummary_disagreement = 0;
1945 int is_named = 0, is_unnamed = 0, is_running = 0, is_valid = 0;
1946 int is_guard = 0, is_exit = 0, is_bad_exit = 0, is_middle_only = 0;
1947 int naming_conflict = 0;
1948 int n_listing = 0;
1949 char microdesc_digest[DIGEST256_LEN];
1950 tor_addr_port_t alt_orport = {TOR_ADDR_NULL, 0};
1951
1952 memset(flag_counts, 0, sizeof(int)*smartlist_len(flags));
1953 smartlist_clear(matching_descs);
1954 smartlist_clear(chosen_flags);
1955 smartlist_clear(versions);
1956 smartlist_clear(protocols);
1957 num_bandwidths = 0;
1958 num_mbws = 0;
1959 num_guardfraction_inputs = 0;
1960 int ed_consensus = 0;
1961 const uint8_t *ed_consensus_val = NULL;
1962
1963 /* Okay, go through all the entries for this digest. */
1964 for (int voter_idx = 0; voter_idx < smartlist_len(votes); ++voter_idx) {
1965 if (vrs_lst[voter_idx] == NULL)
1966 continue; /* This voter had nothing to say about this entry. */
1967 rs = vrs_lst[voter_idx];
1968 ++n_listing;
1969
1970 current_rsa_id = rs->status.identity_digest;
1971
1972 smartlist_add(matching_descs, rs);
1973 if (rs->version && rs->version[0])
1974 smartlist_add(versions, rs->version);
1975
1976 if (rs->protocols) {
1977 /* We include this one even if it's empty: voting for an
1978 * empty protocol list actually is meaningful. */
1979 smartlist_add(protocols, rs->protocols);
1980 }
1981
1982 /* Tally up all the flags. */
1983 for (int flag = 0; flag < n_voter_flags[voter_idx]; ++flag) {
1984 if (rs->flags & (UINT64_C(1) << flag))
1985 ++flag_counts[flag_map[voter_idx][flag]];
1986 }
1987 if (named_flag[voter_idx] >= 0 &&
1988 (rs->flags & (UINT64_C(1) << named_flag[voter_idx]))) {
1989 if (chosen_name && strcmp(chosen_name, rs->status.nickname)) {
1990 log_notice(LD_DIR, "Conflict on naming for router: %s vs %s",
1991 chosen_name, rs->status.nickname);
1992 naming_conflict = 1;
1993 }
1994 chosen_name = rs->status.nickname;
1995 }
1996
1997 /* Count guardfraction votes and note down the values. */
1998 if (rs->status.has_guardfraction) {
1999 measured_guardfraction[num_guardfraction_inputs++] =
2000 rs->status.guardfraction_percentage;
2001 }
2002
2003 /* count bandwidths */
2004 if (rs->has_measured_bw)
2005 measured_bws_kb[num_mbws++] = rs->measured_bw_kb;
2006
2007 if (rs->status.has_bandwidth)
2008 bandwidths_kb[num_bandwidths++] = rs->status.bandwidth_kb;
2009
2010 /* Count number for which ed25519 is canonical. */
2011 if (rs->ed25519_reflects_consensus) {
2012 ++ed_consensus;
2013 if (ed_consensus_val) {
2014 tor_assert(fast_memeq(ed_consensus_val, rs->ed25519_id,
2015 ED25519_PUBKEY_LEN));
2016 } else {
2017 ed_consensus_val = rs->ed25519_id;
2018 }
2019 }
2020 }
2021
2022 /* We don't include this router at all unless more than half of
2023 * the authorities we believe in list it. */
2024 if (n_listing <= total_authorities/2)
2025 continue;
2026
2027 if (ed_consensus > 0) {
2028 if (ed_consensus <= total_authorities / 2) {
2029 log_warn(LD_BUG, "Not enough entries had ed_consensus set; how "
2030 "can we have a consensus of %d?", ed_consensus);
2031 }
2032 }
2033
2034 /* The clangalyzer can't figure out that this will never be NULL
2035 * if n_listing is at least 1 */
2036 tor_assert(current_rsa_id);
2037
2038 /* Figure out the most popular opinion of what the most recent
2039 * routerinfo and its contents are. */
2040 memset(microdesc_digest, 0, sizeof(microdesc_digest));
2041 rs = compute_routerstatus_consensus(matching_descs, consensus_method,
2042 microdesc_digest, &alt_orport);
2043 /* Copy bits of that into rs_out. */
2044 memset(&rs_out, 0, sizeof(rs_out));
2045 tor_assert(fast_memeq(current_rsa_id,
2046 rs->status.identity_digest,DIGEST_LEN));
2047 memcpy(rs_out.identity_digest, current_rsa_id, DIGEST_LEN);
2048 memcpy(rs_out.descriptor_digest, rs->status.descriptor_digest,
2049 DIGEST_LEN);
2050 tor_addr_copy(&rs_out.ipv4_addr, &rs->status.ipv4_addr);
2051 rs_out.ipv4_dirport = rs->status.ipv4_dirport;
2052 rs_out.ipv4_orport = rs->status.ipv4_orport;
2053 tor_addr_copy(&rs_out.ipv6_addr, &alt_orport.addr);
2054 rs_out.ipv6_orport = alt_orport.port;
2055 rs_out.has_bandwidth = 0;
2056 rs_out.has_exitsummary = 0;
2057
2058 time_t published_on = rs->published_on;
2059
2060 /* Starting with this consensus method, we no longer include a
2061 meaningful published_on time for microdescriptor consensuses. This
2062 makes their diffs smaller and more compressible.
2063
2064 We need to keep including a meaningful published_on time for NS
2065 consensuses, however, until 035 relays are all obsolete. (They use
2066 it for a purpose similar to the current StaleDesc flag.)
2067 */
2068 if (consensus_method >= MIN_METHOD_TO_SUPPRESS_MD_PUBLISHED &&
2069 flavor == FLAV_MICRODESC) {
2070 published_on = -1;
2071 }
2072
2073 if (chosen_name && !naming_conflict) {
2074 strlcpy(rs_out.nickname, chosen_name, sizeof(rs_out.nickname));
2075 } else {
2076 strlcpy(rs_out.nickname, rs->status.nickname, sizeof(rs_out.nickname));
2077 }
2078
2079 {
2080 const char *d = strmap_get_lc(name_to_id_map, rs_out.nickname);
2081 if (!d) {
2082 is_named = is_unnamed = 0;
2083 } else if (fast_memeq(d, current_rsa_id, DIGEST_LEN)) {
2084 is_named = 1; is_unnamed = 0;
2085 } else {
2086 is_named = 0; is_unnamed = 1;
2087 }
2088 }
2089
2090 /* Set the flags. */
2091 SMARTLIST_FOREACH_BEGIN(flags, const char *, fl) {
2092 if (!strcmp(fl, "Named")) {
2093 if (is_named)
2094 smartlist_add(chosen_flags, (char*)fl);
2095 } else if (!strcmp(fl, "Unnamed")) {
2096 if (is_unnamed)
2097 smartlist_add(chosen_flags, (char*)fl);
2098 } else if (!strcmp(fl, "NoEdConsensus")) {
2099 if (ed_consensus <= total_authorities/2)
2100 smartlist_add(chosen_flags, (char*)fl);
2101 } else {
2102 if (flag_counts[fl_sl_idx] > n_flag_voters[fl_sl_idx]/2) {
2103 smartlist_add(chosen_flags, (char*)fl);
2104 if (!strcmp(fl, "Exit"))
2105 is_exit = 1;
2106 else if (!strcmp(fl, "Guard"))
2107 is_guard = 1;
2108 else if (!strcmp(fl, "Running"))
2109 is_running = 1;
2110 else if (!strcmp(fl, "BadExit"))
2111 is_bad_exit = 1;
2112 else if (!strcmp(fl, "MiddleOnly"))
2113 is_middle_only = 1;
2114 else if (!strcmp(fl, "Valid"))
2115 is_valid = 1;
2116 }
2117 }
2118 } SMARTLIST_FOREACH_END(fl);
2119
2120 /* Starting with consensus method 4 we do not list servers
2121 * that are not running in a consensus. See Proposal 138 */
2122 if (!is_running)
2123 continue;
2124
2125 /* Starting with consensus method 24, we don't list servers
2126 * that are not valid in a consensus. See Proposal 272 */
2127 if (!is_valid)
2128 continue;
2129
2130 /* Starting with consensus method 32, we handle the middle-only
2131 * flag specially: when it is present, we clear some flags, and
2132 * set others. */
2133 if (is_middle_only && consensus_method >= MIN_METHOD_FOR_MIDDLEONLY) {
2134 remove_flag(chosen_flags, "Exit");
2135 remove_flag(chosen_flags, "V2Dir");
2136 remove_flag(chosen_flags, "Guard");
2137 remove_flag(chosen_flags, "HSDir");
2138 is_exit = is_guard = 0;
2139 if (! is_bad_exit && badexit_flag_is_listed) {
2140 is_bad_exit = 1;
2141 smartlist_add(chosen_flags, (char *)"BadExit");
2142 smartlist_sort_strings(chosen_flags); // restore order.
2143 }
2144 }
2145
2146 /* Pick the version. */
2147 if (smartlist_len(versions)) {
2148 sort_version_list(versions, 0);
2149 chosen_version = get_most_frequent_member(versions);
2150 } else {
2151 chosen_version = NULL;
2152 }
2153
2154 /* Pick the protocol list */
2155 if (smartlist_len(protocols)) {
2156 smartlist_sort_strings(protocols);
2157 chosen_protocol_list = get_most_frequent_member(protocols);
2158 } else {
2159 chosen_protocol_list = NULL;
2160 }
2161
2162 /* If it's a guard and we have enough guardfraction votes,
2163 calculate its consensus guardfraction value. */
2164 if (is_guard && num_guardfraction_inputs > 2) {
2165 rs_out.has_guardfraction = 1;
2166 rs_out.guardfraction_percentage = median_uint32(measured_guardfraction,
2167 num_guardfraction_inputs);
2168 /* final value should be an integer percentage! */
2169 tor_assert(rs_out.guardfraction_percentage <= 100);
2170 }
2171
2172 /* Pick a bandwidth */
2173 if (num_mbws > 2) {
2174 rs_out.has_bandwidth = 1;
2175 rs_out.bw_is_unmeasured = 0;
2176 rs_out.bandwidth_kb = median_uint32(measured_bws_kb, num_mbws);
2177 } else if (num_bandwidths > 0) {
2178 rs_out.has_bandwidth = 1;
2179 rs_out.bw_is_unmeasured = 1;
2180 rs_out.bandwidth_kb = median_uint32(bandwidths_kb, num_bandwidths);
2181 if (n_authorities_measuring_bandwidth > 2) {
2182 /* Cap non-measured bandwidths. */
2183 if (rs_out.bandwidth_kb > max_unmeasured_bw_kb) {
2184 rs_out.bandwidth_kb = max_unmeasured_bw_kb;
2185 }
2186 }
2187 }
2188
2189 /* Fix bug 2203: Do not count BadExit nodes as Exits for bw weights */
2190 is_exit = is_exit && !is_bad_exit;
2191
2192 /* Update total bandwidth weights with the bandwidths of this router. */
2193 {
2194 update_total_bandwidth_weights(&rs_out,
2195 is_exit, is_guard,
2196 &G, &M, &E, &D, &T);
2197 }
2198
2199 /* Ok, we already picked a descriptor digest we want to list
2200 * previously. Now we want to use the exit policy summary from
2201 * that descriptor. If everybody plays nice all the voters who
2202 * listed that descriptor will have the same summary. If not then
2203 * something is fishy and we'll use the most common one (breaking
2204 * ties in favor of lexicographically larger one (only because it
2205 * lets me reuse more existing code)).
2206 *
2207 * The other case that can happen is that no authority that voted
2208 * for that descriptor has an exit policy summary. That's
2209 * probably quite unlikely but can happen. In that case we use
2210 * the policy that was most often listed in votes, again breaking
2211 * ties like in the previous case.
2212 */
2213 {
2214 /* Okay, go through all the votes for this router. We prepared
2215 * that list previously */
2216 const char *chosen_exitsummary = NULL;
2217 smartlist_clear(exitsummaries);
2218 SMARTLIST_FOREACH_BEGIN(matching_descs, vote_routerstatus_t *, vsr) {
2219 /* Check if the vote where this status comes from had the
2220 * proper descriptor */
2221 tor_assert(fast_memeq(rs_out.identity_digest,
2222 vsr->status.identity_digest,
2223 DIGEST_LEN));
2224 if (vsr->status.has_exitsummary &&
2225 fast_memeq(rs_out.descriptor_digest,
2226 vsr->status.descriptor_digest,
2227 DIGEST_LEN)) {
2228 tor_assert(vsr->status.exitsummary);
2229 smartlist_add(exitsummaries, vsr->status.exitsummary);
2230 if (!chosen_exitsummary) {
2231 chosen_exitsummary = vsr->status.exitsummary;
2232 } else if (strcmp(chosen_exitsummary, vsr->status.exitsummary)) {
2233 /* Great. There's disagreement among the voters. That
2234 * really shouldn't be */
2235 exitsummary_disagreement = 1;
2236 }
2237 }
2238 } SMARTLIST_FOREACH_END(vsr);
2239
2240 if (exitsummary_disagreement) {
2241 char id[HEX_DIGEST_LEN+1];
2242 char dd[HEX_DIGEST_LEN+1];
2243 base16_encode(id, sizeof(dd), rs_out.identity_digest, DIGEST_LEN);
2244 base16_encode(dd, sizeof(dd), rs_out.descriptor_digest, DIGEST_LEN);
2245 log_warn(LD_DIR, "The voters disagreed on the exit policy summary "
2246 " for router %s with descriptor %s. This really shouldn't"
2247 " have happened.", id, dd);
2248
2249 smartlist_sort_strings(exitsummaries);
2250 chosen_exitsummary = get_most_frequent_member(exitsummaries);
2251 } else if (!chosen_exitsummary) {
2252 char id[HEX_DIGEST_LEN+1];
2253 char dd[HEX_DIGEST_LEN+1];
2254 base16_encode(id, sizeof(dd), rs_out.identity_digest, DIGEST_LEN);
2255 base16_encode(dd, sizeof(dd), rs_out.descriptor_digest, DIGEST_LEN);
2256 log_warn(LD_DIR, "Not one of the voters that made us select"
2257 "descriptor %s for router %s had an exit policy"
2258 "summary", dd, id);
2259
2260 /* Ok, none of those voting for the digest we chose had an
2261 * exit policy for us. Well, that kinda sucks.
2262 */
2263 smartlist_clear(exitsummaries);
2264 SMARTLIST_FOREACH(matching_descs, vote_routerstatus_t *, vsr, {
2265 if (vsr->status.has_exitsummary)
2266 smartlist_add(exitsummaries, vsr->status.exitsummary);
2267 });
2268 smartlist_sort_strings(exitsummaries);
2269 chosen_exitsummary = get_most_frequent_member(exitsummaries);
2270
2271 if (!chosen_exitsummary)
2272 log_warn(LD_DIR, "Wow, not one of the voters had an exit "
2273 "policy summary for %s. Wow.", id);
2274 }
2275
2276 if (chosen_exitsummary) {
2277 rs_out.has_exitsummary = 1;
2278 /* yea, discards the const */
2279 rs_out.exitsummary = (char *)chosen_exitsummary;
2280 }
2281 }
2282
2283 if (flavor == FLAV_MICRODESC &&
2284 tor_digest256_is_zero(microdesc_digest)) {
2285 /* With no microdescriptor digest, we omit the entry entirely. */
2286 continue;
2287 }
2288
2289 {
2290 char *buf;
2291 /* Okay!! Now we can write the descriptor... */
2292 /* First line goes into "buf". */
2293 buf = routerstatus_format_entry(&rs_out, NULL, NULL,
2294 rs_format, NULL, published_on);
2295 if (buf)
2296 smartlist_add(chunks, buf);
2297 }
2298 /* Now an m line, if applicable. */
2299 if (flavor == FLAV_MICRODESC &&
2300 !tor_digest256_is_zero(microdesc_digest)) {
2301 char m[BASE64_DIGEST256_LEN+1];
2302 digest256_to_base64(m, microdesc_digest);
2303 smartlist_add_asprintf(chunks, "m %s\n", m);
2304 }
2305 /* Next line is all flags. The "\n" is missing. */
2306 smartlist_add_asprintf(chunks, "s%s",
2307 smartlist_len(chosen_flags)?" ":"");
2308 smartlist_add(chunks,
2309 smartlist_join_strings(chosen_flags, " ", 0, NULL));
2310 /* Now the version line. */
2311 if (chosen_version) {
2312 smartlist_add_strdup(chunks, "\nv ");
2313 smartlist_add_strdup(chunks, chosen_version);
2314 }
2315 smartlist_add_strdup(chunks, "\n");
2316 if (chosen_protocol_list) {
2317 smartlist_add_asprintf(chunks, "pr %s\n", chosen_protocol_list);
2318 }
2319 /* Now the weight line. */
2320 if (rs_out.has_bandwidth) {
2321 char *guardfraction_str = NULL;
2322 int unmeasured = rs_out.bw_is_unmeasured;
2323
2324 /* If we have guardfraction info, include it in the 'w' line. */
2325 if (rs_out.has_guardfraction) {
2326 tor_asprintf(&guardfraction_str,
2327 " GuardFraction=%u", rs_out.guardfraction_percentage);
2328 }
2329 smartlist_add_asprintf(chunks, "w Bandwidth=%d%s%s\n",
2330 rs_out.bandwidth_kb,
2331 unmeasured?" Unmeasured=1":"",
2332 guardfraction_str ? guardfraction_str : "");
2333
2334 tor_free(guardfraction_str);
2335 }
2336
2337 /* Now the exitpolicy summary line. */
2338 if (rs_out.has_exitsummary && flavor == FLAV_NS) {
2339 smartlist_add_asprintf(chunks, "p %s\n", rs_out.exitsummary);
2340 }
2341
2342 /* And the loop is over and we move on to the next router */
2343 }
2344
2345 tor_free(size);
2346 tor_free(n_voter_flags);
2347 tor_free(n_flag_voters);
2348 for (i = 0; i < smartlist_len(votes); ++i)
2349 tor_free(flag_map[i]);
2350 tor_free(flag_map);
2351 tor_free(flag_counts);
2352 tor_free(named_flag);
2353 tor_free(unnamed_flag);
2354 strmap_free(name_to_id_map, NULL);
2355 smartlist_free(matching_descs);
2356 smartlist_free(chosen_flags);
2357 smartlist_free(versions);
2358 smartlist_free(protocols);
2359 smartlist_free(exitsummaries);
2360 tor_free(bandwidths_kb);
2361 tor_free(measured_bws_kb);
2362 tor_free(measured_guardfraction);
2363 }
2364
2365 /* Mark the directory footer region */
2366 smartlist_add_strdup(chunks, "directory-footer\n");
2367
2368 {
2369 int64_t weight_scale;
2370 if (consensus_method < MIN_METHOD_FOR_CORRECT_BWWEIGHTSCALE) {
2371 weight_scale = extract_param_buggy(params, "bwweightscale",
2372 BW_WEIGHT_SCALE);
2373 } else {
2374 weight_scale = dirvote_get_intermediate_param_value(
2375 param_list, "bwweightscale", BW_WEIGHT_SCALE);
2376 if (weight_scale < 1)
2377 weight_scale = 1;
2378 }
2379 added_weights = networkstatus_compute_bw_weights_v10(chunks, G, M, E, D,
2380 T, weight_scale);
2381 }
2382
2383 /* Add a signature. */
2384 {
2385 char digest[DIGEST256_LEN];
2386 char fingerprint[HEX_DIGEST_LEN+1];
2387 char signing_key_fingerprint[HEX_DIGEST_LEN+1];
2388 digest_algorithm_t digest_alg =
2389 flavor == FLAV_NS ? DIGEST_SHA1 : DIGEST_SHA256;
2390 size_t digest_len =
2391 flavor == FLAV_NS ? DIGEST_LEN : DIGEST256_LEN;
2392 const char *algname = crypto_digest_algorithm_get_name(digest_alg);
2393 char *signature;
2394
2395 smartlist_add_strdup(chunks, "directory-signature ");
2396
2397 /* Compute the hash of the chunks. */
2398 crypto_digest_smartlist(digest, digest_len, chunks, "", digest_alg);
2399
2400 /* Get the fingerprints */
2401 crypto_pk_get_fingerprint(identity_key, fingerprint, 0);
2402 crypto_pk_get_fingerprint(signing_key, signing_key_fingerprint, 0);
2403
2404 /* add the junk that will go at the end of the line. */
2405 if (flavor == FLAV_NS) {
2406 smartlist_add_asprintf(chunks, "%s %s\n", fingerprint,
2407 signing_key_fingerprint);
2408 } else {
2409 smartlist_add_asprintf(chunks, "%s %s %s\n",
2410 algname, fingerprint,
2411 signing_key_fingerprint);
2412 }
2413 /* And the signature. */
2414 if (!(signature = router_get_dirobj_signature(digest, digest_len,
2415 signing_key))) {
2416 log_warn(LD_BUG, "Couldn't sign consensus networkstatus.");
2417 goto done;
2418 }
2419 smartlist_add(chunks, signature);
2420
2421 if (legacy_id_key_digest && legacy_signing_key) {
2422 smartlist_add_strdup(chunks, "directory-signature ");
2423 base16_encode(fingerprint, sizeof(fingerprint),
2424 legacy_id_key_digest, DIGEST_LEN);
2425 crypto_pk_get_fingerprint(legacy_signing_key,
2426 signing_key_fingerprint, 0);
2427 if (flavor == FLAV_NS) {
2428 smartlist_add_asprintf(chunks, "%s %s\n", fingerprint,
2429 signing_key_fingerprint);
2430 } else {
2431 smartlist_add_asprintf(chunks, "%s %s %s\n",
2432 algname, fingerprint,
2433 signing_key_fingerprint);
2434 }
2435
2436 if (!(signature = router_get_dirobj_signature(digest, digest_len,
2437 legacy_signing_key))) {
2438 log_warn(LD_BUG, "Couldn't sign consensus networkstatus.");
2439 goto done;
2440 }
2441 smartlist_add(chunks, signature);
2442 }
2443 }
2444
2445 result = smartlist_join_strings(chunks, "", 0, NULL);
2446
2447 {
2448 networkstatus_t *c;
2449 if (!(c = networkstatus_parse_vote_from_string(result, strlen(result),
2450 NULL,
2451 NS_TYPE_CONSENSUS))) {
2452 log_err(LD_BUG, "Generated a networkstatus consensus we couldn't "
2453 "parse.");
2454 tor_free(result);
2455 goto done;
2456 }
2457 // Verify balancing parameters
2458 if (added_weights) {
2459 networkstatus_verify_bw_weights(c, consensus_method);
2460 }
2461 networkstatus_vote_free(c);
2462 }
2463
2464 done:
2465
2466 dircollator_free(collator);
2467 tor_free(client_versions);
2468 tor_free(server_versions);
2469 tor_free(packages);
2470 SMARTLIST_FOREACH(flags, char *, cp, tor_free(cp));
2471 smartlist_free(flags);
2472 SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
2473 smartlist_free(chunks);
2474 SMARTLIST_FOREACH(param_list, char *, cp, tor_free(cp));
2475 smartlist_free(param_list);
2476
2477 return result;
2478 }
2479
2480 /** Extract the value of a parameter from a string encoding a list of
2481 * parameters, badly.
2482 *
2483 * This is a deliberately buggy implementation, for backward compatibility
2484 * with versions of Tor affected by #19011. Once all authorities have
2485 * upgraded to consensus method 31 or later, then we can throw away this
2486 * function. */
2487 STATIC int64_t
2488 extract_param_buggy(const char *params,
2489 const char *param_name,
2490 int64_t default_value)
2491 {
2492 int64_t value = default_value;
2493 const char *param_str = NULL;
2494
2495 if (params) {
2496 char *prefix1 = NULL, *prefix2=NULL;
2497 tor_asprintf(&prefix1, "%s=", param_name);
2498 tor_asprintf(&prefix2, " %s=", param_name);
2499 if (strcmpstart(params, prefix1) == 0)
2500 param_str = params;
2501 else
2502 param_str = strstr(params, prefix2);
2503 tor_free(prefix1);
2504 tor_free(prefix2);
2505 }
2506
2507 if (param_str) {
2508 int ok=0;
2509 char *eq = strchr(param_str, '=');
2510 if (eq) {
2511 value = tor_parse_long(eq+1, 10, 1, INT32_MAX, &ok, NULL);
2512 if (!ok) {
2513 log_warn(LD_DIR, "Bad element '%s' in %s",
2514 escaped(param_str), param_name);
2515 value = default_value;
2516 }
2517 } else {
2518 log_warn(LD_DIR, "Bad element '%s' in %s",
2519 escaped(param_str), param_name);
2520 value = default_value;
2521 }
2522 }
2523
2524 return value;
2525 }
2526
2527 /** Given a list of networkstatus_t for each vote, return a newly allocated
2528 * string containing the "package" lines for the vote. */
2529 STATIC char *
2530 compute_consensus_package_lines(smartlist_t *votes)
2531 {
2532 const int n_votes = smartlist_len(votes);
2533
2534 /* This will be a map from "packagename version" strings to arrays
2535 * of const char *, with the i'th member of the array corresponding to the
2536 * package line from the i'th vote.
2537 */
2538 strmap_t *package_status = strmap_new();
2539
2540 SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
2541 if (! v->package_lines)
2542 continue;
2543 SMARTLIST_FOREACH_BEGIN(v->package_lines, const char *, line) {
2544 if (! validate_recommended_package_line(line))
2545 continue;
2546
2547 /* Skip 'cp' to the second space in the line. */
2548 const char *cp = strchr(line, ' ');
2549 if (!cp) continue;
2550 ++cp;
2551 cp = strchr(cp, ' ');
2552 if (!cp) continue;
2553
2554 char *key = tor_strndup(line, cp - line);
2555
2556 const char **status = strmap_get(package_status, key);
2557 if (!status) {
2558 status = tor_calloc(n_votes, sizeof(const char *));
2559 strmap_set(package_status, key, status);
2560 }
2561 status[v_sl_idx] = line; /* overwrite old value */
2562 tor_free(key);
2563 } SMARTLIST_FOREACH_END(line);
2564 } SMARTLIST_FOREACH_END(v);
2565
2566 smartlist_t *entries = smartlist_new(); /* temporary */
2567 smartlist_t *result_list = smartlist_new(); /* output */
2568 STRMAP_FOREACH(package_status, key, const char **, values) {
2569 int i, count=-1;
2570 for (i = 0; i < n_votes; ++i) {
2571 if (values[i])
2572 smartlist_add(entries, (void*) values[i]);
2573 }
2574 smartlist_sort_strings(entries);
2575 int n_voting_for_entry = smartlist_len(entries);
2576 const char *most_frequent =
2577 smartlist_get_most_frequent_string_(entries, &count);
2578
2579 if (n_voting_for_entry >= 3 && count > n_voting_for_entry / 2) {
2580 smartlist_add_asprintf(result_list, "package %s\n", most_frequent);
2581 }
2582
2583 smartlist_clear(entries);
2584
2585 } STRMAP_FOREACH_END;
2586
2587 smartlist_sort_strings(result_list);
2588
2589 char *result = smartlist_join_strings(result_list, "", 0, NULL);
2590
2591 SMARTLIST_FOREACH(result_list, char *, cp, tor_free(cp));
2592 smartlist_free(result_list);
2593 smartlist_free(entries);
2594 strmap_free(package_status, tor_free_);
2595
2596 return result;
2597 }
2598
2599 /** Given a consensus vote <b>target</b> and a set of detached signatures in
2600 * <b>sigs</b> that correspond to the same consensus, check whether there are
2601 * any new signatures in <b>src_voter_list</b> that should be added to
2602 * <b>target</b>. (A signature should be added if we have no signature for that
2603 * voter in <b>target</b> yet, or if we have no verifiable signature and the
2604 * new signature is verifiable.)
2605 *
2606 * Return the number of signatures added or changed, or -1 if the document
2607 * signatures are invalid. Sets *<b>msg_out</b> to a string constant
2608 * describing the signature status.
2609 */
2610 STATIC int
2611 networkstatus_add_detached_signatures(networkstatus_t *target,
2612 ns_detached_signatures_t *sigs,
2613 const char *source,
2614 int severity,
2615 const char **msg_out)
2616 {
2617 int r = 0;
2618 const char *flavor;
2619 smartlist_t *siglist;
2620 tor_assert(sigs);
2621 tor_assert(target);
2622 tor_assert(target->type == NS_TYPE_CONSENSUS);
2623
2624 flavor = networkstatus_get_flavor_name(target->flavor);
2625
2626 /* Do the times seem right? */
2627 if (target->valid_after != sigs->valid_after) {
2628 *msg_out = "Valid-After times do not match "
2629 "when adding detached signatures to consensus";
2630 return -1;
2631 }
2632 if (target->fresh_until != sigs->fresh_until) {
2633 *msg_out = "Fresh-until times do not match "
2634 "when adding detached signatures to consensus";
2635 return -1;
2636 }
2637 if (target->valid_until != sigs->valid_until) {
2638 *msg_out = "Valid-until times do not match "
2639 "when adding detached signatures to consensus";
2640 return -1;
2641 }
2642 siglist = strmap_get(sigs->signatures, flavor);
2643 if (!siglist) {
2644 *msg_out = "No signatures for given consensus flavor";
2645 return -1;
2646 }
2647
2648 /** Make sure all the digests we know match, and at least one matches. */
2649 {
2650 common_digests_t *digests = strmap_get(sigs->digests, flavor);
2651 int n_matches = 0;
2652 int alg;
2653 if (!digests) {
2654 *msg_out = "No digests for given consensus flavor";
2655 return -1;
2656 }
2657 for (alg = DIGEST_SHA1; alg < N_COMMON_DIGEST_ALGORITHMS; ++alg) {
2658 if (!fast_mem_is_zero(digests->d[alg], DIGEST256_LEN)) {
2659 if (fast_memeq(target->digests.d[alg], digests->d[alg],
2660 DIGEST256_LEN)) {
2661 ++n_matches;
2662 } else {
2663 *msg_out = "Mismatched digest.";
2664 return -1;
2665 }
2666 }
2667 }
2668 if (!n_matches) {
2669 *msg_out = "No recognized digests for given consensus flavor";
2670 }
2671 }
2672
2673 /* For each voter in src... */
2674 SMARTLIST_FOREACH_BEGIN(siglist, document_signature_t *, sig) {
2675 char voter_identity[HEX_DIGEST_LEN+1];
2676 networkstatus_voter_info_t *target_voter =
2677 networkstatus_get_voter_by_id(target, sig->identity_digest);
2678 authority_cert_t *cert = NULL;
2679 const char *algorithm;
2680 document_signature_t *old_sig = NULL;
2681
2682 algorithm = crypto_digest_algorithm_get_name(sig->alg);
2683
2684 base16_encode(voter_identity, sizeof(voter_identity),
2685 sig->identity_digest, DIGEST_LEN);
2686 log_info(LD_DIR, "Looking at signature from %s using %s", voter_identity,
2687 algorithm);
2688 /* If the target doesn't know about this voter, then forget it. */
2689 if (!target_voter) {
2690 log_info(LD_DIR, "We do not know any voter with ID %s", voter_identity);
2691 continue;
2692 }
2693
2694 old_sig = networkstatus_get_voter_sig_by_alg(target_voter, sig->alg);
2695
2696 /* If the target already has a good signature from this voter, then skip
2697 * this one. */
2698 if (old_sig && old_sig->good_signature) {
2699 log_info(LD_DIR, "We already have a good signature from %s using %s",
2700 voter_identity, algorithm);
2701 continue;
2702 }
2703
2704 /* Try checking the signature if we haven't already. */
2705 if (!sig->good_signature && !sig->bad_signature) {
2706 cert = authority_cert_get_by_digests(sig->identity_digest,
2707 sig->signing_key_digest);
2708 if (cert) {
2709 /* Not checking the return value here, since we are going to look
2710 * at the status of sig->good_signature in a moment. */
2711 (void) networkstatus_check_document_signature(target, sig, cert);
2712 }
2713 }
2714
2715 /* If this signature is good, or we don't have any signature yet,
2716 * then maybe add it. */
2717 if (sig->good_signature || !old_sig || old_sig->bad_signature) {
2718 log_info(LD_DIR, "Adding signature from %s with %s", voter_identity,
2719 algorithm);
2720 tor_log(severity, LD_DIR, "Added a signature for %s from %s.",
2721 target_voter->nickname, source);
2722 ++r;
2723 if (old_sig) {
2724 smartlist_remove(target_voter->sigs, old_sig);
2725 document_signature_free(old_sig);
2726 }
2727 smartlist_add(target_voter->sigs, document_signature_dup(sig));
2728 } else {
2729 log_info(LD_DIR, "Not adding signature from %s", voter_identity);
2730 }
2731 } SMARTLIST_FOREACH_END(sig);
2732
2733 return r;
2734 }
2735
2736 /** Return a newly allocated string containing all the signatures on
2737 * <b>consensus</b> by all voters. If <b>for_detached_signatures</b> is true,
2738 * then the signatures will be put in a detached signatures document, so
2739 * prefix any non-NS-flavored signatures with "additional-signature" rather
2740 * than "directory-signature". */
2741 static char *
2742 networkstatus_format_signatures(networkstatus_t *consensus,
2743 int for_detached_signatures)
2744 {
2745 smartlist_t *elements;
2746 char buf[4096];
2747 char *result = NULL;
2748 int n_sigs = 0;
2749 const consensus_flavor_t flavor = consensus->flavor;
2750 const char *flavor_name = networkstatus_get_flavor_name(flavor);
2751 const char *keyword;
2752
2753 if (for_detached_signatures && flavor != FLAV_NS)
2754 keyword = "additional-signature";
2755 else
2756 keyword = "directory-signature";
2757
2758 elements = smartlist_new();
2759
2760 SMARTLIST_FOREACH_BEGIN(consensus->voters, networkstatus_voter_info_t *, v) {
2761 SMARTLIST_FOREACH_BEGIN(v->sigs, document_signature_t *, sig) {
2762 char sk[HEX_DIGEST_LEN+1];
2763 char id[HEX_DIGEST_LEN+1];
2764 if (!sig->signature || sig->bad_signature)
2765 continue;
2766 ++n_sigs;
2767 base16_encode(sk, sizeof(sk), sig->signing_key_digest, DIGEST_LEN);
2768 base16_encode(id, sizeof(id), sig->identity_digest, DIGEST_LEN);
2769 if (flavor == FLAV_NS) {
2770 smartlist_add_asprintf(elements,
2771 "%s %s %s\n-----BEGIN SIGNATURE-----\n",
2772 keyword, id, sk);
2773 } else {
2774 const char *digest_name =
2775 crypto_digest_algorithm_get_name(sig->alg);
2776 smartlist_add_asprintf(elements,
2777 "%s%s%s %s %s %s\n-----BEGIN SIGNATURE-----\n",
2778 keyword,
2779 for_detached_signatures ? " " : "",
2780 for_detached_signatures ? flavor_name : "",
2781 digest_name, id, sk);
2782 }
2783 base64_encode(buf, sizeof(buf), sig->signature, sig->signature_len,
2784 BASE64_ENCODE_MULTILINE);
2785 strlcat(buf, "-----END SIGNATURE-----\n", sizeof(buf));
2786 smartlist_add_strdup(elements, buf);
2787 } SMARTLIST_FOREACH_END(sig);
2788 } SMARTLIST_FOREACH_END(v);
2789
2790 result = smartlist_join_strings(elements, "", 0, NULL);
2791 SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
2792 smartlist_free(elements);
2793 if (!n_sigs)
2794 tor_free(result);
2795 return result;
2796 }
2797
2798 /** Return a newly allocated string holding the detached-signatures document
2799 * corresponding to the signatures on <b>consensuses</b>, which must contain
2800 * exactly one FLAV_NS consensus, and no more than one consensus for each
2801 * other flavor. */
2802 STATIC char *
2803 networkstatus_get_detached_signatures(smartlist_t *consensuses)
2804 {
2805 smartlist_t *elements;
2806 char *result = NULL, *sigs = NULL;
2807 networkstatus_t *consensus_ns = NULL;
2808 tor_assert(consensuses);
2809
2810 SMARTLIST_FOREACH(consensuses, networkstatus_t *, ns, {
2811 tor_assert(ns);
2812 tor_assert(ns->type == NS_TYPE_CONSENSUS);
2813 if (ns && ns->flavor == FLAV_NS)
2814 consensus_ns = ns;
2815 });
2816 if (!consensus_ns) {
2817 log_warn(LD_BUG, "No NS consensus given.");
2818 return NULL;
2819 }
2820
2821 elements = smartlist_new();
2822
2823 {
2824 char va_buf[ISO_TIME_LEN+1], fu_buf[ISO_TIME_LEN+1],
2825 vu_buf[ISO_TIME_LEN+1];
2826 char d[HEX_DIGEST_LEN+1];
2827
2828 base16_encode(d, sizeof(d),
2829 consensus_ns->digests.d[DIGEST_SHA1], DIGEST_LEN);
2830 format_iso_time(va_buf, consensus_ns->valid_after);
2831 format_iso_time(fu_buf, consensus_ns->fresh_until);
2832 format_iso_time(vu_buf, consensus_ns->valid_until);
2833
2834 smartlist_add_asprintf(elements,
2835 "consensus-digest %s\n"
2836 "valid-after %s\n"
2837 "fresh-until %s\n"
2838 "valid-until %s\n", d, va_buf, fu_buf, vu_buf);
2839 }
2840
2841 /* Get all the digests for the non-FLAV_NS consensuses */
2842 SMARTLIST_FOREACH_BEGIN(consensuses, networkstatus_t *, ns) {
2843 const char *flavor_name = networkstatus_get_flavor_name(ns->flavor);
2844 int alg;
2845 if (ns->flavor == FLAV_NS)
2846 continue;
2847
2848 /* start with SHA256; we don't include SHA1 for anything but the basic
2849 * consensus. */
2850 for (alg = DIGEST_SHA256; alg < N_COMMON_DIGEST_ALGORITHMS; ++alg) {
2851 char d[HEX_DIGEST256_LEN+1];
2852 const char *alg_name =
2853 crypto_digest_algorithm_get_name(alg);
2854 if (fast_mem_is_zero(ns->digests.d[alg], DIGEST256_LEN))
2855 continue;
2856 base16_encode(d, sizeof(d), ns->digests.d[alg], DIGEST256_LEN);
2857 smartlist_add_asprintf(elements, "additional-digest %s %s %s\n",
2858 flavor_name, alg_name, d);
2859 }
2860 } SMARTLIST_FOREACH_END(ns);
2861
2862 /* Now get all the sigs for non-FLAV_NS consensuses */
2863 SMARTLIST_FOREACH_BEGIN(consensuses, networkstatus_t *, ns) {
2864 char *sigs_on_this_consensus;
2865 if (ns->flavor == FLAV_NS)
2866 continue;
2867 sigs_on_this_consensus = networkstatus_format_signatures(ns, 1);
2868 if (!sigs_on_this_consensus) {
2869 log_warn(LD_DIR, "Couldn't format signatures");
2870 goto err;
2871 }
2872 smartlist_add(elements, sigs_on_this_consensus);
2873 } SMARTLIST_FOREACH_END(ns);
2874
2875 /* Now add the FLAV_NS consensus signatrures. */
2876 sigs = networkstatus_format_signatures(consensus_ns, 1);
2877 if (!sigs)
2878 goto err;
2879 smartlist_add(elements, sigs);
2880
2881 result = smartlist_join_strings(elements, "", 0, NULL);
2882 err:
2883 SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
2884 smartlist_free(elements);
2885 return result;
2886 }
2887
2888 /** Return a newly allocated string holding a detached-signatures document for
2889 * all of the in-progress consensuses in the <b>n_flavors</b>-element array at
2890 * <b>pending</b>. */
2891 static char *
2892 get_detached_signatures_from_pending_consensuses(pending_consensus_t *pending,
2893 int n_flavors)
2894 {
2895 int flav;
2896 char *signatures;
2897 smartlist_t *c = smartlist_new();
2898 for (flav = 0; flav < n_flavors; ++flav) {
2899 if (pending[flav].consensus)
2900 smartlist_add(c, pending[flav].consensus);
2901 }
2902 signatures = networkstatus_get_detached_signatures(c);
2903 smartlist_free(c);
2904 return signatures;
2905 }
2906
2907 /**
2908 * Entry point: Take whatever voting actions are pending as of <b>now</b>.
2909 *
2910 * Return the time at which the next action should be taken.
2911 */
2912 time_t
2913 dirvote_act(const or_options_t *options, time_t now)
2914 {
2915 if (!authdir_mode_v3(options))
2916 return TIME_MAX;
2917 tor_assert_nonfatal(voting_schedule.voting_starts);
2918 /* If we haven't initialized this object through this codeflow, we need to
2919 * recalculate the timings to match our vote. The reason to do that is if we
2920 * have a voting schedule initialized 1 minute ago, the voting timings might
2921 * not be aligned to what we should expect with "now". This is especially
2922 * true for TestingTorNetwork using smaller timings. */
2923 if (voting_schedule.created_on_demand) {
2924 char *keys = list_v3_auth_ids();
2925 authority_cert_t *c = get_my_v3_authority_cert();
2926 log_notice(LD_DIR, "Scheduling voting. Known authority IDs are %s. "
2927 "Mine is %s.",
2928 keys, hex_str(c->cache_info.identity_digest, DIGEST_LEN));
2929 tor_free(keys);
2930 dirauth_sched_recalculate_timing(options, now);
2931 }
2932
2933 #define IF_TIME_FOR_NEXT_ACTION(when_field, done_field) \
2934 if (! voting_schedule.done_field) { \
2935 if (voting_schedule.when_field > now) { \
2936 return voting_schedule.when_field; \
2937 } else {
2938 #define ENDIF \
2939 } \
2940 }
2941
2942 IF_TIME_FOR_NEXT_ACTION(voting_starts, have_voted) {
2943 log_notice(LD_DIR, "Time to vote.");
2944 dirvote_perform_vote();
2945 voting_schedule.have_voted = 1;
2946 } ENDIF
2947 IF_TIME_FOR_NEXT_ACTION(fetch_missing_votes, have_fetched_missing_votes) {
2948 log_notice(LD_DIR, "Time to fetch any votes that we're missing.");
2949 dirvote_fetch_missing_votes();
2950 voting_schedule.have_fetched_missing_votes = 1;
2951 } ENDIF
2952 IF_TIME_FOR_NEXT_ACTION(voting_ends, have_built_consensus) {
2953 log_notice(LD_DIR, "Time to compute a consensus.");
2954 dirvote_compute_consensuses();
2955 /* XXXX We will want to try again later if we haven't got enough
2956 * votes yet. Implement this if it turns out to ever happen. */
2957 voting_schedule.have_built_consensus = 1;
2958 } ENDIF
2959 IF_TIME_FOR_NEXT_ACTION(fetch_missing_signatures,
2960 have_fetched_missing_signatures) {
2961 log_notice(LD_DIR, "Time to fetch any signatures that we're missing.");
2962 dirvote_fetch_missing_signatures();
2963 voting_schedule.have_fetched_missing_signatures = 1;
2964 } ENDIF
2965 IF_TIME_FOR_NEXT_ACTION(interval_starts,
2966 have_published_consensus) {
2967 log_notice(LD_DIR, "Time to publish the consensus and discard old votes");
2968 dirvote_publish_consensus();
2969 dirvote_clear_votes(0);
2970 voting_schedule.have_published_consensus = 1;
2971 /* Update our shared random state with the consensus just published. */
2972 sr_act_post_consensus(
2973 networkstatus_get_latest_consensus_by_flavor(FLAV_NS));
2974 /* XXXX We will want to try again later if we haven't got enough
2975 * signatures yet. Implement this if it turns out to ever happen. */
2976 dirauth_sched_recalculate_timing(options, now);
2977 return voting_schedule.voting_starts;
2978 } ENDIF
2979
2980 tor_assert_nonfatal_unreached();
2981 return now + 1;
2982
2983 #undef ENDIF
2984 #undef IF_TIME_FOR_NEXT_ACTION
2985 }
2986
2987 /** A vote networkstatus_t and its unparsed body: held around so we can
2988 * use it to generate a consensus (at voting_ends) and so we can serve it to
2989 * other authorities that might want it. */
2990 typedef struct pending_vote_t {
2991 cached_dir_t *vote_body;
2992 networkstatus_t *vote;
2993 } pending_vote_t;
2994
2995 /** List of pending_vote_t for the current vote. Before we've used them to
2996 * build a consensus, the votes go here. */
2997 static smartlist_t *pending_vote_list = NULL;
2998 /** List of pending_vote_t for the previous vote. After we've used them to
2999 * build a consensus, the votes go here for the next period. */
3000 static smartlist_t *previous_vote_list = NULL;
3001
3002 /* DOCDOC pending_consensuses */
3003 static pending_consensus_t pending_consensuses[N_CONSENSUS_FLAVORS];
3004
3005 /** The detached signatures for the consensus that we're currently
3006 * building. */
3007 static char *pending_consensus_signatures = NULL;
3008
3009 /** List of ns_detached_signatures_t: hold signatures that get posted to us
3010 * before we have generated the consensus on our own. */
3011 static smartlist_t *pending_consensus_signature_list = NULL;
3012
3013 /** Generate a networkstatus vote and post it to all the v3 authorities.
3014 * (V3 Authority only) */
3015 static int
3016 dirvote_perform_vote(void)
3017 {
3018 crypto_pk_t *key = get_my_v3_authority_signing_key();
3019 authority_cert_t *cert = get_my_v3_authority_cert();
3020 networkstatus_t *ns;
3021 char *contents;
3022 pending_vote_t *pending_vote;
3023 time_t now = time(NULL);
3024
3025 int status;
3026 const char *msg = "";
3027
3028 if (!cert || !key) {
3029 log_warn(LD_NET, "Didn't find key/certificate to generate v3 vote");
3030 return -1;
3031 } else if (cert->expires < now) {
3032 log_warn(LD_NET, "Can't generate v3 vote with expired certificate");
3033 return -1;
3034 }
3035 if (!(ns = dirserv_generate_networkstatus_vote_obj(key, cert)))
3036 return -1;
3037
3038 contents = format_networkstatus_vote(key, ns);
3039 networkstatus_vote_free(ns);
3040 if (!contents)
3041 return -1;
3042
3043 pending_vote = dirvote_add_vote(contents, 0, "self", &msg, &status);
3044 tor_free(contents);
3045 if (!pending_vote) {
3046 log_warn(LD_DIR, "Couldn't store my own vote! (I told myself, '%s'.)",
3047 msg);
3048 return -1;
3049 }
3050
3051 directory_post_to_dirservers(DIR_PURPOSE_UPLOAD_VOTE,
3052 ROUTER_PURPOSE_GENERAL,
3053 V3_DIRINFO,
3054 pending_vote->vote_body->dir,
3055 pending_vote->vote_body->dir_len, 0);
3056 log_notice(LD_DIR, "Vote posted.");
3057 return 0;
3058 }
3059
3060 /** Send an HTTP request to every other v3 authority, for the votes of every
3061 * authority for which we haven't received a vote yet in this period. (V3
3062 * authority only) */
3063 static void
3064 dirvote_fetch_missing_votes(void)
3065 {
3066 smartlist_t *missing_fps = smartlist_new();
3067 char *resource;
3068
3069 SMARTLIST_FOREACH_BEGIN(router_get_trusted_dir_servers(),
3070 dir_server_t *, ds) {
3071 if (!(ds->type & V3_DIRINFO))
3072 continue;
3073 if (!dirvote_get_vote(ds->v3_identity_digest,
3074 DGV_BY_ID|DGV_INCLUDE_PENDING)) {
3075 char *cp = tor_malloc(HEX_DIGEST_LEN+1);
3076 base16_encode(cp, HEX_DIGEST_LEN+1, ds->v3_identity_digest,
3077 DIGEST_LEN);
3078 smartlist_add(missing_fps, cp);
3079 }
3080 } SMARTLIST_FOREACH_END(ds);
3081
3082 if (!smartlist_len(missing_fps)) {
3083 smartlist_free(missing_fps);
3084 return;
3085 }
3086 {
3087 char *tmp = smartlist_join_strings(missing_fps, " ", 0, NULL);
3088 log_notice(LOG_NOTICE, "We're missing votes from %d authorities (%s). "
3089 "Asking every other authority for a copy.",
3090 smartlist_len(missing_fps), tmp);
3091 tor_free(tmp);
3092 }
3093 resource = smartlist_join_strings(missing_fps, "+", 0, NULL);
3094 directory_get_from_all_authorities(DIR_PURPOSE_FETCH_STATUS_VOTE,
3095 0, resource);
3096 tor_free(resource);
3097 SMARTLIST_FOREACH(missing_fps, char *, cp, tor_free(cp));
3098 smartlist_free(missing_fps);
3099 }
3100
3101 /** Send a request to every other authority for its detached signatures,
3102 * unless we have signatures from all other v3 authorities already. */
3103 static void
3104 dirvote_fetch_missing_signatures(void)
3105 {
3106 int need_any = 0;
3107 int i;
3108 for (i=0; i < N_CONSENSUS_FLAVORS; ++i) {
3109 networkstatus_t *consensus = pending_consensuses[i].consensus;
3110 if (!consensus ||
3111 networkstatus_check_consensus_signature(consensus, -1) == 1) {
3112 /* We have no consensus, or we have one that's signed by everybody. */
3113 continue;
3114 }
3115 need_any = 1;
3116 }
3117 if (!need_any)
3118 return;
3119
3120 directory_get_from_all_authorities(DIR_PURPOSE_FETCH_DETACHED_SIGNATURES,
3121 0, NULL);
3122 }
3123
3124 /** Release all storage held by pending consensuses (those waiting for
3125 * signatures). */
3126 static void
3127 dirvote_clear_pending_consensuses(void)
3128 {
3129 int i;
3130 for (i = 0; i < N_CONSENSUS_FLAVORS; ++i) {
3131 pending_consensus_t *pc = &pending_consensuses[i];
3132 tor_free(pc->body);
3133
3134 networkstatus_vote_free(pc->consensus);
3135 pc->consensus = NULL;
3136 }
3137 }
3138
3139 /** Drop all currently pending votes, consensus, and detached signatures. */
3140 static void
3141 dirvote_clear_votes(int all_votes)
3142 {
3143 if (!previous_vote_list)
3144 previous_vote_list = smartlist_new();
3145 if (!pending_vote_list)
3146 pending_vote_list = smartlist_new();
3147
3148 /* All "previous" votes are now junk. */
3149 SMARTLIST_FOREACH(previous_vote_list, pending_vote_t *, v, {
3150 cached_dir_decref(v->vote_body);
3151 v->vote_body = NULL;
3152 networkstatus_vote_free(v->vote);
3153 tor_free(v);
3154 });
3155 smartlist_clear(previous_vote_list);
3156
3157 if (all_votes) {
3158 /* If we're dumping all the votes, we delete the pending ones. */
3159 SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, v, {
3160 cached_dir_decref(v->vote_body);
3161 v->vote_body = NULL;
3162 networkstatus_vote_free(v->vote);
3163 tor_free(v);
3164 });
3165 } else {
3166 /* Otherwise, we move them into "previous". */
3167 smartlist_add_all(previous_vote_list, pending_vote_list);
3168 }
3169 smartlist_clear(pending_vote_list);
3170
3171 if (pending_consensus_signature_list) {
3172 SMARTLIST_FOREACH(pending_consensus_signature_list, char *, cp,
3173 tor_free(cp));
3174 smartlist_clear(pending_consensus_signature_list);
3175 }
3176 tor_free(pending_consensus_signatures);
3177 dirvote_clear_pending_consensuses();
3178 }
3179
3180 /** Return a newly allocated string containing the hex-encoded v3 authority
3181 identity digest of every recognized v3 authority. */
3182 static char *
3183 list_v3_auth_ids(void)
3184 {
3185 smartlist_t *known_v3_keys = smartlist_new();
3186 char *keys;
3187 SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
3188 dir_server_t *, ds,
3189 if ((ds->type & V3_DIRINFO) &&
3190 !tor_digest_is_zero(ds->v3_identity_digest))
3191 smartlist_add(known_v3_keys,
3192 tor_strdup(hex_str(ds->v3_identity_digest, DIGEST_LEN))));
3193 keys = smartlist_join_strings(known_v3_keys, ", ", 0, NULL);
3194 SMARTLIST_FOREACH(known_v3_keys, char *, cp, tor_free(cp));
3195 smartlist_free(known_v3_keys);
3196 return keys;
3197 }
3198
3199 /* Check the voter information <b>vi</b>, and assert that at least one
3200 * signature is good. Asserts on failure. */
3201 static void
3202 assert_any_sig_good(const networkstatus_voter_info_t *vi)
3203 {
3204 int any_sig_good = 0;
3205 SMARTLIST_FOREACH(vi->sigs, document_signature_t *, sig,
3206 if (sig->good_signature)
3207 any_sig_good = 1);
3208 tor_assert(any_sig_good);
3209 }
3210
3211 /* Add <b>cert</b> to our list of known authority certificates. */
3212 static void
3213 add_new_cert_if_needed(const struct authority_cert_t *cert)
3214 {
3215 tor_assert(cert);
3216 if (!authority_cert_get_by_digests(cert->cache_info.identity_digest,
3217 cert->signing_key_digest)) {
3218 /* Hey, it's a new cert! */
3219 trusted_dirs_load_certs_from_string(
3220 cert->cache_info.signed_descriptor_body,
3221 TRUSTED_DIRS_CERTS_SRC_FROM_VOTE, 1 /*flush*/,
3222 NULL);
3223 if (!authority_cert_get_by_digests(cert->cache_info.identity_digest,
3224 cert->signing_key_digest)) {
3225 log_warn(LD_BUG, "We added a cert, but still couldn't find it.");
3226 }
3227 }
3228 }
3229
3230 /** Called when we have received a networkstatus vote in <b>vote_body</b>.
3231 * Parse and validate it, and on success store it as a pending vote (which we
3232 * then return). Return NULL on failure. Sets *<b>msg_out</b> and
3233 * *<b>status_out</b> to an HTTP response and status code. (V3 authority
3234 * only) */
3235 pending_vote_t *
3236 dirvote_add_vote(const char *vote_body, time_t time_posted,
3237 const char *where_from,
3238 const char **msg_out, int *status_out)
3239 {
3240 networkstatus_t *vote;
3241 networkstatus_voter_info_t *vi;
3242 dir_server_t *ds;
3243 pending_vote_t *pending_vote = NULL;
3244 const char *end_of_vote = NULL;
3245 int any_failed = 0;
3246 tor_assert(vote_body);
3247 tor_assert(msg_out);
3248 tor_assert(status_out);
3249
3250 if (!pending_vote_list)
3251 pending_vote_list = smartlist_new();
3252 *status_out = 0;
3253 *msg_out = NULL;
3254
3255 again:
3256 vote = networkstatus_parse_vote_from_string(vote_body, strlen(vote_body),
3257 &end_of_vote,
3258 NS_TYPE_VOTE);
3259 if (!end_of_vote)
3260 end_of_vote = vote_body + strlen(vote_body);
3261 if (!vote) {
3262 log_warn(LD_DIR, "Couldn't parse vote: length was %d",
3263 (int)strlen(vote_body));
3264 *msg_out = "Unable to parse vote";
3265 goto err;
3266 }
3267 tor_assert(smartlist_len(vote->voters) == 1);
3268 vi = get_voter(vote);
3269 assert_any_sig_good(vi);
3270 ds = trusteddirserver_get_by_v3_auth_digest(vi->identity_digest);
3271 if (!ds) {
3272 char *keys = list_v3_auth_ids();
3273 log_warn(LD_DIR, "Got a vote from an authority (nickname %s, address %s) "
3274 "with authority key ID %s. "
3275 "This key ID is not recognized. Known v3 key IDs are: %s",
3276 vi->nickname, vi->address,
3277 hex_str(vi->identity_digest, DIGEST_LEN), keys);
3278 tor_free(keys);
3279 *msg_out = "Vote not from a recognized v3 authority";
3280 goto err;
3281 }
3282 add_new_cert_if_needed(vote->cert);
3283
3284 /* Is it for the right period? */
3285 if (vote->valid_after != voting_schedule.interval_starts) {
3286 char tbuf1[ISO_TIME_LEN+1], tbuf2[ISO_TIME_LEN+1];
3287 format_iso_time(tbuf1, vote->valid_after);
3288 format_iso_time(tbuf2, voting_schedule.interval_starts);
3289 log_warn(LD_DIR, "Rejecting vote from %s with valid-after time of %s; "
3290 "we were expecting %s", vi->address, tbuf1, tbuf2);
3291 *msg_out = "Bad valid-after time";
3292 goto err;
3293 }
3294
3295 if (time_posted) { /* they sent it to me via a POST */
3296 log_notice(LD_DIR, "%s posted a vote to me from %s.",
3297 vi->nickname, where_from);
3298 } else { /* I imported this one myself */
3299 log_notice(LD_DIR, "Retrieved %s's vote from %s.",
3300 vi->nickname, where_from);
3301 }
3302
3303 /* Check if we received it, as a post, after the cutoff when we
3304 * start asking other dir auths for it. If we do, the best plan
3305 * is to discard it, because using it greatly increases the chances
3306 * of a split vote for this round (some dir auths got it in time,
3307 * some didn't). */
3308 if (time_posted && time_posted > voting_schedule.fetch_missing_votes) {
3309 char tbuf1[ISO_TIME_LEN+1], tbuf2[ISO_TIME_LEN+1];
3310 format_iso_time(tbuf1, time_posted);
3311 format_iso_time(tbuf2, voting_schedule.fetch_missing_votes);
3312 log_warn(LD_DIR, "Rejecting %s's posted vote from %s received at %s; "
3313 "our cutoff for received votes is %s. Check your clock, "
3314 "CPU load, and network load. Also check the authority that "
3315 "posted the vote.", vi->nickname, vi->address, tbuf1, tbuf2);
3316 *msg_out = "Posted vote received too late, would be dangerous to count it";
3317 goto err;
3318 }
3319
3320 /* Fetch any new router descriptors we just learned about */
3321 update_consensus_router_descriptor_downloads(time(NULL), 1, vote);
3322
3323 /* Now see whether we already have a vote from this authority. */
3324 SMARTLIST_FOREACH_BEGIN(pending_vote_list, pending_vote_t *, v) {
3325 if (fast_memeq(v->vote->cert->cache_info.identity_digest,
3326 vote->cert->cache_info.identity_digest,
3327 DIGEST_LEN)) {
3328 networkstatus_voter_info_t *vi_old = get_voter(v->vote);
3329 if (fast_memeq(vi_old->vote_digest, vi->vote_digest, DIGEST_LEN)) {
3330 /* Ah, it's the same vote. Not a problem. */
3331 log_notice(LD_DIR, "Discarding a vote we already have (from %s).",
3332 vi->address);
3333 if (*status_out < 200)
3334 *status_out = 200;
3335 goto discard;
3336 } else if (v->vote->published < vote->published) {
3337 log_notice(LD_DIR, "Replacing an older pending vote from this "
3338 "directory (%s)", vi->address);
3339 cached_dir_decref(v->vote_body);
3340 networkstatus_vote_free(v->vote);
3341 v->vote_body = new_cached_dir(tor_strndup(vote_body,
3342 end_of_vote-vote_body),
3343 vote->published);
3344 v->vote = vote;
3345 if (end_of_vote &&
3346 !strcmpstart(end_of_vote, "network-status-version"))
3347 goto again;
3348
3349 if (*status_out < 200)
3350 *status_out = 200;
3351 if (!*msg_out)
3352 *msg_out = "OK";
3353 return v;
3354 } else {
3355 log_notice(LD_DIR, "Discarding vote from %s because we have "
3356 "a newer one already.", vi->address);
3357 *msg_out = "Already have a newer pending vote";
3358 goto err;
3359 }
3360 }
3361 } SMARTLIST_FOREACH_END(v);
3362
3363 /* This a valid vote, update our shared random state. */
3364 sr_handle_received_commits(vote->sr_info.commits,
3365 vote->cert->identity_key);
3366
3367 pending_vote = tor_malloc_zero(sizeof(pending_vote_t));
3368 pending_vote->vote_body = new_cached_dir(tor_strndup(vote_body,
3369 end_of_vote-vote_body),
3370 vote->published);
3371 pending_vote->vote = vote;
3372 smartlist_add(pending_vote_list, pending_vote);
3373
3374 if (!strcmpstart(end_of_vote, "network-status-version ")) {
3375 vote_body = end_of_vote;
3376 goto again;
3377 }
3378
3379 goto done;
3380
3381 err:
3382 any_failed = 1;
3383 if (!*msg_out)
3384 *msg_out = "Error adding vote";
3385 if (*status_out < 400)
3386 *status_out = 400;
3387
3388 discard:
3389 networkstatus_vote_free(vote);
3390
3391 if (end_of_vote && !strcmpstart(end_of_vote, "network-status-version ")) {
3392 vote_body = end_of_vote;
3393 goto again;
3394 }
3395
3396 done:
3397
3398 if (*status_out < 200)
3399 *status_out = 200;
3400 if (!*msg_out) {
3401 if (!any_failed && !pending_vote) {
3402 *msg_out = "Duplicate discarded";
3403 } else {
3404 *msg_out = "ok";
3405 }
3406 }
3407
3408 return any_failed ? NULL : pending_vote;
3409 }
3410
3411 /* Write the votes in <b>pending_vote_list</b> to disk. */
3412 static void
3413 write_v3_votes_to_disk(const smartlist_t *pending_votes)
3414 {
3415 smartlist_t *votestrings = smartlist_new();
3416 char *votefile = NULL;
3417
3418 SMARTLIST_FOREACH(pending_votes, pending_vote_t *, v,
3419 {
3420 sized_chunk_t *c = tor_malloc(sizeof(sized_chunk_t));
3421 c->bytes = v->vote_body->dir;
3422 c->len = v->vote_body->dir_len;
3423 smartlist_add(votestrings, c); /* collect strings to write to disk */
3424 });
3425
3426 votefile = get_datadir_fname("v3-status-votes");
3427 write_chunks_to_file(votefile, votestrings, 0, 0);
3428 log_debug(LD_DIR, "Wrote votes to disk (%s)!", votefile);
3429
3430 tor_free(votefile);
3431 SMARTLIST_FOREACH(votestrings, sized_chunk_t *, c, tor_free(c));
3432 smartlist_free(votestrings);
3433 }
3434
3435 /** Try to compute a v3 networkstatus consensus from the currently pending
3436 * votes. Return 0 on success, -1 on failure. Store the consensus in
3437 * pending_consensus: it won't be ready to be published until we have
3438 * everybody else's signatures collected too. (V3 Authority only) */
3439 static int
3440 dirvote_compute_consensuses(void)
3441 {
3442 /* Have we got enough votes to try? */
3443 int n_votes, n_voters, n_vote_running = 0;
3444 smartlist_t *votes = NULL;
3445 char *consensus_body = NULL, *signatures = NULL;
3446 networkstatus_t *consensus = NULL;
3447 authority_cert_t *my_cert;
3448 pending_consensus_t pending[N_CONSENSUS_FLAVORS];
3449 int flav;
3450
3451 memset(pending, 0, sizeof(pending));
3452
3453 if (!pending_vote_list)
3454 pending_vote_list = smartlist_new();
3455
3456 /* Write votes to disk */
3457 write_v3_votes_to_disk(pending_vote_list);
3458
3459 /* Setup votes smartlist */
3460 votes = smartlist_new();
3461 SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, v,
3462 {
3463 smartlist_add(votes, v->vote); /* collect votes to compute consensus */
3464 });
3465
3466 /* See if consensus managed to achieve majority */
3467 n_voters = get_n_authorities(V3_DIRINFO);
3468 n_votes = smartlist_len(pending_vote_list);
3469 if (n_votes <= n_voters/2) {
3470 log_warn(LD_DIR, "We don't have enough votes to generate a consensus: "
3471 "%d of %d", n_votes, n_voters/2+1);
3472 goto err;
3473 }
3474 tor_assert(pending_vote_list);
3475 SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, v, {
3476 if (smartlist_contains_string(v->vote->known_flags, "Running"))
3477 n_vote_running++;
3478 });
3479 if (!n_vote_running) {
3480 /* See task 1066. */
3481 log_warn(LD_DIR, "Nobody has voted on the Running flag. Generating "
3482 "and publishing a consensus without Running nodes "
3483 "would make many clients stop working. Not "
3484 "generating a consensus!");
3485 goto err;
3486 }
3487
3488 if (!(my_cert = get_my_v3_authority_cert())) {
3489 log_warn(LD_DIR, "Can't generate consensus without a certificate.");
3490 goto err;
3491 }
3492
3493 {
3494 char legacy_dbuf[DIGEST_LEN];
3495 crypto_pk_t *legacy_sign=NULL;
3496 char *legacy_id_digest = NULL;
3497 int n_generated = 0;
3498 if (get_options()->V3AuthUseLegacyKey) {
3499 authority_cert_t *cert = get_my_v3_legacy_cert();
3500 legacy_sign = get_my_v3_legacy_signing_key();
3501 if (cert) {
3502 if (crypto_pk_get_digest(cert->identity_key, legacy_dbuf)) {
3503 log_warn(LD_BUG,
3504 "Unable to compute digest of legacy v3 identity key");
3505 } else {
3506 legacy_id_digest = legacy_dbuf;
3507 }
3508 }
3509 }
3510
3511 for (flav = 0; flav < N_CONSENSUS_FLAVORS; ++flav) {
3512 const char *flavor_name = networkstatus_get_flavor_name(flav);
3513 consensus_body = networkstatus_compute_consensus(
3514 votes, n_voters,
3515 my_cert->identity_key,
3516 get_my_v3_authority_signing_key(), legacy_id_digest, legacy_sign,
3517 flav);
3518
3519 if (!consensus_body) {
3520 log_warn(LD_DIR, "Couldn't generate a %s consensus at all!",
3521 flavor_name);
3522 continue;
3523 }
3524 consensus = networkstatus_parse_vote_from_string(consensus_body,
3525 strlen(consensus_body),
3526 NULL,
3527 NS_TYPE_CONSENSUS);
3528 if (!consensus) {
3529 log_warn(LD_DIR, "Couldn't parse %s consensus we generated!",
3530 flavor_name);
3531 tor_free(consensus_body);
3532 continue;
3533 }
3534
3535 /* 'Check' our own signature, to mark it valid. */
3536 networkstatus_check_consensus_signature(consensus, -1);
3537
3538 pending[flav].body = consensus_body;
3539 pending[flav].consensus = consensus;
3540 n_generated++;
3541
3542 /* Write it out to disk too, for dir auth debugging purposes */
3543 {
3544 char *filename;
3545 tor_asprintf(&filename, "my-consensus-%s", flavor_name);
3546 write_str_to_file(get_datadir_fname(filename), consensus_body, 0);
3547 tor_free(filename);
3548 }
3549
3550 consensus_body = NULL;
3551 consensus = NULL;
3552 }
3553 if (!n_generated) {
3554 log_warn(LD_DIR, "Couldn't generate any consensus flavors at all.");
3555 goto err;
3556 }
3557 }
3558
3559 signatures = get_detached_signatures_from_pending_consensuses(
3560 pending, N_CONSENSUS_FLAVORS);
3561
3562 if (!signatures) {
3563 log_warn(LD_DIR, "Couldn't extract signatures.");
3564 goto err;
3565 }
3566
3567 dirvote_clear_pending_consensuses();
3568 memcpy(pending_consensuses, pending, sizeof(pending));
3569
3570 tor_free(pending_consensus_signatures);
3571 pending_consensus_signatures = signatures;
3572
3573 if (pending_consensus_signature_list) {
3574 int n_sigs = 0;
3575 /* we may have gotten signatures for this consensus before we built
3576 * it ourself. Add them now. */
3577 SMARTLIST_FOREACH_BEGIN(pending_consensus_signature_list, char *, sig) {
3578 const char *msg = NULL;
3579 int r = dirvote_add_signatures_to_all_pending_consensuses(sig,
3580 "pending", &msg);
3581 if (r >= 0)
3582 n_sigs += r;
3583 else
3584 log_warn(LD_DIR,
3585 "Could not add queued signature to new consensus: %s",
3586 msg);
3587 tor_free(sig);
3588 } SMARTLIST_FOREACH_END(sig);
3589 if (n_sigs)
3590 log_notice(LD_DIR, "Added %d pending signatures while building "
3591 "consensus.", n_sigs);
3592 smartlist_clear(pending_consensus_signature_list);
3593 }
3594
3595 log_notice(LD_DIR, "Consensus computed; uploading signature(s)");
3596
3597 directory_post_to_dirservers(DIR_PURPOSE_UPLOAD_SIGNATURES,
3598 ROUTER_PURPOSE_GENERAL,
3599 V3_DIRINFO,
3600 pending_consensus_signatures,
3601 strlen(pending_consensus_signatures), 0);
3602 log_notice(LD_DIR, "Signature(s) posted.");
3603
3604 smartlist_free(votes);
3605 return 0;
3606 err:
3607 smartlist_free(votes);
3608 tor_free(consensus_body);
3609 tor_free(signatures);
3610 networkstatus_vote_free(consensus);
3611
3612 return -1;
3613 }
3614
3615 /** Helper: we just got the <b>detached_signatures_body</b> sent to us as
3616 * signatures on the currently pending consensus. Add them to <b>pc</b>
3617 * as appropriate. Return the number of signatures added. (?) */
3618 static int
3619 dirvote_add_signatures_to_pending_consensus(
3620 pending_consensus_t *pc,
3621 ns_detached_signatures_t *sigs,
3622 const char *source,
3623 int severity,
3624 const char **msg_out)
3625 {
3626 const char *flavor_name;
3627 int r = -1;
3628
3629 /* Only call if we have a pending consensus right now. */
3630 tor_assert(pc->consensus);
3631 tor_assert(pc->body);
3632 tor_assert(pending_consensus_signatures);
3633
3634 flavor_name = networkstatus_get_flavor_name(pc->consensus->flavor);
3635 *msg_out = NULL;
3636
3637 {
3638 smartlist_t *sig_list = strmap_get(sigs->signatures, flavor_name);
3639 log_info(LD_DIR, "Have %d signatures for adding to %s consensus.",
3640 sig_list ? smartlist_len(sig_list) : 0, flavor_name);
3641 }
3642 r = networkstatus_add_detached_signatures(pc->consensus, sigs,
3643 source, severity, msg_out);
3644 if (r >= 0) {
3645 log_info(LD_DIR,"Added %d signatures to consensus.", r);
3646 } else {
3647 log_fn(LOG_PROTOCOL_WARN, LD_DIR,
3648 "Unable to add signatures to consensus: %s",
3649 *msg_out ? *msg_out : "(unknown)");
3650 }
3651
3652 if (r >= 1) {
3653 char *new_signatures =
3654 networkstatus_format_signatures(pc->consensus, 0);
3655 char *dst, *dst_end;
3656 size_t new_consensus_len;
3657 if (!new_signatures) {
3658 *msg_out = "No signatures to add";
3659 goto err;
3660 }
3661 new_consensus_len =
3662 strlen(pc->body) + strlen(new_signatures) + 1;
3663 pc->body = tor_realloc(pc->body, new_consensus_len);
3664 dst_end = pc->body + new_consensus_len;
3665 dst = (char *) find_str_at_start_of_line(pc->body, "directory-signature ");
3666 tor_assert(dst);
3667 strlcpy(dst, new_signatures, dst_end-dst);
3668
3669 /* We remove this block once it has failed to crash for a while. But
3670 * unless it shows up in profiles, we're probably better leaving it in,
3671 * just in case we break detached signature processing at some point. */
3672 {
3673 networkstatus_t *v = networkstatus_parse_vote_from_string(
3674 pc->body, strlen(pc->body), NULL,
3675 NS_TYPE_CONSENSUS);
3676 tor_assert(v);
3677 networkstatus_vote_free(v);
3678 }
3679 *msg_out = "Signatures added";
3680 tor_free(new_signatures);
3681 } else if (r == 0) {
3682 *msg_out = "Signatures ignored";
3683 } else {
3684 goto err;
3685 }
3686
3687 goto done;
3688 err:
3689 if (!*msg_out)
3690 *msg_out = "Unrecognized error while adding detached signatures.";
3691 done:
3692 return r;
3693 }
3694
3695 /** Helper: we just got the <b>detached_signatures_body</b> sent to us as
3696 * signatures on the currently pending consensus. Add them to the pending
3697 * consensus (if we have one).
3698 *
3699 * Set *<b>msg</b> to a string constant describing the status, regardless of
3700 * success or failure.
3701 *
3702 * Return negative on failure, nonnegative on success. */
3703 static int
3704 dirvote_add_signatures_to_all_pending_consensuses(
3705 const char *detached_signatures_body,
3706 const char *source,
3707 const char **msg_out)
3708 {
3709 int r=0, i, n_added = 0, errors = 0;
3710 ns_detached_signatures_t *sigs;
3711 tor_assert(detached_signatures_body);
3712 tor_assert(msg_out);
3713 tor_assert(pending_consensus_signatures);
3714
3715 if (!(sigs = networkstatus_parse_detached_signatures(
3716 detached_signatures_body, NULL))) {
3717 *msg_out = "Couldn't parse detached signatures.";
3718 goto err;
3719 }
3720
3721 for (i = 0; i < N_CONSENSUS_FLAVORS; ++i) {
3722 int res;
3723 int severity = i == FLAV_NS ? LOG_NOTICE : LOG_INFO;
3724 pending_consensus_t *pc = &pending_consensuses[i];
3725 if (!pc->consensus)
3726 continue;
3727 res = dirvote_add_signatures_to_pending_consensus(pc, sigs, source,
3728 severity, msg_out);
3729 if (res < 0)
3730 errors++;
3731 else
3732 n_added += res;
3733 }
3734
3735 if (errors && !n_added) {
3736 r = -1;
3737 goto err;
3738 }
3739
3740 if (n_added && pending_consensuses[FLAV_NS].consensus) {
3741 char *new_detached =
3742 get_detached_signatures_from_pending_consensuses(
3743 pending_consensuses, N_CONSENSUS_FLAVORS);
3744 if (new_detached) {
3745 tor_free(pending_consensus_signatures);
3746 pending_consensus_signatures = new_detached;
3747 }
3748 }
3749
3750 r = n_added;
3751 goto done;
3752 err:
3753 if (!*msg_out)
3754 *msg_out = "Unrecognized error while adding detached signatures.";
3755 done:
3756 ns_detached_signatures_free(sigs);
3757 /* XXXX NM Check how return is used. We can now have an error *and*
3758 signatures added. */
3759 return r;
3760 }
3761
3762 /** Helper: we just got the <b>detached_signatures_body</b> sent to us as
3763 * signatures on the currently pending consensus. Add them to the pending
3764 * consensus (if we have one); otherwise queue them until we have a
3765 * consensus.
3766 *
3767 * Set *<b>msg</b> to a string constant describing the status, regardless of
3768 * success or failure.
3769 *
3770 * Return negative on failure, nonnegative on success. */
3771 int
3772 dirvote_add_signatures(const char *detached_signatures_body,
3773 const char *source,
3774 const char **msg)
3775 {
3776 if (pending_consensuses[FLAV_NS].consensus) {
3777 log_notice(LD_DIR, "Got a signature from %s. "
3778 "Adding it to the pending consensus.", source);
3779 return dirvote_add_signatures_to_all_pending_consensuses(
3780 detached_signatures_body, source, msg);
3781 } else {
3782 log_notice(LD_DIR, "Got a signature from %s. "
3783 "Queuing it for the next consensus.", source);
3784 if (!pending_consensus_signature_list)
3785 pending_consensus_signature_list = smartlist_new();
3786 smartlist_add_strdup(pending_consensus_signature_list,
3787 detached_signatures_body);
3788 *msg = "Signature queued";
3789 return 0;
3790 }
3791 }
3792
3793 /** Replace the consensus that we're currently serving with the one that we've
3794 * been building. (V3 Authority only) */
3795 static int
3796 dirvote_publish_consensus(void)
3797 {
3798 int i;
3799
3800 /* Now remember all the other consensuses as if we were a directory cache. */
3801 for (i = 0; i < N_CONSENSUS_FLAVORS; ++i) {
3802 pending_consensus_t *pending = &pending_consensuses[i];
3803 const char *name;
3804 name = networkstatus_get_flavor_name(i);
3805 tor_assert(name);
3806 if (!pending->consensus ||
3807 networkstatus_check_consensus_signature(pending->consensus, 1)<0) {
3808 log_warn(LD_DIR, "Not enough info to publish pending %s consensus",name);
3809 continue;
3810 }
3811
3812 if (networkstatus_set_current_consensus(pending->body,
3813 strlen(pending->body),
3814 name, 0, NULL))
3815 log_warn(LD_DIR, "Error publishing %s consensus", name);
3816 else
3817 log_notice(LD_DIR, "Published %s consensus", name);
3818 }
3819
3820 return 0;
3821 }
3822
3823 /** Release all static storage held in dirvote.c */
3824 void
3825 dirvote_free_all(void)
3826 {
3827 dirvote_clear_votes(1);
3828 /* now empty as a result of dirvote_clear_votes(). */
3829 smartlist_free(pending_vote_list);
3830 pending_vote_list = NULL;
3831 smartlist_free(previous_vote_list);
3832 previous_vote_list = NULL;
3833
3834 dirvote_clear_pending_consensuses();
3835 tor_free(pending_consensus_signatures);
3836 if (pending_consensus_signature_list) {
3837 /* now empty as a result of dirvote_clear_votes(). */
3838 smartlist_free(pending_consensus_signature_list);
3839 pending_consensus_signature_list = NULL;
3840 }
3841 }
3842
3843 /* ====
3844 * Access to pending items.
3845 * ==== */
3846
3847 /** Return the body of the consensus that we're currently trying to build. */
3848 MOCK_IMPL(const char *,
3849 dirvote_get_pending_consensus, (consensus_flavor_t flav))
3850 {
3851 tor_assert(((int)flav) >= 0 && (int)flav < N_CONSENSUS_FLAVORS);
3852 return pending_consensuses[flav].body;
3853 }
3854
3855 /** Return the signatures that we know for the consensus that we're currently
3856 * trying to build. */
3857 MOCK_IMPL(const char *,
3858 dirvote_get_pending_detached_signatures, (void))
3859 {
3860 return pending_consensus_signatures;
3861 }
3862
3863 /** Return a given vote specified by <b>fp</b>. If <b>by_id</b>, return the
3864 * vote for the authority with the v3 authority identity key digest <b>fp</b>;
3865 * if <b>by_id</b> is false, return the vote whose digest is <b>fp</b>. If
3866 * <b>fp</b> is NULL, return our own vote. If <b>include_previous</b> is
3867 * false, do not consider any votes for a consensus that's already been built.
3868 * If <b>include_pending</b> is false, do not consider any votes for the
3869 * consensus that's in progress. May return NULL if we have no vote for the
3870 * authority in question. */
3871 const cached_dir_t *
3872 dirvote_get_vote(const char *fp, int flags)
3873 {
3874 int by_id = flags & DGV_BY_ID;
3875 const int include_pending = flags & DGV_INCLUDE_PENDING;
3876 const int include_previous = flags & DGV_INCLUDE_PREVIOUS;
3877
3878 if (!pending_vote_list && !previous_vote_list)
3879 return NULL;
3880 if (fp == NULL) {
3881 authority_cert_t *c = get_my_v3_authority_cert();
3882 if (c) {
3883 fp = c->cache_info.identity_digest;
3884 by_id = 1;
3885 } else
3886 return NULL;
3887 }
3888 if (by_id) {
3889 if (pending_vote_list && include_pending) {
3890 SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, pv,
3891 if (fast_memeq(get_voter(pv->vote)->identity_digest, fp, DIGEST_LEN))
3892 return pv->vote_body);
3893 }
3894 if (previous_vote_list && include_previous) {
3895 SMARTLIST_FOREACH(previous_vote_list, pending_vote_t *, pv,
3896 if (fast_memeq(get_voter(pv->vote)->identity_digest, fp, DIGEST_LEN))
3897 return pv->vote_body);
3898 }
3899 } else {
3900 if (pending_vote_list && include_pending) {
3901 SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, pv,
3902 if (fast_memeq(pv->vote->digests.d[DIGEST_SHA1], fp, DIGEST_LEN))
3903 return pv->vote_body);
3904 }
3905 if (previous_vote_list && include_previous) {
3906 SMARTLIST_FOREACH(previous_vote_list, pending_vote_t *, pv,
3907 if (fast_memeq(pv->vote->digests.d[DIGEST_SHA1], fp, DIGEST_LEN))
3908 return pv->vote_body);
3909 }
3910 }
3911 return NULL;
3912 }
3913
3914 /** Construct and return a new microdescriptor from a routerinfo <b>ri</b>
3915 * according to <b>consensus_method</b>.
3916 **/
3917 STATIC microdesc_t *
3918 dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method)
3919 {
3920 microdesc_t *result = NULL;
3921 char *key = NULL, *summary = NULL, *family = NULL;
3922 size_t keylen;
3923 smartlist_t *chunks = smartlist_new();
3924 char *output = NULL;
3925 crypto_pk_t *rsa_pubkey = router_get_rsa_onion_pkey(ri->onion_pkey,
3926 ri->onion_pkey_len);
3927
3928 if (crypto_pk_write_public_key_to_string(rsa_pubkey, &key, &keylen)<0)
3929 goto done;
3930 summary = policy_summarize(ri->exit_policy, AF_INET);
3931 if (ri->declared_family)
3932 family = smartlist_join_strings(ri->declared_family, " ", 0, NULL);
3933
3934 smartlist_add_asprintf(chunks, "onion-key\n%s", key);
3935
3936 if (ri->onion_curve25519_pkey) {
3937 char kbuf[CURVE25519_BASE64_PADDED_LEN + 1];
3938 bool add_padding = (consensus_method < MIN_METHOD_FOR_UNPADDED_NTOR_KEY);
3939 curve25519_public_to_base64(kbuf, ri->onion_curve25519_pkey, add_padding);
3940 smartlist_add_asprintf(chunks, "ntor-onion-key %s\n", kbuf);
3941 }
3942
3943 if (family) {
3944 if (consensus_method < MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS) {
3945 smartlist_add_asprintf(chunks, "family %s\n", family);
3946 } else {
3947 const uint8_t *id = (const uint8_t *)ri->cache_info.identity_digest;
3948 char *canonical_family = nodefamily_canonicalize(family, id, 0);
3949 smartlist_add_asprintf(chunks, "family %s\n", canonical_family);
3950 tor_free(canonical_family);
3951 }
3952 }
3953
3954 if (summary && strcmp(summary, "reject 1-65535"))
3955 smartlist_add_asprintf(chunks, "p %s\n", summary);
3956
3957 if (ri->ipv6_exit_policy) {
3958 /* XXXX+++ This doesn't match proposal 208, which says these should
3959 * be taken unchanged from the routerinfo. That's bogosity, IMO:
3960 * the proposal should have said to do this instead.*/
3961 char *p6 = write_short_policy(ri->ipv6_exit_policy);
3962 if (p6 && strcmp(p6, "reject 1-65535"))
3963 smartlist_add_asprintf(chunks, "p6 %s\n", p6);
3964 tor_free(p6);
3965 }
3966
3967 {
3968 char idbuf[ED25519_BASE64_LEN+1];
3969 const char *keytype;
3970 if (ri->cache_info.signing_key_cert &&
3971 ri->cache_info.signing_key_cert->signing_key_included) {
3972 keytype = "ed25519";
3973 ed25519_public_to_base64(idbuf,
3974 &ri->cache_info.signing_key_cert->signing_key);
3975 } else {
3976 keytype = "rsa1024";
3977 digest_to_base64(idbuf, ri->cache_info.identity_digest);
3978 }
3979 smartlist_add_asprintf(chunks, "id %s %s\n", keytype, idbuf);
3980 }
3981
3982 output = smartlist_join_strings(chunks, "", 0, NULL);
3983
3984 {
3985 smartlist_t *lst = microdescs_parse_from_string(output,
3986 output+strlen(output), 0,
3987 SAVED_NOWHERE, NULL);
3988 if (smartlist_len(lst) != 1) {
3989 log_warn(LD_DIR, "We generated a microdescriptor we couldn't parse.");
3990 SMARTLIST_FOREACH(lst, microdesc_t *, md, microdesc_free(md));
3991 smartlist_free(lst);
3992 goto done;
3993 }
3994 result = smartlist_get(lst, 0);
3995 smartlist_free(lst);
3996 }
3997
3998 done:
3999 crypto_pk_free(rsa_pubkey);
4000 tor_free(output);
4001 tor_free(key);
4002 tor_free(summary);
4003 tor_free(family);
4004 if (chunks) {
4005 SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
4006 smartlist_free(chunks);
4007 }
4008 return result;
4009 }
4010
4011 /** Format the appropriate vote line to describe the microdescriptor <b>md</b>
4012 * in a consensus vote document. Write it into the <b>out_len</b>-byte buffer
4013 * in <b>out</b>. Return -1 on failure and the number of characters written
4014 * on success. */
4015 static ssize_t
4016 dirvote_format_microdesc_vote_line(char *out_buf, size_t out_buf_len,
4017 const microdesc_t *md,
4018 int consensus_method_low,
4019 int consensus_method_high)
4020 {
4021 ssize_t ret = -1;
4022 char d64[BASE64_DIGEST256_LEN+1];
4023 char *microdesc_consensus_methods =
4024 make_consensus_method_list(consensus_method_low,
4025 consensus_method_high,
4026 ",");
4027 tor_assert(microdesc_consensus_methods);
4028
4029 digest256_to_base64(d64, md->digest);
4030
4031 if (tor_snprintf(out_buf, out_buf_len, "m %s sha256=%s\n",
4032 microdesc_consensus_methods, d64)<0)
4033 goto out;
4034
4035 ret = strlen(out_buf);
4036
4037 out:
4038 tor_free(microdesc_consensus_methods);
4039 return ret;
4040 }
4041
4042 /** Array of start and end of consensus methods used for supported
4043 microdescriptor formats. */
4044 static const struct consensus_method_range_t {
4045 int low;
4046 int high;
4047 } microdesc_consensus_methods[] = {
4048 {MIN_SUPPORTED_CONSENSUS_METHOD,
4049 MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS - 1},
4050 {MIN_METHOD_FOR_CANONICAL_FAMILIES_IN_MICRODESCS,
4051 MIN_METHOD_FOR_UNPADDED_NTOR_KEY - 1},
4052 {MIN_METHOD_FOR_UNPADDED_NTOR_KEY,
4053 MAX_SUPPORTED_CONSENSUS_METHOD},
4054 {-1, -1}
4055 };
4056
4057 /** Helper type used when generating the microdescriptor lines in a directory
4058 * vote. */
4059 typedef struct microdesc_vote_line_t {
4060 int low;
4061 int high;
4062 microdesc_t *md;
4063 struct microdesc_vote_line_t *next;
4064 } microdesc_vote_line_t;
4065
4066 /** Generate and return a linked list of all the lines that should appear to
4067 * describe a router's microdescriptor versions in a directory vote.
4068 * Add the generated microdescriptors to <b>microdescriptors_out</b>. */
4069 vote_microdesc_hash_t *
4070 dirvote_format_all_microdesc_vote_lines(const routerinfo_t *ri, time_t now,
4071 smartlist_t *microdescriptors_out)
4072 {
4073 const struct consensus_method_range_t *cmr;
4074 microdesc_vote_line_t *entries = NULL, *ep;
4075 vote_microdesc_hash_t *result = NULL;
4076
4077 /* Generate the microdescriptors. */
4078 for (cmr = microdesc_consensus_methods;
4079 cmr->low != -1 && cmr->high != -1;
4080 cmr++) {
4081 microdesc_t *md = dirvote_create_microdescriptor(ri, cmr->low);
4082 if (md) {
4083 microdesc_vote_line_t *e =
4084 tor_malloc_zero(sizeof(microdesc_vote_line_t));
4085 e->md = md;
4086 e->low = cmr->low;
4087 e->high = cmr->high;
4088 e->next = entries;
4089 entries = e;
4090 }
4091 }
4092
4093 /* Compress adjacent identical ones */
4094 for (ep = entries; ep; ep = ep->next) {
4095 while (ep->next &&
4096 fast_memeq(ep->md->digest, ep->next->md->digest, DIGEST256_LEN) &&
4097 ep->low == ep->next->high + 1) {
4098 microdesc_vote_line_t *next = ep->next;
4099 ep->low = next->low;
4100 microdesc_free(next->md);
4101 ep->next = next->next;
4102 tor_free(next);
4103 }
4104 }
4105
4106 /* Format them into vote_microdesc_hash_t, and add to microdescriptors_out.*/
4107 while ((ep = entries)) {
4108 char buf[128];
4109 vote_microdesc_hash_t *h;
4110 if (dirvote_format_microdesc_vote_line(buf, sizeof(buf), ep->md,
4111 ep->low, ep->high) >= 0) {
4112 h = tor_malloc_zero(sizeof(vote_microdesc_hash_t));
4113 h->microdesc_hash_line = tor_strdup(buf);
4114 h->next = result;
4115 result = h;
4116 ep->md->last_listed = now;
4117 smartlist_add(microdescriptors_out, ep->md);
4118 }
4119 entries = ep->next;
4120 tor_free(ep);
4121 }
4122
4123 return result;
4124 }
4125
4126 /** Parse and extract all SR commits from <b>tokens</b> and place them in
4127 * <b>ns</b>. */
4128 static void
4129 extract_shared_random_commits(networkstatus_t *ns, const smartlist_t *tokens)
4130 {
4131 smartlist_t *chunks = NULL;
4132
4133 tor_assert(ns);
4134 tor_assert(tokens);
4135 /* Commits are only present in a vote. */
4136 tor_assert(ns->type == NS_TYPE_VOTE);
4137
4138 ns->sr_info.commits = smartlist_new();
4139
4140 smartlist_t *commits = find_all_by_keyword(tokens, K_COMMIT);
4141 /* It's normal that a vote might contain no commits even if it participates
4142 * in the SR protocol. Don't treat it as an error. */
4143 if (commits == NULL) {
4144 goto end;
4145 }
4146
4147 /* Parse the commit. We do NO validation of number of arguments or ordering
4148 * for forward compatibility, it's the parse commit job to inform us if it's
4149 * supported or not. */
4150 chunks = smartlist_new();
4151 SMARTLIST_FOREACH_BEGIN(commits, directory_token_t *, tok) {
4152 /* Extract all arguments and put them in the chunks list. */
4153 for (int i = 0; i < tok->n_args; i++) {
4154 smartlist_add(chunks, tok->args[i]);
4155 }
4156 sr_commit_t *commit = sr_parse_commit(chunks);
4157 smartlist_clear(chunks);
4158 if (commit == NULL) {
4159 /* Get voter identity so we can warn that this dirauth vote contains
4160 * commit we can't parse. */
4161 networkstatus_voter_info_t *voter = smartlist_get(ns->voters, 0);
4162 tor_assert(voter);
4163 log_warn(LD_DIR, "SR: Unable to parse commit %s from vote of voter %s.",
4164 escaped(tok->object_body),
4165 hex_str(voter->identity_digest,
4166 sizeof(voter->identity_digest)));
4167 /* Commitment couldn't be parsed. Continue onto the next commit because
4168 * this one could be unsupported for instance. */
4169 continue;
4170 }
4171 /* Add newly created commit object to the vote. */
4172 smartlist_add(ns->sr_info.commits, commit);
4173 } SMARTLIST_FOREACH_END(tok);
4174
4175 end:
4176 smartlist_free(chunks);
4177 smartlist_free(commits);
4178 }
4179
4180 /* Using the given directory tokens in tokens, parse the shared random commits
4181 * and put them in the given vote document ns.
4182 *
4183 * This also sets the SR participation flag if present in the vote. */
4184 void
4185 dirvote_parse_sr_commits(networkstatus_t *ns, const smartlist_t *tokens)
4186 {
4187 /* Does this authority participates in the SR protocol? */
4188 directory_token_t *tok = find_opt_by_keyword(tokens, K_SR_FLAG);
4189 if (tok) {
4190 ns->sr_info.participate = 1;
4191 /* Get the SR commitments and reveals from the vote. */
4192 extract_shared_random_commits(ns, tokens);
4193 }
4194 }
4195
4196 /* For the given vote, free the shared random commits if any. */
4197 void
4198 dirvote_clear_commits(networkstatus_t *ns)
4199 {
4200 tor_assert(ns->type == NS_TYPE_VOTE);
4201
4202 if (ns->sr_info.commits) {
4203 SMARTLIST_FOREACH(ns->sr_info.commits, sr_commit_t *, c,
4204 sr_commit_free(c));
4205 smartlist_free(ns->sr_info.commits);
4206 }
4207 }
4208
4209 /* The given url is the /tor/status-vote GET directory request. Populates the
4210 * items list with strings that we can compress on the fly and dir_items with
4211 * cached_dir_t objects that have a precompressed deflated version. */
4212 void
4213 dirvote_dirreq_get_status_vote(const char *url, smartlist_t *items,
4214 smartlist_t *dir_items)
4215 {
4216 int current;
4217
4218 url += strlen("/tor/status-vote/");
4219 current = !strcmpstart(url, "current/");
4220 url = strchr(url, '/');
4221 tor_assert(url);
4222 ++url;
4223 if (!strcmp(url, "consensus")) {
4224 const char *item;
4225 tor_assert(!current); /* we handle current consensus specially above,
4226 * since it wants to be spooled. */
4227 if ((item = dirvote_get_pending_consensus(FLAV_NS)))
4228 smartlist_add(items, (char*)item);
4229 } else if (!current && !strcmp(url, "consensus-signatures")) {
4230 /* XXXX the spec says that we should implement
4231 * current/consensus-signatures too. It doesn't seem to be needed,
4232 * though. */
4233 const char *item;
4234 if ((item=dirvote_get_pending_detached_signatures()))
4235 smartlist_add(items, (char*)item);
4236 } else if (!strcmp(url, "authority")) {
4237 const cached_dir_t *d;
4238 int flags = DGV_BY_ID |
4239 (current ? DGV_INCLUDE_PREVIOUS : DGV_INCLUDE_PENDING);
4240 if ((d=dirvote_get_vote(NULL, flags)))
4241 smartlist_add(dir_items, (cached_dir_t*)d);
4242 } else {
4243 const cached_dir_t *d;
4244 smartlist_t *fps = smartlist_new();
4245 int flags;
4246 if (!strcmpstart(url, "d/")) {
4247 url += 2;
4248 flags = DGV_INCLUDE_PENDING | DGV_INCLUDE_PREVIOUS;
4249 } else {
4250 flags = DGV_BY_ID |
4251 (current ? DGV_INCLUDE_PREVIOUS : DGV_INCLUDE_PENDING);
4252 }
4253 dir_split_resource_into_fingerprints(url, fps, NULL,
4254 DSR_HEX|DSR_SORT_UNIQ);
4255 SMARTLIST_FOREACH(fps, char *, fp, {
4256 if ((d = dirvote_get_vote(fp, flags)))
4257 smartlist_add(dir_items, (cached_dir_t*)d);
4258 tor_free(fp);
4259 });
4260 smartlist_free(fps);
4261 }
4262 }
4263
4264 /** Get the best estimate of a router's bandwidth for dirauth purposes,
4265 * preferring measured to advertised values if available. */
4266 MOCK_IMPL(uint32_t,dirserv_get_bandwidth_for_router_kb,
4267 (const routerinfo_t *ri))
4268 {
4269 uint32_t bw_kb = 0;
4270 /*
4271 * Yeah, measured bandwidths in measured_bw_line_t are (implicitly
4272 * signed) longs and the ones router_get_advertised_bandwidth() returns
4273 * are uint32_t.
4274 */
4275 long mbw_kb = 0;
4276
4277 if (ri) {
4278 /*
4279 * * First try to see if we have a measured bandwidth; don't bother with
4280 * as_of_out here, on the theory that a stale measured bandwidth is still
4281 * better to trust than an advertised one.
4282 */
4283 if (dirserv_query_measured_bw_cache_kb(ri->cache_info.identity_digest,
4284 &mbw_kb, NULL)) {
4285 /* Got one! */
4286 bw_kb = (uint32_t)mbw_kb;
4287 } else {
4288 /* If not, fall back to advertised */
4289 bw_kb = router_get_advertised_bandwidth(ri) / 1000;
4290 }
4291 }
4292
4293 return bw_kb;
4294 }
4295
4296 /**
4297 * Helper: compare the address of family `family` in `a` with the address in
4298 * `b`. The family must be one of `AF_INET` and `AF_INET6`.
4299 **/
4300 static int
4301 compare_routerinfo_addrs_by_family(const routerinfo_t *a,
4302 const routerinfo_t *b,
4303 int family)
4304 {
4305 const tor_addr_t *addr1 = (family==AF_INET) ? &a->ipv4_addr : &a->ipv6_addr;
4306 const tor_addr_t *addr2 = (family==AF_INET) ? &b->ipv4_addr : &b->ipv6_addr;
4307 return tor_addr_compare(addr1, addr2, CMP_EXACT);
4308 }
4309
4310 /** Helper for sorting: compares two ipv4 routerinfos first by ipv4 address,
4311 * and then by descending order of "usefulness"
4312 * (see compare_routerinfo_usefulness)
4313 **/
4314 STATIC int
4315 compare_routerinfo_by_ipv4(const void **a, const void **b)
4316 {
4317 const routerinfo_t *first = *(const routerinfo_t **)a;
4318 const routerinfo_t *second = *(const routerinfo_t **)b;
4319 int comparison = compare_routerinfo_addrs_by_family(first, second, AF_INET);
4320 if (comparison == 0) {
4321 // If addresses are equal, use other comparison criteria
4322 return compare_routerinfo_usefulness(first, second);
4323 } else {
4324 return comparison;
4325 }
4326 }
4327
4328 /** Helper for sorting: compares two ipv6 routerinfos first by ipv6 address,
4329 * and then by descending order of "usefulness"
4330 * (see compare_routerinfo_usefulness)
4331 **/
4332 STATIC int
4333 compare_routerinfo_by_ipv6(const void **a, const void **b)
4334 {
4335 const routerinfo_t *first = *(const routerinfo_t **)a;
4336 const routerinfo_t *second = *(const routerinfo_t **)b;
4337 int comparison = compare_routerinfo_addrs_by_family(first, second, AF_INET6);
4338 // If addresses are equal, use other comparison criteria
4339 if (comparison == 0)
4340 return compare_routerinfo_usefulness(first, second);
4341 else
4342 return comparison;
4343 }
4344
4345 /**
4346 * Compare routerinfos by descending order of "usefulness" :
4347 * An authority is more useful than a non-authority; a running router is
4348 * more useful than a non-running router; and a router with more bandwidth
4349 * is more useful than one with less.
4350 **/
4351 STATIC int
4352 compare_routerinfo_usefulness(const routerinfo_t *first,
4353 const routerinfo_t *second)
4354 {
4355 int first_is_auth, second_is_auth;
4356 const node_t *node_first, *node_second;
4357 int first_is_running, second_is_running;
4358 uint32_t bw_kb_first, bw_kb_second;
4359 /* Potentially, this next bit could cause k n lg n memeq calls. But in
4360 * reality, we will almost never get here, since addresses will usually be
4361 * different. */
4362 first_is_auth =
4363 router_digest_is_trusted_dir(first->cache_info.identity_digest);
4364 second_is_auth =
4365 router_digest_is_trusted_dir(second->cache_info.identity_digest);
4366
4367 if (first_is_auth && !second_is_auth)
4368 return -1;
4369 else if (!first_is_auth && second_is_auth)
4370 return 1;
4371
4372 node_first = node_get_by_id(first->cache_info.identity_digest);
4373 node_second = node_get_by_id(second->cache_info.identity_digest);
4374 first_is_running = node_first && node_first->is_running;
4375 second_is_running = node_second && node_second->is_running;
4376 if (first_is_running && !second_is_running)
4377 return -1;
4378 else if (!first_is_running && second_is_running)
4379 return 1;
4380
4381 bw_kb_first = dirserv_get_bandwidth_for_router_kb(first);
4382 bw_kb_second = dirserv_get_bandwidth_for_router_kb(second);
4383
4384 if (bw_kb_first > bw_kb_second)
4385 return -1;
4386 else if (bw_kb_first < bw_kb_second)
4387 return 1;
4388
4389 /* They're equal! Compare by identity digest, so there's a
4390 * deterministic order and we avoid flapping. */
4391 return fast_memcmp(first->cache_info.identity_digest,
4392 second->cache_info.identity_digest,
4393 DIGEST_LEN);
4394 }
4395
4396 /** Given a list of routerinfo_t in <b>routers</b> that all use the same
4397 * IP version, specified in <b>family</b>, return a new digestmap_t whose keys
4398 * are the identity digests of those routers that we're going to exclude for
4399 * Sybil-like appearance.
4400 */
4401 STATIC digestmap_t *
4402 get_sybil_list_by_ip_version(const smartlist_t *routers, sa_family_t family)
4403 {
4404 const dirauth_options_t *options = dirauth_get_options();
4405 digestmap_t *omit_as_sybil = digestmap_new();
4406 smartlist_t *routers_by_ip = smartlist_new();
4407 int addr_count = 0;
4408 routerinfo_t *last_ri = NULL;
4409 /* Allow at most this number of Tor servers on a single IP address, ... */
4410 int max_with_same_addr = options->AuthDirMaxServersPerAddr;
4411 if (max_with_same_addr <= 0)
4412 max_with_same_addr = INT_MAX;
4413
4414 smartlist_add_all(routers_by_ip, routers);
4415 if (family == AF_INET6)
4416 smartlist_sort(routers_by_ip, compare_routerinfo_by_ipv6);
4417 else
4418 smartlist_sort(routers_by_ip, compare_routerinfo_by_ipv4);
4419
4420 SMARTLIST_FOREACH_BEGIN(routers_by_ip, routerinfo_t *, ri) {
4421 bool addrs_equal;
4422 if (last_ri)
4423 addrs_equal = !compare_routerinfo_addrs_by_family(last_ri, ri, family);
4424 else
4425 addrs_equal = false;
4426
4427 if (! addrs_equal) {
4428 last_ri = ri;
4429 addr_count = 1;
4430 } else if (++addr_count > max_with_same_addr) {
4431 digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
4432 }
4433 } SMARTLIST_FOREACH_END(ri);
4434 smartlist_free(routers_by_ip);
4435 return omit_as_sybil;
4436 }
4437
4438 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
4439 * whose keys are the identity digests of those routers that we're going to
4440 * exclude for Sybil-like appearance. */
4441 STATIC digestmap_t *
4442 get_all_possible_sybil(const smartlist_t *routers)
4443 {
4444 smartlist_t *routers_ipv6, *routers_ipv4;
4445 routers_ipv6 = smartlist_new();
4446 routers_ipv4 = smartlist_new();
4447 digestmap_t *omit_as_sybil_ipv4;
4448 digestmap_t *omit_as_sybil_ipv6;
4449 digestmap_t *omit_as_sybil = digestmap_new();
4450 // Sort the routers in two lists depending on their IP version
4451 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
4452 // If the router has an IPv6 address
4453 if (tor_addr_family(&(ri->ipv6_addr)) == AF_INET6) {
4454 smartlist_add(routers_ipv6, ri);
4455 }
4456 // If the router has an IPv4 address
4457 if (tor_addr_family(&(ri->ipv4_addr)) == AF_INET) {
4458 smartlist_add(routers_ipv4, ri);
4459 }
4460 } SMARTLIST_FOREACH_END(ri);
4461 omit_as_sybil_ipv4 = get_sybil_list_by_ip_version(routers_ipv4, AF_INET);
4462 omit_as_sybil_ipv6 = get_sybil_list_by_ip_version(routers_ipv6, AF_INET6);
4463
4464 // Add all possible sybils to the common digestmap
4465 DIGESTMAP_FOREACH (omit_as_sybil_ipv4, sybil_id, routerinfo_t *, ri) {
4466 digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
4467 } DIGESTMAP_FOREACH_END;
4468 DIGESTMAP_FOREACH (omit_as_sybil_ipv6, sybil_id, routerinfo_t *, ri) {
4469 digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
4470 } DIGESTMAP_FOREACH_END;
4471 // Clean the temp variables
4472 smartlist_free(routers_ipv4);
4473 smartlist_free(routers_ipv6);
4474 digestmap_free(omit_as_sybil_ipv4, NULL);
4475 digestmap_free(omit_as_sybil_ipv6, NULL);
4476 // Return the digestmap: it now contains all the possible sybils
4477 return omit_as_sybil;
4478 }
4479
4480 /** Given a platform string as in a routerinfo_t (possibly null), return a
4481 * newly allocated version string for a networkstatus document, or NULL if the
4482 * platform doesn't give a Tor version. */
4483 static char *
4484 version_from_platform(const char *platform)
4485 {
4486 if (platform && !strcmpstart(platform, "Tor ")) {
4487 const char *eos = find_whitespace(platform+4);
4488 if (eos && !strcmpstart(eos, " (r")) {
4489 /* XXXX Unify this logic with the other version extraction
4490 * logic in routerparse.c. */
4491 eos = find_whitespace(eos+1);
4492 }
4493 if (eos) {
4494 return tor_strndup(platform, eos-platform);
4495 }
4496 }
4497 return NULL;
4498 }
4499
4500 /** Given a (possibly empty) list of config_line_t, each line of which contains
4501 * a list of comma-separated version numbers surrounded by optional space,
4502 * allocate and return a new string containing the version numbers, in order,
4503 * separated by commas. Used to generate Recommended(Client|Server)?Versions
4504 */
4505 char *
4506 format_recommended_version_list(const config_line_t *ln, int warn)
4507 {
4508 smartlist_t *versions;
4509 char *result;
4510 versions = smartlist_new();
4511 for ( ; ln; ln = ln->next) {
4512 smartlist_split_string(versions, ln->value, ",",
4513 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
4514 }
4515
4516 /* Handle the case where a dirauth operator has accidentally made some
4517 * versions space-separated instead of comma-separated. */
4518 smartlist_t *more_versions = smartlist_new();
4519 SMARTLIST_FOREACH_BEGIN(versions, char *, v) {
4520 if (strchr(v, ' ')) {
4521 if (warn)
4522 log_warn(LD_DIRSERV, "Unexpected space in versions list member %s. "
4523 "(These are supposed to be comma-separated; I'll pretend you "
4524 "used commas instead.)", escaped(v));
4525 SMARTLIST_DEL_CURRENT(versions, v);
4526 smartlist_split_string(more_versions, v, NULL,
4527 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
4528 tor_free(v);
4529 }
4530 } SMARTLIST_FOREACH_END(v);
4531 smartlist_add_all(versions, more_versions);
4532 smartlist_free(more_versions);
4533
4534 /* Check to make sure everything looks like a version. */
4535 if (warn) {
4536 SMARTLIST_FOREACH_BEGIN(versions, const char *, v) {
4537 tor_version_t ver;
4538 if (tor_version_parse(v, &ver) < 0) {
4539 log_warn(LD_DIRSERV, "Recommended version %s does not look valid. "
4540 " (I'll include it anyway, since you told me to.)",
4541 escaped(v));
4542 }
4543 } SMARTLIST_FOREACH_END(v);
4544 }
4545
4546 sort_version_list(versions, 1);
4547 result = smartlist_join_strings(versions,",",0,NULL);
4548 SMARTLIST_FOREACH(versions,char *,s,tor_free(s));
4549 smartlist_free(versions);
4550 return result;
4551 }
4552
4553 /** If there are entries in <b>routers</b> with exactly the same ed25519 keys,
4554 * remove the older one. If they are exactly the same age, remove the one
4555 * with the greater descriptor digest. May alter the order of the list. */
4556 static void
4557 routers_make_ed_keys_unique(smartlist_t *routers)
4558 {
4559 routerinfo_t *ri2;
4560 digest256map_t *by_ed_key = digest256map_new();
4561
4562 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
4563 ri->omit_from_vote = 0;
4564 if (ri->cache_info.signing_key_cert == NULL)
4565 continue; /* No ed key */
4566 const uint8_t *pk = ri->cache_info.signing_key_cert->signing_key.pubkey;
4567 if ((ri2 = digest256map_get(by_ed_key, pk))) {
4568 /* Duplicate; must omit one. Set the omit_from_vote flag in whichever
4569 * one has the earlier published_on. */
4570 const time_t ri_pub = ri->cache_info.published_on;
4571 const time_t ri2_pub = ri2->cache_info.published_on;
4572 if (ri2_pub < ri_pub ||
4573 (ri2_pub == ri_pub &&
4574 fast_memcmp(ri->cache_info.signed_descriptor_digest,
4575 ri2->cache_info.signed_descriptor_digest,DIGEST_LEN)<0)) {
4576 digest256map_set(by_ed_key, pk, ri);
4577 ri2->omit_from_vote = 1;
4578 } else {
4579 ri->omit_from_vote = 1;
4580 }
4581 } else {
4582 /* Add to map */
4583 digest256map_set(by_ed_key, pk, ri);
4584 }
4585 } SMARTLIST_FOREACH_END(ri);
4586
4587 digest256map_free(by_ed_key, NULL);
4588
4589 /* Now remove every router where the omit_from_vote flag got set. */
4590 SMARTLIST_FOREACH_BEGIN(routers, const routerinfo_t *, ri) {
4591 if (ri->omit_from_vote) {
4592 SMARTLIST_DEL_CURRENT(routers, ri);
4593 }
4594 } SMARTLIST_FOREACH_END(ri);
4595 }
4596
4597 /** Routerstatus <b>rs</b> is part of a group of routers that are on too
4598 * narrow an IP-space. Clear out its flags since we don't want it be used
4599 * because of its Sybil-like appearance.
4600 *
4601 * Leave its BadExit flag alone though, since if we think it's a bad exit,
4602 * we want to vote that way in case all the other authorities are voting
4603 * Running and Exit.
4604 *
4605 * Also set the Sybil flag in order to let a relay operator know that's
4606 * why their relay hasn't been voted on.
4607 */
4608 static void
4609 clear_status_flags_on_sybil(routerstatus_t *rs)
4610 {
4611 rs->is_authority = rs->is_exit = rs->is_stable = rs->is_fast =
4612 rs->is_flagged_running = rs->is_named = rs->is_valid =
4613 rs->is_hs_dir = rs->is_v2_dir = rs->is_possible_guard = 0;
4614 rs->is_sybil = 1;
4615 /* FFFF we might want some mechanism to check later on if we
4616 * missed zeroing any flags: it's easy to add a new flag but
4617 * forget to add it to this clause. */
4618 }
4619
4620 /** Space-separated list of all the flags that we will always vote on. */
4621 const char DIRVOTE_UNIVERSAL_FLAGS[] =
4622 "Authority "
4623 "Exit "
4624 "Fast "
4625 "Guard "
4626 "HSDir "
4627 "Stable "
4628 "StaleDesc "
4629 "Sybil "
4630 "V2Dir "
4631 "Valid";
4632 /** Space-separated list of all flags that we may or may not vote on,
4633 * depending on our configuration. */
4634 const char DIRVOTE_OPTIONAL_FLAGS[] =
4635 "BadExit "
4636 "MiddleOnly "
4637 "Running";
4638
4639 /** Return a new networkstatus_t* containing our current opinion. (For v3
4640 * authorities) */
4641 networkstatus_t *
4642 dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
4643 authority_cert_t *cert)
4644 {
4645 const or_options_t *options = get_options();
4646 const dirauth_options_t *d_options = dirauth_get_options();
4647 networkstatus_t *v3_out = NULL;
4648 tor_addr_t addr;
4649 char *hostname = NULL, *client_versions = NULL, *server_versions = NULL;
4650 const char *contact;
4651 smartlist_t *routers, *routerstatuses;
4652 char identity_digest[DIGEST_LEN];
4653 char signing_key_digest[DIGEST_LEN];
4654 const int list_bad_exits = d_options->AuthDirListBadExits;
4655 const int list_middle_only = d_options->AuthDirListMiddleOnly;
4656 routerlist_t *rl = router_get_routerlist();
4657 time_t now = time(NULL);
4658 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
4659 networkstatus_voter_info_t *voter = NULL;
4660 vote_timing_t timing;
4661 const int vote_on_reachability = running_long_enough_to_decide_unreachable();
4662 smartlist_t *microdescriptors = NULL;
4663 smartlist_t *bw_file_headers = NULL;
4664 uint8_t bw_file_digest256[DIGEST256_LEN] = {0};
4665
4666 tor_assert(private_key);
4667 tor_assert(cert);
4668
4669 if (crypto_pk_get_digest(private_key, signing_key_digest)<0) {
4670 log_err(LD_BUG, "Error computing signing key digest");
4671 return NULL;
4672 }
4673 if (crypto_pk_get_digest(cert->identity_key, identity_digest)<0) {
4674 log_err(LD_BUG, "Error computing identity key digest");
4675 return NULL;
4676 }
4677 if (!find_my_address(options, AF_INET, LOG_WARN, &addr, NULL, &hostname)) {
4678 log_warn(LD_NET, "Couldn't resolve my hostname");
4679 return NULL;
4680 }
4681 if (!hostname || !strchr(hostname, '.')) {
4682 tor_free(hostname);
4683 hostname = tor_addr_to_str_dup(&addr);
4684 }
4685
4686 if (!hostname) {
4687 log_err(LD_BUG, "Failed to determine hostname AND duplicate address");
4688 return NULL;
4689 }
4690
4691 if (d_options->VersioningAuthoritativeDirectory) {
4692 client_versions =
4693 format_recommended_version_list(d_options->RecommendedClientVersions, 0);
4694 server_versions =
4695 format_recommended_version_list(d_options->RecommendedServerVersions, 0);
4696 }
4697
4698 contact = get_options()->ContactInfo;
4699 if (!contact)
4700 contact = "(none)";
4701
4702 /*
4703 * Do this so dirserv_compute_performance_thresholds() and
4704 * set_routerstatus_from_routerinfo() see up-to-date bandwidth info.
4705 */
4706 if (options->V3BandwidthsFile) {
4707 dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL, NULL,
4708 NULL);
4709 } else {
4710 /*
4711 * No bandwidths file; clear the measured bandwidth cache in case we had
4712 * one last time around.
4713 */
4714 if (dirserv_get_measured_bw_cache_size() > 0) {
4715 dirserv_clear_measured_bw_cache();
4716 }
4717 }
4718
4719 /* precompute this part, since we need it to decide what "stable"
4720 * means. */
4721 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
4722 dirserv_set_router_is_running(ri, now);
4723 });
4724
4725 routers = smartlist_new();
4726 smartlist_add_all(routers, rl->routers);
4727 routers_make_ed_keys_unique(routers);
4728 /* After this point, don't use rl->routers; use 'routers' instead. */
4729 routers_sort_by_identity(routers);
4730 /* Get a digestmap of possible sybil routers, IPv4 or IPv6 */
4731 digestmap_t *omit_as_sybil = get_all_possible_sybil(routers);
4732 DIGESTMAP_FOREACH (omit_as_sybil, sybil_id, void *, ignore) {
4733 (void)ignore;
4734 rep_hist_make_router_pessimal(sybil_id, now);
4735 } DIGESTMAP_FOREACH_END
4736 /* Count how many have measured bandwidths so we know how to assign flags;
4737 * this must come before dirserv_compute_performance_thresholds() */
4738 dirserv_count_measured_bws(routers);
4739 dirserv_compute_performance_thresholds(omit_as_sybil);
4740 routerstatuses = smartlist_new();
4741 microdescriptors = smartlist_new();
4742
4743 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
4744 /* If it has a protover list and contains a protocol name greater than
4745 * MAX_PROTOCOL_NAME_LENGTH, skip it. */
4746 if (ri->protocol_list &&
4747 protover_list_is_invalid(ri->protocol_list)) {
4748 continue;
4749 }
4750 if (ri->cache_info.published_on >= cutoff) {
4751 routerstatus_t *rs;
4752 vote_routerstatus_t *vrs;
4753 node_t *node = node_get_mutable_by_id(ri->cache_info.identity_digest);
4754 if (!node)
4755 continue;
4756
4757 vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
4758 rs = &vrs->status;
4759 dirauth_set_routerstatus_from_routerinfo(rs, node, ri, now,
4760 list_bad_exits,
4761 list_middle_only);
4762 vrs->published_on = ri->cache_info.published_on;
4763
4764 if (ri->cache_info.signing_key_cert) {
4765 memcpy(vrs->ed25519_id,
4766 ri->cache_info.signing_key_cert->signing_key.pubkey,
4767 ED25519_PUBKEY_LEN);
4768 }
4769 if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
4770 clear_status_flags_on_sybil(rs);
4771
4772 if (!vote_on_reachability)
4773 rs->is_flagged_running = 0;
4774
4775 vrs->version = version_from_platform(ri->platform);
4776 if (ri->protocol_list) {
4777 vrs->protocols = tor_strdup(ri->protocol_list);
4778 } else {
4779 vrs->protocols = tor_strdup(
4780 protover_compute_for_old_tor(vrs->version));
4781 }
4782 vrs->microdesc = dirvote_format_all_microdesc_vote_lines(ri, now,
4783 microdescriptors);
4784
4785 smartlist_add(routerstatuses, vrs);
4786 }
4787 } SMARTLIST_FOREACH_END(ri);
4788
4789 {
4790 smartlist_t *added =
4791 microdescs_add_list_to_cache(get_microdesc_cache(),
4792 microdescriptors, SAVED_NOWHERE, 0);
4793 smartlist_free(added);
4794 smartlist_free(microdescriptors);
4795 }
4796
4797 smartlist_free(routers);
4798 digestmap_free(omit_as_sybil, NULL);
4799
4800 /* Apply guardfraction information to routerstatuses. */
4801 if (options->GuardfractionFile) {
4802 dirserv_read_guardfraction_file(options->GuardfractionFile,
4803 routerstatuses);
4804 }
4805
4806 /* This pass through applies the measured bw lines to the routerstatuses */
4807 if (options->V3BandwidthsFile) {
4808 /* Only set bw_file_headers when V3BandwidthsFile is configured */
4809 bw_file_headers = smartlist_new();
4810 dirserv_read_measured_bandwidths(options->V3BandwidthsFile,
4811 routerstatuses, bw_file_headers,
4812 bw_file_digest256);
4813 } else {
4814 /*
4815 * No bandwidths file; clear the measured bandwidth cache in case we had
4816 * one last time around.
4817 */
4818 if (dirserv_get_measured_bw_cache_size() > 0) {
4819 dirserv_clear_measured_bw_cache();
4820 }
4821 }
4822
4823 v3_out = tor_malloc_zero(sizeof(networkstatus_t));
4824
4825 v3_out->type = NS_TYPE_VOTE;
4826 dirvote_get_preferred_voting_intervals(&timing);
4827 v3_out->published = now;
4828 {
4829 char tbuf[ISO_TIME_LEN+1];
4830 networkstatus_t *current_consensus =
4831 networkstatus_get_live_consensus(now);
4832 long last_consensus_interval; /* only used to pick a valid_after */
4833 if (current_consensus)
4834 last_consensus_interval = current_consensus->fresh_until -
4835 current_consensus->valid_after;
4836 else
4837 last_consensus_interval = options->TestingV3AuthInitialVotingInterval;
4838 v3_out->valid_after =
4839 voting_sched_get_start_of_interval_after(now,
4840 (int)last_consensus_interval,
4841 options->TestingV3AuthVotingStartOffset);
4842 format_iso_time(tbuf, v3_out->valid_after);
4843 log_notice(LD_DIR,"Choosing valid-after time in vote as %s: "
4844 "consensus_set=%d, last_interval=%d",
4845 tbuf, current_consensus?1:0, (int)last_consensus_interval);
4846 }
4847 v3_out->fresh_until = v3_out->valid_after + timing.vote_interval;
4848 v3_out->valid_until = v3_out->valid_after +
4849 (timing.vote_interval * timing.n_intervals_valid);
4850 v3_out->vote_seconds = timing.vote_delay;
4851 v3_out->dist_seconds = timing.dist_delay;
4852 tor_assert(v3_out->vote_seconds > 0);
4853 tor_assert(v3_out->dist_seconds > 0);
4854 tor_assert(timing.n_intervals_valid > 0);
4855
4856 v3_out->client_versions = client_versions;
4857 v3_out->server_versions = server_versions;
4858
4859 v3_out->recommended_relay_protocols =
4860 tor_strdup(protover_get_recommended_relay_protocols());
4861 v3_out->recommended_client_protocols =
4862 tor_strdup(protover_get_recommended_client_protocols());
4863 v3_out->required_client_protocols =
4864 tor_strdup(protover_get_required_client_protocols());
4865 v3_out->required_relay_protocols =
4866 tor_strdup(protover_get_required_relay_protocols());
4867
4868 /* We are not allowed to vote to require anything we don't have. */
4869 tor_assert(protover_all_supported(v3_out->required_relay_protocols, NULL));
4870 tor_assert(protover_all_supported(v3_out->required_client_protocols, NULL));
4871
4872 /* We should not recommend anything we don't have. */
4873 tor_assert_nonfatal(protover_all_supported(
4874 v3_out->recommended_relay_protocols, NULL));
4875 tor_assert_nonfatal(protover_all_supported(
4876 v3_out->recommended_client_protocols, NULL));
4877
4878 v3_out->known_flags = smartlist_new();
4879 smartlist_split_string(v3_out->known_flags,
4880 DIRVOTE_UNIVERSAL_FLAGS,
4881 0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
4882 if (vote_on_reachability)
4883 smartlist_add_strdup(v3_out->known_flags, "Running");
4884 if (list_bad_exits)
4885 smartlist_add_strdup(v3_out->known_flags, "BadExit");
4886 if (list_middle_only)
4887 smartlist_add_strdup(v3_out->known_flags, "MiddleOnly");
4888 smartlist_sort_strings(v3_out->known_flags);
4889
4890 if (d_options->ConsensusParams) {
4891 config_line_t *paramline = d_options->ConsensusParams;
4892 v3_out->net_params = smartlist_new();
4893 for ( ; paramline; paramline = paramline->next) {
4894 smartlist_split_string(v3_out->net_params,
4895 paramline->value, NULL, 0, 0);
4896 }
4897
4898 /* for transparency and visibility, include our current value of
4899 * AuthDirMaxServersPerAddr in our consensus params. Once enough dir
4900 * auths do this, external tools should be able to use that value to
4901 * help understand which relays are allowed into the consensus. */
4902 smartlist_add_asprintf(v3_out->net_params, "AuthDirMaxServersPerAddr=%d",
4903 d_options->AuthDirMaxServersPerAddr);
4904
4905 smartlist_sort_strings(v3_out->net_params);
4906 }
4907 v3_out->bw_file_headers = bw_file_headers;
4908 memcpy(v3_out->bw_file_digest256, bw_file_digest256, DIGEST256_LEN);
4909
4910 voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
4911 voter->nickname = tor_strdup(options->Nickname);
4912 memcpy(voter->identity_digest, identity_digest, DIGEST_LEN);
4913 voter->sigs = smartlist_new();
4914 voter->address = hostname;
4915 tor_addr_copy(&voter->ipv4_addr, &addr);
4916 voter->ipv4_dirport = routerconf_find_dir_port(options, 0);
4917 voter->ipv4_orport = routerconf_find_or_port(options, AF_INET);
4918 voter->contact = tor_strdup(contact);
4919 if (options->V3AuthUseLegacyKey) {
4920 authority_cert_t *c = get_my_v3_legacy_cert();
4921 if (c) {
4922 if (crypto_pk_get_digest(c->identity_key, voter->legacy_id_digest)) {
4923 log_warn(LD_BUG, "Unable to compute digest of legacy v3 identity key");
4924 memset(voter->legacy_id_digest, 0, DIGEST_LEN);
4925 }
4926 }
4927 }
4928
4929 v3_out->voters = smartlist_new();
4930 smartlist_add(v3_out->voters, voter);
4931 v3_out->cert = authority_cert_dup(cert);
4932 v3_out->routerstatus_list = routerstatuses;
4933 /* Note: networkstatus_digest is unset; it won't get set until we actually
4934 * format the vote. */
4935
4936 return v3_out;
4937 }
The Onion Router