/* Copyright (c) 2017-2021, The Tor Project, Inc. */

/* See LICENSE for licensing information */

/**

 * \file consdiffmgr.c

 *

 * \brief consensus diff manager functions

 *

 * This module is run by directory authorities and caches in order

 * to remember a number of past consensus documents, and to generate

 * and serve the diffs from those documents to the latest consensus.

 */

#define CONSDIFFMGR_PRIVATE

#include "core/or/or.h"

#include "app/config/config.h"

#include "feature/dircache/conscache.h"

#include "feature/dircommon/consdiff.h"

#include "feature/dircache/consdiffmgr.h"

#include "core/mainloop/cpuworker.h"

#include "feature/nodelist/networkstatus.h"

#include "feature/dirparse/ns_parse.h"

#include "lib/evloop/compat_libevent.h"

#include "lib/evloop/workqueue.h"

#include "lib/compress/compress.h"

#include "lib/encoding/confline.h"

#include "feature/nodelist/networkstatus_st.h"

#include "feature/nodelist/networkstatus_voter_info_st.h"

/**

 * Labels to apply to items in the conscache object.

 *

 * @{

 */

/* One of DOCTYPE_CONSENSUS or DOCTYPE_CONSENSUS_DIFF */

#define LABEL_DOCTYPE "document-type"

/* The valid-after time for a consensus (or for the target consensus of a

 * diff), encoded as ISO UTC. */

#define LABEL_VALID_AFTER "consensus-valid-after"

/* The fresh-until time for a consensus (or for the target consensus of a

 * diff), encoded as ISO UTC. */

#define LABEL_FRESH_UNTIL "consensus-fresh-until"

/* The valid-until time for a consensus (or for the target consensus of a

 * diff), encoded as ISO UTC. */

#define LABEL_VALID_UNTIL "consensus-valid-until"

/* Comma-separated list of hex-encoded identity digests for the voting

 * authorities. */

#define LABEL_SIGNATORIES "consensus-signatories"

/* A hex encoded SHA3 digest of the object, as compressed (if any) */

#define LABEL_SHA3_DIGEST "sha3-digest"

/* A hex encoded SHA3 digest of the object before compression. */

#define LABEL_SHA3_DIGEST_UNCOMPRESSED "sha3-digest-uncompressed"

/* A hex encoded SHA3 digest-as-signed of a consensus */

#define LABEL_SHA3_DIGEST_AS_SIGNED "sha3-digest-as-signed"

/* The flavor of the consensus or consensuses diff */

#define LABEL_FLAVOR "consensus-flavor"

/* Diff only: the SHA3 digest-as-signed of the source consensus. */

#define LABEL_FROM_SHA3_DIGEST "from-sha3-digest"

/* Diff only: the SHA3 digest-in-full of the target consensus. */

#define LABEL_TARGET_SHA3_DIGEST "target-sha3-digest"

/* Diff only: the valid-after date of the source consensus. */

#define LABEL_FROM_VALID_AFTER "from-valid-after"

/* What kind of compression was used? */

#define LABEL_COMPRESSION_TYPE "compression"

/** @} */

#define DOCTYPE_CONSENSUS "consensus"

#define DOCTYPE_CONSENSUS_DIFF "consensus-diff"

/**

 * Underlying directory that stores consensuses and consensus diffs.  Don't

 * use this directly: use cdm_cache_get() instead.

 */

static consensus_cache_t *cons_diff_cache = NULL;

/**

 * If true, we have learned at least one new consensus since the

 * consensus cache was last up-to-date.

 */

static int cdm_cache_dirty = 0;

/**

 * If true, we have scanned the cache to update our hashtable of diffs.

 */

static int cdm_cache_loaded = 0;

/**

 * Possible status values for cdm_diff_t.cdm_diff_status

 **/

typedef enum cdm_diff_status_t {

  CDM_DIFF_PRESENT=1,

  CDM_DIFF_IN_PROGRESS=2,

  CDM_DIFF_ERROR=3,

} cdm_diff_status_t;

/** Which methods do we use for precompressing diffs? */

static const compress_method_t compress_diffs_with[] = {

  NO_METHOD,

  GZIP_METHOD,

#ifdef HAVE_LZMA

  LZMA_METHOD,

#endif

#ifdef HAVE_ZSTD

  ZSTD_METHOD,

#endif

};

/**

 * Event for rescanning the cache.

 */

static mainloop_event_t *consdiffmgr_rescan_ev = NULL;

static void consdiffmgr_rescan_cb(mainloop_event_t *ev, void *arg);

static void mark_cdm_cache_dirty(void);

/** How many different methods will we try to use for diff compression? */

STATIC unsigned

n_diff_compression_methods(void)

{

  return ARRAY_LENGTH(compress_diffs_with);

}

/** Which methods do we use for precompressing consensuses? */

static const compress_method_t compress_consensus_with[] = {

  ZLIB_METHOD,

#ifdef HAVE_LZMA

  LZMA_METHOD,

#endif

#ifdef HAVE_ZSTD

  ZSTD_METHOD,

#endif

};

/** How many different methods will we try to use for diff compression? */

STATIC unsigned

n_consensus_compression_methods(void)

{

  return ARRAY_LENGTH(compress_consensus_with);

}

/** For which compression method do we retain old consensuses?  There's no

 * need to keep all of them, since we won't be serving them.  We'll

 * go with ZLIB_METHOD because it's pretty fast and everyone has it.

 */

#define RETAIN_CONSENSUS_COMPRESSED_WITH_METHOD ZLIB_METHOD

/** Handles pointing to the latest consensus entries as compressed and

 * stored. */

static consensus_cache_entry_handle_t *

                  latest_consensus[N_CONSENSUS_FLAVORS]

                                  [ARRAY_LENGTH(compress_consensus_with)];

/** Hashtable node used to remember the current status of the diff

 * from a given sha3 digest to the current consensus.  */

typedef struct cdm_diff_t {

  HT_ENTRY(cdm_diff_t) node;

  /** Consensus flavor for this diff (part of ht key) */

  consensus_flavor_t flavor;

  /** SHA3-256 digest of the consensus that this diff is _from_. (part of the

   * ht key) */

  uint8_t from_sha3[DIGEST256_LEN];

  /** Method by which the diff is compressed. (part of the ht key */

  compress_method_t compress_method;

  /** One of the CDM_DIFF_* values, depending on whether this diff

   * is available, in progress, or impossible to compute. */

  cdm_diff_status_t cdm_diff_status;

  /** SHA3-256 digest of the consensus that this diff is _to. */

  uint8_t target_sha3[DIGEST256_LEN];

  /** Handle to the cache entry for this diff, if any.  We use a handle here

   * to avoid thinking too hard about cache entry lifetime issues. */

  consensus_cache_entry_handle_t *entry;

} cdm_diff_t;

/** Hashtable mapping flavor and source consensus digest to status. */

static HT_HEAD(cdm_diff_ht, cdm_diff_t) cdm_diff_ht = HT_INITIALIZER();

#ifdef _WIN32

   // XXX(ahf): For tor#24857, a contributor suggested that on Windows, the CPU

   // begins to spike at 100% once the number of files handled by the consensus

   // diff manager becomes larger than 64. To see if the issue goes away, we

   // hardcode this value to 64 now while we investigate a better solution.

#  define CACHE_MAX_NUM 64

#else /* !defined(_WIN32) */

#  define CACHE_MAX_NUM 128

#endif /* defined(_WIN32) */

/**

 * Configuration for this module

 */

static consdiff_cfg_t consdiff_cfg = {

  // XXXX I'd like to make this number bigger, but it interferes with the

  // XXXX seccomp2 syscall filter, which tops out at BPF_MAXINS (4096)

  // XXXX rules.

  /* .cache_max_num = */ CACHE_MAX_NUM

};

static int consdiffmgr_ensure_space_for_files(int n);

static int consensus_queue_compression_work(const char *consensus,

                                            size_t consensus_len,

                                            const networkstatus_t *as_parsed);

static int consensus_diff_queue_diff_work(consensus_cache_entry_t *diff_from,

                                          consensus_cache_entry_t *diff_to);

static void consdiffmgr_set_cache_flags(void);

/* =====

 * Hashtable setup

 * ===== */

/** Helper: hash the key of a cdm_diff_t. */

static unsigned

cdm_diff_hash(const cdm_diff_t *diff)

{

  uint8_t tmp[DIGEST256_LEN + 2];

  memcpy(tmp, diff->from_sha3, DIGEST256_LEN);

  tmp[DIGEST256_LEN] = (uint8_t) diff->flavor;

  tmp[DIGEST256_LEN+1] = (uint8_t) diff->compress_method;

  return (unsigned) siphash24g(tmp, sizeof(tmp));

}

/** Helper: compare two cdm_diff_t objects for key equality */

static int

cdm_diff_eq(const cdm_diff_t *diff1, const cdm_diff_t *diff2)

{

  return fast_memeq(diff1->from_sha3, diff2->from_sha3, DIGEST256_LEN) &&

    diff1->flavor == diff2->flavor &&

    diff1->compress_method == diff2->compress_method;

}

HT_PROTOTYPE(cdm_diff_ht, cdm_diff_t, node, cdm_diff_hash, cdm_diff_eq);

Unexecuted instantiation: consdiffmgr.c:cdm_diff_ht_HT_INIT

Unexecuted instantiation: consdiffmgr.c:cdm_diff_ht_HT_FIND

Unexecuted instantiation: consdiffmgr.c:cdm_diff_ht_HT_FIND_P_

Unexecuted instantiation: consdiffmgr.c:cdm_diff_ht_HT_NEXT

Unexecuted instantiation: consdiffmgr.c:cdm_diff_ht_HT_START

Unexecuted instantiation: consdiffmgr.c:cdm_diff_ht_HT_NEXT_RMV

HT_GENERATE2(cdm_diff_ht, cdm_diff_t, node, cdm_diff_hash, cdm_diff_eq,

             0.6, tor_reallocarray, tor_free_);

#define cdm_diff_free(diff) \

  FREE_AND_NULL(cdm_diff_t, cdm_diff_free_, (diff))

/** Release all storage held in <b>diff</b>. */

static void

cdm_diff_free_(cdm_diff_t *diff)

{

  if (!diff)

    return;

  consensus_cache_entry_handle_free(diff->entry);

  tor_free(diff);

}

/** Create and return a new cdm_diff_t with the given values.  Does not

 * add it to the hashtable. */

static cdm_diff_t *

cdm_diff_new(consensus_flavor_t flav,

             const uint8_t *from_sha3,

             const uint8_t *target_sha3,

             compress_method_t method)

{

  cdm_diff_t *ent;

  ent = tor_malloc_zero(sizeof(cdm_diff_t));

  ent->flavor = flav;

  memcpy(ent->from_sha3, from_sha3, DIGEST256_LEN);

  memcpy(ent->target_sha3, target_sha3, DIGEST256_LEN);

  ent->compress_method = method;

  return ent;

}

/**

 * Examine the diff hashtable to see whether we know anything about computing

 * a diff of type <b>flav</b> between consensuses with the two provided

 * SHA3-256 digests.  If a computation is in progress, or if the computation

 * has already been tried and failed, return 1.  Otherwise, note the

 * computation as "in progress" so that we don't reattempt it later, and

 * return 0.

 */

static int

cdm_diff_ht_check_and_note_pending(consensus_flavor_t flav,

                                   const uint8_t *from_sha3,

                                   const uint8_t *target_sha3)

{

  struct cdm_diff_t search, *ent;

  unsigned u;

  int result = 0;

  for (u = 0; u < n_diff_compression_methods(); ++u) {

    compress_method_t method = compress_diffs_with[u];

    memset(&search, 0, sizeof(cdm_diff_t));

    search.flavor = flav;

    search.compress_method = method;

    memcpy(search.from_sha3, from_sha3, DIGEST256_LEN);

    ent = HT_FIND(cdm_diff_ht, &cdm_diff_ht, &search);

    if (ent) {

      tor_assert_nonfatal(ent->cdm_diff_status != CDM_DIFF_PRESENT);

      result = 1;

      continue;

    }

    ent = cdm_diff_new(flav, from_sha3, target_sha3, method);

    ent->cdm_diff_status = CDM_DIFF_IN_PROGRESS;

    HT_INSERT(cdm_diff_ht, &cdm_diff_ht, ent);

  }

  return result;

}

/**

 * Update the status of the diff of type <b>flav</b> between consensuses with

 * the two provided SHA3-256 digests, so that its status becomes

 * <b>status</b>, and its value becomes the <b>handle</b>.  If <b>handle</b>

 * is NULL, then the old handle (if any) is freed, and replaced with NULL.

 */

static void

cdm_diff_ht_set_status(consensus_flavor_t flav,

                       const uint8_t *from_sha3,

                       const uint8_t *to_sha3,

                       compress_method_t method,

                       int status,

                       consensus_cache_entry_handle_t *handle)

{

  if (handle == NULL) {

    tor_assert_nonfatal(status != CDM_DIFF_PRESENT);

  }

  struct cdm_diff_t search, *ent;

  memset(&search, 0, sizeof(cdm_diff_t));

  search.flavor = flav;

  search.compress_method = method,

  memcpy(search.from_sha3, from_sha3, DIGEST256_LEN);

  ent = HT_FIND(cdm_diff_ht, &cdm_diff_ht, &search);

  if (!ent) {

    ent = cdm_diff_new(flav, from_sha3, to_sha3, method);

    ent->cdm_diff_status = CDM_DIFF_IN_PROGRESS;

    HT_INSERT(cdm_diff_ht, &cdm_diff_ht, ent);

  } else if (fast_memneq(ent->target_sha3, to_sha3, DIGEST256_LEN)) {

    // This can happen under certain really pathological conditions

    // if we decide we don't care about a diff before it is actually

    // done computing.

    return;

  }

  tor_assert_nonfatal(ent->cdm_diff_status == CDM_DIFF_IN_PROGRESS);

  ent->cdm_diff_status = status;

  consensus_cache_entry_handle_free(ent->entry);

  ent->entry = handle;

}

/**

 * Helper: Remove from the hash table every present (actually computed) diff

 * of type <b>flav</b> whose target digest does not match

 * <b>unless_target_sha3_matches</b>.

 *

 * This function is used for the hash table to throw away references to diffs

 * that do not lead to the most given consensus of a given flavor.

 */

static void

cdm_diff_ht_purge(consensus_flavor_t flav,

                  const uint8_t *unless_target_sha3_matches)

{

  cdm_diff_t **diff, **next;

  for (diff = HT_START(cdm_diff_ht, &cdm_diff_ht); diff; diff = next) {

    cdm_diff_t *this = *diff;

    if ((*diff)->cdm_diff_status == CDM_DIFF_PRESENT &&

        flav == (*diff)->flavor) {

      if (BUG((*diff)->entry == NULL) ||

          consensus_cache_entry_handle_get((*diff)->entry) == NULL) {

        /* the underlying entry has gone away; drop this. */

        next = HT_NEXT_RMV(cdm_diff_ht, &cdm_diff_ht, diff);

        cdm_diff_free(this);

        continue;

      }

      if (unless_target_sha3_matches &&

          fast_memneq(unless_target_sha3_matches, (*diff)->target_sha3,

                      DIGEST256_LEN)) {

        /* target hash doesn't match; drop this. */

        next = HT_NEXT_RMV(cdm_diff_ht, &cdm_diff_ht, diff);

        cdm_diff_free(this);

        continue;

      }

    }

    next = HT_NEXT(cdm_diff_ht, &cdm_diff_ht, diff);

  }

}

/**

 * Helper: initialize <b>cons_diff_cache</b>.

 */

static void

cdm_cache_init(void)

{

  unsigned n_entries = consdiff_cfg.cache_max_num * 2;

  tor_assert(cons_diff_cache == NULL);

  cons_diff_cache = consensus_cache_open("diff-cache", n_entries);

  if (cons_diff_cache == NULL) {

    // LCOV_EXCL_START

    log_err(LD_FS, "Error: Couldn't open storage for consensus diffs.");

    tor_assert_unreached();

    // LCOV_EXCL_STOP

  } else {

    consdiffmgr_set_cache_flags();

  }

  consdiffmgr_rescan_ev =

    mainloop_event_postloop_new(consdiffmgr_rescan_cb, NULL);

  mark_cdm_cache_dirty();

  cdm_cache_loaded = 0;

}

/**

 * Helper: return the consensus_cache_t * that backs this manager,

 * initializing it if needed.

 */

STATIC consensus_cache_t *

cdm_cache_get(void)

{

  if (PREDICT_UNLIKELY(cons_diff_cache == NULL)) {

    cdm_cache_init();

  }

  return cons_diff_cache;

}

/**

 * Helper: given a list of labels, prepend the hex-encoded SHA3 digest

 * of the <b>bodylen</b>-byte object at <b>body</b> to those labels,

 * with <b>label</b> as its label.

 */

static void

cdm_labels_prepend_sha3(config_line_t **labels,

                        const char *label,

                        const uint8_t *body,

                        size_t bodylen)

{

  uint8_t sha3_digest[DIGEST256_LEN];

  char hexdigest[HEX_DIGEST256_LEN+1];

  crypto_digest256((char *)sha3_digest,

                   (const char *)body, bodylen, DIGEST_SHA3_256);

  base16_encode(hexdigest, sizeof(hexdigest),

                (const char *)sha3_digest, sizeof(sha3_digest));

  config_line_prepend(labels, label, hexdigest);

}

/** Helper: if there is a sha3-256 hex-encoded digest in <b>ent</b> with the

 * given label, set <b>digest_out</b> to that value (decoded), and return 0.

 *

 * Return -1 if there is no such label, and -2 if it is badly formatted. */

STATIC int

cdm_entry_get_sha3_value(uint8_t *digest_out,

                         consensus_cache_entry_t *ent,

                         const char *label)

{

  if (ent == NULL)

    return -1;

  const char *hex = consensus_cache_entry_get_value(ent, label);

  if (hex == NULL)

    return -1;

  int n = base16_decode((char*)digest_out, DIGEST256_LEN, hex, strlen(hex));

  if (n != DIGEST256_LEN)

    return -2;

  else

    return 0;

}

/**

 * Helper: look for a consensus with the given <b>flavor</b> and

 * <b>valid_after</b> time in the cache. Return that consensus if it's

 * present, or NULL if it's missing.

 */

STATIC consensus_cache_entry_t *

cdm_cache_lookup_consensus(consensus_flavor_t flavor, time_t valid_after)

{

  char formatted_time[ISO_TIME_LEN+1];

  format_iso_time_nospace(formatted_time, valid_after);

  const char *flavname = networkstatus_get_flavor_name(flavor);

  /* We'll filter by valid-after time first, since that should

   * match the fewest documents. */

  /* We could add an extra hashtable here, but since we only do this scan

   * when adding a new consensus, it probably doesn't matter much. */

  smartlist_t *matches = smartlist_new();

  consensus_cache_find_all(matches, cdm_cache_get(),

                           LABEL_VALID_AFTER, formatted_time);

  consensus_cache_filter_list(matches, LABEL_FLAVOR, flavname);

  consensus_cache_filter_list(matches, LABEL_DOCTYPE, DOCTYPE_CONSENSUS);

  consensus_cache_entry_t *result = NULL;

  if (smartlist_len(matches)) {

    result = smartlist_get(matches, 0);

  }

  smartlist_free(matches);

  return result;

}

/** Return the maximum age (in seconds) of consensuses that we should consider

 * storing. The available space in the directory may impose additional limits

 * on how much we store. */

static int32_t

get_max_age_to_cache(void)

{

  const int32_t DEFAULT_MAX_AGE_TO_CACHE = 8192;

  const int32_t MIN_MAX_AGE_TO_CACHE = 0;

  const int32_t MAX_MAX_AGE_TO_CACHE = 8192;

  const char MAX_AGE_TO_CACHE_NAME[] = "max-consensus-age-to-cache-for-diff";

  const or_options_t *options = get_options();

  if (options->MaxConsensusAgeForDiffs) {

    const int v = options->MaxConsensusAgeForDiffs;

    if (v >= MAX_MAX_AGE_TO_CACHE * 3600)

      return MAX_MAX_AGE_TO_CACHE;

    else

      return v;

  }

  /* The parameter is in hours, so we multiply */

  return 3600 * networkstatus_get_param(NULL,

                                        MAX_AGE_TO_CACHE_NAME,

                                        DEFAULT_MAX_AGE_TO_CACHE,

                                        MIN_MAX_AGE_TO_CACHE,

                                        MAX_MAX_AGE_TO_CACHE);

}

#ifdef TOR_UNIT_TESTS

/** As consdiffmgr_add_consensus, but requires a nul-terminated input. For

 * testing. */

int

consdiffmgr_add_consensus_nulterm(const char *consensus,

                                  const networkstatus_t *as_parsed)

{

  size_t len = strlen(consensus);

  /* make a non-nul-terminated copy so that we can have a better chance

   * of catching errors. */

  char *ctmp = tor_memdup(consensus, len);

  int r = consdiffmgr_add_consensus(ctmp, len, as_parsed);

  tor_free(ctmp);

  return r;

}

#endif /* defined(TOR_UNIT_TESTS) */

/**

 * Given a buffer containing a networkstatus consensus, and the results of

 * having parsed that consensus, add that consensus to the cache if it is not

 * already present and not too old.  Create new consensus diffs from or to

 * that consensus as appropriate.

 *

 * Return 0 on success and -1 on failure.

 */

int

consdiffmgr_add_consensus(const char *consensus,

                          size_t consensus_len,

                          const networkstatus_t *as_parsed)

{

  if (BUG(consensus == NULL) || BUG(as_parsed == NULL))

    return -1; // LCOV_EXCL_LINE

  if (BUG(as_parsed->type != NS_TYPE_CONSENSUS))

    return -1; // LCOV_EXCL_LINE

  const consensus_flavor_t flavor = as_parsed->flavor;

  const time_t valid_after = as_parsed->valid_after;

  if (valid_after < approx_time() - get_max_age_to_cache()) {

    log_info(LD_DIRSERV, "We don't care about this consensus document; it's "

             "too old.");

    return -1;

  }

  /* Do we already have this one? */

  consensus_cache_entry_t *entry =

    cdm_cache_lookup_consensus(flavor, valid_after);

  if (entry) {

    log_info(LD_DIRSERV, "We already have a copy of that consensus");

    return -1;

  }

  /* We don't have it. Add it to the cache. */

  return consensus_queue_compression_work(consensus, consensus_len, as_parsed);

}

/**

 * Helper: used to sort two smartlists of consensus_cache_entry_t by their

 * LABEL_VALID_AFTER labels.

 */

static int

compare_by_valid_after_(const void **a, const void **b)

{

  const consensus_cache_entry_t *e1 = *a;

  const consensus_cache_entry_t *e2 = *b;

  /* We're in luck here: sorting UTC iso-encoded values lexically will work

   * fine (until 9999). */

  return strcmp_opt(consensus_cache_entry_get_value(e1, LABEL_VALID_AFTER),

                    consensus_cache_entry_get_value(e2, LABEL_VALID_AFTER));

}

/**

 * Helper: Sort <b>lst</b> by LABEL_VALID_AFTER and return the most recent

 * entry.

 */

static consensus_cache_entry_t *

sort_and_find_most_recent(smartlist_t *lst)

{

  smartlist_sort(lst, compare_by_valid_after_);

  if (smartlist_len(lst)) {

    return smartlist_get(lst, smartlist_len(lst) - 1);

  } else {

    return NULL;

  }

}

/** Return i such that compress_consensus_with[i] == method. Return

 * -1 if no such i exists. */

static int

consensus_compression_method_pos(compress_method_t method)

{

  unsigned i;

  for (i = 0; i < n_consensus_compression_methods(); ++i) {

    if (compress_consensus_with[i] == method) {

      return i;

    }

  }

  return -1;

}

/**

 * If we know a consensus with the flavor <b>flavor</b> compressed with

 * <b>method</b>, set *<b>entry_out</b> to that value.  Return values are as

 * for consdiffmgr_find_diff_from().

 */

consdiff_status_t

consdiffmgr_find_consensus(struct consensus_cache_entry_t **entry_out,

                           consensus_flavor_t flavor,

                           compress_method_t method)

{

  tor_assert(entry_out);

  tor_assert((int)flavor < N_CONSENSUS_FLAVORS);

  int pos = consensus_compression_method_pos(method);

  if (pos < 0) {

     // We don't compress consensuses with this method.

    return CONSDIFF_NOT_FOUND;

  }

  consensus_cache_entry_handle_t *handle = latest_consensus[flavor][pos];

  if (!handle)

    return CONSDIFF_NOT_FOUND;

  *entry_out = consensus_cache_entry_handle_get(handle);

  if (*entry_out)

    return CONSDIFF_AVAILABLE;

  else

    return CONSDIFF_NOT_FOUND;

}

/**

 * Look up consensus_cache_entry_t for the consensus of type <b>flavor</b>,

 * from the source consensus with the specified digest (which must be SHA3).

 *

 * If the diff is present, store it into *<b>entry_out</b> and return

 * CONSDIFF_AVAILABLE. Otherwise return CONSDIFF_NOT_FOUND or

 * CONSDIFF_IN_PROGRESS.

 */

consdiff_status_t

consdiffmgr_find_diff_from(consensus_cache_entry_t **entry_out,

                           consensus_flavor_t flavor,

                           int digest_type,

                           const uint8_t *digest,

                           size_t digestlen,

                           compress_method_t method)

{

  if (BUG(digest_type != DIGEST_SHA3_256) ||

      BUG(digestlen != DIGEST256_LEN)) {

    return CONSDIFF_NOT_FOUND; // LCOV_EXCL_LINE

  }

  // Try to look up the entry in the hashtable.

  cdm_diff_t search, *ent;

  memset(&search, 0, sizeof(search));

  search.flavor = flavor;

  search.compress_method = method;

  memcpy(search.from_sha3, digest, DIGEST256_LEN);

  ent = HT_FIND(cdm_diff_ht, &cdm_diff_ht, &search);

  if (ent == NULL ||

      ent->cdm_diff_status == CDM_DIFF_ERROR) {

    return CONSDIFF_NOT_FOUND;

  } else if (ent->cdm_diff_status == CDM_DIFF_IN_PROGRESS) {

    return CONSDIFF_IN_PROGRESS;

  } else if (BUG(ent->cdm_diff_status != CDM_DIFF_PRESENT)) {

    return CONSDIFF_IN_PROGRESS;

  }

  if (BUG(ent->entry == NULL)) {

    return CONSDIFF_NOT_FOUND;

  }

  *entry_out = consensus_cache_entry_handle_get(ent->entry);

  return (*entry_out) ? CONSDIFF_AVAILABLE : CONSDIFF_NOT_FOUND;

#if 0

  // XXXX Remove this.  I'm keeping it around for now in case we need to

  // XXXX debug issues in the hashtable.

  char hex[HEX_DIGEST256_LEN+1];

  base16_encode(hex, sizeof(hex), (const char *)digest, digestlen);

  const char *flavname = networkstatus_get_flavor_name(flavor);

  smartlist_t *matches = smartlist_new();

  consensus_cache_find_all(matches, cdm_cache_get(),

                           LABEL_FROM_SHA3_DIGEST, hex);

  consensus_cache_filter_list(matches, LABEL_FLAVOR, flavname);

  consensus_cache_filter_list(matches, LABEL_DOCTYPE, DOCTYPE_CONSENSUS_DIFF);

  *entry_out = sort_and_find_most_recent(matches);

  consdiff_status_t result =

    (*entry_out) ? CONSDIFF_AVAILABLE : CONSDIFF_NOT_FOUND;

  smartlist_free(matches);

  return result;

#endif /* 0 */

}

/**

 * Perform periodic cleanup tasks on the consensus diff cache.  Return

 * the number of objects marked for deletion.

 */

int

consdiffmgr_cleanup(void)

{

  smartlist_t *objects = smartlist_new();

  smartlist_t *consensuses = smartlist_new();

  smartlist_t *diffs = smartlist_new();

  int n_to_delete = 0;

  log_debug(LD_DIRSERV, "Looking for consdiffmgr entries to remove");

  // 1. Delete any consensus or diff or anything whose valid_after is too old.

  const time_t valid_after_cutoff = approx_time() - get_max_age_to_cache();

  consensus_cache_find_all(objects, cdm_cache_get(),

                           NULL, NULL);

  SMARTLIST_FOREACH_BEGIN(objects, consensus_cache_entry_t *, ent) {

    const char *lv_valid_after =

      consensus_cache_entry_get_value(ent, LABEL_VALID_AFTER);

    if (! lv_valid_after) {

      log_debug(LD_DIRSERV, "Ignoring entry because it had no %s label",

                LABEL_VALID_AFTER);

      continue;

    }

    time_t valid_after = 0;

    if (parse_iso_time_nospace(lv_valid_after, &valid_after) < 0) {

      log_debug(LD_DIRSERV, "Ignoring entry because its %s value (%s) was "

                "unparseable", LABEL_VALID_AFTER, escaped(lv_valid_after));

      continue;

    }

    if (valid_after < valid_after_cutoff) {

      log_debug(LD_DIRSERV, "Deleting entry because its %s value (%s) was "

                "too old", LABEL_VALID_AFTER, lv_valid_after);

      consensus_cache_entry_mark_for_removal(ent);

      ++n_to_delete;

    }

  } SMARTLIST_FOREACH_END(ent);

  // 2. Delete all diffs that lead to a consensus whose valid-after is not the

  // latest.

  for (int flav = 0; flav < N_CONSENSUS_FLAVORS; ++flav) {

    const char *flavname = networkstatus_get_flavor_name(flav);

    /* Determine the most recent consensus of this flavor */

    consensus_cache_find_all(consensuses, cdm_cache_get(),

                             LABEL_DOCTYPE, DOCTYPE_CONSENSUS);

    consensus_cache_filter_list(consensuses, LABEL_FLAVOR, flavname);

    consensus_cache_entry_t *most_recent =

      sort_and_find_most_recent(consensuses);

    if (most_recent == NULL)

      continue;

    const char *most_recent_sha3 =

      consensus_cache_entry_get_value(most_recent,

                                      LABEL_SHA3_DIGEST_UNCOMPRESSED);

    if (BUG(most_recent_sha3 == NULL))

      continue; // LCOV_EXCL_LINE

    /* consider all such-flavored diffs, and look to see if they match. */

    consensus_cache_find_all(diffs, cdm_cache_get(),

                             LABEL_DOCTYPE, DOCTYPE_CONSENSUS_DIFF);

    consensus_cache_filter_list(diffs, LABEL_FLAVOR, flavname);

    SMARTLIST_FOREACH_BEGIN(diffs, consensus_cache_entry_t *, diff) {

      const char *this_diff_target_sha3 =

        consensus_cache_entry_get_value(diff, LABEL_TARGET_SHA3_DIGEST);

      if (!this_diff_target_sha3)

        continue;

      if (strcmp(this_diff_target_sha3, most_recent_sha3)) {

        consensus_cache_entry_mark_for_removal(diff);

        ++n_to_delete;

      }

    } SMARTLIST_FOREACH_END(diff);

    smartlist_clear(consensuses);

    smartlist_clear(diffs);

  }

  // 3. Delete all consensuses except the most recent that are compressed with

  // an un-preferred method.

  for (int flav = 0; flav < N_CONSENSUS_FLAVORS; ++flav) {

    const char *flavname = networkstatus_get_flavor_name(flav);

    /* Determine the most recent consensus of this flavor */

    consensus_cache_find_all(consensuses, cdm_cache_get(),

                             LABEL_DOCTYPE, DOCTYPE_CONSENSUS);

    consensus_cache_filter_list(consensuses, LABEL_FLAVOR, flavname);

    consensus_cache_entry_t *most_recent =

      sort_and_find_most_recent(consensuses);

    if (most_recent == NULL)

      continue;

    const char *most_recent_sha3_uncompressed =

      consensus_cache_entry_get_value(most_recent,

                                      LABEL_SHA3_DIGEST_UNCOMPRESSED);

    const char *retain_methodname = compression_method_get_name(

                               RETAIN_CONSENSUS_COMPRESSED_WITH_METHOD);

    if (BUG(most_recent_sha3_uncompressed == NULL))

      continue;

    SMARTLIST_FOREACH_BEGIN(consensuses, consensus_cache_entry_t *, ent) {

      const char *lv_sha3_uncompressed =

        consensus_cache_entry_get_value(ent, LABEL_SHA3_DIGEST_UNCOMPRESSED);

      if (BUG(! lv_sha3_uncompressed))

        continue;

      if (!strcmp(lv_sha3_uncompressed, most_recent_sha3_uncompressed))

        continue; // This _is_ the most recent.

      const char *lv_methodname =

        consensus_cache_entry_get_value(ent, LABEL_COMPRESSION_TYPE);

      if (! lv_methodname || strcmp(lv_methodname, retain_methodname)) {

        consensus_cache_entry_mark_for_removal(ent);

        ++n_to_delete;

      }

    } SMARTLIST_FOREACH_END(ent);

  }

  smartlist_free(objects);

  smartlist_free(consensuses);

  smartlist_free(diffs);

  // Actually remove files, if they're not used.

  consensus_cache_delete_pending(cdm_cache_get(), 0);

  return n_to_delete;

}

/**

 * Initialize the consensus diff manager and its cache, and configure

 * its parameters based on the latest torrc and networkstatus parameters.

 */

void

consdiffmgr_configure(const consdiff_cfg_t *cfg)

{

  if (cfg)

    memcpy(&consdiff_cfg, cfg, sizeof(consdiff_cfg));

  (void) cdm_cache_get();

}

/**

 * Tell the sandbox (if any) configured by <b>cfg</b> to allow the

 * operations that the consensus diff manager will need.

 */

int

consdiffmgr_register_with_sandbox(struct sandbox_cfg_elem_t **cfg)

{

  return consensus_cache_register_with_sandbox(cdm_cache_get(), cfg);

}

/**

 * Scan the consensus diff manager's cache for any grossly malformed entries,

 * and mark them as deletable.  Return 0 if no problems were found; 1

 * if problems were found and fixed.

 */

int

consdiffmgr_validate(void)

{

  /* Right now, we only check for entries that have bad sha3 values */

  int problems = 0;

  smartlist_t *objects = smartlist_new();

  consensus_cache_find_all(objects, cdm_cache_get(),

                           NULL, NULL);

  SMARTLIST_FOREACH_BEGIN(objects, consensus_cache_entry_t *, obj) {

    uint8_t sha3_expected[DIGEST256_LEN];

    uint8_t sha3_received[DIGEST256_LEN];

    int r = cdm_entry_get_sha3_value(sha3_expected, obj, LABEL_SHA3_DIGEST);

    if (r == -1) {

      /* digest isn't there; that's allowed */

      continue;

    } else if (r == -2) {

      /* digest is malformed; that's not allowed */

      problems = 1;

      consensus_cache_entry_mark_for_removal(obj);

      continue;

    }

    const uint8_t *body;

    size_t bodylen;

    consensus_cache_entry_incref(obj);

    r = consensus_cache_entry_get_body(obj, &body, &bodylen);

    if (r == 0) {

      crypto_digest256((char *)sha3_received, (const char *)body, bodylen,

                       DIGEST_SHA3_256);

    }

    consensus_cache_entry_decref(obj);

    if (r < 0)

      continue;

    // Deconfuse coverity about the possibility of sha3_received being

    // uninitialized

    tor_assert(r <= 0);

    if (fast_memneq(sha3_received, sha3_expected, DIGEST256_LEN)) {

      problems = 1;

      consensus_cache_entry_mark_for_removal(obj);

      continue;

    }

  } SMARTLIST_FOREACH_END(obj);

  smartlist_free(objects);

  return problems;

}

/**

 * Helper: build new diffs of <b>flavor</b> as needed

 */

static void

consdiffmgr_rescan_flavor_(consensus_flavor_t flavor)

{

  smartlist_t *matches = NULL;

  smartlist_t *diffs = NULL;

  smartlist_t *compute_diffs_from = NULL;

  strmap_t *have_diff_from = NULL;

  // look for the most recent consensus, and for all previous in-range

  // consensuses.  Do they all have diffs to it?

  const char *flavname = networkstatus_get_flavor_name(flavor);

  // 1. find the most recent consensus, and the ones that we might want

  //    to diff to it.

  const char *methodname = compression_method_get_name(

                             RETAIN_CONSENSUS_COMPRESSED_WITH_METHOD);

  matches = smartlist_new();

  consensus_cache_find_all(matches, cdm_cache_get(),

                           LABEL_FLAVOR, flavname);

  consensus_cache_filter_list(matches, LABEL_DOCTYPE, DOCTYPE_CONSENSUS);