Grcov report - encoded.rs

1

//! `EncodedAuthCert`

2

3

use std::str::FromStr;

4

5

use crate::parse2::{

6

    ErrorProblem, IsStructural, ItemStream, KeywordRef, NetdocParseable, ParseInput,

7

};

8

9

use ErrorProblem as EP;

10

11

// TODO DIRAUTH abolish poc

12

use crate::parse2::poc::netstatus::vote::{

13

//

14

    NetworkStatusUnverifiedParsedBody as NetworkStatusVoteUnverifiedParsedBody,

15

};

16

17

/// Entire authority key certificate, encoded and signed

18

///

19

/// This is a newtype around `String`.

20

///

21

/// # Invariants

22

///

23

///  * Is a complete document in netdoc metasyntax including trailing newline.

24

///  * Starts with one `dir-key-certificate-version`

25

///  * Ends with one `dir-key-certification`

26

///  * No other items are structural in a vote

27

///  * Every item keyword starts `dir-` or is `fingerprint`

28

///

29

/// See

30

/// <https://spec.torproject.org/dir-spec/creating-key-certificates.html#nesting>

31

///

32

/// ## Non-invariant

33

///

34

///  * **Signature and timeliness have not been checked**.

35

///

36

/// # Functionality

37

///

38

/// Implements `TryFrom<String>` and `FromStr`.

39

///

40

/// Implements `NetdocParseable`:

41

/// parser matches `dir-key-certificate-version` and `dir-key-certification`,

42

/// but also calls `Bug` if the caller's `stop_at`

43

/// reports that this keyword is structural for its container.

44

/// (This could happen if an `EncodedAuthCert` existedd in some other

45

/// document but a vote.  We do not check this property during encoding.)

46

///

47

/// # Rationale

48

///

49

/// Unlike most sub-documents found within netdocs, an authcert is a

50

/// signed document.  We expect to be able to copy an authcert into a

51

/// vote, encode, convey and parse the vote, and extract the

52

/// authcert, and verify the authcert's signature.

53

///

54

/// Additionally, the fact that authcerts have their own signatures means

55

/// that they need to be constructed separately from the surrounding

56

/// document, and then embedded in it later.

57

///

58

/// When parsing a vote, we need to be able to see *which parts* are

59

/// the authcert, and we need to be able to extract the specific document

60

/// text, but we maybe don't want to parse the authcert.

61

///

62

/// Conversely, signature verification of authcerts during decoding of a

63

/// vote is fairly complex.  We don't want to do signature

64

/// verification during parsing, because signature verification involves

65

/// the time, and we don't want parsing to need to know the time.

66

///

67

// ## Generics (possible future expansion)

68

//

69

// If we discover other similar document nestings we could genericise things:

70

//

71

// ```

72

// /// Invariant:

73

// ///

74

// ///  * Can be lexed as a netdoc

75

// ///  * First item is `Y:is_intro_item_keyword`

76

// ///  * Last item is (one) `YS:is_intro_item_keyword`

77

// ///  * No other item is any `N::is_structual_item_keyword`

78

// ///

79

// pub struct EncodedNetdoc<Y, YS, (N0, N1 ..)>(String);

80

//

81

// pub type EncodedAuthCert = EncodedNetdoc<

82

//     AuthCert, AuthCertSignatures,

83

//     (NetworkStatusVote, NetworkStatusSignaturesVote)

84

// >;

85

// ```

86

//

87

// Details TBD.

88

//

89

#[derive(Debug, Clone, Eq, PartialEq, Ord, PartialOrd, Hash, derive_more::AsRef)]

90

pub struct EncodedAuthCert(#[as_ref(str)] String);

91

92

/// State (machine) for checking item sequence

93

#[derive(Copy, Clone, Debug, Eq, PartialEq)]

94

enum ItemSequenceChecker {

95

    /// Expecting intro item

96

    Intro,

97

    /// Expecting body item

98

    Body,

99

    /// Expecting no more items

100

    End,

101

102

103

/// Token indicating keyword is structural for us

104

struct IsOurStructural;

105

106

/// auth cert's intro item

107

const INTRO_KEYWORD: &str = "dir-key-certificate-version";

108

/// auth cert's final item, used for bracketing

109

const FINAL_KEYWORD: &str = "dir-key-certification";

110

111

impl EncodedAuthCert {

112

    /// Obtain the document text as a `str`

113

    pub fn as_str(&self) -> &str {

114

        &self.0

115

116

117

118

impl ItemSequenceChecker {

119

    /// Start the state machine

120

64

    fn start() -> Self {

121

        use ItemSequenceChecker::*;

122

64

        Intro

123

64

124

125

    /// Process and check an item (given the keyword)

126

184

    fn keyword(&mut self, kw: KeywordRef<'_>) -> Result<Option<IsOurStructural>, EP> {

127

        use ItemSequenceChecker::*;

128

129

232

        let mut change_state = |from, to| {

130

96

            if *self == from {

131

80

                *self = to;

132

80

                Ok(Some(IsOurStructural))

133

            } else {

134

16

                Err(EP::OtherBadDocument("authcert bad structure"))

135

136

96

};

137

138

184

        if kw == INTRO_KEYWORD {

139

72

            change_state(Intro, Body)

140

112

        } else if kw == FINAL_KEYWORD {

141

24

            change_state(Body, End)

142

88

        } else if *self != Body {

143

8

            Err(EP::OtherBadDocument(

144

8

                "authcert loose body item or missing intro keyword",

145

8

))

146

        } else if let Some(IsStructural) =

147

80

            NetworkStatusVoteUnverifiedParsedBody::is_structural_keyword(kw)

148

149

18

            Err(EP::OtherBadDocument(

150

18

                "authcert with vote structural keyword",

151

18

))

152

62

        } else if kw == "fingerprint" || kw.as_str().starts_with("dir-") {

153

56

            Ok(None)

154

        } else {

155

6

            Err(EP::OtherBadDocument(

156

6

                "authcert body keyword not dir- or fingerprint",

157

6

))

158

159

184

160

161

    /// Finish up, on EOF

162

12

    fn finish(self) -> Result<(), EP> {

163

        use ItemSequenceChecker::*;

164

12

        match self {

165

12

            End => Ok(()),

166

            _other => Err(EP::OtherBadDocument(

167

                "authcert missing end (signature) item",

168

)),

169

170

12

171

172

173

/// Additional lexical checks

174

///

175

/// These might or might not be done by `parse2::lex`.

176

/// We do them here to be sure.

177

56

fn extra_lexical_checks(s: &str) -> Result<(), EP> {

178

    // Lexical checks (beyond those done by the lexer)

179

180

56

    let _without_trailing_nl = s

181

        // In case our lexer tolerates this

182

56

        .strip_suffix("\n")

183

56

        .ok_or(EP::OtherBadDocument("missing final newline"))?;

184

185

48

    Ok(())

186

56

187

188

/// Check that `s` meets the constraints

189

50

fn check(s: &str) -> Result<(), EP> {

190

50

    extra_lexical_checks(s)?;

191

192

    // Structural checks

193

42

    let input = ParseInput::new(s, "<authcert string>");

194

42

    let mut lex = ItemStream::new(&input).map_err(|e| e.problem)?;

195

42

    let mut seq = ItemSequenceChecker::start();

196

124

    while let Some(item) = lex.next_item()? {

197

118

        seq.keyword(item.keyword())?;

198

199

6

    seq.finish()

200

50

201

202

impl TryFrom<String> for EncodedAuthCert {

203

    type Error = ErrorProblem;

204

50

    fn try_from(s: String) -> Result<Self, EP> {

205

50

        check(&s)?;

206

6

        Ok(EncodedAuthCert(s))

207

50

208

209

210

impl FromStr for EncodedAuthCert {

211

    type Err = ErrorProblem;

212

24

    fn from_str(s: &str) -> Result<Self, EP> {

213

24

        s.to_owned().try_into()

214

24

215

216

217

impl NetdocParseable for EncodedAuthCert {

218

4

    fn doctype_for_error() -> &'static str {

219

4

        "encoded authority key certificate"

220

4

221

222

212

    fn is_intro_item_keyword(kw: KeywordRef<'_>) -> bool {

223

212

        kw == INTRO_KEYWORD

224

212

225

74

    fn is_structural_keyword(kw: KeywordRef<'_>) -> Option<IsStructural> {

226

74

        (Self::is_intro_item_keyword(kw) || kw == FINAL_KEYWORD).then_some(IsStructural)

227

74

228

229

22

    fn from_items(input: &mut ItemStream<'_>, stop_at: stop_at!()) -> Result<Self, EP> {

230

22

        let start_pos = input.byte_position();

231

22

        let mut seq = ItemSequenceChecker::start();

232

74

        while seq != ItemSequenceChecker::End {

233

68

            let item = input.next_item()?.ok_or(EP::MissingItem {

234

68

                keyword: FINAL_KEYWORD,

235

68

            })?;

236

237

66

            let kw = item.keyword();

238

239

66

            match seq.keyword(kw)? {

240

28

                Some(IsOurStructural) => {} // already checked

241

                None => {

242

26

                    if stop_at.stop_at(kw) {

243

2

                        return Err(EP::Internal(

244

2

                            "bug! parent document structural keyword found while trying to process an embedded authcert, but was accepted by ItemSequenceChecker; authcert embedded in something other than a vote?",

245

2

));

246

24

247

248

249

250

6

        seq.finish()?;

251

252

6

        let text = input

253

6

            .whole_input()

254

6

            .get(start_pos..)

255

6

            .expect("start_pos wasn't included in the body so far?!");

256

257

6

        extra_lexical_checks(text)?;

258

259

6

        if let Some(next_item) = input.peek_keyword()? {

260

6

            if !stop_at.stop_at(next_item) {

261

4

                return Err(EP::OtherBadDocument(

262

4

                    "unexpected loose items after embedded authcert",

263

4

));

264

2

265

266

267

2

        Ok(EncodedAuthCert(text.to_string()))

268

22

269

270

271

#[cfg(feature = "encode")] // TODO get rid of this feature, and use imports rather than :: paths

272

impl crate::encode::NetdocEncodable for EncodedAuthCert {

273

    fn encode_unsigned(

274

        &self,

275

        out: &mut crate::encode::NetdocEncoder,

276

    ) -> Result<(), tor_error::Bug> {

277

        // OK because invariants include the right syntax including a trailing newline.

278

        out.push_raw_string(&self.as_str());

279

        Ok(())

280

281

282

283

#[cfg(test)]

284

mod test {

285

    // @@ begin test lint list maintained by maint/add_warning @@

286

    #![allow(clippy::bool_assert_comparison)]

287

    #![allow(clippy::clone_on_copy)]

288

    #![allow(clippy::dbg_macro)]

289

    #![allow(clippy::mixed_attributes_style)]

290

    #![allow(clippy::print_stderr)]

291

    #![allow(clippy::print_stdout)]

292

    #![allow(clippy::single_char_pattern)]

293

    #![allow(clippy::unwrap_used)]

294

    #![allow(clippy::unchecked_time_subtraction)]

295

    #![allow(clippy::useless_vec)]

296

    #![allow(clippy::needless_pass_by_value)]

297

    //! <!-- @@ end test lint list maintained by maint/add_warning @@ -->

298

    use super::*;

299

    use crate::parse2::parse_netdoc;

300

    use derive_deftly::Deftly;

301

    use std::fmt::{Debug, Display};

302

303

    #[derive(Debug, Deftly)]

304

    #[derive_deftly(NetdocParseable)]

305

    #[allow(unused)]

306

    struct Embeds {

307

        e_intro: (),

308

        #[deftly(netdoc(subdoc))]

309

        cert: EncodedAuthCert,

310

        #[deftly(netdoc(subdoc))]

311

        subdocs: Vec<Subdoc>,

312

313

    #[derive(Debug, Deftly)]

314

    #[derive_deftly(NetdocParseable)]

315

    #[allow(unused)]

316

    struct Subdoc {

317

        dir_e_subdoc: (),

318

319

320

    fn chk(exp_sole: Result<(), &str>, exp_embed: Result<(), &str>, doc: &str) {

321

        fn chk1<T: Debug, E: Debug + tor_error::ErrorReport + Display>(

322

            exp: Result<(), &str>,

323

            doc: &str,

324

            what: &str,

325

            got: Result<T, E>,

326

) {

327

            eprintln!("==========\n---- {what} 8<- ----\n{doc}---- ->8 {what} ----\n");

328

            match got {

329

                Err(got_e) => {

330

                    let got_m = got_e.report().to_string();

331

                    eprintln!("{what}, got error: {got_e:?}");

332

                    eprintln!("{what}, got error: {got_m:?}");

333

                    let exp_m = exp.expect_err("expected success!");

334

                    assert!(

335

                        got_m.contains(exp_m),

336

                        "{what}, expected different error: {exp_m:?}"

337

);

338

339

                y @ Ok(_) => {

340

                    eprintln!("got {y:?}");

341

                    assert!(exp.is_ok(), "{what}, unexpected success; expected: {exp:?}");

342

343

344

345

        chk1(exp_sole, doc, "from_str", EncodedAuthCert::from_str(doc));

346

        chk1(

347

            exp_sole,

348

            doc,

349

            "From<String>",

350

            EncodedAuthCert::try_from(doc.to_owned()),

351

);

352

        let embeds = format!(

353

            r"e-intro

354

ignored

355

{doc}dir-e-subdoc

356

dir-ignored-2

357

358

);

359

        let parse_input = ParseInput::new(&embeds, "<embeds>");

360

        chk1(

361

            exp_embed,

362

            &embeds,

363

            "embedded",

364

            parse_netdoc::<Embeds>(&parse_input),

365

);

366

367

368

    #[test]

369

    fn bad_authcerts() {

370

        NetworkStatusVoteUnverifiedParsedBody::is_structural_keyword(

371

            KeywordRef::new("dir-source").unwrap(),

372

373

        .expect("structural dir-source");

374

375

        // These documents are all very skeleton: none of the items have arguments, or objects.

376

        // It works anyway because we don't actually parse as an authcert, when reading an

377

        // EncodedAuthCert.  We just check the item keyword sequence.

378

379

        chk(

380

            Err("missing final newline"),

381

            Err("missing item encoded authority key certificate"),

382

            r"",

383

);

384

        chk(

385

            Err("authcert loose body item or missing intro keyword"),

386

            Err("missing item encoded authority key certificate"),

387

            r"wrong-intro

388

",

389

);

390

        chk(

391

            Err("missing final newline"),

392

            Err("missing item dir-key-certification"),

393

            r"dir-key-certificate-version

394

dir-missing-nl",

395

);

396

        chk(

397

            Err("authcert bad structure"),

398

            Err("authcert bad structure"),

399

            r"dir-key-certificate-version

400

dir-key-certificate-version

401

",

402

);

403

        chk(

404

            Err("authcert body keyword not dir- or fingerprint"),

405

            Err("authcert body keyword not dir- or fingerprint"),

406

            r"dir-key-certificate-version

407

wrong-item

408

dir-key-certification

409

",

410

);

411

        chk(

412

            Err("authcert with vote structural keyword"),

413

            Err("authcert with vote structural keyword"),

414

            r"dir-key-certificate-version

415

416

dir-key-certification

417

",

418

);

419

        chk(

420

            Err("authcert with vote structural keyword"),

421

            Err("authcert with vote structural keyword"),

422

            r"dir-key-certificate-version

423

dir-source

424

dir-key-certification

425

",

426

);

427

        chk(

428

            Ok(()), // Simulate bug where EncodedAuthCert doesn't know about our dir-e-subdoc

429

            Err("bug! parent document structural keyword found"),

430

            r"dir-key-certificate-version

431

dir-e-subdoc

432

dir-key-certification

433

",

434

);

435

        chk(

436

            Err("authcert with vote structural keyword"),

437

            Err("authcert with vote structural keyword"),

438

            r"dir-key-certificate-version

439

dir-example-item

440

441

",

442

);

443

        chk(

444

            Err("authcert loose body item or missing intro keyword"),

445

            Err("unexpected loose items after embedded authcert"),

446

            r"dir-key-certificate-version

447

dir-example-item

448

dir-key-certification

449

dir-extra-item

450

451

",

452

);

453

        chk(

454

            Err("authcert bad structure"),

455

            Err("authcert bad structure"),

456

            r"dir-key-certificate-version

457

dir-key-certificate-version

458

dir-example-item

459

dir-key-certification

460

dir-key-certification

461

462

",

463

);

464

        chk(

465

            Err("authcert bad structure"),

466

            Err("unexpected loose items after embedded authcert"),

467

            r"dir-key-certificate-version

468

dir-example-item

469

dir-key-certification

470

dir-key-certification

471

472

",

473

);

474

475