Skip to main content

tor_netdoc/parse2/poc/
netstatus.rs

1//! network status documents: shared between votes, consensuses and md consensuses
2
3use super::*;
4
5use crate::doc::{self, authcert};
6use crate::types;
7use authcert::AuthCert as DirAuthKeyCert;
8pub use doc::netstatus::Signature as NdiDirectorySignature;
9use doc::netstatus::{
10    ConsensusAuthoritySection, DirectorySignaturesHashesAccu, VerifyGeneralTrustedAuthorities,
11    VoteAuthoritySection, VoteStatusConsensus, VoteStatusVote,
12};
13
14mod ns_per_flavour_macros;
15pub use ns_per_flavour_macros::*;
16
17ns_per_flavour_macros::ns_export_flavoured_types! {
18    NetworkStatus, NetworkStatusUnverified, Router,
19}
20
21/// `params` value
22#[derive(Clone, Debug, Default, Deftly)]
23#[derive_deftly(ItemValueParseable)]
24#[non_exhaustive]
25pub struct NdiParams {
26    // Not implemented.
27}
28
29/// `r` sub-document
30#[derive(Deftly, Clone, Debug)]
31#[derive_deftly(ItemValueParseable)]
32#[non_exhaustive]
33pub struct NdiR {
34    /// nickname
35    pub nickname: types::Nickname,
36    /// identity
37    pub identity: String, // In non-demo, use a better type
38}
39
40/// Meat of the verification functions for network documents
41///
42/// Checks that at least `threshold` members of `trusted`
43/// have signed this document (in `signatures`),
44/// via some cert(s) in `certs`.
45///
46/// Does not check validity time.
47fn verify_general_timeless(
48    hashes: &DirectorySignaturesHashesAccu,
49    signatures: &[NdiDirectorySignature],
50    trusted: &[pk::rsa::RsaIdentity],
51    certs: &[&DirAuthKeyCert],
52) -> Result<(), VF> {
53    let group = crate::doc::netstatus::SignatureGroup {
54        hashes: *hashes,
55        signatures: signatures.iter().cloned().collect_vec(),
56    };
57
58    group.verify_general(
59        VerifyGeneralTrustedAuthorities::TrustThese { trusted },
60        &certs.iter().copied().cloned().collect_vec(),
61        |tv| tv.verify(),
62    )
63}