tor-netdoc: overhaul consensus verification, in preparation for parse2 ns verification

This MR is a bit of a beast, I'm afraid, and also quite critical, so it will need quite intensive scrutiny. I have tried to make that as easy as possible.

At the end of it we have:

  • Abolished the reimplementation of consensus signature checking, that was in poc.

  • Provided a verify_general function that is suitable for parse2's use, both for actual verification, and for reporting on missing authcerts.

  • Strenuously avoided unintentional functional changes, and double-checked (a version of) the code against the poc reimplemnetation.

The structure is as follows:

  1. Refactor of the old validate function. We break out verify_general, and do some overhaul on it.

  2. Refactor of the poc code, to gradually transform it into a function that's very very similar to the new verify_general. Then we can compare the two, which gives us confidence in the refactored verify_general, and also in abolishing poc's verification implementation.

  3. Further enhancement of verify_general, to fix its API and arrange that it can be used for missing authcert reporting.

The parse2 call site is not in this MR. So right now nothing passes a do_verify that isn't ConsensusSignatureToVerify::verify.

All this reorganised code is tested by the existing test cases which test validate. (The contents of ConsensusVerifiabilityError are not tested anywhere. That will come in a later MR.)

Merge request reports

Loading