tor-netdoc: overhaul consensus verification, in preparation for parse2 ns verification
This MR is a bit of a beast, I'm afraid, and also quite critical, so it will need quite intensive scrutiny. I have tried to make that as easy as possible.
At the end of it we have:
-
Abolished the reimplementation of consensus signature checking, that was in
poc. -
Provided a verify_general function that is suitable for parse2's use, both for actual verification, and for reporting on missing authcerts.
-
Strenuously avoided unintentional functional changes, and double-checked (a version of) the code against the poc reimplemnetation.
The structure is as follows:
-
Refactor of the old
validatefunction. We break outverify_general, and do some overhaul on it. -
Refactor of the poc code, to gradually transform it into a function that's very very similar to the new
verify_general. Then we can compare the two, which gives us confidence in the refactoredverify_general, and also in abolishing poc's verification implementation. -
Further enhancement of
verify_general, to fix its API and arrange that it can be used for missing authcert reporting.
The parse2 call site is not in this MR. So right now nothing passes a do_verify that isn't ConsensusSignatureToVerify::verify.
All this reorganised code is tested by the existing test cases which test validate. (The contents of ConsensusVerifiabilityError are not tested anywhere. That will come in a later MR.)