diff options
author | David Goulet <dgoulet@torproject.org> | 2016-08-26 11:06:09 -0400 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2016-08-26 14:46:29 -0400 |
commit | f46ce6e3d8bea3cf00388c87c29cdcafd4bab350 (patch) | |
tree | bab17085faa12ca1e7a667e1d1625dc546d8a53d | |
parent | 8fe410e875343a4c134ddbe0db6da3d38865deee (diff) | |
download | tor-f46ce6e3d8bea3cf00388c87c29cdcafd4bab350.tar.gz tor-f46ce6e3d8bea3cf00388c87c29cdcafd4bab350.zip |
test: Fix shared random unit test for big endian
Copying the integer 42 in a char buffer has a different representation
depending on the endianess of the system thus that unit test was failing on
big endian system.
This commit introduces a python script, like the one we have for SRV, that
computes a COMMIT/REVEAL from scratch so we can use it as a test vector for
our encoding unit tests.
With this, we use a random value of bytes instead of a number fixing the
endianess issue and making the whole test case more solid with an external
tool that builds the COMMIT and REVEAL according to the spec.
Fixes #19977
Signed-off-by: David Goulet <dgoulet@torproject.org>
-rw-r--r-- | changes/19977 | 6 | ||||
-rw-r--r-- | src/test/sr_commit_calc_ref.py | 51 | ||||
-rw-r--r-- | src/test/test_shared_random.c | 19 |
3 files changed, 65 insertions, 11 deletions
diff --git a/changes/19977 b/changes/19977 new file mode 100644 index 0000000000..0ca1af1cea --- /dev/null +++ b/changes/19977 @@ -0,0 +1,6 @@ + o Minor bugfixes (unit test) + - Fix shared random unit test that was failing on big endian architecture + due to internal representation of a integer copied to a buffer. The test + is changed to take a full 32 bytes of data and use the output of a + python script that make the COMMIT and REVEAL calculation according to + the spec. Fixes #19977; bugfix on tor-0.2.9.1-alpha. diff --git a/src/test/sr_commit_calc_ref.py b/src/test/sr_commit_calc_ref.py new file mode 100644 index 0000000000..45e629cfb0 --- /dev/null +++ b/src/test/sr_commit_calc_ref.py @@ -0,0 +1,51 @@ +# This is a reference implementation of the COMMIT/REVEAL calculation for +# prop250. We use it to generate a test vector for the test_encoding() +# unittest. +# +# Here is the computation formula: +# +# H = SHA3-256 +# TIMESTAMP = 8 bytes network-endian value +# RAND = H(32 bytes of random) +# +# REVEAL = base64-encode( TIMESTAMP || RAND ) +# COMMIT = base64-encode( TIMESTAMP || H(REVEAL) ) +# + +import sys +import hashlib +import struct +import base64 + +# Python 3.6+, the SHA3 is available in hashlib natively. Else this requires +# the pysha3 package (pip install pysha3). +if sys.version_info < (3, 6): + import sha3 + +# Test vector to make sure the right sha3 version will be used. pysha3 < 1.0 +# used the old Keccak implementation. During the finalization of SHA3, NIST +# changed the delimiter suffix from 0x01 to 0x06. The Keccak sponge function +# stayed the same. pysha3 1.0 provides the previous Keccak hash, too. +TEST_VALUE = "e167f68d6563d75bb25f3aa49c29ef612d41352dc00606de7cbd630bb2665f51" +if TEST_VALUE != sha3.sha3_256(b"Hello World").hexdigest(): + print("pysha3 version is < 1.0. Please install from:") + print("https://github.com/tiran/pysha3https://github.com/tiran/pysha3") + sys.exit(1) + +# TIMESTAMP +ts = 1454333590 +# RAND +data = 'A' * 32 # Yes very very random, NIST grade :). +rand = hashlib.sha3_256(data) + +reveal = struct.pack('!Q', ts) + rand.digest() +b64_reveal = base64.b64encode(reveal) +print("REVEAL: %s" % (b64_reveal)) + +# Yes we do hash the _encoded_ reveal here that is H(REVEAL) +hashed_reveal = hashlib.sha3_256(b64_reveal) +commit = struct.pack('!Q', ts) + hashed_reveal.digest() +print("COMMIT: %s" % (base64.b64encode(commit))) + +# REVEAL: AAAAAFavXpZJxbwTupvaJCTeIUCQmOPxAMblc7ChL5H2nZKuGchdaA== +# COMMIT: AAAAAFavXpbkBMzMQG7aNoaGLFNpm2Wkk1ozXhuWWqL//GynltxVAg== diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c index d6787e4f45..8368300e66 100644 --- a/src/test/test_shared_random.c +++ b/src/test/test_shared_random.c @@ -370,26 +370,23 @@ static void test_encoding(void *arg) { (void) arg; - int ret, duper_rand = 42; + int ret; /* Random number is 32 bytes. */ char raw_rand[32]; time_t ts = 1454333590; char hashed_rand[DIGEST256_LEN], hashed_reveal[DIGEST256_LEN]; sr_commit_t parsed_commit; - /* Encoded commit is: base64-encode( 1454333590 || H(H(42)) ). Remember - * that we do no expose the raw bytes of our PRNG to the network thus - * explaining the double H(). */ - static const char *encoded_commit = - "AAAAAFavXpZbx2LRneYFSLPCP8DLp9BXfeH5FXzbkxM4iRXKGeA54g=="; - /* Encoded reveal is: base64-encode( 1454333590 || H(42) ). */ + /* Those values were generated by sr_commit_calc_ref.py where the random + * value is 32 'A' and timestamp is the one in ts. */ static const char *encoded_reveal = - "AAAAAFavXpYk9x9kTjiQWUqjHwSAEOdPAfCaurXgjPy173SzYjeC2g=="; + "AAAAAFavXpZJxbwTupvaJCTeIUCQmOPxAMblc7ChL5H2nZKuGchdaA=="; + static const char *encoded_commit = + "AAAAAFavXpbkBMzMQG7aNoaGLFNpm2Wkk1ozXhuWWqL//GynltxVAg=="; /* Set up our raw random bytes array. */ - memset(raw_rand, 0, sizeof(raw_rand)); - memcpy(raw_rand, &duper_rand, sizeof(duper_rand)); - /* Hash random number. */ + memset(raw_rand, 'A', sizeof(raw_rand)); + /* Hash random number because we don't expose bytes of the RNG. */ ret = crypto_digest256(hashed_rand, raw_rand, sizeof(raw_rand), SR_DIGEST_ALG); tt_int_op(0, ==, ret); |