test: Fix shared random unit test for big endian

Copying the integer 42 in a char buffer has a different representation depending on the endianess of the system thus that unit test was failing on big endian system. This commit introduces a python script, like the one we have for SRV, that computes a COMMIT/REVEAL from scratch so we can use it as a test vector for our encoding unit tests. With this, we use a random value of bytes instead of a number fixing the endianess issue and making the whole test case more solid with an external tool that builds the COMMIT and REVEAL according to the spec. Fixes #19977 Signed-off-by: David Goulet <dgoulet@torproject.org>
author: David Goulet <dgoulet@torproject.org> 2016-08-26 11:06:09 -0400
committer: David Goulet <dgoulet@torproject.org> 2016-08-26 14:46:29 -0400
commit: f46ce6e3d8bea3cf00388c87c29cdcafd4bab350 (patch)
tree: bab17085faa12ca1e7a667e1d1625dc546d8a53d /src
parent: 8fe410e875343a4c134ddbe0db6da3d38865deee (diff)
download: tor-f46ce6e3d8bea3cf00388c87c29cdcafd4bab350.tar.gz
tor-f46ce6e3d8bea3cf00388c87c29cdcafd4bab350.zip
2 files changed, 59 insertions, 11 deletions
diff --git a/src/test/sr_commit_calc_ref.py b/src/test/sr_commit_calc_ref.py
new file mode 100644
index 0000000000..45e629cfb0
--- /dev/null
+++ b/src/test/sr_commit_calc_ref.py
@@ -0,0 +1,51 @@
+# This is a reference implementation of the COMMIT/REVEAL calculation for
+# prop250. We use it to generate a test vector for the test_encoding()
+# unittest.
+#
+# Here is the computation formula:
+#
+#      H = SHA3-256
+#      TIMESTAMP = 8 bytes network-endian value
+#      RAND = H(32 bytes of random)
+#
+#      REVEAL = base64-encode( TIMESTAMP || RAND )
+#      COMMIT = base64-encode( TIMESTAMP || H(REVEAL) )
+#
+
+import sys
+import hashlib
+import struct
+import base64
+
+# Python 3.6+, the SHA3 is available in hashlib natively. Else this requires
+# the pysha3 package (pip install pysha3).
+if sys.version_info < (3, 6):
+	import sha3
+
+# Test vector to make sure the right sha3 version will be used. pysha3 < 1.0
+# used the old Keccak implementation. During the finalization of SHA3, NIST
+# changed the delimiter suffix from 0x01 to 0x06. The Keccak sponge function
+# stayed the same. pysha3 1.0 provides the previous Keccak hash, too.
+TEST_VALUE = "e167f68d6563d75bb25f3aa49c29ef612d41352dc00606de7cbd630bb2665f51"
+if TEST_VALUE != sha3.sha3_256(b"Hello World").hexdigest():
+  print("pysha3 version is < 1.0. Please install from:")
+  print("https://github.com/tiran/pysha3https://github.com/tiran/pysha3")
+  sys.exit(1)
+
+# TIMESTAMP
+ts = 1454333590
+# RAND
+data = 'A' * 32 # Yes very very random, NIST grade :).
+rand = hashlib.sha3_256(data)
+
+reveal = struct.pack('!Q', ts) + rand.digest()
+b64_reveal = base64.b64encode(reveal)
+print("REVEAL: %s" % (b64_reveal))
+
+# Yes we do hash the _encoded_ reveal here that is H(REVEAL)
+hashed_reveal = hashlib.sha3_256(b64_reveal)
+commit = struct.pack('!Q', ts) + hashed_reveal.digest()
+print("COMMIT: %s" % (base64.b64encode(commit)))
+
+# REVEAL: AAAAAFavXpZJxbwTupvaJCTeIUCQmOPxAMblc7ChL5H2nZKuGchdaA==
+# COMMIT: AAAAAFavXpbkBMzMQG7aNoaGLFNpm2Wkk1ozXhuWWqL//GynltxVAg==
diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c
index d6787e4f45..8368300e66 100644
--- a/src/test/test_shared_random.c
+++ b/src/test/test_shared_random.c
@@ -370,26 +370,23 @@ static void
 test_encoding(void *arg)
 {
   (void) arg;
-  int ret, duper_rand = 42;
+  int ret;
   /* Random number is 32 bytes. */
   char raw_rand[32];
   time_t ts = 1454333590;
   char hashed_rand[DIGEST256_LEN], hashed_reveal[DIGEST256_LEN];
   sr_commit_t parsed_commit;
 
-  /* Encoded commit is: base64-encode( 1454333590 || H(H(42)) ). Remember
-   * that we do no expose the raw bytes of our PRNG to the network thus
-   * explaining the double H(). */
-  static const char *encoded_commit =
-    "AAAAAFavXpZbx2LRneYFSLPCP8DLp9BXfeH5FXzbkxM4iRXKGeA54g==";
-  /* Encoded reveal is: base64-encode( 1454333590 || H(42) ). */
+  /* Those values were generated by sr_commit_calc_ref.py where the random
+   * value is 32 'A' and timestamp is the one in ts. */
   static const char *encoded_reveal =
-    "AAAAAFavXpYk9x9kTjiQWUqjHwSAEOdPAfCaurXgjPy173SzYjeC2g==";
+    "AAAAAFavXpZJxbwTupvaJCTeIUCQmOPxAMblc7ChL5H2nZKuGchdaA==";
+  static const char *encoded_commit =
+    "AAAAAFavXpbkBMzMQG7aNoaGLFNpm2Wkk1ozXhuWWqL//GynltxVAg==";
 
   /* Set up our raw random bytes array. */
-  memset(raw_rand, 0, sizeof(raw_rand));
-  memcpy(raw_rand, &duper_rand, sizeof(duper_rand));
-  /* Hash random number. */
+  memset(raw_rand, 'A', sizeof(raw_rand));
+  /* Hash random number because we don't expose bytes of the RNG. */
   ret = crypto_digest256(hashed_rand, raw_rand,
                          sizeof(raw_rand), SR_DIGEST_ALG);
   tt_int_op(0, ==, ret);
author	David Goulet <dgoulet@torproject.org>	2016-08-26 11:06:09 -0400
committer	David Goulet <dgoulet@torproject.org>	2016-08-26 14:46:29 -0400
commit	f46ce6e3d8bea3cf00388c87c29cdcafd4bab350 (patch)
tree	bab17085faa12ca1e7a667e1d1625dc546d8a53d /src
parent	8fe410e875343a4c134ddbe0db6da3d38865deee (diff)
download	tor-f46ce6e3d8bea3cf00388c87c29cdcafd4bab350.tar.gz tor-f46ce6e3d8bea3cf00388c87c29cdcafd4bab350.zip