Commit f46ce6e3 authored by David Goulet's avatar David Goulet 🐼
Browse files

test: Fix shared random unit test for big endian



Copying the integer 42 in a char buffer has a different representation
depending on the endianess of the system thus that unit test was failing on
big endian system.

This commit introduces a python script, like the one we have for SRV, that
computes a COMMIT/REVEAL from scratch so we can use it as a test vector for
our encoding unit tests.

With this, we use a random value of bytes instead of a number fixing the
endianess issue and making the whole test case more solid with an external
tool that builds the COMMIT and REVEAL according to the spec.

Fixes #19977

Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
parent 8fe410e8
Loading
Loading
Loading
Loading

changes/19977

0 → 100644
+6 −0
Original line number Diff line number Diff line
  o Minor bugfixes (unit test)
    - Fix shared random unit test that was failing on big endian architecture
      due to internal representation of a integer copied to a buffer. The test
      is changed to take a full 32 bytes of data and use the output of a
      python script that make the COMMIT and REVEAL calculation according to
      the spec.  Fixes #19977; bugfix on tor-0.2.9.1-alpha.
+51 −0
Original line number Diff line number Diff line
# This is a reference implementation of the COMMIT/REVEAL calculation for
# prop250. We use it to generate a test vector for the test_encoding()
# unittest.
#
# Here is the computation formula:
#
#      H = SHA3-256
#      TIMESTAMP = 8 bytes network-endian value
#      RAND = H(32 bytes of random)
#
#      REVEAL = base64-encode( TIMESTAMP || RAND )
#      COMMIT = base64-encode( TIMESTAMP || H(REVEAL) )
#

import sys
import hashlib
import struct
import base64

# Python 3.6+, the SHA3 is available in hashlib natively. Else this requires
# the pysha3 package (pip install pysha3).
if sys.version_info < (3, 6):
	import sha3

# Test vector to make sure the right sha3 version will be used. pysha3 < 1.0
# used the old Keccak implementation. During the finalization of SHA3, NIST
# changed the delimiter suffix from 0x01 to 0x06. The Keccak sponge function
# stayed the same. pysha3 1.0 provides the previous Keccak hash, too.
TEST_VALUE = "e167f68d6563d75bb25f3aa49c29ef612d41352dc00606de7cbd630bb2665f51"
if TEST_VALUE != sha3.sha3_256(b"Hello World").hexdigest():
  print("pysha3 version is < 1.0. Please install from:")
  print("https://github.com/tiran/pysha3https://github.com/tiran/pysha3")
  sys.exit(1)

# TIMESTAMP
ts = 1454333590
# RAND
data = 'A' * 32 # Yes very very random, NIST grade :).
rand = hashlib.sha3_256(data)

reveal = struct.pack('!Q', ts) + rand.digest()
b64_reveal = base64.b64encode(reveal)
print("REVEAL: %s" % (b64_reveal))

# Yes we do hash the _encoded_ reveal here that is H(REVEAL)
hashed_reveal = hashlib.sha3_256(b64_reveal)
commit = struct.pack('!Q', ts) + hashed_reveal.digest()
print("COMMIT: %s" % (base64.b64encode(commit)))

# REVEAL: AAAAAFavXpZJxbwTupvaJCTeIUCQmOPxAMblc7ChL5H2nZKuGchdaA==
# COMMIT: AAAAAFavXpbkBMzMQG7aNoaGLFNpm2Wkk1ozXhuWWqL//GynltxVAg==
+8 −11
Original line number Diff line number Diff line
@@ -370,26 +370,23 @@ static void
test_encoding(void *arg)
{
  (void) arg;
  int ret, duper_rand = 42;
  int ret;
  /* Random number is 32 bytes. */
  char raw_rand[32];
  time_t ts = 1454333590;
  char hashed_rand[DIGEST256_LEN], hashed_reveal[DIGEST256_LEN];
  sr_commit_t parsed_commit;

  /* Encoded commit is: base64-encode( 1454333590 || H(H(42)) ). Remember
   * that we do no expose the raw bytes of our PRNG to the network thus
   * explaining the double H(). */
  static const char *encoded_commit =
    "AAAAAFavXpZbx2LRneYFSLPCP8DLp9BXfeH5FXzbkxM4iRXKGeA54g==";
  /* Encoded reveal is: base64-encode( 1454333590 || H(42) ). */
  /* Those values were generated by sr_commit_calc_ref.py where the random
   * value is 32 'A' and timestamp is the one in ts. */
  static const char *encoded_reveal =
    "AAAAAFavXpYk9x9kTjiQWUqjHwSAEOdPAfCaurXgjPy173SzYjeC2g==";
    "AAAAAFavXpZJxbwTupvaJCTeIUCQmOPxAMblc7ChL5H2nZKuGchdaA==";
  static const char *encoded_commit =
    "AAAAAFavXpbkBMzMQG7aNoaGLFNpm2Wkk1ozXhuWWqL//GynltxVAg==";

  /* Set up our raw random bytes array. */
  memset(raw_rand, 0, sizeof(raw_rand));
  memcpy(raw_rand, &duper_rand, sizeof(duper_rand));
  /* Hash random number. */
  memset(raw_rand, 'A', sizeof(raw_rand));
  /* Hash random number because we don't expose bytes of the RNG. */
  ret = crypto_digest256(hashed_rand, raw_rand,
                         sizeof(raw_rand), SR_DIGEST_ALG);
  tt_int_op(0, ==, ret);