March 2015 - tor-commits - lists.torproject.org

[bridgedb/master] Filter out tags in mechanize tests in test_https.py.
by isis＠torproject.org 21 Mar '15

21 Mar '15

commit 8c6f0bdd023753540400533d40f8de84b6122caf Author: Isis Lovecruft <isis(a)torproject.org> Date: Wed Feb 18 20:53:30 2015 +0000 Filter out tags in mechanize tests in test_https.py. These tests were intermittently failing (again) do the the ``split(' ')`` call. This was due to the template engine, Mako, sometimes deciding to use `` `` and other times only `` ``. Additionally, BridgeDB (somewhat) dynamically determines the number of bridges to give out to a client based on the number of bridges in the pool, ergo with different HTTPS_SHARE:EMAIL_SHARE:RESERVED_SHARE proportions and a low number of descriptors (as is the case in BridgeDB's CI setup) the number of bridges in a response may occaisionally wobble between 1 and *_N_BRIDGES_PER_ANSWER (in increments of 1, i.e. it might give 1 or 2 bridges, or 3 or 4, but not 2 or 4). Usually, for the CI server case, it was usually 1 bridge because of the low number of mocked descriptors, but occaisionally it was 2. This thus sometimes (when the number of bridges in the response was randomly 2) caused the ``split(' ')`` call to sometimes (when Mako decides to randomly shorten `` `` into `` ``) smash together the fingerprint of the first bridge line with the address or PT methodname of the second bridge line, which then of course caused the tests to fail (because the number of expected elements/words in the bridge lines has hardcoded test assertions for each type of bridge line). Hooray non-determinism. --- lib/bridgedb/test/test_https.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/bridgedb/test/test_https.py b/lib/bridgedb/test/test_https.py index 86b1f84..fe9e4e3 100644 --- a/lib/bridgedb/test/test_https.py +++ b/lib/bridgedb/test/test_https.py @@ -132,10 +132,13 @@ class HTTPTests(unittest.TestCase): self.assertTrue(soup, "Could not find <div class='bridge-lines'>!") for portion in soup: - bridge_lines = portion.text.strip().split(' ') + br_tags = portion.findChildren('br') + bridge_lines = set(portion.contents).difference(set(br_tags)) for bridge_line in bridge_lines: - fields = bridge_line.split() - bridges.append(fields) + bridge_line = bridge_line.strip() + if bridge_line: + fields = bridge_line.split() + bridges.append(fields) self.assertTrue(len(bridges) > 0, "Found no bridge lines in %s" % soup)

1 0

[bridgedb/master] Move #5482 Bridge @propertys to BridgeBackwardsCompatibility class.
by isis＠torproject.org 21 Mar '15

21 Mar '15

commit 0271c17d3ccd2f0a42c5dd17335ee682ff42ac8d Author: Isis Lovecruft <isis(a)torproject.org> Date: Sat Feb 14 07:18:37 2015 +0000 Move #5482 Bridge @propertys to BridgeBackwardsCompatibility class. --- lib/bridgedb/bridges.py | 81 +++++++++++++++++++++++------------------------ 1 file changed, 40 insertions(+), 41 deletions(-) diff --git a/lib/bridgedb/bridges.py b/lib/bridgedb/bridges.py index 5a5cba7..fc457d1 100644 --- a/lib/bridgedb/bridges.py +++ b/lib/bridgedb/bridges.py @@ -691,6 +691,46 @@ class BridgeBackwardsCompatibility(BridgeBase): bridgeLine = self.getBridgeLine(bridgeRequest, includeFingerprint) return bridgeLine + # Bridge Stability (`#5482 <https://bugs.torproject.org>`_) properties. + @property + def familiar(self): + """A bridge is "familiar" if 1/8 of all active bridges have appeared + more recently than it, or if it has been around for a Weighted Time of + eight days. + """ + with bridgedb.Storage.getDB() as db: # pragma: no cover + return db.getBridgeHistory(self.fingerprint).familiar + + @property + def wfu(self): + """Weighted Fractional Uptime""" + with bridgedb.Storage.getDB() as db: # pragma: no cover + return db.getBridgeHistory(self.fingerprint).weightedFractionalUptime + + @property + def weightedTime(self): + """Weighted Time""" + with bridgedb.Storage.getDB() as db: # pragma: no cover + return db.getBridgeHistory(self.fingerprint).weightedTime + + @property + def wmtbac(self): + """Weighted Mean Time Between Address Change""" + with bridgedb.Storage.getDB() as db: # pragma: no cover + return db.getBridgeHistory(self.fingerprint).wmtbac + + @property + def tosa(self): + """The Time On Same Address (TOSA)""" + with bridgedb.Storage.getDB() as db: # pragma: no cover + return db.getBridgeHistory(self.fingerprint).tosa + + @property + def weightedUptime(self): + """Weighted Uptime""" + with bridgedb.Storage.getDB() as db: # pragma: no cover + return db.getBridgeHistory(self.fingerprint).weightedUptime + class Bridge(BridgeBackwardsCompatibility): """A single bridge, and all the information we have for it. @@ -1524,44 +1564,3 @@ class Bridge(BridgeBackwardsCompatibility): logging.info("Removing dead transport for bridge %s: %s %s:%s %s" % (self, pt.methodname, pt.address, pt.port, pt.arguments)) self.transports.remove(pt) - - - # Bridge Stability (`#5482 <https://bugs.torproject.org>`_) properties. - @property - def familiar(self): - """A bridge is "familiar" if 1/8 of all active bridges have appeared - more recently than it, or if it has been around for a Weighted Time of - eight days. - """ - with bridgedb.Storage.getDB() as db: - return db.getBridgeHistory(self.fingerprint).familiar - - @property - def wfu(self): - """Weighted Fractional Uptime""" - with bridgedb.Storage.getDB() as db: - return db.getBridgeHistory(self.fingerprint).weightedFractionalUptime - - @property - def weightedTime(self): - """Weighted Time""" - with bridgedb.Storage.getDB() as db: - return db.getBridgeHistory(self.fingerprint).weightedTime - - @property - def wmtbac(self): - """Weighted Mean Time Between Address Change""" - with bridgedb.Storage.getDB() as db: - return db.getBridgeHistory(self.fingerprint).wmtbac - - @property - def tosa(self): - """The Time On Same Address (TOSA)""" - with bridgedb.Storage.getDB() as db: - return db.getBridgeHistory(self.fingerprint).tosa - - @property - def weightedUptime(self): - """Weighted Uptime""" - with bridgedb.Storage.getDB() as db: - return db.getBridgeHistory(self.fingerprint).weightedUptime

1 0

[bridgedb/master] Add tests for Bridge setBlockedIn() and isBlockedIn() methods.
by isis＠torproject.org 21 Mar '15

21 Mar '15

commit 273cd76b35c7cfe4677aaa9b6c492be3e0ff6602 Author: Isis Lovecruft <isis(a)torproject.org> Date: Sat Feb 14 07:31:49 2015 +0000 Add tests for Bridge setBlockedIn() and isBlockedIn() methods. --- lib/bridgedb/test/test_bridges.py | 45 +++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/lib/bridgedb/test/test_bridges.py b/lib/bridgedb/test/test_bridges.py index e7b5875..f63b25e 100644 --- a/lib/bridgedb/test/test_bridges.py +++ b/lib/bridgedb/test/test_bridges.py @@ -1298,3 +1298,48 @@ class BridgeTests(unittest.TestCase): self.assertIsNotNone(published) self.assertIsInstance(published, datetime.datetime) self.assertEqual(str(published), '2014-12-22 21:51:27') + + def test_Bridge_isBlockedIn_IS(self): + """Calling isBlockedIn('IS') should return False when the bridge isn't + blocked in Iceland. + """ + self.assertFalse(self.bridge.isBlockedIn('IS')) + + def test_Bridge_setBlockedIn_CN_obfs2(self): + """Calling setBlockedIn('CN', 'obfs2') should mark all obfs2 transports + of the bridge as being blocked in CN. + """ + self.bridge.updateFromNetworkStatus(self.networkstatus) + self.bridge.updateFromServerDescriptor(self.serverdescriptor) + self.bridge.updateFromExtraInfoDescriptor(self.extrainfo) + + self.bridge.setBlockedIn('CN', methodname='obfs2') + self.assertTrue(self.bridge.isBlockedIn('CN')) + + def test_Bridge_setBlockedIn_IR_address(self): + """Calling setBlockedIn('IR', address) should mark all matching + addresses of the bridge as being blocked in IR. + """ + self.bridge.updateFromNetworkStatus(self.networkstatus) + self.bridge.updateFromServerDescriptor(self.serverdescriptor) + self.bridge.updateFromExtraInfoDescriptor(self.extrainfo) + + self.bridge.setBlockedIn('IR', address='179.178.155.140') + self.assertTrue(self.bridge.isBlockedIn('ir')) + self.assertFalse(self.bridge.isBlockedIn('cn')) + + def test_Bridge_setBlockedIn_GB_address_port(self): + """Calling setBlockedIn('GB', address, port) should mark all matching + addresses:port pairs of the bridge as being blocked in GB. + """ + self.bridge.updateFromNetworkStatus(self.networkstatus) + self.bridge.updateFromServerDescriptor(self.serverdescriptor) + self.bridge.updateFromExtraInfoDescriptor(self.extrainfo) + + # Should block the obfs4 bridge: + self.bridge.setBlockedIn('GB', address='179.178.155.140', port=36493) + self.assertTrue(self.bridge.isBlockedIn('GB')) + self.assertTrue(self.bridge.isBlockedIn('gb')) + self.assertTrue(self.bridge.transportIsBlockedIn('GB', 'obfs4')) + self.assertTrue(self.bridge.addressIsBlockedIn('GB', '179.178.155.140', 36493)) + self.assertFalse(self.bridge.addressIsBlockedIn('gb', '179.178.155.140', 36488))

1 0

[bridgedb/master] Merge branch 'hotfix/0.2.4-mechanize-tags' into develop
by isis＠torproject.org 21 Mar '15

21 Mar '15

commit 034a421031b336a8540e106f8334e98f53a48f07 Merge: 495d77e 8c6f0bd Author: Isis Lovecruft <isis(a)torproject.org> Date: Wed Feb 18 21:10:09 2015 +0000 Merge branch 'hotfix/0.2.4-mechanize-tags' into develop lib/bridgedb/test/test_https.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)

1 0

[bridgedb/master] Add unittests for bridgedb.parse.nickname.
by isis＠torproject.org 21 Mar '15

21 Mar '15

commit 35a51c29eafaa6af69abeaacd36f1b90d90e67cd Author: Isis Lovecruft <isis(a)torproject.org> Date: Wed Feb 18 21:59:14 2015 +0000 Add unittests for bridgedb.parse.nickname. --- lib/bridgedb/test/test_parse_nickname.py | 63 ++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/lib/bridgedb/test/test_parse_nickname.py b/lib/bridgedb/test/test_parse_nickname.py new file mode 100644 index 0000000..fea000a --- /dev/null +++ b/lib/bridgedb/test/test_parse_nickname.py @@ -0,0 +1,63 @@ +# -*- coding: utf-8 -*- +# +# This file is part of BridgeDB, a Tor bridge distribution system. +# +# :authors: Isis Lovecruft <isis(a)torproject.org> +# please also see AUTHORS file +# :copyright: (c) 2007-2015, The Tor Project, Inc. +# (c) 2007-2015, all entities within the AUTHORS file +# (c) 2013-2015, Isis Lovecruft +# :license: see LICENSE for licensing information + +"""Unittests for the :mod:`bridgedb.parse.nickname` module.""" + +from twisted.trial import unittest + +from bridgedb.parse.nickname import isValidRouterNickname + + +class IsValidRouterNicknameTests(unittest.TestCase): + """Unittests for :func:`bridgedb.parse.nickname.isValidRouterNickname`.""" + + def test_parse_nickname_isValidRouterNickname_valid(self): + """isValidRouterNickname() should return True for a valid nickname.""" + name = 'Unmentionable' + self.assertTrue(isValidRouterNickname(name)) + + def test_parse_nickname_isValidRouterNickname_valid_1(self): + """isValidRouterNickname() should return True for a valid nickname.""" + name = 'maketotaldestroy' + self.assertTrue(isValidRouterNickname(name)) + + def test_parse_nickname_isValidRouterNickname_invalid_symbols(self): + """isValidRouterNickname() should return False for an invalid nickname + (with symbols in it). + """ + name = 'what_the_bl#@p?!' + self.assertFalse(isValidRouterNickname(name)) + + def test_parse_nickname_isValidRouterNickname_invalid_too_long(self): + """isValidRouterNickname() should return False for an invalid nickname + (too long). + """ + name = 'ThisIsReallyMoreOfANovellaRatherThanAnOnionRouterNickname' + self.assertFalse(isValidRouterNickname(name)) + + def test_parse_nickname_isValidRouterNickname_invalid_too_short(self): + """isValidRouterNickname() should return False for an invalid nickname + (empty string). + """ + name = '' + self.assertFalse(isValidRouterNickname(name)) + + def test_parse_nickname_isValidRouterNickname_invalid_None(self): + """isValidRouterNickname(None) should return False.""" + name = None + self.assertFalse(isValidRouterNickname(name)) + + def test_parse_nickname_isValidRouterNickname_invalid_spaces(self): + """isValidRouterNickname() should return False for an invalid nickname + (contains spaces). + """ + name = 'As you wish' + self.assertFalse(isValidRouterNickname(name))

1 0

[bridgedb/master] Merge branch 'develop' into fix/9380-stem_r10
by isis＠torproject.org 21 Mar '15

21 Mar '15

commit 0a94b05c376aa4f62f97edd6f7cdfa09db797b83 Merge: 273cd76 034a421 Author: Isis Lovecruft <isis(a)torproject.org> Date: Wed Feb 18 21:38:57 2015 +0000 Merge branch 'develop' into fix/9380-stem_r10 lib/bridgedb/test/test_https.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)

1 0

[bridgedb/master] Merge branch 'fix/9380-stem_r10' into develop
by isis＠torproject.org 21 Mar '15

21 Mar '15

commit e48437a8a246d6a32aae2e00c97af667d99630d6 Merge: 034a421 8dc041b Author: Isis Lovecruft <isis(a)torproject.org> Date: Wed Feb 18 23:06:25 2015 +0000 Merge branch 'fix/9380-stem_r10' into develop .test.requirements.txt | 2 +- .travis.requirements.txt | 3 +- lib/bridgedb/Bridges.py | 687 +---------- lib/bridgedb/Filters.py | 89 +- lib/bridgedb/HTTPServer.py | 5 +- lib/bridgedb/Main.py | 238 ++-- lib/bridgedb/Stability.py | 2 +- lib/bridgedb/Storage.py | 5 +- lib/bridgedb/Tests.py | 780 ------------ lib/bridgedb/bridgerequest.py | 54 +- lib/bridgedb/bridges.py | 1586 +++++++++++++++++++++++++ lib/bridgedb/configure.py | 17 +- lib/bridgedb/crypto.py | 41 + lib/bridgedb/parse/descriptors.py | 274 +++++ lib/bridgedb/parse/fingerprint.py | 16 +- lib/bridgedb/parse/networkstatus.py | 280 ----- lib/bridgedb/parse/nickname.py | 58 + lib/bridgedb/schedule.py | 6 +- lib/bridgedb/test/deprecated.py | 520 ++++++++ lib/bridgedb/test/deprecated_networkstatus.py | 275 +++++ lib/bridgedb/test/legacy_Tests.py | 725 +++++++++++ lib/bridgedb/test/test_Bridges.py | 199 ---- lib/bridgedb/test/test_Tests.py | 13 +- lib/bridgedb/test/test_bridges.py | 1345 +++++++++++++++++++++ lib/bridgedb/test/test_crypto.py | 61 + lib/bridgedb/test/test_parse_descriptors.py | 653 ++++++++++ lib/bridgedb/test/test_parse_networkstatus.py | 414 ------- lib/bridgedb/test/test_parse_nickname.py | 63 + setup.py | 2 +- 29 files changed, 5887 insertions(+), 2526 deletions(-)

1 0

[bridgedb/master] Fix missing logging module import in bridgedb.parse.nickname.
by isis＠torproject.org 21 Mar '15

21 Mar '15

commit 492662db13d959729400e9791bd44ee73b09cb3e Author: Isis Lovecruft <isis(a)torproject.org> Date: Wed Feb 18 22:01:13 2015 +0000 Fix missing logging module import in bridgedb.parse.nickname. --- lib/bridgedb/parse/nickname.py | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/bridgedb/parse/nickname.py b/lib/bridgedb/parse/nickname.py index 9c3a559..8f4abea 100644 --- a/lib/bridgedb/parse/nickname.py +++ b/lib/bridgedb/parse/nickname.py @@ -23,6 +23,7 @@ bridgedb.parse.nicknames .. """ +import logging import string

1 0

[bridgedb/master] Added countryCode attribute, refactored GeoIP logic into its own module.
by isis＠torproject.org 21 Mar '15

21 Mar '15

commit dec1d60e13087cd16cc7dd9feec1cd86828d275c Author: Alden S. Page <pagea(a)allegheny.edu> Date: Thu Jan 1 21:24:09 2015 -0500 Added countryCode attribute, refactored GeoIP logic into its own module. Instances of Bridge now keep track of their country codes. This should help us hand out bridges more intelligently. In particular, we will soon be able to withold bridges from .ir and .sy as per issue #12843. Since multiple modules make use of geoip (HTTPServer and Bridges), I moved the geoip logic out of HTTPServer and into its own module called geo.py. Signed-off-by: Isis Lovecruft <isis(a)torproject.org> I removed the bridgedb.Bridges.Bridge.coutryCode attribute because it'll need to be ported to bridgedb.bridges.Bridge now that #9380 is merged. --- lib/bridgedb/Bridges.py | 1 + lib/bridgedb/HTTPServer.py | 29 +++--------------- lib/bridgedb/geo.py | 71 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 76 insertions(+), 25 deletions(-) diff --git a/lib/bridgedb/Bridges.py b/lib/bridgedb/Bridges.py index bdb911a..0904d67 100644 --- a/lib/bridgedb/Bridges.py +++ b/lib/bridgedb/Bridges.py @@ -21,6 +21,7 @@ import random import bridgedb.Storage import bridgedb.Bucket +import bridgedb.geo from bridgedb.bridges import Bridge from bridgedb.crypto import getHMACFunc diff --git a/lib/bridgedb/HTTPServer.py b/lib/bridgedb/HTTPServer.py index 389d5a4..3a51f7c 100644 --- a/lib/bridgedb/HTTPServer.py +++ b/lib/bridgedb/HTTPServer.py @@ -24,6 +24,7 @@ from functools import partial from ipaddr import IPv4Address from ipaddr import IPv6Address +from ipaddr import IPAddress import mako.exceptions from mako.template import Template @@ -38,6 +39,7 @@ from twisted.web import static from twisted.web.util import redirectTo import bridgedb.Dist +import bridgedb.geo from bridgedb import captcha from bridgedb import crypto @@ -55,7 +57,6 @@ from bridgedb.safelog import logSafely TEMPLATE_DIR = os.path.join(os.path.dirname(__file__), 'templates') -GEOIP_DBFILE = '/usr/share/GeoIP/GeoIP.dat' rtl_langs = ('ar', 'he', 'fa', 'gu_IN', 'ku') # Setting `filesystem_checks` to False is recommended for production servers, @@ -71,23 +72,6 @@ lookup = TemplateLookup(directories=[TEMPLATE_DIR], collection_size=500) logging.debug("Set template root to %s" % TEMPLATE_DIR) -try: - # Make sure we have the database before trying to import the module: - if not os.path.isfile(GEOIP_DBFILE): # pragma: no cover - raise EnvironmentError("Could not find %r. On Debian-based systems, "\ - "please install the geoip-database package." - % GEOIP_DBFILE) - # This is a "pure" python version which interacts with the Maxmind GeoIP - # API (version 1). It requires, in Debian, the libgeoip-dev and - # geoip-database packages. - import pygeoip - geoip = pygeoip.GeoIP(GEOIP_DBFILE, flags=pygeoip.MEMORY_CACHE) - logging.info("GeoIP database loaded") -except Exception as err: # pragma: no cover - logging.warn("Error while loading geoip module: %r" % err) - geoip = None - - def replaceErrorPage(error, template_name=None): """Create a general error page for displaying in place of tracebacks. @@ -691,12 +675,8 @@ class WebResourceBridges(resource.Resource): else: ip = request.getClientIP() - # XXX This can also be a separate function - # XXX if the ip is None, this throws an exception - if geoip: - countryCode = geoip.country_code_by_addr(ip) - if countryCode: - logging.debug("Client request from GeoIP CC: %s" % countryCode) + # Record what country the client is in. + countryCode = bridgedb.geo.getCountryCode(IPAddress(ip)) # XXX separate function again format = request.args.get("format", None) @@ -806,7 +786,6 @@ class WebResourceBridges(resource.Resource): return rendered - class WebRoot(resource.Resource): """The parent resource of all other documents hosted by the webserver.""" diff --git a/lib/bridgedb/geo.py b/lib/bridgedb/geo.py new file mode 100644 index 0000000..b2be72c --- /dev/null +++ b/lib/bridgedb/geo.py @@ -0,0 +1,71 @@ +# +# +# This file is part of BridgeDB, a Tor bridge distribution system. +# +# :authors: see AUTHORS file +# :copyright: (c) 2007-2015, The Tor Project, Inc. +# :license: 3-Clause BSD, see LICENSE for licensing information + +""" +Boilerplate setup for GeoIP. GeoIP allows us to look up the country code +associated with an IP address. This is a "pure" python version which interacts +with the Maxmind GeoIP API (version 1). It requires, in Debian, the libgeoip-dev +and geoip-database packages. +""" + +import logging +from os.path import isfile + +from bridgedb.safelog import logSafely +from ipaddr import IPv4Address, IPv6Address + +# IPv4 database +GEOIP_DBFILE = '/usr/share/GeoIP/GeoIP.dat' +# IPv6 database +GEOIPv6_DBFILE = '/usr/share/GeoIP/GeoIPv6.dat' +try: + # Make sure we have the database before trying to import the module: + if not (isfile(GEOIP_DBFILE) and isfile(GEOIPv6_DBFILE)): + raise EnvironmentError("Could not find %r. On Debian-based systems, "\ + "please install the geoip-database package." + % GEOIP_DBFILE) + + import pygeoip + geoip = pygeoip.GeoIP(GEOIP_DBFILE, flags=pygeoip.MEMORY_CACHE) + geoipv6 = pygeoip.GeoIP(GEOIPv6_DBFILE, flags=pygeoip.MEMORY_CACHE) + logging.info("GeoIP databases loaded") +except Exception as err: # pragma: no cover + logging.warn("Error while loading geoip module: %r" % err) + geoip = None + +def getCountryCode(IPAddr): + """Returns the two-letter country code of a given IP address. + + :param IPAddr: (:class:`ipaddr.IPAddress`) An IPv4 OR IPv6 address. + """ + ip = None + version = None + try: + ip = IPAddr.exploded + version = IPAddr.version + except AttributeError as err: + logging.warn("Wrong type passed to getCountryCode. Offending call:" + " %r" % err) + return None + + # GeoIP has two databases: one for IPv4 addresses, and one for IPv6 + # addresses. This will ensure we use the correct one. + db = None + if version == 4: + db = geoip + else: + db = geoipv6 + + # Look up the country code of the address. + countryCode = db.country_code_by_addr(ip) + if countryCode: + logging.debug("Looked up country code: %s" % countryCode) + return countryCode + else: + logging.debug("Country code was not detected. IP: %s" % ip) + return None

1 0

[bridgedb/master] Add unittest for bridgdb.crypto.removePKCS1Padding().
by isis＠torproject.org 21 Mar '15

21 Mar '15

commit 8dc041bc9efdc1c4c45e3a4aa5d5b579befc1844 Author: Isis Lovecruft <isis(a)torproject.org> Date: Wed Feb 18 22:19:17 2015 +0000 Add unittest for bridgdb.crypto.removePKCS1Padding(). --- lib/bridgedb/test/test_crypto.py | 61 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/lib/bridgedb/test/test_crypto.py b/lib/bridgedb/test/test_crypto.py index aca5d2c..2187475 100644 --- a/lib/bridgedb/test/test_crypto.py +++ b/lib/bridgedb/test/test_crypto.py @@ -14,6 +14,7 @@ from __future__ import print_function from __future__ import unicode_literals +import base64 import gpgme import io import logging @@ -86,6 +87,66 @@ class GetKeyTests(unittest.TestCase): % (key.encode('hex'), SEKRIT_KEY.encode('hex'))) +class RemovePKCS1PaddingTests(unittest.TestCase): + """Unittests for :func:`bridgedb.crypto.removePKCS1Padding`.""" + + def setUp(self): + """This blob *is* actually a correctly formed PKCS#1 padded signature + on the descriptor:: + + @purpose bridge + router ExhalesPeppier 118.16.116.176 35665 0 0 + or-address [eef2:d52a:cf1b:552f:375d:f8d0:a72b:e794]:35664 + platform Tor 0.2.4.5-alpha on Linux + protocols Link 1 2 Circuit 1 + published 2014-11-03 21:21:43 + fingerprint FA04 5CFF AB95 BA20 C994 FE28 9B23 583E F80F 34DA + uptime 10327748 + bandwidth 2247108152 2540209215 1954007088 + extra-info-digest 571BF23D8F24F052483C1333EBAE9B91E4A6F422 + onion-key + -----BEGIN RSA PUBLIC KEY----- + MIGJAoGBAK7+a033aUqc97SWFVGFwR3ybQ0jG1HTPtsv2/fUfZPwCaf21ly4zIvH + 9uNhtkcPH2p55X+n5M7OUaQawOzbwL4tSR9SLy9bGuZdWLbhu2GHQWmDkAB7BtHp + UC+uGTN3jvQXEG2xlzpb+lOVUVNXLhL5kFmAXxL+iwN4TeEv/iCnAgMBAAE= + -----END RSA PUBLIC KEY----- + signing-key + -----BEGIN RSA PUBLIC KEY----- + MIGJAoGBANxmgJ6S3rBAGcvQu2tWBaHByJxeJkdGbxID2b8cITPaNmcl72e3Kd44 + GGIkoKhkX0SAO+i2U+Q41u/DPEBWLxhpl9GAFJZ10dcT18lL36yaK6FRDOcF9jx9 + 0A023/kwXd7QQDWqP7Fso+141bzit6ENvNmE1mvEeIoAR+EpJB1tAgMBAAE= + -----END RSA PUBLIC KEY----- + contact Somebody <somebody(a)example.com> + ntor-onion-key 0Mfi/Af7zLmdNdrmJyPbZxPJe7TZU/hV4Z865g3g+k4 + reject *:* + router-signature + -----BEGIN SIGNATURE----- + PsGGIP+V9ZXWIHjK943CMAPem3kFbO9kt9rvrPhd64u0f7ytB/qZGaOg1IEWki1I + f6ZNjrthxicm3vnEUdhpRsyn7MUFiQmqLjBfqdzh0GyfrtU5HHr7CBV3tuhgVhik + uY1kPNo1C8wkmuy31H3V7NXj+etZuzZN66qL3BiQwa8= + -----END SIGNATURE----- + + However, for the blob to be valid it would need to be converted from + base64-decoded bytes to a long, then raised by the power of the public + exponent within the ASN.1 DER decoded signing-key (mod that key's + public modulus), then re-converted back into bytes before attempting + to remove the PKCS#1 padding. (See + :meth:`bridedb.bridges.Bridge._verifyExtraInfoSignature`.) + """ + blob = ('PsGGIP+V9ZXWIHjK943CMAPem3kFbO9kt9rvrPhd64u0f7ytB/qZGaOg1IEWk' + 'i1If6ZNjrthxicm3vnEUdhpRsyn7MUFiQmqLjBfqdzh0GyfrtU5HHr7CBV3tu' + 'hgVhikuY1kPNo1C8wkmuy31H3V7NXj+etZuzZN66qL3BiQwa8=') + self.blob = base64.b64decode(blob) + + def test_crypto_removePKCS1Padding_bad_padding(self): + """removePKCS1Padding() with a blob with a bad PKCS#1 identifier mark + should raise PKCS1PaddingError. + """ + self.assertRaises(crypto.PKCS1PaddingError, + crypto.removePKCS1Padding, + self.blob) + + class LessCrypticGPGMEErrorTests(unittest.TestCase): """Unittests for :class:`bridgedb.crypto.LessCrypticGPGMEError`."""

1 0