commit af3a9fdf7207eb66788ffe5c24971af72d224101 Author: Damian Johnson atagar@torproject.org Date: Mon Mar 13 09:34:28 2017 -0700
Initially create test strings as bytes
Might as well construct our test input as bytes, rather than converting to them. --- stem/descriptor/server_descriptor.py | 1 + test/unit/descriptor/certificate.py | 116 ++++++++++++----------------------- 2 files changed, 39 insertions(+), 78 deletions(-)
diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py index dfb1bc5..76173a0 100644 --- a/stem/descriptor/server_descriptor.py +++ b/stem/descriptor/server_descriptor.py @@ -764,6 +764,7 @@ class RelayDescriptor(ServerDescriptor):
if self.onion_key_crosscert: onion_key_crosscert_digest = self._digest_for_signature(self.onion_key, self.onion_key_crosscert) + if onion_key_crosscert_digest != self.onion_key_crosscert_digest(): raise ValueError('Decrypted onion-key-crosscert digest does not match local digest (calculated: %s, local: %s)' % (onion_key_crosscert_digest, self.onion_key_crosscert_digest()))
diff --git a/test/unit/descriptor/certificate.py b/test/unit/descriptor/certificate.py index 0603a32..2f2f728 100644 --- a/test/unit/descriptor/certificate.py +++ b/test/unit/descriptor/certificate.py @@ -12,84 +12,51 @@ import test.runner class TestCertificate(unittest.TestCase): def test_with_invalid_version(self): cert_bytes = b'\x02\x04' - self.assertRaisesRegexp( - ValueError, - 'Unknown Certificate version', - stem.descriptor.certificate._parse_certificate, - cert_bytes, - None - ) + self.assertRaisesRegexp(ValueError, 'Unknown Certificate version', stem.descriptor.certificate._parse_certificate, cert_bytes, None)
def test_with_invalid_type(self): cert_bytes = b'\x01\x07' - self.assertRaisesRegexp( - ValueError, - 'Unknown Certificate type', - stem.descriptor.certificate._parse_certificate, - cert_bytes, - None - ) + self.assertRaisesRegexp(ValueError, 'Unknown Certificate type', stem.descriptor.certificate._parse_certificate, cert_bytes, None)
def test_parse_extensions_truncated_extension(self): - cert_bytes = '\x00' * 39 # First 40 bytes are standard fields - cert_bytes += '\x01' # n_extensions = 1 - cert_bytes += '\x00\x08' # extension length = 8 bytes - cert_bytes += '\x04' # ext_type = 0x04 - cert_bytes += stem.descriptor.certificate.SIGNATURE_LENGTH * '\x00' # pad empty signature block - - self.assertRaisesRegexp( - ValueError, - 'Certificate contained truncated extension', - stem.descriptor.certificate._parse_extensions, - stem.util.str_tools._to_bytes(cert_bytes) - ) + cert_bytes = b'\x00' * 39 # First 40 bytes are standard fields + cert_bytes += b'\x01' # n_extensions = 1 + cert_bytes += b'\x00\x08' # extension length = 8 bytes + cert_bytes += b'\x04' # ext_type = 0x04 + cert_bytes += stem.descriptor.certificate.SIGNATURE_LENGTH * b'\x00' # pad empty signature block + + self.assertRaisesRegexp(ValueError, 'Certificate contained truncated extension', stem.descriptor.certificate._parse_extensions, cert_bytes)
def test_parse_extensions_invalid_certificate_extension_type(self): - cert_bytes = '\x00' * 39 # First 40 bytes are standard fields - cert_bytes += '\x01' # n_extensions = 1 - cert_bytes += '\x00\x08' # extension length = 8 bytes - cert_bytes += '\x00' * 6 # pad out to 8 bytes - cert_bytes += stem.descriptor.certificate.SIGNATURE_LENGTH * '\x00' # pad empty signature block - - self.assertRaisesRegexp( - ValueError, - 'Invalid certificate extension type:', - stem.descriptor.certificate._parse_extensions, - stem.util.str_tools._to_bytes(cert_bytes) - ) + cert_bytes = b'\x00' * 39 # First 40 bytes are standard fields + cert_bytes += b'\x01' # n_extensions = 1 + cert_bytes += b'\x00\x08' # extension length = 8 bytes + cert_bytes += b'\x00' * 6 # pad out to 8 bytes + cert_bytes += stem.descriptor.certificate.SIGNATURE_LENGTH * b'\x00' # pad empty signature block + + self.assertRaisesRegexp(ValueError, 'Invalid certificate extension type:', stem.descriptor.certificate._parse_extensions, cert_bytes)
def test_parse_extensions_invalid_n_extensions_count(self): - cert_bytes = '\x00' * 39 # First 40 bytes are standard fields - cert_bytes += '\x02' # n_extensions = 2 - cert_bytes += '\x00\x08' # extension length = 8 bytes - cert_bytes += '\x04' # certificate type - cert_bytes += '\x00' * 5 # pad out to 8 bytes - cert_bytes += stem.descriptor.certificate.SIGNATURE_LENGTH * '\x00' # pad empty signature block - - self.assertRaisesRegexp( - ValueError, - 'n_extensions was 2 but parsed 1', - stem.descriptor.certificate._parse_extensions, - stem.util.str_tools._to_bytes(cert_bytes) - ) + cert_bytes = b'\x00' * 39 # First 40 bytes are standard fields + cert_bytes += b'\x02' # n_extensions = 2 + cert_bytes += b'\x00\x08' # extension length = 8 bytes + cert_bytes += b'\x04' # certificate type + cert_bytes += b'\x00' * 5 # pad out to 8 bytes + cert_bytes += stem.descriptor.certificate.SIGNATURE_LENGTH * b'\x00' # pad empty signature block + + self.assertRaisesRegexp(ValueError, 'n_extensions was 2 but parsed 1', stem.descriptor.certificate._parse_extensions, cert_bytes)
def test_ed25519_key_certificate_without_extensions(self): - cert_bytes = '\x01\x04' + '\x00' * 37 # First 40 bytes are standard fields - cert_bytes += '\x00' # n_extensions = 0 - cert_bytes += stem.descriptor.certificate.SIGNATURE_LENGTH * '\x00' # pad empty signature block - - self.assertRaisesRegexp( - ValueError, - 'Ed25519KeyCertificate missing SignedWithEd25519KeyCertificateExtension extension', - stem.descriptor.certificate._parse_certificate, - stem.util.str_tools._to_bytes(cert_bytes), - None, - validate = True - ) + cert_bytes = b'\x01\x04' + b'\x00' * 37 # First 40 bytes are standard fields + cert_bytes += b'\x00' # n_extensions = 0 + cert_bytes += stem.descriptor.certificate.SIGNATURE_LENGTH * b'\x00' # pad empty signature block + + exc_msg = 'Ed25519KeyCertificate missing SignedWithEd25519KeyCertificateExtension extension' + self.assertRaisesRegexp(ValueError, exc_msg, stem.descriptor.certificate._parse_certificate, cert_bytes, None, validate = True)
def test_certificate_with_invalid_signature(self): if not stem.prereq._is_pynacl_available(): - test.runner.skip(self, '(require pynacl module)') + test.runner.skip(self, '(requires pynacl module)') return
import nacl.signing @@ -98,17 +65,10 @@ class TestCertificate(unittest.TestCase): master_key = nacl.signing.SigningKey.generate() master_key_base64 = master_key.encode(nacl.encoding.Base64Encoder)
- cert_bytes = '\x01\x04' + '\x00' * 37 # 40 byte preamble of standard fields - cert_bytes += '\x01' # n_extensions = 1 - cert_bytes += '\x00\x08' # extentsion length = 8 bytes - cert_bytes += '\x04' + '\x00' * 5 # certificate type + padding out to 8 bytes - cert_bytes += stem.descriptor.certificate.SIGNATURE_LENGTH * '\x00' # empty signature block - - self.assertRaisesRegexp( - ValueError, - 'Ed25519KeyCertificate signature invalid', - stem.descriptor.certificate._parse_certificate, - stem.util.str_tools._to_bytes(cert_bytes), - master_key_base64, - validate = True - ) + cert_bytes = b'\x01\x04' + b'\x00' * 37 # 40 byte preamble of standard fields + cert_bytes += b'\x01' # n_extensions = 1 + cert_bytes += b'\x00\x08' # extentsion length = 8 bytes + cert_bytes += b'\x04' + b'\x00' * 5 # certificate type + padding out to 8 bytes + cert_bytes += stem.descriptor.certificate.SIGNATURE_LENGTH * b'\x00' # empty signature block + + self.assertRaisesRegexp(ValueError, 'Ed25519KeyCertificate signature invalid', stem.descriptor.certificate._parse_certificate, cert_bytes, master_key_base64, validate = True)
tor-commits@lists.torproject.org
-
atagar@torproject.org