commit 36a3ca247796638bbdf1f82f4c29d562ac3229fc Author: Damian Johnson <atagar@torproject.org> Date: Wed Nov 20 14:09:33 2019 -0800 Test and fix key blinding with python 3.x Each key blinding takes a couple seconds so I avoided it in our unit tests, but we should perform one instance for coverage. Testing with a static key and fixing the python 3.x normalization issue this surfaced. --- stem/descriptor/hidden_service.py | 2 +- stem/util/slow_ed25519.py | 13 +++++++++++-- test/unit/descriptor/hidden_service_v3.py | 20 ++++++++++++++++++++ 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/stem/descriptor/hidden_service.py b/stem/descriptor/hidden_service.py index de98c9cf..94edeba4 100644 --- a/stem/descriptor/hidden_service.py +++ b/stem/descriptor/hidden_service.py @@ -924,7 +924,7 @@ class HiddenServiceDescriptorV3(BaseHiddenServiceDescriptor): :: - HiddenServiceDescriptorV3(blinding_nonce = os.urandom(32)) + HiddenServiceDescriptorV3.create(blinding_nonce = os.urandom(32)) :param dict attr: keyword/value mappings to be included in plaintext descriptor :param list exclude: mandatory keywords to exclude from the descriptor, this diff --git a/stem/util/slow_ed25519.py b/stem/util/slow_ed25519.py index 9e9864d2..b23bf57c 100644 --- a/stem/util/slow_ed25519.py +++ b/stem/util/slow_ed25519.py @@ -11,12 +11,21 @@ # https://github.com/pyca/cryptography/issues/5068 import hashlib +import stem.prereq b = 256 q = 2 ** 255 - 19 l = 2 ** 252 + 27742317777372353535851937790883648493 +def int_to_byte(val): + """ + Convert an integer to its byte value in an interpreter agnostic way. + """ + + return bytes([val]) if stem.prereq.is_python_3() else chr(val) + + def H(m): return hashlib.sha512(m).digest() @@ -84,7 +93,7 @@ def scalarmult(P, e): def encodeint(y): bits = [(y >> i) & 1 for i in range(b)] - return b''.join([chr(sum([bits[i * 8 + j] << j for j in range(8)])) for i in range(b // 8)]) + return b''.join([int_to_byte(sum([bits[i * 8 + j] << j for j in range(8)])) for i in range(b // 8)]) def encodepoint(P): @@ -92,7 +101,7 @@ def encodepoint(P): y = P[1] bits = [(y >> i) & 1 for i in range(b - 1)] + [x & 1] - return b''.join([chr(sum([bits[i * 8 + j] << j for j in range(8)])) for i in range(b // 8)]) + return b''.join([int_to_byte(sum([bits[i * 8 + j] << j for j in range(8)])) for i in range(b // 8)]) def bit(h, i): diff --git a/test/unit/descriptor/hidden_service_v3.py b/test/unit/descriptor/hidden_service_v3.py index 9ef2f0bf..715a2b65 100644 --- a/test/unit/descriptor/hidden_service_v3.py +++ b/test/unit/descriptor/hidden_service_v3.py @@ -459,3 +459,23 @@ class TestHiddenServiceDescriptorV3(unittest.TestCase): inner_layer = desc.decrypt(onion_address) self.assertEqual(3, len(inner_layer.introduction_points)) self.assertEqual('1.1.1.1', inner_layer.introduction_points[0].link_specifiers[0].address) + + @test.require.ed25519_support + def test_blinding(self): + """ + Create a descriptor with key blinding. `This takes a while + <https://github.com/pyca/cryptography/issues/5068>`_, so we should not do + this more than once. + """ + + from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey + + expected_blinded_key = b'\xb5\xefEA\xfaI\x1a\xd8*p\xcd\x97\x01\x90O\xa8p\xd3\x10\x16\x8e-\x19\xab+\x92\xbc\xf6\xe7\x92\xc2k' + + desc = HiddenServiceDescriptorV3.create( + identity_key = Ed25519PrivateKey.from_private_bytes(b'a' * 32), + blinding_nonce = b'a' * 32, + ) + + self.assertEqual(64, len(desc.signing_cert.signature)) + self.assertEqual(expected_blinded_key, desc.signing_cert.signing_key())