[stem/master] Test and fix key blinding with python 3.x - tor-commits

20 Nov 2019

commit 36a3ca247796638bbdf1f82f4c29d562ac3229fc
Author: Damian Johnson atagar@torproject.org
Date:   Wed Nov 20 14:09:33 2019 -0800
Test and fix key blinding with python 3.x
Each key blinding takes a couple seconds so I avoided it in our unit tests, but
    we should perform one instance for coverage. Testing with a static key and
    fixing the python 3.x normalization issue this surfaced.
---
 stem/descriptor/hidden_service.py         |  2 +-
 stem/util/slow_ed25519.py                 | 13 +++++++++++--
 test/unit/descriptor/hidden_service_v3.py | 20 ++++++++++++++++++++
 3 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/stem/descriptor/hidden_service.py b/stem/descriptor/hidden_service.py
index de98c9cf..94edeba4 100644
--- a/stem/descriptor/hidden_service.py
+++ b/stem/descriptor/hidden_service.py
@@ -924,7 +924,7 @@ class HiddenServiceDescriptorV3(BaseHiddenServiceDescriptor):
::
-      HiddenServiceDescriptorV3(blinding_nonce = os.urandom(32))
+      HiddenServiceDescriptorV3.create(blinding_nonce = os.urandom(32))
:param dict attr: keyword/value mappings to be included in plaintext descriptor
     :param list exclude: mandatory keywords to exclude from the descriptor, this
diff --git a/stem/util/slow_ed25519.py b/stem/util/slow_ed25519.py
index 9e9864d2..b23bf57c 100644
--- a/stem/util/slow_ed25519.py
+++ b/stem/util/slow_ed25519.py
@@ -11,12 +11,21 @@
 #   https://github.com/pyca/cryptography/issues/5068
import hashlib
+import stem.prereq
b = 256
 q = 2 ** 255 - 19
 l = 2 ** 252 + 27742317777372353535851937790883648493
+def int_to_byte(val):
+  """
+  Convert an integer to its byte value in an interpreter agnostic way.
+  """
+
+  return bytes([val]) if stem.prereq.is_python_3() else chr(val)
+
+
 def H(m):
   return hashlib.sha512(m).digest()
@@ -84,7 +93,7 @@ def scalarmult(P, e):
def encodeint(y):
   bits = [(y >> i) & 1 for i in range(b)]
-  return b''.join([chr(sum([bits[i * 8 + j] << j for j in range(8)])) for i in range(b // 8)])
+  return b''.join([int_to_byte(sum([bits[i * 8 + j] << j for j in range(8)])) for i in range(b // 8)])
def encodepoint(P):
@@ -92,7 +101,7 @@ def encodepoint(P):
   y = P[1]
   bits = [(y >> i) & 1 for i in range(b - 1)] + [x & 1]
-  return b''.join([chr(sum([bits[i * 8 + j] << j for j in range(8)])) for i in range(b // 8)])
+  return b''.join([int_to_byte(sum([bits[i * 8 + j] << j for j in range(8)])) for i in range(b // 8)])
def bit(h, i):
diff --git a/test/unit/descriptor/hidden_service_v3.py b/test/unit/descriptor/hidden_service_v3.py
index 9ef2f0bf..715a2b65 100644
--- a/test/unit/descriptor/hidden_service_v3.py
+++ b/test/unit/descriptor/hidden_service_v3.py
@@ -459,3 +459,23 @@ class TestHiddenServiceDescriptorV3(unittest.TestCase):
     inner_layer = desc.decrypt(onion_address)
     self.assertEqual(3, len(inner_layer.introduction_points))
     self.assertEqual('1.1.1.1', inner_layer.introduction_points[0].link_specifiers[0].address)
+
+  @test.require.ed25519_support
+  def test_blinding(self):
+    """
+    Create a descriptor with key blinding. `This takes a while
+    https://github.com/pyca/cryptography/issues/5068`_, so we should not do
+    this more than once.
+    """
+
+    from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
+
+    expected_blinded_key = b'\xb5\xefEA\xfaI\x1a\xd8*p\xcd\x97\x01\x90O\xa8p\xd3\x10\x16\x8e-\x19\xab+\x92\xbc\xf6\xe7\x92\xc2k'
+
+    desc = HiddenServiceDescriptorV3.create(
+      identity_key = Ed25519PrivateKey.from_private_bytes(b'a' * 32),
+      blinding_nonce = b'a' * 32,
+    )
+
+    self.assertEqual(64, len(desc.signing_cert.signature))
+    self.assertEqual(expected_blinded_key, desc.signing_cert.signing_key())

    