[tor/master] Move the donna-fuzzing tests into test_slow. - tor-commits

9 Sep 2016

commit 05110c9294f64b494600b056670f62ca89b52b0b
Author: Nick Mathewson nickm@torproject.org
Date:   Fri Sep 9 08:55:11 2016 -0400
Move the donna-fuzzing tests into test_slow.
This shaves another 3-4 seconds off the main-path tests for me,
    which is again worth it, according to XKCD#1204.
---
 src/test/test.h             |  1 +
 src/test/test_crypto.c      | 90 ---------------------------------------------
 src/test/test_crypto_slow.c | 80 ++++++++++++++++++++++++++++++++++++++++
 src/test/testing_common.c   | 19 ++++++++++
 4 files changed, 100 insertions(+), 90 deletions(-)

diff --git a/src/test/test.h b/src/test/test.h
index c0643e1..0b1b626 100644
--- a/src/test/test.h
+++ b/src/test/test.h
@@ -169,6 +169,7 @@ struct crypto_pk_t *pk_generate(int idx);
 #define NS_UNMOCK(name) UNMOCK(name)
extern const struct testcase_setup_t passthrough_setup;
+const struct testcase_setup_t ed25519_test_setup;
extern struct testcase_t accounting_tests[];
 extern struct testcase_t addr_tests[];
diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c
index 9cae1e8..3756fd0 100644
--- a/src/test/test_crypto.c
+++ b/src/test/test_crypto.c
@@ -2139,24 +2139,6 @@ test_crypto_curve25519_persist(void *arg)
   tor_free(tag);
 }
-static void *
-ed25519_testcase_setup(const struct testcase_t *testcase)
-{
-  crypto_ed25519_testing_force_impl(testcase->setup_data);
-  return testcase->setup_data;
-}
-static int
-ed25519_testcase_cleanup(const struct testcase_t *testcase, void *ptr)
-{
-  (void)testcase;
-  (void)ptr;
-  crypto_ed25519_testing_restore_impl();
-  return 1;
-}
-static const struct testcase_setup_t ed25519_test_setup = {
-  ed25519_testcase_setup, ed25519_testcase_cleanup
-};
-
 static void
 test_crypto_ed25519_simple(void *arg)
 {
@@ -2619,77 +2601,6 @@ test_crypto_ed25519_testvectors(void *arg)
 }
static void
-test_crypto_ed25519_fuzz_donna(void *arg)
-{
-  const unsigned iters = 1024;
-  uint8_t msg[1024];
-  unsigned i;
-  (void)arg;
-
-  tt_assert(sizeof(msg) == iters);
-  crypto_rand((char*) msg, sizeof(msg));
-
-  /* Fuzz Ed25519-donna vs ref10, alternating the implementation used to
-   * generate keys/sign per iteration.
-   */
-  for (i = 0; i < iters; ++i) {
-    const int use_donna = i & 1;
-    uint8_t blinding[32];
-    curve25519_keypair_t ckp;
-    ed25519_keypair_t kp, kp_blind, kp_curve25519;
-    ed25519_public_key_t pk, pk_blind, pk_curve25519;
-    ed25519_signature_t sig, sig_blind;
-    int bit = 0;
-
-    crypto_rand((char*) blinding, sizeof(blinding));
-
-    /* Impl. A:
-     *  1. Generate a keypair.
-     *  2. Blinded the keypair.
-     *  3. Sign a message (unblinded).
-     *  4. Sign a message (blinded).
-     *  5. Generate a curve25519 keypair, and convert it to Ed25519.
-     */
-    ed25519_set_impl_params(use_donna);
-    tt_int_op(0, OP_EQ, ed25519_keypair_generate(&kp, i&1));
-    tt_int_op(0, OP_EQ, ed25519_keypair_blind(&kp_blind, &kp, blinding));
-    tt_int_op(0, OP_EQ, ed25519_sign(&sig, msg, i, &kp));
-    tt_int_op(0, OP_EQ, ed25519_sign(&sig_blind, msg, i, &kp_blind));
-
-    tt_int_op(0, OP_EQ, curve25519_keypair_generate(&ckp, i&1));
-    tt_int_op(0, OP_EQ, ed25519_keypair_from_curve25519_keypair(
-            &kp_curve25519, &bit, &ckp));
-
-    /* Impl. B:
-     *  1. Validate the public key by rederiving it.
-     *  2. Validate the blinded public key by rederiving it.
-     *  3. Validate the unblinded signature (and test a invalid signature).
-     *  4. Validate the blinded signature.
-     *  5. Validate the public key (from Curve25519) by rederiving it.
-     */
-    ed25519_set_impl_params(!use_donna);
-    tt_int_op(0, OP_EQ, ed25519_public_key_generate(&pk, &kp.seckey));
-    tt_mem_op(pk.pubkey, OP_EQ, kp.pubkey.pubkey, 32);
-
-    tt_int_op(0, OP_EQ, ed25519_public_blind(&pk_blind, &kp.pubkey, blinding));
-    tt_mem_op(pk_blind.pubkey, OP_EQ, kp_blind.pubkey.pubkey, 32);
-
-    tt_int_op(0, OP_EQ, ed25519_checksig(&sig, msg, i, &pk));
-    sig.sig[0] ^= 15;
-    tt_int_op(-1, OP_EQ, ed25519_checksig(&sig, msg, sizeof(msg), &pk));
-
-    tt_int_op(0, OP_EQ, ed25519_checksig(&sig_blind, msg, i, &pk_blind));
-
-    tt_int_op(0, OP_EQ, ed25519_public_key_from_curve25519_public_key(
-            &pk_curve25519, &ckp.pubkey, bit));
-    tt_mem_op(pk_curve25519.pubkey, OP_EQ, kp_curve25519.pubkey.pubkey, 32);
-  }
-
- done:
-  ;
-}
-
-static void
 test_crypto_ed25519_storage(void *arg)
 {
   (void)arg;
@@ -2995,7 +2906,6 @@ struct testcase_t crypto_tests[] = {
   ED25519_TEST(convert, 0),
   ED25519_TEST(blinding, 0),
   ED25519_TEST(testvectors, 0),
-  ED25519_TEST(fuzz_donna, TT_FORK),
   { "ed25519_storage", test_crypto_ed25519_storage, 0, NULL, NULL },
   { "siphash", test_crypto_siphash, 0, NULL, NULL },
   { "failure_modes", test_crypto_failure_modes, TT_FORK, NULL, NULL },
diff --git a/src/test/test_crypto_slow.c b/src/test/test_crypto_slow.c
index 6f3e40e..26b3d40 100644
--- a/src/test/test_crypto_slow.c
+++ b/src/test/test_crypto_slow.c
@@ -503,9 +503,88 @@ test_crypto_pwbox(void *arg)
   tor_free(decoded);
 }
+static void
+test_crypto_ed25519_fuzz_donna(void *arg)
+{
+  const unsigned iters = 1024;
+  uint8_t msg[1024];
+  unsigned i;
+  (void)arg;
+
+  tt_assert(sizeof(msg) == iters);
+  crypto_rand((char*) msg, sizeof(msg));
+
+  /* Fuzz Ed25519-donna vs ref10, alternating the implementation used to
+   * generate keys/sign per iteration.
+   */
+  for (i = 0; i < iters; ++i) {
+    const int use_donna = i & 1;
+    uint8_t blinding[32];
+    curve25519_keypair_t ckp;
+    ed25519_keypair_t kp, kp_blind, kp_curve25519;
+    ed25519_public_key_t pk, pk_blind, pk_curve25519;
+    ed25519_signature_t sig, sig_blind;
+    int bit = 0;
+
+    crypto_rand((char*) blinding, sizeof(blinding));
+
+    /* Impl. A:
+     *  1. Generate a keypair.
+     *  2. Blinded the keypair.
+     *  3. Sign a message (unblinded).
+     *  4. Sign a message (blinded).
+     *  5. Generate a curve25519 keypair, and convert it to Ed25519.
+     */
+    ed25519_set_impl_params(use_donna);
+    tt_int_op(0, OP_EQ, ed25519_keypair_generate(&kp, i&1));
+    tt_int_op(0, OP_EQ, ed25519_keypair_blind(&kp_blind, &kp, blinding));
+    tt_int_op(0, OP_EQ, ed25519_sign(&sig, msg, i, &kp));
+    tt_int_op(0, OP_EQ, ed25519_sign(&sig_blind, msg, i, &kp_blind));
+
+    tt_int_op(0, OP_EQ, curve25519_keypair_generate(&ckp, i&1));
+    tt_int_op(0, OP_EQ, ed25519_keypair_from_curve25519_keypair(
+            &kp_curve25519, &bit, &ckp));
+
+    /* Impl. B:
+     *  1. Validate the public key by rederiving it.
+     *  2. Validate the blinded public key by rederiving it.
+     *  3. Validate the unblinded signature (and test a invalid signature).
+     *  4. Validate the blinded signature.
+     *  5. Validate the public key (from Curve25519) by rederiving it.
+     */
+    ed25519_set_impl_params(!use_donna);
+    tt_int_op(0, OP_EQ, ed25519_public_key_generate(&pk, &kp.seckey));
+    tt_mem_op(pk.pubkey, OP_EQ, kp.pubkey.pubkey, 32);
+
+    tt_int_op(0, OP_EQ, ed25519_public_blind(&pk_blind, &kp.pubkey, blinding));
+    tt_mem_op(pk_blind.pubkey, OP_EQ, kp_blind.pubkey.pubkey, 32);
+
+    tt_int_op(0, OP_EQ, ed25519_checksig(&sig, msg, i, &pk));
+    sig.sig[0] ^= 15;
+    tt_int_op(-1, OP_EQ, ed25519_checksig(&sig, msg, sizeof(msg), &pk));
+
+    tt_int_op(0, OP_EQ, ed25519_checksig(&sig_blind, msg, i, &pk_blind));
+
+    tt_int_op(0, OP_EQ, ed25519_public_key_from_curve25519_public_key(
+            &pk_curve25519, &ckp.pubkey, bit));
+    tt_mem_op(pk_curve25519.pubkey, OP_EQ, kp_curve25519.pubkey.pubkey, 32);
+  }
+
+ done:
+  ;
+}
+
 #define CRYPTO_LEGACY(name)                                            \
   { #name, test_crypto_ ## name , 0, NULL, NULL }
+#define ED25519_TEST_ONE(name, fl, which)                               \
+  { #name "/ed25519_" which, test_crypto_ed25519_ ## name, (fl),        \
+    &ed25519_test_setup, (void*)which }
+
+#define ED25519_TEST(name, fl)                  \
+  ED25519_TEST_ONE(name, (fl), "donna"),        \
+  ED25519_TEST_ONE(name, (fl), "ref10")
+
 struct testcase_t slow_crypto_tests[] = {
   CRYPTO_LEGACY(s2k_rfc2440),
 #ifdef HAVE_LIBSCRYPT
@@ -527,6 +606,7 @@ struct testcase_t slow_crypto_tests[] = {
   { "scrypt_vectors", test_crypto_scrypt_vectors, 0, NULL, NULL },
   { "pbkdf2_vectors", test_crypto_pbkdf2_vectors, 0, NULL, NULL },
   { "pwbox", test_crypto_pwbox, 0, NULL, NULL },
+  ED25519_TEST(fuzz_donna, TT_FORK),
   END_OF_TESTCASES
 };
diff --git a/src/test/testing_common.c b/src/test/testing_common.c
index dedacf8..2858c9e 100644
--- a/src/test/testing_common.c
+++ b/src/test/testing_common.c
@@ -213,6 +213,25 @@ passthrough_test_cleanup(const struct testcase_t *testcase, void *ptr)
   return 1;
 }
+
+static void *
+ed25519_testcase_setup(const struct testcase_t *testcase)
+{
+  crypto_ed25519_testing_force_impl(testcase->setup_data);
+  return testcase->setup_data;
+}
+static int
+ed25519_testcase_cleanup(const struct testcase_t *testcase, void *ptr)
+{
+  (void)testcase;
+  (void)ptr;
+  crypto_ed25519_testing_restore_impl();
+  return 1;
+}
+const struct testcase_setup_t ed25519_test_setup = {
+  ed25519_testcase_setup, ed25519_testcase_cleanup
+};
+
 const struct testcase_setup_t passthrough_setup = {
   passthrough_test_setup, passthrough_test_cleanup
 };

    