[tor-commits] [stem/master] Test and fix key blinding with python 3.x
atagar at torproject.org
atagar at torproject.org
Wed Nov 20 22:37:28 UTC 2019
commit 36a3ca247796638bbdf1f82f4c29d562ac3229fc
Author: Damian Johnson <atagar at torproject.org>
Date: Wed Nov 20 14:09:33 2019 -0800
Test and fix key blinding with python 3.x
Each key blinding takes a couple seconds so I avoided it in our unit tests, but
we should perform one instance for coverage. Testing with a static key and
fixing the python 3.x normalization issue this surfaced.
---
stem/descriptor/hidden_service.py | 2 +-
stem/util/slow_ed25519.py | 13 +++++++++++--
test/unit/descriptor/hidden_service_v3.py | 20 ++++++++++++++++++++
3 files changed, 32 insertions(+), 3 deletions(-)
diff --git a/stem/descriptor/hidden_service.py b/stem/descriptor/hidden_service.py
index de98c9cf..94edeba4 100644
--- a/stem/descriptor/hidden_service.py
+++ b/stem/descriptor/hidden_service.py
@@ -924,7 +924,7 @@ class HiddenServiceDescriptorV3(BaseHiddenServiceDescriptor):
::
- HiddenServiceDescriptorV3(blinding_nonce = os.urandom(32))
+ HiddenServiceDescriptorV3.create(blinding_nonce = os.urandom(32))
:param dict attr: keyword/value mappings to be included in plaintext descriptor
:param list exclude: mandatory keywords to exclude from the descriptor, this
diff --git a/stem/util/slow_ed25519.py b/stem/util/slow_ed25519.py
index 9e9864d2..b23bf57c 100644
--- a/stem/util/slow_ed25519.py
+++ b/stem/util/slow_ed25519.py
@@ -11,12 +11,21 @@
# https://github.com/pyca/cryptography/issues/5068
import hashlib
+import stem.prereq
b = 256
q = 2 ** 255 - 19
l = 2 ** 252 + 27742317777372353535851937790883648493
+def int_to_byte(val):
+ """
+ Convert an integer to its byte value in an interpreter agnostic way.
+ """
+
+ return bytes([val]) if stem.prereq.is_python_3() else chr(val)
+
+
def H(m):
return hashlib.sha512(m).digest()
@@ -84,7 +93,7 @@ def scalarmult(P, e):
def encodeint(y):
bits = [(y >> i) & 1 for i in range(b)]
- return b''.join([chr(sum([bits[i * 8 + j] << j for j in range(8)])) for i in range(b // 8)])
+ return b''.join([int_to_byte(sum([bits[i * 8 + j] << j for j in range(8)])) for i in range(b // 8)])
def encodepoint(P):
@@ -92,7 +101,7 @@ def encodepoint(P):
y = P[1]
bits = [(y >> i) & 1 for i in range(b - 1)] + [x & 1]
- return b''.join([chr(sum([bits[i * 8 + j] << j for j in range(8)])) for i in range(b // 8)])
+ return b''.join([int_to_byte(sum([bits[i * 8 + j] << j for j in range(8)])) for i in range(b // 8)])
def bit(h, i):
diff --git a/test/unit/descriptor/hidden_service_v3.py b/test/unit/descriptor/hidden_service_v3.py
index 9ef2f0bf..715a2b65 100644
--- a/test/unit/descriptor/hidden_service_v3.py
+++ b/test/unit/descriptor/hidden_service_v3.py
@@ -459,3 +459,23 @@ class TestHiddenServiceDescriptorV3(unittest.TestCase):
inner_layer = desc.decrypt(onion_address)
self.assertEqual(3, len(inner_layer.introduction_points))
self.assertEqual('1.1.1.1', inner_layer.introduction_points[0].link_specifiers[0].address)
+
+ @test.require.ed25519_support
+ def test_blinding(self):
+ """
+ Create a descriptor with key blinding. `This takes a while
+ <https://github.com/pyca/cryptography/issues/5068>`_, so we should not do
+ this more than once.
+ """
+
+ from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
+
+ expected_blinded_key = b'\xb5\xefEA\xfaI\x1a\xd8*p\xcd\x97\x01\x90O\xa8p\xd3\x10\x16\x8e-\x19\xab+\x92\xbc\xf6\xe7\x92\xc2k'
+
+ desc = HiddenServiceDescriptorV3.create(
+ identity_key = Ed25519PrivateKey.from_private_bytes(b'a' * 32),
+ blinding_nonce = b'a' * 32,
+ )
+
+ self.assertEqual(64, len(desc.signing_cert.signature))
+ self.assertEqual(expected_blinded_key, desc.signing_cert.signing_key())
More information about the tor-commits
mailing list