src/SelfTest/Random/Fortuna/test_FortunaAccumulator.py

   1 # -*- coding: utf-8 -*-
   2 #
   3 #  SelfTest/Random/Fortuna/test_FortunaAccumulator.py: Self-test for the FortunaAccumulator module
   4 #
   5 # =======================================================================
   6 # Copyright (C) 2008  Dwayne C. Litzenberger <dlitz@dlitz.net>
   7 #
   8 # Permission is hereby granted, free of charge, to any person obtaining
   9 # a copy of this software and associated documentation files (the
  10 # "Software"), to deal in the Software without restriction, including
  11 # without limitation the rights to use, copy, modify, merge, publish,
  12 # distribute, sublicense, and/or sell copies of the Software, and to
  13 # permit persons to whom the Software is furnished to do so.
  14 #
  15 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  16 # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  17 # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  18 # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  19 # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  20 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  21 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  22 # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  23 # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  25 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26 # =======================================================================
  27 #
  28
  29 """Self-tests for CryptoPlus.Random.Fortuna.FortunaAccumulator"""
  30
  31 __revision__ = "$Id$"
  32
  33 from CryptoPlus.Util.python_compat import *
  34
  35 import unittest
  36 from binascii import b2a_hex
  37
  38 class FortunaAccumulatorTests(unittest.TestCase):
  39     def setUp(self):
  40         global FortunaAccumulator
  41         from CryptoPlus.Random.Fortuna import FortunaAccumulator
  42
  43     def test_FortunaPool(self):
  44         """FortunaAccumulator.FortunaPool"""
  45         pool = FortunaAccumulator.FortunaPool()
  46         self.assertEqual(0, pool.length)
  47         self.assertEqual("5df6e0e2761359d30a8275058e299fcc0381534545f55cf43e41983f5d4c9456", pool.hexdigest())
  48
  49         pool.append("abc")
  50
  51         self.assertEqual(3, pool.length)
  52         self.assertEqual("4f8b42c22dd3729b519ba6f68d2da7cc5b2d606d05daed5ad5128cc03e6c6358", pool.hexdigest())
  53
  54         pool.append("dbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
  55
  56         self.assertEqual(56, pool.length)
  57         self.assertEqual("0cffe17f68954dac3a84fb1458bd5ec99209449749b2b308b7cb55812f9563af", b2a_hex(pool.digest()))
  58
  59         pool.reset()
  60
  61         self.assertEqual(0, pool.length)
  62
  63         pool.append("a" * 10**6)
  64
  65         self.assertEqual(10**6, pool.length)
  66         self.assertEqual("80d1189477563e1b5206b2749f1afe4807e5705e8bd77887a60187a712156688", b2a_hex(pool.digest()))
  67
  68     def test_which_pools(self):
  69         """FortunaAccumulator.which_pools"""
  70
  71         # which_pools(0) should fail
  72         self.assertRaises(AssertionError, FortunaAccumulator.which_pools, 0)
  73
  74         self.assertEqual(FortunaAccumulator.which_pools(1), [0])
  75         self.assertEqual(FortunaAccumulator.which_pools(2), [0, 1])
  76         self.assertEqual(FortunaAccumulator.which_pools(3), [0])
  77         self.assertEqual(FortunaAccumulator.which_pools(4), [0, 1, 2])
  78         self.assertEqual(FortunaAccumulator.which_pools(5), [0])
  79         self.assertEqual(FortunaAccumulator.which_pools(6), [0, 1])
  80         self.assertEqual(FortunaAccumulator.which_pools(7), [0])
  81         self.assertEqual(FortunaAccumulator.which_pools(8), [0, 1, 2, 3])
  82         for i in range(1, 32):
  83             self.assertEqual(FortunaAccumulator.which_pools(2L**i-1), [0])
  84             self.assertEqual(FortunaAccumulator.which_pools(2L**i), range(i+1))
  85             self.assertEqual(FortunaAccumulator.which_pools(2L**i+1), [0])
  86         self.assertEqual(FortunaAccumulator.which_pools(2L**31), range(32))
  87         self.assertEqual(FortunaAccumulator.which_pools(2L**32), range(32))
  88         self.assertEqual(FortunaAccumulator.which_pools(2L**33), range(32))
  89         self.assertEqual(FortunaAccumulator.which_pools(2L**34), range(32))
  90         self.assertEqual(FortunaAccumulator.which_pools(2L**35), range(32))
  91         self.assertEqual(FortunaAccumulator.which_pools(2L**36), range(32))
  92         self.assertEqual(FortunaAccumulator.which_pools(2L**64), range(32))
  93         self.assertEqual(FortunaAccumulator.which_pools(2L**128), range(32))
  94
  95     def test_accumulator(self):
  96         """FortunaAccumulator.FortunaAccumulator"""
  97         fa = FortunaAccumulator.FortunaAccumulator()
  98
  99         # This should fail, because we haven't seeded the PRNG yet
 100         self.assertRaises(AssertionError, fa.random_data, 1)
 101
 102         # Spread some test data across the pools (source number 42)
 103         # This would be horribly insecure in a real system.
 104         for p in range(32):
 105             fa.add_random_event(42, p, "X" * 32)
 106             self.assertEqual(32+2, fa.pools[p].length)
 107
 108         # This should still fail, because we haven't seeded the PRNG with 64 bytes yet
 109         self.assertRaises(AssertionError, fa.random_data, 1)
 110
 111         # Add more data
 112         for p in range(32):
 113             fa.add_random_event(42, p, "X" * 32)
 114             self.assertEqual((32+2)*2, fa.pools[p].length)
 115
 116         # The underlying RandomGenerator should get seeded with Pool 0
 117         #   s = SHAd256(chr(42) + chr(32) + "X"*32 + chr(42) + chr(32) + "X"*32)
 118         #     = SHA256(h'edd546f057b389155a31c32e3975e736c1dec030ddebb137014ecbfb32ed8c6f')
 119         #     = h'aef42a5dcbddab67e8efa118e1b47fde5d697f89beb971b99e6e8e5e89fbf064'
 120         # The counter and the key before reseeding is:
 121         #   C_0 = 0
 122         #   K_0 = "\x00" * 32
 123         # The counter after reseeding is 1, and the new key after reseeding is
 124         #   C_1 = 1
 125         #   K_1 = SHAd256(K_0 || s)
 126         #       = SHA256(h'0eae3e401389fab86640327ac919ecfcb067359d95469e18995ca889abc119a6')
 127         #       = h'aafe9d0409fbaaafeb0a1f2ef2014a20953349d3c1c6e6e3b962953bea6184dd'
 128         # The first block of random data, therefore, is
 129         #   r_1 = AES-256(K_1, 1)
 130         #       = AES-256(K_1, h'01000000000000000000000000000000')
 131         #       = h'b7b86bd9a27d96d7bb4add1b6b10d157'
 132         # The second block of random data is
 133         #   r_2 = AES-256(K_1, 2)
 134         #       = AES-256(K_1, h'02000000000000000000000000000000')
 135         #       = h'2350b1c61253db2f8da233be726dc15f'
 136         # The third and fourth blocks of random data (which become the new key) are
 137         #   r_3 = AES-256(K_1, 3)
 138         #       = AES-256(K_1, h'03000000000000000000000000000000')
 139         #       = h'f23ad749f33066ff53d307914fbf5b21'
 140         #   r_4 = AES-256(K_1, 4)
 141         #       = AES-256(K_1, h'04000000000000000000000000000000')
 142         #       = h'da9667c7e86ba247655c9490e9d94a7c'
 143         #   K_2 = r_3 || r_4
 144         #       = h'f23ad749f33066ff53d307914fbf5b21da9667c7e86ba247655c9490e9d94a7c'
 145         # The final counter value is 5.
 146         self.assertEqual("aef42a5dcbddab67e8efa118e1b47fde5d697f89beb971b99e6e8e5e89fbf064",
 147             fa.pools[0].hexdigest())
 148         self.assertEqual(None, fa.generator.key)
 149         self.assertEqual(0, fa.generator.counter.get_value())
 150
 151         result = fa.random_data(32)
 152
 153         self.assertEqual("b7b86bd9a27d96d7bb4add1b6b10d157" "2350b1c61253db2f8da233be726dc15f", b2a_hex(result))
 154         self.assertEqual("f23ad749f33066ff53d307914fbf5b21da9667c7e86ba247655c9490e9d94a7c", b2a_hex(fa.generator.key))
 155         self.assertEqual(5, fa.generator.counter.get_value())
 156
 157     def test_accumulator_pool_length(self):
 158         """FortunaAccumulator.FortunaAccumulator minimum pool length"""
 159         fa = FortunaAccumulator.FortunaAccumulator()
 160
 161         # This test case is hard-coded to assume that FortunaAccumulator.min_pool_size is 64.
 162         self.assertEqual(fa.min_pool_size, 64)
 163
 164         # The PRNG should not allow us to get random data from it yet
 165         self.assertRaises(AssertionError, fa.random_data, 1)
 166
 167         # Add 60 bytes, 4 at a time (2 header + 2 payload) to each of the 32 pools
 168         for i in range(15):
 169             for p in range(32):
 170                 # Add the bytes to the pool
 171                 fa.add_random_event(2, p, "XX")
 172
 173                 # The PRNG should not allow us to get random data from it yet
 174                 self.assertRaises(AssertionError, fa.random_data, 1)
 175
 176         # Add 4 more bytes to pool 0
 177         fa.add_random_event(2, 0, "XX")
 178
 179         # We should now be able to get data from the accumulator
 180         fa.random_data(1)
 181
 182 def get_tests():
 183     from CryptoPlus.SelfTest.st_common import list_test_cases
 184     return list_test_cases(FortunaAccumulatorTests)
 185
 186 if __name__ == '__main__':
 187     suite = lambda: unittest.TestSuite(get_tests())
 188     unittest.main(defaultTest='suite')
 189
 190 # vim:set ts=4 sw=4 sts=4 expandtab: