[#61] Fix incorrect keys when seed is longer than 81 trytes.

Author: todofixthis

iota/crypto/kerl/pykerl.py

@@ -4,6 +4,7 @@
 
 from sha3 import keccak_384
 from six import PY2
+from typing import MutableSequence, Optional
 
 from iota.crypto.kerl import conv
 from iota.exceptions import with_context
@@ -16,12 +17,29 @@
 TRIT_HASH_LENGTH = 243
 
 class Kerl(object):
+  k = None # type: keccak_384
+
   def __init__(self):
     self.reset()
 
   def absorb(self, trits, offset=0, length=None):
+    # type: (MutableSequence[int], int, Optional[int]) -> None
+    """
+    Absorb trits into the sponge from a buffer.
+
+    :param trits:
+      Buffer that contains the trits to absorb.
+
+    :param offset:
+      Starting offset in ``trits``.
+
+    :param length:
+      Number of trits to absorb.  Defaults to ``len(trits)``.
+    """
     # Pad input if necessary, so that it can be divided evenly into
     # hashes.
+    # Note that this operation creates a COPY of ``trits``; the
+    # incoming buffer is not modified!
     pad = ((len(trits) % TRIT_HASH_LENGTH) or TRIT_HASH_LENGTH)
     trits += [0] * (TRIT_HASH_LENGTH - pad)
 
@@ -57,6 +75,24 @@ def absorb(self, trits, offset=0, length=None):
       offset += TRIT_HASH_LENGTH
 
   def squeeze(self, trits, offset=0, length=None):
+    # type: (MutableSequence[int], int, Optional[int]) -> None
+    """
+    Squeeze trits from the sponge into a buffer.
+
+    :param trits:
+      Buffer that will hold the squeezed trits.
+
+      IMPORTANT:  If ``trits`` is too small, it will be extended!
+
+    :param offset:
+      Starting offset in ``trits``.
+
+    :param length:
+      Number of trits to squeeze from the sponge.
+
+      If not specified, defaults to :py:data:`TRIT_HASH_LENGTH` (i.e.,
+      by default, we will try to squeeze exactly 1 hash).
+    """
     # Pad input if necessary, so that it can be divided evenly into
     # hashes.
     pad = ((len(trits) % TRIT_HASH_LENGTH) or TRIT_HASH_LENGTH)
@@ -89,8 +125,8 @@ def squeeze(self, trits, offset=0, length=None):
       trits_from_hash = conv.convertToTrits(signed_hash)
       trits_from_hash[TRIT_HASH_LENGTH - 1] = 0
 
-      stop = min(TRIT_HASH_LENGTH, length)
-      trits[offset:stop] = trits_from_hash[0:stop]
+      stop = min(TRIT_HASH_LENGTH, length-offset)
+      trits[offset:offset+stop] = trits_from_hash[0:stop]
 
       flipped_bytes = bytearray(conv.convert_sign(~b) for b in unsigned_hash)
 

iota/crypto/signing.py

@@ -240,10 +240,10 @@ def __init__(self, seed, start, step, security_level):
 
     # In order to work correctly, the seed must be padded so that it is
     # a multiple of 81 trytes.
-    pad = (len(seed) % Hash.LEN) or Hash.LEN
-    self.seed = seed + b'9' * (Hash.LEN - pad)
+    seed += b'9' * (Hash.LEN - ((len(seed) % Hash.LEN) or Hash.LEN))
 
     self.security_level = security_level
+    self.seed_as_trits  = seed.as_trits()
     self.start          = start
     self.step           = step
 
@@ -262,7 +262,7 @@ def __next__(self):
       sponge = self._create_sponge(self.current)
 
       key     = [0] * (self.fragment_length * self.security_level)
-      buffer  = [0] * HASH_LENGTH # type: MutableSequence[int]
+      buffer  = [0] * len(self.seed_as_trits)
 
       for fragment_seq in range(self.security_level):
         # Squeeze trits from the buffer and append them to the key, one
@@ -275,7 +275,10 @@ def __next__(self):
 
           key_stop = key_start + HASH_LENGTH
 
-          key[key_start:key_stop] = buffer
+          # Ensure we only capture one hash from the buffer, in case
+          # it is longer than that (i.e., if the seed is longer than 81
+          # trytes).
+          key[key_start:key_stop] = buffer[0:HASH_LENGTH]
 
       private_key =\
         PrivateKey.from_trits(
@@ -302,7 +305,7 @@ def _create_sponge(self, index):
     """
     Prepares the hash sponge for the generator.
     """
-    seed = self.seed.as_trits() # type: MutableSequence[int]
+    seed = self.seed_as_trits[:]
 
     for i in range(index):
       # Treat ``seed`` like a really big number and add ``index``.

test/crypto/signing_test.py

@@ -12,20 +12,23 @@
 # noinspection SpellCheckingInspection
 class KeyGeneratorTestCase(TestCase):
   """
-  Unit tests for KeyGenerator.
+  Generating validation data using the JS lib:
 
-  Strap in, folks; SigningKeys are multiples of 2187 trytes long!
+  .. code-block:: javascript
 
-  Note to developers: to pretty-format signing keys so that this file
-  doesn't exceed 80 chars per line, run the byte string through this
-  code and then copy-paste the result into your test:
+     // Specify parameters used to generate the private key.
+     var seed = 'SEED9GOES9HERE';
+     var keyIndex = 42;
+     var securityLevel = 3;
 
-  .. code-block:: python
+     var Converter = require('./lib/crypto/converter/converter');
+     var Signing = require('./lib/crypto/signing/signing');
 
-     print('\n'.join(repr(s[i:i+66]) for i in range(0, len(s), 66)))
+     // Generate the key.
+     var privateKey = Signing.key(Converter.trits(seed), keyIndex, securityLevel);
 
-  References:
-    - http://stackoverflow.com/a/1751478/
+     // Output human-readable version.
+     console.log(Converter.trytes(privateKey));
   """
   def test_get_keys_single(self):
     """
@@ -188,7 +191,7 @@ def test_get_keys_long_seed(self):
       b'IGVTKTOFGZAIMWHNQWWENEFBAYZXBYWK9QBIWKTMO9MFZIEQVJULQILER9GRDCBLEY'
       b'OPLCYJALVJESQMIEZOVOPYYAOLJMIUCGAJLIUFKHTIHZSEOYYLTPHKSURQSWPQEESV'
       b'99QM9DUSKSMLSCCDYMDAJIAPGJIHWBROISBLAA9GZFGPPRPHSTVNJMPUWGLTZEZEGQ'
-      b'HIHMCRZILISRFGVOJMXOYRALR9ZOUAMQXGW9XPFID'
+      b'HIHMCRZILISRFGVOJMXOYRALR9ZOUAMQXGW9XPFID',
     )
 
     self.assertListEqual(