bitcoin/src/test/random_tests.cpp

// Copyright (c) 2017 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

#include "random.h"

#include "test/test_bitcoin.h"

#include <boost/test/unit_test.hpp>

BOOST_FIXTURE_TEST_SUITE(random_tests, BasicTestingSetup)

BOOST_AUTO_TEST_CASE(osrandom_tests)
{
    BOOST_CHECK(Random_SanityCheck());
}

BOOST_AUTO_TEST_CASE(fastrandom_tests)
{
    // Check that deterministic FastRandomContexts are deterministic
    FastRandomContext ctx1(true);
    FastRandomContext ctx2(true);

    BOOST_CHECK_EQUAL(ctx1.rand32(), ctx2.rand32());
    BOOST_CHECK_EQUAL(ctx1.rand32(), ctx2.rand32());
    BOOST_CHECK_EQUAL(ctx1.rand64(), ctx2.rand64());
    BOOST_CHECK_EQUAL(ctx1.randbits(3), ctx2.randbits(3));
    BOOST_CHECK_EQUAL(ctx1.randbits(7), ctx2.randbits(7));
    BOOST_CHECK_EQUAL(ctx1.rand32(), ctx2.rand32());
    BOOST_CHECK_EQUAL(ctx1.randbits(3), ctx2.randbits(3));

    // Check that a nondeterministic ones are not
    FastRandomContext ctx3;
    FastRandomContext ctx4;
    BOOST_CHECK(ctx3.rand64() != ctx4.rand64()); // extremely unlikely to be equal
}

BOOST_AUTO_TEST_CASE(fastrandom_randbits)
{
    FastRandomContext ctx1;
    FastRandomContext ctx2;
    for (int bits = 0; bits < 63; ++bits) {
        for (int j = 0; j < 1000; ++j) {
            uint64_t rangebits = ctx1.randbits(bits);
            BOOST_CHECK_EQUAL(rangebits >> bits, 0);
            uint64_t range = ((uint64_t)1) << bits | rangebits;
            uint64_t rand = ctx2.randrange(range);
            BOOST_CHECK(rand < range);
        }
    }
}

BOOST_AUTO_TEST_SUITE_END()
util: Specific GetOSRandom for Linux/FreeBSD/OpenBSD These are available in sandboxes without access to files or devices. Also [they are safer and more straightforward](https://en.wikipedia.org/wiki/Entropy-supplying_system_calls) to use than `/dev/urandom` as reading from a file has quite a few edge cases: - Linux: `getrandom(buf, buflen, 0)`. [getrandom(2)](http://man7.org/linux/man-pages/man2/getrandom.2.html) was introduced in version 3.17 of the Linux kernel. - OpenBSD: `getentropy(buf, buflen)`. The [getentropy(2)](http://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2) function appeared in OpenBSD 5.6. - FreeBSD and NetBSD: `sysctl(KERN_ARND)`. Not sure when this was added but it has existed for quite a while. Alternatives: - Linux has sysctl `CTL_KERN` / `KERN_RANDOM` / `RANDOM_UUID` which gives 16 bytes of randomness. This may be available on older kernels, however [sysctl is deprecated on Linux](https://lwn.net/Articles/605392/) and even removed in some distros so we shouldn't use it. Add tests for `GetOSRand()`: - Test that no error happens (otherwise `RandFailure()` which aborts) - Test that all 32 bytes are overwritten (initialize with zeros, try multiple times) Discussion: - When to use these? Currently they are always used when available. Another option would be to use them only when `/dev/urandom` is not available. But this would mean these code paths receive less testing, and I'm not sure there is any reason to prefer `/dev/urandom`. Closes: #9676 2017-02-21 08:36:37 -08:00			`// Copyright (c) 2017 The Bitcoin Core developers`
			`// Distributed under the MIT software license, see the accompanying`
			`// file COPYING or http://www.opensource.org/licenses/mit-license.php.`

			`#include "random.h"`

			`#include "test/test_bitcoin.h"`

			`#include <boost/test/unit_test.hpp>`

			`BOOST_FIXTURE_TEST_SUITE(random_tests, BasicTestingSetup)`

			`BOOST_AUTO_TEST_CASE(osrandom_tests)`
			`{`
sanity: Move OS random to sanity check function Move the OS random test to a sanity check function that is called every time bitcoind is initialized. Keep `src/test/random_tests.cpp` for the case that later random tests are added, and keep a rudimentary test that just calls the sanity check. 2017-02-21 23:02:50 -08:00			`BOOST_CHECK(Random_SanityCheck());`
util: Specific GetOSRandom for Linux/FreeBSD/OpenBSD These are available in sandboxes without access to files or devices. Also [they are safer and more straightforward](https://en.wikipedia.org/wiki/Entropy-supplying_system_calls) to use than `/dev/urandom` as reading from a file has quite a few edge cases: - Linux: `getrandom(buf, buflen, 0)`. [getrandom(2)](http://man7.org/linux/man-pages/man2/getrandom.2.html) was introduced in version 3.17 of the Linux kernel. - OpenBSD: `getentropy(buf, buflen)`. The [getentropy(2)](http://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2) function appeared in OpenBSD 5.6. - FreeBSD and NetBSD: `sysctl(KERN_ARND)`. Not sure when this was added but it has existed for quite a while. Alternatives: - Linux has sysctl `CTL_KERN` / `KERN_RANDOM` / `RANDOM_UUID` which gives 16 bytes of randomness. This may be available on older kernels, however [sysctl is deprecated on Linux](https://lwn.net/Articles/605392/) and even removed in some distros so we shouldn't use it. Add tests for `GetOSRand()`: - Test that no error happens (otherwise `RandFailure()` which aborts) - Test that all 32 bytes are overwritten (initialize with zeros, try multiple times) Discussion: - When to use these? Currently they are always used when available. Another option would be to use them only when `/dev/urandom` is not available. But this would mean these code paths receive less testing, and I'm not sure there is any reason to prefer `/dev/urandom`. Closes: #9676 2017-02-21 08:36:37 -08:00			`}`

Switch FastRandomContext to ChaCha20 2017-02-15 17:45:22 -08:00			`BOOST_AUTO_TEST_CASE(fastrandom_tests)`
			`{`
			`// Check that deterministic FastRandomContexts are deterministic`
			`FastRandomContext ctx1(true);`
			`FastRandomContext ctx2(true);`

			`BOOST_CHECK_EQUAL(ctx1.rand32(), ctx2.rand32());`
			`BOOST_CHECK_EQUAL(ctx1.rand32(), ctx2.rand32());`
			`BOOST_CHECK_EQUAL(ctx1.rand64(), ctx2.rand64());`
			`BOOST_CHECK_EQUAL(ctx1.randbits(3), ctx2.randbits(3));`
			`BOOST_CHECK_EQUAL(ctx1.randbits(7), ctx2.randbits(7));`
			`BOOST_CHECK_EQUAL(ctx1.rand32(), ctx2.rand32());`
			`BOOST_CHECK_EQUAL(ctx1.randbits(3), ctx2.randbits(3));`
util: Specific GetOSRandom for Linux/FreeBSD/OpenBSD These are available in sandboxes without access to files or devices. Also [they are safer and more straightforward](https://en.wikipedia.org/wiki/Entropy-supplying_system_calls) to use than `/dev/urandom` as reading from a file has quite a few edge cases: - Linux: `getrandom(buf, buflen, 0)`. [getrandom(2)](http://man7.org/linux/man-pages/man2/getrandom.2.html) was introduced in version 3.17 of the Linux kernel. - OpenBSD: `getentropy(buf, buflen)`. The [getentropy(2)](http://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2) function appeared in OpenBSD 5.6. - FreeBSD and NetBSD: `sysctl(KERN_ARND)`. Not sure when this was added but it has existed for quite a while. Alternatives: - Linux has sysctl `CTL_KERN` / `KERN_RANDOM` / `RANDOM_UUID` which gives 16 bytes of randomness. This may be available on older kernels, however [sysctl is deprecated on Linux](https://lwn.net/Articles/605392/) and even removed in some distros so we shouldn't use it. Add tests for `GetOSRand()`: - Test that no error happens (otherwise `RandFailure()` which aborts) - Test that all 32 bytes are overwritten (initialize with zeros, try multiple times) Discussion: - When to use these? Currently they are always used when available. Another option would be to use them only when `/dev/urandom` is not available. But this would mean these code paths receive less testing, and I'm not sure there is any reason to prefer `/dev/urandom`. Closes: #9676 2017-02-21 08:36:37 -08:00
Switch FastRandomContext to ChaCha20 2017-02-15 17:45:22 -08:00			`// Check that a nondeterministic ones are not`
			`FastRandomContext ctx3;`
			`FastRandomContext ctx4;`
			`BOOST_CHECK(ctx3.rand64() != ctx4.rand64()); // extremely unlikely to be equal`
			`}`

Add a FastRandomContext::randrange and use it 2017-02-25 12:16:58 -08:00			`BOOST_AUTO_TEST_CASE(fastrandom_randbits)`
			`{`
			`FastRandomContext ctx1;`
			`FastRandomContext ctx2;`
			`for (int bits = 0; bits < 63; ++bits) {`
			`for (int j = 0; j < 1000; ++j) {`
			`uint64_t rangebits = ctx1.randbits(bits);`
			`BOOST_CHECK_EQUAL(rangebits >> bits, 0);`
			`uint64_t range = ((uint64_t)1) << bits \| rangebits;`
			`uint64_t rand = ctx2.randrange(range);`
			`BOOST_CHECK(rand < range);`
			`}`
			`}`
			`}`

Switch FastRandomContext to ChaCha20 2017-02-15 17:45:22 -08:00			`BOOST_AUTO_TEST_SUITE_END()`