samples validation failure
Geal opened this issue · comments
when running the samples generation with the `--test option, I get different keys than what was displayed at creation. This does not change the result of the validation though, so probably an issue when printing the keys
< left / > right
Biscuit {
symbols: []
public keys: ["
<a424157b8c00c25214ea39894bf395650d88426147679a9dd43a64d65ae5bc25
>229697541ba393f2a30559ef12b6d7d2403c8d9fe9b8164024894b5cc58638c9
"]
authority: Block {
symbols: []
version: 4
context: ""
external key:
public keys: ["
<a424157b8c00c25214ea39894bf395650d88426147679a9dd43a64d65ae5bc25
>229697541ba393f2a30559ef12b6d7d2403c8d9fe9b8164024894b5cc58638c9
"]
scopes: []
facts: [
right("read")
]
rules: []
checks: [
check if group("admin") trusting ed25519/
<a424157b8c00c25214ea39894bf395650d88426147679a9dd43a64d65ae5bc25
>229697541ba393f2a30559ef12b6d7d2403c8d9fe9b8164024894b5cc58638c9
]
}
blocks: [
Block {
symbols: []
version: 4
context: ""
external key:
<a424157b8c00c25214ea39894bf395650d88426147679a9dd43a64d65ae5bc25
>229697541ba393f2a30559ef12b6d7d2403c8d9fe9b8164024894b5cc58638c9
public keys: []
scopes: []
facts: [
group("admin")
]
rules: []
checks: [
check if right("read")
]
}
]
}
< left / > right
Biscuit {
symbols: []
public keys: ["
<3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59", "ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee", "2e0118e63beb7731dab5119280ddb117234d0cdc41b7dd5dc4241bcbbb585d14
>a424157b8c00c25214ea39894bf395650d88426147679a9dd43a64d65ae5bc25", "b7e2c7cea042431f9e7e0e0decd8503d58569330e6ed6eaa13187f518102a284", "3c1c4fa6c463ba8fb4ab60ec907d0282425d1e6c2e153df941fb917cfb877c2b
"]
authority: Block {
symbols: []
version: 4
context: ""
external key:
public keys: ["
<3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59
>a424157b8c00c25214ea39894bf395650d88426147679a9dd43a64d65ae5bc25
"]
scopes: []
facts: [
query(0)
]
rules: []
checks: [
check if true trusting previous, ed25519/
<3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59
>a424157b8c00c25214ea39894bf395650d88426147679a9dd43a64d65ae5bc25
]
}
blocks: [
Block {
symbols: []
version: 4
context: ""
external key:
<3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59
< public keys: ["ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee
>a424157b8c00c25214ea39894bf395650d88426147679a9dd43a64d65ae5bc25
> public keys: ["b7e2c7cea042431f9e7e0e0decd8503d58569330e6ed6eaa13187f518102a284
"]
scopes: []
facts: [
query(1)
]
rules: [
query(1, 2) <- query(1), query(2) trusting ed25519/
<ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee
>b7e2c7cea042431f9e7e0e0decd8503d58569330e6ed6eaa13187f518102a284
]
checks: [
check if query(2), query(3) trusting ed25519/
<ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee,
< check if query(1) trusting ed25519/3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59
>b7e2c7cea042431f9e7e0e0decd8503d58569330e6ed6eaa13187f518102a284,
> check if query(1) trusting ed25519/a424157b8c00c25214ea39894bf395650d88426147679a9dd43a64d65ae5bc25
]
},
Block {
symbols: []
version: 4
context: ""
external key:
<ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee
>b7e2c7cea042431f9e7e0e0decd8503d58569330e6ed6eaa13187f518102a284
public keys: []
scopes: []
facts: [
query(2)
]
rules: []
checks: [
check if query(2), query(3) trusting ed25519/
<ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee,
< check if query(1) trusting ed25519/3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59
>b7e2c7cea042431f9e7e0e0decd8503d58569330e6ed6eaa13187f518102a284,
> check if query(1) trusting ed25519/a424157b8c00c25214ea39894bf395650d88426147679a9dd43a64d65ae5bc25
]
},
Block {
symbols: []
version: 4
context: ""
external key:
<ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee
>b7e2c7cea042431f9e7e0e0decd8503d58569330e6ed6eaa13187f518102a284
public keys: []
scopes: []
facts: [
query(3)
]
rules: []
checks: [
check if query(2), query(3) trusting ed25519/
<ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee,
< check if query(1) trusting ed25519/3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59
>b7e2c7cea042431f9e7e0e0decd8503d58569330e6ed6eaa13187f518102a284,
> check if query(1) trusting ed25519/a424157b8c00c25214ea39894bf395650d88426147679a9dd43a64d65ae5bc25
]
},
Block {
symbols: []
version: 4
context: ""
external key:
public keys: ["
<2e0118e63beb7731dab5119280ddb117234d0cdc41b7dd5dc4241bcbbb585d14
>3c1c4fa6c463ba8fb4ab60ec907d0282425d1e6c2e153df941fb917cfb877c2b
"]
scopes: []
facts: [
query(4)
]
rules: []
checks: [
check if query(2) trusting ed25519/
<ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee,
< check if query(4) trusting ed25519/2e0118e63beb7731dab5119280ddb117234d0cdc41b7dd5dc4241bcbbb585d14
>b7e2c7cea042431f9e7e0e0decd8503d58569330e6ed6eaa13187f518102a284,
> check if query(4) trusting ed25519/3c1c4fa6c463ba8fb4ab60ec907d0282425d1e6c2e153df941fb917cfb877c2b
]
}
]
}
this only affects the third party block and pub key interning tests
this is not an issue in biscuit crypto, but with the rng in the testcases. The same generator is passed from one sample generation to the next, so if there's a difference somewhere in its usage between the generation and the test, then it will generate different token. When creating a deterministic rng specifically for this test, the bug disappears
fixed by #159