|
|
@ -16,24 +16,10 @@ package p256 |
|
|
|
|
|
|
|
|
|
|
|
import ( |
|
|
|
import ( |
|
|
|
"bytes" |
|
|
|
"bytes" |
|
|
|
"context" |
|
|
|
|
|
|
|
"crypto/rand" |
|
|
|
"crypto/rand" |
|
|
|
"encoding/hex" |
|
|
|
"encoding/hex" |
|
|
|
"encoding/json" |
|
|
|
|
|
|
|
"io/ioutil" |
|
|
|
|
|
|
|
"math" |
|
|
|
"math" |
|
|
|
"os" |
|
|
|
|
|
|
|
"testing" |
|
|
|
"testing" |
|
|
|
|
|
|
|
|
|
|
|
"github.com/golang/protobuf/jsonpb" |
|
|
|
|
|
|
|
"github.com/golang/protobuf/proto" |
|
|
|
|
|
|
|
"github.com/google/keytransparency/core/testdata" |
|
|
|
|
|
|
|
"github.com/google/trillian/crypto/keys" |
|
|
|
|
|
|
|
"github.com/google/trillian/crypto/keys/der" |
|
|
|
|
|
|
|
"github.com/google/trillian/crypto/keyspb" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
pb "github.com/google/keytransparency/core/api/v1/keytransparency_go_proto" |
|
|
|
|
|
|
|
_ "github.com/google/trillian/crypto/keys/der/proto" |
|
|
|
|
|
|
|
) |
|
|
|
) |
|
|
|
|
|
|
|
|
|
|
|
const ( |
|
|
|
const ( |
|
|
@ -80,76 +66,6 @@ func TestH2(t *testing.T) { |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func TestNewFromWrappedKey(t *testing.T) { |
|
|
|
|
|
|
|
ctx := context.Background() |
|
|
|
|
|
|
|
for _, tc := range []struct { |
|
|
|
|
|
|
|
desc string |
|
|
|
|
|
|
|
wantFromWrappedErr bool |
|
|
|
|
|
|
|
spec *keyspb.Specification |
|
|
|
|
|
|
|
keygen keys.ProtoGenerator |
|
|
|
|
|
|
|
}{ |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
desc: "DER with ECDSA spec", |
|
|
|
|
|
|
|
spec: &keyspb.Specification{ |
|
|
|
|
|
|
|
Params: &keyspb.Specification_EcdsaParams{ |
|
|
|
|
|
|
|
EcdsaParams: &keyspb.Specification_ECDSA{ |
|
|
|
|
|
|
|
Curve: keyspb.Specification_ECDSA_P256, |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
keygen: func(ctx context.Context, spec *keyspb.Specification) (proto.Message, error) { |
|
|
|
|
|
|
|
return der.NewProtoFromSpec(spec) |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
desc: "DER with Non-ECDSA spec", |
|
|
|
|
|
|
|
wantFromWrappedErr: true, |
|
|
|
|
|
|
|
spec: &keyspb.Specification{ |
|
|
|
|
|
|
|
Params: &keyspb.Specification_RsaParams{ |
|
|
|
|
|
|
|
RsaParams: &keyspb.Specification_RSA{Bits: 2048}, |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
keygen: func(ctx context.Context, spec *keyspb.Specification) (proto.Message, error) { |
|
|
|
|
|
|
|
return der.NewProtoFromSpec(spec) |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
} { |
|
|
|
|
|
|
|
t.Run(tc.desc, func(t *testing.T) { |
|
|
|
|
|
|
|
// Generate VRF key.
|
|
|
|
|
|
|
|
wrapped, err := tc.keygen(ctx, tc.spec) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
t.Fatalf("keygen failed: %v", err) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
vrfPriv, err := NewFromWrappedKey(ctx, wrapped) |
|
|
|
|
|
|
|
if got, want := err != nil, tc.wantFromWrappedErr; got != want { |
|
|
|
|
|
|
|
t.Errorf("NewFromWrappedKey (): %v, want err: %v", err, want) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
return |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
vrfPubDER, err := der.MarshalPublicKey(vrfPriv.Public()) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
t.Fatalf("MarshalPublicKey failed: %v", err) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
vrfPub, err := NewVRFVerifierFromRawKey(vrfPubDER) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
t.Fatalf("NewVRFVerifierFromRawKey(): %v", err) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
// Test that the public and private components match.
|
|
|
|
|
|
|
|
m := []byte("foobar") |
|
|
|
|
|
|
|
indexA, proof := vrfPriv.Evaluate(m) |
|
|
|
|
|
|
|
indexB, err := vrfPub.ProofToHash(m, proof) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
t.Fatalf("ProofToHash(): %v", err) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if got, want := indexB, indexA; got != want { |
|
|
|
|
|
|
|
t.Errorf("ProofToHash(%s, %x): %x, want %x", m, proof, got, want) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
}) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func TestVRF(t *testing.T) { |
|
|
|
func TestVRF(t *testing.T) { |
|
|
|
k, pk := GenerateKey() |
|
|
|
k, pk := GenerateKey() |
|
|
|
|
|
|
|
|
|
|
@ -184,43 +100,6 @@ func TestVRF(t *testing.T) { |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Test vectors in core/testdata are generated by running
|
|
|
|
|
|
|
|
// go generate ./core/testdata
|
|
|
|
|
|
|
|
func TestProofToHash(t *testing.T) { |
|
|
|
|
|
|
|
directoryFile := "../../../test/testdata/directory.json" |
|
|
|
|
|
|
|
f, err := os.Open(directoryFile) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
t.Fatalf("ReadFile(%v): %v", directoryFile, err) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
defer f.Close() |
|
|
|
|
|
|
|
var directory pb.Directory |
|
|
|
|
|
|
|
if err := jsonpb.Unmarshal(f, &directory); err != nil { |
|
|
|
|
|
|
|
t.Fatalf("jsonpb.Unmarshal(): %v", err) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
pk, err := NewVRFVerifierFromRawKey(directory.GetVrf().GetDer()) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
t.Fatalf("NewVRFVerifier failure: %v", err) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
respFile := "../../../test/testdata/getentryresponse.json" |
|
|
|
|
|
|
|
b, err := ioutil.ReadFile(respFile) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
t.Fatalf("ReadFile(%v): %v", respFile, err) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
var getUserResponses []testdata.ResponseVector |
|
|
|
|
|
|
|
if err := json.Unmarshal(b, &getUserResponses); err != nil { |
|
|
|
|
|
|
|
t.Fatalf("Unmarshal(): %v", err) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
for _, tc := range getUserResponses { |
|
|
|
|
|
|
|
t.Run(tc.Desc, func(t *testing.T) { |
|
|
|
|
|
|
|
_, err := pk.ProofToHash([]byte(tc.UserIDs[0]), tc.GetUserResp.GetLeaf().GetVrfProof()) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
t.Errorf("ProofToHash(%v): %v)", tc.Desc, err) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
}) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func TestReadFromOpenSSL(t *testing.T) { |
|
|
|
func TestReadFromOpenSSL(t *testing.T) { |
|
|
|
for _, tc := range []struct { |
|
|
|
for _, tc := range []struct { |
|
|
|
priv string |
|
|
|
priv string |
|
|
|