commit e6d51d271ff295d4d48861a52bb00fce70629565
parent 920de01ad2fcdc07e33c36700cd99cd39ea5dde6
Author: Bernd Fix <brf@hoi-polloi.org>
Date: Thu, 20 Jul 2023 07:12:52 +0200
EDKEY: derived private key clamping fixed.
Diffstat:
5 files changed, 279 insertions(+), 164 deletions(-)
diff --git a/src/gnunet/crypto/gns_edkey.go b/src/gnunet/crypto/gns_edkey.go
@@ -1,5 +1,5 @@
// This file is part of gnunet-go, a GNUnet-implementation in Golang.
-// Copyright (C) 2019-2022 Bernd Fix >Y<
+// Copyright (C) 2019-2023 Bernd Fix >Y<
//
// gnunet-go is free software: you can redistribute it and/or modify it
// under the terms of the GNU Affero General Public License as published
@@ -53,17 +53,17 @@ func init() {
}
//----------------------------------------------------------------------
-// Private key
+// Public key
//----------------------------------------------------------------------
-// EDKEYPublicImpl implements the public key scheme.
+// EDKEYPublicImpl implements the EDKEY public key scheme.
type EDKEYPublicImpl struct {
ztype enums.GNSType
pub *ed25519.PublicKey
}
-// Init instance from binary data. The data represents a big integer
-// (in big-endian notation) for the private scalar d.
+// Init instance from binary data. The data represents a binary
+// representation of a curve point (as defined in RFC 8032).
func (pk *EDKEYPublicImpl) Init(data []byte) error {
pk.ztype = ZONE_EDKEY
pk.pub = ed25519.NewPublicKeyFromBytes(data)
@@ -79,8 +79,8 @@ func (pk *EDKEYPublicImpl) Bytes() []byte {
// Derive a public key from this key based on a big integer
// (key blinding). Returns the derived key and the blinding value.
func (pk *EDKEYPublicImpl) Derive(h *math.Int) (dPk ZoneKeyImpl, hOut *math.Int, err error) {
- // limit to allowed value range (see LSD0001 spec)
- hOut = h.SetBit(255, 0)
+ // limit to allowed value range (see LSD0001 spec, 5.1.2.)
+ hOut = h.Mod(ed25519.GetCurve().N)
derived := pk.pub.Mult(hOut)
dPk = &EDKEYPublicImpl{
pk.ztype,
@@ -178,8 +178,8 @@ type EDKEYPrivateImpl struct {
prv *ed25519.PrivateKey // private key
}
-// Init instance from binary data. The data represents a big integer
-// (in big-endian notation) for the private scalar d.
+// Init instance from binary data. The data represents the seed
+// used to generate the private scalar and nonce (see RFC 8032).
func (pk *EDKEYPrivateImpl) Init(data []byte) error {
pk.seed = util.Clone(data)
pk.prv = ed25519.NewPrivateKeyFromSeed(data)
@@ -208,9 +208,14 @@ func (pk *EDKEYPrivateImpl) Public() ZoneKeyImpl {
// (key blinding). Returns the derived key and the blinding value.
func (pk *EDKEYPrivateImpl) Derive(h *math.Int) (dPk ZonePrivateImpl, hOut *math.Int, err error) {
// limit to allowed value range (see LSD0001 spec 5.1.2)
- hOut = h.SetBit(255, 0)
+ hOut = h.Mod(ed25519.GetCurve().N)
+
// derive private key
- derived := pk.prv.Mult(hOut)
+ a1 := pk.prv.D.Rsh(3)
+ a2 := h.Mul(a1).Mod(ed25519.GetCurve().N)
+ dd := a2.Lsh(3)
+ derived := ed25519.NewPrivateKeyFromD(dd)
+
// derive nonce
md := sha256.Sum256(append(pk.prv.Nonce, h.Bytes()...))
derived.Nonce = md[:]
diff --git a/src/gnunet/crypto/gns_edkey_test.go b/src/gnunet/crypto/gns_edkey_test.go
@@ -22,7 +22,11 @@ import (
"bytes"
"encoding/hex"
"gnunet/enums"
+ "gnunet/util"
"testing"
+
+ "github.com/bfix/gospel/crypto/ed25519"
+ "github.com/bfix/gospel/math"
)
func TestEdKeyCreate(t *testing.T) {
@@ -58,3 +62,38 @@ func TestDeriveEDKEY(t *testing.T) {
t.Fatal("derive mismatch")
}
}
+
+// test 'DerivedSign' from LSD0001, 5.1.2. EDKEY
+func TestDerivedSign(t *testing.T) {
+
+ for i := 0; i < 20; i++ {
+ // generate clamped private scalar and keys (EdDSA)
+ a := util.NewRndArray(32)
+ a[31] &= 248
+ a[0] &= 127
+ a[0] |= 64
+ d := math.NewIntFromBytes(a)
+ zp := ed25519.NewPrivateKeyFromD(d)
+ zk := zp.Public()
+
+ // calculate blinding factor
+ h := math.NewIntRnd(ed25519N)
+
+ // derive keys
+ dzp := zp.Mult(h)
+ dzk := zk.Mult(h)
+ if !dzk.Q.Equals(dzp.Public().Q) {
+ t.Fatal("derive")
+ }
+
+ // per draft:
+ a1 := d.Rsh(3)
+ a2 := h.Mul(a1).Mod(ed25519N)
+ dd := a2.Lsh(3)
+ dzp2 := ed25519.NewPrivateKeyFromD(dd)
+ dzk2 := dzp2.Public()
+ if !dzk.Q.Equals(dzk2.Q) {
+ t.Fatal("mismatch")
+ }
+ }
+}
diff --git a/src/gnunet/service/gns/rfc-data_test.go b/src/gnunet/service/gns/rfc-data_test.go
@@ -237,8 +237,8 @@ var tests = []*TestCase{
Ztld: "000G051WYJWJ80S04BRDRM2R2H9VGQCKP13VCFA4DHC4BJT88HEXQ5K8HW",
Label: "testdelegation",
Dzprv: []byte{
- 0x0b, 0x1b, 0x29, 0xd4, 0x23, 0x0b, 0x10, 0xa8, 0xec, 0x4d, 0xa3, 0xc8, 0x6e, 0xdb, 0x88, 0xea,
- 0x8e, 0xb7, 0x1a, 0xc0, 0x34, 0xf4, 0x8d, 0x74, 0xa1, 0xa0, 0x16, 0x2d, 0xb4, 0x4e, 0x47, 0xd1,
+ 0x3b, 0x1b, 0x29, 0xd4, 0x23, 0x0b, 0x10, 0xa8, 0xec, 0x4d, 0xa3, 0xc8, 0x6e, 0xdb, 0x88, 0xea,
+ 0xcd, 0x54, 0x08, 0x5c, 0x1d, 0xdb, 0x63, 0xf7, 0xa9, 0xd7, 0x3f, 0x7c, 0xcb, 0x2f, 0xc3, 0x98,
},
Dzpub: []byte{
0x9b, 0xf2, 0x33, 0x19, 0x8c, 0x6d, 0x53, 0xbb, 0xdb, 0xac, 0x49, 0x5c, 0xab, 0xd9, 0x10, 0x49,
@@ -252,7 +252,7 @@ var tests = []*TestCase{
},
Recs: []*Rec{
{
- Expire: []byte{0x00, 0x08, 0xc0, 0x6f, 0xb9, 0x28, 0x15, 0x80},
+ Expire: []byte{0x00, 0x1c, 0xee, 0x8c, 0x10, 0xe2, 0x59, 0x80},
Size: []byte{0x00, 0x20},
Type: []byte{0x00, 0x01, 0x00, 0x00},
Flags: []byte{0x00, 0x01},
@@ -263,39 +263,38 @@ var tests = []*TestCase{
},
},
Rdata: []byte{
- 0x00, 0x08, 0xc0, 0x6f, 0xb9, 0x28, 0x15, 0x80, 0x00, 0x20, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00,
+ 0x00, 0x1c, 0xee, 0x8c, 0x10, 0xe2, 0x59, 0x80, 0x00, 0x20, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00,
0x21, 0xe3, 0xb3, 0x0f, 0xf9, 0x3b, 0xc6, 0xd3, 0x5a, 0xc8, 0xc6, 0xe0, 0xe1, 0x3a, 0xfd, 0xff,
0x79, 0x4c, 0xb7, 0xb4, 0x4b, 0xbb, 0xc7, 0x48, 0xd2, 0x59, 0xd0, 0xa0, 0x28, 0x4d, 0xbe, 0x84,
},
Enc: &Enc{
Nonce: []byte{
- 0x98, 0x13, 0x2e, 0xa8, 0x68, 0x59, 0xd3, 0x5c,
- 0x88, 0xbf, 0xd3, 0x17, 0xfa, 0x99, 0x1b, 0xcb,
+ 0x98, 0x13, 0x2e, 0xa8, 0x68, 0x59, 0xd3, 0x5c, 0x88, 0xbf, 0xd3, 0x17, 0xfa, 0x99, 0x1b, 0xcb,
},
- Expire: []byte{0x00, 0x08, 0xc0, 0x6f, 0xb9, 0x28, 0x15, 0x80},
+ Expire: []byte{0x00, 0x1c, 0xee, 0x8c, 0x10, 0xe2, 0x59, 0x80},
Key: []byte{
0x85, 0xc4, 0x29, 0xa9, 0x56, 0x7a, 0xa6, 0x33, 0x41, 0x1a, 0x96, 0x91, 0xe9, 0x09, 0x4c, 0x45,
0x28, 0x16, 0x72, 0xbe, 0x58, 0x60, 0x34, 0xaa, 0xe4, 0xa2, 0xa2, 0xcc, 0x71, 0x61, 0x59, 0xe2,
},
},
Bdata: []byte{
- 0x9c, 0xc4, 0x55, 0xa1, 0x29, 0x33, 0x19, 0x43, 0x59, 0x93, 0xcb, 0x3d, 0x67, 0x17, 0x9e, 0xc0,
- 0x6e, 0xa8, 0xd8, 0x89, 0x4e, 0x90, 0x4a, 0x0c, 0x35, 0xe9, 0x1c, 0x5c, 0x2f, 0xf2, 0xed, 0x93,
- 0x9c, 0xc2, 0xf8, 0x30, 0x12, 0x31, 0xf4, 0x4e, 0x59, 0x2a, 0x4a, 0xc8, 0x7e, 0x49, 0x98, 0xb9,
- 0x46, 0x25, 0xc6, 0x4a, 0xf5, 0x16, 0x86, 0xa2, 0xb3, 0x6a, 0x2b, 0x28, 0x92, 0xd4, 0x4f, 0x2d,
+ 0x57, 0x7c, 0xc6, 0xc9, 0x5a, 0x14, 0xe7, 0x04, 0x09, 0xf2, 0x0b, 0x01, 0x67, 0xe6, 0x36, 0xd0,
+ 0x10, 0x80, 0x7c, 0x4f, 0x00, 0x37, 0x2d, 0x69, 0x8c, 0x82, 0x6b, 0xd9, 0x2b, 0xc2, 0x2b, 0xd6,
+ 0xbb, 0x45, 0xe5, 0x27, 0x7c, 0x01, 0x88, 0x1d, 0x6a, 0x43, 0x60, 0x68, 0xe4, 0xdd, 0xf1, 0xc6,
+ 0xb7, 0xd1, 0x41, 0x6f, 0xaf, 0xa6, 0x69, 0x7c, 0x25, 0xed, 0xd9, 0xea, 0xe9, 0x91, 0x67, 0xc3,
},
RRblock: []byte{
0x00, 0x00, 0x00, 0xb0, 0x00, 0x01, 0x00, 0x14, 0x9b, 0xf2, 0x33, 0x19, 0x8c, 0x6d, 0x53, 0xbb,
0xdb, 0xac, 0x49, 0x5c, 0xab, 0xd9, 0x10, 0x49, 0xa6, 0x84, 0xaf, 0x3f, 0x40, 0x51, 0xba, 0xca,
- 0xb0, 0xdc, 0xf2, 0x1c, 0x8c, 0xf2, 0x7a, 0x1a, 0x44, 0xd2, 0x40, 0xd0, 0x79, 0x02, 0xf4, 0x90,
- 0xb7, 0xc4, 0x3e, 0xf0, 0x07, 0x58, 0xab, 0xce, 0x88, 0x51, 0xc1, 0x8c, 0x70, 0xac, 0x6d, 0xf9,
- 0x7a, 0x88, 0xf7, 0x92, 0x11, 0xcf, 0x87, 0x5f, 0x78, 0x48, 0x85, 0xca, 0x3e, 0x34, 0x9e, 0xc4,
- 0xca, 0x89, 0x2b, 0x9f, 0xf0, 0x84, 0xc5, 0x35, 0x89, 0x65, 0xb8, 0xe7, 0x4a, 0x23, 0x15, 0x95,
- 0x2d, 0x4c, 0x8c, 0x06, 0x52, 0x1c, 0x2f, 0x0c, 0x00, 0x08, 0xc0, 0x6f, 0xb9, 0x28, 0x15, 0x80,
- 0x9c, 0xc4, 0x55, 0xa1, 0x29, 0x33, 0x19, 0x43, 0x59, 0x93, 0xcb, 0x3d, 0x67, 0x17, 0x9e, 0xc0,
- 0x6e, 0xa8, 0xd8, 0x89, 0x4e, 0x90, 0x4a, 0x0c, 0x35, 0xe9, 0x1c, 0x5c, 0x2f, 0xf2, 0xed, 0x93,
- 0x9c, 0xc2, 0xf8, 0x30, 0x12, 0x31, 0xf4, 0x4e, 0x59, 0x2a, 0x4a, 0xc8, 0x7e, 0x49, 0x98, 0xb9,
- 0x46, 0x25, 0xc6, 0x4a, 0xf5, 0x16, 0x86, 0xa2, 0xb3, 0x6a, 0x2b, 0x28, 0x92, 0xd4, 0x4f, 0x2d,
+ 0xb0, 0xdc, 0xf2, 0x1c, 0x8c, 0xf2, 0x7a, 0x1a, 0x9f, 0x56, 0xa8, 0x86, 0xea, 0x73, 0x9d, 0x59,
+ 0x17, 0x50, 0x8f, 0x9b, 0x75, 0x56, 0x39, 0xf3, 0xa9, 0xac, 0xfa, 0xed, 0xed, 0xca, 0x7f, 0xbf,
+ 0xa7, 0x94, 0xb1, 0x92, 0xe0, 0x8b, 0xf9, 0xed, 0x4c, 0x7e, 0xc8, 0x59, 0x4c, 0x9f, 0x7b, 0x4e,
+ 0x19, 0x77, 0x4f, 0xf8, 0x38, 0xec, 0x38, 0x7a, 0x8f, 0x34, 0x23, 0xda, 0xac, 0x44, 0x9f, 0x59,
+ 0xdb, 0x4e, 0x83, 0x94, 0x3f, 0x90, 0x72, 0x00, 0x00, 0x1c, 0xee, 0x8c, 0x10, 0xe2, 0x59, 0x80,
+ 0x57, 0x7c, 0xc6, 0xc9, 0x5a, 0x14, 0xe7, 0x04, 0x09, 0xf2, 0x0b, 0x01, 0x67, 0xe6, 0x36, 0xd0,
+ 0x10, 0x80, 0x7c, 0x4f, 0x00, 0x37, 0x2d, 0x69, 0x8c, 0x82, 0x6b, 0xd9, 0x2b, 0xc2, 0x2b, 0xd6,
+ 0xbb, 0x45, 0xe5, 0x27, 0x7c, 0x01, 0x88, 0x1d, 0x6a, 0x43, 0x60, 0x68, 0xe4, 0xdd, 0xf1, 0xc6,
+ 0xb7, 0xd1, 0x41, 0x6f, 0xaf, 0xa6, 0x69, 0x7c, 0x25, 0xed, 0xd9, 0xea, 0xe9, 0x91, 0x67, 0xc3,
},
},
// Testcase #4
@@ -312,8 +311,8 @@ var tests = []*TestCase{
Ztld: "000G051WYJWJ80S04BRDRM2R2H9VGQCKP13VCFA4DHC4BJT88HEXQ5K8HW",
Label: "天下無敵",
Dzprv: []byte{
- 0x07, 0xc0, 0x68, 0xa6, 0xc3, 0xf7, 0x20, 0xde, 0x0e, 0x1b, 0x69, 0xff, 0x3f, 0x53, 0xe0, 0x5d,
- 0x2b, 0x06, 0xcb, 0xd1, 0xae, 0x2d, 0xdd, 0xb3, 0x4e, 0x29, 0xb7, 0xb8, 0xfd, 0xce, 0x61, 0x6b,
+ 0x17, 0xc0, 0x68, 0xa6, 0xc3, 0xf7, 0x20, 0xde, 0x0e, 0x1b, 0x69, 0xff, 0x3f, 0x53, 0xe0, 0x5d,
+ 0x3f, 0xe5, 0xc5, 0xb0, 0x51, 0x25, 0x7a, 0x89, 0xa6, 0x3c, 0x1a, 0xd3, 0x5a, 0xc4, 0x35, 0x58,
},
Dzpub: []byte{
0x74, 0xf9, 0x00, 0x68, 0xf1, 0x67, 0x69, 0x53, 0x52, 0xa8, 0xa6, 0xc2, 0xeb, 0x98, 0x48, 0x98,
diff --git a/src/gnunet/service/gns/rfc_test.go b/src/gnunet/service/gns/rfc_test.go
@@ -225,7 +225,7 @@ func TestRecordsRFC(t *testing.T) {
if !bytes.Equal(skey[:32], tc.Enc.Key) {
fmt.Printf("key = %s\n", hex.EncodeToString(skey[:32]))
fmt.Printf("KEY = %s\n", hex.EncodeToString(tc.Enc.Key))
- t.Log("NONCE mismatch")
+ t.Log("KEY mismatch")
t.Fail()
continue
}
diff --git a/src/gnunet/service/revocation/pow_test.go b/src/gnunet/service/revocation/pow_test.go
@@ -2,6 +2,7 @@ package revocation
import (
"bytes"
+ "encoding/binary"
"encoding/hex"
"gnunet/crypto"
"gnunet/enums"
@@ -10,146 +11,217 @@ import (
"github.com/bfix/gospel/data"
)
+// give more output in test run
+var verbose = false
+
// Test revocation with test vector defined in the RFC draft.
func TestRevocationRFC(t *testing.T) {
- var (
- D = "6fea32c05af58bfa979553d188605fd57d8bf9cc263b78d5f7478c07b998ed70"
- ZKEY = "000100002ca223e879ecc4bbdeb5da17319281d63b2e3b6955f1c3775c804a98d5f8ddaa"
- PROOF = "" +
+ type tc struct {
+ D string
+ Zkey string
+ Sdata string
+ Proof string
+ }
+ var trev = []*tc{
+ {
+ "6fea32c05af58bfa979553d188605fd57d8bf9cc263b78d5f7478c07b998ed70",
+ "000100002ca223e879ecc4bbdeb5da17319281d63b2e3b6955f1c3775c804a98d5f8ddaa",
+ "00000034000000030005feb46d865c1c000100002ca223e879ecc4bbdeb5da17319281d63b2e3b6955f1c3775c804a98d5f8ddaa",
"0005feb46d865c1c" +
- "0000395d1827c000" +
- "e66a570bccd4b393" +
- "e66a570bccd4b3ea" +
- "e66a570bccd4b536" +
- "e66a570bccd4b542" +
- "e66a570bccd4b613" +
- "e66a570bccd4b65f" +
- "e66a570bccd4b672" +
- "e66a570bccd4b70a" +
- "e66a570bccd4b71a" +
- "e66a570bccd4b723" +
- "e66a570bccd4b747" +
- "e66a570bccd4b777" +
- "e66a570bccd4b785" +
- "e66a570bccd4b789" +
- "e66a570bccd4b7cf" +
- "e66a570bccd4b7dc" +
- "e66a570bccd4b93a" +
- "e66a570bccd4b956" +
- "e66a570bccd4ba4a" +
- "e66a570bccd4ba9d" +
- "e66a570bccd4bb28" +
- "e66a570bccd4bb5a" +
- "e66a570bccd4bb92" +
- "e66a570bccd4bba2" +
- "e66a570bccd4bbd8" +
- "e66a570bccd4bbe2" +
- "e66a570bccd4bc93" +
- "e66a570bccd4bc94" +
- "e66a570bccd4bd0f" +
- "e66a570bccd4bdce" +
- "e66a570bccd4be6a" +
- "e66a570bccd4be73" +
- "00010000" +
- "2ca223e879ecc4bbdeb5da17319281d63b2e3b6955f1c3775c804a98d5f8ddaa" +
- "044a878a158b40f0c841d9f978cb1372eaee5199a3d87e5e2bdbc72a6c8c73d0" +
- "00181dfc39c3aaa481667b165b5844e450713d8ab6a3b2ba8fef447b65076a0f"
- )
-
- // construct private/public key pair from test data
- d, err := hex.DecodeString(D)
- if err != nil {
- t.Fatal(err)
- }
- prv, err := crypto.NewZonePrivate(enums.GNS_TYPE_PKEY, d)
- if err != nil {
- t.Fatal(err)
+ "0000395d1827c000" +
+ "e66a570bccd4b393" +
+ "e66a570bccd4b3ea" +
+ "e66a570bccd4b536" +
+ "e66a570bccd4b542" +
+ "e66a570bccd4b613" +
+ "e66a570bccd4b65f" +
+ "e66a570bccd4b672" +
+ "e66a570bccd4b70a" +
+ "e66a570bccd4b71a" +
+ "e66a570bccd4b723" +
+ "e66a570bccd4b747" +
+ "e66a570bccd4b777" +
+ "e66a570bccd4b785" +
+ "e66a570bccd4b789" +
+ "e66a570bccd4b7cf" +
+ "e66a570bccd4b7dc" +
+ "e66a570bccd4b93a" +
+ "e66a570bccd4b956" +
+ "e66a570bccd4ba4a" +
+ "e66a570bccd4ba9d" +
+ "e66a570bccd4bb28" +
+ "e66a570bccd4bb5a" +
+ "e66a570bccd4bb92" +
+ "e66a570bccd4bba2" +
+ "e66a570bccd4bbd8" +
+ "e66a570bccd4bbe2" +
+ "e66a570bccd4bc93" +
+ "e66a570bccd4bc94" +
+ "e66a570bccd4bd0f" +
+ "e66a570bccd4bdce" +
+ "e66a570bccd4be6a" +
+ "e66a570bccd4be73" +
+ "000100002ca223e879ecc4bbdeb5da17319281d63b2e3b6955f1c3775c804a98d5f8ddaa" +
+ "044a878a158b40f0c841d9f978cb1372eaee5199a3d87e5e2bdbc72a6c8c73d0" +
+ "00181dfc39c3aaa481667b165b5844e450713d8ab6a3b2ba8fef447b65076a0f",
+ },
+ {
+ "5af7020ee19160328832352bbc6a68a8d71a7cbe1b929969a7c66d415a0d8f65",
+ "000100143cf4b924032022f0dc50581453b85d93b047b63d446c5845cb48445ddb96688f",
+ "00000034000000030005ff30b08e9e10000100143cf4b924032022f0dc50581453b85d93b047b63d446c5845cb48445ddb96688f",
+ "0005ff30b08e9e10" +
+ "0000395d1827c000" +
+ "8802bc0f10057911" +
+ "8802bc0f10057e72" +
+ "8802bc0f10057ea3" +
+ "8802bc0f10057ff9" +
+ "8802bc0f10058214" +
+ "8802bc0f10058231" +
+ "8802bc0f100582df" +
+ "8802bc0f10058328" +
+ "8802bc0f10058401" +
+ "8802bc0f1005841b" +
+ "8802bc0f10058567" +
+ "8802bc0f1005856e" +
+ "8802bc0f100585aa" +
+ "8802bc0f100585ad" +
+ "8802bc0f100585c7" +
+ "8802bc0f10058603" +
+ "8802bc0f10058612" +
+ "8802bc0f10058628" +
+ "8802bc0f10058703" +
+ "8802bc0f1005872a" +
+ "8802bc0f10058762" +
+ "8802bc0f10058787" +
+ "8802bc0f100587cb" +
+ "8802bc0f100587cd" +
+ "8802bc0f100587d3" +
+ "8802bc0f10058844" +
+ "8802bc0f100588a0" +
+ "8802bc0f100588e3" +
+ "8802bc0f100588e8" +
+ "8802bc0f10058918" +
+ "8802bc0f10058929" +
+ "8802bc0f10058946" +
+ "000100143cf4b924032022f0dc50581453b85d93b047b63d446c5845cb48445ddb96688f" +
+ "986741cf0ea6f2055571a5f38c78feede0ccf9f26b7b6e7a86d128b867512d06" +
+ "3c951229a8e3b99b49f5b38c0205d0bd706f8826ebbd4a16964e66962b720e08",
+ },
}
- zk := prv.Public()
- // check
- zkey, err := hex.DecodeString(ZKEY)
- if err != nil {
- t.Fatal(err)
- }
- if !bytes.Equal(zk.Bytes(), zkey) {
- t.Logf("zkey = %s\n", hex.EncodeToString(zk.Bytes()))
- t.Logf("ZKEY = %s\n", hex.EncodeToString(zkey))
- t.Fatal("Private/Public key mismatch")
- }
+ for i, tc := range trev {
+ t.Logf("Testcase #%d:\n", i+1)
- // assemble revocation data object
- revD, err := hex.DecodeString(PROOF)
- if err != nil {
- t.Fatal(err)
- }
- revData := new(RevData)
- if err = data.Unmarshal(revData, revD); err != nil {
- t.Fatal(err)
- }
- if err = revData.ZoneKeySig.Init(); err != nil {
- t.Fatal(err)
- }
- // check sigature
- if !bytes.Equal(revData.ZoneKeySig.ZoneKey.Bytes(), zkey) {
- t.Logf("zkey = %s\n", hex.EncodeToString(revData.ZoneKeySig.Bytes()))
- t.Logf("ZKEY = %s\n", hex.EncodeToString(zkey))
- t.Fatal("Wrong zone key in test revocation")
- }
+ // decode zone key
+ zkey, err := hex.DecodeString(tc.Zkey)
+ if err != nil {
+ t.Fatal(err)
+ }
+ // get ztype
+ var ztype enums.GNSType
+ if err = binary.Read(bytes.NewReader(zkey[:4]), binary.BigEndian, &ztype); err != nil {
+ t.Fatal(err)
+ }
+ // construct private/public key pair from test data
+ d, err := hex.DecodeString(tc.D)
+ if err != nil {
+ t.Fatal(err)
+ }
+ prv, err := crypto.NewZonePrivate(ztype, d)
+ if err != nil {
+ t.Fatal(err)
+ }
+ zk := prv.Public()
- // show revdata content
- if testing.Verbose() {
- t.Log("REVDATA:")
- t.Logf(" Timestamp: %s\n", revData.Timestamp.String())
- t.Logf(" TTL: %s\n", revData.TTL.String())
+ // check for correct public key
+ if !bytes.Equal(zk.Bytes(), zkey) {
+ t.Logf(" zkey = %s\n", hex.EncodeToString(zk.Bytes()))
+ t.Logf(" ZKEY = %s\n", tc.Zkey)
+ t.Fatal("Failed: Private/Public key mismatch")
+ }
- work := NewPoWData(0, revData.Timestamp, &revData.ZoneKeySig.ZoneKey)
- for i, pow := range revData.PoWs {
- t.Logf(" PoW #%d: %d\n", i, pow)
- work.SetPoW(pow)
- buf := work.Blob()
- t.Logf(" P: %s\n", hex.EncodeToString(buf))
- v := work.Compute()
- t.Logf(" H: %s\n", hex.EncodeToString(v.Bytes()))
- num := 512 - v.BitLen()
- t.Logf(" --> %d leading zeros\n", num)
- }
- t.Logf(" ZoneKey: %s\n", hex.EncodeToString(revData.ZoneKeySig.KeyData))
- t.Logf(" Signature: %s\n", hex.EncodeToString(revData.ZoneKeySig.Signature))
- }
+ // assemble revocation data object
+ revD, err := hex.DecodeString(tc.Proof)
+ if err != nil {
+ t.Fatal(err)
+ }
+ revData := new(RevData)
+ if err = data.Unmarshal(revData, revD); err != nil {
+ t.Fatal(err)
+ }
+ if err = revData.ZoneKeySig.Init(); err != nil {
+ t.Fatal(err)
+ }
+ // check sigature
+ if !bytes.Equal(revData.ZoneKeySig.ZoneKey.Bytes(), zkey) {
+ t.Logf(" zkey = %s\n", hex.EncodeToString(revData.ZoneKeySig.Bytes()))
+ t.Logf(" ZKEY = %s\n", tc.Zkey)
+ t.Fatal("Failed: Wrong zone key in test revocation")
+ }
+ // show revdata content
+ if verbose {
+ t.Log(" REVDATA:")
+ t.Logf(" Timestamp: %s\n", revData.Timestamp.String())
+ t.Logf(" TTL: %s\n", revData.TTL.String())
- // assemble data for signature
- sigBlock := &SignedRevData{
- Purpose: &crypto.SignaturePurpose{
- Size: uint32(20 + revData.ZoneKeySig.KeySize()),
- Purpose: enums.SIG_REVOCATION,
- },
- Timestamp: revData.Timestamp,
- ZoneKey: &revData.ZoneKeySig.ZoneKey,
- }
- sigData, err := data.Marshal(sigBlock)
- if err != nil {
- t.Fatal(err)
- }
- if testing.Verbose() {
- t.Logf("SigData = %s\n", hex.EncodeToString(sigData))
- }
+ work := NewPoWData(0, revData.Timestamp, &revData.ZoneKeySig.ZoneKey)
+ for i, pow := range revData.PoWs {
+ t.Logf(" PoW #%d: %d\n", i, pow)
+ work.SetPoW(pow)
+ buf := work.Blob()
+ t.Logf(" P: %s\n", hex.EncodeToString(buf))
+ v := work.Compute()
+ t.Logf(" H: %s\n", hex.EncodeToString(v.Bytes()))
+ num := 512 - v.BitLen()
+ t.Logf(" --> %d leading zeros\n", num)
+ }
+ t.Logf(" ZoneKey: %s\n", hex.EncodeToString(revData.ZoneKeySig.KeyData))
+ t.Logf(" Signature: %s\n", hex.EncodeToString(revData.ZoneKeySig.Signature))
+ }
- sigOut, err := prv.Sign(sigData)
- if err != nil {
- t.Fatal(err)
- }
- if testing.Verbose() {
- t.Logf("Signature = %s\n", hex.EncodeToString(sigOut.Signature))
- t.Logf(" ?= %s\n", hex.EncodeToString(revData.ZoneKeySig.Signature))
- }
+ // assemble data for signature
+ sigBlock := &SignedRevData{
+ Purpose: &crypto.SignaturePurpose{
+ Size: uint32(20 + revData.ZoneKeySig.KeySize()),
+ Purpose: enums.SIG_REVOCATION,
+ },
+ Timestamp: revData.Timestamp,
+ ZoneKey: &revData.ZoneKeySig.ZoneKey,
+ }
+ sigData, err := data.Marshal(sigBlock)
+ if err != nil {
+ t.Fatal(err)
+ }
- // verify revocation data object
- diff, rc := revData.Verify(true)
- if testing.Verbose() {
- t.Logf("Average difficulty of PoWs = %f\n", diff)
- }
- if rc != 0 {
- t.Fatalf("REV_Verify (pkey): %d\n", rc)
+ // check sigdata
+ sdata, err := hex.DecodeString(tc.Sdata)
+ if err != nil {
+ t.Fatal(err)
+ }
+ if !bytes.Equal(sigData, sdata) {
+ t.Logf(" SigData = %s\n", hex.EncodeToString(sigData))
+ t.Logf(" != %s\n", tc.Sdata)
+ t.Fatal("Failed: signed data mismatch")
+ }
+
+ // sign data
+ sigOut, err := prv.Sign(sigData)
+ if err != nil {
+ t.Fatal(err)
+ }
+ if !bytes.Equal(sigOut.Signature, revData.ZoneKeySig.Signature) {
+ t.Logf(" Signature = %s\n", hex.EncodeToString(sigOut.Signature))
+ t.Logf(" != %s\n", hex.EncodeToString(revData.ZoneKeySig.Signature))
+ t.Fatal("Failed: signature mismatch")
+ }
+
+ // verify revocation data object
+ diff, rc := revData.Verify(true)
+ if testing.Verbose() {
+ t.Logf(" Average difficulty of PoWs = %f\n", diff)
+ }
+ if rc != 0 {
+ t.Fatalf("REV_Verify (pkey): %d\n", rc)
+ }
}
}
