Adding test vectors and golden tests from the standard for both versions of VRF (#519)

* add vrf_ver13_2

* vrf_ver13_generated_3

* vrf_ver13_generated_4

* vrf_ver13_standard_11

* vrf_ver13_standard_12

* vrf_ver13_standard_10

* enable first Praos test

* vrf_ver03_generated_2

* vrf_ver03_generated_3

* vrf_ver03_generated_4

* add two golden from standard

* vrf_ver03_standard_12

* adjust Changelogs

* handle empty message cases

* use Paths_

* refactor outputFromBytes for both VRFs

* populate data-files in cabal and data-files must end with extension or presented explicitly

Author: paweljakubas

cardano-crypto-praos/CHANGELOG.md

@@ -2,7 +2,7 @@
 
 ## 2.2.0.1
 
-*
+* Add and expose `outputFromBytes` for both `Praos` and `PraosBatchCompat` modules
 
 ## 2.2.0.0
 

cardano-crypto-praos/src/Cardano/Crypto/VRF/Praos.hs

@@ -30,6 +30,8 @@ module Cardano.Crypto.VRF.Praos (
 
   -- * Conversions
   outputBytes,
+  outputFromBytes,
+  outputFromProof,
   proofBytes,
   skBytes,
   vkBytes,
@@ -376,6 +378,24 @@ vkFromBytes bs = do
 mkOutput :: IO Output
 mkOutput = fmap Output $ newForeignPtr finalizerFree =<< mallocBytes (fromIntegral crypto_vrf_outputbytes)
 
+outputFromBytes :: MonadFail m => ByteString -> m Output
+outputFromBytes bs = do
+  if bsLen /= fromIntegral @CSize @Int crypto_vrf_outputbytes
+    then
+      fail
+        ( "Invalid output length "
+            <> show bsLen
+            <> ", expecting "
+            <> show crypto_vrf_outputbytes
+        )
+    else pure $! unsafePerformIO $ do
+      output <- mkOutput
+      withForeignPtr (unOutput output) $ \ptr ->
+        copyFromByteString ptr bs bsLen
+      pure output
+  where
+    bsLen = BS.length bs
+
 -- | Derive a key pair (Sign + Verify) from a seed.
 keypairFromSeed :: Seed -> (VerKey, SignKey)
 keypairFromSeed seed =

cardano-crypto-praos/src/Cardano/Crypto/VRF/PraosBatchCompat.hs

@@ -40,13 +40,19 @@ module Cardano.Crypto.VRF.PraosBatchCompat (
   Seed,
   genSeed,
   keypairFromSeed,
+  seedFromBytes,
 
   -- * Conversions
   unsafeRawSeed,
   outputBytes,
+  outputFromBytes,
+  outputFromProof,
   proofBytes,
+  proofFromBytes,
   skBytes,
+  skFromBytes,
   vkBytes,
+  vkFromBytes,
   skToVerKey,
   skToSeed,
 
@@ -56,6 +62,8 @@ module Cardano.Crypto.VRF.PraosBatchCompat (
   SignKeyVRF (..),
   VerKeyVRF (..),
   CertVRF (..),
+  Proof (..),
+  Output (..),
 )
 where
 
@@ -165,7 +173,8 @@ foreign import ccall "crypto_vrf_ietfdraft13_publickeybytes"
   crypto_vrf_ietfdraft13_publickeybytes :: CSize
 foreign import ccall "crypto_vrf_ietfdraft13_secretkeybytes"
   crypto_vrf_ietfdraft13_secretkeybytes :: CSize
-foreign import ccall "crypto_vrf_ietfdraft13_seedbytes" crypto_vrf_ietfdraft13_seedbytes :: CSize
+foreign import ccall "crypto_vrf_ietfdraft13_seedbytes"
+  crypto_vrf_ietfdraft13_seedbytes :: CSize
 foreign import ccall "crypto_vrf_ietfdraft13_outputbytes"
   crypto_vrf_ietfdraft13_outputbytes :: CSize
 
@@ -402,6 +411,24 @@ mkOutput =
   fmap Output $
     newForeignPtr finalizerFree =<< mallocBytes (fromIntegral crypto_vrf_ietfdraft13_outputbytes)
 
+outputFromBytes :: MonadFail m => ByteString -> m Output
+outputFromBytes bs = do
+  if bsLen /= fromIntegral @CSize @Int crypto_vrf_ietfdraft13_outputbytes
+    then
+      fail
+        ( "Invalid output length "
+            <> show bsLen
+            <> ", expecting "
+            <> show crypto_vrf_ietfdraft13_outputbytes
+        )
+    else pure $! unsafePerformIO $ do
+      output <- mkOutput
+      withForeignPtr (unOutput output) $ \ptr ->
+        copyFromByteString ptr bs bsLen
+      pure output
+  where
+    bsLen = BS.length bs
+
 -- | Derive a key pair (Sign + Verify) from a seed.
 keypairFromSeed :: Seed -> (VerKey, SignKey)
 keypairFromSeed seed =

cardano-crypto-tests/CHANGELOG.md

@@ -2,7 +2,7 @@
 
 ## 2.2.0.1
 
-*
+* Add tests using standard test vectors and generated ones for Praos and PraosBatchCompat
 
 ## 2.2.0.0
 
@@ -38,4 +38,3 @@
 ## 2.0.0.1
 
 * Initial release
-

cardano-crypto-tests/cardano-crypto-tests.cabal

@@ -23,6 +23,20 @@ data-files:
   bls12-381-test-vectors/test_vectors/h2c_large_dst
   bls12-381-test-vectors/test_vectors/pairing_test_vectors
   bls12-381-test-vectors/test_vectors/serde_test_vectors
+  test_vectors/vrf_ver03_generated_1
+  test_vectors/vrf_ver03_generated_2
+  test_vectors/vrf_ver03_generated_3
+  test_vectors/vrf_ver03_generated_4
+  test_vectors/vrf_ver03_standard_10
+  test_vectors/vrf_ver03_standard_11
+  test_vectors/vrf_ver03_standard_12
+  test_vectors/vrf_ver13_generated_1
+  test_vectors/vrf_ver13_generated_2
+  test_vectors/vrf_ver13_generated_3
+  test_vectors/vrf_ver13_generated_4
+  test_vectors/vrf_ver13_standard_10
+  test_vectors/vrf_ver13_standard_11
+  test_vectors/vrf_ver13_standard_12
 
 flag secp256k1-support
   description:
@@ -49,13 +63,13 @@ common project-config
 library
   import: base, project-config
   hs-source-dirs: src
+  other-modules: Paths_cardano_crypto_tests
   exposed-modules:
     Bench.Crypto.BenchData
     Bench.Crypto.DSIGN
     Bench.Crypto.HASH
     Bench.Crypto.KES
     Bench.Crypto.VRF
-    Paths_cardano_crypto_tests
     Test.Crypto.AllocLog
     Test.Crypto.DSIGN
     Test.Crypto.EllipticCurve
@@ -106,6 +120,7 @@ test-suite test-crypto
   import: base, project-config
   type: exitcode-stdio-1.0
   hs-source-dirs: test
+  other-modules: Paths_cardano_crypto_tests
   main-is: Main.hs
   build-depends:
     base,

cardano-crypto-tests/src/Test/Crypto/VRF.hs

@@ -1,5 +1,7 @@
 {-# LANGUAGE DataKinds #-}
 {-# LANGUAGE FlexibleContexts #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE RecordWildCards #-}
 {-# LANGUAGE ScopedTypeVariables #-}
 {-# LANGUAGE TypeApplications #-}
 {-# LANGUAGE TypeFamilies #-}
@@ -15,12 +17,18 @@ where
 import Cardano.Crypto.Util
 import Cardano.Crypto.VRF
 import Cardano.Crypto.VRF.Praos
+import qualified Cardano.Crypto.VRF.Praos as Ver03
 import Cardano.Crypto.VRF.PraosBatchCompat
+import qualified Cardano.Crypto.VRF.PraosBatchCompat as Ver13
 
 import qualified Data.ByteString as BS
+import qualified Data.Char as Char
 import Data.Proxy (Proxy (..))
 import Data.Word (Word64, Word8)
+import qualified Text.ParserCombinators.ReadP as Parse
+import qualified Text.Read as Read
 
+import Paths_cardano_crypto_tests (getDataFileName)
 import Test.Crypto.Util
 import Test.QuickCheck (
   Arbitrary (..),
@@ -32,6 +40,7 @@ import Test.QuickCheck (
   (==>),
  )
 import Test.Tasty (TestTree, testGroup)
+import Test.Tasty.HUnit (Assertion, HasCallStack, assertBool, assertFailure, testCase, (@?=))
 import Test.Tasty.QuickCheck (testProperty, vectorOf)
 
 {- HLINT IGNORE "Use <$>" -}
@@ -59,8 +68,184 @@ tests =
         , testProperty "compatibleVerKeyConversion" prop_verKeyValidConversion
         , testProperty "compatibleSignKeyConversion" prop_signKeyValidConversion
         ]
+    , testGroup
+        "test vectors for Praos"
+        [ testCase "generated golden test vector: vrf_ver03_generated_1" $
+            checkVer03TestVector "vrf_ver03_generated_1"
+        , testCase "generated golden test vector: vrf_ver03_generated_2" $
+            checkVer03TestVector "vrf_ver03_generated_2"
+        , testCase "generated golden test vector: vrf_ver03_generated_3" $
+            checkVer03TestVector "vrf_ver03_generated_3"
+        , testCase "generated golden test vector: vrf_ver03_generated_4" $
+            checkVer03TestVector "vrf_ver03_generated_4"
+        , -- https://datatracker.ietf.org/doc/draft-irtf-cfrg-vrf/03/ - Section A.4.
+          testCase "generated golden test vector: vrf_ver03_standard_10" $
+            checkVer03TestVector "vrf_ver03_standard_10"
+        , -- https://datatracker.ietf.org/doc/draft-irtf-cfrg-vrf/03/ - Section A.4.
+          testCase "generated golden test vector: vrf_ver03_standard_11" $
+            checkVer03TestVector "vrf_ver03_standard_11"
+        , -- https://datatracker.ietf.org/doc/draft-irtf-cfrg-vrf/03/ - Section A.4.
+          testCase "generated golden test vector: vrf_ver03_standard_12" $
+            checkVer03TestVector "vrf_ver03_standard_12"
+        ]
+    , testGroup
+        "test vectors for PraosBatchCompat"
+        [ testCase "generated golden test vector: vrf_ver13_generated_1" $
+            checkVer13TestVector "vrf_ver13_generated_1"
+        , testCase "generated golden test vector: vrf_ver13_generated_2" $
+            checkVer13TestVector "vrf_ver13_generated_2"
+        , testCase "generated golden test vector: vrf_ver13_generated_3" $
+            checkVer13TestVector "vrf_ver13_generated_3"
+        , testCase "generated golden test vector: vrf_ver13_generated_4" $
+            checkVer13TestVector "vrf_ver13_generated_4"
+        , -- https://datatracker.ietf.org/doc/draft-irtf-cfrg-vrf/13/ - example 10
+          -- pi = 7d9c633ffeee27349264cf5c667579fc583b4bda63ab71d001f89c10003ab46f14adf9a3cd8b8412d9038531e865c341cafa73589b023d14311c331a9ad15ff2fb37831e00f0acaa6d73bc9997b06501
+          testCase "generated golden test vector: vrf_ver13_standard_10" $
+            checkVer13TestVector "vrf_ver13_standard_10"
+        , -- https://datatracker.ietf.org/doc/draft-irtf-cfrg-vrf/13/ - example 11
+          -- pi = 47b327393ff2dd81336f8a2ef10339112401253b3c714eeda879f12c509072ef055b48372bb82efbdce8e10c8cb9a2f9d60e93908f93df1623ad78a86a028d6bc064dbfc75a6a57379ef855dc6733801
+          testCase "generated golden test vector: vrf_ver13_standard_11" $
+            checkVer13TestVector "vrf_ver13_standard_11"
+        , -- https://datatracker.ietf.org/doc/draft-irtf-cfrg-vrf/13/ - example 12
+          -- pi = 926e895d308f5e328e7aa159c06eddbe56d06846abf5d98c2512235eaa57fdce35b46edfc655bc828d44ad09d1150f31374e7ef73027e14760d42e77341fe05467bb286cc2c9d7fde29120a0b2320d04
+          testCase "generated golden test vector: vrf_ver13_standard_12" $
+            checkVer13TestVector "vrf_ver13_standard_12"
+        ]
+    ]
+
+bytesEq :: HasCallStack => (a -> BS.ByteString) -> Maybe a -> a -> Assertion
+bytesEq outputToBytes suppliedM expected = case suppliedM of
+  Just supplied ->
+    outputToBytes supplied @?= outputToBytes expected
+  Nothing ->
+    assertBool ("suppliedM in byteEq gave Nothing") False
+
+checkVer03TestVector :: FilePath -> Assertion
+checkVer03TestVector file = do
+  filename <- getDataFileName $ "test_vectors/" <> file
+  str <- readFile filename
+  let testVectorE = Read.readMaybe @VRFTestVector str
+  VRFTestVector {..} <-
+    maybe
+      (assertFailure $ "parsing test vector: " <> file <> " not successful")
+      pure
+      testVectorE
+  signKey <- Ver03.skFromBytes testVectorSigningKey
+  verKey <- Ver03.vkFromBytes testVectorVerifyingKey
+  testVectorName @?= algorithmNameVRF (Proxy :: Proxy PraosVRF)
+  testVectorVersion @?= "ietfdraft03"
+  testVectorCipherSuite @?= "ECVRF-ED25519-SHA512-Elligator2"
+  proof' <- Ver03.proofFromBytes testVectorProof
+  hash' <- Ver03.outputFromBytes testVectorHash
+  -- prove signKey msg -> proof
+  Ver03.prove signKey testVectorMessage @?= Just proof'
+  -- signKey -> verKey
+  Ver03.skToVerKey signKey @?= verKey
+  -- proof -> hashed msg
+  bytesEq Ver03.outputBytes (Ver03.outputFromProof proof') hash'
+  -- verify verKey proof msg -> hashed msg
+  bytesEq Ver03.outputBytes (Ver03.verify verKey proof' testVectorMessage) hash'
+
+checkVer13TestVector :: FilePath -> Assertion
+checkVer13TestVector file = do
+  filename <- getDataFileName $ "test_vectors/" <> file
+  str <- readFile filename
+  let testVectorE = Read.readMaybe @VRFTestVector str
+  VRFTestVector {..} <-
+    maybe
+      (assertFailure $ "parsing test vector: " <> file <> " not successful")
+      pure
+      testVectorE
+  let signKey = Ver13.skFromBytes testVectorSigningKey
+  let verKey = Ver13.vkFromBytes testVectorVerifyingKey
+  testVectorName @?= algorithmNameVRF (Proxy :: Proxy PraosBatchCompatVRF)
+  testVectorVersion @?= "ietfdraft13"
+  testVectorCipherSuite @?= "ECVRF-ED25519-SHA512-Elligator2"
+  -- prove signKey msg -> proof
+  let proof' = Ver13.proofFromBytes testVectorProof
+  hash' <- Ver13.outputFromBytes testVectorHash
+  Ver13.prove signKey testVectorMessage @?= Just proof'
+  -- signKey -> verKey
+  Ver13.skToVerKey signKey @?= verKey
+  -- proof -> hashed msg
+  bytesEq Ver13.outputBytes (Ver13.outputFromProof proof') hash'
+  -- verify verKey proof msg -> hashed msg
+  bytesEq Ver13.outputBytes (Ver13.verify verKey proof' testVectorMessage) hash'
+
+data VRFTestVector = VRFTestVector
+  { testVectorName :: String
+  , testVectorVersion :: String
+  , testVectorCipherSuite :: String
+  , testVectorSigningKey :: BS.ByteString
+  , testVectorVerifyingKey :: BS.ByteString
+  , testVectorMessage :: BS.ByteString
+  , testVectorProof :: BS.ByteString
+  , testVectorHash :: BS.ByteString
+  }
+
+data HexStringWithLength = HexStringWithLength
+  { hswlPayload :: String
+  , hswExpectedLength :: Int
+  }
+  deriving (Show, Eq)
+
+parserHex :: Maybe Int -> Parse.ReadP BS.ByteString
+parserHex lenM = do
+  str <- parseString
+  if str == "empty"
+    then
+      pure BS.empty
+    else case lenM of
+      Just len -> handleDecode str len
+      Nothing -> handleDecode str (length str `div` 2)
+  where
+    handleDecode str size = case decodeHexString str size of
+      Right bs -> pure bs
+      Left err -> error err
+
+parseKey :: String -> Parse.ReadP String
+parseKey key = do
+  key' <- Parse.string key
+  Parse.skipSpaces
+  _ <- Parse.string ":"
+  Parse.skipSpaces
+  pure key'
+
+parseEOL :: Parse.ReadP ()
+parseEOL =
+  Parse.choice
+    [ Parse.char '\n' >> return ()
+    , Parse.eof
     ]
 
+parseContent :: String -> Parse.ReadP a -> Parse.ReadP a
+parseContent key parser =
+  Parse.between (parseKey key) parseEOL parser
+
+parseString :: Parse.ReadP String
+parseString = Parse.munch1 (\c -> Char.isAlphaNum c || c == '-')
+
+parserVRFTestVector :: Parse.ReadP VRFTestVector
+parserVRFTestVector = do
+  testVectorName <- parseContent "vrf" parseString
+  testVectorVersion <- parseContent "ver" parseString
+  testVectorCipherSuite <- parseContent "ciphersuite" parseString
+  sk <- parseContent "sk" $ parserHex (Just 32)
+  testVectorVerifyingKey <- parseContent "pk" $ parserHex (Just 32)
+  let testVectorSigningKey = sk <> testVectorVerifyingKey
+  testVectorMessage <- parseContent "alpha" (parserHex Nothing)
+  testVectorProof <-
+    if testVectorName == "PraosVRF"
+      then
+        parseContent "pi" (parserHex (Just 80))
+      else
+        parseContent "pi" (parserHex (Just 128))
+  testVectorHash <- parseContent "beta" (parserHex (Just 64))
+  pure VRFTestVector {..}
+
+instance Read VRFTestVector where
+  readsPrec _ = Parse.readP_to_S parserVRFTestVector
+
 testVRFAlgorithm ::
   forall proxy v.
   ( VRFAlgorithm v

cardano-crypto-tests/test_vectors/vrf_ver03_generated_1

@@ -0,0 +1,8 @@
+vrf: PraosVRF
+ver: ietfdraft03
+ciphersuite: ECVRF-ED25519-SHA512-Elligator2
+sk: 0000000000000000000000000000000000000000000000000000000000000000
+pk: 3b6a27bcceb6a42d62a3a8d02a6f0d73653215771de243a63ac048a18b59da29
+alpha: 00
+pi: 000f006e64c91f84212919fe0899970cd341206fc081fe599339c8492e2cea3299ae9de4b6ce21cda0a975f65f45b70f82b3952ba6d0dbe11a06716e67aca233c0d78f115a655aa1952ada9f3d692a0a
+beta: 9930b5dddc0938f01cf6f9746eded569ee676bd6ff3b4f19233d74b903ec53a45c5728116088b7c622b6d6c354f7125c7d09870b56ec6f1e4bf4970f607e04b2