From 4505cb843828209c0038cb83075ccbde818e9c34 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 13 Nov 2024 07:14:35 +0000 Subject: [PATCH] Improve the ZIP 32 arbitrary key derivation test vectors When using them, I forgot that `bytes(range(32))` doesn't generate an all-zeroes seed of length 32, so I was using the wrong seed with the test vectors and they were failing. We now embed that seed in the test vectors, along with the context string (to make it clear that there is no trailing null byte) and the IKM (which is what clued me into the seed being wrong). --- test-vectors/json/zip_0032_arbitrary.json | 10 ++--- test-vectors/rust/zip_0032_arbitrary.rs | 48 ++++++++++++++++++++++ test-vectors/zcash/zip_0032_arbitrary.json | 10 ++--- zcash_test_vectors/zip_0032.py | 22 ++++++---- 4 files changed, 73 insertions(+), 17 deletions(-) diff --git a/test-vectors/json/zip_0032_arbitrary.json b/test-vectors/json/zip_0032_arbitrary.json index a6578df..8b1a00d 100644 --- a/test-vectors/json/zip_0032_arbitrary.json +++ b/test-vectors/json/zip_0032_arbitrary.json @@ -1,8 +1,8 @@ [ ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/zip_0032_arbitrary.py"], - ["sk, c"], - ["e9da8806409dc3c3ebd1fc2a71c879c13dd7aa93ede803bf1a83414b9d3b158a", "65a748f2905f7a8aab9f3d02f1b26c3d65c82994ce59a086d4c651d8a81cec51"], - ["e8409aaa832cc2378f2badeb77150562153742fee876dcf4783a6ccd119da66a", "cc084922a0ead2da5338bd82200a1946bc8585b8d9ee416df6a09a71ab0e5b58"], - ["464f90a364cff805fee93a85b72f4894ce4e1358dcdc1e61a3d430301c60910e", "f9d2544a5528ae6bd9f036f42f9f05d83dff507aeb2a8141af11d9f167e221ae"], - ["fc4b6e93b0e42f7a762ca0c6522ccd1045cab506b372452af7306c87389ab62c", "e89bf2ed73f5e0887542e36793fac82c508ab5d99198578227b241fbac198429"] + ["context_string, seed, ikm, path, sk, c"], + ["5a63617368207465737420766563746f7273", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "125a63617368207465737420766563746f727320000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", [], "e9da8806409dc3c3ebd1fc2a71c879c13dd7aa93ede803bf1a83414b9d3b158a", "65a748f2905f7a8aab9f3d02f1b26c3d65c82994ce59a086d4c651d8a81cec51"], + ["5a63617368207465737420766563746f7273", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", null, [2147483649], "e8409aaa832cc2378f2badeb77150562153742fee876dcf4783a6ccd119da66a", "cc084922a0ead2da5338bd82200a1946bc8585b8d9ee416df6a09a71ab0e5b58"], + ["5a63617368207465737420766563746f7273", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", null, [2147483649, 2147483650], "464f90a364cff805fee93a85b72f4894ce4e1358dcdc1e61a3d430301c60910e", "f9d2544a5528ae6bd9f036f42f9f05d83dff507aeb2a8141af11d9f167e221ae"], + ["5a63617368207465737420766563746f7273", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", null, [2147483649, 2147483650, 2147483651], "fc4b6e93b0e42f7a762ca0c6522ccd1045cab506b372452af7306c87389ab62c", "e89bf2ed73f5e0887542e36793fac82c508ab5d99198578227b241fbac198429"] ] diff --git a/test-vectors/rust/zip_0032_arbitrary.rs b/test-vectors/rust/zip_0032_arbitrary.rs index 790424c..77a244f 100644 --- a/test-vectors/rust/zip_0032_arbitrary.rs +++ b/test-vectors/rust/zip_0032_arbitrary.rs @@ -1,4 +1,8 @@ struct TestVector { + context_string: Vec, + seed: [u8; 32], + ikm: Option>, + path: Vec, sk: [u8; 32], c: [u8; 32], }; @@ -6,6 +10,17 @@ // From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/zip_0032_arbitrary.py let test_vectors = vec![ TestVector { + context_string: vec![ + 0x5a, 0x63, 0x61, 0x73, 0x68, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73 + ], + seed: [ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + ], + ikm: Some(vec![ + 0x12, 0x5a, 0x63, 0x61, 0x73, 0x68, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x20, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + ]), + path: vec![ + ], sk: [ 0xe9, 0xda, 0x88, 0x06, 0x40, 0x9d, 0xc3, 0xc3, 0xeb, 0xd1, 0xfc, 0x2a, 0x71, 0xc8, 0x79, 0xc1, 0x3d, 0xd7, 0xaa, 0x93, 0xed, 0xe8, 0x03, 0xbf, 0x1a, 0x83, 0x41, 0x4b, 0x9d, 0x3b, 0x15, 0x8a ], @@ -14,6 +29,16 @@ ], }, TestVector { + context_string: vec![ + 0x5a, 0x63, 0x61, 0x73, 0x68, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73 + ], + seed: [ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + ], + ikm: None, + path: vec![ + 2147483649, + ], sk: [ 0xe8, 0x40, 0x9a, 0xaa, 0x83, 0x2c, 0xc2, 0x37, 0x8f, 0x2b, 0xad, 0xeb, 0x77, 0x15, 0x05, 0x62, 0x15, 0x37, 0x42, 0xfe, 0xe8, 0x76, 0xdc, 0xf4, 0x78, 0x3a, 0x6c, 0xcd, 0x11, 0x9d, 0xa6, 0x6a ], @@ -22,6 +47,17 @@ ], }, TestVector { + context_string: vec![ + 0x5a, 0x63, 0x61, 0x73, 0x68, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73 + ], + seed: [ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + ], + ikm: None, + path: vec![ + 2147483649, + 2147483650, + ], sk: [ 0x46, 0x4f, 0x90, 0xa3, 0x64, 0xcf, 0xf8, 0x05, 0xfe, 0xe9, 0x3a, 0x85, 0xb7, 0x2f, 0x48, 0x94, 0xce, 0x4e, 0x13, 0x58, 0xdc, 0xdc, 0x1e, 0x61, 0xa3, 0xd4, 0x30, 0x30, 0x1c, 0x60, 0x91, 0x0e ], @@ -30,6 +66,18 @@ ], }, TestVector { + context_string: vec![ + 0x5a, 0x63, 0x61, 0x73, 0x68, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73 + ], + seed: [ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + ], + ikm: None, + path: vec![ + 2147483649, + 2147483650, + 2147483651, + ], sk: [ 0xfc, 0x4b, 0x6e, 0x93, 0xb0, 0xe4, 0x2f, 0x7a, 0x76, 0x2c, 0xa0, 0xc6, 0x52, 0x2c, 0xcd, 0x10, 0x45, 0xca, 0xb5, 0x06, 0xb3, 0x72, 0x45, 0x2a, 0xf7, 0x30, 0x6c, 0x87, 0x38, 0x9a, 0xb6, 0x2c ], diff --git a/test-vectors/zcash/zip_0032_arbitrary.json b/test-vectors/zcash/zip_0032_arbitrary.json index dd1c38e..73f3271 100644 --- a/test-vectors/zcash/zip_0032_arbitrary.json +++ b/test-vectors/zcash/zip_0032_arbitrary.json @@ -1,8 +1,8 @@ [ ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/zip_0032_arbitrary.py"], - ["sk, c"], - ["8a153b9d4b41831abf03e8ed93aad73dc179c8712afcd1ebc3c39d400688dae9", "51ec1ca8d851c6d486a059ce9429c8653d6cb2f1023d9fab8a7a5f90f248a765"], - ["6aa69d11cd6c3a78f4dc76e8fe42371562051577ebad2b8f37c22c83aa9a40e8", "585b0eab719aa0f66d41eed9b88585bc46190a2082bd3853dad2eaa0224908cc"], - ["0e91601c3030d4a3611edcdc58134ece94482fb7853ae9fe05f8cf64a3904f46", "ae21e267f1d911af41812aeb7a50ff3dd8059f2ff436f0d96bae28554a54d2f9"], - ["2cb69a38876c30f72a4572b306b5ca4510cd2c52c6a02c767a2fe4b0936e4bfc", "298419acfb41b22782579891d9b58a502cc8fa9367e3427588e0f573edf29be8"] + ["context_string, seed, ikm, path, sk, c"], + ["5a63617368207465737420766563746f7273", "1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100", "125a63617368207465737420766563746f727320000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", [], "8a153b9d4b41831abf03e8ed93aad73dc179c8712afcd1ebc3c39d400688dae9", "51ec1ca8d851c6d486a059ce9429c8653d6cb2f1023d9fab8a7a5f90f248a765"], + ["5a63617368207465737420766563746f7273", "1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100", null, [2147483649], "6aa69d11cd6c3a78f4dc76e8fe42371562051577ebad2b8f37c22c83aa9a40e8", "585b0eab719aa0f66d41eed9b88585bc46190a2082bd3853dad2eaa0224908cc"], + ["5a63617368207465737420766563746f7273", "1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100", null, [2147483649, 2147483650], "0e91601c3030d4a3611edcdc58134ece94482fb7853ae9fe05f8cf64a3904f46", "ae21e267f1d911af41812aeb7a50ff3dd8059f2ff436f0d96bae28554a54d2f9"], + ["5a63617368207465737420766563746f7273", "1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100", null, [2147483649, 2147483650, 2147483651], "2cb69a38876c30f72a4572b306b5ca4510cd2c52c6a02c767a2fe4b0936e4bfc", "298419acfb41b22782579891d9b58a502cc8fa9367e3427588e0f573edf29be8"] ] diff --git a/zcash_test_vectors/zip_0032.py b/zcash_test_vectors/zip_0032.py index 1f6d250..6ea17d3 100644 --- a/zcash_test_vectors/zip_0032.py +++ b/zcash_test_vectors/zip_0032.py @@ -38,7 +38,9 @@ def CKDh(Context, sk_par, c_par, i): class ArbitraryKey(object): Arbitrary = HardenedOnlyContext(b'ZcashArbitraryKD', b'\xAB') - def __init__(self, sk, chaincode): + def __init__(self, IKM, path, sk, chaincode): + self.IKM = IKM + self.path = path self.sk = sk self.chaincode = chaincode @@ -50,15 +52,13 @@ class ArbitraryKey(object): assert length_ContextString <= 252 assert 32 <= length_S <= 252 - (sk, chaincode) = MKGh( - cls.Arbitrary, - bytes([length_ContextString]) + ContextString + bytes([length_S]) + S, - ) - return cls(sk, chaincode) + IKM = bytes([length_ContextString]) + ContextString + bytes([length_S]) + S + (sk, chaincode) = MKGh(cls.Arbitrary, IKM) + return cls(IKM, [], sk, chaincode) def child(self, i): (sk_i, c_i) = CKDh(self.Arbitrary, self.sk, self.chaincode, i) - return self.__class__(sk_i, c_i) + return self.__class__(None, self.path + [i], sk_i, c_i) def arbitrary_key_derivation_tvs(): @@ -75,6 +75,10 @@ def arbitrary_key_derivation_tvs(): test_vectors = [ { + 'context_string': context_string, + 'seed': seed, + 'ikm': k.IKM, + 'path': k.path, 'sk' : k.sk, 'c' : k.chaincode } @@ -85,6 +89,10 @@ def arbitrary_key_derivation_tvs(): args, 'zip_0032_arbitrary', ( + ('context_string', 'Vec'), + ('seed', '[u8; 32]'), + ('ikm', 'Option>'), + ('path', 'Vec'), ('sk', '[u8; 32]'), ('c', '[u8; 32]'), ),