Skip to content

Commit

Permalink
Merge pull request #39 from cloudflare/caw/update-vectors
Browse files Browse the repository at this point in the history 
Update test vectors for token challenges
  • Loading branch information
@chris-wood
chris-wood authored Jul 10, 2023
2 parents 764a1c9 + 8918bf1 commit 6ea5db0
Show file tree
Hide file tree
Showing 9 changed files with 59 additions and 13 deletions.
8 changes: 6 additions & 2 deletions scripts/format_test_vectors.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,13 @@ def format_vector(vector_keys, vector_fname):
data = json.load(fh)
formatted = "~~~\n"
for i, entry in enumerate(data):
formatted = formatted + ("// Test vector %d" % (i+1)) + "\n"
formatted = formatted + ("// Test vector %d:" % (i+1)) + "\n"
if "comment" in vector_keys:
formatted += entry["comment"] + "\n"
for key in vector_keys:
if key in entry:
if key == "comment":
continue
if type(entry[key]) == type(""):
formatted = formatted + wrap_line(key + ": " + str(entry[key])) + "\n"
else:
Expand Down Expand Up @@ -64,6 +68,6 @@ def format_vector(vector_keys, vector_fname):

if "token-test-vectors" in sys.argv[1]:
ordered_keys = [
"token_type", "issuer_name", "redemption_context", "origin_info", "nonce", "token_key_id", "token_authenticator_input"
"comment", "token_type", "issuer_name", "redemption_context", "origin_info", "nonce", "token_key_id", "token_authenticator_input"
]
format_vector(ordered_keys, sys.argv[1])
2 changes: 1 addition & 1 deletion tokens/token-test-vectors.json
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
[{"token_type":2,"issuer_name":"6973737565722e6578616d706c65","redemption_context":"619e580a1fe8a7a8938fb3c007af1f6c15f3a94037054fb4f3a7e20bdc15e810","origin_info":"6f726967696e2e6578616d706c65","nonce":"f93a21c15f70a2e67f5efa2f9a5b504c8c8ef895c3f61f31f4abb3a1dc5e2b60","token_key_id":"ca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708","token_authenticator_input":"0002f93a21c15f70a2e67f5efa2f9a5b504c8c8ef895c3f61f31f4abb3a1dc5e2b6051024ebd20f96a17d999b20a4ff8f6e9bbd72f61ee0aa8b0d3a50b3f4979439aca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708"},{"token_type":2,"issuer_name":"6973737565722e6578616d706c65","redemption_context":"","origin_info":"6f726967696e2e6578616d706c65","nonce":"f93a21c15f70a2e67f5efa2f9a5b504c8c8ef895c3f61f31f4abb3a1dc5e2b60","token_key_id":"ca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708","token_authenticator_input":"0002f93a21c15f70a2e67f5efa2f9a5b504c8c8ef895c3f61f31f4abb3a1dc5e2b6011e15c91a7c2ad02abd66645802373db1d823bea80f08d452541fb2b62b5898bca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708"},{"token_type":2,"issuer_name":"6973737565722e6578616d706c65","redemption_context":"","origin_info":"","nonce":"f93a21c15f70a2e67f5efa2f9a5b504c8c8ef895c3f61f31f4abb3a1dc5e2b60","token_key_id":"ca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708","token_authenticator_input":"0002f93a21c15f70a2e67f5efa2f9a5b504c8c8ef895c3f61f31f4abb3a1dc5e2b60b741ec1b6fd05f1e95f8982906aec1612896d9ca97d53eef94ad3c9fe023f7a4ca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708"},{"token_type":2,"issuer_name":"6973737565722e6578616d706c65","redemption_context":"619e580a1fe8a7a8938fb3c007af1f6c15f3a94037054fb4f3a7e20bdc15e810","origin_info":"","nonce":"f93a21c15f70a2e67f5efa2f9a5b504c8c8ef895c3f61f31f4abb3a1dc5e2b60","token_key_id":"ca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708","token_authenticator_input":"0002f93a21c15f70a2e67f5efa2f9a5b504c8c8ef895c3f61f31f4abb3a1dc5e2b60d703248fbfcd407d48f9e972d2a7770c2a9d7c97f5449ba4863f968c7d0fa993ca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708"},{"token_type":2,"issuer_name":"6973737565722e6578616d706c65","redemption_context":"619e580a1fe8a7a8938fb3c007af1f6c15f3a94037054fb4f3a7e20bdc15e810","origin_info":"6f726967696e2e6578616d706c652c6f726967696e322e6578616d706c65","nonce":"f93a21c15f70a2e67f5efa2f9a5b504c8c8ef895c3f61f31f4abb3a1dc5e2b60","token_key_id":"ca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708","token_authenticator_input":"0002f93a21c15f70a2e67f5efa2f9a5b504c8c8ef895c3f61f31f4abb3a1dc5e2b601f1d1cb68c578c37d20f2cf5cc192a5f58ee5621803d8d0b7fe97e770634673eca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708"}]
[{"comment":"// token_type(0002), issuer_name(issuer.example),\n// origin_info(origin.example), redemption_context(non-empty)","token_type":"0002","issuer_name":"6973737565722e6578616d706c65","redemption_context":"476ac2c935f458e9b2d7af32dacfbd22dd6023ef5887a789f1abe004e79bb5bb","origin_info":"6f726967696e2e6578616d706c65","nonce":"e01978182c469e5e026d66558ee186568614f235e41ef7e2378e6f202688abab","token_key_id":"ca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708","token_authenticator_input":"0002e01978182c469e5e026d66558ee186568614f235e41ef7e2378e6f202688abab8e1d5518ec82964255526efd8f9db88205a8ddd3ffb1db298fcc3ad36c42388fca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708"},{"comment":"// token_type(0002), issuer_name(issuer.example),\n// origin_info(origin.example), redemption_context(empty)","token_type":"0002","issuer_name":"6973737565722e6578616d706c65","redemption_context":"","origin_info":"6f726967696e2e6578616d706c65","nonce":"e01978182c469e5e026d66558ee186568614f235e41ef7e2378e6f202688abab","token_key_id":"ca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708","token_authenticator_input":"0002e01978182c469e5e026d66558ee186568614f235e41ef7e2378e6f202688abab11e15c91a7c2ad02abd66645802373db1d823bea80f08d452541fb2b62b5898bca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708"},{"comment":"// token_type(0002), issuer_name(issuer.example),\n// origin_info(), redemption_context(empty)","token_type":"0002","issuer_name":"6973737565722e6578616d706c65","redemption_context":"","origin_info":"","nonce":"e01978182c469e5e026d66558ee186568614f235e41ef7e2378e6f202688abab","token_key_id":"ca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708","token_authenticator_input":"0002e01978182c469e5e026d66558ee186568614f235e41ef7e2378e6f202688ababb741ec1b6fd05f1e95f8982906aec1612896d9ca97d53eef94ad3c9fe023f7a4ca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708"},{"comment":"// token_type(0002), issuer_name(issuer.example),\n// origin_info(), redemption_context(non-empty)","token_type":"0002","issuer_name":"6973737565722e6578616d706c65","redemption_context":"476ac2c935f458e9b2d7af32dacfbd22dd6023ef5887a789f1abe004e79bb5bb","origin_info":"","nonce":"e01978182c469e5e026d66558ee186568614f235e41ef7e2378e6f202688abab","token_key_id":"ca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708","token_authenticator_input":"0002e01978182c469e5e026d66558ee186568614f235e41ef7e2378e6f202688ababb85fb5bc06edeb0e8e8bdb5b3bea8c4fa40837c82e8bcaf5882c81e14817ea18ca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708"},{"comment":"// token_type(0002), issuer_name(issuer.example),\n// origin_info(foo.example,bar.example),\n// redemption_context(non-empty)","token_type":"0002","issuer_name":"6973737565722e6578616d706c65","redemption_context":"476ac2c935f458e9b2d7af32dacfbd22dd6023ef5887a789f1abe004e79bb5bb","origin_info":"666f6f2e6578616d706c652c6261722e6578616d706c65","nonce":"e01978182c469e5e026d66558ee186568614f235e41ef7e2378e6f202688abab","token_key_id":"ca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708","token_authenticator_input":"0002e01978182c469e5e026d66558ee186568614f235e41ef7e2378e6f202688ababa2a775866b6ae0f98944910c8f48728d8a2735b9157762ddbf803f70e2e8ba3eca572f8982a9ca248a3056186322d93ca147266121ddeb5632c07f1f71cd2708"}]
50 changes: 46 additions & 4 deletions tokens/token_challenge_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"fmt"
"io/ioutil"
"os"
"strconv"
"strings"
"testing"

Expand Down Expand Up @@ -117,7 +118,8 @@ func TestBase64(t *testing.T) {
// /////
// Index computation test vector structure
type rawTokenTestVector struct {
TokenType uint16 `json:"token_type"`
Comment string `json:"comment"`
TokenType string `json:"token_type"`
IssuerName string `json:"issuer_name"`
RedemptionContext string `json:"redemption_context"`
OriginInfo string `json:"origin_info"`
Expand All @@ -128,6 +130,7 @@ type rawTokenTestVector struct {

type tokenTestVector struct {
t *testing.T
comment string
tokenType uint16
issuerName string
redemptionContext []byte
Expand Down Expand Up @@ -160,7 +163,8 @@ func (tva *tokenTestVectorArray) UnmarshalJSON(data []byte) error {

func (etv tokenTestVector) MarshalJSON() ([]byte, error) {
return json.Marshal(rawTokenTestVector{
TokenType: etv.tokenType,
Comment: etv.comment,
TokenType: fmt.Sprintf("%004x", etv.tokenType),
IssuerName: util.MustHex([]byte(etv.issuerName)),
RedemptionContext: util.MustHex(etv.redemptionContext),
OriginInfo: util.MustHex([]byte(strings.Join(etv.originInfo, ","))),
Expand All @@ -177,7 +181,13 @@ func (etv *tokenTestVector) UnmarshalJSON(data []byte) error {
return err
}

etv.tokenType = raw.TokenType
tokenType, err := strconv.Atoi(raw.TokenType)
if err != nil {
return err
}

etv.comment = raw.Comment
etv.tokenType = uint16(tokenType)
etv.issuerName = string(util.MustUnhex(nil, raw.IssuerName))
etv.redemptionContext = util.MustUnhex(nil, raw.RedemptionContext)
etv.originInfo = strings.Split(string(util.MustUnhex(nil, raw.OriginInfo)), ",")
Expand All @@ -188,6 +198,25 @@ func (etv *tokenTestVector) UnmarshalJSON(data []byte) error {
return nil
}

func wrapString(prefix, text string, lineWidth int) string {
words := strings.Fields(strings.TrimSpace(text))
if len(words) == 0 {
return text
}
wrapped := prefix + " " + words[0]
spaceLeft := lineWidth - len(wrapped)
for _, word := range words[1:] {
if len(word)+1 > spaceLeft {
wrapped += "\n" + prefix + " " + word
spaceLeft = lineWidth - len(word)
} else {
wrapped += " " + word
spaceLeft -= 1 + len(word)
}
}
return wrapped
}

func generateTokenTestVector(t *testing.T, tokenType uint16, redemptionContext []byte, issuerName string, originInfo []string, nonce []byte, tokenSigningKey *rsa.PrivateKey) (tokenTestVector, error) {
if tokenType != 0x0003 && tokenType != 0x0002 {
return tokenTestVector{}, fmt.Errorf("Unsupported token type")
Expand All @@ -204,7 +233,20 @@ func generateTokenTestVector(t *testing.T, tokenType uint16, redemptionContext [
Authenticator: nil, // No signature computed yet
}

// - TokenChallenge with a single origin and non-empty redemption context
// - TokenChallenge with a single origin and empty redemption context
// - TokenChallenge with an empty origin and redemption context
// - TokenChallenge with an empty origin and non-empty redemption context
// - TokenChallenge with a multiple origins and non-empty redemption context
// token type (xxx), issuer name (xxx), single origin (xxx), non-empty redemption context
contextComment := "empty"
if len(redemptionContext) > 0 {
contextComment = "non-empty"
}
comment := wrapString("// ", fmt.Sprintf("token_type(%04x), issuer_name(%s), origin_info(%s), redemption_context(%s)", tokenType, issuerName, strings.Join(originInfo, ","), contextComment), 65)

return tokenTestVector{
comment: comment,
tokenType: tokenType,
issuerName: issuerName,
originInfo: originInfo,
Expand Down Expand Up @@ -259,7 +301,7 @@ func TestVectorGenerateToken(t *testing.T) {
tokenSigningKey := loadPrivateKey(t)
issuerName := "issuer.example"
singleOriginInfo := []string{"origin.example"}
multipleOriginInfo := []string{"origin.example", "origin2.example"}
multipleOriginInfo := []string{"foo.example", "bar.example"}

var vectorInputs = []struct {
tokenType uint16
Expand Down
Loading

0 comments on commit 6ea5db0

Please sign in to comment.