Client library for verifications #39
Conversation
|
This is probably just a personal preference thing, but merging in branches complicates rebasing. Next time you want to depend on another branch, I'd suggest you rebase your change on top of that branch. If that branch is already pushed, you can even create a pull request against that branch so that only the above changes are shown in the PR here. |
Yeah, thanks for your advices! Btw, I also rebased this branch on top of master branch. |
vqhuy
force-pushed
the
client-cgo
branch
2 times, most recently
from
eb7275f
to
613725c
Compare
| unsigned char pk[] = {28,149,90,106,83,99,227,227,211,89,29,250,220,141,17,203,254,130,127,134,175,133,156,164,83,58,139,228,79,64,252,75}; | ||
| unsigned char m[] = {97,108,105,99,101}; | ||
| unsigned char index[] = {96,43,9,174,212,169,113,184,98,128,48,210,186,218,171,145,115,82,29,23,177,126,63,169,232,125,248,165,91,134,76,32}; | ||
| unsigned char proof[] = {213,244,36,141,83,73,206,202,94,3,40,174,237,156,101,140,222,18,24,211,136,24,74,63,246,211,142,186,255,123,73,12,33,252,200,161,18,208,124,150,91,42,229,156,96,225,154,226,206,143,161,1,141,188,34,7,124,45,222,189,89,116,36,3,233,126,71,41,140,29,36,34,138,167,217,239,16,210,51,125,28,127,7,34,89,219,181,82,86,154,10,155,159,144,158,179}; |
There was a problem hiding this comment.
It would be clearer (and easier to maintain) if you moved generating and serializing this data into the go testVRFVerify and passed it as arguments to C.testVRFVerify.
int testVRFVerify(unsigned char *pk, ...) {
At present, it's hard to tell what it is and why it's correct.
Same for all the tests below.
There was a problem hiding this comment.
I fixed it in 763c2649aba5826e3320c48b4eff3a78cfb688a9. I also made some changes on AuthenticationPath struct: converting PrunedTree from slice of slices to slice of arrays; and adding method to get latest STR from PAD (ec3675936cd8e32df44c0f9b494c60aa2df82c23)
masomel
force-pushed
the
master
branch
3 times, most recently
from
25a6925
to
2f704cf
Compare
vqhuy
force-pushed
the
client-cgo
branch
3 times, most recently
from
6c7ae21
to
b246175
Compare
|
Looks good to me! |
| unsigned char *m, int mSize, | ||
| unsigned char *index, int indexSize, | ||
| unsigned char *proof, int proofSize) { | ||
| if (cgoVrfVerify(pk, pkSize, m, mSize, |
There was a problem hiding this comment.
Couldn't you just return cgoVrfVerify(..)? Why are these if blocks here?
There was a problem hiding this comment.
I just want to make sure the flow: converting from golang types to C types and then from C types to golang types works as expected.
There was a problem hiding this comment.
You don't trust the golang developers? :)
There was a problem hiding this comment.
No, it's not what I mean, haha. I mean my use of something like unsafe.Pointer and others ...
Ok, I agree that they could be simplified as you said.
There was a problem hiding this comment.
I just re-read my code and realized that I missed something. What I mean when using these C functions as bridges is that I want to make the same scenario as when the lib being used in the add-on with js-ctypes. That is the input should be type unsigned char* and passed to go functions that take arguments type unsafe.Pointer. Hopefully it makes sense to you.
There was a problem hiding this comment.
Sorry, I probably wasn't being clear. I was asking for this,
int testVRFVerify(unsigned char *pk, int pkSize,
unsigned char *m, int mSize,
unsigned char *index, int indexSize,
unsigned char *proof, int proofSize) {
return cgoVrfVerify(pk, pkSize, m, mSize,
index, indexSize, proof, proofSize);
}
feb6cf6
to
7801e29
Compare
| func main() {} | ||
|
|
||
| //export cgoEd25519SignatureVerify | ||
| func cgoEd25519SignatureVerify(pk unsafe.Pointer, pkSize C.int, |
There was a problem hiding this comment.
Maybe just call this cgoSignatureVerify to not expose the scheme?
Aw, sorry :(
Yup, makes sense. |
| } | ||
| } | ||
|
|
||
| func testVerifyProofOfAbsenceSamePrefix(t *testing.T) { |
There was a problem hiding this comment.
Just to make sure I've understood this test correctly. The difference between this proof of absence test and the one in VerifyAuthPath is that the string "a" in this test definitely shares the same prefix as "key1", which will give you a user leaf node in the proof? While "123" in the previous test does not share the same prefix as "key1", "key2" or "key3", which will give you an empty node? I'm wondering if we should also be explicitly checking the leaf type in these tests. Though I know this is checked implicitly when the auth path is hashed, so maybe that's enough?
There was a problem hiding this comment.
Did you mean we need to assert the string "a" shares the same prefix as "key1"?
I copied this test from proof_test.go, and it already has type assertion there. Hopefully it makes it clearer.
There was a problem hiding this comment.
No, since this is done in merkletree.VerifyAuthPath(), right? I mean, should we assert that proof.Leaf.IsEmpty() is false for "a" and true for "123" in testVerifyAuthPath() above.
There was a problem hiding this comment.
No, since this is done in merkletree.VerifyAuthPath(), right?
Yes, it is. So if there is anything go wrong, the hash verification would return false. So I think we don't need to explicitly assert it in these tests.
There was a problem hiding this comment.
So if there is anything go wrong, the hash verification would return false.
True. I guess, I thought this was an additional way to test that the hash verification is working. But using the hash verification is probably enough for this assertion.
- added benchmarks for creating large directory and doing lookups from large directory - TB test - MakeRand and Digest test
- s/createLargePadForBenchmark/createPad <- could be useful for other tests, too - added tests for some edge cases - removed obsolete check `uint64 < 0` which can't happen and error
- benchmark pad.Update(nil) in tree with 10^5 users (takes on average 0.23 s and consumes 72 MB)
- more stress tests/benchmarks for PAD Update and LookUp (used for pprof)
- test coverage in utils package
| @@ -19,6 +19,7 @@ hijacking secure communications without getting caught. | |||
| ## Golang Library | |||
| The packages in this library implement the various components of the CONIKS system and may be imported individually. | |||
|
|
|||
| - ``client``: Client-side protocol implementation | |||
There was a problem hiding this comment.
Should this explanation say something more like "Client-side protocol cgo (or C?) hooks"?
|
LGTM. |
| func cgoVerifySignature(pk unsafe.Pointer, pkSize C.int, | ||
| message unsafe.Pointer, size C.int, | ||
| sig unsafe.Pointer, sigSize C.int) C.int { | ||
| if int(pkSize) < sign.PublicKeySize { |
There was a problem hiding this comment.
Should we define SignatureSize = 64 in crypto/sign.go?
What's the intention of these quick check anyways? Who are they benefiting? We know the expected lengths of these buffers, except for message. Passing in all these length is kind of verbose, but I guess you're trying to be safe and avoid the chance for an out-of-bounds read.
There was a problem hiding this comment.
I guess you're trying to be safe and avoid the chance for an out-of-bounds read.
Yes, since we are dealing with unsafe.Pointer. Should I remove these checks?
There was a problem hiding this comment.
Should I remove these checks?
Nah. But add one for the SignatureSize as well.
vqhuy
force-pushed
the
client-cgo
branch
2 times, most recently
from
38bbad4
to
03cf223
Compare
| } | ||
| } | ||
|
|
||
| func testVerifyHashChain(t *testing.T) { |
|
LGTM |
Squashed commits: [03cf223] Fix fatal bug in hash chain verification function [328b245] Compile client crypto library with cgo
I merged branch
no-getsetsince we can take the advantages of struct fields (e.g., https://github.com/coniks-sys/coniks-go/blob/9c253690f74c41d9763111bd660cbb8108236b86/client/cgo/coniks.go#L105-L107).I will fixed other getters when the #36 is clarified.