crypto/ecdsa: add c2sp.org/det-keygen test vectors for ECDSA key generation

Switched the tests to a ecdsa_test package to avoid an import loop with
crypto/x509. This required only duplicating encodeSignature for the
RFC 6979 tests, which don't provide ASN.1 encodings.

Change-Id: I260c721385c23976c1ddb8cf4149b4bf6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/778322
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

src/crypto/ecdsa/ecdsa_test.go

@@ -2,26 +2,34 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package ecdsa
+package ecdsa_test
 
 import (
 	"bufio"
 	"bytes"
 	"compress/bzip2"
 	"crypto"
+	. "crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/internal/cryptotest"
+	"crypto/internal/fips140/ecdsa"
 	"crypto/rand"
 	"crypto/sha1"
 	"crypto/sha256"
 	"crypto/sha512"
+	"crypto/x509"
 	"encoding/hex"
+	"encoding/json"
+	"fmt"
 	"hash"
 	"io"
 	"math/big"
 	"os"
 	"strings"
 	"testing"
+
+	"golang.org/x/crypto/cryptobyte"
+	"golang.org/x/crypto/cryptobyte/asn1"
 )
 
 func testAllCurves(t *testing.T, f func(*testing.T, elliptic.Curve)) {
@@ -546,6 +554,27 @@ func testRFC6979(t *testing.T, curve elliptic.Curve, D, X, Y, msg, r, s string)
 	}
 }
 
+func encodeSignature(r, s []byte) ([]byte, error) {
+	var b cryptobyte.Builder
+	b.AddASN1(asn1.SEQUENCE, func(b *cryptobyte.Builder) {
+		addASN1IntBytes(b, r)
+		addASN1IntBytes(b, s)
+	})
+	return b.Bytes()
+}
+
+func addASN1IntBytes(b *cryptobyte.Builder, bytes []byte) {
+	for len(bytes) > 0 && bytes[0] == 0 {
+		bytes = bytes[1:]
+	}
+	b.AddASN1(asn1.INTEGER, func(c *cryptobyte.Builder) {
+		if bytes[0]&0x80 != 0 {
+			c.AddUint8(0)
+		}
+		c.AddBytes(bytes)
+	})
+}
+
 func TestParseAndBytesRoundTrip(t *testing.T) {
 	testAllCurves(t, testParseAndBytesRoundTrip)
 }
@@ -702,6 +731,86 @@ func testInvalidPrivateKeys(t *testing.T, curve elliptic.Curve) {
 	})
 }
 
+// TestKeyGenerationVectors tests GenerateKey with the deterministic keygen
+// vectors of c2sp.org/det-keygen by replacing the default random source with
+// the specified DRBG.
+func TestKeyGenerationVectors(t *testing.T) {
+	var vectors []struct {
+		Curve string
+		Seed  []byte
+		PKCS8 []byte `json:"private_key_pkcs8"`
+	}
+	f, err := os.Open("testdata/det-keygen.json")
+	if err != nil {
+		t.Fatalf("failed to open det-keygen.json: %v", err)
+	}
+	defer f.Close()
+	if err := json.NewDecoder(f).Decode(&vectors); err != nil {
+		t.Fatalf("failed to decode keygen.json: %v", err)
+	}
+	for i, v := range vectors {
+		t.Run(fmt.Sprintf("%s-%d", v.Curve, i), func(t *testing.T) {
+			t.Setenv("GODEBUG", "cryptocustomrand=1")
+			var pers []byte
+			var curve elliptic.Curve
+			switch v.Curve {
+			case "secp224r1":
+				curve = elliptic.P224()
+				pers = []byte("det ECDSA key gen P-224")
+			case "secp256r1":
+				curve = elliptic.P256()
+				pers = []byte("det ECDSA key gen P-256")
+			case "secp384r1":
+				curve = elliptic.P384()
+				pers = []byte("det ECDSA key gen P-384")
+			case "secp521r1":
+				curve = elliptic.P521()
+				pers = []byte("det ECDSA key gen P-521")
+			default:
+				t.Fatalf("unknown curve: %q", v.Curve)
+			}
+			drbg := ecdsa.TestingOnlyNewDRBG(sha256.New, v.Seed, nil, pers)
+			rng := &keyGenTestReader{next: func(p []byte) error {
+				drbg.Generate(p)
+				return nil
+			}}
+			priv, err := GenerateKey(curve, rng)
+			if err != nil {
+				t.Fatalf("GenerateKey: %v", err)
+			}
+			der, err := x509.MarshalPKCS8PrivateKey(priv)
+			if err != nil {
+				t.Fatalf("MarshalPKCS8PrivateKey: %v", err)
+			}
+			if !bytes.Equal(der, v.PKCS8) {
+				t.Errorf("PKCS8 mismatch:\n%s\nvs\n\n%s", hex.Dump(der), hex.Dump(v.PKCS8))
+			}
+		})
+	}
+}
+
+type keyGenTestReader struct {
+	next func([]byte) error
+}
+
+func (r *keyGenTestReader) Read(p []byte) (n int, err error) {
+	// Neutralize randutil.MaybeReadByte.
+	//
+	// DO NOT COPY this. We *will* break you. We can do this because we're
+	// in the standard library, and can update this along with the
+	// GenerateKey implementation if necessary.
+	//
+	// You have been warned.
+	if len(p) == 1 {
+		return 1, nil
+	}
+
+	if err := r.next(p); err != nil {
+		return 0, err
+	}
+	return len(p), nil
+}
+
 func benchmarkAllCurves(b *testing.B, f func(*testing.B, elliptic.Curve)) {
 	tests := []struct {
 		name  string

src/crypto/ecdsa/testdata/det-keygen.json

@@ -0,0 +1,107 @@
+[
+    {
+        "curve": "secp224r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQg==",
+        "private_key_pkcs8": "MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBwKgDLGLSvT4diWwjjYfkzzGOaadKD7X3MPK9D8oTwDOgAEXzylIJA89laGpqCtAaQnsVmNlU6fj2vkit7P9tTwkTbM4E84zWAaVUpQr2ZdX/T02+qJS2vCD1g="
+    },
+    {
+        "curve": "secp224r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQkJCQkJC",
+        "private_key_pkcs8": "MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBz9Lt3OFM4791ry2tzq9SoShCgx6lTteV/tZ4gvoTwDOgAE64xE14cikGDtqGFrM4lu3RyG/e+JZAZg5FKsroSpmQ0uqclabPlovSpedpU8TEl26kdfcjenH3g="
+    },
+    {
+        "curve": "secp224r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC",
+        "private_key_pkcs8": "MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBwYCSQqAwyEw12eblgI3jjrN53M8Wn1VTRisYM2oTwDOgAEoTiSdneWOv/6dwK/8F7Lc9a6KOf6KlDGTjqm5gXp35qbnwjisJxvl7ptpcjsHYGcBm4jN7Mvlqw="
+    },
+    {
+        "curve": "secp224r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC",
+        "private_key_pkcs8": "MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBzMaaucPXcR0sItSdT8eeEXrLBSWufm1l1iNdSZoTwDOgAEj1traQY0tXlFvzlnnSLzIVMno5U3OSuTozXk0wL50Gk5eRfLXMlHHU61piJbwftEuY3sK1L+sfQ="
+    },
+    {
+        "curve": "secp224r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC",
+        "private_key_pkcs8": "MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBzZqJFNouQHvXoqKKjICIPVAu2d1CfaGrla7AEuoTwDOgAESgcB/O+E+cszd1QJthGwWUGePZwKJd7Zqq0FKE+0fYyF6x8+Njxuhl55zH4WewDAck3i1Yw9pQ4="
+    },
+    {
+        "curve": "secp256r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQg==",
+        "private_key_pkcs8": "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgFXAP+MY43FEcYRph/xtnRepvbgTZns3Ypd4s3KHG2PWhRANCAARK9xANzNgkarQJXzjfxNcfIXaj0GD+TwPBH2ihYsDSLmCVD3nI5EhogDuptztLvWJGXiYCoETbV3UZ/SzASU0v"
+    },
+    {
+        "curve": "secp256r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQkJCQkJC",
+        "private_key_pkcs8": "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgfypiGNS2nMg0+rGylgdqWWOTWEG6lfl3YCLGW1nj0mqhRANCAATf8c2vos8cNd5TfyuKI2u06LhRPDsHiHxwf3l69ayzAs2MyL6ivpv1qlVUVSkHssJGEt7VlLd/QwYYk0cN9Ehx"
+    },
+    {
+        "curve": "secp256r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC",
+        "private_key_pkcs8": "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGyGF1fZ+2czLp6D54LtG6V44boaPOXX8CbnPWaEt8tihRANCAAQ06+841WvjBR0iYrBCq1PNHu4pmMEcBdz4riE/PH1CltOxxiPj9BNlVFuXoGd1PsAz10VbM9saDS/GlQkKPbgU"
+    },
+    {
+        "curve": "secp256r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC",
+        "private_key_pkcs8": "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgte+KqUo2LvucQS/I+7SnAZykNox1/sUTxzbWSQpTICOhRANCAARppwCEmwMGkCDsckjYdQn+JLTdOAEA4eTEnL+rbr6bjR/EJ9GEt31prHZGnnd5V57qLMnEMr7Kn47Ullx2Nbn4"
+    },
+    {
+        "curve": "secp256r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC",
+        "private_key_pkcs8": "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgYwGnU54dourLPWG1tVTBJp9XsDxBz2w8s+wWxtfExSChRANCAARRn/XSye5/iB83UvVy2iS1uLFZ7XXF97JlRMOSBCntXn2tq16nZ96Gh5h9DUFu1/5tpWh6zJxw0xwCsaZ0xTVP"
+    },
+    {
+        "curve": "secp256r1",
+        "seed": "tDL5vjCJBIApghhRBVmu1w==",
+        "private_key_pkcs8": "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgjjMHhWW9fR+fgQEfqLeIYyr4QAdKsOsx+AIrd1R9YfOhRANCAAQL4vM/F5MfdZGkNZ76xFsUcBv2wGOLFeR6UUdMjcVKdVJVGy54GBTj+RMMDNq2ptG07tEKwNRKmC3Sq1HX9q4e"
+    },
+    {
+        "curve": "secp384r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQg==",
+        "private_key_pkcs8": "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAxcM+HB4XMh9m7ATZkaDR4MfllYIN1qajZxSjuZKlxbFc293g0zzbFTqJYEXBU4r6hZANiAARKMQM5fBux/teQhJhd/EoYSaDvON5KpxfFxJTdbqcZtlOG63zykDTBSJTch9mw8/6I6R5On0GXM0QmSnjs0YJHjMvcveVzkyrDDH3jHV8KgNiWm9e9OaQfP7VUD9j++e0="
+    },
+    {
+        "curve": "secp384r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQkJCQkJC",
+        "private_key_pkcs8": "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCgWLt18+U09yZdWYeYAQny3+47FJjczmvc3TfxcfHZuyodvwAN25NBb4+00p//VWehZANiAAQ0BWAMq9tdLnNtagxFel58RJ6hRGyJKCJNpKD1QrnlskJMrvehx7req0rCMgU8+YwwViWfDtCsKh1S+VPZOYrj+LC4fRuqE7KmlLQFhQOnVxJrozpF1Wah3ZKRpeAirSE="
+    },
+    {
+        "curve": "secp384r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC",
+        "private_key_pkcs8": "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDD/s5OC27VOUllPwyw15MeeNWYv8Lqkie45z1dpzGwdBi7ExOQwnqkZDsWdV1ELSxihZANiAAQAXFI+KpKxNsiHS6TP864K733Iw2mng8AoAepWWAtrFAp6M+ANjFtlRlEGd4w8SGmBZ2vASrgC4SJHABuwPNmYLE9D+K56xuzl73mPIbvQwLcZswRDV6h+jQ5kct2GU8k="
+    },
+    {
+        "curve": "secp384r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC",
+        "private_key_pkcs8": "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDcpXHxVQhPLTA9DR7GNnCn0Xa0eOgmGcQJ/Mly7sOKpL9CUrHQMCfB1xqxqdZBlkihZANiAAQDvgz6ZcIGrzAzllQVtrliQu3V75NCwPNANLLx/eT7UgbKHrG60GGJoz2Aw1aT7pfTtmzWdt2hmvdMOxDq4jxsknYzvyAs+UD+JeyrqK7QCsxM7bB99qk81ggAVakK6VI="
+    },
+    {
+        "curve": "secp384r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC",
+        "private_key_pkcs8": "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDIhmLSK/1Qxyet2Minln77gIQ00Hz93AxL0My9lcBvk+085eVgMiNfmfS7p0KhG4+hZANiAATN2HoTuMu5vDJn+XYn0thwIgzKHJ7Mz6tki+iMdxGhxES4dpwPICguz9PBeZBK0sYe82Kz5g67Ii7dUFZ+6AXNFuXT5UxU5wiZHY4E4oGLgMR9Mldw3hyMbGZXgZcyC8Y="
+    },
+    {
+        "curve": "secp521r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQg==",
+        "private_key_pkcs8": "MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIB4PpmKmCNIWfODkTuf3k/Ow8WO9O00w3CRyTyavr63nKdErxp8uQgLBXza3BVeL8UAV0JrzRoEy2Sefh1JUaflZShgYkDgYYABAAfwemSskh2ZLEBpRfzQmtsruYmNuK9bLZK5oKTO6y0Lb79N/r508FERvte0X/N2PAzcQyvMlzlfi0OyHzkdNGDhwDLpYblXP3NEp09S+A7r4t35SuaD7g+UHjGRZDXmBnwlh8aCtedEtoXTVyBPPhdPAaLvFG9MxblHCvnsxM7NLizNA=="
+    },
+    {
+        "curve": "secp521r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQkJCQkJC",
+        "private_key_pkcs8": "MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIByo26VNbXJN8pd3o82DmTiNVuOC6ipWU5oxtYMV7iWTrH3GxnpXYuWg/j5Wy32wwAnCWhFWqM2P3DA20/gRU5Lg6hgYkDgYYABAEIjz0f4vr2+ViSnTQXFFK467GV14/4KlZhIe89kCfPMzQZKVtz/Cuvxoao3s671/T14csgRJuGvP3u3PMzmFTW5gF41XkEnpZYppYN8snIZrGrvn4mNKor8NAeO+5lLT0cn9RG8ajfwINTtgFKSAHaYe4rtE/XSrAURgd/ZCs6jUv/zA=="
+    },
+    {
+        "curve": "secp521r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC",
+        "private_key_pkcs8": "MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAkE5PTXPZXl34LVzX9NXoVv1YwGYWUrtEtf3D8o1ZWr9pQTFPqrzbGVlw/e7c5AmiVrnWRVyV7JGB0KAloU+57RehgYkDgYYABAFfhC7g3t3u7Mp2Y6+HL7YRQV4yUKsMSKNlNBXe0KKDoGGXOqiJROotCb4XJOf5IPbAOqqeDqZH/F7y9+0A5PQ1HQD1Uaqnb+n4+uJsEsY0MiLrVx2WnQ+EefEU5LxNtDlse9bVWfU3bdUCy61mVye5Te2zmK10nH/HQyektwbhbpoiJg=="
+    },
+    {
+        "curve": "secp521r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC",
+        "private_key_pkcs8": "MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBz8L26r588/Igrl2YHBk+Bsc1XJJNnwgaekRj5RxFA23AZuNb/w05EDHdZrjEhPLFgAltoBGueqF8zCfXiIQ/WKWhgYkDgYYABAGEpPYJP54aihdxWBlAFqpUnWWXRt3RUWOdJuon8aM9BHXcDewjvRNsimaXlqXTfG7RDeVd5wM1PRS377H2kSoXHwEQxm0ZcsUj6h92N1Doowsn9WmxZgIIIvY4AIrydCynWAcaUxPfO//84piXEbTYHhyhig3xVZJVfp7Cb98zkKMmPg=="
+    },
+    {
+        "curve": "secp521r1",
+        "seed": "QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJC",
+        "private_key_pkcs8": "MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA8Tm2qD4oWvHbsGCt3YiXFdT/I8Z0epmGh6x7AaRCFapV+yKBCpqr3AO95R6am5HN8K8WrygWM7yugEz5jUXkfHqhgYkDgYYABADNFQ9ZfZtqkGwdyY+gMGxf5Kd/AZkO5b4+CMQJcaal8rw25etGS4GBpWz4B0pUwoSdgyWVBBlU8hceoGuD7aQE/AAZEJZV99NYxPSlJ1embi7jAUwfnAhDuibtkqKU8A0QOHCwHPiMDXvcxjRt5aHNgd9J+ehVz62SRFmreRI+hLeMtA=="
+    }
+]