tools: add jsonschema linter

cpu · cpu · commit c44de18436ed · 2025-03-19T10:58:45.000-04:00
This commit initializes a Go module for the repo, adding a single
command under `tools/vectorlint`.

The new `vectorlint` tool can be provided a directory of schemas, and
one or more directories of test vectors. It will process all vectors to
check that:

* the vector JSON is valid
* the vector JSON references a schema JSON file that exists
* the schema JSON compiles
* the vector JSON is valid according to its referenced schema

This initial work has some important limitations:

1. There are 7 schemas referenced by vector files in `testvectors_v1/`
   that don't exist. For now these are tracked in a `missingSchemas` map
   and the tool ignores vectors that ref these. We should add the
   missing schemas and remove the `missingSchemas` entries.
2. The schemas use a number of custom formats. To get started I've
   implemented the format validation as a no-op. We should add
   validation logic for each custom format and remove the no-op
   validation.
3. The schema's don't include "additionalProperties":false, and there are few
   required fields, so the validation is quite lax. (e.g. v1 files that
   differ substantially from the v0 schema appear to verify anyway).
diff --git a/go.mod b/go.mod
@@ -0,0 +1,7 @@
+module github.com/c2sp/wycheproof
+
+go 1.23.6
+
+require github.com/santhosh-tekuri/jsonschema/v6 v6.0.1
+
+require golang.org/x/text v0.14.0 // indirect
diff --git a/go.sum b/go.sum
@@ -0,0 +1,6 @@
+github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI=
+github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
+github.com/santhosh-tekuri/jsonschema/v6 v6.0.1 h1:PKK9DyHxif4LZo+uQSgXNqs0jj5+xZwwfKHgph2lxBw=
+github.com/santhosh-tekuri/jsonschema/v6 v6.0.1/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
diff --git a/tools/vectorlint/main.go b/tools/vectorlint/main.go
@@ -0,0 +1,194 @@
+// vectorlint analyzes vector files to flag potential issues
+package main
+
+import (
+	"encoding/json"
+	"flag"
+	"fmt"
+	"github.com/santhosh-tekuri/jsonschema/v6"
+	"io/fs"
+	"log"
+	"os"
+	"path/filepath"
+	"regexp"
+	"strings"
+)
+
+func main() {
+	schemaDirectory := flag.String("schemas-dir", "schemas", "directory containing schema files")
+	vectorsDirectories := flag.String("vectors-dir", "testvectors_v1,testvectors", "comma separated directories containing vector files")
+	vectorFilter := flag.String("vector-filter", "", "only validate vector files matching the provided pattern")
+
+	flag.Parse()
+
+	vectorDirectoryParts := strings.Split(*vectorsDirectories, ",")
+
+	log.Printf("reading schemas from %q\n", *schemaDirectory)
+	log.Printf("reading vectors from %q\n", vectorDirectoryParts)
+
+	var vectorRegex *regexp.Regexp
+	if *vectorFilter != "" {
+		vectorRegex = regexp.MustCompile(*vectorFilter)
+		log.Printf("filtering vectors with %q\n", *vectorFilter)
+	}
+
+	schemaCompiler := jsonschema.NewCompiler()
+
+	for _, f := range customFormats {
+		schemaCompiler.RegisterFormat(&f)
+	}
+
+	var total, valid, invalid, noSchema, ignored int
+	for _, vectorDir := range vectorDirectoryParts {
+		err := filepath.WalkDir(vectorDir, func(path string, d fs.DirEntry, err error) error {
+			if err != nil {
+				return err
+			}
+
+			if d.IsDir() || !strings.HasSuffix(d.Name(), ".json") {
+				return nil
+			}
+
+			if vectorRegex != nil && !vectorRegex.MatchString(d.Name()) {
+				return nil
+			}
+
+			vectorData, err := os.ReadFile(path)
+			if err != nil {
+				return fmt.Errorf("failed to read %s: %w", path, err)
+			}
+
+			total++
+
+			var vector struct {
+				Schema string `json:"schema"`
+			}
+
+			if err := json.Unmarshal(vectorData, &vector); err != nil {
+				log.Printf("❌ %q: invalid vector JSON data: %s\n", path, err)
+				invalid++
+				return nil
+			}
+
+			if vector.Schema == "" {
+				log.Printf("❌ %q: no schema specified\n", path)
+				noSchema++
+				return nil
+			}
+
+			if missingSchemas[vector.Schema] {
+				log.Printf("⚠️ %q: ignoring missing schema %q\n", path, vector.Schema)
+				ignored++
+				return nil
+			}
+
+			schemaPath := filepath.Join(*schemaDirectory, vector.Schema)
+			if _, err := os.Stat(schemaPath); os.IsNotExist(err) {
+				log.Printf("❌ %q: referenced schema %q not found\n", path, vector.Schema)
+				invalid++
+				return nil
+			}
+
+			schema, err := schemaCompiler.Compile(schemaPath)
+			if err != nil {
+				log.Printf("❌ %q: invalid schema %q: %s\n", path, vector.Schema, err)
+				invalid++
+				return nil
+			}
+
+			var instance any
+			if err := json.Unmarshal(vectorData, &instance); err != nil {
+				log.Printf("❌ %q: invalid vector JSON data: %s\n", path, err)
+				invalid++
+				return nil
+			}
+
+			if err := schema.Validate(instance); err != nil {
+				log.Printf("❌ %q: vector doesn't validate with schema: %s\n", path, err)
+				invalid++
+				return nil
+			}
+
+			log.Printf("✅ %q: validates with %q\n", path, vector.Schema)
+			valid++
+			return nil
+		})
+		if err != nil {
+			fmt.Printf("Error walking directory: %v\n", err)
+			os.Exit(1)
+		}
+	}
+
+	log.Printf("linted %d vector files\n", total)
+	log.Printf("valid: %d\n", valid)
+	log.Printf("invalid: %d\n", invalid)
+	log.Printf("no schema: %d\n", noSchema)
+	log.Printf("ignored: %d\n", ignored)
+
+	os.Exit(invalid)
+}
+
+var (
+	// TODO(XXX): some _v1 vectors reference schema files that don't exist. Until fixed, ignore these schemas.
+	missingSchemas = map[string]bool{
+		// testvectors_v1/aes_ff1_base*_test.json:
+		"fpe_str_test_schema.json": true,
+
+		// testvectors_v1/aes_ff1_radix*_test.json:
+		"fpe_list_test_schema.json": true,
+
+		// testvectors_v1/ec_prime_order_curves_test.json:
+		"ec_curve_test_schema.json": true,
+
+		// testvectors_v1/ecdsa_secp256k1_sha256_bitcoin_test.json
+		"ecdsa_bitcoin_verify_schema.json": true,
+
+		// testvectors_v1/pbes2_hmacsha*_aes_*_test.json:
+		"pbe_test_schema.json": true,
+
+		// testvectors_v1/pbkdf2_hmacsha*_test.json:
+		"pbkdf_test_schema.json": true,
+
+		// testvectors_v1/rsa_pss_*_sha*_mgf*_params_test.json
+		// testvectors_v1/rsa_pss_misc_params_test.json:
+		"rsassa_pss_with_parameters_verify_schema.json": true,
+	}
+
+	customFormats = []jsonschema.Format{
+		{
+			Name: "Asn",
+			// TODO(XXX): validate "Asn" format.
+			Validate: noValidateFormat,
+		},
+		{
+			Name: "Der",
+			// TODO(XXX): validate "Der" format.
+			Validate: noValidateFormat,
+		},
+		{
+			Name: "EcCurve",
+			// TODO(XXX): validate "EcCurve" format.
+			Validate: noValidateFormat,
+		},
+		{
+			Name: "HexBytes",
+			// TODO(XXX): validate "HexBytes" format.
+			Validate: noValidateFormat,
+		},
+		{
+			Name: "BigInt",
+			// TODO(XXX): validate "BigInt" format.
+			Validate: noValidateFormat,
+		},
+		{
+			Name: "Pem",
+			// TODO(XXX): validate "Pem" format.
+			Validate: noValidateFormat,
+		},
+	}
+)
+
+// noValidateFormat is a placeholder Format.Validate callback that performs no validation of the input.
+func noValidateFormat(_ any) error {
+	return nil
+}
