purificant
commented
5 years ago Any thoughts on this?
My interest if that of a library maintainer. I am currently matching the reference implementation to ensure correctness and compatibility.
Closed purificant closed 3 years ago
purificant
commented
5 years ago Any thoughts on this?
My interest if that of a library maintainer. I am currently matching the reference implementation to ensure correctness and compatibility.
smaximov
commented
5 years ago Another disrepancy for v1-S-1 and v1-S-2. RFC source:
{"data":"this is a secret message","exp":"2019-01-01T00:00:00+00:00"}Reference implementation:
{"data":"this is a signed message","exp":"2019-01-01T00:00:00+00:00"}
paragonie-security
commented
3 years ago We have JSON files in #128 that have the correct inputs/outputs.
Does that help?
purificant
commented
3 years ago We have JSON files in #128 that have the correct inputs/outputs.
Does that help?
This helps a lot! Thanks. I'll match the JSON in my tests.
purificant
commented
3 years ago This can be closed now. Thank you for your help @paragonie-security
I've implemented tests for updated and expanded v2 test vectors without any issues as per spec here: https://github.com/paragonie/paseto/blob/b039dfefa65376fe11fd7dd6cc2e4d26b08b1144/docs/03-Implementation-Guide/Test-Vectors/v2.json Expecting these test vectors to eventually be available in the documentation here: https://github.com/paragonie/paseto/tree/master/docs/03-Implementation-Guide
For implementation purposes, I find it useful to have the test vectors JSON available as a git repo so that any library can include it as a git submodule or a subtree and run tests against the JSON. I've created https://github.com/purificant/paseto-test-vectors to achieve this, if there was an official version of this, I'd prefer to use it instead.
Thanks for your hard work! PASETO :heart:
There is an inconsistency between the test vector specification in the RFC and reference implementation for test vectors 2-E-5, 2-E-6 and 2-S-2.
For example, for 2-E-5, published rfc draft and rfc source specify footer
{"kid":"UbkK8Y6iv4GZhFp6Tx3IWLWLfNXSEvJcdT3zdR65YZxo"}while reference implementation actually uses footer with kidzVhMiPBP9fRf2snEcT7gFTioeA9COcNy9DfgL1W60haN.The same discrepancy exists for 2-E-6.
For 2-S-2, published rfc draft and rfc source use kid
dYkISylxQeecEcHELfzF88UZrwbLolNiCdpzUHGw9Uqnwhile reference implementation uses kidzVhMiPBP9fRf2snEcT7gFTioeA9COcNy9DfgL1W60haN.Please confirm, is it safe to assume that reference implementation contains the correct test vector and rfc source should be amended?
Edit: added 2-S-2