Closed mirceanis closed 8 months ago
result.subarray(1)
I understand all your points and I'm not questioning the correctness of the raw implementation. I raised the issue because it may cause issues for other folks that need to work with other stacks that use the 32 byte output (as I had to). Since the result of that usually gets hashed before being used as a key it's going to be a pain to debug when things go wrong.
Still, having the test vectors there and not actually using them creates a false sense of security, especially for the "invalid" cases, which pass for the wrong reasons now. Sadly I don't have the bandwidth to attempt any ASN/DER parsing implementation. Would you accept a devDependency that does that parsing for the test suite?
Still, having the test vectors there and not actually using them creates a false sense of security, especially for the "invalid" cases, which pass for the wrong reasons now
I agree. For this reason I will do add a quick and dirty parsing right now. Simple tests will pass, other will get filtered out.
Done: a4abd8a. I see 1249 correctly executed test vectors.
Now 3515 tests with c525356. I think that's good enough.
amazing, thanks for looking into this!
I'm trying to use this lib to do some P-256 key agreement and I seem to have stumbled upon a problem. The shared secret being generated is 33 bytes long for P256. This tells me that I'm getting the compressed form of the point. I looked at some test vectors I found in other places and saw that they are expecting 32 bytes (only the X coord). The fix for this would be easy.
BUT
Then I started looking at the test vectors being used here and at first glance everything seems to coincide with other public vectors, but upon running the tests I noticed that NONE of the relevant vectors are actually included in the tests for ECDH!
The "problem" seems to be this line where they are excluded based on encoding, but all the vectors are using the same encoding, so all get excluded.