test vectors 2-E-5, 2-E-6, RFC vs reference implementation

Question

test vectors 2-E-5, 2-E-6, RFC vs reference implementation

purificant opened this issue 6 years ago · comments

There is an inconsistency between the test vector specification in the RFC and reference implementation for test vectors 2-E-5, 2-E-6 and 2-S-2.

For example, for 2-E-5, published rfc draft and rfc source specify footer {"kid":"UbkK8Y6iv4GZhFp6Tx3IWLWLfNXSEvJcdT3zdR65YZxo"} while
reference implementation actually uses footer with kid zVhMiPBP9fRf2snEcT7gFTioeA9COcNy9DfgL1W60haN.

The same discrepancy exists for 2-E-6.

For 2-S-2, published rfc draft and rfc source use kid dYkISylxQeecEcHELfzF88UZrwbLolNiCdpzUHGw9Uqn while reference implementation uses kid zVhMiPBP9fRf2snEcT7gFTioeA9COcNy9DfgL1W60haN.

Please confirm, is it safe to assume that reference implementation contains the correct test vector and rfc source should be amended?

Edit: added 2-S-2

purificant · Answer 1 · Thu Dec 13 2018 23:46:23 GMT+0800 (China Standard Time)

Any thoughts on this?

My interest if that of a library maintainer. I am currently matching the reference implementation to ensure correctness and compatibility.

Sergei Maximov · Answer 2 · Fri Feb 22 2019 20:07:04 GMT+0800 (China Standard Time)

Another disrepancy for v1-S-1 and v1-S-2. RFC source:

{"data":"this is a secret message","exp":"2019-01-01T00:00:00+00:00"}

Reference implementation:

{"data":"this is a signed message","exp":"2019-01-01T00:00:00+00:00"}

P.I.E. Security Team · Answer 3 · Wed Jul 28 2021 09:04:12 GMT+0800 (China Standard Time)

We have JSON files in #128 that have the correct inputs/outputs.

Does that help?

purificant · Answer 4 · Wed Jul 28 2021 19:10:26 GMT+0800 (China Standard Time)

We have JSON files in #128 that have the correct inputs/outputs.

Does that help?

This helps a lot! Thanks. I'll match the JSON in my tests.

purificant · Answer 5 · Thu Jul 29 2021 21:06:00 GMT+0800 (China Standard Time)

This can be closed now. Thank you for your help @paragonie-security

I've implemented tests for updated and expanded v2 test vectors without any issues as per spec here: https://github.com/paragonie/paseto/blob/b039dfefa65376fe11fd7dd6cc2e4d26b08b1144/docs/03-Implementation-Guide/Test-Vectors/v2.json
Expecting these test vectors to eventually be available in the documentation here: https://github.com/paragonie/paseto/tree/master/docs/03-Implementation-Guide

For implementation purposes, I find it useful to have the test vectors JSON available as a git repo so that any library can include it as a git submodule or a subtree and run tests against the JSON. I've created https://github.com/purificant/paseto-test-vectors to achieve this, if there was an official version of this, I'd prefer to use it instead.

Thanks for your hard work! PASETO ❤️