Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ECDSA-SD-2023: empty mandatory and selective pointers tests #46

Open
filip26 opened this issue Feb 27, 2024 · 6 comments
Open

ECDSA-SD-2023: empty mandatory and selective pointers tests #46

filip26 opened this issue Feb 27, 2024 · 6 comments

Comments

@filip26
Copy link

filip26 commented Feb 27, 2024
edited
Loading

Hi,
please consider testing corner cases when pointers are empty/null. The tests could show real maturity/stability of an implementation.

  1. Issuer.sign - empty/null mandatory pointers
    An implementation should return a base proof with no mandatory/always disclosed/ data.

  2. Holder.derive - base proof from 1. + empty/null selective pointers
    An implementation should fail, as there is nothing to disclose. @Wind4Greg please can you confirm? Thank you!

  3. Holder.derive - base having mandatory pointers + empty/null selective pointers
    An implementation should return a derived proof disclosing only mandatory data.
@Wind4Greg
Copy link

@filip26 good cases. I think you found an error in my server side checks. I was rejecting the case with nothing selected but forgot that there could be mandatory reveal information.

I've gotten some requests to update the spec test vectors with something a bit more relevant than fictional windsurfing races. Also the longer test cases from @aljones15 helped me find a bug in my primitives so I'm going to try to come up with something more relevant for the spec and something longer and a bit more realistic for adding here. Ideas are welcome.

@aljones15
Copy link
Contributor

@filip26 I'm not aware of a normative statement for empty mandatoryPointers and selectiveDisclosure in the spec, but this is a good idea.

@PatStLouis
Copy link
Contributor

@filip26 we have added mandatoryPointer tests here and here.

Does this address the issue? @filip26

@filip26
Copy link
Author

filip26 commented Dec 16, 2024

@PatStLouis you are referring to:

  • 'The transformation options MUST contain an array of mandatory ' +
    'JSON pointers (mandatoryPointers) and MAY contain additional ' +
    'options, such as a JSON-LD document loader'
  • If the length of signatures does not match the length of ' +
    'nonMandatory, an error MUST be raised and SHOULD convey an ' +
    'error type of PROOF_VERIFICATION_ERROR, indicating that the ' +
    'signature count does not match the non-mandatory message count.'

How do these tests resolve this issue?

@PatStLouis
Copy link
Contributor

The first test sends a request with and without mandatory pointers. (Issuer.sign - empty/null mandatory pointers)

However, its expecting the issuer to inject mandatoryPointers if none were provided, as is indicated by the specification.

For the 2 other points, the "derive" endpoint isn't provided by implementers, we are only testing the verification endpoint.

Happy to leave this open if it doesn't quite address the issue.

@filip26
Copy link
Author

filip26 commented Dec 17, 2024
edited
Loading

Understood, feel free to close it. It was intended as a suggestion for consideration, and I appreciate you taking the time to review and respond to it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@aljones15 @filip26 @Wind4Greg @PatStLouis