vectors: add a case for unknown algorithm in actor doc #5

New issue

Open

opened 2026-05-07 09:53:11 +02:00 by arne · 0 comments

arne commented 2026-05-07 09:53:11 +02:00

Owner

Copy link

Problem

pkg/msg/actor_cache.go rejects an actor-doc key whose algorithm field isn't "ed25519" (return errf(ErrUnknownKey, "unsupported algorithm: ...")), but no normative test vector exercises this path. If a future refactor accidentally accepted any algorithm value, no vector would catch it.

Proposal

Add a vector to testdata/vectors/:

• Same shape as the existing files
• Actor-doc-side: a key with algorithm: "rsa-pss" (or any non-ed25519 string)
• Vector expect: unknown-key

Note: the existing vector format passes publicKey directly into the verifier and skips the actor-cache lookup, so this requires either:

(a) extending the vector schema with an optional actorDoc field, or
(b) adding a separate vector file format dedicated to actor-cache resolution paths.

(a) is simpler — actorDoc overrides the bare-publicKey shortcut when present.

Acceptance criteria

• Vector file added under testdata/vectors/ (e.g. 08-unknown-algorithm.json)
• pkg/msg.VerifyEnvelope (or its actor-cache-aware sibling) reaches the unknown-algorithm rejection path
• Python and Node example clients also surface unknown-key for this vector
• cmd/gen-vectors regenerates the new file deterministically

Context

Surfaced in the v1.0.0 self-review (test-coverage gap, item #12). Spec-discipline maintenance work.

## Problem `pkg/msg/actor_cache.go` rejects an actor-doc key whose `algorithm` field isn't `"ed25519"` (`return errf(ErrUnknownKey, "unsupported algorithm: ...")`), but no normative test vector exercises this path. If a future refactor accidentally accepted any algorithm value, no vector would catch it. ## Proposal Add a vector to `testdata/vectors/`: - Same shape as the existing files - Actor-doc-side: a key with `algorithm: "rsa-pss"` (or any non-ed25519 string) - Vector `expect`: `unknown-key` Note: the existing vector format passes `publicKey` directly into the verifier and skips the actor-cache lookup, so this requires either: (a) extending the vector schema with an optional `actorDoc` field, or (b) adding a separate vector file format dedicated to actor-cache resolution paths. (a) is simpler — `actorDoc` overrides the bare-`publicKey` shortcut when present. ## Acceptance criteria - [ ] Vector file added under `testdata/vectors/` (e.g. `08-unknown-algorithm.json`) - [ ] `pkg/msg.VerifyEnvelope` (or its actor-cache-aware sibling) reaches the unknown-algorithm rejection path - [ ] Python and Node example clients also surface `unknown-key` for this vector - [ ] `cmd/gen-vectors` regenerates the new file deterministically ## Context Surfaced in the v1.0.0 self-review (test-coverage gap, item #12). Spec-discipline maintenance work.

arne added the

needs-triage

label 2026-05-07 09:53:11 +02:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

No results found.

Labels

Clear labels   

needs-triage

PRD or issue awaiting triage

No labels

needs-triage

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

arne/msg#5

No description provided.