Top Related Projects
Project Wycheproof tests crypto libraries against known attacks.
Guidelines for low-level cryptography software
A curated list of cryptography resources and links.
Multi-platform transparent client-side encryption of your files in the cloud
Quick Overview
The C2SP/wycheproof repository is a collection of test cases for cryptographic libraries, designed to help developers ensure the security and correctness of their implementations. It is named after the Wycheproof Mountains, a small mountain range in California known for its challenging terrain, which serves as a metaphor for the complexities and pitfalls of cryptographic programming.
Pros
- Comprehensive Test Suite: The repository contains a wide range of test cases covering various cryptographic primitives, algorithms, and use cases, helping to ensure thorough testing of cryptographic implementations.
- Vendor-Neutral: The test cases are designed to be vendor-neutral, making them applicable to a wide range of cryptographic libraries and implementations.
- Actively Maintained: The project is actively maintained, with regular updates and additions to the test suite, ensuring that it remains relevant and up-to-date.
- Open-Source: The project is open-source, allowing developers to contribute, report issues, and collaborate on improving the test suite.
Cons
- Complexity: The test suite can be complex and challenging to understand, especially for developers who are new to cryptographic programming or testing.
- Limited Language Support: While the test suite supports several programming languages, it may not cover all the languages and libraries used by developers.
- Potential False Positives: As with any test suite, there is a possibility of false positives, where the test cases may flag issues that are not actually security vulnerabilities.
- Dependency on External Libraries: The test suite may depend on external libraries or tools, which can introduce additional complexity and potential points of failure.
Code Examples
N/A (This is not a code library)
Getting Started
N/A (This is not a code library)
Competitor Comparisons
Project Wycheproof tests crypto libraries against known attacks.
Pros of wycheproof
- Comprehensive cryptographic test suite
- Regularly updated with new test vectors
- Supports multiple programming languages
Cons of wycheproof
- May require additional setup for specific language environments
- Learning curve for understanding test vector formats
- Limited documentation for some less common cryptographic algorithms
Code comparison
wycheproof:
public class EcdsaTest {
@Test
public void testVerify() throws Exception {
TestVectors vectors = TestVectors.fromJsonFile("ecdsa_test.json");
for (TestGroup group : vectors.getTestGroups()) {
// Test implementation
}
}
}
As the comparison is between the same repository (C2SP/wycheproof), there is no distinct code to compare. The repository contains test vectors and implementations for various cryptographic algorithms, but the structure remains consistent throughout.
Summary
Wycheproof is a project focused on providing cryptographic test vectors for various algorithms and implementations. It aims to improve the security of cryptographic software by identifying common implementation errors. The repository contains a wide range of test cases covering different cryptographic primitives and protocols.
The project's strengths lie in its comprehensive coverage and regular updates. However, users may face challenges in setting up the environment for specific programming languages and understanding the test vector formats. Despite these minor drawbacks, Wycheproof remains a valuable resource for cryptographic testing and validation.
Guidelines for low-level cryptography software
Pros of Cryptocoding
- Cryptocoding provides a comprehensive set of guidelines and best practices for secure cryptographic coding, covering a wide range of topics such as random number generation, side-channel attacks, and more.
- The repository includes a large number of code examples and test cases, which can be valuable for developers looking to implement secure cryptographic solutions.
- The project is actively maintained and has a strong community of contributors, ensuring that the guidelines and recommendations stay up-to-date with the latest developments in the field.
Cons of Cryptocoding
- The repository can be overwhelming for developers who are new to cryptography, as it covers a large number of complex topics and concepts.
- The focus on comprehensive coverage may come at the expense of depth, and some developers may prefer a more targeted approach to specific cryptographic problems.
- The repository does not provide a clear roadmap or development plan, which can make it difficult for contributors to understand the project's long-term goals and priorities.
Code Comparison
Cryptocoding:
/* Avoid using rand() for security-critical applications */
void get_random_bytes(void *buf, size_t len) {
int fd = open("/dev/urandom", O_RDONLY);
if (fd == -1) {
/* Handle error */
}
if (read(fd, buf, len) != len) {
/* Handle error */
}
close(fd);
}
Wycheproof:
public static byte[] generateRandomBytes(int numBytes) {
byte[] bytes = new byte[numBytes];
SecureRandom secureRandom = new SecureRandom();
secureRandom.nextBytes(bytes);
return bytes;
}
Both code snippets demonstrate secure random number generation, but the Cryptocoding example uses the /dev/urandom
device directly, while the Wycheproof example uses the SecureRandom
class provided by the Java standard library.
A curated list of cryptography resources and links.
Pros of awesome-cryptography
- Comprehensive resource collection covering various cryptography topics
- Regularly updated with community contributions
- Includes links to tools, libraries, and educational materials
Cons of awesome-cryptography
- Lacks practical testing capabilities for cryptographic implementations
- Does not provide direct code examples or test vectors
- May require additional research to determine the best tools for specific use cases
Code comparison
While a direct code comparison is not relevant for these repositories, here's a brief example of how they differ in content:
awesome-cryptography (README.md):
## Encryption
### AES
- [OpenSSL](https://www.openssl.org/) - TLS/SSL and crypto library
- [cryptography](https://cryptography.io/en/latest/) - Python cryptography library
Wycheproof (README.md):
## Test vectors
The test vectors in this project are available in JSON format:
- AES-CBC
- AES-GCM
- RSA-OAEP
Wycheproof focuses on providing test vectors and practical tests for cryptographic implementations, while awesome-cryptography serves as a curated list of resources and tools related to cryptography.
Multi-platform transparent client-side encryption of your files in the cloud
Pros of Cryptomator
- User-friendly encryption solution for cloud storage
- Cross-platform compatibility (Windows, macOS, Linux, iOS, Android)
- Active development and regular updates
Cons of Cryptomator
- Focused on file encryption, not a comprehensive testing suite
- Limited to specific use case (cloud storage encryption)
- May not cover all cryptographic edge cases
Code Comparison
Cryptomator (Java):
public class AesGcm {
public static byte[] encrypt(SecretKey key, byte[] associatedData, byte[] plaintext) throws CryptoException {
Objects.requireNonNull(key);
Objects.requireNonNull(plaintext);
try {
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
Wycheproof (Java):
public class AesGcmTest extends TestCase {
public void testVectors() throws Exception {
JsonObject test = JsonUtil.getTestVectors("aes_gcm_test.json");
int errors = 0;
int numTests = test.get("numberOfTests").getAsInt();
JsonArray testGroups = test.getAsJsonArray("testGroups");
Summary
Cryptomator is a practical encryption tool for cloud storage, while Wycheproof is a comprehensive cryptographic test suite. Cryptomator offers a user-friendly solution but has a narrower focus, whereas Wycheproof provides extensive testing capabilities for various cryptographic implementations.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Project Wycheproof
https://github.com/c2sp/wycheproof
Project Wycheproof is named after Mount Wycheproof, the smallest mountain in the world. The main motivation for the project is to have a goal that is achievable. The smaller the mountain the more likely it is to be able to climb it.
[!NOTE] Hello RWC 2024 attendees and others! Wycheproof recently moved to community maintenance thanks to the shared efforts of Google and C2SP. We are still working to update the README and documentation, but we welcome your feedback and look forward to your contributions!
Introduction
Project Wycheproof tests crypto libraries against known attacks.
Unfortunately, in cryptography, subtle mistakes can have catastrophic consequences, and we found that libraries fall into such implementation pitfalls much too often and for much too long. Good implementation guidelines, however, are hard to come by: understanding how to implement cryptography securely requires digesting decades' worth of academic literature. We recognize that software engineers fix and prevent bugs with unit testing, and we found that cryptographic loopholes can be resolved by the same means.
These observations have prompted us to develop Project Wycheproof, a collection of unit tests that detect known weaknesses or check for expected behaviors of some cryptographic algorithm. Project Wycheproof provides tests for most cryptographic algorithms, including RSA, elliptic curve crypto and authenticated encryption. Our cryptographers have systematically surveyed the literature and implemented most known attacks. We have over 80 test cases which have uncovered more than 40 bugs. For example, we found that we could recover the private key of widely-used DSA and ECDHC implementations.
While we are committed to develop as many attacks as possible, Project Wycheproof is by no means complete. Passing the tests does not imply that the library is secure, it just means that it is not vulnerable to the attacks that Project Wycheproof tests for. Cryptographers are also constantly discovering new attacks. Nevertheless, with Project Wycheproof developers and users now can check their libraries against a large number of known attacks, without having to spend years reading academic papers or become cryptographers themselves.
For more information on the goals and strategies of Project Wycheproof, please check out our documentation.
Coverage
Project Wycheproof has tests for the most popular crypto algorithms, including
The tests detect whether a library is vulnerable to many attacks, including
- Invalid curve attacks
- Biased nonces in digital signature schemes
- Of course, all Bleichenbacherâs attacks
- And many more -- we have over 80 test cases
Our first set of tests are written in Java, because Java has a common cryptographic interface. This allowed us to test multiple providers with a single test suite. While this interface is somewhat low level, and should not be used directly, we still apply a "defense in depth" argument and expect that the implementations are as robust as possible. For example, we consider weak default values to be a significant security flaw. We are converting as many tests into sets of test vectors to simplify porting the tests to other languages. We provide ready-to-use test runners for Java Cryptography Architecture providers such as Bouncy Castle, Spongy Castle, the Amazon Corretto Crypto Provider and the default providers in OpenJDK.
Usage
Setup
-
Install Bazel.
-
Install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. This enables tests with large key sizes. Otherwise you'll see a lot of "illegal key size" exceptions.
-
Clone the repository:
git clone https://github.com/google/wycheproof.git
Execute tests
- To test latest stable version of Bouncy Castle:
bazel test BouncyCastleAllTests
- To test other versions, e.g., v1.52:
bazel test BouncyCastleAllTests_1_52
- To test all known versions (warning, will take a long time):
bazel test BouncyCastleAllTests_*
- To test a local jar, set the
WYCHEPROOF_BOUNCYCASTLE_JAR
environment variable:
$ WYCHEPROOF_BOUNCYCASTLE_JAR=/path/to/bouncycastle
$ bazel test BouncyCastleTestLocal
$ bazel test BouncyCastleAllTestsLocal
Note: Bazel does not currently invalidate the build on environment changes. If
you change the WYCHEPROOF_BOUNCYCASTLE_JAR
environment variable, run bazel clean
to force a rebuild:
$ WYCHEPROOF_BOUNCYCASTLE_JAR=/path/to/bouncycastle
$ bazel test BouncyCastleTestLocal
$ WYCHEPROOF_BOUNCYCASTLE_JAR=/path/to/other/jar
$ bazel clean
$ bazel test BouncyCastleTestLocal
- To test Spongy Castle, replace
BouncyCastle
withSpongyCastle
in your commands, for example:
bazel test SpongyCastleAllTests
- To test the Amazon Corretto Crypto
Provider,
replace
BouncyCastle
withAccp
in your commands, for example:
bazel test AccpAllTests
- To test a local jar for the Amazon Corretto Crypto Provider, set the
WYCHEPROOF_ACCP_JAR
environment variable:
$ WYCHEPROOF_ACCP_JAR=/path/to/accp
$ bazel test AccpTestLocal
$ bazel test AccpAllTestsLocal
Note: bazel does not currently invalidate the build on environment changes. If
you change the WYCHEPROOF_ACCP_JAR
environment variable, run bazel clean
to force a rebuild:
$ WYCHEPROOF_ACCP_JAR=/path/to/accp
$ bazel test AccpTestLocal
$ WYCHEPROOF_ACCP_JAR=/path/to/other/jar
$ bazel clean
$ bazel test AccpTestLocal
- To test your current installation of OpenJDK:
bazel test OpenJDKAllTests
Note that OpenJDKAllTests expects that OpenJDK is your default JDK, so it might refuse to run or its results might be incorrect if you are using some other JDK. If you downloaded your JDK from Oracle or https://java.com, you're probably using Oracle JDK, which should be compatible with OpenJDK, thus the tests should run correctly.
Some tests take a very long time to finish. If you want to exclude them, use
BouncyCastleTest
, SpongyCastleTest
or OpenJDKTest
-- these targets exclude
all slow tests (which are annotated with @SlowTest
).
Most test targets are failing, and each failure might be a security issue. To learn more about what a failed test means, you might want to check out our documentation or the comments on top of the corresponding test function and test class.
Hall of Bugs
Here are some of the notable vulnerabilities that are uncovered by Project Wycheproof:
-
OpenJDK's SHA1withDSA leaks private keys > 1024 bits
- Test: testBiasSha1WithDSA in DsaTest.
- This bug is the same as CVE-2003-0971 ("GnuPG generated ElGamal signatures that leaked the private key").
-
Bouncy Castle's ECDHC leaks private keys
- Test: testModifiedPublic and testWrongOrderEcdhc in EcdhTest.
Maintainers
Project Wycheproof has been maintained by:
- Daniel Bleichenbacher
- Thai Duong
- Emilia Kasper
- Quan Nguyen
- Charles Lee
Contact and mailing list
If you want to contribute, please read CONTRIBUTING and send us pull requests. You can also report bugs or request new tests.
If you'd like to talk to our developers or get notified about major new tests, you may want to subscribe to our mailing list. To join, simply send an empty mail to wycheproof-users+subscribe@googlegroups.com.
Top Related Projects
Project Wycheproof tests crypto libraries against known attacks.
Guidelines for low-level cryptography software
A curated list of cryptography resources and links.
Multi-platform transparent client-side encryption of your files in the cloud
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot