Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Testing #118

Open
bleichenbacher-daniel opened this issue May 26, 2024 · 4 comments
Open

Testing #118

bleichenbacher-daniel opened this issue May 26, 2024 · 4 comments

Comments

@bleichenbacher-daniel
Copy link

At this point I have enough code rewritten so that it would make sense to start testing new test vectors. Not sure yet how this should be organized, so opinions would be helpful here. So far I'm just testing against pyca. I would think that at least two libraries would be necessary to exclude bigger mistakes.

From the algorithm side I would think that ECDSA is a good candidate start. There are a number of curves, formats and parameters that are not yet covered by the current test vectors. Especially, cryptocurrencies use new variants that are not yet covered. Extending the coverage here seems useful to me.
@bleichenbacher-daniel
Copy link
Author

There are a few algorithms that have poor coverage (i.e. no third party verification) Hence I'm wondering if there are any major libraries that implement these. Some of the algorithms are:

  • Aegis,
  • GCM with ciphers other than AES (there are some RFCs using other ciphers, but I haven't seen a library
    implementing them yet)
  • Rijndael variants with key sizes and block sizes not included in AES,
    any ciphers with X9.23 padding
  • ECDSA with a lot of options (many libraries implement a short list of variants, which by itself is a good
    idea, except that such libraries cannot be used to get good coverage)
  • KW/KWP with ciphers other than AES (again there are some RFCs defining these modes, not sure if
    they are used anywhere)
  • PBES2 (a main issue here are restricted inputs)
  • RSA-PSS with SHAKE.

@jedisct1
Copy link

jedisct1 commented Jun 30, 2024
edited
Loading

AEGIS has quite a lot of implementations. It's included by default in libsodium since version 1.0.19 and in the Zig standard library.

I'm planning to add the Wycheproof test vectors to libaegis, since this is what some TLS libraries depend on.
[EDIT: Done - libaegis is now using the Wycheproof test vectors, and they are correct].

@bleichenbacher-daniel
Copy link
Author

Sounds great. I'm also planning to cover the new variants, when time allows.

@bleichenbacher-daniel
Copy link
Author

The current state of the test vectors can be found here:
https://github.com/bleichenbacher-daniel/Rooterberg/blob/main/tables/all_sets.json
I'm using rust libraries for many tests. One observation is that I often cannot find common traits for primitives implementing the same purpose. It would be helpful if there are at least some ongoing efforts to have some common interfaces. Not sure if I'm missing something obvious here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jedisct1 @bleichenbacher-daniel