Comments (4)
Sajjon
commented on July 4, 2024
1
A collection of canonical JSON test vector sounds like a good vision for the project!
And if we will go with only one reference implementation - there are far more suitable languages than Java for it! E.g. Rust or possibly Swift - but Rust has far better cryptography ecosystem support.
from wycheproof.
FiloSottile
commented on July 4, 2024
1
And if we will go with only one reference implementation - there are far more suitable languages than Java for it! E.g. Rust or possibly Swift - but Rust has far better cryptography ecosystem support.
Heh, well, me being me it would probably be Go :) but again it would just be about making sure a PR doesn't break the tests and cause a bunch of downstream false positives. Tests for the tests, essentially. Doesn't even have to be the same language for all vectors, as long as someone is there to maintain the tests.
from wycheproof.
bleichenbacher-daniel
commented on July 4, 2024
Heh, well, me being me it would probably be Go :) but again it would just be about making sure a PR doesn't break the tests and cause a bunch of downstream false positives. Tests for the tests, essentially. Doesn't even have to be the same language for all vectors, as long as someone is there to maintain the tests.
One thing I'm currently doing is to keep a small database with test results. Running a test adds an entry to the data base. This allows to generate a list of algorithms with entries such as
"x25519.json": {
"type": "Xdh",
"alg": {
"type": "Xdh",
"primitive": "X25519"
},
"references": ["RFC 7748"],
"test_status": {
"pyca": {
"test_version": "0.29",
"date": "2024-03-16 13:13",
"lib_version": "41.0.7",
"passed": 236,
"skipped": 0,
"failed": 0
}
}
},
from wycheproof.
bleichenbacher-daniel
commented on July 4, 2024
One of the options to simplify the test environment is to run tests with test vectors through
java/com/google/security/wycheproof/testcases/JsonTest.java
This class takes a file with any test vectors as input and returns a structure with the test results. It is independent of JUnit and the dependencies that are essentially required are the provider to test and a JSON parser. The class allows to generate test files with subsets of the test vectors, so that it is for example possible to rerun just the failing tests. There is also a bit of support for detecting false positives in this class. If no valid test vector in a file passes then it is likely that the test setup is wrong or uses incorrect assumptions and one should check this first before sending out automatic notifications to third parties.
The current setup is to use long lists of test cases like
@test
public void testSecp160k1Sha256() throws Exception {
testVerification("ecdsa_secp160k1_sha256_test.json", true);
}
@test
public void testSecp160r1Sha256() throws Exception {
testVerification("ecdsa_secp160r1_sha256_test.json", true);
}
...
This setup is useful if one has tools to monitor the state of test cases over time, but as pointed out makes the tests less flexible and adds more dependencies.
from wycheproof.
Related Issues (20)
- Duplicate symbol appears in alphabet for FF1 base85 test file HOT 7
- Tag in Ascon-80pq test vector is incorrect HOT 1
- ECDSA: Add recovery ID to test cases HOT 11
- Test vector format HOT 1
- Are Google CLAs still required to contribute? HOT 1
- Is there interest for BLS related test vectors? HOT 1
- What ECDSA algorithms/parameters are relevant? HOT 6
- Transparency of the project HOT 5
- Can HKDF accept empty IKM? HOT 3
- Selecting algorithm names
- OpenJDK tests no longer run on latest JDK versions HOT 1
- How to run Javascript tests?
- Minor feature request: unify JWK representations in JSON test vectors
- Make use of github actions
- No RsassaPkcs1Generate tests in testvectors_v1
- Support for ChaCha20 testvectors? HOT 9
- DsaTest.testTiming() could use a warmup HOT 3
- Zero-length KWP keys should set 'invalid' result HOT 4
- A few KW tests in v1 folder marked "acceptable" violate spec for minimum plaintext length HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wycheproof.