Wycheproof

Automate and integrate Wycheproof cryptographic vulnerability testing workflows

Source: trailofbits/skills

Wycheproof is a community skill for using Google's Project Wycheproof cryptographic test vectors, covering known vulnerability detection, edge case testing, algorithm validation, test vector integration, and cryptographic implementation auditing for security assurance.

What Is This?

Overview

Wycheproof provides guidance on using Project Wycheproof's collection of cryptographic test vectors to validate the correctness and security of cryptographic implementations. It covers known vulnerability testing that checks implementations against published cryptographic attacks, edge case validation that tests boundary conditions and degenerate inputs, algorithm coverage for AES, RSA, ECDSA, ECDH, and ChaCha20-Poly1305, test vector integration that runs JSON-formatted test cases with pass/fail reporting, and compliance verification that confirms correct rejection of malformed inputs. The skill helps security engineers validate cryptographic code.

Who Should Use This

This skill serves security engineers auditing cryptographic implementations, developers building libraries that use cryptographic primitives, and teams validating third-party cryptographic dependencies for correctness.

Why Use It?

Problems It Solves

Cryptographic implementations can produce correct outputs for normal inputs while failing on specially crafted edge cases that attackers exploit. Writing comprehensive cryptographic tests requires deep knowledge of known attacks and implementation pitfalls. Many cryptographic bugs only manifest with specific input patterns that standard unit tests never generate. Validating that a library correctly rejects invalid inputs is as important as verifying it accepts valid ones.

Core Highlights

Vulnerability tester checks implementations against known cryptographic attack vectors. Edge case validator tests boundary conditions and degenerate inputs. Algorithm suite covers AES, RSA, ECDSA, ECDH, and ChaCha20-Poly1305. Compliance checker verifies correct rejection of malformed cryptographic inputs.

How to Use It?

Basic Usage

import json
from pathlib import Path
from cryptography.hazmat\
    .primitives.ciphers import (
    Cipher, algorithms,
    modes)

vectors = json.loads(
    Path(
        'wycheproof/testvectors'
        '/aes_gcm_test.json'
    ).read_text())

for group in (
    vectors['testGroups']
):
    for test in (
        group['tests']):
        key = bytes.fromhex(
            test['key'])
        iv = bytes.fromhex(
            test['iv'])
        ct = bytes.fromhex(
            test['ct'])
        tag = bytes.fromhex(
            test['tag'])
        result = test[
            'result']
        try:
            cipher = Cipher(
                algorithms.AES(
                    key),
                modes.GCM(
                    iv, tag))
            d = cipher\
                .decryptor()
            pt = (
                d.update(ct)
                + d.finalize())
            assert result != (
                'invalid')
        except Exception:
            assert result != (
                'valid')

Real-World Examples

import json
from cryptography.hazmat\
    .primitives.asymmetric\
    import ec, utils
from cryptography.hazmat\
    .primitives import hashes

vectors = json.loads(
    open(
        'ecdsa_secp256r1'
        '_sha256_test.json'
    ).read())

passed = failed = 0
for group in (
    vectors['testGroups']
):
    key_data = bytes\
        .fromhex(
            group['keyDer'])
    for test in (
        group['tests']):
        sig = bytes.fromhex(
            test['sig'])
        msg = bytes.fromhex(
            test['msg'])
        expected = test[
            'result']
        try:
            pub = ec.load_der(
                key_data)
            pub.verify(
                sig, msg,
                ec.ECDSA(
                    hashes
                    .SHA256()))
            actual = 'valid'
        except Exception:
            actual = (
                'invalid')
        if actual == (
            expected):
            passed += 1
        else:
            failed += 1

print(f'Passed: {passed}')
print(f'Failed: {failed}')

Advanced Tips

Run the full Wycheproof test suite in CI pipelines to catch regressions when updating cryptographic library versions. Pay special attention to test cases flagged with specific bug identifiers since they target known vulnerabilities in popular implementations. Use the test vector metadata to categorize failures by severity and prioritize fixes for critical vulnerability patterns.

When to Use It?

Use Cases

Audit a cryptographic library for known vulnerability patterns before using it in production. Validate that AES-GCM decryption correctly rejects tampered ciphertexts and invalid authentication tags. Test ECDSA signature verification against edge cases including zero signatures and invalid curve points.

Related Topics

Cryptography testing, security auditing, test vectors, AES, RSA, ECDSA, and vulnerability detection.

Important Notes

Requirements

Python with a cryptographic library such as pyca/cryptography for running test vectors against implementations. The Wycheproof test vector repository cloned locally for accessing JSON test files across all supported algorithms. Understanding of the cryptographic primitives being tested for interpreting test results and failure patterns.

Usage Recommendations

Do: run the complete test suite rather than selecting individual vectors since attacks often depend on specific input combinations. Investigate every test failure thoroughly since cryptographic bugs can have severe security consequences even when they appear minor. Update test vectors regularly since the Wycheproof project adds new cases as attacks are discovered.

Don't: assume that passing all test vectors guarantees implementation security since Wycheproof covers known attacks but not all possible vulnerabilities. Ignore test cases marked as acceptable since they indicate implementation choices that may affect interoperability. Skip running vectors for algorithms your code does not directly call since dependencies may use them internally.

Limitations

Test vectors cover known attack patterns and cannot detect novel vulnerabilities or implementation-specific timing side channels. The test suite focuses on correctness and does not measure performance characteristics or constant-time execution guarantees. Some test vectors may produce different acceptable results depending on the strictness level of the implementation being tested.

More Skills You Might Like

Explore similar skills to enhance your workflow

Front Automation

Automate Front operations through Composio's Front toolkit via Rube MCP

Ayrshare Automation

Automate Ayrshare operations through Composio's Ayrshare toolkit via

Team Communication Protocols

- Choosing between message types (message, broadcast, shutdownrequest)

Esignatures Io Automation

Automate Esignatures IO tasks via Rube MCP (Composio)

Magnetic Automation

Automate Magnetic operations through Composio's Magnetic toolkit via

Searxng

Privacy-respecting metasearch using your local SearXNG instance. Search the web, images, news