Comments (7)
Would you accept a PR to x25519_test.json
which marked any of the ones described as "public key with low order" as "Small public key"? Does the PR just get sent directly to that file?
from wycheproof.
from wycheproof.
from wycheproof.
For BoringSSL, I think we're interested in:
- Excluding curves we don't support; the split up files are great, thanks!
- X25519 should compute the right answer in all cases, but there is a return value that corresponds to the all zero output. We're fine with the other "acceptable" inputs. (Per the formulation in RFC7748.)
- We don't allow explicit curve encodings in public keys. These are forbidden by RFC 5480.
- Our ASN.1 parsers are generally strict.
- We supported compressed coordinates.
- We are strict in the DigestInfo encoding in RSASSA-PKCS1-v1_5.
- We accept all specified IV lengths of AES-GCM and leave RSA key size limits for the caller to enforce. (The joys of being a low-level library with existing users... 😢)
Having weak parameters, at least for things like RSA keys, filtered out by either looking at the value or just splitting into files makes sense. I agree that weak things count more as "acceptable" than "valid", but I expect different libraries to have different cutoffs and whatnot for this, based on their needs, and so it may not be useful as a programmatically-checked status code on the test. Though it makes sense as something that could programmatically go either way; the main reason I'm interested in programmatically forcing the other "acceptable" inputs one way or another is the other cases, like bad ASN.1, are quite interesting to assert on.
from wycheproof.
from wycheproof.
Others do however. So it is necessary to test with such encodings.
Oh, certainly! Sorry, that was probably unclear. I was just listing the things I would like to be able to differentiate via flags or checking parameters or some other mechanism.
from wycheproof.
Chiming in late to this issue, but if I can selfishly add my own wish it would be to have a way to distinguish between test cases (for signatures) that are needed to achieve strong unforgeability vs those needed for existential unforgeability.
I am seeing some test failures for lax parsing of ASN.1 DER for RSA signatures in Java (in particular allowing a constructed/concatenated OctetString in the DigestInfo structure). While it would be good for the cryptography provider to fix this, from our point of view we don't need canonical/unique signatures so I don't think this presents an exploitable issue in our scenario. For example, we also support ECDSA signatures that are malleable anyway. (Please correct me if I am misunderstanding this issue!)
from wycheproof.
Related Issues (20)
- Duplicate symbol appears in alphabet for FF1 base85 test file HOT 7
- Tag in Ascon-80pq test vector is incorrect HOT 1
- ECDSA: Add recovery ID to test cases HOT 11
- Remove Java and Javascript harnesses HOT 4
- Test vector format HOT 1
- Are Google CLAs still required to contribute? HOT 1
- Is there interest for BLS related test vectors? HOT 1
- What ECDSA algorithms/parameters are relevant? HOT 6
- Transparency of the project HOT 5
- Can HKDF accept empty IKM? HOT 3
- Selecting algorithm names
- OpenJDK tests no longer run on latest JDK versions HOT 1
- How to run Javascript tests?
- Minor feature request: unify JWK representations in JSON test vectors
- Make use of github actions
- No RsassaPkcs1Generate tests in testvectors_v1
- Support for ChaCha20 testvectors? HOT 9
- DsaTest.testTiming() could use a warmup HOT 3
- Zero-length KWP keys should set 'invalid' result HOT 4
- A few KW tests in v1 folder marked "acceptable" violate spec for minimum plaintext length HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wycheproof.