wycheproof

The Wycheproof skill provides an automated interface to the Wycheproof project, an extensive collection of test vectors designed to evaluate the correctness of cryptographic libraries. Cryptographic implementations are prone to subtle vulnerabilities, such as signature malleability, improper padding, or incorrect handling of elliptic curve coordinates, which can lead to private key exposure or decryption failures. This skill enables developers and security auditors to integrate these rigorous tests directly into their CI/CD workflows or manual testing processes, ensuring that implementations of established algorithms like AES-GCM, ECDSA, ECDH, RSA, and ChaCha20-Poly1305 adhere to expected security standards.

• Access standardized JSON test vectors for symmetric encryption, digital signatures, key exchange, and hashing algorithms.

• Support for identifying potential implementation flaws in popular libraries, including OpenJDK, Bouncy Castle, and various JavaScript crypto packages.

• Ability to filter test groups based on key sizes, IV lengths, and specific cryptographic curves to focus on relevant implementation details.

• Verification against valid, invalid, and acceptable result flags to ensure robust handling of both standard inputs and edge cases.

• Automated integration path via Git submodules to ensure test vector data remains current with the upstream community-managed repository.

• Intended for security engineers, cryptographers, and software developers auditing or building cryptographic modules.

• Inputs: Selection of cryptographic algorithm (e.g., AES-GCM, ECDSA) and local test environment; Outputs: Compliance reports indicating pass/fail status for specific test vectors.

• Constraint: This skill is for verifying established algorithms; it does not perform fuzzing for zero-day vulnerabilities or constant-time analysis for timing side-channels.

• Use the provided harness templates for Java or JavaScript to parse Wycheproof's testvectors or testvectors_v1 directories efficiently.

• Always cross-reference the notes field in JSON test files to understand why specific flags are marked as 'acceptable' or 'invalid'.