{"id":13540165,"url":"https://github.com/C2SP/wycheproof","last_synced_at":"2025-04-02T07:30:38.133Z","repository":{"id":41844482,"uuid":"73226302","full_name":"C2SP/wycheproof","owner":"C2SP","description":"Project Wycheproof tests crypto libraries against known attacks.","archived":false,"fork":false,"pushed_at":"2024-04-08T23:26:47.000Z","size":31893,"stargazers_count":2713,"open_issues_count":39,"forks_count":289,"subscribers_count":174,"default_branch":"master","last_synced_at":"2024-05-21T15:27:14.910Z","etag":null,"topics":["crypto","cryptography"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/C2SP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-11-08T20:56:25.000Z","updated_at":"2024-07-13T01:55:04.915Z","dependencies_parsed_at":"2022-08-11T19:10:42.224Z","dependency_job_id":"b5cc63a0-b8b0-432c-9460-ff5647ea7ce6","html_url":"https://github.com/C2SP/wycheproof","commit_stats":null,"previous_names":["c2sp/wycheproof"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/C2SP%2Fwycheproof","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/C2SP%2Fwycheproof/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/C2SP%2Fwycheproof/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/C2SP%2Fwycheproof/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/C2SP","download_url":"https://codeload.github.com/C2SP/wycheproof/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":210886509,"owners_count":15216685,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crypto","cryptography"],"created_at":"2024-08-01T09:01:42.014Z","updated_at":"2024-11-03T05:30:52.348Z","avatar_url":"https://github.com/C2SP.png","language":"Java","funding_links":[],"categories":["\u003ca id=\"41d260119ad54db2739a9ae393bd87a5\"\u003e\u003c/a\u003e工具","Go","Java"],"sub_categories":["\u003ca id=\"3828e67170e5db714c9c16f663b42a5e\"\u003e\u003c/a\u003e新添加的"],"readme":"# Project Wycheproof\n\nhttps://github.com/c2sp/wycheproof\n\n*Project Wycheproof is named after\n[Mount Wycheproof](https://en.wikipedia.org/wiki/Mount_Wycheproof), the smallest\nmountain in the world. The main motivation for the project is to have a goal\nthat is achievable. The smaller the mountain the more likely it is to be able to\nclimb it.*\n\n\u003e [!NOTE]\n\u003e Hello RWC 2024 attendees and others! Wycheproof recently moved to community\n\u003e maintenance thanks to the shared efforts of Google and C2SP.\n\u003e We are still working to update the README and documentation,\n\u003e but we welcome your feedback and look forward to your contributions!\n\n## Introduction\n\nProject Wycheproof tests crypto libraries against known attacks.\n\nUnfortunately, in cryptography, subtle mistakes can have catastrophic\nconsequences, and we found that libraries fall into such implementation\npitfalls much too often and for much too long. Good implementation guidelines,\nhowever, are hard to come by: understanding how to implement cryptography\nsecurely requires digesting decades' worth of academic literature. We recognize\nthat software engineers fix and prevent bugs with unit testing, and we found\nthat cryptographic loopholes can be resolved by the same means.\n\nThese observations have prompted us to develop Project Wycheproof, a collection\nof unit tests that detect known weaknesses or check for expected behaviors of\nsome cryptographic algorithm. Project Wycheproof provides tests for most\ncryptographic algorithms, including RSA, elliptic curve crypto and\nauthenticated encryption. Our cryptographers have systematically surveyed the\nliterature and implemented most known attacks. We have over 80 test cases which\nhave uncovered more than [40 bugs](doc/bugs.md). For\nexample, we found that we could recover the private key of widely-used DSA and\nECDHC implementations.\n\nWhile we are committed to develop as many attacks as possible, Project\nWycheproof is by no means complete. Passing the tests does not imply that the\nlibrary is secure, it just means that it is not vulnerable to the attacks that\nProject Wycheproof tests for. Cryptographers are also constantly discovering\nnew attacks. Nevertheless, with Project Wycheproof developers and users now can\ncheck their libraries against a large number of known attacks, without having\nto spend years reading academic papers or become cryptographers themselves.\n\nFor more information on the goals and strategies of Project Wycheproof, please\ncheck out our [documentation](doc/).\n\n### Coverage\n\nProject Wycheproof has tests for the most popular crypto algorithms, including\n\n- AES-EAX\n- AES-GCM\n- ChaCha20-Poly1305\n- [DH](doc/dh.md)\n- DHIES\n- [DSA](doc/dsa.md)\n- [ECDH](doc/ecdh.md)\n- ECDSA\n- EdDSA\n- ECIES\n- HKDF\n- HMAC\n- [RSA](doc/rsa.md)\n- X25519, X448\n\nThe tests detect whether a library is vulnerable to many attacks, including\n\n*   Invalid curve attacks\n*   Biased nonces in digital signature schemes\n*   Of course, all Bleichenbacher’s attacks\n*   And many more -- we have over 80 test cases\n\nOur first set of tests are written in Java, because Java has a common\ncryptographic interface. This allowed us to test multiple providers with a\nsingle test suite. While this interface is somewhat low level, and should not\nbe used directly, we still apply a \"defense in depth\" argument and expect that\nthe implementations are as robust as possible. For example, we consider weak\ndefault values to be a significant security flaw. We are converting as many\ntests into sets of test vectors to simplify porting the tests to other\nlanguages. We provide ready-to-use test runners for Java Cryptography\nArchitecture providers such as [Bouncy Castle](http://bouncycastle.org),\n[Spongy Castle](https://rtyley.github.io/spongycastle/), the\n[Amazon Corretto Crypto Provider](https://github.com/corretto/amazon-corretto-crypto-provider)\nand the default\nproviders in [OpenJDK](http://openjdk.java.net/).\n\n### Usage\n\n#### Setup\n\n*   Install [Bazel](https://bazel.build/).\n\n*   Install [Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction\n    Policy Files][jce-policy-instructions].  This enables tests with large key\n    sizes. Otherwise you'll see a lot of \"illegal key size\" exceptions.\n\n*   Clone the repository:\n\n```\ngit clone https://github.com/google/wycheproof.git\n```\n\n[jce-policy-instructions]: http://stackoverflow.com/questions/6481627/java-security-illegal-key-size-or-default-parameters\n\n#### Execute tests\n\n*   To test latest stable version of Bouncy Castle:\n\n```\nbazel test BouncyCastleAllTests\n```\n\n*   To test other versions, e.g., v1.52:\n\n```\nbazel test BouncyCastleAllTests_1_52\n```\n\n*   To test all known versions (warning, will take a long time):\n\n```\nbazel test BouncyCastleAllTests_*\n```\n\n*   To test a local jar, set the `WYCHEPROOF_BOUNCYCASTLE_JAR` environment\n    variable:\n\n```shell\n$ WYCHEPROOF_BOUNCYCASTLE_JAR=/path/to/bouncycastle\n$ bazel test BouncyCastleTestLocal\n$ bazel test BouncyCastleAllTestsLocal\n```\n\nNote: Bazel does not currently invalidate the build on environment changes. If\nyou change the `WYCHEPROOF_BOUNCYCASTLE_JAR` environment variable, run `bazel\nclean` to force a rebuild:\n\n```shell\n$ WYCHEPROOF_BOUNCYCASTLE_JAR=/path/to/bouncycastle\n$ bazel test BouncyCastleTestLocal\n$ WYCHEPROOF_BOUNCYCASTLE_JAR=/path/to/other/jar\n$ bazel clean\n$ bazel test BouncyCastleTestLocal\n```\n\n*   To test [Spongy Castle](https://rtyley.github.io/spongycastle/), replace\n    `BouncyCastle` with `SpongyCastle` in your commands, for example:\n\n```\nbazel test SpongyCastleAllTests\n```\n\n*   To test the [Amazon Corretto Crypto\n    Provider](https://github.com/corretto/amazon-corretto-crypto-provider),\n    replace `BouncyCastle` with `Accp` in your commands, for example:\n\n```\nbazel test AccpAllTests\n```\n\n*   To test a local jar for the Amazon Corretto Crypto Provider, set the\n`WYCHEPROOF_ACCP_JAR` environment variable:\n\n```shell\n$ WYCHEPROOF_ACCP_JAR=/path/to/accp\n$ bazel test AccpTestLocal\n$ bazel test AccpAllTestsLocal\n```\n\nNote: bazel does not currently invalidate the build on environment changes. If\nyou change the `WYCHEPROOF_ACCP_JAR` environment variable, run `bazel\nclean` to force a rebuild:\n\n```shell\n$ WYCHEPROOF_ACCP_JAR=/path/to/accp\n$ bazel test AccpTestLocal\n$ WYCHEPROOF_ACCP_JAR=/path/to/other/jar\n$ bazel clean\n$ bazel test AccpTestLocal\n```\n\n*   To test your current installation of [OpenJDK](http://openjdk.java.net/):\n\n```\nbazel test OpenJDKAllTests\n```\n\nNote that OpenJDKAllTests expects that OpenJDK is your default JDK, so it might\nrefuse to run or its results might be incorrect if you are using some other JDK.\nIf you downloaded your JDK from Oracle or https://java.com, you're probably\nusing Oracle JDK, which should be compatible with OpenJDK, thus the tests should\nrun correctly.\n\nSome tests take a very long time to finish. If you want to exclude them, use\n`BouncyCastleTest`, `SpongyCastleTest` or `OpenJDKTest` -- these targets exclude\nall slow tests (which are annotated with `@SlowTest`).\n\nMost test targets are failing, and each failure might be a security issue. To\nlearn more about what a failed test means, you might want to check out [our\ndocumentation](doc/bugs.md) or the comments on top of the corresponding test\nfunction and test class.\n\n### Hall of Bugs\n\nHere are some of the notable vulnerabilities that are uncovered by\nProject Wycheproof:\n\n*   OpenJDK's SHA1withDSA leaks private keys \u003e 1024 bits\n    *   Test: testBiasSha1WithDSA in [DsaTest][dsa-test].\n    *   This bug is the same as [CVE-2003-0971][cve-2003-0971] (\"GnuPG generated\n        ElGamal signatures that leaked the private key\").\n\n*   Bouncy Castle's ECDHC leaks private keys\n    *   Test: testModifiedPublic and testWrongOrderEcdhc in\n        [EcdhTest][ecdh-test].\n\n[dsa-test]: https://github.com/google/wycheproof/blob/master/java/com/google/security/wycheproof/testcases/DsaTest.java\n[cve-2003-0971]: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0971\n[ecdh-test]: https://github.com/google/wycheproof/blob/master/java/com/google/security/wycheproof/testcases/EcdhTest.java\n\n### Maintainers\n\nProject Wycheproof has been maintained by:\n\n*   Daniel Bleichenbacher\n*   Thai Duong\n*   Emilia Kasper\n*   Quan Nguyen\n*   Charles Lee\n\n### Contact and mailing list\n\nIf you want to contribute, please read [CONTRIBUTING](CONTRIBUTING.md) and send\nus pull requests. You can also report bugs or request new tests.\n\nIf you'd like to talk to our developers or get notified about major new\ntests, you may want to subscribe to our\n[mailing list](https://groups.google.com/forum/#!forum/wycheproof-users). To\njoin, simply send an empty mail to wycheproof-users+subscribe@googlegroups.com.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FC2SP%2Fwycheproof","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FC2SP%2Fwycheproof","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FC2SP%2Fwycheproof/lists"}